API tools faq
paste
Guest User

Untitled

a guest
May 3rd, 2018
115
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 9.18 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. require_once("Database.php");
  3. require_once("exceptions.php");
  4.  
  5. class User
  6. {
  7.     private $username;
  8.     private $email;
  9.     private $active;
  10.     private $confirmation_string;
  11.     private $symbols;
  12.  
  13.     function __construct($username, $password)
  14.     {
  15.         $this->symbols = Array();
  16.  
  17.         if($this->login($username, $password))
  18.         {
  19.             $this->load_user();
  20.         }
  21.         else
  22.         {
  23.             throw new LoginFailureException("Bad username or password");
  24.         }
  25.     }
  26.  
  27.     private function login($username, $password)
  28.     {
  29.         global $database;
  30.  
  31.         $success = FALSE;
  32.  
  33.         $query = "SELECT username, email, password, active, confirmation_string FROM profiles WHERE username = ?";
  34.  
  35.         if ($statement = $database->connection->prepare($query))
  36.         {
  37.             $statement->bind_param("s", $username);
  38.             $statement->execute();
  39.             $statement->bind_result($username, $email, $password_hash, $active, $confirmation_string);
  40.             $statement->fetch();
  41.  
  42.             $salt = substr($password_hash, 0, 5);
  43.             $hash = substr($password_hash, -40);
  44.             if($hash == sha1($salt . $password))
  45.             {
  46.                 $this->username = $username;
  47.                 $this->email = $email;
  48.                 $this->active = $active;
  49.                 $this->confirmation_string = $confirmation_string;
  50.                 $success = TRUE;
  51.             }
  52.  
  53.             $statement->close();
  54.         }
  55.         else
  56.         {
  57.             throw new QueryException("Malformed query when attempting to log in");
  58.  
  59.         }
  60.  
  61.         return $success;
  62.     }
  63.  
  64.     private function load_user()
  65.     {
  66.         global $database;
  67.  
  68.         $query = "SELECT tracked_stocks.symbol FROM profiles INNER JOIN tracked_stocks ON profiles.id = tracked_stocks.profile_id WHERE profiles.username = ?";
  69.  
  70.         if ($statement = $database->connection->prepare($query))
  71.         {
  72.             $statement->bind_param("s", $this->username);
  73.             $statement->execute();
  74.             $statement->bind_result($symbol);
  75.             while($statement->fetch())
  76.             {
  77.                 $this->symbols[] = $symbol;
  78.             }
  79.             $statement->close();
  80.         }
  81.         else
  82.         {
  83.             throw new QueryException("Malformed query when loading user details");
  84.         }
  85.     }
  86.  
  87.     public function get_username()
  88.     {
  89.         return $this->username;
  90.     }
  91.  
  92.     public function get_email()
  93.     {
  94.         return $this->email;
  95.     }
  96.  
  97.     public function is_active()
  98.     {
  99.         return $this->active;
  100.     }
  101.  
  102.     public static function check_confirmation_string($confirmation_string)
  103.     {
  104.         global $database;
  105.  
  106.         $query = "SELECT username, confirmation_string FROM profiles WHERE confirmation_string = ?";
  107.         if ($statement = $database->connection->prepare($query))
  108.         {
  109.             $statement->bind_param("s", $confirmation_string);
  110.             $statement->execute();
  111.             $statement->bind_result($username, $stored_confirmation);
  112.             $statement->fetch();
  113.             $statement->close();
  114.         }
  115.  
  116.         if($stored_confirmation == $confirmation_string)
  117.         {
  118.             User::set_active($username, TRUE);
  119.             return TRUE;
  120.         }
  121.         else
  122.         {
  123.             return FALSE;
  124.         }
  125.     }
  126.  
  127.     public function get_symbols()
  128.     {
  129.         return $this->symbols;
  130.     }
  131.  
  132.     public function set_password($password)
  133.     {
  134.         global $database;
  135.  
  136.         $salt = rand(10000, 99999);
  137.         $hashed_pass = $salt . sha1($salt . $password);
  138.  
  139.         $query = "UPDATE profiles SET password = ? WHERE username = ?";
  140.         if ($statement = $database->connection->prepare($query))
  141.         {
  142.             $statement->bind_param("ss", $hashed_pass, $this->username);
  143.             $statement->execute();
  144.             $statement->close();
  145.         }
  146.         else
  147.         {
  148.             throw new QueryException("Malformed query when setting password");
  149.         }
  150.     }
  151.  
  152.     public function set_email($email)
  153.     {
  154.         global $database;
  155.  
  156.         $query = "UPDATE profiles SET email = ? WHERE username = ?";
  157.         if ($statement = $database->connection->prepare($query))
  158.         {
  159.             $statement->bind_param("is", $email, $this->username);
  160.             $statement->execute();
  161.             $statement->close();
  162.         }
  163.         else
  164.         {
  165.             throw new QueryException("Malformed query when setting email");
  166.         }
  167.         $this->email = $email;
  168.     }
  169.  
