2022-01-23 21:56:36 +00:00
|
|
|
<?php
|
|
|
|
|
|
2022-03-02 06:15:12 +00:00
|
|
|
namespace App\Core;
|
|
|
|
|
|
|
|
|
|
use \Exception;
|
|
|
|
|
use \PDO;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Represents the current user session
|
|
|
|
|
*/
|
2022-01-25 16:50:32 +00:00
|
|
|
class User
|
2022-01-23 21:56:36 +00:00
|
|
|
{
|
2022-02-28 03:14:53 +00:00
|
|
|
private const SESSION_KEY = 'UserClass';
|
2022-02-23 15:45:12 +00:00
|
|
|
private Session $session;
|
2022-02-02 11:47:06 +00:00
|
|
|
private Database $database;
|
2022-01-23 21:56:36 +00:00
|
|
|
|
2022-03-03 04:11:14 +00:00
|
|
|
// always initialized
|
2022-04-14 20:59:42 +00:00
|
|
|
public bool $logged_in;
|
2022-02-27 08:05:48 +00:00
|
|
|
|
2022-03-03 04:11:14 +00:00
|
|
|
// initialized only if logged in
|
2022-02-27 08:05:48 +00:00
|
|
|
public string $username;
|
2022-02-23 15:45:12 +00:00
|
|
|
public string $password;
|
2022-04-14 20:59:42 +00:00
|
|
|
public int $power_level;
|
2022-01-23 21:56:36 +00:00
|
|
|
|
2022-02-02 11:47:06 +00:00
|
|
|
public function __construct(Session $session, Database $database)
|
2022-01-23 21:56:36 +00:00
|
|
|
{
|
2022-02-23 15:45:12 +00:00
|
|
|
$this->session = $session;
|
2022-02-02 11:47:06 +00:00
|
|
|
$this->database = $database;
|
2022-01-23 21:56:36 +00:00
|
|
|
|
2022-02-28 03:14:53 +00:00
|
|
|
$user = $this->session->get(self::SESSION_KEY);
|
2022-02-27 08:05:48 +00:00
|
|
|
|
2022-03-03 04:11:14 +00:00
|
|
|
// check if user session has been set
|
2022-02-27 08:05:48 +00:00
|
|
|
if (!$user)
|
2022-02-23 15:45:12 +00:00
|
|
|
{
|
2022-04-14 20:59:42 +00:00
|
|
|
$this->logged_in = FALSE;
|
2022-02-27 08:05:48 +00:00
|
|
|
return;
|
2022-02-23 15:45:12 +00:00
|
|
|
}
|
2022-01-25 16:50:32 +00:00
|
|
|
|
2022-03-03 04:11:14 +00:00
|
|
|
// check if username and password match
|
2022-02-27 08:05:48 +00:00
|
|
|
if (!$this->authenticate($user['username'], $user['password']))
|
2022-01-26 19:28:00 +00:00
|
|
|
{
|
2022-04-14 20:59:42 +00:00
|
|
|
$this->logged_in = FALSE;
|
2022-01-26 19:28:00 +00:00
|
|
|
$this->logout();
|
2022-02-27 08:05:48 +00:00
|
|
|
$this->session->flash('Kontodetaljer er blitt endret, vennligst logg inn igjen', 'warning');
|
|
|
|
|
return;
|
2022-01-25 16:50:32 +00:00
|
|
|
}
|
2022-02-02 11:47:06 +00:00
|
|
|
|
2022-03-03 04:11:14 +00:00
|
|
|
// all is good, we should be logged in now! (hopefully)
|
2022-04-14 20:59:42 +00:00
|
|
|
$this->logged_in = TRUE;
|
|
|
|
|
$this->username = $user['username'];
|
|
|
|
|
$this->password = $user['password'];
|
|
|
|
|
$this->power_level = $this->getPowerLevel();
|
2022-02-28 03:14:53 +00:00
|
|
|
}
|
2022-02-02 11:47:06 +00:00
|
|
|
|
2022-03-03 04:11:14 +00:00
|
|
|
/**
|
|
|
|
|
* Get current user power level
|
|
|
|
|
*/
|
2022-02-28 03:14:53 +00:00
|
|
|
private function getPowerLevel(): int
|
|
|
|
|
{
|
2022-04-14 20:59:42 +00:00
|
|
|
if (!$this->logged_in)
|
2022-02-28 03:14:53 +00:00
|
|
|
{
|
|
|
|
|
throw new Exception("Can't get power level without being logged in!");
|
|
|
|
|
}
|
2022-02-27 08:05:48 +00:00
|
|
|
$sth = $this->database->conn->prepare(
|
2022-05-08 20:00:11 +00:00
|
|
|
'SELECT Nivå FROM brukertabell WHERE Brukernavn = ? AND Passord = ?'
|
2022-02-27 08:05:48 +00:00
|
|
|
);
|
|
|
|
|
$sth->execute([$this->username, $this->password]);
|
|
|
|
|
$row = $sth->fetch(PDO::FETCH_ASSOC);
|
2022-02-28 03:14:53 +00:00
|
|
|
return $row['Nivå'];
|
2022-02-23 15:45:12 +00:00
|
|
|
}
|
2022-01-25 16:50:32 +00:00
|
|
|
|
2022-03-03 04:11:14 +00:00
|
|
|
/**
|
|
|
|
|
* Set session if username and password match
|
|
|
|
|
*/
|
2022-01-23 21:56:36 +00:00
|
|
|
public function login(string $username, string $password): bool
|
|
|
|
|
{
|
2022-01-25 16:50:32 +00:00
|
|
|
if ($this->authenticate($username, $password))
|
2022-01-23 21:56:36 +00:00
|
|
|
{
|
2022-02-28 03:14:53 +00:00
|
|
|
$this->session->set(self::SESSION_KEY, [
|
2022-02-23 15:45:12 +00:00
|
|
|
'username' => $username,
|
|
|
|
|
'password' => $password
|
|
|
|
|
]);
|
2022-01-25 16:50:32 +00:00
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-03 04:11:14 +00:00
|
|
|
/**
|
|
|
|
|
* Check if username and password match database
|
|
|
|
|
*/
|
2022-01-25 16:50:32 +00:00
|
|
|
private function authenticate(string $username, string $password): bool
|
|
|
|
|
{
|
2022-02-23 15:45:12 +00:00
|
|
|
$sth = $this->database->conn->prepare(
|
2022-05-08 20:00:11 +00:00
|
|
|
'SELECT * FROM brukertabell WHERE Brukernavn = ? AND Passord = ?'
|
2022-02-23 15:45:12 +00:00
|
|
|
);
|
2022-02-02 11:47:06 +00:00
|
|
|
$sth->execute([$username, $password]);
|
|
|
|
|
if ($sth->rowCount())
|
2022-01-25 16:50:32 +00:00
|
|
|
{
|
2022-05-30 17:43:00 +00:00
|
|
|
$row = $sth->fetch(PDO::FETCH_ASSOC);
|
|
|
|
|
if (
|
|
|
|
|
$row['Brukernavn'] === $username &&
|
|
|
|
|
$row['Passord'] === $password
|
|
|
|
|
)
|
|
|
|
|
{
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
2022-01-23 21:56:36 +00:00
|
|
|
}
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
2022-01-25 16:50:32 +00:00
|
|
|
|
|
|
|
|
public function logout(): void
|
|
|
|
|
{
|
2022-02-28 03:14:53 +00:00
|
|
|
$this->session->remove(self::SESSION_KEY);
|
2022-01-25 16:50:32 +00:00
|
|
|
}
|
2022-01-23 21:56:36 +00:00
|
|
|
}
|
