jilo-web/app/classes/user.php

<?php

class User {
    private $db;

    public function __construct($database) {
        $this->db = $database->getConnection();
    }

    // registration
    public function register($username, $password) {
        $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
        $query = $this->db->prepare("INSERT INTO users (username, password) VALUES (:username, :password)");
        $query->bindParam(':username', $username);
        $query->bindParam(':password', $hashedPassword);

        return $query->execute();
    }

    // login
    public function login($username, $password) {
        $query = $this->db->prepare("SELECT * FROM  users WHERE username = :username");
        $query->bindParam(':username', $username);
        $query->execute();

        $user = $query->fetch(PDO::FETCH_ASSOC);
        if ( $user && password_verify($password, $user['password'])) {
            $_SESSION['user_id'] = $user['id'];
            $_SESSION['username'] = $user['username'];
            return true;
        } else {
            return false;
        }
    }

    // get user ID from username
    // FIXME not used now?
    public function getUserId($username) {
        $sql = 'SELECT id FROM users WHERE username = :username';
        $query = $this->db->prepare($sql);
        $query->bindParam(':username', $username);

        $query->execute();

        return $query->fetchAll(PDO::FETCH_ASSOC);

    }

    // get user details
    public function getUserDetails($user_id) {
        $sql = 'SELECT
                    um.*,
                    u.username
                FROM
                    users_meta um
                LEFT JOIN users u
                    ON um.user_id = u.id
                WHERE
                    u.id = :user_id';

        $query = $this->db->prepare($sql);
        $query->execute([
            ':user_id'		=> $user_id,
        ]);

        return $query->fetchAll(PDO::FETCH_ASSOC);

    }

    // add user right
    public function addUserRight($user_id, $right_id) {
        $sql = 'INSERT INTO users_rights
                    (user_id, right_id)
                VALUES
                    (:user_id, :right_id)';
        $query = $this->db->prepare($sql);
        $query->execute([
            ':user_id'		=> $user_id,
            ':right_id'		=> $right_id,
        ]);
    }

    // remove user right
    public function removeUserRight($user_id, $right_id) {
        $sql = 'DELETE FROM users_rights
                WHERE
                    user_id = :user_id
                AND
                    right_id = :right_id';
        $query = $this->db->prepare($sql);
        $query->execute([
            ':user_id'		=> $user_id,
            ':right_id'		=> $right_id,
        ]);
    }

    // get all rights
    public function getAllRights() {
        $sql = 'SELECT
                    id AS right_id,
                    name AS right_name
                FROM rights
                ORDER BY id ASC';
        $query = $this->db->prepare($sql);
        $query->execute();

        return $query->fetchAll(PDO::FETCH_ASSOC);

    }

    // get user rights
    public function getUserRights($user_id) {
        $sql = 'SELECT
                    u.id AS user_id,
                    r.id AS right_id,
                    r.name AS right_name
                FROM
                    users u
                    LEFT JOIN users_rights ur
                        ON u.id = ur.user_id
                    LEFT JOIN rights r
                        ON ur.right_id = r.id
                WHERE
                    u.id = :user_id';

        $query = $this->db->prepare($sql);
        $query->execute([
            ':user_id'		=> $user_id,
        ]);

        $result = $query->fetchAll(PDO::FETCH_ASSOC);

        // ensure specific entries are included in the result
        $specialEntries = [];

        // user 1 is always superuser
        if ($user_id == 1) {
            $specialEntries = [
                [
                    'user_id' => 1,
                    'right_id' => 1,
                    'right_name' => 'superuser'
                ]
            ];

        // user 2 is always demo
        } elseif ($user_id == 2) {
            $specialEntries = [
                [
                    'user_id' => 2,
                    'right_id' => 100,
                    'right_name' => 'demo user'
                ]
            ];
        }

        // merge the special entries with the existing results
        $result = array_merge($specialEntries, $result);
        // remove duplicates if necessary
        $result = array_unique($result, SORT_REGULAR);

        // return the modified result
        return $result;

    }

    // update an existing user
    public function editUser($user_id, $updatedUser) {
        try {
            $sql = 'UPDATE users_meta SET
                        name = :name,
                        email = :email,
                        bio = :bio
                    WHERE user_id = :user_id';
            $query = $this->db->prepare($sql);
            $query->execute([
                ':user_id'	=> $user_id,
                ':name'		=> $updatedUser['name'],
                ':email'	=> $updatedUser['email'],
                ':bio'		=> $updatedUser['bio']
            ]);

            return true;

