Example #1
0
 /**
  * Authenticates user against the authorized_users table in the WP_Eatery database.
  * @param String $username
  * @param String $password
  * @return boolean true if user authenticates successfully, otherwise false.
  */
 function authenticate($username, $password)
 {
     //Set authenticated to false, as this could be a new user.
     $this->authenticated = false;
     $this->username = $username;
     $this->password = $password;
     $wpeaterydao = new WPEateryDAO();
     //Returns the hashed value of the user's password from the database.
     $userhash = $wpeaterydao->getUserHash($this->username);
     if (!$wpeaterydao->hasMysqlError()) {
         //password_verify accepts two parameters: the user's password, and
         //the hash with which to validate it. If the password is correct, it
         //will return true. Otherwise, it will return false.
         if (password_verify($this->password, $userhash)) {
             $this->authenticated = true;
             return true;
         } else {
             return false;
         }
     } else {
         //Oops, we had a database error. Might want to handle this a bit better.
         return false;
     }
 }
Example #2
0
<?php

require_once 'WPEateryDAO.php';
require_once 'AdminUser.php';
session_start();
if (isset($_SESSION['websiteUser'])) {
    if ($_SESSION['websiteUser']->isAuthenticated()) {
        session_write_close();
        header('Location:restricted.php');
    }
}
$missingFields = false;
if (isset($_POST['submit'])) {
    if (isset($_POST['username']) && isset($_POST['password'])) {
        if ($_POST['username'] != '' && $_POST['password'] != '') {
            $wpeaterydao = new WPEateryDAO();
            $adminuser = $wpeaterydao->add_user($_POST['username'], $_POST['password']);
            if ($adminuser != WPEateryDAO::$DATABASE_ERROR) {
                $userAdded = true;
            }
        }
    }
}
?>

<!DOCTYPE html>
<html>
	<head>
		<title>Adding a user</title>
	</head>
	<body>