website/sources/backend/lib/account.php

<?php 
	#--------------------#
	#----- by 4nima -----#
	#----- v. 1.3.1 -----#
	#-- coding@4nima.de -#
	#--------------------#

	#>> Verbessungsideen
		#> Errorcodes einbauen
		#> DB in Eigenschaften einbinden

class Account {

	#> Usergrunddaten (änderbar)
	public $username; 
	public $uid;
	public $permit;
	public $email;
	public $token;

	#> Usergrunddaten (unveränderbar)
	private $password;
	private $userip = USER_IP;

	#> Login Einstellungen
	public $maxLoginTime = LOGIN_FAIL_TIME;

	#> Mail Einstellungen (für neue User Mails)
	// Mail-Text in Konfig einplfegen (Bei Mail muss der Token angehabgen werden)
	public $mailFrom	= MAIL_FROM;
	public $mailSubject = MAIL_SUBJECT;
	public $mailText 	= MAIL_TEXT;
	public $mailPage	= MAIL_PAGE;
	public $mailFooter 	= MAIL_FOOTER;

	// public $db;

	public function __construct() {

	}

	# >>> static functions <<< 

	#>> Liest Accounts aus der DB entsprechend der Einstellung aus und gibt diese zurück
	public static function accountList($db, $type = '') {
		$db->query('
			SELECT * 
			FROM accounts
			WHERE active = :active
		');
		switch ($type) {
			case 'All':
				$db->query('
					SELECT *
					FROM accounts
				');
				break;

			case 'Deactivate':
				$db->bind(':active', 0);
				break;
			
			case 'Active':
				$db->bind(':active', 1);
				break;

			case 'Not Active':
				$db->bind(':active', 2);
				break;
			
			default:
				$db->query('
					SELECT *
					FROM accounts
					WHERE active > 0
				');
				break;
		}
		$accounts = $db->resultset();
		if ($accounts) {
			return $accounts;
		} else {return FALSE;}
	}


	# >>> public functions <<< 

	#>> (Zwischen)Speichert einen User wenn alle Vorgaben erfüllt sind
	public function newUser($user, $pass, $mail = '') {
		if ($user != '' && $pass != '') {
			if ($this->checkUser($user) && $this->checkPass($pass)) {
				$this->username = $user;
				$this->password = $this->hashPass($pass);
				if ($mail == '' || $this->checkMail($mail)) {
					$this->email = $mail;
					return TRUE; 
				} else {return FALSE;}
			} else {return FALSE;}
		} else {return FALSE;}
	}

	#>> Speichert den User in der Datenbank und versendet bei Hinterlegter E-Mail eine bestätigung
	public function saveUser($db, $permit = 100) {
		if ($this->username != '' && $this->password != '') {
			$db->query('
				SELECT username
				FROM accounts
				WHERE username = :user
			');
			$db->bind(':user', $this->username);
			$checkUsername = $db->resultset();

			if ($checkUsername[0]['username'] == '') {
				$time = time();
				$this->token = md5($time.$this->username);
				$db->query('
					INSERT INTO accounts
						(username, uid, email, passHash, permit, created, tokenTime, token, active)
					VALUES
						(:user, :uid, :mail, :pass, :permit, :time, :time, :token, 2)
				');
				$db->bind(':user', $this->username);
				$db->bind(':mail', $this->email);
				$db->bind(':pass', $this->password);
				$db->bind(':permit', $permit);
				$db->bind(':time', $time);
				$db->bind(':token', $this->token);
				$db->execute();

				if ($this->email != '') {
					$mailContent = 'Hallo '.$this->usernmae;
					$mailContent .= '<br>';
					$mailContent .= $this->mailText;
					$mailContent .= '<br>';
					$mailContent .= $this->mailPage;
					$mailContent .= $this->token;
					$mailContent .= '<br>';
					$mailContent .= $this->mailFooter;
					mail($this->email, 
						$this->mailSubject,
						$mailContent, 
						$this->mailFrom
					);
				}
				return TRUE;
			} else {return FALSE;}
		} else {return FALSE;}
	}

