File Source for OCSP_USER.phpclass

<?php
/**
* Class file OCSP_USER.phpclass
*
* @project Open CSP-Management
* @package user
*
* @author Peter Krebs <pitlinz@users.sourceforge.net>
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
* @version pk-03-12-30
* @version $Id: OCSP_USER.phpclass,v 1.28 2008/11/24 23:30:34 pitlinz Exp $
*/
if (!defined('_OCSP_USR_SESSION_TTL_')) define('_OCSP_USR_SESSION_TTL_',600);
if (!class_exists('DBMS_TABLEOBJ'))
if (!class_exists('DBMS_TABLEOBJ'))
{
require_once __OCSP_PHPINCPATH__ . "db" . _OCSP_DIRSEP_ . "DBMS_TABLEOBJ.phpclass";
}
if (!class_exists('OCSP_GROUPTREE'))
{
require_once dirname(__FILE__) . _OCSP_DIRSEP_ . "OCSP_GROUPTREE.phpclass";
}
/**
* handels users
*
* @project Open CSP-Management
* @package user
*
* @author Peter Krebs <pitlinz@users.sourceforge.net>
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
* Version History:
* ------------------------------------------------
* @version pk-03-12-30
* @version pk-08-03-12 (unit of work)
* @version $Id: OCSP_USER.phpclass,v 1.28 2008/11/24 23:30:34 pitlinz Exp $
*
*/
class OCSP_USER
extends DBMS_TABLEOBJ
{
/*** class constants --------------------------------------------- */
/**
* @constant string CLASS_SRC_FILE
*
* @abstract
*/
const CLASS_SRC_FILE = __FILE__;
/*** class variables --------------------------------------------- */
/**
* list of already loaded users
* (unit of work) used in foactory classes
*
* @staticvar array $usrList
*/
static $usrList = array();
/*** class functions --------------------------------------------- */
/**
* outputs the propper login form
*
* tries to get the proper method to output a login form
*
* - $_FILES
* if on or more file uploads are found getHttpLoginForm is used
*
* - SEC_REQ[CONTENTTYPE]
* if isset an ajax call is supposed and the propper
* auth form method is chosen by the content type
*
* - $_GET['SecReq']
* if isset and $_GET['inToDiv'] an jOCSP.load(...) is supposed
* else jOCSP.getScript is supposed
*
* NOTE to avoid missinterpretion always set SEC_REQ['CONTENTTYPE']
* in ajax answers
*
* NOTE do not set SEC_REQ['CONTENTTYPE'] if you have a normal non ajax call
*
*
*
* @param array $secReq
*
* @return boolean
*
*/
static function echoLoginForm($secReq)
{
if (OCSP_CONF::getInstance()->getValue('LOGIN_WWW-AUTH'))
{
return self::getHttpLoginForm();
}
if (sizeof($_FILES))
{
// we have an upload -> send http auth to not have to handle
// the upload file
return self::getHttpLoginForm();
}
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && ($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest'))
{
if (!isset($secReq['CONTENTTYPE']))
{
if (isset($_GET['inToDiv']) && !empty($_GET['inToDiv']))
{
$secReq['CONTENTTYPE']='text/html';
} else {
$secReq['CONTENTTYPE']='text/javascript';
}
}
if (isset($secReq['CONTENTTYPE']))
{
switch($secReq['CONTENTTYPE'])
{
case "text/javascript":
case "text/html":
default:
return self::getHttpLoginForm();
}
}
}
$str_loginUrl = OCSP_OBJ::getConf('LOGINURL');
if (empty($str_loginUrl)) $str_loginUrl = OCSP_OBJ::getConf('SYSTEMURL') . "/tools/login.php";
OCSP_SESSION::getInstance()->setDefaultValue('LOGIN_POST',$_POST);
if (isset($_SERVER['HTTP_REFERER'])) OCSP_SESSION::getInstance()->setDefaultValue('LOGIN_REFERER',$_SERVER['HTTP_REFERER']);
OCSP_SESSION::getInstance()->setValue('LOGIN_ACTION',$_SERVER['REQUEST_URI']);
$str_loginUrl = pcf_HTML_changeURI_GetValue($str_loginUrl,'LOGIN',Null);
if ($debug) echoDebugLine(__FILE__,__LINE__,"<a href=\"$str_loginUrl\">$str_loginUrl</a><pre>".print_r($_SESSION,TRUE)."</pre>");
header("Location: $str_loginUrl");
}
/**
* sets the headers for a http authentication
*
* NOTE: if you use this method logout is currently not available
*
* @return boolean
*/
static function getHttpLoginForm()
{
$str_realm = OCSP_CONF::getInstance()->getValue('LOGIN_REALM');
$str_realm = (empty($str_realm) ? "openCSP Login" : $str_realm);
header("WWW-Authenticate: Basic realm=\"{$str_realm}\"");
header("HTTP/1.0 401 Unauthorized");
return True;
}
static function getJavaScriptLoginForm()
{
// Bust cache in the head
header ("Expires: Mon, 26 Feb 2007 00:00:00 GMT"); // Date in the past
header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
// always modified
header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header ("Pragma: no-cache"); // HTTP/1.0
// set content type
header('Content-Type: text/javascript; charset=utf-8');
}
/**
* compositon ----------------------------------------------------------------
*/
/**
* array of groups the user belongs to directly
* (stored in T_SYS_GROUPMEMBERS);
*
* @var array $myGroups
*/
protected $myGroups = array();
/**
* attributes ----------------------------------------------------------------
*/
/**
* array holding security requirements for the current function
* @var array $curSecReq
*/
protected $curSecReq = array();
// ---------------- DB Attributes -------------------------
/**
* @staticvar string $myTable name of the db table
*/
var $myTable="T_SYS_USER";
/**
* @var string $dbConffile
* @access protected
*/
protected $dbConffile = "";
/**
* @var int $dbConfSeekLoop count loops in self::getDBConfFile()
*/
private $dbConfSeekLoop = 0;
// ---------------- Client Attributes -------------------------
/**
* @var int $myCliId the client id the user belongs to
* @since pk-06-04-19
***/
protected $myCliId=0;
/**
* @var CLIENT $myClient the client object
* @since pk-06-07-21
* @deprecated since pk-08-03-27 (CLIENT -> unit of work)
***/
protected $myClient=NULL;
/**
* array of client id's the user is assigned
*
* @var array $myClientLst
* @since pk-08-03-27
*/
protected $myClientLst = array();
/**
* @var int $myCtyId the client type of the users client
* @since pk-06-07-21
***/
protected $myCtyId=0;
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// constructor / factory
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/**
* constructor
*
* @param boolean $debug
*/
function __construct($debug=False)
{
//$this->init($debug);
}
/**
* factory a userObject
*
* @param int $aId
* @param boolean $debug
*
* @return OCSP_USER
*/
static function &factoryFromId($aId,$debug=False)
{
$obj_ret = Null;
if ($debug) echoDebugMethod(__FILE__,"static","OCSP_USER::factoryFromId($aId)");
if ($aId = intval($aId))
{
if (pcf_is_instance_of(OCSP_USER::$usrList[$aId],'OCSP_USER'))
{
if ($debug) echoDebugLine(__FILE__,__LINE__,"returning already loaded user for {$aId}");
return OCSP_USER::$usrList[$aId];
}
if ($debug) echoDebugLine(__FILE__,__LINE__,"generating new user");
$obj_ret = new OCSP_USER();
$obj_ret->db_SetKey('USR_ID',$aId,$debug);
if ($obj_ret->dbPopulate($debug))
{
OCSP_USER::$usrList[$aId]=$obj_ret;
return OCSP_USER::$usrList[$aId];
}
return $obj_ret;
}
return $obj_ret;
}
/**
* factory a userObject
*
* @param string $lName
* @param boolean $debug
*
* @return OCSP_USER
*/
static function factoryFromLoginName($lName,$debug=False)
{
if (is_array(OCSP_USER::$usrList))
{
foreach(OCSP_USER::$usrList as $aId => &$obj_user)
{
if ($obj_user->getName() == $lName)
{
return $obj_user;
}
}
}
