<?php
/* Skynet - Automated "Cloud" Security Scanner                                *#
#* Copyright (C) 2014-present  Jason Frisvold <friz@godshell.com>             *#
#*                                                                            *#
#* This program is free software; you can redistribute it and/or modify       *#
#* it under the terms of the GNU General Public License as published by       *#
#* the Free Software Foundation; either version 2 of the License, or          *#
#* (at your option) any later version.                                        *#
#*                                                                            *#
#* This program is distributed in the hope that it will be useful,            *#
#* but WITHOUT ANY WARRANTY; without even the implied warranty of             *#
#* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *#
#* GNU General Public License for more details.                               *#
#*                                                                            *#
#* You should have received a copy of the GNU General Public License          *#
#* along with this program; if not, write to the Free Software                *#
#* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA */

/**
 * This is the skynet User class.
 * Each object represents a single User
 *
 * @package default
 */

// File is only accessible from within the skynet program
if (!defined('skynet')) exit();

/**
 * @package skynetUser
 */
class skynetUser {
   /**
    * These are the class variables
    */
   private $user_id;             // Integer
   private $username;            // Char(15)
   private $passwordHash;        // Char()
   private $fullname;            // Char(40)
   private $email;               // Char(320)
   private $adminflag;           // Boolean (TinyInt)
   private $logged_in;           // Boolean

   private $sqlhdlr;             // Object

   private $dirty_flag;          // Boolean
   private $pwd_dirty_flag;      // Boolean

   private $deleteme;

   /**
    * Class Constructor
    *
    * @param string $dbHost The database host
    * @param string $dbUser The user to access the database
    * @param string $dbPass The password to access the database
    * @param string $dbName The name of the database
    * @param string $username String representing the username
    * @param string $password String representing the password
    * @param boolean $login Boolean value indicating whether this is a login
    *                       attempt
    */ 
   public function __construct($sqlhdlr, $uid = -1, $username = '',
                               $password = '', $login = false) {

      // Store the database handler
      $this->sqlhdlr = $sqlhdlr;

      // Everyone starts with a clean slate
      $this->dirty_flag = false;
      $this->pwd_dirty_flag = false;

      // Don't delete unless explicitly told to
      $this->deleteme = false;

      // All users are considered offline until otherwise determined
      $this->logged_in = false;

      // Check to see if this is a login attempt
      if ($login) {
         // Input checking for username and password
         $skynet_nameRegex = '/^[a-zA-Z0-9_\-]{1,15}\z/';
         $skynet_pwdRegex = '/^[a-zA-Z0-9@#$%\^&\*\/]{4,15}\z/';
         $clean_username = '';
         $clean_password = '';

         if (preg_match($skynet_nameRegex, $username)) {
            $clean_username = $username;
         }

         if (preg_match($skynet_pwdRegex, $password)) {
            $clean_password = $password;
         }

         //// Check the database for the user and get their password
         $results = $this->sqlhdlr->table('users')
            ->select('id', 'password')
            ->where('username', $clean_username)
            ->first();

         $this->user_id = $results['id'];
         $this->passwordHash = $results['password']; 
               
         if (password_verify($clean_password, $this->passwordHash)) {
            if (password_needs_rehash($this->passwordHash,
                                      PASSWORD_BCRYPT,
                                      ['cost' => 10])) {
                $this->passwordHash = password_hash($password);
                $this->_update_password();
            }
            $this->logged_in = true;
         }
       }

      // If we have a UID, or we are logged in
      if ((is_numeric($uid) && ($uid != -1)) || $this->logged_in) {
         // Assign the UID if needed
         if (! $this->logged_in) {
            $this->user_id = $uid;
         }

         $results = $this->sqlhdlr->table('users')
            ->select('username', 'full_name', 'email', 'admin')
            ->where('id', $this->user_id)
            ->first();

         $this->username = $results['username'];
         $this->fullname = $results['full_name'];
         $this->email = $results['email'];
         $this->adminflag = $results['admin'];

      // New user, use defaults
      } else {
         $this->user_id = -1;
         $this->username($username);
         $this->fullname = '';
         $this->adminflag = 0;

         // Mark the object as dirty, as long as we're not trying to login
         if (! $login)
            $this->dirty_flag = true;
      }
   }

   /**
    * Return the user_id
    *
    * @return integer user_id of the user this object represents
    */
   public function user_id() {
      if ($this->user_id == -1) {
         $this->_serialize();
      }

      return $this->user_id;
   }

   /**
    * Return the logged_in status
    *
    * @return boolean Boolean value indicating whether or not the user is
    *                 logged in
    */
   public function logged_in() {
      return $this->logged_in;
   }

   /**
    * Set the user's password
    *
    * @param string $password String representing the user password
    *
    * @return string Returns the user's password, or NULL if the password being
    *                set does not pass validation
    */
   public function password($password = '') {
      $skynet_pwdRegex = '/^[a-zA-Z0-9@#$%\^&\*\/]{4,15}\z/';
      if (! empty($password)) {
         if (preg_match($skynet_pwdRegex, $password)) {

