File admin\model\user\user.php

1:	<?php
2:	namespace Opencart\Admin\Model\User;
3:	/**
4:	* Class User
5:	*
6:	* @package Opencart\Admin\Model\User
7:	*/
8:	class User extends \Opencart\System\Engine\Model {
9:	/**
10:	* Add User
11:	*
12:	* @param array<string, mixed> $data
13:	*
14:	* @return int
15:	*/
16:	public function addUser(array $data): int {
17:	$this->db->query("INSERT INTO `" . DB_PREFIX . "user` SET `username` = '" . $this->db->escape((string)$data['username']) . "', `user_group_id` = '" . (int)$data['user_group_id'] . "', `password` = '" . $this->db->escape(password_hash(html_entity_decode($data['password'], ENT_QUOTES, 'UTF-8'), PASSWORD_DEFAULT)) . "', `firstname` = '" . $this->db->escape((string)$data['firstname']) . "', `lastname` = '" . $this->db->escape((string)$data['lastname']) . "', `email` = '" . $this->db->escape((string)$data['email']) . "', `image` = '" . $this->db->escape((string)$data['image']) . "', `status` = '" . (bool)($data['status'] ?? 0) . "', `date_added` = NOW()");
18:
19:	return $this->db->getLastId();
20:	}
21:
22:	/**
23:	* Edit User
24:	*
25:	* @param int $user_id
26:	* @param array<string, mixed> $data
27:	*
28:	* @return void
29:	*/
30:	public function editUser(int $user_id, array $data): void {
31:	$this->db->query("UPDATE `" . DB_PREFIX . "user` SET `username` = '" . $this->db->escape((string)$data['username']) . "', `user_group_id` = '" . (int)$data['user_group_id'] . "', `firstname` = '" . $this->db->escape((string)$data['firstname']) . "', `lastname` = '" . $this->db->escape((string)$data['lastname']) . "', `email` = '" . $this->db->escape((string)$data['email']) . "', `image` = '" . $this->db->escape((string)$data['image']) . "', `status` = '" . (bool)($data['status'] ?? 0) . "' WHERE `user_id` = '" . (int)$user_id . "'");
32:
33:	if ($data['password']) {
34:	$this->db->query("UPDATE `" . DB_PREFIX . "user` SET `password` = '" . $this->db->escape(password_hash(html_entity_decode($data['password'], ENT_QUOTES, 'UTF-8'), PASSWORD_DEFAULT)) . "' WHERE `user_id` = '" . (int)$user_id . "'");
35:	}
36:	}
37:
38:	/**
39:	* Edit Password
40:	*
41:	* @param int $user_id
42:	* @param string $password
43:	*
44:	* @return void
45:	*/
46:	public function editPassword(int $user_id, $password): void {
47:	$this->db->query("UPDATE `" . DB_PREFIX . "user` SET `password` = '" . $this->db->escape(password_hash(html_entity_decode($password, ENT_QUOTES, 'UTF-8'), PASSWORD_DEFAULT)) . "', `code` = '' WHERE `user_id` = '" . (int)$user_id . "'");
48:	}
49:
50:	/**
51:	* Edit Code
52:	*
53:	* @param string $email
54:	* @param string $code
55:	*
56:	* @return void
57:	*/
58:	public function editCode(string $email, string $code): void {
59:	$this->db->query("UPDATE `" . DB_PREFIX . "user` SET `code` = '" . $this->db->escape($code) . "' WHERE LCASE(`email`) = '" . $this->db->escape(oc_strtolower($email)) . "'");
60:	}
61:
62:	/**
63:	* Delete User
64:	*
65:	* @param int $user_id
66:	*
67:	* @return void
68:	*/
69:	public function deleteUser(int $user_id): void {
70:	$this->db->query("DELETE FROM `" . DB_PREFIX . "user` WHERE `user_id` = '" . (int)$user_id . "'");
