| 1: | <?php
|
| 2: | namespace Opencart\Admin\Model\User;
|
| 3: | |
| 4: | |
| 5: | |
| 6: | |
| 7: |
|
| 8: | class User extends \Opencart\System\Engine\Model {
|
| 9: | |
| 10: | |
| 11: | |
| 12: | |
| 13: | |
| 14: | |
| 15: |
|
| 16: | public function addUser(array $data): int {
|
| 17: | $this->db->query("INSERT INTO `" . DB_PREFIX . "user` SET `username` = '" . $this->db->escape((string)$data['username']) . "', `user_group_id` = '" . (int)$data['user_group_id'] . "', `password` = '" . $this->db->escape(password_hash(html_entity_decode($data['password'], ENT_QUOTES, 'UTF-8'), PASSWORD_DEFAULT)) . "', `firstname` = '" . $this->db->escape((string)$data['firstname']) . "', `lastname` = '" . $this->db->escape((string)$data['lastname']) . "', `email` = '" . $this->db->escape((string)$data['email']) . "', `image` = '" . $this->db->escape((string)$data['image']) . "', `status` = '" . (bool)($data['status'] ?? 0) . "', `date_added` = NOW()");
|
| 18: |
|
| 19: | return $this->db->getLastId();
|
| 20: | }
|
| 21: |
|
| 22: | |
| 23: | |
| 24: | |
| 25: | |
| 26: | |
| 27: | |
| 28: | |
| 29: |
|
| 30: | public function editUser(int $user_id, array $data): void {
|
| 31: | $this->db->query("UPDATE `" . DB_PREFIX . "user` SET `username` = '" . $this->db->escape((string)$data['username']) . "', `user_group_id` = '" . (int)$data['user_group_id'] . "', `firstname` = '" . $this->db->escape((string)$data['firstname']) . "', `lastname` = '" . $this->db->escape((string)$data['lastname']) . "', `email` = '" . $this->db->escape((string)$data['email']) . "', `image` = '" . $this->db->escape((string)$data['image']) . "', `status` = '" . (bool)($data['status'] ?? 0) . "' WHERE `user_id` = '" . (int)$user_id . "'");
|
| 32: |
|
| 33: | if ($data['password']) {
|
| 34: | $this->db->query("UPDATE `" . DB_PREFIX . "user` SET `password` = '" . $this->db->escape(password_hash(html_entity_decode($data['password'], ENT_QUOTES, 'UTF-8'), PASSWORD_DEFAULT)) . "' WHERE `user_id` = '" . (int)$user_id . "'");
|
| 35: | }
|
| 36: | }
|
| 37: |
|
| 38: | |
| 39: | |
| 40: | |
| 41: | |
| 42: | |
| 43: | |
| 44: | |
| 45: |
|
| 46: | public function editPassword(int $user_id, $password): void {
|
| 47: | $this->db->query("UPDATE `" . DB_PREFIX . "user` SET `password` = '" . $this->db->escape(password_hash(html_entity_decode($password, ENT_QUOTES, 'UTF-8'), PASSWORD_DEFAULT)) . "', `code` = '' WHERE `user_id` = '" . (int)$user_id . "'");
|
| 48: | }
|
| 49: |
|
| 50: | |
| 51: | |
| 52: | |
| 53: | |
| 54: | |
| 55: | |
| 56: | |
| 57: |
|
| 58: | public function editCode(string $email, string $code): void {
|
| 59: | $this->db->query("UPDATE `" . DB_PREFIX . "user` SET `code` = '" . $this->db->escape($code) . "' WHERE LCASE(`email`) = '" . $this->db->escape(oc_strtolower($email)) . "'");
|
| 60: | }
|
| 61: |
|
| 62: | |
| 63: | |
| 64: | |
| 65: | |
| 66: | |
| 67: | |
| 68: |
|
| 69: | public function deleteUser(int $user_id): void {
|
| 70: | $this->db->query("DELETE FROM `" . DB_PREFIX . "user` WHERE `user_id` = '" . (int)$user_id . "'");
|
| 71: |
|
| 72: | $this->deleteAuthorizes($user_id);
|
| 73: | $this->deleteLogins($user_id);
|
| 74: | }
|
| 75: |
|
| 76: | |
| 77: | |