$obj_db = OCSP_OBJ::defaultDBObj('r');
$str_query = "SELECT * FROM " . $this->myTable;
$str_query.= " WHERE USR_LOGIN = " . $obj_db->qs_getSlashedValue($lName);
if ($arr_usr = $obj_db->quickQuery($str_query))
{
OCSP_USER::$usrList[$arr_usr['USR_ID']] = new OCSP_USER();
OCSP_USER::$usrList[$arr_usr['USR_ID']]->setDBRow($arr_user);
return OCSP_USER::$usrList[$arr_usr['USR_ID']];
}
return NULL;
}
/**
* factory a user object from the session
*
* @param boolean $debug
*
* @return OCSP_USER
*/
static function &factoryCurrentFromSession($debug=False)
{
if ($debug) echoDebugMethod(__FILE__,"static","OCSP_USER::factoryCurrentFromSession()");
pcf_require_class('OCSP_SESSION',__OCSP_PHPINCPATH__ . "common" . _OCSP_DIRSEP_ . "OCSP_SESSION.phpclass");
if ($str_class = OCSP_SESSION::getInstance(True)->getValue('USRCLASS'))
{
if (!class_exists($str_class) && ($str_src = OCSP_SESSION::getInstance(True)->getValue('USRCLASSSRC')))
{
require_once $str_src;
} else {
throw new Exception(_OCSP_EXCEP_CLASSNOTFOUND_ . ": " . $str_class);
}
$str_cmd = "\$obj_user = new " . $str_class . "();";
eval($str_cmd);
} else {
$obj_user = new OCSP_USER();
}
if ($debug) echoDebugLine(__FILE__,__LINE__,"USER: <pre> ".print_r($obj_user,True)."</pre>");
$obj_user->sessPopulate($debug);
if (!$obj_user->isPublic())
{
OCSP_USER::$usrList[$obj_user->getId()] = $obj_user;
}
self::$global_currentUser=$obj_user;
return $obj_user;
}
/**
* factory a user object from login + password
*
* @param string $login
* @param string $passwd
* @param string $className
* @param boolean $debug
*
* @return unknown
*/
static function factoryCurrentFromLoginPasswd($login,$passwd,$className=NULL,$debug=False)
{
if ($debug) echoDebugMethod(__FILE__,"static","OCSP_USER::factoryCurrentFromLoginPasswd()");
if (empty($login))
{
return NULL;
}
if (!empty($className) && ($className != 'OCSP_USER'))
{
if (!class_exists($className,True))
{
throw new Exception(_OCSP_EXCEP_CLASSNOTFOUND_ . ":" . $className);
}
$str_cmd = "\$obj_user = new " . $className . "();";
eval($str_cmd);
} else {
$obj_user = new OCSP_USER();
}
if ($debug) echoDebugLine(__FILE__,__LINE__,"<pre>" . print_r($obj_user,True) . "</pre>");
if (!$obj_user->checkPassword(NULL,$login,$passwd,$debug))
{
return NULL;
}
if ($obj_user->isValid($debug) && ($obj_user->isEnabled()))
{
if (!$obj_user->isPublic())
{
OCSP_USER::$usrList[$obj_user->getId()] = $obj_user;
}
self::$global_currentUser = $obj_user;
global $OCSP_OBJ;
if (is_array($OCSP_OBJ))
{
$OCSP_OBJ['USER'] = &self::$global_currentUser;
}
return self::$global_currentUser;
}
return NULL;
}
// ---------------------------------------------------------
// getter/setter
// ---------------------------------------------------------
/**
* returns the user id
*
* @return int
*/
public function getId()
{
return intval($this->getDBField('USR_ID'));
}
/**
* returns the user naem
*
* @return string
*/
public function getName()
{
if ($this->getId())
{
$str_ret = $this->getDBField('USR_NAME');
if (empty($str_ret))
{
return $this->getDBField('USR_LOGIN');
} else {
return $str_ret;
}
} else if ($this->isValid()) {
return "PUBLIC";
}
}
/**
* returns the language id for the user
*
* @return string
*
* @since pk-08-06-02
*/
public function getLang()
{
return $this->getDBField('USR_LANG');
}
/**
* disable a user
*
* @param boolean $debug
* @since pk-05-06-27
*
***/
function disable($debug=False)
{
if ($debug) echoDebugMethod(__FILE__,get_class($this),"OCSP_USER::disable()","USR_ID: ".$this->getId());
if (!$this->isConnected(True))
{
throw new Exception(_OCSP_EXEP_NODBCONN_);
}
$cmd="UPDATE T_SYS_USER SET USR_ENABLED=0 WHERE USR_ID=".$this->getId();
$this->myDBObj->executeCmd($cmd);
if ($this->isCurrent())
{
$this->setDBField('USR_ENABLED',0);
$this->sessSave();
}
}
/**
* enables a user
*
* @param boolean $debug
* @since pk-05-06-27
*
***/
function enable($debug=False)
{
if ($debug) echoDebugMethod(__FILE__,get_class($this),"OCSP_USER::enable()","USR_ID: ".$this->getId());
if (!$this->isConnected(True))
{
throw new Exception(_OCSP_EXEP_NODBCONN_);
}
$cmd="UPDATE T_SYS_USER SET USR_ENABLED=1 WHERE USR_ID=".$this->getId();
$this->myDBObj->executeCmd($cmd);
if ($this->isCurrent())
{
$this->setDBField('USR_ENABLED',1);
$this->sessSave();
}
}
// ---------------------------------------------------------
// db connection methods
// ---------------------------------------------------------
/**
* returns the db-Conffile for the user
*
* @param boolean $useEnv (if True it is tried to find one from the environment)
* @param boolean $debug
*
*
* @return string
* @access public
*
* @since pk-07-06-14
* @version pk-07-06-15
* @version pk-08-06-06
*
*
*/
function getDBConfFile($useEnv=False,$debug=False)
{
if ($debug) echoDebugMethod(__FILE__,get_class($this),"OCSP_USER::getDBConfFile()",$this->dbConffile);
if (!empty($this->dbConffile))
{
if (file_exists(OCSP_CONF::getInstance()->getProjectPath() . $this->dbConffile))
{
return OCSP_CONF::getProjectPath() . $this->dbConffile;
}
if (file_exists($this->dbConffile))
{
return $this->dbConffile;
}
if (file_exists(OCSP_CONF::getInstance()->getProjectConfPath() . $this->dbConffile))
{
return OCSP_CONF::getInstance()->getProjectConfPath() . $this->dbConffile;
}
}
if ($useEnv)
{
pcf_require_class('OCSP_DB',__OCSP_PHPINCPATH__."db/OCSP_DB.phpclass");
if ($str_confFile = OCSP_DB::getMyConfFile(False,True,$debug))
{
$this->dbConffile = str_replace(OCSP_CONF::getInstance()->getProjectPath(),"",$str_confFile);
return $str_confFile;
}
}
return "";
}
/**
* sets the database config file
*
* @param string $confFile
*
* @global array $OCSP_CONF
*
* @since pk-07-09-06
*
* @access public
*/
function setDBConfFile($confFile)
{
$this->dbConffile=str_replace(OCSP_CONF::getInstance()->getValue('PROJECTPATH'),"",$confFile);
}
/**
* returns if the dbObj is connected
*
* @param boolean $autoConnect try to connect
* @param boolean $debug
*
* @return boolean
*
* @since pk-07-05-31
*/
function isConnected($autoConnect=False,$debug=False)
{
if ($debug) echoDebugMethod(__FILE__,get_class($this),"OCSP_USER::isConnected()");
if (!pcf_is_instance_of($this->myDBObj,'OCSP_DB'))
{
if ($autoConnect)
{
try {
$this->dbConnect();
return True;
} catch(Exception $e) {
if ($debug) echoDebugLine(__FILE__,__LINE__,print_r($e,True));
return False;
}
}
} else if (!$this->myDBObj->isConnected()) {
if ($autoConnect)
{
$this->getMyDBObj(False,"",False,$debug);
//$this->myDBObj->connect($this->getDBConfFile(),$this->isPublic(),False,$debug);
}
} else {
return True;
}
return False;
}
/**
* connects to the db
*
* @param boolean $asAdmin
* @param boolean $debug
*
* @global $OCSP_CONF
*
* @return OCSP_DB
*
* @version pk-04-09-28
* @requires __OCSP_PHPINCPATH__."common/pcf_templates.phpinc"
*
***/
function &dbConnect($asAdmin=False,$debug=False) {
if ($debug) echoDebugMethod(__FILE__,get_class($this),"OCSP_USER::dbConnect()");
global $OCSP_CONF;
if (!$this->getMyDBObj(True,"",True,$debug))
{
throw new Exception(_OCSP_EXCEP_NODBCONN_);
}
if (!$this->myDBObj->connect($this->getDBConfFile(),$this->isPublic(),$asAdmin,$debug))
{
throw new Exception(_OCSP_EXCEP_NODBCONN_);
}
return $this->myDBObj;
}
/**
* @param OCSP_DB $aDBObj
* @access public
* @since pk-07-08-20
*/
function setMyDBObj(&$aDBObj)
{
$this->myDBObj=$aDBObj;
}
/**
* loading the db object checks dbtype in the following order
*
* 1st: $OCSP_CONF['DBTYPE']
* 2nd: $_SERVER['DBTYPE']
* 3rd: $GLOBALS['OCSP']['DBTYPE']
* 4th: set to mySQL
*
* and sets $OCSP_CONF['DBTYPE'] if not isset or is empty
*
* @param boolean $withoutConnect (only return the database object)
* @param string $dbConffile
* @param boolean $useGlobal
* @param boolean $debug
*
* @global array $OCSP_CONF
* @global array $OCSP_OBJ
*
* @return OCSP_DB
*
* @access public
*
* @since pk-07-08-20
* @version pk-08-03-14
*
* @todo replace global arrays
*/
function &getMyDBObj($withoutConnect=False,$dbConffile="",$useGlobal=True,$debug=False)
{
if ($debug) echoDebugMethod(__FILE__,get_class($this),"OCSP_USER::getMyDBObj()",($useGlobal ? "use global" : "DON'T use global"));
global $OCSP_CONF,$OCSP_OBJ;
if (!pcf_is_instance_of($this->myDBObj,'OCSP_DB'))
{
if ($useGlobal && pcf_is_instance_of(OCSP_OBJ::defaultDBObj('rw',False),'OCSP_DB'))
{
$this->myDBObj=OCSP_OBJ::defaultDBObj();
} else {
// $debug=True;echoDebugLine(__FILE__,__LINE__,"debug on");
require $this->getDBConfFile(True,$debug);
if (isset($DBCONF['CLASS']) && !empty($DBCONF['CLASS']))
{
if (!class_exists($DBCONF['CLASS']))
{
if (isset($DBCONF['INCLUDE']) && !empty($DBCONF['INCLUDE']))
{
if (!function_exists('pcf_tmpl_parse')) require_once __OCSP_PHPINCPATH__ . "common" . _OCSP_DIRSEP_ . "pcf_templates.phpinc";
$str_include = pcf_tmpl_parse($DBCONF['INCLUDE'],array(),$debug);
if ($debug) echoDebugLine(__FILE__,__LINE__,"DB include: " . $str_include);
require_once $str_include;
}
}
$str_dbClassName = $DBCONF['CLASS'];
} else {
$str_dbClassName = "OCSP_DB_". OCSP_CONF::getDBType();
pcf_require_class($str_dbClassName,__OCSP_PHPINCPATH__ . "db/" . $str_dbClassName . ".phpclass");
}
$str_objCmd = "\$this->myDBObj = new " . $str_dbClassName . "();";
if ($debug)
{
echoDebugLine(__FILE__,__LINE__,"DB-Obj cmd: $str_objCmd");
eval($str_objCmd);
} else {
@eval($str_objCmd);
}
if (!is_object($this->myDBObj)) {
ocsp_logError(__FILE__,__LINE__,"Could not create DB object OCSP_DB_".$OCSP_CONF['DBTYPE'],E_ERROR);
die();
}
//if ($useGlobal) $OCSP_OBJ['USRDB']=&$this->myDBObj;
}
}
if (!$withoutConnect && !$this->myDBObj->isConnected())
{
$this->dbConnect(False,$debug);
}
return $this->myDBObj;
}
// ---------------------------------------------------------
// db row methods
// ---------------------------------------------------------
/**
* touches the user
*
* @param boolean $toDB
* @param boolean $debug
*/
public function touch($toDB=False,$debug=False)
{
if ($int_id = intval($this->getId()))
{
if ($toDB)
{
if (!$this->isConnected(True,$debug))
{
throw new Exception(_OCSP_EXCEP_NODBCONN_);
}
$str_cmd = "UPDATE T_SYS_USER SET USR_LASTLOGIN=" .$this->myDBObj->qs_getNowStmt();
$str_cmd.= " WHERE USR_ID=" . $this->getId();
$this->myDBObj->executeCmd($str_cmd);
}
$this->sessTouch($debug);
}
}
/**
* sets a database row to the object fields
*
* sets each key (=columname) value
*
* if $row['__OCSP_OBJ_VALS__'] isset and an array this values are set as object values
* else if $asPopulated object values are loaded
*
* @param array $row the row form a select * from DBMS_TABLEOBJ::myTable
* @param boolean $asPopulated set populateTS as if the object has been populated
* @param boolean $debug
*
* @returns bool
*
* @since pk-08-03-14
*/
function setDBRow($row,$asPopulated=True,$debug=False)
{
if ($debug) echoDebugMethod(__FILE__,get_class($this),'OCSP_USER::setDBRow()');
if (pcf_is_instance_of($this,'DBMS_TABLEOBJ'))
{
$bol_ret = parent::setDBRow($row,$asPopulated,$debug);
$this->isValid = $asPopulated;
} else {
$bol_ret = False;
}
return $bol_ret;
}
/**
* only saves none public user
*
* @param boolean $debug
*
* @return boolean
*/
function dbSave($debug=False)
{
if ($debug) echoDebugMethod(__FILE__,get_class($this),"OCSP_USER::dbSave()");
if (!$this->isPublic())
{
return parent::dbSave($debug);
} else {
return False;
}
}
/**
* inserts a new row to the table
*
* @param boolean $debug show debug info
*
* @returns int returns the autoIncFld ID if exists or 1 on success
*
* @since pk-08-06-04
*/
function dbInsert($debug=False)
{
$this->setDBField('USR_CREATION',"#NOW");
$this->setDBField('USR_LASTCHANGE',"#NOW");
$this->setDBField('USR_CREATOR',OCSP_OBJ::currentUser()->getId());
return parent::dbInsert();
}
// ---------------------------------------------------------
// db row getter / setter
// ---------------------------------------------------------
/**
* changes the password
*
* @param string $newPassword
*/
function setPassword($newPassword)
{
$this->setDBField('USR_MD5PWD',md5($newPassword));
$str_pwd = OCSP_SESSION::getInstance(False)->encrypt($newPassword,md5($this->getId().$this->getName()));
$this->setDBField('USR_PWD',md5($str_pwd));
}
// ---------------------------------------------------------
// session methods
// ---------------------------------------------------------
/**
* populates a user from the session
*
* @param boolean $debug
*/
protected function sessPopulate($debug=False)
{
if ($debug) echoDebugMethod(__FILE__,get_class($this),"OCSP_USER::sessPopulate()");
if (!class_exists('OCSP_SESSION'))
{
require_once __OCSP_PHPINCPATH__ . "common" . _OCSP_DIR_ . "OCSP_SESSION.phpclass";
}
if ($str_usrData = OCSP_SESSION::getInstance(True)->getValue('CURRENTUSER'))
{
if (md5($str_usrData) != OCSP_SESSION::getInstance(True)->getValue('CURRENTUSERCHK'))
{
throw new Exception(_OCSP_SESSION_ERROR_ . ": User session check failed" );
}
$arr_usrData = unserialize($str_usrData);
if ($debug) echoDebugLine(__FILE__,__LINE__,"\$arr_usrData: <pre>" . print_r($arr_usrData,True) . "</pre>");
if ($arr_usrData['HTTP_USER_AGENT'] != $_SERVER['HTTP_USER_AGENT'])
{
throw new Exception(_OCSP_SESSION_ERROR_ . ": User session check failed" );
}
if (!isset($arr_usrData['ROW']) || !is_array($arr_usrData['ROW']))
{
throw new Exception(_OCSP_SESSION_ERROR_ . ": User data not ok");
}
if (intval($arr_usrData['ROW']['USR_ID']))
{
foreach($arr_usrData['ROW'] as $str_col => $mix_val)
{
$this->{$str_col} = $mix_val;
}
$int_ttl = intval(OCSP_CONF::getInstance()->getValue('SESSION_TTL'));
if ($int_ttl < _OCSP_USR_SESSION_TTL_)
{
$int_ttl = _OCSP_USR_SESSION_TTL_;
}
if ($arr_usrData['LOADTIME'] < (time() - _OCSP_USR_SESSION_TTL_))
{
if ($debug) echoDebugLine(__FILE__,__LINE__,'Session Timed Out');
$this->dbConnect("",False,$debug);
$this->dbPopulate($debug);
$this->populateMyGroups($debug);
//$this->sessSave($debug);
} else {
$this->populateTS=$arr_usrData['LOADTIME'];
$this->myGroups=$arr_usrData['GROUPS'];
$this->myCliId=$arr_usrData['CLI_ID'];
$this->myCtyId=$arr_usrData['CTY_ID'];
}
} else {
$this->setDBField('USR_ID',0,$debug);
}
} else {
$this->setDBField('USR_ID',0,$debug);
}
}
/**
* stores the user to the session
*
* @param boolean $debug
*
* @version pk-08-06-11 store only if $this is current user
