[irc/unrealircd/unrealircd-webpanel.git] / plugins / sql_auth / SQL / user.php

<?php

/**
 * SQLA_User
 * This is the User class for the SQL_Auth plugin
 */
class SQLA_User
{
    public $id = NULL;
    public $username = NULL;
    private $passhash = NULL;
    public $first_name = NULL;
    public $last_name = NULL;
    public $created = NULL;
    public $user_meta = [];
    public $bio = NULL;

    /**
     * Find a user in the database by name or ID
     * @param string $name
     * @param mixed $id
     */
    function __construct(string $name = NULL, int $id = NULL)
    {
        $conn = sqlnew();

        if ($id)
        {
            $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE user_id = :id LIMIT 1");
            $prep->execute(["id" => strtolower($id)]);
        }
        elseif ($name)
        {
            $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE LOWER(user_name) = :name LIMIT 1");
            $prep->execute(["name" => strtolower($name)]);
        }
        $data = NULL;
        if ($prep)
            $data = $prep->fetchAll();
        if (isset($data[0]) && $data = $data[0])
        {
            $this->id = $data['user_id'];
            $this->username = $data['user_name'];
            $this->passhash = $data['user_pass'];
            $this->first_name = $data['user_fname'] ?? NULL;
            $this->last_name = $data['user_lname'] ?? NULL;
            $this->created = $data['created'];
            $this->bio = $data['user_bio'];
            $this->user_meta = (new SQLA_User_Meta($this->id))->list;
        }
    }

    /**
     * Verify a user's password
     * @param string $input
     * @return bool
     */
    function password_verify(string $input) : bool
    {
        if (password_verify($input, $this->passhash))
            return true;
        return false;
    }

    /**
     * Add user meta data
     * @param string $key
     * @param string $value
     * @return bool
     */
    function add_meta(string $key, string $value)
    {
        if (!$key || !$value)
            return false;

        $meta = [
            "id" => $this->id,
            "key" => $key,
            "value" => $value
        ];
        
        $conn = sqlnew();

        /* check if it exists first, update it if it does */
        $query = "SELECT * FROM " . SQL_PREFIX . "user_meta WHERE user_id = :id AND meta_key = :key";
        $stmt = $conn->prepare($query);
        $stmt->execute(["id" => $this->id, "key" => $key]);
        if ($stmt->rowCount()) // it exists, update instead of insert
        {
            $query = "UPDATE " . SQL_PREFIX . "user_meta SET meta_value = :value WHERE user_id = :id AND meta_key = :key";
            $stmt = $conn->prepare($query);
            $stmt->execute($meta);
            if ($stmt->rowCount())
                return true;
            return false;
        }

        else
        {
            $query = "INSERT INTO " . SQL_PREFIX . "user_meta (user_id, meta_key, meta_value) VALUES (:id, :key, :value)";
            $stmt = $conn->prepare($query);
            $stmt->execute($meta);
            if ($stmt->rowCount())
                return true;
            return false;
        }
    }

    /**
     * Delete user meta data by key
     * @param string $key
     * @return bool
     */
    function delete_meta(string $key)
    {
        if (!$key )
            return false;

        $meta = [
            "id" => $this->id,
            "key" => $key,
        ];
        
        $conn = sqlnew();
        $query = "DELETE FROM " . SQL_PREFIX . "user_meta WHERE user_id = :id AND  meta_key = :key";
        $stmt = $conn->prepare($query);
        $stmt->execute($meta);
        if ($stmt->rowCount())
            return true;
        return false;

    }
}


/**
 * This class looks up and returns any user meta.
 * This is used by SQLA_User, so you won't need to 
 * call it separately from SQLA_User.
 */
class SQLA_User_Meta
{
    public $list = [];
    function __construct($id)
    {
        $conn = sqlnew();
        if ($id)
        {
            $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "user_meta WHERE user_id = :id");
            $prep->execute(["id" => $id]);
        }
        foreach ($prep->fetchAll() as $row)
        {
            $this->list[$row['meta_key']] = $row['meta_value'];
        }
    }
}

