plugins/sql_auth/SQL/user.php

   1 <?php
   2
   3 /**
   4  * SQLA_User
   5  * This is the User class for the SQL_Auth plugin
   6  */
   7 class SQLA_User
   8 {
   9     public $id = NULL;
  10     public $username = NULL;
  11     private $passhash = NULL;
  12     public $first_name = NULL;
  13     public $last_name = NULL;
  14     public $created = NULL;
  15     public $user_meta = [];
  16     public $bio = NULL;
  17
  18     /**
  19      * Find a user in the database by name or ID
  20      * @param string $name
  21      * @param mixed $id
  22      */
  23     function __construct(string $name = NULL, int $id = NULL)
  24     {
  25         $conn = sqlnew();
  26
  27         if ($id)
  28         {
  29             $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE user_id = :id LIMIT 1");
  30             $prep->execute(["id" => strtolower($id)]);
  31         }
  32         elseif ($name)
  33         {
  34             $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE LOWER(user_name) = :name LIMIT 1");
  35             $prep->execute(["name" => strtolower($name)]);
  36         }
  37         $data = NULL;
  38         if ($prep)
  39             $data = $prep->fetchAll();
  40         if (isset($data[0]) && $data = $data[0])
  41         {
  42             $this->id = $data['user_id'];
  43             $this->username = $data['user_name'];
  44             $this->passhash = $data['user_pass'];
  45             $this->first_name = $data['user_fname'] ?? NULL;
  46             $this->last_name = $data['user_lname'] ?? NULL;
  47             $this->created = $data['created'];
  48             $this->bio = $data['user_bio'];
  49             $this->user_meta = (new SQLA_User_Meta($this->id))->list;
  50         }
  51     }
  52
  53     /**
  54      * Verify a user's password
  55      * @param string $input
  56      * @return bool
  57      */
  58     function password_verify(string $input) : bool
  59     {
  60         if (password_verify($input, $this->passhash))
  61             return true;
  62         return false;
  63     }
  64
  65     /**
  66      * Add user meta data
  67      * @param string $key
  68      * @param string $value
  69      * @return bool
  70      */
  71     function add_meta(string $key, string $value)
  72     {
  73         if (!$key || !$value)
  74             return false;
  75
  76         $meta = [
  77             "id" => $this->id,
  78             "key" => $key,
  79             "value" => $value
  80         ];
  81
  82         $conn = sqlnew();
  83
  84         /* check if it exists first, update it if it does */
  85         $query = "SELECT * FROM " . SQL_PREFIX . "user_meta WHERE user_id = :id AND meta_key = :key";
  86         $stmt = $conn->prepare($query);
  87         $stmt->execute(["id" => $this->id, "key" => $key]);
  88         if ($stmt->rowCount()) // it exists, update instead of insert
  89         {
  90             $query = "UPDATE " . SQL_PREFIX . "user_meta SET meta_value = :value WHERE user_id = :id AND meta_key = :key";
  91             $stmt = $conn->prepare($query);
  92             $stmt->execute($meta);
  93             if ($stmt->rowCount())
  94                 return true;
  95             return false;
  96         }
  97
  98         else
  99         {
 100             $query = "INSERT INTO " . SQL_PREFIX . "user_meta (user_id, meta_key, meta_value) VALUES (:id, :key, :value)";
 101             $stmt = $conn->prepare($query);
 102             $stmt->execute($meta);
 103             if ($stmt->rowCount())
 104                 return true;
 105             return false;
 106         }
 107     }
 108
 109     /**
 110      * Delete user meta data by key
 111      * @param string $key
 112      * @return bool
 113      */
 114     function delete_meta(string $key)
 115     {
 116         if (!$key )
 117             return false;
 118
 119         $meta = [
 120             "id" => $this->id,
 121             "key" => $key,
 122         ];
 123
 124         $conn = sqlnew();
 125         $query = "DELETE FROM " . SQL_PREFIX . "user_meta WHERE user_id = :id AND  meta_key = :key";
 126         $stmt = $conn->prepare($query);
 127         $stmt->execute($meta);
 128         if ($stmt->rowCount())
 129             return true;
 130         return false;
 131
 132     }
 133 }
 134
 135
 136 /**
 137  * This class looks up and returns any user meta.
