This repository has been archived on 2024-06-26. You can view files and clone it, but cannot push or open issues or pull requests.
sakura/libraries/User.php

1255 lines
35 KiB
PHP

<?php
/**
* Holds the user object class.
*
* @package Sakura
*/
namespace Sakura;
use Sakura\Perms;
use Sakura\Perms\Site;
/**
* Everything you'd ever need from a specific user.
*
* @package Sakura
* @author Julian van de Groep <me@flash.moe>
*/
class User
{
/**
* The User's ID.
*
* @var int
*/
public $id = 0;
/**
* The user's username.
*
* @var string
*/
public $username = 'User';
/**
* A cleaned version of the username.
*
* @var string
*/
public $usernameClean = 'user';
/**
* The user's password hash.
*
* @var string
*/
public $passwordHash = '';
/**
* The user's password salt.
*
* @var string
*/
public $passwordSalt = '';
/**
* The user's password algorithm.
*
* @var string
*/
public $passwordAlgo = 'disabled';
/**
* The password iterations.
*
* @var int
*/
public $passwordIter = 0;
/**
* UNIX timestamp of last time the password was changed.
*
* @var int
*/
public $passwordChan = 0;
/**
* The user's e-mail address.
*
* @var string
*/
public $email = 'user@sakura';
/**
* The rank object of the user's main rank.
*
* @var Rank
*/
public $mainRank = null;
/**
* The ID of the main rank.
*
* @var int
*/
public $mainRankId = 1;
/**
* The index of rank objects.
*
* @var array
*/
public $ranks = [];
/**
* The user's username colour.
*
* @var string
*/
public $colour = '';
/**
* The IP the user registered from.
*
* @var string
*/
public $registerIp = '0.0.0.0';
/**
* The IP the user was last active from.
*
* @var string
*/
public $lastIp = '0.0.0.0';
/**
* A user's title.
*
* @var string
*/
public $title = '';
/**
* The UNIX timestamp of when the user registered.
*
* @var int
*/
public $registered = 0;
/**
* The UNIX timestamp of when the user was last online.
*
* @var int
*/
public $lastOnline = 0;
/**
* The 2 character country code of a user.
*
* @var string
*/
public $country = 'XX';
/**
* The File id of the user's avatar.
*
* @var int
*/
public $avatar = 0;
/**
* The File id of the user's background.
*
* @var int
*/
public $background = 0;
/**
* The FIle id of the user's header.
* @var mixed
*/
public $header = 0;
/**
* The raw userpage of the user.
*
* @var string
*/
public $page = '';
/**
* The raw signature of the user.
*
* @var string
*/
public $signature = '';
/**
* The user's birthday.
*
* @var string
*/
private $birthday = '0000-00-00';
/**
* The user's permission container.
*
* @var Perms
*/
private $permissions;
/**
* The user's option fields.
*
* @var array
*/
private $optionFields = null;
/**
* The user's profile fields.
*
* @var array
*/
private $profileFields = null;
/**
* The User instance cache array.
*
* @var array
*/
protected static $_userCache = [];
/**
* Cached constructor.
*
* @param int|string $uid The user ID or clean username.
* @param bool $forceRefresh Force a recreation.
*
* @return User Returns a user object.
*/
public static function construct($uid, $forceRefresh = false)
{
// Check if a user object isn't present in cache
if ($forceRefresh || !array_key_exists($uid, self::$_userCache)) {
// If not create a new object and cache it
self::$_userCache[$uid] = new User($uid);
}
// Return the cached object
return self::$_userCache[$uid];
}
/**
* Create a new user.
*
* @param string $username The username of the user.
* @param string $password The password of the user.
* @param string $email The e-mail, used primarily for activation.
* @param array $ranks The ranks assigned to the user on creation.
*
* @return User The newly created user's object.
