diff options
Diffstat (limited to 'it_user.class')
| -rw-r--r-- | it_user.class | 155 |
1 files changed, 74 insertions, 81 deletions
diff --git a/it_user.class b/it_user.class index e66fc78..4bafc85 100644 --- a/it_user.class +++ b/it_user.class @@ -2,15 +2,23 @@ /* ** $Id$ ** -** it_user.class - User management and authentication +** Copyright (C) 1995-2007 by the ITools Authors. +** This file is part of ITools - the Internet Tools Library +** +** ITools is free software; you can redistribute it and/or modify +** it under the terms of the GNU General Public License as published by +** the Free Software Foundation; either version 3 of the License, or +** (at your option) any later version. ** -** ITools - the Internet Tools Library +** ITools is distributed in the hope that it will be useful, +** but WITHOUT ANY WARRANTY; without even the implied warranty of +** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +** GNU General Public License for more details. ** -** Copyright (C) 1995-2003 by the ITools Authors. -** This program is free software; you can redistribute it and/or -** modify it under the terms of either the GNU General Public License -** or the GNU Lesser General Public License, as published by the Free -** Software Foundation. See http://www.gnu.org/licenses/ for details. +** You should have received a copy of the GNU General Public License +** along with this program. If not, see <http://www.gnu.org/licenses/>. +** +** it_user.class - User management and authentication */ /* PUBLIC and guaranteed to stay in same order (but not value) forever */ @@ -25,49 +33,50 @@ define('_IT_USER_UID_COOKIE', 'UID'); define('_IT_USER_UID_COOKIE_LIFETIME', 0x7FFFFFFF); /* Forever :-) */ define('_IT_USER_STATUS_INVALID', 0); /* INTERNAL: Not yet evaluated */ -class it_user extends it_db_record +class it_user extends it_dbi { /* PRIVATE */ - var $status; /* Current status */ - var $session; /* Currently active session */ - var $sessioninitialized = false; /* Session already initialized? */ - - var $sessioncookiename; /* Name of cookie used to store session */ - var $uidcookiename; /* Name of cookie used to store UID */ - - var $uid_field; /* Anonymous UID field in user database */ - var $username_field; /* Username field in user database */ - var $password_field; /* Password field in user database */ + var $status; # Current status (IT_USER_STATUS_...) + var $session; # Session object + var $sessioninitialized = false; var $login_identifier_required = false; var $login_identifier; var $domain; var $lifetime; var $secret; - var $urlauthenticationcode = 'uac'; /* Name of UAC url parameter */ + var $urlauthenticationcode = 'uac'; # Name of UAC url parameter var $uid; var $username; /* * Used by login(), contains unvalidated user data to give overloading - * functions way of accessing it. + * functions a way of accessing it. */ var $workrecord; -/* Constructor */ -function it_user($table, $username_field = "username", $password_field = "password", $uid_field = "") +/** + * Constructor + * @param $p array(key => value) of configuration data + */ +function it_user($p) { - /* Default to uid being primary key, may change later */ - $this->it_db_record($table, $uid_field); + $this->p = $p + array( + 'uid_field' => 'ID', + 'table' => 'T_Users', + 'username_field' => 'Username', + 'password_field' => 'Password', + 'uidcookiename' => _IT_USER_UID_COOKIE, + 'sessioncookiename' => null + ); + + # Default to uid being primary key, may change later + $this->it_dbi(array('table' => $this->p['table'], 'keyfield' => $this->p['uid_field'])); + $this->session = new it_session; $this->status = _IT_USER_STATUS_INVALID; - $this->uidcookiename = _IT_USER_UID_COOKIE; - - $this->uid_field = $uid_field; - $this->username_field = $username_field; - $this->password_field = $password_field; } @@ -79,24 +88,24 @@ function _read_post_process() { parent::_read_post_process(); - /* If read succeeded, get UID. This is necessary because it's only set if a cookie is present (i.e. in web-context) */ - if (isset($this->data[$this->uid_field])) - $this->uid = $this->data[$this->uid_field]; + # If read succeeded, get UID. This is necessary because it's only set if a cookie is present (i.e. in web-context) + if (isset($this->{$this->p['uid_field']})) + $this->uid = $this->{$this->p['uid_field']}; - /* Get username from database field */ - $this->username = $this->data[$this->username_field]; + # Get username from database field (shortcut) + $this->username = $this->{$this->p['username_field']}; } function set_session_cookie_name($sessioncookiename) { - $this->sessioncookiename = $sessioncookiename; + $this->p['sessioncookiename'] = $sessioncookiename; } function set_uid_cookie_name($uidcookiename) { - $this->uidcookiename = $uidcookiename; + $this->p['uidcookiename'] = $uidcookiename; } @@ -123,9 +132,9 @@ function _init_session() { if (!