JuKu /
JuKuCMS
@@ -46,7 +46,7 @@ discard block |
||
| 46 | 46 | // |
| 47 | 47 | } |
| 48 | 48 | |
| 49 | - public function load (int $userID = -1) { |
|
| 49 | + public function load(int $userID = -1) { |
|
| 50 | 50 | //check, if user is logged in |
| 51 | 51 | if ($userID === -1) { |
| 52 | 52 | if (isset($_SESSION['logged-in']) && $_SESSION['logged-in'] === true) { |
@@ -142,7 +142,7 @@ discard block |
||
| 142 | 142 | } |
| 143 | 143 | } |
| 144 | 144 | |
| 145 | - public function loginByUsername (string $username, string $password) : array { |
|
| 145 | + public function loginByUsername(string $username, string $password) : array { |
|
| 146 | 146 | $row = Database::getInstance()->getRow("SELECT * FROM `{praefix}user` WHERE `username` = :username AND `activated` = '1'; ", array( |
| 147 | 147 | 'username' => &$username |
| 148 | 148 | )); |
@@ -150,7 +150,7 @@ discard block |
||
| 150 | 150 | return $this->loginRow($row, $password); |
| 151 | 151 | } |
| 152 | 152 | |
| 153 | - public function loginByMail (string $mail, string $password) : array { |
|
| 153 | + public function loginByMail(string $mail, string $password) : array { |
|
| 154 | 154 | //check, if mail is valide |
| 155 | 155 | $validator = new Validator_Mail(); |
| 156 | 156 | |
@@ -168,7 +168,7 @@ discard block |
||
| 168 | 168 | return $this->loginRow($row, $password); |
| 169 | 169 | } |
| 170 | 170 | |
| 171 | - public function loginByID (int $userID) : array { |
|
| 171 | + public function loginByID(int $userID) : array { |
|
| 172 | 172 | $row = Database::getInstance()->getRow("SELECT * FROM `{praefix}user` WHERE `userID` = :userID AND `activated` = '1'; ", array( |
| 173 | 173 | 'userID' => &$userID |
| 174 | 174 | )); |
@@ -194,7 +194,7 @@ discard block |
||
| 194 | 194 | } |
| 195 | 195 | } |
| 196 | 196 | |
| 197 | - protected function loginRow ($row, string $password) : array { |
|
| 197 | + protected function loginRow($row, string $password) : array { |
|
| 198 | 198 | if (!$row) { |
| 199 | 199 | //user doesnt exists |
| 200 | 200 | $res['success'] = false; |
@@ -251,7 +251,7 @@ discard block |
||
| 251 | 251 | } |
| 252 | 252 | } |
| 253 | 253 | |
| 254 | - protected function setLoggedIn (int $userID, string $username, array $row) { |
|
| 254 | + protected function setLoggedIn(int $userID, string $username, array $row) { |
|
| 255 | 255 | $_SESSION['logged-in'] = true; |
| 256 | 256 | $_SESSION['userID'] = (int) $userID; |
| 257 | 257 | $_SESSION['username'] = $username; |
@@ -264,7 +264,7 @@ discard block |
||
| 264 | 264 | $this->row = $row; |
| 265 | 265 | } |
| 266 | 266 | |
| 267 | - public function logout () { |
|
| 267 | + public function logout() { |
|
| 268 | 268 | //check, if session was started |
| 269 | 269 | PHPUtils::checkSessionStarted(); |
| 270 | 270 | |
@@ -279,13 +279,13 @@ discard block |
||
| 279 | 279 | $this->setGuest(); |
| 280 | 280 | } |
| 281 | 281 | |
| 282 | - protected function setGuest () { |
|
| 282 | + protected function setGuest() { |
|
| 283 | 283 | $this->userID = (int) Settings::get("guest_userid", "-1"); |
| 284 | 284 | $this->username = Settings::get("guest_username", "Guest"); |
| 285 | 285 | $this->isLoggedIn = false; |
| 286 | 286 | } |
| 287 | 287 | |
| 288 | - protected static function hashPassword ($password, $salt) { |
|
| 288 | + protected static function hashPassword($password, $salt) { |
|
| 289 | 289 | //http://php.net/manual/de/function.password-hash.php |
| 290 | 290 | |
| 291 | 291 | //add salt to password |
@@ -309,7 +309,7 @@ discard block |
||
| 309 | 309 | * |
| 310 | 310 | * @return integer userID |
| 311 | 311 | */ |
| 312 | - public function getID () : int { |
|
| 312 | + public function getID() : int { |
|
| 313 | 313 | return $this->userID; |
| 314 | 314 | } |
| 315 | 315 | |
@@ -318,23 +318,23 @@ discard block |
||
| 318 | 318 | * |
| 319 | 319 | * @return string username |
| 320 | 320 | */ |
| 321 | - public function getUsername () : string { |
|
| 321 | + public function getUsername() : string { |
|
| 322 | 322 | return $this->username; |
| 323 | 323 | } |
| 324 | 324 | |
| 325 | - public function getMail () : string { |
|
| 325 | + public function getMail() : string { |
|
| 326 | 326 | return $this->row['mail']; |
| 327 | 327 | } |
| 328 | 328 | |
| 329 | - public function isLoggedIn () : bool { |
|
| 329 | + public function isLoggedIn() : bool { |
|
| 330 | 330 | return $this->isLoggedIn; |
| 331 | 331 | } |
| 332 | 332 | |
| 333 | - public function getRow () : array { |
|
| 333 | + public function getRow() : array { |
|
| 334 | 334 | return $this->row; |
| 335 | 335 | } |
| 336 | 336 | |
| 337 | - public function setOnline (bool $updateIP = true) { |
|
| 337 | + public function setOnline(bool $updateIP = true) { |
|
| 338 | 338 | //get client ip |
| 339 | 339 | $ip = PHPUtils::getClientIP(); |
| 340 | 340 | |
@@ -356,7 +356,7 @@ discard block |
||
| 356 | 356 | } |
| 357 | 357 | } |
| 358 | 358 | |
| 359 | - public function updateOnlineList () { |
|
| 359 | + public function updateOnlineList() { |
|
| 360 | 360 | $interval_minutes = (int) Settings::get("online_interval", "5"); |
| 361 | 361 | |
| 362 | 362 | Database::getInstance()->execute("UPDATE `{praefix}user` SET `online` = '0' WHERE DATE_SUB(NOW(), INTERVAL " . $interval_minutes . " MINUTE) > `last_online`; "); |
@@ -367,7 +367,7 @@ discard block |
||
| 367 | 367 | * |
| 368 | 368 | * Only use this method for installation & upgrade! |
| 369 | 369 | */ |
| 370 | - public static function createIfIdAbsent (int $userID, string $username, string $password, string $mail, int $main_group = 2, string $specific_title = "none", int $activated = 1) { |
|
| 370 | + public static function createIfIdAbsent(int $userID, string $username, string $password, string $mail, int $main_group = 2, string $specific_title = "none", int $activated = 1) { |
|
| 371 | 371 | if (self::existsUserID($userID)) { |
| 372 | 372 | //dont create user, if user already exists |
| 373 | 373 | return; |
@@ -395,7 +395,7 @@ discard block |
||
