forked from Adleraci/adlerka.top
444 lines
13 KiB
PHP
444 lines
13 KiB
PHP
<?php
|
|
|
|
use Random\RandomException;
|
|
|
|
function isLoggedIn(): bool
|
|
{
|
|
global $routerConfig;
|
|
return $_SESSION["ID"] > 0 && !empty($_SESSION["email"]) && $_SESSION["privilege_level"] >= $routerConfig["permissions"]["logged_in_default"];
|
|
}
|
|
function isVerified(): bool
|
|
{
|
|
global $routerConfig;
|
|
return isLoggedIn() && $_SESSION["privilege_level"] >= $routerConfig["permissions"]["verified"];
|
|
}
|
|
|
|
function isTrustWorthy(): bool
|
|
{
|
|
global $routerConfig;
|
|
return isLoggedIn() && $_SESSION["privilege_level"] >= $routerConfig["permissions"]["trustworthy"];
|
|
}
|
|
|
|
function isModerator(): bool
|
|
{
|
|
global $routerConfig;
|
|
return isLoggedIn() && $_SESSION["privilege_level"] >= $routerConfig["permissions"]["moderator"];
|
|
}
|
|
|
|
function isUserAdmin(): bool
|
|
{
|
|
global $routerConfig;
|
|
return isLoggedIn() && $_SESSION["privilege_level"] >= $routerConfig["permissions"]["user_admin"];
|
|
}
|
|
|
|
function isAdmin(): bool
|
|
{
|
|
global $routerConfig;
|
|
return isLoggedIn() && $_SESSION["privilege_level"] >= $routerConfig["permissions"]["admin"];
|
|
}
|
|
|
|
|
|
function generateActivationToken(): string
|
|
{
|
|
try {
|
|
return bin2hex(random_bytes(16));
|
|
} catch (RandomException) {
|
|
}
|
|
}
|
|
|
|
function isEmailAvailable($email): bool
|
|
{
|
|
global $mysqli;
|
|
$stmt = $mysqli->prepare("SELECT COUNT(*) FROM Users WHERE Email = ?");
|
|
$stmt->bind_param("s", $email);
|
|
$stmt->execute();
|
|
$count = -1;
|
|
$stmt->bind_result($count);
|
|
$stmt->fetch();
|
|
$stmt->close();
|
|
|
|
return $count === 0;
|
|
}
|
|
|
|
function setDefaultSessionData(): void
|
|
{
|
|
global $routerConfig;
|
|
$_SESSION["ID"] = 0;
|
|
$_SESSION["first_name"] = "";
|
|
$_SESSION["last_name"] = "";
|
|
$_SESSION["nickname"] = "";
|
|
$_SESSION["email"] = "";
|
|
$_SESSION["minecraft_nickname"] = "";
|
|
$_SESSION["privilege_level"] = $routerConfig["permissions"]["logged_out"];
|
|
}
|
|
|
|
function verifyPassword($userID, $password): bool
|
|
{
|
|
global $mysqli;
|
|
$stmt = $mysqli->prepare("SELECT PasswordHash FROM Users WHERE ID = ?");
|
|
$stmt->bind_param("i", $userID);
|
|
$stmt->execute();
|
|
$password_hash = "";
|
|
$stmt->bind_result($password_hash);
|
|
$stmt->fetch();
|
|
$stmt->close();
|
|
|
|
return !empty($password_hash) && !empty($password) && password_verify($password, $password_hash);
|
|
}
|
|
|
|
function UpdateSession(): void
|
|
{
|
|
global $mysqli;
|
|
$stmt = $mysqli->prepare("SELECT FirstName, LastName, Nickname, Email, MinecraftNick, PrivilegeLevel, LastLoginAt, LoginCount, ClassID, FavoriteColor FROM Users WHERE ID = ? AND isActivated = 1");
|
|
$stmt->bind_param("i", $_SESSION["ID"]);
|
|
$stmt->execute();
|
|
|
|
$first_name = "";
|
|
$last_name = "";
|
|
$nickname = "";
|
|
$email = "";
|
|
$minecraft_nickname = "";
|
|
$privilege_level = 0;
|
|
$class_id = 0;
|
|
$favorite_color = 0;
|
|
$lastLoginAt = null;
|
|
$loginCount = 0;
|
|
$stmt->bind_result($first_name, $last_name, $nickname, $email, $minecraft_nickname, $privilege_level, $lastLoginAt, $loginCount, $class_id, $favorite_color);
