1255 lines
35 KiB
PHP
1255 lines
35 KiB
PHP
<?php
|
|
/**
|
|
* Holds the user object class.
|
|
*
|
|
* @package Sakura
|
|
*/
|
|
|
|
namespace Sakura;
|
|
|
|
use Sakura\Perms;
|
|
use Sakura\Perms\Site;
|
|
|
|
/**
|
|
* Everything you'd ever need from a specific user.
|
|
*
|
|
* @package Sakura
|
|
* @author Julian van de Groep <me@flash.moe>
|
|
*/
|
|
class User
|
|
{
|
|
/**
|
|
* The User's ID.
|
|
*
|
|
* @var int
|
|
*/
|
|
public $id = 0;
|
|
|
|
/**
|
|
* The user's username.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $username = 'User';
|
|
|
|
/**
|
|
* A cleaned version of the username.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $usernameClean = 'user';
|
|
|
|
/**
|
|
* The user's password hash.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $passwordHash = '';
|
|
|
|
/**
|
|
* The user's password salt.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $passwordSalt = '';
|
|
|
|
/**
|
|
* The user's password algorithm.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $passwordAlgo = 'disabled';
|
|
|
|
/**
|
|
* The password iterations.
|
|
*
|
|
* @var int
|
|
*/
|
|
public $passwordIter = 0;
|
|
|
|
/**
|
|
* UNIX timestamp of last time the password was changed.
|
|
*
|
|
* @var int
|
|
*/
|
|
public $passwordChan = 0;
|
|
|
|
/**
|
|
* The user's e-mail address.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $email = 'user@sakura';
|
|
|
|
/**
|
|
* The rank object of the user's main rank.
|
|
*
|
|
* @var Rank
|
|
*/
|
|
public $mainRank = null;
|
|
|
|
/**
|
|
* The ID of the main rank.
|
|
*
|
|
* @var int
|
|
*/
|
|
public $mainRankId = 1;
|
|
|
|
/**
|
|
* The index of rank objects.
|
|
*
|
|
* @var array
|
|
*/
|
|
public $ranks = [];
|
|
|
|
/**
|
|
* The user's username colour.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $colour = '';
|
|
|
|
/**
|
|
* The IP the user registered from.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $registerIp = '0.0.0.0';
|
|
|
|
/**
|
|
* The IP the user was last active from.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $lastIp = '0.0.0.0';
|
|
|
|
/**
|
|
* A user's title.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $title = '';
|
|
|
|
/**
|
|
* The UNIX timestamp of when the user registered.
|
|
*
|
|
* @var int
|
|
*/
|
|
public $registered = 0;
|
|
|
|
/**
|
|
* The UNIX timestamp of when the user was last online.
|
|
*
|
|
* @var int
|
|
*/
|
|
public $lastOnline = 0;
|
|
|
|
/**
|
|
* The 2 character country code of a user.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $country = 'XX';
|
|
|
|
/**
|
|
* The File id of the user's avatar.
|
|
*
|
|
* @var int
|
|
*/
|
|
public $avatar = 0;
|
|
|
|
/**
|
|
* The File id of the user's background.
|
|
*
|
|
* @var int
|
|
*/
|
|
public $background = 0;
|
|
|
|
/**
|
|
* The FIle id of the user's header.
|
|
* @var mixed
|
|
*/
|
|
public $header = 0;
|
|
|
|
/**
|
|
* The raw userpage of the user.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $page = '';
|
|
|
|
/**
|
|
* The raw signature of the user.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $signature = '';
|
|
|
|
/**
|
|
* The user's birthday.
|
|
*
|
|
* @var string
|
|
*/
|
|
private $birthday = '0000-00-00';
|
|
|
|
/**
|
|
* The user's permission container.
|
|
*
|
|
* @var Perms
|
|
*/
|
|
private $permissions;
|
|
|
|
/**
|
|
* The user's option fields.
|
|
*
|
|
* @var array
|
|
*/
|
|
private $optionFields = null;
|
|
|
|
/**
|
|
* The user's profile fields.
|
|
*
|
|
* @var array
|
|
*/
|
|
private $profileFields = null;
|
|
|
|
/**
|
|
* The User instance cache array.
|
|
*
|
|
* @var array
|
|
*/
|
|
protected static $_userCache = [];
|
|
|
|
/**
|
|
* Cached constructor.
|
|
*
|
|
* @param int|string $uid The user ID or clean username.
|
|
* @param bool $forceRefresh Force a recreation.
|
|
*
|
|
* @return User Returns a user object.
|
|
*/
|
|
public static function construct($uid, $forceRefresh = false)
|
|
{
|
|
// Check if a user object isn't present in cache
|
|
if ($forceRefresh || !array_key_exists($uid, self::$_userCache)) {
|
|
// If not create a new object and cache it
|
|
self::$_userCache[$uid] = new User($uid);
|
|
}
|
|
|
|
// Return the cached object
|
|
return self::$_userCache[$uid];
|
|
}
|
|
|
|
/**
|
|
* Create a new user.
|
|
*
|
|
* @param string $username The username of the user.
