diff options
Diffstat (limited to 'examples/app/class/user.class.php')
| -rw-r--r-- | examples/app/class/user.class.php | 241 |
1 files changed, 241 insertions, 0 deletions
diff --git a/examples/app/class/user.class.php b/examples/app/class/user.class.php new file mode 100644 index 0000000..b8143a9 --- /dev/null +++ b/examples/app/class/user.class.php @@ -0,0 +1,241 @@ +<?php + +/* + * SCROTT Copyright (C) 2016 Malf Furious + * + * Scrott is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published + * by the Free Software Foundation, either version 3 of the License, + * or (at your option) any later version. + * + * Scrott is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public + * License for more details. + */ + +require_once "class/object.class.php"; +require_once "class/group.class.php"; + +/* + * Application users + */ +class User extends Object +{ + /* + * Constructor + */ + function __construct($guid = null) + { + $cols = array( + "guid", + "key", + "salt", + "alias", + "admin", + "email", + "emailConf", + "emailConfKey" + ); + + parent::__construct("user", $cols); + $this->loadObj($guid); + } + + /* + * Initialize object by username + */ + function initByUsername($username) + { + $query = "SELECT guid FROM object WHERE type = 'user' AND name = '" . $this->db->esc($username) . "'"; + $result = $this->db->query($query); + + if (count($result) == 0) + return false; + + $this->loadObj($result[0]['guid']); + return true; + } + + /* + * Get all users -- ordered by name, ascending + */ + function getAllUsers_orderByName() + { + $query = "SELECT guid FROM `object` WHERE `type` = 'user' ORDER BY name"; + $result = $this->db->query($query); + + $users = array(); + + foreach ($result as $u) + $users[] = new User($u['guid']); + + return $users; + } + + /* + * Get all users -- ordered by admin DESC (admins first), then by name + */ + function getAllUsers_orderByAdminByName() + { + $query = "SELECT o.guid FROM object o JOIN user u ON o.guid = u.guid WHERE o.type = 'user' ORDER BY u.admin DESC, o.name"; + $result = $this->db->query($query); + + $users = array(); + + foreach ($result as $u) + $users[] = new User($u['guid']); + + return $users; + } + + /* + * Get the number of administrative accounts in the system + */ + function getNumAdmins() + { + $query = "SELECT count(*) as cnt FROM user WHERE admin = 1"; + $results = $this->db->query($query); + return $results[0]['cnt']; + } + + /* + * Check whether a given username is currently in use + */ + function usernameInUse($username) + { + $escd_username = $this->db->esc($username); + + $query = "SELECT name FROM object WHERE type = 'user' AND name = '" . $escd_username . "'"; + $results = $this->db->query($query); + + if (count($results) > 0) + return true; + + return false; + } + + /* + * Generate a key from a user's password and salt + */ + function getKey($password, $salt) + { + return hash("sha256", $salt . $password); + } + + /* + * Create a new User object with the given username and keyed with the given plain-text password + * This function returns false if $username is already being used + * On success, this object should be initialized as the new user (use only on new User() objects) + */ + function createNewUser($username, $password) + { + if ($this->usernameInUse($username)) + return false; + + /* if there exist no users already, make this new one an admin */ + if (count($this->getAllUsers_orderByName()) == 0) + $this->admin = 1; + + $this->perms = 0; + $this->name = $username; + $this->type = "user"; + $this->setPassword($password); + $this->setEmail(""); + + $this->saveObj(); + + $this->owner = $this->guid; + $this->saveObj(); + + return true; + } + + /* + * Validate the password for this user. Returns true if correct, false otherwise + */ + function validatePassword($password) + { + $key = $this->getKey($password, $this->salt); + return $key == $this->key; + } + + /* + * Validate the email confirmation key for a user, returns true if correct, false otherwise. On success, $this->emailConf is also set to 1 + */ + function confirmEmailKey($key) + { + if ($key != $this->emailConfKey) + return false; + + $this->emailConf = 1; + return true; + } + + /* + * Overwrite the salt and key for this user, given a new plaintext password + */ + function setPassword($password) + { + $this->salt = $this->getBlob(); + $this->key = $this->getKey($password, $this->salt); + } + + /* + * Overwrite the emailConfKey and flag, and change user's saved email address + */ + function setEmail($email) + { + $this->email = $email; + $this->emailConf = 0; + $this->emailConfKey = $this->getBlob(); + } + + /* + * If a user has an alias set, display it instead of their username + */ + function getDisplayName() + { + if ($this->alias != "") + return $this->alias; + + return $this->name; + } + + /* + * Get the glyphicon to use for this user + */ + function getGlyphicon() + { + if ($this->admin) + return "glyphicon glyphicon-sunglasses"; + + return "glyphicon glyphicon-user"; + } + + /* + * Get all groups this user owns or is a member of + */ + function getGroups() + { + /* owner */ + $query = "SELECT guid FROM object WHERE type = 'group' AND owner = '" . $this->db->esc($this->guid) . "'"; + $result = $this->db->query($query); + + $groups = array(); + + foreach ($result as $g) + $groups[] = new Group($g['guid']); + + /* member */ + $query = "SELECT o.guid FROM object o JOIN obj_member om ON o.guid = om.guid WHERE o.type = 'group' AND member = '" . $this->db->esc($this->guid) . "'"; + $result = $this->db->query($query); + + foreach ($result as $g) + $groups[] = new Group($g['guid']); + + return $groups; + } +} + +?> |