|
|
$stmt->fetch();
|
|
$stmt->close();
|
|
|
|
$_SESSION["first_name"] = $first_name;
|
|
$_SESSION["last_name"] = $last_name;
|
|
$_SESSION["nickname"] = $nickname;
|
|
$_SESSION["email"] = $email;
|
|
$_SESSION["minecraft_nickname"] = $minecraft_nickname;
|
|
$_SESSION["privilege_level"] = $privilege_level;
|
|
$_SESSION["lastLoginAt"] = $lastLoginAt;
|
|
$_SESSION["loginCount"] = $loginCount;
|
|
$_SESSION["class_id"] = $class_id;
|
|
$_SESSION["favorite_color"] = $favorite_color;
|
|
|
|
}
|
|
|
|
function doLogin($email, $password): array
|
|
{
|
|
global $mysqli;
|
|
$found = false;
|
|
if (!empty($email) && !empty($password)) {
|
|
$stmt = $mysqli->prepare("SELECT ID, PasswordHash FROM Users WHERE Email = ? AND isActivated = 1");
|
|
$stmt->bind_param("s", $email);
|
|
$stmt->execute();
|
|
|
|
$uid = 0;
|
|
|
|
$password_hash = "";
|
|
$stmt->bind_result($uid, $password_hash);
|
|
$stmt->fetch();
|
|
$stmt->close();
|
|
|
|
if (password_verify($password, $password_hash)) {
|
|
$found = true;
|
|
|
|
$_SESSION["ID"] = $uid;
|
|
UpdateSession();
|
|
// Update LastLoginAt and LoginCount
|
|
$updateLoginStmt = $mysqli->prepare("UPDATE Users SET LastLoginAt = NOW(), LoginCount = LoginCount + 1 WHERE ID = ?");
|
|
$updateLoginStmt->bind_param("i", $uid);
|
|
$updateLoginStmt->execute();
|
|
$updateLoginStmt->close();
|
|
}
|
|
}
|
|
return $found ? ["Status" => "Success"] : ["Status" => "Fail"];
|
|
}
|
|
|
|
function doLogout(): array
|
|
{
|
|
if(isLoggedIn()){
|
|
setDefaultSessionData();
|
|
return ["Status" => "Success"];
|
|
} else {
|
|
return ["Status" => "Fail"];
|
|
}
|
|
}
|
|
|
|
function doRegister($firstname, $lastname, $email, $password, $activation_token): array
|
|
{
|
|
global $mysqli, $routerConfig;
|
|
$status = ["Status" => "Fail"];
|
|
|
|
if (!empty($activation_token) && !empty($email) && !empty($password) && !empty($firstname) && !empty($lastname) && isEmailAvailable($email)) {
|
|
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
|
|
|
|
$stmt = $mysqli->prepare("UPDATE Users SET FirstName=?, LastName=?, Email=?, PasswordHash=?, PrivilegeLevel=?, isActivated=1, ActivationToken='', RegisteredAt=NOW() WHERE ActivationToken = ?");
|
|
$privilege_level = $routerConfig["permissions"]["logged_in_default"];
|
|
|
|
/** @noinspection SpellCheckingInspection */
|
|
$stmt->bind_param("ssssis", $firstname, $lastname, $email, $passwordHash, $privilege_level, $activation_token);
|
|
|
|
$stmt->execute();
|
|
|
|
if ($stmt->affected_rows > 0) {
|
|
$status["Status"] = "Success";
|
|
}
|
|
|
|
$stmt->close();
|
|
}
|
|
|
|
return $status;
|
|
}
|
|
|
|
|
|
function changePassword($oldPassword, $newPassword): array
|
|
{
|
|
global $mysqli;
|
|
$status = ["Status" => "Fail"];
|
|
$userID = $_SESSION["ID"];
|
|
if(!empty($oldPassword) && !empty($newPassword) && isLoggedIn() && verifyPassword($userID, $oldPassword)){
|
|
$passwordHash = password_hash($newPassword, PASSWORD_DEFAULT);
|
|
$stmt = $mysqli->prepare("UPDATE Users SET PasswordHash = ? WHERE ID = ?");
|
|
$stmt->bind_param("si", $passwordHash, $userID);
|
|
$stmt->execute();
|
|
if ($stmt->affected_rows > 0) {
|
|