|
|
* @param string $password The password of the user.
|
|
* @param string $email The e-mail, used primarily for activation.
|
|
* @param array $ranks The ranks assigned to the user on creation.
|
|
*
|
|
* @return User The newly created user's object.
|
|
*/
|
|
public static function create($username, $password, $email, $ranks = [2])
|
|
{
|
|
// Set a few variables
|
|
$usernameClean = Utils::cleanString($username, true);
|
|
$emailClean = Utils::cleanString($email, true);
|
|
$password = Hashing::createHash($password);
|
|
|
|
// Insert the user into the database
|
|
DBv2::prepare('INSERT INTO `{prefix}users` (`username`, `username_clean`, `password_hash`, `password_salt`, `password_algo`, `password_iter`, `email`, `rank_main`, `register_ip`, `last_ip`, `user_registered`, `user_last_online`, `user_country`) VALUES (:uname, :uname_clean, :pw_hash, :pw_salt, :pw_algo, :pw_iter, :email, :rank, :r_ip, :l_ip, :registered, :l_online, :country)')
|
|
->execute([
|
|
'uname' => $username,
|
|
'uname_clean' => $usernameClean,
|
|
'pw_hash' => $password[3],
|
|
'pw_salt' => $password[2],
|
|
'pw_algo' => $password[0],
|
|
'pw_iter' => $password[1],
|
|
'email' => $emailClean,
|
|
'rank' => 0,
|
|
'r_ip' => Net::pton(Net::IP()),
|
|
'l_ip' => Net::pton(Net::IP()),
|
|
'registered' => time(),
|
|
'l_online' => 0,
|
|
'country' => Utils::getCountryCode(),
|
|
]);
|
|
|
|
// Get the last id
|
|
$userId = DBv2::lastID();
|
|
|
|
// Create a user object
|
|
$user = self::construct($userId);
|
|
|
|
// Assign the default rank
|
|
$user->addRanks($ranks);
|
|
|
|
// Set the default rank
|
|
$user->setMainRank($ranks[0]);
|
|
|
|
// Return the user object
|
|
return $user;
|
|
}
|
|
|
|
/**
|
|
* The actual constructor
|
|
*
|
|
* @param int|string $uid The user ID or clean username.
|
|
*/
|
|
private function __construct($uid)
|
|
{
|
|
// Get the user database row
|
|
$userRow = DBv2::prepare('SELECT * FROM `{prefix}users` WHERE `user_id` = :id OR `username_clean` = :clean');
|
|
$userRow->execute([
|
|
'id' => $uid,
|
|
'clean' => Utils::cleanString($uid, true, true),
|
|
]);
|
|
$userRow = $userRow->fetch();
|
|
|
|
// Populate the variables
|
|
if ($userRow) {
|
|
$this->id = $userRow->user_id;
|
|
$this->username = $userRow->username;
|
|
$this->usernameClean = $userRow->username_clean;
|
|
$this->passwordHash = $userRow->password_hash;
|
|
$this->passwordSalt = $userRow->password_salt;
|
|
$this->passwordAlgo = $userRow->password_algo;
|
|
$this->passwordIter = $userRow->password_iter;
|
|
$this->passwordChan = $userRow->password_chan;
|
|
$this->email = $userRow->email;
|
|
$this->mainRankId = $userRow->rank_main;
|
|
$this->colour = $userRow->user_colour;
|
|
$this->registerIp = $userRow->register_ip;
|
|
$this->lastIp = $userRow->last_ip;
|
|
$this->title = $userRow->user_title;
|
|
$this->registered = $userRow->user_registered;
|
|
$this->lastOnline = $userRow->user_last_online;
|
|
$this->birthday = $userRow->user_birthday;
|
|
$this->country = $userRow->user_country;
|
|
$this->avatar = $userRow->user_avatar;
|
|
$this->background = $userRow->user_background;
|
|
$this->header = $userRow->user_header;
|
|
$this->page = $userRow->user_page;
|
|
$this->signature = $userRow->user_signature;
|
|
}
|
|
|
|
// Get all ranks
|
|
$ranks = DBv2::prepare('SELECT * FROM `{prefix}user_ranks` WHERE `user_id` = :id');
|
|
$ranks->execute([
|
|
'id' => $this->id,
|
|
]);
|
|
$ranks = $ranks->fetchAll();
|
|
|
|
// Get the rows for all the ranks
|
|
foreach ($ranks as $rank) {
|
|
// Store the database row in the array
|
|
$this->ranks[$rank->rank_id] = Rank::construct($rank->rank_id);
|
|
}
|
|
|
|
// Check if ranks were set
|
|
if (empty($this->ranks)) {
|
|
// If not assign the fallback rank
|
|
$this->ranks[1] = Rank::construct(1);
|
|
}
|
|
|
|
// Check if the rank is actually assigned to this user
|
|
if (!array_key_exists($this->mainRankId, $this->ranks)) {
|
|
$this->mainRankId = array_keys($this->ranks)[0];
|
|
$this->setMainRank($this->mainRankId);
|
|
}
|
|
|
|
// Assign the main rank to its own var
|
|
$this->mainRank = $this->ranks[$this->mainRankId];
|
|
|
|
// Set user colour
|
|
$this->colour = $this->colour ? $this->colour : $this->mainRank->colour;
|
|
|
|
// Set user title
|
|
$this->title = $this->title ? $this->title : $this->mainRank->title;
|
|
|
|
// Init the permissions
|
|
$this->permissions = new Perms(Perms::SITE);
|
|
}
|
|
|
|
|
|
/**
|
|
* Commit changed to database, doesn't do anything yet.