*/
public function sessSave($debug=False)
{
if ($debug) echoDebugMethod(__FILE__,get_class($this),"OCSP_USER::sessSave()");
if ($this->getId() == OCSP_OBJ::currentUser()->getId())
{
$arr_usrData = array(
'ROW' => $this->getDBRow(),
'LOADTIME' => $this->populateTS,
'GROUPS' => $this->myGroups,
'CLI_ID' => $this->myCliId,
'CTY_ID' => $this->myCtyId,
//'REMOTE_ADDR' => $_SERVER["REMOTE_ADDR"],
//'REMOTE_PORT' => $_SERVER["REMOTE_PORT"],
'HTTP_USER_AGENT' => $_SERVER["HTTP_USER_AGENT"]
);
$str_usrData = serialize($arr_usrData);
OCSP_SESSION::getInstance()->setValue('CURRENTUSER',$str_usrData);
OCSP_SESSION::getInstance()->setValue('CURRENTUSERCHK',md5($str_usrData));
$this->sessTouch($debug);
}
}
/**
* sets session user timestamp
*
* @param boolean $debug
*/
protected function sessTouch($debug=False)
{
if ($debug) echoDebugMethod(__FILE__,get_class($this),"OCSP_USER::sessTouch()");
if (intval($this->getId()) && ($this->getId() == OCSP_OBJ::currentUser()->getId()))
{
OCSP_SESSION::getInstance(True)->setValue('CURRENTUSERTS',time());
}
}
// ---------------------------------------------------------
// group methods
// ---------------------------------------------------------
/**
* populates the groups from the database (T_SYS_GROUPMEMBER)
*
* @param boolean $debug
*/
public function populateMyGroups($debug)
{
if ($debug) echoDebugMethod(__FILE__,get_class($this),"OCSP_USER::populateMyGroups();");
if (!$this->isConnected(True))
{
throw new Exception(_OCSP_EXCEP_NODBCONN_);
}
if (!$this->isPublic($debug))
{
$str_query = "SELECT * FROM T_SYS_GROUPMEMBER WHERE USR_ID=" . $this->getId();
if ($obj_cursor = $this->myDBObj->query($str_query))
{
while($arr_grp = $obj_cursor->fetchArrayFld())
{
$this->myGroups[$arr_grp['GRP_ID']] = $arr_grp;
}
}
} else {
$this->myGroups[0]=array('GRP_ID' =>0,'GRP_NAME' => "Public");
}
}
/**
* returns the default group of the user
* (GRP_ID in T_SYS_USER)
*
* @return int
*
* @since pk-06-11-14
*
***/
public function getDefaultGroupId()
{
return intval($this->getDBField('GRP_ID'));
}
/**
* returns an array with group id's direct assigned to the user
*
* @param boolean $forceReload (reload the groups from the db)
* @param boolean $debug
*
* @return array
*
* @since pk-08-03-12
*/
public function getDirectAssignedGroups($forceReload=False,$debug=False)
{
if ($debug) echoDebugMethod(__FILE__,get_class($this),"OCSP_USER::getDirectAssignedGroups()");
if ($forceReload || !(sizeof($this->myGroups)))
{
$this->populateMyGroups($debug);
}
if ($debug) echoDebugLine(__FILE__,__LINE__,"OCSP_USER->groups: <pre>" . print_r($this->myGroups,True) . "</pre>");
$arr_ret = array();
$arr_ret[0] = $this->getDefaultGroupId();
foreach($this->myGroups as $arr_grp)
{
if (intval($arr_grp['GRP_ID']) && ($arr_grp['GRP_ID'] != $arr_ret[0]))
{
$arr_ret[] = $arr_grp['GRP_ID'];
}
}
if ($debug) echoDebugLine(__FILE__,__LINE__,"returns: <pre>" . print_r($arr_ret,True) . "</pre>");
return $arr_ret;
}
/**
* returns if the user is a member of $aGroup
*
* @param int $aGrpId
* @param boolean $debug
*
* @return boolean
*
* @version pk-08-07-22
*/
public function isGroupMember($aGrpId,$debug=False)
{
if ($debug) echoDebugMethod(__FILE__,get_class($this),"OCSP_USER::isGroupMember({$aGrpId})");
switch($aGrpId)
{
case _OCSP_GROUP_LOGGEDIN_:
return ($this->isPublic() ? False : True);
case _OCSP_GROUP_PUBLIC_:
return True;
case _OCSP_GROUP_NOTLOGGEDIN_:
return $this->isPublic();
default:
return OCSP_GROUPTREE::getInstance()->userIsMember($aGrpId,$this->getId(),True,$debug);
}
}
/**
* returns a string containing group id's
*
* @param char $sep
* @param boolean $forceReload
* @param boolean $debug
*
* @return string
*
* @version pk-05-03-01
* @version pk-05-09-01
*
* @var $s_Ids
***/
public function getGroups($sep=",",$forceReload=False,$debug=False) {
if ($debug) echo "USER::getGroups($sep,....) (".get_class($this).")<blockquote>\n";
if ($this->isPublic()) {
// user is not logged in no need to check
if ($debug) echo "(NOT LOGGEDIN) Returning: ".$GLOBALS['OCSP_GROUPS']['PUBLIC'].$sep.$GLOBALS['OCSP_GROUPS']['NOTLOGGEDIN']."</blockquote>";
return _OCSP_GROUP_PUBLIC_.$sep._OCSP_GROUP_NOTLOGGEDIN;
}
if ($forceReload || (!is_array($this->myGroups)) || (!sizeof($this->myGroups))) {
$this->populateMyGroups($debug);
}
if ($debug) echo "<pre>".print_r($this->myGroups,True)."</pre>";
if (is_array($this->myGroups)) { // <pk-05-09-20>
$s_ret=implode($sep,array_keys($this->myGroups));
$s_ret.=$sep._OCSP_GROUP_LOGGEDIN_;
} else {
$s_ret=_OCSP_GROUP_LOGGEDIN_;
} // </pk-05-09-20>
if (!isset($this->myGroups[$this->getDefaultGroupId()]))
{
$s_ret .= $sep . $this->getDefaultGroupId();
}
if ($debug) echo "Returns: $s_ret</blockquote>";
return $s_ret;
}
/**
* returns an array with group id's direct assigned to the user where he is admin
*
* @param boolean $forceReload (reload the groups from the db)
* @param boolean $debug
*
* @return array
*
* @since pk-08-03-12
*/
public function getDirectAssignedAdminGroups($forceReload=False,$debug=False)
{
if ($forceReload || !(sizeof($this->myGroups)))
{
$this->populateMyGroups($debug);
}
$arr_ret = array();
foreach($this->myGroups as $arr_grp)
{
if (intval($arr_grp['GRP_ISADMIN']))
{
$arr_ret[] = $arr_grp['GRP_ID'];
}
}
return $arr_ret;
}
/**
* returns if a user is admin
*
* @return boolean
*
* @since pk-04-08-13
***/
public function isAdmin($debug=False) {
if ($debug) echoDebugMethod(__FILE__,get_class($this),"OCSP_USER::isAdmin()");
return $this->isGroupMember(_OCSP_GROUP_ADMIN_,$debug);
}
/**
* returns if the user is group admin
*
* @param int $aGrpId
* @param boolean $debug
*
* @return boolean
*
* @since pk-05-07-07
* @version pk-06-01-18
* @version pk-08-06-12
*/
function isGroupAdmin($aGrpId,$debug=False) {
if ($debug) echoDebugMethod(__FILE__,get_class($this),"USER::isGroupAdmin($aGroup)");
if ($aGrpId < 1) return False;
if ($this->isPublic()) return False;
if ($this->isAdmin($debug)) return True;
return OCSP_GROUPTREE::getInstance()->userIsAdmin($aGrpId,$this->getId(),$debug);
}
/**
* adds the user to $aGrpId
*
* @note this method does only work for self selectable groups
*
* @param int $aGrpId
* @param boolean $debug
*
* @return boolean
*
* @since pk-05-03-02
*
***/
function addToGroup($aGrpId,$ro=False,$asAdmin=False,$debug=False) {
if ($debug) echoDebugMethod(__FILE__,get_class($this),"OCSP_USER::addToGroup($aGrpId)");
return OCSP_GROUPTREE::getInstance()->addUserToGroup($this->getId(),$aGrpId,$ro,$asAdmin,$debug);;
}
/**
* remove the user from $aGrpId
*
* @note this method does only work for self selectable groups
*
* @param int $aGrpId
* @param boolean $debug
*
* @return boolean
*
* @since pk-05-03-02
*
***/
function removeFromGroup($aGrpId,$debug=False) {
if ($debug) echoDebugMethod(__FILE__,get_class($this),"OCSP_USER::removeFromGroup($aGrpId,....)");
return OCSP_GROUPTREE::getInstance()->removeUserFromGroup($this->getId(),$aGrpId);
}
// ---------------------------------------------------------
// user check methods
// ---------------------------------------------------------
/**
