food-inventory/assets/php/utils.php

<?php

$SESSION_COOKIE_NAME = "connection_id";
$MAX_COOKIE_LIFE = time() + 86400 * 30; // 30 days max
$MINIMAL_PASSWORD_LENGTH = 8;

$config_array = json_decode(file_get_contents("config.json", true));

$dsn = $config_array->{"kind"} . ":dbname="
    . $config_array->{"dbname"} . ";host=" . $config_array->{"host"};
$PDO = new PDO($dsn, $config_array->{"user"}, $config_array->{"password"});
$PDO->query('SET CHARSET UTF8');

function is_https()
{
    return (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off');
}

function generate_random_string()
{
    return substr(str_shuffle(MD5(microtime())), 0, 32);
}

function connect_user($user_id, $long_expiration = true)
{
    global $PDO, $SESSION_COOKIE_NAME, $MAX_COOKIE_LIFE;

    // Set an expiration delay for the cookie
    $delay = 0;
    if ($long_expiration === true) {
        $delay = $MAX_COOKIE_LIFE;
    }

    // The session id is a 32-chars random string
    $session_id = generate_random_string();

    $sql = "INSERT INTO sessions(user_id, connection_eol, session_id) 
        VALUES (:user_id, :connection_eol, :session_id);";
    $query = $PDO->prepare($sql);

    $query->bindValue(":user_id", $user_id);
    if ($long_expiration === true) {
        $query->bindValue(
            ":connection_eol",
            date('Y-m-d H:i:s', strtotime(
                "$MAX_COOKIE_LIFE seconds",
                strtotime(date("Y-m-d H:i:s"))
            ))
        );
    } else {
        $query->bindValue(":connection_eol", null, PDO::PARAM_INT);
    }
    $query->bindValue(":session_id", $session_id);

    if ($query->execute()) {
        return setcookie(
            $SESSION_COOKIE_NAME,
            $session_id,
            $delay,
            $secure = true
        );
    }
    return false;
}

function clean_old_sessions()
{
    global $PDO;

    $sql = "DELETE FROM sessions WHERE connection_eol > CURRENT_TIMESTAMP();";
    $query = $PDO->prepare($sql);
    return $query->execute();
}

function disconnect()
{
    global $PDO, $SESSION_COOKIE_NAME;

    if (isset($_COOKIE[$SESSION_COOKIE_NAME])) {
        $sql = "DELETE FROM sessions WHERE session_id = :session_id;";
        $query = $PDO->prepare($sql);
        $query->bindValue(":session_id", $_COOKIE[$SESSION_COOKIE_NAME]);
        $query->execute();
        setcookie($SESSION_COOKIE_NAME, "", time() - 3600);
    }
}

function is_connected()
{
    global $PDO, $SESSION_COOKIE_NAME;

    if (isset($_COOKIE[$SESSION_COOKIE_NAME])) {
        if (!clean_old_sessions()) {
            return false;
        }

        $sql = "SELECT * FROM sessions INNER JOIN accounts ON sessions.user_id = accounts.id WHERE session_id = :session_id;";
        $query = $PDO->prepare($sql);

        $query->bindValue(":session_id", $_COOKIE[$SESSION_COOKIE_NAME]);
        if ($query->execute()) {
            if ($query->rowCount() === 1) {
                return true;
            } else {
                disconnect();
                return false;
            }
        } else {
            return false;
        }
    }
    return false;
}

function get_username_count($email)
{
    global $PDO;

    $sql = "SELECT email FROM accounts WHERE email = :email;";
    $query = $PDO->prepare($sql);
    $query->bindValue(":email", $email);

    if ($query->execute()) {
        return $query->rowCount();
    }
    return false;
}

function correct_email_password($email, $password)
{
    global $PDO;

    $sql = "SELECT email, password_hash FROM accounts WHERE email = :email;";
    $query = $PDO->prepare($sql);
    $query->bindValue(":email", $email);

    if ($query->execute()) {
        foreach ($query as $row) {
            return password_verify($password, $row["password_hash"]);
        }
    }
    return false;
}

function get_user_id_from_email($email)
{
    global $PDO;

    $sql = "SELECT id FROM accounts WHERE email = :email;";
    $query = $PDO->prepare($sql);
    $query->bindValue(":email", $email);

    if ($query->execute()) {
        foreach ($query as $row) {
            return $row["id"];
        }
    }
    return false;
}

function get_user_info_from_session_id($session_id, $info)
{
    global $PDO, $SESSION_COOKIE_NAME;

    if (isset($_COOKIE[$SESSION_COOKIE_NAME])) {
        $sql = "SELECT accounts.id AS id, email,
            first_name, first_name, 
            last_name, public_id FROM accounts 
            INNER JOIN sessions 
            ON sessions.user_id = accounts.id 
            WHERE session_id = :session_id;";
        $query = $PDO->prepare($sql);
        $query->bindValue(":session_id", $session_id);
        if ($query->execute())
            foreach ($query as $row) {
                switch ($info) {
                    case "id":
                    case "email":
                    case "first_name":
                    case "last_name":
                    case "public_id":
                        return $row[$info];
                    default;
                        break;
                }
            }
    }
    return false;
}

function add_user($email, $first_name, $last_name, $clear_password)
{
    global $PDO;