        } catch (Exception $e) {
            return $e->getMessage();
        }

    }

    // remove an avatar
    public function removeAvatar($user_id, $old_avatar = '') {
        try {
            // remove from database
            $sql = 'UPDATE users_meta SET
                        avatar = NULL
                    WHERE user_id = :user_id';
            $query = $this->db->prepare($sql);
            $query->execute([
                ':user_id'	=> $user_id,
            ]);

            // delete the old avatar file
            if ($old_avatar && file_exists($old_avatar)) {
                unlink($old_avatar);
            }

            return true;

        } catch (Exception $e) {
            return $e->getMessage();
        }

    }

    // change an avatar
    public function changeAvatar($user_id, $avatar_file, $avatars_path) {
        try {
            // check if the file was uploaded
            if (isset($avatar_file) && $avatar_file['error'] === UPLOAD_ERR_OK) {
                $fileTmpPath = $avatar_file['tmp_name'];
                $fileName = $avatar_file['name'];
                $fileExtension = strtolower(pathinfo($fileName, PATHINFO_EXTENSION));

                // validate file extension
                if (in_array($fileExtension, ['jpg', 'png', 'jpeg'])) {
                    $newFileName = md5(time() . $fileName) . '.' . $fileExtension;
                    $dest_path = $avatars_path . $newFileName;

                    // move the file to avatars folder
                    if (move_uploaded_file($fileTmpPath, $dest_path)) {
                        try {
                            // update user's avatar path in DB
                            $sql = 'UPDATE users_meta SET
                                        avatar = :avatar
                                    WHERE user_id = :user_id';
                            $query = $this->db->prepare($sql);
                            $query->execute([
                                ':avatar' => $newFileName,
                                ':user_id' => $user_id
                            ]);
                            // all went OK
                            $_SESSION['notice'] .= 'Avatar updated successfully. ';
                            return true;
                        } catch (Exception $e) {
                            return $e->getMessage();
                        }
                    } else {
                        $_SESSION['error'] .= 'Error moving the uploaded file. ';
                    }
                } else {
                    $_SESSION['error'] .= 'Invalid avatar file type. ';
                }
            } else {
                $_SESSION['error'] .= 'Error uploading the avatar file. ';
            }

        } catch (Exception $e) {
            return $e->getMessage();
        }
    }

}

?>
Initial code, moved here from the "jilo" repo. 2024-06-28 17:05:32 +00:00			`<?php`

			`class User {`
			`private $db;`

			`public function __construct($database) {`
			`$this->db = $database->getConnection();`
			`}`

Adds note to implement mysql/mariadb option 2024-07-03 10:47:30 +00:00			`// registration`
Initial code, moved here from the "jilo" repo. 2024-06-28 17:05:32 +00:00			`public function register($username, $password) {`
			`$hashedPassword = password_hash($password, PASSWORD_DEFAULT);`
			`$query = $this->db->prepare("INSERT INTO users (username, password) VALUES (:username, :password)");`
			`$query->bindParam(':username', $username);`
			`$query->bindParam(':password', $hashedPassword);`

			`return $query->execute();`
			`}`

Adds note to implement mysql/mariadb option 2024-07-03 10:47:30 +00:00			`// login`
Initial code, moved here from the "jilo" repo. 2024-06-28 17:05:32 +00:00			`public function login($username, $password) {`
			`$query = $this->db->prepare("SELECT * FROM users WHERE username = :username");`
			`$query->bindParam(':username', $username);`
			`$query->execute();`

			`$user = $query->fetch(PDO::FETCH_ASSOC);`
			`if ( $user && password_verify($password, $user['password'])) {`
			`$_SESSION['user_id'] = $user['id'];`
			`$_SESSION['username'] = $user['username'];`
			`return true;`
			`} else {`
			`return false;`
			`}`
			`}`

Enhances the user profile 2024-09-07 20:05:22 +00:00			`// get user ID from username`
			`// FIXME not used now?`
			`public function getUserId($username) {`
			`$sql = 'SELECT id FROM users WHERE username = :username';`
			`$query = $this->db->prepare($sql);`
			`$query->bindParam(':username', $username);`

