bludit/bl-kernel/users.class.php

<?php defined('BLUDIT') or die('Bludit CMS.');

class Users extends dbJSON {

	protected $dbFields = array(
		'firstName'=>'',
		'lastName'=>'',
		'nickname'=>'',
		'description'=>'',
		'role'=>'author', // admin, editor, author
		'password'=>'',
		'salt'=>'!Pink Floyd!Welcome to the machine!',
		'email'=>'',
		'registered'=>'1985-03-15 10:00',
		'tokenRemember'=>'',
		'tokenAuth'=>'',
		'tokenAuthTTL'=>'2009-03-15 14:00',
		'twitter'=>'',
		'facebook'=>'',
		'codepen'=>'',
		'instagram'=>'',
		'github'=>'',
		'gitlab'=>'',
		'linkedin'=>'',
		'mastodon'=>'',
		'vk'=>''
	);

	function __construct()
	{
		parent::__construct(DB_USERS);
	}

	public function getDefaultFields()
	{
		return $this->dbFields;
	}

	// Return an array with the database of the user, FALSE otherwise
	public function getUserDB($username)
	{
		if ($this->exists($username)) {
			return $this->db[$username];
		}
		return false;
	}

	// Return TRUE if the user exists, FALSE otherwise
	public function exists($username)
	{
		return isset($this->db[$username]);
	}

	// Disable the user
	public function disableUser($username)
	{
		$this->db[$username]['password'] = '!';
		return $this->save();
	}

	// Add a new user
	public function add($args)
	{
		// The username is store as key and not as field
		$username = $args['username'];

		// The password is hashed, the password doesn't need to be sanitize in the next step
		$password = $args['password'];

		$row = array();
		foreach ($this->dbFields as $field=>$value) {
			if (isset($args[$field])) {
				$finalValue = $args[$field];
				// Remove HTML and PHP tags
				$finalValue = Sanitize::removeTags($finalValue);
				// Sanitize if will be stored on database
				$finalValue = Sanitize::html($finalValue);
			} else {
				// Default value for the field if not defined
				$finalValue = $value;
			}
			settype($finalValue, gettype($value));
			$row[$field] = $finalValue;
		}

		$row['registered'] = Date::current(DB_DATE_FORMAT);
		$row['salt'] = $this->generateSalt();
		$row['password'] = $this->generatePasswordHash($password, $row['salt']);
		$row['tokenAuth'] = $this->generateAuthToken();

		// Save the database
		$this->db[$username] = $row;
		return $this->save();
	}

	// Edit an user
	public function set($args)
	{
		// The username is store as key and not as field
		$username = $args['username'];

		// Current database of the user
		$row = $this->db[$username];
		foreach ($this->dbFields as $field=>$value) {
			if ($field!=='password') {
				if (isset($args[$field])) {
					$finalValue = $args[$field];
					// Remove HTML and PHP tags
					$finalValue = Sanitize::removeTags($finalValue);
					// Sanitize if will be stored on database
					$finalValue = Sanitize::html($finalValue);
				} else {
					// Default value is the current one
					$finalValue = $row[$field];
				}
				settype($finalValue, gettype($value));
				$row[$field] = $finalValue;
			}
		}

		// Set a new password
		if (!empty($args['password'])) {
			$row['salt'] = $this->generateSalt();
			$row['password'] = $this->generatePasswordHash($args['password'], $row['salt']);
			$row['tokenAuth'] = $this->generateAuthToken();
		}

		// Save the database
		$this->db[$username] = $row;
		return $this->save();
	}

	// Delete an user
	public function delete($username)
	{
		unset($this->db[$username]);
		return $this->save();
	}

	public function generateAuthToken()
	{
		return md5( uniqid().time().DOMAIN );
	}

	public function generateRememberToken()
	{
		return $this->generateAuthToken();
	}

	public function generateSalt()
	{
		return Text::randomText(SALT_LENGTH);
	}

	public function generatePasswordHash($password, $salt)
	{
		return sha1($password.$salt);
	}

	public function setRememberToken($username, $token)
	{
		$args['username']	= $username;
		$args['tokenRemember']	= $token;
		return $this->set($args);
	}

	// Change user password
	// args => array( username, password )
	public function setPassword($args)
	{
		return $this->set($args);
	}

	// Return the username associated to an email, FALSE otherwise
	public function getByEmail($email)
	{
		foreach ($this->db as $username=>$values) {
			if ($values['email']==$email) {
				return $username;
			}
		}
		return false;
	}

