id = $id; $this->username = $username; $this->status = $status; $this->email = $email; $this->image = $image; $this->isAdmin = $isAdmin; $this->memberSince = new DateTime($timestamp); } /* * Statics */ public static function getByID(int $id): User { $db = Database::getInstance(); $stmt = $db->prepare( "SELECT benutzer, status, email, image, isadmin, zeitstempel FROM egb_benutzer WHERE id = :ID" ); $stmt->bindValue(":ID", $id); $stmt->execute(); $data = $stmt->fetch(); if (!$data) throw new Exception("NotFound"); return new User($id, $data["benutzer"], $data["status"], $data["email"], $data["zeitstempel"], $data["image"], $data["isadmin"] === 1); } public static function getByEmail(string $email): User { $db = Database::getInstance(); $stmt = $db->prepare( "SELECT id, benutzer, status, image, isadmin, zeitstempel FROM egb_benutzer WHERE email = :EMAIL" ); $stmt->bindValue(":EMAIL", $email); $stmt->execute(); $data = $stmt->fetch(); if (!$data) throw new Exception("NotFound"); return new User($data["id"], $data["benutzer"], $data["status"], $email, $data["zeitstempel"], $data["image"], $data["isadmin"] === 1); } public static function getByToken(string $token): User { $db = Database::getInstance(); $stmt = $db->prepare( "SELECT id, benutzer, status, email, image, isadmin, zeitstempel FROM egb_benutzer WHERE token = :TOKEN" ); $stmt->bindValue(":TOKEN", $token); $stmt->execute(); $data = $stmt->fetch(); if (!$data) throw new Exception("NotFound"); return new User($data["id"], $data["benutzer"], $data["status"], $data["email"], $data["zeitstempel"], $data["image"], $data["isadmin"] === 1); } public static function logIn(string $email, string $password): array { $db = Database::getInstance(); // Get user data $stmt = $db->prepare("SELECT * FROM egb_benutzer WHERE email LIKE :EMAIL AND status = 1"); $stmt->bindValue(":EMAIL", $email); $stmt->execute(); $data = $stmt->fetch(); if ($data) { $user = new User($data["id"], $data["benutzer"], $data["status"], $email, $data["zeitstempel"], $data["image"], $data["isadmin"] === 1); if (password_verify($password, $data["passwort"])) { // REHASH for safety should it somehow change if (password_needs_rehash($data["passwort"], PASSWORD_DEFAULT)) { $newHash = password_hash($password, PASSWORD_DEFAULT); $stmt = $db->prepare("UPDATE egb_benutzer SET passwort = :PAS WHERE id = :ID"); $stmt->bindValue(":PAS", $newHash); $stmt->bindValue(":ID", $user->getID()); $stmt->execute(); } // Generate token $stmt = $db->prepare("UPDATE egb_benutzer SET token = UUID() WHERE id = :ID"); $stmt->bindValue(":ID", $user->getID()); $stmt->execute(); // Get token $stmt = $db->prepare("SELECT token FROM egb_benutzer WHERE id = :ID"); $stmt->bindValue(":ID", $user->getID()); $stmt->execute(); $token = $stmt->fetch(PDO::FETCH_COLUMN, 0); // Return user and token if ($token) { return ["user" => $user, "token" => $token]; } // Token generation failed throw new Exception("Failed"); } else { // PW wrong throw new Exception("Invalid"); } } else { // User does not exist throw new Exception("NotFound"); } } /* * Members */ public function logOut(): bool { $db = Database::getInstance(); $stmt = $db->prepare("UPDATE egb_benutzer SET token = NULL WHERE id = :ID"); $stmt->bindValue(":ID", $this->id); return $stmt->execute(); } public function update(?string $username, ?string $password, $image = null) { $db = Database::getInstance(); $error = false; if (!empty($username)) { $stmt = $db->prepare("UPDATE egb_benutzer SET benutzer = :USR WHERE id = :ID"); $stmt->bindValue(":USR", $username); $stmt->bindValue(":ID", $this->id); $error = !$stmt->execute(); } if ($error) throw new Exception("FailedUsername"); if (!empty($password)) { $stmt = $db->prepare("UPDATE egb_benutzer SET passwort = :PAS WHERE id = :ID"); $stmt->bindValue(":PAS", password_hash($password, PASSWORD_DEFAULT)); $stmt->bindValue(":ID", $this->id); $error = !$stmt->execute(); } if ($error) throw new Exception("FailedPassword"); if (!empty($image)) { $destinationFilename = sprintf('%s.%s', uniqid(), $image->getExtension()); $image->move(Config::getStoragePath() . "profilbilder/$destinationFilename"); $stmt = $db->prepare("UPDATE egb_benutzer SET image = :IMG WHERE id = :ID"); $stmt->bindValue(":IMG", $destinationFilename); $stmt->bindValue(":ID", $this->id); $error = !$stmt->execute(); } if ($error) throw new Exception("FailedImage"); return true; } public function delete() { $db = Database::getInstance(); $stmt = $db->prepare("DELETE FROM egb_benutzer WHERE id = :ID"); $stmt->bindValue(":ID", $this->id); return $stmt->execute(); } /* * Getters */ public function getID(): int { return $this->id; } public function getUsername(): string { return $this->username; } public function getStatus(): int { return $this->status; } public function getEmail(): string { return $this->email; } public function getImage(): ?string { return $this->image; } public function getIsAdmin(): bool { return $this->isAdmin; } public function getMemberSince(): DateTime { return $this->memberSince; } /* * JSON */ public function jsonSerialize(): array { return [ 'id' => $this->getId(), 'username' => $this->getUsername(), 'status' => $this->getStatus(), 'email' => $this->getEmail(), 'image' => $this->getImage(), 'isAdmin' => $this->getIsAdmin(), 'memberSince' => $this->getMemberSince(), ]; } }