1<?php 2/** 3 * webtrees: online genealogy 4 * Copyright (C) 2018 webtrees development team 5 * This program is free software: you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation, either version 3 of the License, or 8 * (at your option) any later version. 9 * This program is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * You should have received a copy of the GNU General Public License 14 * along with this program. If not, see <http://www.gnu.org/licenses/>. 15 */ 16declare(strict_types=1); 17 18namespace Fisharebest\Webtrees; 19 20use stdClass; 21 22/** 23 * Provide an interface to the wt_user table. 24 */ 25class User 26{ 27 /** @var int The primary key of this user. */ 28 private $user_id; 29 30 /** @var string The login name of this user. */ 31 private $user_name; 32 33 /** @var string The real (display) name of this user. */ 34 private $real_name; 35 36 /** @var string The email address of this user. */ 37 private $email; 38 39 /** @var string[] Cached copy of the wt_user_setting table. */ 40 private $preferences = []; 41 42 /** @var User[]|null[] Only fetch users from the database once. */ 43 private static $cache = []; 44 45 /** 46 * Create a new user object from a row in the database. 47 * 48 * @param stdClass $user A row from the wt_user table 49 */ 50 public function __construct(stdClass $user) 51 { 52 $this->user_id = (int) $user->user_id; 53 $this->user_name = $user->user_name; 54 $this->real_name = $user->real_name; 55 $this->email = $user->email; 56 } 57 58 /** 59 * Create a new user. 60 * The calling code needs to check for duplicates identifiers before calling 61 * this function. 62 * 63 * @param string $user_name 64 * @param string $real_name 65 * @param string $email 66 * @param string $password 67 * 68 * @return User 69 */ 70 public static function create($user_name, $real_name, $email, $password): User 71 { 72 Database::prepare( 73 "INSERT INTO `##user` (user_name, real_name, email, password) VALUES (:user_name, :real_name, :email, :password)" 74 )->execute([ 75 'user_name' => $user_name, 76 'real_name' => $real_name, 77 'email' => $email, 78 'password' => password_hash($password, PASSWORD_DEFAULT), 79 ]); 80 81 // Set default blocks for this user 82 $user = self::findByIdentifier($user_name); 83 Database::prepare( 84 "INSERT INTO `##block` (`user_id`, `location`, `block_order`, `module_name`)" . 85 " SELECT :user_id , `location`, `block_order`, `module_name` FROM `##block` WHERE `user_id` = -1" 86 )->execute([ 87 'user_id' => $user->getUserId(), 88 ]); 89 90 return $user; 91 } 92 93 /** 94 * Delete a user 95 * 96 * @return void 97 */ 98 public function delete() 99 { 100 // Don't delete the logs. 101 Database::prepare("UPDATE `##log` SET user_id=NULL WHERE user_id =?")->execute([$this->user_id]); 102 // Take over the user’s pending changes. (What else could we do with them?) 103 Database::prepare("DELETE FROM `##change` WHERE user_id=? AND status='rejected'")->execute([$this->user_id]); 104 Database::prepare("UPDATE `##change` SET user_id=? WHERE user_id=?")->execute([ 105 Auth::id(), 106 $this->user_id, 107 ]); 108 Database::prepare("DELETE `##block_setting` FROM `##block_setting` JOIN `##block` USING (block_id) WHERE user_id=?")->execute([$this->user_id]); 109 Database::prepare("DELETE FROM `##block` WHERE user_id=?")->execute([$this->user_id]); 110 Database::prepare("DELETE FROM `##user_gedcom_setting` WHERE user_id=?")