diff --git a/build/database/repo/user.php b/build/database/repo/user.php index 209cf43..d1b3e37 100644 --- a/build/database/repo/user.php +++ b/build/database/repo/user.php @@ -5,6 +5,13 @@ class user extends Repo_i{ + + /* (1) Return all users in database + * + * @return users The user list + * FALSE on error + * + ---------------------------------------------------------*/ public function getAll(){ /* (1) Statement */ @@ -16,10 +23,18 @@ } + /* (2) Return a user by its `id_user` + * + * @id_user The user UID + * + * @return user The user if found + * FALSE on error + * + ---------------------------------------------------------*/ public function getById(int $id_user){ /* (1) Prepare Statement */ - $pst = $this->pdo->prepare("SELECT * FROM user WHERE id_user = :id_user"); + $pst = $this->pdo->prepare("SELECT * FROM user WHERE id_user = :id_user LIMIT 1"); /* (2) Bind variables */ $pst->bindParam(':id_user', $id_user, \PDO::PARAM_INT); @@ -28,15 +43,23 @@ if( !$pst->execute() ) return false; // if error -> send FALSE /* (4) Fetched data */ - return $pst->fetchAll(); + return $pst->fetch(); } + /* (3) Return a user by its `mail` + * + * @mail The user mail address + * + * @return user The user if found + * FALSE on error + * + ---------------------------------------------------------*/ public function getByMail(String $mail){ /* (1) Prepare Statement */ - $pst = $this->pdo->prepare("SELECT * FROM user WHERE mail = :mail"); + $pst = $this->pdo->prepare("SELECT * FROM user WHERE mail = :mail LIMIT 1"); /* (2) Bind variables */ $pst->bindParam(':mail', $mail, \PDO::PARAM_STR, 50); @@ -45,7 +68,183 @@ if( !$pst->execute() ) return false; // if error -> send FALSE /* (4) Fetched data */ - return $pst->fetchAll(); + return $pst->fetch(); } + + + /* (4) Return a user by its `username` + * + * @username The user username + * + * @return user The user if found + * FALSE on error + * + ---------------------------------------------------------*/ + public function getByUsername(String $username){ + + /* (1) Prepare Statement */ + $pst = $this->pdo->prepare("SELECT * FROM user WHERE username = :username LIMIT 1"); + + /* (2) Bind variables */ + $pst->bindParam(':username', $username, \PDO::PARAM_STR, 20); + + /* (3) Execute */ + if( !$pst->execute() ) return false; // if error -> send FALSE + + /* (4) Fetched data */ + return $pst->fetch(); + + } + + + /* (5) Return a user by its `token` + * + * @token The user token + * + * @return user The user if found + * FALSE on error + * + ---------------------------------------------------------*/ + public function getByToken(String $token){ + + /* (1) Prepare Statement */ + $pst = $this->pdo->prepare("SELECT * FROM user WHERE token is not NULL AND token = :token LIMIT 1"); + + /* (2) Bind variables */ + $pst->bindParam(':token', $token, \PDO::PARAM_STR, 128); + + /* (3) Execute */ + if( !$pst->execute() ) return false; // if error -> send FALSE + + /* (4) Fetched data */ + return $pst->fetch(); + + } + + + /* (6) Check the password of a user + * + * @id_user The user UID + * @password The password to test + * + * @return valid Whether the password is valid or not + * + ---------------------------------------------------------*/ + public function checkPassword(int $id_user, String $password){ + + /* (1) Hash the password */ + $hash = \secure_hash($password, $id_user, 'user-pass'); + + /* (2) Prepare Statement */ + $pst = $this->pdo->prepare("SELECT * FROM user WHERE id_user = :id_user AND pass = :pass LIMIT 1"); + + /* (3) Bind variables */ + $pst->bindParam(':id_user', $id_user, \PDO::PARAM_INT); + $pst->bindParam(':pass', $hash, \PDO::PARAM_STR, 128); + + /* (4) Execute */ + if( !$pst->execute() ) return false; // if error -> send FALSE + + /* (5) If no data -> means invalid password */ + if( !is_array($pst->fetch()) ) + return false; + + /* (6) If here -> means password is ok */ + return true; + + } + + + /* (6) Set the password for a user + * + * @id_user The user UID + * @password The password to set + * + * @return set Whether the password has been set or not + * + ---------------------------------------------------------*/ + public function setPassword(int $id_user, String $password){ + + /* (1) Hash the password */ + $hash = \secure_hash($password, $id_user, 'user-pass'); + + /* (2) Prepare Statement */ + $pst = $this->pdo->prepare("UPDATE `user` SET `pass` = :pass WHERE `id_user` = :id_user"); + + /* (3) Bind variables */ + $pst->bindParam(':pass', $hash, \PDO::PARAM_STR, 128); + $pst->bindParam(':id_user', $id_user, \PDO::PARAM_INT); + + /* (4) Execute -> dispatch status */ + return $pst->execute(); + + } + + /* (7) Creates a new user + * + * @username The username (must be unique) + * @mail The mail address (must be unique) + * @password The password + * + * @return id_created UID of the created user + * FALSE on error + * + ---------------------------------------------------------*/ + public function create(String $username, String $mail, String $password){ + + + /* (1) Check @username + @mail are unique + ---------------------------------------------------------*/ + /* (1) If @username already exists -> abort */ + if( is_array($this->getByUsername($username)) ) + return false; + + /* (2) If @mail already exists -> abort */ + if( is_array($this->getByMail($mail)) ) + return false; + + + + /* (2) Create the user (without password) + ---------------------------------------------------------*/ + /* (1) Create a random token */ + $token = \secure_hash(uniqid(), 'user-token'); + + /* (2) Prepare Statement */ + $pst = $this->pdo->prepare("INSERT INTO `user`(`id_user`, `username`, `mail`, `pass`, `token`) VALUES(DEFAULT, :username, :mail, NULL, :token)"); + + /* (3) Bind variables */ + $pst->bindParam(':username', $username, \PDO::PARAM_STR, 20); + $pst->bindParam(':mail', $mail, \PDO::PARAM_STR, 50); + $pst->bindParam(':token', $token, \PDO::PARAM_STR, 128); + + /* (4) Execute -> if error return FALSE */ + if( !$pst->execute() ) return false; + + + /* (2) Set the password (needed @id_user) + ---------------------------------------------------------*/ + /* (1) Get last inserted id */ + $fetch_user = $this->getByUsername($username); + + /* (2) If nothing found -> error */ + if( !is_array($fetch_user) || !isset($fetch_user['id_user']) || !is_numeric($fetch_user['id_user']) ) + return false; + + /* (3) Extract @id_user */ + $id_user = intval($fetch_user['id_user']); + + /* (4) Repo self call */ + if( !$this->setPassword($id_user, $password) ) + return false; + + /* (5) Return @id_user */ + return $id_user; + + } + + + + } \ No newline at end of file