$status["Status"] = "Success";
|
|
}
|
|
$stmt->close();
|
|
}
|
|
return $status;
|
|
}
|
|
|
|
|
|
// Function to update user profile
|
|
function updateUserProfile($firstName, $lastName, $nickname, $minecraft_nickname): array
|
|
{
|
|
global $mysqli;
|
|
$status = ["Status" => "Fail"];
|
|
|
|
if (isLoggedIn() && !empty($firstName) && !empty($lastName) && !empty($nickname) && !empty($minecraft_nickname)) {
|
|
$userID = $_SESSION["ID"];
|
|
|
|
$stmt = $mysqli->prepare("UPDATE Users SET FirstName = ?, LastName = ?, Nickname = ?, MinecraftNick = ? WHERE ID = ?");
|
|
/** @noinspection SpellCheckingInspection */
|
|
$stmt->bind_param("ssssi", $firstName, $lastName, $nickname, $minecraft_nickname, $userID);
|
|
$stmt->execute();
|
|
|
|
if ($stmt->affected_rows > 0) {
|
|
$status["Status"] = "Success";
|
|
}
|
|
|
|
$stmt->close();
|
|
}
|
|
|
|
return $status;
|
|
}
|
|
|
|
// Function to update user email
|
|
function updateUserEmail($email): array
|
|
{
|
|
global $mysqli;
|
|
$status = ["Status" => "Fail"];
|
|
/** @noinspection SpellCheckingInspection */
|
|
$validmail = false;
|
|
|
|
if (isLoggedIn() && !empty($email)) {
|
|
$userID = $_SESSION["ID"];
|
|
|
|
$stmt_email_check = $mysqli->prepare("SELECT Email FROM Users WHERE ID = ?");
|
|
$stmt_email_check->bind_param("i", $userID);
|
|
$old_email = "";
|
|
$stmt_email_check->bind_result($old_email);
|
|
$stmt_email_check->execute();
|
|
$stmt_email_check->fetch();
|
|
$stmt_email_check->close();
|
|
|
|
if ($email != $old_email) {
|
|
if (isEmailAvailable($email)) {
|
|
/** @noinspection SpellCheckingInspection */
|
|
$validmail = true;
|
|
}
|
|
} else {
|
|
/** @noinspection SpellCheckingInspection */
|
|
$validmail = true;
|
|
}
|
|
|
|
if ($validmail) {
|
|
$stmt = $mysqli->prepare("UPDATE Users SET Email = ? WHERE ID = ?");
|
|
$stmt->bind_param("si", $email, $userID);
|
|
$stmt->execute();
|
|
|
|
if ($stmt->affected_rows > 0) {
|
|
$status["Status"] = "Success";
|
|
}
|
|
|
|
$stmt->close();
|
|
}
|
|
}
|
|
|
|
return $status;
|
|
}
|
|
|
|
function getUserInfo(): array
|
|
{
|
|
$output = ["Status" => "Fail"];
|
|
if(isLoggedIn()) {
|
|
global $mysqli;
|
|
$userID = $_SESSION["ID"];
|
|
$stmt = $mysqli->prepare("SELECT FirstName, LastName, Nickname, Email, MinecraftNick FROM Users WHERE ID = ?");
|
|
$stmt->bind_param("i", $userID);
|
|
$stmt->execute();
|
|
|
|
$firstName = "";
|
|
$lastName = "";
|
|
$nickname = "";
|
|
$email = "";
|
|
$minecraft_nickname = "";
|
|
|
|
$stmt->bind_result($firstName, $lastName, $nickname, $email, $minecraft_nickname);
|
|
$stmt->fetch();
|
|
$stmt->close();
|
|
UpdateSession();
|
|
$output["Status"] = "Success";
|
|
|
|
$output["UserInfo"] = [
|
|
"ID" => $userID,
|
|
"FirstName" => $firstName,
|
|
"LastName" => $lastName,
|
|
"Nickname" => $nickname,
|
|
"Email" => $email,
|
|
"MinecraftNick" => $minecraft_nickname
|
|
];
|
|
|
|
}
|
|
return $output;
|
|
}
|
|
|
|
|
|
function addActivationCodes($count): array
|
|
{
|
|
global $mysqli;
|
|
$activationCodes = [];
|
|
|
|
$output = ["Status" => "Fail"]; // Default Status is "Fail"
|
|
|
|
if (is_numeric($count) && $count > 0 && isUserAdmin() && isLoggedIn()) {
|
|
