Auth bugfixes

2024-08-20 16:14:17 +02:00 · 2024-08-20 16:14:17 +02:00 · d5f4cf6ff5
parent d99272b525
commit d5f4cf6ff5
1 changed files with 21 additions and 8 deletions
--- a/src/Core/auth.php
+++ b/src/Core/auth.php
@ -8,23 +8,36 @@ class Auth{

    private $pdo;

+    private $dbhost;
+    private $dbname;
+    private $dbuser;
+    private $dbpass;
    /**
     * Constructor method to initialize the database connection and start the session
     */

-    public function __construct($host, $dbname, $username, $password){
-        $dsn = "mysql:host=$host;dbname=$dbname;charset=utf8mb4";
+    public function __construct(){
+        global $db_config;
+        $this->dbhost = $db_config['DB_HOST'];
+        $this->dbname = $db_config['DB_NAME'];
+        $this->dbuser = $db_config['DB_USERNAME'];
+        $this->dbpass = $db_config['DB_PASSWORD'];
+        
+        $dsn = "mysql:host=$this->dbhost;dbname=$this->dbname;charset=utf8mb4";

        /**
         * Instantiate the PDO object with the DSN, username, and password, and set attributes. 
         * Then start a new session
        */
        
-        $this->pdo = new PDO($dsn, $username. $password, [
+        $this->pdo = new PDO($dsn, $this->dbuser, $this->dbpass, [
            PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
            PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
        ]);
        
+        if($_SESSION){
+            session_destroy();
+        }
        session_start();
    }

@ -33,7 +46,7 @@ class Auth{
    */

    public function login($username, $password){
-        $sql = "SELECT * FROM users WHERE username = :username or email = :email LIMIT 1";
+        $query = "SELECT * FROM users WHERE email = :username LIMIT 1";

        /**
         * Prepare the SQL query for execution.
@ -43,8 +56,7 @@ class Auth{
        
        $query = $this->pdo->prepare($query);
        $query->execute([
-            ":username" => $username,
-            ":password" => $password
+            ":username" => $username
        ]);

        $user = $query->fetch();
@ -58,7 +70,8 @@ class Auth{

        if($user && password_verify($password, $user['password'])){
            $_SESSION['user_id'] = $user['id'];
-            $_SESSION['username'] = $user['username'];
+            $_SESSION['name'] = $user['name'];
+            $_SESSION['email'] = $user['email'];
            $_SESSION['token'] = bin2hex(random_bytes(32));

            return true;