row() public method

Similar to $this->run() except it only returns a single row
public row ( string $statement, $params )
$statement string SQL query without user data
$params Parameters
Ejemplo n.º 1
0
 /**
  * Authenticate a user by a long-term authentication token (e.g. a cookie).
  * 
  * @param string $token
  * @return mixed int
  * @throws LongTermAuthAlert
  */
 public function loginByToken(string $token = '') : int
 {
     $table = $this->db->escapeIdentifier($this->tableConfig['table']['longterm']);
     $f = ['selector' => $this->db->escapeIdentifier($this->tableConfig['fields']['longterm']['selector']), 'userid' => $this->tableConfig['fields']['longterm']['userid'], 'validator' => $this->tableConfig['fields']['longterm']['validator']];
     try {
         $decoded = Base64::decode($token);
     } catch (\RangeException $ex) {
         throw new LongTermAuthAlert(\trk('errors.security.invalid_persistent_token'));
     }
     if ($decoded === false) {
         throw new LongTermAuthAlert(\trk('errors.security.invalid_persistent_token'));
     } elseif (Binary::safeStrlen($decoded) !== self::LONG_TERM_AUTH_BYTES) {
         throw new LongTermAuthAlert(\trk('errors.security.invalid_persistent_token'));
     }
     \Sodium\memzero($token);
     $sel = Binary::safeSubstr($decoded, 0, self::SELECTOR_BYTES);
     $val = CryptoUtil::raw_hash(Binary::safeSubstr($decoded, self::SELECTOR_BYTES));
     \Sodium\memzero($decoded);
     $record = $this->db->row('SELECT * FROM ' . $table . ' WHERE ' . $f['selector'] . ' = ?', Base64::encode($sel));
     if (empty($record)) {
         \Sodium\memzero($val);
         throw new LongTermAuthAlert(\trk('errors.security.invalid_persistent_token'));
     }
     $stored = \Sodium\hex2bin($record[$f['validator']]);
     \Sodium\memzero($record[$f['validator']]);
     if (!\hash_equals($stored, $val)) {
         \Sodium\memzero($val);
         \Sodium\memzero($stored);
         throw new LongTermAuthAlert(\trk('errors.security.invalid_persistent_token'));
     }
     \Sodium\memzero($stored);
     \Sodium\memzero($val);
     $userID = (int) $record[$f['userid']];
     $_SESSION['session_canary'] = $this->db->cell('SELECT session_canary FROM airship_users WHERE userid = ?', $userID);
     return $userID;
 }