->execute([$this->user_id]); 111 Database::prepare("DELETE FROM `##gedcom_setting` WHERE setting_value=? AND setting_name IN ('CONTACT_USER_ID', 'WEBMASTER_USER_ID')")->execute([(string) $this->user_id]); 112 Database::prepare("DELETE FROM `##user_setting` WHERE user_id=?")->execute([$this->user_id]); 113 Database::prepare("DELETE FROM `##message` WHERE user_id=?")->execute([$this->user_id]); 114 Database::prepare("DELETE FROM `##user` WHERE user_id=?")->execute([$this->user_id]); 115 } 116 117 /** 118 * Find the user with a specified user_id. 119 * 120 * @param int|null $user_id 121 * 122 * @return User|null 123 */ 124 public static function find($user_id) 125 { 126 if (!array_key_exists($user_id, self::$cache)) { 127 $row = Database::prepare( 128 "SELECT user_id, user_name, real_name, email FROM `##user` WHERE user_id = ?" 129 )->execute([$user_id])->fetchOneRow(); 130 if ($row) { 131 self::$cache[$user_id] = new self($row); 132 } else { 133 self::$cache[$user_id] = null; 134 } 135 } 136 137 return self::$cache[$user_id]; 138 } 139 140 /** 141 * Find the user with a specified email address. 142 * 143 * @param string $email 144 * 145 * @return User|null 146 */ 147 public static function findByEmail($email) 148 { 149 $user_id = (int) Database::prepare( 150 "SELECT user_id FROM `##user` WHERE email = :email" 151 )->execute([ 152 'email' => $email, 153 ])->fetchOne(); 154 155 return self::find($user_id); 156 } 157 158 /** 159 * Find the user with a specified user_name or email address. 160 * 161 * @param string $identifier 162 * 163 * @return User|null 164 */ 165 public static function findByIdentifier($identifier) 166 { 167 $user_id = (int) Database::prepare( 168 "SELECT user_id FROM `##user` WHERE ? IN (user_name, email)" 169 )->execute([$identifier])->fetchOne(); 170 171 return self::find($user_id); 172 } 173 174 /** 175 * Find the user with a specified genealogy record. 176 * 177 * @param Individual $individual 178 * 179 * @return User|null 180 */ 181 public static function findByIndividual(Individual $individual) 182 { 183 $user_id = (int) Database::prepare( 184 "SELECT user_id" . 185 " FROM `##user_gedcom_setting`" . 186 " WHERE gedcom_id = :tree_id AND setting_name = 'gedcomid' AND setting_value = :xref" 187 )->execute([ 188 'tree_id' => $individual->getTree()->getTreeId(), 189 'xref' => $individual->getXref(), 190 ])->fetchOne(); 191 192 return self::find($user_id); 193 } 194 195 /** 196 * Find the user with a specified user_name. 197 * 198 * @param string $user_name 199 * 200 * @return User|null 201 */ 202 public static function findByUserName($user_name) 203 { 204 $user_id = (int) Database::prepare( 205 "SELECT user_id FROM `##user` WHERE user_name = :user_name" 206 )->execute([ 207 'user_name' => $user_name, 208 ])->fetchOne(); 209 210 return self::find($user_id); 211 } 212 213 /** 214 * Get a list of all users. 215 * 216 * @return User[] 217 */ 218 public static function all(): array 219 { 220 $rows = Database::prepare( 221 "SELECT user_id, user_name, real_name, email" . 222 " FROM `##user`" . 223 " WHERE user_id > 0" . 224 " ORDER BY real_name" 225 )->fetchAll(); 226 227 return array_map(function (stdClass $row): User { 228 return new static($row); 229 }, $rows); 230 } 231 232 /** 233 * Get a list of all administrators. 234 * 235 * @return User[] 236 */ 237 public static function administrators(): array 238 { 239 $rows = Database::prepare( 240 "SELECT user_id, user_name, real_name, email" . 241 " FROM `##user`" . 242 " JOIN `##user_setting` USING (user_id)" . 243 " WHERE user_id > 0 AND setting_name = 'canadmin' AND setting_value = '1'" . 