public function login($login, $password, $remember = false) { /** * @var $user \User */ $user = Application::get_class(\User::class); $mapper = $user->get_mapper(); $login = VarHandler::sanitize_var($login, 'string', ''); $password = VarHandler::sanitize_var($password, 'string', ''); $password = trim($password); $collection = $mapper->find_where(['login' => ['=', $login]]); $result = false; $identity = null; if ($collection->count()) { /** * @var $identity UserModel */ $identity = $collection->one(); if ($password || trim($identity->password)) { if (password_verify($password, trim($identity->password))) { $result = true; } } else { $result = true; } } if ($result && $identity) { if (trim($identity->remember_hash) === '') { $identity->remember_hash = password_hash($identity->password . $identity->login, PASSWORD_DEFAULT); $mapper->save($identity); } if ($remember) { setcookie('user', $identity->remember_hash, strtotime('+10 years'), '/'); /* * for tests */ $_COOKIE['user'] = $identity->remember_hash; } else { /** * @var $session \Session */ $session = Application::get_class(\Session::class); $session->set_var('user', $identity->remember_hash); } } return $result; }
/** * @param string $var * @param string $filter * @param string $default * @param string $expected * @covers common\classes\VarHandler::sanitize_var * @dataProvider sanitize_var_provider */ public function test_sanitize_var($var, $filter, $default, $expected) { self::assertEquals($expected, VarHandler::sanitize_var($var, $filter, $default)); }