kurs-app/Model/UserModel.php
2025-07-04 11:12:24 +02:00

105 lines
2.9 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
namespace Blog\Model;
use Blog\Model\Database;
use PDOException;
use Random\RandomException;
class UserModel extends Database
{
/**
* @throws RandomException
*/
public function createUser($values){
$salt = bin2hex(random_bytes(16));
$hash = hash('sha256', $values["password"] . $salt);
$guid = $this->createUUID();
$pdo = $this->linkDB();
$sql = "INSERT INTO user (`id`, `name`,`vorname`,`email`,`passwort`,`salt`,`role`)
VALUES (:guid, :name, :firstname, :email, :password, :salt, :role)";
try {
$sth = $pdo->prepare($sql);
$sth->execute([
":guid" => $guid,
":name" => $values["lastname"],
":firstname" => $values["name"],
":email" => $values["email"],
":password" => $hash,
":salt" => $salt,
":role" => $values["role"]
]);
} catch (PDOException $e) {
new \Blog\Library\ErrorMsg("Fehler beim Schreiben der Daten.", $e);
die;
}
return true;
}
public function getUserByEmail($email){
$pdo = $this->linkDB();
$sql = "SELECT * FROM user WHERE email = :email";
$sth = $pdo->prepare($sql);
$sth->execute([":email" => $email]);
return $sth->fetch();
}
public function getUserById($id){
$pdo = $this->linkDB();
$sql = "SELECT * FROM user WHERE id = :id";
$sth = $pdo->prepare($sql);
$sth->execute([":id" => $id]);
return $sth->fetch();
}
public function deleteUser($id){
$pdo = $this->linkDB();
$sql = "DELETE FROM user WHERE id = :id";
$sth = $pdo->prepare($sql);
$sth->bindParam(":id", $id);
$sth->execute();
}
public function updateUserData($id, $values){
$pdo = $this->linkDB();
$fields = [];
$params = [':id' => $id];
if(!empty($values["password"])){
$salt = bin2hex(random_bytes(16));
$hash = hash('sha256', $values["password"] . $salt);
$fields["password"] = "´passwort´ = :password";
$fields["salt"] = "´salt´ = :salt";
$params[":password"] = $hash;
$params[":salt"] = $salt;
}
foreach (['name','vorname','email'] as $col) {
if (isset($values[$col])) {
$fields[] = "`{$col}` = :{$col}";
$params[":{$col}"] = $values[$col];
}
}
$sql = "UPDATE user
SET " . implode(", ", $fields) . "
where id = :id";
try {
$sth = $pdo->prepare($sql);
$sth->execute($params);
} catch (PDOException $e) {
new \Blog\Library\ErrorMsg("Fehler beim Aktualisieren der Daten.", $e);
die;
}
}
}