The user list * FALSE on error * ---------------------------------------------------------*/ public function getAll(){ /* (1) Statement */ $st = $this->pdo->query("SELECT * FROM user ORDER BY username ASC"); /* (2) Fetched data */ return $st->fetchAll(); } /* (2) Return a user by its `id_user` * * @id_user The user UID * * @return user The user if found * FALSE on error * ---------------------------------------------------------*/ public function getById(int $id_user){ /* (1) Prepare Statement */ $pst = $this->pdo->prepare("SELECT * FROM user WHERE id_user = :id_user LIMIT 1"); /* (2) Bind variables */ $pst->bindParam(':id_user', $id_user, \PDO::PARAM_INT); /* (3) Execute */ if( !$pst->execute() ) return false; // if error -> send FALSE /* (4) Fetched data */ return $pst->fetch(); } /* (3) Return a user by its `mail` * * @mail The user mail address * * @return user The user if found * FALSE on error * ---------------------------------------------------------*/ public function getByMail(String $mail){ /* (1) Prepare Statement */ $pst = $this->pdo->prepare("SELECT * FROM user WHERE mail = :mail LIMIT 1"); /* (2) Bind variables */ $pst->bindParam(':mail', $mail, \PDO::PARAM_STR, 50); /* (3) Execute */ if( !$pst->execute() ) return false; // if error -> send FALSE /* (4) Fetched data */ return $pst->fetch(); } /* (4) Return a user by its `username` * * @username The user username * * @return user The user if found * FALSE on error * ---------------------------------------------------------*/ public function getByUsername(String $username){ /* (1) Prepare Statement */ $pst = $this->pdo->prepare("SELECT * FROM user WHERE username = :username LIMIT 1"); /* (2) Bind variables */ $pst->bindParam(':username', $username, \PDO::PARAM_STR, 20); /* (3) Execute */ if( !$pst->execute() ) return false; // if error -> send FALSE /* (4) Fetched data */ return $pst->fetch(); } /* (5) Return a user by its `token` * * @token The user token * * @return user The user if found * FALSE on error * ---------------------------------------------------------*/ public function getByToken(String $token){ /* (1) Prepare Statement */ $pst = $this->pdo->prepare("SELECT * FROM user WHERE token is not NULL AND token = :token LIMIT 1"); /* (2) Bind variables */ $pst->bindParam(':token', $token, \PDO::PARAM_STR, 128); /* (3) Execute */ if( !$pst->execute() ) return false; // if error -> send FALSE /* (4) Fetched data */ return $pst->fetch(); } /* (6) Check the password of a user * * @id_user The user UID * @password The password to test * * @return valid Whether the password is valid or not * ---------------------------------------------------------*/ public function checkPassword(int $id_user, String $password){ /* (1) Hash the password */ $hash = \secure_hash($password, $id_user, 'user-pass'); /* (2) Prepare Statement */ $pst = $this->pdo->prepare("SELECT * FROM user WHERE id_user = :id_user AND pass = :pass LIMIT 1"); /* (3) Bind variables */ $pst->bindParam(':id_user', $id_user, \PDO::PARAM_INT); $pst->bindParam(':pass', $hash, \PDO::PARAM_STR, 128); /* (4) Execute */ if( !$pst->execute() ) return false; // if error -> send FALSE /* (5) If no data -> means invalid password */ if( !is_array($pst->fetch()) ) return false; /* (6) If here -> means password is ok */ return true; } /* (6) Set the password for a user * * @id_user The user UID * @password The password to set * * @return set Whether the password has been set or not * ---------------------------------------------------------*/ public function setPassword(int $id_user, String $password){ /* (1) Hash the password */ $hash = \secure_hash($password, $id_user, 'user-pass'); /* (2) Prepare Statement */ $pst = $this->pdo->prepare("UPDATE `user` SET `pass` = :pass WHERE `id_user` = :id_user"); /* (3) Bind variables */ $pst->bindParam(':pass', $hash, \PDO::PARAM_STR, 128); $pst->bindParam(':id_user', $id_user, \PDO::PARAM_INT); /* (4) Execute -> dispatch status */ return $pst->execute(); } /* (7) Creates a new user * * @username The username (must be unique) * @mail The mail address (must be unique) * @password The password * * @return id_created UID of the created user * FALSE on error * ---------------------------------------------------------*/ public function create(String $username, String $mail, String $password){ /* (1) Check @username + @mail are unique ---------------------------------------------------------*/ /* (1) If @username already exists -> abort */ if( is_array($this->getByUsername($username)) ) return false; /* (2) If @mail already exists -> abort */ if( is_array($this->getByMail($mail)) ) return false; /* (2) Create the user (without password) ---------------------------------------------------------*/ /* (1) Create a random token */ $token = \secure_hash(uniqid(), 'user-token'); /* (2) Prepare Statement */ $pst = $this->pdo->prepare("INSERT INTO `user`(`id_user`, `username`, `mail`, `pass`, `token`) VALUES(DEFAULT, :username, :mail, NULL, :token)"); /* (3) Bind variables */ $pst->bindParam(':username', $username, \PDO::PARAM_STR, 20); $pst->bindParam(':mail', $mail, \PDO::PARAM_STR, 50); $pst->bindParam(':token', $token, \PDO::PARAM_STR, 128); /* (4) Execute -> if error return FALSE */ if( !$pst->execute() ) return false; /* (2) Set the password (needed @id_user) ---------------------------------------------------------*/ /* (1) Get last inserted id */ $fetch_user = $this->getByUsername($username); /* (2) If nothing found -> error */ if( !is_array($fetch_user) || !isset($fetch_user['id_user']) || !is_numeric($fetch_user['id_user']) ) return false; /* (3) Extract @id_user */ $id_user = intval($fetch_user['id_user']); /* (4) Repo self call */ if( !$this->setPassword($id_user, $password) ) return false; /* (5) Return @id_user */ return $id_user; } }