2018-07-13 18:39:55 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Copyright (c) Codiad & Kent Safranski (codiad.com), distributed
|
|
|
|
* as-is and without warranty under the MIT License. See
|
|
|
|
* [root]/license.txt for more. This information must remain intact.
|
|
|
|
*/
|
|
|
|
|
2018-11-19 19:30:49 +01:00
|
|
|
require_once( "../settings/class.settings.php" );
|
|
|
|
|
2018-10-11 16:17:41 +02:00
|
|
|
class User {
|
|
|
|
|
2019-02-10 06:35:15 +01:00
|
|
|
const ACCESS = array(
|
|
|
|
"admin",
|
|
|
|
"user"
|
|
|
|
);
|
|
|
|
|
2018-10-11 16:17:41 +02:00
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
// PROPERTIES
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
2018-11-10 06:41:28 +01:00
|
|
|
public $access = 'user';
|
2018-10-11 16:17:41 +02:00
|
|
|
public $username = '';
|
|
|
|
public $password = '';
|
|
|
|
public $project = '';
|
|
|
|
public $projects = '';
|
|
|
|
public $users = '';
|
|
|
|
public $actives = '';
|
|
|
|
public $lang = '';
|
|
|
|
public $theme = '';
|
|
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
// METHODS
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
// -----------------------------||----------------------------- //
|
|
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
// Construct
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
public function __construct() {
|
|
|
|
|
|
|
|
$this->actives = getJSON( 'active.php' );
|
|
|
|
}
|
|
|
|
|
2018-11-10 06:41:28 +01:00
|
|
|
public function add_user() {
|
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
global $sql;
|
|
|
|
$query = "INSERT INTO users( username, password, access, project ) VALUES ( ?, ?, ?, ? );";
|
2018-11-10 06:41:28 +01:00
|
|
|
$bind_variables = array( $this->username, $this->password, $this->access, null );
|
2019-02-04 22:42:12 +01:00
|
|
|
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
|
2018-11-10 06:41:28 +01:00
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
if( $return > 0 ) {
|
2018-11-10 06:41:28 +01:00
|
|
|
|
2018-11-19 19:30:49 +01:00
|
|
|
$this->set_default_options();
|
2018-11-10 06:41:28 +01:00
|
|
|
echo formatJSEND( "success", array( "username" => $this->username ) );
|
|
|
|
} else {
|
|
|
|
|
|
|
|
echo formatJSEND( "error", "The Username is Already Taken" );
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-11-19 19:30:49 +01:00
|
|
|
public function delete_user() {
|
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
global $sql;
|
|
|
|
$query = "DELETE FROM user_options WHERE username=?;";
|
2018-11-19 19:30:49 +01:00
|
|
|
$bind_variables = array( $this->username );
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
$return = $sql->query( $query, $bind_variables, -1, "rowCount" );
|
|
|
|
if( $return > -1 ) {
|
2018-11-19 19:30:49 +01:00
|
|
|
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
$query = "DELETE FROM projects WHERE owner=? AND access IN ( ?,?,?,?,? );";
|
|
|
|
$bind_variables = array(
|
|
|
|
$this->username,
|
|
|
|
"null",
|
|
|
|
null,
|
|
|
|
"[]",
|
|
|
|
"",
|
|
|
|
json_encode( array( $this->username ) )
|
|
|
|
);
|
|
|
|
$return = $sql->query( $query, $bind_variables, -1, "rowCount" );
|
2018-11-19 19:30:49 +01:00
|
|
|
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
if( $return > -1 ) {
|
2018-11-19 19:30:49 +01:00
|
|
|
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
$query = "DELETE FROM users WHERE username=?;";
|
|
|
|
$bind_variables = array( $this->username );
|
|
|
|
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
|
|
|
|