*/
public static function create($username, $password, $email, $ranks = [2])
{
// Set a few variables
$usernameClean = Utils::cleanString($username, true);
$emailClean = Utils::cleanString($email, true);
$password = Hashing::createHash($password);
// Insert the user into the database
DBv2::prepare('INSERT INTO `{prefix}users` (`username`, `username_clean`, `password_hash`, `password_salt`, `password_algo`, `password_iter`, `email`, `rank_main`, `register_ip`, `last_ip`, `user_registered`, `user_last_online`, `user_country`) VALUES (:uname, :uname_clean, :pw_hash, :pw_salt, :pw_algo, :pw_iter, :email, :rank, :r_ip, :l_ip, :registered, :l_online, :country)')
->execute([
'uname' => $username,
'uname_clean' => $usernameClean,
'pw_hash' => $password[3],
'pw_salt' => $password[2],
'pw_algo' => $password[0],
'pw_iter' => $password[1],
'email' => $emailClean,
'rank' => 0,
'r_ip' => Net::pton(Net::IP()),
'l_ip' => Net::pton(Net::IP()),
'registered' => time(),
'l_online' => 0,
'country' => Utils::getCountryCode(),
]);
// Get the last id
$userId = DBv2::lastID();
// Create a user object
$user = self::construct($userId);
// Assign the default rank
$user->addRanks($ranks);
// Set the default rank
$user->setMainRank($ranks[0]);
// Return the user object
return $user;
}
/**
* The actual constructor
*
* @param int|string $uid The user ID or clean username.
*/
private function __construct($uid)
{
// Get the user database row
$userRow = DBv2::prepare('SELECT * FROM `{prefix}users` WHERE `user_id` = :id OR `username_clean` = :clean');
$userRow->execute([
'id' => $uid,
'clean' => Utils::cleanString($uid, true, true),
]);
$userRow = $userRow->fetch();
// Populate the variables
if ($userRow) {
$this->id = $userRow->user_id;
$this->username = $userRow->username;
$this->usernameClean = $userRow->username_clean;
$this->passwordHash = $userRow->password_hash;
$this->passwordSalt = $userRow->password_salt;
$this->passwordAlgo = $userRow->password_algo;
$this->passwordIter = $userRow->password_iter;
$this->passwordChan = $userRow->password_chan;
$this->email = $userRow->email;
$this->mainRankId = $userRow->rank_main;
$this->colour = $userRow->user_colour;
$this->registerIp = $userRow->register_ip;
$this->lastIp = $userRow->last_ip;
$this->title = $userRow->user_title;
$this->registered = $userRow->user_registered;
$this->lastOnline = $userRow->user_last_online;
$this->birthday = $userRow->user_birthday;
$this->country = $userRow->user_country;
$this->avatar = $userRow->user_avatar;
$this->background = $userRow->user_background;
$this->header = $userRow->user_header;
$this->page = $userRow->user_page;
$this->signature = $userRow->user_signature;
}
// Get all ranks
$ranks = DBv2::prepare('SELECT * FROM `{prefix}user_ranks` WHERE `user_id` = :id');
$ranks->execute([
'id' => $this->id,
]);
$ranks = $ranks->fetchAll();
// Get the rows for all the ranks
foreach ($ranks as $rank) {
// Store the database row in the array
$this->ranks[$rank->rank_id] = Rank::construct($rank->rank_id);
}
// Check if ranks were set
if (empty($this->ranks)) {
// If not assign the fallback rank
$this->ranks[1] = Rank::construct(1);
}
// Check if the rank is actually assigned to this user
if (!array_key_exists($this->mainRankId, $this->ranks)) {
$this->mainRankId = array_keys($this->ranks)[0];
$this->setMainRank($this->mainRankId);
}
// Assign the main rank to its own var
$this->mainRank = $this->ranks[$this->mainRankId];
// Set user colour
$this->colour = $this->colour ? $this->colour : $this->mainRank->colour;
// Set user title
$this->title = $this->title ? $this->title : $this->mainRank->title;
// Init the permissions
$this->permissions = new Perms(Perms::SITE);
}
/**
* Commit changed to database, doesn't do anything yet.
*/
public function update()
{
// placeholder
}
/**
* Get the user's birthday.
*
* @param bool $age Just get the age.
*
* @return int|string Return the birthday.
*/
public function birthday($age = false)
{
// If age is requested calculate it
if ($age) {
// Create dates
$birthday = date_create($this->birthday);
$now = date_create(date('Y-m-d'));
// Get the difference
$diff = date_diff($birthday, $now);
// Return the difference in years
return (int) $diff->format('%Y');
}
// Otherwise just return the birthday value
return $this->birthday;
}
/**
* Get the user's country.
