Nickbur / Sunrise-CMS

engine/library/User.php

<?php
/* 	Divine CMS - Open source CMS for widespread use.
    Copyright (c) 2019 Mykola Burakov (burakov.work@gmail.com)

    See SOURCE.txt for other and additional information.

    This file is part of Divine CMS.

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program. If not, see <http://www.gnu.org/licenses/>. */

namespace Divine\Engine\Library;

class User
{
    private $user_id;
    private $username;
    private $permission = array();

    public function __construct($registry)

Expected 2 blank lines before function; 1 found

    {
        $this->db = $registry->get('db');

The property db does not exist. Although not strictly required by PHP, it is generally a best practice to declare properties explicitly.

        $this->request = $registry->get('request');

The property request does not exist. Although not strictly required by PHP, it is generally a best practice to declare properties explicitly.

        $this->session = $registry->get('session');

The property session does not exist. Although not strictly required by PHP, it is generally a best practice to declare properties explicitly.

        if (isset($this->session->data['user_id'])) {
            $user_query = $this->db->query("
                SELECT * 
                FROM user 
                WHERE user_id = '" . (int) $this->session->data['user_id'] . "' 
                    AND status = '1'
            ");

            if ($user_query->num_rows) {
                $this->user_id = $user_query->row['user_id'];
                $this->username = $user_query->row['username'];
                $this->user_group_id = $user_query->row['user_group_id'];

The property user_group_id does not exist. Although not strictly required by PHP, it is generally a best practice to declare properties explicitly.

                $this->db->query("
                    UPDATE user 
                    SET ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "' 
                    WHERE user_id = '" . (int) $this->session->data['user_id'] . "'
                ");

                $user_group_query = $this->db->query("
                    SELECT permission 
                    FROM user_group 
                    WHERE user_group_id = '" . (int) $user_query->row['user_group_id'] . "'
                ");

                $permissions = json_decode($user_group_query->row['permission'], true);

                if (is_array($permissions)) {
                    foreach ($permissions as $key => $value) {
                        $this->permission[$key] = $value;
                    }
                }
            } else {
                $this->logout();
            }
        }
    }

    public function login($username, $password)
    {
        $user_query = $this->db->query("
            SELECT * 
            FROM user 
            WHERE username = '" . $this->db->escape($username) . "' 
                AND (password = SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1('" . $this->db->escape(htmlspecialchars($password, ENT_QUOTES)) . "'))))) 
                    OR password = '" . $this->db->escape(md5($password)) . "') 
                AND status = '1'
        ");

        if ($user_query->num_rows) {
            $this->session->data['user_id'] = $user_query->row['user_id'];

            $this->user_id = $user_query->row['user_id'];
            $this->username = $user_query->row['username'];
            $this->user_group_id = $user_query->row['user_group_id'];

The property user_group_id does not exist. Although not strictly required by PHP, it is generally a best practice to declare properties explicitly.

            $user_group_query = $this->db->query("
                SELECT permission 
                FROM user_group 
                WHERE user_group_id = '" . (int) $user_query->row['user_group_id'] . "'
            ");

            $permissions = json_decode($user_group_query->row['permission'], true);

            if (is_array($permissions)) {
                foreach ($permissions as $key => $value) {
                    $this->permission[$key] = $value;
                }
            }

            return true;
        } else {
            return false;
        }
    }

    public function logout()
    {
        unset($this->session->data['user_id']);

        $this->user_id = '';
        $this->username = '';
    }

    public function hasPermission($key, $value)
    {
        if (isset($this->permission[$key])) {
            return in_array($value, $this->permission[$key]);
        } else {
            return false;
        }
    }

    public function isLogged()
    {
        return $this->user_id;
    }

    public function getId()
    {
        return $this->user_id;
    }

    public function getUserName()
    {
        return $this->username;
    }

    public function getGroupId()
    {
        return $this->user_group_id;
    }
}