xref: /webtrees/app/User.php (revision a0dfa978a7025b6ca04e6ff0a01c4f883b8e2971)
1<?php
2/**
3 * webtrees: online genealogy
4 * Copyright (C) 2018 webtrees development team
5 * This program is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation, either version 3 of the License, or
8 * (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 * You should have received a copy of the GNU General Public License
14 * along with this program. If not, see <http://www.gnu.org/licenses/>.
15 */
16declare(strict_types=1);
17
18namespace Fisharebest\Webtrees;
19
20use stdClass;
21
22/**
23 * Provide an interface to the wt_user table.
24 */
25class User
26{
27    /** @var  int The primary key of this user. */
28    private $user_id;
29
30    /** @var  string The login name of this user. */
31    private $user_name;
32
33    /** @var  string The real (display) name of this user. */
34    private $real_name;
35
36    /** @var  string The email address of this user. */
37    private $email;
38
39    /** @var string[] Cached copy of the wt_user_setting table. */
40    private $preferences = [];
41
42    /** @var  User[] Only fetch users from the database once. */
43    private static $cache = [];
44
45    /**
46     * Create a new user object from a row in the database.
47     *
48     * @param stdClass $user A row from the wt_user table
49     */
50    public function __construct(stdClass $user)
51    {
52        $this->user_id = (int)$user->user_id;
53        $this->user_name = $user->user_name;
54        $this->real_name = $user->real_name;
55        $this->email = $user->email;
56    }
57
58    /**
59     * Create a new user.
60     *
61     * The calling code needs to check for duplicates identifiers before calling
62     * this function.
63     *
64     * @param string $user_name
65     * @param string $real_name
66     * @param string $email
67     * @param string $password
68     *
69     * @return User
70     */
71    public static function create($user_name, $real_name, $email, $password)
72    {
73        Database::prepare(
74            "INSERT INTO `##user` (user_name, real_name, email, password) VALUES (:user_name, :real_name, :email, :password)"
75        )->execute([
76            'user_name' => $user_name,
77            'real_name' => $real_name,
78            'email'     => $email,
79            'password'  => password_hash($password, PASSWORD_DEFAULT),
80        ]);
81
82        // Set default blocks for this user
83        $user = self::findByIdentifier($user_name);
84        Database::prepare(
85            "INSERT INTO `##block` (`user_id`, `location`, `block_order`, `module_name`)" .
86            " SELECT :user_id , `location`, `block_order`, `module_name` FROM `##block` WHERE `user_id` = -1"
87        )->execute(['user_id' => $user->getUserId()]);
88
89        return $user;
90    }
91
92    /**
93     * Delete a user
94     */
95    public function delete()
96    {
97        // Don't delete the logs.
98        Database::prepare("UPDATE `##log` SET user_id=NULL WHERE user_id =?")->execute([$this->user_id]);
99        // Take over the user’s pending changes. (What else could we do with them?)
100        Database::prepare("DELETE FROM `##change` WHERE user_id=? AND status='rejected'")->execute([$this->user_id]);
101        Database::prepare("UPDATE `##change` SET user_id=? WHERE user_id=?")->execute([
102            Auth::id(),
103            $this->user_id,
104        ]);
105        Database::prepare("DELETE `##block_setting` FROM `##block_setting` JOIN `##block` USING (block_id) WHERE user_id=?")->execute([$this->user_id]);
106        Database::prepare("DELETE FROM `##block` WHERE user_id=?")->execute([$this->user_id]);
107        Database::prepare("DELETE FROM `##user_gedcom_setting` WHERE user_id=?")->execute([$this->user_id]);
108        Database::prepare("DELETE FROM `##gedcom_setting` WHERE setting_value=? AND setting_name IN ('CONTACT_USER_ID', 'WEBMASTER_USER_ID')")->execute([(string)$this->user_id]);
109        Database::prepare("DELETE FROM `##user_setting` WHERE user_id=?")->execute([$this->user_id]);
110        Database::prepare("DELETE FROM `##message` WHERE user_id=?")->execute([$this->user_id]);
111        Database::prepare("DELETE FROM `##user` WHERE user_id=?")->execute([$this->user_id]);
112    }
113
114    /**
115     * Find the user with a specified user_id.
