]>
Commit | Line | Data |
---|---|---|
961b0aa7 VP |
1 | <?php |
2 | ||
d72d1923 VP |
3 | define('SQLPERM_MANAGE_USERS', 'manage_users'); /** Relating to Panel Access: Can add, delete and edit users. Big boss. */ |
4 | define('SQLPERM_BAN_USERS', 'ban_users'); /** Relating to Users tab: Can ban users connected to IRC */ | |
5 | define('SQLPERM_EDIT_USER', 'edit_user'); /** Change properties of a user, i.e. vhost, modes and more */ | |
6 | define('SQLPERM_EDIT_CHANNEL', 'edit_channel'); /** Change properties of a channel, i.e. topic, modes and more */ | |
7 | define('SQLPERM_EDIT_CHANNEL_USER', 'edit_channel_user'); /** Change properties of a user on a channel i.e give/remove voice or ops and more */ | |
8 | define('SQLPERM_SERVER_BAN_ADD', 'tkl_add'); /** Can add manual bans, including G-Lines, Z-Lines and more */ | |
9 | define('SQLPERM_SERVER_BAN_DEL', 'tkl_del'); /** Can remove set bans, including G-Lines, Z-Lines and more */ | |
10 | define('SQLPERM_NAME_BAN_ADD', 'nb_add'); /** Can add Name Bans (Q-Lines) */ | |
11 | define('SQLPERM_NAME_BAN_DEL', 'nb_del'); /** Can delete Name Bans (Q-Lines) */ | |
12 | define('SQLPERM_BAN_EXCEPTION_ADD', 'be_add'); /** Can add ban exceptions (E-Lines) */ | |
13 | define('SQLPERM_BAN_EXCEPTION_DEL', 'be_del'); /** Can delete ban exceptions (E-Lines) */ | |
14 | define('SQLPERM_SPAMFILTER_ADD', 'sf_add'); /** Can add spamfilter entries */ | |
15 | define('SQLPERM_SPAMFILTER_DEL', 'sf_del'); /** Can delete spamfilter entries */ | |
6b3d3f83 VP |
16 | /** |
17 | * SQLA_User | |
18 | * This is the User class for the SQL_Auth plugin | |
19 | */ | |
961b0aa7 VP |
20 | class SQLA_User |
21 | { | |
d72d1923 VP |
22 | public $id = NULL; |
23 | public $username = NULL; | |
24 | private $passhash = NULL; | |
25 | public $first_name = NULL; | |
26 | public $last_name = NULL; | |
27 | public $created = NULL; | |
28 | public $user_meta = []; | |
29 | public $bio = NULL; | |
30 | ||
31 | /** | |
32 | * Find a user in the database by name or ID | |
33 | * @param string $name | |
34 | * @param mixed $id | |
35 | */ | |
36 | function __construct(string $name = NULL, int $id = NULL) | |
37 | { | |
38 | $conn = sqlnew(); | |
39 | ||
40 | if ($id) | |
41 | { | |
42 | $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE user_id = :id LIMIT 1"); | |
43 | $prep->execute(["id" => strtolower($id)]); | |
44 | } | |
45 | elseif ($name) | |
46 | { | |
47 | $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE LOWER(user_name) = :name LIMIT 1"); | |
48 | $prep->execute(["name" => strtolower($name)]); | |
49 | } | |
50 | $data = NULL; | |
51 | if ($prep) | |
52 | $data = $prep->fetchAll(); | |
53 | if (isset($data[0]) && $data = $data[0]) | |
54 | { | |
55 | $this->id = $data['user_id']; | |
56 | $this->username = $data['user_name']; | |
57 | $this->passhash = $data['user_pass']; | |
58 | $this->first_name = $data['user_fname'] ?? NULL; | |
59 | $this->last_name = $data['user_lname'] ?? NULL; | |
60 | $this->created = $data['created']; | |
61 | $this->bio = $data['user_bio']; | |
62 | $this->user_meta = (new SQLA_User_Meta($this->id))->list; | |
63 | } | |
64 | } | |
65 | ||
66 | /** | |
67 | * Verify a user's password | |
68 | * @param string $input | |
69 | * @return bool | |
70 | */ | |
71 | function password_verify(string $input) : bool | |
72 | { | |
73 | if (password_verify($input, $this->passhash)) | |
74 | return true; | |
75 | return false; | |
76 | } | |
77 | ||
78 | /** | |
79 | * Add user meta data | |
80 | * @param string $key | |
81 | * @param string $value | |
82 | * @return bool | |
83 | */ | |
84 | function add_meta(string $key, string $value) | |
