2015-04-02 13:24:05 +00:00
< ? php
/*
* User Management
*/
namespace Sakura ;
2015-12-29 21:52:19 +00:00
use Sakura\Perms\Site ;
2015-10-18 19:06:30 +00:00
/**
* Class Users
* @ package Sakura
*/
2015-09-14 20:51:23 +00:00
class Users
{
2015-04-02 13:24:05 +00:00
// Check if a user is logged in
2015-10-17 20:58:51 +00:00
public static function checkLogin ( $uid = null , $sid = null )
2015-09-14 20:51:23 +00:00
{
2015-10-17 20:58:51 +00:00
// Assign $uid and $sid
2015-12-04 14:19:10 +00:00
$uid = $uid ? $uid : ( isset ( $_COOKIE [ Config :: get ( 'cookie_prefix' ) . 'id' ])
? $_COOKIE [ Config :: get ( 'cookie_prefix' ) . 'id' ]
2015-10-17 20:58:51 +00:00
: 0 );
2015-12-04 14:19:10 +00:00
$sid = $sid ? $sid : ( isset ( $_COOKIE [ Config :: get ( 'cookie_prefix' ) . 'session' ])
? $_COOKIE [ Config :: get ( 'cookie_prefix' ) . 'session' ]
2015-10-17 20:58:51 +00:00
: 0 );
2015-08-23 22:08:36 +00:00
2015-10-17 20:58:51 +00:00
// Get session
2015-10-18 01:50:50 +00:00
$session = new Session ( $uid , $sid );
// Validate the session
$sessionValid = $session -> validate ();
2015-04-17 22:14:31 +00:00
2015-12-29 21:52:19 +00:00
// Get user object
$user = User :: construct ( $uid );
2015-09-15 20:37:29 +00:00
// Check if the session exists and check if the user is activated
2015-12-29 21:52:19 +00:00
if ( $sessionValid == 0 || $user -> permission ( Site :: DEACTIVATED )) {
2015-09-15 20:37:29 +00:00
// Unset User ID
setcookie (
2015-12-04 14:19:10 +00:00
Config :: get ( 'cookie_prefix' ) . 'id' ,
2015-09-15 20:37:29 +00:00
0 ,
time () - 60 ,
2015-12-04 14:19:10 +00:00
Config :: get ( 'cookie_path' ),
Config :: get ( 'cookie_domain' )
2015-09-15 20:37:29 +00:00
);
// Unset Session ID
setcookie (
2015-12-04 14:19:10 +00:00
Config :: get ( 'cookie_prefix' ) . 'session' ,
2015-09-15 20:37:29 +00:00
'' ,
time () - 60 ,
2015-12-04 14:19:10 +00:00
Config :: get ( 'cookie_path' ),
Config :: get ( 'cookie_domain' )
2015-09-15 20:37:29 +00:00
);
2015-09-05 16:11:04 +00:00
2015-06-04 12:41:55 +00:00
return false ;
2015-09-05 16:11:04 +00:00
}
2015-04-17 22:14:31 +00:00
// Extend the cookie times if the remember flag is set
2015-10-18 01:50:50 +00:00
if ( $sessionValid == 2 ) {
2015-09-14 21:41:43 +00:00
// User ID cookie
setcookie (
2015-12-04 14:19:10 +00:00
Config :: get ( 'cookie_prefix' ) . 'id' ,
2015-09-14 21:41:43 +00:00
$uid ,
time () + 604800 ,
2015-12-04 14:19:10 +00:00
Config :: get ( ' cookie_path ' ),
Config :: get ( 'cookie_domain' )
2015-09-14 21:41:43 +00:00
);
// Session ID cookie
setcookie (
2015-12-04 14:19:10 +00:00
Config :: get ( 'cookie_prefix' ) . 'session' ,
2015-09-14 21:41:43 +00:00
$sid ,
time () + 604800 ,
2015-12-04 14:19:10 +00:00
Config :: get ( 'cookie_path' ),
Config :: get ( 'cookie_domain' )
2015-09-14 21:41:43 +00:00
);
2015-04-17 22:14:31 +00:00
}
2015-04-27 00:41:59 +00:00
// Update last online
Database :: update ( 'users' , [
[
2015-10-10 21:17:50 +00:00
'user_last_online' => time (),
2015-04-27 00:41:59 +00:00
],
[
2015-10-10 21:17:50 +00:00
'user_id' => [ $uid , '=' ],
2015-09-14 20:51:23 +00:00
],
2015-04-27 00:41:59 +00:00
]);
2015-07-01 14:29:12 +00:00
// Update the premium meta
2015-09-14 20:51:23 +00:00
self :: updatePremiumMeta ( $uid );
2015-07-01 14:29:12 +00:00
2015-04-17 22:14:31 +00:00
// If everything went through return true
2015-10-18 01:50:50 +00:00
return [ $uid , $sid ];
2015-04-02 13:24:05 +00:00
}
2015-04-08 19:27:51 +00:00
// Log a user in
2015-09-14 20:51:23 +00:00
public static function login ( $username , $password , $remember = false , $cookies = true )
{
2015-04-24 19:31:09 +00:00
// Check if authentication is disallowed
2015-12-04 14:19:10 +00:00
if ( Config :: get ( 'lock_authentication' )) {
2015-04-24 19:31:09 +00:00
return [ 0 , 'AUTH_LOCKED' ];
2015-09-05 16:11:04 +00:00
}
2015-10-22 14:24:18 +00:00
// Check if we haven't hit the rate limit
$rates = Database :: fetch ( 'login_attempts' , true , [
2016-01-17 01:58:31 +00:00
'attempt_ip' => [ Utils :: getRemoteIP (), '=' ],
2015-10-22 14:24:18 +00:00
'attempt_timestamp' => [ time () - 1800 , '>' ],
'attempt_success' => [ 0 , '=' ],
]);
if ( count ( $rates ) > 4 ) {
return [ 0 , 'RATE_LIMIT' ];
}
2015-04-08 19:27:51 +00:00
// Check if the user that's trying to log in actually exists
2015-09-14 20:51:23 +00:00
if ( ! $uid = self :: userExists ( $username , false )) {
2015-04-08 19:27:51 +00:00
