Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- class Authorizer {
- public function __construct() {
- /* pass */
- }
- public function login( $username, $password, $expires = 1800 /* 30 minutes */ ) {
- global $g_database;
- $db = $g_database->handler();
- // check if already logged in:
- $sql = $db->prepare( 'SELECT COUNT(*) FROM user_salts WHERE expires >= :t AND session_salt = :s' );
- $sql->bindParam( ':t', time() );
- $sql->bindParam( ':s', session_id() );
- $sql->execute();
- $x = $sql->fetch();
- if( $x["COUNT(*)"] > 0 ) return FALSE;
- $sql = $db->prepare( 'SELECT id FROM users WHERE db_username = :uname AND password = :pass LIMIT 1' );
- if( !class_exists( 'VirtualTools' ) ) require_once DIRECTORY_GLOBALS . 'VirtualTools.php';
- $sql->bindParam( ':uname', Tools::forDatabase( $username ), PDO::PARAM_STR );
- $sql->bindParam( ':pass', sha1( $password ), PDO::PARAM_STR );
- $sql->execute();
- if( ($row = $sql->fetch( PDO::FETCH_NUM )) && $row !== FALSE ) {
- try {
- $db->beginTransaction();
- $sql = $db->prepare( 'INSERT INTO user_salts VALUES( NULL, :ssid, :uid, :phash, :expires )' );
- $ssid = session_id();
- $uid = $row[0];
- $phash = sha1( $password );
- $expires = time() + $expires;
- $sql->bindParam( ':ssid', $ssid );
- $sql->bindParam( ':uid', $uid, PDO::PARAM_INT );
- $sql->bindParam( ':phash', $phash );
- $sql->bindParam( ':expires', $expires );
- $sql->execute();
- $db->commit();
- }
- catch( PDOException $e ) {
- $db->rollBack();
- throw new GlobalException( 'failed to add an user salt: ' . $e->getMessage() );
- return FALSE;
- }
- }
- return TRUE;
- }
- public function logout() {
- global $g_database;
- $db = $g_database->handler();
- try {
- $db->beginTransaction();
- $sql = $db->prepare( 'DELETE FROM user_salts WHERE session_salt = :ssid' );
- $sql->bindParam( ':ssid', session_id() );
- $sql->execute();
- $db->commit();
- }
- catch( PDOException $e ) {
- $db->rollBack();
- throw new GlobalException( 'failed to logout: ' . $e->getMessage() );
- return FALSE;
- }
- return TRUE;
- }
- public function user() {
- global $g_database;
- $db = $g_database->handler();
- $sql = $db->prepare( 'SELECT * FROM user_salts WHERE session_salt = :ssid AND expires >= :t ORDER BY expires DESC' );
- $sql->bindParam( ':ssid', session_id() );
- $sql->bindParam( ':t', time() );
- $sql->execute();
- $result = $sql->fetch( PDO::FETCH_ASSOC );
- if( $result !== FALSE ) {
- $recheck = $db->prepare( 'SELECT COUNT(*) FROM users WHERE password = :p AND id = :i' );
- $recheck->bindParam( ':p', $result['phash'] );
- $recheck->bindParam( ':i', $result['uid'] );
- $recheck->execute();
- $recheck = $recheck->fetch();
- if( $recheck["COUNT(*)"] > 0 ) return new User( $result['uid'] );
- }
- else return NULL;
- }
- }
- class User {
- protected $data;
- public static function get($id) { return new User($id); }
- public function __construct( $id ) {
- global $g_database;
- $db = $g_database->handler();
- $sql = $db->prepare( "SELECT * FROM users WHERE id = :id" );
- $sql->bindParam( "id", intval( $id ), PDO::PARAM_INT );
- $sql->execute();
- $result = $sql->fetch( PDO::FETCH_ASSOC );
- if( $result === FALSE ) return NULL;
- else foreach( $result as $key => $value ) $this->data[$key] = $value;
- $sql = $db->prepare( "SELECT * FROM user_properties WHERE user_id = :id" );
- $sql->bindParam( ":id", $result['id'], PDO::PARAM_INT );
- $sql->execute();
- $result = $sql->fetchAll( PDO::FETCH_ASSOC );
- foreach( $result as $res ) {
- $this->data[$res['property']] = $res['value'];
- }
- }
- public function __get( $attr ) {
- $attr = strtolower( $attr );
