]>
Commit | Line | Data |
---|---|---|
961b0aa7 VP |
1 | <?php |
2 | ||
6b3d3f83 VP |
3 | /** |
4 | * SQLA_User | |
5 | * This is the User class for the SQL_Auth plugin | |
6 | */ | |
961b0aa7 VP |
7 | class SQLA_User |
8 | { | |
9 | public $id = NULL; | |
10 | public $username = NULL; | |
4225314c | 11 | private $passhash = NULL; |
961b0aa7 VP |
12 | public $first_name = NULL; |
13 | public $last_name = NULL; | |
d5316e28 | 14 | public $created = NULL; |
4d634d0a | 15 | public $user_meta = []; |
d5316e28 | 16 | public $bio = NULL; |
961b0aa7 | 17 | |
a3151e7c VP |
18 | /** |
19 | * Find a user in the database by name or ID | |
20 | * @param string $name | |
21 | * @param mixed $id | |
22 | */ | |
54b5ea90 | 23 | function __construct(string $name = NULL, int $id = NULL) |
961b0aa7 VP |
24 | { |
25 | $conn = sqlnew(); | |
a3151e7c VP |
26 | |
27 | if ($id) | |
28 | { | |
29 | $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE user_id = :id LIMIT 1"); | |
30 | $prep->execute(["id" => strtolower($id)]); | |
31 | } | |
32 | elseif ($name) | |
33 | { | |
34 | $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE LOWER(user_name) = :name LIMIT 1"); | |
35 | $prep->execute(["name" => strtolower($name)]); | |
36 | } | |
4d634d0a VP |
37 | $data = NULL; |
38 | if ($prep) | |
39 | $data = $prep->fetchAll(); | |
7aad7c29 | 40 | if (isset($data[0]) && $data = $data[0]) |
961b0aa7 VP |
41 | { |
42 | $this->id = $data['user_id']; | |
43 | $this->username = $data['user_name']; | |
44 | $this->passhash = $data['user_pass']; | |
4d634d0a VP |
45 | $this->first_name = $data['user_fname'] ?? NULL; |
46 | $this->last_name = $data['user_lname'] ?? NULL; | |
d5316e28 VP |
47 | $this->created = $data['created']; |
48 | $this->bio = $data['user_bio']; | |
4d634d0a | 49 | $this->user_meta = (new SQLA_User_Meta($this->id))->list; |
961b0aa7 | 50 | } |
961b0aa7 VP |
51 | } |
52 | ||
54b5ea90 VP |
53 | /** |
54 | * Verify a user's password | |
55 | * @param string $input | |
56 | * @return bool | |
57 | */ | |
58 | function password_verify(string $input) : bool | |
a3151e7c VP |
59 | { |
60 | if (password_verify($input, $this->passhash)) | |
61 | return true; | |
62 | return false; | |
63 | } | |
54b5ea90 VP |
64 | |
65 | /** | |
66 | * Add user meta data | |
67 | * @param string $key | |
68 | * @param string $value | |
69 | * @return bool | |
70 | */ | |
71 | function add_meta(string $key, string $value) | |
72 | { | |
73 | if (!$key || !$value) | |
74 | return false; | |
75 | ||
76 | $meta = [ | |
77 | "id" => $this->id, | |
78 | "key" => $key, | |
79 | "value" => $value | |
80 | ]; | |
81 | ||
82 | $conn = sqlnew(); | |
83 | $query = "INSERT INTO " . SQL_PREFIX . "user_meta (user_id, meta_key, meta_value) VALUES (:id, :key, :value)"; | |
84 | $stmt = $conn->prepare($query); | |
85 | $stmt->execute($meta); | |
86 | if ($stmt->rowCount()) | |
87 | return true; | |
88 | return false; | |
89 | ||
90 | } | |
91 | ||
92 | /** | |
93 | * Delete user meta data | |
94 | * @param string $key | |
95 | * @param string $value | |
96 | * @return bool | |
97 | */ | |
98 | function delete_meta(string $key, string $value) | |
99 | { | |
100 | if (!$key || !$value) | |
101 | return false; | |
102 | ||
103 | $meta = [ | |
104 | "id" => $this->id, | |
105 | "key" => $key, | |
106 | "value" => $value | |
107 | ]; | |
108 | ||
109 | $conn = sqlnew(); | |
110 | $query = "INSERT INTO " . SQL_PREFIX . "user_meta (user_id, meta_key, meta_value) VALUES (:id, :key, :value)"; | |
111 | $stmt = $conn->prepare($query); | |
112 | $stmt->execute($meta); | |
113 | if ($stmt->rowCount()) | |
114 | return true; | |
115 | return false; | |
116 | ||
117 | } | |
4d634d0a | 118 | } |
a3151e7c | 119 | |
6b3d3f83 VP |
120 | |
121 | /** | |
122 | * This class looks up and returns any user meta. | |
123 | * This is used by SQLA_User, so you won't need to | |