| 78: | |
| 79: | |
| 80: | |
| 81: | |
| 82: |
|
| 83: | public function getUser(int $user_id): array {
|
| 84: | $query = $this->db->query("SELECT *, (SELECT ug.`name` FROM `" . DB_PREFIX . "user_group` ug WHERE ug.`user_group_id` = u.`user_group_id`) AS user_group FROM `" . DB_PREFIX . "user` u WHERE u.`user_id` = '" . (int)$user_id . "'");
|
| 85: |
|
| 86: | return $query->row;
|
| 87: | }
|
| 88: |
|
| 89: | |
| 90: | |
| 91: | |
| 92: | |
| 93: | |
| 94: | |
| 95: |
|
| 96: | public function getUserByUsername(string $username): array {
|
| 97: | $query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "user` WHERE `username` = '" . $this->db->escape($username) . "'");
|
| 98: |
|
| 99: | return $query->row;
|
| 100: | }
|
| 101: |
|
| 102: | |
| 103: | |
| 104: | |
| 105: | |
| 106: | |
| 107: | |
| 108: |
|
| 109: | public function getUserByEmail(string $email): array {
|
| 110: | $query = $this->db->query("SELECT DISTINCT * FROM `" . DB_PREFIX . "user` WHERE LCASE(`email`) = '" . $this->db->escape(oc_strtolower($email)) . "'");
|
| 111: |
|
| 112: | return $query->row;
|
| 113: | }
|
| 114: |
|
| 115: | |
| 116: | |
| 117: | |
| 118: | |
| 119: | |
| 120: | |
| 121: |
|
| 122: | public function getUserByCode(string $code): array {
|
| 123: | $query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "user` WHERE `code` = '" . $this->db->escape($code) . "' AND `code` != ''");
|
| 124: |
|
| 125: | return $query->row;
|
| 126: | }
|
| 127: |
|
| 128: | |
| 129: | |
| 130: | |
| 131: | |
| 132: | |
| 133: | |
| 134: |
|
| 135: | public function getUsers(array $data = []): array {
|
| 136: | $sql = "SELECT *, CONCAT(`u`.`firstname`, ' ', `u`.`lastname`) AS `name`, (SELECT `ug`.`name` FROM `" . DB_PREFIX . "user_group` `ug` WHERE `ug`.`user_group_id` = `u`.`user_group_id`) AS user_group FROM `" . DB_PREFIX . "user` `u`";
|
| 137: |
|
| 138: | $implode = [];
|
| 139: |
|
| 140: | if (!empty($data['filter_username'])) {
|
| 141: | $implode[] = "LCASE(`u`.`username`) LIKE '" . $this->db->escape(oc_strtolower($data['filter_username']) . '%') . "'";
|
| 142: | }
|
| 143: |
|
| 144: | if (!empty($data['filter_name'])) {
|
| 145: | $implode[] = "LCASE(CONCAT(`u`.`firstname`, ' ', `u`.`lastname`)) LIKE '" . $this->db->escape('%' . oc_strtolower($data['filter_name']) . '%') . "'";
|
| 146: | }
|
| 147: |
|
| 148: | if (!empty($data['filter_email'])) {
|
| 149: | $implode[] = "LCASE(`u`.`email`) LIKE '" . $this->db->escape(oc_strtolower($data['filter_email']) . '%') . "'";
|
| 150: | }
|
| 151: |
|
| 152: | if (!empty($data['filter_user_group_id'])) {
|
| 153: | $implode[] = "`u`.`user_group_id` = '" . (int)$data['filter_user_group_id'] . "'";
|
| 154: | }
|
| 155: |
|
| 156: | if (!empty($data['filter_ip'])) {
|
| 157: | $implode[] = "`u`.`user_id` IN (SELECT `user_id` FROM `" . DB_PREFIX . "user_login` WHERE `ip` LIKE '" . $this->db->escape('%' . oc_strtolower($data['filter_ip']) . '%') . "')";
|
| 158: | }
|
| 159: |
|
| 160: | if (isset($data['filter_status']) && $data['filter_status'] !== '') {
|
| 161: | $implode[] = "`u`.`status` = '" . (int)$data['filter_status'] . "'";
|
| 162: | }
|
| 163: |
|
| 164: | if ($implode) {
|
| 165: | $sql .= " WHERE " . implode(" AND ", $implode);
