RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #3 from TheSerapher/class-updates

Browse Source 
some smaller updates to classes and PHP codes
This commit is contained in:
Sebastian Grewe 2013-05-10 06:28:34 -07:00
commit c64f67a8b5
5 changed files with 83 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
public/include/classes/settings.class.php
View File

@ -14,11 +14,16 @@ class Settings {
public function getValue($name) { public function getValue($name) {
$query = $this->mysqli->prepare("SELECT value FROM $this->table WHERE setting=? LIMIT 1"); $query = $this->mysqli->prepare("SELECT value FROM $this->table WHERE setting=? LIMIT 1");
$query->bind_param('s', $name); if ($query) {
$query->execute(); $query->bind_param('s', $name);
$query->bind_result($value); $query->execute();
$query->fetch(); $query->bind_result($value);
$query->close(); $query->fetch();
$query->close();
} else {
$this->debug->append("Failed to fetch variable $name from $this->table");
return false;
}
return $value; return $value;
} }
} }

113
public/include/classes/user.class.php
View File

@ -5,20 +5,31 @@ if (!defined('SECURITY'))
die('Hacking attempt'); die('Hacking attempt');
class User { class User {
private $sError = '';
private $userID = false;
private $table = 'webUsers';
private $user = array();
private $tableAccountBalance = 'accountBalance';
private $tablePoolWorker = 'pool_worker';
private $tableLedger = 'ledger';
public function __construct($debug, $mysqli, $salt) { public function __construct($debug, $mysqli, $salt) {
$this->error = '';
$this->userID = false;
$this->debug = $debug; $this->debug = $debug;
$this->mysqli = $mysqli; $this->mysqli = $mysqli;
$this->salt = $salt; $this->salt = $salt;
$this->table = 'webUsers'; $this->debug->append("Instantiated User class", 2);
$this->user = array(); }
$this->tableAccountBalance = 'accountBalance';
$this->tablePoolWorker = 'pool_worker'; // get and set methods
$this->tableLedger = 'ledger'; private function setErrorMessage($msg) {
$this->sError = $msg;
}
public function getError() {
return $this->sError;
} }
public function checkLogin($username, $password) { public function checkLogin($username, $password) {
$this->debug->append("Checking login for $username with password $password", 2);
if ( $this->checkUserPassword($username, $password) ) { if ( $this->checkUserPassword($username, $password) ) {
$this->createSession($username); $this->createSession($username);
return true; return true;
@ -27,6 +38,7 @@ class User {
} }
public function checkPin($userId, $pin=false) { public function checkPin($userId, $pin=false) {
$this->debug->append("Confirming PIN for $userId and pin $pin", 2);
$stmt = $this->mysqli->prepare("SELECT pin FROM $this->table WHERE id=? AND pin=? LIMIT 1"); $stmt = $this->mysqli->prepare("SELECT pin FROM $this->table WHERE id=? AND pin=? LIMIT 1");
$pin_hash = hash('sha256', $pin.$this->salt); $pin_hash = hash('sha256', $pin.$this->salt);
$stmt->bind_param('is', $userId, $pin_hash); $stmt->bind_param('is', $userId, $pin_hash);
@ -55,24 +67,30 @@ class User {
} }
private function updateSingle($userID, $field, $table) { private function updateSingle($userID, $field, $table) {
$stmt = $this->mysqli->prepare("UPDATE $table SET " . $field['name'] . " = ? WHERE userId = ? LIMIT 1"); $stmt = $this->mysqli->prepare("UPDATE $table SET " . $field['name'] . " = ? WHERE userId = ? LIMIT 1");
$stmt->bind_param($field['type'].'i', $field['value'], $userID); if ($this->checkStmt($stmt)) {
$stmt->execute(); $stmt->bind_param($field['type'].'i', $field['value'], $userID);
$stmt->close(); $stmt->execute();
return true; $stmt->close();
return true;
}
return false;
} }
public function addLedger($userID, $balance, $address, $fee=0.1) { public function addLedger($userID, $balance, $address, $fee=0.1) {
$stmt = $this->mysqli->prepare("INSERT INTO $this->tableLedger (userId, transType, amount, sendAddress, feeAmount) VALUES (?, 'Debit_MP', ?, ?, ?)"); $stmt = $this->mysqli->prepare("INSERT INTO $this->tableLedger (userId, transType, amount, sendAddress, feeAmount) VALUES (?, 'Debit_MP', ?, ?, ?)");
$stmt->bind_param('idsd', $userID, $balance, $address, $fee); if ($this->checkStmt($stmt)) {
$stmt->execute(); $stmt->bind_param('idsd', $userID, $balance, $address, $fee);
$stmt->close(); $stmt->execute();
return true; $stmt->close();
return true;
}
return false;
} }
private function checkStmt($bState) { private function checkStmt($bState) {
if ($bState ===! true) { if ($bState ===! true) {
$this->debug->append("Failed to prepare statement: " . $this->mysqli->error); $this->debug->append("Failed to prepare statement: " . $this->mysqli->error);
$this->error = 'Unable to prepare database statement'; $this->setErrorMessage('Internal application Error');
return false; return false;
} }
return true; return true;
@ -80,11 +98,11 @@ class User {
public function updatePassword($userID, $current, $new1, $new2) { public function updatePassword($userID, $current, $new1, $new2) {
if ($new1 !== $new2) { if ($new1 !== $new2) {
$this->error = 'New passwords do not match'; $this->setErrorMessage( 'New passwords do not match' );
