diff --git a/doc/documentation.odt b/doc/documentation.odt index a22ae22..f0a4c9f 100644 Binary files a/doc/documentation.odt and b/doc/documentation.odt differ diff --git a/src/console.php b/src/console.php index 139421d..a00ed1d 100644 --- a/src/console.php +++ b/src/console.php @@ -441,9 +441,10 @@ public function up() \$this->database = new Asatru\Database\Migration('Auth', \$this->connection); \$this->database->drop(); \$this->database->add('id INT NOT NULL AUTO_INCREMENT PRIMARY KEY'); - \$this->database->add('email VARCHAR(255) NOT NULL'); - \$this->database->add('username VARCHAR(255) NOT NULL'); - \$this->database->add('password VARCHAR(255) NOT NULL'); + \$this->database->add('email VARCHAR(512) NOT NULL'); + \$this->database->add('username VARCHAR(512) NOT NULL'); + \$this->database->add('password VARCHAR(512) NOT NULL'); + \$this->database->add('account_confirm VARCHAR(512) NOT NULL'); \$this->database->add('updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP'); \$this->database->add('created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP'); \$this->database->create(); @@ -588,8 +589,34 @@ public static function register(string \$username, string \$email, string \$pass if ((\$byemail) && (\$byemail->count() > 0)) return false; + \$user_password = password_hash(\$password, PASSWORD_DEFAULT); + \$account_confirm = md5(\$username . \$email . date('Y-m-d H:i:s') . random_bytes(55)); + try { - Auth::insert('username', \$username)->insert('email', \$email)->insert('password', password_hash(\$password, PASSWORD_DEFAULT))->go(); + Auth::insert('username', \$username)->insert('email', \$email)->insert('password', \$user_password)->insert('account_confirm', \$account_confirm)->go(); + } catch (\Exception \$e) { + return false; + } + + //To-do: Send a confirmation e-mail with the account confirmation token in order to verify the e-mail address + + return true; + } + + /** + * Confirm user account + * + * @param string \$token Account token that was generated upon registration + * @return bool + */ + public static function confirm(\$token) + { + \$user = Auth::where('account_confirm', '=', \$token)->first(); + if (!\$user) + return false; + + try { + Auth::update('account_confirm', '_confirmed')->where('id', '=', \$user->get('id'))->go(); } catch (\Exception \$e) { return false; } @@ -611,9 +638,12 @@ public static function login(string \$email, string \$password) if (\$byemail->count() === 0) return false; + if (\$byemail->get('account_confirm') !== '_confirmed') + return false; + if (!password_verify(\$password, \$byemail->get('password'))) return false; - + try { Session::loginSession(\$byemail->get('id'), session_id()); } catch (\Exception \$e) { diff --git a/tests/ConsoleTest.php b/tests/ConsoleTest.php index 0e03aaf..9f51106 100644 --- a/tests/ConsoleTest.php +++ b/tests/ConsoleTest.php @@ -135,6 +135,7 @@ public function testCheckAuth() $newClass = new $name(); $this->assertTrue(method_exists($newClass, 'register')); + $this->assertTrue(method_exists($newClass, 'confirm')); $this->assertTrue(method_exists($newClass, 'login')); $this->assertTrue(method_exists($newClass, 'logout')); $this->assertTrue(method_exists($newClass, 'getAuthUser'));