|
| 166: | }
|
| 167: |
|
| 168: | $sort_data = [
|
| 169: | 'username',
|
| 170: | 'name',
|
| 171: | 'u.email',
|
| 172: | 'user_group',
|
| 173: | 'status',
|
| 174: | 'ip',
|
| 175: | 'u.date_added'
|
| 176: | ];
|
| 177: |
|
| 178: | if (isset($data['sort']) && in_array($data['sort'], $sort_data)) {
|
| 179: | $sql .= " ORDER BY " . $data['sort'];
|
| 180: | } else {
|
| 181: | $sql .= " ORDER BY `username`";
|
| 182: | }
|
| 183: |
|
| 184: | if (isset($data['order']) && ($data['order'] == 'DESC')) {
|
| 185: | $sql .= " DESC";
|
| 186: | } else {
|
| 187: | $sql .= " ASC";
|
| 188: | }
|
| 189: |
|
| 190: | if (isset($data['start']) || isset($data['limit'])) {
|
| 191: | if ($data['start'] < 0) {
|
| 192: | $data['start'] = 0;
|
| 193: | }
|
| 194: |
|
| 195: | if ($data['limit'] < 1) {
|
| 196: | $data['limit'] = 20;
|
| 197: | }
|
| 198: |
|
| 199: | $sql .= " LIMIT " . (int)$data['start'] . "," . (int)$data['limit'];
|
| 200: | }
|
| 201: |
|
| 202: | $query = $this->db->query($sql);
|
| 203: |
|
| 204: | return $query->rows;
|
| 205: | }
|
| 206: |
|
| 207: | |
| 208: | |
| 209: | |
| 210: | |
| 211: | |
| 212: | |
| 213: |
|
| 214: | public function getTotalUsers(array $data = []): int {
|
| 215: | $sql = "SELECT COUNT(*) AS `total` FROM `" . DB_PREFIX . "user` `u` ";
|
| 216: |
|
| 217: | $implode = [];
|
| 218: |
|
| 219: | if (!empty($data['filter_username'])) {
|
| 220: | $implode[] = "LCASE(`u`.`username`) LIKE '" . $this->db->escape(oc_strtolower($data['filter_username']) . '%') . "'";
|
| 221: | }
|
| 222: |
|
| 223: | if (!empty($data['filter_name'])) {
|
| 224: | $implode[] = "LCASE(CONCAT(`u`.`firstname`, ' ', `u`.`lastname`)) LIKE '" . $this->db->escape('%' . oc_strtolower($data['filter_name']) . '%') . "'";
|
| 225: | }
|
| 226: |
|
| 227: | if (!empty($data['filter_email'])) {
|
| 228: | $implode[] = "LCASE(`u`.`email`) LIKE '" . $this->db->escape(oc_strtolower($data['filter_email']) . '%') . "'";
|
| 229: | }
|
| 230: |
|
| 231: | if (!empty($data['filter_user_group_id'])) {
|
| 232: | $implode[] = "`u`.`user_group_id` = '" . (int)$data['filter_user_group_id'] . "'";
|
| 233: | }
|
| 234: |
|
| 235: | if (!empty($data['filter_ip'])) {
|
| 236: | $implode[] = "`u`.`user_id` IN (SELECT `user_id` FROM `" . DB_PREFIX . "user_login` WHERE `ip` LIKE '" . $this->db->escape('%' . oc_strtolower($data['filter_ip']) . '%') . "')";
|
| 237: | }
|
| 238: |
|
| 239: | if (isset($data['filter_status']) && $data['filter_status'] !== '') {
|
| 240: | $implode[] = "`u`.`status` = '" . (int)$data['filter_status'] . "'";
|
| 241: | }
|
| 242: |
|
| 243: | if ($implode) {
|
| 244: | $sql .= " WHERE " . implode(" AND ", $implode);
|
| 245: | }
|
| 246: |
|
| 247: | $query = $this->db->query($sql);
|
| 248: |
|
| 249: | return (int)$query->row['total'];
|
| 250: | }
|
| 251: |
|
| 252: | |
| 253: | |
| 254: | |
| 255: | |
| 256: | |
| 257: | |
| 258: |
|
| 259: | public function getTotalUsersByGroupId(int $user_group_id): int {
|
| 260: | $query = $this->db->query("SELECT COUNT(*) AS `total` FROM `" . DB_PREFIX . "user` WHERE `user_group_id` = '" . (int)$user_group_id . "'");
|
| 261: |
|
| 262: | return (int)$query->row['total'];