            $this->passwordHash =
               password_hash($password, PASSWORD_BCRYPT, ['cost' => 10]);
   
            // Mark as dirty
            $this->pwd_dirty_flag = true;
            return true;
         }
      }

      return false;
   }

   /**
    * Set / Return the username
    *
    * @param string $username String representing the username
    *
    * @return string Returns the username, or null if the supplied username
    *                fails validation
    */
   public function username($username = '') {
      $skynet_nameRegex = '/^[a-zA-Z0-9_\-]{1,15}\z/';
      if (! empty($username) && (! strcmp($username, $this->username) == 0)) {
         if (preg_match($skynet_nameRegex, $username) && ($username != 'guest')) {
            $this->username = $username;

            // Mark as dirty, if the user is logged in
            if ($this->logged_in)
               $this->dirty_flag = true;
         } else {
            return null;
         }
      }

      return $this->username;
   }

   /**
    * Set / Return the full name
    *
    * @param string $fullname String representing the full name
    *
    * @return string Returns the full name, or null if the supplied full name
    *                fails validation
    */
   public function fullname($fullname = '') {
      $skynet_fullnameRegex = '/^[a-zA-Z0-9_\-\ \']{1,40}\z/';
      if (! empty($fullname) && (! strcmp($fullname, $this->fullname) == 0)) {
         if (preg_match($skynet_fullnameRegex, $fullname)) {
            $this->fullname = $fullname;

            // Mark as dirty
            $this->dirty_flag = true;
         } else {
            return null;
         }
      }

      return $this->fullname;
   }

   /**
    * Set / Return the email address
    *
    * @param string $email String representing the email address
    *
    * @return string Returns the email address, or null if the supplied email
    *                address fails validation
    */
   public function email($email = '') {
      $skynet_emailRegex = '/^[a-zA-Z0-9_\-\.!#\$%&\*\+\/=\?\^\{\|\}~]{0,64}@[a-zA-Z0-9\-\.]{0,255}\z/';
      if (! empty($email) && (! strcmp($email, $this->email) == 0)) {
         if (preg_match($skynet_emailRegex, $email)) {
            $this->email = $email;

            // Mark as dirty
            $this->dirty_flag = true;
         } else {
            return null;
         }
      }

      return $this->email;
   }

   /**
    * Set / Return the admin flag
    *
    * @param boolean $adminflag Boolean value representing whether the user is
    *                           an administrator or not
    *
    * @return boolean Returns true if the user is an administrator or false if
    *                 the user is not an admin, or if the supplied value is not
    *                 a boolean
    */
   public function adminflag($adminflag = '') {
      if (! empty($adminflag) && ($this->adminflag != $adminflag)) {
         if (is_bool($adminflag)) {
            $this->adminflag = $adminflag;

            // Mark as dirty
            $this->dirty_flag = true;
         } else {
            return false;
         }
      }

      return $this->adminflag;
   }

   /**
    * Return the delete flag value
    *
    * @return boolean Returns true if this user is to be deleted, false if not
    */
   public function delete() {
      $this->deleteme = true;
   }

   /**
    * Updates the user password hash in the database
    */
   private function _update_password() {
      $this->sqlhdlr->table('users')
         ->where('id', $this->user_id)
         ->update(array('password' => $this->passwordHash));
   }

   /**
    * Deletes the user from the database if the deleteme flag is set
    */
   private function _delete() {
      // If the deleteme flag is set, delete the user
      if ($this->deleteme) {
         // Delete the entries, being careful to ensure it's
         // from the right user
         $this->sqlhdlr->table('users')
            ->where('id', $this->id)
            ->delete();
      }
   }

   /**
    * Serialize the User object
    */
   private function _serialize() {
      // username, fullname, password, admin flag
      // User ID of -1 indicates a new user
      if ($this->user_id == -1) {
         $this->sqlhdlr->table('users')
            ->insert(array(
               'username' => $this->username,
               'full_name' => $this->fullname,
               'email' => $this->email,
               'password' => $this->passwordHash,
               'admin' => $this->adminflag
            ));

         // Get the user_id
         $this->user_id = $this->sqlhdlr->insert_id;
      } else {
         $this->sqlhdlr->table('users')
            ->where('id', $this->user_id)
            ->update(array(
               'username' => $this->username,
               'full_name' => $this->fullname,
               'email' => $this->email,
               'admin' => $this->adminflag
            ));

         if ($this->pwd_dirty_flag) {
            $this->_update_password();
         }
      }
   }

   /**
    * Destructor
    */
   public function __destruct() {
      if ($this->deleteme) {
         $this->_delete();
         return;
      }

      if ($this->dirty_flag || $this->pwd_dirty_flag) {
         $this->_serialize();
      }
   }
}

?>