			`$query->execute();`

			`return $query->fetchAll(PDO::FETCH_ASSOC);`

			`}`
Adds basic profile editing 2024-09-08 10:48:21 +00:00
Enhances the user profile 2024-09-07 20:05:22 +00:00			`// get user details`
Adds initial support for user rights 2024-09-11 13:21:05 +00:00			`public function getUserDetails($user_id) {`
			`$sql = 'SELECT`
			`um.*,`
			`u.username`
			`FROM`
			`users_meta um`
Makes minor fixes to the rights management 2024-09-12 08:54:57 +00:00			`LEFT JOIN users u`
			`ON um.user_id = u.id`
Adds initial support for user rights 2024-09-11 13:21:05 +00:00			`WHERE`
			`u.id = :user_id';`

			`$query = $this->db->prepare($sql);`
			`$query->execute([`
			`':user_id' => $user_id,`
			`]);`

			`return $query->fetchAll(PDO::FETCH_ASSOC);`

			`}`

Adds user rights editing feature 2024-09-11 19:51:46 +00:00			`// add user right`
			`public function addUserRight($user_id, $right_id) {`
			`$sql = 'INSERT INTO users_rights`
Makes minor fixes to the rights management 2024-09-12 08:54:57 +00:00			`(user_id, right_id)`
Adds user rights editing feature 2024-09-11 19:51:46 +00:00			`VALUES`
Makes minor fixes to the rights management 2024-09-12 08:54:57 +00:00			`(:user_id, :right_id)';`
Adds user rights editing feature 2024-09-11 19:51:46 +00:00			`$query = $this->db->prepare($sql);`
			`$query->execute([`
			`':user_id' => $user_id,`
			`':right_id' => $right_id,`
			`]);`
			`}`

			`// remove user right`
			`public function removeUserRight($user_id, $right_id) {`
			`$sql = 'DELETE FROM users_rights`
			`WHERE`
			`user_id = :user_id`
			`AND`
			`right_id = :right_id';`
			`$query = $this->db->prepare($sql);`
			`$query->execute([`
			`':user_id' => $user_id,`
			`':right_id' => $right_id,`
			`]);`
			`}`

			`// get all rights`
			`public function getAllRights() {`
			`$sql = 'SELECT`
			`id AS right_id,`
Makes minor fixes to the rights management 2024-09-12 08:54:57 +00:00			`name AS right_name`
			`FROM rights`
			`ORDER BY id ASC';`
Adds user rights editing feature 2024-09-11 19:51:46 +00:00			`$query = $this->db->prepare($sql);`
			`$query->execute();`

			`return $query->fetchAll(PDO::FETCH_ASSOC);`

			`}`

Adds initial support for user rights 2024-09-11 13:21:05 +00:00			`// get user rights`
			`public function getUserRights($user_id) {`
			`$sql = 'SELECT`
			`u.id AS user_id,`
Adds user rights editing feature 2024-09-11 19:51:46 +00:00			`r.id AS right_id,`
Makes minor fixes to the rights management 2024-09-12 08:54:57 +00:00			`r.name AS right_name`
Adds initial support for user rights 2024-09-11 13:21:05 +00:00			`FROM`
			`users u`
			`LEFT JOIN users_rights ur`
			`ON u.id = ur.user_id`
			`LEFT JOIN rights r`
			`ON ur.right_id = r.id`
			`WHERE`
Makes minor fixes to the rights management 2024-09-12 08:54:57 +00:00			`u.id = :user_id';`
Adds initial support for user rights 2024-09-11 13:21:05 +00:00
Enhances the user profile 2024-09-07 20:05:22 +00:00			`$query = $this->db->prepare($sql);`
			`$query->execute([`
Adds initial support for user rights 2024-09-11 13:21:05 +00:00			`':user_id' => $user_id,`
Enhances the user profile 2024-09-07 20:05:22 +00:00			`]);`

User 1 is always superuser, User 2 is always demo 2024-09-12 09:28:02 +00:00			`$result = $query->fetchAll(PDO::FETCH_ASSOC);`

			`// ensure specific entries are included in the result`
			`$specialEntries = [];`

			`// user 1 is always superuser`
			`if ($user_id == 1) {`
			`$specialEntries = [`
			`[`
			`'user_id' => 1,`
			`'right_id' => 1,`
			`'right_name' => 'superuser'`
			`]`
			`];`

