mirror of
				https://github.com/ShaYmez/FreeSTAR-Status-Engine.git
				synced 2025-10-25 17:50:20 -04:00 
			
		
		
		
	
		
			
				
	
	
		
			330 lines
		
	
	
		
			11 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
			
		
		
	
	
			330 lines
		
	
	
		
			11 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
| <?php
 | |
| 
 | |
| /**
 | |
|  * Subscriber class
 | |
|  *
 | |
|  */
 | |
| Class Subscriber
 | |
| {
 | |
|     public $id = null;
 | |
|     public $firstname = null;
 | |
|     public $lastname = null;
 | |
|     public $userID = ""; // Holds email, telegram id etc
 | |
|     public $token = null;
 | |
|     public $active = 0;
 | |
|     public $typeID = null; // Holds subscription type ID
 | |
| 
 | |
| 
 | |
|     function __construct() {
 | |
|         $this->firstname = null;
 | |
|         $this->lastname = null;
 | |
|         $this->userID = "";
 | |
|         $this->token = null;
 | |
|         $this->active = 0;
 | |
|         $this->typeID = null;
 | |
|     }
 | |
| 
 | |
|     /**
 | |
|      * Gets authentcation token for specified subscriberID
 | |
|      * @param Integer $subscriberID - specifies which subscriber we are looking up
 | |
|      * @param Integer $typeID - specifies which type of subscription we are refering (1 = telegram, 2 = email)
 | |
|      * @return String $token - 32 bytes HEX string
 | |
|      */
 | |
|     public function get_token($subscriberID, $typeID)
 | |
|     {
 | |
|         global $mysqli;
 | |
|         $stmt = $mysqli->prepare("SELECT token FROM subscribers WHERE subscriberID = ? and typeID=? and active = 1 LIMIT 1");
 | |
|         $stmt->bind_param("ii", $subscriberID, $typeID);
 | |
|         $stmt->execute();
 | |
|         $result = $stmt->get_result();
 | |
|         if ($result->num_rows > 0) {
 | |
|             $row = $result->fetch_assoc();
 | |
|             $this->token   = $row['token'];
 | |
|             //$this->get_subscriber_by_token($this->token);
 | |
|             return $row['token'];
 | |
|         }
 | |
|         return false;
 | |
| 
 | |
|     }
 | |
|     public function get_subscriber_by_token($token)
 | |
|     {
 | |
|         global $mysqli;
 | |
|         $stmt = $mysqli->prepare("SELECT subscriberID FROM subscribers WHERE token=? and typeID=?");
 | |
|         $stmt->bind_param("si", $token, $this->typeID);
 | |
|         $stmt->execute();
 | |
|         $result = $stmt->get_result();
 | |
|         if ($result->num_rows > 0) {
 | |
|             $row = $result->fetch_assoc();
 | |
|             $this->id        = $row['subscriberID'];
 | |
|             $this->populate();  //
 | |
|             return true;
 | |
|         }
 | |
|         return false;
 | |
|     }
 | |
| 
 | |
|     public function get_subscriber_by_userid($create = false)
 | |
|     {
 | |
|         global $mysqli;
 | |
|         $stmt = $mysqli->prepare("SELECT subscriberID FROM subscribers WHERE userID LIKE ? AND typeID = ? LIMIT 1");
 | |
|         $stmt->bind_param("si", $this->userID, $this->typeID );
 | |
|         $stmt->execute();
 | |
|         $result = $stmt->get_result();
 | |
| 
 | |
|         if ($result->num_rows > 0) {
 | |
|             $row = $result->fetch_assoc();
 | |
|             $this->id = $row['subscriberID'];
 | |
|             $this->populate();
 | |
|             return $row['subscriberID'];
 | |
|         } else {
 | |
|             // User is not registered in DB, so add if $create = true
 | |
|             if ( $create ) {
 | |
|                 $subscriber_id = $this->add($this->typeID, $this->userID, $this->active, $this->firstname, $this->lastname);
 | |
|                 return $subscriber_id;
 | |
|             }
 | |
|             return false;
 | |
|         }
 | |
|     }
 | |
| 
 | |
|     public function populate()
 | |
|     {
 | |
|         global $mysqli;
 | |
|         $stmt = $mysqli->prepare("SELECT typeID, userID, firstname, lastname, token, active FROM subscribers WHERE subscriberID = ?");
 | |
|         $stmt->bind_param("i", $this->id);
 | |
|         $stmt->execute();
 | |
|         $result = $stmt->get_result();
 | |
|         if ($result->num_rows > 0) {
 | |
|             $row = $result->fetch_assoc();
 | |
|             $this->userID    = $row['userID'];
 | |
|             $this->typeID    = $row['typeID'];
 | |
|             $this->firstname = $row['firstname'];
 | |
|             $this->lastname  = $row['lastname'];
 | |
|             $this->token     = $row['token'];
 | |
|             $this->active    = $row['active'];
 | |
|             return true;
 | |
|         }
 | |
|         return false;
 | |
|     }