* checks username and password and setts $this->user if ok
*
* @param DBOBJ $dbObj
* @param string $aName
* @param string $aPasswd
* @param boolean $debug
*
* @return boolean
*
* @since pk-06-03-15
* @version pk-07-02-22 check table version
* @version pk-07-06-15
* @version pk-08-03-14
*/
function checkPassword($dbObj,$aName,$aPasswd,$debug=False)
{
if ($debug) echoDebugMethod(__FILE__,get_class($this),"OCSP_USER::checkPassword()");
if (!pcf_is_instance_of($dbObj,'OCSP_DB'))
{
if (!$this->isConnected(True,$debug))
{
throw new Exception(_OCSP_EXCEP_NODBCONN_ . ": for checking username and password");
}
$dbObj = $this->myDBObj;
} else {
if (!$dbObj->isConnected() && (!$dbObj->connect($this->getDBConfFile(True,$debug),False,False,$debug)))
{
throw new Exception(_OCSP_EXCEP_NODBCONN_ . ": for checking username and password");
}
}
$str_query = "SELECT * FROM T_SYS_USER ";
$str_query.= " WHERE TRIM(UPPER(USR_LOGIN)) = ".$dbObj->qs_getSlashedValue(strtoupper(trim($aName)));
$str_query.= " AND USR_MD5PWD = ".$dbObj->qs_getSlashedValue(md5($aPasswd));
// if ($debug) echoDebugLine(__FILE__,__LINE__,"" . $str_query . "");
if ($arr_row = $dbObj->quickQuery($str_query))
{
$this->setDBRow($arr_row,True,$debug);
$this->sessSave($debug);
return True;
}
if (pcf_is_instance_of($dbObj,'OCSP_DB_mySQL'))
{
// convert old style mysql passwords
$str_query = "SELECT * FROM T_SYS_USER ";
$str_query.= " WHERE TRIM(UPPER(USR_LOGIN) = ".$dbObj->qs_getSlashedValue(strtoupper(trim($aName)));
$str_query.= " AND USR_MD5PWD <> ".$dbObj->qs_getSlashedValue(md5($aPasswd));
$str_query.= " AND (USR_PWD = PASSWORD(" . $dbObj->qs_getSlashedValue($aPasswd) . ")";
if ($arr_row = $dbObj->quickQuery($str_query))
{
$str_cmd = "UPDATE T_SYS_USER SET USR_MD5PWD = ".$dbObj->qs_getSlashedValue(md5($aPasswd));
$str_cmd.= " WHERE USR_ID=".intval($arr_row['USR_ID']);
$dbObj->executeCmd($str_cmd);
$this->setDBRow($arr_row,True,$debug);
$this->sessSave($debug);
return True;
}
}
return False;
}
/**
* returns if the user is public or is a logined user
*
* as this function is called durring the dbConnection cal
* you MUST not use $this->getDBField() method here this
* will lead to an endless loop.
*
* a user is public if no login name is set
* @param boolean $debug
*
* @return boolean
*
* @since pk-05-07-28
* @version pk-08-06-02
* @version pk-08-06-11 don't use $this->getDBField() => endless loop
*/
function isPublic($debug=False) {
if ($debug) echoDebugMethod(__FILE__,get_class($this),"OCSP_USER::isPublic()");
$str_login=(isset($this->USR_LOGIN) ? $this->USR_LOGIN : "");
if(empty($str_login))
{
return True;
}
if (isset($this->USR_ID) && intval($this->USR_ID))
{
return False;
} else {
return True;
}
}
/**
* @return boolean
*/
function isValid($debug=False)
{
if ($debug) echoDebugMethod(__FILE__,get_class($this),"OCSP_USER::isValid()","Return: ".($this->isValid ? "True" : "False"));
if ($this->isPublic($debug))
{
return True;
}
return ($this->populateTS > 0);
}
/**
* returns if the user is enabled by default
*
* NOTE: does not check current page settings
*
* @param $debug
* @return boolean
*/
function isEnabled($debug=False)
{
if ($debug) echoDebugMethod(__FILE__,get_class($this),"OCSP_USER::isEnabled()");
if ($this->isPublic($debug))
{
return True;
}
return (intval($this->getDBField('USR_ENABLED')) ? True : False);
}
/**
* merges $secReq with $this->curSecReq
*
* @param array $secReq
*/
function setSecRequireArr($secReq)
{
if (is_array($secReq))
{
$this->curSecReq = array_merge($this->curSecReq,$secReq);
}
}
/**
* checks the user against a merge of $this->curSecReq and $addSecReq
*
* @param array $addSecReq
*
* @return boolean
*
* @since pk-06-08-15
*
*/
function isAllowed($addSecReq=NULL,$debug=False)
{
if ($debug) echoDebugMethod(__FILE__,get_class($this),"OCSP_USER::isAllowed()");
if (is_array($addSecReq))
{
$arr_secReq = array_merge($this->curSecReq,$addSecReq);
} else {
$arr_secReq = $this->curSecReq;
}
if (isset($arr_secReq['PUBLIC']) && $arr_secReq['PUBLIC'])
{
return True;
} else if ($this->isPublic($debug)) {
return False;
}
if (!$this->isEnabled($debug))
{
return False;
}
if (isset($arr_secReq['USER']) && intval($arr_secReq['USER']))
{
if ($this->getId() != intval($arr_secReq['USER']))
{
return False;
}
}
if (isset($arr_secReq['DEFAULTGROUP']) && intval($arr_secReq['DEFAULTGROUP']))
{
if (intval($arr_secReq['DEFAULTGROUP']) != $this->getDefaultGroupId())
{
return False;
}
}
if (isset($arr_secReq['GROUP']))
{
$obj_grpTree = OCSP_GROUPTREE::getInstance();
if (!$obj_grpTree->userIsMember(intval($arr_secReq['GROUP']),$this->getId(),True,$debug))
{
return False;
}
}
if (isset($arr_secReq['GROUPADMIN']))
{
$obj_grpTree = OCSP_GROUPTREE::getInstance();
if (!$obj_grpTree->userIsAdmin(intval($arr_secReq['GROUP']),$this->getId(),$debug))
{
return False;
}
}
if (isset($arr_secReq['GROUPWRITE']))
{
$obj_grpTree = OCSP_GROUPTREE::getInstance();
if (!$obj_grpTree->userIsAdmin(intval($arr_secReq['GROUPWRITE']),$this->getId(),$debug))
{
if (!isset($this->myGroups[intval($arr_secReq['GROUPWRITE'])]))
{
return False;
} else {
if (intval($this->myGroups[intval($arr_secReq['GROUPWRITE'])]['GRP_READONLY']))
{
return False;
}
}
}
}
if (isset($arr_secReq['IP']) && !empty($arr_secReq['IP']))
{
if ($_SERVER['REMOTE_ADDR'] != $arr_secReq['IP'])
{
return False;
}
}
// all checks passed successfully
return True;
}
/**#@+
* old methods
* @dprecated since pk-08-03-14
*/
/**
* deletes a user
*
* @param boolean $debug
*
* @return boolean False if the current user has not enough rights to do this
*
* @since pk-06-10-04
*
***/
function deleteUser($debug=False) {
if ($debug) echoDebugMethod(__FILE__,get_class($this),"USER::deleteUser(".$this->userId.")");
if ($this->userId == $$GLOBALS['OCSP_OBJ']['USER']->getId()) return False; // user can not delete himself
if (!$$GLOBALS['OCSP_OBJ']['USER']->isAdmin()) {
if (!$$GLOBALS['OCSP_OBJ']['USER']->canEditUser($this->getId())) return False;
}
$s_cmd="DELETE FROM T_CLI_USER WHERE USR_ID=".$this->getId();
if ($debug) echo "$s_cmd";
$GLOBALS['OCSP_OBJ']['USRDB']->executeCmd($s_cmd);
$s_cmd="DELETE FROM T_SYS_GROUPMEMBER WHERE USR_ID=".$this->getId();
if ($debug) echo "$s_cmd";
$GLOBALS['OCSP_OBJ']['USRDB']->executeCmd($s_cmd);
$s_cmd="DELETE FROM T_SYS_USER WHERE USR_ID=".$this->getId();
if ($debug) echo "$s_cmd";
$GLOBALS['OCSP_OBJ']['USRDB']->executeCmd($s_cmd);
return True;
}
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
//
// user / group checks
//
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/**
* returns an array of GRP_ID's where the user is admin
*
* @param boolean $strict only direct assigned groups
* @param boolean $idsOnly return an array with group ids only
* @param boolean $debug
*
* @return array
*
* @version pk-08-06-05
*/
function getAdminGroups($strict=False,$keysOnly=True,$debug=False)
{
if ($debug) echoDebugMethod(__FILE__,get_class($this),"OCSP_USER::getAdminGroups()");
$obj_grpTree = OCSP_GROUPTREE::getInstance();
$arr_grps = $obj_grpTree->getUserGroupTreeArray($debug);
$arr_ret = array();
foreach($arr_grps as $int_grpId => $arr_grpNode)