    $password_hash = password_hash($clear_password, PASSWORD_DEFAULT);

    $sql = "INSERT INTO accounts(email, first_name, last_name, password_hash, public_id)
    VALUES (:email, :first_name, :last_name, :password, :public_id);";
    $query = $PDO->prepare($sql);
    $query->bindValue(":email", $email);
    $query->bindValue(":first_name", $first_name);
    $query->bindValue(":last_name", $last_name);
    $query->bindValue(":password", $password_hash);
    $query->bindValue(":public_id", generate_random_string());
    return $query->execute();
}


function change_user_password($user_id, $new_clear_password)
{
    global $PDO;

    $password_hash = password_hash($new_clear_password, PASSWORD_DEFAULT);

    $sql = "UPDATE accounts SET password_hash = :password_hash WHERE accounts.id = :id";
    $query = $PDO->prepare($sql);
    $query->bindValue(":password_hash", $password_hash);
    $query->bindValue(":id", $user_id, PDO::PARAM_INT);
    return $query->execute();
}
added login and utils functions, to start the project 2019-11-09 22:33:47 +01:00			`<?php`

			`$SESSION_COOKIE_NAME = "connection_id";`
			`$MAX_COOKIE_LIFE = time() + 86400 * 30; // 30 days max`
changed manual comparaisons to 2019-11-10 00:17:21 +01:00			`$MINIMAL_PASSWORD_LENGTH = 8;`
added login and utils functions, to start the project 2019-11-09 22:33:47 +01:00
added a better way to store credentials 2019-11-09 23:56:28 +01:00			`$config_array = json_decode(file_get_contents("config.json", true));`
added login and utils functions, to start the project 2019-11-09 22:33:47 +01:00
added a better way to store credentials 2019-11-09 23:56:28 +01:00			`$dsn = $config_array->{"kind"} . ":dbname="`
			`. $config_array->{"dbname"} . ";host=" . $config_array->{"host"};`
			`$PDO = new PDO($dsn, $config_array->{"user"}, $config_array->{"password"});`
added login and utils functions, to start the project 2019-11-09 22:33:47 +01:00			`$PDO->query('SET CHARSET UTF8');`

			`function is_https()`
			`{`
			`return (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off');`
			`}`

			`function generate_random_string()`
			`{`
			`return substr(str_shuffle(MD5(microtime())), 0, 32);`
			`}`

			`function connect_user($user_id, $long_expiration = true)`
			`{`
			`global $PDO, $SESSION_COOKIE_NAME, $MAX_COOKIE_LIFE;`

			`// Set an expiration delay for the cookie`
			`$delay = 0;`
			`if ($long_expiration === true) {`
			`$delay = $MAX_COOKIE_LIFE;`
			`}`

			`// The session id is a 32-chars random string`
			`$session_id = generate_random_string();`

			`$sql = "INSERT INTO sessions(user_id, connection_eol, session_id)`
			`VALUES (:user_id, :connection_eol, :session_id);";`
			`$query = $PDO->prepare($sql);`

			`$query->bindValue(":user_id", $user_id);`
			`if ($long_expiration === true) {`
			`$query->bindValue(`
			`":connection_eol",`
			`date('Y-m-d H:i:s', strtotime(`
			`"$MAX_COOKIE_LIFE seconds",`
			`strtotime(date("Y-m-d H:i:s"))`
			`))`
			`);`
			`} else {`
			`$query->bindValue(":connection_eol", null, PDO::PARAM_INT);`
			`}`
			`$query->bindValue(":session_id", $session_id);`

			`if ($query->execute()) {`
			`return setcookie(`
			`$SESSION_COOKIE_NAME,`
			`$session_id,`
			`$delay,`
			`$secure = true`
			`);`
			`}`
			`return false;`
			`}`

			`function clean_old_sessions()`
			`{`
			`global $PDO;`

			`$sql = "DELETE FROM sessions WHERE connection_eol > CURRENT_TIMESTAMP();";`
			`$query = $PDO->prepare($sql);`
			`return $query->execute();`
			`}`

users can now change their own password 2019-11-10 13:07:27 +01:00			`function disconnect()`
			`{`
			`global $PDO, $SESSION_COOKIE_NAME;`

			`if (isset($_COOKIE[$SESSION_COOKIE_NAME])) {`
			`$sql = "DELETE FROM sessions WHERE session_id = :session_id;";`
			`$query = $PDO->prepare($sql);`
			`$query->bindValue(":session_id", $_COOKIE[$SESSION_COOKIE_NAME]);`
			`$query->execute();`
			`setcookie($SESSION_COOKIE_NAME, "", time() - 3600);`
			`}`
			`}`

added login and utils functions, to start the project 2019-11-09 22:33:47 +01:00			`function is_connected()`
			`{`
			`global $PDO, $SESSION_COOKIE_NAME;`

