 Server : Apache/2 System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64 User : gositeme ( 1004) PHP Version : 8.2.29 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory : /home/gositeme/domains/lavocat.quebec/private_html/php-migration/auth/ |
<?php
/**
* Authentication System
* Migrated from NextAuth.js
*/
require_once __DIR__ . '/../config/config.php';
require_once __DIR__ . '/../models/User.php';
require_once __DIR__ . '/../config/database.php';
class Auth {
private $db;
private $user;
public function __construct() {
$database = new Database();
$this->db = $database->getConnection();
$this->user = new User($this->db);
}
// Register new user
public function register($email, $password, $name, $role = 'USER') {
// Check if user already exists
if ($this->user->findByEmail($email)) {
return [
'success' => false,
'message' => 'User already exists with this email'
];
}
// Validate email
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
return [
'success' => false,
'message' => 'Invalid email format'
];
}
// Validate password
if (strlen($password) < 8) {
return [
'success' => false,
'message' => 'Password must be at least 8 characters long'
];
}
// Set user properties
$this->user->email = $email;
$this->user->password = $password;
$this->user->name = $name;
$this->user->role = $role;
$this->user->username = $this->generateUsername($name);
$this->user->language = DEFAULT_LANGUAGE;
$this->user->theme = 'light';
$this->user->isProfilePublic = false;
$this->user->isVerified = false;
$this->user->isActive = true;
$this->user->status = 'ACTIVE';
$this->user->totalCases = 0;
$this->user->wonCases = 0;
$this->user->lostCases = 0;
$this->user->xpPoints = 0;
$this->user->level = 1;
$this->user->currentStreak = 0;
$this->user->totalBadges = 0;
$this->user->reviewsWritten = 0;
$this->user->forumPosts = 0;
$this->user->helpedOthers = 0;
$this->user->totalEndorsements = 0;
$this->user->profileViews = 0;
$this->user->observationHours = 0;
$this->user->reformProposals = 0;
$this->user->wisdomScore = 0;
$this->user->civicEngagement = 0;
$this->user->accountBalance = 0.0;
$this->user->isPaymentVerified = false;
$this->user->donationTotal = 0.0;
$this->user->notifications = true;
// Create user
if ($this->user->create()) {
return [
'success' => true,
'message' => 'User registered successfully',
'user' => [
'id' => $this->user->id,
'email' => $this->user->email,
'name' => $this->user->name,
'role' => $this->user->role
]
];
} else {
return [
'success' => false,
'message' => 'Failed to create user'
];
}
}
// Login user
public function login($email, $password) {
if ($this->user->findByEmail($email)) {
if ($this->user->verifyPassword($password)) {
if (!$this->user->isActive) {
return [
'success' => false,
'message' => 'Account is deactivated'
];
}
// Update last active
$this->user->lastActive = date('Y-m-d H:i:s');
$this->user->update();
// Create session
$this->createSession($this->user->id);
return [
'success' => true,
'message' => 'Login successful',
'user' => [
'id' => $this->user->id,
'email' => $this->user->email,
'name' => $this->user->name,
'role' => $this->user->role,
'isVerified' => $this->user->isVerified,
'language' => $this->user->language,
'theme' => $this->user->theme
]
];
} else {
return [
'success' => false,
'message' => 'Invalid password'
];
}
} else {
return [
'success' => false,
'message' => 'User not found'
];
}
}
// Logout user
public function logout() {
if (isset($_SESSION['user_id'])) {
$this->destroySession($_SESSION['user_id']);
unset($_SESSION['user_id']);
unset($_SESSION['user_email']);
unset($_SESSION['user_name']);
unset($_SESSION['user_role']);
}
session_destroy();
return true;
}
// Check if user is logged in
public function isLoggedIn() {
return isset($_SESSION['user_id']) && !empty($_SESSION['user_id']);
}
// Get current user
public function getCurrentUser() {
if ($this->isLoggedIn()) {
if ($this->user->findById($_SESSION['user_id'])) {
return [
'id' => $this->user->id,
'email' => $this->user->email,
'name' => $this->user->name,
'role' => $this->user->role,
'isVerified' => $this->user->isVerified,
