shopping-list/php/classes.user.php

<?php
  Class user {
    public $uid, $username, $email, $theme, $last_login;
    private $salt;

    function get_info($session_id) {
      include $_SESSION["docroot"].'/php/connect.php';
      $selectQuery = $mysqli->prepare("SELECT uid, username, email, theme, last_login, salt FROM `users` WHERE `uid` = (SELECT user FROM `sessions` WHERE `session_id` = ?);");
      $selectQuery->bind_param("s", $session_id);
      $selectQuery->execute();
      $result = $selectQuery->get_result();
      $user = $result->fetch_assoc();
      $this->uid = $user["uid"];
      $this->username = $user["username"];
      $this->email = $user["email"];
      $this->theme = $user["theme"];
      $this->last_login = $user["last_login"];
      $this->salt = $user["salt"];
      $mysqli->close();
    }

    function change_password($current, $new){
      include $_SESSION["docroot"].'/php/hash.php';
      include $_SESSION["docroot"].'/php/connect.php';
      $current_pwhash = hash_password($current, $this->salt);
      $selectQuery = $mysqli->prepare("SELECT `uid` FROM `users` WHERE `uid` = ? AND `password` = ?;");
      $selectQuery->bind_param("ss", $this->uid, $current_pwhash);
      $selectQuery->execute();
      $result = $selectQuery->get_result();
      if($result->num_rows===1){
        $new_pwdhash = hash_password($new, $this->salt);
        $updateQuery = $mysqli->prepare("UPDATE `users` SET `password` = ? WHERE `users`.`uid` = ?;");
        $updateQuery->bind_param("ss", $new_pwdhash, $this->uid);
        $updateQuery->execute();
        $mysqli->close();
        print_r("0");
      }
      else{
        print_r("1");
      }
    }

    function change_mail($mailaddress){
      include $_SESSION["docroot"].'/php/connect.php';
      $this->mail = $mailaddress;
      $updateQuery = $mysqli->prepare("UPDATE `users` SET `email` = ? WHERE `users`.`uid` = ?;");
      $updateQuery->bind_param("ss", $mailaddress, $this->uid);
      $updateQuery->execute();
      $mysqli->close();
    }

    function change_username($newname){
      include $_SESSION["docroot"].'/php/connect.php';
      $this->username = $newname;
      $selectQuery = $mysqli->prepare("SELECT * FROM `users` WHERE `username` =  ?;");
      $selectQuery->bind_param("s", $this->username);
      $selectQuery->execute();
      $result = $selectQuery->get_result();
      if($result->num_rows==0){
        $updateQuery = $mysqli->prepare("UPDATE `users` SET `username` = ? WHERE `users`.`uid` = ?;");
        $updateQuery->bind_param("ss", $newname, $this->uid);
        $updateQuery->execute();
        print_r("0");
      }
      else{
        print_r("1");
      }
      $mysqli->close();
    }

    function change_theme($theme){
      include $_SESSION["docroot"].'/php/connect.php';
      $updateQuery = $mysqli->prepare("UPDATE `users` SET `theme` = ? WHERE `users`.`uid` = ?;");
      $updateQuery->bind_param("ss", $theme, $this->uid);
      $updateQuery->execute();
      if($result){
        print_r("0");
      }
      else{
        print_r("1");
      }
    }

    function new($uname, $password){
      include $_SESSION["docroot"].'/php/connect.php';
      include $_SESSION["docroot"].'/php/hash.php';

      $selectQuery = $mysqli->prepare("SELECT `uid` FROM `users` WHERE `username` = ?;");
      $selectQuery->bind_param("s", $uname);
      $selectQuery->execute();
      $result = $selectQuery->get_result();
      if($result->num_rows==0){
        $salt = create_salt();
        $passhash = hash_password($password, $salt);
        $insertQuery = $mysqli->prepare("INSERT INTO `users` (`username`, `password`, `salt`, `last_login`) VALUES (?, ?, ?, CURRENT_TIMESTAMP);");
        $insertQuery->bind_param("sss", $uname, $passhash, $salt);
        $insertQuery->execute();
        $result = $insertQuery->get_result();
        unset($salt);
        unset($password);
        print_r(0);
      }
      else{print_r(1);}
      $mysqli->close();
    }
  }
?>
implemented user class 2018-11-09 13:21:34 +01:00			`<?php`
			`Class user {`
manual merge 2019-05-19 18:37:00 +02:00			`public $uid, $username, $email, $theme, $last_login;`
Added Password Change and implemented user change in php class 2018-11-09 15:16:36 +01:00			`private $salt;`

			`function get_info($session_id) {`
implemented user class 2018-11-09 13:21:34 +01:00			`include $_SESSION["docroot"].'/php/connect.php';`
sql inject prevent 2019-05-22 10:38:07 +02:00			$selectQuery = $mysqli->prepare("SELECT uid, username, email, theme, last_login, salt FROM `users` WHERE `uid` = (SELECT user FROM `sessions` WHERE `session_id` = ?);");
			`$selectQuery->bind_param("s", $session_id);`
			`$selectQuery->execute();`
			`$result = $selectQuery->get_result();`
implemented user class 2018-11-09 13:21:34 +01:00			`$user = $result->fetch_assoc();`
			`$this->uid = $user["uid"];`
			`$this->username = $user["username"];`
			`$this->email = $user["email"];`
manual merge 2019-05-19 18:37:00 +02:00			`$this->theme = $user["theme"];`
implemented user class 2018-11-09 13:21:34 +01:00			`$this->last_login = $user["last_login"];`
Added Password Change and implemented user change in php class 2018-11-09 15:16:36 +01:00			`$this->salt = $user["salt"];`
			`$mysqli->close();`
			`}`