 | |
| 
 | |
|     public function add($typeID, $userID, $active = null, $firstname = null, $lastname = null)
 | |
|     {
 | |
|         global $mysqli;
 | |
|         $expireTime = strtotime("+2 hours");
 | |
|         $updateTime = strtotime("now");
 | |
|         $token = $this->generate_token();
 | |
|       
 | |
|         $stmt = $mysqli->prepare("INSERT INTO subscribers (typeID, userID, firstname, lastname, token, active, expires, create_time) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
 | |
|         $stmt->bind_param("issssiii", $typeID, $userID, $firstname, $lastname, $token, $active, $expireTime, $updateTime);
 | |
|         $stmt->execute();
 | |
|         //$query = $stmt->get_result();
 | |
| 
 | |
|         $this->id        = $mysqli->insert_id;
 | |
|         $this->typeID    = $typeID;
 | |
|         $this->userID    = $userID;
 | |
|         $this->token     = $token;
 | |
|         $this->firstname = $firstname;
 | |
|         $this->lastname  = $lastname;
 | |
|         $this->active    = $active;
 | |
|         return $this->id;
 | |
|     }
 | |
| 
 | |
|     public function update($subscriberID)
 | |
|     {
 | |
|         global $mysqli;
 | |
|         $updateTime = strtotime("now");
 | |
|         $stmt = $mysqli->prepare("UPDATE subscribers SET update_time = ? WHERE subscriberID=?");
 | |
|         $stmt->bind_param("ii", $updateTime, $subscriberID);
 | |
|         $stmt->execute();
 | |
|         return true;
 | |
| 
 | |
|     }
 | |
| 
 | |
|     public function activate($subscriberID)
 | |
|     {
 | |
|         global $mysqli;
 | |
|         $updateTime = strtotime("now");
 | |
| 
 | |
|         $stmt = $mysqli->prepare("UPDATE subscribers SET update_time = ?, expires = ? WHERE subscriberID = ?");
 | |
|         $tmp = null;
 | |
|         $stmt->bind_param("iii", $updateTime, $tmp, $subscriberID);
 | |
|         $stmt->execute();
 | |
|         return true;
 | |
|     }
 | |
| 
 | |
|     public function delete($subscriberID)
 | |
|     {
 | |
|         global $mysqli;
 | |
| 
 | |
|         $stmt = $mysqli->prepare("DELETE FROM services_subscriber WHERE subscriberIDFK = ?");
 | |
|         $stmt->bind_param("i", $subscriberID);
 | |
|         $stmt->execute();
 | |
|         //$query = $stmt->get_result();
 | |
| 
 | |
|         $stmt = $mysqli->prepare("DELETE FROM subscribers WHERE subscriberID = ?");
 | |
|         $stmt->bind_param("i", $subscriberID);
 | |
|         $stmt->execute();
 | |
|         //$query = $stmt->get_result();
 | |
|         return true;
 | |
| 
 | |
|     }
 | |
| 
 | |
|     public function check_userid_exist()
 | |
|     {
 | |
|         global $mysqli;
 | |
| 
 | |
|         $stmt = $mysqli->prepare("SELECT subscriberID, userID, token, active FROM subscribers WHERE typeID=? AND userID=? LIMIT 1");
 | |
| 
 | |
|         $stmt->bind_param("is", $this->typeID, $this->userID);
 | |
|         $stmt->execute();
 | |
|         $result = $stmt->get_result();
 | |
| 
 | |
|         if($result->num_rows > 0) {
 | |
|             $row = $result->fetch_assoc();
 | |
|             $this->id = $row['subscriberID'];
 | |
|             $this->populate();
 | |
|             return true;
 | |
|         }
 | |
|         return false;
 | |
|     }
 | |
| 
 | |
|     public function is_active_subscriber($token)
 | |
|     {
 | |
|         global $mysqli;
 | |
| 
 | |
|         // error_log(print_r($token, TRUE));
 | |
|         $stmt = $mysqli->prepare("SELECT subscriberID, token, userID, active, expires FROM subscribers WHERE token LIKE ? LIMIT 1");
 | |
|         $stmt->bind_param("s", $token );
 | |
|         $stmt->execute();
 | |
|         $result = $stmt->get_result();
 | |
| 
 | |
|         if ($result->num_rows > 0) {
 | |
|             $row = $result->fetch_assoc();
 | |
|         } else {
 | |
|             // No data found, fail gently...
 | |
|             return false;
 | |
|         }
 | |
|         // error_log(print_r($row, TRUE));
 | |
|         // If account is not already active, check if we are within timeframe of exipre +2h
 | |
|         // and active if so, otherwise,delete account and return falsev
 | |
|         if ( $row['active'] <> 1 ) {
 | |
| 
 | |
|             // Calculate time range for when subscription need to be validated
 | |
|             $time_end   = $row['expires'];
 | |
|             $time_start = $time_end - (3600*2); // TODO - make this interval configurable via a config option
 | |
|             $time_now   = time();
 | |
| 
 | |
|             if ( ($time_now > $time_start) && ($time_now < $time_end) ) {
 | |
|                 // Timefram is within range, active user..
