require 'db.php';
session_start(); ///needs an open session to set the logged in value
class User {
public $username = null;
public $password = null;
public $name = null;
public $email = null;
public $ftp = null;
public $connection = null;
public $errors = array();
public $errorFlag = false;
public $lastInsertedID = null;
function __construct() {
$this->connection = connect_db(); ///this is the basic database connection
}
//Get the errors array.
public function getErrors() {
return $this->errors;
}
public function storeFormValues($username, $password, $name, $email) {
if (empty($password)) {
array_push($this->errors, "Please Enter a Password!");
$this->errorFlag = true;
} else {
if (!preg_match('/(?=.*[a-z])(?=.*\d).{5,}/i', $password)) {
array_push($this->errors, "Passwords must have a minimum of 5 characters and contain at least one letter and at least on number");
$this->errorFlag = true;
} else {
$this->password = password_hash($password, PASSWORD_DEFAULT);
}
}
if (empty($username)) {
array_push($this->errors, "Please Enter a Username!");
$this->errorFlag = true;
} else {
if (!preg_match("/^[a-zA-Z ]*$/", $username)) {
array_push($this->errors, "Only letters and white space allowed in Username");
$this->errorFlag = true;
} else {
$this->username = $username;
}
}
if (empty($name)) {
array_push($this->errors, "Please Enter a name!");
$this->errorFlag = true;
} else {
if (!preg_match("/^[a-zA-Z ]*$/", $name)) {
array_push($this->errors, "Only letters and white space allowed in Name!");
$this->errorFlag = true;
} else {
$this->name = $name;
}
}
if (empty($email)) {
array_push($this->errors, "Please Enter a Email!");
$this->errorFlag = true;
} else {
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
array_push($this->errors, "Invalid Email format");
$this->errorFlag = true;
} else {
$this->email = $email;
}
}
if ($this->errorFlag === false) {
$this->ftp = hash('sha512', rand());
return true;
} else {
return false;
}
}
public function logout() {
session_destroy();
header("Location: ../../login.php"); ///destroys all session data and redirects to login
}
public function userLogin($email, $password) {
try {
$sql = "SELECT * FROM accounts where account_email = ?";
$stmt = $this->connection->prepare($sql);
$stmt->execute(array($email));
if ($stmt->rowCount() > 0) {
$output = $stmt->fetch();
$hash = $output['account_password'];
if (password_verify($password, $hash)) {
header_remove();
header('Location: ./home.php');
$_SESSION['loggedIn'] = 1;
$_SESSION['username'] = $output['account_username'];
$_SESSION['id'] = $output['account_id'];
return;
} else {
$_SESSION['loggedIn'] = 0;
array_push($this->errors, "User password didn't match!");
return false;
}
} else {
array_push($this->errors, "User Not Found!");
return false;
}
}
catch(PDOException $e) {
//$e->getMessage();
array_push($this->errors, "Unknown Error");
return false;
}
}
public function userRegister() {
//below is the basic code to add a user to the database
try {
$sql = "INSERT INTO accounts (account_name, account_password, account_username, account_email, ftp_password, is_admin, is_enabled, is_ftp_enabled) VALUES (?,?,?,?,?,?,?,?)";
$stmt = $this->connection->prepare($sql);
$stmt->execute([$this->name, $this->password, $this->username, $this->email, $this->ftp, "0", "1", "1"]);
$this->lastInsertedID = $this->connection->lastInsertId(); //this gets the id of thew last inserted row so it can then init all the other needed databases
}
catch(PDOException $e) {
array_push($this->errors, "We already have an account with that email!");
$this->errorFlag = true;
}
//The two insert statments below setup the default values for the ship station config saving
try {
$sql = "INSERT INTO configuration (`account_id`, `shipstationPublic`, `shipstationPrivate`) VALUES (?,?,?)"; //used backticks for escaping reserved words
$stmt = $this->connection->prepare($sql);
$stmt->execute([ $this->lastInsertedID, "0", "0"]);
}
catch(PDOException $e) {
if ($e->errorInfo[1] == 1062) {
array_push($this->errors, "Configuration Already set!");
$this->errorFlag = true;
} else {
array_push($this->errors, $e);
$this->errorFlag = true;
}
}
if ($this->errorFlag === false) {
return true;
} else {
return false;
}
}
public function getUserData($userID){
try{
$sql = "SELECT * FROM accounts where account_id = ?";
$stmt = $this->connection->prepare($sql);
$stmt->execute(array($userID));
if ($stmt->rowCount() > 0) {
$output = $stmt->fetch();
return array("email"=>$output['account_email'], "username"=>$output['account_username'], "name"=>$output['account_name']);;
}else{
return false;
}
}
catch(PDOException $e) {
array_push($this->errors, "Could not get user information");
return false;
}
}
}