| 395 | 395 | )); |
| 396 | 396 | } |
| 397 | 397 | |
| 398 | - public static function create (string $username, string $password, string $mail, string $ip, int $main_group = 2, string $specific_title = "none", int $activated = 1) { |
|
| 398 | + public static function create(string $username, string $password, string $mail, string $ip, int $main_group = 2, string $specific_title = "none", int $activated = 1) { |
|
| 399 | 399 | if (self::existsUsername($username)) { |
| 400 | 400 | //dont create user, if username already exists |
| 401 | 401 | return false; |
@@ -458,7 +458,7 @@ discard block |
||
| 458 | 458 | ); |
| 459 | 459 | } |
| 460 | 460 | |
| 461 | - public static function deleteUserID (int $userID) { |
|
| 461 | + public static function deleteUserID(int $userID) { |
|
| 462 | 462 | Database::getInstance()->execute("DELETE FROM `{praefix}user` WHERE `userID` = :userID; ", array( |
| 463 | 463 | 'userID' => array( |
| 464 | 464 | 'type' => PDO::PARAM_INT, |
@@ -470,7 +470,7 @@ discard block |
||
| 470 | 470 | Cache::clear("user", "user-" . $userID); |
| 471 | 471 | } |
| 472 | 472 | |
| 473 | - public static function existsUserID (int $userID) : bool { |
|
| 473 | + public static function existsUserID(int $userID) : bool { |
|
| 474 | 474 | //search for userID in database |
| 475 | 475 | $row = Database::getInstance()->getRow("SELECT * FROM `{praefix}user` WHERE `userID` = :userID; ", array( |
| 476 | 476 | 'userID' => array( |
@@ -482,21 +482,21 @@ discard block |
||
| 482 | 482 | return $row !== false; |
| 483 | 483 | } |
| 484 | 484 | |
| 485 | - public static function existsUsername (string $username) : bool { |
|
| 485 | + public static function existsUsername(string $username) : bool { |
|
| 486 | 486 | //search for username in database, ignore case |
| 487 | 487 | $row = Database::getInstance()->getRow("SELECT * FROM `{praefix}user` WHERE UPPER(`username`) LIKE UPPER(:username); ", array('username' => $username)); |
| 488 | 488 | |
| 489 | 489 | return $row !== false; |
| 490 | 490 | } |
| 491 | 491 | |
| 492 | - public static function existsMail (string $mail) : bool { |
|
| 492 | + public static function existsMail(string $mail) : bool { |
|
| 493 | 493 | //search for mail in database, ignore case |
| 494 | 494 | $row = Database::getInstance()->getRow("SELECT * FROM `{praefix}user` WHERE UPPER(`mail`) LIKE UPPER(:mail); ", array('mail' => $mail)); |
| 495 | 495 | |
| 496 | 496 | return $row !== false; |
| 497 | 497 | } |
| 498 | 498 | |
| 499 | - public static function getIDByUsernameFromDB (string $username) : int { |
|
| 499 | + public static function getIDByUsernameFromDB(string $username) : int { |
|
| 500 | 500 | //search for username in database, ignore case |
| 501 | 501 | $row = Database::getInstance()->getRow("SELECT * FROM `{praefix}user` WHERE UPPER(`username`) LIKE UPPER(:username); ", array('username' => $username)); |
| 502 | 502 | |
@@ -511,7 +511,7 @@ discard block |
||
| 511 | 511 | /** |
| 512 | 512 | * get instance of current (logged in / guest) user |
| 513 | 513 | */ |
| 514 | - public static function ¤t () : User { |
|
| 514 | + public static function ¤t() : User { |
|
| 515 | 515 | if (self::$instance == null) { |
| 516 | 516 | self::$instance = new User(); |
| 517 | 517 | self::$instance->load(); |
@@ -27,495 +27,495 @@ |
||
| 27 | 27 | |
| 28 | 28 | class User { |
| 29 | 29 | |
| 30 | - //instance of current (logged-in / guest) user |
|
| 31 | - protected static $instance = null; |
|
| 32 | - |
|
| 33 | - //current userID |
|
| 34 | - protected $userID = -1; |
|
| 35 | - |
|
| 36 | - //current username |
|
| 37 | - protected $username = "Guest"; |
|
| 38 | - |
|
| 39 | - //flag, if user is logged in |
|
| 40 | - protected $isLoggedIn = false; |
|
| 41 | - |
|
| 42 | - //current database row |
|
| 43 | - protected $row = null; |
|
| 44 | - |
|
| 45 | - public function __construct() { |
|
| 46 | - // |
|
| 47 | - } |
|
| 48 | - |
|
| 49 | - public function load (int $userID = -1) { |
|
| 50 | - //check, if user is logged in |
|
| 51 | - if ($userID === -1) { |
|
| 52 | - if (isset($_SESSION['logged-in']) && $_SESSION['logged-in'] === true) { |
|
| 53 | - if (!isset($_SESSION['userID']) || empty($_SESSION['userID'])) { |
|
| 54 | - throw new IllegalStateException("userID is not set in session."); |
|
| 55 | - } |
|
| 56 | - |
|
| 57 | - if (!isset($_SESSION['username']) || empty($_SESSION['username'])) { |
|
| 58 | - throw new IllegalStateException("username is not set in session."); |
|
| 59 | - } |
|
| 60 | - |
|
| 61 | - $this->userID = (int) $_SESSION['userID']; |
|
| 62 | - $this->username = $_SESSION['username']; |
|
| 63 | - $this->isLoggedIn = true; |
|
| 64 | - |
|
| 65 | - //TODO: update online state in database |
|
| 66 | - } else { |
|
| 67 | - $this->setGuest(); |
|
| 68 | - } |
|
| 69 | - } else { |
|
| 70 | - $this->userID = (int) $userID; |
|
| 71 | - } |
|
| 72 | - |
|
| 73 | - Events::throwEvent("before_load_user", array( |
|
| 74 | - 'userID' => &$this->userID, |
|
| 75 | - 'isLoggedIn' => &$this->isLoggedIn, |
|
| 76 | - 'user' => &$this |
|
| 77 | - )); |
|
| 78 | - |
|
| 79 | - //try to load from cache |
|
| 80 | - if (Cache::contains("user", "user-" . $this->userID)) { |
|
| 81 | - $this->row = Cache::get("user", "user-" . $this->userID); |
|
| 82 | - } else { |
|
| 83 | - $row = Database::getInstance()->getRow("SELECT * FROM `{praefix}user` WHERE `userID` = :userID AND `activated` = '1'; ", array( |
|
| 84 | - 'userID' => array( |
|
| 85 | - 'type' => PDO::PARAM_INT, |
|
| 86 | - 'value' => $this->userID |
|
| 87 | - ) |
|
| 88 | - )); |
|
| 89 | - |
|
| 90 | - if (!$row) { |
|
| 91 | - $logout_user = true; |
|
| 92 | - |
|
| 93 | - //user not found, throw an event, so plugins can handle this (optional) |
|
| 94 | - Events::throwEvent("user_not_found", array( |
|
| 95 | - 'userID' => &$this->userID, |
|
| 96 | - 'username' => &$this->username, |
|
| 97 | - 'isLoggedIn' => &$this->isLoggedIn, |
|
| 98 | - 'row' => &$row, |
|
| 99 | - 'logout_user' => &$logout_user, |