|
|
|
|
if( $return > 0 ) {
|
|
|
|
|
|
|
|
echo formatJSEND( "success", null );
|
|
|
|
} else {
|
|
|
|
|
|
|
|
echo formatJSEND( "error", "Error deleting user information." );
|
|
|
|
}
|
2018-11-19 19:30:49 +01:00
|
|
|
} else {
|
|
|
|
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
echo formatJSEND( "error", "Error deleting user project information." );
|
2018-11-19 19:30:49 +01:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
echo formatJSEND( "error", "Error deleting user option information." );
|
2018-11-19 19:30:49 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-11-10 06:41:28 +01:00
|
|
|
public function get_user( $username ) {
|
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
global $sql;
|
|
|
|
$query = "SELECT * FROM users WHERE username=?";
|
2018-11-10 06:41:28 +01:00
|
|
|
$bind_variables = array( $username );
|
2019-02-04 22:42:12 +01:00
|
|
|
$return = $sql->query( $query, $bind_variables, array() );
|
2018-11-10 06:41:28 +01:00
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
if( ! empty( $return ) ) {
|
2018-11-10 06:41:28 +01:00
|
|
|
|
|
|
|
echo formatJSEND( "success", $return );
|
|
|
|
} else {
|
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
echo formatJSEND( "error", "Could not select user." );
|
2018-11-10 06:41:28 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
public function list_users() {
|
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
global $sql;
|
|
|
|
$query = "SELECT * FROM users";
|
|
|
|
$return = $sql->query( $query, array(), array() );
|
2018-11-10 06:41:28 +01:00
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
if( ! empty( $return ) ) {
|
|
|
|
|
|
|
|
return $return;
|
|
|
|
} else {
|
|
|
|
|
|
|
|
echo formatJSEND( "error", "Error can not select users." );
|
|
|
|
return array();
|
|
|
|
}
|
2018-11-10 06:41:28 +01:00
|
|
|
}
|
2018-11-19 19:30:49 +01:00
|
|
|
|
|
|
|
public function set_default_options() {
|
|
|
|
|
|
|
|
foreach( Settings::DEFAULT_OPTIONS as $id => $option ) {
|
|
|
|
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
global $sql;
|
|
|
|
$query = "INSERT INTO user_options ( name, username, value ) VALUES ( ?, ?, ? );";
|
|
|
|
$bind_variables = array(
|
|
|
|
$option["name"],
|
|
|
|
$this->username,
|
|
|
|
$option["value"],
|
|
|
|
);
|
|
|
|
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
|
|
|
|
|
|
|
|
if( $result == 0 ) {
|
|
|
|
|
|
|
|
$query = "UPDATE user_options SET value=? WHERE name=? AND username=?;";
|
|
|
|
$bind_variables = array(
|
|
|
|
$option["value"],
|
|
|
|
$option["name"],
|
|
|
|
$this->username,
|
|
|
|
);
|
|
|
|
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
|
|
|
|
}
|
2018-11-19 19:30:49 +01:00
|
|
|
}
|
|
|
|
}
|
2018-11-10 06:41:28 +01:00
|
|
|
|
2018-10-11 16:17:41 +02:00
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
// Authenticate
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
public function Authenticate() {
|
2018-07-27 19:59:08 +02:00
|
|
|
|
2019-02-13 19:42:43 +01:00
|
|
|
ini_set('display_errors', 1);
|
|
|
|
ini_set('display_startup_errors', 1);
|
|
|
|
error_reporting(E_ALL);
|
|
|
|
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
if( $this->username == "" || $this->password == "" ) {
|
|
|
|
|
2019-02-13 19:42:43 +01:00
|
|
|
exit( formatJSEND( "error", "Username or password can not be blank." ) );
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
}
|
|
|
|
|
2018-10-11 16:17:41 +02:00
|
|
|
if( ! is_dir( SESSIONS_PATH ) ) {
|
2018-07-27 19:59:08 +02:00
|
|
|
|
|
|
|
