PageRenderTime 35ms CodeModel.GetById 27ms RepoModel.GetById 0ms app.codeStats 0ms

/web/includes/CUserManager.php

https://gitlab.com/Rushaway/sourcebanspp
PHP | 332 lines | 187 code | 43 blank | 102 comment | 31 complexity | a2d54d23952b1696536e22c8b5ed898d MD5 | raw file
    

  1. <?php
    2. 

  2. 

  3. use Lcobucci\JWT\Token;
    4. 

  4. 

  5. /*************************************************************************
    6. 

  6. This file is part of SourceBans++
    7. 

    8. 

  8. SourceBans++ (c) 2014-2019 by SourceBans++ Dev Team
    9. 

    10. 

  10. The SourceBans++ Web panel is licensed under a
    11. 

  11. Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.
    12. 

    13. 

  13. You should have received a copy of the license along with this
    14. 

  14. work.  If not, see <http://creativecommons.org/licenses/by-nc-sa/3.0/>.
    15. 

    16. 

  16. This program is based off work covered by the following copyright(s):
    17. 

  17. SourceBans 1.4.11
    18. 

  18. Copyright © 2007-2014 SourceBans Team - Part of GameConnect
    19. 

  19. Licensed under CC-BY-NC-SA 3.0
    20. 

  20. Page: <http://www.sourcebans.net/> - <http://www.gameconnect.net/>
    21. 

  21. *************************************************************************/
    22. 

  22. class CUserManager
    23. 

  23. {
    24. 

  24.     /**
    25. 

  25.      * @var int|mixed
    26. 

  26.      */
    27. 

  27.     private $aid = -1;
    28. 

  28. 

  29.     /**
    30. 

  30.      * @var array
    31. 

  31.      */
    32. 

  32.     private $admins = array();
    33. 

  33. 

  34.     /**
    35. 

  35.      * @var Database
    36. 

  36.      */
    37. 

  37.     private $dbh = null;
    38. 

  38. 

  39.     /**
    40. 

  40.      * CUserManager constructor.
    41. 

  41.      * @param Token|false $token
    42. 

  42.      */
    43. 

  43.     public function __construct($token)
    44. 

  44.     {
    45. 

  45.         $this->dbh = new Database(DB_HOST, DB_PORT, DB_NAME, DB_USER, DB_PASS, DB_PREFIX, DB_CHARSET);
    46. 

  46. 

  47.         $this->aid = ((bool)$token) ? $token->getClaim('aid') : -1;
    48. 

  48. 

  49.         $this->GetUserArray($this->aid);
    50. 

  50.     }
    51. 

  51. 

  52.     /**
    53. 

  53.      * Gets all user details from the database, saves them into
    54. 

  54.      * the admin array 'cache', and then returns the array
    55. 

  55.      *
    56. 

  56.      * @param int $aid the ID of admin to get info for.
    57. 

  57.      * @return array|false
    58. 

  58.      */
    59. 

  59.     public function GetUserArray($aid = null)
    60. 

  60.     {
    61. 

  61.         if (is_null($aid)) {
    62. 

  62.             $aid = $this->aid;
    63. 

  63.         }
    64. 

  64.         // Invalid aid
    65. 

  65.         if ($aid < 0 || empty($aid)) {
    66. 

  66.             return false;
    67. 

  67.         }
    68. 

  68. 

  69.         // We already got the data from the DB, and its saved in the manager
    70. 

  70.         if (isset($this->admins[$aid]) && !empty($this->admins[$aid])) {
    71. 

  71.             return $this->admins[$aid];
    72. 

  72.         }
    73. 

  73.         // Not in the manager, so we need to get them from DB
    74. 

  74.         $this->dbh->query("SELECT adm.user user, adm.authid authid, adm.password password, adm.gid gid, adm.email email, adm.validate validate, adm.extraflags extraflags,
    75. 

  75. 							adm.immunity admimmunity,sg.immunity sgimmunity, adm.srv_password srv_password, adm.srv_group srv_group, adm.srv_flags srv_flags,sg.flags sgflags,
    76. 

  76. 							wg.flags wgflags, wg.name wgname, adm.lastvisit lastvisit
    77. 

  77. 							FROM `:prefix_admins` AS adm
    78. 

  78. 							LEFT JOIN `:prefix_groups` AS wg ON adm.gid = wg.gid
    79. 

  79. 							LEFT JOIN `:prefix_srvgroups` AS sg ON adm.srv_group = sg.name
    80. 

  80. 							WHERE adm.aid = :aid");
    81. 

  81.         $this->dbh->bind(':aid', $aid);
    82. 

  82.         $res = $this->dbh->single();
    83. 

  83. 

  84.         if (!$res) {
    85. 

  85.             return false;  // ohnoes some type of db error
    86. 

  86.         }
    87. 

  87. 

  88.         $user = array();
    89. 

  89.         //$user['user'] = stripslashes($res[0]);
    90. 

  90.         $user['aid'] = $aid; //immediately obvious
    91. 

  91.         $user['user'] = $res['user'];
    92. 

  92.         $user['authid'] = $res['authid'];
    93. 

  93.         $user['password'] = $res['password'];
    94. 

  94.         $user['gid'] = $res['gid'];
    95. 

  95.         $user['email'] = $res['email'];
    96. 

  96.         $user['validate'] = $res['validate'];
    97. 

  97.         $user['extraflags'] = (intval($res['extraflags']) | intval($res['wgflags']));
    98. 

  98. 

  99.         $user['srv_immunity'] = intval($res['sgimmunity']);
    100. 

  100. 

  101.         if (intval($res['admimmunity']) > intval($res['sgimmunity'])) {
    102. 

  102.             $user['srv_immunity'] = intval($res['admimmunity']);
    103. 

  103.         }
    104. 

  104. 

  105.         $user['srv_password'] = $res['srv_password'];
    106. 

  106.         $user['srv_groups'] = $res['srv_group'];
    107. 

  107.         $user['srv_flags'] = $res['srv_flags'] . $res['sgflags'];
    108. 

  108.         $user['group_name'] = $res['wgname'];
    109. 

  109.         $user['lastvisit'] = $res['lastvisit'];
    110. 

  110.         $this->admins[$aid] = $user;
    111. 

  111.         return $user;
    112. 

  112.     }
    113. 

  113. 

  114. 

  115.     /**
    116. 

  116.      * Will check to see if an admin has any of the flags given
    117. 

  117.      *
    118. 

  118.      * @param int $flags The flags to check for.
    119. 

  119.      * @param int $aid The user to check flags for.
    120. 

  120.      * @return bool
    121. 

  121.      */
    122. 

  122.     public function HasAccess($flags, $aid = null)
    123. 

  123.     {
    124. 

  124.         if (is_null($aid)) {
    125. 

  125.             $aid = $this->aid;
    126. 

  126.         }
    127. 

  127. 

  128.         if (empty($flags) || $aid <= 0) {
    129. 

  129.             return false;
    130. 

  130.         }
    131. 

  131. 

  132.         if (!isset($this->admins[$aid])) {
    133. 

  133.             $this->GetUserArray($aid);
    134. 

  134.         }
    135. 

  135. 

  136.         if (is_numeric($flags)) {
    137. 

  137.             return ($this->admins[$aid]['extraflags'] & $flags) != 0 ? true : false;
    138. 

  138.         }
    139. 

  139. 

  140.         for ($i=0; $i < strlen($this->admins[$aid]['srv_flags']); $i++) {
    141. 

  141.             for ($a=0; $a < strlen($flags); $a++) {
    142. 

  142.                 if (strstr($this->admins[$aid]['srv_flags'][$i], $flags[$a])) {
    143. 

  143.                     return true;
    144. 

  144.                 }
    145. 

  145.             }
    146. 

  146.         }
    147. 

  147.         return false;
    148. 

  148.     }
    149. 

  149. 

  150. 

  151.     /**
    152. 

  152.      * Gets a 'property' from the user array eg. 'authid'
    153. 

  153.      *
    154. 

  154.      * @param string $name
    155. 

  155.      * @param int $aid the ID of admin to get info for.
    156. 