71:
72:	$this->deleteAuthorizes($user_id);
73:	$this->deleteLogins($user_id);
74:	}
75:
76:	/**
77:	* Get User
78:	*
79:	* @param int $user_id
80:	*
81:	* @return array<string, mixed>
82:	*/
83:	public function getUser(int $user_id): array {
84:	$query = $this->db->query("SELECT *, (SELECT ug.`name` FROM `" . DB_PREFIX . "user_group` ug WHERE ug.`user_group_id` = u.`user_group_id`) AS user_group FROM `" . DB_PREFIX . "user` u WHERE u.`user_id` = '" . (int)$user_id . "'");
85:
86:	return $query->row;
87:	}
88:
89:	/**
90:	* Get User By Username
91:	*
92:	* @param string $username
93:	*
94:	* @return array<string, mixed>
95:	*/
96:	public function getUserByUsername(string $username): array {
97:	$query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "user` WHERE `username` = '" . $this->db->escape($username) . "'");
98:
99:	return $query->row;
100:	}
101:
102:	/**
103:	* Get User By Email
104:	*
105:	* @param string $email
106:	*
107:	* @return array<string, mixed>
108:	*/
109:	public function getUserByEmail(string $email): array {
110:	$query = $this->db->query("SELECT DISTINCT * FROM `" . DB_PREFIX . "user` WHERE LCASE(`email`) = '" . $this->db->escape(oc_strtolower($email)) . "'");
111:
112:	return $query->row;
113:	}
114:
115:	/**
116:	* Get User By Code
117:	*
118:	* @param string $code
119:	*
120:	* @return array<string, mixed>
121:	*/
122:	public function getUserByCode(string $code): array {
123:	$query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "user` WHERE `code` = '" . $this->db->escape($code) . "' AND `code` != ''");
124:
125:	return $query->row;
126:	}
127:
128:	/**
129:	* Get Users
130:	*
131:	* @param array<string, mixed> $data
132:	*
133:	* @return array<int, array<string, mixed>>
134:	*/
135:	public function getUsers(array $data = []): array {
136:	$sql = "SELECT *, CONCAT(`u`.`firstname`, ' ', `u`.`lastname`) AS `name`, (SELECT `ug`.`name` FROM `" . DB_PREFIX . "user_group` `ug` WHERE `ug`.`user_group_id` = `u`.`user_group_id`) AS user_group FROM `" . DB_PREFIX . "user` `u`";
137:
138:	$implode = [];
139:
140:	if (!empty($data['filter_username'])) {
141:	$implode[] = "LCASE(`u`.`username`) LIKE '" . $this->db->escape(oc_strtolower($data['filter_username']) . '%') . "'";
142:	}
143:
144:	if (!empty($data['filter_name'])) {
145:	$implode[] = "LCASE(CONCAT(`u`.`firstname`, ' ', `u`.`lastname`)) LIKE '" . $this->db->escape('%' . oc_strtolower($data['filter_name']) . '%') . "'";
146:	}
147:
148:	if (!empty($data['filter_email'])) {
149:	$implode[] = "LCASE(`u`.`email`) LIKE '" . $this->db->escape(oc_strtolower($data['filter_email']) . '%') . "'";
150:	}
151:
152:	if (!empty($data['filter_user_group_id'])) {
153:	$implode[] = "`u`.`user_group_id` = '" . (int)$data['filter_user_group_id'] . "'";
154:	}
155:
156:	if (!empty($data['filter_ip'])) {
157:	$implode[] = "`u`.`user_id` IN (SELECT `user_id` FROM `" . DB_PREFIX . "user_login` WHERE `ip` LIKE '" . $this->db->escape('%' . oc_strtolower($data['filter_ip']) . '%') . "')";
158:	}
159:
160:	if (isset($data['filter_status']) && $data['filter_status'] !== '') {
