2018-07-13 18:39:55 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Copyright (c) Codiad & Kent Safranski (codiad.com), distributed
|
|
|
|
* as-is and without warranty under the MIT License. See
|
|
|
|
* [root]/license.txt for more. This information must remain intact.
|
|
|
|
*/
|
|
|
|
|
2018-11-19 19:30:49 +01:00
|
|
|
require_once( "../settings/class.settings.php" );
|
|
|
|
|
2018-10-11 16:17:41 +02:00
|
|
|
class User {
|
|
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
// PROPERTIES
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
// METHODS
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
// -----------------------------||----------------------------- //
|
|
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
// Construct
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
public function __construct() {
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2019-10-16 16:20:09 +02:00
|
|
|
public function add_user( $username, $password, $access ) {
|
2018-11-10 06:41:28 +01:00
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
global $sql;
|
|
|
|
$query = "INSERT INTO users( username, password, access, project ) VALUES ( ?, ?, ?, ? );";
|
2019-10-16 16:20:09 +02:00
|
|
|
$bind_variables = array( $username, $password, $access, null );
|
2019-02-04 22:42:12 +01:00
|
|
|
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
|
2019-10-16 16:20:09 +02:00
|
|
|
$pass = false;
|
2018-11-10 06:41:28 +01:00
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
if( $return > 0 ) {
|
2018-11-10 06:41:28 +01:00
|
|
|
|
2019-10-16 16:20:09 +02:00
|
|
|
$this->set_default_options( $username );
|
|
|
|
$pass = true;
|
2018-11-10 06:41:28 +01:00
|
|
|
}
|
2019-10-16 16:20:09 +02:00
|
|
|
return false;
|
2018-11-10 06:41:28 +01:00
|
|
|
}
|
|
|
|
|
2019-10-16 16:20:09 +02:00
|
|
|
public function delete_user( $username ) {
|
2018-11-19 19:30:49 +01:00
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
global $sql;
|
2019-10-16 16:20:09 +02:00
|
|
|
$query = "DELETE FROM user_options WHERE user=( SELECT id FROM users WHERE username=? );";
|
|
|
|
$bind_variables = array( $username );
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
$return = $sql->query( $query, $bind_variables, -1, "rowCount" );
|
|
|
|
if( $return > -1 ) {
|
2018-11-19 19:30:49 +01:00
|
|
|
|
2019-10-16 16:20:09 +02:00
|
|
|
//TODO: add new permissions system to delete cleanup
|
|
|
|
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
$query = "DELETE FROM projects WHERE owner=? AND access IN ( ?,?,?,?,? );";
|
|
|
|
$bind_variables = array(
|
2019-10-16 16:20:09 +02:00
|
|
|
$username,
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
"null",
|
|
|
|
null,
|
|
|
|
"[]",
|
|
|
|
"",
|
2019-10-16 16:20:09 +02:00
|
|
|
json_encode( array( $username ) )
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
);
|
|
|
|
$return = $sql->query( $query, $bind_variables, -1, "rowCount" );
|
2018-11-19 19:30:49 +01:00
|
|
|
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
if( $return > -1 ) {
|
2018-11-19 19:30:49 +01:00
|
|
|
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
$query = "DELETE FROM users WHERE username=?;";
|
2019-10-16 16:20:09 +02:00
|
|
|
$bind_variables = array( $username );
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
|
|
|
|
|
|
|
|
if( $return > 0 ) {
|
|
|
|
|
|
|
|
echo formatJSEND( "success", null );
|
|
|
|
} else {
|
|
|
|
|
|
|
|
echo formatJSEND( "error", "Error deleting user information." );
|
|
|
|
}
|
2018-11-19 19:30:49 +01:00
|
|
|
} else {
|
|
|
|
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
echo formatJSEND( "error", "Error deleting user project information." );
|
2018-11-19 19:30:49 +01:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
echo formatJSEND( "error", "Error deleting user option information." );
|
2018-11-19 19:30:49 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-11-10 06:41:28 +01:00
|
|
|
public function get_user( $username ) {
|
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
global $sql;
|
|
|
|
$query = "SELECT * FROM users WHERE username=?";
|
2018-11-10 06:41:28 +01:00
|
|
|
$bind_variables = array( $username );
|
2019-02-04 22:42:12 +01:00
|
|
|
$return = $sql->query( $query, $bind_variables, array() );