return [ 0 , 'USER_NOT_EXIST' ];
2015-09-05 16:11:04 +00:00
}
2015-04-08 19:27:51 +00:00
// Get account data
2015-12-29 01:27:49 +00:00
$user = User :: construct ( $uid );
2015-04-08 19:27:51 +00:00
// Validate password
2016-01-17 01:58:31 +00:00
switch ( $user -> passwordAlgo ) {
2015-12-31 14:51:01 +00:00
// Disabled
case 'disabled' :
2015-08-10 02:01:07 +00:00
return [ 0 , 'NO_LOGIN' ];
2015-04-18 18:26:52 +00:00
2015-08-10 02:01:07 +00:00
// Default hashing method
default :
2015-09-14 21:41:43 +00:00
if ( ! Hashing :: validatePassword ( $password , [
2016-01-17 01:58:31 +00:00
$user -> passwordAlgo ,
$user -> passwordIter ,
$user -> passwordSalt ,
$user -> passwordHash ,
2015-08-10 02:01:07 +00:00
])) {
2016-01-17 01:58:31 +00:00
return [ 0 , 'INCORRECT_PASSWORD' , $user -> id , $user -> passwordChan ];
2015-08-10 02:01:07 +00:00
}
2015-04-08 19:27:51 +00:00
}
2015-05-29 19:27:45 +00:00
// Check if the user has the required privs to log in
2015-12-29 21:52:19 +00:00
if ( $user -> permission ( Site :: DEACTIVATED )) {
2016-01-17 01:58:31 +00:00
return [ 0 , 'NOT_ALLOWED' , $user -> id ];
2015-09-05 16:11:04 +00:00
}
2015-04-12 13:33:59 +00:00
// Create a new session
2016-01-17 01:58:31 +00:00
$session = new Session ( $user -> id );
2015-10-18 01:50:50 +00:00
// Generate a session key
$sessionKey = $session -> create ( $remember );
2015-04-12 13:33:59 +00:00
// Set cookies
2015-09-14 20:51:23 +00:00
if ( $cookies ) {
2015-09-14 21:41:43 +00:00
// User ID cookie
setcookie (
2015-12-04 14:19:10 +00:00
Config :: get ( 'cookie_prefix' ) . 'id' ,
2016-01-17 01:58:31 +00:00
$user -> id ,
2015-09-14 21:41:43 +00:00
time () + 604800 ,
2015-12-04 14:19:10 +00:00
Config :: get ( 'cookie_path' ),
Config :: get ( 'cookie_domain' )
2015-09-14 21:41:43 +00:00
);
// Session ID cookie
setcookie (
2015-12-04 14:19:10 +00:00
Config :: get ( 'cookie_prefix' ) . 'session' ,
2015-09-14 21:41:43 +00:00
$sessionKey ,
time () + 604800 ,
2015-12-04 14:19:10 +00:00
Config :: get ( 'cookie_path' ),
Config :: get ( 'cookie_domain' )
2015-09-14 21:41:43 +00:00
);
2015-05-24 22:06:53 +00:00
}
2015-04-12 13:33:59 +00:00
2015-04-08 19:27:51 +00:00
// Successful login! (also has a thing for the legacy password system)
2016-01-17 01:58:31 +00:00
return [ 1 , 'LOGIN_SUCCESS' , $user -> id ];
2015-04-08 19:27:51 +00:00
}
2015-04-13 10:14:59 +00:00
// Logout and kill the session
2015-09-14 20:51:23 +00:00
public static function logout ()
{
2015-04-17 22:14:31 +00:00
// Check if user is logged in
2015-10-18 19:06:30 +00:00
if ( ! $check = self :: checkLogin ()) {
2015-04-17 22:14:31 +00:00
return false ;
2015-09-05 16:11:04 +00:00
}
2015-10-18 19:06:30 +00:00
// Destroy the active session
( new Session ( $check [ 0 ], $check [ 1 ])) -> destroy ();
2015-09-05 16:11:04 +00:00
2015-09-15 20:37:29 +00:00
// Unset User ID
2015-09-14 21:41:43 +00:00
setcookie (
2015-12-04 14:19:10 +00:00
Config :: get ( 'cookie_prefix' ) . 'id' ,
2015-09-14 21:41:43 +00:00
0 ,
time () - 60 ,
2015-12-04 14:19:10 +00:00
Config :: get ( 'cookie_path' ),
Config :: get ( 'cookie_domain' )
2015-09-14 21:41:43 +00:00
);
2015-09-15 20:37:29 +00:00
// Unset Session ID
2015-09-14 21:41:43 +00:00
setcookie (
2015-12-04 14:19:10 +00:00
Config :: get ( 'cookie_prefix' ) . 'session' ,
2015-09-14 21:41:43 +00:00
'' ,
time () - 60 ,
2015-12-04 14:19:10 +00:00
Config :: get ( 'cookie_path' ),
Config :: get ( 'cookie_domain' )
2015-09-14 21:41:43 +00:00
);
2015-04-17 22:14:31 +00:00
// Return true indicating a successful logout
return true ;
2015-04-13 10:14:59 +00:00
}
2015-04-18 18:26:52 +00:00
// Register user
2015-09-14 20:51:23 +00:00
public static function register ( $username , $password , $confirmpass , $email , $tos , $captcha = null , $regkey = null )
{
2015-04-24 19:31:09 +00:00
// Check if authentication is disallowed
2015-12-04 14:19:10 +00:00
if ( Config :: get ( 'lock_authentication' )) {
2015-04-24 19:31:09 +00:00
return [ 0 , 'AUTH_LOCKED' ];
2015-09-05 16:11:04 +00:00
}
2015-04-18 18:26:52 +00:00
// Check if registration is even enabled
2015-12-04 14:19:10 +00:00
if ( Config :: get ( 'disable_registration' )) {
2015-04-18 18:26:52 +00:00
return [ 0 , 'DISABLED' ];
2015-09-05 16:11:04 +00:00
}
2015-04-18 18:26:52 +00:00
// Check if the user agreed to the ToS
2015-09-14 20:51:23 +00:00
if ( ! $tos ) {
2015-04-18 18:26:52 +00:00