			`function change_password($current, $new){`
			`include $_SESSION["docroot"].'/php/hash.php';`
			`include $_SESSION["docroot"].'/php/connect.php';`
			`$current_pwhash = hash_password($current, $this->salt);`
sql inject prevent 2019-05-22 10:38:07 +02:00			$selectQuery = $mysqli->prepare("SELECT `uid` FROM `users` WHERE `uid` = ? AND `password` = ?;");
			`$selectQuery->bind_param("ss", $this->uid, $current_pwhash);`
			`$selectQuery->execute();`
			`$result = $selectQuery->get_result();`
Added Password Change and implemented user change in php class 2018-11-09 15:16:36 +01:00			`if($result->num_rows===1){`
			`$new_pwdhash = hash_password($new, $this->salt);`
sql inject prevent 2019-05-22 10:38:07 +02:00			$updateQuery = $mysqli->prepare("UPDATE `users` SET `password` = ? WHERE `users`.`uid` = ?;");
			`$updateQuery->bind_param("ss", $new_pwdhash, $this->uid);`
			`$updateQuery->execute();`
Added Password Change and implemented user change in php class 2018-11-09 15:16:36 +01:00			`$mysqli->close();`
			`print_r("0");`
			`}`
			`else{`
			`print_r("1");`
			`}`
implemented user class 2018-11-09 13:21:34 +01:00			`}`
installation add user via class 2018-11-09 15:58:00 +01:00
implemented full settings functionality 2019-05-21 10:28:07 +02:00			`function change_mail($mailaddress){`
			`include $_SESSION["docroot"].'/php/connect.php';`
			`$this->mail = $mailaddress;`
sql inject prevent 2019-05-22 10:38:07 +02:00			$updateQuery = $mysqli->prepare("UPDATE `users` SET `email` = ? WHERE `users`.`uid` = ?;");
			`$updateQuery->bind_param("ss", $mailaddress, $this->uid);`
			`$updateQuery->execute();`
implemented full settings functionality 2019-05-21 10:28:07 +02:00			`$mysqli->close();`
			`}`

			`function change_username($newname){`
			`include $_SESSION["docroot"].'/php/connect.php';`
			`$this->username = $newname;`
sql inject prevent 2019-05-22 10:38:07 +02:00			$selectQuery = $mysqli->prepare("SELECT * FROM `users` WHERE `username` = ?;");
			`$selectQuery->bind_param("s", $this->username);`
			`$selectQuery->execute();`
			`$result = $selectQuery->get_result();`
implemented full settings functionality 2019-05-21 10:28:07 +02:00			`if($result->num_rows==0){`
sql inject prevent 2019-05-22 10:38:07 +02:00			$updateQuery = $mysqli->prepare("UPDATE `users` SET `username` = ? WHERE `users`.`uid` = ?;");
			`$updateQuery->bind_param("ss", $newname, $this->uid);`
			`$updateQuery->execute();`
implemented full settings functionality 2019-05-21 10:28:07 +02:00			`print_r("0");`
			`}`
			`else{`
			`print_r("1");`
			`}`
			`$mysqli->close();`
			`}`

manual merge 2019-05-19 18:37:00 +02:00			`function change_theme($theme){`
			`include $_SESSION["docroot"].'/php/connect.php';`
sql inject prevent 2019-05-22 10:38:07 +02:00			$updateQuery = $mysqli->prepare("UPDATE `users` SET `theme` = ? WHERE `users`.`uid` = ?;");
			`$updateQuery->bind_param("ss", $theme, $this->uid);`
			`$updateQuery->execute();`
manual merge 2019-05-19 18:37:00 +02:00			`if($result){`
			`print_r("0");`
			`}`
			`else{`
			`print_r("1");`
			`}`
			`}`

installation add user via class 2018-11-09 15:58:00 +01:00			`function new($uname, $password){`
			`include $_SESSION["docroot"].'/php/connect.php';`
			`include $_SESSION["docroot"].'/php/hash.php';`

sql inject prevent 2019-05-22 10:38:07 +02:00			$selectQuery = $mysqli->prepare("SELECT `uid` FROM `users` WHERE `username` = ?;");
			`$selectQuery->bind_param("s", $uname);`
			`$selectQuery->execute();`
			`$result = $selectQuery->get_result();`
installation add user via class 2018-11-09 15:58:00 +01:00			`if($result->num_rows==0){`
			`$salt = create_salt();`
			`$passhash = hash_password($password, $salt);`
sql inject prevent 2019-05-22 10:38:07 +02:00			$insertQuery = $mysqli->prepare("INSERT INTO `users` (`username`, `password`, `salt`, `last_login`) VALUES (?, ?, ?, CURRENT_TIMESTAMP);");
			`$insertQuery->bind_param("sss", $uname, $passhash, $salt);`
			`$insertQuery->execute();`
			`$result = $insertQuery->get_result();`
installation add user via class 2018-11-09 15:58:00 +01:00			`unset($salt);`
			`unset($password);`
			`print_r(0);`
			`}`
			`else{print_r(1);}`
			`$mysqli->close();`
			`}`
implemented user class 2018-11-09 13:21:34 +01:00			`}`
			`?>`