1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
|
<?php
require_once "class/object.class.php";
/*
* Application users
*/
class User extends Object
{
/*
* Constructor
*/
function __construct($guid = null)
{
$cols = array(
"guid",
"key",
"salt",
"alias",
"admin",
"email",
"emailConf",
"emailConfKey"
);
parent::__construct("user", $cols);
$this->loadObj($guid);
}
/*
* Initialize object by username
*/
function initByUsername($username)
{
$query = "SELECT guid FROM object WHERE type = 'user' AND name = '" . $this->db->esc($username) . "'";
$result = $this->db->query($query);
if (count($result) == 0)
return false;
$this->loadObj($result[0]['guid']);
return true;
}
/*
* Get all users -- ordered by name, ascending
*/
function getAllUsers_orderByName()
{
$query = "SELECT guid FROM `object` WHERE `type` = 'user' ORDER BY name";
$result = $this->db->query($query);
$users = array();
foreach ($result as $u)
$users[] = new User($u['guid']);
return $users;
}
/*
* Get all users -- ordered by admin DESC (admins first), then by name
*/
function getAllUsers_orderByAdminByName()
{
$query = "SELECT o.guid FROM object o JOIN user u ON o.guid = u.guid WHERE o.type = 'user' ORDER BY u.admin DESC, o.name";
$result = $this->db->query($query);
$users = array();
foreach ($result as $u)
$users[] = new User($u['guid']);
return $users;
}
/*
* Check whether a given username is currently in use
*/
function usernameInUse($username)
{
$escd_username = $this->db->esc($username);
$query = "SELECT name FROM object WHERE type = 'user' AND name = '" . $escd_username . "'";
$results = $this->db->query($query);
if (count($results) > 0)
return true;
return false;
}
/*
* Generate a key from a user's password and salt
*/
function getKey($password, $salt)
{
return hash("sha256", $salt . $password);
}
/*
* Create a new User object with the given username and keyed with the given plain-text password
* This function returns false if $username is already being used
* On success, this object should be initialized as the new user (use only on new User() objects)
*/
function createNewUser($username, $password)
{
if ($this->usernameInUse($username))
return false;
/* if there exist no users already, make this new one an admin */
if (count($this->getAllUsers_orderByName()) == 0)
$this->admin = 1;
$this->perms = 0;
$this->name = $username;
$this->type = "user";
$this->setPassword($password);
$this->setEmail("");
$this->saveObj();
$this->owner = $this->guid;
$this->saveObj();
return true;
}
/*
* Validate the password for this user. Returns true if correct, false otherwise
*/
function validatePassword($password)
{
$key = $this->getKey($password, $this->salt);
return $key == $this->key;
}
/*
* Validate the email confirmation key for a user, returns true if correct, false otherwise. On success, $this->emailConf is also set to 1
*/
function confirmEmailKey($key)
{
if ($key != $this->emailConfKey)
return false;
$this->emailConf = 1;
return true;
}
/*
* Overwrite the salt and key for this user, given a new plaintext password
*/
function setPassword($password)
{
$this->salt = $this->getBlob();
$this->key = $this->getKey($password, $this->salt);
}
/*
* Overwrite the emailConfKey and flag, and change user's saved email address
*/
function setEmail($email)
{
$this->email = $email;
$this->emailConf = 0;
$this->emailConfKey = $this->getBlob();
}
/*
* If a user has an alias set, display it instead of their username
*/
function getDisplayName()
{
if ($this->alias != "")
return $this->alias;
return $this->name;
}
/*
* Get the glyphicon to use for this user
*/
function getGlyphicon()
{
if ($this->admin)
return "glyphicon glyphicon-sunglasses";
return "glyphicon glyphicon-user";
}
}
?>
|