return [ 0 , 'TOS' ];
2015-09-05 16:11:04 +00:00
}
2015-04-18 18:26:52 +00:00
// Verify the captcha if it's enabled
2015-12-04 14:19:10 +00:00
if ( Config :: get ( 'recaptcha' )) {
2016-01-17 01:58:31 +00:00
if ( ! Utils :: verifyCaptcha ( $captcha )[ 'success' ]) {
2015-04-18 18:26:52 +00:00
return [ 0 , 'CAPTCHA_FAIL' ];
2015-09-05 16:11:04 +00:00
}
2015-04-18 18:26:52 +00:00
}
// Check if the username already exists
2015-09-14 20:51:23 +00:00
if ( self :: userExists ( $username , false )) {
2015-04-18 18:26:52 +00:00
return [ 0 , 'USER_EXISTS' ];
2015-09-05 16:11:04 +00:00
}
2015-04-18 18:26:52 +00:00
// Username too short
2015-12-04 14:19:10 +00:00
if ( strlen ( $username ) < Config :: get ( 'username_min_length' )) {
2015-04-18 18:26:52 +00:00
return [ 0 , 'NAME_TOO_SHORT' ];
2015-09-05 16:11:04 +00:00
}
2015-04-18 18:26:52 +00:00
// Username too long
2015-12-04 14:19:10 +00:00
if ( strlen ( $username ) > Config :: get ( 'username_max_length' )) {
2015-04-18 18:26:52 +00:00
return [ 0 , 'NAME_TOO_LONG' ];
2015-09-05 16:11:04 +00:00
}
2015-04-18 18:26:52 +00:00
// Check if the given email address is formatted properly
2015-09-14 20:51:23 +00:00
if ( ! filter_var ( $email , FILTER_VALIDATE_EMAIL )) {
2015-04-18 18:26:52 +00:00
return [ 0 , 'INVALID_EMAIL' ];
2015-09-05 16:11:04 +00:00
}
2015-04-18 18:26:52 +00:00
// Check the MX record of the email
2016-01-17 01:58:31 +00:00
if ( ! Utils :: checkMXRecord ( $email )) {
2015-04-18 18:26:52 +00:00
return [ 0 , 'INVALID_MX' ];
2015-09-05 16:11:04 +00:00
}
2016-01-09 21:57:54 +00:00
// Check if the e-mail has already been used
if ( Database :: count ( 'users' , [ 'email' => [ $email , '=' ]])[ 0 ] > 0 ) {
return [ 0 , 'EMAIL_EXISTS' ];
}
2015-04-24 19:31:09 +00:00
// Check password entropy
2016-01-17 01:58:31 +00:00
if ( Utils :: pwdEntropy ( $password ) < Config :: get ( 'min_entropy' )) {
2015-04-24 19:31:09 +00:00
return [ 0 , 'PASS_TOO_SHIT' ];
2015-09-05 16:11:04 +00:00
}
2015-04-24 19:31:09 +00:00
// Passwords do not match
2015-09-14 20:51:23 +00:00
if ( $password != $confirmpass ) {
2015-04-24 19:31:09 +00:00
return [ 0 , 'PASS_NOT_MATCH' ];
2015-09-05 16:11:04 +00:00
}
2015-04-18 18:26:52 +00:00
// Set a few variables
2015-12-04 14:19:10 +00:00
$requireActive = Config :: get ( 'require_activation' );
2016-01-04 20:14:09 +00:00
$ranks = $requireActive ? [ 1 ] : [ 2 ];
2015-04-18 18:26:52 +00:00
2016-01-04 20:14:09 +00:00
// Create the user
$user = User :: create ( $username , $password , $email , $ranks );
2015-04-18 18:26:52 +00:00
// Check if we require e-mail activation
2015-09-14 20:51:23 +00:00
if ( $requireActive ) {
2015-04-18 18:26:52 +00:00
// Send activation e-mail to user
2016-01-17 01:58:31 +00:00
self :: sendActivationMail ( $user -> id );
2015-04-18 18:26:52 +00:00
}
// Return true with a specific message if needed
return [ 1 , ( $requireActive ? 'EMAILSENT' : 'SUCCESS' )];
}
2015-04-25 20:08:44 +00:00
// Check if a user exists and then send the password forgot email
2015-09-14 20:51:23 +00:00
public static function sendPasswordForgot ( $username , $email )
{
2015-04-25 20:08:44 +00:00
// Check if authentication is disallowed
2015-12-04 14:19:10 +00:00
if ( Config :: get ( 'lock_authentication' )) {
2015-04-25 20:08:44 +00:00
return [ 0 , 'AUTH_LOCKED' ];
2015-09-05 16:11:04 +00:00
}
2015-04-25 20:08:44 +00:00
// Clean username string
2016-01-17 01:58:31 +00:00
$usernameClean = Utils :: cleanString ( $username , true );
$emailClean = Utils :: cleanString ( $email , true );
2015-04-25 20:08:44 +00:00
// Do database request
$user = Database :: fetch ( 'users' , false , [
2015-09-14 20:51:23 +00:00
'username_clean' => [ $usernameClean , '=' ],
'email' => [ $emailClean , '=' ],
2015-04-25 20:08:44 +00:00
]);
// Check if user exists
2015-09-14 20:51:23 +00:00
if ( count ( $user ) < 2 ) {
2015-04-25 20:08:44 +00:00
return [ 0 , 'USER_NOT_EXIST' ];
2015-09-05 16:11:04 +00:00
}
2015-12-29 21:52:19 +00:00
// Create user object
$userObj = User :: construct ( $user [ 'user_id' ]);
2015-06-04 12:41:55 +00:00
// Check if the user has the required privs to log in
2015-12-29 21:52:19 +00:00
if ( $userObj -> permission ( Site :: DEACTIVATED )) {
2015-06-04 12:41:55 +00:00
return [ 0 , 'NOT_ALLOWED' ];
2015-09-05 16:11:04 +00:00
}
2015-04-25 20:08:44 +00:00
// Generate the verification key
2016-01-17 01:58:31 +00:00