	#>> Prüft ob von dieser IP mehr als X fehlgeschlagene Login versuche kamen
	public function notBlocked($db, $trys = 5) {
		$db->query('
			SELECT result 
			FROM logLogin
			WHERE result = 0
			AND fromIp = :ip
			AND time > :time
		');
		$db->bind(':ip', $this->userip);
		$db->bind(':time', $this->maxLoginTime);
		$loginFails = $db->resultset();

		if (count($loginFails[0]['result']) <= $trys) {
			// Versuche und Zeit in Config aufnehmen
			return TRUE;
		} else {return FALSE;}
	}

	#>> Prüft die Eingaben und gleicht diese dann mit der Datenbank ab
	public function login($db, $user, $pass) {
		$loginTry = FALSE;

		if ($this->notBlocked($db)) {
			if ($this->checkUser($user) && $this->checkPass($pass)) {
				$db->query('
					SELECT uid, passHash, permit
					FROM accounts
					WHERE active = 1
					AND username = :user
				');
				$db->bind(':user', $user);
				$login = $db->resultset();
				if (password_verify($pass, $login[0]['passHash'])) {
					$this->username = $user; 
					$this->uid 		= $login[0]['uid'];
					$this->permit 	= $login[0]['permit'];
					$loginTry = TRUE; 
				} 
			} 
		} 

		$db->query('
			INSERT INTO logLogin
				(usedName, time, fromIp, result)
			VALUES 
				(:user, :time, :ip, :result)
		');
		$db->bind(':user', $user);
		$db->bind(':time', time());
		$db->bind(':ip', $this->userip);
		$db->bind(':result', $loginTry);
		$db->execute();

		if ($loginTry) {
			return TRUE;
		} else {return FALSE;};
	}

	#>> Prüft ob die UID mit der in der DB übereinstimmen und setzt den Permit neu
	public function checkLogin($db) {
		$uid = $this->uid;
		$db->query('
			SELECT username, permit
			FROM accounts
			WHERE active = 1
			AND uid = :uid
		');
		$db->bind(':uid', $uid);
		$login = $db->resultset();
		if ($login[0]['permit'] > 0) {
			$this->username = $login[0]['username'];
			$this->permit 	= $login[0]['permit'];
			return TRUE;
		} else {return FALSE;}
	}

	#>> Prüft den Eingetragenen Token mit in der DB ab und setzt bei erfolg den Account auf Aktiv (1)
	public function confirmAcc($db) {
		if ($this->uid != '' || $this->token != '') {
			$db->query('
				SELECT token 
				FROM accounts
				WHERE active = 2
				AND uid = :uid
			');
			$db->bind(':uid', $this->uid);
			$token = $db->resultset();
			if ($token[0]['token'] == $this->token) {
				$db->query('
					UPDATE accounts
					SET token 	= "", 
						active 	= 1
					WHERE uid = :uid
				');
				$db->bind(':uid', $this->uid);
				$db->execute();
				return TRUE;
			} else {return FALSE;}
		} else {return FALSE;}
	}

	#>> Prüft ob das alte Passwort (in Eigenschaft gespeichert) dem in der DB entspricht und Prüft neues Passwort auf anforderungen, danach Ientrag in DB
	public function switchPass($db, $newPass) {
		if ($this->password != '' && $newPass != '') {
			if (checkPass($this->password) && checkPass($newPass)) {
				$db->query('
					SELECT password
					FROM accounts
					WHERE uid = :uid
				');
				$db->bind(':uid', $this->uid);
				$db->bind(':pass', $this->password);
				$pass = $db->resultset();
				if (password_verify($this->password, $login[0]['passHash'])) {
					$newPass = hashPass($newPass);
					$db->query('
						UPDATE accounts
						SET passHash = :pass
						WHERE uid = :uid
					');
					$db->bind(':uid', $this->uid);
					$db->bind(':pass', $newPass);
					$db->execute();
					return TRUE;
				} else {return FALSE;}
			} else {return FALSE;}
		} else {return FALSE;}
	}

