From 4b3aceebd7fb790caf605b76838e77b5a89c5e26 Mon Sep 17 00:00:00 2001
From: Astrologies <superativeroblox@gmail.com>
Date: Wed, 22 Dec 2021 05:37:31 -0500
Subject: [PATCH] User impl

---
 globals/Dependencies/Users/User.php | 177 +---------------------------
 html/login/index.php                |   3 +-
 html/settings/changeemail.php       |   4 +-
 html/settings/changepassword.php    |   4 +-
 4 files changed, 12 insertions(+), 176 deletions(-)

diff --git a/globals/Dependencies/Users/User.php b/globals/Dependencies/Users/User.php
index f5aeb0f..690e7fc 100644
--- a/globals/Dependencies/Users/User.php
+++ b/globals/Dependencies/Users/User.php
@@ -1,161 +1,12 @@
 <?php
 
-/*
-	Alphaland 2021
-	User class
-*/
+namespace Alphaland\Users {
 
-namespace Alphaland\Users
-{
-
-    use Alphaland\Common\HashingUtiltity;
-    use Alphaland\Moderation\UserModerationManager;
-    use Alphaland\Users\Activation;
-    use Alphaland\Web\WebContextManager;
     use PDO;
 
-    class User 
+    class User
     {
-        public $id = -1;
-        public $name = "";
-        public $rank = -1; // -1 = visitor, 0 = member, 1 = mod, 2 = admin, 3 = owner
-        public $currency = -1;
-        public $sessionCookieID = 0;
-        public $logged_in = false;
-        public $twoFactorUnlocked = false;
-
-        private const SecondsInDays = 86400;
-        
-        function __construct() {
-            if(isset($_COOKIE['token'])) { 
-                $this->ValidateSession($_COOKIE['token']); 
-            }
-        }
-
-        public function GenerateSessionToken(int $len)
-        {
-            $hash = "";
-            do {
-                $hash = HashingUtiltity::GenerateByteHash($len);
-                $tokencheck = $GLOBALS['pdo']->prepare("SELECT COUNT(*) FROM sessions WHERE token = :t");
-                $tokencheck->bindParam(":t", $hash, PDO::PARAM_STR);
-                $tokencheck->execute();
-            } while ($tokencheck->fetchColumn() != 0);
-            return $hash;
-        }
-
-        public function IsOwner() {
-            if ($this->rank == 3) {
-                return true;
-            }
-            return false;
-        }
-        
-        public function IsAdmin() {
-            if($this->rank == 2 || $this->rank == 3) {
-                return true;
-            }
-            return false;
-        }
-
-        public function IsStaff() {
-            if($this->rank == 1 || $this->rank == 2 || $this->rank == 3) {
-                return true;
-            }
-            return false;
-        }
-
-        public function CreateSession(int $userid) 
-        {
-            $token = $this->GenerateSessionToken(128); //generate the auth token
-            $ip = WebContextManager::GetCurrentIPAddress();
-            $user_agent = $_SERVER['HTTP_USER_AGENT'];
-               
-            $session = $GLOBALS['pdo']->prepare("INSERT INTO sessions(token, uid, ip, whenCreated, user_agent) VALUES(:t,:u,:i,UNIX_TIMESTAMP(),:ua)");
-            $session->bindParam(":t", $token, PDO::PARAM_STR);
-            $session->bindParam(":u", $userid, PDO::PARAM_INT);
-            $session->bindParam(":i", $ip, PDO::PARAM_STR);
-            $session->bindParam(":ua", $user_agent, PDO::PARAM_STR);
-            if($session->execute()) {
-                setcookie("token", $token, time() + (86400 * 30), "/", ".alphaland.cc"); //30 day expiration on token for (hopefully) all alphaland paths 
-                $this->ValidateSession($token);
-                return true;
-            } else {
-                return false;
-            }
-        }
-
-        public function UpdateLastSeen()
-        {
-            if (!UserModerationManager::IsBanned($this->id)) {
-                $updateLastSeen = $GLOBALS['pdo']->prepare("UPDATE users SET lastseen = UNIX_TIMESTAMP() WHERE id = :id");
-                $updateLastSeen->bindParam(":id", $this->id, PDO::PARAM_INT);
-                $updateLastSeen->execute();
-                return true;
-            }
-            return false;
-        }
-
-        public function UpdateDailyTime(int $dailyTime)
-        {
-            if (Activation::IsUserActivated($this->id) && !UserModerationManager::IsBanned($this->id)) {
-                if (($dailyTime + User::SecondsInDays) < time() || $dailyTime == 0) {
-                    // it has been a day or this is their first collection.
-                    $query = $GLOBALS['pdo']->prepare("UPDATE `users` SET `dailytime` = UNIX_TIMESTAMP(), `currency` = (`currency` + 20) WHERE `id` = :id");
-                    $query->bindParam(":id", $this->id, PDO::PARAM_INT);
-                    $query->execute();
-                }
-            }
-        }
-
-        public function UpdateIpAddress()
-        {
-            $ip = WebContextManager::GetCurrentIPAddress();
-            $updateip = $GLOBALS['pdo']->prepare("UPDATE users SET ip = :ip WHERE id = :id");
-            $updateip->bindParam(":ip", $ip, PDO::PARAM_STR);
-            $updateip->bindParam(":id", $this->id, PDO::PARAM_INT);
-            $updateip->execute();
-        }
-
-        public function ValidateSession(string $token)
-        {
-            $session = $GLOBALS['pdo']->prepare("SELECT * FROM sessions WHERE token = :tk AND valid = 1");
-            $session->bindParam(":tk", $token, PDO::PARAM_STR);
-            $session->execute();
-            if($session->rowCount() > 0) 
-            {
-                $session = $session->fetch(PDO::FETCH_OBJ);
-                $userinfo = $GLOBALS['pdo']->prepare("SELECT * FROM users WHERE id = :id");
-                $userinfo->bindParam(":id", $session->uid, PDO::PARAM_INT);
-                $userinfo->execute();
-
-                if ($userinfo->rowCount() > 0) 
-                {
-                    $userinfo = $userinfo->fetch(PDO::FETCH_OBJ);
-                    
-                    //session dependent info
-                    $this->logged_in = true;
-                    $this->sessionCookieID = $session->id;
-                    $this->twoFactorUnlocked = $session->twoFactorUnlocked;
-
-                    //user dependent info
-                    $this->id = $userinfo->id;
-                    $this->name = $userinfo->username;
-                    $this->rank = $userinfo->rank;
-                    $this->currency = $userinfo->currency;
-                    $this->UpdateLastSeen();
-                    $this->UpdateIpAddress();          
-                    $this->UpdateDailyTime($userinfo->dailytime);
-
-                    return true;
-                }
-            }
-            //No valid session
-            setcookie("token", null, time(), "/", ".alphaland.cc"); //delete (all token?) cookies
-            return false;
-        }
-
-        public function ValidatePassword($userid, string $password) 
+        public static function ValidatePassword(int $userid, string $password) 
         {
             $userpassword = $GLOBALS['pdo']->prepare("SELECT pwd FROM users WHERE id = :i");
             $userpassword->bindParam(":i", $userid, PDO::PARAM_INT);
@@ -167,25 +18,5 @@ namespace Alphaland\Users
             }
             return false;
         }
-
-        public function LogoutAllSessions(int $userid) 
-        {
-            $sessions = $GLOBALS['pdo']->prepare("DELETE FROM sessions WHERE uid = :uid");
-            $sessions->bindParam(":uid", $userid, PDO::PARAM_INT);
-            $sessions->execute();
-            if ($sessions->rowCount() > 0) {
-                return true;
-            }
-            return false;
-        }
-
-        public function Logout() 
-        {
-            if($this->logged_in) {
-                $logout = $GLOBALS['pdo']->prepare("DELETE FROM sessions WHERE id = :id");
-                $logout->bindParam(":id", $this->sessionCookieID, PDO::PARAM_INT);
-                $logout->execute();
-            }
-        }
-    }	
+    }
 }
\ No newline at end of file
diff --git a/html/login/index.php b/html/login/index.php
index 834fe05..2873abe 100644
--- a/html/login/index.php
+++ b/html/login/index.php
@@ -1,5 +1,6 @@
 <?php
 