$verk = ActionCode :: generate ( 'LOST_PASS' , $userObj -> id );
2015-04-25 20:08:44 +00:00
2015-09-05 16:11:04 +00:00
// Create new urls object
$urls = new Urls ();
2015-04-25 20:08:44 +00:00
// Build the e-mail
2015-09-14 20:51:23 +00:00
$message = " Hello " . $user [ 'username' ] . " , \r \n \r \n " ;
2015-12-04 14:19:10 +00:00
$message .= " You are receiving this notification because you have (or someone pretending to be you has) requested a password reset link to be sent for your account on \" " . Config :: get ( 'sitename' ) . " \" . If you did not request this notification then please ignore it, if you keep receiving it please contact the site administrator. \r \n \r \n " ;
2015-04-25 20:08:44 +00:00
$message .= " To use this password reset key you need to go to a special page. To do this click the link provided below. \r \n \r \n " ;
2015-12-04 14:19:10 +00:00
$message .= " http:// " . Config :: get ( 'url_main' ) . $urls -> format ( 'SITE_FORGOT_PASSWORD' ) . " ?pw=true&uid= " . $user [ 'user_id' ] . " &key= " . $verk . " \r \n \r \n " ;
2015-04-25 20:08:44 +00:00
$message .= " If successful you should be able to change your password here. \r \n \r \n " ;
2015-12-04 14:19:10 +00:00
$message .= " Alternatively if the above method fails for some reason you can go to http:// " . Config :: get ( 'url_main' ) . $urls -> format ( 'SITE_FORGOT_PASSWORD' ) . " ?pw=true&uid= " . $user [ 'user_id' ] . " and use the key listed below: \r \n \r \n " ;
2015-09-14 20:51:23 +00:00
$message .= " Verification key: " . $verk . " \r \n \r \n " ;
2015-04-25 20:08:44 +00:00
$message .= " You can of course change this password yourself via the profile page. If you have any difficulties please contact the site administrator. \r \n \r \n " ;
2015-12-04 14:19:10 +00:00
$message .= " -- \r \n \r \n Thanks \r \n \r \n " . Config :: get ( 'mail_signature' );
2015-04-25 20:08:44 +00:00
// Send the message
2016-01-17 01:58:31 +00:00
Utils :: sendMail ([ $user [ 'email' ] => $user [ 'username' ]], Config :: get ( 'sitename' ) . ' password restoration' , $message );
2015-04-25 20:08:44 +00:00
// Return success
return [ 1 , 'SUCCESS' ];
}
// Reset password with key
2015-09-14 20:51:23 +00:00
public static function resetPassword ( $verk , $uid , $newpass , $verpass )
{
2015-04-25 20:08:44 +00:00
// Check if authentication is disallowed
2015-12-04 14:19:10 +00:00
if ( Config :: get ( 'lock_authentication' )) {
2015-04-25 20:08:44 +00:00
return [ 0 , 'AUTH_LOCKED' ];
2015-09-05 16:11:04 +00:00
}
2015-04-25 20:08:44 +00:00
// Check password entropy
2016-01-17 01:58:31 +00:00
if ( Utils :: pwdEntropy ( $newpass ) < Config :: get ( 'min_entropy' )) {
2015-04-25 20:08:44 +00:00
return [ 0 , 'PASS_TOO_SHIT' ];
2015-09-05 16:11:04 +00:00
}
2015-04-25 20:08:44 +00:00
// Passwords do not match
2015-09-14 20:51:23 +00:00
if ( $newpass != $verpass ) {
2015-04-25 20:08:44 +00:00
return [ 0 , 'PASS_NOT_MATCH' ];
2015-09-05 16:11:04 +00:00
}
2015-04-25 20:08:44 +00:00
// Check the verification key
2016-01-09 21:57:54 +00:00
$action = ActionCode :: validate ( 'LOST_PASS' , $verk , $uid );
2015-04-25 20:08:44 +00:00
// Check if we got a negative return
2016-01-09 21:57:54 +00:00
if ( ! $action ) {
return [ 0 , 'INVALID_CODE' ];
2015-09-05 16:11:04 +00:00
}
2015-04-25 20:08:44 +00:00
// Hash the password
2015-09-14 21:41:43 +00:00
$password = Hashing :: createHash ( $newpass );
2015-09-14 20:51:23 +00:00
$time = time ();
2015-04-25 20:08:44 +00:00
// Update the user
Database :: update ( 'users' , [
[
'password_hash' => $password [ 3 ],
'password_salt' => $password [ 2 ],
'password_algo' => $password [ 0 ],
'password_iter' => $password [ 1 ],
2015-09-14 20:51:23 +00:00
'password_chan' => $time ,
2015-04-25 20:08:44 +00:00
],
[
2015-10-10 21:17:50 +00:00
'user_id' => [ $uid , '=' ],
2015-09-14 20:51:23 +00:00
],
2015-04-25 20:08:44 +00:00
]);
// Return success
return [ 1 , 'SUCCESS' ];
}
2015-04-21 14:23:28 +00:00
// Check if a user exists and then resend the activation e-mail
2015-09-14 20:51:23 +00:00
public static function resendActivationMail ( $username , $email )
{
2015-04-24 19:31:09 +00:00
// Check if authentication is disallowed
2015-12-04 14:19:10 +00:00
if ( Config :: get ( 'lock_authentication' )) {
2015-04-24 19:31:09 +00:00
return [ 0 , 'AUTH_LOCKED' ];
2015-09-05 16:11:04 +00:00
}
2015-04-21 14:23:28 +00:00
// Clean username string
