]>
jfr.im git - irc/unrealircd/unrealircd-webpanel.git/blob - plugins/sql_auth/SQL/user.php
3 define('SQLPERM_MANAGE_USERS', 'manage_users'); /** Relating to Panel Access: Can add, delete and edit users. Big boss. */
4 define('SQLPERM_BAN_USERS', 'ban_users'); /** Relating to Users tab: Can ban users connected to IRC */
5 define('SQLPERM_EDIT_USER', 'edit_user'); /** Change properties of a user, i.e. vhost, modes and more */
6 define('SQLPERM_EDIT_CHANNEL', 'edit_channel'); /** Change properties of a channel, i.e. topic, modes and more */
7 define('SQLPERM_EDIT_CHANNEL_USER', 'edit_channel_user'); /** Change properties of a user on a channel i.e give/remove voice or ops and more */
8 define('SQLPERM_SERVER_BAN_ADD', 'tkl_add'); /** Can add manual bans, including G-Lines, Z-Lines and more */
9 define('SQLPERM_SERVER_BAN_DEL', 'tkl_del'); /** Can remove set bans, including G-Lines, Z-Lines and more */
10 define('SQLPERM_NAME_BAN_ADD', 'nb_add'); /** Can add Name Bans (Q-Lines) */
11 define('SQLPERM_NAME_BAN_DEL', 'nb_del'); /** Can delete Name Bans (Q-Lines) */
12 define('SQLPERM_BAN_EXCEPTION_ADD', 'be_add'); /** Can add ban exceptions (E-Lines) */
13 define('SQLPERM_BAN_EXCEPTION_DEL', 'be_del'); /** Can delete ban exceptions (E-Lines) */
14 define('SQLPERM_SPAMFILTER_ADD', 'sf_add'); /** Can add spamfilter entries */
15 define('SQLPERM_SPAMFILTER_DEL', 'sf_del'); /** Can delete spamfilter entries */
18 * This is the User class for the SQL_Auth plugin
23 public $username = NULL;
24 private $passhash = NULL;
25 public $first_name = NULL;
26 public $last_name = NULL;
27 public $created = NULL;
28 public $user_meta = [];
32 * Find a user in the database by name or ID
36 function __construct(string $name = NULL, int $id = NULL)
42 $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX
. "users WHERE user_id = :id LIMIT 1");
43 $prep->execute(["id" => strtolower($id)]);
47 $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX
. "users WHERE LOWER(user_name) = :name LIMIT 1");
48 $prep->execute(["name" => strtolower($name)]);
52 $data = $prep->fetchAll();
53 if (isset($data[0]) && $data = $data[0])
55 $this->id
= $data['user_id'];
56 $this->username
= $data['user_name'];
57 $this->passhash
= $data['user_pass'];
58 $this->first_name
= $data['user_fname'] ?? NULL;
59 $this->last_name
= $data['user_lname'] ?? NULL;
60 $this->created
= $data['created'];
61 $this->bio
= $data['user_bio'];
62 $this->user_meta
= (new SQLA_User_Meta($this->id
))->list;
67 * Verify a user's password
68 * @param string $input
71 function password_verify(string $input) : bool
73 if (password_verify($input, $this->passhash
))
81 * @param string $value
84 function add_meta(string $key, string $value)
97 /* check if it exists first, update it if it does */
98 $query = "SELECT * FROM " . SQL_PREFIX
. "user_meta WHERE user_id = :id AND meta_key = :key";
99 $stmt = $conn->prepare($query);
100 $stmt->execute(["id" => $this->id
, "key" => $key]);
101 if ($stmt->rowCount()) // it exists, update instead of insert
103 $query = "UPDATE " . SQL_PREFIX
. "user_meta SET meta_value = :value WHERE user_id = :id AND meta_key = :key";
104 $stmt = $conn->prepare($query);
105 $stmt->execute($meta);
106 if ($stmt->rowCount())
113 $query = "INSERT INTO " . SQL_PREFIX
. "user_meta (user_id, meta_key, meta_value) VALUES (:id, :key, :value)";
114 $stmt = $conn->prepare($query);
115 $stmt->execute($meta);
116 if ($stmt->rowCount())
123 * Delete user meta data by key
127 function delete_meta(string $key)