	// Returns the username with the authentication token assigned, FALSE otherwise
	public function getByAuthToken($token)
	{
		foreach ($this->db as $username=>$fields) {
			if ($fields['tokenAuth']==$token) {
				return $username;
			}
		}
		return false;
	}

	// Returns the username with the remember token assigned, FALSE otherwise
	public function getByRememberToken($token)
	{
		foreach ($this->db as $username=>$fields) {
			if (!empty($fields['tokenRemember'])) {
				if ($fields['tokenRemember']==$token) {
					return $username;
				}
			}
		}
		return false;
	}

	// This function clean all tokens for Remember me
	// This function is used when some hacker try to use an invalid remember token
	public function invalidateAllRememberTokens()
	{
		foreach ($this->db as $username=>$values) {
			$this->db[$username]['tokenRemember'] = '';
		}
		return $this->save();
	}

	public function keys()
	{
		return array_keys($this->db);
	}
}
New features 2015-05-05 03:00:01 +02:00			`<?php defined('BLUDIT') or die('Bludit CMS.');`

Changes on variables names 2018-08-03 18:59:23 +02:00			`class Users extends dbJSON {`
User object, new reader role for users 2018-07-25 23:42:00 +02:00
Migrate private variables to protected to allow to extend classes 2019-01-26 12:50:48 +01:00			`protected $dbFields = array(`
User object, new reader role for users 2018-07-25 23:42:00 +02:00			`'firstName'=>'',`
			`'lastName'=>'',`
Bug fixes 2018-07-28 18:33:37 +02:00			`'nickname'=>'',`
UI improves 2019-04-24 00:11:36 +02:00			`'description'=>'',`
New role Author 2019-05-13 18:26:35 +02:00			`'role'=>'author', // admin, editor, author`
User object, new reader role for users 2018-07-25 23:42:00 +02:00			`'password'=>'',`
			`'salt'=>'!Pink Floyd!Welcome to the machine!',`
			`'email'=>'',`
			`'registered'=>'1985-03-15 10:00',`
			`'tokenRemember'=>'',`
			`'tokenAuth'=>'',`
			`'tokenAuthTTL'=>'2009-03-15 14:00',`
			`'twitter'=>'',`
			`'facebook'=>'',`
			`'codepen'=>'',`
bug fix for #959 2019-02-22 18:26:42 +01:00			`'instagram'=>'',`
User object, new reader role for users 2018-07-25 23:42:00 +02:00			`'github'=>'',`
bug fix for #959 2019-02-22 18:26:42 +01:00			`'gitlab'=>'',`
			`'linkedin'=>'',`
add support for vk.com social network 2019-12-07 14:32:39 +01:00			`'mastodon'=>'',`
			`'vk'=>''`
New features 2015-05-05 03:00:01 +02:00			`);`

			`function __construct()`
			`{`
User updated, tcp helper, functions updated 2017-06-28 00:31:40 +02:00			`parent::__construct(DB_USERS);`
New features 2015-05-05 03:00:01 +02:00			`}`

User object, new reader role for users 2018-07-25 23:42:00 +02:00			`public function getDefaultFields()`
New class User 2016-01-01 00:31:51 +01:00			`{`
User object, new reader role for users 2018-07-25 23:42:00 +02:00			`return $this->dbFields;`
			`}`

			`// Return an array with the database of the user, FALSE otherwise`
			`public function getUserDB($username)`
			`{`
			`if ($this->exists($username)) {`
			`return $this->db[$username];`
			`}`
			`return false;`
User updated, tcp helper, functions updated 2017-06-28 00:31:40 +02:00			`}`

			`// Return TRUE if the user exists, FALSE otherwise`
			`public function exists($username)`
			`{`
			`return isset($this->db[$username]);`
			`}`

User object, new reader role for users 2018-07-25 23:42:00 +02:00			`// Disable the user`
			`public function disableUser($username)`
			`{`
			`$this->db[$username]['password'] = '!';`
			`return $this->save();`
			`}`

			`// Add a new user`
Plugins improves 2017-07-02 22:46:05 +02:00			`public function add($args)`
			`{`
User object, new reader role for users 2018-07-25 23:42:00 +02:00			`// The username is store as key and not as field`
			`$username = $args['username'];`

