1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141 <?php
class UserManager {
private $cookie_lifetime = 2678400;
private $db;
public $userAccount;
public function __construct (JSONDB $database) {
$this->db = $database;
if (!empty($_SESSION['username'])) {
$this->userAccount = $this->get($_SESSION['username']);
}
}
public function isLoggedIn () {
return (!$this->userAccount) ? false : true;
}
public function checkLoggedIn () {
if (!$this->isLoggedIn()) {
header("Location: /login");
exit();
}
}
public function isAdmin () {
if (!$this->userAccount) return false;
return ($this->userAccount['id'] !== 1) ? false : true;
}
public function getLoggedInAccount () {
return $this->userAccount;
}
public function exists ($username) {
return (!$this->get($username)) ? false : true;
}
public function checkLogin ($username, $password) {
$userAccount = $this->get($username);
if (!$userAccount || !password_verify($password, $userAccount['password'])) {
throw new Exception('Account unknown or password wrong.');
}
if (!$userAccount['active']) {
throw new Exception('This account is disabled.');
}
$_SESSION['username'] = $userAccount['username'];
$this->userAccount = $userAccount;
return true;
}
public function logout () {
$this->userAccount = null;
session_destroy();
return true;
}
public function get ($username) {
$result = $this->db->select('*')
->from('users.json')
->where(['username' => $username])
->get();
if (!isset($result[0])) return false;
return $result[0];
}
public function getAll () {
$result = $this->db->select('*')
->from('users.json')
->get();
return $result;
}
public function getHighestUserId () {
$data = $this->db->select('id')
->from('users.json')
->order_by('id', JSONDB::ASC)
->get();
return end($data)['id'];
}
public function updatePassword ($username, $password) {
if (!$this->exists($username)) throw new Exception('User doesn\'t exist!');
$this->db->update(['password' => password_hash($password, PASSWORD_DEFAULT)])
->from('users.json')
->where(['username' => $username])
->trigger();
}
public function create ($username, $password, $active = true) {
if ($this->exists($username)) throw new Exception('This username is already taken.');
// if(!preg_match('/^[\w-]+$/', $username)) throw new Exception('URI contains not allowed characters.');
$this->db->insert('users.json', [
'id' => $this->getHighestUserId()+1,
'username' => $username,
'password' => password_hash($password, PASSWORD_DEFAULT),
'active' => $active,
]);
}
public function enable ($username) {
if (!$this->exists($username)) throw new Exception('User doesn\'t exist!');
$this->db->update(['active' => true])
->from('users.json')
->where(['username' => $username])
->trigger();
}
public function disable ($username) {
if (!$this->exists($username)) throw new Exception('User doesn\'t exist!');
$this->db->update(['active' => false])
->from('users.json')
->where(['username' => $username])
->trigger();
}
public function delete ($username) {
if (!$this->exists($username)) throw new Exception('User doesn\'t exist!');
$this->db->delete()
->from('users.json')
->where(['username' => $username])
->trigger();
}
}