|
|
*/
|
|
public function update()
|
|
{
|
|
// placeholder
|
|
}
|
|
|
|
/**
|
|
* Get the user's birthday.
|
|
*
|
|
* @param bool $age Just get the age.
|
|
*
|
|
* @return int|string Return the birthday.
|
|
*/
|
|
public function birthday($age = false)
|
|
{
|
|
// If age is requested calculate it
|
|
if ($age) {
|
|
// Create dates
|
|
$birthday = date_create($this->birthday);
|
|
$now = date_create(date('Y-m-d'));
|
|
|
|
// Get the difference
|
|
$diff = date_diff($birthday, $now);
|
|
|
|
// Return the difference in years
|
|
return (int) $diff->format('%Y');
|
|
}
|
|
|
|
// Otherwise just return the birthday value
|
|
return $this->birthday;
|
|
}
|
|
|
|
/**
|
|
* Get the user's country.
|
|
*
|
|
* @param bool $long Get the full country name.
|
|
*
|
|
* @return string The country.
|
|
*/
|
|
public function country($long = false)
|
|
{
|
|
return $long ? Utils::getCountryName($this->country) : $this->country;
|
|
}
|
|
|
|
/**
|
|
* Check if a user is online.
|
|
*
|
|
* @return bool Are they online?
|
|
*/
|
|
public function isOnline()
|
|
{
|
|
// Get all sessions
|
|
$sessions = DBv2::prepare('SELECT `user_id` FROM `{prefix}sessions` WHERE `user_id` = :id');
|
|
$sessions->execute([
|
|
'id' => $this->id,
|
|
]);
|
|
|
|
// If there's no entries just straight up return false
|
|
if (!$sessions->rowCount()) {
|
|
return false;
|
|
}
|
|
|
|
// Otherwise use the standard method
|
|
return $this->lastOnline > (time() - Config::get('max_online_time'));
|
|
}
|
|
|
|
/**
|
|
* Get a few forum statistics.
|
|
*
|
|
* @return array Post and thread counts.
|
|
*/
|
|
public function forumStats()
|
|
{
|
|
$posts = DBv2::prepare('SELECT * FROM `{prefix}posts` WHERE `poster_id` = :id');
|
|
$posts->execute([
|
|
'id' => $this->id,
|
|
]);
|
|
|
|
$threads = DBv2::prepare('SELECT DISTINCT * FROM `{prefix}posts` WHERE `poster_id` = :id GROUP BY `topic_id` ORDER BY `post_time`');
|
|
$threads->execute([
|
|
'id' => $this->id,
|
|
]);
|
|
|
|
return [
|
|
'posts' => $posts->rowCount(),
|
|
'topics' => $threads->rowCount(),
|
|
];
|
|
}
|
|
|
|
/**
|
|
* Add ranks to a user.
|
|
*
|
|
* @param array $ranks Array containing the rank IDs.
|
|
*/
|
|
public function addRanks($ranks)
|
|
{
|
|
// Update the ranks array
|
|
$ranks = array_diff(
|
|
array_unique(
|
|
array_merge(
|
|
array_keys($this->ranks),
|
|
$ranks)
|
|
),
|
|
array_keys($this->ranks)
|
|
);
|
|
|
|
// Save to the database
|
|
foreach ($ranks as $rank) {
|
|
DBv2::prepare('INSERT INTO `{prefix}ranks` (`rank_id`, `user_id`) VALUES (:rank, :user)')
|
|
->execute([
|
|
'rank' => $rank,
|
|
'user' => $this->id,
|
|
]);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Remove a set of ranks from a user.
|
|
*
|
|
* @param array $ranks Array containing the IDs of ranks to remove.
|
|
*/
|
|
public function removeRanks($ranks)
|
|
{
|
|
// Current ranks
|
|
$remove = array_intersect(array_keys($this->ranks), $ranks);
|
|
|
|
// Iterate over the ranks
|
|
foreach ($remove as $rank) {
|
|
DBv2::prepare('DELETE FROM `{prefix}user_ranks` WHERE `user_id` = :user AND `rank_id` = :rank')
|
|
->execute([
|
|
'user' => $this->id,
|
|
'rank' => $rank,
|
|
]);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Change the main rank of a user.
|
|
*
|
|
* @param int $rank The ID of the new main rank.
|
|
*
|
|
* @return bool Always true.
|
|
*/
|
|
public function setMainRank($rank)
|
|
{
|
|
// If it does exist update their row
|
|
DBv2::prepare('UPDATE `{prefix}users` SET `rank_main` = :rank WHERE `user_id` = :id')
|
|
->execute([
|
|
'rank' => $rank,
|
|
'id' => $this->id,
|
|
]);
|
|
|
|
// Return true if everything was successful
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Check if a user has a certain set of rank.