  170.     private static function set_active($username, $active)
  171.     {
  172.         global $database;
  173.  
  174.  
  175.         $query = "UPDATE profiles SET active = ? WHERE username = ?";
  176.         if ($statement = $database->connection->prepare($query))
  177.         {
  178.             $active = $active ? 1 : 0;
  179.             $statement->bind_param("is", $active, $username);
  180.             $statement->execute();
  181.             $statement->close();
  182.         }
  183.         else
  184.         {
  185.             throw new QueryException("Malformed query when setting profile activation");
  186.         }
  187.     }
  188.  
  189.     public static function new_confirmation_string($username)
  190.     {
  191.         global $database;
  192.  
  193.         $confirmation_string = md5(rand());
  194.         $query = "UPDATE profiles SET confirmation_string = ? WHERE username = ?";
  195.         if ($statement = $database->connection->prepare($query))
  196.         {
  197.             $statement->bind_param("is", $confirmation_string, $username);
  198.             $statement->execute();
  199.             $statement->close();
  200.         }
  201.         else
  202.         {
  203.             throw new QueryException("Malformed query when creating a new confirmation string");
  204.         }
  205.         return $confirmation_string;
  206.     }
  207.  
  208.     public function add_symbol($symbol)
  209.     {
  210.         global $database;
  211.  
  212.         if(in_array($symbol, $this->symbols))
  213.         {
  214.             throw new DuplicateSymbolException("Symbol '" . $symbol . "' already exists for user '" . $this->username . "'");
  215.         }
  216.  
  217.         $query = "INSERT INTO tracked_stocks VALUES (null, ?, (SELECT id FROM profiles WHERE username = ?) ) ;";
  218.         if ($statement = $database->connection->prepare($query))
  219.         {
  220.             $statement->bind_param("ss", $symbol, $this->username);
  221.             $statement->execute();
  222.             $statement->close();
  223.         }
  224.         else
  225.         {
  226.             throw new QueryException("Malformed query when adding symbol");
  227.         }
  228.  
  229.         $this->symbols[] = $symbol;
  230.  
  231.     }
  232.  
  233.     public function remove_symbol($symbol)
  234.     {
  235.         global $database;
  236.  
  237.         if(!in_array($symbol, $this->symbols))
  238.         {
  239.             throw new SymbolNotFoundException("Symbol '" . $symbol . "' does not exist for user '" . $this->username . "'");
  240.         }
  241.  
  242.         $query = "DELETE FROM tracked_stocks WHERE symbol = ? AND profile_id = (SELECT id FROM profiles WHERE username = ?);";
  243.         if ($statement = $database->connection->prepare($query))
  244.         {
  245.             $statement->bind_param("ss", $symbol, $this->username);
  246.             $statement->execute();
  247.             $statement->close();
  248.         }
  249.         else
  250.         {
  251.             throw new QueryException("Malformed query when removing symbol");
  252.         }
  253.  
  254.         $this->symbols = array_filter($this->symbols, function($current) use ($symbol) { return $current != $symbol; });
  255.     }
  256.  
  257.     public static function create_profile($username, $password, $email)
  258.     {
  259.         global $database;
  260.  
  261.         $salt = rand(10000, 99999);
  262.         $hashed_pass = $salt . sha1($salt . $password);
  263.  
  264.         $active = 0;
  265.         $confirmation_string = md5(rand());
  266.  
  267.         $query = "INSERT INTO profiles VALUES ( null, ?, ?, ?, ?, ? );";
  268.         if ($statement = $database->connection->prepare($query))
  269.         {
  270.             $statement->bind_param("sssis", $username, $hashed_pass, $email, $active, $confirmation_string);
  271.             if(!$statement->execute())
  272.             {
  273.                 if($statement->errno == 1062)
  274.                 {
  275.                     throw new DuplicateUserException("Username '" . $username . "' already exists");
  276.                 }
  277.                 else
  278.                 {
  279.                     throw new QueryException("Error " . $statement->errno . ": " . $statement->error);
  280.                 }
  281.                 $statement->close();
  282.             }
  283.         }
  284.         else
  285.         {
  286.             throw new QueryException("Malformed query when creating profile");
  287.         }
  288.  
  289.         return $confirmation_string;
  290.     }
  291.  
  292.     public static function delete_profile($username)
  293.     {
  294.         global $database;
  295.  
  296.         $query = "DELETE FROM profiles WHERE profiles.username = ?;";
  297.         if ($statement = $database->connection->prepare($query))
  298.         {
  299.             $statement->bind_param("s", $username);
  300.             $statement->execute();
  301.             if($statement->errno == 0 && $statement->affected_rows == 0)
  302.             {
  303.                 throw new UserNotFoundException("User not found when attempting to delete profile");
  304.             }
  305.  
  306.             $statement->close();
  307.         }
  308.         else
  309.         {
  310.             throw new QueryException("Malformed query when deleting profile");
  311.         }
  312.     }
  313.  
  314. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!