  156.      * @return mixed.
    157. 

  157.      */
    158. 

  158.     public function GetProperty($name, $aid = null)
    159. 

  159.     {
    160. 

  160.         if (is_null($aid)) {
    161. 

  161.             $aid = $this->aid;
    162. 

  162.         }
    163. 

  163.         if (empty($name) || $aid < 0) {
    164. 

  164.             return false;
    165. 

  165.         }
    166. 

  166. 

  167.         if (!isset($this->admins[$aid])) {
    168. 

  168.             $this->GetUserArray($aid);
    169. 

  169.         }
    170. 

  170. 

  171.         return $this->admins[$aid][$name];
    172. 

  172.     }
    173. 

  173. 

  174.     /**
    175. 

  175.      * @return bool
    176. 

  176.      */
    177. 

  177.     public function is_logged_in()
    178. 

  178.     {
    179. 

  179.         if ($this->aid != -1) {
    180. 

  180.             return true;
    181. 

  181.         }
    182. 

  182.         return false;
    183. 

  183.     }
    184. 

  184. 

  185.     /**
    186. 

  186.      * @param null $aid
    187. 

  187.      * @return bool
    188. 

  188.      */
    189. 

  189.     public function is_admin($aid = null)
    190. 

  190.     {
    191. 

  191.         if (is_null($aid)) {
    192. 

  192.             $aid = $this->aid;
    193. 

  193.         }
    194. 

  194. 

  195.         if ($this->HasAccess(ALL_WEB, $aid)) {
    196. 

  196.             return true;
    197. 

  197.         }
    198. 

  198.         return false;
    199. 

  199.     }
    200. 

  200. 

  201. 

  202.     /**
    203. 

  203.      * @return int|mixed
    204. 

  204.      */
    205. 

  205.     public function GetAid()
    206. 

  206.     {
    207. 

  207.         return $this->aid;
    208. 

  208.     }
    209. 

  209. 

  210. 

  211.     /**
    212. 

  212.      * @return array
    213. 

  213.      */
    214. 

  214.     public function GetAllAdmins()
    215. 

  215.     {
    216. 

  216.         $this->dbh->query('SELECT aid FROM `:prefix_admins`');
    217. 

  217.         $res = $this->dbh->resultset();
    218. 

  218.         foreach ($res as $admin) {
    219. 

  219.             $this->GetUserArray($admin['aid']);
    220. 

  220.         }
    221. 

  221.         return $this->admins;
    222. 

  222.     }
    223. 

  223. 

  224. 

  225.     /**
    226. 

  226.      * @param int|null $aid
    227. 

  227.      * @return bool|mixed
    228. 

  228.      */
    229. 

  229.     public function GetAdmin($aid = null)
    230. 

  230.     {
    231. 

  231.         if (is_null($aid)) {
    232. 

  232.             $aid = $this->aid;
    233. 

  233.         }
    234. 

  234.         if ($aid < 0 || !is_int($aid)) {
    235. 

  235.             return false;
    236. 

  236.         }
    237. 

  237. 

  238.         if (!isset($this->admins[$aid])) {
    239. 

  239.             $this->GetUserArray($aid);
    240. 

  240.         }
    241. 

  241.         return $this->admins[$aid];
    242. 

  242.     }
    243. 

  243. 

  244.     /**
    245. 

  245.      * @param string $name
    246. 

  246.      * @return bool
    247. 

  247.      */
    248. 

  248.     public function isNameTaken($name)
    249. 

  249.     {
    250. 

  250.         $this->dbh->query("SELECT 1 FROM `:prefix_admins` WHERE user = :user");
    251. 

  251.         $this->dbh->bind(':user', $name);
    252. 

  252.         $data = $this->dbh->single();
    253. 

  253. 

  254.         return (bool)$data[1];
    255. 

  255.     }
    256. 

  256. 

  257.     /**
    258. 

  258.      * @param string $steamid
    259. 

  259.      * @return bool
    260. 

  260.      */
    261. 

  261.     public function isSteamIDTaken($steamid)
    262. 

  262.     {
    263. 