|
|
*
|
|
* @param array $ranks Ranks IDs to check.
|
|
*
|
|
* @return bool Successful?
|
|
*/
|
|
public function hasRanks($ranks)
|
|
{
|
|
// Check if the main rank is the specified rank
|
|
if (in_array($this->mainRankId, $ranks)) {
|
|
return true;
|
|
}
|
|
|
|
// If not go over all ranks and check if the user has them
|
|
foreach ($ranks as $rank) {
|
|
// We check if $rank is in $this->ranks and if yes return true
|
|
if (in_array($rank, array_keys($this->ranks))) {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
// If all fails return false
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Add a new friend.
|
|
*
|
|
* @param int $uid The ID of the friend.
|
|
*
|
|
* @return array Status indicator.
|
|
*/
|
|
public function addFriend($uid)
|
|
{
|
|
// Create the foreign object
|
|
$user = User::construct($uid);
|
|
|
|
// Validate that the user exists
|
|
if ($user->permission(Site::DEACTIVATED)) {
|
|
return [0, 'USER_NOT_EXIST'];
|
|
}
|
|
|
|
// Check if the user already has this user a friend
|
|
if ($this->isFriends($uid)) {
|
|
return [0, 'ALREADY_FRIENDS'];
|
|
}
|
|
|
|
// Add friend
|
|
DBv2::prepare('INSERT INTO `{prefix}friends` (`user_id`, `friend_id`, `friend_timestamp`) VALUES (:user, :friend, :time)')
|
|
->execute([
|
|
'user' => $this->id,
|
|
'friend' => $uid,
|
|
'time' => time(),
|
|
]);
|
|
|
|
// Return true because yay
|
|
return [1, $user->isFriends($this->id) ? 'FRIENDS' : 'NOT_MUTUAL'];
|
|
}
|
|
|
|
/**
|
|
* Remove a friend.
|
|
*
|
|
* @param int $uid The friend Id
|
|
* @param bool $deleteRequest Delete the open request as well (remove you from their friends list).
|
|
*
|
|
* @return array Status indicator.
|
|
*/
|
|
public function removeFriend($uid, $deleteRequest = false)
|
|
{
|
|
// Create the foreign object
|
|
$user = User::construct($uid);
|
|
|
|
// Validate that the user exists
|
|
if ($user->permission(Site::DEACTIVATED)) {
|
|
return [0, 'USER_NOT_EXIST'];
|
|
}
|
|
|
|
// Prepare the statement
|
|
$rem = DBv2::prepare('DELETE FROM `{prefix}friends` WHERE `user_id` = :user AND `friend_id` = :friend');
|
|
|
|
// Remove friend
|
|
$rem->execute([
|
|
'user' => $this->id,
|
|
'friend' => $uid,
|
|
]);
|
|
|
|
// Attempt to remove the request
|
|
if ($deleteRequest) {
|
|
$rem->execute([
|
|
'user' => $uid,
|
|
'friend' => $this->id,
|
|
]);
|
|
}
|
|
|
|
// Return true because yay
|
|
return [1, 'REMOVED'];
|
|
}
|
|
|
|
/**
|
|
* Check if this user is friends with another user.
|
|
*
|
|
* @param int $with ID of the other user.
|
|
*
|
|
* @return int 0 = no, 1 = pending request, 2 = mutual
|
|
*/
|
|
public function isFriends($with)
|
|
{
|
|
// Accepted from this user
|
|
$get = DBv2::prepare('SELECT * FROM `{prefix}friends` WHERE `user_id` = :user AND `friend_id` = :friend');
|
|
$get->execute([
|
|
'user' => $this->id,
|
|
'friend' => $with,
|
|
]);
|
|
$user = $get->rowCount();
|
|
|
|
// And the other user
|
|
$get->execute([
|
|
'user' => $with,
|
|
'friend' => $this->id,
|
|
]);
|
|
$friend = $get->rowCount();
|
|
|
|
if ($user && $friend) {
|
|
return 2; // Mutual friends
|
|
} elseif ($user) {
|
|
return 1; // Pending request
|
|
}
|
|
|
|
// Else return 0
|
|
return 0;
|
|
}
|
|
|
|
/**
|
|
* Get all the friends from this user.
|
|
*
|
|
* @param int $level Friend level; (figure out what the levels are at some point)
|
|
* @param bool $noObj Just return IDs.
|
|
*
|
|
* @return array The array with either the objects or the ids.
