lollipop

User.php (5883B)

---

 <?php
 
 namespace Model {
     class User extends \Lollipop\DatabaseObject
     {
         public static function get_table(): string
         {
             return "user";
         }
 
         public static function get_primary(): string
         {
             return "email";
         }
 
         public static function get_password_field(): string
         {
             return "password";
         }
         public static function get_schema(): string
         {
             return "lollipop";
         }
 
         public function login_fields(): string
         {
             $html = "";
             $html .= '<input type="text" name="' . $this->get_primary(). '" placeholder="' . $this->get_primary() . '">';
             $html .= '<input type="password" name="' . $this->get_password_field() . '" placeholder="password">';
             return $html;
         }
 
         public function all_fields(array $res = []): string
         {
             $html = "";
             foreach($this->column_names as $field) {
                 if($field == $this->get_password_field()) {
                     $html .= '<input type="password" name="' . $field . '" placeholder="' . $field . '">';
                 } else {
                     $html .= '<input type="text" name="' . $field . '" placeholder="' . $field . '">';
                 }
                 $miss_key = 'missing_'.$field;
                 if(array_key_exists($miss_key, $res)) {
                     $html .= '<div class="form-response"><p style="color:red;"> Field: '. $field . ' cannot be empty</p></div>';
                 }
             }
             return $html;
         }
 
         public function login(): array
         {
             if([$this->get_primary() != "" && !$this->get_password_field() == ""]) {
                 return $this->authenticate();
             } else {
                 return ["response" => ""];
             }
         }
         public function authenticate(): array
         //this function return true when user is autheticated uses set_globals to set $_SESSION variables
         {
             //check if the email exists in db
             if(!$this->load($_POST[$this->get_primary()])) {
                 //email does not exist
                 return ["response" => "{$this->get_primary()}: {$_POST[$this->get_primary()]} does not exists in db"];
             } else {
                 if(password_verify($_POST[$this->get_password_field()], $this->{$this->get_password_field()})) {
                     //authenticated -> set $_SESSION variables
                     $this->set_globals();
                     return [];
                 } else {
                     //password did not match
                     return ["response" => "incorrect password"];
                 }
             }
         }
 
         private function set_globals()
         //this function sets Session variables
         {
             $user_permissions = [];
             //foreach field in database which is not password add to session
             foreach($this->getData() as $key => $data) {
                 if($key != $this->get_password_field()) {
                     $_SESSION[$key] = $data;
                 }
             }
             //get permissions form db and set sessions_permissions
             $p = $this->db->all_where(PermissionUser::class, [$this->get_primary() => $this->{$this->get_primary()}]);
             foreach($p as $permission) {
                 $user_permissions[] = $permission->id;
             }
             $_SESSION['user_permissions'] = $user_permissions;
         }
 
         public function add_user(): array
         {
             $missing_fields = \Lollipop\Utils::missing_fields($this->notNullable());
 
             if(sizeof($missing_fields) == 0) {
                 return $this->add_data_db();
             } else {
                 return $missing_fields;
             }
         }
 
         private function add_data_db(): array
         {
             $user_credentials = [];
             $response["success"] = false;
             if($this->load($_POST[$this->get_primary()])) {
                 $response["response"] = "<p style=\"color:red;\">this email address is already taken: {$_POST[$this->get_primary()]} </p>";
                 return $response;
             } else {
                 if($_POST[$this->get_password_field()]) {
                     $_POST[$this->get_password_field()] = password_hash($_POST[$this->get_password_field()], PASSWORD_DEFAULT);
                 }
                 foreach($this->get_col_names_no_ai() as $col) {
                     if($_POST[$col] != "") {
                         $this->$col = $_POST[$col];
                         $user_credentials[$col] = $_POST[$col];
                     }
                 }
                 if($this->add()) {
                     $response["response"] = "<p style=\"color:green;\">succes</p>";
                     $response += $user_credentials;
                     $response["success"] = true;
                     return $response;
                 } else {
                     $response["response"] = "<p style=\"color:red;\">could not add user to database</p>";
                     return $response;
                 }
             }
         }
         public function update_user(): bool
         {
             $missing_fields = \Lollipop\Utils::missing_fields_sans_pw($this->notNullable());
             if(sizeof($missing_fields) == 0) {
                 foreach($_POST as $key => $post) {
                     if(in_array($key, $this->get_column_names())) {
                         if($key == $this->get_password_field()) {
                             $this->{$key} = password_hash($_POST[$key], PASSWORD_DEFAULT);
                         } else {
                             $this->{$key} = $post;
                         }
                     }
                 }
                 return $this->save();
             }
             return false;
         }
     }
 }