+use Alphaland\Users\User;
 use Alphaland\Web\WebContextManager;
 
 $error = "";
@@ -16,7 +17,7 @@ if(isset($_POST['lg']))
 	if(usernameExists($username)) 
 	{
 		$userID = getID($username);
-		if ($GLOBALS['user']->ValidatePassword($userID, $password))
+		if (User::ValidatePassword($userID, $password))
 		{
 			$GLOBALS['user']->CreateSession($userID);
 			
diff --git a/html/settings/changeemail.php b/html/settings/changeemail.php
index b035682..bbea46b 100644
--- a/html/settings/changeemail.php
+++ b/html/settings/changeemail.php
@@ -1,5 +1,7 @@
 <?php
 
+use Alphaland\Users\User;
+
 $alert = '';
 
 if(isset($_POST['Submit'])) 
@@ -13,7 +15,7 @@ if(isset($_POST['Submit']))
 		else
 		{
 			$password = cleanInput($_POST['password']);
-			if ($GLOBALS['user']->ValidatePassword($user->id, $password))
+			if (User::ValidatePassword($user->id, $password))
 			{
 				$changeemail = changeEmail($_POST['email']);
 				
diff --git a/html/settings/changepassword.php b/html/settings/changepassword.php
index 3b2e2be..8f5fcef 100644
--- a/html/settings/changepassword.php
+++ b/html/settings/changepassword.php
@@ -1,10 +1,12 @@
 <?php
 
+use Alphaland\Users\User;
+
 $alert = '';
 if(isset($_POST['Submit'])) 
 {
 	$currentpassword = cleanInput($_POST['curpassword']);
-	if ($GLOBALS['user']->ValidatePassword($user->id, $currentpassword) )
+	if (User::ValidatePassword($user->id, $currentpassword))
 	{
 		if ($_POST['npassword'] == $_POST['cnpassword'])
 		{