*
* @param bool $long Get the full country name.
*
* @return string The country.
*/
public function country($long = false)
{
return $long ? Utils::getCountryName($this->country) : $this->country;
}
/**
* Check if a user is online.
*
* @return bool Are they online?
*/
public function isOnline()
{
// Get all sessions
$sessions = DBv2::prepare('SELECT `user_id` FROM `{prefix}sessions` WHERE `user_id` = :id');
$sessions->execute([
'id' => $this->id,
]);
// If there's no entries just straight up return false
if (!$sessions->rowCount()) {
return false;
}
// Otherwise use the standard method
return $this->lastOnline > (time() - Config::get('max_online_time'));
}
/**
* Get a few forum statistics.
*
* @return array Post and thread counts.
*/
public function forumStats()
{
$posts = DBv2::prepare('SELECT * FROM `{prefix}posts` WHERE `poster_id` = :id');
$posts->execute([
'id' => $this->id,
]);
$threads = DBv2::prepare('SELECT DISTINCT * FROM `{prefix}posts` WHERE `poster_id` = :id GROUP BY `topic_id` ORDER BY `post_time`');
$threads->execute([
'id' => $this->id,
]);
return [
'posts' => $posts->rowCount(),
'topics' => $threads->rowCount(),
];
}
/**
* Add ranks to a user.
*
* @param array $ranks Array containing the rank IDs.
*/
public function addRanks($ranks)
{
// Update the ranks array
$ranks = array_diff(
array_unique(
array_merge(
array_keys($this->ranks),
$ranks)
),
array_keys($this->ranks)
);
// Save to the database
foreach ($ranks as $rank) {
DBv2::prepare('INSERT INTO `{prefix}ranks` (`rank_id`, `user_id`) VALUES (:rank, :user)')
->execute([
'rank' => $rank,
'user' => $this->id,
]);
}
}
/**
* Remove a set of ranks from a user.
*
* @param array $ranks Array containing the IDs of ranks to remove.
*/
public function removeRanks($ranks)
{
// Current ranks
$remove = array_intersect(array_keys($this->ranks), $ranks);
// Iterate over the ranks
foreach ($remove as $rank) {
DBv2::prepare('DELETE FROM `{prefix}user_ranks` WHERE `user_id` = :user AND `rank_id` = :rank')
->execute([
'user' => $this->id,
'rank' => $rank,
]);
}
}
/**
* Change the main rank of a user.
*
* @param int $rank The ID of the new main rank.
*
* @return bool Always true.
*/
public function setMainRank($rank)
{
// If it does exist update their row
DBv2::prepare('UPDATE `{prefix}users` SET `rank_main` = :rank WHERE `user_id` = :id')
->execute([
'rank' => $rank,
'id' => $this->id,
]);
// Return true if everything was successful
return true;
}
/**
* Check if a user has a certain set of rank.
*
* @param array $ranks Ranks IDs to check.
*
* @return bool Successful?
*/
public function hasRanks($ranks)
{
// Check if the main rank is the specified rank
if (in_array($this->mainRankId, $ranks)) {
return true;
}
// If not go over all ranks and check if the user has them
foreach ($ranks as $rank) {
// We check if $rank is in $this->ranks and if yes return true
if (in_array($rank, array_keys($this->ranks))) {
return true;
}
}
// If all fails return false
return false;
}
/**
* Add a new friend.
*
* @param int $uid The ID of the friend.
*
* @return array Status indicator.
*/
public function addFriend($uid)
{
// Create the foreign object
$user = User::construct($uid);
// Validate that the user exists
if ($user->permission(Site::DEACTIVATED)) {
return [0, 'USER_NOT_EXIST'];
}
// Check if the user already has this user a friend
if ($this->isFriends($uid)) {
return [0, 'ALREADY_FRIENDS'];
}
// Add friend
DBv2::prepare('INSERT INTO `{prefix}friends` (`user_id`, `friend_id`, `friend_timestamp`) VALUES (:user, :friend, :time)')
->execute([
'user' => $this->id,
'friend' => $uid,
'time' => time(),
]);
// Return true because yay
return [1, $user->isFriends($this->id) ? 'FRIENDS' : 'NOT_MUTUAL'];
}
/**
* Remove a friend.