|
|
*/
|
|
public function friends($level = 0, $noObj = false)
|
|
{
|
|
// User ID container
|
|
$users = [];
|
|
|
|
// Select the correct level
|
|
switch ($level) {
|
|
// Mutual
|
|
case 2:
|
|
// Get all the current user's friends
|
|
$self = DBv2::prepare('SELECT `friend_id` FROM `{prefix}friends` WHERE `user_id` = :user');
|
|
$self->execute([
|
|
'user' => $this->id,
|
|
]);
|
|
$self = array_column($self->fetchAll(\PDO::FETCH_ASSOC), 'friend_id');
|
|
|
|
// Get all the people that added this user as a friend
|
|
$others = DBv2::prepare('SELECT `user_id` FROM `{prefix}friends` WHERE `friend_id` = :user');
|
|
$others->execute([
|
|
'user' => $this->id,
|
|
]);
|
|
$others = array_column($others->fetchAll(\PDO::FETCH_ASSOC), 'user_id');
|
|
|
|
// Create a difference map
|
|
$users = array_intersect($self, $others);
|
|
break;
|
|
|
|
// Non-mutual (from user perspective)
|
|
case 1:
|
|
$users = DBv2::prepare('SELECT `friend_id` FROM `{prefix}friends` WHERE `user_id` = :user');
|
|
$users->execute([
|
|
'user' => $this->id,
|
|
]);
|
|
$users = array_column($users->fetchAll(\PDO::FETCH_ASSOC), 'friend_id');
|
|
break;
|
|
|
|
// All friend cases
|
|
case 0:
|
|
default:
|
|
// Get all the current user's friends
|
|
$self = DBv2::prepare('SELECT `friend_id` FROM `{prefix}friends` WHERE `user_id` = :user');
|
|
$self->execute([
|
|
'user' => $this->id,
|
|
]);
|
|
$self = array_column($self->fetchAll(\PDO::FETCH_ASSOC), 'friend_id');
|
|
|
|
// Get all the people that added this user as a friend
|
|
$others = DBv2::prepare('SELECT `user_id` FROM `{prefix}friends` WHERE `friend_id` = :user');
|
|
$others->execute([
|
|
'user' => $this->id,
|
|
]);
|
|
$others = array_column($others->fetchAll(\PDO::FETCH_ASSOC), 'user_id');
|
|
|
|
// Create a difference map
|
|
$users = array_merge($others, $self);
|
|
break;
|
|
|
|
// Open requests
|
|
case -1:
|
|
// Get all the current user's friends
|
|
$self = DBv2::prepare('SELECT `friend_id` FROM `{prefix}friends` WHERE `user_id` = :user');
|
|
$self->execute([
|
|
'user' => $this->id,
|
|
]);
|
|
$self = array_column($self->fetchAll(\PDO::FETCH_ASSOC), 'friend_id');
|
|
|
|
// Get all the people that added this user as a friend
|
|
$others = DBv2::prepare('SELECT `user_id` FROM `{prefix}friends` WHERE `friend_id` = :user');
|
|
$others->execute([
|
|
'user' => $this->id,
|
|
]);
|
|
$others = array_column($others->fetchAll(\PDO::FETCH_ASSOC), 'user_id');
|
|
|
|
// Create a difference map
|
|
$users = array_diff($others, $self);
|
|
break;
|
|
}
|
|
|
|
// Check if we only requested the IDs
|
|
if ($noObj) {
|
|
// If so just return $users
|
|
return $users;
|
|
}
|
|
|
|
// Create the storage array
|
|
$objects = [];
|
|
|
|
// Create the user objects
|
|
foreach ($users as $user) {
|
|
// Create new object
|
|
$objects[$user] = User::construct($user);
|
|
}
|
|
|
|
// Return the objects
|
|
return $objects;
|
|
}
|
|
|
|
/**
|
|
* Check if the user is banned.
|
|
*
|
|
* @return array|bool Ban status.
|
|
*/
|
|
public function checkBan()
|
|
{
|
|
return Bans::checkBan($this->id);
|
|
}
|
|
|
|
/**
|
|
* Check if the user has a certaing permission flag.
|
|
*
|
|
* @param int $flag The permission flag.
|
|
* @param string $mode The permission mode.
|
|
*
|
|
* @return bool Success?
|
|
*/
|
|
public function permission($flag, $mode = null)
|
|
{
|
|
// Set mode
|
|
$this->permissions->mode($mode ? $mode : Perms::SITE);
|
|
|
|
// Set default permission value
|
|
$perm = 0;
|
|
|
|
// Bitwise OR it with the permissions for this forum
|
|
$perm = $this->permissions->user($this->id);
|
|
|
|
return $this->permissions->check($flag, $perm);
|
|
}
|
|
|
|
/**
|
|
* Get the comments from the user's profile.
|
|
* @return Comments
|
|
*/
|
|
public function profileComments()
|
|
{
|
|
return new Comments('profile-' . $this->id);
|
|
}
|
|
|
|
/**
|
|
* Get the user's profile fields.
|
|
*
|
|
* @return array The profile fields.
