178 lines
6.8 KiB
PHP
178 lines
6.8 KiB
PHP
<?php
|
|
namespace App;
|
|
require_once($_SERVER['DOCUMENT_ROOT'] . '/rss/php/autoload.php');
|
|
require_once($_SERVER['DOCUMENT_ROOT'] . '/rss/php/conf.php');
|
|
|
|
use PDO;
|
|
use PDOException;
|
|
use Exception;
|
|
|
|
class Users extends Sys{
|
|
public $id;
|
|
public $fName;
|
|
public $lName;
|
|
public $email;
|
|
public $cemail;
|
|
public $psw;
|
|
public $cpsw;
|
|
private $loginState;
|
|
|
|
public function __construct(){
|
|
global $conn;
|
|
$this->conn = $conn;
|
|
}
|
|
|
|
public function login(){
|
|
if($this->isAuth()){
|
|
return $this->createResponse('success', 'Logged in');
|
|
}else{
|
|
if($this->validateVar($this->email) && $this->validateVar($this->psw)){
|
|
$stmt = $this->conn->prepare('SELECT id, psw FROM users WHERE email = :email');
|
|
$stmt->bindValue(':email', $this->email);
|
|
$stmt->execute();
|
|
if($user = $stmt->fetch(PDO::FETCH_ASSOC)){
|
|
if(password_verify($this->psw, $user['psw'])){
|
|
$auth_hash = bin2hex(random_bytes(16));
|
|
$this->id = intval($user['id']);
|
|
setcookie("user_hash", $auth_hash, [
|
|
'expires' => time() + 2678400,
|
|
'path' => '/',
|
|
// 'secure' => true, // Enable on publish
|
|
'httponly' => true,
|
|
'samesite' => 'Strict',
|
|
'domain' => $_SERVER['HTTP_HOST']
|
|
]);
|
|
|
|
setcookie("usid", $this->id, [
|
|
'expires' => time() + 2678400,
|
|
'path' => '/',
|
|
// 'secure' => true, // Enable on publish
|
|
'httponly' => false,
|
|
'samesite' => 'Strict',
|
|
'domain' => $_SERVER['HTTP_HOST']
|
|
]);
|
|
|
|
$stmt = $this->conn->prepare('INSERT INTO user_sessions (user_hash, user_id, login_ip) VALUES (:user_hash, :user_id, :login_ip)');
|
|
$stmt->bindValue(':user_hash', $auth_hash);
|
|
$stmt->bindValue(':user_id', $user['id']);
|
|
$stmt->bindValue(':login_ip', $_SERVER['REMOTE_ADDR']);
|
|
$stmt->execute();
|
|
return $this->createResponse('success', 'Logged in');
|
|
}else{
|
|
return $this->createResponse('fail', 'Incorrect details');
|
|
}
|
|
}else{
|
|
return $this->createResponse('fail', 'Incorrect details');
|
|
}
|
|
}else{
|
|
return $this->createResponse('fail', 'Please fill out all the fields');
|
|
}
|
|
}
|
|
}
|
|
|
|
public function logout(){
|
|
if(!$this->isAuth()){
|
|
return true;
|
|
}
|
|
|
|
$stmt = $this->conn->prepare('DELETE FROM user_sessions WHERE user_hash = :user_hash AND user_id = :user_id AND login_ip = :login_ip');
|
|
$stmt->bindValue(':user_hash', $_COOKIE['user_hash']);
|
|
$stmt->bindValue(':user_id', intval($_COOKIE['usid']));
|
|
$stmt->bindValue(':login_ip', $_SERVER['REMOTE_ADDR']);
|
|
$stmt->execute();
|
|
|
|
if(isset($_SERVER['HTTP_COOKIE'])) {
|
|
$cookies = explode(';', $_SERVER['HTTP_COOKIE']);
|
|
foreach ($cookies as $cookie) {
|
|
$parts = explode('=', $cookie);
|
|
$name = trim($parts[0]);
|
|
setcookie($name, '', time() - 1000);
|
|
setcookie($name, '', time() - 1000, '/');
|
|