*
* @param int $uid The friend Id
* @param bool $deleteRequest Delete the open request as well (remove you from their friends list).
*
* @return array Status indicator.
*/
public function removeFriend($uid, $deleteRequest = false)
{
// Create the foreign object
$user = User::construct($uid);
// Validate that the user exists
if ($user->permission(Site::DEACTIVATED)) {
return [0, 'USER_NOT_EXIST'];
}
// Prepare the statement
$rem = DBv2::prepare('DELETE FROM `{prefix}friends` WHERE `user_id` = :user AND `friend_id` = :friend');
// Remove friend
$rem->execute([
'user' => $this->id,
'friend' => $uid,
]);
// Attempt to remove the request
if ($deleteRequest) {
$rem->execute([
'user' => $uid,
'friend' => $this->id,
]);
}
// Return true because yay
return [1, 'REMOVED'];
}
/**
* Check if this user is friends with another user.
*
* @param int $with ID of the other user.
*
* @return int 0 = no, 1 = pending request, 2 = mutual
*/
public function isFriends($with)
{
// Accepted from this user
$get = DBv2::prepare('SELECT * FROM `{prefix}friends` WHERE `user_id` = :user AND `friend_id` = :friend');
$get->execute([
'user' => $this->id,
'friend' => $with,
]);
$user = $get->rowCount();
// And the other user
$get->execute([
'user' => $with,
'friend' => $this->id,
]);
$friend = $get->rowCount();
if ($user && $friend) {
return 2; // Mutual friends
} elseif ($user) {
return 1; // Pending request
}
// Else return 0
return 0;
}
/**
* Get all the friends from this user.
*
* @param int $level Friend level; (figure out what the levels are at some point)
* @param bool $noObj Just return IDs.
*
* @return array The array with either the objects or the ids.
*/
public function friends($level = 0, $noObj = false)
{
// User ID container
$users = [];
// Select the correct level
switch ($level) {
// Mutual
case 2:
// Get all the current user's friends
$self = DBv2::prepare('SELECT `friend_id` FROM `{prefix}friends` WHERE `user_id` = :user');
$self->execute([
'user' => $this->id,
]);
$self = array_column($self->fetchAll(\PDO::FETCH_ASSOC), 'friend_id');
// Get all the people that added this user as a friend
$others = DBv2::prepare('SELECT `user_id` FROM `{prefix}friends` WHERE `friend_id` = :user');
$others->execute([
'user' => $this->id,
]);
$others = array_column($others->fetchAll(\PDO::FETCH_ASSOC), 'user_id');
// Create a difference map
$users = array_intersect($self, $others);
break;
// Non-mutual (from user perspective)
case 1:
$users = DBv2::prepare('SELECT `friend_id` FROM `{prefix}friends` WHERE `user_id` = :user');
$users->execute([
'user' => $this->id,
]);
$users = array_column($users->fetchAll(\PDO::FETCH_ASSOC), 'friend_id');
break;
// All friend cases
case 0:
default:
// Get all the current user's friends
$self = DBv2::prepare('SELECT `friend_id` FROM `{prefix}friends` WHERE `user_id` = :user');
$self->execute([
'user' => $this->id,
]);
$self = array_column($self->fetchAll(\PDO::FETCH_ASSOC), 'friend_id');
// Get all the people that added this user as a friend
$others = DBv2::prepare('SELECT `user_id` FROM `{prefix}friends` WHERE `friend_id` = :user');
$others->execute([
'user' => $this->id,
]);
$others = array_column($others->fetchAll(\PDO::FETCH_ASSOC), 'user_id');
// Create a difference map
$users = array_merge($others, $self);
break;
// Open requests
case -1:
// Get all the current user's friends
$self = DBv2::prepare('SELECT `friend_id` FROM `{prefix}friends` WHERE `user_id` = :user');
$self->execute([
'user' => $this->id,
]);
$self = array_column($self->fetchAll(\PDO::FETCH_ASSOC), 'friend_id');
// Get all the people that added this user as a friend
$others = DBv2::prepare('SELECT `user_id` FROM `{prefix}friends` WHERE `friend_id` = :user');
$others->execute([
'user' => $this->id,
]);
$others = array_column($others->fetchAll(\PDO::FETCH_ASSOC), 'user_id');
// Create a difference map
$users = array_diff($others, $self);
break;
}
// Check if we only requested the IDs
if ($noObj) {
// If so just return $users
return $users;
}
// Create the storage array
$objects = [];
// Create the user objects
foreach ($users as $user) {
// Create new object
$objects[$user] = User::construct($user);
}
// Return the objects
return $objects;
}
/**
* Check if the user is banned.
*
* @return array|bool Ban status.
*/
public function checkBan()
{
return Bans::checkBan($this->id);
}
/**
* Check if the user has a certaing permission flag.
*
* @param int $flag The permission flag.
* @param string $mode The permission mode.
*
* @return bool Success?
*/
public function permission($flag, $mode = null)
{
// Set mode
$this->permissions->mode($mode ? $mode : Perms::SITE);
// Set default permission value
$perm = 0;
// Bitwise OR it with the permissions for this forum
$perm = $this->permissions->user($this->id);
return $this->permissions->check($flag, $perm);
}
/**
* Get the comments from the user's profile.
* @return Comments
*/
public function profileComments()
{
return new Comments('profile-' . $this->id);
}
/**
* Get the user's profile fields.
*
* @return array The profile fields.
*/
public function profileFields()
{
// Check if we have cached data
if ($this->profileFields) {
return $this->profileFields;
}
// Create array and get values
$profile = [];
$profileFields = DBv2::prepare('SELECT * FROM `{prefix}profilefields`');
$profileFields->execute();
$profileFields = $profileFields->fetchAll(\PDO::FETCH_ASSOC);
$profileValuesRaw = DBv2::prepare('SELECT * FROM `{prefix}user_profilefields` WHERE `user_id` = :user');
$profileValuesRaw->execute([
'user' => $this->id,
]);
$profileValuesRaw = $profileValuesRaw->fetchAll(\PDO::FETCH_ASSOC);
$profileValueKeys = array_map(function ($a) {
return $a['field_name'];
}, $profileValuesRaw);
$profileValueVals = array_map(function ($a) {
return $a['field_value'];
}, $profileValuesRaw);
$profileValues = array_combine($profileValueKeys, $profileValueVals);
// Check if anything was returned
if (!$profileFields || !$profileValues) {
return $profile;
}
// Check if profile fields aren't fake
foreach ($profileFields as $field) {
// Completely strip all special characters from the field name
$fieldName = Utils::cleanString($field['field_name'], true, true);
// Check if the user has the current field set otherwise continue
if (!array_key_exists($fieldName, $profileValues)) {
continue;
}
// Assign field to output with value
$profile[$fieldName] = [];
$profile[$fieldName]['name'] = $field['field_name'];
$profile[$fieldName]['value'] = $profileValues[$fieldName];
$profile[$fieldName]['islink'] = $field['field_link'];
// If the field is set to be a link add a value for that as well
if ($field['field_link']) {
$profile[$fieldName]['link'] = str_replace(
'{{ VAL }}',
$profileValues[$fieldName],
$field['field_linkformat']
);
}
// Check if we have additional options as well
if ($field['field_additional'] != null) {
// Decode the json of the additional stuff
$additional = json_decode($field['field_additional'], true);
// Go over all additional forms
foreach ($additional as $subName => $subField) {
// Check if the user has the current field set otherwise continue
if (!array_key_exists($subName, $profileValues)) {
continue;
}
// Assign field to output with value
$profile[$fieldName][$subName] = $profileValues[$subName];
}
}
}
// Assign cache
$this->profileFields = $profile;
// Return appropiate profile data
return $profile;
}
/**
* Get a user's option fields.
*
* @return array The array containing the fields.