|
| 100 | - 'user' => &$this |
|
| 101 | - )); |
|
| 102 | - |
|
| 103 | - if ($logout_user) { |
|
| 104 | - //logout user |
|
| 105 | - $this->logout(); |
|
| 106 | - } |
|
| 107 | - } else { |
|
| 108 | - //remove password hash from row |
|
| 109 | - unset($row['password']); |
|
| 110 | - |
|
| 111 | - Events::throwEvent("before_cache_user", array( |
|
| 112 | - 'userID' => &$this->userID, |
|
| 113 | - 'username' => &$this->username, |
|
| 114 | - 'isLoggedIn' => &$this->isLoggedIn, |
|
| 115 | - 'row' => &$row, |
|
| 116 | - 'user' => &$this |
|
| 117 | - )); |
|
| 118 | - |
|
| 119 | - //cache entry |
|
| 120 | - Cache::put("user", "user-" . $this->userID, $row); |
|
| 121 | - |
|
| 122 | - $this->row = $row; |
|
| 123 | - } |
|
| 124 | - } |
|
| 125 | - |
|
| 126 | - if ($this->row !== null) { |
|
| 127 | - $this->userID = (int) $this->row['userID']; |
|
| 128 | - $this->username = $this->row['username']; |
|
| 129 | - } |
|
| 130 | - |
|
| 131 | - Events::throwEvent("after_load_user", array( |
|
| 132 | - 'userID' => &$this->userID, |
|
| 133 | - 'username' => &$this->username, |
|
| 134 | - 'isLoggedIn' => &$this->isLoggedIn, |
|
| 135 | - 'row' => &$row, |
|
| 136 | - 'user' => &$this |
|
| 137 | - )); |
|
| 138 | - |
|
| 139 | - //TODO: update online state and IP |
|
| 140 | - if ($userID === -1 && $this->isLoggedIn()) { |
|
| 141 | - $this->setOnline(); |
|
| 142 | - } |
|
| 143 | - } |
|
| 144 | - |
|
| 145 | - public function loginByUsername (string $username, string $password) : array { |
|
| 146 | - $row = Database::getInstance()->getRow("SELECT * FROM `{praefix}user` WHERE `username` = :username AND `activated` = '1'; ", array( |
|
| 147 | - 'username' => &$username |
|
| 148 | - )); |
|
| 149 | - |
|
| 150 | - return $this->loginRow($row, $password); |
|
| 151 | - } |
|
| 152 | - |
|
| 153 | - public function loginByMail (string $mail, string $password) : array { |
|
| 154 | - //check, if mail is valide |
|
| 155 | - $validator = new Validator_Mail(); |
|
| 156 | - |
|
| 157 | - if (!$validator->isValide($mail)) { |
|
| 158 | - return array( |
|
| 159 | - 'success' => false, |
|
| 160 | - 'error' => "mail_not_valide" |
|
| 161 | - ); |
|
| 162 | - } |
|
| 163 | - |
|
| 164 | - $row = Database::getInstance()->getRow("SELECT * FROM `{praefix}user` WHERE `mail` = :mail AND `activated` = '1'; ", array( |
|
| 165 | - 'mail' => &$mail |
|
| 166 | - )); |
|
| 167 | - |
|
| 168 | - return $this->loginRow($row, $password); |
|
| 169 | - } |
|
| 170 | - |
|
| 171 | - public function loginByID (int $userID) : array { |
|
| 172 | - $row = Database::getInstance()->getRow("SELECT * FROM `{praefix}user` WHERE `userID` = :userID AND `activated` = '1'; ", array( |
|
| 173 | - 'userID' => &$userID |
|
| 174 | - )); |
|
| 175 | - |
|
| 176 | - $res = array(); |
|
| 177 | - |
|
| 178 | - if ($row !== false) { |
|
| 179 | - //set online state |
|
| 180 | - $this->setOnline(); |
|
| 181 | - |
|
| 182 | - //set logged in |
|
| 183 | - $this->setLoggedIn($row['userID'], $row['username'], $row); |
|
| 184 | - |
|
| 185 | - //login successful |
|
| 186 | - $res['success'] = true; |
|
| 187 | - $res['error'] = "none"; |
|
| 188 | - return $res; |
|
| 189 | - } else { |
|
| 190 | - //user doesnt exists |
|
| 191 | - $res['success'] = false; |
|
| 192 | - $res['error'] = "user_not_exists"; |
|
| 193 | - return $res; |
|
| 194 | - } |
|
| 195 | - } |
|
| 196 | - |
|
| 197 | - protected function loginRow ($row, string $password) : array { |
|
| 198 | - if (!$row) { |
|
| 199 | - //user doesnt exists |
|
| 200 | - $res['success'] = false; |
|
| 201 | - $res['error'] = "user_not_exists"; |
|
| 202 | - |
|
| 203 | - return $res; |
|
| 204 | - } |
|
| 205 | - |
|
| 206 | - //user exists |
|
| 207 | - |
|
| 208 | - //get salt |
|
| 209 | - $salt = $row['salt']; |
|
| 210 | - |
|
| 211 | - //add salt to password |
|
| 212 | - $password .= $salt; |
|
| 213 | - |
|
| 214 | - //verify password |
|
| 215 | - if (password_verify($password, $row['password'])) { |
|
| 216 | - //correct password |
|
| 217 | - |
|
| 218 | - //check, if a newer password algorithmus is available --> rehash required |
|
| 219 | - if (password_needs_rehash($row['password'], PASSWORD_DEFAULT)) { |
|
| 220 | - //rehash password |
|
| 221 | - $new_hash = self::hashPassword($password, $salt); |
|
| 222 | - |
|
| 223 | - //update password in database |
|
| 224 | - Database::getInstance()->execute("UPDATE `{praefix}user` SET `password` = :password WHERE `userID` = :userID; ", array( |
|
| 225 | - 'password' => $new_hash, |
|
| 226 | - 'userID' => array( |
|
| 227 | - 'type' => PDO::PARAM_INT, |
|
| 228 | - 'value' => $row['userID'] |
|
| 229 | - ) |
|
| 230 | - )); |
|
| 231 | - } |
|
| 232 | - |
|
| 233 | - //set online state |
|
| 234 | - $this->setOnline(); |
|
| 235 | - |
|
| 236 | - //set logged in |
|
| 237 | - $this->setLoggedIn($row['userID'], $row['username'], $row); |
|
| 238 | - |
|
| 239 | - //login successful |
|
| 240 | - $res['success'] = true; |
|
| 241 | - $res['error'] = "none"; |
|
| 242 | - return $res; |
|
| 243 | - } else { |
|
| 244 | - //wrong password |
|
| 245 | - |
|
| 246 | - //user doesnt exists |
|
| 247 | - $res['success'] = false; |
|
| 248 | - $res['error'] = "wrong_password"; |
|
| 249 | - |
|
| 250 | - return $res; |
|
| 251 | - } |
|
| 252 | - } |
|
| 253 | - |
|
| 254 | - protected function setLoggedIn (int $userID, string $username, array $row) { |
|
| 255 | - $_SESSION['logged-in'] = true; |
|
| 256 | - $_SESSION['userID'] = (int) $userID; |
|
| 257 | - $_SESSION['username'] = $username; |
|
| 258 | - |
|
| 259 | - //remove password hash from row (so password isnt cached) |
|
| 260 | - unset($row['password']); |
|
| 261 | - |
|
| 262 | - $this->userID = $userID; |
|
| 263 | - $this->username = $username; |
|
| 264 | - $this->row = $row; |
|
| 265 | - } |
|
| 266 | - |
|
| 267 | - public function logout () { |
|
| 268 | - //check, if session was started |
|
| 269 | - PHPUtils::checkSessionStarted(); |
|