			`if (isset($_COOKIE[$SESSION_COOKIE_NAME])) {`
			`if (!clean_old_sessions()) {`
			`return false;`
			`}`

			`$sql = "SELECT * FROM sessions INNER JOIN accounts ON sessions.user_id = accounts.id WHERE session_id = :session_id;";`
			`$query = $PDO->prepare($sql);`

			`$query->bindValue(":session_id", $_COOKIE[$SESSION_COOKIE_NAME]);`
			`if ($query->execute()) {`
			`if ($query->rowCount() === 1) {`
			`return true;`
			`} else {`
users can now change their own password 2019-11-10 13:07:27 +01:00			`disconnect();`
added login and utils functions, to start the project 2019-11-09 22:33:47 +01:00			`return false;`
			`}`
			`} else {`
			`return false;`
			`}`
			`}`
			`return false;`
			`}`

			`function get_username_count($email)`
			`{`
			`global $PDO;`

			`$sql = "SELECT email FROM accounts WHERE email = :email;";`
			`$query = $PDO->prepare($sql);`
			`$query->bindValue(":email", $email);`

			`if ($query->execute()) {`
			`return $query->rowCount();`
			`}`
			`return false;`
			`}`

			`function correct_email_password($email, $password)`
			`{`
			`global $PDO;`

users can now change their own password 2019-11-10 13:07:27 +01:00			`$sql = "SELECT email, password_hash FROM accounts WHERE email = :email;";`
added login and utils functions, to start the project 2019-11-09 22:33:47 +01:00			`$query = $PDO->prepare($sql);`
			`$query->bindValue(":email", $email);`

			`if ($query->execute()) {`
			`foreach ($query as $row) {`
users can now change their own password 2019-11-10 13:07:27 +01:00			`return password_verify($password, $row["password_hash"]);`
added login and utils functions, to start the project 2019-11-09 22:33:47 +01:00			`}`
			`}`
			`return false;`
			`}`

			`function get_user_id_from_email($email)`
			`{`
			`global $PDO;`

			`$sql = "SELECT id FROM accounts WHERE email = :email;";`
			`$query = $PDO->prepare($sql);`
			`$query->bindValue(":email", $email);`

			`if ($query->execute()) {`
			`foreach ($query as $row) {`
			`return $row["id"];`
			`}`
			`}`
			`return false;`
			`}`

			`function get_user_info_from_session_id($session_id, $info)`
			`{`
			`global $PDO, $SESSION_COOKIE_NAME;`

			`if (isset($_COOKIE[$SESSION_COOKIE_NAME])) {`
users can now change their own password 2019-11-10 13:07:27 +01:00			`$sql = "SELECT accounts.id AS id, email,`
			`first_name, first_name,`
			`last_name, public_id FROM accounts`
added login and utils functions, to start the project 2019-11-09 22:33:47 +01:00			`INNER JOIN sessions`
			`ON sessions.user_id = accounts.id`
			`WHERE session_id = :session_id;";`
			`$query = $PDO->prepare($sql);`
			`$query->bindValue(":session_id", $session_id);`
			`if ($query->execute())`
			`foreach ($query as $row) {`
			`switch ($info) {`
users can now change their own password 2019-11-10 13:07:27 +01:00			`case "id":`
added login and utils functions, to start the project 2019-11-09 22:33:47 +01:00			`case "email":`
			`case "first_name":`
			`case "last_name":`
			`case "public_id":`
			`return $row[$info];`
			`default;`
			`break;`
			`}`
			`}`
			`}`
			`return false;`
			`}`
forgot to add utils, now it should be better 2019-11-10 00:15:03 +01:00
			`function add_user($email, $first_name, $last_name, $clear_password)`
			`{`
			`global $PDO;`

			`$password_hash = password_hash($clear_password, PASSWORD_DEFAULT);`

users can now change their own password 2019-11-10 13:07:27 +01:00			`$sql = "INSERT INTO accounts(email, first_name, last_name, password_hash, public_id)`
forgot to add utils, now it should be better 2019-11-10 00:15:03 +01:00			`VALUES (:email, :first_name, :last_name, :password, :public_id);";`
			`$query = $PDO->prepare($sql);`
			`$query->bindValue(":email", $email);`
			`$query->bindValue(":first_name", $first_name);`
			`$query->bindValue(":last_name", $last_name);`
			`$query->bindValue(":password", $password_hash);`
			`$query->bindValue(":public_id", generate_random_string());`
			`return $query->execute();`
			`}`
users can now change their own password 2019-11-10 13:07:27 +01:00

			`function change_user_password($user_id, $new_clear_password)`
			`{`
			`global $PDO;`

			`$password_hash = password_hash($new_clear_password, PASSWORD_DEFAULT);`

			`$sql = "UPDATE accounts SET password_hash = :password_hash WHERE accounts.id = :id";`
			`$query = $PDO->prepare($sql);`
			`$query->bindValue(":password_hash", $password_hash);`
			`$query->bindValue(":id", $user_id, PDO::PARAM_INT);`
			`return $query->execute();`
			`}`