Merge branch 'auth' into dev

4 files changed, 189 insertions, 2 deletions

diff --git a/app/class/framework.class.php b/app/class/framework.class.php
index d1293de..74c4b14 100644
--- a/app/class/framework.class.php
+++ b/app/class/framework.class.php
@@ -4,7 +4,11 @@
 is_file("scrott.conf.php") &&
     require_once "scrott.conf.php";
 
+/* Init PHP session */
+session_start();
+
 require_once "class/mysql.class.php";
+require_once "class/user.class.php";
 
 /*
  * Global functions / operations and access to contextual or session-based information
@@ -48,6 +52,43 @@ abstract class Framework
     }
 
     /*
+     * Get a user object for the currently logged in user.  Returns false if session is logged out.
+     */
+    function getCurrentUser()
+    {
+        if (isset($_SESSION['userguid']))
+            return new User($_SESSION['userguid']);
+
+        return false;
+    }
+
+    /*
+     * Get the IP address the client held when the current session began
+     */
+    function getOriginIP()
+    {
+        return $_SESSION['userip'];
+    }
+
+    /*
+     * Set the current logged in user
+     */
+    function setCurrentUser($user = null)
+    {
+        if ($user != null && isset($user->guid))
+        {
+            $_SESSION['userguid'] = $user->guid;
+            $_SESSION['userip'] = $_SERVER['REMOTE_ADDR'];
+        }
+
+        else
+        {
+            unset($_SESSION['userguid']);
+            unset($_SESSION['userip']);
+        }
+    }
+
+    /*
      * Get or create the app's database connection object (this is a singleton object and dependent on system-level config)
      */
     static function getDbConnection()
diff --git a/app/class/object.class.php b/app/class/object.class.php
index bcd8dfa..96cc810 100644
--- a/app/class/object.class.php
+++ b/app/class/object.class.php
@@ -77,6 +77,8 @@ abstract class Object extends Framework
     {
         if (isset($this->guid))
         {
+            $this->timeUpdated = $this->getCurrentTimestamp();
+
             /* Update Base */
             $updateStr = "";
 
@@ -117,6 +119,8 @@ abstract class Object extends Framework
         else
         {
             $this->guid = $this->getNewGUID();
+            $this->timeCreated = $this->getCurrentTimestamp();
+            $this->timeUpdated = $this->timeCreated;
 
             /* Insert Base */
             $colsStr = "";
@@ -180,6 +184,16 @@ abstract class Object extends Framework
     }
 
     /*
+     * Get current timestamp for object database purposes
+     */
+    function getCurrentTimestamp()
+    {
+        $query = "SELECT now() AS stamp";
+        $result = $this->db->query($query);
+        return $result[0]['stamp'];
+    }
+
+    /*
      * Check whether given GUID exists
      */
     function isGUID($guid)
@@ -200,13 +214,20 @@ abstract class Object extends Framework
     {
         do
         {
-            $sha = hash("sha256", rand());
-            $guid = substr($sha, 0, 8);
+            $guid = substr($this->getBlob(), 0, 8);
         }
         while ($this->isGUID($guid));
 
         return $guid;
     }
+
+    /*
+     * Get a random sha256 blob
+     */
+    function getBlob()
+    {
+        return hash("sha256", openssl_random_pseudo_bytes(64));
+    }
 }
 
 /*
diff --git a/app/class/setting.class.php b/app/class/setting.class.php
index ea5fac3..e3ef7f1 100644
--- a/app/class/setting.class.php
+++ b/app/class/setting.class.php
@@ -23,6 +23,36 @@ class Setting extends Framework
 
         return $res[0]['value'];
     }
+
+    /*
+     * Helper function for setting setting values on the database
+     */
+    static function setValue($key, $value)
+    {
+        $db = parent::getDbConnection();
+        $escdKey = $db->esc($key);
+        $escdValue = $db->esc($value);
+
+        if (self::getValue($key) === false)
+            $query = "INSERT INTO setting (`key`, value) VALUES('" . $escdKey . "', '" . $escdValue . "')";
+        else
+            $query = "UPDATE setting SET value = '" . $escdValue . "' WHERE `key` = '" . $escdKey . "'";
+
+        $db->query($query);
+    }
+
+    /*
+     * Should the app allow the public to signup their own accounts with Scrott?
+     */
+    static function allowPublicSignup($value = null)
+    {
+        $opt = "allowPublicSignup";
+
+        if ($value != null)
+            self::setValue($opt, $value);
+
+        return self::getValue($opt);
+    }
 }
 
 ?>
diff --git a/app/class/user.class.php b/app/class/user.class.php
index 8ef91ae..bd2e174 100644
--- a/app/class/user.class.php
+++ b/app/class/user.class.php
@@ -17,6 +17,7 @@ class User extends Object
             "key",
             "salt",
             "alias",
+            "admin",
             "email",
             "emailConf",
             "emailConfKey"
@@ -25,6 +26,100 @@ class User extends Object
         parent::__construct("user", $cols);
         $this->loadObj($guid);
     }
+
+    /*
+     * Initialize object by username
+     */
+    function initByUsername($username)
+    {
+        $query = "SELECT guid FROM object WHERE type = 'user' AND name = '" . $this->db->esc($username) . "'";
+        $result = $this->db->query($query);
+
+        if (count($result) == 0)
+            return false;
+
+        $this->loadObj($result[0]['guid']);
+        return true;
+    }
+
+    /*
+     * Get all users -- ordered by name, ascending
+     */
+    function getAllUsers_orderByName()
+    {
+        $query = "SELECT guid FROM `object` WHERE `type` = 'user' ORDER BY name";
+        $result = $this->db->query($query);
+
+        $users = array();
+
+        foreach ($result as $u)
+            $users[] = new User($u['guid']);
+
+        return $users;
+    }
+
+    /*
+     * Check whether a given username is currently in use
+     */
+    function usernameInUse($username)
+    {
+        $escd_username = $this->db->esc($username);
+
+        $query = "SELECT name FROM object WHERE type = 'user' AND name = '" . $escd_username . "'";
+        $results = $this->db->query($query);
+
+        if (count($results) > 0)
+            return true;
+
+        return false;
+    }
+
+    /*
+     * Generate a key from a user's password and salt
+     */
+    function getKey($password, $salt)
+    {
+        return hash("sha256", $salt . $password);
+    }
+
+    /*
+     * Create a new User object with the given username and keyed with the given plain-text password
+     * This function returns false if $username is already being used
+     * On success, this object should be initialized as the new user (use only on new User() objects)
+     */
+    function createNewUser($username, $password)
+    {
+        if ($this->usernameInUse($username))
+            return false;
+
+        /* if there exist no users already, make this new one an admin */
+        if (count($this->getAllUsers_orderByName()) == 0)
+            $this->admin = 1;
+
+        $this->perms = 0;
+        $this->name = $username;
+        $this->type = "user";
+        $this->salt = $this->getBlob();
+        $this->key = $this->getKey($password, $this->salt);
+        $this->emailConf = 0;
+        $this->emailConfKey = $this->getBlob();
+
+        $this->saveObj();
+
+        $this->owner = $this->guid;
+        $this->saveObj();
+
+        return true;
+    }
+
+    /*
+     * Validate the password for this user.  Returns true if correct, false otherwise
+     */
+    function validatePassword($password)
+    {
+        $key = $this->getKey($password, $this->salt);
+        return $key == $this->key;
+    }
 }
 
 ?>