- if( !isSet( $this->data[$attr] ) ) {
- return NULL;
- }
- else return $this->data[$attr];
- }
- public function __set( $attr, $value ) {
- $attr = strtolower( $attr );
- $inUserVars = Array( 'id', 'password', 'db_username', 'username' );
- if( !in_array( $attr, $inUserVars ) ) {
- global $g_database;
- $db = $g_database->handler();
- try {
- $db->beginTransaction();
- if( isSet( $this->data[$attr] ) ) {
- $this->data[ $attr ] = $value;
- $sql = $db->prepare( 'UPDATE user_properties SET value = :v WHERE property = :p AND user_id = :i' );
- $sql->execute( Array( ':v' => $this->data[ $attr ], ':p' => $attr, ':i' => $this->data['id'] ) );
- }
- else {
- $this->data[ $attr ] = $value;
- $sql = $db->prepare( 'INSERT INTO user_properties VALUES( NULL, :uid, :prop, :val )' );
- $sql->execute( Array( ':uid' => $this->data['id'], ':prop' => $attr, ':val' => $this->data[$attr] ) );
- }
- $db->commit();
- }
- catch( PDOException $e ) {
- $db->rollBack();
- throw new GlobalException( 'failed to change an user property: '. $e->getMessage() );
- return FALSE;
- }
- }
- else return FALSE;
- return TRUE;
- }
- public function setPassword( $password ) {
- $this->data[ 'password' ] = sha1($password);
- global $g_database;
- $db = $g_database->handler();
- try {
- $db->beginTransaction();
- $sql = $db->prepare( 'UPDATE users SET password = :u WHERE id = :i' );
- $sql->execute( Array( ':u' => sha1($password), ':i' => $this->data['id'] ) );
- $db->commit();
- }
- catch( PDOException $e ) {
- $db->rollBack();
- throw new GlobalException( 'failed to set a password: ' . $e->getMessage() );
- return FALSE;
- }
- return TRUE;
- }
- public function setUsername( $username ) {
- $this->data[ 'username' ] = $username;
- global $g_database;
- $db = $g_database->handler();
- try {
- $db->beginTransaction();
- $sql = $db->prepare( 'UPDATE users SET username = :u WHERE id = :i' );
- $sql->execute( Array( ':u' => $username, ':i' => $this->data['id'] ) );
- $db->commit();
- }
- catch( PDOException $e ) {
- $db->rollBack();
- throw new GlobalException( 'failed to set an user name' . $e->getMessage() );
- return FALSE;
- }
- return TRUE;
- }
- public static function create( $userName, $userPassword ) {
- global $g_database;
- $db = $g_database->handler();
- $db_name = Tools::forDatabase( $userName );
- $pass = sha1( $userPassword );
- // checking if user already exists...
- $sql = $db->prepare( 'SELECT id FROM users WHERE db_username = :dbu' );
- $sql->bindParam( ':dbu', $db_name, PDO::PARAM_STR );
- $sql->execute();
- $x = $sql->fetch();
- if( $x !== FALSE ) {
- throw new GlobalException( 'user already exists' );
- return NULL;
- }
- try {
- $db->beginTransaction();
- $sql = $db->prepare( 'INSERT INTO users VALUES( NULL, :uname, :uname_db, :pass )' );
- $sql->bindParam( ':uname', $userName );
- $sql->bindParam( ':uname_db', $db_name );
- $sql->bindParam( ':pass', $pass );
- $sql->execute();
- $db->commit();
- }
- catch( PDOException $e ) {
- $db->rollBack();
- throw new GlobalException( 'failed to create an user: ' . $e->getMessage() );
- return NULL;
- }
- $selected = $db->prepare( 'SELECT id FROM users WHERE db_username = ?' );
- $selected->execute( Array( Tools::forDatabase( $userName ) ) );
- $selected = $selected->fetch( PDO::FETCH_NUM );
- if( !empty( $selected ) ) return new User( $selected[0] );
- else return NULL;
- }
- public function delete() {
- global $g_database;
- $db = $g_database->handler();
- $sql_user = $db->prepare( 'DELETE FROM users WHERE id = ?' );
- $sql_user->execute( Array( $this->id ) );
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement