diff options
-rw-r--r-- | examples/class/controller.class.php | 35 | ||||
-rw-r--r-- | examples/class/framework.class.php | 67 | ||||
-rw-r--r-- | examples/class/object.class.php | 22 | ||||
-rw-r--r-- | examples/class/user.class.php | 121 |
4 files changed, 0 insertions, 245 deletions
diff --git a/examples/class/controller.class.php b/examples/class/controller.class.php index 0ab1a69..3e05812 100644 --- a/examples/class/controller.class.php +++ b/examples/class/controller.class.php @@ -1,25 +1,5 @@ <?php -/* - * SCROTT Copyright (C) 2016 Malf Furious - * - * Scrott is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published - * by the Free Software Foundation, either version 3 of the License, - * or (at your option) any later version. - * - * Scrott is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - */ - -require_once "class/framework.class.php"; - -/* - * Abstract controller -- Contains app security constraints and provides access to - * framework internals from concrete controllers - */ abstract class Controller extends Framework { /* @@ -46,21 +26,6 @@ abstract class Controller extends Framework if (isset($_SERVER['HTTPS'])) $this->redirectTo("http://" . $_SERVER['SERVER_NAME'] . $this->ap()); } - - /* - * Security check - * Assert that the client's IP address does not change during its session. If a change is detected, logout. - */ - function sec_verify_ip() - { - $addr = $_SERVER['REMOTE_ADDR']; - - if ($this->getCurrentUser() && $addr != $this->getOriginIP()) - { - $this->setCurrentUser(); - $this->redirectTo($this->ar() . "/"); - } - } } ?> diff --git a/examples/class/framework.class.php b/examples/class/framework.class.php index 802c821..0461da7 100644 --- a/examples/class/framework.class.php +++ b/examples/class/framework.class.php @@ -1,30 +1,7 @@ <?php -/* Define Scrott version number */ -define("__VERSION__", "v0.0"); - -/* Init PHP session */ -session_start(); - -require_once "class/mysql.class.php"; -require_once "class/user.class.php"; - -/* - * Global functions / operations and access to contextual or session-based information - */ abstract class Framework { - static $dbobj = null; - - /* - * Check for the existence of Scrott's system-level config - */ - function scrottConfExists() - { - global $_SCROTT; - return isset($_SCROTT['conf']); - } - /* * Get the absolute path on this server for the root of this app */ @@ -51,50 +28,6 @@ abstract class Framework } /* - * Get a user object for the currently logged in user. Returns false if session is logged out. - */ - function getCurrentUser() - { - if (isset($_SESSION['userguid'])) - { - $user = new User($_SESSION['userguid']); - - if ($user->type == "user") - return $user; - - $this->setCurrentUser(); - } - - return false; - } - - /* - * Get the IP address the client held when the current session began - */ - function getOriginIP() - { - return $_SESSION['userip']; - } - - /* - * Set the current logged in user - */ - function setCurrentUser($user = null) - { - if ($user != null && isset($user->guid)) - { - $_SESSION['userguid'] = $user->guid; - $_SESSION['userip'] = $_SERVER['REMOTE_ADDR']; - } - - else - { - unset($_SESSION['userguid']); - unset($_SESSION['userip']); - } - } - - /* * Get or create the app's database connection object (this is a singleton object and dependent on system-level config) */ static function getDbConnection() diff --git a/examples/class/object.class.php b/examples/class/object.class.php index 3acea4f..4bafc5c 100644 --- a/examples/class/object.class.php +++ b/examples/class/object.class.php @@ -3,28 +3,6 @@ abstract class Object extends Framework { /* - * Check if given user (or group) is the owner of this object - */ - function isOwner($ug) - { - return $this->getOwner()->guid == $ug->guid; - } - - /* - * Check if given user (or group) is a member of this object - */ - function isMember($ug) - { - foreach ($this->getMembers() as $member) - { - if ($member->guid == $ug->guid) - return true; - } - - return false; - } - - /* * Check if given user has permissions for this object */ function canAccess($user) diff --git a/examples/class/user.class.php b/examples/class/user.class.php index b8143a9..eff5fd0 100644 --- a/examples/class/user.class.php +++ b/examples/class/user.class.php @@ -1,129 +1,8 @@ <?php -/* - * SCROTT Copyright (C) 2016 Malf Furious - * - * Scrott is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published - * by the Free Software Foundation, either version 3 of the License, - * or (at your option) any later version. - * - * Scrott is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - */ - -require_once "class/object.class.php"; -require_once "class/group.class.php"; - -/* - * Application users - */ class User extends Object { /* - * Constructor - */ - function __construct($guid = null) - { - $cols = array( - "guid", - "key", - "salt", - "alias", - "admin", - "email", - "emailConf", - "emailConfKey" - ); - - parent::__construct("user", $cols); - $this->loadObj($guid); - } - - /* - * Initialize object by username - */ - function initByUsername($username) - { - $query = "SELECT guid FROM object WHERE type = 'user' AND name = '" . $this->db->esc($username) . "'"; - $result = $this->db->query($query); - - if (count($result) == 0) - return false; - - $this->loadObj($result[0]['guid']); - return true; - } - - /* - * Get all users -- ordered by name, ascending - */ - function getAllUsers_orderByName() - { - $query = "SELECT guid FROM `object` WHERE `type` = 'user' ORDER BY name"; - $result = $this->db->query($query); - - $users = array(); - - foreach ($result as $u) - $users[] = new User($u['guid']); - - return $users; - } - - /* - * Get all users -- ordered by admin DESC (admins first), then by name - */ - function getAllUsers_orderByAdminByName() - { - $query = "SELECT o.guid FROM object o JOIN user u ON o.guid = u.guid WHERE o.type = 'user' ORDER BY u.admin DESC, o.name"; - $result = $this->db->query($query); - - $users = array(); - - foreach ($result as $u) - $users[] = new User($u['guid']); - - return $users; - } - - /* - * Get the number of administrative accounts in the system - */ - function getNumAdmins() - { - $query = "SELECT count(*) as cnt FROM user WHERE admin = 1"; - $results = $this->db->query($query); - return $results[0]['cnt']; - } - - /* - * Check whether a given username is currently in use - */ - function usernameInUse($username) - { - $escd_username = $this->db->esc($username); - - $query = "SELECT name FROM object WHERE type = 'user' AND name = '" . $escd_username . "'"; - $results = $this->db->query($query); - - if (count($results) > 0) - return true; - - return false; - } - - /* - * Generate a key from a user's password and salt - */ - function getKey($password, $salt) - { - return hash("sha256", $salt . $password); - } - - /* * Create a new User object with the given username and keyed with the given plain-text password * This function returns false if $username is already being used * On success, this object should be initialized as the new user (use only on new User() objects) |