$stmt = $mysqli->prepare("INSERT INTO Users (ActivationToken, CreatedAt, CreatedBy) VALUES (?, NOW(), ?)");
|
|
|
|
for ($i = 0; $i < $count; $i++) {
|
|
$activationCode = generateActivationToken();
|
|
$stmt->bind_param("si", $activationCode, $_SESSION["ID"]);
|
|
$stmt->execute();
|
|
|
|
if ($stmt->affected_rows > 0) {
|
|
$activationCodes[] = [
|
|
"Code" => $activationCode,
|
|
"CreatedAt" => date("Y-m-d H:i:s"),
|
|
"CreatedBy" => $_SESSION["ID"]
|
|
];
|
|
$output["Status"] = "Success";
|
|
$output["ActivationCodes"] = $activationCodes;
|
|
}
|
|
}
|
|
|
|
$stmt->close();
|
|
}
|
|
|
|
return $output;
|
|
}
|
|
|
|
function listUsers(): array
|
|
{
|
|
global $mysqli;
|
|
$output = ["Status" => "Fail"]; // Default Status is "Fail"
|
|
|
|
if (isUserAdmin()) {
|
|
$users = [];
|
|
$result = $mysqli->query("SELECT ID, FirstName, LastName, Nickname, Email, MinecraftNick, PrivilegeLevel, CreatedAt, RegisteredAt, LastLoginAt, LoginCount, CreatedBy FROM Users WHERE isActivated = 1");
|
|
|
|
// Check if the query executed Successfully
|
|
if ($result) {
|
|
while ($row = $result->fetch_assoc()) {
|
|
$users[] = $row;
|
|
}
|
|
$output["Status"] = "Success";
|
|
$output["Users"] = $users;
|
|
}
|
|
}
|
|
|
|
return $output;
|
|
}
|
|
|
|
function listActivationCodes(): array
|
|
{
|
|
global $mysqli;
|
|
$output = ["Status" => "Fail"]; // Default Status is "Fail"
|
|
|
|
if (isUserAdmin()) {
|
|
$activationCodes = [];
|
|
|
|
// Use placeholders in the query
|
|
$query = "SELECT ActivationToken, CreatedAt, CreatedBy FROM Users WHERE isActivated = 0";
|
|
$stmt = $mysqli->prepare($query);
|
|
|
|
if ($stmt) {
|
|
// Bind the result variables
|
|
$activationToken = "";
|
|
$createdAt = "";
|
|
$createdBy = "";
|
|
$stmt->bind_result($activationToken, $createdAt, $createdBy);
|
|
|
|
// Execute the prepared statement
|
|
$stmt->execute();
|
|
|
|
// Fetch the results into the bound variables
|
|
while ($stmt->fetch()) {
|
|
$activationCodes[] = [
|
|
'ActivationToken' => $activationToken,
|
|
'CreatedAt' => $createdAt,
|
|
'CreatedBy' => $createdBy
|
|
];
|
|
}
|
|
|
|
// Check if any results were fetched
|
|
if (!empty($activationCodes)) {
|
|
$output["Status"] = "Success";
|
|
$output["ActivationCodes"] = $activationCodes;
|
|
}
|
|
|
|
// Close the statement
|
|
$stmt->close();
|
|
}
|
|
}
|
|
return $output;
|
|
}
|
|
|
|
|
|
function deleteUser($userID): array
|
|
{
|
|
global $mysqli;
|
|
$status = ["Status" => "Fail"];
|
|
if (!empty($userID) && isUserAdmin()) {
|
|
$stmt = $mysqli->prepare("DELETE FROM Users WHERE ID = ?");
|
|
$stmt->bind_param("i", $userID);
|
|
$stmt->execute();
|
|
if ($stmt->affected_rows > 0) {
|
|
$status["Status"] = "Success";
|
|
}
|
|
$stmt->close();
|
|
}
|
|
return $status;
|
|
}
|
|
|
|
function deleteActivationCode($activationCode): array
|
|
{
|
|
global $mysqli;
|
|
$status = ["Status" => "Fail"];
|
|
if (!empty($activationCode) && isUserAdmin()) {
|
|
$stmt = $mysqli->prepare("DELETE FROM Users WHERE ActivationToken = ?");
|
|
$stmt->bind_param("s", $activationCode);
|
|
$stmt->execute();
|
|
if ($stmt->affected_rows > 0) {
|
|
$status["Status"] = "Success";
|
|
}
|
|
$stmt->close();
|
|
}
|
|
return $status;
|
|
} |