Cofem/lib/account.php

297 lines
9.4 KiB
PHP
Raw Normal View History

2024-01-16 19:24:40 +01:00
<?php
use Random\RandomException;
function isLoggedIn(): bool
{
global $routerConfig;
return $_SESSION["ID"] > 0 && !empty($_SESSION["email"]) && $_SESSION["privilegelevel"] >= $routerConfig["logged_in_default_permission_level"];
2024-01-16 19:24:40 +01:00
}
2024-02-01 09:38:16 +01:00
function setDefaultSessionData(): void
{
$_SESSION["ID"] = 0;
$_SESSION["first_name"] = "";
$_SESSION["last_name"] = "";
$_SESSION["nickname"] = "";
$_SESSION["email"] = "";
$_SESSION["mcnick"] = "";
$_SESSION["privilegelevel"] = 0;
}
function generateActivationToken(): string
{
try {
return bin2hex(random_bytes(16));
} catch (RandomException $e) {
return "error_generating_code_because_of_$e";
} // Adjust the length of the token as needed
}
function verifyPassword($userID, $password): bool
{
2024-01-16 19:24:40 +01:00
global $mysqli;
$stmt = $mysqli->prepare("SELECT PasswordHash FROM Users WHERE ID = ?");
$stmt->bind_param("i", $userID);
$stmt->execute();
$pwdhash = "";
$stmt->bind_result($pwdhash);
$stmt->fetch();
$stmt->close();
return !empty($pwdhash) && password_verify($password, $pwdhash);
}
function doLogin($email, $password): array
{
global $mysqli, $routerConfig;
2024-01-18 11:53:39 +01:00
$found = false;
if (!empty($email) && !empty($password)) {
$stmt = $mysqli->prepare("SELECT ID, FirstName, LastName, Nickname, PasswordHash, MinecraftNick, PrivilegeLevel, LastLoginAt, LoginCount FROM Users WHERE Email = ? AND isActivated = 1");
2024-01-16 19:24:40 +01:00
$stmt->bind_param("s", $email);
$stmt->execute();
2024-01-18 11:49:38 +01:00
2024-01-16 19:24:40 +01:00
$idcko = 0;
$fname = "";
$lname = "";
$nickname = "";
$pwdhash = "";
$mcnick = "";
$privilegelevel = 0;
$lastLoginAt = null;
$loginCount = 0;
$stmt->bind_result($idcko, $fname, $lname, $nickname, $pwdhash, $mcnick, $privilegelevel, $lastLoginAt, $loginCount);
2024-01-16 20:43:57 +01:00
if ($stmt->num_rows() > 0) {
2024-01-16 20:43:57 +01:00
$stmt->fetch();
if (password_verify($password, $pwdhash) && $privilegelevel >= $routerConfig["logged_in_default_permission_level"]) {
2024-01-16 20:43:57 +01:00
$found = true;
// Update LastLoginAt and LoginCount
$updateLoginStmt = $mysqli->prepare("UPDATE Users SET LastLoginAt = NOW(), LoginCount = LoginCount + 1 WHERE ID = ?");
$updateLoginStmt->bind_param("i", $idcko);
$updateLoginStmt->execute();
$updateLoginStmt->close();
2024-01-16 19:24:40 +01:00
}
}
$_SESSION["ID"] = $idcko;
$_SESSION["first_name"] = $fname;
$_SESSION["last_name"] = $lname;
$_SESSION["nickname"] = $nickname;
$_SESSION["email"] = $email;
$_SESSION["mcnick"] = $mcnick;
$_SESSION["privilegelevel"] = $privilegelevel;
2024-01-16 19:24:40 +01:00
$stmt->close();
}
2024-01-18 11:53:39 +01:00
return $found ? ["status" => "success"] : ["status" => "fail"];
2024-01-16 19:24:40 +01:00
}
function doLogout(): array
{
2024-01-16 19:24:40 +01:00
if(isLoggedIn()){
session_destroy();
2024-01-18 11:49:38 +01:00
return ["status" => "success"];
} else {
return ["status" => "fail"];
2024-01-16 19:24:40 +01:00
}
}
function doRegister($firstname, $lastname, $nickname, $email, $password, $minecraftnick, $activationtoken): array
{
global $mysqli, $routerConfig;
2024-01-16 19:24:40 +01:00
$status = ["status" => "fail"];
if (!empty($activationtoken)) {
2024-01-18 11:49:38 +01:00
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
$stmt = $mysqli->prepare("INSERT INTO Users (FirstName, LastName, Nickname, Email, PasswordHash, MinecraftNick, PrivilegeLevel, isActivated, ActivationToken, RegisteredAt) VALUES (?, ?, ?, ?, ?, ?, ?, 0, ?, ?, NOW())");
$privilegelevel = $routerConfig["logged_in_default_permission_level"];
$stmt->bind_param("ssssssisi", $firstname, $lastname, $nickname, $email, $passwordHash, $minecraftnick, $privilegelevel, $activationtoken);
2024-01-18 11:49:38 +01:00
$stmt->execute();
if ($stmt->affected_rows > 0) {
$status["status"] = "success";
2024-01-16 19:24:40 +01:00
}
2024-01-18 11:49:38 +01:00
$stmt->close();
2024-01-16 19:24:40 +01:00
}
2024-01-18 11:49:38 +01:00
return $status;
2024-01-16 19:24:40 +01:00
}
function changePassword($userID, $newPassword): array
{
global $mysqli, $routerConfig;
$status = ["status" => "fail"];
if(!empty($userID) && !empty($newPassword) && verifyPassword($userID, $newPassword) && $_SESSION["privilegelevel"] >= $routerConfig["logged_in_default_permission_level"]){