mkdir( SESSIONS_PATH, 00755 );
|
|
|
|
}
|
|
|
|
|
|
|
|
$permissions = array(
|
|
|
|
"755",
|
|
|
|
"0755"
|
|
|
|
);
|
|
|
|
|
|
|
|
$server_user = posix_getpwuid( posix_geteuid() );
|
|
|
|
$sessions_permissions = substr( sprintf( '%o', fileperms( SESSIONS_PATH ) ), -4 );
|
|
|
|
$sessions_owner = posix_getpwuid( fileowner( SESSIONS_PATH ) );
|
|
|
|
|
2019-03-03 17:38:22 +01:00
|
|
|
if( is_array( $server_user ) ) {
|
|
|
|
|
|
|
|
$server_user = $server_user["uid"];
|
|
|
|
}
|
|
|
|
|
2018-10-11 16:17:41 +02:00
|
|
|
if( ! ( $sessions_owner === $server_user ) ) {
|
2018-07-27 19:59:08 +02:00
|
|
|
|
|
|
|
try {
|
|
|
|
|
|
|
|
chown( SESSIONS_PATH, $server_user );
|
|
|
|
} catch( Exception $e ) {
|
|
|
|
|
2019-02-13 19:42:43 +01:00
|
|
|
exit( formatJSEND("error", "Error, incorrect owner of sessions folder. Expecting: $server_user, Recieved: " . $sessions_owner ) );
|
2018-07-27 19:59:08 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-10-11 16:17:41 +02:00
|
|
|
if( ! in_array( $sessions_permissions, $permissions ) ) {
|
2018-07-27 19:59:08 +02:00
|
|
|
|
|
|
|
try {
|
|
|
|
|
|
|
|
chmod( SESSIONS_PATH, 00755 );
|
|
|
|
} catch( Exception $e ) {
|
|
|
|
|
2019-02-13 19:42:43 +01:00
|
|
|
exit( formatJSEND("error", "Error, incorrect permissions on sessions folder. Expecting: 0755, Recieved: " . $sessions_permissions ) );
|
2018-07-27 19:59:08 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
global $sql;
|
2018-10-11 16:17:41 +02:00
|
|
|
$pass = false;
|
|
|
|
$this->EncryptPassword();
|
2019-02-04 22:42:12 +01:00
|
|
|
$query = "SELECT * FROM users WHERE username=? AND password=?;";
|
2018-11-10 06:41:28 +01:00
|
|
|
$bind_variables = array( $this->username, $this->password );
|
2019-02-04 22:42:12 +01:00
|
|
|
$return = $sql->query( $query, $bind_variables, array() );
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Check and make sure the user is not using the old encryption.
|
|
|
|
*/
|
2018-11-10 06:41:28 +01:00
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
if( ( strtolower( DBTYPE ) == "mysql" ) && empty( $return ) ) {
|
|
|
|
|
|
|
|
$query = "SELECT * FROM users WHERE username=? AND password=PASSWORD( ? );";
|
|
|
|
$bind_variables = array( $this->username, $this->password );
|
|
|
|
$return = $sql->query( $query, $bind_variables, array() );
|
|
|
|
|
|
|
|
if( ! empty( $return ) ) {
|
|
|
|
|
|
|
|
$query = "UPDATE users SET password=? WHERE username=?;";
|
|
|
|
$bind_variables = array( $this->password, $this->username );
|
|
|
|
$return = $sql->query( $query, $bind_variables, array() );
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if( ! empty( $return ) ) {
|
2018-10-11 16:17:41 +02:00
|
|
|
|
2018-11-10 06:41:28 +01:00
|
|
|
$pass = true;
|
|
|
|
$token = mb_strtoupper( strval( bin2hex( openssl_random_pseudo_bytes( 16 ) ) ) );
|
|
|
|
$_SESSION['id'] = SESSION_ID;
|
|
|
|
$_SESSION['user'] = $this->username;
|
|
|
|
$_SESSION['token'] = $token;
|
|
|
|
$_SESSION['lang'] = $this->lang;
|
|
|
|
$_SESSION['theme'] = $this->theme;
|
|
|
|
$_SESSION["login_session"] = true;
|
2019-02-04 22:42:12 +01:00
|
|
|
$user = $return;
|
2018-11-10 06:41:28 +01:00
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
$query = "UPDATE users SET token=? WHERE username=?;";
|
|
|
|
$bind_variables = array( sha1( $token ), $this->username );
|
2019-03-03 17:38:22 +01:00
|
|
|
$return = $sql->query( $query, $bind_variables, 0, 'rowCount' );
|
2018-11-10 06:41:28 +01:00
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
if( isset( $user['project'] ) && $user['project'] != '' ) {
