2015-05-05 01:00:01 +00:00
|
|
|
<?php defined('BLUDIT') or die('Bludit CMS.');
|
|
|
|
|
|
|
|
class dbUsers extends dbJSON
|
|
|
|
{
|
2015-11-20 00:21:39 -03:00
|
|
|
public $dbFields = array(
|
|
|
|
'firstName'=> array('inFile'=>false, 'value'=>''),
|
|
|
|
'lastName'=> array('inFile'=>false, 'value'=>''),
|
|
|
|
'username'=> array('inFile'=>false, 'value'=>''),
|
|
|
|
'role'=> array('inFile'=>false, 'value'=>'editor'),
|
|
|
|
'password'=> array('inFile'=>false, 'value'=>''),
|
|
|
|
'salt'=> array('inFile'=>false, 'value'=>'!Pink Floyd!Welcome to the machine!'),
|
|
|
|
'email'=> array('inFile'=>false, 'value'=>''),
|
|
|
|
'registered'=> array('inFile'=>false, 'value'=>'1985-03-15 10:00'),
|
2017-11-07 00:18:16 +01:00
|
|
|
'tokenRemember'=> array('inFile'=>false, 'value'=>''),
|
2017-06-22 00:21:08 +02:00
|
|
|
'tokenAuth'=> array('inFile'=>false, 'value'=>''),
|
|
|
|
'tokenAuthTTL'=> array('inFile'=>false, 'value'=>'2009-03-15 14:00'),
|
2016-02-13 21:15:19 -03:00
|
|
|
'twitter'=> array('inFile'=>false, 'value'=>''),
|
|
|
|
'facebook'=> array('inFile'=>false, 'value'=>''),
|
2017-09-29 15:02:05 -06:00
|
|
|
'codepen'=> array('inFile'=>false, 'value'=>''),
|
2016-02-13 21:15:19 -03:00
|
|
|
'googlePlus'=> array('inFile'=>false, 'value'=>''),
|
|
|
|
'instagram'=> array('inFile'=>false, 'value'=>'')
|
2015-05-05 01:00:01 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
function __construct()
|
|
|
|
{
|
2017-06-28 00:31:40 +02:00
|
|
|
parent::__construct(DB_USERS);
|
2015-05-05 01:00:01 +00:00
|
|
|
}
|
|
|
|
|
2017-06-28 00:31:40 +02:00
|
|
|
// Disable the user
|
|
|
|
public function disableUser($username)
|
2015-12-31 20:31:51 -03:00
|
|
|
{
|
2017-06-28 00:31:40 +02:00
|
|
|
$args['username'] = $username;
|
|
|
|
$args['password'] = '!';
|
2015-12-31 20:31:51 -03:00
|
|
|
|
2017-06-28 00:31:40 +02:00
|
|
|
return $this->set($args);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Return TRUE if the user exists, FALSE otherwise
|
|
|
|
public function exists($username)
|
|
|
|
{
|
|
|
|
return isset($this->db[$username]);
|
|
|
|
}
|
|
|
|
|
2017-07-02 22:46:05 +02:00
|
|
|
// Create a new user
|
|
|
|
public function add($args)
|
|
|
|
{
|
|
|
|
$dataForDb = array();
|
|
|
|
|
2017-07-05 19:59:51 +02:00
|
|
|
// Verify arguments with the database fields
|
|
|
|
foreach($this->dbFields as $field=>$options) {
|
|
|
|
if( isset($args[$field]) ) {
|
|
|
|
$value = Sanitize::html($args[$field]);
|
2017-07-02 22:46:05 +02:00
|
|
|
}
|
2017-07-05 19:59:51 +02:00
|
|
|
else {
|
|
|
|
$value = $options['value'];
|
2017-07-02 22:46:05 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// Set type
|
2017-07-05 19:59:51 +02:00
|
|
|
settype($value, gettype($options['value']));
|
2017-07-02 22:46:05 +02:00
|
|
|
|
|
|
|
// Save on database
|
2017-07-05 19:59:51 +02:00
|
|
|
$dataForDb[$field] = $value;
|
2017-07-02 22:46:05 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
