2017-04-06 18:07:15 +02:00
|
|
|
<?php
|
|
|
|
|
/* μlogger
|
|
|
|
|
*
|
|
|
|
|
* Copyright(C) 2017 Bartek Fabiszewski (www.fabiszewski.net)
|
|
|
|
|
*
|
|
|
|
|
* This is free software; you can redistribute it and/or modify it under
|
2017-04-07 00:05:28 +02:00
|
|
|
* the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 3 of the License, or
|
2017-04-06 18:07:15 +02:00
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful, but
|
|
|
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
|
* General Public License for more details.
|
|
|
|
|
*
|
2017-04-07 00:05:28 +02:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
2017-04-06 18:07:15 +02:00
|
|
|
*/
|
2017-04-12 20:16:39 +02:00
|
|
|
require_once(ROOT_DIR . "/helpers/config.php");
|
|
|
|
|
require_once(ROOT_DIR . "/helpers/db.php");
|
|
|
|
|
require_once(ROOT_DIR . "/helpers/track.php");
|
|
|
|
|
require_once(ROOT_DIR . "/helpers/position.php");
|
2017-04-06 18:07:15 +02:00
|
|
|
|
2017-04-14 14:00:56 +02:00
|
|
|
// for PHP 5.4 uncomment following line to include password_compat library
|
|
|
|
|
//require_once(ROOT_DIR . "/helpers/password.php");
|
|
|
|
|
|
2017-04-09 23:35:55 +02:00
|
|
|
/**
|
|
|
|
|
* User handling routines
|
|
|
|
|
*/
|
|
|
|
|
class uUser {
|
2017-04-06 18:07:15 +02:00
|
|
|
public $id;
|
|
|
|
|
public $login;
|
|
|
|
|
public $hash;
|
|
|
|
|
public $isAdmin = false;
|
|
|
|
|
public $isValid = false;
|
|
|
|
|
|
|
|
|
|
private static $db;
|
|
|
|
|
|
2017-04-09 23:35:55 +02:00
|
|
|
/**
|
|
|
|
|
* Constructor
|
|
|
|
|
*
|
|
|
|
|
* @param string $login Login
|
|
|
|
|
*/
|
2017-04-06 18:07:15 +02:00
|
|
|
public function __construct($login = NULL) {
|
2017-04-16 22:45:56 +02:00
|
|
|
self::$db = uDb::getInstance();
|
2017-04-06 18:07:15 +02:00
|
|
|
if (!empty($login)) {
|
2017-04-17 22:04:33 +02:00
|
|
|
$sql = "SELECT id, login, password FROM `" . self::$db->table('users') . "` WHERE login = ? LIMIT 1";
|
|
|
|
|
$stmt = self::$db->prepare($sql);
|
2017-04-06 18:07:15 +02:00
|
|
|
$stmt->bind_param('s', $login);
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
$stmt->bind_result($this->id, $this->login, $this->hash);
|
|
|
|
|
if ($stmt->fetch()) {
|
|
|
|
|
$this->isValid = true;
|
|
|
|
|
}
|
|
|
|
|
$stmt->close();
|
2017-04-07 16:04:59 +02:00
|
|
|
$this->isAdmin = $this->isAdmin($this->login);
|
2017-04-06 18:07:15 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-09 23:35:55 +02:00
|
|
|
/**
|
|
|
|
|
* Add new user
|
|
|
|
|
*
|
|
|
|
|
* @param string $login Login
|
2017-04-14 14:00:56 +02:00
|
|
|
* @param string $pass Password
|
2017-04-09 23:35:55 +02:00
|
|
|
* @return int|bool New user id, false on error
|
|
|
|
|
*/
|
2017-04-14 14:00:56 +02:00
|
|
|
public function add($login, $pass) {
|
2017-04-06 18:07:15 +02:00
|
|
|
$userid = false;
|
2017-04-14 15:55:00 +02:00
|
|
|
if (!empty($login) && !empty($pass) && $this->validPassStrength($pass)) {
|
2017-04-14 14:00:56 +02:00
|
|
|
$hash = password_hash($pass, PASSWORD_DEFAULT);
|
2017-04-17 22:04:33 +02:00
|
|
|
$sql = "INSERT INTO `" . self::$db->table('users') . "` (login, password) VALUES (?, ?)";