|
2018-10-11 16:17:41 +02:00
|
|
|
|
2018-11-10 06:41:28 +01:00
|
|
|
$_SESSION['project'] = $user['project'];
|
2018-10-11 16:17:41 +02:00
|
|
|
}
|
2018-11-10 06:41:28 +01:00
|
|
|
|
|
|
|
$this->checkDuplicateSessions( $this->username );
|
2018-10-11 16:17:41 +02:00
|
|
|
}
|
2018-07-24 20:27:53 +02:00
|
|
|
|
2018-10-11 16:17:41 +02:00
|
|
|
if( $pass ) {
|
|
|
|
|
|
|
|
echo formatJSEND( "success", array( "username" => $this->username ) );
|
|
|
|
} else {
|
|
|
|
|
|
|
|
echo formatJSEND( "error", "Incorrect Username or Password" );
|
|
|
|
}
|
|
|
|
}
|
2018-07-27 19:59:08 +02:00
|
|
|
|
2018-10-11 16:17:41 +02:00
|
|
|
/**
|
|
|
|
* Check duplicate sessions
|
|
|
|
*
|
|
|
|
* This function checks to see if the user is currently logged in
|
2019-03-03 17:38:22 +01:00
|
|
|
* on any other machine and if they are then log them off using
|
|
|
|
* session_destroy, otherwise close the session without saving data
|
|
|
|
* using session abort().
|
|
|
|
*
|
|
|
|
* This should help fix the issue with auto save
|
|
|
|
* attempting to save both users at the same time.
|
2018-10-11 16:17:41 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
public static function checkDuplicateSessions( $username ) {
|
|
|
|
|
|
|
|
session_write_close();
|
|
|
|
$all_sessions = array();
|
|
|
|
$sessions = glob( SESSIONS_PATH . "/*" );
|
|
|
|
session_id( SESSION_ID );
|
|
|
|
|
|
|
|
foreach( $sessions as $session ) {
|
|
|
|
|
|
|
|
if( strpos( $session, "sess_") == false ) {
|
|
|
|
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
$session = str_replace( "sess_", "", $session );
|
|
|
|
$session = str_replace( SESSIONS_PATH . "/", "", $session );
|
|
|
|
//This skips temp files that aren't sessions
|
|
|
|
if( strpos( $session, "." ) == false ) {
|
|
|
|
|
|
|
|
session_id( $session );
|
|
|
|
session_start();
|
|
|
|
$_SESSION["id"] = $session;
|
|
|
|
array_push( $all_sessions, $_SESSION );
|
|
|
|
|
|
|
|
if( isset( $_SESSION["user"] ) && $_SESSION["user"] === $username && isset( $_SESSION["login_session"] ) && $_SESSION["login_session"] === true && SESSION_ID !== session_id() ) {
|
|
|
|
|
|
|
|
session_destroy();
|
|
|
|
} else {
|
|
|
|
|
|
|
|
session_abort();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
session_id( SESSION_ID );
|
|
|
|
session_start();
|
|
|
|
}
|
|
|
|
|
2018-11-10 06:41:28 +01:00
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
// Check Duplicate
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
public function CheckDuplicate() {
|
|
|
|
|
|
|
|
$pass = true;
|
|
|
|
foreach( $this->users as $user => $data ) {
|
|
|
|
|
|
|
|
if( $data['username'] == $this->username ) {
|
|
|
|
|
|
|
|
$pass = false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return $pass;
|
|
|
|
}
|
|
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
// Clean username
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
public static function CleanUsername( $username ) {
|
|
|
|
|
2019-03-04 21:09:48 +01:00
|
|
|
return strtolower( preg_replace( '#[^A-Za-z0-9' . preg_quote( '-_@. ').']#', '', $username ) );
|
2018-11-10 06:41:28 +01:00
|
|
|
}
|
|
|
|
|
2018-10-11 16:17:41 +02:00
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
// Create Account
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
public function Create() {
|
|
|
|
|
|
|
|
$this->EncryptPassword();
|
2018-11-10 06:41:28 +01:00
|
|
|
$this->add_user();
|
2018-10-11 16:17:41 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
// Delete Account
