diff options
| -rw-r--r-- | classes/User.php | 130 | ||||
| -rw-r--r-- | include/settings.php | 20 | ||||
| -rw-r--r-- | include/users-new.php | 2 | ||||
| -rw-r--r-- | install/index.php | 2 | ||||
| -rw-r--r-- | login.php | 2 | ||||
| -rw-r--r-- | nav.php | 2 |
6 files changed, 27 insertions, 131 deletions
diff --git a/classes/User.php b/classes/User.php index 0569433..e3d3f1a 100644 --- a/classes/User.php +++ b/classes/User.php @@ -24,14 +24,10 @@ /** * An interface to the user table in the database */ -class User { - /** - * @var pdo $pdo The PDO class for database communication - * @var int $id The id of the user - * @var string $username The username of the user - * @var string $password The (hashed) password of the user - */ - protected $pdo, $id, $username, $password; +class User extends Model { + public + $table = 'user', + $fillable_columns = ['username', 'password']; /** * Generate a random password @@ -59,104 +55,23 @@ class User { ); } - /** - * Create a new instance - * - * @param PDO $pdo The PDO class, to access the database - * @param int $id The id of the user to fetch - * - * @throws PDOException If something went wrong with the database - * @throws Exception If the user could not be found - */ - public function __construct($pdo, $id) { - $this->pdo = $pdo; - - $stmt = $this->pdo->prepare("SELECT * FROM `".Constants::db_prefix."user` WHERE `id`=?"); - $stmt->execute(array($id)); - if ($stmt->rowCount() == 0) { - throw new Exception("The user with id '$id' could not be found."); + public function mutator($key, $value) { + switch ($key) { + case 'password': + return self::hash($password); + break; + default: + return parent::mutator($key, $value); } - $user = $stmt->fetch(PDO::FETCH_ASSOC); - - $this->id = $user['id']; - $this->username = $user['username']; - $this->password = $user['password']; } - //------------------------------------------------------------------------------ - // Getters and setters - //------------------------------------------------------------------------------ - - /** - * Get the ID of the user - * - * @return int The ID - */ - public function getId() { - return $this->id; - } - - /** - * Get the username of the user - * - * @return string The username - */ - public function getUsername() { - return $this->username; - } - - /** - * Set the username of the user - * - * @param string $username The new username for the user - * - * @throws PDOException If something went wrong with the database - * - * @return bool True on succes, false on failure - */ - public function setName($username) { - $stmt = $this->pdo->prepare("UPDATE `".Constants::db_prefix."user` SET `username`=? WHERE `id`=?"); - $stmt->execute(array($username, $this->id)); - if ($stmt->rowCount() == 1) { - $this->username = $username; - return true; - } else { - return false; - } - } - - /** - * Set the password of the user - * - * @param string $password The new password for the user - * - * @throws PDOException If something went wrong with the database - * - * @return bool True on succes, false on failure - */ - public function setPassword($password) { - $password = self::hash($password); - $stmt = $this->pdo->prepare("UPDATE `".Constants::db_prefix."user` SET `password`=? WHERE `id`=?"); - $stmt->execute(array($password, $this->id)); - if ($stmt->rowCount() == 1) { - $this->password = $password; - return true; - } else { - return false; - } - } - - //------------------------------------------------------------------------------ - // Other functions - //------------------------------------------------------------------------------ - /** * Check if a user has administrator rights * * @return bool True iff the user has administrator rights */ public function isAdmin() { - return in_array($this->getId(), Constants::user_admins); + return in_array($this->id, Constants::user_admins); } /** @@ -172,27 +87,8 @@ class User { } if (password_needs_rehash($this->password, Constants::password_algo, ['cost' => Constants::password_cost])) { - $this->setPassword($password); + $this->password = $password; } return true; } - - /** - * Remove this user from the database - * - * If this doesn't succeed (i.e. false is returned), that means the user was removed manually or by another instance of this class - * - * @throws PDOException If something went wrong with the database - * - * @return bool True on success, false on failure - */ - public function delete() { - $stmt = $this->pdo->prepare("DELETE FROM `".Constants::db_prefix."user` WHERE `id`=?"); - $stmt->execute(array($this->id)); - if ($stmt->rowCount() != 1) { - return false; - } else { - return true; - } - } } diff --git a/include/settings.php b/include/settings.php index bd4c0d0..23d6371 100644 --- a/include/settings.php +++ b/include/settings.php @@ -40,12 +40,12 @@ require('./header.php'); try { $user = new User($_pdo, $_GET['delete_user']); if ($user->delete()) { - echo "<div class='alert alert-success alert-dismissable'><button type='button' class='close fa fa-times' data-dismiss='alert' aria-hidden='true'></button>The user with username <i>{$user->getUsername()}</i> has been removed.