|
2018-11-10 06:41:28 +01:00
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
if( ! empty( $return ) ) {
|
2018-11-10 06:41:28 +01:00
|
|
|
|
|
|
|
echo formatJSEND( "success", $return );
|
|
|
|
} else {
|
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
echo formatJSEND( "error", "Could not select user." );
|
2018-11-10 06:41:28 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
public function list_users() {
|
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
global $sql;
|
|
|
|
$query = "SELECT * FROM users";
|
|
|
|
$return = $sql->query( $query, array(), array() );
|
2018-11-10 06:41:28 +01:00
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
if( ! empty( $return ) ) {
|
|
|
|
|
|
|
|
return $return;
|
|
|
|
} else {
|
|
|
|
|
|
|
|
echo formatJSEND( "error", "Error can not select users." );
|
|
|
|
return array();
|
|
|
|
}
|
2018-11-10 06:41:28 +01:00
|
|
|
}
|
2018-11-19 19:30:49 +01:00
|
|
|
|
2019-10-16 16:20:09 +02:00
|
|
|
public function set_default_options( $username ) {
|
2018-11-19 19:30:49 +01:00
|
|
|
|
|
|
|
foreach( Settings::DEFAULT_OPTIONS as $id => $option ) {
|
|
|
|
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
global $sql;
|
2019-10-16 16:20:09 +02:00
|
|
|
$query = "INSERT INTO user_options ( name, user, value ) VALUES ( ?, ( SELECT id FROM users WHERE username=? ), ? );";
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
$bind_variables = array(
|
|
|
|
$option["name"],
|
2019-10-16 16:20:09 +02:00
|
|
|
$username,
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
$option["value"],
|
|
|
|
);
|
|
|
|
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
|
|
|
|
|
|
|
|
if( $result == 0 ) {
|
|
|
|
|
2019-10-16 16:20:09 +02:00
|
|
|
$query = "UPDATE user_options SET value=? WHERE name=? AND user=( SELECT id FROM users WHERE username=? );";
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
$bind_variables = array(
|
|
|
|
$option["value"],
|
|
|
|
$option["name"],
|
2019-10-16 16:20:09 +02:00
|
|
|
$username,
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
);
|
|
|
|
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
|
|
|
|
}
|
2018-11-19 19:30:49 +01:00
|
|
|
}
|
|
|
|
}
|
2018-11-10 06:41:28 +01:00
|
|
|
|
2018-10-11 16:17:41 +02:00
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
// Authenticate
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
2019-10-16 16:20:09 +02:00
|
|
|
public function Authenticate( $username, $password ) {
|
2019-03-03 17:38:22 +01:00
|
|
|
|
2019-10-16 16:20:09 +02:00
|
|
|
if( $username == "" || $password == "" ) {
|
2018-07-27 19:59:08 +02:00
|
|
|
|
2019-10-16 16:20:09 +02:00
|
|
|
return false;
|
2018-07-27 19:59:08 +02:00
|
|
|
}
|
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
global $sql;
|
2018-10-11 16:17:41 +02:00
|
|
|
$pass = false;
|
2019-10-18 21:58:01 +02:00
|
|
|
$password = $this->encrypt_password( $password );
|
2019-02-04 22:42:12 +01:00
|
|
|
$query = "SELECT * FROM users WHERE username=? AND password=?;";
|
2019-10-16 16:20:09 +02:00
|
|
|
$bind_variables = array( $username, $password );
|
2019-02-04 22:42:12 +01:00
|
|
|
$return = $sql->query( $query, $bind_variables, array() );
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Check and make sure the user is not using the old encryption.
|
|
|
|
*/
|
2018-11-10 06:41:28 +01:00
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
if( ( strtolower( DBTYPE ) == "mysql" ) && empty( $return ) ) {
|
|
|
|
|
|
|
|
$query = "SELECT * FROM users WHERE username=? AND password=PASSWORD( ? );";
|
2019-10-16 16:20:09 +02:00
|
|
|
$bind_variables = array( $username, $password );
|
2019-02-04 22:42:12 +01:00
|
|
|
$return = $sql->query( $query, $bind_variables, array() );
|
|
|
|
|
|
|
|
if( ! empty( $return ) ) {
|
|
|
|
|
|
|
|
$query = "UPDATE users SET password=? WHERE username=?;";
|
2019-10-16 16:20:09 +02:00
|
|
|
$bind_variables = array( $password, $username );
|
2019-02-04 22:42:12 +01:00
|
|
|
$return = $sql->query( $query, $bind_variables, array() );
|
2019-03-13 18:57:32 +01:00
|
|
|
|
|
|
|
$query = "SELECT * FROM users WHERE username=? AND password=?;";
|
2019-10-16 16:20:09 +02:00
|
|
|
$bind_variables = array( $username, $password );
|
2019-03-13 18:57:32 +01:00
|
|
|
