1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
<?php
require_once "class/object.class.php";
/*
* Application users
*/
class User extends Object
{
/*
* Constructor
*/
function __construct($guid = null)
{
$cols = array(
"guid",
"key",
"salt",
"alias",
"admin",
"email",
"emailConf",
"emailConfKey"
);
parent::__construct("user", $cols);
$this->loadObj($guid);
}
/*
* Initialize object by username
*/
function initByUsername($username)
{
$query = "SELECT guid FROM object WHERE type = 'user' AND name = '" . $this->db->esc($username) . "'";
$result = $this->db->query($query);
if (count($result) == 0)
return false;
$this->loadObj($result[0]['guid']);
return true;
}
/*
* Get all users -- ordered by name, ascending
*/
function getAllUsers_orderByName()
{
$query = "SELECT guid FROM `object` WHERE `type` = 'user' ORDER BY name";
$result = $this->db->query($query);
$users = array();
foreach ($result as $u)
$users[] = new User($u['guid']);
return $users;
}
/*
* Check whether a given username is currently in use
*/
function usernameInUse($username)
{
$escd_username = $this->db->esc($username);
$query = "SELECT name FROM object WHERE type = 'user' AND name = '" . $escd_username . "'";
$results = $this->db->query($query);
if (count($results) > 0)
return true;
return false;
}
/*
* Generate a key from a user's password and salt
*/
function getKey($password, $salt)
{
return hash("sha256", $salt . $password);
}
/*
* Create a new User object with the given username and keyed with the given plain-text password
* This function returns false if $username is already being used
* On success, this object should be initialized as the new user (use only on new User() objects)
*/
function createNewUser($username, $password)
{
if ($this->usernameInUse($username))
return false;
/* if there exist no users already, make this new one an admin */
if (count($this->getAllUsers_orderByName()) == 0)
$this->admin = 1;
$this->perms = 0;
$this->name = $username;
$this->type = "user";
$this->salt = $this->getBlob();
$this->key = $this->getKey($password, $this->salt);
$this->emailConf = 0;
$this->emailConfKey = $this->getBlob();
$this->saveObj();
$this->owner = $this->guid;
$this->saveObj();
return true;
}
/*
* Validate the password for this user. Returns true if correct, false otherwise
*/
function validatePassword($password)
{
$key = $this->getKey($password, $this->salt);
return $key == $this->key;
}
}
?>
|
