1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
<?php
require_once "class/object.class.php";
/*
* Application users
*/
class User extends Object
{
/*
* Constructor
*/
function __construct($guid = null)
{
$cols = array(
"guid",
"key",
"salt",
"alias",
"admin",
"email",
"emailConf",
"emailConfKey"
);
parent::__construct("user", $cols);
$this->loadObj($guid);
}
/*
* Initialize object by username
*/
function initByUsername($username)
{
$query = "SELECT guid FROM object WHERE type = 'user' AND name = '" . $this->db->esc($username) . "'";
$result = $this->db->query($query);
if (count($result) == 0)
return false;
$this->loadObj($result[0]['guid']);
return true;
}
/*
* Get all users -- ordered by name, ascending
*/
function getAllUsers_orderByName()
{
$query = "SELECT guid FROM `object` WHERE `type` = 'user' ORDER BY name";
$result = $this->db->query($query);
$users = array();
foreach ($result as $u)
$users[] = new User($u['guid']);
return $users;
}
/*
* Check whether a given username is currently in use
*/
function usernameInUse($username)
{
$escd_username = $this->db->esc($username);
$query = "SELECT name FROM object WHERE type = 'user' AND name = '" . $escd_username . "'";
$results = $this->db->query($query);
if (count($results) > 0)
return true;
return false;
}
/*
* Generate a key from a user's password and salt
*/
function getKey($password, $salt)
{
return hash("sha256", $salt . $password);
}
/*
* Create a new User object with the given username and keyed with the given plain-text password
* This function returns false if $username is already being used
* On success, this object should be initialized as the new user (use only on new User() objects)
*/
function createNewUser($username, $password)
{
if ($this->usernameInUse($username))
return false;
/* if there exist no users already, make this new one an admin */
if (count($this->getAllUsers_orderByName()) == 0)
$this->admin = 1;
$this->perms = 0;
$this->name = $username;
$this->type = "user";
$this->setPassword($password);
$this->setEmail("");
$this->saveObj();
$this->owner = $this->guid;
$this->saveObj();
return true;
}
/*
* Validate the password for this user. Returns true if correct, false otherwise
*/
function validatePassword($password)
{
$key = $this->getKey($password, $this->salt);
return $key == $this->key;
}
/*
* Overwrite the salt and key for this user, given a new plaintext password
*/
function setPassword($password)
{
$this->salt = $this->getBlob();
$this->key = $this->getKey($password, $this->salt);
}
/*
* Overwrite the emailConfKey and flag, and change user's saved email address
*/
function setEmail($email)
{
$this->email = $email;
$this->emailConf = 0;
$this->emailConfKey = $this->getBlob();
}
/*
* If a user has an alias set, display it instead of their username
*/
function getDisplayName()
{
if ($this->alias != "")
return $this->alias;
return $this->name;
}
}
?>
|