return false; return false;
} }
if ( strlen($new1) < 8 ) { if ( strlen($new1) < 8 ) {
$this->error = 'New password is too short, please use more than 8 chars'; $this->setErrorMessage( 'New password is too short, please use more than 8 chars' );
return false; return false;
} }
$current = hash('sha256', $current.$this->salt); $current = hash('sha256', $current.$this->salt);
@ -98,7 +116,7 @@ class User {
} }
$stmt->close(); $stmt->close();
} }
$this->error = 'Unable to update password, current password wrong?'; $this->setErrorMessage( 'Unable to update password, current password wrong?' );
return false; return false;
} }
@ -152,14 +170,17 @@ class User {
private function checkUserPassword($username, $password) { private function checkUserPassword($username, $password) {
$user = array(); $user = array();
$stmt = $this->mysqli->prepare("SELECT username, id FROM $this->table WHERE username=? AND pass=? LIMIT 1"); $stmt = $this->mysqli->prepare("SELECT username, id FROM $this->table WHERE username=? AND pass=? LIMIT 1");
$stmt->bind_param('ss', $username, hash('sha256', $password.$this->salt)); if ($this->checkStmt($stmt)) {
$stmt->execute(); $stmt->bind_param('ss', $username, hash('sha256', $password.$this->salt));
$stmt->bind_result($row_username, $row_id); $stmt->execute();
$stmt->fetch(); $stmt->bind_result($row_username, $row_id);
$stmt->close(); $stmt->fetch();
// Store the basic login information $stmt->close();
$this->user = array('username' => $row_username, 'id' => $row_id); // Store the basic login information
return $username === $row_username; $this->user = array('username' => $row_username, 'id' => $row_id);
return $username === $row_username;
}
return false;
} }
private function createSession($username) { private function createSession($username) {
@ -192,10 +213,9 @@ class User {
$result = $stmt->get_result(); $result = $stmt->get_result();
$stmt->close(); $stmt->close();
return $result->fetch_array(); return $result->fetch_array();
} else {
echo $this->mysqli->error;
echo "FAIL";
} }
$this->debug->append("Failed to fetch user information for $userID");
return false;
} }
// Get 15 most recent transactions // Get 15 most recent transactions
@ -243,8 +263,8 @@ class User {
if ($this->checkStmt($stmt)) { if ($this->checkStmt($stmt)) {
$stmt->bind_param('iss', $userID, $workerName, $workerPassword); $stmt->bind_param('iss', $userID, $workerName, $workerPassword);
if (!$stmt->execute()) { if (!$stmt->execute()) {
$this->error = 'Failed to add worker'; $this->setErrorMessage( 'Failed to add worker' );
if ($stmt->sqlstate == '23000') $this->error = 'Worker already exists'; if ($stmt->sqlstate == '23000') $this->setErrorMessage( 'Worker already exists' );
return false; return false;
} }
return true; return true;
@ -259,7 +279,7 @@ class User {
$stmt->close; $stmt->close;
return true; return true;
} else { } else {
$this->error = 'Unable to delete worker'; $this->setErrorMessage( 'Unable to delete worker' );
} }
} }
return false; return false;
@ -267,23 +287,23 @@ class User {
public function register($username, $password1, $password2, $pin, $email1='', $email2='') { public function register($username, $password1, $password2, $pin, $email1='', $email2='') {
if (strlen($password1) < 8) { if (strlen($password1) < 8) {
$this->error = 'Password is too short, minimum of 8 characters required'; $this->setErrorMessage( 'Password is too short, minimum of 8 characters required' );
return false; return false;
} }
if ($password1 !== $password2) { if ($password1 !== $password2) {
$this->error = 'Password do not match'; $this->setErrorMessage( 'Password do not match' );
return false; return false;
} }
if (!empty($email1) && !filter_var($email1, FILTER_VALIDATE_EMAIL)) { if (!empty($email1) && !filter_var($email1, FILTER_VALIDATE_EMAIL)) {
$this->error = 'Invalid e-mail address'; $this->setErrorMessage( 'Invalid e-mail address' );
return false; return false;
} }
if ($email1 !== $email2) { if ($email1 !== $email2) {
$this->error = 'E-mail do not match'; $this->setErrorMessage( 'E-mail do not match' );
return false; return false;
} }
if (!is_numeric($pin) || strlen($pin) > 4) { if (!is_numeric($pin) || strlen($pin) > 4) {
$this->error = 'Invalid PIN'; $this->setErrorMessage( 'Invalid PIN' );
return false; return false;
} }
$apikey = hash("sha256",$username.$salt); $apikey = hash("sha256",$username.$salt);
@ -297,14 +317,17 @@ class User {
'0', '0', '0', '0', '0', '0', '0', '0',
?, '0', '0', '0', ?) ?, '0', '0', '0', ?)
"); ");
$stmt->bind_param('sssis', $username, hash("sha256", $password1.$this->salt), $email1, $pin, $apikey); if ($this->checkStmt($stmt)) {
if (!$stmt->execute()) { $stmt->bind_param('sssis', $username, hash("sha256", $password1.$this->salt), $email1, $pin, $apikey);
$this->error = 'Unable to register'; if (!$stmt->execute()) {
if ($stmt->sqlstate == '23000') $this->error = 'Username already exists'; $this->setErrorMessage( 'Unable to register' );
return false; if ($stmt->sqlstate == '23000') $this->setErrorMessage( 'Username already exists' );
return false;
}
$stmt->close();
return true;
} }
$stmt->close(); return false;
return true;
} }
} }

