backend-01

commit 1a8a2d0c2ea2b0ffc7d6584fee25942655582eb4

Author: Pedro Lucas Porcellis <porcellis@eletrotupi.com>

auth: sanitize password and don't double cryptograph user password

password_verify already do that without adding the salt info


 app/controllers/AuthController.php | 13 ++++++++-----
 app/daos/UserDAO.php | 4 ++--


diff --git a/app/controllers/AuthController.php b/app/controllers/AuthController.php
index fda6afafaeb0ce30c28c87871e15afc910e8b91a..0548724182694cb30d470220b819ebb8b8fe8031 100644
--- a/app/controllers/AuthController.php
+++ b/app/controllers/AuthController.php
@@ -13,14 +13,17 @@   public function login() {
     $email = $_POST['email'];
     $password = $_POST['password'];
 
-    $cryptographicPassword = password_hash($password, PASSWORD_DEFAULT);
+    $sanitizedPassword = htmlspecialchars($password);
+    $user = $this->authService->login($email, $sanitizedPassword);
 
-    $user = $this->authService->login($email, $cryptographicPassword);
+    if ($user) {
+      $_SESSION['user_id'] = $user->getId();
+      $_SESSION['user_email'] = $user->getEmail();
 
-    if ($user) {
-      //$_SESSION['user_id'] = $user['id'];
-      echo 'Usuário logado com sucesso';
+      header('Location: /dashboard');
+      exit();
     } else {
+      // TODO: Flash messages
       echo 'Usuário ou senha inválidos';
     }
   }




diff --git a/app/daos/UserDAO.php b/app/daos/UserDAO.php
index 8cb7b6985d14f1de8cabd7aac29cf4ba967a733e..b4f280614af57b66f3b7d59a3613cae96eed5e33 100644
--- a/app/daos/UserDAO.php
+++ b/app/daos/UserDAO.php
@@ -22,9 +22,9 @@
     if ($userData) {
       return new User(
         $userData['id'],
-        $userData['name'],
+        $userData['username'],
         $userData['email'],
-        $userData['password']
+        $userData['encrypted_password']
       );
     }