From 07b0c76c26c4e869fc223d7731c6d6ac76ebafee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bruno=20Ryb=C3=A1rsky?= Date: Sun, 4 Feb 2024 08:57:35 +0100 Subject: [PATCH] Centralize session update --- lib/account.php | 52 +++++++++++++++++++++++++++++++++---------------- 1 file changed, 35 insertions(+), 17 deletions(-) diff --git a/lib/account.php b/lib/account.php index 365f713..cbe937f 100644 --- a/lib/account.php +++ b/lib/account.php @@ -86,45 +86,62 @@ function verifyPassword($userID, $password): bool return !empty($password_hash) && !empty($password) && password_verify($password, $password_hash); } +function UpdateSession(){ + global $mysqli; + $stmt = $mysqli->prepare("SELECT FirstName, LastName, Nickname, Email, MinecraftNick, PrivilegeLevel, LastLoginAt, LoginCount FROM Users WHERE ID = ? AND isActivated = 1"); + $stmt->bind_param("i", $_SESSION["ID"]); + $stmt->execute(); + + $uid = 0; + $first_name = ""; + $last_name = ""; + $nickname = ""; + $password_hash = ""; + $email = ""; + $minecraft_nickname = ""; + $privilege_level = 0; + $lastLoginAt = null; + $loginCount = 0; + $stmt->bind_result($uid, $first_name, $last_name, $nickname, $email, $password_hash, $minecraft_nickname, $privilege_level, $lastLoginAt, $loginCount); + $stmt->fetch(); + $stmt->close(); + + $_SESSION["first_name"] = $first_name; + $_SESSION["last_name"] = $last_name; + $_SESSION["nickname"] = $nickname; + $_SESSION["email"] = $email; + $_SESSION["minecraft_nickname"] = $minecraft_nickname; + $_SESSION["privilege_level"] = $privilege_level; + +} + function doLogin($email, $password): array { global $mysqli, $routerConfig; $found = false; if (!empty($email) && !empty($password)) { - $stmt = $mysqli->prepare("SELECT ID, FirstName, LastName, Nickname, PasswordHash, MinecraftNick, PrivilegeLevel, LastLoginAt, LoginCount FROM Users WHERE Email = ? AND isActivated = 1"); + $stmt = $mysqli->prepare("SELECT ID, PasswordHash FROM Users WHERE Email = ? AND isActivated = 1"); $stmt->bind_param("s", $email); $stmt->execute(); $uid = 0; - $first_name = ""; - $last_name = ""; - $nickname = ""; + $password_hash = ""; - $minecraft_nickname = ""; - $privilege_level = 0; - $lastLoginAt = null; - $loginCount = 0; - $stmt->bind_result($uid, $first_name, $last_name, $nickname, $password_hash, $minecraft_nickname, $privilege_level, $lastLoginAt, $loginCount); + $stmt->bind_result($uid, $password_hash); $stmt->fetch(); $stmt->close(); if (password_verify($password, $password_hash)) { $found = true; + $_SESSION["ID"] = $uid; + UpdateSession(); // Update LastLoginAt and LoginCount $updateLoginStmt = $mysqli->prepare("UPDATE Users SET LastLoginAt = NOW(), LoginCount = LoginCount + 1 WHERE ID = ?"); $updateLoginStmt->bind_param("i", $uid); $updateLoginStmt->execute(); $updateLoginStmt->close(); } - - $_SESSION["ID"] = $uid; - $_SESSION["first_name"] = $first_name; - $_SESSION["last_name"] = $last_name; - $_SESSION["nickname"] = $nickname; - $_SESSION["email"] = $email; - $_SESSION["minecraft_nickname"] = $minecraft_nickname; - $_SESSION["privilege_level"] = $privilege_level; } return $found ? ["Status" => "Success"] : ["Status" => "Fail"]; } @@ -273,6 +290,7 @@ function getUserInfo(): array $stmt->bind_result($firstName, $lastName, $nickname, $email, $minecraft_nickname); $stmt->fetch(); $stmt->close(); + UpdateSession(); $output["Status"] = "Success"; $output["UserInfo"] = [