| 270 | - |
|
| 271 | - unset($_SESSION['userID']); |
|
| 272 | - unset($_SESSION['username']); |
|
| 273 | - |
|
| 274 | - $_SESSION['logged-in'] = false; |
|
| 275 | - |
|
| 276 | - $this->setGuest(); |
|
| 277 | - } |
|
| 278 | - |
|
| 279 | - protected function setGuest () { |
|
| 280 | - $this->userID = (int) Settings::get("guest_userid", "-1"); |
|
| 281 | - $this->username = Settings::get("guest_username", "Guest"); |
|
| 282 | - $this->isLoggedIn = false; |
|
| 283 | - } |
|
| 284 | - |
|
| 285 | - protected static function hashPassword ($password, $salt) { |
|
| 286 | - //http://php.net/manual/de/function.password-hash.php |
|
| 287 | - |
|
| 288 | - //add salt to password |
|
| 289 | - $password .= $salt; |
|
| 290 | - |
|
| 291 | - $options = array( |
|
| 292 | - 'cost' => (int) Settings::get("password_hash_cost", "10") |
|
| 293 | - ); |
|
| 294 | - $algo = PASSWORD_DEFAULT; |
|
| 295 | - |
|
| 296 | - Events::throwEvent("hashing_password", array( |
|
| 297 | - 'options' => &$options, |
|
| 298 | - 'algo' => &$algo |
|
| 299 | - )); |
|
| 300 | - |
|
| 301 | - return password_hash($password, $algo, $options); |
|
| 302 | - } |
|
| 303 | - |
|
| 304 | - /** |
|
| 305 | - * get user ID of user |
|
| 306 | - * |
|
| 307 | - * @return integer userID |
|
| 308 | - */ |
|
| 309 | - public function getID () : int { |
|
| 310 | - return $this->userID; |
|
| 311 | - } |
|
| 312 | - |
|
| 313 | - /** |
|
| 314 | - * get username of user |
|
| 315 | - * |
|
| 316 | - * @return string username |
|
| 317 | - */ |
|
| 318 | - public function getUsername () : string { |
|
| 319 | - return $this->username; |
|
| 320 | - } |
|
| 321 | - |
|
| 322 | - public function getMail () : string { |
|
| 323 | - return $this->row['mail']; |
|
| 324 | - } |
|
| 325 | - |
|
| 326 | - public function isLoggedIn () : bool { |
|
| 327 | - return $this->isLoggedIn; |
|
| 328 | - } |
|
| 329 | - |
|
| 330 | - public function getRow () : array { |
|
| 331 | - return $this->row; |
|
| 332 | - } |
|
| 333 | - |
|
| 334 | - public function setOnline (bool $updateIP = true) { |
|
| 335 | - //get client ip |
|
| 336 | - $ip = PHPUtils::getClientIP(); |
|
| 337 | - |
|
| 338 | - if ($updateIP) { |
|
| 339 | - Database::getInstance()->execute("UPDATE `{praefix}user` SET `online` = '1', `last_online` = CURRENT_TIMESTAMP, `ip` = :ip WHERE `userid` = :userid; ", array( |
|
| 340 | - 'userid' => array( |
|
| 341 | - 'type' => PDO::PARAM_INT, |
|
| 342 | - 'value' => (int) $this->userID |
|
| 343 | - ), |
|
| 344 | - 'ip' => $ip |
|
| 345 | - )); |
|
| 346 | - } else { |
|
| 347 | - Database::getInstance()->execute("UPDATE `{praefix}user` SET `online` = '1', `last_online` = CURRENT_TIMESTAMP, WHERE `userid` = :userid; ", array( |
|
| 348 | - 'userid' => array( |
|
| 349 | - 'type' => PDO::PARAM_INT, |
|
| 350 | - 'value' => (int) $this->userID |
|
| 351 | - ) |
|
| 352 | - )); |
|
| 353 | - } |
|
| 354 | - } |
|
| 355 | - |
|
| 356 | - public function updateOnlineList () { |
|
| 357 | - $interval_minutes = (int) Settings::get("online_interval", "5"); |
|
| 358 | - |
|
| 359 | - Database::getInstance()->execute("UPDATE `{praefix}user` SET `online` = '0' WHERE DATE_SUB(NOW(), INTERVAL " . $interval_minutes . " MINUTE) > `last_online`; "); |
|
| 360 | - } |
|
| 361 | - |
|
| 362 | - /** |
|
| 363 | - * creates user if userID is absent |
|
| 364 | - * |
|
| 365 | - * Only use this method for installation & upgrade! |
|
| 366 | - */ |
|
| 367 | - public static function createIfIdAbsent (int $userID, string $username, string $password, string $mail, int $main_group = 2, string $specific_title = "none", int $activated = 1) { |
|
| 368 | - if (self::existsUserID($userID)) { |
|
| 369 | - //dont create user, if user already exists |
|
| 370 | - return; |
|
| 371 | - } |
|
| 372 | - |
|
| 373 | - //create salt |
|
| 374 | - $salt = md5(PHPUtils::randomString(50)); |
|
| 375 | - |
|
| 376 | - //generate password hash |
|
| 377 | - $hashed_password = self::hashPassword($password, $salt); |
|
| 378 | - |
|
| 379 | - Database::getInstance()->execute("INSERT INTO `{praefix}user` ( |
|
| 30 | + //instance of current (logged-in / guest) user |
|
| 31 | + protected static $instance = null; |
|
| 32 | + |
|
| 33 | + //current userID |
|
| 34 | + protected $userID = -1; |
|
| 35 | + |
|
| 36 | + //current username |
|
| 37 | + protected $username = "Guest"; |
|
| 38 | + |
|
| 39 | + //flag, if user is logged in |
|
| 40 | + protected $isLoggedIn = false; |
|
| 41 | + |
|
| 42 | + //current database row |
|
| 43 | + protected $row = null; |
|
| 44 | + |
|
| 45 | + public function __construct() { |
|
| 46 | + // |
|
| 47 | + } |
|
| 48 | + |
|
| 49 | + public function load (int $userID = -1) { |
|
| 50 | + //check, if user is logged in |
|
| 51 | + if ($userID === -1) { |
|
| 52 | + if (isset($_SESSION['logged-in']) && $_SESSION['logged-in'] === true) { |
|
| 53 | + if (!isset($_SESSION['userID']) || empty($_SESSION['userID'])) { |
|
| 54 | + throw new IllegalStateException("userID is not set in session."); |
|
| 55 | + } |
|
| 56 | + |
|
| 57 | + if (!isset($_SESSION['username']) || empty($_SESSION['username'])) { |
|
| 58 | + throw new IllegalStateException("username is not set in session."); |
|
| 59 | + } |
|
| 60 | + |
|
| 61 | + $this->userID = (int) $_SESSION['userID']; |
|
| 62 | + $this->username = $_SESSION['username']; |
|
| 63 | + $this->isLoggedIn = true; |
|
| 64 | + |
|
| 65 | + //TODO: update online state in database |
|
| 66 | + } else { |
|
| 67 | + $this->setGuest(); |
|
| 68 | + } |
|
| 69 | + } else { |
|
| 70 | + $this->userID = (int) $userID; |
|
| 71 | + } |
|
| 72 | + |
|
| 73 | + Events::throwEvent("before_load_user", array( |
|
| 74 | + 'userID' => &$this->userID, |
|
| 75 | + 'isLoggedIn' => &$this->isLoggedIn, |
|
| 76 | + 'user' => &$this |
|
| 77 | + )); |
|
| 78 | + |
|
| 79 | + //try to load from cache |
|
| 80 | + if (Cache::contains("user", "user-" . $this->userID)) { |
|
| 81 | + $this->row = Cache::get("user", "user-" . $this->userID); |
