[irc/unrealircd/unrealircd-webpanel.git] / plugins / sql_auth / SQL / user.php

<?php

/**
 * SQLA_User
 * This is the User class for the SQL_Auth plugin
 */
class SQLA_User
{
    public $id = NULL;
    public $username = NULL;
    private $passhash = NULL;
    public $first_name = NULL;
    public $last_name = NULL;
    public $created = NULL;
    public $user_meta = [];
    public $bio = NULL;

    /**
     * Find a user in the database by name or ID
     * @param string $name
     * @param mixed $id
     */
    function __construct(string $name = NULL, int $id = NULL)
    {
        $conn = sqlnew();

        if ($id)
        {
            $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE user_id = :id LIMIT 1");
            $prep->execute(["id" => strtolower($id)]);
        }
        elseif ($name)
        {
            $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE LOWER(user_name) = :name LIMIT 1");
            $prep->execute(["name" => strtolower($name)]);
        }
        $data = NULL;
        if ($prep)
            $data = $prep->fetchAll();
        if (isset($data[0]) && $data = $data[0])
        {
            $this->id = $data['user_id'];
            $this->username = $data['user_name'];
            $this->passhash = $data['user_pass'];
            $this->first_name = $data['user_fname'] ?? NULL;
            $this->last_name = $data['user_lname'] ?? NULL;
            $this->created = $data['created'];
            $this->bio = $data['user_bio'];
            $this->user_meta = (new SQLA_User_Meta($this->id))->list;
        }
    }

    /**
     * Verify a user's password
     * @param string $input
     * @return bool
     */
    function password_verify(string $input) : bool
    {
        if (password_verify($input, $this->passhash))
            return true;
        return false;
    }

    /**
     * Add user meta data
     * @param string $key
     * @param string $value
     * @return bool
     */
    function add_meta(string $key, string $value)
    {
        if (!$key || !$value)
            return false;

        $meta = [
            "id" => $this->id,
            "key" => $key,
            "value" => $value
        ];
        
        $conn = sqlnew();
        $query = "INSERT INTO " . SQL_PREFIX . "user_meta (user_id, meta_key, meta_value) VALUES (:id, :key, :value)";
        $stmt = $conn->prepare($query);
        $stmt->execute($meta);
        if ($stmt->rowCount())
            return true;
        return false;

    }

    /**
     * Delete user meta data
     * @param string $key
     * @param string $value
     * @return bool
     */
    function delete_meta(string $key, string $value)
    {
        if (!$key || !$value)
            return false;

        $meta = [
            "id" => $this->id,
            "key" => $key,
            "value" => $value
        ];
        
        $conn = sqlnew();
        $query = "INSERT INTO " . SQL_PREFIX . "user_meta (user_id, meta_key, meta_value) VALUES (:id, :key, :value)";
        $stmt = $conn->prepare($query);
        $stmt->execute($meta);
        if ($stmt->rowCount())
            return true;
        return false;

    }
}


/**
 * This class looks up and returns any user meta.
 * This is used by SQLA_User, so you won't need to 
 * call it separately from SQLA_User.
 */
class SQLA_User_Meta
{
    public $list = [];
    function __construct($id)
    {
        $conn = sqlnew();
        if ($id)
        {
            $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "user_meta WHERE user_id = :id");
            $prep->execute(["id" => $id]);
        }
        foreach ($prep->fetchAll() as $row)
        {
            $this->list[$row['meta_key']] = $row['meta_value'];
        }
    }
}

/**
 * Array of user
 * 
 * Required:
 * user_name
 * user_pass
 * 
 * Optional:
 * user_fname
 * user_lname
 * 
 * @param array $user
 * @throws Exception
 * @return bool
 */
function create_new_user(array $user) : bool
{
    if (!isset($user['user_name']) || !isset($user['user_pass']))
        throw new Exception("Attempted to add user without specifying user_name or user_pass");

    $username = $user['user_name'];
    $password = password_hash($user['user_pass'], PASSWORD_ARGON2ID);
    $first_name = (isset($user['fname'])) ? $user['fname'] : NULL;
    $last_name = (isset($user['lname'])) ? $user['lname'] : NULL;
    $user_bio = (isset($user['user_bio'])) ? $user['user_bio'] : NULL;
    

    $conn = sqlnew();
    $prep = $conn->prepare("INSERT INTO " . SQL_PREFIX . "users (user_name, user_pass, user_fname, user_lname, user_bio, created) VALUES (:name, :pass, :fname, :lname, :user_bio, :created)");
    $prep->execute(["name" => $username, "pass" => $password, "fname" => $first_name, "lname" => $last_name, "user_bio" => $user_bio, "created" => date("Y-m-d H:i:s")]);
    
    return true;
}

/**
 * Gets the user object for the current session
 * @return SQLA_User|bool
 */
function unreal_get_current_user() : SQLA_User|bool
{
    session_start();
    if (isset($_SESSION['id']))
    {
        $user = new SQLA_User(NULL, $_SESSION['id']);
        if ($user->id)
            return $user;
    }
    return false;
}

