From b4d045d8aae3191c670d6070e1a8f779117f227e Mon Sep 17 00:00:00 2001
From: William <william@willy.club>
Date: Sun, 27 Feb 2022 09:05:48 +0100
Subject: [PATCH] Fix some vulns in User.php

---
 app/core/User.php | 50 +++++++++++++++++++++++------------------------
 1 file changed, 25 insertions(+), 25 deletions(-)

diff --git a/app/core/User.php b/app/core/User.php
index ab9a1ac..cdabde0 100644
--- a/app/core/User.php
+++ b/app/core/User.php
@@ -1,15 +1,18 @@
 <?php
 
-// TODO:
+// TODO: ...
 class User 
 {
     private Session  $session;
     private Database $database;
 
+    // Always initialized
     public bool    $loggedIn;
-    public int     $powerLevel; // Set to 0 when not logged in
-    public string  $username;   // Username and password is only initalized if logged in
+
+    // Initialized only if logged in 
+    public string  $username;
     public string  $password;
+    public int     $powerLevel;
 
     public function __construct(Session $session, Database $database)
     {
@@ -17,37 +20,34 @@ class User
         $this->database = $database;
 
         $user = $this->session->get('user');
-        if ($user)
+
+        // Check if user session has been set
+        if (!$user)
         {
-            // User session was set previously
-            $this->loggedIn = $user['loggedIn'];
-            $this->username = $user['username'];
-            $this->password = $user['password'];
-        } else {
-            // User session has not been set yet
             $this->loggedIn = FALSE;
+            return;
         }
 
-        // Check if username and password matches
-        if ($this->loggedIn && !$this->authenticate($this->username, $this->password))
+        // Check if username and password match
+        if (!$this->authenticate($user['username'], $user['password']))
         {
             $this->logout();
-            $this->session->flash('Kontodetaljer endret, vennligst logg inn igjen', 'warning');
+            $this->session->flash('Kontodetaljer er blitt endret, vennligst logg inn igjen', 'warning');
+            return;
         }
 
+        // All is good, we should be logged in now! (hopefully)
+        $this->username = $user['username'];
+        $this->password = $user['password'];
+        $this->loggedIn = TRUE;
+
         // Set powerLevel
-        if ($this->loggedIn)
-        {
-            $sth = $this->database->conn->prepare(
-                'SELECT * FROM brukertabell WHERE Navn = ? AND Passord = ?'
-            );
-            $sth->execute([$this->username, $this->password]);
-            $row = $sth->fetch(PDO::FETCH_ASSOC);
-
-            $this->powerLevel = $row['Nivå'];
-        } else {
-            $this->powerLevel = 0;
-        }
+        $sth = $this->database->conn->prepare(
+            'SELECT * FROM brukertabell WHERE Navn = ? AND Passord = ?'
+        );
+        $sth->execute([$this->username, $this->password]);
+        $row = $sth->fetch(PDO::FETCH_ASSOC);
+        $this->powerLevel = $row['Nivå'];
     }
 
     // Set session if user and password match