116     *
117     * @param int|null $user_id
118     *
119     * @return User|null
120     */
121    public static function find($user_id)
122    {
123        if (!array_key_exists($user_id, self::$cache)) {
124            $row = Database::prepare(
125                "SELECT user_id, user_name, real_name, email FROM `##user` WHERE user_id = ?"
126            )->execute([$user_id])->fetchOneRow();
127            if ($row) {
128                self::$cache[$user_id] = new self($row);
129            } else {
130                self::$cache[$user_id] = null;
131            }
132        }
133
134        return self::$cache[$user_id];
135    }
136
137    /**
138     * Find the user with a specified email address.
139     *
140     * @param string $email
141     *
142     * @return User|null
143     */
144    public static function findByEmail($email)
145    {
146        $user_id = Database::prepare(
147            "SELECT user_id FROM `##user` WHERE email = :email"
148        )->execute([
149            'email' => $email,
150        ])->fetchOne();
151
152        return self::find($user_id);
153    }
154
155    /**
156     * Find the user with a specified user_name or email address.
157     *
158     * @param string $identifier
159     *
160     * @return User|null
161     */
162    public static function findByIdentifier($identifier)
163    {
164        $user_id = Database::prepare(
165            "SELECT user_id FROM `##user` WHERE ? IN (user_name, email)"
166        )->execute([$identifier])->fetchOne();
167
168        return self::find($user_id);
169    }
170
171    /**
172     * Find the user with a specified genealogy record.
173     *
174     * @param Individual $individual
175     *
176     * @return User|null
177     */
178    public static function findByIndividual(Individual $individual)
179    {
180        $user_id = Database::prepare(
181            "SELECT user_id" .
182            " FROM `##user_gedcom_setting`" .
183            " WHERE gedcom_id = :tree_id AND setting_name = 'gedcomid' AND setting_value = :xref"
184        )->execute([
185            'tree_id' => $individual->getTree()->getTreeId(),
186            'xref'    => $individual->getXref(),
187        ])->fetchOne();
188
189        return self::find($user_id);
190    }
191
192    /**
193     * Find the user with a specified user_name.
194     *
195     * @param string $user_name
196     *
197     * @return User|null
198     */
199    public static function findByUserName($user_name)
200    {
201        $user_id = Database::prepare(
202            "SELECT user_id FROM `##user` WHERE user_name = :user_name"
203        )->execute([
204            'user_name' => $user_name,
205        ])->fetchOne();
206
207        return self::find($user_id);
208    }
209
210    /**
211     * Find the latest user to register.
212     *
213     * @return User|null
214     */
215    public static function findLatestToRegister()
216    {
217        $user_id = Database::prepare(
218            "SELECT u.user_id" .
219            " FROM `##user` u" .
220            " LEFT JOIN `##user_setting` us ON (u.user_id=us.user_id AND us.setting_name='reg_timestamp') " .
221            " ORDER BY us.setting_value DESC LIMIT 1"
222        )->execute()->fetchOne();
223
224        return self::find($user_id);
225    }
226
227    /**
228     * Get a list of all users.
229     *
230     * @return User[]
231     */
232    public static function all()
233    {
234        $rows = Database::prepare(
235            "SELECT user_id, user_name, real_name, email" .
236            " FROM `##user`" .
237            " WHERE user_id > 0" .
238            " ORDER BY real_name"
239        )->fetchAll();
240
241        return array_map(function ($row) {
242            return new static($row);
243        }, $rows);
244    }
245
246    /**
247     * Get a list of all administrators.
248     *
249     * @return User[]
250     */
251    public static function administrators()
252    {
253        $rows = Database::prepare(
254            "SELECT user_id, user_name, real_name, email" .
