aboutsummaryrefslogtreecommitdiffstats
path: root/public/admin/model/user
diff options
context:
space:
mode:
authorJesús <heckyel@hyperbola.info>2019-08-18 21:14:58 -0500
committerJesús <heckyel@hyperbola.info>2019-08-18 21:14:58 -0500
commit2eed7b082f83630301e51f57ca8394de228a8605 (patch)
tree1d19962d22d30f99317d9276e4bae7744fc93fc2 /public/admin/model/user
downloadlibrecart-2eed7b082f83630301e51f57ca8394de228a8605.tar.lz
librecart-2eed7b082f83630301e51f57ca8394de228a8605.tar.xz
librecart-2eed7b082f83630301e51f57ca8394de228a8605.zip
first commit
Diffstat (limited to 'public/admin/model/user')
-rw-r--r--public/admin/model/user/api.php123
-rw-r--r--public/admin/model/user/user.php108
-rw-r--r--public/admin/model/user/user_group.php85
3 files changed, 316 insertions, 0 deletions
diff --git a/public/admin/model/user/api.php b/public/admin/model/user/api.php
new file mode 100644
index 0000000..993451f
--- /dev/null
+++ b/public/admin/model/user/api.php
@@ -0,0 +1,123 @@
+<?php
+class ModelUserApi extends Model {
+ public function addApi($data) {
+ $this->db->query("INSERT INTO `" . DB_PREFIX . "api` SET username = '" . $this->db->escape($data['username']) . "', `key` = '" . $this->db->escape($data['key']) . "', status = '" . (int)$data['status'] . "', date_added = NOW(), date_modified = NOW()");
+
+ $api_id = $this->db->getLastId();
+
+ if (isset($data['api_ip'])) {
+ foreach ($data['api_ip'] as $ip) {
+ if ($ip) {
+ $this->db->query("INSERT INTO `" . DB_PREFIX . "api_ip` SET api_id = '" . (int)$api_id . "', ip = '" . $this->db->escape($ip) . "'");
+ }
+ }
+ }
+
+ return $api_id;
+ }
+
+ public function editApi($api_id, $data) {
+ $this->db->query("UPDATE `" . DB_PREFIX . "api` SET username = '" . $this->db->escape($data['username']) . "', `key` = '" . $this->db->escape($data['key']) . "', status = '" . (int)$data['status'] . "', date_modified = NOW() WHERE api_id = '" . (int)$api_id . "'");
+
+ $this->db->query("DELETE FROM " . DB_PREFIX . "api_ip WHERE api_id = '" . (int)$api_id . "'");
+
+ if (isset($data['api_ip'])) {
+ foreach ($data['api_ip'] as $ip) {
+ if ($ip) {
+ $this->db->query("INSERT INTO `" . DB_PREFIX . "api_ip` SET api_id = '" . (int)$api_id . "', ip = '" . $this->db->escape($ip) . "'");
+ }
+ }
+ }
+ }
+
+ public function deleteApi($api_id) {
+ $this->db->query("DELETE FROM `" . DB_PREFIX . "api` WHERE api_id = '" . (int)$api_id . "'");
+ }
+
+ public function getApi($api_id) {
+ $query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "api` WHERE api_id = '" . (int)$api_id . "'");
+
+ return $query->row;
+ }
+
+ public function getApis($data = array()) {
+ $sql = "SELECT * FROM `" . DB_PREFIX . "api`";
+
+ $sort_data = array(
+ 'username',
+ 'status',
+ 'date_added',
+ 'date_modified'
+ );
+
+ if (isset($data['sort']) && in_array($data['sort'], $sort_data)) {
+ $sql .= " ORDER BY " . $data['sort'];
+ } else {
+ $sql .= " ORDER BY username";
+ }
+
+ if (isset($data['order']) && ($data['order'] == 'DESC')) {
+ $sql .= " DESC";
+ } else {
+ $sql .= " ASC";
+ }
+
+ if (isset($data['start']) || isset($data['limit'])) {
+ if ($data['start'] < 0) {
+ $data['start'] = 0;
+ }
+
+ if ($data['limit'] < 1) {
+ $data['limit'] = 20;
+ }
+
+ $sql .= " LIMIT " . (int)$data['start'] . "," . (int)$data['limit'];
+ }
+
+ $query = $this->db->query($sql);
+
+ return $query->rows;
+ }
+
+ public function getTotalApis() {
+ $query = $this->db->query("SELECT COUNT(*) AS total FROM `" . DB_PREFIX . "api`");
+
+ return $query->row['total'];
+ }
+
+ public function addApiIp($api_id, $ip) {
+ $this->db->query("INSERT INTO `" . DB_PREFIX . "api_ip` SET api_id = '" . (int)$api_id . "', ip = '" . $this->db->escape($ip) . "'");
+ }
+
+ public function getApiIps($api_id) {
+ $query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "api_ip` WHERE api_id = '" . (int)$api_id . "'");
+
+ return $query->rows;
+ }
+
+ public function addApiSession($api_id, $session_id, $ip) {
+ $api_ip_query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "api_ip` WHERE ip = '" . $this->db->escape($ip) . "'");
+
+ if (!$api_ip_query->num_rows) {
+ $this->db->query("INSERT INTO `" . DB_PREFIX . "api_ip` SET api_id = '" . (int)$api_id . "', ip = '" . $this->db->escape($ip) . "'");
+ }
+
+ $this->db->query("INSERT INTO `" . DB_PREFIX . "api_session` SET api_id = '" . (int)$api_id . "', session_id = '" . $this->db->escape($session_id) . "', ip = '" . $this->db->escape($ip) . "', date_added = NOW(), date_modified = NOW()");
+
+ return $this->db->getLastId();
+ }
+
+ public function getApiSessions($api_id) {
+ $query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "api_session` WHERE api_id = '" . (int)$api_id . "'");
+
+ return $query->rows;
+ }
+
+ public function deleteApiSession($api_session_id) {
+ $this->db->query("DELETE FROM `" . DB_PREFIX . "api_session` WHERE api_session_id = '" . (int)$api_session_id . "'");
+ }
+
+ public function deleteApiSessionBySessonId($session_id) {
+ $this->db->query("DELETE FROM `" . DB_PREFIX . "api_session` WHERE session_id = '" . $this->db->escape($session_id) . "'");
+ }
+}
diff --git a/public/admin/model/user/user.php b/public/admin/model/user/user.php
new file mode 100644
index 0000000..ccaa4c0
--- /dev/null
+++ b/public/admin/model/user/user.php
@@ -0,0 +1,108 @@
+<?php
+class ModelUserUser extends Model {
+ public function addUser($data) {
+ $this->db->query("INSERT INTO `" . DB_PREFIX . "user` SET username = '" . $this->db->escape($data['username']) . "', user_group_id = '" . (int)$data['user_group_id'] . "', salt = '" . $this->db->escape($salt = token(9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($data['password'])))) . "', firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', image = '" . $this->db->escape($data['image']) . "', status = '" . (int)$data['status'] . "', date_added = NOW()");
+
+ return $this->db->getLastId();
+ }
+
+ public function editUser($user_id, $data) {
+ $this->db->query("UPDATE `" . DB_PREFIX . "user` SET username = '" . $this->db->escape($data['username']) . "', user_group_id = '" . (int)$data['user_group_id'] . "', firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', image = '" . $this->db->escape($data['image']) . "', status = '" . (int)$data['status'] . "' WHERE user_id = '" . (int)$user_id . "'");
+
+ if ($data['password']) {
+ $this->db->query("UPDATE `" . DB_PREFIX . "user` SET salt = '" . $this->db->escape($salt = token(9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($data['password'])))) . "' WHERE user_id = '" . (int)$user_id . "'");
+ }
+ }
+
+ public function editPassword($user_id, $password) {
+ $this->db->query("UPDATE `" . DB_PREFIX . "user` SET salt = '" . $this->db->escape($salt = token(9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($password)))) . "', code = '' WHERE user_id = '" . (int)$user_id . "'");
+ }
+
+ public function editCode($email, $code) {
+ $this->db->query("UPDATE `" . DB_PREFIX . "user` SET code = '" . $this->db->escape($code) . "' WHERE LCASE(email) = '" . $this->db->escape(utf8_strtolower($email)) . "'");
+ }
+
+ public function deleteUser($user_id) {
+ $this->db->query("DELETE FROM `" . DB_PREFIX . "user` WHERE user_id = '" . (int)$user_id . "'");
+ }
+
+ public function getUser($user_id) {
+ $query = $this->db->query("SELECT *, (SELECT ug.name FROM `" . DB_PREFIX . "user_group` ug WHERE ug.user_group_id = u.user_group_id) AS user_group FROM `" . DB_PREFIX . "user` u WHERE u.user_id = '" . (int)$user_id . "'");
+
+ return $query->row;
+ }
+
+ public function getUserByUsername($username) {
+ $query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "user` WHERE username = '" . $this->db->escape($username) . "'");
+
+ return $query->row;
+ }
+
+ public function getUserByEmail($email) {
+ $query = $this->db->query("SELECT DISTINCT * FROM `" . DB_PREFIX . "user` WHERE LCASE(email) = '" . $this->db->escape(utf8_strtolower($email)) . "'");
+
+ return $query->row;
+ }
+
+ public function getUserByCode($code) {
+ $query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "user` WHERE code = '" . $this->db->escape($code) . "' AND code != ''");
+
+ return $query->row;
+ }
+
+ public function getUsers($data = array()) {
+ $sql = "SELECT * FROM `" . DB_PREFIX . "user`";
+
+ $sort_data = array(
+ 'username',
+ 'status',
+ 'date_added'
+ );
+
+ if (isset($data['sort']) && in_array($data['sort'], $sort_data)) {
+ $sql .= " ORDER BY " . $data['sort'];
+ } else {
+ $sql .= " ORDER BY username";
+ }
+
+ if (isset($data['order']) && ($data['order'] == 'DESC')) {
+ $sql .= " DESC";
+ } else {
+ $sql .= " ASC";
+ }
+