|
2017-04-06 18:07:15 +02:00
|
|
|
$stmt = self::$db->prepare($sql);
|
|
|
|
|
$stmt->bind_param('ss', $login, $hash);
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
if (!self::$db->error && !$stmt->errno) {
|
|
|
|
|
$userid = self::$db->insert_id;
|
|
|
|
|
}
|
|
|
|
|
$stmt->close();
|
|
|
|
|
}
|
|
|
|
|
return $userid;
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-12 20:16:39 +02:00
|
|
|
/**
|
|
|
|
|
* Delete user
|
|
|
|
|
* This will also delete all user's positions and tracks
|
|
|
|
|
*
|
|
|
|
|
* @return bool True if success, false otherwise
|
|
|
|
|
*/
|
|
|
|
|
public function delete() {
|
|
|
|
|
$ret = false;
|
|
|
|
|
if ($this->isValid) {
|
|
|
|
|
// remove positions
|
|
|
|
|
$position = new uPosition();
|
|
|
|
|
if ($position->deleteAll($this->id) === false) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
// remove tracks
|
|
|
|
|
$track = new uTrack();
|
|
|
|
|
if ($track->deleteAll($this->id) === false) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
// remove user
|
2017-04-17 22:04:33 +02:00
|
|
|
$sql = "DELETE FROM `" . self::$db->table('users') . "` WHERE id = ?";
|
2017-04-12 20:16:39 +02:00
|
|
|
$stmt = self::$db->prepare($sql);
|
|
|
|
|
$stmt->bind_param('i', $this->id);
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
if (!self::$db->error && !$stmt->errno) {
|
|
|
|
|
$ret = true;
|
2017-04-14 15:55:00 +02:00
|
|
|
$this->id = NULL;
|
|
|
|
|
$this->login = NULL;
|
|
|
|
|
$this->hash = NULL;
|
|
|
|
|
$this->isValid = false;
|
|
|
|
|
$this->isAdmin = false;
|
2017-04-12 20:16:39 +02:00
|
|
|
}
|
|
|
|
|
$stmt->close();
|
|
|
|
|
}
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-09 23:35:55 +02:00
|
|
|
/**
|
|
|
|
|
* Set user password
|
|
|
|
|
*
|
2017-04-14 14:00:56 +02:00
|
|
|
* @param string $pass Password
|
2017-04-09 23:35:55 +02:00
|
|
|
* @return bool True on success, false otherwise
|
|
|
|
|
*/
|
2017-04-14 14:00:56 +02:00
|
|
|
public function setPass($pass) {
|
2017-04-06 23:23:25 +02:00
|
|
|
$ret = false;
|
2017-04-14 15:55:00 +02:00
|
|
|
if ($this->validPassStrength($pass)) {
|
|
|
|
|
$hash = password_hash($pass, PASSWORD_DEFAULT);
|
2017-04-17 22:04:33 +02:00
|
|
|
$sql = "UPDATE `" . self::$db->table('users') . "` SET password = ? WHERE login = ?";
|
2017-04-14 15:55:00 +02:00
|
|
|
$stmt = self::$db->prepare($sql);
|
|
|
|
|
$stmt->bind_param('ss', $hash, $this->login);
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
if (!self::$db->error && !$stmt->errno) {
|
|
|
|
|
$ret = true;
|
|
|
|
|
}
|
|
|
|
|
$stmt->close();
|
2017-04-06 23:23:25 +02:00
|
|
|
}
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-09 23:35:55 +02:00
|
|
|
/**
|
|
|
|
|
* Check if given password matches user's one
|
|
|
|
|
*
|
|
|
|
|
* @param String $password Password
|
|
|
|
|
* @return bool True if matches, false otherwise
|
|
|
|
|
*/
|
2017-04-06 18:07:15 +02:00
|
|
|
public function validPassword($password) {
|
|
|
|
|
return password_verify($password, $this->hash);
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-14 15:55:00 +02:00
|
|
|
/**
|
|
|
|
