Nextrek

Explore
Commits
@ 772
Nextrek / Android / SmartCharging / endPoints / nightly / repositories / UserRepository.php

<?php
	require_once('UserRepositoryInterface.php');
	require_once(dirname(__FILE__)."/../constants.php");
	require_once(dirname(__FILE__)."/../utilities.php");
	define('FACEBOOK_SDK_V4_SRC_DIR', dirname(__FILE__).'/../fb_SDK/src/Facebook/');
	require_once(dirname(__FILE__)."/../fb_SDK/autoload.php");
	use Facebook\FacebookSession;
	use Facebook\FacebookRedirectLoginHelper;
	use Facebook\FacebookRequest;
	use Facebook\FacebookResponse;
	use Facebook\FacebookSDKException;
	use Facebook\FacebookRequestException;
	use Facebook\FacebookAuthorizationException;
	use Facebook\GraphObject;

	class UserRepository implements UserRepositoryInterface {
		protected $db;

		public function __construct($db) {
			$this->db = $db;
		}

		public static function checkToken($token, $conn) { //utile per il control panel
			try {
				//$queryToken = "SELECT id FROM utente WHERE token='".$token."'";
				$queryToken = "SELECT id FROM utente WHERE token=:token";
				$stmt = $conn->prepare($queryToken);
				$stmt->bindParam(':token', $token);
				$result = $stmt->execute();
				return ($stmt->rowCount()>0);
			} catch (PDOException $e) {
				echo $e->getMessage();
				return false;
			}
		}

		public static function checkUserByToken($user_id, $token, $conn) {
			try {
				//$queryToken = "SELECT id FROM utente WHERE token='".$token."'";
				$queryToken = "SELECT id FROM utente WHERE token=:token AND id=:id";
				$stmt = $conn->prepare($queryToken);
				$stmt->bindParam(':token', $token);
				$stmt->bindParam(':id', $user_id);
				$result = $stmt->execute();
				return ($stmt->rowCount()>0);
			} catch (PDOException $e) {
				echo $e->getMessage();
				return false;
			}
		}

		public static function checkAdminByToken($token, $conn) {
			try {
				//$queryToken = "SELECT id FROM utente WHERE token='".$token."'";
				$queryToken = "SELECT id FROM utente WHERE token=:token AND is_admin=1";
				$stmt = $conn->prepare($queryToken);
				$stmt->bindParam(':token', $token);
				$result = $stmt->execute();
				return ($stmt->rowCount()>0);
			} catch (PDOException $e) {
				echo $e->getMessage();
				return false;
			}
		}

		public static function getUserByToken($token, $conn) {
			try {
				//$queryToken = "SELECT id FROM utente WHERE token='".$token."'";
				$queryToken = "SELECT id FROM utente WHERE token=:token";
				$stmt = $conn->prepare($queryToken);
				$stmt->bindParam(':token', $token);
				$result = $stmt->execute();
				return ($stmt->rowCount()>0) ? $stmt->fetchColumn() : -1;
			} catch (PDOException $e) {
				echo $e->getMessage();
				return -1;
			}
		}

		public function registerUser($user, $password) {
			$status = array();
			
			try {

				if (!$this->checkUserName($user)) { //username già registrato
					$status = createErrorMessage(1, "Username già registrato");
					$status["id"] = -1;
					$status["return"] = 1;
					$status["token"] = "";
					return $status;
				}

				if (!$this->checkEmail($user)) { //email già registrata
					$status = createErrorMessage(2, "Email già registrata");
					$status["id"] = -1;
					//$status["return"] = 2;	
					$status["token"] = "";
					return $status;
				}

				$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
				$newToken = sha1($user->username.session_id().time());

				/*$query = "INSERT INTO utente(username, password, nome, cognome, cell, email, token)
	    				VALUES ('".$user->username."',
	    						'".$hashedPwd."',
	    						'".$user->nome."',
	    						'".$user->cognome."',
	    						'".$user->cell."',
	    						'".$user->email."',
	    						'".$newToken."')";*/
				
				//echo "<br/>".$query."<br/>";

				$query = "INSERT INTO utente(username, password, nome, cognome, cell, email, token)
	    				VALUES (:username, :password, :nome, :cognome, :cell, :email, :token)";

	    		$stmt = $this->db->prepare($query);