/**
 * Checks if a user can do something
 * @param string $permission
 * @return bool
 */
function current_user_can() : bool
{
    
    return false;
}

/**
 * Delete a user and related meta
 * @param int $id The ID of the user in the SQL database.
 * @param array $info Optional: This will fill with a response.
 * @return int
 * 
 * Return values:
 *  1   The user was successfully deleted.
 *  0   The user was not found
 *  -1  The admin does not have permission to delete users [TODO]
 */
function delete_user(int $id, &$info = []) : int
{
    $user = new SQLA_User(NULL, $id);
    if (!$user->id) {
        $info[] = "Could not find user";
        var_dump("return 1");
        return 0;
    }
    $query = "DELETE FROM " . SQL_PREFIX . "users WHERE user_id = :id";
    $conn = sqlnew();
    $stmt = $conn->prepare($query);
    $stmt->execute(["id" => $user->id]);
    $deleted = $stmt->rowCount();
    if ($user->id)
    {
        $info[] = "Successfully deleted user \"$user->username\"";
        return 1;
    }
    $info[] = "Unknown error";
    return 0;
}
Commit	Line	Data
961b0aa7 VP	1	<?php
961b0aa7 VP	2
6b3d3f83 VP	3	/**
	4	* SQLA_User
	5	* This is the User class for the SQL_Auth plugin
	6	*/
961b0aa7 VP	7	class SQLA_User
	8	{
	9	public $id = NULL;
	10	public $username = NULL;
4225314c	11	private $passhash = NULL;
961b0aa7 VP	12	public $first_name = NULL;
961b0aa7 VP	13	public $last_name = NULL;
d5316e28	14	public $created = NULL;
4d634d0a	15	public $user_meta = [];
d5316e28	16	public $bio = NULL;
961b0aa7	17
a3151e7c VP	18	/**
	19	* Find a user in the database by name or ID
	20	* @param string $name
	21	* @param mixed $id
	22	*/
54b5ea90	23	function __construct(string $name = NULL, int $id = NULL)
961b0aa7 VP	24	{
961b0aa7 VP	25	$conn = sqlnew();
a3151e7c VP	26
	27	if ($id)
	28	{
	29	$prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE user_id = :id LIMIT 1");
	30	$prep->execute(["id" => strtolower($id)]);
	31	}
	32	elseif ($name)
	33	{
	34	$prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE LOWER(user_name) = :name LIMIT 1");
	35	$prep->execute(["name" => strtolower($name)]);
	36	}
4d634d0a VP	37	$data = NULL;
	38	if ($prep)
	39	$data = $prep->fetchAll();
7aad7c29	40	if (isset($data[0]) && $data = $data[0])
961b0aa7 VP	41	{
	42	$this->id = $data['user_id'];
	43	$this->username = $data['user_name'];
	44	$this->passhash = $data['user_pass'];
4d634d0a VP	45	$this->first_name = $data['user_fname'] ?? NULL;
4d634d0a VP	46	$this->last_name = $data['user_lname'] ?? NULL;
d5316e28 VP	47	$this->created = $data['created'];
d5316e28 VP	48	$this->bio = $data['user_bio'];
4d634d0a	49	$this->user_meta = (new SQLA_User_Meta($this->id))->list;
961b0aa7	50	}
961b0aa7 VP	51	}
961b0aa7 VP	52
54b5ea90 VP	53	/**
	54	* Verify a user's password
	55	* @param string $input
	56	* @return bool
	57	*/
	58	function password_verify(string $input) : bool
a3151e7c VP	59	{
	60	if (password_verify($input, $this->passhash))
	61	return true;
	62	return false;
	63	}
54b5ea90 VP	64
	65	/**
	66	* Add user meta data
	67	* @param string $key
	68	* @param string $value
	69	* @return bool
	70	*/
	71	function add_meta(string $key, string $value)
	72	{
	73	if (!$key \|\| !$value)
	74	return false;
	75
	76	$meta = [
	77	"id" => $this->id,
	78	"key" => $key,
	79	"value" => $value
	80	];
	81
	82	$conn = sqlnew();
	83	$query = "INSERT INTO " . SQL_PREFIX . "user_meta (user_id, meta_key, meta_value) VALUES (:id, :key, :value)";
	84	$stmt = $conn->prepare($query);
	85	$stmt->execute($meta);
	86	if ($stmt->rowCount())
	87	return true;
	88	return false;
	89
	90	}
	91
	92	/**
	93	* Delete user meta data
	94	* @param string $key
	95	* @param string $value
	96	* @return bool
	97	*/
	98	function delete_meta(string $key, string $value)
	99	{
	100	if (!$key \|\| !$value)
	101	return false;
	102
	103	$meta = [
	104	"id" => $this->id,
	105	"key" => $key,