	#>> Deaktiviert einen Account dessen UID in den Eigenschfaten gespeichert ist
	public function deactivateAccount($db) {
		if ($this->uid != '') {
			$db->query('
				UPDATE accounts
				SET active = 0
				WHERE uid = :uid
			');		
			$db->bind(':uid', $this->uid);
			$db->execute();
			return TRUE;
		} else {return FALSE;}
	}

	# >>> private functions <<<  

	#>> Prüft einen String auf bestimmte Inhalte und gibt ihn entsprechend Formatiert zurück
	private function checkString($string) {
		$string = htmlentities($string); 
		return $string;
	}


	#>> Prüft ob der Username keine Sonderzeichen enthält
	private function checkUser($user) {
		if (!preg_match('#[!-/:-@\[-`{-~]#', $this->checkString($user)) && strlen($user) <= 50) {
			return TRUE;
		} else {return FALSE;}
	}

	#>> Prüft das Passwort auf ausreichende Komplexität
	private function checkPass($pass) {
		if ($this->checkString($pass) === $pass) {
			if (strlen($pass) > 8
				&& preg_match('`[A-Z]`',$pass)
				&& preg_match('`[a-z]`',$pass) 
				&& preg_match('`[0-9]`',$pass)
				&& preg_match('#[!-/:-@\[-`{-~]#',$pass)
			) {
				return TRUE;
			} else {return FALSE;}
		} else {return FALSE;}
	}

	#>> hasht das Passwort 
	private function hashPass($pass) {
		return password_hash($pass, PASSWORD_DEFAULT);
	}

	#>> Prüft E-Mail auf korrekte Syntax & den Host auf existenz
	private function checkMail($mail) {
		if (filter_var($mail, FILTER_VALIDATE_EMAIL)) { 
			$hostname = preg_replace('/^.*@/', '', $mail);
    		if (count(dns_get_record($hostname))) {
    			return TRUE;
    			// Eriwetung: Prüfung ob E-Mails tatsächlich existieren
			} else {return FALSE;}
		} else {return FALSE;}
	}

	# >> Firststeps << 

	public static function createDB($db) {
		// 
		// $db->query('
		// 	CREATE TABLE `network`.`accounts` (
		// 	  `idAcc` INT NOT NULL AUTO_INCREMENT,
		// 	  `username` VARCHAR(50) NOT NULL,
		// 	  `uid` VARCHAR(256) NOT NULL,
		// 	  `email` VARCHAR(50) NULL,
		// 	  `passHash` VARCHAR(256) NOT NULL,
		// 	  `permit` INT(3) NOT NULL DEFAULT 100,
		// 	  `tokenTime` INT(25) NULL DEFAULT 0,
		// 	  `token` VARCHAR(256) NULL,
		// 	  `created` INT(25) NOT NULL DEFAULT 0,
		// 	  `active` INT(1) NOT NULL DEFAULT 0 COMMENT '0 = Deaktiviert\n1 = Aktiv \n2 = Warte auf AKtivierung\n3 = PW wechel Reset',
		// 	  PRIMARY KEY (`idAcc`))
		// 	COMMENT = 'Userverwaltung by 4nima, coding@4nima.de';
		// ');


		// CREATE TABLE `network`.`logLogin` (
		//   `idLogin` INT NOT NULL AUTO_INCREMENT,
		//   `usedName` VARCHAR(50) NOT NULL COMMENT 'Welcher Username genutzt wurde',
		//   `fromIp` VARCHAR(15) NOT NULL COMMENT 'Von welcher IP kam der Versuch\n',
		//   `time` VARCHAR(25) NOT NULL COMMENT 'wann war der Versuch\n',
		//   `success` INT(1) NOT NULL COMMENT 'Hatte der Versuch erfolg\n',
		//   PRIMARY KEY (`idLogin`))
		// COMMENT = 'Accountverwaltung by 4nima, coding@4nima.de';

	}
}
?>