{
if ($arr_grpNode['ADMIN'])
{
if (!isset($arr_ret[$int_grpId]))
{
$arr_ret[$int_grpId] = $arr_grpNode['ROW'];
if ($arr_children = $obj_grpTree->getAllChildGroups($int_grpId,$arr_ret,$debug))
{
foreach($arr_children as $int_childId => $arr_row)
{
$arr_ret[$int_childId] = $arr_row;
}
}
}
}
}
if ($keysOnly)
{
return array_keys($arr_ret);
} else {
return $arr_ret;
}
}
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
//
// Database Methods
//
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/**
* opens a connection to the database and checks username and password
*
* if username and password don't match the connection is closed
* else the connection is assigned to $GLOBALS['OCSP_OBJ'][$this->gDBIDX]
*
* sets:
* - isValid
* - isAdmin
*
* @params string $aName
* @params string $aPasswd (clear text)
* @params string $aConffile (database conf file to include)
* @params boolean $asAdmin (user is admin)
* @params boolean $debug
*
* @return boolean
*
* @version pk-04-09-29
* @version pk-05-06-27
* @version pk-05-10-28 $GLOBALS['OCSP']['USR_LOGIN_SHORTENTO'] added
*
* @deprecated since pk-08-03-14
*/
function login($aName,$aPasswd,$aConffile=NULL,$asAdmin=False,$debug=False) {
if ($debug) echoDebugMethod(__FILE__,get_class($this),"OCSP_USER::login($aName,*********,$aConffile,$asAdmin,$debug)");
$this->isValid=False;
$this->isAdmin=False;
$this->isCurrentUser=True; // <pk-07-06-01 />
if (!empty($aConffile)) {$this->dbConffile=$aConffile;}
if (!($dbObj=$this->dbConnect($asAdmin,$debug))) {
if (!empty($GLOBALS['OCSP']['LOGINLOGFILE'])) {
if ($fp=fopen($GLOBALS['OCSP']['LOGINLOGFILE'],"a")) {
fwrite($fp,date("y-m-d H:i:s",time())." --->NO DB<---\n");
fclose($fp);
}
}
if ($debug) ocsp_logError(__FILE__,__LINE__,"NO Database Conffile");
return False;
}
if (isset($GLOBALS['OCSP']['USR_LOGIN_SHORTENTO']) && intval($GLOBALS['OCSP']['USR_LOGIN_SHORTENTO'])) { // <pk-05-10-28>
// this is usefull if some other db fields like EMAIL are used to
// identify the user
// if this is set $aName's largen then $GLOBALS['OCSP']['USR_LOGIN_SHORTENTO']
// are cut at the max position
$aName=substr($aName,0,$GLOBALS['OCSP']['USR_LOGIN_SHORTENTO']);
} // </pk-05-10-28>
if (!$this->checkPassword($dbObj,$aName,$aPasswd,$debug)) {
$query2 ="SELECT *, PASSWORD(".$dbObj->qs_getPassword($aPasswd).") AS PWD,OLD_PASSWORD(".$dbObj->qs_getSlashedValue($aPasswd).") AS OLD_PWD FROM T_SYS_USER ";
$query2.=" WHERE UPPER(USR_LOGIN) LIKE UPPER(".$dbObj->qs_getSlashedValue(strtoupper($aName)).")";
if ($debug) echoDebug(__FILE__,"Login Query:".str_replace($aPasswd,"*******",$query2)."\n");
if ($user=$dbObj->quickQuery($query2)) {
if ($user['PWD'] != $user['USR_PWD']) {
if (!empty($GLOBALS['OCSP']['LOGINLOGFILE'])) {
if ($fp=fopen($GLOBALS['OCSP']['LOGINLOGFILE'],"a")) {
fwrite($fp,date("y-m-d H:i:s",time())." --->".$query."<---\n");
fwrite($fp,"\t\tDBCONFFILE: ".$this->dbConffile."\n");
fwrite($fp,"\t\tDATABASE: ".$dbObj->myDB."\n");
fwrite($fp,"\t\t$query2\n");
fwrite($fp,"\t\tQ2_PWD: -->".$user['PWD']."<-->".$user['USR_PWD']."<--\n");
fclose($fp);
}
}
$dbObj->disconnect();
return False;
} else {
$this->user=$user;
}
} else {
if (!empty($GLOBALS['OCSP']['LOGINLOGFILE'])) {
if ($fp=fopen($GLOBALS['OCSP']['LOGINLOGFILE'],"a")) {
fwrite($fp,date("y-m-d H:i:s",time())." --->".$query."<---\n");
fwrite($fp,"\t\tDBCONFFILE: ".$this->dbConffile."\n");
fwrite($fp,"\t\tDATABASE: ".$dbObj->myDB."\n");
fwrite($fp,"\t\t$query2\n");
fwrite($fp,"\t\tQ2_PWD: -->".$user['PWD']."<-->".$user['USR_PWD']."<--\n");
fclose($fp);
}
}
$dbObj->disconnect();
return False;
}
}
if ($debug) echoDebugLine(__FILE__,__LINE__,"User is ok");
$this->userName=$this->user['USR_LOGIN'];
$this->userId =$this->user['USR_ID'];
$this->dbConffile = $this->user['USR_DBCONFFILE'];
$this->isValid =True;
if (($asAdmin) && (!$this->isAdmin)) {
if ($debug) {echo "<pre>";print_r($this->groups);echo"</pre>";}
// reconnect to not grant admin right to the scripts
// if user ist not an admin
$dbObj->disconnect();
if (!($dbObj=$this->dbConnect())) return False;
}
if (!$this->loadGroups($debug)) return False;
$this->isAdmin=(is_array($this->groups[_OCSP_GROUP_ADMIN_]) ? True : False);
if ($this->populateUser()) {
//$this->isValid=True;
$cmd="UPDATE T_SYS_USER SET USR_LASTLOGIN=".$dbObj->qs_getNowStmt();
if (isset($user['USR_LASTCHANGE']) && (doubleval($user['USR_LASTCHANGE']))) {
// don't overwrite last change column
$cmd.=" ,USR_LASTCHANGE=".$dbObj->qs_getSlashedValue($user['USR_LASTCHANGE']);
}
$cmd.=" WHERE USR_ID=".$this->userId;
$dbObj->executeCmd($cmd);
$this->setSession($debug);
} else {
$this->isValid=False;
}
if ($debug) echoDebug(__FILE__,"Returning ".($this->isValid ? "True" : "False" )." Line:".__LINE__."");
return $this->isValid;
}
/**
* logsout the current user
*
*
@param boolean $debug
*
* @since pk-04-09-28
*
***/
function logout($debug=False) {
if ($debug) echo "USER::logout(...) (".get_class($this).")";
$this->userName=NULL;
$this->setDBField('USR_ID',0);
$this->isAdmin=False;
$this->clearSession($debug);
}
####################
####################
/**
* shows the login screen and returns to the current page
*
* @param int $method (OCSP_AUTH_xxxx)
* @param string $form
*
* @todo only OCSP_AUTH_HTTP implemented
*
*/
function loginScreen($method=OCSP_AUTH_HTTP,$form="") {
if (empty($GLOBALS['OCSP']['REALM'])) $GLOBALS['OCSP']['REALM'] = $_SERVER['SERVER_NAME']." ".$_SERVER['REQUEST_URI'];
switch($method)
{
case OCSP_AUTH_HTTP:
default:
header("WWW-Authenticate: Basic realm=\"". $GLOBALS['OCSP']['REALM']."\"");
header("HTTP/1.0 401 Unauthorized");
break;
}
}
function checkGroup($aGroup,$withWrite=False,$isAdmin=False) {
if ($isAdmin) {
if ($aGroup==0) return $this->isGroupMember($GLOBALS['OCSP']['GROUPS']['ADMIN']);
else return $this->groups[$aGroup]['GRP_ISADMIN'];
} else if ($withWrite) {
if ($aGroup==0) return True;
else return ($this->groups[$aGroup]['GRP_READONLY'] ? False : True);
} else {
return $this->isGroupMember($aGroup);
}
}
function checkRights($rights) {
if (!is_array($this->groups)) return False;
reset($this->groups);
while(list($key,$val)=each($this->groups)) {
if ($val['GRP_RIGHTS'] >= $rights)
return True;
}
return False;
}
/**
* checks security requirements
*
* @param array $SEC_REQ
* @param bool $debug
*
* @return bool
*
* @version pk-04-09-28
* @version pk-04-10-14
* @version pk-05-03-17
* @version pk-06-07-03
* @version pk-06-07-23 checking SEC_REQ[GROUP|GROUPWRITE] changed to avoid warnings
* @version pk-06-08-15 $SEC_REQ['USER'] added
*
***/
function checkSEC_REQ($SEC_REQ,$debug=False) {
}
/**
* not final use override this method to populate the additionl
* user data
*
* @param bool $debug
*
* @return bool
*
***/
function populateUser($debug=False) {
return True;
}
// ----------------------------------------------------------------------------
// other user functions
// ----------------------------------------------------------------------------
/**
* returns if this user can see an other user (is in the same group)
*
* @param int $usrId
* @param boolean $debug