|
|
*/
|
|
public function profileFields()
|
|
{
|
|
// Check if we have cached data
|
|
if ($this->profileFields) {
|
|
return $this->profileFields;
|
|
}
|
|
|
|
// Create array and get values
|
|
$profile = [];
|
|
|
|
$profileFields = DBv2::prepare('SELECT * FROM `{prefix}profilefields`');
|
|
$profileFields->execute();
|
|
$profileFields = $profileFields->fetchAll(\PDO::FETCH_ASSOC);
|
|
|
|
$profileValuesRaw = DBv2::prepare('SELECT * FROM `{prefix}user_profilefields` WHERE `user_id` = :user');
|
|
$profileValuesRaw->execute([
|
|
'user' => $this->id,
|
|
]);
|
|
$profileValuesRaw = $profileValuesRaw->fetchAll(\PDO::FETCH_ASSOC);
|
|
|
|
$profileValueKeys = array_map(function ($a) {
|
|
return $a['field_name'];
|
|
}, $profileValuesRaw);
|
|
$profileValueVals = array_map(function ($a) {
|
|
return $a['field_value'];
|
|
}, $profileValuesRaw);
|
|
$profileValues = array_combine($profileValueKeys, $profileValueVals);
|
|
|
|
// Check if anything was returned
|
|
if (!$profileFields || !$profileValues) {
|
|
return $profile;
|
|
}
|
|
|
|
// Check if profile fields aren't fake
|
|
foreach ($profileFields as $field) {
|
|
// Completely strip all special characters from the field name
|
|
$fieldName = Utils::cleanString($field['field_name'], true, true);
|
|
|
|
// Check if the user has the current field set otherwise continue
|
|
if (!array_key_exists($fieldName, $profileValues)) {
|
|
continue;
|
|
}
|
|
|
|
// Assign field to output with value
|
|
$profile[$fieldName] = [];
|
|
$profile[$fieldName]['name'] = $field['field_name'];
|
|
$profile[$fieldName]['value'] = $profileValues[$fieldName];
|
|
$profile[$fieldName]['islink'] = $field['field_link'];
|
|
|
|
// If the field is set to be a link add a value for that as well
|
|
if ($field['field_link']) {
|
|
$profile[$fieldName]['link'] = str_replace(
|
|
'{{ VAL }}',
|
|
$profileValues[$fieldName],
|
|
$field['field_linkformat']
|
|
);
|
|
}
|
|
|
|
// Check if we have additional options as well
|
|
if (!$field['field_additional']) {
|
|
// Decode the json of the additional stuff
|
|
$additional = json_decode($field['field_additional'], true);
|
|
|
|
// Go over all additional forms
|
|
foreach ($additional as $subName => $subField) {
|
|
// Check if the user has the current field set otherwise continue
|
|
if (!array_key_exists($subName, $profileValues)) {
|
|
continue;
|
|
}
|
|
|
|
// Assign field to output with value
|
|
$profile[$fieldName][$subName] = $profileValues[$subName];
|
|
}
|
|
}
|
|
}
|
|
|
|
// Assign cache
|
|
$this->profileFields = $profile;
|
|
|
|
// Return appropiate profile data
|
|
return $profile;
|
|
}
|
|
|
|
/**
|
|
* Get a user's option fields.
|
|
*
|
|
* @return array The array containing the fields.
|
|
*/
|
|
public function optionFields()
|
|
{
|
|
// Check if we have cached data
|
|
if ($this->optionFields) {
|
|
return $this->optionFields;
|
|
}
|
|
|
|
// Create array and get values
|
|
$options = [];
|
|
|
|
$optionFields = DBv2::prepare('SELECT * FROM `{prefix}optionfields`');
|
|
$optionFields->execute();
|
|
$optionFields = $optionFields->fetchAll(\PDO::FETCH_ASSOC);
|
|
|
|
$optionValuesRaw = DBv2::prepare('SELECT * FROM `{prefix}user_optionfields` WHERE `user_id` = :user');
|
|
$optionValuesRaw->execute([
|
|
'user' => $this->id,
|
|
]);
|
|
$optionValuesRaw = $optionValuesRaw->fetchAll(\PDO::FETCH_ASSOC);
|
|
|
|
$optionValueKeys = array_map(function ($a) {
|
|
return $a['field_name'];
|
|
}, $optionValuesRaw);
|
|
$optionValueVals = array_map(function ($a) {
|
|
return $a['field_value'];
|
|
}, $optionValuesRaw);
|
|
$optionValues = array_combine($optionValueKeys, $optionValueVals);
|
|
|
|
// Check if anything was returned
|
|
if (!$optionFields || !$optionValues) {
|
|
return $options;
|
|
}
|
|
|
|
// Check if option fields aren't fake
|
|
foreach ($optionFields as $field) {
|
|
// Check if the user has the current field set otherwise continue
|
|
if (!array_key_exists($field['option_id'], $optionValues)) {
|
|
continue;
|
|
}
|
|
|
|
// Make sure the user has the proper permissions to use this option
|
|
if (!$this->permission(constant('Sakura\Perms\Site::' . $field['option_permission']))) {
|
|
continue;
|
|
}
|
|
|
|
// Assign field to output with value
|
|
$options[$field['option_id']] = $optionValues[$field['option_id']];
|
|
}
|
|
|
|
// Assign cache
|
|
$this->optionFields = $options;
|
|
|
|
// Return appropiate option data
|
|
return $options;
|
|
}
|
|
|
|
/**
|
|
* Does this user have premium?
|
|
*
|
|
* @return array Premium status information.
