ulogger-server/helpers/user.php

<?php
/* μlogger
 *
 * Copyright(C) 2017 Bartek Fabiszewski (www.fabiszewski.net)
 *
 * This is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, see <http://www.gnu.org/licenses/>.
 */
  require_once(ROOT_DIR . "/helpers/db.php");
  require_once(ROOT_DIR . "/helpers/track.php");
  require_once(ROOT_DIR . "/helpers/position.php");

 /**
  * User handling routines
  */
  class uUser {
    public $id;
    public $login;
    public $hash;
    public $isAdmin = false;
    public $isValid = false;

   /**
    * Constructor
    *
    * @param string $login Login
    */
    public function __construct($login = NULL) {
      if (!empty($login)) {
        try {
          $query = "SELECT id, login, password, admin FROM " . self::db()->table('users') . " WHERE login = ? LIMIT 1";
          $stmt = self::db()->prepare($query);
          $stmt->execute([ $login ]);
          $stmt->bindColumn('id', $this->id, PDO::PARAM_INT);
          $stmt->bindColumn('login', $this->login);
          $stmt->bindColumn('password', $this->hash);
          $stmt->bindColumn('admin', $this->isAdmin, PDO::PARAM_BOOL);
          if ($stmt->fetch(PDO::FETCH_BOUND)) {
            $this->isValid = true;
          }
        } catch (PDOException $e) {
          // TODO: handle exception
          syslog(LOG_ERR, $e->getMessage());
        }
      }
    }

    /**
     * Get db instance
     *
     * @return uDb instance
     */
    private static function db() {
      return uDb::getInstance();
    }

    /**
     * Add new user
     *
     * @param string $login Login
     * @param string $pass Password
     * @param bool $isAdmin Is admin
     * @return int|bool New user id, false on error
     */
    public static function add($login, $pass, $isAdmin = false) {
      $userid = false;
      if (!empty($login) && !empty($pass)) {
        $hash = password_hash($pass, PASSWORD_DEFAULT);
        $table = self::db()->table('users');
        try {
          $query = "INSERT INTO $table (login, password, admin) VALUES (?, ?, ?)";
          $stmt = self::db()->prepare($query);
          $stmt->execute([ $login, $hash, (int) $isAdmin ]);
          $userid = (int) self::db()->lastInsertId("${table}_id_seq");
        } catch (PDOException $e) {
          // TODO: handle exception
          syslog(LOG_ERR, $e->getMessage());
        }
      }
      return $userid;
    }

   /**
    * Delete user
    * This will also delete all user's positions and tracks
    *
    * @return bool True if success, false otherwise
    */
    public function delete() {
      $ret = false;
      if ($this->isValid) {
        // remove tracks and positions
        if (uTrack::deleteAll($this->id) === false) {
          return false;
        }
        // remove user
        try {
          $query = "DELETE FROM " . self::db()->table('users') . " WHERE id = ?";
          $stmt = self::db()->prepare($query);
          $stmt->execute([ $this->id ]);
          $ret = true;
          $this->id = NULL;
          $this->login = NULL;
          $this->hash = NULL;
          $this->isValid = false;
          $this->isAdmin = false;
        } catch (PDOException $e) {
          // TODO: handle exception
          syslog(LOG_ERR, $e->getMessage());
        }
      }
      return $ret;
    }

   /**
    * Set user admin status
    *
    * @param bool $isAdmin True if is admin
    * @return bool True on success, false otherwise
    */
    public function setAdmin($isAdmin) {
      $ret = false;
      try {
        $query = "UPDATE " . self::db()->table('users') . " SET admin = ? WHERE login = ?";
        $stmt = self::db()->prepare($query);
        $stmt->execute([ (int) $isAdmin, $this->login ]);
        $ret = true;
        $this->isAdmin = $isAdmin;
      } catch (PDOException $e) {
        // TODO: handle exception
        syslog(LOG_ERR, $e->getMessage());
      }
      return $ret;
    }

