Sindbad~EG File Manager
<?php
/**
* User Management Class for COP News Portal
*/
class User {
private $conn;
private $table_name = "users";
public function __construct($db) {
$this->conn = $db;
}
public function create($data) {
$query = "INSERT INTO " . $this->table_name . "
(name, email, username, telephone, password, address, description, account_type, user_picture, location_id)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
$stmt = $this->conn->prepare($query);
// Hash password
$hashed_password = password_hash($data['password'], PASSWORD_DEFAULT);
$result = $stmt->execute([
$data['name'],
$data['email'],
$data['username'],
$data['telephone'] ?? '',
$hashed_password,
$data['address'] ?? '',
$data['description'] ?? '',
$data['account_type'] ?? 'user',
$data['user_picture'] ?? '',
$data['location_id'] ?? null
]);
if ($result) {
$user_id = $this->conn->lastInsertId();
log_audit('CREATE', 'users', $user_id, null, $data);
return $user_id;
}
return false;
}
public function authenticate($login, $password) {
$query = "SELECT u.id, u.name, u.email, u.username, u.password, u.account_type, u.location_id, u.status,
l.name as location_name, l.type as location_type
FROM " . $this->table_name . " u
LEFT JOIN locations l ON u.location_id = l.id
WHERE (u.email = ? OR u.username = ?) AND u.status = 'active'";
$stmt = $this->conn->prepare($query);
$stmt->execute([$login, $login]);
if ($stmt->rowCount() > 0) {
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if (password_verify($password, $user['password'])) {
// Remove password from returned data
unset($user['password']);
log_audit('LOGIN', 'users', $user['id']);
return $user;
}
}
return false;
}
public function getById($id) {
$query = "SELECT u.id, u.name, u.email, u.username, u.telephone, u.address, u.description, u.account_type,
u.user_picture, u.location_id, u.status, u.created_at, u.updated_at,
l.name as location_name, l.type as location_type
FROM " . $this->table_name . " u
LEFT JOIN locations l ON u.location_id = l.id
WHERE u.id = ?";
$stmt = $this->conn->prepare($query);
$stmt->execute([$id]);
return $stmt->fetch(PDO::FETCH_ASSOC);
}
public function getAll($filters = []) {
try {
$sql = "SELECT u.*, l.name as location_name, l.type as location_type
FROM users u
LEFT JOIN locations l ON u.location_id = l.id
WHERE 1=1";
$params = [];
// Hide superuser accounts unless current user is also a superuser
if (!isset($filters['show_superuser']) || !$filters['show_superuser']) {
$sql .= " AND u.account_type != 'superuser'";
}
if (!empty($filters['account_type'])) {
$sql .= " AND u.account_type = ?";
$params[] = $filters['account_type'];
}
if (!empty($filters['status'])) {
$sql .= " AND u.status = ?";
$params[] = $filters['status'];
}
if (!empty($filters['location_id'])) {
$sql .= " AND u.location_id = ?";
$params[] = $filters['location_id'];
}
if (!empty($filters['search'])) {
$sql .= " AND (name LIKE ? OR email LIKE ? OR username LIKE ?)";
$searchTerm = '%' . $filters['search'] . '%';
$params[] = $searchTerm;
$params[] = $searchTerm;
$params[] = $searchTerm;
}
$sql .= " ORDER BY created_at DESC";
$stmt = $this->conn->prepare($sql);
$stmt->execute($params);
return $stmt->fetchAll(PDO::FETCH_ASSOC);
} catch (PDOException $e) {
error_log("Users fetch error: " . $e->getMessage());
return [];
}
}
public function update($id, $data) {
$old_data = $this->getById($id);
$fields = [];
$values = [];
foreach ($data as $key => $value) {
if ($key === 'password' && !empty($value)) {
$fields[] = "$key = ?";
$values[] = password_hash($value, PASSWORD_DEFAULT);
} elseif ($key !== 'password') {
$fields[] = "$key = ?";
// Handle null values for foreign key fields
if ($key === 'location_id' && ($value === 0 || $value === '0' || $value === '')) {
$values[] = null;
} else {
$values[] = $value;
}
}
}
if (empty($fields)) {
return false;
}
$values[] = $id;
$query = "UPDATE " . $this->table_name . " SET " . implode(', ', $fields) . " WHERE id = ?";
$stmt = $this->conn->prepare($query);
$result = $stmt->execute($values);
if ($result) {
log_audit('UPDATE', 'users', $id, $old_data, $data);
}
return $result;
}
public function delete($id) {
$old_data = $this->getById($id);
$query = "DELETE FROM " . $this->table_name . " WHERE id = ?";
$stmt = $this->conn->prepare($query);
$result = $stmt->execute([$id]);
if ($result) {
log_audit('DELETE', 'users', $id, $old_data);
}
return $result;
}
public function emailExists($email, $exclude_id = null) {
$query = "SELECT id FROM " . $this->table_name . " WHERE email = ?";
$params = [$email];
if ($exclude_id) {
$query .= " AND id != ?";
$params[] = $exclude_id;
}
$stmt = $this->conn->prepare($query);
$stmt->execute($params);
return $stmt->rowCount() > 0;
}
public function usernameExists($username, $exclude_id = null) {
$query = "SELECT id FROM " . $this->table_name . " WHERE username = ?";
$params = [$username];
if ($exclude_id) {
$query .= " AND id != ?";
$params[] = $exclude_id;
}
$stmt = $this->conn->prepare($query);
$stmt->execute($params);
return $stmt->rowCount() > 0;
}
public function changePassword($id, $old_password, $new_password) {
$query = "SELECT password FROM " . $this->table_name . " WHERE id = ?";
$stmt = $this->conn->prepare($query);
$stmt->execute([$id]);
if ($stmt->rowCount() > 0) {
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if (password_verify($old_password, $user['password'])) {
return $this->update($id, ['password' => $new_password]);
}
}
return false;
}
public function getTotalCount() {
$query = "SELECT COUNT(*) as total FROM " . $this->table_name;
$stmt = $this->conn->prepare($query);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
return $result['total'];
}
public function getByLocation($location_type, $location_name = null) {
$query = "SELECT id, name, email, username, account_type, location_name
FROM " . $this->table_name . "
WHERE location_type = ? AND status = 'active'";
$params = [$location_type];
if ($location_name) {
$query .= " AND location_name = ?";
$params[] = $location_name;
}
$stmt = $this->conn->prepare($query);
$stmt->execute($params);
return $stmt->fetchAll(PDO::FETCH_ASSOC);
}
}
?>
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists