adlerka.space/lib/account.php

<?php

use Random\RandomException;

function isLoggedIn(): bool
{
    global $routerConfig;
    return $_SESSION["ID"] > 0 && !empty($_SESSION["email"]) && $_SESSION["privilege_level"] >= $routerConfig["logged_in_default_permission_level"];
}
function isVerified(): bool
{
    global $routerConfig;
    return isLoggedIn() && $_SESSION["privilege_level"] >= $routerConfig["verified_permission_level"];
}

function isTrustWorthy(): bool
{
    global $routerConfig;
    return isLoggedIn() && $_SESSION["privilege_level"] >= $routerConfig["trustworthy_permission_level"];
}

function isModerator(): bool
{
    global $routerConfig;
    return isLoggedIn() && $_SESSION["privilege_level"] >= $routerConfig["moderator_permission_level"];
}

function isUserAdmin(): bool
{
    global $routerConfig;
    return isLoggedIn() && $_SESSION["privilege_level"] >= $routerConfig["user_admin_permission_level"];
}

function isAdmin(): bool
{
    global $routerConfig;
    return isLoggedIn() && $_SESSION["privilege_level"] >= $routerConfig["admin_permission_level"];
}


function generateActivationToken(): string
{
    try {
        return bin2hex(random_bytes(16));
    } catch (RandomException) {
    }
}

function isEmailAvailable($email): bool
{
    global $mysqli;
    $stmt = $mysqli->prepare("SELECT COUNT(*) FROM Users WHERE Email = ?");
    $stmt->bind_param("s", $email);
    $stmt->execute();
    $count = -1;
    $stmt->bind_result($count);
    $stmt->fetch();
    $stmt->close();

    return $count === 0;
}

function setDefaultSessionData(): void
{
    global $routerConfig;
    $_SESSION["ID"] = 0;
    $_SESSION["first_name"] = "";
    $_SESSION["last_name"] = "";
    $_SESSION["nickname"] = "";
    $_SESSION["email"] = "";
    $_SESSION["minecraft_nickname"] = "";
    $_SESSION["privilege_level"] = $routerConfig["logged_out_permission_level"];
}

function verifyPassword($userID, $password): bool
{
    global $mysqli;
    $stmt = $mysqli->prepare("SELECT PasswordHash FROM Users WHERE ID = ?");
    $stmt->bind_param("i", $userID);
    $stmt->execute();
    $password_hash = "";
    $stmt->bind_result($password_hash);
    $stmt->fetch();
    $stmt->close();

    return !empty($password_hash) && !empty($password) && password_verify($password, $password_hash);
}

function UpdateSession(){
    global $mysqli;
    $stmt = $mysqli->prepare("SELECT FirstName, LastName, Nickname, Email, MinecraftNick, PrivilegeLevel, LastLoginAt, LoginCount FROM Users WHERE ID = ? AND isActivated = 1");
    $stmt->bind_param("i", $_SESSION["ID"]);
    $stmt->execute();

    $uid = 0;
    $first_name = "";
    $last_name = "";
    $nickname = "";
    $password_hash = "";
    $email = "";
    $minecraft_nickname = "";
    $privilege_level = 0;
    $lastLoginAt = null;
    $loginCount = 0;
    $stmt->bind_result($uid, $first_name, $last_name, $nickname, $email, $password_hash, $minecraft_nickname, $privilege_level, $lastLoginAt, $loginCount);
    $stmt->fetch();
    $stmt->close();

    $_SESSION["first_name"] = $first_name;
    $_SESSION["last_name"] = $last_name;
    $_SESSION["nickname"] = $nickname;
    $_SESSION["email"] = $email;
    $_SESSION["minecraft_nickname"] = $minecraft_nickname;
    $_SESSION["privilege_level"] = $privilege_level;

}

function doLogin($email, $password): array
{
    global $mysqli, $routerConfig;
    $found = false;
    if (!empty($email) && !empty($password)) {
        $stmt = $mysqli->prepare("SELECT ID, PasswordHash FROM Users WHERE Email = ? AND isActivated = 1");
        $stmt->bind_param("s", $email);
        $stmt->execute();

        $uid = 0;

        $password_hash = "";
        $stmt->bind_result($uid, $password_hash);
        $stmt->fetch();
        $stmt->close();

        if (password_verify($password, $password_hash)) {
            $found = true;