   /**
    * Set user password
    *
    * @param string $pass Password
    * @return bool True on success, false otherwise
    */
    public function setPass($pass) {
      $ret = false;
      if (!empty($this->login) && !empty($pass)) {
        $hash = password_hash($pass, PASSWORD_DEFAULT);
        try {
          $query = "UPDATE " . self::db()->table('users') . " SET password = ? WHERE login = ?";
          $stmt = self::db()->prepare($query);
          $stmt->execute([ $hash, $this->login ]);
          $ret = true;
          $this->hash = $hash;
        } catch (PDOException $e) {
          // TODO: handle exception
          syslog(LOG_ERR, $e->getMessage());
        }
      }
      return $ret;
    }

   /**
    * Check if given password matches user's one
    *
    * @param String $password Password
    * @return bool True if matches, false otherwise
    */
    public function validPassword($password) {
      return password_verify($password, $this->hash);
    }

   /**
    * Store uUser object in session
    */
    public function storeInSession() {
      $_SESSION['user'] = $this;
    }

   /**
    * Fill uUser object properties from session data
    * @return uUser
    */
    public static function getFromSession() {
      $user = new uUser();
      if (isset($_SESSION['user'])) {
        $sessionUser = $_SESSION['user'];
        $user->id = $sessionUser->id;
        $user->login = $sessionUser->login;
        $user->hash = $sessionUser->hash;
        $user->isAdmin = $sessionUser->isAdmin;
        $user->isValid = $sessionUser->isValid;
      }
      return $user;
    }

   /**
    * Get all users
    *
    * @return uUser[]|bool Array of uUser users, false on error
    */
    public static function getAll() {
      try {
        $query = "SELECT id, login, password, admin FROM " . self::db()->table('users') . " ORDER BY login";
        $result = self::db()->query($query);
        $userArr = [];
        while ($row = $result->fetch()) {
          $userArr[] = self::rowToObject($row);
        }
      } catch (PDOException $e) {
        // TODO: handle exception
        syslog(LOG_ERR, $e->getMessage());
        $userArr = false;
      }
      return $userArr;
    }

   /**
    * Convert database row to uUser
    *
    * @param array $row Row
    * @return uUser User
    */
    private static function rowToObject($row) {
      $user = new uUser();
      $user->id = $row['id'];
      $user->login = $row['login'];
      $user->hash = $row['password'];
      $user->isAdmin = (bool) $row['admin'];
      $user->isValid = true;
      return $user;
    }
  }
?>
Refactor user handling to use helper classes 2017-04-06 18:07:15 +02:00			`<?php`
			`/* μlogger`
			`*`
			`* Copyright(C) 2017 Bartek Fabiszewski (www.fabiszewski.net)`
			`*`
			`* This is free software; you can redistribute it and/or modify it under`
Fix copyright notice 2017-04-07 00:05:28 +02:00			`* the terms of the GNU General Public License as published by`
			`* the Free Software Foundation; either version 3 of the License, or`
Refactor user handling to use helper classes 2017-04-06 18:07:15 +02:00			`* (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful, but`
			`* WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU`
			`* General Public License for more details.`
			`*`
Fix copyright notice 2017-04-07 00:05:28 +02:00			`* You should have received a copy of the GNU General Public License`
			`* along with this program; if not, see <http://www.gnu.org/licenses/>.`
Refactor user handling to use helper classes 2017-04-06 18:07:15 +02:00			`*/`
Add edit/delete user menus 2017-04-12 20:16:39 +02:00			`require_once(ROOT_DIR . "/helpers/db.php");`
			`require_once(ROOT_DIR . "/helpers/track.php");`
			`require_once(ROOT_DIR . "/helpers/position.php");`
Refactor user handling to use helper classes 2017-04-06 18:07:15 +02:00
Update phpdoc, minor formatting 2017-04-09 23:35:55 +02:00			`/**`
			`* User handling routines`
			`*/`
			`class uUser {`
Refactor user handling to use helper classes 2017-04-06 18:07:15 +02:00			`public $id;`
			`public $login;`
			`public $hash;`
			`public $isAdmin = false;`
			`public $isValid = false;`