2016-01-17 01:58:31 +00:00
$usernameClean = Utils :: cleanString ( $username , true );
$emailClean = Utils :: cleanString ( $email , true );
2015-04-21 14:23:28 +00:00
// Do database request
$user = Database :: fetch ( 'users' , false , [
2015-09-14 20:51:23 +00:00
'username_clean' => [ $usernameClean , '=' ],
'email' => [ $emailClean , '=' ],
2015-04-21 14:23:28 +00:00
]);
// Check if user exists
2015-09-14 20:51:23 +00:00
if ( count ( $user ) < 2 ) {
2015-04-21 14:23:28 +00:00
return [ 0 , 'USER_NOT_EXIST' ];
2015-09-05 16:11:04 +00:00
}
2015-12-29 21:52:19 +00:00
$userObj = User :: construct ( $user [ 'user_id' ]);
2015-04-21 14:23:28 +00:00
// Check if a user is activated
2015-12-29 21:52:19 +00:00
if ( ! $userObj -> permission ( Site :: DEACTIVATED )) {
2015-04-21 14:23:28 +00:00
return [ 0 , 'USER_ALREADY_ACTIVE' ];
2015-09-05 16:11:04 +00:00
}
2015-04-21 14:23:28 +00:00
// Send activation e-mail
2015-10-10 21:17:50 +00:00
self :: sendActivationMail ( $user [ 'user_id' ]);
2015-04-21 14:23:28 +00:00
// Return success
return [ 1 , 'SUCCESS' ];
}
2015-04-18 18:26:52 +00:00
// Send the activation e-mail and do other required stuff
2015-09-14 20:51:23 +00:00
public static function sendActivationMail ( $uid , $customKey = null )
{
2015-04-18 18:26:52 +00:00
// Get the user data
2015-12-29 21:52:19 +00:00
$user = User :: construct ( $uid );
2015-04-18 18:26:52 +00:00
// User is already activated or doesn't even exist
2016-01-17 01:58:31 +00:00
if ( ! $user -> id || ! $user -> permission ( Site :: DEACTIVATED )) {
2015-04-18 18:26:52 +00:00
return false ;
2015-09-05 16:11:04 +00:00
}
2015-04-18 18:26:52 +00:00
// Generate activation key
2016-01-17 01:58:31 +00:00
$activate = ActionCode :: generate ( 'ACTIVATE' , $user -> id );
2015-04-18 18:26:52 +00:00
2015-09-05 16:11:04 +00:00
// Create new urls object
$urls = new Urls ();
2015-04-18 18:26:52 +00:00
// Build the e-mail
2015-12-04 14:19:10 +00:00
$message = " Welcome to " . Config :: get ( 'sitename' ) . " ! \r \n \r \n " ;
2015-04-18 18:26:52 +00:00
$message .= " Please keep this e-mail for your records. Your account intormation is as follows: \r \n \r \n " ;
$message .= " ---------------------------- \r \n \r \n " ;
2016-01-17 01:58:31 +00:00
$message .= " Username: " . $user -> username . " \r \n \r \n " ;
$message .= " Your profile: http:// " . Config :: get ( 'url_main' ) . $urls -> format ( 'USER_PROFILE' , [ $user -> id ]) . " \r \n \r \n " ;
2015-04-18 18:26:52 +00:00
$message .= " ---------------------------- \r \n \r \n " ;
$message .= " Please visit the following link in order to activate your account: \r \n \r \n " ;
2016-01-17 01:58:31 +00:00
$message .= " http:// " . Config :: get ( 'url_main' ) . $urls -> format ( 'SITE_ACTIVATE' ) . " ?mode=activate&u= " . $user -> id . " &k= " . $activate . " \r \n \r \n " ;
2015-04-18 18:26:52 +00:00
$message .= " Your password has been securely stored in our database and cannot be retrieved. " ;
$message .= " In the event that it is forgotten, you will be able to reset it using the email address associated with your account. \r \n \r \n " ;
$message .= " Thank you for registering. \r \n \r \n " ;
2015-12-04 14:19:10 +00:00
$message .= " -- \r \n \r \n Thanks \r \n \r \n " . Config :: get ( 'mail_signature' );
2015-04-18 18:26:52 +00:00
// Send the message
2016-01-17 01:58:31 +00:00
Utils :: sendMail (
2015-09-14 21:41:43 +00:00
[
2016-01-17 01:58:31 +00:00
$user -> email () => $user -> username ,
2015-09-14 21:41:43 +00:00
],
2015-12-04 14:19:10 +00:00
Config :: get ( 'sitename' ) . ' Activation Mail' ,
2015-09-14 21:41:43 +00:00
$message
);
2015-04-18 18:26:52 +00:00
// Return true indicating that the things have been sent
return true ;
}
2015-04-19 13:00:32 +00:00
// Activating a user
2015-09-14 20:51:23 +00:00
public static function activateUser ( $uid , $requireKey = false , $key = null )
{
2015-04-19 13:00:32 +00:00
// Get the user data
2015-12-29 21:52:19 +00:00
$user = User :: construct ( $uid );
2015-04-19 13:00:32 +00:00
// Check if user exists
2016-01-17 01:58:31 +00:00
if ( ! $user -> id ) {
2015-04-19 13:00:32 +00:00
return [ 0 , 'USER_NOT_EXIST' ];
2015-09-05 16:11:04 +00:00
}
2015-04-19 13:00:32 +00:00
// Check if user is already activated
2015-12-29 21:52:19 +00:00
if ( ! $user -> permission ( Site :: DEACTIVATED )) {
2015-04-19 13:00:32 +00:00
return [ 0 , 'USER_ALREADY_ACTIVE' ];
