| 1: | <?php
|
| 2: | namespace Opencart\System\Library\Cart;
|
| 3: | |
| 4: | |
| 5: | |
| 6: | |
| 7: |
|
| 8: | class User {
|
| 9: | |
| 10: | |
| 11: |
|
| 12: | private object $db;
|
| 13: | |
| 14: | |
| 15: |
|
| 16: | private object $request;
|
| 17: | |
| 18: | |
| 19: |
|
| 20: | private object $session;
|
| 21: | |
| 22: | |
| 23: |
|
| 24: | private int $user_id = 0;
|
| 25: | |
| 26: | |
| 27: |
|
| 28: | private string $username = '';
|
| 29: | |
| 30: | |
| 31: |
|
| 32: | private string $firstname = '';
|
| 33: | |
| 34: | |
| 35: |
|
| 36: | private string $lastname = '';
|
| 37: | |
| 38: | |
| 39: |
|
| 40: | private string $email = '';
|
| 41: | |
| 42: | |
| 43: |
|
| 44: | private int $user_group_id = 0;
|
| 45: | |
| 46: | |
| 47: |
|
| 48: | private array $permission = [];
|
| 49: |
|
| 50: | |
| 51: | |
| 52: | |
| 53: | |
| 54: |
|
| 55: | public function __construct(\Opencart\System\Engine\Registry $registry) {
|
| 56: | $this->db = $registry->get('db');
|
| 57: | $this->request = $registry->get('request');
|
| 58: | $this->session = $registry->get('session');
|
| 59: |
|
| 60: | if (isset($this->session->data['user_id'])) {
|
| 61: | $user_query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "user` WHERE `user_id` = '" . (int)$this->session->data['user_id'] . "' AND `status` = '1'");
|
| 62: |
|
| 63: | if ($user_query->num_rows) {
|
| 64: | $this->user_id = $user_query->row['user_id'];
|
| 65: | $this->username = $user_query->row['username'];
|
| 66: | $this->firstname = $user_query->row['firstname'];
|
| 67: | $this->lastname = $user_query->row['lastname'];
|
| 68: | $this->email = $user_query->row['email'];
|
| 69: | $this->user_group_id = $user_query->row['user_group_id'];
|
| 70: |
|
| 71: | $this->db->query("UPDATE `" . DB_PREFIX . "user` SET `ip` = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "' WHERE `user_id` = '" . (int)$this->session->data['user_id'] . "'");
|
| 72: |
|
| 73: | $user_group_query = $this->db->query("SELECT `permission` FROM `" . DB_PREFIX . "user_group` WHERE `user_group_id` = '" . (int)$user_query->row['user_group_id'] . "'");
|
| 74: |
|
| 75: | $permissions = json_decode($user_group_query->row['permission'], true);
|
| 76: |
|
| 77: | if (is_array($permissions)) {
|
| 78: | foreach ($permissions as $key => $value) {
|
| 79: | $this->permission[$key] = $value;
|
| 80: | }
|
| 81: | }
|
| 82: | } else {
|
| 83: | $this->logout();
|
| 84: | }
|
| 85: | }
|
| 86: | }
|
| 87: |
|
| 88: | |
| 89: | |
| 90: | |
| 91: | |
| 92: | |
| 93: | |
| 94: | |
| 95: |
|
| 96: | public function login(string $username, string $password): bool {
|
| 97: | $user_query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "user` WHERE `username` = '" . $this->db->escape($username) . "' AND `status` = '1'");
|
| 98: |
|
| 99: | if ($user_query->num_rows) {
|
| 100: | if (password_verify($password, $user_query->row['password'])) {
|
| 101: | $rehash = password_needs_rehash($user_query->row['password'], PASSWORD_DEFAULT);
|
| 102: | } elseif (isset($user_query->row['salt']) && $user_query->row['password'] == sha1($user_query->row['salt'] . sha1($user_query->row['salt'] . sha1($password)))) {
|
| 103: | $rehash = true;
|
| 104: | } elseif ($user_query->row['password'] == md5($password)) {