+ if (isset($data['start']) || isset($data['limit'])) {
+ if ($data['start'] < 0) {
+ $data['start'] = 0;
+ }
+
+ if ($data['limit'] < 1) {
+ $data['limit'] = 20;
+ }
+
+ $sql .= " LIMIT " . (int)$data['start'] . "," . (int)$data['limit'];
+ }
+
+ $query = $this->db->query($sql);
+
+ return $query->rows;
+ }
+
+ public function getTotalUsers() {
+ $query = $this->db->query("SELECT COUNT(*) AS total FROM `" . DB_PREFIX . "user`");
+
+ return $query->row['total'];
+ }
+
+ public function getTotalUsersByGroupId($user_group_id) {
+ $query = $this->db->query("SELECT COUNT(*) AS total FROM `" . DB_PREFIX . "user` WHERE user_group_id = '" . (int)$user_group_id . "'");
+
+ return $query->row['total'];
+ }
+
+ public function getTotalUsersByEmail($email) {
+ $query = $this->db->query("SELECT COUNT(*) AS total FROM `" . DB_PREFIX . "user` WHERE LCASE(email) = '" . $this->db->escape(utf8_strtolower($email)) . "'");
+
+ return $query->row['total'];
+ }
+} \ No newline at end of file
diff --git a/public/admin/model/user/user_group.php b/public/admin/model/user/user_group.php
new file mode 100644
index 0000000..acf2776
--- /dev/null
+++ b/public/admin/model/user/user_group.php
@@ -0,0 +1,85 @@
+<?php
+class ModelUserUserGroup extends Model {
+ public function addUserGroup($data) {
+ $this->db->query("INSERT INTO " . DB_PREFIX . "user_group SET name = '" . $this->db->escape($data['name']) . "', permission = '" . (isset($data['permission']) ? $this->db->escape(json_encode($data['permission'])) : '') . "'");
+
+ return $this->db->getLastId();
+ }
+
+ public function editUserGroup($user_group_id, $data) {
+ $this->db->query("UPDATE " . DB_PREFIX . "user_group SET name = '" . $this->db->escape($data['name']) . "', permission = '" . (isset($data['permission']) ? $this->db->escape(json_encode($data['permission'])) : '') . "' WHERE user_group_id = '" . (int)$user_group_id . "'");
+ }
+
+ public function deleteUserGroup($user_group_id) {
+ $this->db->query("DELETE FROM " . DB_PREFIX . "user_group WHERE user_group_id = '" . (int)$user_group_id . "'");
+ }
+
+ public function getUserGroup($user_group_id) {
+ $query = $this->db->query("SELECT DISTINCT * FROM " . DB_PREFIX . "user_group WHERE user_group_id = '" . (int)$user_group_id . "'");
+
+ $user_group = array(
+ 'name' => $query->row['name'],
+ 'permission' => json_decode($query->row['permission'], true)
+ );
+
+ return $user_group;
+ }
+
+ public function getUserGroups($data = array()) {
+ $sql = "SELECT * FROM " . DB_PREFIX . "user_group";
+
+ $sql .= " ORDER BY name";
+
+ if (isset($data['order']) && ($data['order'] == 'DESC')) {
+ $sql .= " DESC";
+ } else {
+ $sql .= " ASC";
+ }
+
+ if (isset($data['start']) || isset($data['limit'])) {
+ if ($data['start'] < 0) {
+ $data['start'] = 0;
+ }
+
+ if ($data['limit'] < 1) {
+ $data['limit'] = 20;
+ }
+
+ $sql .= " LIMIT " . (int)$data['start'] . "," . (int)$data['limit'];
+ }
+
+ $query = $this->db->query($sql);
+
+ return $query->rows;
+ }
+
+ public function getTotalUserGroups() {
+ $query = $this->db->query("SELECT COUNT(*) AS total FROM " . DB_PREFIX . "user_group");
+
+ return $query->row['total'];
+ }
+
+ public function addPermission($user_group_id, $type, $route) {
+ $user_group_query = $this->db->query("SELECT DISTINCT * FROM " . DB_PREFIX . "user_group WHERE user_group_id = '" . (int)$user_group_id . "'");
+
+ if ($user_group_query->num_rows) {
+ $data = json_decode($user_group_query->row['permission'], true);
+
+ $data[$type][] = $route;
+
+ $this->db->query("UPDATE " . DB_PREFIX . "user_group SET permission = '" . $this->db->escape(json_encode($data)) . "' WHERE user_group_id = '" . (int)$user_group_id . "'");
+ }
+ }
+
+ public function removePermission($user_group_id, $type, $route) {
+ $user_group_query = $this->db->query("SELECT DISTINCT * FROM " . DB_PREFIX . "user_group WHERE user_group_id = '" . (int)$user_group_id . "'");
+
+ if ($user_group_query->num_rows) {
+ $data = json_decode($user_group_query->row['permission'], true);
+
+ $data[$type] = array_diff($data[$type], array($route));
+
+ $this->db->query("UPDATE " . DB_PREFIX . "user_group SET permission = '" . $this->db->escape(json_encode($data)) . "' WHERE user_group_id = '" . (int)$user_group_id . "'");
+ }
+ }
+} \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-17 08:28:43 +0000