2015-09-05 16:11:04 +00:00
}
2016-01-09 21:57:54 +00:00
// Check if a key is set
2015-09-14 20:51:23 +00:00
if ( $requireKey ) {
2015-04-19 13:00:32 +00:00
// Check the action code
2016-01-17 01:58:31 +00:00
$action = ActionCode :: validate ( 'ACTIVATE' , $key , $user -> id );
2015-04-19 13:00:32 +00:00
// Check if we got a negative return
2016-01-09 21:57:54 +00:00
if ( ! $action ) {
return [ 0 , 'INVALID_CODE' ];
2015-09-05 16:11:04 +00:00
}
2015-04-19 13:00:32 +00:00
}
2016-01-09 21:57:54 +00:00
// Add normal user, remove deactivated and set normal as default
$user -> addRanks ([ 2 ]);
$user -> removeRanks ([ 1 ]);
$user -> setMainRank ( 2 );
2015-04-19 13:00:32 +00:00
// Return success
return [ 1 , 'SUCCESS' ];
}
2015-04-08 19:27:51 +00:00
// Check if a user exists
2015-09-14 20:51:23 +00:00
public static function userExists ( $user , $id = true )
{
2015-04-08 19:27:51 +00:00
// Clean string
2016-01-17 01:58:31 +00:00
$user = Utils :: cleanString ( $user , true );
2015-04-08 19:27:51 +00:00
// Do database request
2015-10-10 21:17:50 +00:00
$user = Database :: fetch ( 'users' , true , [( $id ? 'user_id' : 'username_clean' ) => [ $user , '=' ]]);
2015-04-08 19:27:51 +00:00
// Return count (which would return 0, aka false, if nothing was found)
2015-10-10 21:17:50 +00:00
return count ( $user ) ? $user [ 0 ][ 'user_id' ] : false ;
2015-04-08 19:27:51 +00:00
}
2015-06-27 11:03:11 +00:00
// Get the available profile fields
2015-09-14 20:51:23 +00:00
public static function getProfileFields ()
{
2015-06-27 11:03:11 +00:00
// Get profile fields
$profileFields = Database :: fetch ( 'profilefields' );
// If there's nothing just return null
2015-09-14 20:51:23 +00:00
if ( ! count ( $profileFields )) {
2015-06-27 11:03:11 +00:00
return null ;
2015-09-05 16:11:04 +00:00
}
2015-06-27 11:03:11 +00:00
// Create output array
$fields = [];
// Iterate over the fields and clean them up
2015-09-14 20:51:23 +00:00
foreach ( $profileFields as $field ) {
2015-10-10 21:17:50 +00:00
$fields [ $field [ 'field_id' ]] = $field ;
2016-01-17 01:58:31 +00:00
$fields [ $field [ 'field_id' ]][ 'field_identity' ] = Utils :: cleanString ( $field [ 'field_name' ], true , true );
2015-10-10 21:17:50 +00:00
$fields [ $field [ 'field_id' ]][ 'field_additional' ] = json_decode ( $field [ 'field_additional' ], true );
2015-06-27 11:03:11 +00:00
}
// Return the yeahs
return $fields ;
}
2015-08-21 22:07:45 +00:00
// Get the available option fields
2015-09-14 20:51:23 +00:00
public static function getOptionFields ()
{
2015-08-21 22:07:45 +00:00
// Get option fields
$optionFields = Database :: fetch ( 'optionfields' );
// If there's nothing just return null
2015-09-14 20:51:23 +00:00
if ( ! count ( $optionFields )) {
2015-08-21 22:07:45 +00:00
return null ;
}
// Create output array
$fields = [];
2015-12-29 21:52:19 +00:00
$user = User :: construct ( self :: checkLogin ()[ 0 ]);
2015-08-21 22:07:45 +00:00
// Iterate over the fields and clean them up
2015-09-14 20:51:23 +00:00
foreach ( $optionFields as $field ) {
2015-12-29 21:52:19 +00:00
if ( ! $user -> permission ( constant ( 'Sakura\Perms\Site::' . $field [ 'option_permission' ]))) {
2015-08-21 22:07:45 +00:00
continue ;
}
2015-10-10 21:17:50 +00:00
$fields [ $field [ 'option_id' ]] = $field ;
2015-08-21 22:07:45 +00:00
}
// Return the yeahs
return $fields ;
}
2015-04-27 00:41:59 +00:00
// Get all online users
2015-09-14 20:51:23 +00:00
public static function checkAllOnline ()
{
2015-04-27 00:41:59 +00:00
// Assign time - 500 to a variable
2015-12-04 14:19:10 +00:00
$time = time () - Config :: get ( 'max_online_time' );
2015-11-07 22:58:02 +00:00
$return = [];
2015-04-27 00:41:59 +00:00
// Get all online users in the past 5 minutes
2015-10-10 21:17:50 +00:00
$getAll = Database :: fetch ( 'users' , true , [ 'user_last_online' => [ $time , '>' ]]);
2015-04-27 00:41:59 +00:00
2015-11-07 22:58:02 +00:00
foreach ( $getAll as $user ) {
2015-12-29 01:27:49 +00:00
$return [] = User :: construct ( $user [ 'user_id' ]);
2015-11-07 22:58:02 +00:00
}
2015-04-27 00:41:59 +00:00
// Return all the online users
2015-11-07 22:58:02 +00:00
return $return ;
2015-04-27 00:41:59 +00:00
}
2015-07-01 14:29:12 +00:00
// Add premium to a user
2015-09-14 20:51:23 +00:00
public static function addUserPremium ( $id , $seconds )
{
2015-07-01 14:29:12 +00:00
// Check if there's already a record of premium for this user in the database