85 | { | |
86 | if (!$key || !$value) | |
87 | return false; | |
88 | ||
89 | $meta = [ | |
90 | "id" => $this->id, | |
91 | "key" => $key, | |
92 | "value" => $value | |
93 | ]; | |
94 | ||
95 | $conn = sqlnew(); | |
96 | ||
97 | /* check if it exists first, update it if it does */ | |
98 | $query = "SELECT * FROM " . SQL_PREFIX . "user_meta WHERE user_id = :id AND meta_key = :key"; | |
99 | $stmt = $conn->prepare($query); | |
100 | $stmt->execute(["id" => $this->id, "key" => $key]); | |
101 | if ($stmt->rowCount()) // it exists, update instead of insert | |
102 | { | |
103 | $query = "UPDATE " . SQL_PREFIX . "user_meta SET meta_value = :value WHERE user_id = :id AND meta_key = :key"; | |
104 | $stmt = $conn->prepare($query); | |
105 | $stmt->execute($meta); | |
106 | if ($stmt->rowCount()) | |
107 | return true; | |
108 | return false; | |
109 | } | |
110 | ||
111 | else | |
112 | { | |
113 | $query = "INSERT INTO " . SQL_PREFIX . "user_meta (user_id, meta_key, meta_value) VALUES (:id, :key, :value)"; | |
114 | $stmt = $conn->prepare($query); | |
115 | $stmt->execute($meta); | |
116 | if ($stmt->rowCount()) | |
117 | return true; | |
118 | return false; | |
119 | } | |
120 | } | |
121 | ||
122 | /** | |
123 | * Delete user meta data by key | |
124 | * @param string $key | |
125 | * @return bool | |
126 | */ | |
127 | function delete_meta(string $key) | |
128 | { | |
129 | if (!$key ) | |
130 | return false; | |
131 | ||
132 | $meta = [ | |
133 | "id" => $this->id, | |
134 | "key" => $key, | |
135 | ]; | |
136 | ||
137 | $conn = sqlnew(); | |
138 | $query = "DELETE FROM " . SQL_PREFIX . "user_meta WHERE user_id = :id AND meta_key = :key"; | |
139 | $stmt = $conn->prepare($query); | |
140 | $stmt->execute($meta); | |
141 | if ($stmt->rowCount()) | |
142 | return true; | |
143 | return false; | |
144 | ||
145 | } | |
146 | ||
147 | /** PERMISSIONS */ | |
148 | ||
149 | function add_permission($permission) | |
150 | { | |
151 | $meta = (isset($this->user_meta['permissions'])) ? unserialize($this->user_meta['permissions']) : []; | |
152 | if (!in_array($permission,$meta)) | |
153 | $meta[] = $permission; | |
154 | $this->add_meta("permissions", serialize($meta)); // updet de dettabess | |
155 | $this->user_meta['permissions'] = serialize($meta); // put it back in our object in case it still needs to be used | |
156 | } | |
157 | function delete_permission($permission) | |
158 | { | |
159 | $meta = (isset($this->user_meta['permissions'])) ? unserialize($this->user_meta['permissions']) : []; | |
160 | foreach($meta as $key => $value) | |
161 | { | |
162 | if (!strcmp($permission, $value)) | |
163 | unset($meta[$key]); | |
164 | } | |
165 | $this->add_meta("permissions", serialize($meta)); | |
166 | $this->user_meta['permissions'] = serialize($meta); | |
167 | } | |
168 | ||
4d634d0a | 169 | } |
a3151e7c | 170 | |
6b3d3f83 VP |
171 | |
172 | /** | |
173 | * This class looks up and returns any user meta. | |
174 | * This is used by SQLA_User, so you won't need to | |
175 | * call it separately from SQLA_User. | |
176 | */ | |
4d634d0a VP |
177 | class SQLA_User_Meta |
178 | { | |
d72d1923 VP |
179 | public $list = []; |
180 | function __construct($id) | |
181 | { | |
182 | $conn = sqlnew(); | |
183 | if ($id) | |
184 | { | |
185 | $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "user_meta WHERE user_id = :id"); | |
186 | $prep->execute(["id" => $id]); | |
187 | } | |
188 | foreach ($prep->fetchAll() as $row) | |
189 | { | |
190 | $this->list[$row['meta_key']] = $row['meta_value']; | |
191 | } | |
192 | } | |
a3151e7c VP |
193 | } |
194 | ||
4225314c VP |
