From 93b405ab9f69538546165c75a301c0c57a5359cf Mon Sep 17 00:00:00 2001
From: Camil Staps
Date: Tue, 26 Jul 2016 00:16:17 +0200
Subject: User authentication mechanism

---
 install/index.php   | 19 +++++++++++++++++++
 install/upgrade.php | 13 +++++++++++++
 2 files changed, 32 insertions(+)

(limited to 'install')

diff --git a/install/index.php b/install/index.php
index 6c57769..41fb450 100644
--- a/install/index.php
+++ b/install/index.php
@@ -89,6 +89,13 @@ if (isset($_GET['create_tables'])) {
 			  KEY `contactId_2` (`contactId`),
 			  KEY `invoice_fileId_2` (`invoice_fileId`)
 			) ENGINE=InnoDB  DEFAULT CHARSET=latin1");
+		
+		$_pdo->query("CREATE TABLE IF NOT EXISTS `".constants::db_prefix."user` (
+			  `id` smallint(5) unsigned NOT NULL AUTO_INCREMENT,
+				`username` varchar(24) NOT NULL,
+				`password` varchar(255) NOT NULL,
+				PRIMARY KEY (`id`)
+			) ENGINE=InnoDB DEFAULT CHARSET=latin1;");
 
 		$_pdo->query("ALTER TABLE `".constants::db_prefix."assignment`
 			  ADD CONSTRAINT `assignment_ibfk_1` FOREIGN KEY (`offerId`) REFERENCES `".constants::db_prefix."offer` (`id`)");
@@ -120,6 +127,17 @@ if (isset($_GET['create_folders'])) {
 		echo "Creating folder `" . constants::files_folder_trash . "` failed.<br/>";
 	}
 }
+
+if (isset($_GET['password_cost'])) {
+	$target = 1;
+	$start = $end = 0;
+	for ($cost = 10; $end - $start < $target; $cost++) {
+		$start = microtime(true);
+		user::hash('test', $cost);
+		$end = microtime(true);
+	}
+	echo "Password cost suggestion: $cost.<br/>You can set this in classes/constants.php.";
+}
 ?>
 
 <hr/>
@@ -129,6 +147,7 @@ if (isset($_GET['create_folders'])) {
 <ol>
 	<li><a href="?create_tables">Create database tables</a></li>
 	<li><a href="?create_folders">Create folders</a></li>
+	<li><a href="?password_cost">Finding a good password cost</a></li>
 </ol>
 
 <p>When you're done, it would be the neatest to remove the /install folder (even though this whole control panel should not be accessible for the public).</p>
diff --git a/install/upgrade.php b/install/upgrade.php
index 04cc03a..e145ba7 100644
--- a/install/upgrade.php
+++ b/install/upgrade.php
@@ -73,6 +73,19 @@ if (isset($_GET['upgrade'])) {
 		}
 	}
 
+	if (lower_version($_GET['upgrade'], '0.4')) {
+		try {
+			$_pdo->query("CREATE TABLE IF NOT EXISTS `".constants::db_prefix."user` (
+				  `id` smallint(5) unsigned NOT NULL AUTO_INCREMENT,
+					`username` varchar(24) NOT NULL,
+					`password` varchar(255) NOT NULL,
+					PRIMARY KEY (`id`)
+				) ENGINE=InnoDB DEFAULT CHARSET=latin1;");
+		} catch (PDOException $e) {
+			echo "Altering the database structure failed with a PDOException ({$e->getCode()}): {$e->getMessage()}<br/>" . $e->getTraceAsString();
+		}
+	}
+
 	echo "<br/>All done.";
 }
 ?>
-- 
cgit v1.2.3