. */ require_once(ROOT_DIR . "/helpers/config.php"); require_once(ROOT_DIR . "/helpers/db.php"); require_once(ROOT_DIR . "/helpers/track.php"); require_once(ROOT_DIR . "/helpers/position.php"); // for PHP 5.4 uncomment following line to include password_compat library //require_once(ROOT_DIR . "/helpers/password.php"); /** * User handling routines */ class uUser { public $id; public $login; public $hash; public $isAdmin = false; public $isValid = false; private static $db; /** * Constructor * * @param string $login Login */ public function __construct($login = NULL) { self::$db = uDb::getInstance(); if (!empty($login)) { $sql = "SELECT id, login, password FROM `" . self::$db->table('users') . "` WHERE login = ? LIMIT 1"; $stmt = self::$db->prepare($sql); $stmt->bind_param('s', $login); $stmt->execute(); $stmt->bind_result($this->id, $this->login, $this->hash); if ($stmt->fetch()) { $this->isValid = true; } $stmt->close(); $this->isAdmin = $this->isAdmin($this->login); } } /** * Add new user * * @param string $login Login * @param string $pass Password * @return int|bool New user id, false on error */ public function add($login, $pass) { $userid = false; if (!empty($login) && !empty($pass) && $this->validPassStrength($pass)) { $hash = password_hash($pass, PASSWORD_DEFAULT); $sql = "INSERT INTO `" . self::$db->table('users') . "` (login, password) VALUES (?, ?)"; $stmt = self::$db->prepare($sql); $stmt->bind_param('ss', $login, $hash); $stmt->execute(); if (!self::$db->error && !$stmt->errno) { $userid = self::$db->insert_id; } $stmt->close(); } return $userid; } /** * Delete user * This will also delete all user's positions and tracks * * @return bool True if success, false otherwise */ public function delete() { $ret = false; if ($this->isValid) { // remove positions $position = new uPosition(); if ($position->deleteAll($this->id) === false) { return false; } // remove tracks $track = new uTrack(); if ($track->deleteAll($this->id) === false) { return false; } // remove user $sql = "DELETE FROM `" . self::$db->table('users') . "` WHERE id = ?"; $stmt = self::$db->prepare($sql); $stmt->bind_param('i', $this->id); $stmt->execute(); if (!self::$db->error && !$stmt->errno) { $ret = true; $this->id = NULL; $this->login = NULL; $this->hash = NULL; $this->isValid = false; $this->isAdmin = false; } $stmt->close(); } return $ret; } /** * Set user password * * @param string $pass Password * @return bool True on success, false otherwise */ public function setPass($pass) { $ret = false; if ($this->validPassStrength($pass)) { $hash = password_hash($pass, PASSWORD_DEFAULT); $sql = "UPDATE `" . self::$db->table('users') . "` SET password = ? WHERE login = ?"; $stmt = self::$db->prepare($sql); $stmt->bind_param('ss', $hash, $this->login); $stmt->execute(); if (!self::$db->error && !$stmt->errno) { $ret = true; } $stmt->close(); } return $ret; } /** * Check if given password matches user's one * * @param String $password Password * @return bool True if matches, false otherwise */ public function validPassword($password) { return password_verify($password, $this->hash); } /** * Check if given password matches user's one * * @param String $password Password * @return bool True if matches, false otherwise */ private function validPassStrength($password) { $config = new uConfig(); return preg_match($config->passRegex(), $password); } /** * Store uUser object in session */ public function storeInSession() { $_SESSION['user'] = $this; } /** * Fill uUser object properties from session data * @return uPosition Self */ public function getFromSession() { if (isset($_SESSION['user'])) { $sessionUser = $_SESSION['user']; $this->id = $sessionUser->id; $this->login = $sessionUser->login; $this->hash = $sessionUser->hash; $this->isAdmin = $sessionUser->isAdmin; $this->isValid = $sessionUser->isValid; } return $this; } /** * Get all users * * @return array|bool Array of uUser users, false on error */ public function getAll() { $query = "SELECT id, login, password FROM `" . self::$db->table('users') . "` ORDER BY login"; $result = self::$db->query($query); if ($result === false) { return false; } $userArr = []; while ($row = $result->fetch_assoc()) { $userArr[] = $this->rowToObject($row); } $result->close(); return $userArr; } /** * Convert database row to uUser * * @param array $row Row * @return uUser User */ private function rowToObject($row) { $user = new uUser(); $user->id = $row['id']; $user->login = $row['login']; $user->hash = $row['password']; $user->isAdmin = $this->isAdmin($row['login']); $user->isValid = true; return $user; } /** * Is given login admin user * * @param string $login Login * @return bool True if admin, false otherwise */ private function isAdmin($login) { $config = new uConfig(); return (!empty($config::$admin_user) && $config::$admin_user == $login); } } ?>