$passwordHash = password_hash($newPassword, PASSWORD_DEFAULT);
$stmt = $mysqli->prepare("UPDATE Users SET PasswordHash = ? WHERE ID = ?");
$stmt->bind_param("si", $passwordHash, $userID);
$stmt->execute();
if ($stmt->affected_rows > 0) {
$status["status"] = "success";
}
$stmt->close();
}
return $status;
}
function updateUserProfile($userID, $firstName, $lastName, $nickname, $minecraftNick): array
{
global $mysqli;
$status = ["status" => "fail"];
if (!empty($userID)) {
$stmt = $mysqli->prepare("UPDATE Users SET FirstName = ?, LastName = ?, Nickname = ?, MinecraftNick = ? WHERE ID = ?");
$stmt->bind_param("ssssi", $firstName, $lastName, $nickname, $minecraftNick, $userID);
$stmt->execute();
if ($stmt->affected_rows > 0) {
$status["status"] = "success";
}
$stmt->close();
}
return $status;
}
function getUserInfo($userID): array
{
global $mysqli;
$userInfo = [];
if (!empty($userID)) {
$stmt = $mysqli->prepare("SELECT ID, FirstName, LastName, Nickname, Email, MinecraftNick, privilegeLevel FROM Users WHERE ID = ?");
$stmt->bind_param("i", $userID);
$stmt->execute();
$id = 0;
$firstName = "";
$lastName = "";
$nickname = "";
$email = "";
$minecraftNick = "";
$privilegeLevel = 0;
$stmt->bind_result($id, $firstName, $lastName, $nickname, $email, $minecraftNick, $privilegeLevel);
$stmt->fetch();
$stmt->close();
$userInfo = [
"ID" => $id,
"FirstName" => $firstName,
"LastName" => $lastName,
"Nickname" => $nickname,
"Email" => $email,
"MinecraftNick" => $minecraftNick,
"PrivilegeLevel" => $privilegeLevel
];
}
return $userInfo;
}
function isEmailAvailable($email): bool
{
global $mysqli;
$stmt = $mysqli->prepare("SELECT COUNT(*) FROM Users WHERE Email = ?");
$stmt->bind_param("s", $email);
$stmt->execute();
$count = -1;
$stmt->bind_result($count);
$stmt->fetch();
$stmt->close();
return $count === 0;
}
function addActivationCodes($count): array
{
global $mysqli, $routerConfig;
$activationCodes = [];
if (is_numeric($count) && $count > 0 && $_SESSION["privilegelevel"] >= $routerConfig["user_admin_permission_level"]) {
$stmt = $mysqli->prepare("UPDATE Users SET ActivationCode = ?, CreatedAt = NOW(), CreatedBy = ? WHERE ID = ?");
for ($i = 0; $i < $count; $i++) {
$activationCode = generateActivationToken();
$stmt->bind_param("sii", $activationCode, $_SESSION["ID"], $_SESSION["ID"]);
$stmt->execute();
if ($stmt->affected_rows > 0) {
$activationCodes[] = [
"Code" => $activationCode,
"CreatedAt" => date("Y-m-d H:i:s"),
"CreatedBy" => $_SESSION["ID"]
];
}
}
$stmt->close();
}
return $activationCodes;
}
function listUsers(): array
{
global $mysqli, $routerConfig;
$users = ["status" => "fail"]; // Default status is "fail"
if ($_SESSION["privilegelevel"] >= $routerConfig["user_admin_permission_level"]) {
$users = [];
$result = $mysqli->query("SELECT ID, FirstName, LastName, Nickname, Email, MinecraftNick, PrivilegeLevel, CreatedAt, RegisteredAt, LastLoginAt, LoginCount, CreatedBy FROM Users");
// Check if the query executed successfully
if ($result) {
while ($row = $result->fetch_assoc()) {
$users[] = $row;
}
}
}
return $users;
}
function listActivationCodes(): array
{
global $mysqli, $routerConfig;
$activationCodes = ["status" => "fail"]; // Default status is "fail"
if ($_SESSION["privilegelevel"] >= $routerConfig["user_admin_permission_level"]) {
$activationCodes = [];
$result = $mysqli->query("SELECT Code, CreatedAt, CreatedBy FROM Users");
// Check if the query executed successfully
if ($result) {
while ($row = $result->fetch_assoc()) {
$activationCodes[] = $row;
}
}
}
return $activationCodes;
}
function deleteUser($userID): array
{
global $mysqli, $routerConfig;
$status = ["status" => "fail"];
if (!empty($userID) && $_SESSION["privilegelevel"] >= $routerConfig["user_admin_permission_level"]) {
$stmt = $mysqli->prepare("DELETE FROM Users WHERE ID = ?");
$stmt->bind_param("i", $userID);
$stmt->execute();
if ($stmt->affected_rows > 0) {
$status["status"] = "success";
}
$stmt->close();
}
return $status;
}
function deleteActivationCode($activationCode): array
{
global $mysqli, $routerConfig;
$status = ["status" => "fail"];
if (!empty($activationCode) && $_SESSION["privilegelevel"] >= $routerConfig["user_admin_permission_level"]) {
$stmt = $mysqli->prepare("DELETE FROM Users WHERE ActivationToken = ?");
$stmt->bind_param("s", $activationCode);
$stmt->execute();
if ($stmt->affected_rows > 0) {
$status["status"] = "success";
}
$stmt->close();
}
return $status;
}