plugins/sql_auth/SQL/user.php

   1 <?php
   2
   3 /**
   4  * SQLA_User
   5  * This is the User class for the SQL_Auth plugin
   6  */
   7 class SQLA_User
   8 {
   9     public $id = NULL;
  10     public $username = NULL;
  11     private $passhash = NULL;
  12     public $first_name = NULL;
  13     public $last_name = NULL;
  14     public $created = NULL;
  15     public $user_meta = [];
  16     public $bio = NULL;
  17
  18     /**
  19      * Find a user in the database by name or ID
  20      * @param string $name
  21      * @param mixed $id
  22      */
  23     function __construct(string $name = NULL, $id = NULL)
  24     {
  25         $conn = sqlnew();
  26
  27         if ($id)
  28         {
  29             $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE user_id = :id LIMIT 1");
  30             $prep->execute(["id" => strtolower($id)]);
  31         }
  32         elseif ($name)
  33         {
  34             $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE LOWER(user_name) = :name LIMIT 1");
  35             $prep->execute(["name" => strtolower($name)]);
  36         }
  37         $data = NULL;
  38         if ($prep)
  39             $data = $prep->fetchAll();
  40         if (isset($data[0]) && $data = $data[0])
  41         {
  42             $this->id = $data['user_id'];
  43             $this->username = $data['user_name'];
  44             $this->passhash = $data['user_pass'];
  45             $this->first_name = $data['user_fname'] ?? NULL;
  46             $this->last_name = $data['user_lname'] ?? NULL;
  47             $this->created = $data['created'];
  48             $this->bio = $data['user_bio'];
  49             $this->user_meta = (new SQLA_User_Meta($this->id))->list;
  50         }
  51     }
  52
  53     function password_verify(string $input)
  54     {
  55         if (password_verify($input, $this->passhash))
  56             return true;
  57         return false;
  58     }
  59 }
  60
  61
  62 /**
  63  * This class looks up and returns any user meta.
  64  * This is used by SQLA_User, so you won't need to
  65  * call it separately from SQLA_User.
  66  */
  67 class SQLA_User_Meta
  68 {
  69     public $list = [];
  70     function __construct($id)
  71     {
  72         $conn = sqlnew();
  73         if ($id)
  74         {
  75             $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "user_meta WHERE user_id = :id");
  76             $prep->execute(["id" => $id]);
  77         }
  78         foreach ($prep->fetchAll() as $row)
  79         {
  80             $this->list[$row['meta_key']] = $row['meta_value'];
  81         }
  82     }
  83 }
  84
  85 /**
  86  * Array of user
  87  *
  88  * Required:
  89  * user_name
  90  * user_pass
  91  *
  92  * Optional:
  93  * user_fname
  94  * user_lname
  95  *
  96  * @param array $user
  97  * @throws Exception
  98  * @return bool
  99  */
 100 function create_new_user(array $user) : bool
 101 {
 102     if (!isset($user['user_name']) || !isset($user['user_pass']))
 103         throw new Exception("Attempted to add user without specifying user_name or user_pass");
 104
 105     $username = $user['user_name'];
 106     $password = password_hash($user['user_pass'], PASSWORD_ARGON2ID);
 107     $first_name = (isset($user['fname'])) ? $user['fname'] : NULL;
 108     $last_name = (isset($user['lname'])) ? $user['lname'] : NULL;
 109     $user_bio = (isset($user['user_bio'])) ? $user['user_bio'] : NULL;
 110
 111
 112     $conn = sqlnew();
 113     $prep = $conn->prepare("INSERT INTO " . SQL_PREFIX . "users (user_name, user_pass, user_fname, user_lname, user_bio, created) VALUES (:name, :pass, :fname, :lname, :user_bio, :created)");
 114     $prep->execute(["name" => $username, "pass" => $password, "fname" => $first_name, "lname" => $last_name, "user_bio" => $user_bio, "created" => date("Y-m-d H:i:s")]);
 115
 116     return true;
 117 }
 118
 119 /**
 120  * Gets the user object for the current session
 121  * @return SQLA_User|bool
 122  */
 123 function unreal_get_current_user() : SQLA_User|bool
 124 {
 125     session_start();
 126     if (isset($_SESSION['id']))
 127     {
 128         $user = new SQLA_User(NULL, $_SESSION['id']);
 129         if ($user->id)
 130             return $user;
 131     }
 132     return false;
 133 }
 134
 135 /**
 136  * Checks if a user can do something
 137  * @param string $permission
 138  * @return bool
 139  */
 140 function current_user_can() : bool
 141 {
 142
 143     return false;
 144 }
 145
 146 /**
 147  * Delete a user and related meta
 148  * @param int $id The ID of the user in the SQL database.
 149  * @param array $info Optional: This will fill with a response.
 150  * @return int
 151  *
 152  * Return values:
 153  *  1   The user was successfully deleted.
 154  *  0   The user was not found
 155  *  -1  The admin does not have permission to delete users [TODO]
 156  */
 157 function delete_user(int $id, &$info = []) : int
 158 {
 159     $user = new SQLA_User(NULL, $id);
 160     if (!$user->id) {
 161         $info[] = "Could not find user";
 162         var_dump("return 1");
 163         return 0;
 164     }
 165     $query = "DELETE FROM " . SQL_PREFIX . "users WHERE user_id = :id";
 166     $conn = sqlnew();
 167     $stmt = $conn->prepare($query);
 168     $stmt->execute(["id" => $user->id]);
 169     $deleted = $stmt->rowCount();
 170     if ($user->id)
 171     {
 172         $info[] = "Successfully deleted user \"$user->username\"";
 173         return 1;
 174     }
 175     $info[] = "Unknown error";
 176     return 0;
 177 }