$dataForDb['registered'] = Date::current(DB_DATE_FORMAT);
|
2017-07-06 23:27:22 +02:00
|
|
|
$dataForDb['salt'] = $this->generateSalt();
|
|
|
|
$dataForDb['password'] = $this->generatePasswordHash($dataForDb['password'], $dataForDb['salt']);
|
2017-07-05 23:30:30 +02:00
|
|
|
$dataForDb['tokenAuth'] = $this->generateAuthToken();
|
|
|
|
|
2017-07-02 22:46:05 +02:00
|
|
|
// Save the database
|
|
|
|
$this->db[$dataForDb['username']] = $dataForDb;
|
2017-07-05 19:59:51 +02:00
|
|
|
return $this->save();
|
2017-07-02 22:46:05 +02:00
|
|
|
}
|
|
|
|
|
2017-06-28 00:31:40 +02:00
|
|
|
// Set the parameters of a user
|
|
|
|
public function set($args)
|
|
|
|
{
|
|
|
|
// Current database of the user
|
|
|
|
$user = $this->db[$args['username']];
|
|
|
|
|
|
|
|
// Verify arguments with the database fields
|
2018-01-15 17:13:46 +01:00
|
|
|
foreach ($args as $field=>$value) {
|
|
|
|
if (isset($this->dbFields[$field])) {
|
2017-06-28 00:31:40 +02:00
|
|
|
$value = Sanitize::html($value);
|
|
|
|
settype($value, gettype($this->dbFields[$field]['value']));
|
|
|
|
$user[$field] = $value;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-01-15 17:13:46 +01:00
|
|
|
// Set a new password
|
|
|
|
if (!empty($args['password'])) {
|
|
|
|
$user['salt'] = $this->generateSalt();
|
|
|
|
$user['password'] = $this->generatePasswordHash($args['password'], $user['salt']);
|
|
|
|
$user['tokenAuth'] = $this->generateAuthToken();
|
|
|
|
}
|
|
|
|
|
2017-06-28 00:31:40 +02:00
|
|
|
// Save the database
|
|
|
|
$this->db[$args['username']] = $user;
|
|
|
|
return $this->save();
|
|
|
|
}
|
|
|
|
|
|
|
|
// Delete an user
|
|
|
|
public function delete($username)
|
|
|
|
{
|
|
|
|
unset($this->db[$username]);
|
|
|
|
return $this->save();
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getUser($username)
|
|
|
|
{
|
2017-07-29 21:03:18 +02:00
|
|
|
if ($this->exists($username)) {
|
2017-06-28 00:31:40 +02:00
|
|
|
$User = new User();
|
2015-12-31 20:31:51 -03:00
|
|
|
$User->setField('username', $username);
|
|
|
|
|
2017-09-23 13:10:05 +02:00
|
|
|
foreach ($this->db[$username] as $key=>$value) {
|
2015-12-31 20:31:51 -03:00
|
|
|
$User->setField($key, $value);
|
|
|
|
}
|
|
|
|
return $User;
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2017-07-05 23:30:30 +02:00
|
|
|
public function generateAuthToken()
|
|
|
|
{
|
|
|
|
return md5( uniqid().time().DOMAIN );
|
|
|
|
}
|
|
|
|
|
2017-11-07 00:18:16 +01:00
|
|
|
public function generateRememberToken()
|
2017-07-06 23:27:22 +02:00
|
|
|
{
|
|
|
|
return $this->generateAuthToken();
|
|
|
|
}
|
|
|
|
|
|
|
|
public function generateSalt()
|
|
|
|
{
|
|
|
|
return Text::randomText(SALT_LENGTH);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function generatePasswordHash($password, $salt)
|
|
|
|
{
|
|
|
|
return sha1($password.$salt);
|
|
|
|
}
|
|
|
|
|
2017-11-07 00:18:16 +01:00
|
|
|
public function setRememberToken($username, $token)
|
|
|
|
{
|
|
|
|
$args['username'] = $username;