            $_SESSION["ID"] = $uid;
            UpdateSession();
            // Update LastLoginAt and LoginCount
            $updateLoginStmt = $mysqli->prepare("UPDATE Users SET LastLoginAt = NOW(), LoginCount = LoginCount + 1 WHERE ID = ?");
            $updateLoginStmt->bind_param("i", $uid);
            $updateLoginStmt->execute();
            $updateLoginStmt->close();
        }
    }
    return $found ? ["Status" => "Success"] : ["Status" => "Fail"];
}

function doLogout(): array
{
    if(isLoggedIn()){
        setDefaultSessionData();
        return ["Status" => "Success"];
    } else {
        return ["Status" => "Fail"];
    }
}

function doRegister($firstname, $lastname, $email, $password, $activation_token): array
{
    global $mysqli, $routerConfig;
    $status = ["Status" => "Fail"];

    if (!empty($activation_token) && !empty($email) && !empty($password) && !empty($firstname) && !empty($lastname) && isEmailAvailable($email)) {
        $passwordHash = password_hash($password, PASSWORD_DEFAULT);

        $stmt = $mysqli->prepare("UPDATE Users SET FirstName=?, LastName=?, Email=?, PasswordHash=?, PrivilegeLevel=?, isActivated=1, ActivationToken='', RegisteredAt=NOW() WHERE ActivationToken = ?");
        $privilege_level = $routerConfig["logged_in_default_permission_level"];

        /** @noinspection SpellCheckingInspection */
        $stmt->bind_param("ssssiss", $firstname, $lastname, $email, $passwordHash, $privilege_level, $activation_token, $activation_token);

        $stmt->execute();

        if ($stmt->affected_rows > 0) {
            $status["Status"] = "Success";
        }

        $stmt->close();
    }

    return $status;
}


function changePassword($oldPassword, $newPassword): array
{
    global $mysqli;
    $status = ["Status" => "Fail"];
    $userID = $_SESSION["ID"];
    if(!empty($oldPassword) && !empty($newPassword) && isLoggedIn() && verifyPassword($userID, $oldPassword)){
        $passwordHash = password_hash($newPassword, PASSWORD_DEFAULT);
        $stmt = $mysqli->prepare("UPDATE Users SET PasswordHash = ? WHERE ID = ?");
        $stmt->bind_param("si", $passwordHash, $userID);
        $stmt->execute();
        if ($stmt->affected_rows > 0) {
            $status["Status"] = "Success";
        }
        $stmt->close();
    }
    return $status;
}


// Function to update user profile
function updateUserProfile($firstName, $lastName, $nickname, $minecraft_nickname): array
{
    global $mysqli;
    $status = ["Status" => "Fail"];

    if (isLoggedIn() && !empty($firstName) && !empty($lastName) && !empty($nickname) && !empty($minecraft_nickname)) {
        $userID = $_SESSION["ID"];

        $stmt = $mysqli->prepare("UPDATE Users SET FirstName = ?, LastName = ?, Nickname = ?, MinecraftNick = ? WHERE ID = ?");
        /** @noinspection SpellCheckingInspection */
        $stmt->bind_param("ssssi", $firstName, $lastName, $nickname, $minecraft_nickname, $userID);
        $stmt->execute();

        if ($stmt->affected_rows > 0) {
            $status["Status"] = "Success";
        }

        $stmt->close();
    }

    return $status;
}

// Function to update user email
function updateUserEmail($email): array
{
    global $mysqli;
    $status = ["Status" => "Fail"];
    /** @noinspection SpellCheckingInspection */
    $validmail = false;

    if (isLoggedIn() && !empty($email)) {
        $userID = $_SESSION["ID"];

        $stmt_email_check = $mysqli->prepare("SELECT Email FROM Users WHERE ID = ?");
        $stmt_email_check->bind_param("i", $userID);
        $old_email = "";
        $stmt_email_check->bind_result($old_email);
        $stmt_email_check->execute();
        $stmt_email_check->fetch();
        $stmt_email_check->close();

        if ($email != $old_email) {
            if (isEmailAvailable($email)) {
                /** @noinspection SpellCheckingInspection */
                $validmail = true;
            }
        } else {
            /** @noinspection SpellCheckingInspection */
            $validmail = true;
        }

        if ($validmail) {
            $stmt = $mysqli->prepare("UPDATE Users SET Email = ? WHERE ID = ?");
            $stmt->bind_param("si", $email, $userID);
            $stmt->execute();

            if ($stmt->affected_rows > 0) {
                $status["Status"] = "Success";
            }

            $stmt->close();
        }
    }

    return $status;
}

function getUserInfo(): array
{
    $output = ["Status" => "Fail"];
    if(isLoggedIn()) {
        global $mysqli;
        $userID = $_SESSION["ID"];
        $stmt = $mysqli->prepare("SELECT FirstName, LastName, Nickname, Email, MinecraftNick FROM Users WHERE ID = ?");
        $stmt->bind_param("i", $userID);
        $stmt->execute();