124 | * call it separately from SQLA_User. | |
125 | */ | |
4d634d0a VP |
126 | class SQLA_User_Meta |
127 | { | |
128 | public $list = []; | |
129 | function __construct($id) | |
130 | { | |
131 | $conn = sqlnew(); | |
132 | if ($id) | |
133 | { | |
134 | $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "user_meta WHERE user_id = :id"); | |
135 | $prep->execute(["id" => $id]); | |
136 | } | |
137 | foreach ($prep->fetchAll() as $row) | |
138 | { | |
139 | $this->list[$row['meta_key']] = $row['meta_value']; | |
140 | } | |
141 | } | |
a3151e7c VP |
142 | } |
143 | ||
4225314c VP |
144 | /** |
145 | * Array of user | |
146 | * | |
147 | * Required: | |
148 | * user_name | |
149 | * user_pass | |
150 | * | |
151 | * Optional: | |
152 | * user_fname | |
153 | * user_lname | |
154 | * | |
155 | * @param array $user | |
156 | * @throws Exception | |
157 | * @return bool | |
158 | */ | |
4d634d0a VP |
159 | function create_new_user(array $user) : bool |
160 | { | |
161 | if (!isset($user['user_name']) || !isset($user['user_pass'])) | |
162 | throw new Exception("Attempted to add user without specifying user_name or user_pass"); | |
163 | ||
164 | $username = $user['user_name']; | |
165 | $password = password_hash($user['user_pass'], PASSWORD_ARGON2ID); | |
166 | $first_name = (isset($user['fname'])) ? $user['fname'] : NULL; | |
167 | $last_name = (isset($user['lname'])) ? $user['lname'] : NULL; | |
7aad7c29 | 168 | $user_bio = (isset($user['user_bio'])) ? $user['user_bio'] : NULL; |
d5316e28 | 169 | |
a3151e7c | 170 | |
4d634d0a | 171 | $conn = sqlnew(); |
7aad7c29 VP |
172 | $prep = $conn->prepare("INSERT INTO " . SQL_PREFIX . "users (user_name, user_pass, user_fname, user_lname, user_bio, created) VALUES (:name, :pass, :fname, :lname, :user_bio, :created)"); |
173 | $prep->execute(["name" => $username, "pass" => $password, "fname" => $first_name, "lname" => $last_name, "user_bio" => $user_bio, "created" => date("Y-m-d H:i:s")]); | |
4d634d0a VP |
174 | |
175 | return true; | |
176 | } | |
177 | ||
178 | /** | |
179 | * Gets the user object for the current session | |
180 | * @return SQLA_User|bool | |
181 | */ | |
182 | function unreal_get_current_user() : SQLA_User|bool | |
a3151e7c VP |
183 | { |
184 | session_start(); | |
185 | if (isset($_SESSION['id'])) | |
186 | { | |
4d634d0a VP |
187 | $user = new SQLA_User(NULL, $_SESSION['id']); |
188 | if ($user->id) | |
189 | return $user; | |
a3151e7c VP |
190 | } |
191 | return false; | |
4d634d0a VP |
192 | } |
193 | ||
194 | /** | |
195 | * Checks if a user can do something | |
196 | * @param string $permission | |
197 | * @return bool | |
198 | */ | |
199 | function current_user_can() : bool | |
200 | { | |
201 | ||
202 | return false; | |
203 | } | |
204 | ||
7aad7c29 VP |
205 | /** |
206 | * Delete a user and related meta | |
207 | * @param int $id The ID of the user in the SQL database. | |
208 | * @param array $info Optional: This will fill with a response. | |
209 | * @return int | |
210 | * | |
211 | * Return values: | |
212 | * 1 The user was successfully deleted. | |
213 | * 0 The user was not found | |
214 | * -1 The admin does not have permission to delete users [TODO] | |
215 | */ | |
216 | function delete_user(int $id, &$info = []) : int | |
217 | { | |
218 | $user = new SQLA_User(NULL, $id); | |
219 | if (!$user->id) { | |
220 | $info[] = "Could not find user"; | |
221 | var_dump("return 1"); | |
222 | return 0; | |
223 | } | |
224 | $query = "DELETE FROM " . SQL_PREFIX . "users WHERE user_id = :id"; | |
225 | $conn = sqlnew(); | |
226 | $stmt = $conn->prepare($query); | |
227 | $stmt->execute(["id" => $user->id]); | |
228 | $deleted = $stmt->rowCount(); | |
229 | if ($user->id) | |
230 | { | |
231 | $info[] = "Successfully deleted user \"$user->username\""; | |
232 | return 1; | |
233 | } | |
234 | $info[] = "Unknown error"; | |
235 | return 0; | |
54b5ea90 VP |
236 | } |
237 |