2022-08-12 20:46:43 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace main;
|
|
|
|
|
|
|
|
|
|
use Exception;
|
|
|
|
|
use SQLite3;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Manages interaction with the database in the context of users.
|
|
|
|
|
*/
|
|
|
|
|
class UserManager
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* @var string The filename of the database to interact with.
|
|
|
|
|
*/
|
|
|
|
|
private string $db_filename;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Constructs a new user manager.
|
|
|
|
|
*
|
|
|
|
|
* @param string $db_filename the filename of the database to interact with
|
|
|
|
|
*/
|
|
|
|
|
public function __construct(string $db_filename)
|
|
|
|
|
{
|
|
|
|
|
$this->db_filename = $db_filename;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2022-08-14 12:31:47 +02:00
|
|
|
/**
|
|
|
|
|
* Populates the database with the necessary structures for users.
|
|
|
|
|
*
|
|
|
|
|
* @return void
|
|
|
|
|
*/
|
|
|
|
|
public function install(): void
|
|
|
|
|
{
|
|
|
|
|
$db = new SQLite3($this->db_filename, SQLITE3_OPEN_READWRITE);
|
|
|
|
|
$db->exec("CREATE TABLE users(uuid text primary key not null, email text not null, password text not null);");
|
|
|
|
|
$db->close();
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-12 20:46:43 +02:00
|
|
|
/**
|
|
|
|
|
* Registers a new user.
|
|
|
|
|
*
|
|
|
|
|
* @param string $email The user-submitted email address.
|
|
|
|
|
* @param string $password The user-submitted password.
|
|
|
|
|
* @param string $password_confirm The user-submitted password confirmation.
|
|
|
|
|
* @return Response a response with message `null` if the user was registered, or a response with a message
|
|
|
|
|
* explaining what went wrong otherwise
|
|
|
|
|
*/
|
|
|
|
|
public function register(string $email, string $password, string $password_confirm): Response
|
|
|
|
|
{
|
|
|
|
|
// TODO: Limit email address length, and also other lengths!
|
|
|
|
|
// Validate
|
2022-08-14 14:14:25 +02:00
|
|
|
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL))
|
2022-08-12 20:46:43 +02:00
|
|
|
return new Response("Invalid email address.", false);
|
2022-08-14 14:14:25 +02:00
|
|
|
if (strlen($password) < 8)
|
2022-08-12 20:46:43 +02:00
|
|
|
return new Response("Your password should be at least 8 characters long.", false);
|
2022-08-14 14:14:25 +02:00
|
|
|
if ($password !== $password_confirm)
|
2022-08-12 20:46:43 +02:00
|
|
|
return new Response("Passwords do not match.", false);
|
|
|
|
|
|
|
|
|
|
// Open DB
|
|
|
|
|
$db = new SQLite3($this->db_filename, SQLITE3_OPEN_READWRITE);
|
|
|
|
|
$db->exec("BEGIN;");
|
|
|
|
|
|
|
|
|
|
// Check if email address is already in use
|
|
|
|
|
$stmt = $db->prepare("SELECT 1 FROM users WHERE email=:email;");
|
|
|
|
|
$stmt->bindValue(":email", $email);
|
|
|
|
|
$email_available = $stmt->execute()->fetchArray(SQLITE3_ASSOC) === false;
|
|
|
|
|
if (!$email_available) {
|
|
|
|
|
$db->exec("COMMIT;");
|
|
|
|
|
$db->close();
|
|
|
|
|
return new Response("Email address already in use.", false);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Generate UUID
|
|
|
|
|
try {
|
|
|
|
|
$uuid = bin2hex(random_bytes(16));
|
|
|
|
|
} catch (Exception) {
|
|
|
|
|
$db->exec("COMMIT;");
|
|
|
|
|
$db->close();
|
|
|
|
|
return new Response("Failed to generate UUID.", false);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Register user
|
|
|
|
|
$stmt = $db->prepare("INSERT INTO users (uuid, email, password) VALUES (:uuid, :email, :password);");
|
|
|
|
|
$stmt->bindValue(":uuid", $uuid);
|
|
|
|
|
$stmt->bindValue(":email", $email);
|
|
|
|
|
$stmt->bindValue(":password", password_hash($password, PASSWORD_DEFAULT));
|
|
|
|
|
$user_registered = $stmt->execute() !== false;
|
|
|
|
|
/** @noinspection PhpIfWithCommonPartsInspection Easier to read this way */
|
|
|
|
|
if (!$user_registered) {
|
|
|
|
|
$db->exec("COMMIT;");
|
|
|
|
|
$db->close();
|
|
|
|
|
return new Response("Unknown database error.", false);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Respond
|
|
|
|
|
$db->exec("COMMIT;");
|
|
|
|
|
$db->close();
|
|
|
|
|
|
|
|
|
|
return new Response(null, true);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Deletes the user with the given UUID.