Update phpdoc, minor formatting 2017-04-09 23:35:55 +02:00			`/**`
			`* Constructor`
			`*`
			`* @param string $login Login`
			`*/`
Refactor user handling to use helper classes 2017-04-06 18:07:15 +02:00			`public function __construct($login = NULL) {`
			`if (!empty($login)) {`
initial PDO support 2019-01-23 12:23:25 +01:00			`try {`
Move isAdmin flag to database 2020-02-17 18:51:27 +01:00			`$query = "SELECT id, login, password, admin FROM " . self::db()->table('users') . " WHERE login = ? LIMIT 1";`
initial PDO support 2019-01-23 12:23:25 +01:00			`$stmt = self::db()->prepare($query);`
			`$stmt->execute([ $login ]);`
Fix Postgresql issues 2019-01-24 19:07:41 +01:00			`$stmt->bindColumn('id', $this->id, PDO::PARAM_INT);`
initial PDO support 2019-01-23 12:23:25 +01:00			`$stmt->bindColumn('login', $this->login);`
			`$stmt->bindColumn('password', $this->hash);`
Move isAdmin flag to database 2020-02-17 18:51:27 +01:00			`$stmt->bindColumn('admin', $this->isAdmin, PDO::PARAM_BOOL);`
Fix Postgresql issues 2019-01-24 19:07:41 +01:00			`if ($stmt->fetch(PDO::FETCH_BOUND)) {`
			`$this->isValid = true;`
			`}`
initial PDO support 2019-01-23 12:23:25 +01:00			`} catch (PDOException $e) {`
			`// TODO: handle exception`
Fix Postgresql issues 2019-01-24 19:07:41 +01:00			`syslog(LOG_ERR, $e->getMessage());`
Refactor user handling to use helper classes 2017-04-06 18:07:15 +02:00			`}`
			`}`
			`}`

Convert methods to static where possible 2017-08-17 15:38:58 +02:00			`/**`
			`* Get db instance`
			`*`
			`* @return uDb instance`
			`*/`
			`private static function db() {`
Use singleton instance directly 2019-05-15 11:48:24 +02:00			`return uDb::getInstance();`
Convert methods to static where possible 2017-08-17 15:38:58 +02:00			`}`

Move isAdmin flag to database 2020-02-17 18:51:27 +01:00			`/**`
			`* Add new user`
			`*`
			`* @param string $login Login`
			`* @param string $pass Password`
			`* @param bool $isAdmin Is admin`
			`* @return int\|bool New user id, false on error`
			`*/`
			`public static function add($login, $pass, $isAdmin = false) {`
Refactor user handling to use helper classes 2017-04-06 18:07:15 +02:00			`$userid = false;`
Refactor config class 2020-02-20 17:08:47 +01:00			`if (!empty($login) && !empty($pass)) {`
Add optional password_compat for PHP 5.4 2017-04-14 14:00:56 +02:00			`$hash = password_hash($pass, PASSWORD_DEFAULT);`
initial PDO support 2019-01-23 12:23:25 +01:00			`$table = self::db()->table('users');`
			`try {`
Move isAdmin flag to database 2020-02-17 18:51:27 +01:00			`$query = "INSERT INTO $table (login, password, admin) VALUES (?, ?, ?)";`
initial PDO support 2019-01-23 12:23:25 +01:00			`$stmt = self::db()->prepare($query);`
Move isAdmin flag to database 2020-02-17 18:51:27 +01:00			`$stmt->execute([ $login, $hash, (int) $isAdmin ]);`
Make sure sql last insert id always returns integer 2019-12-28 18:50:29 +01:00			`$userid = (int) self::db()->lastInsertId("${table}_id_seq");`
initial PDO support 2019-01-23 12:23:25 +01:00			`} catch (PDOException $e) {`
			`// TODO: handle exception`
Fix Postgresql issues 2019-01-24 19:07:41 +01:00			`syslog(LOG_ERR, $e->getMessage());`
Refactor user handling to use helper classes 2017-04-06 18:07:15 +02:00			`}`
			`}`
			`return $userid;`
			`}`