244 " ORDER BY real_name" 245 )->fetchAll(); 246 247 return array_map(function (stdClass $row): User { 248 return new static($row); 249 }, $rows); 250 } 251 252 /** 253 * Validate a supplied password 254 * 255 * @param string $password 256 * 257 * @return bool 258 */ 259 public function checkPassword(string $password): bool 260 { 261 $password_hash = Database::prepare( 262 "SELECT password FROM `##user` WHERE user_id = ?" 263 )->execute([$this->user_id])->fetchOne(); 264 265 if ($password_hash !== null && password_verify($password, $password_hash)) { 266 if (password_needs_rehash($password_hash, PASSWORD_DEFAULT)) { 267 $this->setPassword($password); 268 } 269 270 return true; 271 } 272 273 return false; 274 } 275 276 /** 277 * Get a list of all managers. 278 * 279 * @return User[] 280 */ 281 public static function managers(): array 282 { 283 $rows = Database::prepare( 284 "SELECT user_id, user_name, real_name, email" . 285 " FROM `##user` JOIN `##user_gedcom_setting` USING (user_id)" . 286 " WHERE setting_name = 'canedit' AND setting_value='admin'" . 287 " GROUP BY user_id, real_name" . 288 " ORDER BY real_name" 289 )->fetchAll(); 290 291 return array_map(function (stdClass $row): User { 292 return new static($row); 293 }, $rows); 294 } 295 296 /** 297 * Get a list of all moderators. 298 * 299 * @return User[] 300 */ 301 public static function moderators(): array 302 { 303 $rows = Database::prepare( 304 "SELECT user_id, user_name, real_name, email" . 305 " FROM `##user` JOIN `##user_gedcom_setting` USING (user_id)" . 306 " WHERE setting_name = 'canedit' AND setting_value='accept'" . 307 " GROUP BY user_id, real_name" . 308 " ORDER BY real_name" 309 )->fetchAll(); 310 311 return array_map(function (stdClass $row): User { 312 return new static($row); 313 }, $rows); 314 } 315 316 /** 317 * Get a list of all verified users. 318 * 319 * @return User[] 320 */ 321 public static function unapproved(): array 322 { 323 $rows = Database::prepare( 324 "SELECT user_id, user_name, real_name, email" . 325 " FROM `##user` JOIN `##user_setting` USING (user_id)" . 326 " WHERE setting_name = 'verified_by_admin' AND setting_value = '0'" . 327 " ORDER BY real_name" 328 )->fetchAll(); 329 330 return array_map(function (stdClass $row): User { 331 return new static($row); 332 }, $rows); 333 } 334 335 /** 336 * Get a list of all verified users. 337 * 338 * @return User[] 339 */ 340 public static function unverified(): array 341 { 342 $rows = Database::prepare( 343 "SELECT user_id, user_name, real_name, email" . 344 " FROM `##user` JOIN `##user_setting` USING (user_id)" . 345 " WHERE setting_name = 'verified' AND setting_value = '0'" . 346 " ORDER BY real_name" 347 )->fetchAll(); 348 349 return array_map(function (stdClass $row): User { 350 return new static($row); 351 }, $rows); 352 } 353 354 /** 355 * Get a list of all users who are currently logged in. 356 * 357 * @return User[] 358 */ 359 public static function allLoggedIn(): array 360 { 361 $rows = Database::prepare( 362 "SELECT DISTINCT user_id, user_name, real_name, email" . 363 " FROM `##user`" . 364 " JOIN `##session` USING (user_id)" 365 )->fetchAll(); 366 367 return array_map(function (stdClass $row): User { 368 return new static($row); 369 }, $rows); 370 } 371 372 /** 373 * Get the numeric ID for this user. 374 * 375 * @return int 376 */ 377 public function getUserId(): int 378 { 379 return $this->user_id; 380 } 381 382 /** 383 * Get the login name for this user. 384 * 385 * @return string 386 */ 387 public function getUserName(): string 388 { 389 return $this->user_name; 390 } 391 392 /** 393 * Set the login name for this user. 394 * 395 * @param string $user_name 396 * 397 * @return $this 398 */ 399 public function setUserName($user_name): self 400 { 401 if ($this->user_name !