61 lines
1.7 KiB
PHP
61 lines
1.7 KiB
PHP
<?php
|
|
|
|
require_once("Database.class.php");
|
|
|
|
class User
|
|
{
|
|
private $user_id = null;
|
|
|
|
public function __construct($user_id)
|
|
{
|
|
$this->user_id = $user_id;
|
|
}
|
|
|
|
public function id() {
|
|
return $this->user_id;
|
|
}
|
|
|
|
public static function authenticate($username, $password)
|
|
{
|
|
$escaped_username = Database::escape_string($username);
|
|
$query = "SELECT `password`, `user_id` FROM `users` WHERE username='$escaped_username';";
|
|
$result = Database::execute_query($query);
|
|
|
|
if ($result->num_rows == 1)
|
|
{
|
|
$user = $result->fetch_assoc();
|
|
if (password_verify($password, $user["password"]))
|
|
{
|
|
return new self($user["user_id"]);
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
public static function register($username, $password, $admin=false)
|
|
{
|
|
$escaped_username = Database::escape_string($username);
|
|
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
|
|
$admin_status = (int)$admin;
|
|
|
|
if (!password_verify($password, $hashed_password))
|
|
{
|
|
die("Something went wrong trying to hash the password...");
|
|
}
|
|
|
|
$query = "INSERT INTO `users` (`email`, `password`, `is_admin`) VALUES ('$escaped_username', '$hashed_password', $admin_status);";
|
|
|
|
if (!Database::execute_query($query)) {
|
|
return false;
|
|
}
|
|
|
|
$id_query = "SELECT `user_id` FROM `users` WHERE `email` = '$escaped_username';";
|
|
$id_result = Database::execute_query($id_query);
|
|
|
|
if ($id_result->num_rows == 1) {
|
|
return new self($id_result->fetch_assoc()["user_id"]);
|
|
}
|
|
return false;
|
|
}
|
|
} |