</div>"; + echo "<div class='alert alert-success alert-dismissable'><button type='button' class='close fa fa-times' data-dismiss='alert' aria-hidden='true'></button>The user with username <i>{$user->username}</i> has been removed.</div>"; } else { - echo "<div class='alert alert-danger alert-dismissable'><button type='button' class='close fa fa-times' data-dismiss='alert' aria-hidden='true'></button>The user with username <i>{$user->getUsername()}</i> could not be removed.</div>"; + echo "<div class='alert alert-danger alert-dismissable'><button type='button' class='close fa fa-times' data-dismiss='alert' aria-hidden='true'></button>The user with username <i>{$user->username}</i> could not be removed.</div>"; } } catch (PDOException $e) { - echo "<div class='alert alert-danger alert-dismissable'><button type='button' class='close fa fa-times' data-dismiss='alert' aria-hidden='true'></button>The user with username <i>{$user->getUsername()}</i> could not be removed due to a PDO error.</div>"; + echo "<div class='alert alert-danger alert-dismissable'><button type='button' class='close fa fa-times' data-dismiss='alert' aria-hidden='true'></button>The user with username <i>{$user->username}</i> could not be removed due to a PDO error.</div>"; } catch (Exception $e) { echo "<div class='alert alert-danger alert-dismissable'><button type='button' class='close fa fa-times' data-dismiss='alert' aria-hidden='true'></button>The user with id {$_GET['delete_user']} could not be found.</div>"; } @@ -65,7 +65,7 @@ require('./header.php'); echo '<div class="alert alert-danger">The current password was incorrect.</div>'; } else { try { - $_user->setPassword($_POST['password_update']); + $_user->password = $_POST['password_update']; echo '<div class="alert alert-success">Password successfully changed.</div>'; } catch (PDOException $e) { echo '<div class="alert alert-danger">An unknown error occurred.</div>'; @@ -106,18 +106,18 @@ require('./header.php'); $users = BusinessAdmin::getUsers($_pdo); foreach ($users as $user) { echo "<tr class='mix' - data-mixer-order-id='{$user->getId()}' - data-mixer-order-username='{$user->getUsername()}'> - <td class='col-min-width'>{$user->getId()}</td> - <td class='col-max-width'>{$user->getUsername()}</td>"; + data-mixer-order-id='{$user->id}' + data-mixer-order-username='{$user->username}'> + <td class='col-min-width'>{$user->id}</td> + <td class='col-max-width'>{$user->username}</td>"; if ($_user->isAdmin()) { - if ($user->getId() == $_user->getId()) { + if ($user->id == $_user->id) { echo "<td class='col-min-width'> <a title='Change password' href='#' onclick='$(\"#password-current\").focus();' class='btn btn-warning btn-circle fa fa-key'></a> </td>"; } else { echo "<td class='col-min-width'> - <a title='Delete' href='?delete_user={$user->getId()}' class='btn btn-danger btn-circle fa fa-times'></a> + <a title='Delete' href='?delete_user={$user->id}' class='btn btn-danger btn-circle fa fa-times'></a> </td>"; } } diff --git a/include/users-new.php b/include/users-new.php index 5b4bd7f..0582134 100644 --- a/include/users-new.php +++ b/include/users-new.php @@ -33,7 +33,7 @@ try { $response->message = "The user could not be created due to an error."; } else { $response->success = true; - $response->message = "User <i>'{$user->getUsername()}'</i> has been created with password <code>$pass</code>. <a class='alert-link' href='javascript:location.reload(true);'>Refresh the page</a>."; + $response->message = "User <i>'{$user->username}'</i> has been created with password <code>$pass</code>. <a class='alert-link' href='javascript:location.reload(true);'>Refresh the page</a>."; } } catch (PDOException $e) { $response->success = false; diff --git a/install/index.php b/install/index.php index 26812c3..dbea375 100644 --- a/install/index.php +++ b/install/index.php @@ -143,7 +143,7 @@ if (isset($_GET['create_user'])) { $password = user::generateRandomPassword(); $user = BusinessAdmin::createUser($_pdo, $username, $password); if ($user !== false) { - echo "Created user '$username' ({$user->getId()}) with password '$password'."; + echo "Created user '$username' ({$user->id}) with password '$password'."; } else { echo "Unknown error while creating the admin user."; } @@ -43,7 +43,7 @@ if (!isset($_SESSION['login']) || $_SESSION['login'] === false) { } else { $user = array_pop($users); if ($user->verifyPassword($_POST['password'])) { - $_SESSION['login'] = $user->getId(); + $_SESSION['login'] = $user->id; $_user = $user; return; } else { @@ -33,7 +33,7 @@ <ul class="nav navbar-top-links navbar-right"> <span> - Logged in as <a href="<?=Constants::url_internal?>/settings"><?=$_user->getUsername()?></a> + Logged in as <a href="<?=Constants::url_internal?>/settings"><?=$_user->username?></a> (<a href="<?=Constants::url_internal?>/?logout">logout</a>) </span> <!-- /.dropdown --> |