|
| 263: | }
|
| 264: |
|
| 265: | |
| 266: | |
| 267: | |
| 268: | |
| 269: | |
| 270: | |
| 271: |
|
| 272: | public function getTotalUsersByEmail(string $email): int {
|
| 273: | $query = $this->db->query("SELECT COUNT(*) AS `total` FROM `" . DB_PREFIX . "user` WHERE LCASE(`email`) = '" . $this->db->escape(oc_strtolower($email)) . "'");
|
| 274: |
|
| 275: | return (int)$query->row['total'];
|
| 276: | }
|
| 277: |
|
| 278: | |
| 279: | |
| 280: | |
| 281: | |
| 282: | |
| 283: | |
| 284: | |
| 285: |
|
| 286: | public function addLogin(int $user_id, array $data): void {
|
| 287: | $this->db->query("INSERT INTO `" . DB_PREFIX . "user_login` SET `user_id` = '" . (int)$user_id . "', `ip` = '" . $this->db->escape($data['ip']) . "', `user_agent` = '" . $this->db->escape($data['user_agent']) . "', `date_added` = NOW()");
|
| 288: | }
|
| 289: |
|
| 290: | |
| 291: | |
| 292: | |
| 293: | |
| 294: | |
| 295: | |
| 296: |
|
| 297: | public function deleteLogins(int $user_id): void {
|
| 298: | $this->db->query("DELETE FROM `" . DB_PREFIX . "user_login` WHERE `user_id` = '" . (int)$user_id . "'");
|
| 299: | }
|
| 300: |
|
| 301: | |
| 302: | |
| 303: | |
| 304: | |
| 305: | |
| 306: | |
| 307: | |
| 308: | |
| 309: |
|
| 310: | public function getLogins(int $user_id, int $start = 0, int $limit = 10): array {
|
| 311: | if ($start < 0) {
|
| 312: | $start = 0;
|
| 313: | }
|
| 314: |
|
| 315: | if ($limit < 1) {
|
| 316: | $limit = 10;
|
| 317: | }
|
| 318: |
|
| 319: | $query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "user_login` WHERE `user_id` = '" . (int)$user_id . "' LIMIT " . (int)$start . "," . (int)$limit);
|
| 320: |
|
| 321: | if ($query->num_rows) {
|
| 322: | return $query->rows;
|
| 323: | } else {
|
| 324: | return [];
|
| 325: | }
|
| 326: | }
|
| 327: |
|
| 328: | |
| 329: | |
| 330: | |
| 331: | |
| 332: | |
| 333: | |
| 334: |
|
| 335: | public function getTotalLogins(int $user_id): int {
|
| 336: | $query = $this->db->query("SELECT COUNT(*) AS `total` FROM `" . DB_PREFIX . "user_login` WHERE `user_id` = '" . (int)$user_id . "'");
|
| 337: |
|
| 338: | if ($query->num_rows) {
|
| 339: | return (int)$query->row['total'];
|
| 340: | } else {
|
| 341: | return 0;
|
| 342: | }
|
| 343: | }
|
| 344: |
|
| 345: | |
| 346: | |
| 347: | |
| 348: | |
| 349: | |
| 350: | |
| 351: | |
| 352: |
|
| 353: | public function addAuthorize(int $user_id, array $data): void {
|
| 354: | $this->db->query("INSERT INTO `" . DB_PREFIX . "user_authorize` SET `user_id` = '" . (int)$user_id . "', `token` = '" . $this->db->escape($data['token']) . "', `ip` = '" . $this->db->escape($data['ip']) . "', `user_agent` = '" . $this->db->escape($data['user_agent']) . "', `date_added` = NOW()");
|
| 355: | }
|
| 356: |
|
| 357: | |
| 358: | |
| 359: | |
| 360: | |
| 361: | |
| 362: | |
| 363: | |
| 364: |
|
| 365: | public function editAuthorizeStatus(int $user_authorize_id, bool $status): void {
|
| 366: | $this->db->query("UPDATE `" . DB_PREFIX . "user_authorize` SET `status` = '" . (bool)$status . "' WHERE `user_authorize_id` = '" . (int)$user_authorize_id . "'");
|
| 367: | }
|
| 368: |
|
| 369: | |
| 370: | |
| 371: | |
| 372: | |
| 373: | |
| 374: | |
| 375: | |