255            " FROM `##user`" .
256            " JOIN `##user_setting` USING (user_id)" .
257            " WHERE user_id > 0 AND setting_name = 'canadmin' AND setting_value = '1'" .
258            " ORDER BY real_name"
259        )->fetchAll();
260
261        return array_map(function ($row) {
262            return new static($row);
263        }, $rows);
264    }
265
266    /** Validate a supplied password
267     *
268     * @param string $password
269     *
270     * @return bool
271     */
272    public function checkPassword($password)
273    {
274        $password_hash = Database::prepare(
275            "SELECT password FROM `##user` WHERE user_id = ?"
276        )->execute([$this->user_id])->fetchOne();
277
278        if (password_verify($password, $password_hash)) {
279            if (password_needs_rehash($password_hash, PASSWORD_DEFAULT)) {
280                $this->setPassword($password);
281            }
282
283            return true;
284        } else {
285            return false;
286        }
287    }
288
289    /**
290     * Get a list of all managers.
291     *
292     * @return User[]
293     */
294    public static function managers()
295    {
296        $rows = Database::prepare(
297            "SELECT user_id, user_name, real_name, email" .
298            " FROM `##user` JOIN `##user_gedcom_setting` USING (user_id)" .
299            " WHERE setting_name = 'canedit' AND setting_value='admin'" .
300            " GROUP BY user_id, real_name" .
301            " ORDER BY real_name"
302        )->fetchAll();
303
304        return array_map(function ($row) {
305            return new static($row);
306        }, $rows);
307    }
308
309    /**
310     * Get a list of all moderators.
311     *
312     * @return User[]
313     */
314    public static function moderators()
315    {
316        $rows = Database::prepare(
317            "SELECT user_id, user_name, real_name, email" .
318            " FROM `##user` JOIN `##user_gedcom_setting` USING (user_id)" .
319            " WHERE setting_name = 'canedit' AND setting_value='accept'" .
320            " GROUP BY user_id, real_name" .
321            " ORDER BY real_name"
322        )->fetchAll();
323
324        return array_map(function ($row) {
325            return new static($row);
326        }, $rows);
327    }
328
329    /**
330     * Get a list of all verified users.
331     *
332     * @return User[]
333     */
334    public static function unapproved()
335    {
336        $rows = Database::prepare(
337            "SELECT user_id, user_name, real_name, email" .
338            " FROM `##user` JOIN `##user_setting` USING (user_id)" .
339            " WHERE setting_name = 'verified_by_admin' AND setting_value = '0'" .
340            " ORDER BY real_name"
341        )->fetchAll();
342
343        return array_map(function ($row) {
344            return new static($row);
345        }, $rows);
346    }
347
348    /**
349     * Get a list of all verified users.
350     *
351     * @return User[]
352     */
353    public static function unverified()
354    {
355        $rows = Database::prepare(
356            "SELECT user_id, user_name, real_name, email" .
357            " FROM `##user` JOIN `##user_setting` USING (user_id)" .
358            " WHERE setting_name = 'verified' AND setting_value = '0'" .
359            " ORDER BY real_name"
360        )->fetchAll();
361
362        return array_map(function ($row) {
363            return new static($row);
364        }, $rows);
365    }
366
367    /**
368     * Get a list of all users who are currently logged in.
369     *
370     * @return User[]
371     */
372    public static function allLoggedIn()
373    {
374        $rows = Database::prepare(
375            "SELECT DISTINCT user_id, user_name, real_name, email" .
376            " FROM `##user`" .
377            " JOIN `##session` USING (user_id)"
378        )->fetchAll();
379
380        return array_map(function ($row) {
381            return new static($row);
382        }, $rows);
383    }
384
385    /**
386     * Get the numeric ID for this user.
387     *
388     * @return int
389     */
390    public function getUserId(): int
391    {
392        return $this->user_id;
393    }
394
395    /**
396     * Get the login name for this user.