				$stmt->bindParam(':username', $user->username);
				$stmt->bindParam(':password', $hashedPwd);
				$stmt->bindParam(':nome', $user->nome);
				$stmt->bindParam(':cognome', $user->cognome);
				$stmt->bindParam(':cell', $user->cell);
				$stmt->bindParam(':email', $user->email);
				$stmt->bindParam(':token', $newToken);

				$result = $stmt->execute();

				//$this->db->exec($query);
				$status["id"] = $this->db->lastInsertId();
				$status["return"] = 0;
				$status["token"] = $newToken;
				return $status;
				//echo "New record created successfully";
			} catch (PDOException $e) {
				echo $e->getMessage();
				$status = createErrorMessage(3, "Errore DB");
				$status["id"] = -1;
				//$status["return"] = 3;
				$status["token"] = "";
				return $status;
			}

		}

		public function loginUser($username, $password, $is_admin) {
			$status = array();

			try {
				//$query = "SELECT id, password, email, is_owner FROM utente WHERE username='".$username."' AND is_active=1";

				$query = "SELECT id, password, email, is_owner FROM utente WHERE username=:username AND is_active=1";

				if ($is_admin) {
					$query = $query." AND is_admin=1";
				}

				$stmt = $this->db->prepare($query);
				$stmt->bindParam(':username', $username);
				$result = $stmt->execute();

				/*$result = $this->db->query($query);
				$row = ($result->rowCount()>0) ? $result->fetch() : null;*/

				$row = ($stmt->rowCount()>0) ? $stmt->fetch() : null;

				if (is_null($row)) {
					$status = createErrorMessage(1, "Username non valido");
					//$status["return"] = 1;
					$status["id"] = -1;
					$status["token"] = "";
				} else if (!password_verify($password, $row["password"])) {
					$status = createErrorMessage(1, "Password non valida");
					//$status["return"] = 1;
					$status["id"] = -1;
					$status["token"] = "";
				} else {
					//$newToken = sha1($row["email"].session_id().time());
					$newToken = sha1($username.session_id().time());

					/*$queryToken = "UPDATE utente
									SET token='".$newToken."'
									WHERE id=".$row["id"];*/

					//echo "<br/>".$queryToken."<br/>";

					$queryToken = "UPDATE utente SET token=:token WHERE id=:id";

					//$this->db->exec($queryToken);

					$stmt = $this->db->prepare($queryToken);
					$stmt->bindParam(':token', $newToken);
					$stmt->bindParam(':id', $row["id"]);
					$stmt->execute();

					$status["return"] = 0;
					$status["is_owner"] = $row["is_owner"];
					$status["id"] = $row["id"];
					$status["token"] = $newToken;
				}

				return $status;

			} catch (PDOException $e) {
				echo $e->getMessage();
				$status = createErrorMessage(2, "Errore DB");
				//$status["return"] = 2;
				$status["id"] = -1;
				$status["token"] = "";
				return $status;
			}
		}

		public function logoutUser($user_id) {
			$status = array();
			try {
				/*$queryToken = "UPDATE utente
								SET token = ''
								WHERE id=".$user_id;*/

				//echo "<br/>".$queryToken."<br/>";

				$queryToken = "UPDATE utente SET token='' WHERE id=:id";

				//$this->db->exec($queryToken);

				$stmt = $this->db->prepare($queryToken);
				$stmt->bindParam(':id', $user_id);
				$stmt->execute();

				$status["return"] = 0;
				return $status;
			} catch (PDOException $e) {
				echo $e->getMessage();
				$status = createErrorMessage(1, "Errore DB");
				//$status["return"] = 1;
				return $status;
			}
		}

		public function facebookLogin($fb_user, $fb_token, $user_email = null, $username = null) {
			$status = array();

			FacebookSession::setDefaultApplication(
	            '1444964019146825', //$appId
	            '1596f53e44c38ff927a9491ec6bff882' //$appSecret
	        );

	        try {
	        	$session = new FacebookSession($fb_token);
            	$session->validate();

            	if (!isset($session)) {
            		$status = createErrorMessage(1, "Sessione FB non valida");
            		//$status["return"] = 1;
					$status["id"] = -1;
					$status["token"] = "";
					return $status;	
            	}