*
* @return boolean
*
* @since pk-06-12-17
*
***/
function canShowUser($usrId,$debug=False) {
if ($debug) echoDebugMethod(__FILE__,get_class($this),"USER::canShowUser($usrId)");
if (!intval($usrId)) return False; // nobody kann edit public as it is (should not be) not stored in the db
if ($this->isAdmin()) return True; // admin is always allowed
$s_query ="SELECT COUNT(*) FROM T_SYS_GROUPMEMBER g1 JOIN T_SYS_GROUPMEMBER g2 USING(GRP_ID)";
$s_query.=" WHERE g1.USR_ID=".intval($usrId);
$s_query.=" AND g2.USR_ID=".$this->getId();
if (intval($GLOBALS['OCSP_OBJ']['USRDB']->quickQuery($s_query,0))) {
return True;
} else {
return False;
}
}
/**
* returns if this user has the right to edit another user
* with id $usrId
*
* @param mixed $user (integer or OCSP_USER)
* @param boolean $debug
*
* @return boolean
*
* @since pk-06-01-18
* @version pk-08-03-12
*
*/
function canEditUser($user,$debug=False) {
if ($debug) echoDebugMethod(__FILE__,get_class($this),"USER::canEditUser($usrId)");
if (pcf_is_instance_of($user,'OCSP_USER'))
{
$usrId = $user->getId();
} else {
$usrId = intval($user);
}
if (!intval($usrId)) return False; // nobody kann edit public as it is (should not be) not stored in the db
if ($this->isAdmin()) return True; // admin is always allowed
$s_query ="SELECT COUNT(*) FROM T_SYS_GROUPMEMBER g1 JOIN T_SYS_GROUPMEMBER g2 USING(GRP_ID)";
$s_query.=" WHERE g1.USR_ID=".intval($usrId);
$s_query.=" AND g2.USR_ID=".$this->getId();
$s_query.=" And g2.GRP_ISADMIN=1";
if (intval($this->myDBObj->quickQuery($s_query,0))) {
return True;
} else {
return False;
}
}
// ----------------------------------------------------------------------------
// client functions
// ----------------------------------------------------------------------------
/**
* returns if myCliIDTS is ok (means not outdated)
*
* @return boolean
*
* @since pk-06-07-21
*
***/
function check_myCliIDTS() {
return ($this->myCliIDTS > (time()-ini_get('max_execution_time')));
}
/**
* returns an array of client id's the user is assigned to
*
* @param int $ctyId
* @param boolean $forceReload
* @param boolean $debug
*
* @return array
*/
public function getmyClientIds($ctyId=0,$forceReload=False,$debug=False)
{
if ($debug) echoDebugMethod(__FILE__,get_class($this),"OCSP_USER::getmyCleintLst(" . $ctyId . ")");
if (!$forceReload && sizeof($this->myClientLst))
{
if (!intval($ctyId))
{
return array_keys($this->myClientLst);
} else {
$arr_ret = array();
foreach($this->myClientLst as $int_id => $arr_data)
{
if (intval($arr_data['CTY_ID']) == intval($ctyId))
{
$arr_ret[]=$int_id;
}
}
return $arr_ret;
}
}
if (!$this->isConnected(True))
{
throw new Exception(_OCSP_EXCEP_NODBCONN_);
}
$arr_filter = array(
'?CLI_ID' => "CLI_ID IN (SELECT CLI_ID FROM T_CLI_USER WHERE USR_ID=" . $this->getId() .")"
);
$this->myClientLst = array();
if ($arr_clients = $this->myDBObj->getArray('T_CLI_CLIENT',$arr_filter))
{
foreach($arr_clients as $arr_row)
{
$this->myClientLst[$arr_row['CLI_ID']] = array(
'CLI_NAME1' => $arr_row['CLI_NAME1'],
'CTY_ID' => $arr_row['CTY_ID'],
'CLS_ID' => $arr_row['CLS_ID']
);
}
if (!intval($ctyId))
{
return array_keys($this->myClientLst);
} else {
return $this->getmyClientIds($ctyId,False,$debug);
}
}
return array();
}
/**
* returns if the user has the right to view a client's data
*
* @param int $cliId
* @param boolean $debug
*
* @return boolean
*
* @since pk-06-09-08
***/
function canShowClient($cliId,$debug=False) {
if ($debug) echo "USER::canShowClient($cliId) (".get_class($this).")\n";
if ($this->getCliId() == $cliId) return True;
return $this->isGroupMember($GLOBALS['OCSP_GROUPS']['CLIENT-ADMIN']);
}
/**
* returns if the user has the right to edit a client
*
* @param int $cliId
* @param boolean $debug
*
* @return boolean
*
* @since pk-05-09-23
***/
function canEditClient($cliId,$debug=False) {
if ($debug) echo "USER::canEditClient($cliId) (".get_class($this).")\n";
if ($this->getCliId() == $cliId) return True;
if ($this->isGroupMember($GLOBALS['OCSP_GROUPS']['CLIENT-ADMIN'])) return True;
$s_query="SELECT CLU_ISADMIN FROM T_CLI_USER WHERE CLI_ID=".intval($cliId)." AND USR_ID=".$this->getId();
if (intval($GLOBALS['OCSP_OBJ']['USRDB']->quickQuery($s_query,0))) return True;
return False;
}
/**
* returns the client id from T_CLI_USER
*
* @param boolean $debug
* @param boolean $forceReload
*
* @return int
*
* @since pk-04-10-14
* @version pk-05-12-11 bugfix returns null -> 0
* @version pk-06-04-19 use $this->myCliId[TS]
*
***/
function getCliId($debug=False,$forceReload=False) {
if ($debug) echoDebugMethod(__FILE__,get_class($this),"USER::getCliId",($forceReload ? "DO RELOAD" : ""),0);
if (!$forceReload && (intval($this->myCliId)) && ($this->check_myCliIDTS())) {
return $this->myCliId;
}
$query="SELECT CLI_ID FROM T_CLI_USER WHERE USR_ID=".$this->getId();
if ($debug) echo "<blockquote>$query</blockquote>";
if ($this->myCliId=intval(OCSP_OBJ::defaultReadDBObj()->quickQuery($query,0,0))) {
$this->myCliIDTS=time();
}
if (is_object($this->myClient)) { // we have to repopulate the clientobject to ensure it's the right one
$this->myClient->setId($this->myCliId); // ensure we have the right ID
$this->myClient->populate(); // reload the object values from the database
}
return $this->myCliId;
}
/**
* sets the client id and generates a row in T_CLI_USER
*
* @param int $cliId
* @param boolean $overwrite remove all rows for the user in T_CLI_USER
* @param boolean $debug
*
* @since pk-05-10-19
*
* @version pk-06-04-19
*
***/
function setCliId($cliId,$overwrite=True,$debug=False) {
if($debug) echo "USER::setCliId($cliId,".($overwrite ? "REPLACE" : "INSERT").") (".get_class($this).")";
if (!intval($cliId)) return False;
if ($overwrite) {
$s_cmd="DELETE FROM T_CLI_USER WHERE USR_ID=".$this->getId();
if ($debug) echo "<blockquote>$s_cmd</blockquote>";
$GLOBALS['OCSP_OBJ']['USRDB']->executeCmd($s_cmd);
}
$s_cmd="INSERT INTO T_CLI_USER (USR_ID,CLI_ID) VALUES(".$this->getId().",".intval($cliId).")";
if ($GLOBALS['OCSP_OBJ']['USRDB']->executeCmd($s_cmd)) {
// <pk-06-04-19 />
$this->myCliId=$cliId;
$this->myCliIDTS=time();
return True;
}
return False;
}
/**
* returns a client object for the first client found for the user
* @param bool $debug
*
* @global array $OCSP_CONF
*
* @return CLIENT
*
* @version pk-06-04-19
*
***/
function &getClient($debug=False) {
if ($debug) echo "USER::getClient($debug)";
if (is_object($this->myClient) && ($this->myClient->getId()==$this->myCliId)) { // we already have the object loaded
return $this->myClient;
}
if ($cliId=$this->getCliId($debug)) {
require_once __OCSP_DEFAULTCONFPATH__."client.conf.phpinc";
require_once $GLOBALS['CLIENT']['PHPINCPATH']."CLIENT.phpclass";
$this->myClient=new CLIENT(intval($cliId),$debug);
if (!$this->myClient->getPopulateTS()) {
return NULL;
} else {
$this->myCtyId=$this->myClient->getTypeId();
return $this->myClient;
}
}
return NULL;
}
/**
* returns the staff assigned to the user
*
* @param boolean $debug
*
* @return CLI_STAFF
*
* @since pk-08-03-02
*/
function getStaff($debug=False)
{
