2018-11-25 17:18:09 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Subscriber class
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
Class Subscriber
|
|
|
|
|
{
|
|
|
|
|
public $id = null;
|
|
|
|
|
public $firstname = null;
|
|
|
|
|
public $lastname = null;
|
|
|
|
|
public $userID = ""; // Holds email, telegram id etc
|
|
|
|
|
public $token = null;
|
|
|
|
|
public $active = 0;
|
|
|
|
|
public $typeID = null; // Holds subscription type ID
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function __construct() {
|
|
|
|
|
$this->firstname = null;
|
|
|
|
|
$this->lastname = null;
|
|
|
|
|
$this->userID = "";
|
|
|
|
|
$this->token = null;
|
|
|
|
|
$this->active = 0;
|
|
|
|
|
$this->typeID = null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Gets authentcation token for specified subscriberID
|
|
|
|
|
* @param Integer $subscriberID - specifies which subscriber we are looking up
|
|
|
|
|
* @param Integer $typeID - specifies which type of subscription we are refering (1 = telegram, 2 = email)
|
|
|
|
|
* @return String $token - 32 bytes HEX string
|
|
|
|
|
*/
|
|
|
|
|
public function get_token($subscriberID, $typeID)
|
|
|
|
|
{
|
|
|
|
|
global $mysqli;
|
|
|
|
|
$stmt = $mysqli->prepare("SELECT token FROM subscribers WHERE subscriberID = ? and typeID=? and active = 1 LIMIT 1");
|
|
|
|
|
$stmt->bind_param("ii", $subscriberID, $typeID);
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
$result = $stmt->get_result();
|
|
|
|
|
if ($result->num_rows > 0) {
|
|
|
|
|
$row = $result->fetch_assoc();
|
|
|
|
|
$this->token = $row['token'];
|
|
|
|
|
//$this->get_subscriber_by_token($this->token);
|
|
|
|
|
return $row['token'];
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
public function get_subscriber_by_token($token)
|
|
|
|
|
{
|
|
|
|
|
global $mysqli;
|
|
|
|
|
$stmt = $mysqli->prepare("SELECT subscriberID FROM subscribers WHERE token=? and typeID=?");
|
|
|
|
|
$stmt->bind_param("si", $token, $this->typeID);
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
$result = $stmt->get_result();
|
|
|
|
|
if ($result->num_rows > 0) {
|
|
|
|
|
$row = $result->fetch_assoc();
|
|
|
|
|
$this->id = $row['subscriberID'];
|
|
|
|
|
$this->populate(); //
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function get_subscriber_by_userid($create = false)
|
|
|
|
|
{
|
|
|
|
|
global $mysqli;
|
|
|
|
|
$stmt = $mysqli->prepare("SELECT subscriberID FROM subscribers WHERE userID LIKE ? AND typeID = ? LIMIT 1");
|
|
|
|
|
$stmt->bind_param("si", $this->userID, $this->typeID );
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
$result = $stmt->get_result();
|
|
|
|
|
|
|
|
|
|
if ($result->num_rows > 0) {
|
|
|
|
|
$row = $result->fetch_assoc();
|
|
|
|
|
$this->id = $row['subscriberID'];
|
|
|
|
|
$this->populate();
|
|
|
|
|
return $row['subscriberID'];
|
|
|
|
|
} else {
|
|
|
|
|
// User is not registered in DB, so add if $create = true
|
|
|
|
|
if ( $create ) {
|
|
|
|
|
$subscriber_id = $this->add($this->typeID, $this->userID, $this->active, $this->firstname, $this->lastname);
|
|
|
|
|
return $subscriber_id;
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function populate()
|
|
|
|
|
{
|
|
|
|
|
global $mysqli;
|
|
|
|
|
$stmt = $mysqli->prepare("SELECT typeID, userID, firstname, lastname, token, active FROM subscribers WHERE subscriberID = ?");
|
|
|
|
|
$stmt->bind_param("i", $this->id);
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
$result = $stmt->get_result();
|
|
|
|
|
if ($result->num_rows > 0) {
|
|
|
|
|
$row = $result->fetch_assoc();
|
|
|
|
|
$this->userID = $row['userID'];
|
|
|
|
|
$this->typeID = $row['typeID'];
|
|
|
|
|
$this->firstname = $row['firstname'];
|
|
|
|
|
$this->lastname = $row['lastname'];
|
|
|
|
|
$this->token = $row['token'];
|
|
|
|
|
$this->active = $row['active'];
