Allow temp login (for admin)

2026-01-28 12:38:40 +00:00 · 2018-08-18 12:44:36 +02:00 · 2018-08-18 12:44:36 +02:00 · 738b2277ee
commit 738b2277ee
parent ca7df21c0c
2 changed files with 14 additions and 21 deletions
--- a/Admin/Installer.php
+++ b/Admin/Installer.php
@ -156,6 +156,7 @@ class Installer extends InstallerAbstract
                            `account_name2` varchar(50) NOT NULL,
                            `account_name3` varchar(50) NOT NULL,
                            `account_password` varchar(64) DEFAULT NULL,
+                            `account_temp` varchar(64) DEFAULT NULL,
                            `account_email` varchar(70) NOT NULL,
                            `account_tries` tinyint(2) NOT NULL DEFAULT 0,
                            `account_lactive` datetime DEFAULT NULL,
--- a/Models/AccountMapper.php
+++ b/Models/AccountMapper.php
@ -99,8 +99,6 @@ class AccountMapper extends DataMapperAbstract
     *
     * @return int Login code
     *
-     * @todo   move this to the admin accountMapper
-     *
     * @since  1.0.0
     */
    public static function login(string $login, string $password) : int
@ -112,24 +110,12 @@ class AccountMapper extends DataMapperAbstract
        try {
            $result = null;

-            switch (self::$db->getType()) {
-                case DatabaseType::MYSQL:
-                    $sth = self::$db->con->prepare(
-                        'SELECT
-                            `' . self::$db->prefix . 'account`.*
-                        FROM
-                            `' . self::$db->prefix . 'account`
-                        WHERE
-                            `account_login` = :login'
-                    );
-                    $sth->bindValue(':login', $login, \PDO::PARAM_STR);
-                    $sth->execute();
-
-                    $result = $sth->fetchAll();
-                    break;
-            }
-
-            // TODO: check if user is allowed to login on THIS page (backend|frontend|etc...)
+            $query  = new Builder(self::$db);
+            $result = $query->prefix(self::$db->getPrefix())
+                ->select('*')
+                ->from('account')
+                ->where('account_login', '=', $login)
+                ->execute()->fetchAll();

            if (!isset($result[0])) {
                return LoginReturnType::WRONG_USERNAME;
@ -145,7 +131,13 @@ class AccountMapper extends DataMapperAbstract
                return LoginReturnType::EMPTY_PASSWORD;
            }

-            if (password_verify($password, $result['account_password'])) {
+            if (\password_verify($password, $result['account_password'])) {
+                return $result['account_id'];
+            }
+
+            if ($result['account_password_temp'] !== '' && \password_verify($password, $result['account_password_temp'])) {
+                $query->update('account')->set(['account_password_temp' => ''])->where('account_login', '=', $login)->execute();
+
                return $result['account_id'];
            }