'language' => $this->user->language,
'theme' => $this->user->theme,
'profilePicture' => $this->user->profilePicture,
'specialization' => $this->user->specialization,
'barNumber' => $this->user->barNumber
];
}
}
return null;
}
// Check if user has specific role
public function hasRole($role) {
$user = $this->getCurrentUser();
return $user && $user['role'] === $role;
}
// Check if user is admin
public function isAdmin() {
return $this->hasRole('ADMIN') || $this->hasRole('SUPER_ADMIN');
}
// Check if user is lawyer
public function isLawyer() {
return $this->hasRole('LAWYER') || $this->hasRole('ADMIN') || $this->hasRole('SUPER_ADMIN');
}
// Create session
private function createSession($userId) {
$_SESSION['user_id'] = $userId;
$_SESSION['user_email'] = $this->user->email;
$_SESSION['user_name'] = $this->user->name;
$_SESSION['user_role'] = $this->user->role;
$_SESSION['login_time'] = time();
}
// Destroy session
private function destroySession($userId) {
// Remove session from database if needed
// For now, just clear PHP session
return true;
}
// Generate username from name
private function generateUsername($name) {
$username = strtolower(preg_replace('/[^a-zA-Z0-9]/', '', $name));
$originalUsername = $username;
$counter = 1;
// Check if username exists and add number if needed
while ($this->usernameExists($username)) {
$username = $originalUsername . $counter;
$counter++;
}
return $username;
}
// Check if username exists
private function usernameExists($username) {
$query = "SELECT id FROM User WHERE username = :username LIMIT 1";
$stmt = $this->db->prepare($query);
$stmt->bindParam(':username', $username);
$stmt->execute();
return $stmt->rowCount() > 0;
}
// Reset password request
public function requestPasswordReset($email) {
if ($this->user->findByEmail($email)) {
$token = bin2hex(random_bytes(32));
$expiry = date('Y-m-d H:i:s', strtotime('+1 hour'));
$this->user->resetPasswordToken = $token;
$this->user->resetPasswordTokenExpiry = $expiry;
$this->user->update();
// Send email with reset link
$resetLink = APP_URL . "/reset-password.php?token=" . $token;
// TODO: Implement email sending
return [
'success' => true,
'message' => 'Password reset email sent',
'resetLink' => $resetLink // For testing purposes
];
} else {
return [
'success' => false,
'message' => 'User not found'
];
}
}
// Reset password with token
public function resetPassword($token, $newPassword) {
$query = "SELECT id FROM User WHERE resetPasswordToken = :token AND resetPasswordTokenExpiry > NOW() LIMIT 1";
$stmt = $this->db->prepare($query);
$stmt->bindParam(':token', $token);
$stmt->execute();
if ($stmt->rowCount() > 0) {
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$userId = $row['id'];
if ($this->user->findById($userId)) {
$this->user->password = $newPassword;
$this->user->resetPasswordToken = null;
$this->user->resetPasswordTokenExpiry = null;
$this->user->updatedAt = date('Y-m-d H:i:s');
if ($this->user->update()) {
return [
'success' => true,
'message' => 'Password reset successfully'
];
}
}
}
return [
'success' => false,
'message' => 'Invalid or expired reset token'
];
}
// Change password
public function changePassword($currentPassword, $newPassword) {
$user = $this->getCurrentUser();
if (!$user) {
return [
'success' => false,
'message' => 'User not logged in'
];
}
if ($this->user->findById($user['id'])) {
if ($this->user->verifyPassword($currentPassword)) {
$this->user->password = $newPassword;
$this->user->updatedAt = date('Y-m-d H:i:s');
if ($this->user->update()) {
return [
'success' => true,
'message' => 'Password changed successfully'
];
}
} else {
return [
'success' => false,
'message' => 'Current password is incorrect'
];
}
}
return [
'success' => false,
'message' => 'Failed to change password'
];
}
// Verify user account
public function verifyUser($userId) {
if ($this->user->findById($userId)) {
$this->user->isVerified = true;
$this->user->updatedAt = date('Y-m-d H:i:s');
if ($this->user->update()) {
return [
'success' => true,
'message' => 'User verified successfully'
];
}
}
return [
'success' => false,
'message' => 'Failed to verify user'
];
}
}
?>