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function add($typeID, $userID, $active = null, $firstname = null, $lastname = null)
|
|
|
|
|
{
|
|
|
|
|
global $mysqli;
|
|
|
|
|
$expireTime = strtotime("+2 hours");
|
|
|
|
|
$updateTime = strtotime("now");
|
|
|
|
|
$token = $this->generate_token();
|
|
|
|
|
syslog(1,"token". $token);
|
|
|
|
|
$stmt = $mysqli->prepare("INSERT INTO subscribers (typeID, userID, firstname, lastname, token, active, expires, create_time) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
|
|
|
|
|
$stmt->bind_param("issssiii", $typeID, $userID, $firstname, $lastname, $token, $active, $expireTime, $updateTime);
|
|
|
|
|
$stmt->execute();
|
2018-12-07 22:46:16 +01:00
|
|
|
//$query = $stmt->get_result();
|
2018-11-25 17:18:09 +01:00
|
|
|
|
|
|
|
|
$this->id = $mysqli->insert_id;
|
|
|
|
|
$this->typeID = $typeID;
|
|
|
|
|
$this->userID = $userID;
|
|
|
|
|
$this->token = $token;
|
|
|
|
|
$this->firstname = $firstname;
|
|
|
|
|
$this->lastname = $lastname;
|
|
|
|
|
$this->active = $active;
|
|
|
|
|
return $this->id;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function update($subscriberID)
|
|
|
|
|
{
|
|
|
|
|
global $mysqli;
|
|
|
|
|
$updateTime = strtotime("now");
|
|
|
|
|
$stmt = $mysqli->prepare("UPDATE subscribers SET update_time = ? WHERE subscriberID=?");
|
2018-11-25 21:33:18 +01:00
|
|
|
$stmt->bind_param("ii", $updateTime, $subscriberID);
|
2018-11-25 17:18:09 +01:00
|
|
|
$stmt->execute();
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function activate($subscriberID)
|
|
|
|
|
{
|
|
|
|
|
global $mysqli;
|
|
|
|
|
$updateTime = strtotime("now");
|
|
|
|
|
|
|
|
|
|
$stmt = $mysqli->prepare("UPDATE subscribers SET update_time = ?, expires = ? WHERE subscriberID = ?");
|
|
|
|
|
$tmp = null;
|
2018-11-25 21:33:18 +01:00
|
|
|
$stmt->bind_param("iii", $updateTime, $tmp, $subscriberID);
|
2018-11-25 17:18:09 +01:00
|
|
|
$stmt->execute();
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-25 21:33:18 +01:00
|
|
|
public function delete($subscriberID)
|
2018-11-25 17:18:09 +01:00
|
|
|
{
|
|
|
|
|
global $mysqli;
|
|
|
|
|
|
|
|
|
|
$stmt = $mysqli->prepare("DELETE FROM services_subscriber WHERE subscriberIDFK = ?");
|
2018-11-25 21:33:18 +01:00
|
|
|
$stmt->bind_param("i", $subscriberID);
|
2018-11-25 17:18:09 +01:00
|
|
|
$stmt->execute();
|
2018-11-25 21:33:18 +01:00
|
|
|
//$query = $stmt->get_result();
|
2018-11-25 17:18:09 +01:00
|
|
|
|
|
|
|
|
$stmt = $mysqli->prepare("DELETE FROM subscribers WHERE subscriberID = ?");
|
2018-11-25 21:33:18 +01:00
|
|
|
$stmt->bind_param("i", $subscriberID);
|
2018-11-25 17:18:09 +01:00
|
|
|
$stmt->execute();
|
2018-11-25 21:33:18 +01:00
|
|
|
//$query = $stmt->get_result();
|
|
|
|
|
return true;
|
2018-11-25 17:18:09 +01:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function check_userid_exist()
|
|
|
|
|
{
|
|
|
|
|
global $mysqli;
|
|
|
|
|
|
|
|
|
|
$stmt = $mysqli->prepare("SELECT subscriberID, userID, token, active FROM subscribers WHERE typeID=? AND userID=? LIMIT 1");
|
|
|
|
|
|
|
|
|
|
$stmt->bind_param("is", $this->typeID, $this->userID);
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
$result = $stmt->get_result();
|
|
|
|
|
|
|
|
|
|
if($result->num_rows > 0) {
|
|
|
|
|
$row = $result->fetch_assoc();
|
|
|
|
|
$this->id = $row['subscriberID'];
|
|
|
|
|
$this->populate();
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function is_active_subscriber($token)
|
|
|
|
|
{
|
|
|
|
|
global $mysqli;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$stmt = $mysqli->prepare("SELECT subscriberID, token, userID, active, expires FROM subscribers WHERE token LIKE ? LIMIT 1");
|
|
|
|
|
$stmt->bind_param("s", $token );
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
$result = $stmt->get_result();
|
|
|
|
|
|
|
|
|
|
if ($result->num_rows > 0) {
|
|
|
|
|
$row = $result->fetch_assoc();
|
|
|
|
|
} else {
|
|
|
|
|
// No data found, fail gently...