if ($debug) echoDebugMethod(__FILE__,get_class($this),"OCSP_USER::getStaff()");
// @todo inline SQL
$str_query = "SELECT * FROM T_CLI_STAFF WHERE CST_ID IN (SELECT CST_ID FROM T_CLI_USER WHERE USR_ID=" . $this->getId() . ")";
if ($arr_staffRow = $this->myDBObj->quickQuery($str_query))
{
if (!class_exists('CLI_STAFF'))
{
require_once __OCSP_PHPINCPATH__ . "client" . _OCSP_DIRSEP_ . "CLI_STAFF.phpclass";
}
return CLI_STAFF::factoryFromRow($arr_staffRow,$debug);
}
return NULL;
}
// client type functions -------------------------------------
/**
* returns the client type id of the users client
* or False if no client could be found
*
* @param boolean $debug
* @param boolean $foreachReload or use cache (session) if available
*
* @since pk-06-07-21
*
***/
function getCliTypeId($debug=False,$forceReload=False) {
if ($debug) echoDebugMethod(__FILE__,get_class($this),"USER::getCliTypeId()");
if ($forceReload || (!intval($this->myCliId))) { // load the client
$this->getCliId($debug,$forceReload);
}
// check if we already have a clientobject loaded
if (is_object($this->myClient) && ($this->myClient->getId()==$this->myCliId)) {
$this->myCtyId=$this->myClient->getTypeId();
return $this->myCtyId;
}
if ($this->check_myCliIDTS() && intval($this->myCtyId)) { // we asume the current value as ok
return $this->myCtyId;
}
// get the clientId without forceing a reload as this is done earlier
if (!intval($this->getCliId($debug,False))) {
// the user belongs to no client return False
return False;
}
$s_query="SELECT CTY_ID FROM T_CLI_CLIENT WHERE CLI_ID=".$this->myCliId;
$this->myCtyId=$GLOBALS[$this->get_gDBIDX()]->quickQuery($s_query);
return $this->myCtyId;
}
/**
* checks if the user can show users of a type
* returns always True to the type the users client is
*
* if the type exists the columns
*
* checks if the user is in the show or admin group of the clienttype
*
* @param int $ctyId
* @param boolean $debug
*
* @return boolean
***/
function canListClientType($ctyId,$debug=False) {
if ($debug) echoDebugMethod(__FILE__,get_class($this),"USER::canListClientType()");
if ($this->isAdmin()) return True; // no need to check because isGroupMember will return True
$s_query="SELECT FROM T_CLI_TYPE WHERE CTY_ID=".$ctyId;
if ($a_cty=$GLOBALS[$this->get_gDBIDX()]->query($s_query)) {
if ($this->isGroupMember($a_cty['CTY_ADMIN'])) return True;
if ($this->isGroupMember($a_cty['CTY_EDITGROUP'])) return True;
if ($this->isGroupMember($a_cty['CTY_SHOWGROUP'])) return True;
return False; // user is not member of relevant group and we do not want users can see other clients of theire group
} else {
return ($ctyId==0); // return True for none specified type
}
}
/**
* checks if the user has admin rights for a client
* User is group member of CLIENT_ADMIN or T_CLI_USER CLU_ISADMIN is True
*
* uses the array ($this->isCliAdminBuffer to buffer results)
*
* @param int $cliId if 0 $this->getCliId() is called
* @param boolean $debug
*
* @return boolen
*
* @since pk-06-09-15
*
***/
function isClientAdmin($cliId=0,$debug=False) {
if ($debug) echoDebugMethod(__FILE__,get_class($this),"USER::isClientAdmin");
if ($this->isAdmin()) return True;
if ($this->isGroupMember('CLIENT-ADMIN')) return True;
if (!intval($cliId)) $cliId=$this->getCliId();
if (!isset($isCliAdminBuffer[$clientId])) {
$s_query ="SELECT CLU_ISADMIN FROM T_CLI_USER ";
$s_query.=" WHERE CLI_ID=".intval($cliId)." AND USR_ID=".$this->getId();
if ($s_res=$GLOBALS[$this->get_gDBIDX()]->queryArray($s_query,0)) {
$isCliAdminBuffer[intval($cliId)]=(intval($s_res) ? True : False);
} else {
$isCliAdminBuffer[intval($cliId)]=False;
}
}
return $isCliAdminBuffer[intval($cliId)];
}
/**
* checks if the user is staff of a client
*
*
* uses the array ($this->isCliAdminBuffer to buffer results)
*
* @param int $cliId if 0 $this->getCliId() is called
* @param boolean $debug
*
* @return boolen
*
* @since pk-06-10-11
*
***/
function isClientStaff($cliId=0,$debug=False) {
if ($debug) echoDebugMethod(__FILE__,get_class($this),"USER::isClientStaff()");
if (!intval($cliId)) {
return (intval($this->getCliId()) ? True : False);
}
if ($this->getCliId()==$clientId) return True;
$s_query="SELECT COUNT(*) FROM T_CLI_USER WHERE USR_ID=".$this->getId()." AND CLI_ID=".intval($cliId);
return (intval($GLOBALS['OCSP_OBJ']['USRDB']->quickQuery($s_query,0)) ? True : False);
}
/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
/* Profile methods */
/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
/**
* stores profile data to the database
* calls addProfileObj() for each value array
*
* @param int $clpId
* @param array $valArr
* @param boolean $multiArr if the profile allows multiple entries is $valArr a single entry or an array of entries?
* @param boolean $dataCheck check the data by calling
* @param boolean $debug
*
* @return int number of rows added
*
* @since pk-05-08-24
*
***/
function addProfile($clpId,$valArr,$multiArr=False,$dataCheck=True,$debug=False) {
if ($debug) echo "USER::addProfile($clpId,....) (".get_class($this).")";
if (!$this->getId()) return False;
if (!intval($clpId)) return False;
if (!is_array($valArr)) return False;
require_once $GLOBALS['OCSP']['DEFAULTCONFPATH']."client.conf.phpinc";
require_once $GLOBALS['CLIENT']['PHPINCPATH']."CLI_PROFILE.phpclass";
if ($debug) echo "<blockquote>";
$noRows=0;
if ($profile=new CLI_PROFILE(0,$clpId,0)) {
if ((!$profile->isMultiple()) || (!$multiArr)) {
// signle data row processing
if ($this->addProfileObj($profile,$valArr,$dataCheck,$debug)) {
$noRows=1;
}
} else {
foreach($valArr as $profileData) {
if ($this->addProfileObj($profile,$profileData,$dataCheck,$debug)) {
$noRows++;
}
}
}
}
if ($debug) echo "Returns: $noRows</blockquote>";
return $noRows;
}
/**
* stores profile data to the database
* processes only one data row
*
* @param CLP_PROFILE $profile
* @param array $valArr
* @param boolean $dataCheck check the data by calling
* @param boolean $debug
*
* @return boolean
*
* @since pk-05-08-24
*
***/
function addProfileObj($profile,$valArr,$dataCheck=True,$debug=False) {
if ($debug) echo "USER::addProfileObj(...) (".get_class($this).")";
if ($debug) echo "<blockquote><pre>".print_r($valArr,True)."</pre></blockquote>";
if (!$profile->getId()) return False; // empty profile
if (!is_array($valArr)) return False; // no data
$valArr['USR_ID']=$this->getId();
if (($dataCheck) && (!$profile->checkEntryRowArr($valArr,$debug))) {
return False;
}
if ($profile->isMultiple()) {
return $profile->insertEntryRow($valArr,$debug);
} else {
return $profile->updateEntryRow($valArr,True,$debug);
}
}
/**
* deletes all profile entries for the user
*
* @param CLP_PROFILE $profile
* @param boolean $debug
*
* @since pk-05-09-23
*
***/
function clearProfileObj(&$profile,$debug=False) {
if ($debug) echo "USER::clearProfileObj(".$profile->getId().") (".get_class($this).")";
if ($profile->getKeyColName() == "USR_ID") {
$profile->deleteEntryRow($this->getId(),0,$debug);
} else {
if ($o_client=$this->getClient()) {
$o_client->clearProfileData($profile,False,$debug);
}
}
}
/**#@-*/
}
?>

Source for file OCSP_USER.phpclass