        $firstName = "";
        $lastName = "";
        $nickname = "";
        $email = "";
        $minecraft_nickname = "";

        $stmt->bind_result($firstName, $lastName, $nickname, $email, $minecraft_nickname);
        $stmt->fetch();
        $stmt->close();
        UpdateSession();
        $output["Status"] = "Success";

        $output["UserInfo"] = [
            "ID" => $userID,
            "FirstName" => $firstName,
            "LastName" => $lastName,
            "Nickname" => $nickname,
            "Email" => $email,
            "MinecraftNick" => $minecraft_nickname
        ];

    }
    return $output;
}


function addActivationCodes($count): array
{
    global $mysqli, $routerConfig;
    $activationCodes = [];

    $output = ["Status" => "Fail"]; // Default Status is "Fail"

    if (is_numeric($count) && $count > 0 && isUserAdmin() && isLoggedIn()) {
        $stmt = $mysqli->prepare("INSERT INTO Users (ActivationToken, CreatedAt, CreatedBy) VALUES (?, NOW(), ?)");

        for ($i = 0; $i < $count; $i++) {
            $activationCode = generateActivationToken();
            $stmt->bind_param("si", $activationCode, $_SESSION["ID"]);
            $stmt->execute();

            if ($stmt->affected_rows > 0) {
                $activationCodes[] = [
                    "Code" => $activationCode,
                    "CreatedAt" => date("Y-m-d H:i:s"),
                    "CreatedBy" => $_SESSION["ID"]
                ];
                $output["Status"] = "Success";
                $output["ActivationCodes"] = $activationCodes;
            }
        }

        $stmt->close();
    }

    return $output;
}

function listUsers(): array
{
    global $mysqli, $routerConfig;
    $output = ["Status" => "Fail"]; // Default Status is "Fail"

    if (isUserAdmin()) {
        $users = [];
        $result = $mysqli->query("SELECT ID, FirstName, LastName, Nickname, Email, MinecraftNick, PrivilegeLevel, CreatedAt, RegisteredAt, LastLoginAt, LoginCount, CreatedBy FROM Users");

        // Check if the query executed Successfully
        if ($result) {
            while ($row = $result->fetch_assoc()) {
                $users[] = $row;
            }
            $output["Status"] = "Success";
            $output["Users"] = $users;
        }
    }

    return $output;
}

function listActivationCodes(): array
{
    global $mysqli, $routerConfig;
    $output = ["Status" => "Fail"]; // Default Status is "Fail"

    if (isUserAdmin()) {
        $activationCodes = [];

        // Use placeholders in the query
        $query = "SELECT ActivationToken, CreatedAt, CreatedBy FROM Users WHERE isActivated = 0";
        $stmt = $mysqli->prepare($query);

        if ($stmt) {
            // Bind the result variables
            $activationToken = "";
            $createdAt = "";
            $createdBy = "";
            $stmt->bind_result($activationToken, $createdAt, $createdBy);

            // Execute the prepared statement
            $stmt->execute();

            // Fetch the results into the bound variables
            while ($stmt->fetch()) {
                $activationCodes[] = [
                    'ActivationToken' => $activationToken,
                    'CreatedAt' => $createdAt,
                    'CreatedBy' => $createdBy
                ];
            }

            // Check if any results were fetched
            if (!empty($activationCodes)) {
                $output["Status"] = "Success";
                $output["ActivationCodes"] = $activationCodes;
            }

            // Close the statement
            $stmt->close();
        }
    }
    return $output;
}


function deleteUser($userID): array
{
    global $mysqli, $routerConfig;
    $status = ["Status" => "Fail"];
    if (!empty($userID) && isUserAdmin()) {
        $stmt = $mysqli->prepare("DELETE FROM Users WHERE ID = ?");
        $stmt->bind_param("i", $userID);
        $stmt->execute();
        if ($stmt->affected_rows > 0) {
            $status["Status"] = "Success";
        }
        $stmt->close();
    }
    return $status;
}

function deleteActivationCode($activationCode): array
{
    global $mysqli, $routerConfig;
    $status = ["Status" => "Fail"];
    if (!empty($activationCode) && isUserAdmin()) {
        $stmt = $mysqli->prepare("DELETE FROM Users WHERE ActivationToken = ?");
        $stmt->bind_param("s", $activationCode);
        $stmt->execute();
        if ($stmt->affected_rows > 0) {
            $status["Status"] = "Success";
        }
        $stmt->close();
    }
    return $status;
}