|
| 82 | + } else { |
|
| 83 | + $row = Database::getInstance()->getRow("SELECT * FROM `{praefix}user` WHERE `userID` = :userID AND `activated` = '1'; ", array( |
|
| 84 | + 'userID' => array( |
|
| 85 | + 'type' => PDO::PARAM_INT, |
|
| 86 | + 'value' => $this->userID |
|
| 87 | + ) |
|
| 88 | + )); |
|
| 89 | + |
|
| 90 | + if (!$row) { |
|
| 91 | + $logout_user = true; |
|
| 92 | + |
|
| 93 | + //user not found, throw an event, so plugins can handle this (optional) |
|
| 94 | + Events::throwEvent("user_not_found", array( |
|
| 95 | + 'userID' => &$this->userID, |
|
| 96 | + 'username' => &$this->username, |
|
| 97 | + 'isLoggedIn' => &$this->isLoggedIn, |
|
| 98 | + 'row' => &$row, |
|
| 99 | + 'logout_user' => &$logout_user, |
|
| 100 | + 'user' => &$this |
|
| 101 | + )); |
|
| 102 | + |
|
| 103 | + if ($logout_user) { |
|
| 104 | + //logout user |
|
| 105 | + $this->logout(); |
|
| 106 | + } |
|
| 107 | + } else { |
|
| 108 | + //remove password hash from row |
|
| 109 | + unset($row['password']); |
|
| 110 | + |
|
| 111 | + Events::throwEvent("before_cache_user", array( |
|
| 112 | + 'userID' => &$this->userID, |
|
| 113 | + 'username' => &$this->username, |
|
| 114 | + 'isLoggedIn' => &$this->isLoggedIn, |
|
| 115 | + 'row' => &$row, |
|
| 116 | + 'user' => &$this |
|
| 117 | + )); |
|
| 118 | + |
|
| 119 | + //cache entry |
|
| 120 | + Cache::put("user", "user-" . $this->userID, $row); |
|
| 121 | + |
|
| 122 | + $this->row = $row; |
|
| 123 | + } |
|
| 124 | + } |
|
| 125 | + |
|
| 126 | + if ($this->row !== null) { |
|
| 127 | + $this->userID = (int) $this->row['userID']; |
|
| 128 | + $this->username = $this->row['username']; |
|
| 129 | + } |
|
| 130 | + |
|
| 131 | + Events::throwEvent("after_load_user", array( |
|
| 132 | + 'userID' => &$this->userID, |
|
| 133 | + 'username' => &$this->username, |
|
| 134 | + 'isLoggedIn' => &$this->isLoggedIn, |
|
| 135 | + 'row' => &$row, |
|
| 136 | + 'user' => &$this |
|
| 137 | + )); |
|
| 138 | + |
|
| 139 | + //TODO: update online state and IP |
|
| 140 | + if ($userID === -1 && $this->isLoggedIn()) { |
|
| 141 | + $this->setOnline(); |
|
| 142 | + } |
|
| 143 | + } |
|
| 144 | + |
|
| 145 | + public function loginByUsername (string $username, string $password) : array { |
|
| 146 | + $row = Database::getInstance()->getRow("SELECT * FROM `{praefix}user` WHERE `username` = :username AND `activated` = '1'; ", array( |
|
| 147 | + 'username' => &$username |
|
| 148 | + )); |
|
| 149 | + |
|
| 150 | + return $this->loginRow($row, $password); |
|
| 151 | + } |
|
| 152 | + |
|
| 153 | + public function loginByMail (string $mail, string $password) : array { |
|
| 154 | + //check, if mail is valide |
|
| 155 | + $validator = new Validator_Mail(); |
|
| 156 | + |
|
| 157 | + if (!$validator->isValide($mail)) { |
|
| 158 | + return array( |
|
| 159 | + 'success' => false, |
|
| 160 | + 'error' => "mail_not_valide" |
|
| 161 | + ); |
|
| 162 | + } |
|
| 163 | + |
|
| 164 | + $row = Database::getInstance()->getRow("SELECT * FROM `{praefix}user` WHERE `mail` = :mail AND `activated` = '1'; ", array( |
|
| 165 | + 'mail' => &$mail |
|
| 166 | + )); |
|
| 167 | + |
|
| 168 | + return $this->loginRow($row, $password); |
|
| 169 | + } |
|
| 170 | + |
|
| 171 | + public function loginByID (int $userID) : array { |
|
| 172 | + $row = Database::getInstance()->getRow("SELECT * FROM `{praefix}user` WHERE `userID` = :userID AND `activated` = '1'; ", array( |
|
| 173 | + 'userID' => &$userID |
|
| 174 | + )); |
|
| 175 | + |
|
| 176 | + $res = array(); |
|
| 177 | + |
|
| 178 | + if ($row !== false) { |
|
| 179 | + //set online state |
|
| 180 | + $this->setOnline(); |
|
| 181 | + |
|
| 182 | + //set logged in |
|
| 183 | + $this->setLoggedIn($row['userID'], $row['username'], $row); |
|
| 184 | + |
|
| 185 | + //login successful |
|
| 186 | + $res['success'] = true; |
|
| 187 | + $res['error'] = "none"; |
|
| 188 | + return $res; |
|
| 189 | + } else { |
|
| 190 | + //user doesnt exists |
|
| 191 | + $res['success'] = false; |
|
| 192 | + $res['error'] = "user_not_exists"; |
|
| 193 | + return $res; |
|
| 194 | + } |
|
| 195 | + } |
|
| 196 | + |
|
| 197 | + protected function loginRow ($row, string $password) : array { |
|
| 198 | + if (!$row) { |
|
| 199 | + //user doesnt exists |
|
| 200 | + $res['success'] = false; |
|
| 201 | + $res['error'] = "user_not_exists"; |
|
| 202 | + |
|
| 203 | + return $res; |
|
| 204 | + } |
|
| 205 | + |
|
| 206 | + //user exists |
|
| 207 | + |
|
| 208 | + //get salt |
|
| 209 | + $salt = $row['salt']; |
|
| 210 | + |
|
| 211 | + //add salt to password |
|
| 212 | + $password .= $salt; |
|
| 213 | + |
|
| 214 | + //verify password |
|
| 215 | + if (password_verify($password, $row['password'])) { |
|
| 216 | + //correct password |
|
| 217 | + |
|
| 218 | + //check, if a newer password algorithmus is available --> rehash required |
|
| 219 | + if (password_needs_rehash($row['password'], PASSWORD_DEFAULT)) { |
|
| 220 | + //rehash password |
|
| 221 | + $new_hash = self::hashPassword($password, $salt); |
|
| 222 | + |
|
| 223 | + //update password in database |
|
| 224 | + Database::getInstance()->execute("UPDATE `{praefix}user` SET `password` = :password WHERE `userID` = :userID; ", array( |
|
| 225 | + 'password' => $new_hash, |
|
| 226 | + 'userID' => array( |
|
| 227 | + 'type' => PDO::PARAM_INT, |
|
| 228 | + 'value' => $row['userID'] |
|
| 229 | + ) |
|
| 230 | + )); |
|
| 231 | + } |
|
| 232 | + |
|
| 233 | + //set online state |
|
| 234 | + $this->setOnline(); |
|
| 235 | + |
|
| 236 | + //set logged in |
|
| 237 | + $this->setLoggedIn($row['userID'], $row['username'], $row); |
|
| 238 | + |
|
| 239 | + //login successful |
|
| 240 | + $res['success'] = true; |
|
| 241 | + $res['error'] = "none"; |
|
| 242 | + return $res; |
|
| 243 | + } else { |
|
| 244 | + //wrong password |
|
| 245 | + |
|
| 246 | + //user doesnt exists |
|
| 247 | + $res['success'] = false; |
|
| 248 | + $res['error'] = "wrong_password"; |
|
| 249 | + |
|