$return = $sql->query( $query, $bind_variables, array() );
|
2019-02-04 22:42:12 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if( ! empty( $return ) ) {
|
2018-10-11 16:17:41 +02:00
|
|
|
|
2019-07-02 00:22:33 +02:00
|
|
|
$user = $return[0];
|
2018-11-10 06:41:28 +01:00
|
|
|
$pass = true;
|
|
|
|
$token = mb_strtoupper( strval( bin2hex( openssl_random_pseudo_bytes( 16 ) ) ) );
|
|
|
|
$_SESSION['id'] = SESSION_ID;
|
2019-10-16 16:20:09 +02:00
|
|
|
$_SESSION['user'] = $username;
|
2019-07-02 00:22:33 +02:00
|
|
|
$_SESSION['user_id'] = $user["id"];
|
2018-11-10 06:41:28 +01:00
|
|
|
$_SESSION['token'] = $token;
|
|
|
|
$_SESSION["login_session"] = true;
|
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
$query = "UPDATE users SET token=? WHERE username=?;";
|
2019-10-18 21:58:01 +02:00
|
|
|
$bind_variables = array( sha1( $token ), $username );
|
2019-03-03 17:38:22 +01:00
|
|
|
$return = $sql->query( $query, $bind_variables, 0, 'rowCount' );
|
2019-10-16 16:20:09 +02:00
|
|
|
$projects = $sql->query( "SELECT path FROM projects WHERE id = ?", array( $user["project"] ), array() );
|
2018-11-10 06:41:28 +01:00
|
|
|
|
2019-07-02 00:22:33 +02:00
|
|
|
if( isset( $user['project'] ) && $user['project'] != '' && ! empty( $projects ) ) {
|
2018-10-11 16:17:41 +02:00
|
|
|
|
2019-07-02 00:22:33 +02:00
|
|
|
$_SESSION['project'] = $projects[0]["path"];
|
|
|
|
$_SESSION['project_id'] = $user['project'];
|
2018-10-11 16:17:41 +02:00
|
|
|
}
|
2018-11-10 06:41:28 +01:00
|
|
|
|
2019-10-16 16:20:09 +02:00
|
|
|
$this->checkDuplicateSessions( $username );
|
2018-10-11 16:17:41 +02:00
|
|
|
}
|
2019-10-16 16:20:09 +02:00
|
|
|
return $pass;
|
2018-10-11 16:17:41 +02:00
|
|
|
}
|
2018-07-27 19:59:08 +02:00
|
|
|
|
2018-10-11 16:17:41 +02:00
|
|
|
/**
|
|
|
|
* Check duplicate sessions
|
|
|
|
*
|
|
|
|
* This function checks to see if the user is currently logged in
|
2019-03-03 17:38:22 +01:00
|
|
|
* on any other machine and if they are then log them off using
|
|
|
|
* session_destroy, otherwise close the session without saving data
|
|
|
|
* using session abort().
|
|
|
|
*
|
|
|
|
* This should help fix the issue with auto save
|
|
|
|
* attempting to save both users at the same time.
|
2018-10-11 16:17:41 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
public static function checkDuplicateSessions( $username ) {
|
|
|
|
|
|
|
|
session_write_close();
|
|
|
|
$all_sessions = array();
|
|
|
|
$sessions = glob( SESSIONS_PATH . "/*" );
|
|
|
|
session_id( SESSION_ID );
|
|
|
|
|
|
|
|
foreach( $sessions as $session ) {
|
|
|
|
|
|
|
|
if( strpos( $session, "sess_") == false ) {
|
|
|
|
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
$session = str_replace( "sess_", "", $session );
|
|
|
|
$session = str_replace( SESSIONS_PATH . "/", "", $session );
|
|
|
|
//This skips temp files that aren't sessions
|
|
|
|
if( strpos( $session, "." ) == false ) {
|
|
|
|
|
|
|
|
session_id( $session );
|
|
|
|
session_start();
|
|
|
|
$_SESSION["id"] = $session;
|
|
|
|
array_push( $all_sessions, $_SESSION );
|
|
|
|
|
|
|
|
if( isset( $_SESSION["user"] ) && $_SESSION["user"] === $username && isset( $_SESSION["login_session"] ) && $_SESSION["login_session"] === true && SESSION_ID !== session_id() ) {
|
|
|
|
|
|
|
|
session_destroy();
|
|
|
|
} else {
|
|
|
|
|
|
|
|
session_abort();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
session_id( SESSION_ID );
|
|
|
|
session_start();
|
|
|
|
}
|
|
|
|
|
2018-11-10 06:41:28 +01:00
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
// Check Duplicate
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
public function CheckDuplicate() {
|
|
|
|
|
|
|
|
$pass = true;
|
|
|
|
foreach( $this->users as $user => $data ) {
|
|
|
|
|
|
|
|
if( $data['username'] == $this->username ) {
|
|
|
|
|
|
|
|
$pass = false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return $pass;
|
|
|
|
}
|
|
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
// Clean username
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
public static function CleanUsername( $username ) {
|
|
|
|
|
2019-04-16 18:52:41 +02:00
|
|
|
return strtolower( preg_replace( '/[^\w\-\._@]/', '-', $username ) );
|
2018-11-10 06:41:28 +01:00
|
|
|
}
|
|
|
|
|
2018-10-11 16:17:41 +02:00