            	//richiesta alla facebook graph, richiedendo id_utente, nome ed email
	            $request     = new FacebookRequest($session, 'GET', '/me?fields=id,first_name,last_name,email');
	            $response    = $request->execute();
	            $graphObject = $response->getGraphObject();

	            if ($fb_user != $graphObject->getProperty('id')) { //Il token ricevuto non coincide con quello di FB
	            	$status = createErrorMessage(1, "Il token ricevuto non coincide con quello di FB");
	            	//$status["return"] = 1;
					$status["id"] = -1;
					$status["token"] = "";
					return $status;
	            }

	            $u_first_name  = $graphObject->getProperty('first_name');
	            $u_last_name  = $graphObject->getProperty('last_name');
            	$u_email = $graphObject->getProperty('email');

            	//$sql = "SELECT id, username FROM utente WHERE email='".$user_email."'";
            	$sql = "SELECT id, username FROM utente WHERE email=:email";

            	//$result = $this->db->query($sql);

            	$stmt = $this->db->prepare($sql);
				$stmt->bindParam(':email', is_null($user_email) ? $u_email : $user_email);
				$stmt->execute();

				$row = ($stmt->rowCount()>0) ? $stmt->fetch() : null;

				if (!is_null($row)) { //utente già esistente

					/*$sql = "UPDATE utente
							SET nome='".$u_first_name."', cognome='".$u_last_name."', email='".$u_email."', token='".$fb_token."'
							WHERE id=".$row["id"];*/

					$sql = "UPDATE utente
							SET nome=:nome, cognome=:cognome, email=:email, token=:token
							WHERE id=:id";

					$stmt = $this->db->prepare($sql);
					$stmt->bindParam(':nome', $u_first_name);
					$stmt->bindParam(':cognome', $u_last_name);
					$stmt->bindParam(':email', $u_email);
					$stmt->bindParam(':token', $fb_token);
					$stmt->bindParam(':id', $row["id"]);
					$stmt->execute();

					//$this->db->exec($sql);
					$status["id"] = $row["id"];
					$status["username"] = $row["username"];

				} else { //creazione nuova utenza

					$u_id = $graphObject->getProperty('id');
					
					$arrContextOptions = array( //workaround per errore SSL
					    "ssl" => array(
					        "verify_peer" => false,
					        "verify_peer_name" => false,
					    ),
					);

					$fb_avatar_data = file_get_contents("http://graph.facebook.com/".$u_id."/picture?type=large", false, stream_context_create($arrContextOptions));

        			$image_filename = uniqid().".jpg";

        			$file = fopen($_SERVER['DOCUMENT_ROOT'].AVATAR_PATH.$image_filename, 'w+');
					fputs($file, $fb_avatar_data);
					fclose($file);

					/*$sql = "INSERT INTO utente (nome,cognome,email,token,username,avatar)
							VALUES ('".$u_first_name."','".$u_last_name."','".$u_email."','".$fb_token."','".$username."','".$image_filename."')";*/

					//echo "<br/>".$sql."<br/>";

					$sql = "INSERT INTO utente (nome,cognome,email,token,username,avatar)
							VALUES (:nome,:cognome,:email,:token,:username,:avatar)";

					$usernameToPut = (is_null($username)) ? $u_first_name."$".uniqid() : $username."$".uniqid();

					$stmt = $this->db->prepare($sql);
					$stmt->bindParam(':nome', $u_first_name);
					$stmt->bindParam(':cognome', $u_last_name);
					$stmt->bindParam(':email', $u_email);
					$stmt->bindParam(':token', $fb_token);
					$stmt->bindParam(':username', $usernameToPut);
					$stmt->bindParam(':avatar', $image_filename);
					$stmt->execute();

					//$this->db->exec($sql);
					$status["id"] = $this->db->lastInsertId();
					$status["username"] = $usernameToPut;

				}

				$status["return"] = 0;
				$status["email"] = $u_email;
				$status["token"] = $fb_token;		
                return $status;

	        } catch (Exception $e) {
	        	echo $e->getMessage();
	        	$status = createErrorMessage(1, "Errore DB");
	        	//$status["return"] = 1;
				$status["id"] = -1;
				$status["token"] = "";
				$status["email"] = "";
				$status["username"] = "";
				return $status;
	        }
		}