setcookie($name, '', time() - 1000, '/', $_SERVER['HTTP_HOST']);
|
|
}
|
|
session_destroy();
|
|
}
|
|
}
|
|
|
|
public function create_user(){
|
|
// Validate inputs
|
|
if(!$this->validateVar($this->fName)){
|
|
return $this->createResponse('fail', 'Please enter your first name');
|
|
}
|
|
|
|
if(!$this->validateVar($this->lName)){
|
|
return $this->createResponse('fail', 'Please enter your last name');
|
|
}
|
|
|
|
if(!$this->validateVar($this->email)){
|
|
return $this->createResponse('fail', 'Please enter your email');
|
|
}
|
|
|
|
if($this->email != $this->cemail){
|
|
return $this->createResponse('fail', 'The email adresses do not match');
|
|
}
|
|
|
|
if(!filter_var($this->email, FILTER_VALIDATE_EMAIL)){
|
|
return $this->createResponse('fail', 'Please enter a valid email');
|
|
}
|
|
|
|
if($this->psw != $this->cpsw){
|
|
return $this->createResponse('fail', 'Please enter a valid password');
|
|
}
|
|
|
|
if(strlen($this->psw) < 6){
|
|
return $this->createResponse('fail', 'Your password needs to be at least 6 characters');
|
|
}
|
|
|
|
$stm = $this->conn->prepare('SELECT * FROM users WHERE email = :email');
|
|
$stm->bindValue(':email', $this->email);
|
|
$stm->execute();
|
|
|
|
if($stm->rowCount()){
|
|
return $this->createResponse('fail', 'Email already exists');
|
|
}
|
|
|
|
$password = password_hash(trim($this->psw), PASSWORD_BCRYPT, array('cost' => 12));
|
|
|
|
$stmt = $this->conn->prepare('INSERT INTO users (fname, lname, email, psw) VALUES (:fname, :lname, :email, :psw)');
|
|
$stmt->bindValue(':fname', trim($this->fName));
|
|
$stmt->bindValue(':lname', trim($this->lName));
|
|
$stmt->bindValue(':email', trim($this->email));
|
|
$stmt->bindValue(':psw', $password);
|
|
$stmt->execute();
|
|
|
|
if($stmt->rowCount()){
|
|
return $this->createResponse('success', 'Account has been created');
|
|
}else{
|
|
return $this->createResponse('fail', 'Something went wrong. Please try again or contact support');
|
|
}
|
|
}
|
|
|
|
public function isAuth(){
|
|
if(isset($_COOKIE['user_hash']) && !empty($_COOKIE['user_hash'])){
|
|
$user_ip = $_SERVER['REMOTE_ADDR'];
|
|
$user_hash = $_COOKIE['user_hash'];
|
|
$user_id = intval($_COOKIE['usid']);
|
|
$stmt = $this->conn->prepare('SELECT * FROM user_sessions WHERE user_hash = :user_hash AND user_id = :user_id AND login_ip = :user_ip');
|
|
$stmt->bindValue(':user_hash', $user_hash);
|
|
$stmt->bindValue(':user_id', $user_id);
|
|
$stmt->bindValue(':user_ip', $user_ip);
|
|
$stmt->execute();
|
|
return $stmt->rowCount();
|
|
}else{
|
|
return false;
|
|
}
|
|
}
|
|
|
|
public function getMyself(){
|
|
if($this->isAuth()){
|
|
$user_id = intval($_COOKIE['usid']);
|
|
$stmt = $this->conn->prepare('SELECT * FROM users WHERE id = :id');
|
|
$stmt->bindValue(':id', $user_id);
|
|
$stmt->execute();
|
|
$user = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
unset($user['psw']);
|
|
return $user;
|
|
}
|
|
}
|
|
} |