From 76f208ddcc490280885c3fd2fd2917e6be0b65b5 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Wed, 30 Dec 2015 20:18:45 -0500 Subject: + Created db table child class for User table --- app/class/user.class.php | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 app/class/user.class.php (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php new file mode 100644 index 0000000..8ef91ae --- /dev/null +++ b/app/class/user.class.php @@ -0,0 +1,30 @@ +loadObj($guid); + } +} + +?> -- cgit v1.2.3 From 9ce26b55017a24f3cae5c20958f2d612273c2f60 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Tue, 26 Jan 2016 21:55:43 -0500 Subject: + Added function to User class to fetch all users from DB * Altered Auth MVC deflt action to return false if no users are found. This way, the Auth controller can automatically present user a page to create an admin account --- app/class/user.class.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index 8ef91ae..6004dc9 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -25,6 +25,22 @@ class User extends Object parent::__construct("user", $cols); $this->loadObj($guid); } + + /* + * Get all users -- ordered by name, ascending + */ + function getAllUsers_orderByName() + { + $query = "SELECT guid FROM `object` WHERE `type` = 'user' ORDER BY name"; + $result = $this->db->query($query); + + $users = array(); + + foreach ($result as $u) + $users[] = new User($u['guid']); + + return $users; + } } ?> -- cgit v1.2.3 From 635ceb4808624ad6676d43e83c1ff5a7d4341d36 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Thu, 28 Jan 2016 19:38:28 -0500 Subject: Add admin field to user table User accounts now have a field to denote whether they are site administrators. The first account created during app initial configuration is an admin automatically. --- app/class/user.class.php | 1 + 1 file changed, 1 insertion(+) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index 6004dc9..9a87b01 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -17,6 +17,7 @@ class User extends Object "key", "salt", "alias", + "admin", "email", "emailConf", "emailConfKey" -- cgit v1.2.3 From 2b6afdd9ef767e1e84c4751c72da6be13d9b4402 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 30 Jan 2016 21:20:41 -0500 Subject: Add functionality to create new User objects User class now has a new function which will take a $username and a $password and use it to initialize itself as well as write new object data to the database. This commit introduces a helper function getKey() (from class User) for creating user object keys by hashing the contatenation of its password and salt. This commit introduces a helper function usernameInUse() (from class User) for ensuring the uniqueness of names amongst user-type objects --- app/class/user.class.php | 54 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index 9a87b01..6bce26c 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -42,6 +42,60 @@ class User extends Object return $users; } + + /* + * Check whether a given username is currently in use + */ + function usernameInUse($username) + { + $escd_username = $this->db->esc($username); + + $query = "SELECT name FROM object WHERE type = 'user' AND name = '" . $escd_username . "'"; + $results = $this->db->query($query); + + if (count($results) > 0) + return true; + + return false; + } + + /* + * Generate a key from a user's password and salt + */ + function getKey($password, $salt) + { + return hash("sha256", $salt . $password); + } + + /* + * Create a new User object with the given username and keyed with the given plain-text password + * This function returns false if $username is already being used + * On success, this object should be initialized as the new user (use only on new User() objects) + */ + function createNewUser($username, $password) + { + if ($this->usernameInUse($username)) + return false; + + /* if there exist no users already, make this new one an admin */ + if (count($this->getAllUsers_orderByName()) == 0) + $this->admin = 1; + + $this->perms = 0; + $this->name = $username; + $this->type = "user"; + $this->salt = $this->getBlob(); + $this->key = $this->getKey($password, $this->salt); + $this->emailConf = 0; + $this->emailConfKey = $this->getBlob(); + + $this->saveObj(); + + $this->owner = $this->guid; + $this->saveObj(); + + return true; + } } ?