  263.         $this->dbh->query("SELECT 1 FROM `:prefix_admins` WHERE authid = :steamid");
    264. 

  264.         $this->dbh->bind(':steamid', $steamid);
    265. 

  265.         $data = $this->dbh->single();
    266. 

  266. 

  267.         return (bool)$data[1];
    268. 

  268.     }
    269. 

  269. 

  270.     /**
    271. 

  271.      * @param string $email
    272. 

  272.      * @return bool
    273. 

  273.      */
    274. 

  274.     public function isEmailTaken($email)
    275. 

  275.     {
    276. 

  276.         $this->dbh->query("SELECT 1 FROM `:prefix_admins` WHERE email = :email");
    277. 

  277.         $this->dbh->bind(':email', $email);
    278. 

  278.         $data = $this->dbh->single();
    279. 

  279. 

  280.         return (bool)$data[1];
    281. 

  281.     }
    282. 

  282. 

  283.     /**
    284. 

  284.      * @param int $aid
    285. 

  285.      * @param string $pass
    286. 

  286.      * @return bool
    287. 

  287.      */
    288. 

  288.     public function isCurrentPasswordValid($aid, $pass)
    289. 

  289.     {
    290. 

  290.         $this->dbh->query("SELECT password FROM `:prefix_admins` WHERE aid = :aid");
    291. 

  291.         $this->dbh->bind(':aid', $aid);
    292. 

  292.         $hash = $this->dbh->single();
    293. 

  293.         return password_verify($pass, $hash['password']);
    294. 

  294.     }
    295. 

  295. 

  296.     /**
    297. 

  297.      * @param string $name
    298. 

  298.      * @param string $steam
    299. 

  299.      * @param string $password
    300. 

  300.      * @param string $email
    301. 

  301.      * @param int $web_group
    302. 

  302.      * @param int $web_flags
    303. 

  303.      * @param string $srv_group
    304. 

  304.      * @param string $srv_flags
    305. 

  305.      * @param int $immunity
    306. 

  306.      * @param string $srv_password
    307. 

  307.      * @return int
    308. 

  308.      */
    309. 

  309.     public function AddAdmin($name, $steam, $password, $email, $web_group, $web_flags, $srv_group, $srv_flags, $immunity, $srv_password)
    310. 

  310.     {
    311. 

  311.         if (!empty($password) && strlen($password) < MIN_PASS_LENGTH) {
    312. 

  312.             throw new RuntimeException('Password must be at least ' . MIN_PASS_LENGTH . ' characters long.');
    313. 

  313.         }
    314. 

  314.         if (empty($password)) {
    315. 

  315.             throw new RuntimeException('Password cannot be empty.');
    316. 

  316.         }
    317. 

  317.         $this->dbh->query('INSERT INTO `:prefix_admins` (user, authid, password, gid, email, extraflags, immunity, srv_group, srv_flags, srv_password)
    318. 

  318.                            VALUES (:user, :authid, :password, :gid, :email, :extraflags, :immunity, :srv_group, :srv_flags, :srv_password)');
    319. 

  319.         $this->dbh->bind(':user', $name);
    320. 

  320.         $this->dbh->bind(':authid', str_replace('STEAM_1', 'STEAM_0', $steam));
    321. 

  321.         $this->dbh->bind(':password', password_hash($password, PASSWORD_BCRYPT));
    322. 

  322.         $this->dbh->bind(':gid', $web_group);
    323. 

  323.         $this->dbh->bind(':email', $email);
    324. 

  324.         $this->dbh->bind(':extraflags', $web_flags);
    325. 

  325.         $this->dbh->bind(':immunity', $immunity);
    326. 

  326.         $this->dbh->bind(':srv_group', $srv_group);
    327. 

  327.         $this->dbh->bind(':srv_flags', $srv_flags);
    328. 

  328.         $this->dbh->bind(':srv_password', $srv_password);
    329. 

  329. 

  330.         return ($this->dbh->execute()) ? (int)$this->dbh->lastInsertId() : -1;
    331. 

  331.     }
    332. 

  332. }
    333. 

  333.