/**
* Authenticates user against the authorized_users table in the WP_Eatery database.
* @param String $username
* @param String $password
* @return boolean true if user authenticates successfully, otherwise false.
*/
function authenticate($username, $password)
{
//Set authenticated to false, as this could be a new user.
$this->authenticated = false;
$this->username = $username;
$this->password = $password;
$wpeaterydao = new WPEateryDAO();
//Returns the hashed value of the user's password from the database.
$userhash = $wpeaterydao->getUserHash($this->username);
if (!$wpeaterydao->hasMysqlError()) {
//password_verify accepts two parameters: the user's password, and
//the hash with which to validate it. If the password is correct, it
//will return true. Otherwise, it will return false.
if (password_verify($this->password, $userhash)) {
$this->authenticated = true;
return true;
} else {
return false;
}
} else {
//Oops, we had a database error. Might want to handle this a bit better.
return false;
}
}
<?php
require_once 'WPEateryDAO.php';
require_once 'AdminUser.php';
session_start();
if (isset($_SESSION['websiteUser'])) {
if ($_SESSION['websiteUser']->isAuthenticated()) {
session_write_close();
header('Location:restricted.php');
}
}
$missingFields = false;
if (isset($_POST['submit'])) {
if (isset($_POST['username']) && isset($_POST['password'])) {
if ($_POST['username'] != '' && $_POST['password'] != '') {
$wpeaterydao = new WPEateryDAO();
$adminuser = $wpeaterydao->add_user($_POST['username'], $_POST['password']);
if ($adminuser != WPEateryDAO::$DATABASE_ERROR) {
$userAdded = true;
}
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Adding a user</title>
</head>
<body>