| 250 | + return $res; |
|
| 251 | + } |
|
| 252 | + } |
|
| 253 | + |
|
| 254 | + protected function setLoggedIn (int $userID, string $username, array $row) { |
|
| 255 | + $_SESSION['logged-in'] = true; |
|
| 256 | + $_SESSION['userID'] = (int) $userID; |
|
| 257 | + $_SESSION['username'] = $username; |
|
| 258 | + |
|
| 259 | + //remove password hash from row (so password isnt cached) |
|
| 260 | + unset($row['password']); |
|
| 261 | + |
|
| 262 | + $this->userID = $userID; |
|
| 263 | + $this->username = $username; |
|
| 264 | + $this->row = $row; |
|
| 265 | + } |
|
| 266 | + |
|
| 267 | + public function logout () { |
|
| 268 | + //check, if session was started |
|
| 269 | + PHPUtils::checkSessionStarted(); |
|
| 270 | + |
|
| 271 | + unset($_SESSION['userID']); |
|
| 272 | + unset($_SESSION['username']); |
|
| 273 | + |
|
| 274 | + $_SESSION['logged-in'] = false; |
|
| 275 | + |
|
| 276 | + $this->setGuest(); |
|
| 277 | + } |
|
| 278 | + |
|
| 279 | + protected function setGuest () { |
|
| 280 | + $this->userID = (int) Settings::get("guest_userid", "-1"); |
|
| 281 | + $this->username = Settings::get("guest_username", "Guest"); |
|
| 282 | + $this->isLoggedIn = false; |
|
| 283 | + } |
|
| 284 | + |
|
| 285 | + protected static function hashPassword ($password, $salt) { |
|
| 286 | + //http://php.net/manual/de/function.password-hash.php |
|
| 287 | + |
|
| 288 | + //add salt to password |
|
| 289 | + $password .= $salt; |
|
| 290 | + |
|
| 291 | + $options = array( |
|
| 292 | + 'cost' => (int) Settings::get("password_hash_cost", "10") |
|
| 293 | + ); |
|
| 294 | + $algo = PASSWORD_DEFAULT; |
|
| 295 | + |
|
| 296 | + Events::throwEvent("hashing_password", array( |
|
| 297 | + 'options' => &$options, |
|
| 298 | + 'algo' => &$algo |
|
| 299 | + )); |
|
| 300 | + |
|
| 301 | + return password_hash($password, $algo, $options); |
|
| 302 | + } |
|
| 303 | + |
|
| 304 | + /** |
|
| 305 | + * get user ID of user |
|
| 306 | + * |
|
| 307 | + * @return integer userID |
|
| 308 | + */ |
|
| 309 | + public function getID () : int { |
|
| 310 | + return $this->userID; |
|
| 311 | + } |
|
| 312 | + |
|
| 313 | + /** |
|
| 314 | + * get username of user |
|
| 315 | + * |
|
| 316 | + * @return string username |
|
| 317 | + */ |
|
| 318 | + public function getUsername () : string { |
|
| 319 | + return $this->username; |
|
| 320 | + } |
|
| 321 | + |
|
| 322 | + public function getMail () : string { |
|
| 323 | + return $this->row['mail']; |
|
| 324 | + } |
|
| 325 | + |
|
| 326 | + public function isLoggedIn () : bool { |
|
| 327 | + return $this->isLoggedIn; |
|
| 328 | + } |
|
| 329 | + |
|
| 330 | + public function getRow () : array { |
|
| 331 | + return $this->row; |
|
| 332 | + } |
|
| 333 | + |
|
| 334 | + public function setOnline (bool $updateIP = true) { |
|
| 335 | + //get client ip |
|
| 336 | + $ip = PHPUtils::getClientIP(); |
|
| 337 | + |
|
| 338 | + if ($updateIP) { |
|
| 339 | + Database::getInstance()->execute("UPDATE `{praefix}user` SET `online` = '1', `last_online` = CURRENT_TIMESTAMP, `ip` = :ip WHERE `userid` = :userid; ", array( |
|
| 340 | + 'userid' => array( |
|
| 341 | + 'type' => PDO::PARAM_INT, |
|
| 342 | + 'value' => (int) $this->userID |
|
| 343 | + ), |
|
| 344 | + 'ip' => $ip |
|
| 345 | + )); |
|
| 346 | + } else { |
|
| 347 | + Database::getInstance()->execute("UPDATE `{praefix}user` SET `online` = '1', `last_online` = CURRENT_TIMESTAMP, WHERE `userid` = :userid; ", array( |
|
| 348 | + 'userid' => array( |
|
| 349 | + 'type' => PDO::PARAM_INT, |
|
| 350 | + 'value' => (int) $this->userID |
|
| 351 | + ) |
|
| 352 | + )); |
|
| 353 | + } |
|
| 354 | + } |
|
| 355 | + |
|
| 356 | + public function updateOnlineList () { |
|
| 357 | + $interval_minutes = (int) Settings::get("online_interval", "5"); |
|
| 358 | + |
|
| 359 | + Database::getInstance()->execute("UPDATE `{praefix}user` SET `online` = '0' WHERE DATE_SUB(NOW(), INTERVAL " . $interval_minutes . " MINUTE) > `last_online`; "); |
|
| 360 | + } |
|
| 361 | + |
|
| 362 | + /** |
|
| 363 | + * creates user if userID is absent |
|
| 364 | + * |
|
| 365 | + * Only use this method for installation & upgrade! |
|
| 366 | + */ |
|
| 367 | + public static function createIfIdAbsent (int $userID, string $username, string $password, string $mail, int $main_group = 2, string $specific_title = "none", int $activated = 1) { |
|
| 368 | + if (self::existsUserID($userID)) { |
|
| 369 | + //dont create user, if user already exists |
|
| 370 | + return; |
|
| 371 | + } |
|
| 372 | + |
|
| 373 | + //create salt |
|
| 374 | + $salt = md5(PHPUtils::randomString(50)); |
|
| 375 | + |
|
| 376 | + //generate password hash |
|
| 377 | + $hashed_password = self::hashPassword($password, $salt); |
|
| 378 | + |
|
| 379 | + Database::getInstance()->execute("INSERT INTO `{praefix}user` ( |
|
| 380 | 380 | `userID`, `username`, `password`, `salt`, `mail`, `ip`, `main_group`, `specific_title`, `online`, `last_online`, `registered`, `activated` |
| 381 | 381 | ) VALUES ( |
| 382 | 382 | :userID, :username, :password, :salt, :mail, '0.0.0.0', :main_group, :title, '0', '0000-00-00 00:00:00', CURRENT_TIMESTAMP , :activated |
| 383 | 383 | )", array( |
| 384 | - 'userID' => $userID, |
|
| 385 | - 'username' => $username, |
|
| 386 | - 'password' => $hashed_password, |
|
| 387 | - 'salt' => $salt, |
|
| 388 | - 'mail' => $mail, |
|
| 389 | - 'main_group' => $main_group, |
|
| 390 | - 'title' => $specific_title, |
|
| 391 | - 'activated' => $activated |
|
| 392 | - )); |
|
| 393 | - } |
|
| 394 | - |
|
| 395 | - public static function create (string $username, string $password, string $mail, string $ip, int $main_group = 2, string $specific_title = "none", int $activated = 1) { |
|
| 396 | - if (self::existsUsername($username)) { |
|
| 397 | - //dont create user, if username already exists |
|
| 398 | - return false; |
|
| 399 | - } |
|
| 400 | - |
|
| 401 | - if (self::existsMail($mail)) { |
|
| 402 | - //dont create user, if mail already exists |
|
| 403 | - return false; |