$this->sessioninitialized) { - /* Using a non-standard values for session? */ - if ($this->sessioncookiename) - $this->session->set_cookiename($this->sessioncookiename); + # Using non-standard values for session? + if ($this->p['sessioncookiename']) + $this->session->set_cookiename($this->p['sessioncookiename']); if (isset($this->domain)) $this->session->set_domain($this->domain); @@ -152,38 +161,31 @@ function get_status() { $this->status = IT_USER_STATUS_SESSION; $this->_set_uid($this->session->get_uid()); - $this->set_key_field($this->uid_field); $this->read($this->uid); - /* username == uid means we don't have a username yet */ + # username == uid means we don't have a username yet if ($this->username == $this->uid) $this->username = ""; } - else if (isset($_COOKIE[$this->uidcookiename]) && ($this->uid = substr($_COOKIE[$this->uidcookiename], 0, 32))) + else if (isset($_COOKIE[$this->p['uidcookiename']]) && ($this->uid = substr($_COOKIE[$this->p['uidcookiename']], 0, 32))) { - $this->set_key_field($this->uid_field); $this->read($this->uid); if ($this->username == $this->uid) $this->username = ""; - if ($this->username) - $this->status = IT_USER_STATUS_KNOWN; - else - $this->status = IT_USER_STATUS_ANONYMOUS; + $this->status = $this->username ? IT_USER_STATUS_KNOWN : IT_USER_STATUS_ANONYMOUS; } else { $this->status = IT_USER_STATUS_UNKNOWN; $this->username = ''; - if ($this->uid_field) + if ($this->p['uid_field']) $this->_set_uid($this->create_uid()); } } - #debug("status $this->status"); - return $this->status; } @@ -204,10 +206,10 @@ function _set_uid($uid) { $this->uid = $uid; - if (!isset($_COOKIE[$this->uidcookiename]) || ($_COOKIE[$this->uidcookiename] != $uid)) + if (!isset($_COOKIE[$this->p['uidcookiename']]) || ($_COOKIE[$this->p['uidcookiename']] != $uid)) { - @setcookie($this->uidcookiename, $uid, _IT_USER_UID_COOKIE_LIFETIME, "/", $this->domain); - $_COOKIE[$this->uidcookiename] = $uid; + @setcookie($this->p['uidcookiename'], $uid, _IT_USER_UID_COOKIE_LIFETIME, "/", $this->domain); + $_COOKIE[$this->p['uidcookiename']] = $uid; } } @@ -219,7 +221,7 @@ function is_logged_in() } -/* +/** * Try to log in user. Use get_status() to check result. * NOTE: Must not be called AFTER get_status() has been used. * @param $username User ID to login @@ -232,31 +234,24 @@ function login($username, $password, $ignorepassword = false, $withsession = tru $result = false; $this->_init_session(); - $this->workrecord = new it_db_record($this->table, $this->username_field); + $this->workrecord = new it_dbi(array('table' => $this->p['table'], 'keyfield' => $this->p['username_field'])); - #debug("username '$username'"); if ($this->workrecord->read($username)) { - #debug("password '$password', '" . $this->workrecord->data[$this->password_field] . "'"); - if ($ignorepassword || $this->check_password($password, $this->workrecord->data[$this->password_field])) + if ($ignorepassword || $this->check_password($password, $this->workrecord->{$this->p['password_field']})) { - #debug("login_identifier '$this->login_identifier'"); - $this->session->set_uid($this->workrecord->data[$this->uid_field]); + $this->session->set_uid($this->workrecord->{$this->p['uid_field']}); if ($withsession) $result = $this->session->set_valid(true, $this->login_identifier_required, $this->login_identifier); else - $result = $_COOKIE[$this->uidcookiename] = $this->session->get_uid(); + $result = $_COOKIE[$this->p['uidcookiename']] = $this->session->get_uid(); } - #debug("result '$result'"); } - if ($result && ($this->session->get_uid() == $this->workrecord->data[$this->uid_field])) - $this->username = $this->workrecord->data[$this->username_field]; + if ($result && ($this->session->get_uid() == $this->workrecord->{$this->p['uid_field']})) + $this->username = $this->workrecord->{$this->p['username_field']}; - if ($result) - $this->status = _IT_USER_STATUS_INVALID; - else - $this->status = IT_USER_STATUS_FAILED; + $this->status = $result ? _IT_USER_STATUS_INVALID : IT_USER_STATUS_FAILED; return $result; } @@ -288,27 +283,25 @@ function purge() /* * Create user database record. * @param $tags Fields to set (uid and username are optional) - * @see it_db_record + * @see it_dbi::insert() */ function create($tags) { - $result; - - /* Make sure UID is always set in database records */ - if ($this->uid_field) + # Make sure UID is always set in database records + if ($this->p['uid_field']) { if (!$this->uid) $this->_set_uid($this->create_uid()); - $tags[$this->uid_field] = $this->uid; + $tags[$this->p['uid_field']] = $this->uid; } - /* Create dummy but unique username if none given */ - if (!$tags[$this->username_field] && !$this->data[$this->username_field]) - $tags[$this->username_field] = $this->uid; + # Create dummy but unique username if none given + if (!$tags[$this->p['username_field']] && !$this->{$this->p['username_field']}) + $tags[$this->p['username_field']] = $this->uid; - if ($result = it_db_record::create($tags)) - $this->_set_uid($this->data[$this->uid_field]); + if ($result = $this->insert($tags)) + $this->_set_uid($this->{$this->p['uid_field']}); return $result; } @@ -359,8 +352,8 @@ function create_password($length = 8, $charset = 'abcdefghjkpqrstuvwxyz23456789A */ function crypt_password($password) { - $result = $this->table->db->safe_sql_query("SELECT PASSWORD('" . mysql_real_escape_string($password) . "')"); - list($pw) = $this->table->db->fetch_array($result); + $result = $this->query("SELECT PASSWORD('" . mysql_real_escape_string($password) . "')"); + list($pw) = mysql_fetch_array($result); return $pw; } |