<?php
/*
* SCROTT Copyright (C) 2016 Malf Furious
*
* Scrott is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License,
* or (at your option) any later version.
*
* Scrott is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
* License for more details.
*/
require_once "class/object.class.php";
require_once "class/group.class.php";
/*
* Application users
*/
class User extends Object
{
/*
* Constructor
*/
function __construct($guid = null)
{
$cols = array(
"guid",
"key",
"salt",
"alias",
"admin",
"email",
"emailConf",
"emailConfKey"
);
parent::__construct("user", $cols);
$this->loadObj($guid);
}
/*
* Initialize object by username
*/
function initByUsername($username)
{
$query = "SELECT guid FROM object WHERE type = 'user' AND name = '" . $this->db->esc($username) . "'";
$result = $this->db->query($query);
if (count($result) == 0)
return false;
$this->loadObj($result[0]['guid']);
return true;
}
/*
* Get all users -- ordered by name, ascending
*/
function getAllUsers_orderByName()
{
$query = "SELECT guid FROM `object` WHERE `type` = 'user' ORDER BY name";
$result = $this->db->query($query);
$users = array();
foreach ($result as $u)
$users[] = new User($u['guid']);
return $users;
}
/*
* Get all users -- ordered by admin DESC (admins first), then by name
*/
function getAllUsers_orderByAdminByName()
{
$query = "SELECT o.guid FROM object o JOIN user u ON o.guid = u.guid WHERE o.type = 'user' ORDER BY u.admin DESC, o.name";
$result = $this->db->query($query);
$users = array();
foreach ($result as $u)
$users[] = new User($u['guid']);
return $users;
}
/*
* Get the number of administrative accounts in the system
*/
function getNumAdmins()
{
$query = "SELECT count(*) as cnt FROM user WHERE admin = 1";
$results = $this->db->query($query);
return $results[0]['cnt'];
}
/*
* Check whether a given username is currently in use
*/
function usernameInUse($username)
{
$escd_username = $this->db->esc($username);
$query = "SELECT name FROM object WHERE type = 'user' AND name = '" . $escd_username . "'";
$results = $this->db->query($query);
if (count($results) > 0)
return true;
return false;
}
/*
* Generate a key from a user's password and salt
*/
function getKey($password, $salt)
{
return hash("sha256", $salt . $password);
}
/*
* Create a new User object with the given username and keyed with the given plain-text password
* This function returns false if $username is already being used
* On success, this object should be initialized as the new user (use only on new User() objects)
*/
function createNewUser($username, $password)
{
if ($this->usernameInUse($username))
return false;
/* if there exist no users already, make this new one an admin */
if (count($this->getAllUsers_orderByName()) == 0)
$this->admin = 1;
$this->perms = 0;
$this->name = $username;
$this->type = "user";
$this->setPassword($password);
$this->setEmail("");
$this->saveObj();
$this->owner = $this->guid;
$this->saveObj();
return true;
}
/*
* Validate the password for this user. Returns true if correct, false otherwise
*/
function validatePassword($password)
{
$key = $this->getKey($password, $this->salt);
return $key == $this->key;
}
/*
* Validate the email confirmation key for a user, returns true if correct, false otherwise. On success, $this->emailConf is also set to 1
*/
function confirmEmailKey($key)
{
if ($key != $this->emailConfKey)
return false;
$this->emailConf = 1;
return true;
}
/*
* Overwrite the salt and key for this user, given a new plaintext password
*/
function setPassword($password)
{
$this->salt = $this->getBlob();
$this->key = $this->getKey($password, $this->salt);
}
/*
* Overwrite the emailConfKey and flag, and change user's saved email address
*/
function setEmail($email)
{
$this->email = $email;
$this->emailConf = 0;
$this->emailConfKey = $this->getBlob();
}
/*
* If a user has an alias set, display it instead of their username
*/
function getDisplayName()
{
if ($this->alias != "")
return $this->alias;
return $this->name;
}
/*
* Get the glyphicon to use for this user
*/
function getGlyphicon()
{
if ($this->admin)
return "glyphicon glyphicon-sunglasses";
return "glyphicon glyphicon-user";
}
/*
* Get all groups this user owns or is a member of
*/
function getGroups()
{
/* owner */
$query = "SELECT guid FROM object WHERE type = 'group' AND owner = '" . $this->db->esc($this->guid) . "'";
$result = $this->db->query($query);
$groups = array();
foreach ($result as $g)
$groups[] = new Group($g['guid']);
/* member */
$query = "SELECT o.guid FROM object o JOIN obj_member om ON o.guid = om.guid WHERE o.type = 'group' AND member = '" . $this->db->esc($this->guid) . "'";
$result = $this->db->query($query);
foreach ($result as $g)
$groups[] = new Group($g['guid']);
return $groups;
}
}
?>