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If account is not already active, check if we are within timeframe of exipre +2h
|
|
|
|
|
// and active if so, otherwise,delete account and return falsev
|
|
|
|
|
if ( $row['active'] <> 1 ) {
|
|
|
|
|
|
|
|
|
|
// Calculate time range for when subscription need to be validated
|
|
|
|
|
$time_end = $row['expires'];
|
|
|
|
|
$time_start = $time_end - (3600*2); // TODO - make this interval configurable via a config option
|
|
|
|
|
$time_now = time();
|
|
|
|
|
|
|
|
|
|
if ( ($time_now > $time_start) && ($time_now < $time_end) ) {
|
|
|
|
|
// Timefram is within range, active user..
|
|
|
|
|
$stmt2 = $mysqli->prepare("UPDATE subscribers SET active=1, expires=null WHERE subscriberID = ?");
|
|
|
|
|
$stmt2->bind_param("i", $row['subscriberID']);
|
|
|
|
|
$stmt2->execute();
|
|
|
|
|
$result = $stmt2->get_result();
|
|
|
|
|
$this->active = 1;
|
|
|
|
|
$this->id = $row['subscriberID'];
|
|
|
|
|
$this->userID = $row['userID'];
|
|
|
|
|
$this->token = $row['token'];
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
// Timeframe outside of given scope -> delete account
|
|
|
|
|
$stmt2 = $mysqli->prepare("DELETE FROM subscribers WHERE subscriberID = ?");
|
|
|
|
|
$stmt2->bind_param("i", $row['subscriberID']);
|
|
|
|
|
$stmt2->execute();
|
|
|
|
|
$result = $stmt2->get_result();
|
|
|
|
|
$this->active = 0;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// if we get here, account should already be active
|
|
|
|
|
$this->active = 1;
|
|
|
|
|
$this->id = $row['subscriberID'];
|
|
|
|
|
$this->userID = $row['userID'];
|
|
|
|
|
$this->token = $row['token'];
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Generate a new 64 byte token (32 bytes converted from bin2hex = 64 bytes)
|
|
|
|
|
* @return string token
|
|
|
|
|
*/
|
|
|
|
|
public function generate_token()
|
|
|
|
|
{
|
|
|
|
|
global $mysqli;
|
|
|
|
|
|
|
|
|
|
if ( function_exists('openssl_random_pseudo_bytes') ) {
|
|
|
|
|
$token = openssl_random_pseudo_bytes(32); //Generate a random string.
|
|
|
|
|
$token = bin2hex($token); //Convert the binary data into hexadecimal representation.
|
|
|
|
|
} else {
|
|
|
|
|
// Use alternative token generator if openssl isn't available...
|
|
|
|
|
$token = make_alt_token(32, 32);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Make sure token doesn't already exist in db
|
|
|
|
|
$stmt = $mysqli->prepare("SELECT subscriberID FROM subscribers WHERE token LIKE ?");
|
|
|
|
|
echo $mysqli->error;
|
|
|
|
|
$stmt->bind_param("s", $token);
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
$result = $stmt->get_result();
|
|
|
|
|
if ($result->num_rows > 0 ) {
|
|
|
|
|
// token already exists, call self again
|
|
|
|
|
$token = $this->generate_token();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $token;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Alternative token generator if openssl_random_pseudo_bytes is not available
|
|
|
|
|
* Original code by jsheets at shadonet dot com from http://php.net/manual/en/function.mt-rand.php
|
|
|
|
|
* @params int min_length Minimum length of token
|
|
|
|
|
* @params int max_length Maximum length of token
|
|
|
|
|
* @return String token
|
|
|
|
|
*/
|
|
|
|
|
public function make_alt_token($min_length = 32, $max_length = 64)
|
|
|
|
|
{
|
|
|
|
|
$key = '';
|
|
|
|
|
|
|
|
|
|
// build range and shuffle range using ASCII table
|
|
|
|
|
for ($i=0; $i<=255; $i++) {
|
|
|
|
|
$range[] = chr($i);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// shuffle our range 3 times
|
|
|
|
|
for ($i=0; $i<=3; $i++) {
|
|
|
|
|
shuffle($range);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// loop for random number generation
|
|
|
|
|
for ($i = 0; $i < mt_rand($min_length, $max_length); $i++) {
|
|
|
|
|
$key .= $range[mt_rand(0, count($range)-1)];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$return = bin2hex($key);
|
|
|
|
|
|
|
|
|
|
if (!empty($return)) {
|
|
|
|
|
return $return;
|
|
|
|
|
} else {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function set_logged_in()
|
|
|
|
|
{
|
|
|
|
|
$_SESSION['subscriber_valid'] = true;
|
|
|
|
|
$_SESSION['subscriber_id'] = $this->id;
|
|
|
|
|
$_SESSION['subscriber_userid'] = $this->userID;
|
|
|
|
|
$_SESSION['subscriber_typeid'] = $this->typeID; //email
|
|
|
|
|
$_SESSION['subscriber_token'] = $this->token;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function set_logged_off()
|
|
|
|
|
{
|
|
|
|
|
unset($_SESSION['subscriber_valid']);
|
|
|
|
|
unset($_SESSION['subscriber_userid']);
|
|
|
|
|
unset($_SESSION['subscriber_typeid']);
|
|
|
|
|
unset($_SESSION['subscriber_id']);
|
|
|
|
|
unset($_SESSION['subscriber_token']);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