> -- cgit v1.2.3 From c776b36fd884808435dd1208f0dd9a57216b3927 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Mon, 1 Feb 2016 19:18:55 -0500 Subject: Implement authentication helper functions in User class Added function to initialize a User object by username wrather than GUID. Added function to validate a user-supplied plain-text password for a given user --- app/class/user.class.php | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index 6bce26c..bd2e174 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -27,6 +27,21 @@ class User extends Object $this->loadObj($guid); } + /* + * Initialize object by username + */ + function initByUsername($username) + { + $query = "SELECT guid FROM object WHERE type = 'user' AND name = '" . $this->db->esc($username) . "'"; + $result = $this->db->query($query); + + if (count($result) == 0) + return false; + + $this->loadObj($result[0]['guid']); + return true; + } + /* * Get all users -- ordered by name, ascending */ @@ -96,6 +111,15 @@ class User extends Object return true; } + + /* + * Validate the password for this user. Returns true if correct, false otherwise + */ + function validatePassword($password) + { + $key = $this->getKey($password, $this->salt); + return $key == $this->key; + } } ?> -- cgit v1.2.3 From 7df5bfb84ac979e26cd23042bc8bbcf53d3f6ae6 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 6 Mar 2016 14:22:50 -0500 Subject: Add function getDisplayName() to User class If a user has an alias set, it should be displayed throughout the app instead of the username. --- app/class/user.class.php | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index bd2e174..4f1bbfe 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -120,6 +120,17 @@ class User extends Object $key = $this->getKey($password, $this->salt); return $key == $this->key; } + + /* + * If a user has an alias set, display it instead of their username + */ + function getDisplayName() + { + if ($this->alias != "") + return $this->alias; + + return $this->name; + } } ?> -- cgit v1.2.3 From 798cd5d80385705503c81be269c008e163fcbdba Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Thu, 10 Mar 2016 18:36:46 -0500 Subject: Add function User::setPassword() This user function will update the salt and key for a user object to change its password. --- app/class/user.class.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index 4f1bbfe..75b769a 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -99,8 +99,7 @@ class User extends Object $this->perms = 0; $this->name = $username; $this->type = "user"; - $this->salt = $this->getBlob(); - $this->key = $this->getKey($password, $this->salt); + $this->setPassword($password); $this->emailConf = 0; $this->emailConfKey = $this->getBlob(); @@ -121,6 +120,15 @@ class User extends Object return $key == $this->key; } + /* + * Overwrite the salt and key for this user, given a new plaintext password + */ + function setPassword($password) + { + $this->salt = $this->getBlob(); + $this->key = $this->getKey($password, $this->salt); + } + /* * If a user has an alias set, display it instead of their username */ -- cgit v1.2.3 From 2b8f6ae7ca3e8b18f80f2753d990425aa7fac820 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Thu, 10 Mar 2016 19:09:50 -0500 Subject: Add function User::setEmail() This function handles internal vars while updating a user's email address. --- app/class/user.class.php | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index 75b769a..6c8f46f 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -100,8 +100,7 @@ class User extends Object $this->name = $username; $this->type = "user"; $this->setPassword($password); - $this->emailConf = 0; - $this->emailConfKey = $this->getBlob(); + $this->setEmail(""); $this->saveObj(); @@ -129,6 +128,16 @@ class User extends Object $this->key = $this->getKey($password, $this->salt); } + /* + * Overwrite the emailConfKey and flag, and change user's saved email address + */ + function setEmail($email) + { + $this->email = $email; + $this->emailConf = 0; + $this->emailConfKey = $this->getBlob(); + } + /* * If a user has an alias set, display it instead of their username */ -- cgit v1.2.3 From f270bc774776dd5733ed4d76095281fa9210bac2 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Thu, 10 Mar 2016 19:18:19 -0500 Subject: Add function User::confirmEmailKey() Validates the users supposed email key. If correct, sets the users emailConf flag. --- app/class/user.class.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index 6c8f46f..7d8519e 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -119,6 +119,18 @@ class User extends Object return $key == $this->key; } + /* + * Validate the email confirmation key for a user, returns true if correct, false otherwise. On success, $this->emailConf is also set to 1 + */ + function confirmEmailKey($key) + { + if ($key != $this->emailConfKey) + return false; + + $this->emailConf = 1; + return true; + } + /* * Overwrite the salt and key for this user, given a new plaintext password */ -- cgit v1.2.3 From 2936f0d151fb52bd2649edc37abd2e1d559d1f0f Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 12 Mar 2016 23:38:18 -0500 Subject: Move getUserGlyphicon function from common model into user class --- app/class/user.class.php | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index 7d8519e..f1f7ff1 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -160,6 +160,17 @@ class User extends Object return $this->name; } + + /* + * Get the glyphicon to use for this user + */ + function getGlyphicon() + { + if ($this->admin) + return "glyphicon glyphicon-sunglasses"; + + return "glyphicon glyphicon-user"; + } } ?