			`// The password is hashed, the password doesn't need to be sanitize in the next step`
			`$password = $args['password'];`
Plugins improves 2017-07-02 22:46:05 +02:00
User object, new reader role for users 2018-07-25 23:42:00 +02:00			`$row = array();`
			`foreach ($this->dbFields as $field=>$value) {`
Changes on admin panel, categories templates 2018-04-27 20:36:43 +02:00			`if (isset($args[$field])) {`
Remove HTML and PHP tags from the users,categories and tags fields, prevent XSS 2019-10-12 11:35:35 +02:00			`$finalValue = $args[$field];`
			`// Remove HTML and PHP tags`
			`$finalValue = Sanitize::removeTags($finalValue);`
User object, new reader role for users 2018-07-25 23:42:00 +02:00			`// Sanitize if will be stored on database`
Remove HTML and PHP tags from the users,categories and tags fields, prevent XSS 2019-10-12 11:35:35 +02:00			`$finalValue = Sanitize::html($finalValue);`
Changes on admin panel, categories templates 2018-04-27 20:36:43 +02:00			`} else {`
User object, new reader role for users 2018-07-25 23:42:00 +02:00			`// Default value for the field if not defined`
			`$finalValue = $value;`
Plugins improves 2017-07-02 22:46:05 +02:00			`}`
User object, new reader role for users 2018-07-25 23:42:00 +02:00			`settype($finalValue, gettype($value));`
			`$row[$field] = $finalValue;`
Plugins improves 2017-07-02 22:46:05 +02:00			`}`

User object, new reader role for users 2018-07-25 23:42:00 +02:00			`$row['registered'] = Date::current(DB_DATE_FORMAT);`
			`$row['salt'] = $this->generateSalt();`
			`$row['password'] = $this->generatePasswordHash($password, $row['salt']);`
			`$row['tokenAuth'] = $this->generateAuthToken();`
Auth token for users 2017-07-05 23:30:30 +02:00
Plugins improves 2017-07-02 22:46:05 +02:00			`// Save the database`
User object, new reader role for users 2018-07-25 23:42:00 +02:00			`$this->db[$username] = $row;`
Climode rescan 2017-07-05 19:59:51 +02:00			`return $this->save();`
Plugins improves 2017-07-02 22:46:05 +02:00			`}`

User object, new reader role for users 2018-07-25 23:42:00 +02:00			`// Edit an user`
User updated, tcp helper, functions updated 2017-06-28 00:31:40 +02:00			`public function set($args)`
			`{`
User object, new reader role for users 2018-07-25 23:42:00 +02:00			`// The username is store as key and not as field`
			`$username = $args['username'];`

User updated, tcp helper, functions updated 2017-06-28 00:31:40 +02:00			`// Current database of the user`
User object, new reader role for users 2018-07-25 23:42:00 +02:00			`$row = $this->db[$username];`
			`foreach ($this->dbFields as $field=>$value) {`
			`if ($field!=='password') {`
			`if (isset($args[$field])) {`
Remove HTML and PHP tags from the users,categories and tags fields, prevent XSS 2019-10-12 11:35:35 +02:00			`$finalValue = $args[$field];`
			`// Remove HTML and PHP tags`
			`$finalValue = Sanitize::removeTags($finalValue);`
User object, new reader role for users 2018-07-25 23:42:00 +02:00			`// Sanitize if will be stored on database`
Remove HTML and PHP tags from the users,categories and tags fields, prevent XSS 2019-10-12 11:35:35 +02:00			`$finalValue = Sanitize::html($finalValue);`
User object, new reader role for users 2018-07-25 23:42:00 +02:00			`} else {`
			`// Default value is the current one`
			`$finalValue = $row[$field];`
			`}`
			`settype($finalValue, gettype($value));`
			`$row[$field] = $finalValue;`
User updated, tcp helper, functions updated 2017-06-28 00:31:40 +02:00			`}`
			`}`

Bug fix for #606 2018-01-15 17:13:46 +01:00			`// Set a new password`
User profile, edit user, delete pages 2018-05-14 00:00:10 +02:00			`if (!empty($args['password'])) {`
User object, new reader role for users 2018-07-25 23:42:00 +02:00			`$row['salt'] = $this->generateSalt();`
			`$row['password'] = $this->generatePasswordHash($args['password'], $row['salt']);`
			`$row['tokenAuth'] = $this->generateAuthToken();`
Bug fix for #606 2018-01-15 17:13:46 +01:00			`}`