/**
 * Array of user
 * 
 * Required:
 * user_name
 * user_pass
 * 
 * Optional:
 * user_fname
 * user_lname
 * 
 * @param array $user
 * @throws Exception
 * @return bool
 */
function create_new_user(array $user) : bool
{
    if (!isset($user['user_name']) || !isset($user['user_pass']))
        throw new Exception("Attempted to add user without specifying user_name or user_pass");

    $username = $user['user_name'];
    $password = password_hash($user['user_pass'], PASSWORD_ARGON2ID);
    $first_name = (isset($user['fname'])) ? $user['fname'] : NULL;
    $last_name = (isset($user['lname'])) ? $user['lname'] : NULL;
    $user_bio = (isset($user['user_bio'])) ? $user['user_bio'] : NULL;
    

    $conn = sqlnew();
    $prep = $conn->prepare("INSERT INTO " . SQL_PREFIX . "users (user_name, user_pass, user_fname, user_lname, user_bio, created) VALUES (:name, :pass, :fname, :lname, :user_bio, :created)");
    $prep->execute(["name" => $username, "pass" => $password, "fname" => $first_name, "lname" => $last_name, "user_bio" => $user_bio, "created" => date("Y-m-d H:i:s")]);
    
    return true;
}

/**
 * Gets the user object for the current session
 * @return SQLA_User|bool
 */
function unreal_get_current_user() : SQLA_User|bool
{
    session_start();
    if (isset($_SESSION['id']))
    {
        $user = new SQLA_User(NULL, $_SESSION['id']);
        if ($user->id)
            return $user;
    }
    return false;
}

/**
 * Checks if a user can do something
 * @param string $permission
 * @return bool
 */
function current_user_can() : bool
{
    