 | |
|                 $stmt2 = $mysqli->prepare("UPDATE subscribers SET active=1, expires=null WHERE subscriberID = ?");
 | |
|                 $stmt2->bind_param("i", $row['subscriberID']);
 | |
|                 $stmt2->execute();
 | |
|                 $result = $stmt2->get_result();
 | |
|                 $this->active = 1;
 | |
|                 $this->id     = $row['subscriberID'];
 | |
|                 $this->userID = $row['userID'];
 | |
|                 $this->token  = $row['token'];
 | |
|                 return true;
 | |
| 
 | |
|             } else {
 | |
|                 // Timeframe outside of given scope -> delete account
 | |
|                 $stmt2 = $mysqli->prepare("DELETE FROM subscribers WHERE subscriberID = ?");
 | |
|                 $stmt2->bind_param("i", $row['subscriberID']);
 | |
|                 $stmt2->execute();
 | |
|                 $result = $stmt2->get_result();
 | |
|                 $this->active = 0;
 | |
|                 return false;
 | |
|             }
 | |
|         }
 | |
| 
 | |
|         // if we get here, account should already be active
 | |
|         $this->active = 1;
 | |
|         $this->id     = $row['subscriberID'];
 | |
|         $this->userID = $row['userID'];
 | |
|         $this->token  = $row['token'];
 | |
|         return true;
 | |
|     }
 | |
| 
 | |
|     /**
 | |
|      * Generate a new 64 byte token (32 bytes converted from bin2hex = 64 bytes)
 | |
|      * @return string token
 | |
|      */
 | |
|     public function generate_token()
 | |
|     {
 | |
|         global $mysqli;
 | |
| 
 | |
|         if ( function_exists('openssl_random_pseudo_bytes') ) {
 | |
|             $token = openssl_random_pseudo_bytes(32);   //Generate a random string.
 | |
|             $token = bin2hex($token);         //Convert the binary data into hexadecimal representation.
 | |
|         } else {
 | |
|             // Use alternative token generator if openssl isn't available...
 | |
|             $token = make_alt_token(32, 32);
 | |
|         }
 | |
| 
 | |
|         // Make sure token doesn't already exist in db
 | |
|         $stmt = $mysqli->prepare("SELECT subscriberID FROM subscribers WHERE token LIKE ?");
 | |
|         echo $mysqli->error;
 | |
|         $stmt->bind_param("s", $token);
 | |
|         $stmt->execute();
 | |
|         $result = $stmt->get_result();
 | |
|         if ($result->num_rows > 0 ) {
 | |
|             // token already exists, call self again
 | |
|             $token = $this->generate_token();
 | |
|         }
 | |
| 
 | |
|         return $token;
 | |
|     }
 | |
| 
 | |
|     /**
 | |
|      * Alternative token generator if openssl_random_pseudo_bytes is not available
 | |
|      * Original code by jsheets at shadonet dot com from http://php.net/manual/en/function.mt-rand.php
 | |
|      * @params int min_length Minimum length of token
 | |
|      * @params int max_length Maximum length of token
 | |
|      * @return String token
 | |
|      */
 | |
|     public function make_alt_token($min_length = 32, $max_length = 64)
 | |
|     {
 | |
|         $key = '';
 | |
| 
 | |
|         // build range and shuffle range using ASCII table
 | |
|         for ($i=0; $i<=255; $i++) {
 | |
|             $range[] = chr($i);
 | |
|         }
 | |
| 
 | |
|         // shuffle our range 3 times
 | |
|         for ($i=0; $i<=3; $i++) {
 | |
|             shuffle($range);
 | |
|         }
 | |
| 
 | |
|         // loop for random number generation
 | |
|         for ($i = 0; $i < mt_rand($min_length, $max_length); $i++) {
 | |
|             $key .= $range[mt_rand(0, count($range)-1)];
 | |
|         }
 | |
| 
 | |
|         $return = bin2hex($key);
 | |
| 
 | |
|         if (!empty($return)) {
 | |
|             return $return;
 | |
|         } else {
 | |
|             return 0;
 | |
|         }
 | |
|     }
 | |
| 
 | |
|     public function set_logged_in()
 | |
|     {
 | |
|         $_SESSION['subscriber_valid']  = true;
 | |
|         $_SESSION['subscriber_id']     = $this->id;
 | |
|         $_SESSION['subscriber_userid'] = $this->userID;
 | |
|         $_SESSION['subscriber_typeid'] = $this->typeID; //email
 | |
|         $_SESSION['subscriber_token']  = $this->token;
 | |
|     }
 | |
| 
 | |
|     public function set_logged_off()
 | |
|     {
 | |
|         unset($_SESSION['subscriber_valid']);
 | |
|         unset($_SESSION['subscriber_userid']);
 | |
|         unset($_SESSION['subscriber_typeid']);
 | |
|         unset($_SESSION['subscriber_id']);
 | |
|         unset($_SESSION['subscriber_token']);
 | |
|     }
 | |
| 
 | |
| }
 |