		//true se username è disponibile, false altrimenti
		protected function checkUserName($user) {
			$query = "SELECT count(*) from utente WHERE username='".$user->username."'";
			$result = $this->db->query($query);
			return ($result->fetchColumn() == "0");
		}

		//true se email è disponibile, false altrimenti
		protected function checkEmail($user) {
			$query = "SELECT count(*) from utente WHERE email='".$user->email."'";
			$result = $this->db->query($query);
			return ($result->fetchColumn() == "0");
		}

		public function getAvatar($user_id) {
			$status = array();
			try {
				//$query = "SELECT avatar FROM utente WHERE id='".$user_id."'";
				$query = "SELECT avatar FROM utente WHERE id=:id";

				$stmt = $this->db->prepare($query);
				$stmt->bindParam(':id', $user_id);
				$result = $stmt->execute();

				//$result = $this->db->query($query);
				$row = ($stmt->rowCount()>0) ? $stmt->fetch() : null;

				if (!is_null($row)) {
					$status["return"] = 0;
					$status["id"] = $user_id;
					$status["avatar"] = ($row["avatar"] != "") ? IMAGE_SERVER.AVATAR_PATH.$row["avatar"] : "";
				} else {
					$status = createErrorMessage(1, "User ID non disponibile");
					//$status["return"] = 1;
					$status["id"] = -1;
					$status["avatar"] = "";
				}

				return $status;

			} catch (PDOException $e) {
				echo $e->getMessage();
				$status = createErrorMessage(1, "Errore DB");
				//$status["return"] = 1;
				$status["id"] = -1;
				$status["avatar"] = "";
				return $status;
			}
		}

		public function setAvatar($user_id, $avatar_url) {
			$status = array();

			try {
				/*$query = "UPDATE utente
							SET avatar='".$avatar_url."'
	    					WHERE id=".$user_id;*/

	    		//echo "<br/>".$query."<br/>";

	    		$query = "UPDATE utente SET avatar=:avatar WHERE id=:id";

	    		$stmt = $this->db->prepare($query);
	    		$stmt->bindParam(':avatar', $avatar_url);
				$stmt->bindParam(':id', $user_id);
				$stmt->execute();

				//$this->db->exec($query);
				$status["return"] = 0;
				$status["avatar_name"] = $avatar_url;
				return $status;
			} catch (PDOException $e) {
				echo $e->getMessage();
				$status = createErrorMessage(1, "Errore DB");
				//$status["return"] = 1;
				$status["avatar_name"] = "";
				return $status;
			}
		}

		public function editUser($user) { //$user è l'oggetto Utente
			$status = array();
			$array_params = array();

			try {

				$setString = "";

				if (isset($user->nome) && !is_null($user->nome)) {
					//$setString = ($setString == "") ? "nome='".$user->nome."'" : $setString.",nome='".$user->nome."'";
					$setString = ($setString == "") ? "nome=:nome" : $setString.",nome=:nome";
					$array_params[":nome"] = $user->nome;
				}

				if (isset($user->cognome) && !is_null($user->cognome)) {
					//$setString = ($setString == "") ? "cognome='".$user->cognome."'" : $setString.",cognome='".$user->cognome."'";
					$setString = ($setString == "") ? "cognome=:cognome" : $setString.",cognome=:cognome";
					$array_params[":cognome"] = $user->cognome;
				}

				if (isset($user->cell) && !is_null($user->cell)) {
					//$setString = ($setString == "") ? "cell='".$user->cell."'" : $setString.",cell='".$user->cell."'";
					$setString = ($setString == "") ? "cell=:cell" : $setString.",cell=:cell";
					$array_params[":cell"] = $user->cell;
				}

				if (isset($user->email) && !is_null($user->email)) {
					//$setString = ($setString == "") ? "email='".$user->email."'" : $setString.",email='".$user->email."'";
					$setString = ($setString == "") ? "email=:email" : $setString.",email=:email";
					$array_params[":email"] = $user->email;
				}

				/*$query = "UPDATE utente
							SET ".$setString."
	    					WHERE id=".$user->id;*/

	    		//echo "<br/>".$query."<br/>";

				//$this->db->exec($query);

	    		$query = "UPDATE utente
							SET ".$setString."
	    					WHERE id=:id";

	    		$array_params[":id"] = $user->id;

	    		$stmt = $this->db->prepare($query);
				$stmt->execute($array_params);