Add edit/delete user menus 2017-04-12 20:16:39 +02:00			`/**`
			`* Delete user`
			`* This will also delete all user's positions and tracks`
			`*`
			`* @return bool True if success, false otherwise`
			`*/`
			`public function delete() {`
			`$ret = false;`
			`if ($this->isValid) {`
Delete positions with tracks in deleteAll 2017-08-17 17:18:41 +02:00			`// remove tracks and positions`
Convert methods to static where possible 2017-08-17 15:38:58 +02:00			`if (uTrack::deleteAll($this->id) === false) {`
Add edit/delete user menus 2017-04-12 20:16:39 +02:00			`return false;`
			`}`
			`// remove user`
initial PDO support 2019-01-23 12:23:25 +01:00			`try {`
			`$query = "DELETE FROM " . self::db()->table('users') . " WHERE id = ?";`
			`$stmt = self::db()->prepare($query);`
			`$stmt->execute([ $this->id ]);`
Add edit/delete user menus 2017-04-12 20:16:39 +02:00			`$ret = true;`
Optionally enforce password strength (adds config options) 2017-04-14 15:55:00 +02:00			`$this->id = NULL;`
			`$this->login = NULL;`
			`$this->hash = NULL;`
			`$this->isValid = false;`
			`$this->isAdmin = false;`
initial PDO support 2019-01-23 12:23:25 +01:00			`} catch (PDOException $e) {`
			`// TODO: handle exception`
Fix Postgresql issues 2019-01-24 19:07:41 +01:00			`syslog(LOG_ERR, $e->getMessage());`
Add edit/delete user menus 2017-04-12 20:16:39 +02:00			`}`
			`}`
			`return $ret;`
			`}`

Allow to set user admin status in dialog 2020-02-18 17:42:40 +01:00			`/**`
			`* Set user admin status`
			`*`
			`* @param bool $isAdmin True if is admin`
			`* @return bool True on success, false otherwise`
			`*/`
			`public function setAdmin($isAdmin) {`
			`$ret = false;`
			`try {`
			`$query = "UPDATE " . self::db()->table('users') . " SET admin = ? WHERE login = ?";`
			`$stmt = self::db()->prepare($query);`
Store config in database 2020-02-19 18:42:44 +01:00			`$stmt->execute([ (int) $isAdmin, $this->login ]);`
Allow to set user admin status in dialog 2020-02-18 17:42:40 +01:00			`$ret = true;`
			`$this->isAdmin = $isAdmin;`
			`} catch (PDOException $e) {`
			`// TODO: handle exception`
			`syslog(LOG_ERR, $e->getMessage());`
			`}`
			`return $ret;`
			`}`

Update phpdoc, minor formatting 2017-04-09 23:35:55 +02:00			`/**`
			`* Set user password`
			`*`
Add optional password_compat for PHP 5.4 2017-04-14 14:00:56 +02:00			`* @param string $pass Password`
Update phpdoc, minor formatting 2017-04-09 23:35:55 +02:00			`* @return bool True on success, false otherwise`
			`*/`
Add optional password_compat for PHP 5.4 2017-04-14 14:00:56 +02:00			`public function setPass($pass) {`
Add password change form 2017-04-06 23:23:25 +02:00			`$ret = false;`
Refactor config class 2020-02-20 17:08:47 +01:00			`if (!empty($this->login) && !empty($pass)) {`
Optionally enforce password strength (adds config options) 2017-04-14 15:55:00 +02:00			`$hash = password_hash($pass, PASSWORD_DEFAULT);`
initial PDO support 2019-01-23 12:23:25 +01:00			`try {`
			`$query = "UPDATE " . self::db()->table('users') . " SET password = ? WHERE login = ?";`
			`$stmt = self::db()->prepare($query);`
			`$stmt->execute([ $hash, $this->login ]);`
Optionally enforce password strength (adds config options) 2017-04-14 15:55:00 +02:00			`$ret = true;`
Fix: password change should update session user data 2019-12-28 18:56:11 +01:00			`$this->hash = $hash;`
initial PDO support 2019-01-23 12:23:25 +01:00			`} catch (PDOException $e) {`
			`// TODO: handle exception`
Fix Postgresql issues 2019-01-24 19:07:41 +01:00			`syslog(LOG_ERR, $e->getMessage());`
Optionally enforce password strength (adds config options) 2017-04-14 15:55:00 +02:00			`}`
Add password change form 2017-04-06 23:23:25 +02:00			`}`
			`return $ret;`
			`}`