|
|
*/
|
|
public function isPremium()
|
|
{
|
|
|
|
// Check if the user has static premium
|
|
if ($this->permission(Site::STATIC_PREMIUM)) {
|
|
return [2, 0, time() + 1];
|
|
}
|
|
|
|
// Attempt to retrieve the premium record from the database
|
|
$getRecord = DBv2::prepare('SELECT * FROM `{prefix}premium` WHERE `user_id` = :user');
|
|
$getRecord->execute([
|
|
'user' => $this->id,
|
|
]);
|
|
$getRecord = $getRecord->fetch();
|
|
|
|
// If nothing was returned just return false
|
|
if (empty($getRecord)) {
|
|
return [0];
|
|
}
|
|
|
|
// Check if the Tenshi hasn't expired
|
|
if ($getRecord->premium_expire < time()) {
|
|
return [0, $getRecord->premium_start, $getRecord->premium_expire];
|
|
}
|
|
|
|
// Else return the start and expiration date
|
|
return [1, $getRecord->premium_start, $getRecord->premium_expire];
|
|
}
|
|
|
|
/**
|
|
* Get the open warnings on this user.
|
|
*
|
|
* @return array The warnings.
|
|
*/
|
|
public function getWarnings()
|
|
{
|
|
// Do the database query
|
|
$getWarnings = DBv2::prepare('SELECT * FROM `{prefix}warnings` WHERE `user_id` = :user');
|
|
$getWarnings->execute([
|
|
'user' => $this->id,
|
|
]);
|
|
$getWarnings = $getWarnings->fetchAll(\PDO::FETCH_ASSOC);
|
|
|
|
// Storage array
|
|
$warnings = [];
|
|
|
|
// Add special stuff
|
|
foreach ($getWarnings as $warning) {
|
|
// Check if it hasn't expired
|
|
if ($warning['warning_expires'] < time()) {
|
|
DBv2::prepare('DELETE FROM `{prefix}warnings` WHERE `warning_id` = :warn')
|
|
->execute([
|
|
'warn' => $warning['warning_id'],
|
|
]);
|
|
continue;
|
|
}
|
|
|
|
// Text action
|
|
switch ($warning['warning_action']) {
|
|
default:
|
|
case '0':
|
|
$warning['warning_action_text'] = 'Warning';
|
|
break;
|
|
case '1':
|
|
$warning['warning_action_text'] = 'Silence';
|
|
break;
|
|
case '2':
|
|
$warning['warning_action_text'] = 'Restriction';
|
|
break;
|
|
case '3':
|
|
$warning['warning_action_text'] = 'Ban';
|
|
break;
|
|
case '4':
|
|
$warning['warning_action_text'] = 'Abyss';
|
|
break;
|
|
}
|
|
|
|
// Text expiration
|
|
$warning['warning_length'] = round(($warning['warning_expires'] - $warning['warning_issued']) / 60);
|
|
|
|
// Add to array
|
|
$warnings[$warning['warning_id']] = $warning;
|
|
}
|
|
|
|
// Return all the warnings
|
|
return $warnings;
|
|
}
|
|
|
|
/**
|
|
* Parse the user's userpage.
|
|
*
|
|
* @return string The parsed page.
|
|
*/
|
|
public function userPage()
|
|
{
|
|
return BBcode::toHTML(htmlentities($this->page));
|
|
}
|
|
|
|
/**
|
|
* Parse a user's signature
|
|
*
|
|
* @return string The parsed signature.
|
|
*/
|
|
public function signature()
|
|
{
|
|
return BBcode::toHTML(htmlentities($this->signature));
|
|
}
|
|
|
|
/**
|
|
* Get a user's username history.
|
|
*
|
|
* @return array The history.
|
|
*/
|
|
public function getUsernameHistory()
|
|
{
|
|
// Do the database query
|
|
$changes = DBv2::prepare('SELECT * FROM `{prefix}username_history` WHERE `user_id` = :user ORDER BY `change_id` DESC');
|
|
$changes->execute([
|
|
'user' => $this->id,
|
|
]);
|
|
|
|
// Return all the changes
|
|
return $changes->fetchAll(\PDO::FETCH_ASSOC);
|
|
}
|
|
|
|
/**
|
|
* Alter the user's username
|
|
*
|
|
* @param string $username The new username.
|
|
*
|
|
* @return array Status indicator.
