Your IP : 3.14.249.184

Current Path : /data/web/virtuals/51568/virtual/www/class/
Upload File :
Current File : /data/web/virtuals/51568/virtual/www/class/account.class.php

<?php

  require_once "pdoDB.class.php";
  $pdo = new pdoDB();
  
class Account
{  
	private $id;
	private $name;
    private $longname;
	private $authenticated;
  
	public function __construct()
	{
		$this->id = NULL;
		$this->name = NULL;
        $this->longname = NULL;
		$this->authenticated = FALSE;
	}

	public function __destruct()
	{
	//	
	}
   
   public function getID()
   {
     return $this->id;
   }
   
   public function getName()
   {
     return $this->name;
   }
  
   public function getLongname()
   {
     return $this->longname;
   }
  
   public function addAccount($name, $longname, $email) 
   {
    global $pdo; 
  	$name = trim($name);
    $longname = trim($longname);
  	
  	if (!$this->isNameValid($name))
  	{
  		throw new Exception('Chybné uživatelské jméno.');
  	}
  	
  	if (!is_null($this->getIdFromName($name)))
  	{
  		throw new Exception('Uživatelské jméno již existuje.');
  	}
    $datetime = new DateTime();
    $ted = $datetime->format('Y-m-d h:i:s');
  	$pdo->execute("INSERT INTO accounts (name, longname, email, enabled, registr_time) VALUES (:name, :longname, :email, :enabled, :registr_time)", 
                   array(':name' => $name, ':longname' => $longname, ':email' => $email, ':enabled' => '1', ':registr_time' => $ted)); 
    return $pdo->posledniID();
  }
  
  public function isNameValid($name) 
  {
  	$valid = TRUE;
  	$len = mb_strlen($name);  	
  	if (($len < 4) || ($len > 16))
  	{
  		$valid = FALSE;
  	} 	
  	return $valid;
  }  

  public function isPasswdValid($passwd)
  {

  $errors = array();
  if (strlen($passwd) < 8 || strlen($passwd) > 16) {
    $errors[] = 'Heslo by mělo mít 8 až 16 znaků.'; 
  }
  if (!preg_match("/\d/", $passwd)) {
     $errors[] = 'Heslo by mělo obsahovat alespoň jednu číslici.'; 
  }
  if (!preg_match("/[A-Z]/", $passwd)) {
    $errors[] = 'Heslo by mělo obsahovat alespoň jedno velké písmeno.'; 
  }
  if (!preg_match("/[a-z]/", $passwd)) {
     $errors[] = 'Heslo by mělo obsahovat alespoň jedno malé písmeno.'; 
  }
  /*
  if (!preg_match("/\W/", $pass)) {
      $errors[] = "Password should contain at least one special character";
  }
  */
  if (preg_match("/\s/", $passwd)) {
     $errors[] = 'Heslo by nemělo obsahovat mezery.'; 
  }
  
  if ($errors) {
    $exception = '';
    foreach ($errors as $error) {
        $exception .= $error . "<br>";
    }
    throw new Exception($exception);
  }
  
  return True;
  }  
  
  public function getIdFromName($name)
  {
  	if (!$this->isNameValid($name))
  	{
  		throw new Exception('Chybné uživatelské jméno.');
  	}
  	
  	$id = NULL;
    global $pdo;
  	$row = $pdo->queryOne("SELECT id FROM accounts WHERE (name = :name)", 
                   array(':name' => $name));   
  	if ($row)
  	{
  		$id = intval($row->id, 10);
  	} 	
  	return $id;
  }  
  
   public function deleteAccount($id)
  { 	
    global $pdo;
  	$pdo->execute("DELETE FROM accounts WHERE id = :id", array(':id' => $id));

  }
  
   public function login($name, $passwd, $rememberme = '0')
   {
  	global $pdo;
  	$name = trim($name);
  	$passwd = trim($passwd);
  	if (!$this->isNameValid($name))
  	{
  		throw new Exception('Chybné jméno.');
  	}
  	if (!$this->isPasswdValid($passwd))
  	{
  		throw new Exception('Chybně zadané heslo.');
  	}
    $row = $pdo->queryOne("SELECT * FROM accounts WHERE (name = :name) ", array(':name' => $name)); 
  	if ($row)
  	{
      if (trim($row->enabled) == '0')
    	{
    		throw new Exception('Účet není povolen.');
    	}
  		if (password_verify($passwd, $row->passwd))
  		{
  			$this->id = intval($row->id, 10);
  			$this->name = $name;
        $this->longname = $row->longname;
  			$this->authenticated = TRUE;
  			$this->registerLoginSession();
        $_SESSION["user_id"] = $this->id;
        $_SESSION["user_name"] = $this->name;
        $_SESSION["user_longname"] = $this->longname;   
        if ($rememberme == '1'){
          	setcookie ("username",$name, time() + 3600 * 24 * 30, "/");
          	setcookie ("password",$passwd, time()+ 3600 * 24 * 30, "/");
          } else {
          	setcookie("username","", time() - 3600, "/");
          	setcookie("password","",  time() - 3600, "/");
          } 
        $pdo->execute("INSERT INTO `accounts_loged`(`idaccount`, `time`) VALUES (:idaccount, NOW())", array(':idaccount' => $this->id));  
  		return TRUE;
  		}
  	} else {
     throw new Exception('Chybná kombinace jména a hesla.');
    }
  //	return FALSE;
   } 
 
