192 lines
4.7 KiB
PHP
192 lines
4.7 KiB
PHP
<?php
|
|
namespace controls;
|
|
|
|
class Users
|
|
{
|
|
|
|
public static function permissions( $user_id, $module = '', $action = '' )
|
|
{
|
|
// Superadmin has full access
|
|
if ( (int)$user_id === 1 )
|
|
return true;
|
|
|
|
// Cache permissions per user to avoid repeated DB queries
|
|
static $cache = [];
|
|
|
|
if ( !isset( $cache[ $user_id ] ) )
|
|
{
|
|
$repo = new \Domain\Users\PermissionRepository();
|
|
$cache[ $user_id ] = $repo -> byUserId( (int)$user_id );
|
|
}
|
|
|
|
if ( $module && isset( $cache[ $user_id ][ $module ] ) )
|
|
return (bool)$cache[ $user_id ][ $module ];
|
|
|
|
// If module not in permissions list, allow by default
|
|
return true;
|
|
}
|
|
|
|
public static function logout()
|
|
{
|
|
global $mdb, $user;
|
|
|
|
$domain = preg_replace( '#^(http(s)?://)?w{3}\.#', '$1', $_SERVER['SERVER_NAME'] );
|
|
$cookie_name = str_replace( '.', '-', $domain );
|
|
|
|
if ( $user && isset( $user['id'] ) )
|
|
$mdb -> update( 'users', [ 'remember_token' => null ], [ 'id' => $user['id'] ] );
|
|
|
|
setcookie( $cookie_name, "", [
|
|
'expires' => strtotime( "-1 year" ),
|
|
'path' => '/',
|
|
'domain' => $domain,
|
|
'secure' => true,
|
|
'httponly' => true,
|
|
'samesite' => 'Lax'
|
|
] );
|
|
session_destroy();
|
|
header( 'Location: /' );
|
|
exit;
|
|
}
|
|
|
|
|
|
public static function password_change()
|
|
{
|
|
global $mdb, $user;
|
|
|
|
if ( !$user )
|
|
{
|
|
header( 'Location: /' );
|
|
exit;
|
|
}
|
|
|
|
$password_old = \S::get( 'password_old' );
|
|
$password_new = \S::get( 'password_new' );
|
|
|
|
if ( !$password_old || !$password_new )
|
|
{
|
|
\S::alert( 'Wypełnij oba pola.' );
|
|
header( 'Location: /users/settings/' );
|
|
exit;
|
|
}
|
|
|
|
$db_user = $mdb -> get( 'users', '*', [ 'id' => $user['id'] ] );
|
|
|
|
if ( !$db_user )
|
|
{
|
|
\S::alert( 'Stare hasło jest nieprawidłowe.' );
|
|
header( 'Location: /users/settings/' );
|
|
exit;
|
|
}
|
|
|
|
$password_ok = password_verify( $password_old, $db_user['password'] )
|
|
|| md5( $password_old ) === $db_user['password'];
|
|
|
|
if ( !$password_ok )
|
|
{
|
|
\S::alert( 'Stare hasło jest nieprawidłowe.' );
|
|
header( 'Location: /users/settings/' );
|
|
exit;
|
|
}
|
|
|
|
$mdb -> update( 'users', [
|
|
'password' => password_hash( $password_new, PASSWORD_BCRYPT )
|
|
], [
|
|
'id' => $user['id']
|
|
] );
|
|
|
|
\S::alert( 'Hasło zostało zmienione.' );
|
|
header( 'Location: /users/settings/' );
|
|
exit;
|
|
}
|
|
|
|
public static function settings()
|
|
{
|
|
global $user;
|
|
|
|
if ( !$user )
|
|
{
|
|
return \Tpl::view( 'users/login-form' );
|
|
}
|
|
|
|
return \view\Users::settings(
|
|
$user
|
|
);
|
|
}
|
|
|
|
public static function login()
|
|
{
|
|
global $mdb;
|
|
|
|
if ( $user = \factory\Users::login( \S::get( 'email' ), \S::get( 'password' ) ) )
|
|
{
|
|
$domain = preg_replace( '#^(http(s)?://)?w{3}\.#', '$1', $_SERVER['SERVER_NAME'] );
|
|
$cookie_name = str_replace( '.', '-', $domain );
|
|
|
|
if ( \S::get( 'remember' ) === 'true' )
|
|
{
|
|
$token = bin2hex( random_bytes( 32 ) );
|
|
$mdb -> update( 'users', [ 'remember_token' => $token ], [ 'id' => $user['id'] ] );
|
|
setcookie( $cookie_name, $token, [
|
|
'expires' => strtotime( "+1 year" ),
|
|
'path' => '/',
|
|
'domain' => $domain,
|
|
'secure' => true,
|
|
'httponly' => true,
|
|
'samesite' => 'Lax'
|
|
] );
|
|
}
|
|
else
|
|
{
|
|
$mdb -> update( 'users', [ 'remember_token' => null ], [ 'id' => $user['id'] ] );
|
|
setcookie( $cookie_name, "", [
|
|
'expires' => strtotime( "-1 year" ),
|
|
'path' => '/',
|
|
'domain' => $domain,
|
|
'secure' => true,
|
|
'httponly' => true,
|
|
'samesite' => 'Lax'
|
|
] );
|
|
}
|
|
|
|
\S::set_session( 'user', $user );
|
|
echo json_encode( [ 'result' => 'true', 'msg' => 'Właśnie zostałeś zalogowany. Za chwilę nastąpi przekierowanie.', 'default_project' => $user[ 'default_project' ] ] );
|
|
}
|
|
else
|
|
{
|
|
echo json_encode( [ 'result' => 'false', 'msg' => 'Podany login i hasło są nieprawidłowe.' ] );
|
|
}
|
|
exit;
|
|
}
|
|
|
|
public static function login_form()
|
|
{
|
|
return \Tpl::view( 'users/login-form' );
|
|
}
|
|
|
|
/**
|
|
* @deprecated Use \Controllers\UsersController::mainView() instead.
|
|
*/
|
|
public static function main_view()
|
|
{
|
|
return \Controllers\UsersController::mainView();
|
|
}
|
|
|
|
/**
|
|
* @deprecated Use \Controllers\UsersController::loginAs() instead.
|
|
*/
|
|
public static function login_as()
|
|
{
|
|
return \Controllers\UsersController::loginAs();
|
|
}
|
|
|
|
/**
|
|
* @deprecated Use \Controllers\UsersController::switchBackToAdmin() instead.
|
|
*/
|
|
public static function back_to_admin()
|
|
{
|
|
return \Controllers\UsersController::switchBackToAdmin();
|
|
}
|
|
|
|
}
|