<?php namespace App\Core; use \Exception; use \PDO; /** * Represents the current user session */ class User { private const SESSION_KEY = 'UserClass'; private Session $session; private Database $database; // always initialized public bool $loggedIn; // initialized only if logged in public string $username; public string $password; public int $powerLevel; public function __construct(Session $session, Database $database) { $this->session = $session; $this->database = $database; $user = $this->session->get(self::SESSION_KEY); // check if user session has been set if (!$user) { $this->loggedIn = FALSE; return; } // check if username and password match if (!$this->authenticate($user['username'], $user['password'])) { $this->loggedIn = FALSE; $this->logout(); $this->session->flash('Kontodetaljer er blitt endret, vennligst logg inn igjen', 'warning'); return; } // all is good, we should be logged in now! (hopefully) $this->loggedIn = TRUE; $this->username = $user['username']; $this->password = $user['password']; $this->powerLevel = $this->getPowerLevel(); } /** * Get current user power level */ private function getPowerLevel(): int { if (!$this->loggedIn) { throw new Exception("Can't get power level without being logged in!"); } $sth = $this->database->conn->prepare( 'SELECT Nivå FROM brukertabell WHERE Navn = ? AND Passord = ?' ); $sth->execute([$this->username, $this->password]); $row = $sth->fetch(PDO::FETCH_ASSOC); return $row['Nivå']; } /** * Set session if username and password match */ public function login(string $username, string $password): bool { if ($this->authenticate($username, $password)) { $this->session->set(self::SESSION_KEY, [ 'username' => $username, 'password' => $password ]); return TRUE; } return FALSE; } /** * Check if username and password match database */ private function authenticate(string $username, string $password): bool { $sth = $this->database->conn->prepare( 'SELECT * FROM brukertabell WHERE Navn = ? AND Passord = ?' ); $sth->execute([$username, $password]); if ($sth->rowCount()) { return TRUE; } return FALSE; } public function logout(): void { $this->session->remove(self::SESSION_KEY); } }