From f25b2a72f7c45e8557c98a07700415118a6529d3 Mon Sep 17 00:00:00 2001
From: Johannes Kantz <67144859+JohannesKantz@users.noreply.github.com>
Date: Thu, 12 Jan 2023 15:04:15 +0100
Subject: [PATCH] add: user login with password

---
 User.php  | 21 +++++++++++++++++----
 index.php | 11 ++++-------
 2 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/User.php b/User.php
index 6d5dea9..b3cc7ec 100644
--- a/User.php
+++ b/User.php
@@ -2,6 +2,7 @@
 require_once("BancaDati/BancaDati.php");
 use BancaDati\BancaDati;
 class User {
+    public string $id;
     public string $username;
     public string $email;
     public string $token;
@@ -9,7 +10,7 @@ class User {
     private BancaDati $db;
 
     public function __construct() {
-        $db = new BancaDati();
+        $this->db = new BancaDati();
         return $this;
     }
 
@@ -17,12 +18,24 @@ class User {
         return true;
     }
     public function loginWithUsername(string $username, string $password) : string {
-        $userObject = $this->db->select("utente", ["username" => $username]);
-        var_dump($userObject);
+        $userObject = $this->db->select("utente", ["nomeUtente" => $username]);
+
         if(!$userObject){
             return false;
         }
-        return "token";
+        $this->id = $userObject["id"];
+        $this->username = $userObject["nomeUtente"];
+        $this->email = $userObject["email"];
+        $this->password = $userObject["parolaDordine"];
+        $this->token = $this->db->createUUID();
+
+        if($this->password != $password){
+            return false; // ungültiges password
+        }
+
+        $this->db->update("utente", $this->id, ["gettone" => $this->token]);
+
+        return $this->token;
     }
     public function loginWithToken(string $token){
 
diff --git a/index.php b/index.php
index bf767ce..fbe2500 100644
--- a/index.php
+++ b/index.php
@@ -41,15 +41,12 @@ $app->post("/login", function( array $req, Response $res) use ($db) {
     $password = $req["body"]["password"];
 
     $user = $db->select("utente", ["nomeUtente" => $username]);
-    var_dump($user);
-    return;
     $user = new User();
-    $user->loginWithUsername($username, $password);
-    return;
+    $usertoken = $user->loginWithUsername($username, $password);
 
-    if(isset($user)){
-        setcookie($user->token, "TOKEN");
-        $res->send("Login successful", 200);
+    if($usertoken){
+        setcookie("TOKEN", $usertoken, time()+3600); // 1h
+        $res->send("Login successful" . "token: " . $usertoken, 200);
     }else{
         $res->send("Login failed", 403);
     }