$getUser = Database :: fetch ( 'premium' , false , [
2015-10-10 21:17:50 +00:00
'user_id' => [ $id , '=' ],
2015-07-01 14:29:12 +00:00
]);
// Calculate the (new) start and expiration timestamp
2015-10-10 21:17:50 +00:00
$start = isset ( $getUser [ 'premium_start' ]) ? $getUser [ 'premium_start' ] : time ();
$expire = isset ( $getUser [ 'premium_expire' ]) ? $getUser [ 'premium_expire' ] + $seconds : time () + $seconds ;
2015-07-01 14:29:12 +00:00
// If the user already exists do an update call, otherwise an insert call
2015-09-14 20:51:23 +00:00
if ( empty ( $getUser )) {
2015-07-01 14:29:12 +00:00
Database :: insert ( 'premium' , [
2015-10-10 21:17:50 +00:00
'user_id' => $id ,
'premium_start' => $start ,
'premium_expire' => $expire ,
2015-07-01 14:29:12 +00:00
]);
} else {
Database :: update ( 'premium' , [
[
2015-10-10 21:17:50 +00:00
'premium_expire' => $expire ,
2015-07-01 14:29:12 +00:00
],
[
2015-10-10 21:17:50 +00:00
'user_id' => [ $id , '=' ],
2015-09-14 20:51:23 +00:00
],
2015-07-01 14:29:12 +00:00
]);
}
// Return the expiration timestamp
return $expire ;
}
// Update the premium data
2015-09-14 20:51:23 +00:00
public static function updatePremiumMeta ( $id )
{
2015-07-01 14:29:12 +00:00
// Get the ID for the premium user rank from the database
2015-12-04 14:19:10 +00:00
$premiumRank = Config :: get ( 'premium_rank_id' );
2015-12-31 14:51:01 +00:00
$excepted = Config :: get ( 'restricted_rank_id' );
2015-07-01 14:29:12 +00:00
2015-11-11 21:54:56 +00:00
// Create user object
2015-12-29 01:27:49 +00:00
$user = User :: construct ( $id );
2015-11-11 21:54:56 +00:00
2015-07-01 14:29:12 +00:00
// Run the check
2015-11-11 21:54:56 +00:00
$check = $user -> isPremium ();
2015-07-01 14:29:12 +00:00
// Check if the user has premium
2016-01-17 01:58:31 +00:00
if ( $check [ 0 ] && ! array_key_exists ( $excepted , $user -> ranks )) {
2015-07-01 14:29:12 +00:00
// If so add the rank to them
2015-11-11 21:54:56 +00:00
$user -> addRanks ([ $premiumRank ]);
2015-07-01 14:29:12 +00:00
// Check if the user's default rank is standard user and update it to premium
2016-01-17 01:58:31 +00:00
if ( $user -> mainRankId == 2 ) {
2015-11-11 21:54:56 +00:00
$user -> setMainRank ( $premiumRank );
2015-09-05 16:11:04 +00:00
}
2016-01-02 17:55:31 +00:00
} elseif ( ! $check [ 0 ]) {
2015-11-11 21:54:56 +00:00
// Remove the expired entry
Database :: delete ( 'premium' , [
2016-01-17 01:58:31 +00:00
'user_id' => [ $user -> id , '=' ],
2015-11-11 21:54:56 +00:00
]);
2015-07-01 14:29:12 +00:00
// Else remove the rank from them
2015-11-11 21:54:56 +00:00
$user -> removeRanks ([ $premiumRank ]);
2015-07-01 14:29:12 +00:00
}
2015-04-27 00:41:59 +00:00
}
2015-04-12 01:20:31 +00:00
// Get user(s) by IP
2015-09-14 20:51:23 +00:00
public static function getUsersByIP ( $ip )
{
2015-04-12 01:20:31 +00:00
// Get users by registration IP
$registeredFrom = Database :: fetch ( 'users' , true , [ 'register_ip' => [ $ip , '=' ]]);
// Get users by last IP
$lastFrom = Database :: fetch ( 'users' , true , [ 'last_ip' => [ $ip , '=' ], 'register_ip' => [ $ip , '!=' ]]);
// Merge the arrays
$users = array_merge ( $registeredFrom , $lastFrom );
// Return the array with users
return $users ;
}
2015-04-27 21:07:48 +00:00
// Get users in rank
2015-09-14 20:51:23 +00:00
public static function getUsersInRank ( $rankId , $users = null , $excludeAbyss = true )
{
2015-04-27 21:07:48 +00:00
// Get all users (or use the supplied user list to keep server load down)
2015-09-14 20:51:23 +00:00
if ( ! $users ) {
2015-04-27 21:07:48 +00:00
$users = self :: getAllUsers ();
2015-09-05 16:11:04 +00:00
}
2015-04-27 21:07:48 +00:00
// Make output array
2015-10-18 19:06:30 +00:00
$rank = [];
2015-04-27 21:07:48 +00:00
// Go over all users and check if they have the rank id
2015-09-14 20:51:23 +00:00
foreach ( $users as $user ) {
2015-04-27 21:07:48 +00:00
// If so store the user's row in the array
2016-01-17 01:58:31 +00:00
if ( $user -> hasRanks ([ $rankId ], $user -> id )) {
2015-04-27 21:07:48 +00:00
$rank [] = $user ;
2015-09-05 16:11:04 +00:00
}
2015-04-27 21:07:48 +00:00
}
// Then return the array with the user rows
return $rank ;
}
2015-04-02 13:24:05 +00:00
// Get all users
2015-09-14 20:51:23 +00:00
public static function getAllUsers ( $includeInactive = true , $includeAbyss = false )
{
2015-04-02 13:24:05 +00:00
