food-inventory/assets/php/utils.php

221 lines
6.0 KiB
PHP
Raw Normal View History

<?php
$SESSION_COOKIE_NAME = "connection_id";
$MAX_COOKIE_LIFE = time() + 86400 * 30; // 30 days max
2019-11-10 00:17:21 +01:00
$MINIMAL_PASSWORD_LENGTH = 8;
$config_array = json_decode(file_get_contents("config.json", true));
$dsn = $config_array->{"kind"} . ":dbname="
. $config_array->{"dbname"} . ";host=" . $config_array->{"host"};
$PDO = new PDO($dsn, $config_array->{"user"}, $config_array->{"password"});
$PDO->query('SET CHARSET UTF8');
function is_https()
{
return (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off');
}
function generate_random_string()
{
return substr(str_shuffle(MD5(microtime())), 0, 32);
}
function connect_user($user_id, $long_expiration = true)
{
global $PDO, $SESSION_COOKIE_NAME, $MAX_COOKIE_LIFE;
// Set an expiration delay for the cookie
$delay = 0;
if ($long_expiration === true) {
$delay = $MAX_COOKIE_LIFE;
}
// The session id is a 32-chars random string
$session_id = generate_random_string();
$sql = "INSERT INTO sessions(user_id, connection_eol, session_id)
VALUES (:user_id, :connection_eol, :session_id);";
$query = $PDO->prepare($sql);
$query->bindValue(":user_id", $user_id);
if ($long_expiration === true) {
$query->bindValue(
":connection_eol",
date('Y-m-d H:i:s', strtotime(
"$MAX_COOKIE_LIFE seconds",
strtotime(date("Y-m-d H:i:s"))
))
);
} else {
$query->bindValue(":connection_eol", null, PDO::PARAM_INT);
}
$query->bindValue(":session_id", $session_id);
if ($query->execute()) {
return setcookie(
$SESSION_COOKIE_NAME,
$session_id,
$delay,
$secure = true
);
}
return false;
}
function clean_old_sessions()
{
global $PDO;
$sql = "DELETE FROM sessions WHERE connection_eol > CURRENT_TIMESTAMP();";
$query = $PDO->prepare($sql);
return $query->execute();
}
function disconnect()
{
global $PDO, $SESSION_COOKIE_NAME;
if (isset($_COOKIE[$SESSION_COOKIE_NAME])) {
$sql = "DELETE FROM sessions WHERE session_id = :session_id;";
$query = $PDO->prepare($sql);
$query->bindValue(":session_id", $_COOKIE[$SESSION_COOKIE_NAME]);
$query->execute();
setcookie($SESSION_COOKIE_NAME, "", time() - 3600);
}
}
function is_connected()
{
global $PDO, $SESSION_COOKIE_NAME;
if (isset($_COOKIE[$SESSION_COOKIE_NAME])) {
if (!clean_old_sessions()) {
return false;
}
$sql = "SELECT * FROM sessions INNER JOIN accounts ON sessions.user_id = accounts.id WHERE session_id = :session_id;";
$query = $PDO->prepare($sql);
$query->bindValue(":session_id", $_COOKIE[$SESSION_COOKIE_NAME]);
if ($query->execute()) {
if ($query->rowCount() === 1) {
return true;
} else {
disconnect();
return false;
}
} else {
return false;
}
}
return false;
}
function get_username_count($email)
{
global $PDO;
$sql = "SELECT email FROM accounts WHERE email = :email;";
$query = $PDO->prepare($sql);
$query->bindValue(":email", $email);
if ($query->execute()) {
return $query->rowCount();
}
return false;
}
function correct_email_password($email, $password)
{
global $PDO;
$sql = "SELECT email, password_hash FROM accounts WHERE email = :email;";
$query = $PDO->prepare($sql);
$query->bindValue(":email", $email);
if ($query->execute()) {
foreach ($query as $row) {
return password_verify($password, $row["password_hash"]);
}
}
return false;
}
function get_user_id_from_email($email)
{
global $PDO;
$sql = "SELECT id FROM accounts WHERE email = :email;";
$query = $PDO->prepare($sql);
$query->bindValue(":email", $email);
if ($query->execute()) {
foreach ($query as $row) {
return $row["id"];
}
}
return false;
}
function get_user_info_from_session_id($session_id, $info)
{
global $PDO, $SESSION_COOKIE_NAME;
if (isset($_COOKIE[$SESSION_COOKIE_NAME])) {
$sql = "SELECT accounts.id AS id, email,
first_name, first_name,
last_name, public_id FROM accounts
INNER JOIN sessions
ON sessions.user_id = accounts.id
WHERE session_id = :session_id;";
$query = $PDO->prepare($sql);
$query->bindValue(":session_id", $session_id);
if ($query->execute())
foreach ($query as $row) {
switch ($info) {
case "id":
case "email":
case "first_name":
case "last_name":
case "public_id":
return $row[$info];
default;
break;
}
}
}
return false;
}
function add_user($email, $first_name, $last_name, $clear_password)
{
global $PDO;
$password_hash = password_hash($clear_password, PASSWORD_DEFAULT);
$sql = "INSERT INTO accounts(email, first_name, last_name, password_hash, public_id)
VALUES (:email, :first_name, :last_name, :password, :public_id);";
$query = $PDO->prepare($sql);
$query->bindValue(":email", $email);
$query->bindValue(":first_name", $first_name);
$query->bindValue(":last_name", $last_name);
$query->bindValue(":password", $password_hash);
$query->bindValue(":public_id", generate_random_string());
return $query->execute();
}
function change_user_password($user_id, $new_clear_password)
{
global $PDO;
$password_hash = password_hash($new_clear_password, PASSWORD_DEFAULT);
$sql = "UPDATE accounts SET password_hash = :password_hash WHERE accounts.id = :id";
$query = $PDO->prepare($sql);
$query->bindValue(":password_hash", $password_hash);
$query->bindValue(":id", $user_id, PDO::PARAM_INT);
return $query->execute();
}