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
// Create Account
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
2019-10-16 16:20:09 +02:00
|
|
|
public function Create( $username, $password ) {
|
2018-10-11 16:17:41 +02:00
|
|
|
|
2019-10-18 21:58:01 +02:00
|
|
|
$username = self::CleanUsername( $username );
|
|
|
|
$password = $this->encrypt_password( $password );
|
2019-10-16 16:20:09 +02:00
|
|
|
$this->add_user( $username, $password );
|
2018-10-11 16:17:41 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
// Delete Account
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
public function Delete() {
|
|
|
|
|
2018-11-19 19:30:49 +01:00
|
|
|
$this->delete_user();
|
2018-10-11 16:17:41 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////
|
2018-11-10 06:41:28 +01:00
|
|
|
// Encrypt Password
|
2018-10-11 16:17:41 +02:00
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
2019-10-16 16:20:09 +02:00
|
|
|
private function encrypt_password( $password ) {
|
2018-10-11 16:17:41 +02:00
|
|
|
|
2019-10-16 16:20:09 +02:00
|
|
|
return sha1( md5( $password ) );
|
2018-10-11 16:17:41 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////
|
2018-11-10 06:41:28 +01:00
|
|
|
// Change Password
|
2018-10-11 16:17:41 +02:00
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
2018-11-10 06:41:28 +01:00
|
|
|
public function Password() {
|
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
global $sql;
|
2018-11-10 06:41:28 +01:00
|
|
|
$this->EncryptPassword();
|
2019-02-04 22:42:12 +01:00
|
|
|
$query = "UPDATE users SET password=? WHERE username=?;";
|
2018-11-10 06:41:28 +01:00
|
|
|
$bind_variables = array( $this->password, $this->username );
|
2019-02-04 22:42:12 +01:00
|
|
|
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
|
2018-10-11 16:17:41 +02:00
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
if( $return > 0 ) {
|
2018-10-11 16:17:41 +02:00
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
echo formatJSEND( "success", "Password changed" );
|
2018-10-11 16:17:41 +02:00
|
|
|
} else {
|
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
echo formatJSEND( "error", "Error changing password" );
|
2018-10-11 16:17:41 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
// Set Current Project
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
public function Project() {
|
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
global $sql;
|
|
|
|
$query = "UPDATE users SET project=? WHERE username=?;";
|
2018-11-10 06:41:28 +01:00
|
|
|
$bind_variables = array( $this->project, $this->username );
|
2019-02-04 22:42:12 +01:00
|
|
|
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
|
2018-11-10 06:41:28 +01:00
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
if( $return > 0 ) {
|
2018-10-11 16:17:41 +02:00
|
|
|
|
2018-11-10 06:41:28 +01:00
|
|
|
echo formatJSEND( "success", null );
|
|
|
|
} else {
|
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
echo formatJSEND( "error", "Error updating project" );
|
2018-10-11 16:17:41 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-10-16 16:20:09 +02:00
|
|
|
public function update_access( $username, $access ) {
|
2019-02-11 00:10:21 +01:00
|
|
|
|
|
|
|
global $sql;
|
|
|
|
$query = "UPDATE users SET access=? WHERE username=?;";
|
2019-10-16 16:20:09 +02:00
|
|
|
$bind_variables = array( $access, $username );
|
2019-02-11 00:10:21 +01:00
|
|
|
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
|
|
|
|
|
|
|
|
if( $return > 0 ) {
|
|
|
|
|
|
|
|
echo formatJSEND( "success", "Updated access for {$this->username}" );
|
|
|
|
} else {
|
|
|
|
|
2019-10-16 16:20:09 +02:00
|
|
|
echo formatJSEND( "error", "Error updating access" );
|
2019-02-11 00:10:21 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-10-11 16:17:41 +02:00
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
// Verify Account Exists
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
public function Verify() {
|
|
|
|
|
|
|
|
$pass = 'false';
|
|
|
|
foreach( $this->users as $user => $data ) {
|
|
|
|
|
|
|
|
if( $this->username == $data['username'] ) {
|
|
|
|
|
|
|
|
$pass = 'true';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
echo( $pass );
|
|
|
|
}
|
2018-07-26 21:39:40 +02:00
|
|
|
}
|