conn = $conn; } /** * Sync user from Authelia headers (create or update) * * @param string $username Username from Remote-User header * @param string $displayName Display name from Remote-Name header * @param string $email Email from Remote-Email header * @param string $groups Comma-separated groups from Remote-Groups header * @return array User data array */ public function syncUserFromAuthelia($username, $displayName = '', $email = '', $groups = '') { // Check cache first $cacheKey = "user_$username"; if (isset(self::$userCache[$cacheKey])) { return self::$userCache[$cacheKey]; } // Determine if user is admin based on groups $isAdmin = $this->checkAdminStatus($groups); // Try to find existing user $stmt = $this->conn->prepare("SELECT * FROM users WHERE username = ?"); $stmt->bind_param("s", $username); $stmt->execute(); $result = $stmt->get_result(); if ($result->num_rows > 0) { // Update existing user $user = $result->fetch_assoc(); $updateStmt = $this->conn->prepare( "UPDATE users SET display_name = ?, email = ?, groups = ?, is_admin = ?, last_login = NOW() WHERE username = ?" ); $updateStmt->bind_param("sssis", $displayName, $email, $groups, $isAdmin, $username); $updateStmt->execute(); $updateStmt->close(); // Refresh user data $user['display_name'] = $displayName; $user['email'] = $email; $user['groups'] = $groups; $user['is_admin'] = $isAdmin; } else { // Create new user $insertStmt = $this->conn->prepare( "INSERT INTO users (username, display_name, email, groups, is_admin, last_login) VALUES (?, ?, ?, ?, ?, NOW())" ); $insertStmt->bind_param("ssssi", $username, $displayName, $email, $groups, $isAdmin); $insertStmt->execute(); $userId = $this->conn->insert_id; $insertStmt->close(); // Get the newly created user $stmt = $this->conn->prepare("SELECT * FROM users WHERE user_id = ?"); $stmt->bind_param("i", $userId); $stmt->execute(); $result = $stmt->get_result(); $user = $result->fetch_assoc(); } $stmt->close(); // Cache user self::$userCache[$cacheKey] = $user; return $user; } /** * Get system user (for hwmonDaemon) * * @return array|null System user data or null if not found */ public function getSystemUser() { // Check cache first if (isset(self::$userCache['system'])) { return self::$userCache['system']; } $stmt = $this->conn->prepare("SELECT * FROM users WHERE username = 'system'"); $stmt->execute(); $result = $stmt->get_result(); if ($result->num_rows > 0) { $user = $result->fetch_assoc(); self::$userCache['system'] = $user; $stmt->close(); return $user; } $stmt->close(); return null; } /** * Get user by ID * * @param int $userId User ID * @return array|null User data or null if not found */ public function getUserById($userId) { // Check cache first $cacheKey = "user_id_$userId"; if (isset(self::$userCache[$cacheKey])) { return self::$userCache[$cacheKey]; } $stmt = $this->conn->prepare("SELECT * FROM users WHERE user_id = ?"); $stmt->bind_param("i", $userId); $stmt->execute(); $result = $stmt->get_result(); if ($result->num_rows > 0) { $user = $result->fetch_assoc(); self::$userCache[$cacheKey] = $user; $stmt->close(); return $user; } $stmt->close(); return null; } /** * Get user by username * * @param string $username Username * @return array|null User data or null if not found */ public function getUserByUsername($username) { // Check cache first $cacheKey = "user_$username"; if (isset(self::$userCache[$cacheKey])) { return self::$userCache[$cacheKey]; } $stmt = $this->conn->prepare("SELECT * FROM users WHERE username = ?"); $stmt->bind_param("s", $username); $stmt->execute(); $result = $stmt->get_result(); if ($result->num_rows > 0) { $user = $result->fetch_assoc(); self::$userCache[$cacheKey] = $user; $stmt->close(); return $user; } $stmt->close(); return null; } /** * Check if user has admin privileges based on groups * * @param string $groups Comma-separated group names * @return bool True if user is in admin group */ private function checkAdminStatus($groups) { if (empty($groups)) { return false; } // Split groups by comma and check for 'admin' group $groupArray = array_map('trim', explode(',', strtolower($groups))); return in_array('admin', $groupArray); } /** * Check if user is admin * * @param array $user User data array * @return bool True if user is admin */ public function isAdmin($user) { return isset($user['is_admin']) && $user['is_admin'] == 1; } /** * Check if user has required group membership * * @param array $user User data array * @param array $requiredGroups Array of required group names * @return bool True if user is in at least one required group */ public function hasGroupAccess($user, $requiredGroups = ['admin', 'employee']) { if (empty($user['groups'])) { return false; } $userGroups = array_map('trim', explode(',', strtolower($user['groups']))); $requiredGroups = array_map('strtolower', $requiredGroups); return !empty(array_intersect($userGroups, $requiredGroups)); } /** * Get all users (for admin panel) * * @return array Array of user records */ public function getAllUsers() { $stmt = $this->conn->prepare("SELECT * FROM users ORDER BY created_at DESC"); $stmt->execute(); $result = $stmt->get_result(); $users = []; while ($row = $result->fetch_assoc()) { $users[] = $row; } $stmt->close(); return $users; } }