|
* Check if given password matches user's one
|
|
|
|
|
*
|
|
|
|
|
* @param String $password Password
|
|
|
|
|
* @return bool True if matches, false otherwise
|
|
|
|
|
*/
|
|
|
|
|
private function validPassStrength($password) {
|
|
|
|
|
$config = new uConfig();
|
|
|
|
|
return preg_match($config->passRegex(), $password);
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-09 23:35:55 +02:00
|
|
|
/**
|
|
|
|
|
* Store uUser object in session
|
|
|
|
|
*/
|
2017-04-06 18:07:15 +02:00
|
|
|
public function storeInSession() {
|
|
|
|
|
$_SESSION['user'] = $this;
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-09 23:35:55 +02:00
|
|
|
/**
|
|
|
|
|
* Fill uUser object properties from session data
|
2017-04-14 15:55:00 +02:00
|
|
|
* @return uPosition Self
|
2017-04-09 23:35:55 +02:00
|
|
|
*/
|
2017-04-06 18:07:15 +02:00
|
|
|
public function getFromSession() {
|
|
|
|
|
if (isset($_SESSION['user'])) {
|
|
|
|
|
$sessionUser = $_SESSION['user'];
|
|
|
|
|
$this->id = $sessionUser->id;
|
|
|
|
|
$this->login = $sessionUser->login;
|
|
|
|
|
$this->hash = $sessionUser->hash;
|
|
|
|
|
$this->isAdmin = $sessionUser->isAdmin;
|
|
|
|
|
$this->isValid = $sessionUser->isValid;
|
|
|
|
|
}
|
2017-04-14 15:55:00 +02:00
|
|
|
return $this;
|
2017-04-06 18:07:15 +02:00
|
|
|
}
|
|
|
|
|
|
2017-04-09 23:35:55 +02:00
|
|
|
/**
|
|
|
|
|
* Get all users
|
|
|
|
|
*
|
|
|
|
|
* @return array|bool Array of uUser users, false on error
|
|
|
|
|
*/
|
2017-04-07 16:04:59 +02:00
|
|
|
public function getAll() {
|
2017-04-17 22:04:33 +02:00
|
|
|
$query = "SELECT id, login, password FROM `" . self::$db->table('users') . "` ORDER BY login";
|
2017-04-06 18:07:15 +02:00
|
|
|
$result = self::$db->query($query);
|
|
|
|
|
if ($result === false) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
$userArr = [];
|
|
|
|
|
while ($row = $result->fetch_assoc()) {
|
2017-04-07 16:04:59 +02:00
|
|
|
$userArr[] = $this->rowToObject($row);
|
2017-04-06 18:07:15 +02:00
|
|
|
}
|
|
|
|
|
$result->close();
|
|
|
|
|
return $userArr;
|
|
|
|
|
}
|
2017-04-07 16:04:59 +02:00
|
|
|
|
2017-04-09 23:35:55 +02:00
|
|
|
/**
|
|
|
|
|
* Convert database row to uUser
|
|
|
|
|
*
|
|
|
|
|
* @param array $row Row
|
|
|
|
|
* @return uUser User
|
|
|
|
|
*/
|
2017-04-07 16:04:59 +02:00
|
|
|
private function rowToObject($row) {
|
|
|
|
|
$user = new uUser();
|
|
|
|
|
$user->id = $row['id'];
|
|
|
|
|
$user->login = $row['login'];
|
|
|
|
|
$user->hash = $row['password'];
|
|
|
|
|
$user->isAdmin = $this->isAdmin($row['login']);
|
|
|
|
|
$user->isValid = true;
|
|
|
|
|
return $user;
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-09 23:35:55 +02:00
|
|
|
/**
|
|
|
|
|
* Is given login admin user
|
|
|
|
|
*
|
|
|
|
|
* @param string $login Login
|
|
|
|
|
* @return bool True if admin, false otherwise
|
|
|
|
|
*/
|
2017-04-07 16:04:59 +02:00
|
|
|
private function isAdmin($login) {
|
|
|
|
|
$config = new uConfig();
|
|
|
|
|
return (!empty($config::$admin_user) && $config::$admin_user == $login);
|
|
|
|
|
}
|
2017-04-09 23:35:55 +02:00
|
|
|
}
|
2017-04-16 22:45:56 +02:00
|
|
|
?>
|