    return false;
}

/**
 * Delete a user and related meta
 * @param int $id The ID of the user in the SQL database.
 * @param array $info Optional: This will fill with a response.
 * @return int
 * 
 * Return values:
 *  1   The user was successfully deleted.
 *  0   The user was not found
 *  -1  The admin does not have permission to delete users [TODO]
 */
function delete_user(int $id, &$info = []) : int
{
    $user = new SQLA_User(NULL, $id);
    if (!$user->id) {
        $info[] = "Could not find user";
        var_dump("return 1");
        return 0;
    }
    $query = "DELETE FROM " . SQL_PREFIX . "users WHERE user_id = :id";
    $conn = sqlnew();
    $stmt = $conn->prepare($query);
    $stmt->execute(["id" => $user->id]);
    $deleted = $stmt->rowCount();
    if ($user->id)
    {
        $info[] = "Successfully deleted user \"$user->username\"";
        return 1;
    }
    $info[] = "Unknown error";
    return 0;
}
Commit	Line	Data
961b0aa7 VP	1	<?php
961b0aa7 VP	2
6b3d3f83 VP	3	/**
	4	* SQLA_User
	5	* This is the User class for the SQL_Auth plugin
	6	*/
961b0aa7 VP	7	class SQLA_User
	8	{
	9	public $id = NULL;
	10	public $username = NULL;
4225314c	11	private $passhash = NULL;
961b0aa7 VP	12	public $first_name = NULL;
961b0aa7 VP	13	public $last_name = NULL;
d5316e28	14	public $created = NULL;
4d634d0a	15	public $user_meta = [];
d5316e28	16	public $bio = NULL;
961b0aa7	17
a3151e7c VP	18	/**
	19	* Find a user in the database by name or ID
	20	* @param string $name
	21	* @param mixed $id
	22	*/
54b5ea90	23	function __construct(string $name = NULL, int $id = NULL)
961b0aa7 VP	24	{
961b0aa7 VP	25	$conn = sqlnew();
a3151e7c VP	26
	27	if ($id)
	28	{
	29	$prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE user_id = :id LIMIT 1");
	30	$prep->execute(["id" => strtolower($id)]);
	31	}
	32	elseif ($name)
	33	{
	34	$prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE LOWER(user_name) = :name LIMIT 1");
	35	$prep->execute(["name" => strtolower($name)]);
	36	}
4d634d0a VP	37	$data = NULL;
	38	if ($prep)
	39	$data = $prep->fetchAll();
7aad7c29	40	if (isset($data[0]) && $data = $data[0])
961b0aa7 VP	41	{
	42	$this->id = $data['user_id'];
	43	$this->username = $data['user_name'];
	44	$this->passhash = $data['user_pass'];
4d634d0a VP	45	$this->first_name = $data['user_fname'] ?? NULL;
4d634d0a VP	46	$this->last_name = $data['user_lname'] ?? NULL;
d5316e28 VP	47	$this->created = $data['created'];
d5316e28 VP	48	$this->bio = $data['user_bio'];
4d634d0a	49	$this->user_meta = (new SQLA_User_Meta($this->id))->list;
961b0aa7	50	}
961b0aa7 VP	51	}
961b0aa7 VP	52
54b5ea90 VP	53	/**
	54	* Verify a user's password
	55	* @param string $input
	56	* @return bool
	57	*/
	58	function password_verify(string $input) : bool
a3151e7c VP	59	{
	60	if (password_verify($input, $this->passhash))
	61	return true;
	62	return false;
	63	}
54b5ea90 VP	64
	65	/**
	66	* Add user meta data
	67	* @param string $key
	68	* @param string $value
	69	* @return bool
	70	*/
	71	function add_meta(string $key, string $value)
	72	{
	73	if (!$key \|\| !$value)
	74	return false;
	75
	76	$meta = [
	77	"id" => $this->id,
	78	"key" => $key,
	79	"value" => $value
	80	];
	81
	82	$conn = sqlnew();
33f512fa VP	83
	84	/* check if it exists first, update it if it does */
	85	$query = "SELECT * FROM " . SQL_PREFIX . "user_meta WHERE user_id = :id AND meta_key = :key";
54b5ea90	86	$stmt = $conn->prepare($query);
33f512fa VP	87	$stmt->execute(["id" => $this->id, "key" => $key]);
	88	if ($stmt->rowCount()) // it exists, update instead of insert
	89	{
	90	$query = "UPDATE " . SQL_PREFIX . "user_meta SET meta_value = :value WHERE user_id = :id AND meta_key = :key";
	91	$stmt = $conn->prepare($query);
	92	$stmt->execute($meta);
	93	if ($stmt->rowCount())
	94	return true;
	95	return false;
	96	}
54b5ea90	97
33f512fa VP	98	else
	99	{
	100	$query = "INSERT INTO " . SQL_PREFIX . "user_meta (user_id, meta_key, meta_value) VALUES (:id, :key, :value)";
	101	$stmt = $conn->prepare($query);
	102	$stmt->execute($meta);
	103	if ($stmt->rowCount())
	104	return true;
	105	return false;
	106	}
54b5ea90 VP	107	}
	108
	109	/**
