The admin list * FALSE on error * ---------------------------------------------------------*/ public function getAll(){ /* (1) Statement */ $st = $this->pdo->query("SELECT `id_admin`, `username`, `mail` FROM `admin` ORDER BY `username` ASC"); /* (2) Fetched data */ return $st->fetchAll(); } /* (2) Return a admin by its `id_admin` * * @id_admin The admin UID * * @return admin The admin if found * FALSE on error * ---------------------------------------------------------*/ public function getById(int $id_admin){ /* (1) Prepare Statement */ $pst = $this->pdo->prepare("SELECT `id_admin`, `username`, `mail` FROM `admin` WHERE `id_admin` = :id_admin LIMIT 1"); /* (2) Bind variables */ $pst->bindParam(':id_admin', $id_admin, \PDO::PARAM_INT); /* (3) Execute */ if( !$pst->execute() ) return false; // if error -> send FALSE /* (4) Fetched data */ return $pst->fetch(); } /* (3) Return a admin by its `mail` * * @mail The admin mail address * * @return admin The admin if found * FALSE on error * ---------------------------------------------------------*/ public function getByMail(String $mail){ /* (1) Prepare Statement */ $pst = $this->pdo->prepare("SELECT `id_admin`, `username`, `mail` FROM `admin` WHERE `mail` = :mail LIMIT 1"); /* (2) Bind variables */ $pst->bindParam(':mail', $mail, \PDO::PARAM_STR, 50); /* (3) Execute */ if( !$pst->execute() ) return false; // if error -> send FALSE /* (4) Fetched data */ return $pst->fetch(); } /* (4) Return a admin by its `username` * * @username The admin username * * @return admin The admin if found * FALSE on error * ---------------------------------------------------------*/ public function getByUsername(String $username){ /* (1) Prepare Statement */ $pst = $this->pdo->prepare("SELECT `id_admin`, `username`, `mail` FROM `admin` WHERE `username` = :username LIMIT 1"); /* (2) Bind variables */ $pst->bindParam(':username', $username, \PDO::PARAM_STR, 20); /* (3) Execute */ if( !$pst->execute() ) return false; // if error -> send FALSE /* (4) Fetched data */ return $pst->fetch(); } /* (5) Return a admin by its `token` * * @token The admin token * * @return admin The admin if found * FALSE on error * ---------------------------------------------------------*/ public function getByToken(String $token){ /* (1) Prepare Statement */ $pst = $this->pdo->prepare("SELECT `id_admin`, `username`, `mail` FROM `admin` WHERE `token` is not NULL AND `token` = :token LIMIT 1"); /* (2) Bind variables */ $pst->bindParam(':token', $token, \PDO::PARAM_STR, 128); /* (3) Execute */ if( !$pst->execute() ) return false; // if error -> send FALSE /* (4) Fetched data */ return $pst->fetch(); } /* (6) Check the password of a admin * * @id_admin The admin UID * @password The password to test * * @return valid Whether the password is valid or not * ---------------------------------------------------------*/ public function checkPassword(int $id_admin, String $password){ /* (1) Hash the password */ $hash = \secure_hash($password, $id_admin, 'admin-pass'); /* (2) Prepare Statement */ $pst = $this->pdo->prepare("SELECT * FROM `admin` WHERE `id_admin` = :id_admin AND `pass` = :pass LIMIT 1"); /* (3) Bind variables */ $pst->bindParam(':id_admin', $id_admin, \PDO::PARAM_INT); $pst->bindParam(':pass', $hash, \PDO::PARAM_STR, 128); /* (4) Execute */ if( !$pst->execute() ) return false; // if error -> send FALSE /* (5) If no data -> means invalid password */ if( !is_array($pst->fetch()) ) return false; /* (6) If here -> means password is ok */ return true; } /* (6) Set the password for a admin * * @id_admin The admin UID * @password The password to set * * @return set Whether the password has been set or not * ---------------------------------------------------------*/ public function setPassword(int $id_admin, String $password){ /* (1) Hash the password */ $hash = \secure_hash($password, $id_admin, 'admin-pass'); /* (2) Prepare Statement */ $pst = $this->pdo->prepare("UPDATE `admin` SET `pass` = :pass WHERE `id_admin` = :id_admin"); /* (3) Bind variables */ $pst->bindParam(':pass', $hash, \PDO::PARAM_STR, 128); $pst->bindParam(':id_admin', $id_admin, \PDO::PARAM_INT); /* (4) Execute -> dispatch status */ return $pst->execute(); } /* (7) Creates a new admin * * @username The username (must be unique) * @mail The mail address (must be unique) * @password The password * * @return id_created UID of the created admin * FALSE on error * ---------------------------------------------------------*/ public function create(String $username, String $mail, String $password){ /* (1) Check @username + @mail are unique ---------------------------------------------------------*/ /* (1) If @username already exists -> abort */ if( is_array($this->getByUsername($username)) ) return false; /* (2) If @mail already exists -> abort */ if( is_array($this->getByMail($mail)) ) return false; /* (2) Create the admin (without password) ---------------------------------------------------------*/ /* (1) Create a random token */ $token = \secure_hash(uniqid(), 'admin-token'); /* (2) Prepare Statement */ $pst = $this->pdo->prepare("INSERT INTO `admin`(`id_admin`, `username`, `mail`, `pass`, `token`) VALUES(DEFAULT, :username, :mail, NULL, :token)"); /* (3) Bind variables */ $pst->bindParam(':username', $username, \PDO::PARAM_STR, 20); $pst->bindParam(':mail', $mail, \PDO::PARAM_STR, 50); $pst->bindParam(':token', $token, \PDO::PARAM_STR, 128); /* (4) Execute -> if error return FALSE */ if( !$pst->execute() ) return false; /* (2) Set the password (needed @id_admin) ---------------------------------------------------------*/ /* (1) Get last inserted id */ $fetch_admin = $this->getByUsername($username); /* (2) If nothing found -> error */ if( !is_array($fetch_admin) || !isset($fetch_admin['id_admin']) || !is_numeric($fetch_admin['id_admin']) ) return false; /* (3) Extract @id_admin */ $id_admin = intval($fetch_admin['id_admin']); /* (4) Repo self call */ if( !$this->setPassword($id_admin, $password) ) return false; /* (5) Return @id_admin */ return $id_admin; } }