== $user_name) { 402 $this->user_name = $user_name; 403 Database::prepare( 404 "UPDATE `##user` SET user_name = ? WHERE user_id = ?" 405 )->execute([ 406 $user_name, 407 $this->user_id, 408 ]); 409 } 410 411 return $this; 412 } 413 414 /** 415 * Get the real name of this user. 416 * 417 * @return string 418 */ 419 public function getRealName(): string 420 { 421 return $this->real_name; 422 } 423 424 /** 425 * Set the real name of this user. 426 * 427 * @param string $real_name 428 * 429 * @return User 430 */ 431 public function setRealName($real_name): User 432 { 433 if ($this->real_name !== $real_name) { 434 $this->real_name = $real_name; 435 Database::prepare( 436 "UPDATE `##user` SET real_name = ? WHERE user_id = ?" 437 )->execute([ 438 $real_name, 439 $this->user_id, 440 ]); 441 } 442 443 return $this; 444 } 445 446 /** 447 * Get the email address of this user. 448 * 449 * @return string 450 */ 451 public function getEmail(): string 452 { 453 return $this->email; 454 } 455 456 /** 457 * Set the email address of this user. 458 * 459 * @param string $email 460 * 461 * @return User 462 */ 463 public function setEmail($email): User 464 { 465 if ($this->email !== $email) { 466 $this->email = $email; 467 Database::prepare( 468 "UPDATE `##user` SET email = ? WHERE user_id = ?" 469 )->execute([ 470 $email, 471 $this->user_id, 472 ]); 473 } 474 475 return $this; 476 } 477 478 /** 479 * Set the password of this user. 480 * 481 * @param string $password 482 * 483 * @return User 484 */ 485 public function setPassword($password): User 486 { 487 Database::prepare( 488 "UPDATE `##user` SET password = :password WHERE user_id = :user_id" 489 )->execute([ 490 'password' => password_hash($password, PASSWORD_DEFAULT), 491 'user_id' => $this->user_id, 492 ]); 493 494 return $this; 495 } 496 497 /** 498 * Fetch a user option/setting from the wt_user_setting table. 499 * Since we'll fetch several settings for each user, and since there aren’t 500 * that many of them, fetch them all in one database query 501 * 502 * @param string $setting_name 503 * @param string $default 504 * 505 * @return string 506 */ 507 public function getPreference($setting_name, $default = ''): string 508 { 509 if (empty($this->preferences) && $this->user_id !== 0) { 510 $this->preferences = Database::prepare( 511 "SELECT setting_name, setting_value" . 512 " FROM `##user_setting`" . 513 " WHERE user_id = :user_id" 514 )->execute([ 515 'user_id' => $this->user_id, 516 ])->fetchAssoc(); 517 } 518 519 if (!array_key_exists($setting_name, $this->preferences)) { 520 $this->preferences[$setting_name] = $default; 521 } 522 523 return $this->preferences[$setting_name]; 524 } 525 526 /** 527 * Update a setting for the user. 528 * 529 * @param string $setting_name 530 * @param string $setting_value 531 * 532 * @return User 533 */ 534 public function setPreference($setting_name, $setting_value): User 535 { 536 if ($this->user_id !== 0 && $this->getPreference($setting_name) !== $setting_value) { 537 Database::prepare( 538 "REPLACE INTO `##user_setting` (user_id, setting_name, setting_value) VALUES (?, ?, LEFT(?, 255))" 539 )->execute([ 540 $this->user_id, 541 $setting_name, 542 $setting_value, 543 ]); 544 545 $this->preferences[$setting_name] = $setting_value; 546 } 547 548 return $this; 549 } 550} 551