33f512fa	110	* Delete user meta data by key
54b5ea90	111	* @param string $key
54b5ea90 VP	112	* @return bool
54b5ea90 VP	113	*/
33f512fa	114	function delete_meta(string $key)
54b5ea90	115	{
33f512fa	116	if (!$key )
54b5ea90 VP	117	return false;
	118
	119	$meta = [
	120	"id" => $this->id,
	121	"key" => $key,
54b5ea90 VP	122	];
	123
	124	$conn = sqlnew();
33f512fa	125	$query = "DELETE FROM " . SQL_PREFIX . "user_meta WHERE user_id = :id AND meta_key = :key";
54b5ea90 VP	126	$stmt = $conn->prepare($query);
	127	$stmt->execute($meta);
	128	if ($stmt->rowCount())
	129	return true;
	130	return false;
	131
	132	}
4d634d0a	133	}
a3151e7c	134
6b3d3f83 VP	135
	136	/**
	137	* This class looks up and returns any user meta.
	138	* This is used by SQLA_User, so you won't need to
	139	* call it separately from SQLA_User.
	140	*/
4d634d0a VP	141	class SQLA_User_Meta
	142	{
	143	public $list = [];
	144	function __construct($id)
	145	{
	146	$conn = sqlnew();
	147	if ($id)
	148	{
	149	$prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "user_meta WHERE user_id = :id");
	150	$prep->execute(["id" => $id]);
	151	}
	152	foreach ($prep->fetchAll() as $row)
	153	{
	154	$this->list[$row['meta_key']] = $row['meta_value'];
	155	}
	156	}
a3151e7c VP	157	}
a3151e7c VP	158
4225314c VP	159	/**
	160	* Array of user
	161	*
	162	* Required:
	163	* user_name
	164	* user_pass
	165	*
	166	* Optional:
	167	* user_fname
	168	* user_lname
	169	*
	170	* @param array $user
	171	* @throws Exception
	172	* @return bool
	173	*/
4d634d0a VP	174	function create_new_user(array $user) : bool
	175	{
	176	if (!isset($user['user_name']) \|\| !isset($user['user_pass']))
	177	throw new Exception("Attempted to add user without specifying user_name or user_pass");
	178
	179	$username = $user['user_name'];
	180	$password = password_hash($user['user_pass'], PASSWORD_ARGON2ID);
	181	$first_name = (isset($user['fname'])) ? $user['fname'] : NULL;
	182	$last_name = (isset($user['lname'])) ? $user['lname'] : NULL;
7aad7c29	183	$user_bio = (isset($user['user_bio'])) ? $user['user_bio'] : NULL;
d5316e28	184
a3151e7c	185
4d634d0a	186	$conn = sqlnew();
7aad7c29 VP	187	$prep = $conn->prepare("INSERT INTO " . SQL_PREFIX . "users (user_name, user_pass, user_fname, user_lname, user_bio, created) VALUES (:name, :pass, :fname, :lname, :user_bio, :created)");
7aad7c29 VP	188	$prep->execute(["name" => $username, "pass" => $password, "fname" => $first_name, "lname" => $last_name, "user_bio" => $user_bio, "created" => date("Y-m-d H:i:s")]);
4d634d0a VP	189
	190	return true;
	191	}
	192
	193	/**
	194	* Gets the user object for the current session
	195	* @return SQLA_User\|bool
	196	*/
	197	function unreal_get_current_user() : SQLA_User\|bool
a3151e7c VP	198	{
	199	session_start();
	200	if (isset($_SESSION['id']))
	201	{
4d634d0a VP	202	$user = new SQLA_User(NULL, $_SESSION['id']);
	203	if ($user->id)
	204	return $user;
a3151e7c VP	205	}
a3151e7c VP	206	return false;
4d634d0a VP	207	}
	208
	209	/**
	210	* Checks if a user can do something
	211	* @param string $permission
	212	* @return bool
	213	*/
	214	function current_user_can() : bool
	215	{
	216
	217	return false;
	218	}
	219
7aad7c29 VP	220	/**
	221	* Delete a user and related meta
	222	* @param int $id The ID of the user in the SQL database.
	223	* @param array $info Optional: This will fill with a response.
	224	* @return int
	225	*
	226	* Return values:
	227	* 1 The user was successfully deleted.
	228	* 0 The user was not found
	229	* -1 The admin does not have permission to delete users [TODO]
	230	*/
	231	function delete_user(int $id, &$info = []) : int
	232	{
	233	$user = new SQLA_User(NULL, $id);
	234	if (!$user->id) {
	235	$info[] = "Could not find user";
	236	var_dump("return 1");
	237	return 0;
	238	}
	239	$query = "DELETE FROM " . SQL_PREFIX . "users WHERE user_id = :id";
	240	$conn = sqlnew();
	241	$stmt = $conn->prepare($query);
	242	$stmt->execute(["id" => $user->id]);
	243	$deleted = $stmt->rowCount();
	244	if ($user->id)
	245	{
	246	$info[] = "Successfully deleted user \"$user->username\"";
	247	return 1;
	248	}
	249	$info[] = "Unknown error";
	250	return 0;
54b5ea90 VP	251	}
54b5ea90 VP	252