upd: database.repo.user (added methods: getBy* | checkPassword | setPassword | create)

This commit is contained in:
xdrm-brackets 2017-11-26 11:44:17 +01:00
parent 77483eedfa
commit c16ef8a961
1 changed files with 203 additions and 4 deletions

View File

@ -5,6 +5,13 @@
class user extends Repo_i{
/* (1) Return all users in database
*
* @return users<array> The user list
* FALSE on error
*
---------------------------------------------------------*/
public function getAll(){
/* (1) Statement */
@ -16,10 +23,18 @@
}
/* (2) Return a user by its `id_user`
*
* @id_user<int> The user UID
*
* @return user<array> The user if found
* FALSE on error
*
---------------------------------------------------------*/
public function getById(int $id_user){
/* (1) Prepare Statement */
$pst = $this->pdo->prepare("SELECT * FROM user WHERE id_user = :id_user");
$pst = $this->pdo->prepare("SELECT * FROM user WHERE id_user = :id_user LIMIT 1");
/* (2) Bind variables */
$pst->bindParam(':id_user', $id_user, \PDO::PARAM_INT);
@ -28,15 +43,23 @@
if( !$pst->execute() ) return false; // if error -> send FALSE
/* (4) Fetched data */
return $pst->fetchAll();
return $pst->fetch();
}
/* (3) Return a user by its `mail`
*
* @mail<String> The user mail address
*
* @return user<array> The user if found
* FALSE on error
*
---------------------------------------------------------*/
public function getByMail(String $mail){
/* (1) Prepare Statement */
$pst = $this->pdo->prepare("SELECT * FROM user WHERE mail = :mail");
$pst = $this->pdo->prepare("SELECT * FROM user WHERE mail = :mail LIMIT 1");
/* (2) Bind variables */
$pst->bindParam(':mail', $mail, \PDO::PARAM_STR, 50);
@ -45,7 +68,183 @@
if( !$pst->execute() ) return false; // if error -> send FALSE
/* (4) Fetched data */
return $pst->fetchAll();
return $pst->fetch();
}
/* (4) Return a user by its `username`
*
* @username<String> The user username
*
* @return user<array> The user if found
* FALSE on error
*
---------------------------------------------------------*/
public function getByUsername(String $username){
/* (1) Prepare Statement */
$pst = $this->pdo->prepare("SELECT * FROM user WHERE username = :username LIMIT 1");
/* (2) Bind variables */
$pst->bindParam(':username', $username, \PDO::PARAM_STR, 20);
/* (3) Execute */
if( !$pst->execute() ) return false; // if error -> send FALSE
/* (4) Fetched data */
return $pst->fetch();
}
/* (5) Return a user by its `token`
*
* @token<String> The user token
*
* @return user<array> The user if found
* FALSE on error
*
---------------------------------------------------------*/
public function getByToken(String $token){
/* (1) Prepare Statement */
$pst = $this->pdo->prepare("SELECT * FROM user WHERE token is not NULL AND token = :token LIMIT 1");
/* (2) Bind variables */
$pst->bindParam(':token', $token, \PDO::PARAM_STR, 128);
/* (3) Execute */
if( !$pst->execute() ) return false; // if error -> send FALSE
/* (4) Fetched data */
return $pst->fetch();
}
/* (6) Check the password of a user
*
* @id_user<String> The user UID
* @password<String> The password to test
*
* @return valid<bool> Whether the password is valid or not
*
---------------------------------------------------------*/
public function checkPassword(int $id_user, String $password){
/* (1) Hash the password */
$hash = \secure_hash($password, $id_user, 'user-pass');
/* (2) Prepare Statement */
$pst = $this->pdo->prepare("SELECT * FROM user WHERE id_user = :id_user AND pass = :pass LIMIT 1");
/* (3) Bind variables */
$pst->bindParam(':id_user', $id_user, \PDO::PARAM_INT);
$pst->bindParam(':pass', $hash, \PDO::PARAM_STR, 128);
/* (4) Execute */
if( !$pst->execute() ) return false; // if error -> send FALSE
/* (5) If no data -> means invalid password */
if( !is_array($pst->fetch()) )
return false;
/* (6) If here -> means password is ok */
return true;
}
/* (6) Set the password for a user
*
* @id_user<String> The user UID
* @password<String> The password to set
*
* @return set<bool> Whether the password has been set or not
*
---------------------------------------------------------*/
public function setPassword(int $id_user, String $password){
/* (1) Hash the password */
$hash = \secure_hash($password, $id_user, 'user-pass');
/* (2) Prepare Statement */
$pst = $this->pdo->prepare("UPDATE `user` SET `pass` = :pass WHERE `id_user` = :id_user");
/* (3) Bind variables */
$pst->bindParam(':pass', $hash, \PDO::PARAM_STR, 128);
$pst->bindParam(':id_user', $id_user, \PDO::PARAM_INT);
/* (4) Execute -> dispatch status */
return $pst->execute();
}
/* (7) Creates a new user
*
* @username<String> The username (must be unique)
* @mail<String> The mail address (must be unique)
* @password<String> The password
*
* @return id_created<int> UID of the created user
* FALSE on error
*
---------------------------------------------------------*/
public function create(String $username, String $mail, String $password){
/* (1) Check @username + @mail are unique
---------------------------------------------------------*/
/* (1) If @username already exists -> abort */
if( is_array($this->getByUsername($username)) )
return false;
/* (2) If @mail already exists -> abort */
if( is_array($this->getByMail($mail)) )
return false;
/* (2) Create the user (without password)
---------------------------------------------------------*/
/* (1) Create a random token */
$token = \secure_hash(uniqid(), 'user-token');
/* (2) Prepare Statement */
$pst = $this->pdo->prepare("INSERT INTO `user`(`id_user`, `username`, `mail`, `pass`, `token`) VALUES(DEFAULT, :username, :mail, NULL, :token)");
/* (3) Bind variables */
$pst->bindParam(':username', $username, \PDO::PARAM_STR, 20);
$pst->bindParam(':mail', $mail, \PDO::PARAM_STR, 50);
$pst->bindParam(':token', $token, \PDO::PARAM_STR, 128);
/* (4) Execute -> if error return FALSE */
if( !$pst->execute() ) return false;
/* (2) Set the password (needed @id_user)
---------------------------------------------------------*/
/* (1) Get last inserted id */
$fetch_user = $this->getByUsername($username);
/* (2) If nothing found -> error */
if( !is_array($fetch_user) || !isset($fetch_user['id_user']) || !is_numeric($fetch_user['id_user']) )
return false;
/* (3) Extract @id_user */
$id_user = intval($fetch_user['id_user']);
/* (4) Repo self call */
if( !$this->setPassword($id_user, $password) )
return false;
/* (5) Return @id_user */
return $id_user;
}
}