Merge branch 'main' into patch-3

[irc/unrealircd/unrealircd-webpanel.git] / Classes / class-paneluser.php

diff --git a/Classes/class-paneluser.php b/Classes/class-paneluser.php
index b0d85125b1ce8d61ae2a4efe9cb1b2aada92839b..8d44bbc7cfd7b6681ad99a63137da6de149d16f0 100644 (file)
--- a/Classes/class-paneluser.php
+++ b/Classes/class-paneluser.php
@@ -1,18 +1,30 @@
 <?php
-
-define('PERMISSION_MANAGE_USERS', 'manage_users'); /** Relating to Panel Access: Can add, delete and edit users. Big boss. */
-define('PERMISSION_BAN_USERS', 'ban_users'); /** Relating to Users tab: Can ban users connected to IRC */
-define('PERMISSION_EDIT_USER', 'edit_user'); /** Change properties of a user, i.e. vhost, modes and more */
-define('PERMISSION_EDIT_CHANNEL', 'edit_channel'); /** Change properties of a channel, i.e. topic, modes and more */
-define('PERMISSION_EDIT_CHANNEL_USER', 'edit_channel_user'); /** Change properties of a user on a channel i.e give/remove voice or ops and more */
-define('PERMISSION_SERVER_BAN_ADD', 'tkl_add'); /** Can add manual bans, including G-Lines, Z-Lines and more */
-define('PERMISSION_SERVER_BAN_DEL', 'tkl_del'); /** Can remove set bans, including G-Lines, Z-Lines and more */
-define('PERMISSION_NAME_BAN_ADD', 'nb_add'); /** Can add Name Bans (Q-Lines) */
-define('PERMISSION_NAME_BAN_DEL', 'nb_del'); /** Can delete Name Bans (Q-Lines) */
-define('PERMISSION_BAN_EXCEPTION_ADD', 'be_add'); /** Can add ban exceptions (E-Lines) */
-define('PERMISSION_BAN_EXCEPTION_DEL', 'be_del'); /** Can delete ban exceptions (E-Lines) */
-define('PERMISSION_SPAMFILTER_ADD', 'sf_add'); /** Can add spamfilter entries */
-define('PERMISSION_SPAMFILTER_DEL', 'sf_del'); /** Can delete spamfilter entries */
+/** Relating to Panel Access: Can add, delete and edit users. Big boss. */
+define('PERMISSION_MANAGE_USERS', 'manage_users'); 
+/** Relating to Users tab: Can ban users connected to IRC */
+define('PERMISSION_BAN_USERS', 'ban_users');
+/** Change properties of a user, i.e. vhost, modes and more */
+define('PERMISSION_EDIT_USER', 'edit_user');
+/** Change properties of a channel, i.e. topic, modes and more */
+define('PERMISSION_EDIT_CHANNEL', 'edit_channel'); 
+/** Change properties of a user on a channel i.e give/remove voice or ops and more */
+define('PERMISSION_EDIT_CHANNEL_USER', 'edit_channel_user'); 
+/** Can add manual bans, including G-Lines, Z-Lines and more */
+define('PERMISSION_SERVER_BAN_ADD', 'tkl_add'); 
+/** Can remove set bans, including G-Lines, Z-Lines and more */
+define('PERMISSION_SERVER_BAN_DEL', 'tkl_del');
+/** Can add Name Bans (Q-Lines) */
+define('PERMISSION_NAME_BAN_ADD', 'nb_add');
+/** Can delete Name Bans (Q-Lines) */
+define('PERMISSION_NAME_BAN_DEL', 'nb_del'); 
+/** Can add ban exceptions (E-Lines) */
+define('PERMISSION_BAN_EXCEPTION_ADD', 'be_add'); 
+/** Can delete ban exceptions (E-Lines) */
+define('PERMISSION_BAN_EXCEPTION_DEL', 'be_del'); 
+/** Can add spamfilter entries */
+define('PERMISSION_SPAMFILTER_ADD', 'sf_add'); 
+/** Can delete spamfilter entries */
+define('PERMISSION_SPAMFILTER_DEL', 'sf_del'); 
 /**
  * PanelUser
  * This is the User class for the SQL_Auth plugin
@@ -157,21 +169,29 @@ class PanelUser_Meta
  * @throws Exception
  * @return bool
  */
-function create_new_user(array $user) : bool
+function create_new_user(array &$user) : bool
 {
        if (!isset($user['user_name']) || !isset($user['user_pass']))
                throw new Exception("Attempted to add user without specifying user_name or user_pass");
 
-       $username = $user['user_name'];
-       $password = password_hash($user['user_pass'], PASSWORD_ARGON2ID);
-       $first_name = (isset($user['fname'])) ? $user['fname'] : NULL;
-       $last_name = (isset($user['lname'])) ? $user['lname'] : NULL;
-       $user_bio = (isset($user['user_bio'])) ? $user['user_bio'] : NULL;
-       
+       $user['user_name'] = htmlspecialchars($user['user_name']);
+       $user['user_pass'] = password_hash($user['user_pass'], PASSWORD_ARGON2ID);
+       $user['fname'] = (isset($user['fname'])) ? htmlspecialchars($user['fname']) : NULL;
+       $last['lname'] = (isset($user['lname'])) ? htmlspecialchars($user['lname']) : NULL;
+       $user['user_bio'] = (isset($user['user_bio'])) ? htmlspecialchars($user['user_bio']) : NULL;
 
-       $conn = sqlnew();
-       $prep = $conn->prepare("INSERT INTO " . SQL_PREFIX . "users (user_name, user_pass, user_fname, user_lname, user_bio, created) VALUES (:name, :pass, :fname, :lname, :user_bio, :created)");
-       $prep->execute(["name" => $username, "pass" => $password, "fname" => $first_name, "lname" => $last_name, "user_bio" => $user_bio, "created" => date("Y-m-d H:i:s")]);
+       if (($u = new PanelUser($user['user_name']))->id)
+       {
+               $user['err'] = "User already exists";
+               return false;
+       }
+       // internal use
+       $user['success'] = false;
+       $user['errmsg'] = [];
+       
+       Hook::run(HOOKTYPE_USER_CREATE, $user);
+       if (!$user['success'])
+               return false;
        
        return true;
 }
@@ -237,17 +257,8 @@ function delete_user(int $id, &$info = []) : int
                $info[] = "Could not find user";
                return 0;
        }
-       $query = "DELETE FROM " . SQL_PREFIX . "users WHERE user_id = :id";
-       $conn = sqlnew();
-       $stmt = $conn->prepare($query);
-       $stmt->execute(["id" => $user->id]);
-       $deleted = $stmt->rowCount();
-       if ($user->id)
-       {
-               $info[] = "Successfully deleted user \"$user->username\"";
-               return 1;
-       }
-       $info[] = "Unknown error";
-       return 0;
+       $arr = ["user" => $user, "info" => &$info, "boolint" => 0];
+       Hook::run(HOOKTYPE_USER_DELETE, $arr);
+       return $arr["boolint"];
 }