From 9ce26b55017a24f3cae5c20958f2d612273c2f60 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Tue, 26 Jan 2016 21:55:43 -0500 Subject: + Added function to User class to fetch all users from DB * Altered Auth MVC deflt action to return false if no users are found. This way, the Auth controller can automatically present user a page to create an admin account --- app/class/user.class.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index 8ef91ae..6004dc9 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -25,6 +25,22 @@ class User extends Object parent::__construct("user", $cols); $this->loadObj($guid); } + + /* + * Get all users -- ordered by name, ascending + */ + function getAllUsers_orderByName() + { + $query = "SELECT guid FROM `object` WHERE `type` = 'user' ORDER BY name"; + $result = $this->db->query($query); + + $users = array(); + + foreach ($result as $u) + $users[] = new User($u['guid']); + + return $users; + } } ?> -- cgit v1.2.3 From 635ceb4808624ad6676d43e83c1ff5a7d4341d36 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Thu, 28 Jan 2016 19:38:28 -0500 Subject: Add admin field to user table User accounts now have a field to denote whether they are site administrators. The first account created during app initial configuration is an admin automatically. --- app/class/user.class.php | 1 + 1 file changed, 1 insertion(+) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index 6004dc9..9a87b01 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -17,6 +17,7 @@ class User extends Object "key", "salt", "alias", + "admin", "email", "emailConf", "emailConfKey" -- cgit v1.2.3 From 2b6afdd9ef767e1e84c4751c72da6be13d9b4402 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 30 Jan 2016 21:20:41 -0500 Subject: Add functionality to create new User objects User class now has a new function which will take a $username and a $password and use it to initialize itself as well as write new object data to the database. This commit introduces a helper function getKey() (from class User) for creating user object keys by hashing the contatenation of its password and salt. This commit introduces a helper function usernameInUse() (from class User) for ensuring the uniqueness of names amongst user-type objects --- app/class/user.class.php | 54 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index 9a87b01..6bce26c 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -42,6 +42,60 @@ class User extends Object return $users; } + + /* + * Check whether a given username is currently in use + */ + function usernameInUse($username) + { + $escd_username = $this->db->esc($username); + + $query = "SELECT name FROM object WHERE type = 'user' AND name = '" . $escd_username . "'"; + $results = $this->db->query($query); + + if (count($results) > 0) + return true; + + return false; + } + + /* + * Generate a key from a user's password and salt + */ + function getKey($password, $salt) + { + return hash("sha256", $salt . $password); + } + + /* + * Create a new User object with the given username and keyed with the given plain-text password + * This function returns false if $username is already being used + * On success, this object should be initialized as the new user (use only on new User() objects) + */ + function createNewUser($username, $password) + { + if ($this->usernameInUse($username)) + return false; + + /* if there exist no users already, make this new one an admin */ + if (count($this->getAllUsers_orderByName()) == 0) + $this->admin = 1; + + $this->perms = 0; + $this->name = $username; + $this->type = "user"; + $this->salt = $this->getBlob(); + $this->key = $this->getKey($password, $this->salt); + $this->emailConf = 0; + $this->emailConfKey = $this->getBlob(); + + $this->saveObj(); + + $this->owner = $this->guid; + $this->saveObj(); + + return true; + } } ?> -- cgit v1.2.3 From c776b36fd884808435dd1208f0dd9a57216b3927 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Mon, 1 Feb 2016 19:18:55 -0500 Subject: Implement authentication helper functions in User class Added function to initialize a User object by username wrather than GUID. Added function to validate a user-supplied plain-text password for a given user --- app/class/user.class.php | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'app/class/user.class.php') diff --git a/app/class/user.class.php b/app/class/user.class.php index 6bce26c..bd2e174 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -27,6 +27,21 @@ class User extends Object $this->loadObj($guid); } + /* + * Initialize object by username + */ + function initByUsername($username) + { + $query = "SELECT guid FROM object WHERE type = 'user' AND name = '" . $this->db->esc($username) . "'"; + $result = $this->db->query($query); + + if (count($result) == 0) + return false; + + $this->loadObj($result[0]['guid']); + return true; + } + /* * Get all users -- ordered by name, ascending */ @@ -96,6 +111,15 @@ class User extends Object return true; } + + /* + * Validate the password for this user. Returns true if correct, false otherwise + */ + function validatePassword($password) + { + $key = $this->getKey($password, $this->salt); + return $key == $this->key; + } } ?> -- cgit v1.2.3