195 | /** |
196 | * Array of user | |
197 | * | |
198 | * Required: | |
199 | * user_name | |
200 | * user_pass | |
201 | * | |
202 | * Optional: | |
203 | * user_fname | |
204 | * user_lname | |
205 | * | |
206 | * @param array $user | |
207 | * @throws Exception | |
208 | * @return bool | |
209 | */ | |
4d634d0a VP |
210 | function create_new_user(array $user) : bool |
211 | { | |
d72d1923 VP |
212 | if (!isset($user['user_name']) || !isset($user['user_pass'])) |
213 | throw new Exception("Attempted to add user without specifying user_name or user_pass"); | |
214 | ||
215 | $username = $user['user_name']; | |
216 | $password = password_hash($user['user_pass'], PASSWORD_ARGON2ID); | |
217 | $first_name = (isset($user['fname'])) ? $user['fname'] : NULL; | |
218 | $last_name = (isset($user['lname'])) ? $user['lname'] : NULL; | |
219 | $user_bio = (isset($user['user_bio'])) ? $user['user_bio'] : NULL; | |
220 | ||
221 | ||
222 | $conn = sqlnew(); | |
223 | $prep = $conn->prepare("INSERT INTO " . SQL_PREFIX . "users (user_name, user_pass, user_fname, user_lname, user_bio, created) VALUES (:name, :pass, :fname, :lname, :user_bio, :created)"); | |
224 | $prep->execute(["name" => $username, "pass" => $password, "fname" => $first_name, "lname" => $last_name, "user_bio" => $user_bio, "created" => date("Y-m-d H:i:s")]); | |
225 | ||
226 | return true; | |
4d634d0a VP |
227 | } |
228 | ||
229 | /** | |
230 | * Gets the user object for the current session | |
231 | * @return SQLA_User|bool | |
232 | */ | |
233 | function unreal_get_current_user() : SQLA_User|bool | |
a3151e7c | 234 | { |
d72d1923 VP |
235 | session_start(); |
236 | if (isset($_SESSION['id'])) | |
237 | { | |
238 | $user = new SQLA_User(NULL, $_SESSION['id']); | |
239 | if ($user->id) | |
240 | return $user; | |
241 | } | |
242 | return false; | |
4d634d0a VP |
243 | } |
244 | ||
245 | /** | |
246 | * Checks if a user can do something | |
247 | * @param string $permission | |
248 | * @return bool | |
249 | */ | |
d72d1923 | 250 | function current_user_can($permission) : bool |
4d634d0a | 251 | { |
d72d1923 VP |
252 | $user = unreal_get_current_user(); |
253 | if (!$user) | |
254 | return false; | |
255 | ||
256 | if (isset($user->user_meta['permissions'])) | |
257 | { | |
258 | $perms = unserialize($user->user_meta['permissions']); | |
259 | if (in_array($permission, $perms)) | |
260 | { | |
261 | return true; | |
262 | } | |
263 | } | |
264 | return false; | |
4d634d0a VP |
265 | } |
266 | ||
7aad7c29 VP |
267 | /** |
268 | * Delete a user and related meta | |
269 | * @param int $id The ID of the user in the SQL database. | |
d72d1923 | 270 | * @param array $info This will fill with a response. |
7aad7c29 VP |
271 | * @return int |
272 | * | |
273 | * Return values: | |
274 | * 1 The user was successfully deleted. | |
275 | * 0 The user was not found | |
276 | * -1 The admin does not have permission to delete users [TODO] | |
277 | */ | |
278 | function delete_user(int $id, &$info = []) : int | |
279 | { | |
d72d1923 VP |
280 | $user = new SQLA_User(NULL, $id); |
281 | if (!$user->id) { | |
282 | $info[] = "Could not find user"; | |
283 | return 0; | |
284 | } | |
285 | $query = "DELETE FROM " . SQL_PREFIX . "users WHERE user_id = :id"; | |
286 | $conn = sqlnew(); | |
287 | $stmt = $conn->prepare($query); | |
288 | $stmt->execute(["id" => $user->id]); | |
289 | $deleted = $stmt->rowCount(); | |
290 | if ($user->id) | |
291 | { | |
292 | $info[] = "Successfully deleted user \"$user->username\""; | |
293 | return 1; | |
294 | } | |
295 | $info[] = "Unknown error"; | |
296 | return 0; | |
54b5ea90 VP |
297 | } |
298 |