*/
public function optionFields()
{
// Check if we have cached data
if ($this->optionFields) {
return $this->optionFields;
}
// Create array and get values
$options = [];
$optionFields = DBv2::prepare('SELECT * FROM `{prefix}optionfields`');
$optionFields->execute();
$optionFields = $optionFields->fetchAll(\PDO::FETCH_ASSOC);
$optionValuesRaw = DBv2::prepare('SELECT * FROM `{prefix}user_optionfields` WHERE `user_id` = :user');
$optionValuesRaw->execute([
'user' => $this->id,
]);
$optionValuesRaw = $optionValuesRaw->fetchAll(\PDO::FETCH_ASSOC);
$optionValueKeys = array_map(function ($a) {
return $a['field_name'];
}, $optionValuesRaw);
$optionValueVals = array_map(function ($a) {
return $a['field_value'];
}, $optionValuesRaw);
$optionValues = array_combine($optionValueKeys, $optionValueVals);
// Check if anything was returned
if (!$optionFields || !$optionValues) {
return $options;
}
// Check if option fields aren't fake
foreach ($optionFields as $field) {
// Check if the user has the current field set otherwise continue
if (!array_key_exists($field['option_id'], $optionValues)) {
continue;
}
// Make sure the user has the proper permissions to use this option
if (!$this->permission(constant('Sakura\Perms\Site::' . $field['option_permission']))) {
continue;
}
// Assign field to output with value
$options[$field['option_id']] = $optionValues[$field['option_id']];
}
// Assign cache
$this->optionFields = $options;
// Return appropiate option data
return $options;
}
/**
* Does this user have premium?
*
* @return array Premium status information.
*/
public function isPremium()
{
// Check if the user has static premium
if ($this->permission(Site::STATIC_PREMIUM)) {
return [2, 0, time() + 1];
}
// Attempt to retrieve the premium record from the database
$getRecord = DBv2::prepare('SELECT * FROM `{prefix}premium` WHERE `user_id` = :user');
$getRecord->execute([
'user' => $this->id,
]);
$getRecord = $getRecord->fetch();
// If nothing was returned just return false
if (empty($getRecord)) {
return [0];
}
// Check if the Tenshi hasn't expired
if ($getRecord->premium_expire < time()) {
return [0, $getRecord->premium_start, $getRecord->premium_expire];
}
// Else return the start and expiration date
return [1, $getRecord->premium_start, $getRecord->premium_expire];
}
/**
* Get the open warnings on this user.
*
* @return array The warnings.
*/
public function getWarnings()
{
// Do the database query
$getWarnings = DBv2::prepare('SELECT * FROM `{prefix}warnings` WHERE `user_id` = :user');
$getWarnings->execute([
'user' => $this->id,
]);
$getWarnings = $getWarnings->fetchAll(\PDO::FETCH_ASSOC);
// Storage array
$warnings = [];
// Add special stuff
foreach ($getWarnings as $warning) {
// Check if it hasn't expired
if ($warning['warning_expires'] < time()) {
DBv2::prepare('DELETE FROM `{prefix}warnings` WHERE `warning_id` = :warn')
->execute([
'warn' => $warning['warning_id'],
]);
continue;
}
// Text action
switch ($warning['warning_action']) {
default:
case '0':
$warning['warning_action_text'] = 'Warning';
break;
case '1':
$warning['warning_action_text'] = 'Silence';
break;
case '2':
$warning['warning_action_text'] = 'Restriction';
break;
case '3':
$warning['warning_action_text'] = 'Ban';
break;
case '4':
$warning['warning_action_text'] = 'Abyss';
break;
}
// Text expiration
$warning['warning_length'] = round(($warning['warning_expires'] - $warning['warning_issued']) / 60);
// Add to array
$warnings[$warning['warning_id']] = $warning;
}
// Return all the warnings
return $warnings;
}
/**
* Parse the user's userpage.
*
* @return string The parsed page.
*/
public function userPage()
{
return BBcode::toHTML(htmlentities($this->page));
}
/**
* Parse a user's signature
*
* @return string The parsed signature.
*/
public function signature()
{
return BBcode::toHTML(htmlentities($this->signature));
}
/**
* Get a user's username history.
*
* @return array The history.
*/
public function getUsernameHistory()
{
// Do the database query
$changes = DBv2::prepare('SELECT * FROM `{prefix}username_history` WHERE `user_id` = :user ORDER BY `change_id` DESC');
$changes->execute([
'user' => $this->id,
]);
// Return all the changes
return $changes->fetchAll(\PDO::FETCH_ASSOC);
}
/**
* Alter the user's username
*
* @param string $username The new username.
*
* @return array Status indicator.