161:	$implode[] = "`u`.`status` = '" . (int)$data['filter_status'] . "'";
162:	}
163:
164:	if ($implode) {
165:	$sql .= " WHERE " . implode(" AND ", $implode);
166:	}
167:
168:	$sort_data = [
169:	'username',
170:	'name',
171:	'u.email',
172:	'user_group',
173:	'status',
174:	'ip',
175:	'u.date_added'
176:	];
177:
178:	if (isset($data['sort']) && in_array($data['sort'], $sort_data)) {
179:	$sql .= " ORDER BY " . $data['sort'];
180:	} else {
181:	$sql .= " ORDER BY `username`";
182:	}
183:
184:	if (isset($data['order']) && ($data['order'] == 'DESC')) {
185:	$sql .= " DESC";
186:	} else {
187:	$sql .= " ASC";
188:	}
189:
190:	if (isset($data['start']) \|\| isset($data['limit'])) {
191:	if ($data['start'] < 0) {
192:	$data['start'] = 0;
193:	}
194:
195:	if ($data['limit'] < 1) {
196:	$data['limit'] = 20;
197:	}
198:
199:	$sql .= " LIMIT " . (int)$data['start'] . "," . (int)$data['limit'];
200:	}
201:
202:	$query = $this->db->query($sql);
203:
204:	return $query->rows;
205:	}
206:
207:	/**
208:	* Get Total Users
209:	*
210:	* @param array<string, mixed> $data
211:	*
212:	* @return int
213:	*/
214:	public function getTotalUsers(array $data = []): int {
215:	$sql = "SELECT COUNT(*) AS `total` FROM `" . DB_PREFIX . "user` `u` ";
216:
217:	$implode = [];
218:
219:	if (!empty($data['filter_username'])) {
220:	$implode[] = "LCASE(`u`.`username`) LIKE '" . $this->db->escape(oc_strtolower($data['filter_username']) . '%') . "'";
221:	}
222:
223:	if (!empty($data['filter_name'])) {
224:	$implode[] = "LCASE(CONCAT(`u`.`firstname`, ' ', `u`.`lastname`)) LIKE '" . $this->db->escape('%' . oc_strtolower($data['filter_name']) . '%') . "'";
225:	}
226:
227:	if (!empty($data['filter_email'])) {
228:	$implode[] = "LCASE(`u`.`email`) LIKE '" . $this->db->escape(oc_strtolower($data['filter_email']) . '%') . "'";
229:	}
230:
231:	if (!empty($data['filter_user_group_id'])) {
232:	$implode[] = "`u`.`user_group_id` = '" . (int)$data['filter_user_group_id'] . "'";
233:	}
234:
235:	if (!empty($data['filter_ip'])) {
236:	$implode[] = "`u`.`user_id` IN (SELECT `user_id` FROM `" . DB_PREFIX . "user_login` WHERE `ip` LIKE '" . $this->db->escape('%' . oc_strtolower($data['filter_ip']) . '%') . "')";
237:	}
238:
239:	if (isset($data['filter_status']) && $data['filter_status'] !== '') {
240:	$implode[] = "`u`.`status` = '" . (int)$data['filter_status'] . "'";
241:	}
242:
243:	if ($implode) {
244:	$sql .= " WHERE " . implode(" AND ", $implode);
245:	}
246:
247:	$query = $this->db->query($sql);
248:
249:	return (int)$query->row['total'];
250:	}
251:
252:	/**
253:	* Get Total Users By Group ID
254:	*
255:	* @param int $user_group_id
256:	*
257:	* @return int
258:	*/
259:	public function getTotalUsersByGroupId(int $user_group_id): int {
260:	$query = $this->db->query("SELECT COUNT(*) AS `total` FROM `" . DB_PREFIX . "user` WHERE `user_group_id` = '" . (int)$user_group_id . "'");
261:
262:	return (int)$query->row['total'];
263:	}
264:
265:	/**
266:	* Get Total Users By Email
267:	*
268:	* @param string $email
269:	*
270:	* @return int
271:	*/
272:	public function getTotalUsersByEmail(string $email): int {