|
|
|
|
$args['tokenRemember'] = $token;
|
|
|
|
return $this->set($args);
|
|
|
|
}
|
|
|
|
|
2017-07-05 23:30:30 +02:00
|
|
|
public function setPassword($username, $password)
|
|
|
|
{
|
|
|
|
$args['username'] = $username;
|
|
|
|
$args['password'] = $hash;
|
|
|
|
|
|
|
|
return $this->set($args);
|
|
|
|
}
|
|
|
|
|
2017-07-06 23:27:22 +02:00
|
|
|
// Return the username associated to an email, FALSE otherwise
|
2015-10-20 00:14:28 -03:00
|
|
|
public function getByEmail($email)
|
|
|
|
{
|
2017-09-23 13:10:05 +02:00
|
|
|
foreach ($this->db as $username=>$values) {
|
|
|
|
if ($values['email']==$email) {
|
2015-10-23 20:23:33 -03:00
|
|
|
return $username;
|
2015-10-20 00:14:28 -03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2017-06-22 00:21:08 +02:00
|
|
|
// Returns the username with the authentication token assigned, FALSE otherwise
|
|
|
|
public function getByAuthToken($token)
|
|
|
|
{
|
2017-09-23 13:10:05 +02:00
|
|
|
foreach ($this->db as $username=>$fields) {
|
|
|
|
if ($fields['tokenAuth']==$token) {
|
2017-06-22 00:21:08 +02:00
|
|
|
return $username;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2017-11-07 00:18:16 +01:00
|
|
|
// Returns the username with the remember token assigned, FALSE otherwise
|
|
|
|
public function getByRememberToken($token)
|
2015-10-20 00:14:28 -03:00
|
|
|
{
|
2017-11-07 00:18:16 +01:00
|
|
|
foreach ($this->db as $username=>$fields) {
|
2018-01-01 20:19:45 +01:00
|
|
|
if (!empty($fields['tokenRemember'])) {
|
|
|
|
if ($fields['tokenRemember']==$token) {
|
|
|
|
return $username;
|
|
|
|
}
|
2017-11-07 00:18:16 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
2015-10-20 00:14:28 -03:00
|
|
|
|
2017-11-07 00:18:16 +01:00
|
|
|
// This function clean all tokens for Remember me
|
|
|
|
// This function is used when some hacker try to use an invalid remember token
|
|
|
|
public function invalidateAllRememberTokens()
|
|
|
|
{
|
|
|
|
foreach ($this->db as $username=>$values) {
|
|
|
|
$this->db[$username]['tokenRemember'] = '';
|
|
|
|
}
|
|
|
|
return $this->save();
|
2017-07-06 23:27:22 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// Returns array with the username databases filtered by username, FALSE otherwise
|
2017-07-16 00:42:37 +02:00
|
|
|
public function getDB($username)
|
2017-07-06 23:27:22 +02:00
|
|
|
{
|
2017-07-16 00:42:37 +02:00
|
|
|
if ($this->exists($username)) {
|
|
|
|
return $this->db[$username];
|
2015-10-20 00:14:28 -03:00
|
|
|
}
|
2017-07-06 23:27:22 +02:00
|
|
|
return false;
|
2015-10-20 00:14:28 -03:00
|
|
|
}
|
|
|
|
|
2017-07-06 23:27:22 +02:00
|
|
|
public function getAll()
|
|
|
|
{
|
|
|
|
return $this->db;
|
|
|
|
}
|
|
|
|
|
2017-09-23 15:15:29 +02:00
|
|
|
public function getAllUsers()
|
|
|
|
{
|
|
|
|
$tmp = array();
|
|
|
|
foreach ($this->db as $username=>$fields) {
|
|
|
|
$tmp[$username] = $this->getUser($username);
|
|
|
|
}
|
|
|
|
return $tmp;
|
|
|
|
}
|
2018-01-15 17:13:46 +01:00
|
|
|
}
|