User updated, tcp helper, functions updated 2017-06-28 00:31:40 +02:00			`// Save the database`
User object, new reader role for users 2018-07-25 23:42:00 +02:00			`$this->db[$username] = $row;`
User updated, tcp helper, functions updated 2017-06-28 00:31:40 +02:00			`return $this->save();`
			`}`

			`// Delete an user`
			`public function delete($username)`
			`{`
			`unset($this->db[$username]);`
			`return $this->save();`
			`}`

Auth token for users 2017-07-05 23:30:30 +02:00			`public function generateAuthToken()`
			`{`
			`return md5( uniqid().time().DOMAIN );`
			`}`

Remember me 2017-11-07 00:18:16 +01:00			`public function generateRememberToken()`
Climode and user db improved 2017-07-06 23:27:22 +02:00			`{`
			`return $this->generateAuthToken();`
			`}`

			`public function generateSalt()`
			`{`
			`return Text::randomText(SALT_LENGTH);`
			`}`

			`public function generatePasswordHash($password, $salt)`
			`{`
			`return sha1($password.$salt);`
			`}`

Remember me 2017-11-07 00:18:16 +01:00			`public function setRememberToken($username, $token)`
			`{`
			`$args['username'] = $username;`
			`$args['tokenRemember'] = $token;`
			`return $this->set($args);`
			`}`

Edit user and password change 2018-05-15 20:12:15 +02:00			`// Change user password`
			`// args => array( username, password )`
			`public function setPassword($args)`
Auth token for users 2017-07-05 23:30:30 +02:00			`{`
			`return $this->set($args);`
			`}`

Climode and user db improved 2017-07-06 23:27:22 +02:00			`// Return the username associated to an email, FALSE otherwise`
Login access code via email 2015-10-20 05:14:28 +02:00			`public function getByEmail($email)`
			`{`
API, write permissions 2017-09-23 13:10:05 +02:00			`foreach ($this->db as $username=>$values) {`
			`if ($values['email']==$email) {`
Dashboard clean-up 2015-10-24 01:23:33 +02:00			`return $username;`
Login access code via email 2015-10-20 05:14:28 +02:00			`}`
			`}`
			`return false;`
			`}`

Bug fixes, developer area, google plugin updated, rss and sitemap updated 2017-06-22 00:21:08 +02:00			`// Returns the username with the authentication token assigned, FALSE otherwise`
			`public function getByAuthToken($token)`
			`{`
API, write permissions 2017-09-23 13:10:05 +02:00			`foreach ($this->db as $username=>$fields) {`
			`if ($fields['tokenAuth']==$token) {`
Bug fixes, developer area, google plugin updated, rss and sitemap updated 2017-06-22 00:21:08 +02:00			`return $username;`
			`}`
			`}`
			`return false;`
			`}`

Remember me 2017-11-07 00:18:16 +01:00			`// Returns the username with the remember token assigned, FALSE otherwise`
			`public function getByRememberToken($token)`
Login access code via email 2015-10-20 05:14:28 +02:00			`{`
Remember me 2017-11-07 00:18:16 +01:00			`foreach ($this->db as $username=>$fields) {`
Bug fixes on Remember me function 2018-01-01 20:19:45 +01:00			`if (!empty($fields['tokenRemember'])) {`
			`if ($fields['tokenRemember']==$token) {`
			`return $username;`
			`}`
Remember me 2017-11-07 00:18:16 +01:00			`}`
			`}`
			`return false;`
			`}`
Login access code via email 2015-10-20 05:14:28 +02:00
Remember me 2017-11-07 00:18:16 +01:00			`// This function clean all tokens for Remember me`
			`// This function is used when some hacker try to use an invalid remember token`
			`public function invalidateAllRememberTokens()`
			`{`
			`foreach ($this->db as $username=>$values) {`
			`$this->db[$username]['tokenRemember'] = '';`
			`}`
			`return $this->save();`
Climode and user db improved 2017-07-06 23:27:22 +02:00			`}`

Changes on variables names 2018-08-03 18:59:23 +02:00			`public function keys()`
Climode and user db improved 2017-07-06 23:27:22 +02:00			`{`
User object, new reader role for users 2018-07-25 23:42:00 +02:00			`return array_keys($this->db);`
Lang updated, improves on users 2017-09-23 15:15:29 +02:00			`}`
Bug fix for #606 2018-01-15 17:13:46 +01:00			`}`