*/
public function setUsername($username)
{
// Create a cleaned version
$username_clean = Utils::cleanString($username, true);
// Check if the username is too short
if (strlen($username_clean) < Config::get('username_min_length')) {
return [0, 'TOO_SHORT'];
}
// Check if the username is too long
if (strlen($username_clean) > Config::get('username_max_length')) {
return [0, 'TOO_LONG'];
}
// Check if this username hasn't been used in the last amount of days set in the config
$getOld = DBv2::prepare('SELECT * FROM `{prefix}username_history` WHERE `username_old_clean` = :clean AND `change_time` > :time ORDER BY `change_id` DESC');
$getOld->execute([
'clean' => $username_clean,
'time' => (Config::get('old_username_reserve') * 24 * 60 * 60),
]);
$getOld = $getOld->fetch();
// Check if anything was returned
if ($getOld && $getOld->user_id != $this->id) {
return [0, 'TOO_RECENT', $getOld['change_time']];
}
// Check if the username is already in use
$getInUse = DBv2::prepare('SELECT * FROM `{prefix}users` WHERE `username_clean` = :clean');
$getInUse->execute([
'clean' => $username_clean,
]);
$getInUse = $getInUse->fetch();
// Check if anything was returned
if ($getInUse) {
return [0, 'IN_USE', $getInUse->user_id];
}
// Insert into username_history table
DBv2::prepare('INSERT INTO `{prefix}username_history` (`change_time`, `user_id`, `username_new`, `username_new_clean`, `username_old`, `username_old_clean`) VALUES (:time, :user, :new, :new_clean, :old, :old_clean)')
->execute([
'time' => time(),
'user' => $this->id,
'new' => $username,
'new_clean' => $username_clean,
'old' => $this->username,
'old_clean' => $this->usernameClean,
]);
// Update userrow
DBv2::prepare('UPDATE `{prefix}users` SET `username` = :username, `username_clean` = :clean WHERE `user_id` = :id')
->execute([
'username' => $username,
'clean' => $username_clean,
'id' => $this->id,
]);
// Return success
return [1, 'SUCCESS', $username];
}
/**
* Alter a user's e-mail address
*
* @param string $email The new e-mail address.
*
* @return array Status indicator.
*/
public function setEMailAddress($email)
{
// Validate e-mail address
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
return [0, 'INVALID'];
}
// Check if the username is already in use
$getInUse = DBv2::prepare('SELECT * FROM `{prefix}users` WHERE `email` = :email');
$getInUse->execute([
'email' => $email,
]);
$getInUse = $getInUse->fetch();
// Check if anything was returned
if ($getInUse) {
return [0, 'IN_USE', $getInUse->user_id];
}
// Update userrow
DBv2::prepare('UPDATE `{prefix}users` SET `email` = :email WHERE `user_id` = :id')
->execute([
'email' => $email,
'id' => $this->id,
]);
// Return success
return [1, 'SUCCESS', $email];
}
/**
* Change the user's password
*
* @param string $old The old password.
* @param string $new The new password
* @param string $confirm The new one again.
*
* @return array Status indicator.
*/
public function setPassword($old, $new, $confirm)
{
// Validate password
switch ($this->passwordAlgo) {
// Disabled account
case 'disabled':
return [0, 'NO_LOGIN'];
// Default hashing method
default:
if (!Hashing::validatePassword($old, [
$this->passwordAlgo,
$this->passwordIter,
$this->passwordSalt,
$this->passwordHash,
])) {
return [0, 'INCORRECT_PASSWORD', $this->passwordChan];
}
}
// Check password entropy
if (Utils::pwdEntropy($new) < Config::get('min_entropy')) {
return [0, 'PASS_TOO_SHIT'];
}
// Passwords do not match
if ($new != $confirm) {
return [0, 'PASS_NOT_MATCH'];
}
// Create hash
$password = Hashing::createHash($new);
// Update userrow
DBv2::prepare('UPDATE `{prefix}users` SET `password_hash` = :hash, `password_salt` = :salt, `password_algo` = :algo, `password_iter` = :iter, `password_chan` = :chan WHERE `user_id` = :id')
->execute([
'hash' => $password[3],
'salt' => $password[2],
'algo' => $password[0],
'iter' => $password[1],
'chan' => time(),
'id' => $this->id,
]);
// Return success
return [1, 'SUCCESS'];
}
}