|
|
|
|
|
*
|
|
|
|
|
* @param string $uuid the UUID of the user to delete
|
|
|
|
|
* @return Response a response with message `null` if the user was deleted, or a response with a message explaining
|
|
|
|
|
* what went wrong otherwise
|
|
|
|
|
*/
|
|
|
|
|
public function delete(string $uuid): Response
|
|
|
|
|
{
|
|
|
|
|
$db = new SQLite3($this->db_filename, SQLITE3_OPEN_READWRITE);
|
|
|
|
|
$stmt = $db->prepare("DELETE FROM users WHERE uuid=:uuid;");
|
|
|
|
|
$stmt->bindValue(":uuid", $uuid);
|
|
|
|
|
$result = $stmt->execute();
|
|
|
|
|
$db->close();
|
|
|
|
|
|
2022-08-14 14:14:25 +02:00
|
|
|
if ($result === false)
|
2022-08-12 20:46:43 +02:00
|
|
|
return new Response("Failed to delete user.", false);
|
|
|
|
|
return new Response(null, true);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Validates a login attempt with the given email address and password.
|
|
|
|
|
*
|
|
|
|
|
* @param string $email the email address of the user whose password should be checked
|
|
|
|
|
* @param string $password the password to check against the specified user
|
|
|
|
|
* @return array the first element is a response with message `null` if the login was successful, or a response with
|
|
|
|
|
* a message explaining what went wrong otherwise; the second element is the UUID of the user that was logged in as,
|
|
|
|
|
* or `null` if the login should not be performed
|
|
|
|
|
*/
|
|
|
|
|
public function check_login(string $email, string $password): array
|
|
|
|
|
{
|
2022-08-14 12:31:47 +02:00
|
|
|
$db = new SQLite3($this->db_filename, SQLITE3_OPEN_READONLY);
|
|
|
|
|
$stmt = $db->prepare("SELECT uuid, password FROM users WHERE email=:email;");
|
|
|
|
|
$stmt->bindValue(":email", $email);
|
|
|
|
|
$user = $stmt->execute()->fetchArray(SQLITE3_ASSOC);
|
|
|
|
|
$db->close();
|
2022-08-12 20:46:43 +02:00
|
|
|
|
2022-08-14 14:14:25 +02:00
|
|
|
if ($user === false || !password_verify($password, $user["password"]))
|
2022-08-12 20:46:43 +02:00
|
|
|
return [new Response("Incorrect combination of email and password.", false), null];
|
|
|
|
|
return [new Response(null, true), $user["uuid"]];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Returns the user with the given UUID.
|
|
|
|
|
*
|
|
|
|
|
* @param string $uuid the UUID of the user to return
|
2022-08-14 12:31:47 +02:00
|
|
|
* @return Response the user with the given UUID, or a response with an explanation what went wrong otherwise
|
2022-08-12 20:46:43 +02:00
|
|
|
*/
|
2022-08-14 12:31:47 +02:00
|
|
|
public function get_user_data(string $uuid): Response
|
2022-08-12 20:46:43 +02:00
|
|
|
{
|
|
|
|
|
$db = new SQLite3($this->db_filename, SQLITE3_OPEN_READONLY);
|
|
|
|
|
$stmt = $db->prepare("SELECT * FROM users WHERE uuid=:uuid;");
|
|
|
|
|
$stmt->bindValue(":uuid", $uuid);
|
2022-08-14 12:31:47 +02:00
|
|
|
$user = $stmt->execute()->fetchArray(SQLITE3_ASSOC);
|
2022-08-12 20:46:43 +02:00
|
|
|
$db->close();
|
|
|
|
|
|
2022-08-14 12:31:47 +02:00
|
|
|
return $user === false
|
|
|
|
|
? new Response("User does not exist.", false)
|
|
|
|
|
: new Response($user, true);
|
2022-08-12 20:46:43 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Updates the indicated user's email address.