| 376: |
|
| 377: | public function editAuthorizeTotal(int $user_authorize_id, int $total): void {
|
| 378: | $this->db->query("UPDATE `" . DB_PREFIX . "user_authorize` SET `total` = '" . (int)$total . "' WHERE `user_authorize_id` = '" . (int)$user_authorize_id . "'");
|
| 379: | }
|
| 380: |
|
| 381: | |
| 382: | |
| 383: | |
| 384: | |
| 385: | |
| 386: | |
| 387: | |
| 388: |
|
| 389: | public function editAuthorizeTotalByUserId(int $user_id, int $total): void {
|
| 390: | $this->db->query("UPDATE `" . DB_PREFIX . "user_authorize` SET `total` = '" . (int)$total . "' WHERE `user_id` = '" . (int)$user_id . "'");
|
| 391: | }
|
| 392: |
|
| 393: | |
| 394: | |
| 395: | |
| 396: | |
| 397: | |
| 398: | |
| 399: | |
| 400: |
|
| 401: | public function deleteAuthorizes(int $user_id, int $user_authorize_id = 0): void {
|
| 402: | $sql = "DELETE FROM `" . DB_PREFIX . "user_authorize` WHERE `user_id` = '" . (int)$user_id . "'";
|
| 403: |
|
| 404: | if ($user_authorize_id) {
|
| 405: | $sql .= " AND `user_authorize_id` = '" . (int)$user_authorize_id . "'";
|
| 406: | }
|
| 407: |
|
| 408: | $this->db->query($sql);
|
| 409: | }
|
| 410: |
|
| 411: | |
| 412: | |
| 413: | |
| 414: | |
| 415: | |
| 416: | |
| 417: |
|
| 418: | public function getAuthorize(int $user_authorize_id): array {
|
| 419: | $query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "user_authorize` WHERE `user_authorize_id` = '" . (int)$user_authorize_id . "'");
|
| 420: |
|
| 421: | return $query->row;
|
| 422: | }
|
| 423: |
|
| 424: | |
| 425: | |
| 426: | |
| 427: | |
| 428: | |
| 429: | |
| 430: | |
| 431: |
|
| 432: | public function getAuthorizeByToken(int $user_id, string $token): array {
|
| 433: | $query = $this->db->query("SELECT *, (SELECT SUM(`total`) FROM `" . DB_PREFIX . "user_authorize` WHERE `user_id` = '" . (int)$user_id . "') AS `attempts` FROM `" . DB_PREFIX . "user_authorize` WHERE `user_id` = '" . (int)$user_id . "' AND `token` = '" . $this->db->escape($token) . "'");
|
| 434: |
|
| 435: | return $query->row;
|
| 436: | }
|
| 437: |
|
| 438: | |
| 439: | |
| 440: | |
| 441: | |
| 442: | |
| 443: | |
| 444: | |
| 445: | |
| 446: |
|
| 447: | public function getAuthorizes(int $user_id, int $start = 0, int $limit = 10): array {
|
| 448: | if ($start < 0) {
|
| 449: | $start = 0;
|
| 450: | }
|
| 451: |
|
| 452: | if ($limit < 1) {
|
| 453: | $limit = 10;
|
| 454: | }
|
| 455: |
|
| 456: | $query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "user_authorize` WHERE `user_id` = '" . (int)$user_id . "' LIMIT " . (int)$start . "," . (int)$limit);
|
| 457: |
|
| 458: | if ($query->num_rows) {
|
| 459: | return $query->rows;
|
| 460: | } else {
|
| 461: | return [];
|
| 462: | }
|
| 463: | }
|
| 464: |
|
| 465: | |
| 466: | |
| 467: | |
| 468: | |
| 469: | |
| 470: | |
| 471: |
|
| 472: | public function getTotalAuthorizes(int $user_id): int {
|
| 473: | $query = $this->db->query("SELECT COUNT(*) AS `total` FROM `" . DB_PREFIX . "user_authorize` WHERE `user_id` = '" . (int)$user_id . "'");
|
| 474: |
|
| 475: | if ($query->num_rows) {
|
| 476: | return (int)$query->row['total'];
|
| 477: | } else {
|
| 478: | return 0;
|
| 479: | }
|
| 480: | }
|
| 481: | }
|
| 482: | |