	106	"value" => $value
	107	];
	108
	109	$conn = sqlnew();
	110	$query = "INSERT INTO " . SQL_PREFIX . "user_meta (user_id, meta_key, meta_value) VALUES (:id, :key, :value)";
	111	$stmt = $conn->prepare($query);
	112	$stmt->execute($meta);
	113	if ($stmt->rowCount())
	114	return true;
	115	return false;
	116
	117	}
4d634d0a	118	}
a3151e7c	119
6b3d3f83 VP	120
	121	/**
	122	* This class looks up and returns any user meta.
	123	* This is used by SQLA_User, so you won't need to
	124	* call it separately from SQLA_User.
	125	*/
4d634d0a VP	126	class SQLA_User_Meta
	127	{
	128	public $list = [];
	129	function __construct($id)
	130	{
	131	$conn = sqlnew();
	132	if ($id)
	133	{
	134	$prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "user_meta WHERE user_id = :id");
	135	$prep->execute(["id" => $id]);
	136	}
	137	foreach ($prep->fetchAll() as $row)
	138	{
	139	$this->list[$row['meta_key']] = $row['meta_value'];
	140	}
	141	}
a3151e7c VP	142	}
a3151e7c VP	143
4225314c VP	144	/**
	145	* Array of user
	146	*
	147	* Required:
	148	* user_name
	149	* user_pass
	150	*
	151	* Optional:
	152	* user_fname
	153	* user_lname
	154	*
	155	* @param array $user
	156	* @throws Exception
	157	* @return bool
	158	*/
4d634d0a VP	159	function create_new_user(array $user) : bool
	160	{
	161	if (!isset($user['user_name']) \|\| !isset($user['user_pass']))
	162	throw new Exception("Attempted to add user without specifying user_name or user_pass");
	163
	164	$username = $user['user_name'];
	165	$password = password_hash($user['user_pass'], PASSWORD_ARGON2ID);
	166	$first_name = (isset($user['fname'])) ? $user['fname'] : NULL;
	167	$last_name = (isset($user['lname'])) ? $user['lname'] : NULL;
7aad7c29	168	$user_bio = (isset($user['user_bio'])) ? $user['user_bio'] : NULL;
d5316e28	169
a3151e7c	170
4d634d0a	171	$conn = sqlnew();
7aad7c29 VP	172	$prep = $conn->prepare("INSERT INTO " . SQL_PREFIX . "users (user_name, user_pass, user_fname, user_lname, user_bio, created) VALUES (:name, :pass, :fname, :lname, :user_bio, :created)");
7aad7c29 VP	173	$prep->execute(["name" => $username, "pass" => $password, "fname" => $first_name, "lname" => $last_name, "user_bio" => $user_bio, "created" => date("Y-m-d H:i:s")]);
4d634d0a VP	174
	175	return true;
	176	}
	177
	178	/**
	179	* Gets the user object for the current session
	180	* @return SQLA_User\|bool
	181	*/
	182	function unreal_get_current_user() : SQLA_User\|bool
a3151e7c VP	183	{
	184	session_start();
	185	if (isset($_SESSION['id']))
	186	{
4d634d0a VP	187	$user = new SQLA_User(NULL, $_SESSION['id']);
	188	if ($user->id)
	189	return $user;
a3151e7c VP	190	}
a3151e7c VP	191	return false;
4d634d0a VP	192	}
	193
	194	/**
	195	* Checks if a user can do something
	196	* @param string $permission
	197	* @return bool
	198	*/
	199	function current_user_can() : bool
	200	{
	201
	202	return false;
	203	}
	204
7aad7c29 VP	205	/**
	206	* Delete a user and related meta
	207	* @param int $id The ID of the user in the SQL database.
	208	* @param array $info Optional: This will fill with a response.
	209	* @return int
	210	*
	211	* Return values:
	212	* 1 The user was successfully deleted.
	213	* 0 The user was not found
	214	* -1 The admin does not have permission to delete users [TODO]
	215	*/
	216	function delete_user(int $id, &$info = []) : int
	217	{
	218	$user = new SQLA_User(NULL, $id);
	219	if (!$user->id) {
	220	$info[] = "Could not find user";
	221	var_dump("return 1");
	222	return 0;
	223	}
	224	$query = "DELETE FROM " . SQL_PREFIX . "users WHERE user_id = :id";
	225	$conn = sqlnew();
	226	$stmt = $conn->prepare($query);
	227	$stmt->execute(["id" => $user->id]);
	228	$deleted = $stmt->rowCount();
	229	if ($user->id)
	230	{
	231	$info[] = "Successfully deleted user \"$user->username\"";
	232	return 1;
	233	}
	234	$info[] = "Unknown error";
	235	return 0;
54b5ea90 VP	236	}
54b5ea90 VP	237