|
|
|
|
|
*
|
|
|
|
|
* @param string $uuid the UUID of the user whose email address should be updated
|
|
|
|
|
* @param string $email the new email address
|
|
|
|
|
* @return Response a response with message `null` if the email address was updated, or a response with a message
|
|
|
|
|
* explaining what went wrong otherwise
|
|
|
|
|
*/
|
|
|
|
|
public function set_email(string $uuid, string $email): Response
|
|
|
|
|
{
|
|
|
|
|
// Validate
|
2022-08-14 14:14:25 +02:00
|
|
|
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL))
|
2022-08-12 20:46:43 +02:00
|
|
|
return new Response("Invalid email address.", false);
|
|
|
|
|
|
|
|
|
|
// Open DB
|
|
|
|
|
$db = new SQLite3($this->db_filename, SQLITE3_OPEN_READWRITE);
|
|
|
|
|
$db->exec("BEGIN;");
|
|
|
|
|
|
|
|
|
|
// Check if email address is already in use
|
|
|
|
|
$stmt = $db->prepare("SELECT 1 FROM users WHERE email=:email;");
|
|
|
|
|
$stmt->bindValue(":email", $email);
|
|
|
|
|
$email_available = $stmt->execute()->fetchArray(SQLITE3_ASSOC) === false;
|
|
|
|
|
if (!$email_available) {
|
|
|
|
|
$db->exec("COMMIT;");
|
|
|
|
|
$db->close();
|
|
|
|
|
return new Response("Email address already in use.", false);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Update email address
|
|
|
|
|
$stmt = $db->prepare("UPDATE users SET email=:email WHERE uuid=:uuid;");
|
|
|
|
|
$stmt->bindValue(":uuid", $uuid);
|
|
|
|
|
$stmt->bindValue(":email", $email);
|
|
|
|
|
$email_updated = $stmt->execute() !== false;
|
|
|
|
|
/** @noinspection PhpIfWithCommonPartsInspection Easier to read this way */
|
|
|
|
|
if (!$email_updated) {
|
|
|
|
|
$db->exec("COMMIT;");
|
|
|
|
|
$db->close();
|
|
|
|
|
return new Response("Unknown database error.", false);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Respond
|
|
|
|
|
$db->exec("COMMIT;");
|
|
|
|
|
$db->close();
|
|
|
|
|
|
|
|
|
|
return new Response(null, true);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Updates the indicated user's password.
|
|
|
|
|
*
|
|
|
|
|
* @param string $uuid the UUID of the user whose password should be updated
|
2022-08-14 12:31:47 +02:00
|
|
|
* @param string $password_old the old password
|
|
|
|
|
* @param string $password_new the new password
|
2022-08-12 20:46:43 +02:00
|
|
|
* @param string $password_confirm the confirmation of the new password
|
|
|
|
|
* @return Response a response with message `null` if the password was updated, or a response with a message
|
|
|
|
|
* explaining what went wrong otherwise
|
|
|
|
|
*/
|
2022-08-14 12:31:47 +02:00
|
|
|
public function set_password(string $uuid, string $password_old, string $password_new,
|
|
|
|
|
string $password_confirm): Response
|
2022-08-12 20:46:43 +02:00
|
|
|
{
|
|
|
|
|
// Validate
|
2022-08-14 14:14:25 +02:00
|
|
|
if (strlen($password_new) < 8)
|
2022-08-12 20:46:43 +02:00
|
|
|
return new Response("Your password should be at least 8 characters long.", false);
|
2022-08-14 14:14:25 +02:00
|
|
|
if ($password_new !== $password_confirm)
|
2022-08-14 12:31:47 +02:00
|
|
|
return new Response("New passwords do not match.", false);
|
2022-08-12 20:46:43 +02:00
|
|
|
|
|
|
|
|
// Open DB
|
|
|
|
|
$db = new SQLite3($this->db_filename, SQLITE3_OPEN_READWRITE);
|
|
|
|
|
$db->exec("BEGIN;");
|
|
|
|
|
|
2022-08-14 12:31:47 +02:00
|
|
|
// Validate old password
|
|
|
|
|
$stmt = $db->prepare("SELECT * FROM users WHERE uuid=:uuid;");
|
|
|
|
|
$stmt->bindValue(":uuid", $uuid);
|
|
|
|
|
$user = $stmt->execute()->fetchArray(SQLITE3_ASSOC);
|
|
|
|
|
if ($user === false) {
|
|
|
|
|
$db->exec("COMMIT;");
|
|
|
|
|
$db->close();
|
|
|
|
|
return new Response("Invalid user.", false);
|
|
|
|
|
}
|
|
|
|
|
if (!password_verify($password_old, $user["password"])) {
|
|
|
|
|
$db->exec("COMMIT;");
|
|
|
|
|
$db->close();
|
|
|
|
|
return new Response("Incorrect old password.", false);
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-12 20:46:43 +02:00
|
|
|
// Update password
|
|
|
|
|
$stmt = $db->prepare("UPDATE users SET password=:password WHERE uuid=:uuid;");
|
|
|
|
|
$stmt->bindValue(":uuid", $uuid);
|
2022-08-14 12:31:47 +02:00
|
|
|
$stmt->bindValue(":password", password_hash($password_new, PASSWORD_DEFAULT));
|
2022-08-12 20:46:43 +02:00
|
|
|
$password_updated = $stmt->execute() !== false;
|
|
|
|
|
/** @noinspection PhpIfWithCommonPartsInspection Easier to read this way */
|
|
|
|
|
if (!$password_updated) {
|
|
|
|
|
$db->exec("COMMIT;");
|
|
|
|
|
$db->close();
|
|
|
|
|
return new Response("Unknown database error.", false);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$db->exec("COMMIT;");
|
|
|
|
|
$db->close();
|
|
|
|
|
|
|
|
|
|
return new Response(null, true);
|
|
|
|
|
}
|
|
|
|
|
}
|