|
| 404 | - } |
|
| 405 | - |
|
| 406 | - if (empty($specific_title)) { |
|
| 407 | - $specific_title = "none"; |
|
| 408 | - } |
|
| 409 | - |
|
| 410 | - //create salt |
|
| 411 | - $salt = md5(PHPUtils::randomString(50)); |
|
| 412 | - |
|
| 413 | - //generate password hash |
|
| 414 | - $hashed_password = self::hashPassword($password, $salt); |
|
| 415 | - |
|
| 416 | - //create user in database |
|
| 417 | - Database::getInstance()->execute("INSERT INTO `{praefix}user` ( |
|
| 384 | + 'userID' => $userID, |
|
| 385 | + 'username' => $username, |
|
| 386 | + 'password' => $hashed_password, |
|
| 387 | + 'salt' => $salt, |
|
| 388 | + 'mail' => $mail, |
|
| 389 | + 'main_group' => $main_group, |
|
| 390 | + 'title' => $specific_title, |
|
| 391 | + 'activated' => $activated |
|
| 392 | + )); |
|
| 393 | + } |
|
| 394 | + |
|
| 395 | + public static function create (string $username, string $password, string $mail, string $ip, int $main_group = 2, string $specific_title = "none", int $activated = 1) { |
|
| 396 | + if (self::existsUsername($username)) { |
|
| 397 | + //dont create user, if username already exists |
|
| 398 | + return false; |
|
| 399 | + } |
|
| 400 | + |
|
| 401 | + if (self::existsMail($mail)) { |
|
| 402 | + //dont create user, if mail already exists |
|
| 403 | + return false; |
|
| 404 | + } |
|
| 405 | + |
|
| 406 | + if (empty($specific_title)) { |
|
| 407 | + $specific_title = "none"; |
|
| 408 | + } |
|
| 409 | + |
|
| 410 | + //create salt |
|
| 411 | + $salt = md5(PHPUtils::randomString(50)); |
|
| 412 | + |
|
| 413 | + //generate password hash |
|
| 414 | + $hashed_password = self::hashPassword($password, $salt); |
|
| 415 | + |
|
| 416 | + //create user in database |
|
| 417 | + Database::getInstance()->execute("INSERT INTO `{praefix}user` ( |
|
| 418 | 418 | `userID`, `username`, `password`, `salt`, `mail`, `ip`, `main_group`, `specific_title`, `online`, `last_online`, `registered`, `activated` |
| 419 | 419 | ) VALUES ( |
| 420 | 420 | NULL, :username, :password, :salt, :mail, :ip, :main_group, :title, '0', '0000-00-00 00:00:00', CURRENT_TIMESTAMP , :activated |
| 421 | 421 | )", array( |
| 422 | - 'username' => $username, |
|
| 423 | - 'password' => $hashed_password, |
|
| 424 | - 'salt' => $salt, |
|
| 425 | - 'mail' => $mail, |
|
| 426 | - 'ip' => $ip, |
|
| 427 | - 'main_group' => $main_group, |
|
| 428 | - 'title' => $specific_title, |
|
| 429 | - 'activated' => $activated |
|
| 430 | - )); |
|
| 431 | - |
|
| 432 | - //get userID |
|
| 433 | - $userID = self::getIDByUsernameFromDB($username); |
|
| 434 | - |
|
| 435 | - if ($userID == Settings::get("guest_userid", -1)) { |
|
| 436 | - //something went wrong |
|
| 437 | - return false; |
|
| 438 | - } |
|
| 439 | - |
|
| 440 | - //add user to group "registered users" |
|
| 441 | - Groups::addGroupToUser(2, $userID, false); |
|
| 442 | - |
|
| 443 | - Events::throwEvent("add_user", array( |
|
| 444 | - 'userID' => $userID, |
|
| 445 | - 'username' => &$username, |
|
| 446 | - 'mail' => $mail, |
|
| 447 | - 'main_group' => $main_group |
|
| 448 | - )); |
|
| 449 | - |
|
| 450 | - return array( |
|
| 451 | - 'success' => true, |
|
| 452 | - 'userID' => $userID, |
|
| 453 | - 'username' => $username, |
|
| 454 | - 'mail' => $mail |
|
| 455 | - ); |
|
| 456 | - } |
|
| 457 | - |
|
| 458 | - public static function deleteUserID (int $userID) { |
|
| 459 | - Database::getInstance()->execute("DELETE FROM `{praefix}user` WHERE `userID` = :userID; ", array( |
|
| 460 | - 'userID' => array( |
|
| 461 | - 'type' => PDO::PARAM_INT, |
|
| 462 | - 'value' => $userID |
|
| 463 | - ) |
|
| 464 | - )); |
|
| 465 | - |
|
| 466 | - //remove user from cache |
|
| 467 | - Cache::clear("user", "user-" . $userID); |
|
| 468 | - } |
|
| 469 | - |
|
| 470 | - public static function existsUserID (int $userID) : bool { |
|
| 471 | - //search for userID in database |
|
| 472 | - $row = Database::getInstance()->getRow("SELECT * FROM `{praefix}user` WHERE `userID` = :userID; ", array( |
|
| 473 | - 'userID' => array( |
|
| 474 | - 'type' => PDO::PARAM_INT, |
|
| 475 | - 'value' => $userID |
|
| 476 | - ) |
|
| 477 | - )); |
|
| 478 | - |
|
| 479 | - return $row !== false; |
|
| 480 | - } |
|
| 481 | - |
|
| 482 | - public static function existsUsername (string $username) : bool { |
|
| 483 | - //search for username in database, ignore case |
|
| 484 | - $row = Database::getInstance()->getRow("SELECT * FROM `{praefix}user` WHERE UPPER(`username`) LIKE UPPER(:username); ", array('username' => $username)); |
|
| 485 | - |
|
| 486 | - return $row !== false; |
|
| 487 | - } |
|
| 488 | - |
|
| 489 | - public static function existsMail (string $mail) : bool { |
|
| 490 | - //search for mail in database, ignore case |
|
| 491 | - $row = Database::getInstance()->getRow("SELECT * FROM `{praefix}user` WHERE UPPER(`mail`) LIKE UPPER(:mail); ", array('mail' => $mail)); |
|
| 492 | - |
|
| 493 | - return $row !== false; |
|
| 494 | - } |
|
| 495 | - |
|
| 496 | - public static function getIDByUsernameFromDB (string $username) : int { |
|
| 497 | - //search for username in database, ignore case |
|
| 498 | - $row = Database::getInstance()->getRow("SELECT * FROM `{praefix}user` WHERE UPPER(`username`) LIKE UPPER(:username); ", array('username' => $username)); |
|
| 499 | - |
|
| 500 | - if ($row === false) { |
|
| 501 | - //return guest userID |
|
| 502 | - return Settings::get("guest_userid", -1); |
|
| 503 | - } |
|
| 504 | - |
|
| 505 | - return $row['userID']; |
|
| 506 | - } |
|
| 507 | - |
|
| 508 | - /** |
|
| 509 | - * get instance of current (logged in / guest) user |
|
| 510 | - */ |
|
| 511 | - public static function ¤t () : User { |
|
| 512 | - if (self::$instance == null) { |
|
| 513 | - self::$instance = new User(); |
|
| 514 | - self::$instance->load(); |
|
| 515 | - } |
|
| 516 | - |
|
| 517 | - return self::$instance; |
|
| 518 | - } |
|
| 422 | + 'username' => $username, |
|
| 423 | + 'password' => $hashed_password, |
|
| 424 | + 'salt' => $salt, |
