-
Notifications
You must be signed in to change notification settings - Fork 2
/
Auth.php
71 lines (58 loc) · 1.79 KB
/
Auth.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
<?php
include 'classes/GlobalErrorHandler.php';
include 'classes/Config.php';
include 'classes/DBConnection.php';
include 'classes/WebResponder.php';
include 'classes/AppArgs.php';
class Auth {
private $arguments;
private $responder;
private $username;
private $password;
private $queryResult;
function __construct() {
$this->arguments = new AppArgs(AppArgs::GET);
$this->getResponder();
if (!$this->arguments->isVarExist('username', true) || !$this->arguments->isVarExist('password', true)) {
$this->responder->respond("Invalid username or password");
}
$this->performQuery();
$this->authenticate();
}
private function getResponder() {
if ($this->arguments->isVarExist(Config::JSONP_VAR_NAME)) {
$this->responder = new JSONPResponder();
$this->responder->setFunctionName($this->arguments->getVar(Config::JSONP_VAR_NAME));
}
else {
$this->responder = new JSONResponder();
}
}
private function escapeStrings($conn) {
$this->username = $conn->escapeString($this->arguments->getVar('username'));
$this->password = $conn->escapeString($this->arguments->getVar('password'));
}
private function buildQuery($conn) {
$this->escapeStrings($conn);
return "call get_user_by_name('" . $this->username . "')";
}
private function performQuery() {
$dbconn = new DBConnection(Config::DB_CONFIG, $this->responder);
$this->queryResult = $dbconn->query($this->buildQuery($dbconn));
$dbconn->close();
}
private function authenticate() {
$row = mysqli_fetch_assoc($this->queryResult);
if (crypt($this->password, $row["password"]) == $row["password"]) {
session_start();
unset($row["password"]);
$_SESSION["wc_username"] = $row;
$this->responder->respond("success");
}
else {
$this->responder->respond("authentication failure");
}
}
}
new Auth();
?>