Update phpdoc, minor formatting 2017-04-09 23:35:55 +02:00			`/**`
			`* Check if given password matches user's one`
			`*`
			`* @param String $password Password`
			`* @return bool True if matches, false otherwise`
			`*/`
Refactor user handling to use helper classes 2017-04-06 18:07:15 +02:00			`public function validPassword($password) {`
			`return password_verify($password, $this->hash);`
			`}`

Update phpdoc, minor formatting 2017-04-09 23:35:55 +02:00			`/**`
			`* Store uUser object in session`
			`*/`
Refactor user handling to use helper classes 2017-04-06 18:07:15 +02:00			`public function storeInSession() {`
			`$_SESSION['user'] = $this;`
			`}`

Update phpdoc, minor formatting 2017-04-09 23:35:55 +02:00			`/**`
			`* Fill uUser object properties from session data`
Rewrite authorization into class 2017-08-25 13:59:19 +02:00			`* @return uUser`
Update phpdoc, minor formatting 2017-04-09 23:35:55 +02:00			`*/`
Refactor config class 2020-02-20 17:08:47 +01:00			`public static function getFromSession() {`
			`$user = new uUser();`
Refactor user handling to use helper classes 2017-04-06 18:07:15 +02:00			`if (isset($_SESSION['user'])) {`
			`$sessionUser = $_SESSION['user'];`
Refactor config class 2020-02-20 17:08:47 +01:00			`$user->id = $sessionUser->id;`
			`$user->login = $sessionUser->login;`
			`$user->hash = $sessionUser->hash;`
			`$user->isAdmin = $sessionUser->isAdmin;`
			`$user->isValid = $sessionUser->isValid;`
Refactor user handling to use helper classes 2017-04-06 18:07:15 +02:00			`}`
Refactor config class 2020-02-20 17:08:47 +01:00			`return $user;`
Refactor user handling to use helper classes 2017-04-06 18:07:15 +02:00			`}`

Update phpdoc, minor formatting 2017-04-09 23:35:55 +02:00			`/**`
			`* Get all users`
			`*`
Add user class 2019-11-16 17:43:23 +01:00			`* @return uUser[]\|bool Array of uUser users, false on error`
Update phpdoc, minor formatting 2017-04-09 23:35:55 +02:00			`*/`
Convert methods to static where possible 2017-08-17 15:38:58 +02:00			`public static function getAll() {`
initial PDO support 2019-01-23 12:23:25 +01:00			`try {`
Move isAdmin flag to database 2020-02-17 18:51:27 +01:00			`$query = "SELECT id, login, password, admin FROM " . self::db()->table('users') . " ORDER BY login";`
initial PDO support 2019-01-23 12:23:25 +01:00			`$result = self::db()->query($query);`
			`$userArr = [];`
			`while ($row = $result->fetch()) {`
			`$userArr[] = self::rowToObject($row);`
			`}`
			`} catch (PDOException $e) {`
			`// TODO: handle exception`
Fix Postgresql issues 2019-01-24 19:07:41 +01:00			`syslog(LOG_ERR, $e->getMessage());`
initial PDO support 2019-01-23 12:23:25 +01:00			`$userArr = false;`
Refactor user handling to use helper classes 2017-04-06 18:07:15 +02:00			`}`
			`return $userArr;`
			`}`
Refactor tracks, positions handling to use helper classes 2017-04-07 16:04:59 +02:00
Update phpdoc, minor formatting 2017-04-09 23:35:55 +02:00			`/**`
			`* Convert database row to uUser`
			`*`
			`* @param array $row Row`
			`* @return uUser User`
			`*/`
Convert methods to static where possible 2017-08-17 15:38:58 +02:00			`private static function rowToObject($row) {`
Refactor tracks, positions handling to use helper classes 2017-04-07 16:04:59 +02:00			`$user = new uUser();`
			`$user->id = $row['id'];`
			`$user->login = $row['login'];`
			`$user->hash = $row['password'];`
Move isAdmin flag to database 2020-02-17 18:51:27 +01:00			`$user->isAdmin = (bool) $row['admin'];`
Refactor tracks, positions handling to use helper classes 2017-04-07 16:04:59 +02:00			`$user->isValid = true;`
			`return $user;`
			`}`
Update phpdoc, minor formatting 2017-04-09 23:35:55 +02:00			`}`
Typo: use proper case of db class 2017-04-16 22:45:56 +02:00			`?>`