397     *
398     * @return string
399     */
400    public function getUserName()
401    {
402        return $this->user_name;
403    }
404
405    /**
406     * Set the login name for this user.
407     *
408     * @param string $user_name
409     *
410     * @return $this
411     */
412    public function setUserName($user_name)
413    {
414        if ($this->user_name !== $user_name) {
415            $this->user_name = $user_name;
416            Database::prepare(
417                "UPDATE `##user` SET user_name = ? WHERE user_id = ?"
418            )->execute([
419                $user_name,
420                $this->user_id,
421            ]);
422        }
423
424        return $this;
425    }
426
427    /**
428     * Get the real name of this user.
429     *
430     * @return string
431     */
432    public function getRealName()
433    {
434        return $this->real_name;
435    }
436
437    /**
438     * Set the real name of this user.
439     *
440     * @param string $real_name
441     *
442     * @return User
443     */
444    public function setRealName($real_name)
445    {
446        if ($this->real_name !== $real_name) {
447            $this->real_name = $real_name;
448            Database::prepare(
449                "UPDATE `##user` SET real_name = ? WHERE user_id = ?"
450            )->execute([
451                $real_name,
452                $this->user_id,
453            ]);
454        }
455
456        return $this;
457    }
458
459    /**
460     * Get the email address of this user.
461     *
462     * @return string
463     */
464    public function getEmail()
465    {
466        return $this->email;
467    }
468
469    /**
470     * Set the email address of this user.
471     *
472     * @param string $email
473     *
474     * @return User
475     */
476    public function setEmail($email)
477    {
478        if ($this->email !== $email) {
479            $this->email = $email;
480            Database::prepare(
481                "UPDATE `##user` SET email = ? WHERE user_id = ?"
482            )->execute([
483                $email,
484                $this->user_id,
485            ]);
486        }
487
488        return $this;
489    }
490
491    /**
492     * Set the password of this user.
493     *
494     * @param string $password
495     *
496     * @return User
497     */
498    public function setPassword($password)
499    {
500        Database::prepare(
501            "UPDATE `##user` SET password = :password WHERE user_id = :user_id"
502        )->execute([
503            'password' => password_hash($password, PASSWORD_DEFAULT),
504            'user_id'  => $this->user_id,
505        ]);
506
507        return $this;
508    }
509
510    /**
511     * Fetch a user option/setting from the wt_user_setting table.
512     *
513     * Since we'll fetch several settings for each user, and since there aren’t
514     * that many of them, fetch them all in one database query
515     *
516     * @param string $setting_name
517     * @param string $default
518     *
519     * @return string
520     */
521    public function getPreference($setting_name, $default = '')
522    {
523        if (empty($this->preferences) && $this->user_id !== 0) {
524            $this->preferences = Database::prepare(
525                "SELECT setting_name, setting_value" .
526                " FROM `##user_setting`" .
527                " WHERE user_id = :user_id"
528            )->execute([
529                'user_id' => $this->user_id,
530            ])->fetchAssoc();
531        }
532
533        if (!array_key_exists($setting_name, $this->preferences)) {
534            $this->preferences[$setting_name] = $default;
535        }
536
537        return $this->preferences[$setting_name];
538    }
539
540    /**
541     * Update a setting for the user.
542     *
543     * @param string $setting_name
544     * @param string $setting_value
545     *
546     * @return User
547     */
548    public function setPreference($setting_name, $setting_value)
549    {
550        if ($this->user_id !== 0 && $this->getPreference($setting_name) !== $setting_value) {
551            Database::prepare("REPLACE INTO `##user_setting` (user_id, setting_name, setting_value) VALUES (?, ?, LEFT(?, 255))")
552                ->execute([
553                    $this->user_id,
554                    $setting_name,
555                    $setting_value,
556                ]);
557
558            $this->preferences[$setting_name] = $setting_value;
559        }
560
561        return $this;
562    }
563}
564