> -- cgit v1.2.3 From 333351cbd18d12520fb0eae44e9805cb3b10e038 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 13 Mar 2016 23:56:40 -0400 Subject: Add function User::getAddUsers_orderByAdminByName() Added function to retrive all users in system presorted first by admin status (Admins first), then by username in alpha order --- app/class/user.class.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index f1f7ff1..1130396 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -58,6 +58,22 @@ class User extends Object return $users; } + /* + * Get all users -- ordered by admin DESC (admins first), then by name + */ + function getAllUsers_orderByAdminByName() + { + $query = "SELECT o.guid FROM object o JOIN user u ON o.guid = u.guid WHERE o.type = 'user' ORDER BY u.admin DESC, o.name"; + $result = $this->db->query($query); + + $users = array(); + + foreach ($result as $u) + $users[] = new User($u['guid']); + + return $users; + } + /* * Check whether a given username is currently in use */ -- cgit v1.2.3 From ac5410de94127d7fe139de0e9bf4fd1c20bdae2b Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Fri, 1 Apr 2016 00:46:17 -0400 Subject: Add function getHeadImage() to User class This function will return the path to the head image (user image) for the user object. This path should be something like: /file.php?d=img/heads&f= --- app/class/user.class.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index 1130396..ab9ecf5 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -187,6 +187,14 @@ class User extends Object return "glyphicon glyphicon-user"; } + + /* + * Get this user's head image + */ + function getHeadImage() + { + return $this->ar() . "/file.php?d=img/heads&f=" . $this->guid; + } } ?> -- cgit v1.2.3 From 6d6e62add5976b3afec23d1745302d676ccd88ac Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 30 Apr 2016 22:19:36 -0400 Subject: Add function User::rmHeadImage() Function to delete the user image file for the given user object. --- app/class/user.class.php | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index ab9ecf5..1d17dfe 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -195,6 +195,17 @@ class User extends Object { return $this->ar() . "/file.php?d=img/heads&f=" . $this->guid; } + + /* + * Remove this user's head image + */ + function rmHeadImage() + { + if (!is_file("assets/img/heads/" . $this->guid)) + return true; + + return unlink("assets/img/heads/" . $this->guid); + } } ?> -- cgit v1.2.3 From 5f99922eb6fbda82da55ccf728eda6add48cb4f1 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 22 May 2016 02:50:17 -0400 Subject: Add function User::getNumAdmins() Function to count the number of admin accounts that exist. This is used to make sure that while deleteing accounts, the number of administrators never drops to zero. --- app/class/user.class.php | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index 1d17dfe..07bd0d6 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -74,6 +74,16 @@ class User extends Object return $users; } + /* + * Get the number of administrative accounts in the system + */ + function getNumAdmins() + { + $query = "SELECT count(*) as cnt FROM user WHERE admin = 1"; + $results = $this->db->query($query); + return $results[0]['cnt']; + } + /* * Check whether a given username is currently in use */ -- cgit v1.2.3 From ec7186ed4e1c2a41ff9052cdd1624b8cabbb047c Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Thu, 26 May 2016 23:46:22 -0400 Subject: Add copyright notice to Scrott class files --- app/class/user.class.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index 07bd0d6..1185f45 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -1,5 +1,19 @@ Date: Sat, 11 Jun 2016 01:11:23 -0400 Subject: Add function User::getGroups() This function returns all groups the user either owns or is a member of. This is not necessarily the same as all groups the user has access permission to. The *not-yet-implemented* object explorer feature should be used to browse those. --- app/class/user.class.php | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index 1185f45..3239568 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -15,6 +15,7 @@ */ require_once "class/object.class.php"; +require_once "class/group.class.php"; /* * Application users @@ -230,6 +231,30 @@ class User extends Object return unlink("assets/img/heads/" . $this->guid); } + + /* + * Get all groups this user owns or is a member of + */ + function getGroups() + { + /* owner */ + $query = "SELECT guid FROM object WHERE type = 'group' AND owner = '" . $this->db->esc($this->guid) . "'"; + $result = $this->db->query($query); + + $groups = array(); + + foreach ($result as $g) + $groups[] = new Group($g['guid']); + + /* member */ + $query = "SELECT o.guid FROM object o JOIN obj_member om ON o.guid = om.guid WHERE o.type = 'group' AND member = '" . $this->db->esc($this->guid) . "'"; + $result = $this->db->query($query); + + foreach ($result as $g) + $groups[] = new Group($g['guid']); + + return $groups; + } } ?