|
| 105: | $rehash = true;
|
| 106: | } else {
|
| 107: | return false;
|
| 108: | }
|
| 109: |
|
| 110: | if ($rehash) {
|
| 111: | $this->db->query("UPDATE `" . DB_PREFIX . "user` SET `password` = '" . $this->db->escape(password_hash($password, PASSWORD_DEFAULT)) . "' WHERE `user_id` = '" . (int)$user_query->row['user_id'] . "'");
|
| 112: | }
|
| 113: |
|
| 114: | $this->session->data['user_id'] = $user_query->row['user_id'];
|
| 115: |
|
| 116: | $this->user_id = $user_query->row['user_id'];
|
| 117: | $this->username = $user_query->row['username'];
|
| 118: | $this->firstname = $user_query->row['firstname'];
|
| 119: | $this->lastname = $user_query->row['lastname'];
|
| 120: | $this->email = $user_query->row['email'];
|
| 121: | $this->user_group_id = $user_query->row['user_group_id'];
|
| 122: |
|
| 123: | $user_group_query = $this->db->query("SELECT `permission` FROM `" . DB_PREFIX . "user_group` WHERE `user_group_id` = '" . (int)$user_query->row['user_group_id'] . "'");
|
| 124: |
|
| 125: | $permissions = json_decode($user_group_query->row['permission'], true);
|
| 126: |
|
| 127: | if (is_array($permissions)) {
|
| 128: | foreach ($permissions as $key => $value) {
|
| 129: | $this->permission[$key] = $value;
|
| 130: | }
|
| 131: | }
|
| 132: |
|
| 133: | return true;
|
| 134: | } else {
|
| 135: | return false;
|
| 136: | }
|
| 137: | }
|
| 138: |
|
| 139: | |
| 140: | |
| 141: | |
| 142: | |
| 143: |
|
| 144: | public function logout(): void {
|
| 145: | unset($this->session->data['user_id']);
|
| 146: |
|
| 147: | $this->user_id = 0;
|
| 148: | $this->username = '';
|
| 149: | $this->firstname = '';
|
| 150: | $this->lastname = '';
|
| 151: | $this->email = '';
|
| 152: | $this->user_group_id = 0;
|
| 153: | }
|
| 154: |
|
| 155: | |
| 156: | |
| 157: | |
| 158: | |
| 159: | |
| 160: | |
| 161: | |
| 162: |
|
| 163: | public function hasPermission(string $key, string $value): bool {
|
| 164: | if (isset($this->permission[$key])) {
|
| 165: | return in_array($value, $this->permission[$key]);
|
| 166: | } else {
|
| 167: | return false;
|
| 168: | }
|
| 169: | }
|
| 170: |
|
| 171: | |
| 172: | |
| 173: | |
| 174: | |
| 175: |
|
| 176: | public function isLogged(): bool {
|
| 177: | return $this->user_id ? true : false;
|
| 178: | }
|
| 179: |
|
| 180: | |
| 181: | |
| 182: | |
| 183: | |
| 184: |
|
| 185: | public function getId(): int {
|
| 186: | return $this->user_id;
|
| 187: | }
|
| 188: |
|
| 189: | |
| 190: | |
| 191: | |
| 192: | |
| 193: |
|
| 194: | public function getUserName(): string {
|
| 195: | return $this->username;
|
| 196: | }
|
| 197: |
|
| 198: | |
| 199: | |
| 200: | |
| 201: | |
| 202: |
|
| 203: | public function getFirstName(): string {
|
| 204: | return $this->firstname;
|
| 205: | }
|
| 206: |
|
| 207: | |
| 208: | |
| 209: | |
| 210: | |
| 211: |
|
| 212: | public function getLastName(): string {
|
| 213: | return $this->lastname;
|
| 214: | }
|
| 215: |
|
| 216: | |
| 217: | |
| 218: | |
| 219: | |
| 220: |
|
| 221: | public function getEmail(): string {
|
| 222: | return $this->email;
|
| 223: | }
|
| 224: |
|
| 225: | |
| 226: | |
| 227: | |
| 228: | |
| 229: |
|
| 230: | public function getGroupId(): int {
|
| 231: | return $this->user_group_id;
|
| 232: | }
|
| 233: | }
|
| 234: | |