273:	$query = $this->db->query("SELECT COUNT(*) AS `total` FROM `" . DB_PREFIX . "user` WHERE LCASE(`email`) = '" . $this->db->escape(oc_strtolower($email)) . "'");
274:
275:	return (int)$query->row['total'];
276:	}
277:
278:	/**
279:	* Add Login
280:	*
281:	* @param int $user_id
282:	* @param array<string, mixed> $data
283:	*
284:	* @return void
285:	*/
286:	public function addLogin(int $user_id, array $data): void {
287:	$this->db->query("INSERT INTO `" . DB_PREFIX . "user_login` SET `user_id` = '" . (int)$user_id . "', `ip` = '" . $this->db->escape($data['ip']) . "', `user_agent` = '" . $this->db->escape($data['user_agent']) . "', `date_added` = NOW()");
288:	}
289:
290:	/**
291:	* Delete User Logins
292:	*
293:	* @param int $user_id
294:	*
295:	* @return void
296:	*/
297:	public function deleteLogins(int $user_id): void {
298:	$this->db->query("DELETE FROM `" . DB_PREFIX . "user_login` WHERE `user_id` = '" . (int)$user_id . "'");
299:	}
300:
301:	/**
302:	* Get Logins
303:	*
304:	* @param int $user_id
305:	* @param int $start
306:	* @param int $limit
307:	*
308:	* @return array<int, array<string, mixed>>
309:	*/
310:	public function getLogins(int $user_id, int $start = 0, int $limit = 10): array {
311:	if ($start < 0) {
312:	$start = 0;
313:	}
314:
315:	if ($limit < 1) {
316:	$limit = 10;
317:	}
318:
319:	$query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "user_login` WHERE `user_id` = '" . (int)$user_id . "' LIMIT " . (int)$start . "," . (int)$limit);
320:
321:	if ($query->num_rows) {
322:	return $query->rows;
323:	} else {
324:	return [];
325:	}
326:	}
327:
328:	/**
329:	* Get Total Logins
330:	*
331:	* @param int $user_id
332:	*
333:	* @return int
334:	*/
335:	public function getTotalLogins(int $user_id): int {
336:	$query = $this->db->query("SELECT COUNT(*) AS `total` FROM `" . DB_PREFIX . "user_login` WHERE `user_id` = '" . (int)$user_id . "'");
337:
338:	if ($query->num_rows) {
339:	return (int)$query->row['total'];
340:	} else {
341:	return 0;
342:	}
343:	}
344:
345:	/**
346:	* Add Authorize
347:	*
348:	* @param int $user_id
349:	* @param array<string, mixed> $data
350:	*
351:	* @return void
352:	*/
353:	public function addAuthorize(int $user_id, array $data): void {
354:	$this->db->query("INSERT INTO `" . DB_PREFIX . "user_authorize` SET `user_id` = '" . (int)$user_id . "', `token` = '" . $this->db->escape($data['token']) . "', `ip` = '" . $this->db->escape($data['ip']) . "', `user_agent` = '" . $this->db->escape($data['user_agent']) . "', `date_added` = NOW()");
355:	}
356:
357:	/**
358:	* Edit Authorize Status
359:	*
360:	* @param int $user_authorize_id
361:	* @param bool $status
362:	*
363:	* @return void
364:	*/
365:	public function editAuthorizeStatus(int $user_authorize_id, bool $status): void {
366:	$this->db->query("UPDATE `" . DB_PREFIX . "user_authorize` SET `status` = '" . (bool)$status . "' WHERE `user_authorize_id` = '" . (int)$user_authorize_id . "'");
367:	}
368:
369:	/**
370:	* Edit Authorize Total
371:	*
372:	* @param int $user_authorize_id
373:	* @param int $total
374:	*
375:	* @return void
376:	*/
377:	public function editAuthorizeTotal(int $user_authorize_id, int $total): void {