> -- cgit v1.2.3 From 7fd20cd4e15aec3079377e48f18ba91bbda462eb Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Tue, 13 Sep 2016 23:32:37 -0400 Subject: Move function User::getHeadImage() to Object class Increase the scope of this function so it may be used by groups. --- app/class/user.class.php | 8 -------- 1 file changed, 8 deletions(-) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index 3239568..44b4b5f 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -213,14 +213,6 @@ class User extends Object return "glyphicon glyphicon-user"; } - /* - * Get this user's head image - */ - function getHeadImage() - { - return $this->ar() . "/file.php?d=img/heads&f=" . $this->guid; - } - /* * Remove this user's head image */ -- cgit v1.2.3 From 35da301d31045b0974100307a7f0f4128b482170 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 18 Sep 2016 11:59:11 -0400 Subject: Move function User::rmHeadImage() to Object class --- app/class/user.class.php | 11 ----------- 1 file changed, 11 deletions(-) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index 44b4b5f..b8143a9 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -213,17 +213,6 @@ class User extends Object return "glyphicon glyphicon-user"; } - /* - * Remove this user's head image - */ - function rmHeadImage() - { - if (!is_file("assets/img/heads/" . $this->guid)) - return true; - - return unlink("assets/img/heads/" . $this->guid); - } - /* * Get all groups this user owns or is a member of */ -- cgit v1.2.3 From ed99654d2e139a847a63e9295bf976d17462ee34 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 22 Oct 2016 00:29:30 -0400 Subject: Deprecate application code Setup to perform an iteration of development focused on a simpler implementation and eliminating redundancy in design. --- app/class/user.class.php | 241 ----------------------------------------------- 1 file changed, 241 deletions(-) delete mode 100644 app/class/user.class.php (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php deleted file mode 100644 index b8143a9..0000000 --- a/app/class/user.class.php +++ /dev/null @@ -1,241 +0,0 @@ -loadObj($guid); - } - - /* - * Initialize object by username - */ - function initByUsername($username) - { - $query = "SELECT guid FROM object WHERE type = 'user' AND name = '" . $this->db->esc($username) . "'"; - $result = $this->db->query($query); - - if (count($result) == 0) - return false; - - $this->loadObj($result[0]['guid']); - return true; - } - - /* - * Get all users -- ordered by name, ascending - */ - function getAllUsers_orderByName() - { - $query = "SELECT guid FROM `object` WHERE `type` = 'user' ORDER BY name"; - $result = $this->db->query($query); - - $users = array(); - - foreach ($result as $u) - $users[] = new User($u['guid']); - - return $users; - } - - /* - * Get all users -- ordered by admin DESC (admins first), then by name - */ - function getAllUsers_orderByAdminByName() - { - $query = "SELECT o.guid FROM object o JOIN user u ON o.guid = u.guid WHERE o.type = 'user' ORDER BY u.admin DESC, o.name"; - $result = $this->db->query($query); - - $users = array(); - - foreach ($result as $u) - $users[] = new User($u['guid']); - - return $users; - } - - /* - * Get the number of administrative accounts in the system - */ - function getNumAdmins() - { - $query = "SELECT count(*) as cnt FROM user WHERE admin = 1"; - $results = $this->db->query($query); - return $results[0]['cnt']; - } - - /* - * Check whether a given username is currently in use - */ - function usernameInUse($username) - { - $escd_username = $this->db->esc($username); - - $query = "SELECT name FROM object WHERE type = 'user' AND name = '" . $escd_username . "'"; - $results = $this->db->query($query); - - if (count($results) > 0) - return true; - - return false; - } - - /* - * Generate a key from a user's password and salt - */ - function getKey($password, $salt) - { - return hash("sha256", $salt . $password); - } - - /* - * Create a new User object with the given username and keyed with the given plain-text password - * This function returns false if $username is already being used - * On success, this object should be initialized as the new user (use only on new User() objects) - */ - function createNewUser($username, $password) - { - if ($this->usernameInUse($username)) - return false; - - /* if there exist no users already, make this new one an admin */ - if (count($this->getAllUsers_orderByName()) == 