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
public function Delete() {
|
|
|
|
|
2018-11-19 19:30:49 +01:00
|
|
|
$this->delete_user();
|
2018-10-11 16:17:41 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////
|
2018-11-10 06:41:28 +01:00
|
|
|
// Encrypt Password
|
2018-10-11 16:17:41 +02:00
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
2018-11-10 06:41:28 +01:00
|
|
|
private function EncryptPassword() {
|
2018-10-11 16:17:41 +02:00
|
|
|
|
2018-11-10 06:41:28 +01:00
|
|
|
$this->password = sha1( md5( $this->password ) );
|
2018-10-11 16:17:41 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////
|
2018-11-10 06:41:28 +01:00
|
|
|
// Change Password
|
2018-10-11 16:17:41 +02:00
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
2018-11-10 06:41:28 +01:00
|
|
|
public function Password() {
|
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
global $sql;
|
2018-11-10 06:41:28 +01:00
|
|
|
$this->EncryptPassword();
|
2019-02-04 22:42:12 +01:00
|
|
|
$query = "UPDATE users SET password=? WHERE username=?;";
|
2018-11-10 06:41:28 +01:00
|
|
|
$bind_variables = array( $this->password, $this->username );
|
2019-02-04 22:42:12 +01:00
|
|
|
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
|
2018-10-11 16:17:41 +02:00
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
if( $return > 0 ) {
|
2018-10-11 16:17:41 +02:00
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
echo formatJSEND( "success", "Password changed" );
|
2018-10-11 16:17:41 +02:00
|
|
|
} else {
|
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
echo formatJSEND( "error", "Error changing password" );
|
2018-10-11 16:17:41 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
// Set Current Project
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
public function Project() {
|
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
global $sql;
|
|
|
|
$query = "UPDATE users SET project=? WHERE username=?;";
|
2018-11-10 06:41:28 +01:00
|
|
|
$bind_variables = array( $this->project, $this->username );
|
2019-02-04 22:42:12 +01:00
|
|
|
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
|
2018-11-10 06:41:28 +01:00
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
if( $return > 0 ) {
|
2018-10-11 16:17:41 +02:00
|
|
|
|
2018-11-10 06:41:28 +01:00
|
|
|
echo formatJSEND( "success", null );
|
|
|
|
} else {
|
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
echo formatJSEND( "error", "Error updating project" );
|
2018-10-11 16:17:41 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-02-11 00:10:21 +01:00
|
|
|
public function update_access() {
|
|
|
|
|
|
|
|
global $sql;
|
|
|
|
$query = "UPDATE users SET access=? WHERE username=?;";
|
|
|
|
$bind_variables = array( $this->access, $this->username );
|
|
|
|
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
|
|
|
|
|
|
|
|
if( $return > 0 ) {
|
|
|
|
|
|
|
|
echo formatJSEND( "success", "Updated access for {$this->username}" );
|
|
|
|
} else {
|
|
|
|
|
|
|
|
echo formatJSEND( "error", "Error updating project" );
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-10-11 16:17:41 +02:00
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
// Verify Account Exists
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
public function Verify() {
|
|
|
|
|
|
|
|
$pass = 'false';
|
|
|
|
foreach( $this->users as $user => $data ) {
|
|
|
|
|
|
|
|
if( $this->username == $data['username'] ) {
|
|
|
|
|
|
|
|
$pass = 'true';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
echo( $pass );
|
|
|
|
}
|
2018-07-26 21:39:40 +02:00
|
|
|
}
|