|
| 425 | + 'mail' => $mail, |
|
| 426 | + 'ip' => $ip, |
|
| 427 | + 'main_group' => $main_group, |
|
| 428 | + 'title' => $specific_title, |
|
| 429 | + 'activated' => $activated |
|
| 430 | + )); |
|
| 431 | + |
|
| 432 | + //get userID |
|
| 433 | + $userID = self::getIDByUsernameFromDB($username); |
|
| 434 | + |
|
| 435 | + if ($userID == Settings::get("guest_userid", -1)) { |
|
| 436 | + //something went wrong |
|
| 437 | + return false; |
|
| 438 | + } |
|
| 439 | + |
|
| 440 | + //add user to group "registered users" |
|
| 441 | + Groups::addGroupToUser(2, $userID, false); |
|
| 442 | + |
|
| 443 | + Events::throwEvent("add_user", array( |
|
| 444 | + 'userID' => $userID, |
|
| 445 | + 'username' => &$username, |
|
| 446 | + 'mail' => $mail, |
|
| 447 | + 'main_group' => $main_group |
|
| 448 | + )); |
|
| 449 | + |
|
| 450 | + return array( |
|
| 451 | + 'success' => true, |
|
| 452 | + 'userID' => $userID, |
|
| 453 | + 'username' => $username, |
|
| 454 | + 'mail' => $mail |
|
| 455 | + ); |
|
| 456 | + } |
|
| 457 | + |
|
| 458 | + public static function deleteUserID (int $userID) { |
|
| 459 | + Database::getInstance()->execute("DELETE FROM `{praefix}user` WHERE `userID` = :userID; ", array( |
|
| 460 | + 'userID' => array( |
|
| 461 | + 'type' => PDO::PARAM_INT, |
|
| 462 | + 'value' => $userID |
|
| 463 | + ) |
|
| 464 | + )); |
|
| 465 | + |
|
| 466 | + //remove user from cache |
|
| 467 | + Cache::clear("user", "user-" . $userID); |
|
| 468 | + } |
|
| 469 | + |
|
| 470 | + public static function existsUserID (int $userID) : bool { |
|
| 471 | + //search for userID in database |
|
| 472 | + $row = Database::getInstance()->getRow("SELECT * FROM `{praefix}user` WHERE `userID` = :userID; ", array( |
|
| 473 | + 'userID' => array( |
|
| 474 | + 'type' => PDO::PARAM_INT, |
|
| 475 | + 'value' => $userID |
|
| 476 | + ) |
|
| 477 | + )); |
|
| 478 | + |
|
| 479 | + return $row !== false; |
|
| 480 | + } |
|
| 481 | + |
|
| 482 | + public static function existsUsername (string $username) : bool { |
|
| 483 | + //search for username in database, ignore case |
|
| 484 | + $row = Database::getInstance()->getRow("SELECT * FROM `{praefix}user` WHERE UPPER(`username`) LIKE UPPER(:username); ", array('username' => $username)); |
|
| 485 | + |
|
| 486 | + return $row !== false; |
|
| 487 | + } |
|
| 488 | + |
|
| 489 | + public static function existsMail (string $mail) : bool { |
|
| 490 | + //search for mail in database, ignore case |
|
| 491 | + $row = Database::getInstance()->getRow("SELECT * FROM `{praefix}user` WHERE UPPER(`mail`) LIKE UPPER(:mail); ", array('mail' => $mail)); |
|
| 492 | + |
|
| 493 | + return $row !== false; |
|
| 494 | + } |
|
| 495 | + |
|
| 496 | + public static function getIDByUsernameFromDB (string $username) : int { |
|
| 497 | + //search for username in database, ignore case |
|
| 498 | + $row = Database::getInstance()->getRow("SELECT * FROM `{praefix}user` WHERE UPPER(`username`) LIKE UPPER(:username); ", array('username' => $username)); |
|
| 499 | + |
|
| 500 | + if ($row === false) { |
|
| 501 | + //return guest userID |
|
| 502 | + return Settings::get("guest_userid", -1); |
|
| 503 | + } |
|
| 504 | + |
|
| 505 | + return $row['userID']; |
|
| 506 | + } |
|
| 507 | + |
|
| 508 | + /** |
|
| 509 | + * get instance of current (logged in / guest) user |
|
| 510 | + */ |
|
| 511 | + public static function ¤t () : User { |
|
| 512 | + if (self::$instance == null) { |
|
| 513 | + self::$instance = new User(); |
|
| 514 | + self::$instance->load(); |
|
| 515 | + } |
|
| 516 | + |
|
| 517 | + return self::$instance; |
|
| 518 | + } |
|
| 519 | 519 | |
| 520 | 520 | } |
| 521 | 521 | |
@@ -27,45 +27,45 @@ |
||
| 27 | 27 | |
| 28 | 28 | class LogoutPage extends HTMLPage { |
| 29 | 29 | |
| 30 | - protected $error = false; |
|
| 30 | + protected $error = false; |
|
| 31 | 31 | |
| 32 | - public function setCustomHeader() { |
|
| 33 | - //check, if session was started |
|
| 34 | - PHPUtils::checkSessionStarted(); |
|
| 32 | + public function setCustomHeader() { |
|
| 33 | + //check, if session was started |
|
| 34 | + PHPUtils::checkSessionStarted(); |
|
| 35 | 35 | |
| 36 | - if (!Security::checkCSRFToken()) { |
|
| 37 | - $this->error = true; |
|
| 36 | + if (!Security::checkCSRFToken()) { |
|
| 37 | + $this->error = true; |
|
| 38 | 38 | |
| 39 | - //dont logout user, because csrf token isnt correct |
|
| 40 | - return; |
|
| 41 | - } |
|
| 39 | + //dont logout user, because csrf token isnt correct |
|
| 40 | + return; |
|
| 41 | + } |
|
| 42 | 42 | |
| 43 | - //logout user |
|
| 44 | - User::current()->logout(); |
|
| 43 | + //logout user |
|
| 44 | + User::current()->logout(); |
|
| 45 | 45 | |
| 46 | - Events::throwEvent("after_logout"); |
|
| 46 | + Events::throwEvent("after_logout"); |
|
| 47 | 47 | |
| 48 | - //get domain |
|
| 49 | - $domain = Registry::singleton()->getObject("domain"); |
|
| 48 | + //get domain |
|
| 49 | + $domain = Registry::singleton()->getObject("domain"); |
|
| 50 | 50 | |
| 51 | - //generate index url |
|
| 52 | - $index_url = DomainUtils::generateURL($domain->getHomePage()); |
|
| 51 | + //generate index url |
|
| 52 | + $index_url = DomainUtils::generateURL($domain->getHomePage()); |
|
| 53 | 53 | |
| 54 | - header("Location: " . $index_url); |
|
| 54 | + header("Location: " . $index_url); |
|
| 55 | 55 | |
| 56 | - //flush gzip buffer |
|
| 57 | - ob_end_flush(); |
|
| 56 | + //flush gzip buffer |
|
| 57 | + ob_end_flush(); |
|
| 58 | 58 | |
| 59 | - exit; |
|
| 60 | - } |
|
| 59 | + exit; |
|
| 60 | + } |
|
| 61 | 61 | |
| 62 | - public function getContent(): string { |
|
| 63 | - if ($this->error) { |
|
| 64 | - return "Wrong CSRF token!"; |
|
| 65 | - } |
|
| 62 | + public function getContent(): string { |
|
| 63 | + if ($this->error) { |
|
| 64 | + return "Wrong CSRF token!"; |
|
| 65 | + } |
|
| 66 | 66 | |
| 67 | - return ""; |
|
| 68 | - } |
|
| 67 | + return ""; |
|
| 68 | + } |
|
| 69 | 69 | |
| 70 | 70 | } |
| 71 | 71 | |