|
|
*/
|
|
public function setUsername($username)
|
|
{
|
|
// Create a cleaned version
|
|
$username_clean = Utils::cleanString($username, true);
|
|
|
|
// Check if the username is too short
|
|
if (strlen($username_clean) < Config::get('username_min_length')) {
|
|
return [0, 'TOO_SHORT'];
|
|
}
|
|
|
|
// Check if the username is too long
|
|
if (strlen($username_clean) > Config::get('username_max_length')) {
|
|
return [0, 'TOO_LONG'];
|
|
}
|
|
|
|
// Check if this username hasn't been used in the last amount of days set in the config
|
|
$getOld = DBv2::prepare('SELECT * FROM `{prefix}username_history` WHERE `username_old_clean` = :clean AND `change_time` > :time ORDER BY `change_id` DESC');
|
|
$getOld->execute([
|
|
'clean' => $username_clean,
|
|
'time' => (Config::get('old_username_reserve') * 24 * 60 * 60),
|
|
]);
|
|
$getOld = $getOld->fetch();
|
|
|
|
// Check if anything was returned
|
|
if ($getOld && $getOld->user_id != $this->id) {
|
|
return [0, 'TOO_RECENT', $getOld['change_time']];
|
|
}
|
|
|
|
// Check if the username is already in use
|
|
$getInUse = DBv2::prepare('SELECT * FROM `{prefix}users` WHERE `username_clean` = :clean');
|
|
$getInUse->execute([
|
|
'clean' => $username_clean,
|
|
]);
|
|
$getInUse = $getInUse->fetch();
|
|
|
|
// Check if anything was returned
|
|
if ($getInUse) {
|
|
return [0, 'IN_USE', $getInUse->user_id];
|
|
}
|
|
|
|
// Insert into username_history table
|
|
DBv2::prepare('INSERT INTO `{prefix}username_history` (`change_time`, `user_id`, `username_new`, `username_new_clean`, `username_old`, `username_old_clean`) VALUES (:time, :user, :new, :new_clean, :old, :old_clean)')
|
|
->execute([
|
|
'time' => time(),
|
|
'user' => $this->id,
|
|
'new' => $username,
|
|
'new_clean' => $username_clean,
|
|
'old' => $this->username,
|
|
'old_clean' => $this->usernameClean,
|
|
]);
|
|
|
|
// Update userrow
|
|
DBv2::prepare('UPDATE `{prefix}users` SET `username` = :username, `username_clean` = :clean WHERE `user_id` = :id')
|
|
->execute([
|
|
'username' => $username,
|
|
'clean' => $username_clean,
|
|
'id' => $this->id,
|
|
]);
|
|
|
|
// Return success
|
|
return [1, 'SUCCESS', $username];
|
|
}
|
|
|
|
/**
|
|
* Alter a user's e-mail address
|
|
*
|
|
* @param string $email The new e-mail address.
|
|
*
|
|
* @return array Status indicator.
|
|
*/
|
|
public function setEMailAddress($email)
|
|
{
|
|
// Validate e-mail address
|
|
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
|
return [0, 'INVALID'];
|
|
}
|
|
|
|
// Check if the username is already in use
|
|
$getInUse = DBv2::prepare('SELECT * FROM `{prefix}users` WHERE `email` = :email');
|
|
$getInUse->execute([
|
|
'email' => $email,
|
|
]);
|
|
$getInUse = $getInUse->fetch();
|
|
|
|
// Check if anything was returned
|
|
if ($getInUse) {
|
|
return [0, 'IN_USE', $getInUse->user_id];
|
|
}
|
|
|
|
// Update userrow
|
|
DBv2::prepare('UPDATE `{prefix}users` SET `email` = :email WHERE `user_id` = :id')
|
|
->execute([
|
|
'email' => $email,
|
|
'id' => $this->id,
|
|
]);
|
|
|
|
// Return success
|
|
return [1, 'SUCCESS', $email];
|
|
}
|
|
|
|
/**
|
|
* Change the user's password
|
|
*
|
|
* @param string $old The old password.
|
|
* @param string $new The new password
|
|
* @param string $confirm The new one again.
|
|
*
|
|
* @return array Status indicator.
|
|
*/
|
|
public function setPassword($old, $new, $confirm)
|
|
{
|
|
// Validate password
|
|
switch ($this->passwordAlgo) {
|
|
// Disabled account
|
|
case 'disabled':
|
|
return [0, 'NO_LOGIN'];
|
|
|
|
// Default hashing method
|
|
default:
|
|
if (!Hashing::validatePassword($old, [
|
|
$this->passwordAlgo,
|
|
$this->passwordIter,
|
|
$this->passwordSalt,
|
|
$this->passwordHash,
|
|
])) {
|
|
return [0, 'INCORRECT_PASSWORD', $this->passwordChan];
|
|
}
|
|
|
|
}
|
|
|
|
// Check password entropy
|
|
if (Utils::pwdEntropy($new) < Config::get('min_entropy')) {
|
|
return [0, 'PASS_TOO_SHIT'];
|
|
}
|
|
|
|
// Passwords do not match
|
|
if ($new != $confirm) {
|
|
return [0, 'PASS_NOT_MATCH'];
|
|
}
|
|
|
|
// Create hash
|
|
$password = Hashing::createHash($new);
|
|
|
|
// Update userrow
|
|
DBv2::prepare('UPDATE `{prefix}users` SET `password_hash` = :hash, `password_salt` = :salt, `password_algo` = :algo, `password_iter` = :iter, `password_chan` = :chan WHERE `user_id` = :id')
|
|
->execute([
|
|
'hash' => $password[3],
|
|
'salt' => $password[2],
|
|
'algo' => $password[0],
|
|
'iter' => $password[1],
|
|
'chan' => time(),
|
|
'id' => $this->id,
|
|
]);
|
|
|
|
// Return success
|
|
return [1, 'SUCCESS'];
|
|
}
|
|
}
|