From d08d58410ae2ffceec41536269800fb5b3d11e2c Mon Sep 17 00:00:00 2001
From: BitHeaven <bit.heaven@bk.ru>
Date: Fri, 9 Aug 2024 21:31:25 +0500
Subject: [PATCH] Add User class

---
 engine/class/0005.user.php | 111 +++++++++++++++++++++++++++++++++++++
 1 file changed, 111 insertions(+)
 create mode 100644 engine/class/0005.user.php

diff --git a/engine/class/0005.user.php b/engine/class/0005.user.php
new file mode 100644
index 0000000..53ef70b
--- /dev/null
+++ b/engine/class/0005.user.php
@@ -0,0 +1,111 @@
+<?php
+	class User {
+		private static $secret = '';
+		private static $tokenLifetime = 0;
+
+
+		public static function init($config) {
+			self::$secret = $config['secret'];
+			self::$tokenLifetime = $config['tokenLifetime'];
+
+			if(!Root::installed())
+				self::createTables();
+		}
+
+		public static function createTables() {
+			DB::getQuery('main',
+				'CREATE TABLE IF NOT EXISTS `users` (
+					`id` INT(11) NOT NULL AUTO_INCREMENT,
+					`login` VARCHAR(32) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
+					`password` VARCHAR(64) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
+					`info` TEXT CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
+					`reg_dt` INT(11) NOT NULL,
+					`online_dt` INT(11) NOT NULL,
+					PRIMARY KEY (`id`)
+				)
+				ENGINE = InnoDB
+				CHARSET=utf8
+				COLLATE utf8_general_ci'
+			);
+		}
+
+		public static function create($login, $password) {
+			$login = trim($login);
+			$password = trim($password);
+
+			if(self::get($login))
+				return false;
+
+			$password = password_hash($password, PASSWORD_BCRYPT);
+			DB::getQuery('main',
+				'INSERT INTO `users` (`login`, `password`, `info`, `reg_dt`, `online_dt`) VALUES (?, ?, "", ?, ?)',
+				[$login, $password, time(), time()]
+			);
+
+			return true;
+		}
+
+		public static function updateInfo($token, $newInfo) {
+			$newInfo = trim($newInfo);
+
+			if(!$login = self::checkToken($token))
+				return false;
+
+			DB::getQuery('main', 'UPDATE `users` SET `info` = ? WHERE `login` = ?', [$newInfo, $login]);
+
+			return true;
+		}
+
+		public static function delete($token) {
+			if(!$login = self::checkToken($token))
+				return false;
+
+			DB::getQuery('main', 'DELETE FROM `users` WHERE `login` = ?', $login);
+
+			return true;
+		}
+
+		public static function auth($login, $password) {
+			$login = trim($login);
+			$password = trim($password);
+			$user = self::get($login);
+
+			if(!password_verify($password, $user->password))
+				return false;
+
+			$until = time() + self::$tokenLifetime;
+			$hash = hash('sha256', $login.'|'.$password.'|'.$until.'|'.self::$secret);
+
+			self::updateOnline($login);
+
+			return implode('|', rtrim(strtr(base64_encode($login.'|'.$password.'|'.$until.'|'.$hash), '+/', '-_'), '='));
+		}
+
+		public static function get($login) {
+			return DB::getQuery('main', 'SELECT * FROM `users` WHERE `login` = ?', $login);
+		}
+
+		private static function checkToken($token) {
+			$data = explode('|', base64_decode(str_pad(strtr($token, '-_', '+/'), strlen($token) % 4, '=', STR_PAD_RIGHT)));
+			list($login, $password, $until, $hash) = $data;
+
+			if($until < time())
+				return false;
+			if($hash != hash('sha256', $login.'|'.$password.'|'.$until.'|'.self::$secret))
+				return false;
+
+			$user = DB::getQuery('main', 'SELECT `password` FROM `users` WHERE `login` = ?', $login);
+			if($password != $user->password)
+				return false;
+
+			self::updateOnline($login);
+
+			return $login;
+		}
+
+		private static function updateOnline($login) {
+			DB::getQuery('main', 'UPDATE `users` SET `online_dt` = ? WHERE `login` = ?', [time(), $login]);
+		}
+	}
+
+	User::init($config['user']);