0) - $this->admin = 1; - - $this->perms = 0; - $this->name = $username; - $this->type = "user"; - $this->setPassword($password); - $this->setEmail(""); - - $this->saveObj(); - - $this->owner = $this->guid; - $this->saveObj(); - - return true; - } - - /* - * Validate the password for this user. Returns true if correct, false otherwise - */ - function validatePassword($password) - { - $key = $this->getKey($password, $this->salt); - return $key == $this->key; - } - - /* - * Validate the email confirmation key for a user, returns true if correct, false otherwise. On success, $this->emailConf is also set to 1 - */ - function confirmEmailKey($key) - { - if ($key != $this->emailConfKey) - return false; - - $this->emailConf = 1; - return true; - } - - /* - * Overwrite the salt and key for this user, given a new plaintext password - */ - function setPassword($password) - { - $this->salt = $this->getBlob(); - $this->key = $this->getKey($password, $this->salt); - } - - /* - * Overwrite the emailConfKey and flag, and change user's saved email address - */ - function setEmail($email) - { - $this->email = $email; - $this->emailConf = 0; - $this->emailConfKey = $this->getBlob(); - } - - /* - * If a user has an alias set, display it instead of their username - */ - function getDisplayName() - { - if ($this->alias != "") - return $this->alias; - - return $this->name; - } - - /* - * Get the glyphicon to use for this user - */ - function getGlyphicon() - { - if ($this->admin) - return "glyphicon glyphicon-sunglasses"; - - return "glyphicon glyphicon-user"; - } - - /* - * Get all groups this user owns or is a member of - */ - function getGroups() - { - /* owner */ - $query = "SELECT guid FROM object WHERE type = 'group' AND owner = '" . $this->db->esc($this->guid) . "'"; - $result = $this->db->query($query); - - $groups = array(); - - foreach ($result as $g) - $groups[] = new Group($g['guid']); - - /* member */ - $query = "SELECT o.guid FROM object o JOIN obj_member om ON o.guid = om.guid WHERE o.type = 'group' AND member = '" . $this->db->esc($this->guid) . "'"; - $result = $this->db->query($query); - - foreach ($result as $g) - $groups[] = new Group($g['guid']); - - return $groups; - } -} - -?> -- cgit v1.2.3 From be9dd0f28fb63e46dfbafc8f9cc1764ac89cad92 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 5 Feb 2017 17:57:49 -0500 Subject: Add user class --- app/class/user.class.php | 183 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 183 insertions(+) create mode 100644 app/class/user.class.php (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php new file mode 100644 index 0000000..8d7da45 --- /dev/null +++ b/app/class/user.class.php @@ -0,0 +1,183 @@ +fields['users'] = array( + "guid", + "auth", + "salt", + "alias", + "email", + "emailVer", + "admin", + "reg", + "emailConf", + ); + + parent::__construct($guid); + } + + /* + * Get the GUID of a user object from a given username, or NULL if + * the username is not in use. Therefore, this function can be + * used to test the existence of a user with the given username. + */ + public static function getGuidByUname(string $uname) : ?string + { + $uname = $this->db->esc($uname); + + $query = "SELECT guid FROM objects WHERE objtype = 'user' AND name = '" . $uname . "'"; + $res = $this->db->query($query); + + if (count($res) == 0) + return NULL; + + return $res[0]['guid']; + } + + /* + * Get a user object from a given username, or NULL if the username + * is not in use. This function can be used to test the existence + * of a user with the given username. + */ + public static function getByUname(string $uname) : ?user + { + if (($guid = self::getGuidByUname($uname))) + return new user($guid); + + return NULL; + } + + /* + * Get an array of all users, sorted by username + */ + public static function getAll_ordByUname() : array + { + $query = "SELECT guid FROM objects WHERE objtype = 'user' ORDER BY name"; + $res = $this->db->query($query); + + $users = array(); + + foreach ($res as $u) + $users[] = new user($u['guid']); + + return $users; + } + + /* + * Get an array of all users, sorted by admin (descending, admins + * first), then by username. + */ + public static function getAll_ordByAdminByUname() : array + { + $query = "SELECT o.guid FROM objects o JOIN users u ON o.guid = u.guid " . + "WHERE o.objtype = 'user' ORDER BY u.admin DESC, o.name"; + $res = $this->db->query($query); + + $users = array(); + + foreach ($res as $u) + $users[] = new user($u['guid']); + + return $users; + } + + /* + * Get an array of all admins, sorted by username + */ + public static function getAllAdmin_ordByUname() : array + { + $query = "SELECT o.guid FROM objects o JOIN users u ON o.guid = u.guid " . + "WHERE o.objtype = 'user' AND u.admin = 1 ORDER BY o.name"; + $res = $this->db->query($query); + + $users = array(); + + foreach ($res as $u) + $users[] = new user($u['guid']); + + return $users; + } + + /* + * Get the currently logged in user, or NULL if logged out. This + * function will throw if unable to aquire a PHP session. This + * function will also forcibly log the current user out if it + * detects any changes in the user-agent or remote IP address. + */ + public static function getCurrent() : ?user + { + if (!session_start()) + throw new Exception("Unable to aquire a PHP session"); + + if (!isset($_SESSION['userguid'])) + return NULL; + + /* detect session hijacking */ + if (($_SESSION['useragent'] != $_SERVER['HTTP_USER_AGENT']) || + ($_SESSION['userip'] != $_SERVER['REMOTE_ADDR'])) + { + self::setCurrent(); + return NULL; + } + + return new user($_SESSION['userguid']); + } + + /* + * Set the currently logged in user. Using NULL will logout any + * current user. This function will throw if unable to aquire a + * PHP session. This function will also cache the user-agent and + * remote IP address of the current request to help validate future + * requests made under the same session. + */ + public static function setCurrent(?user $user = NULL) : void + { + if (!session_start()) + throw new Exception("Unable to aquire a PHP session"); + + unset($_SESSION['userguid']); + unset($_SESSION['useragent']); + unset($_SESSION['userip']); + + if ($user) + { + $_SESSION['userguid'] = $user->guid; + $_SESSION['useragent'] = $_SERVER['HTTP_USER_AGENT']; + $_SESSION['userip'] = $_SERVER['REMOTE_ADDR']; + } + } + + /* + * Get the salted and hashed form of a password + */ + private static function getAuth(string $passwd, string $salt) : string + { + return hash("sha256", $passwd . $salt); + } +} + +?> -- cgit v1.2.3 From ce38fd96e1105c70b55196ae3b6ab612442c8b2f Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 5 Feb 2017 21:46:36 -0500 Subject: Add redirect to forceful logout While forcing a logout, we need to also redirect to the app root. --- app/class/user.class.php | 1 + 1 file changed, 1 insertion(+) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index 8d7da45..fc969fa 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -141,6 +141,7 @@ class user extends agent ($_SESSION['userip'] != $_SERVER['REMOTE_ADDR'])) { self::setCurrent(); + location("/"); return NULL; } -- cgit v1.2.3 From 476192ca8fa2053af74a7e7f5e4006c83c8d0cad Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Mon, 6 Feb 2017 01:18:10 -0500 Subject: Update table class tree to use static database references --- app/class/user.class.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index fc969fa..45fa5a5 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -47,10 +47,10 @@ class user extends agent */ public static function getGuidByUname(string $uname) : ?string { - $uname = $this->db->esc($uname); + $uname = database::esc($uname); $query = "SELECT guid FROM objects WHERE objtype = 'user' AND name = '" . $uname . "'"; - $res = $this->db->query($query); + $res = database::query($query); if (count($res) == 0) return NULL; @@ -77,7 +77,7 @@ class user extends agent public static function getAll_ordByUname() : array { $query = "SELECT guid FROM objects WHERE objtype = 'user' ORDER BY name"; - $res = $this->db->query($query); + $res = database::query($query); $users = array(); @@ -95,7 +95,7 @@ class user extends agent { $query = "SELECT o.guid FROM objects o JOIN users u ON o.guid = u.guid " . "WHERE o.objtype = 'user' ORDER BY u.admin DESC, o.name"; - $res = $this->db->query($query); + $res = database::query($query); $users = array(); @@ -112,7 +112,7 @@ class user extends agent { $query = "SELECT o.guid FROM objects o JOIN users u ON o.guid = u.guid " . "WHERE o.objtype = 'user' AND u.admin = 1 ORDER BY o.name"; - $res = $this->db->query($query); + $res = database::query($query); $users = array(); -- cgit v1.2.3 From f8db4aae02465dabaf7907f5e821414eeeea14bf Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Tue, 7 Feb 2017 00:20:03 -0500 Subject: Add function expectType() to table class protected function exceptType added for use by subclasses to assert that the database object loaded is the correct type and to protect against cases like EG: passing the GUID for a group to new user(...); If a problem is detected, throw an exception. --- app/class/user.class.php | 1 + 1 file changed, 1 insertion(+) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index 45fa5a5..7defa8f 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -38,6 +38,7 @@ class user extends agent ); parent::__construct($guid); + $this->expectType("user"); } /* -- cgit v1.2.3 From f4c10ec42537241fb77c93fa0eb1e31824c3aa73 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 25 Mar 2017 21:19:09 -0400 Subject: Add function user::initNew() --- app/class/user.class.php | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index 7defa8f..b0b3435 