Current Path : /data/web/virtuals/51568/virtual/www/class/ |
Current File : /data/web/virtuals/51568/virtual/www/class/account.class.php |
<?php require_once "pdoDB.class.php"; $pdo = new pdoDB(); class Account { private $id; private $name; private $longname; private $authenticated; public function __construct() { $this->id = NULL; $this->name = NULL; $this->longname = NULL; $this->authenticated = FALSE; } public function __destruct() { // } public function getID() { return $this->id; } public function getName() { return $this->name; } public function getLongname() { return $this->longname; } public function addAccount($name, $longname, $email) { global $pdo; $name = trim($name); $longname = trim($longname); if (!$this->isNameValid($name)) { throw new Exception('Chybné uživatelské jméno.'); } if (!is_null($this->getIdFromName($name))) { throw new Exception('Uživatelské jméno již existuje.'); } $datetime = new DateTime(); $ted = $datetime->format('Y-m-d h:i:s'); $pdo->execute("INSERT INTO accounts (name, longname, email, enabled, registr_time) VALUES (:name, :longname, :email, :enabled, :registr_time)", array(':name' => $name, ':longname' => $longname, ':email' => $email, ':enabled' => '1', ':registr_time' => $ted)); return $pdo->posledniID(); } public function isNameValid($name) { $valid = TRUE; $len = mb_strlen($name); if (($len < 4) || ($len > 16)) { $valid = FALSE; } return $valid; } public function isPasswdValid($passwd) { $errors = array(); if (strlen($passwd) < 8 || strlen($passwd) > 16) { $errors[] = 'Heslo by mělo mít 8 až 16 znaků.'; } if (!preg_match("/\d/", $passwd)) { $errors[] = 'Heslo by mělo obsahovat alespoň jednu číslici.'; } if (!preg_match("/[A-Z]/", $passwd)) { $errors[] = 'Heslo by mělo obsahovat alespoň jedno velké písmeno.'; } if (!preg_match("/[a-z]/", $passwd)) { $errors[] = 'Heslo by mělo obsahovat alespoň jedno malé písmeno.'; } /* if (!preg_match("/\W/", $pass)) { $errors[] = "Password should contain at least one special character"; } */ if (preg_match("/\s/", $passwd)) { $errors[] = 'Heslo by nemělo obsahovat mezery.'; } if ($errors) { $exception = ''; foreach ($errors as $error) { $exception .= $error . "<br>"; } throw new Exception($exception); } return True; } public function getIdFromName($name) { if (!$this->isNameValid($name)) { throw new Exception('Chybné uživatelské jméno.'); } $id = NULL; global $pdo; $row = $pdo->queryOne("SELECT id FROM accounts WHERE (name = :name)", array(':name' => $name)); if ($row) { $id = intval($row->id, 10); } return $id; } public function deleteAccount($id) { global $pdo; $pdo->execute("DELETE FROM accounts WHERE id = :id", array(':id' => $id)); } public function login($name, $passwd, $rememberme = '0') { global $pdo; $name = trim($name); $passwd = trim($passwd); if (!$this->isNameValid($name)) { throw new Exception('Chybné jméno.'); } if (!$this->isPasswdValid($passwd)) { throw new Exception('Chybně zadané heslo.'); } $row = $pdo->queryOne("SELECT * FROM accounts WHERE (name = :name) ", array(':name' => $name)); if ($row) { if (trim($row->enabled) == '0') { throw new Exception('Účet není povolen.'); } if (password_verify($passwd, $row->passwd)) { $this->id = intval($row->id, 10); $this->name = $name; $this->longname = $row->longname; $this->authenticated = TRUE; $this->registerLoginSession(); $_SESSION["user_id"] = $this->id; $_SESSION["user_name"] = $this->name; $_SESSION["user_longname"] = $this->longname; if ($rememberme == '1'){ setcookie ("username",$name, time() + 3600 * 24 * 30, "/"); setcookie ("password",$passwd, time()+ 3600 * 24 * 30, "/"); } else { setcookie("username","", time() - 3600, "/"); setcookie("password","", time() - 3600, "/"); } $pdo->execute("INSERT INTO `accounts_loged`(`idaccount`, `time`) VALUES (:idaccount, NOW())", array(':idaccount' => $this->id)); return TRUE; } } else { throw new Exception('Chybná kombinace jména a hesla.'); } // return FALSE; } private function registerLoginSession() { global $pdo; if (session_status() == PHP_SESSION_ACTIVE) { $pdo->execute("REPLACE INTO accounts_sessions (session_id, account_id, login_time) VALUES (:sid, :account_id, NOW())", array(':sid' => session_id(), ':account_id' => $this->id)); } } public function logout() { global $pdo; if (is_null($this->id)) { return; } $this->id = NULL; $this->name = NULL; $this->longname = NULL; $this->authenticated = FALSE; if (session_status() == PHP_SESSION_ACTIVE) { $pdo->execute("DELETE FROM accounts_sessions WHERE (session_id = :sid)", array(':sid' => session_id())); } unset($_SESSION["user_id"]); unset($_SESSION["user_name"]); session_regenerate_id(); setcookie("username","", time() - 3600, "/"); setcookie("password","", time() - 3600, "/"); } public function isAuthenticated() { return $this->authenticated; } public function closeOtherSessions() { global $pdo; if (is_null($this->id)) { return; } if (session_status() == PHP_SESSION_ACTIVE) { $pdo->execute("DELETE FROM accounts_sessions WHERE (session_id != :sid) AND (account_id = :account_id)", array(':sid' => session_id(), ':account_id' => $this->id)); } } public function changePassword($oldPassword, $newPassword) { global $pdo; $oldPassword = trim($oldPassword); $newPassword = trim($newPassword); if (!$this->authenticated) { throw new Exception('Uživatel není přihlášen.'); } $row = $pdo->queryOne("select passwd FROM accounts WHERE (id = :id)", array(':id' => $this->id)); if (!password_verify($oldPassword, $row->passwd)) { throw new Exception('Staré heslo nesouhlasí.'); } if (!$this->isPasswdValid($newPassword)) { return FALSE; } $hash = password_hash($newPassword, PASSWORD_DEFAULT); $pdo->execute("UPDATE accounts SET passwd = :passwd WHERE id = :id", array(':passwd' => $hash, ':id' => $this->id)); return TRUE; } public function changePasswordEmail($id, $newPassword) { global $pdo; $newPassword = trim($newPassword); $row = $pdo->queryOne("select passwd FROM accounts WHERE (id = :id)", array(':id' => $id)); if (!$this->isPasswdValid($newPassword)) { return FALSE; } $hash = password_hash($newPassword, PASSWORD_DEFAULT); $pdo->execute("UPDATE accounts SET passwd = :passwd WHERE id = :id", array(':passwd' => $hash, ':id' => $id)); $pdo->execute("DELETE FROM `accounts_verify` WHERE accounts_id = :id", array(':id' => $id)); return TRUE; } public function overPrava($oprid){ global $pdo; $dotaz = "SELECT `id`, stav FROM `opr_accounts` WHERE (`account_id` = :account_id) and (`opravneni_id` = :opravneni_id)"; /* echo $pdo->poskladejSQL($dotaz, array(':account_id' => $this->id, ':opravneni_id' => $oprid)); */ $row = $pdo->queryOne($dotaz, array(':account_id' => $this->id, ':opravneni_id' => $oprid)); if ($row){ return $row->stav > '0'; } else {return false;} } } ?>