   private function registerLoginSession()
   {
  	global $pdo;
  	if (session_status() == PHP_SESSION_ACTIVE)
  	{
      $pdo->execute("REPLACE INTO accounts_sessions (session_id, account_id, login_time) VALUES (:sid, :account_id, NOW())", 
                    array(':sid' => session_id(), ':account_id' => $this->id));
  	}
   }
  
   public function logout()
   {
  	global $pdo;	
  	if (is_null($this->id))
  	{
  		return;
  	}
  	$this->id = NULL;
  	$this->name = NULL;
    $this->longname = NULL;
  	$this->authenticated = FALSE;
  	if (session_status() == PHP_SESSION_ACTIVE)
  	{
       $pdo->execute("DELETE FROM accounts_sessions WHERE (session_id = :sid)", 
                      array(':sid' => session_id()));
  	}
     unset($_SESSION["user_id"]);
     unset($_SESSION["user_name"]);
     session_regenerate_id();
     
     setcookie("username","", time() - 3600, "/");
     setcookie("password","",  time() - 3600, "/");
     
   } 
 
   public function isAuthenticated()
   {
  	return $this->authenticated;
   }
   
   public function closeOtherSessions()
  {
  	global $pdo;
  	if (is_null($this->id))
  	{
  		return;
  	}
  	if (session_status() == PHP_SESSION_ACTIVE)
  	{
       $pdo->execute("DELETE FROM accounts_sessions WHERE (session_id != :sid) AND (account_id = :account_id)", 
                      array(':sid' => session_id(), ':account_id' => $this->id));
    }
  }
  
  public function changePassword($oldPassword, $newPassword)
  {
    global $pdo;
  	$oldPassword = trim($oldPassword);
  	$newPassword = trim($newPassword);
  	if (!$this->authenticated)
  	{
  		throw new Exception('Uživatel není přihlášen.');
  	}
    $row = $pdo->queryOne("select passwd FROM accounts WHERE (id = :id)", array(':id' => $this->id));
    if (!password_verify($oldPassword, $row->passwd))
    {
  		throw new Exception('Staré heslo nesouhlasí.');
  	}
   	if (!$this->isPasswdValid($newPassword))
  	{
  		return FALSE;
  	}
    $hash = password_hash($newPassword, PASSWORD_DEFAULT);
    $pdo->execute("UPDATE accounts SET passwd = :passwd WHERE id = :id", 
                      array(':passwd' => $hash, ':id' => $this->id));
    return TRUE;
  }

  public function changePasswordEmail($id, $newPassword)
  {
    global $pdo;
  	$newPassword = trim($newPassword);
    $row = $pdo->queryOne("select passwd FROM accounts WHERE (id = :id)", array(':id' => $id));
   	if (!$this->isPasswdValid($newPassword))
  	{
  		return FALSE;
  	}
    $hash = password_hash($newPassword, PASSWORD_DEFAULT);
    $pdo->execute("UPDATE accounts SET passwd = :passwd WHERE id = :id", 
                      array(':passwd' => $hash, ':id' => $id));
    $pdo->execute("DELETE FROM `accounts_verify` WHERE accounts_id = :id", array(':id' => $id));      
    return TRUE;
  }
  
  public function overPrava($oprid){
    global $pdo;
    $dotaz =  "SELECT `id`, stav FROM `opr_accounts` WHERE (`account_id` = :account_id) and (`opravneni_id` = :opravneni_id)";
    
   /* echo $pdo->poskladejSQL($dotaz, array(':account_id' => $this->id, ':opravneni_id' => $oprid));  */
        
     $row = $pdo->queryOne($dotaz, array(':account_id' => $this->id, ':opravneni_id' => $oprid));
     if ($row){
        return $row->stav > '0';        
     } else {return false;}
      
  }
 }
?>