CMS-CSE/core/class/user.class.php

<?php

class user {
    
    public function __construct() {
    }
 
    public static function getUserById(int $_id) {
        // Récupération des données de l'excel au format Json
        db::query("SELECT "
                . "" . DB_T_USER . ".id AS id, "
                . "" . DB_T_USER . ".email ,"
                . "" . DB_T_USER . ".prenom, "
                . "" . DB_T_USER . ".nom, "
                . "" . DB_T_USER . ".cree, "
                . "" . DB_T_USER . ".last_connect, "
                . "" . DB_T_USER . ".googleAuthenticator, "
                . "" . DB_T_USER . ".actif, "
                . "" . DB_T_USER . ".id_type, "
                . "" . DB_T_USER_TYPE . ".type "
                . "FROM " . DB_T_USER . " "
                . "INNER JOIN " . DB_T_USER_TYPE . " ON " . DB_T_USER . ".id_type = " . DB_T_USER_TYPE . ".id "
                . "WHERE " . DB_T_USER . ".id = :id");
        db::bind(':id', $_id);
        return db::single();
    }

    public static function getUsers() {
        // Récupération des données de l'excel au format Json
        db::query("SELECT "
                . "" . DB_T_USER . ".id AS id, "
                . "" . DB_T_USER . ".email ,"
                . "" . DB_T_USER . ".prenom, "
                . "" . DB_T_USER . ".nom, "
                . "" . DB_T_USER . ".cree, "
                . "" . DB_T_USER . ".last_connect, "
                . "" . DB_T_USER . ".googleAuthenticator, "
                . "" . DB_T_USER . ".actif, "
                . "" . DB_T_USER . ".id_type, "
                . "" . DB_T_USER_TYPE . ".type "
                . "FROM " . DB_T_USER . " "
                . "INNER JOIN " . DB_T_USER_TYPE . " ON " . DB_T_USER . ".id_type = " . DB_T_USER_TYPE . ".id "
                . "WHERE " . DB_T_USER . ".deleted = 0");
        return db::resultset();
    }

    public static function getMyGoogleAuthenticator(int $_id){
        db::query("SELECT "
                . "" . DB_T_USER . ".googleAuthenticatorSecret "
                . "FROM " . DB_T_USER . " "
                . "WHERE " . DB_T_USER . ".id = :id");
        db::bind(':id', $_id);
        return db::single()["googleAuthenticatorSecret"];
    }

    public static function connect(array $_input) {
        $return = NULL;
        if (isset($_input["email"]) AND isset($_input["password"])) {
            db::query("SELECT id, email, password, prenom, nom, id_type, googleAuthenticator, googleAuthenticatorSecret, actif FROM " . DB_T_USER . " WHERE email = :email AND deleted = 0");
            db::bind(':email', $_input["email"]);
            $row = db::single();

            if($row["googleAuthenticator"] == 1 AND DOMAIN_CONTROL != $_SERVER['SERVER_NAME']){
                if(googleAuthenticator::verifyCode($row["googleAuthenticatorSecret"], $_input["authenticator"], 1) == FALSE){
                    $row["id"] = NULL;
                }
            }

            if (isset($row["id"])) {
                if ($row["actif"] == 0) {
                    alert::recError("Votre compte est désactivé");
                    return FALSE;
                } elseif (isset($_input["password"]) AND md5($_input["password"]) == $row["password"]) {
                    $_SESSION["user"] = array(
                        "id" => $row["id"],
                        "prenom" => $row["prenom"],
                        "nom" => $row["nom"],
                        "googleAuthenticator" => $row["googleAuthenticator"],
                        "idType" => $row["id_type"],
                        "email" => $row["email"],
                        "actif" => $row["actif"]
                    );
                    self::updateLastConnect($row["id"]);
                    return TRUE;
                } else {
                    alert::recError("Erreur d'authentification");
                    return FALSE; 
                }
            } else {
                alert::recError("Erreur d'authentification");
                return FALSE; 
            }
        } else {
            alert::recError("Erreur d'authentification");
            return FALSE; 
        }
    }
    
    private static function updateLastConnect(int $_id){
        db::query("UPDATE " . DB_T_USER . " SET `last_connect` = CURRENT_TIMESTAMP() WHERE id = :id");
        db::bind(':id', $_id);
        db::execute();
    }
    
    public static function add_user(array $_input){

        db::query("INSERT INTO " . DB_T_USER . " "
                . "(email, password, prenom, nom, id_type, actif) "
                . "VALUES (:email, :password, :prenom, :nom, :id_type, :actif)");
        db::bind(':email', $_input["email"]);
        db::bind(':password', md5($_input["password"]));
        db::bind(':prenom', $_input["prenom"]);
        db::bind(':nom', $_input["nom"]);
        db::bind(':googleAuthenticatorSecret', googleAuthenticator::createSecret());
        db::bind(':id_type', $_input["id_type"]);
        db::bind(':actif', $_input["actif"]);
        
        try {
            db::execute();
            alert::recSuccess("La création a bien été prise en compte");
        } catch (Exception $ex) {
            alert::recError("Erreur lors de la création de l'utilisateur");
            header("Location: /add-user.html");
            exit();
        }
    }
    
    public static function lastUser(){
        db::query("SELECT MAX(id) AS id FROM ". DB_T_USER);
        return db::single()["id"];
    }
    
    public static function maj_user(array $_input){

        if($_input["password"] != ""){
            db::query("UPDATE " . DB_T_USER . " SET password = :password WHERE id = :id");
            db::bind(':password', md5($_input["password"]));
            db::bind(':id', $_input["id"]);
            try {
                db::execute();
            } catch (Exception $ex) {
                alert::recError("Erreur lors de la modification du mot de passe");
                header("Location: /user-" . $_input["id"] .".html");
                exit();
            }
        }

        if(self::getMyGoogleAuthenticator($_input["id"]) == NULL){
            db::query("UPDATE " . DB_T_USER . " SET googleAuthenticatorSecret = :googleAuthenticatorSecret WHERE id = :id");
            db::bind(':googleAuthenticatorSecret', googleAuthenticator::createSecret());
            db::bind(':id', $_input["id"]);
            try {
                db::execute();
            } catch (Exception $ex) {
                alert::recError("Erreur lors de la création du token de Google Authenticator");
                header("Location: /user-" . $_input["id"] .".html");
                exit();
            }
        }
        
        db::query("UPDATE " . DB_T_USER . " SET email = :email, prenom = :prenom, nom = :nom, id_type = :id_type, googleAuthenticator = :googleAuthenticator, actif = :actif WHERE id = :id");
        db::bind(':email', $_input["email"]);
        db::bind(':prenom', $_input["prenom"]);
        db::bind(':nom', $_input["nom"]);
        db::bind(':googleAuthenticator', $_input["googleAuthenticator"]);
        db::bind(':id_type', $_input["id_type"]);
        db::bind(':actif', $_input["actif"]);
        db::bind(':id', $_input["id"]);
        
        try {
            db::execute();
            alert::recSuccess("La modification a bien été prise en compte");
        } catch (Exception $ex) {
            alert::recError("Erreur lors de la modification de l'utilisateur");
            header("Location: /user-" . $_input["id"] . ".html");
            exit();
        }
    }
    
    public static function deleteUser(int $_id){
        db::query("UPDATE " . DB_T_USER . " SET deleted = 1 WHERE id = :id");
        db::bind(':id', $_id);
        try {
            db::execute();
        } catch (Exception $ex) {
            alert::recError("Erreur lors de la suppression");
            header("Location: /user-" . $_id .".html");
            exit();
        }
    }

}