// Execute query
$getUsers = Database :: fetch ( 'users' , true );
2015-04-25 20:25:44 +00:00
// Define variable
$users = [];
2015-04-02 13:24:05 +00:00
// Reorder shit
2015-09-14 20:51:23 +00:00
foreach ( $getUsers as $user ) {
2015-12-29 21:52:19 +00:00
$user = User :: construct ( $user [ 'user_id' ]);
2015-04-19 13:00:32 +00:00
// Skip if inactive and not include deactivated users
2015-12-29 21:52:19 +00:00
if ( ! $includeInactive && $user -> permission ( Site :: DEACTIVATED )) {
2015-04-19 13:00:32 +00:00
continue ;
2015-09-05 16:11:04 +00:00
}
2016-01-17 01:58:31 +00:00
$users [ $user -> id ] = $user ;
2015-04-19 13:00:32 +00:00
}
2015-04-02 13:24:05 +00:00
// and return an array with the users
return $users ;
}
2015-04-06 20:06:33 +00:00
// Get all ranks
2015-09-14 20:51:23 +00:00
public static function getAllRanks ()
{
2015-04-02 13:24:05 +00:00
// Execute query
2015-04-06 20:06:33 +00:00
$getRanks = Database :: fetch ( 'ranks' , true );
2015-04-02 13:24:05 +00:00
2015-04-25 20:25:44 +00:00
// Define variable
$ranks = [];
2015-04-02 13:24:05 +00:00
// Reorder shit
2015-09-14 20:51:23 +00:00
foreach ( $getRanks as $rank ) {
2015-12-29 21:52:19 +00:00
$ranks [ $rank [ 'rank_id' ]] = Rank :: construct ( $rank [ 'rank_id' ]);
2015-09-05 16:11:04 +00:00
}
2015-04-06 20:06:33 +00:00
// and return an array with the ranks
return $ranks ;
2015-04-02 13:24:05 +00:00
}
2015-05-09 00:56:55 +00:00
// Get a user's notifications
2015-09-14 20:51:23 +00:00
public static function getNotifications ( $uid = null , $timediff = 0 , $excludeRead = true , $markRead = false )
{
2015-05-09 00:56:55 +00:00
// Prepare conditions
2015-10-18 19:06:30 +00:00
$conditions = [];
2015-10-18 01:50:50 +00:00
$conditions [ 'user_id' ] = [( $uid ? $uid : self :: checkLogin ()[ 0 ]), '=' ];
2015-09-05 16:11:04 +00:00
2015-09-14 20:51:23 +00:00
if ( $timediff ) {
2015-10-10 21:17:50 +00:00
$conditions [ 'alert_timestamp' ] = [ time () - $timediff , '>' ];
2015-09-05 16:11:04 +00:00
}
2015-09-14 20:51:23 +00:00
if ( $excludeRead ) {
2015-10-10 21:17:50 +00:00
$conditions [ 'alert_read' ] = [ 0 , '=' ];
2015-09-05 16:11:04 +00:00
}
2015-05-09 00:56:55 +00:00
// Get notifications for the database
$notifications = Database :: fetch ( 'notifications' , true , $conditions );
// Mark the notifications as read
2015-09-14 20:51:23 +00:00
if ( $markRead ) {
2015-05-09 00:56:55 +00:00
// Iterate over all entries
2015-09-14 20:51:23 +00:00
foreach ( $notifications as $notification ) {
2015-05-09 00:56:55 +00:00
// If the notifcation is already read skip
2015-10-10 21:17:50 +00:00
if ( $notification [ 'alert_read' ]) {
2015-05-09 00:56:55 +00:00
continue ;
2015-09-05 16:11:04 +00:00
}
2015-05-09 00:56:55 +00:00
// Mark them as read
2015-10-16 13:37:29 +00:00
self :: markNotificationRead ( $notification [ 'alert_id' ]);
2015-05-09 00:56:55 +00:00
}
}
// Return the notifications
return $notifications ;
}
// Marking notifications as read
2015-09-14 20:51:23 +00:00
public static function markNotificationRead ( $id , $mode = true )
{
2015-05-09 00:56:55 +00:00
// Execute an update statement
Database :: update ( 'notifications' , [
[
2015-10-10 21:17:50 +00:00
'alert_read' => ( $mode ? 1 : 0 ),
2015-05-09 00:56:55 +00:00
],
[
2015-10-10 21:17:50 +00:00
'alert_id' => [ $id , '=' ],
2015-09-14 20:51:23 +00:00
],
2015-05-09 00:56:55 +00:00
]);
}
// Adding a new notification
2015-09-14 20:51:23 +00:00
public static function createNotification ( $user , $title , $text , $timeout = 60000 , $img = 'FONT:fa-info-circle' , $link = '' , $sound = 0 )
{
2015-05-09 00:56:55 +00:00
// Get current timestamp
$time = time ();
// Insert it into the database
Database :: insert ( 'notifications' , [
2015-10-10 21:17:50 +00:00
'user_id' => $user ,
'alert_timestamp' => $time ,
'alert_read' => 0 ,
'alert_sound' => ( $sound ? 1 : 0 ),
'alert_title' => $title ,
'alert_text' => $text ,
'alert_link' => $link ,
'alert_img' => $img ,
'alert_timeout' => $timeout ,
2015-05-09 00:56:55 +00:00
]);
}
2015-08-28 20:32:31 +00:00
// Get the ID of the newest user
2015-09-14 20:51:23 +00:00
public static function getNewestUserId ()
{
2015-12-31 14:51:01 +00:00
return Database :: fetch ( 'users' , false , [ 'rank_main' => [ Config :: get ( 'restricted_rank_id' ), '!=' ]], [ 'user_id' , true ], [ '1' ])[ 'user_id' ];
2015-08-28 20:32:31 +00:00
}
2015-04-02 13:24:05 +00:00
}