X-Git-Url: http://git.maemo.org/git/?a=blobdiff_plain;f=Server%2Fapplication%2Fmodels%2Fuser.php;h=78ef8ca9528212c894ed883bd239a264b4500ce3;hb=90b8ea7c1822225291dbe4042f918d8b4a5a039c;hp=d40857472c9b315b902f4ea6aa11ecbc6cac8553;hpb=eea7a7b811c836a253d9d21a6a3897b2963cdc18;p=speedfreak

diff --git a/Server/application/models/user.php b/Server/application/models/user.php
index d408574..78ef8ca 100644
--- a/Server/application/models/user.php
+++ b/Server/application/models/user.php
@@ -1,6 +1,6 @@
 <?php defined('SYSPATH') or die('No direct script access.');
 /*
- * API controller for communicating with mobile clients
+ * Users model for creating and manipulating user accounts
  * 
  * @author      Artem Daniliants <artem@daniliants.com>
  * @copyright   (c) 2010 Speed Freak team
@@ -22,7 +22,7 @@ class User_Model extends Model {
     	// load database library into $this->db
         parent::__construct();
         
-        if (isset($username, $password, $email)){
+        if ($username!='' and $password!='' and $email!=''){
         	if (strlen($username)<3)
         	   throw new Exception('Username too short');
             elseif (strlen($username)>12)
@@ -53,8 +53,25 @@ class User_Model extends Model {
      * @return bool Returns True if operation was successfull and exception otherwise
      */
     private function register($username, $password, $email){
-    	return $this->db->query('INSERT into users SET username = ?, password = ?, email = ?',
-    	           $this->db->escape($username), $this->db->escape($password), $this->db->escape($email));
+    	// hash password
+        $password = $this->hash($password);
+        
+        // @todo I can't seem to get query working when password binding has '' around it like others
+        if ($this->user_exists($username, $email)==false)
+    	   return $this->db->query("INSERT into users SET username = '?', password = ?, email = '?'",
+    	           $username, $password, $email);
+        else
+            return false;
+    }
+    
+    /*
+     * Hash password supplied by user using salt stored in config file
+     * 
+     * @param string $password Password in plain text format
+     * @return string Returns string containing hash generated from password
+     */
+    private function hash($password){
+    	return sha1($password.Kohana::config('api.salt'));
     }
     
     /*
@@ -65,8 +82,40 @@ class User_Model extends Model {
      * @return bool Returns True if user exists and false otherwise
      */
     private function user_exists($username, $email){
-        if ($this->db->query('SELECT id FROM users WHERE username = ? OR email = ?',
-                   $this->db->escape($username), $this->db->escape($email))->count()>0)
+    	if ($this->db->query("SELECT id FROM users WHERE username = '?' OR email = '?'",
+	                   $username, $email)->count()>0)
+	       return true;
+	    else
+	       return false;          
+    }
+    
+    /*
+     * Get user id
+     *
+     * @param string $username Username
+     * @return integer|bool User id if successful or false
+     */
+    public function get_id($username){
+        $result = $this->db->query("SELECT id FROM users WHERE username = ?", $username);
+	if ($result->count()>0)
+           return $result[0]->id;
+        else
+           return false;
+    }
+
+    /*
+     * Check if supplied credentials are valid
+     * 
+     * @param string $username Username
+     * @param string $password Password in plain text format
+     * @return bool True if credentials match and false if supplied credentials are invalid
+     */
+    public function login($username, $password){
+        // hash password
+        $password = $this->hash($password);
+        
+        if ($this->db->query("SELECT id FROM users WHERE username = ? AND password = ?",
+                             $username, $password)->count()>0)
             return true;
         else
             return false;