Only send user data and token on login; Hash dictionary ids

2019-05-21 11:48:28 -06:00 · 2019-05-21 11:48:28 -06:00 · 59dcdd1694
parent c9f456edfb
commit 59dcdd1694
2 changed files with 5 additions and 9 deletions
--- a/src/php/api/Dictionary.php
+++ b/src/php/api/Dictionary.php
@ -71,7 +71,7 @@ VALUES ($new_id, ?, ?, ?, ?)";
    if ($results) {
      return array_map(function($result) {
        return array(
-          'id' => $result['id'],
+          'id' => $this->token->hash($result['id']),
          'name' => $result['name'] . ' ' . $result['specification'],
        );
      }, $results);
--- a/src/php/api/User.php
+++ b/src/php/api/User.php
@ -24,10 +24,10 @@ class User {
        }
      } else if (password_verify($password, $user['password'])) {
        $this->db->execute('UPDATE users SET last_login=' . time() . ' WHERE id=' . $user['id']);
-        setcookie('token', $this->generateUserToken($user['id'], $user['current_dictionary']));
+        $token = $this->generateUserToken($user['id'], $user['current_dictionary']);
        return array(
          'token' => $token,
          'user' => $this->getUserData($user['id']),
          'dictionary' => $this->token->hash($user['current_dictionary']),
        );
      }
    }
@ -60,14 +60,10 @@ VALUES (?, ?, ?, ?, ?)';
      if (isset($new_dictionary['error'])) {
        return $new_dictionary;
      } else {
-        setcookie('token', $this->generateUserToken($new_user_id, $new_dictionary));
+        $token = $this->generateUserToken($new_user_id, $new_dictionary);
        return array(
          'token' => $token,
          'user' => $this->getUserData($new_user_id),
          'dictionary' => $this->token->hash($new_dictionary),
          'debug' => [
            'newUserId' => $new_user_id,
            'newDictionary' => $new_dictionary,
          ],
        );
      }
    }