Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- class User
- {
- function __construct()
- {
- $this->db = new MyPDO("mysql:host=" . DBHOST . ";dbname=" . DBNAME . ";charset=" . DBCHARSET, DBUSER, DBPASS, DBPARAMS);
- }
- public function validateEmail($email){
- $email = filter_var($email, FILTER_SANITIZE_EMAIL);
- return filter_var($email, FILTER_VALIDATE_EMAIL);
- }
- private function guidv4($data) {
- // obtained from StackOverflow
- // http://stackoverflow.com/questions/2040240/php-function-to-generate-v4-uuid
- // usage: echo guidv4(openssl_random_pseudo_bytes(16));
- assert(strlen($data) == 16);
- $data[6] = chr(ord($data[6]) & 0x0f | 0x40); // set version to 0100
- $data[8] = chr(ord($data[8]) & 0x3f | 0x80); // set bits 6-7 to 10
- return vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($data), 4));
- }
- private function checkPasswordLength($password){
- return strlen($password);
- }
- private function doPasswordsMatch($password, $verify) {
- return $password == $verify;
- }
- private function hashPassword($password){
- return password_hash($password, PASSWORD_DEFAULT);
- }
- private function doesUserExist($email){
- return $this->db->run("SELECT id FROM users WHERE email = ?", [$email])->rowCount();
- }
- public function getUserValidationKey($email){
- return $this->db->run("SELECT validation_key FROM users WHERE email = ?", [$email])->fetch();
- }
- public function validateUser($email, $password, $verify){
- if ($this->doesUserExist($email) == 1) {
- $error = "email already exists";
- } elseif ($this->validateEmail($email) === false) {
- $error = "email not valid";
- } elseif ($this->doPasswordsMatch($password, $verify) === false) {
- $error = "passwords didn't match";
- } elseif ($this->checkPasswordLength($password) < 6) {
- $error = "password must be 6 or more characters";
- }
- if (isset($error)) {
- $_SESSION['message'] = $error;
- $_SESSION['message-type'] = 'error';
- return false;
- }
- return true;
- }
- public function activateUserByKey($key) {
- return $this->db->run("UPDATE users SET validated = 1 WHERE validation_key = ?", [$key])->rowCount();
- }
- public function createUser($email, $password){
- $email = $this->validateEmail($email);
- $hash = $this->hashPassword($password);
- $uuid = $this->guidv4(openssl_random_pseudo_bytes(16));
- if($this->db->run("INSERT INTO users (email, password, validation_key) VALUES (?, ?, ?)", [$email, $hash, $uuid])) {
- return true;
- }
- // should log an error somewhere if this fails
- return false;
- }
- public function userLogin($username, $password) {
- $user = $this->db->run("SELECT id, email, name, password, is_admin FROM users WHERE email = ? LIMIT 1", [$username])->fetch();
- if (password_verify($password, $user['password']) == true) {
- $_SESSION['user_id'] = $user['id'];
- $_SESSION['name'] = $user['name'];
- $_SESSION['email'] = $user['email'];
- $_SESSION['is_admin'] = $user['is_admin'];
- $_SESSION['message'] = "You have been logged in";
- $_SESSION['message-type'] = "info";
- $result = true;
- } else {
- $_SESSION['user_id'] = 0;
- $_SESSION['name'] = 0;
- $_SESSION['email'] = 0;
- $_SESSION['is_admin'] = 0;
- $_SESSION['message'] = "The username/password combination you provided could not be found";
- $_SESSION['message-type'] = "error";
- $result = false;
- }
- return $result;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement