[irc/unrealircd/unrealircd-webpanel.git] / plugins / sql_auth / SQL / user.php

<?php

/**
 * SQLA_User
 * This is the User class for the SQL_Auth plugin
 */
class SQLA_User
{
    public $id = NULL;
    public $username = NULL;
    private $passhash = NULL;
    public $first_name = NULL;
    public $last_name = NULL;
    public $created = NULL;
    public $user_meta = [];
    public $bio = NULL;

    /**
     * Find a user in the database by name or ID
     * @param string $name
     * @param mixed $id
     */
    function __construct(string $name = NULL, $id = NULL)
    {
        $conn = sqlnew();

        if ($id)
        {
            $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE user_id = :id LIMIT 1");
            $prep->execute(["id" => strtolower($id)]);
        }
        elseif ($name)
        {
            $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE LOWER(user_name) = :name LIMIT 1");
            $prep->execute(["name" => strtolower($name)]);
        }
        $data = NULL;
        if ($prep)
            $data = $prep->fetchAll();
        if (isset($data[0]) && $data = $data[0])
        {
            $this->id = $data['user_id'];
            $this->username = $data['user_name'];
            $this->passhash = $data['user_pass'];
            $this->first_name = $data['user_fname'] ?? NULL;
            $this->last_name = $data['user_lname'] ?? NULL;
            $this->created = $data['created'];
            $this->bio = $data['user_bio'];
            $this->user_meta = (new SQLA_User_Meta($this->id))->list;
        }
    }

    function password_verify(string $input)
    {
        if (password_verify($input, $this->passhash))
            return true;
        return false;
    }
}


/**
 * This class looks up and returns any user meta.
 * This is used by SQLA_User, so you won't need to 
 * call it separately from SQLA_User.
 */
class SQLA_User_Meta
{
    public $list = [];
    function __construct($id)
    {
        $conn = sqlnew();
        if ($id)
        {
            $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "user_meta WHERE user_id = :id");
            $prep->execute(["id" => $id]);
        }
        foreach ($prep->fetchAll() as $row)
        {
            $this->list[$row['meta_key']] = $row['meta_value'];
        }
    }
}

/**
 * Array of user
 * 
 * Required:
 * user_name
 * user_pass
 * 
 * Optional:
 * user_fname
 * user_lname
 * 
 * @param array $user
 * @throws Exception
 * @return bool
 */
function create_new_user(array $user) : bool
{
    if (!isset($user['user_name']) || !isset($user['user_pass']))
        throw new Exception("Attempted to add user without specifying user_name or user_pass");

    $username = $user['user_name'];
    $password = password_hash($user['user_pass'], PASSWORD_ARGON2ID);
    $first_name = (isset($user['fname'])) ? $user['fname'] : NULL;
    $last_name = (isset($user['lname'])) ? $user['lname'] : NULL;
    $user_bio = (isset($user['user_bio'])) ? $user['user_bio'] : NULL;
    

    $conn = sqlnew();
    $prep = $conn->prepare("INSERT INTO " . SQL_PREFIX . "users (user_name, user_pass, user_fname, user_lname, user_bio, created) VALUES (:name, :pass, :fname, :lname, :user_bio, :created)");
    $prep->execute(["name" => $username, "pass" => $password, "fname" => $first_name, "lname" => $last_name, "user_bio" => $user_bio, "created" => date("Y-m-d H:i:s")]);
    
    return true;
}

/**
 * Gets the user object for the current session
 * @return SQLA_User|bool
 */
function unreal_get_current_user() : SQLA_User|bool
{
    session_start();
    if (isset($_SESSION['id']))
    {
        $user = new SQLA_User(NULL, $_SESSION['id']);
        if ($user->id)
            return $user;
    }
    return false;
}

/**
 * Checks if a user can do something
 * @param string $permission
 * @return bool
 */
function current_user_can() : bool
{
    