138 $query = "DELETE FROM " . SQL_PREFIX
. "user_meta WHERE user_id = :id AND meta_key = :key";
139 $stmt = $conn->prepare($query);
140 $stmt->execute($meta);
141 if ($stmt->rowCount())
149 function add_permission($permission)
151 $meta = (isset($this->user_meta
['permissions'])) ? unserialize($this->user_meta
['permissions']) : [];
152 if (!in_array($permission,$meta))
153 $meta[] = $permission;
154 $this->add_meta("permissions", serialize($meta)); // updet de dettabess
155 $this->user_meta
['permissions'] = serialize($meta); // put it back in our object in case it still needs to be used
157 function delete_permission($permission)
159 $meta = (isset($this->user_meta
['permissions'])) ? unserialize($this->user_meta
['permissions']) : [];
160 foreach($meta as $key => $value)
162 if (!strcmp($permission, $value))
165 $this->add_meta("permissions", serialize($meta));
166 $this->user_meta
['permissions'] = serialize($meta);
173 * This class looks up and returns any user meta.
174 * This is used by SQLA_User, so you won't need to
175 * call it separately from SQLA_User.
180 function __construct($id)
185 $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX
. "user_meta WHERE user_id = :id");
186 $prep->execute(["id" => $id]);
188 foreach ($prep->fetchAll() as $row)
190 $this->list[$row['meta_key']] = $row['meta_value'];
210 function create_new_user(array $user) : bool
212 if (!isset($user['user_name']) || !isset($user['user_pass']))
213 throw new Exception("Attempted to add user without specifying user_name or user_pass");
215 $username = $user['user_name'];
216 $password = password_hash($user['user_pass'], PASSWORD_ARGON2ID
);
217 $first_name = (isset($user['fname'])) ? $user['fname'] : NULL;
218 $last_name = (isset($user['lname'])) ? $user['lname'] : NULL;
219 $user_bio = (isset($user['user_bio'])) ? $user['user_bio'] : NULL;
223 $prep = $conn->prepare("INSERT INTO " . SQL_PREFIX
. "users (user_name, user_pass, user_fname, user_lname, user_bio, created) VALUES (:name, :pass, :fname, :lname, :user_bio, :created)");
224 $prep->execute(["name" => $username, "pass" => $password, "fname" => $first_name, "lname" => $last_name, "user_bio" => $user_bio, "created" => date("Y-m-d H:i:s")]);
230 * Gets the user object for the current session
231 * @return SQLA_User|bool
233 function unreal_get_current_user() : SQLA_User
|bool
235 if (!isset($_SESSION))
237 session_set_cookie_params(3600);
240 if (isset($_SESSION['id']))
242 $user = new SQLA_User(NULL, $_SESSION['id']);
250 * Checks if a user can do something
251 * @param string $permission
254 function current_user_can($permission) : bool
256 $user = unreal_get_current_user();
260 if (isset($user->user_meta
['permissions']))
262 $perms = unserialize($user->user_meta
['permissions']);
263 if (in_array($permission, $perms))
272 * Delete a user and related meta
273 * @param int $id The ID of the user in the SQL database.
274 * @param array $info This will fill with a response.
278 * 1 The user was successfully deleted.
279 * 0 The user was not found
280 * -1 The admin does not have permission to delete users [TODO]
282 function delete_user(int $id, &$info = []) : int
284 $user = new SQLA_User(NULL, $id);
286 $info[] = "Could not find user";
289 $query = "DELETE FROM " . SQL_PREFIX
. "users WHERE user_id = :id";
291 $stmt = $conn->prepare($query);
292 $stmt->execute(["id" => $user->id
]);
293 $deleted = $stmt->rowCount();
296 $info[] = "Successfully deleted user \"$user->username\"";
299 $info[] = "Unknown error";