				$status["return"] = 0;

			} catch (PDOException $e) {
				echo $e->getMessage();
				$status = createErrorMessage(1, "Errore DB");
				//$status["return"] = 1;
				return $status;
			}

			return $status;

		}

		public function deleteUser($user_id) {
			$status = array();
			/*$query = "UPDATE utente,locale
						SET utente.is_active=0, utente.token='', locale.hidden=1 
						WHERE utente.id=".$user_id." AND locale.id_utente_owner=".$user_id;*/

			$queryUtente = "UPDATE utente
						SET is_active=0, token=''
						WHERE id=:id_utente";

			try {
				$stmt = $this->db->prepare($queryUtente);
	    		$stmt->bindParam(':id_utente', $user_id);
				$resultUtente = $stmt->execute();

				if ($resultUtente) {
					$queryLocale = "UPDATE locale
									SET hidden=1 
									WHERE id_utente_owner=:id_utente_owner";

					$stmt = $this->db->prepare($queryLocale);
					$stmt->bindParam(':id_utente_owner', $user_id);
					$stmt->execute();
				} else {
					$status = createErrorMessage(1, "Errore DB");
					return $status;
				}
				//$this->db->exec($query);
				$status["return"] = 0;
				return $status;
			} catch (PDOException $e) {
				echo $e->getMessage();
				$status = createErrorMessage(1, "Errore DB");
				//$status["return"] = 1;
				return $status;
			}
		}

		public function enableUser($user_id) {
			$status = array();
			/*$query = "UPDATE utente,locale
						SET utente.is_active=1, locale.hidden=0
						WHERE utente.id=".$user_id." AND locale.id_utente_owner=".$user_id;*/

			$queryUtente = "UPDATE utente
						SET is_active=1
						WHERE id=:id_utente";

			try {
				$stmt = $this->db->prepare($queryUtente);
	    		$stmt->bindParam(':id_utente', $user_id);
				$resultUtente = $stmt->execute();

				if ($resultUtente) {
					$queryLocale = "UPDATE locale
									SET hidden=0
									WHERE id_utente_owner=:id_utente_owner";

					$stmt = $this->db->prepare($queryLocale);
					$stmt->bindParam(':id_utente_owner', $user_id);
					$stmt->execute();
				} else {
					$status = createErrorMessage(1, "Errore DB");
					return $status;
				}

				//$this->db->exec($query);
				$status["return"] = 0;
				return $status;
			} catch (PDOException $e) {
				echo $e->getMessage();
				$status = createErrorMessage(1, "Errore DB");
				//$status["return"] = 1;
				return $status;
			}
		}

	}

?>
Commits for Nextrek/Android/SmartCharging/endPoints/nightly/repositories/UserRepository.php

Revision	Author	Commited	Message
772 Diff	FSallustio	Tue 22 Sep, 2015 16:19:05 +0000
764 Diff	FSallustio	Tue 22 Sep, 2015 09:56:52 +0000
763 Diff	FSallustio	Tue 22 Sep, 2015 09:46:08 +0000	Aggiunto campo “email” nell’output della login_facebook.php
730 Diff	FSallustio	Tue 15 Sep, 2015 08:03:22 +0000
725 Diff	FSallustio	Wed 09 Sep, 2015 07:51:47 +0000	Gestione utenze admin in SC
723 Diff	FSallustio	Tue 08 Sep, 2015 15:05:25 +0000	Aggiunto check sull’associazione tra utente e token.
721 Diff	FSallustio	Tue 08 Sep, 2015 13:23:54 +0000
716 Diff	FSallustio	Tue 08 Sep, 2015 08:29:01 +0000	[DA TESTARE] Utilizzo dei prepared statement nelle PDO, anziché le query dirette da stringa.
714 Diff	FSallustio	Mon 07 Sep, 2015 16:53:52 +0000
711	FSallustio	Mon 07 Sep, 2015 16:30:16 +0000
History View complete history Commits RSS feed for /Android/SmartCharging/endPoints/nightly/repositories/UserRepository.php
Need assistance? Get in touch, or head to our documentation site.
URLs

Nextrek / Android / SmartCharging / endPoints / nightly / repositories / UserRepository.php

Commits for Nextrek/Android/SmartCharging/endPoints/nightly/repositories/UserRepository.php
