0ct0pu5
/
XBackBone


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147
							<?php


namespace App\Database\Queries;


use App\Database\DB;
use App\Web\Session;
use Psr\Http\Message\ServerRequestInterface as Request;
use Slim\Exception\HttpNotFoundException;
use Slim\Exception\HttpUnauthorizedException;

class UserQuery
{
    /**
     * @var DB
     */
    private $database;
    /**
     * @var Session
     */
    private $session;

    /**
     * UserQuery constructor.
     * @param  DB  $db
     * @param  Session|null  $session
     */
    public function __construct(DB $db, ?Session $session)
    {
        $this->database = $db;
        $this->session = $session;
    }

    /**
     * @param  DB  $db
     * @param  Session|null  $session
     * @return UserQuery
     */
    public static function make(DB $db, Session $session = null)
    {
        return new self($db, $session);
    }

    /**
     * @param  Request  $request
     * @param $id
     * @param  bool  $authorize
     * @return mixed
     * @throws HttpNotFoundException
     * @throws HttpUnauthorizedException
     */
    public function get(Request $request, $id, $authorize = false)
    {
        $user = $this->database->query('SELECT * FROM `users` WHERE `id` = ? LIMIT 1', $id)->fetch();

        if (!$user) {
            throw new HttpNotFoundException($request);
        }

        if ($authorize) {
            if ($this->session === null) {
                throw new \InvalidArgumentException('The session is null.');
            }

            if ($user->id !== $this->session->get('user_id') && !$this->session->get('admin', false)) {
                throw new HttpUnauthorizedException($request);
            }
        }

        return $user;
    }


    public function create(string $email, string $username, string $password, int $isAdmin = 0, int $isActive = 0, int $maxUserQuota = -1, string $activateToken = null)
    {
        do {
            $userCode = humanRandomString(5);
        } while ($this->database->query('SELECT COUNT(*) AS `count` FROM `users` WHERE `user_code` = ?', $userCode)->fetch()->count > 0);

        $token = $this->generateUserUploadToken();

        return $this->database->query('INSERT INTO `users`(`email`, `username`, `password`, `is_admin`, `active`, `user_code`, `token`, `max_disk_quota`, `activate_token`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)', [
            $email,
            $username,
            password_hash($password, PASSWORD_DEFAULT),
            $isAdmin,
            $isActive,
            $userCode,
            $token,
            $maxUserQuota,
            $activateToken,
        ]);
    }

    public function update($id, string $email, string $username, string $password = null, int $isAdmin = 0, int $isActive = 0, int $maxUserQuota = -1)
    {
        if (!empty($password)) {
            $this->database->query('UPDATE `users` SET `email`=?, `username`=?, `password`=?, `is_admin`=?, `active`=?, `max_disk_quota`=? WHERE `id` = ?', [
                $email,
                $username,
                password_hash($password, PASSWORD_DEFAULT),
                $isAdmin,
                $isActive,
                $maxUserQuota,
                $id,
            ]);
        } else {
            $this->database->query('UPDATE `users` SET `email`=?, `username`=?, `is_admin`=?, `active`=?, `max_disk_quota`=? WHERE `id` = ?', [
                $email,
                $username,
                $isAdmin,
                $isActive,
                $maxUserQuota,
                $id,
            ]);
        }
    }

    /**
     * @param $id
     * @return string
     */
    public function refreshToken($id)
    {
        $token = $this->generateUserUploadToken();

        $this->database->query('UPDATE `users` SET `token`=? WHERE `id` = ?', [
            $token,
            $id,
        ]);

        return $token;
    }

    /**
     * @return string
     */
    protected function generateUserUploadToken(): string
    {
        do {
            $token = 'token_'.md5(uniqid('', true));
        } while ($this->database->query('SELECT COUNT(*) AS `count` FROM `users` WHERE `token` = ?', $token)->fetch()->count > 0);

        return $token;
    }
}