diff options
Diffstat (limited to '')
| -rw-r--r-- | app/class/framework.class.php | 41 | ||||
| -rw-r--r-- | app/class/object.class.php | 25 | ||||
| -rw-r--r-- | app/class/setting.class.php | 30 | ||||
| -rw-r--r-- | app/class/user.class.php | 95 | 
4 files changed, 189 insertions, 2 deletions
| diff --git a/app/class/framework.class.php b/app/class/framework.class.php index d1293de..74c4b14 100644 --- a/app/class/framework.class.php +++ b/app/class/framework.class.php @@ -4,7 +4,11 @@  is_file("scrott.conf.php") &&      require_once "scrott.conf.php"; +/* Init PHP session */ +session_start(); +  require_once "class/mysql.class.php"; +require_once "class/user.class.php";  /*   * Global functions / operations and access to contextual or session-based information @@ -48,6 +52,43 @@ abstract class Framework      }      /* +     * Get a user object for the currently logged in user.  Returns false if session is logged out. +     */ +    function getCurrentUser() +    { +        if (isset($_SESSION['userguid'])) +            return new User($_SESSION['userguid']); + +        return false; +    } + +    /* +     * Get the IP address the client held when the current session began +     */ +    function getOriginIP() +    { +        return $_SESSION['userip']; +    } + +    /* +     * Set the current logged in user +     */ +    function setCurrentUser($user = null) +    { +        if ($user != null && isset($user->guid)) +        { +            $_SESSION['userguid'] = $user->guid; +            $_SESSION['userip'] = $_SERVER['REMOTE_ADDR']; +        } + +        else +        { +            unset($_SESSION['userguid']); +            unset($_SESSION['userip']); +        } +    } + +    /*       * Get or create the app's database connection object (this is a singleton object and dependent on system-level config)       */      static function getDbConnection() diff --git a/app/class/object.class.php b/app/class/object.class.php index bcd8dfa..96cc810 100644 --- a/app/class/object.class.php +++ b/app/class/object.class.php @@ -77,6 +77,8 @@ abstract class Object extends Framework      {          if (isset($this->guid))          { +            $this->timeUpdated = $this->getCurrentTimestamp(); +              /* Update Base */              $updateStr = ""; @@ -117,6 +119,8 @@ abstract class Object extends Framework          else          {              $this->guid = $this->getNewGUID(); +            $this->timeCreated = $this->getCurrentTimestamp(); +            $this->timeUpdated = $this->timeCreated;              /* Insert Base */              $colsStr = ""; @@ -180,6 +184,16 @@ abstract class Object extends Framework      }      /* +     * Get current timestamp for object database purposes +     */ +    function getCurrentTimestamp() +    { +        $query = "SELECT now() AS stamp"; +        $result = $this->db->query($query); +        return $result[0]['stamp']; +    } + +    /*       * Check whether given GUID exists       */      function isGUID($guid) @@ -200,13 +214,20 @@ abstract class Object extends Framework      {          do          { -            $sha = hash("sha256", rand()); -            $guid = substr($sha, 0, 8); +            $guid = substr($this->getBlob(), 0, 8);          }          while ($this->isGUID($guid));          return $guid;      } + +    /* +     * Get a random sha256 blob +     */ +    function getBlob() +    { +        return hash("sha256", openssl_random_pseudo_bytes(64)); +    }  }  /* diff --git a/app/class/setting.class.php b/app/class/setting.class.php index ea5fac3..e3ef7f1 100644 --- a/app/class/setting.class.php +++ b/app/class/setting.class.php @@ -23,6 +23,36 @@ class Setting extends Framework          return $res[0]['value'];      } + +    /* +     * Helper function for setting setting values on the database +     */ +    static function setValue($key, $value) +    { +        $db = parent::getDbConnection(); +        $escdKey = $db->esc($key); +        $escdValue = $db->esc($value); + +        if (self::getValue($key) === false) +            $query = "INSERT INTO setting (`key`, value) VALUES('" . $escdKey . "', '" . $escdValue . "')"; +        else +            $query = "UPDATE setting SET value = '" . $escdValue . "' WHERE `key` = '" . $escdKey . "'"; + +        $db->query($query); +    } + +    /* +     * Should the app allow the public to signup their own accounts with Scrott? +     */ +    static function allowPublicSignup($value = null) +    { +        $opt = "allowPublicSignup"; + +        if ($value != null) +            self::setValue($opt, $value); + +        return self::getValue($opt); +    }  }  ?> diff --git a/app/class/user.class.php b/app/class/user.class.php index 8ef91ae..bd2e174 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -17,6 +17,7 @@ class User extends Object              "key",              "salt",              "alias", +            "admin",              "email",              "emailConf",              "emailConfKey" @@ -25,6 +26,100 @@ class User extends Object          parent::__construct("user", $cols);          $this->loadObj($guid);      } + +    /* +     * Initialize object by username +     */ +    function initByUsername($username) +    { +        $query = "SELECT guid FROM object WHERE type = 'user' AND name = '" . $this->db->esc($username) . "'"; +        $result = $this->db->query($query); + +        if (count($result) == 0) +            return false; + +        $this->loadObj($result[0]['guid']); +        return true; +    } + +    /* +     * Get all users -- ordered by name, ascending +     */ +    function getAllUsers_orderByName() +    { +        $query = "SELECT guid FROM `object` WHERE `type` = 'user' ORDER BY name"; +        $result = $this->db->query($query); + +        $users = array(); + +        foreach ($result as $u) +            $users[] = new User($u['guid']); + +        return $users; +    } + +    /* +     * Check whether a given username is currently in use +     */ +    function usernameInUse($username) +    { +        $escd_username = $this->db->esc($username); + +        $query = "SELECT name FROM object WHERE type = 'user' AND name = '" . $escd_username . "'"; +        $results = $this->db->query($query); + +        if (count($results) > 0) +            return true; + +        return false; +    } + +    /* +     * Generate a key from a user's password and salt +     */ +    function getKey($password, $salt) +    { +        return hash("sha256", $salt . $password); +    } + +    /* +     * Create a new User object with the given username and keyed with the given plain-text password +     * This function returns false if $username is already being used +     * On success, this object should be initialized as the new user (use only on new User() objects) +     */ +    function createNewUser($username, $password) +    { +        if ($this->usernameInUse($username)) +            return false; + +        /* if there exist no users already, make this new one an admin */ +        if (count($this->getAllUsers_orderByName()) == 0) +            $this->admin = 1; + +        $this->perms = 0; +        $this->name = $username; +        $this->type = "user"; +        $this->salt = $this->getBlob(); +        $this->key = $this->getKey($password, $this->salt); +        $this->emailConf = 0; +        $this->emailConfKey = $this->getBlob(); + +        $this->saveObj(); + +        $this->owner = $this->guid; +        $this->saveObj(); + +        return true; +    } + +    /* +     * Validate the password for this user.  Returns true if correct, false otherwise +     */ +    function validatePassword($password) +    { +        $key = $this->getKey($password, $this->salt); +        return $key == $this->key; +    }  }  ?> | 