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -173,6 +173,31 @@ class user extends agent } } + /* + * Initialize a new user object with the given username and plain + * text password. This function returns NULL if $uname is already + * being used. + */ + public static function initNew(string $uname, string $passwd) : ?user + { + if (self::getByUname($uname)) + return NULL; + + $user = new user(); + + /* if there exist no users already, make this new one an admin */ + if (count(self::getAll_ordByUname()) == 0) + $user->admin = 1; + + $user->name = $uname; + $user->objtype = "user"; + $user->setPasswd($passwd); + $user->setEmail(""); + $user->reg = 1; + + return $user; + } + /* * Get the salted and hashed form of a password */ -- cgit v1.2.3 From 0555c1a786144102fa1b9381f634138d2bd8c181 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 26 Mar 2017 04:32:27 -0400 Subject: Add various helper functions for user class Added the function to verify and update the user's password. Added the function to confirm and update the user's email address. --- app/class/user.class.php | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index b0b3435..9892277 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -205,6 +205,51 @@ class user extends agent { return hash("sha256", $passwd . $salt); } + + /* + * Validate the given plain-text password for this user. Returns true if + * correct, false otherwise. + */ + public function validatePasswd(string $passwd) : bool + { + $auth = self::getAuth($passwd, $this->salt); + return $auth == $this->auth; + } + + /* + * Update the auth and salt for this user, given a new plain-text + * password. + */ + public function setPasswd(string $passwd) : void + { + $this->salt = self::getBlob(); + $this->auth = self::getAuth($passwd, $this->salt); + } + + /* + * Validate the email confirmation code for this user. Returns true if + * correct, false otherwise. On success, $this->emailConf is also set + * to 1 + */ + public function verifyEmail(string $ver) : bool + { + if ($ver != $this->emailVer) + return false; + + $this->emailConf = 1; + return true; + } + + /* + * Update the email address for this user. This function will automatically + * reset the emailConf flag and confirmation code for this user as well. + */ + public function setEmail(string $email) : void + { + $this->email = $email; + $this->emailVer = substr(self::getBlob(), 0, 8); + $this->emailConf = 0; + } } ?> -- cgit v1.2.3 From 1ae7eab4711353b2144d0da40ac33270bc79a081 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 26 Mar 2017 22:52:30 -0400 Subject: Add function user::getGroups_ordByOwnByName() Lookup all groups a user owns or is a member of. --- app/class/user.class.php | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index 9892277..97309f8 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -250,6 +250,34 @@ class user extends agent $this->emailVer = substr(self::getBlob(), 0, 8); $this->emailConf = 0; } + + /* + * Get all groups this user owns or is a member of. This isn't necessarily + * all groups this user cas access permissions for. Results are sorted by + * ownership, then by name. + */ + public function getGroups_ordByOwnByName() : array + { + $groups = array(); + + /* owner */ + $query = "SELECT guid FROM objects WHERE objtype = 'group' AND owner = '" . database::esc($this->guid) . "' " . + "ORDER BY name"; + $res = database::query($query); + + foreach ($res as $g) + $groups[] = new group($g['guid']); + + /* member */ + $query = "SELECT o.guid FROM objects o JOIN members m ON o.guid = m.guid WHERE o.objtype = 'group' AND " . + "m.member = '" . database::esc($this->guid) . "' ORDER BY o.name"; + $res = database::query($query); + + foreach ($res as $g) + $groups[] = new group($g['guid']); + + return $groups; + } } ?> -- cgit v1.2.3 From ce1e026c42dbe142202d17675791579dfc30d6b5 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 9 Apr 2017 23:19:54 -0400 Subject: Fix bugs in user class Added calls to function saveObj() where $this is mutated. --- app/class/user.class.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index 97309f8..a6addf6 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -194,6 +194,7 @@ class user extends agent $user->setPasswd($passwd); $user->setEmail(""); $user->reg = 1; + $user->saveObj(); return $user; } @@ -224,6 +225,7 @@ class user extends agent { $this->salt = self::getBlob(); $this->auth = self::getAuth($passwd, $this->salt); + $this->saveObj(); } /* @@ -237,6 +239,7 @@ class user extends agent return false; $this->emailConf = 1; + $this->saveObj(); return true; } @@ -249,6 +252,7 @@ class user extends agent $this->email = $email; $this->emailVer = substr(self::getBlob(), 0, 8); $this->emailConf = 0; + $this->saveObj(); } /* -- cgit v1.2.3 From 05c33eb8da0c926c07288ddb07821fb967e20d7d Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Tue, 6 Jun 2017 12:23:26 -0400 Subject: Implement function sendEmail() for user class --- app/class/user.class.php | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index a6addf6..01552f6 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -282,6 +282,45 @@ class user extends agent return $groups; } + + /* + * Send an email message to this user using stored configuration + * parameters. If config is not established, delivery is not + * attempted. Return status. + */ + public function sendEmail(string $subj, string $mesg, + ?string $attachPath = NULL, ?string $attachName = NULL, + bool $ignoreEmailConf = false) : bool + { + if (settings::smtpServer() == "") + return false; + + if (!