From a5a19fd672bc0b8113d620669b557f17dccd343a Mon Sep 17 00:00:00 2001 From: Christian Schneider Date: Thu, 26 Oct 2006 13:35:12 +0000 Subject: Moved itools to live branch --- user.class | 511 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 511 insertions(+) create mode 100644 user.class (limited to 'user.class') diff --git a/user.class b/user.class new file mode 100644 index 0000000..c0da429 --- /dev/null +++ b/user.class @@ -0,0 +1,511 @@ +it_db_record($table, $uid_field); + $this->session = new it_session; + $this->status = _IT_USER_STATUS_INVALID; + $this->uidcookiename = _IT_USER_UID_COOKIE; + + $this->uid_field = $uid_field; + $this->username_field = $username_field; + $this->password_field = $password_field; +} + + +/** + * Post processing, called by ITools after reading a database record + * @access private + */ +function _read_post_process() +{ + parent::_read_post_process(); + + /* If read succeeded, get UID. This is necessary because it's only set if a cookie is present (i.e. in web-context) */ + if (isset($this->data[$this->uid_field])) + $this->uid = $this->data[$this->uid_field]; + + /* Get username from database field */ + $this->username = $this->data[$this->username_field]; +} + + +function set_session_cookie_name($sessioncookiename) +{ + $this->sessioncookiename = $sessioncookiename; +} + + +function set_uid_cookie_name($uidcookiename) +{ + $this->uidcookiename = $uidcookiename; +} + + +function set_domain($domain) +{ + $this->domain = $domain; +} + + +function set_session_lifetime($lifetime) +{ + $this->lifetime = $lifetime; +} + + +function set_login_identifier($login_identifier) +{ + $this->login_identifier_required = true; + $this->login_identifier = $login_identifier; +} + + +function _init_session() +{ + if (!$this->sessioninitialized) + { + /* Using a non-standard values for session? */ + if ($this->sessioncookiename) + $this->session->set_cookiename($this->sessioncookiename); + + if (isset($this->domain)) + $this->session->set_domain($this->domain); + + if (isset($this->lifetime)) + $this->session->set_lifetime($this->lifetime); + + if (isset($this->secret)) + $this->session->set_secret($this->secret); + + $this->session->init(); + $this->sessioninitialized = true; + } +} + + +function get_status() +{ + if ($this->status == _IT_USER_STATUS_INVALID) + { + $this->_init_session(); + + if ($this->session->is_valid()) + { + $this->status = IT_USER_STATUS_SESSION; + $this->_set_uid($this->session->get_uid()); + $this->set_key_field($this->uid_field); + $this->read($this->uid); + + /* username == uid means we don't have a username yet */ + if ($this->username == $this->uid) + $this->username = ""; + } + else if (isset($_COOKIE[$this->uidcookiename]) && ($this->uid = substr($_COOKIE[$this->uidcookiename], 0, 32))) + { + $this->set_key_field($this->uid_field); + $this->read($this->uid); + + if ($this->username == $this->uid) + $this->username = ""; + + if ($this->username) + $this->status = IT_USER_STATUS_KNOWN; + else + $this->status = IT_USER_STATUS_ANONYMOUS; + } + else + { + $this->status = IT_USER_STATUS_UNKNOWN; + $this->username = ''; + + if ($this->uid_field) + $this->_set_uid($this->create_uid()); + } + } + + #debug("status $this->status"); + + return $this->status; +} + + +function get_username() +{ + return $this->username; +} + + +function get_uid() +{ + return $this->uid; +} + + +function _set_uid($uid) +{ + $this->uid = $uid; + + if (!isset($_COOKIE[$this->uidcookiename]) || ($_COOKIE[$this->uidcookiename] != $uid)) + { + @setcookie($this->uidcookiename, $uid, _IT_USER_UID_COOKIE_LIFETIME, "/", $this->domain); + $_COOKIE[$this->uidcookiename] = $uid; + } +} + + +/* Return session status of this user: Is she logged in? */ +function is_logged_in() +{ + return $this->status == IT_USER_STATUS_SESSION; +} + + +/* + * Try to log in user. Use get_status() to check result. + * NOTE: Must not be called AFTER get_status() has been used. + * @param $username User ID to login + * @param $password Password to authenticate login + * @param $ignorepassword True if you want to login anyway (e.g. 'su') + */ +function login($username, $password, $ignorepassword = false, $withsession = true) +{ + $result = false; + + $this->_init_session(); + $this->workrecord = new it_db_record($this->table, $this->username_field); + + #debug("username '$username'"); + if ($this->workrecord->read($username)) + { + #debug("password '$password', '" . $this->workrecord->data[$this->password_field] . "'"); + if ($ignorepassword || $this->check_password($password, $this->workrecord->data[$this->password_field])) + { + #debug("login_identifier '$this->login_identifier'"); + $this->session->set_uid($this->workrecord->data[$this->uid_field]); + if ($withsession) + $result = $this->session->set_valid(true, $this->login_identifier_required, $this->login_identifier); + else + $result = $_COOKIE[$this->uidcookiename] = $this->session->get_uid(); + } + #debug("result '$result'"); + } + + if ($result && ($this->session->get_uid() == $this->workrecord->data[$this->uid_field])) + $this->username = $this->workrecord->data[$this->username_field]; + + if ($result) + $this->status = _IT_USER_STATUS_INVALID; + else + $this->status = IT_USER_STATUS_FAILED; + + return $result; +} + + +/* + * Logout user. + * NOTE: Must not be called AFTER get_status() has been used. + */ +function logout() +{ + $this->_init_session(); + $this->session->set_valid(false); +} + + +/* + * Throw away all user information and restart from scratch... + */ +function purge() +{ + $this->status = _IT_USER_STATUS_INVALID; + $this->_set_uid($this->create_uid()); + $this->username = ""; + $this->session->purge(); +} + + +/* + * Create user database record. + * @param $tags Fields to set (uid and username are optional) + * @see it_db_record + */ +function create($tags) +{ + $result; + + /* Make sure UID is always set in database records */ + if ($this->uid_field) + { + if (!$this->uid) + $this->_set_uid($this->create_uid()); + + $tags[$this->uid_field] = $this->uid; + } + + /* Create dummy but unique username if none given */ + if (!$tags[$this->username_field] && !$this->data[$this->username_field]) + $tags[$this->username_field] = $this->uid; + + if ($result = it_db_record::create($tags)) + $this->_set_uid($this->data[$this->uid_field]); + + return $result; +} + + +/* + * Create unique identifier used for anonymously users, Override if you want + * different type of UIDs. + * Returns newly created uid + */ +function create_uid() +{ + return md5(uniqid(rand())); /* random garbage */ +} + + +/* + * Create a login identifier and set session to login identifier 'secret' value + * Returns a value to be put into the login