16
public/include/database.inc.php
View File

@ -4,23 +4,11 @@
if (!defined('SECURITY')) if (!defined('SECURITY'))
die('Hacking attempt'); die('Hacking attempt');
// Instantiate class, we are using mysqli // Instantiate class, we are using mysqlng
$mysqli = new mysqli($config['db']['host'], $config['db']['user'], $config['db']['pass'], $config['db']['name']); $mysqli = new mysqli($config['db']['host'], $config['db']['user'], $config['db']['pass'], $config['db']['name']);
/* check connection */ /* check connection */
if (mysqli_connect_errno()) { if (mysqli_connect_errno()) {
$debug->append("Failed to connect to database as non fatal error", 1); die("Failed to connect to database");
} }
/* Example for a query
$query = $mysqli->prepare("SELECT CountryCode, Percentage FROM Language WHERE Language=?");
$lang = "English";
$query->bind_param("s", $lang);
$query->execute();
$query->bind_result($countrycode, $percentage);
while ($query->fetch()) {
printf("%s lang is in CountryCode %s with Percentage %s\n", $lang, $countrycode, $percentage);
}
$query->close();
*/
?> ?>

2
public/include/pages/register/register.inc.php
View File

@ -8,7 +8,7 @@ if (!defined('SECURITY'))
if ($user->register($_POST['username'], $_POST['password1'], $_POST['password2'], $_POST['pin'], $_POST['email1'], $_POST['email2'])) { if ($user->register($_POST['username'], $_POST['password1'], $_POST['password2'], $_POST['pin'], $_POST['email1'], $_POST['email2'])) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Account created, please login'); $_SESSION['POPUP'][] = array('CONTENT' => 'Account created, please login');
} else { } else {
$_SESSION['POPUP'][] = array('CONTENT' => 'Unable to create account: ' . $user->error, 'TYPE' => 'errormsg'); $_SESSION['POPUP'][] = array('CONTENT' => 'Unable to create account: ' . $user->getError(), 'TYPE' => 'errormsg');
} }
// We load the default registration template instead of an action specific one // We load the default registration template instead of an action specific one

4
public/index.php
View File

@ -44,7 +44,7 @@ if (is_dir(INCLUDE_DIR . '/pages/')) {
$filename = basename($filepath); $filename = basename($filepath);
$pagename = substr($filename, 0, strlen($filename) - 8); $pagename = substr($filename, 0, strlen($filename) - 8);
$arrPages[$pagename] = $filename; $arrPages[$pagename] = $filename;
$debug->append("Adding $pagename as " . $filename . " to accessible pages", 2); $debug->append("Adding $pagename as " . $filename . " to accessible pages", 4);
} }
} }
@ -57,7 +57,7 @@ if (is_dir(INCLUDE_DIR . '/pages/' . $page)) {
$filename = basename($filepath); $filename = basename($filepath);
$pagename = substr($filename, 0, strlen($filename) - 8); $pagename = substr($filename, 0, strlen($filename) - 8);
$arrActions[$pagename] = $filename; $arrActions[$pagename] = $filename;
$debug->append("Adding $pagename as " . $filename . ".inc.php to accessible actions", 2); $debug->append("Adding $pagename as " . $filename . ".inc.php to accessible actions", 4);
} }
} }
// Default to empty (nothing) if nothing set or not known // Default to empty (nothing) if nothing set or not known