			`// user 2 is always demo`
			`} elseif ($user_id == 2) {`
			`$specialEntries = [`
			`[`
			`'user_id' => 2,`
			`'right_id' => 100,`
			`'right_name' => 'demo user'`
			`]`
			`];`
			`}`

			`// merge the special entries with the existing results`
			`$result = array_merge($specialEntries, $result);`
			`// remove duplicates if necessary`
			`$result = array_unique($result, SORT_REGULAR);`

			`// return the modified result`
			`return $result;`
Enhances the user profile 2024-09-07 20:05:22 +00:00
			`}`

Adds basic profile editing 2024-09-08 10:48:21 +00:00			`// update an existing user`
			`public function editUser($user_id, $updatedUser) {`
			`try {`
			`$sql = 'UPDATE users_meta SET`
			`name = :name,`
			`email = :email,`
			`bio = :bio`
			`WHERE user_id = :user_id';`
			`$query = $this->db->prepare($sql);`
			`$query->execute([`
			`':user_id' => $user_id,`
			`':name' => $updatedUser['name'],`
			`':email' => $updatedUser['email'],`
			`':bio' => $updatedUser['bio']`
			`]);`

			`return true;`

			`} catch (Exception $e) {`
			`return $e->getMessage();`
			`}`

			`}`

Adds user avatar management 2024-09-09 12:20:21 +00:00			`// remove an avatar`
			`public function removeAvatar($user_id, $old_avatar = '') {`
			`try {`
			`// remove from database`
			`$sql = 'UPDATE users_meta SET`
			`avatar = NULL`
			`WHERE user_id = :user_id';`
			`$query = $this->db->prepare($sql);`
			`$query->execute([`
			`':user_id' => $user_id,`
			`]);`

			`// delete the old avatar file`
			`if ($old_avatar && file_exists($old_avatar)) {`
			`unlink($old_avatar);`
			`}`

			`return true;`

			`} catch (Exception $e) {`
			`return $e->getMessage();`
			`}`

			`}`

			`// change an avatar`
			`public function changeAvatar($user_id, $avatar_file, $avatars_path) {`
			`try {`
			`// check if the file was uploaded`
			`if (isset($avatar_file) && $avatar_file['error'] === UPLOAD_ERR_OK) {`
			`$fileTmpPath = $avatar_file['tmp_name'];`
			`$fileName = $avatar_file['name'];`
			`$fileExtension = strtolower(pathinfo($fileName, PATHINFO_EXTENSION));`

			`// validate file extension`
			`if (in_array($fileExtension, ['jpg', 'png', 'jpeg'])) {`
			`$newFileName = md5(time() . $fileName) . '.' . $fileExtension;`
			`$dest_path = $avatars_path . $newFileName;`

			`// move the file to avatars folder`
			`if (move_uploaded_file($fileTmpPath, $dest_path)) {`
			`try {`
			`// update user's avatar path in DB`
			`$sql = 'UPDATE users_meta SET`
			`avatar = :avatar`
			`WHERE user_id = :user_id';`
			`$query = $this->db->prepare($sql);`
			`$query->execute([`
			`':avatar' => $newFileName,`
			`':user_id' => $user_id`
			`]);`
			`// all went OK`
Streamlines the avatar management 2024-09-10 11:05:38 +00:00			`$_SESSION['notice'] .= 'Avatar updated successfully. ';`
Adds user avatar management 2024-09-09 12:20:21 +00:00			`return true;`
			`} catch (Exception $e) {`
			`return $e->getMessage();`
			`}`
			`} else {`
Streamlines the avatar management 2024-09-10 11:05:38 +00:00			`$_SESSION['error'] .= 'Error moving the uploaded file. ';`
Adds user avatar management 2024-09-09 12:20:21 +00:00			`}`
			`} else {`
Streamlines the avatar management 2024-09-10 11:05:38 +00:00			`$_SESSION['error'] .= 'Invalid avatar file type. ';`
Adds user avatar management 2024-09-09 12:20:21 +00:00			`}`
			`} else {`
Streamlines the avatar management 2024-09-10 11:05:38 +00:00			`$_SESSION['error'] .= 'Error uploading the avatar file. ';`
Adds user avatar management 2024-09-09 12:20:21 +00:00			`}`

			`} catch (Exception $e) {`
			`return $e->getMessage();`
			`}`
			`}`

Initial code, moved here from the "jilo" repo. 2024-06-28 17:05:32 +00:00			`}`

			`?>`