0 && !empty($_SESSION["email"]) && $_SESSION["privilegelevel"] >= $routerConfig["logged_in_default_permission_level"]; } function generateActivationToken(): string { try { return bin2hex(random_bytes(16)); } catch (RandomException $e) { return "error_generating_code_because_of_$e"; } // Adjust the length of the token as needed } function verifyPassword($userID, $password): bool { global $mysqli; $stmt = $mysqli->prepare("SELECT PasswordHash FROM Users WHERE ID = ?"); $stmt->bind_param("i", $userID); $stmt->execute(); $pwdhash = ""; $stmt->bind_result($pwdhash); $stmt->fetch(); $stmt->close(); return !empty($pwdhash) && password_verify($password, $pwdhash); } function doLogin($email, $password): array { global $mysqli, $routerConfig; $found = false; if(!empty($email) && !empty($password)){ $stmt = $mysqli->prepare("SELECT ID, FirstName, LastName, Nickname, PasswordHash, MinecraftNick, privilegeLevel FROM Users WHERE EMAIL = ? AND isActive = 1"); $stmt->bind_param("s", $email); $stmt->execute(); $idcko = 0; $fname = ""; $lname = ""; $nickname = ""; $pwdhash = ""; $mcnick = ""; $privilegelevel = 0; $stmt->bind_result($idcko, $fname, $lname, $nickname, $pwdhash, $mcnick, $privilegelevel); if($stmt->num_rows() > 0){ $stmt->fetch(); if (password_verify($password, $pwdhash) && $privilegelevel >= $routerConfig["logged_in_default_permission_level"]){ $found = true; } } $_SESSION["ID"] = $idcko; $_SESSION["first_name"] = $fname; $_SESSION["last_name"] = $lname; $_SESSION["nickname"] = $nickname; $_SESSION["email"] = $email; $_SESSION["mcnick"] = $mcnick; $_SESSION["privilegelevel"] = $privilegelevel; $stmt->close(); } return $found ? ["status" => "success"] : ["status" => "fail"]; } function doLogout(): array { if(isLoggedIn()){ session_destroy(); return ["status" => "success"]; } else { return ["status" => "fail"]; } } function doRegister($firstname, $lastname, $nickname, $email, $password, $minecraftnick, $activationtoken): array { global $mysqli; $status = ["status" => "fail"]; if (!empty($activationtoken)){ $passwordHash = password_hash($password, PASSWORD_DEFAULT); $stmt = $mysqli->prepare("UPDATE Users SET FirstName = ?, LastName = ?, Nickname = ?, Email = ?, PasswordHash = ?, MinecraftNick = ?, isAdmin = 0, isActivated = 1 WHERE isActivated = 0 AND ActivationToken = ?"); $stmt->bind_param("sssssss", $firstname, $lastname, $nickname, $email, $passwordHash, $minecraftnick, $activationtoken); $stmt->execute(); if ($stmt->affected_rows > 0) { $status["status"] = "success"; } $stmt->close(); } return $status; } function changePassword($userID, $newPassword): array { global $mysqli, $routerConfig; $status = ["status" => "fail"]; if(!empty($userID) && !empty($newPassword) && verifyPassword($userID, $newPassword) && $_SESSION["privilegelevel"] >= $routerConfig["logged_in_default_permission_level"]){ $passwordHash = password_hash($newPassword, PASSWORD_DEFAULT); $stmt = $mysqli->prepare("UPDATE Users SET PasswordHash = ? WHERE ID = ?"); $stmt->bind_param("si", $passwordHash, $userID); $stmt->execute(); if ($stmt->affected_rows > 0) { $status["status"] = "success"; } $stmt->close(); } return $status; } function updateUserProfile($userID, $firstName, $lastName, $nickname, $minecraftNick): array { global $mysqli; $status = ["status" => "fail"]; if (!empty($userID)) { $stmt = $mysqli->prepare("UPDATE Users SET FirstName = ?, LastName = ?, Nickname = ?, MinecraftNick = ? WHERE ID = ?"); $stmt->bind_param("ssssi", $firstName, $lastName, $nickname, $minecraftNick, $userID); $stmt->execute(); if ($stmt->affected_rows > 0) { $status["status"] = "success"; } $stmt->close(); } return $status; } function getUserInfo($userID): array { global $mysqli; $userInfo = []; if (!empty($userID)) { $stmt = $mysqli->prepare("SELECT ID, FirstName, LastName, Nickname, Email, MinecraftNick, privilegeLevel FROM Users WHERE ID = ?"); $stmt->bind_param("i", $userID); $stmt->execute(); $id = 0; $firstName = ""; $lastName = ""; $nickname = ""; $email = ""; $minecraftNick = ""; $privilegeLevel = 0; $stmt->bind_result($id, $firstName, $lastName, $nickname, $email, $minecraftNick, $privilegeLevel); $stmt->fetch(); $stmt->close(); $userInfo = [ "ID" => $id, "FirstName" => $firstName, "LastName" => $lastName, "Nickname" => $nickname, "Email" => $email, "MinecraftNick" => $minecraftNick, "PrivilegeLevel" => $privilegeLevel ]; } return $userInfo; } function isEmailAvailable($email): bool { global $mysqli; $stmt = $mysqli->prepare("SELECT COUNT(*) FROM Users WHERE Email = ?"); $stmt->bind_param("s", $email); $stmt->execute(); $count = -1; $stmt->bind_result($count); $stmt->fetch(); $stmt->close(); return $count === 0; } function addActivationCodes($adminID, $count): array { global $mysqli; $activationCodes = []; if (!empty($adminID) && is_numeric($count) && $count > 0) { $stmt = $mysqli->prepare("INSERT INTO ActivationCodes (AdminID, Code) VALUES (?, ?)"); for ($i = 0; $i < $count; $i++) { $activationCode = generateActivationToken(); $stmt->bind_param("is", $adminID, $activationCode); $stmt->execute(); if ($stmt->affected_rows > 0) { $activationCodes[] = $activationCode; } } $stmt->close(); } return $activationCodes; } function listUsers(): array { global $mysqli; $users = []; $result = $mysqli->query("SELECT ID, FirstName, LastName, Nickname, Email, MinecraftNick, privilegeLevel FROM Users"); while ($row = $result->fetch_assoc()) { $users[] = $row; } return $users; } function listActivationCodes(): array { global $mysqli; $activationCodes = []; $result = $mysqli->query("SELECT Code FROM ActivationCodes"); while ($row = $result->fetch_assoc()) { $activationCodes[] = $row['Code']; } return $activationCodes; }