From 2098bf444afadcf0363d89b4cc1dca5d2213d754 Mon Sep 17 00:00:00 2001
From: cflip <36554078+cflip@users.noreply.github.com>
Date: Sat, 24 Apr 2021 19:40:50 -0600
Subject: Remove all uses of db_inc.php

This method of importing the database login every time wasn't very good.
Now everything uses the new Database singleton class.
---
 includes/functions_user.php | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 includes/functions_user.php

(limited to 'includes/functions_user.php')

diff --git a/includes/functions_user.php b/includes/functions_user.php
new file mode 100644
index 0000000..b2069a2
--- /dev/null
+++ b/includes/functions_user.php
@@ -0,0 +1,21 @@
+<?php
+
+function username_exists(string $username): bool
+{
+	$sql = "SELECT * FROM users WHERE user_name = ?;";
+	$result = Database::get()->query($sql, "s", $username);
+
+	return !empty($result);
+}
+
+function register_user(string $username, string $pass_hash)
+{
+	$sql = "INSERT INTO users(user_name, user_pass, user_date) VALUES(?, ?, NOW());";
+	Database::get()->query($sql, "ss", $username, $pass_hash);
+}
+
+function change_password(User $user, string $pass_hash)
+{
+	$sql = "UPDATE users SET user_pass = ? WHERE user_id = ?;";
+	Database::get()->query($sql, "si", $pass_hash, $user->id);
+}
\ No newline at end of file
-- 
cgit v1.2.3


From 5c3d6b49d5db5bb3504191933dd171b54219c2b3 Mon Sep 17 00:00:00 2001
From: cflip <36554078+cflip@users.noreply.github.com>
Date: Sun, 25 Apr 2021 17:50:21 -0600
Subject: Add some extra checks before changing a password

---
 includes/functions_user.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'includes/functions_user.php')

diff --git a/includes/functions_user.php b/includes/functions_user.php
index b2069a2..4ea1ad1 100644
--- a/includes/functions_user.php
+++ b/includes/functions_user.php
@@ -16,6 +16,16 @@ function register_user(string $username, string $pass_hash)
 
 function change_password(User $user, string $pass_hash)
 {
+	if (!Session::get()->is_signed_in()) {
+		trigger_error('You are not signed in.');
+		return;
+	}
+
+	if (Session::get()->get_current_user()->id != $user->id) {
+		trigger_error("You can't change another user's password.");
+		return;
+	}
+
 	$sql = "UPDATE users SET user_pass = ? WHERE user_id = ?;";
 	Database::get()->query($sql, "si", $pass_hash, $user->id);
 }
\ No newline at end of file
-- 
cgit v1.2.3


From a09d9f377f5c055e42e5f21b5cdea64c2e2ca896 Mon Sep 17 00:00:00 2001
From: cflip <36554078+cflip@users.noreply.github.com>
Date: Sat, 8 May 2021 17:28:53 -0600
Subject: Default user level

---
 includes/functions_user.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'includes/functions_user.php')

diff --git a/includes/functions_user.php b/includes/functions_user.php
index 4ea1ad1..690350a 100644
--- a/includes/functions_user.php
+++ b/includes/functions_user.php
@@ -10,7 +10,7 @@ function username_exists(string $username): bool
 
 function register_user(string $username, string $pass_hash)
 {
-	$sql = "INSERT INTO users(user_name, user_pass, user_date) VALUES(?, ?, NOW());";
+	$sql = "INSERT INTO users(user_name, user_pass, user_date, user_level) VALUES(?, ?, NOW(), 0);";
 	Database::get()->query($sql, "ss", $username, $pass_hash);
 }
 
-- 
cgit v1.2.3