Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require_once("Database.php");
- require_once("exceptions.php");
- class User
- {
- private $username;
- private $email;
- private $active;
- private $confirmation_string;
- private $symbols;
- function __construct($username, $password)
- {
- $this->symbols = Array();
- if($this->login($username, $password))
- {
- $this->load_user();
- }
- else
- {
- throw new LoginFailureException("Bad username or password");
- }
- }
- private function login($username, $password)
- {
- global $database;
- $success = FALSE;
- $query = "SELECT username, email, password, active, confirmation_string FROM profiles WHERE username = ?";
- if ($statement = $database->connection->prepare($query))
- {
- $statement->bind_param("s", $username);
- $statement->execute();
- $statement->bind_result($username, $email, $password_hash, $active, $confirmation_string);
- $statement->fetch();
- $salt = substr($password_hash, 0, 5);
- $hash = substr($password_hash, -40);
- if($hash == sha1($salt . $password))
- {
- $this->username = $username;
- $this->email = $email;
- $this->active = $active;
- $this->confirmation_string = $confirmation_string;
- $success = TRUE;
- }
- $statement->close();
- }
- else
- {
- throw new QueryException("Malformed query when attempting to log in");
- }
- return $success;
- }
- private function load_user()
- {
- global $database;
- $query = "SELECT tracked_stocks.symbol FROM profiles INNER JOIN tracked_stocks ON profiles.id = tracked_stocks.profile_id WHERE profiles.username = ?";
- if ($statement = $database->connection->prepare($query))
- {
- $statement->bind_param("s", $this->username);
- $statement->execute();
- $statement->bind_result($symbol);
- while($statement->fetch())
- {
- $this->symbols[] = $symbol;
- }
- $statement->close();
- }
- else
- {
- throw new QueryException("Malformed query when loading user details");
- }
- }
- public function get_username()
- {
- return $this->username;
- }
- public function get_email()
- {
- return $this->email;
- }
- public function is_active()
- {
- return $this->active;
- }
- public static function check_confirmation_string($confirmation_string)
- {
- global $database;
- $query = "SELECT username, confirmation_string FROM profiles WHERE confirmation_string = ?";
- if ($statement = $database->connection->prepare($query))
- {
- $statement->bind_param("s", $confirmation_string);
- $statement->execute();
- $statement->bind_result($username, $stored_confirmation);
- $statement->fetch();
- $statement->close();
- }
- if($stored_confirmation == $confirmation_string)
- {
- User::set_active($username, TRUE);
- return TRUE;
- }
- else
- {
- return FALSE;
- }
- }
- public function get_symbols()
- {
- return $this->symbols;
- }
- public function set_password($password)
- {
- global $database;
- $salt = rand(10000, 99999);
- $hashed_pass = $salt . sha1($salt . $password);
- $query = "UPDATE profiles SET password = ? WHERE username = ?";
- if ($statement = $database->connection->prepare($query))
- {
- $statement->bind_param("ss", $hashed_pass, $this->username);
- $statement->execute();
- $statement->close();
- }
- else
- {
- throw new QueryException("Malformed query when setting password");
- }
- }
- public function set_email($email)
- {
- global $database;
- $query = "UPDATE profiles SET email = ? WHERE username = ?";
- if ($statement = $database->connection->prepare($query))
- {
- $statement->bind_param("is", $email, $this->username);
- $statement->execute();
- $statement->close();
- }
- else
- {
- throw new QueryException("Malformed query when setting email");
- }
- $this->email = $email;
- }
- private static function set_active($username, $active)
- {
- global $database;
- $query = "UPDATE profiles SET active = ? WHERE username = ?";
- if ($statement = $database->connection->prepare($query))
- {
- $active = $active ? 1 : 0;
- $statement->bind_param("is", $active, $username);
- $statement->execute();
- $statement->close();
- }
- else
- {
- throw new QueryException("Malformed query when setting profile activation");
- }
- }
- public static function new_confirmation_string($username)
- {
- global $database;
- $confirmation_string = md5(rand());
- $query = "UPDATE profiles SET confirmation_string = ? WHERE username = ?";
- if ($statement = $database->connection->prepare($query))
- {
- $statement->bind_param("is", $confirmation_string, $username);
- $statement->execute();
- $statement->close();
- }
- else
- {
- throw new QueryException("Malformed query when creating a new confirmation string");
- }
- return $confirmation_string;
- }
- public function add_symbol($symbol)
- {
- global $database;
- if(in_array($symbol, $this->symbols))
- {
- throw new DuplicateSymbolException("Symbol '" . $symbol . "' already exists for user '" . $this->username . "'");
- }
- $query = "INSERT INTO tracked_stocks VALUES (null, ?, (SELECT id FROM profiles WHERE username = ?) ) ;";
- if ($statement = $database->connection->prepare($query))
- {
- $statement->bind_param("ss", $symbol, $this->username);
- $statement->execute();
- $statement->close();
- }
- else
- {
- throw new QueryException("Malformed query when adding symbol");
- }
- $this->symbols[] = $symbol;
- }
- public function remove_symbol($symbol)
- {
- global $database;
- if(!in_array($symbol, $this->symbols))
- {
- throw new SymbolNotFoundException("Symbol '" . $symbol . "' does not exist for user '" . $this->username . "'");
- }
- $query = "DELETE FROM tracked_stocks WHERE symbol = ? AND profile_id = (SELECT id FROM profiles WHERE username = ?);";
- if ($statement = $database->connection->prepare($query))
- {
- $statement->bind_param("ss", $symbol, $this->username);
- $statement->execute();
- $statement->close();
- }
- else
- {
- throw new QueryException("Malformed query when removing symbol");
- }
- $this->symbols = array_filter($this->symbols, function($current) use ($symbol) { return $current != $symbol; });
- }
- public static function create_profile($username, $password, $email)
- {
- global $database;
- $salt = rand(10000, 99999);
- $hashed_pass = $salt . sha1($salt . $password);
- $active = 0;
- $confirmation_string = md5(rand());
- $query = "INSERT INTO profiles VALUES ( null, ?, ?, ?, ?, ? );";
- if ($statement = $database->connection->prepare($query))
- {
- $statement->bind_param("sssis", $username, $hashed_pass, $email, $active, $confirmation_string);
- if(!$statement->execute())
- {
- if($statement->errno == 1062)
- {
- throw new DuplicateUserException("Username '" . $username . "' already exists");
- }
- else
- {
- throw new QueryException("Error " . $statement->errno . ": " . $statement->error);
- }
- $statement->close();
- }
- }
- else
- {
- throw new QueryException("Malformed query when creating profile");
- }
- return $confirmation_string;
- }
- public static function delete_profile($username)
- {
- global $database;
- $query = "DELETE FROM profiles WHERE profiles.username = ?;";
- if ($statement = $database->connection->prepare($query))
- {
- $statement->bind_param("s", $username);
- $statement->execute();
- if($statement->errno == 0 && $statement->affected_rows == 0)
- {
- throw new UserNotFoundException("User not found when attempting to delete profile");
- }
- $statement->close();
- }
- else
- {
- throw new QueryException("Malformed query when deleting profile");
- }
- }
- }
Add Comment
Please, Sign In to add comment