 138  * This is used by SQLA_User, so you won't need to
 139  * call it separately from SQLA_User.
 140  */
 141 class SQLA_User_Meta
 142 {
 143     public $list = [];
 144     function __construct($id)
 145     {
 146         $conn = sqlnew();
 147         if ($id)
 148         {
 149             $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "user_meta WHERE user_id = :id");
 150             $prep->execute(["id" => $id]);
 151         }
 152         foreach ($prep->fetchAll() as $row)
 153         {
 154             $this->list[$row['meta_key']] = $row['meta_value'];
 155         }
 156     }
 157 }
 158
 159 /**
 160  * Array of user
 161  *
 162  * Required:
 163  * user_name
 164  * user_pass
 165  *
 166  * Optional:
 167  * user_fname
 168  * user_lname
 169  *
 170  * @param array $user
 171  * @throws Exception
 172  * @return bool
 173  */
 174 function create_new_user(array $user) : bool
 175 {
 176     if (!isset($user['user_name']) || !isset($user['user_pass']))
 177         throw new Exception("Attempted to add user without specifying user_name or user_pass");
 178
 179     $username = $user['user_name'];
 180     $password = password_hash($user['user_pass'], PASSWORD_ARGON2ID);
 181     $first_name = (isset($user['fname'])) ? $user['fname'] : NULL;
 182     $last_name = (isset($user['lname'])) ? $user['lname'] : NULL;
 183     $user_bio = (isset($user['user_bio'])) ? $user['user_bio'] : NULL;
 184
 185
 186     $conn = sqlnew();
 187     $prep = $conn->prepare("INSERT INTO " . SQL_PREFIX . "users (user_name, user_pass, user_fname, user_lname, user_bio, created) VALUES (:name, :pass, :fname, :lname, :user_bio, :created)");
 188     $prep->execute(["name" => $username, "pass" => $password, "fname" => $first_name, "lname" => $last_name, "user_bio" => $user_bio, "created" => date("Y-m-d H:i:s")]);
 189
 190     return true;
 191 }
 192
 193 /**
 194  * Gets the user object for the current session
 195  * @return SQLA_User|bool
 196  */
 197 function unreal_get_current_user() : SQLA_User|bool
 198 {
 199     session_start();
 200     if (isset($_SESSION['id']))
 201     {
 202         $user = new SQLA_User(NULL, $_SESSION['id']);
 203         if ($user->id)
 204             return $user;
 205     }
 206     return false;
 207 }
 208
 209 /**
 210  * Checks if a user can do something
 211  * @param string $permission
 212  * @return bool
 213  */
 214 function current_user_can() : bool
 215 {
 216
 217     return false;
 218 }
 219
 220 /**
 221  * Delete a user and related meta
 222  * @param int $id The ID of the user in the SQL database.
 223  * @param array $info Optional: This will fill with a response.
 224  * @return int
 225  *
 226  * Return values:
 227  *  1   The user was successfully deleted.
 228  *  0   The user was not found
 229  *  -1  The admin does not have permission to delete users [TODO]
 230  */
 231 function delete_user(int $id, &$info = []) : int
 232 {
 233     $user = new SQLA_User(NULL, $id);
 234     if (!$user->id) {
 235         $info[] = "Could not find user";
 236         var_dump("return 1");
 237         return 0;
 238     }
 239     $query = "DELETE FROM " . SQL_PREFIX . "users WHERE user_id = :id";
 240     $conn = sqlnew();
 241     $stmt = $conn->prepare($query);
 242     $stmt->execute(["id" => $user->id]);
 243     $deleted = $stmt->rowCount();
 244     if ($user->id)
 245     {
 246         $info[] = "Successfully deleted user \"$user->username\"";
 247         return 1;
 248     }
 249     $info[] = "Unknown error";
 250     return 0;
 251 }
 252