    return false;
}

/**
 * Delete a user and related meta
 * @param int $id The ID of the user in the SQL database.
 * @param array $info Optional: This will fill with a response.
 * @return int
 * 
 * Return values:
 *  1   The user was successfully deleted.
 *  0   The user was not found
 *  -1  The admin does not have permission to delete users [TODO]
 */
function delete_user(int $id, &$info = []) : int
{
    $user = new SQLA_User(NULL, $id);
    if (!$user->id) {
        $info[] = "Could not find user";
        var_dump("return 1");
        return 0;
    }
    $query = "DELETE FROM " . SQL_PREFIX . "users WHERE user_id = :id";
    $conn = sqlnew();
    $stmt = $conn->prepare($query);
    $stmt->execute(["id" => $user->id]);
    $deleted = $stmt->rowCount();
    if ($user->id)
    {
        $info[] = "Successfully deleted user \"$user->username\"";
        return 1;
    }
    $info[] = "Unknown error";
    return 0;
}
Commit	Line	Data
961b0aa7 VP	1	<?php
961b0aa7 VP	2
6b3d3f83 VP	3	/**
	4	* SQLA_User
	5	* This is the User class for the SQL_Auth plugin
	6	*/
961b0aa7 VP	7	class SQLA_User
	8	{
	9	public $id = NULL;
	10	public $username = NULL;
4225314c	11	private $passhash = NULL;
961b0aa7 VP	12	public $first_name = NULL;
961b0aa7 VP	13	public $last_name = NULL;
d5316e28	14	public $created = NULL;
4d634d0a	15	public $user_meta = [];
d5316e28	16	public $bio = NULL;
961b0aa7	17
a3151e7c VP	18	/**
	19	* Find a user in the database by name or ID
	20	* @param string $name
	21	* @param mixed $id
	22	*/
4d634d0a	23	function __construct(string $name = NULL, $id = NULL)
961b0aa7 VP	24	{
961b0aa7 VP	25	$conn = sqlnew();
a3151e7c VP	26
	27	if ($id)
	28	{
	29	$prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE user_id = :id LIMIT 1");
	30	$prep->execute(["id" => strtolower($id)]);
	31	}
	32	elseif ($name)
	33	{
	34	$prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE LOWER(user_name) = :name LIMIT 1");
	35	$prep->execute(["name" => strtolower($name)]);
	36	}
4d634d0a VP	37	$data = NULL;
	38	if ($prep)
	39	$data = $prep->fetchAll();
7aad7c29	40	if (isset($data[0]) && $data = $data[0])
961b0aa7 VP	41	{
	42	$this->id = $data['user_id'];
	43	$this->username = $data['user_name'];
	44	$this->passhash = $data['user_pass'];
4d634d0a VP	45	$this->first_name = $data['user_fname'] ?? NULL;
4d634d0a VP	46	$this->last_name = $data['user_lname'] ?? NULL;
d5316e28 VP	47	$this->created = $data['created'];
d5316e28 VP	48	$this->bio = $data['user_bio'];
4d634d0a	49	$this->user_meta = (new SQLA_User_Meta($this->id))->list;
961b0aa7	50	}
961b0aa7 VP	51	}
961b0aa7 VP	52
a3151e7c VP	53	function password_verify(string $input)
	54	{
	55	if (password_verify($input, $this->passhash))
	56	return true;
	57	return false;
	58	}
4d634d0a	59	}
a3151e7c	60
6b3d3f83 VP	61
	62	/**
	63	* This class looks up and returns any user meta.
	64	* This is used by SQLA_User, so you won't need to
	65	* call it separately from SQLA_User.
	66	*/
4d634d0a VP	67	class SQLA_User_Meta
	68	{
	69	public $list = [];
	70	function __construct($id)
	71	{
	72	$conn = sqlnew();
	73	if ($id)
	74	{
	75	$prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "user_meta WHERE user_id = :id");
	76	$prep->execute(["id" => $id]);
	77	}
	78	foreach ($prep->fetchAll() as $row)
	79	{
	80	$this->list[$row['meta_key']] = $row['meta_value'];
	81	}
	82	}
a3151e7c VP	83	}
a3151e7c VP	84
4225314c VP	85	/**
	86	* Array of user
	87	*
	88	* Required:
	89	* user_name
	90	* user_pass
	91	*
	92	* Optional:
	93	* user_fname
	94	* user_lname
	95	*
	96	* @param array $user
	97	* @throws Exception
	98	* @return bool
	99	*/
4d634d0a VP	100	function create_new_user(array $user) : bool
	101	{
	102	if (!isset($user['user_name']) \|\| !isset($user['user_pass']))
	103	throw new Exception("Attempted to add user without specifying user_name or user_pass");
	104
	105	$username = $user['user_name'];
	106	$password = password_hash($user['user_pass'], PASSWORD_ARGON2ID);
	107	$first_name = (isset($user['fname'])) ? $user['fname'] : NULL;
	108	$last_name = (isset($user['lname'])) ? $user['lname'] : NULL;
7aad7c29	109	$user_bio = (isset($user['user_bio'])) ? $user['user_bio'] : NULL;
d5316e28	110
a3151e7c	111
4d634d0a	112	$conn = sqlnew();
7aad7c29 VP	113	$prep = $conn->prepare("INSERT INTO " . SQL_PREFIX . "users (user_name, user_pass, user_fname, user_lname, user_bio, created) VALUES (:name, :pass, :fname, :lname, :user_bio, :created)");
7aad7c29 VP	114	$prep->execute(["name" => $username, "pass" => $password, "fname" => $first_name, "lname" => $last_name, "user_bio" => $user_bio, "created" => date("Y-m-d H:i:s")]);
4d634d0a VP	115
	116	return true;
	117	}
	118
	119	/**
	120	* Gets the user object for the current session
	121	* @return SQLA_User\|bool
	122	*/
	123	function unreal_get_current_user() : SQLA_User\|bool
a3151e7c VP	124	{
	125	session_start();
	126	if (isset($_SESSION['id']))
	127	{
4d634d0a VP	128	$user = new SQLA_User(NULL, $_SESSION['id']);
	129	if ($user->id)
	130	return $user;
a3151e7c VP	131	}
a3151e7c VP	132	return false;
4d634d0a VP	133	}
	134
	135	/**
	136	* Checks if a user can do something
	137	* @param string $permission
	138	* @return bool
	139	*/
	140	function current_user_can() : bool
	141	{
	142
	143	return false;
	144	}
	145
7aad7c29 VP	146	/**
	147	* Delete a user and related meta
	148	* @param int $id The ID of the user in the SQL database.
	149	* @param array $info Optional: This will fill with a response.
	150	* @return int
	151	*
	152	* Return values:
	153	* 1 The user was successfully deleted.
	154	* 0 The user was not found
	155	* -1 The admin does not have permission to delete users [TODO]
	156	*/
	157	function delete_user(int $id, &$info = []) : int
	158	{
	159	$user = new SQLA_User(NULL, $id);
	160	if (!$user->id) {
	161	$info[] = "Could not find user";
	162	var_dump("return 1");
	163	return 0;
	164	}
	165	$query = "DELETE FROM " . SQL_PREFIX . "users WHERE user_id = :id";
	166	$conn = sqlnew();
	167	$stmt = $conn->prepare($query);
	168	$stmt->execute(["id" => $user->id]);
	169	$deleted = $stmt->rowCount();
	170	if ($user->id)
	171	{
	172	$info[] = "Successfully deleted user \"$user->username\"";
	173	return 1;
	174	}
	175	$info[] = "Unknown error";
	176	return 0;
	177	}