aboutsummaryrefslogtreecommitdiff
path: root/class/user.php
diff options
context:
space:
mode:
Diffstat (limited to 'class/user.php')
-rw-r--r--class/user.php153
1 files changed, 153 insertions, 0 deletions
diff --git a/class/user.php b/class/user.php
new file mode 100644
index 0000000..969d734
--- /dev/null
+++ b/class/user.php
@@ -0,0 +1,153 @@
+<?php
+
+class jg {
+
+ public $username;
+ public $login = false;
+
+ private $pepper;
+ private $query = false;
+
+ public function __construct($name = null){
+
+ $this->username = $name;
+
+ if ( isset($_SESSION["loggedin"]) )
+ $this->login = $_SESSION["loggedin"];
+
+ $this->_setPepper();
+
+ $this->_setQuery();
+ }
+
+ # get's everything from the database
+ private function _setQuery(){
+ global $db;
+
+ $sql = $db->prepare("SELECT * FROM " . DBPREFIX . "user WHERE name=%s;", $this->username);
+ $db_db = $db->doQuery($sql);
+ if ( is_bool($db_db) )
+ $this->query = false;
+ else
+ $this->query = $db_db->fetch_array(MYSQLI_ASSOC);
+ }
+
+ private function _setPepper(){
+ if ( PEPPER_IS_FILE )
+ $this->pepper = file_get_contents(PEPPER);
+ else
+ $this->pepper = PEPPER;
+ }
+
+ public function getUser(){
+ return $this->query['name'];
+ }
+
+ public function getUserId(){
+ return $this->query['id'];
+ }
+
+ public function getPassword(){
+ return $this->query['password'];
+ }
+
+ public function getEmail(){
+ if ( $this->query['email'] == "null" )
+ return "";
+ else
+ return $this->query['email'];
+ }
+
+ public function getRegister(){
+ return $this->query['register'];
+ }
+
+ # check if valid user
+ public function isValidUser(){
+ if( ( is_bool($this->query) && ! $this->query ) || is_null($this->query) )
+ return false;
+
+ return true;
+ }
+
+ # check if current user is authenticated
+ public function isLoggedIn(){
+ return $this->login;
+ }
+
+ public function login($user, $password){
+ if ( is_null($this->username) )
+ $this->__construct($user);
+
+ # get hashed password from the database
+ $hashed_password = $this->getPassword();
+
+ # do the password check with php function
+ if ( ! password_verify($password . PEPPER, $hashed_password) )
+ return false;
+
+ # set login to true
+ $this->login = true;
+
+ $this->username=$user;
+
+ # start a session if needed
+ if ( session_status() != PHP_SESSION_ACTIVE ) {
+ session_name(SESSION);
+ session_start();
+ }
+
+ # set session variable to true
+ $_SESSION["loggedin"] = true;
+
+ # assign userid to the session variable
+ $_SESSION["userid"] = $this->getUserId();
+ $_SESSION["username"] = $this->username;
+
+ return true;
+ }
+
+ public function logout(){
+
+ # no session active, so return false
+ if ( session_status() != PHP_SESSION_ACTIVE )
+ return false;
+
+ # set login to false
+ $this->login = false;
+
+ # destroy session
+ if( ! session_destroy() )
+ return false;
+
+ return true;
+ }
+
+ public function register($name, $password, $email){
+ global $db;
+
+ $hash = password_hash($password . PEPPER, PASSWORD_DEFAULT);
+
+ $sql = $db->prepare("
+ INSERT INTO " . DBPREFIX . "user (id, name, password, email, register) VALUES (NULL, %s, %s, %s, %d);", $name, $hash, $email, time()
+ );
+
+ if ( ! $db->doQuery($sql) )
+ return false;
+
+ # the user is successfull registered, thus already logged in
+ $this->username = $name;
+
+ # redefine the class attributes
+ $this->_setPepper();
+ $this->_setQuery();
+
+ $this->login($name, $password);
+
+ return true;
+ }
+
+ public function __destruct(){
+ return true;
+ }
+}