378:	$this->db->query("UPDATE `" . DB_PREFIX . "user_authorize` SET `total` = '" . (int)$total . "' WHERE `user_authorize_id` = '" . (int)$user_authorize_id . "'");
379:	}
380:
381:	/**
382:	* Reset User Authorizes
383:	*
384:	* @param int $user_id
385:	* @param int $total
386:	*
387:	* @return void
388:	*/
389:	public function editAuthorizeTotalByUserId(int $user_id, int $total): void {
390:	$this->db->query("UPDATE `" . DB_PREFIX . "user_authorize` SET `total` = '" . (int)$total . "' WHERE `user_id` = '" . (int)$user_id . "'");
391:	}
392:
393:	/**
394:	* Delete User Authorizes
395:	*
396:	* @param int $user_id
397:	* @param int $user_authorize_id
398:	*
399:	* @return void
400:	*/
401:	public function deleteAuthorizes(int $user_id, int $user_authorize_id = 0): void {
402:	$sql = "DELETE FROM `" . DB_PREFIX . "user_authorize` WHERE `user_id` = '" . (int)$user_id . "'";
403:
404:	if ($user_authorize_id) {
405:	$sql .= " AND `user_authorize_id` = '" . (int)$user_authorize_id . "'";
406:	}
407:
408:	$this->db->query($sql);
409:	}
410:
411:	/**
412:	* Get Authorize
413:	*
414:	* @param int $user_authorize_id
415:	*
416:	* @return array<string, mixed>
417:	*/
418:	public function getAuthorize(int $user_authorize_id): array {
419:	$query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "user_authorize` WHERE `user_authorize_id` = '" . (int)$user_authorize_id . "'");
420:
421:	return $query->row;
422:	}
423:
424:	/**
425:	* Get Authorize By Token
426:	*
427:	* @param int $user_id
428:	* @param string $token
429:	*
430:	* @return array<string, mixed>
431:	*/
432:	public function getAuthorizeByToken(int $user_id, string $token): array {
433:	$query = $this->db->query("SELECT *, (SELECT SUM(`total`) FROM `" . DB_PREFIX . "user_authorize` WHERE `user_id` = '" . (int)$user_id . "') AS `attempts` FROM `" . DB_PREFIX . "user_authorize` WHERE `user_id` = '" . (int)$user_id . "' AND `token` = '" . $this->db->escape($token) . "'");
434:
435:	return $query->row;
436:	}
437:
438:	/**
439:	* Get Authorizes
440:	*
441:	* @param int $user_id
442:	* @param int $start
443:	* @param int $limit
444:	*
445:	* @return array<int, array<string, mixed>>
446:	*/
447:	public function getAuthorizes(int $user_id, int $start = 0, int $limit = 10): array {
448:	if ($start < 0) {
449:	$start = 0;
450:	}
451:
452:	if ($limit < 1) {
453:	$limit = 10;
454:	}
455:
456:	$query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "user_authorize` WHERE `user_id` = '" . (int)$user_id . "' LIMIT " . (int)$start . "," . (int)$limit);
457:
458:	if ($query->num_rows) {
459:	return $query->rows;
460:	} else {
461:	return [];
462:	}
463:	}
464:
465:	/**
466:	* Get Total Authorizes
467:	*
468:	* @param int $user_id
469:	*
470:	* @return int
471:	*/
472:	public function getTotalAuthorizes(int $user_id): int {
473:	$query = $this->db->query("SELECT COUNT(*) AS `total` FROM `" . DB_PREFIX . "user_authorize` WHERE `user_id` = '" . (int)$user_id . "'");
474:
475:	if ($query->num_rows) {
476:	return (int)$query->row['total'];
477:	} else {
478:	return 0;
479:	}
480:	}
481:	}
482:

Namespaces

Classes