$ignoreEmailConf && !$this->emailConf) + return true; + + if ($this->email == "") + return true; + + $mail = new PHPMailer(); + $mail->isSMTP(); + $mail->SMTPAuth = true; + + $mail->Host = settings::smtpServer(); + $mail->Port = settings::smtpPort(); + $mail->Username = settings::smtpUname(); + $mail->Password = settings::smtpPasswd(); + $mail->SMTPSecure = settings::smtpSecurity(); + + $mail->setFrom(settings::smtpEmailAddress()); + $mail->addAddress($this->email, $this->getDisplayName()); + $mail->Subject = $subj; + $mail->Body = $mesg; + + if ($attachPath && $attachName) + $mail->addAttachment($attachPath, $attachName); + + return $mail->send(); + } } ?> -- cgit v1.2.3 From 2564b9953bb7bd8e90a9865962cb9e88d4cfd218 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Mon, 19 Jun 2017 23:45:03 -0400 Subject: Update function user::sendEmail() Now setting the name for email FROM field using system config 'smtpFrom'. --- app/class/user.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index 01552f6..81fc29f 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -311,7 +311,7 @@ class user extends agent $mail->Password = settings::smtpPasswd(); $mail->SMTPSecure = settings::smtpSecurity(); - $mail->setFrom(settings::smtpEmailAddress()); + $mail->setFrom(settings::smtpEmailAddress(), settings::smtpFrom()); $mail->addAddress($this->email, $this->getDisplayName()); $mail->Subject = $subj; $mail->Body = $mesg; -- cgit v1.2.3 From 98ca92aa0a8aa9d879dd77ab76672f052b53b8d6 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Fri, 9 Feb 2018 01:06:26 -0500 Subject: Fix bug in function user::getCurrent() If the session is set to an invalid (eg: deleted) user GUID, an exception is (correctly) thrown. This commit catches that and enables getCurrent() to close the bad session and return NULL. --- app/class/user.class.php | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index 81fc29f..6f05570 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -146,7 +146,17 @@ class user extends agent return NULL; } - return new user($_SESSION['userguid']); + try + { + return new user($_SESSION['userguid']); + } + catch (Exception $e) + { + /* invalid user */ + self::setCurrent(); + location("/"); + return NULL; + } } /* -- cgit v1.2.3 From f1c92c8a67fee9d30480c6a72ac3d00b1879edfd Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 11 Feb 2018 16:15:36 -0500 Subject: Address issue with user functions getCurrent() and setCurrent() Previously, these functions would always call session_start() before doing most of their work. However, I've found that calling that function two or more times within the lifetime of a program results in NOTICE messages output from the PHP interpreter. Therefore, I am now only calling session_start() if the session is not already active. --- app/class/user.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index 6f05570..50679ee 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -131,7 +131,7 @@ class user extends agent */ public static function getCurrent() : ?user { - if (!session_start()) + if ((session_status() != PHP_SESSION_ACTIVE) && !session_start()) throw new Exception("Unable to aquire a PHP session"); if (!isset($_SESSION['userguid'])) @@ -168,7 +168,7 @@ class user extends agent */ public static function setCurrent(?user $user = NULL) : void { - if (!session_start()) + if ((session_status() != PHP_SESSION_ACTIVE) && !session_start()) throw new Exception("Unable to aquire a PHP session"); unset($_SESSION['userguid']); -- cgit v1.2.3 From 0a77d66a62006fce5e3768eb115baa48b16cb719 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Fri, 7 Sep 2018 07:08:26 -0400 Subject: Fix typo --- app/class/user.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index 50679ee..90aac44 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -267,7 +267,7 @@ class user extends agent /* * Get all groups this user owns or is a member of. This isn't necessarily - * all groups this user cas access permissions for. Results are sorted by + * all groups this user has access permissions for. Results are sorted by * ownership, then by name. */ public function getGroups_ordByOwnByName() : array -- cgit v1.2.3