Source for file OCSP_USER.phpclass
Documentation is available at OCSP_USER.phpclass
* Class file OCSP_USER.phpclass
* @project Open CSP-Management
* @author Peter Krebs <pitlinz@users.sourceforge.net>
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id: OCSP_USER.phpclass,v 1.28 2008/11/24 23:30:34 pitlinz Exp $
if (!defined('_OCSP_USR_SESSION_TTL_')) define('_OCSP_USR_SESSION_TTL_',600);
require_once __OCSP_PHPINCPATH__ .
"db" .
_OCSP_DIRSEP_ .
"DBMS_TABLEOBJ.phpclass";
require_once dirname(__FILE__
) .
_OCSP_DIRSEP_ .
"OCSP_GROUPTREE.phpclass";
* @project Open CSP-Management
* @author Peter Krebs <pitlinz@users.sourceforge.net>
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* ------------------------------------------------
* @version pk-08-03-12 (unit of work)
* @version $Id: OCSP_USER.phpclass,v 1.28 2008/11/24 23:30:34 pitlinz Exp $
/*** class constants --------------------------------------------- */
* @constant string CLASS_SRC_FILE
/*** class variables --------------------------------------------- */
* list of already loaded users
* (unit of work) used in foactory classes
* @staticvar array $usrList
static $usrList =
array();
/*** class functions --------------------------------------------- */
* outputs the propper login form
* tries to get the proper method to output a login form
* if on or more file uploads are found getHttpLoginForm is used
* if isset an ajax call is supposed and the propper
* auth form method is chosen by the content type
* if isset and $_GET['inToDiv'] an jOCSP.load(...) is supposed
* else jOCSP.getScript is supposed
* NOTE to avoid missinterpretion always set SEC_REQ['CONTENTTYPE']
* NOTE do not set SEC_REQ['CONTENTTYPE'] if you have a normal non ajax call
return self::getHttpLoginForm();
// we have an upload -> send http auth to not have to handle
return self::getHttpLoginForm();
if (isset
($_SERVER['HTTP_X_REQUESTED_WITH']) &&
($_SERVER['HTTP_X_REQUESTED_WITH'] ==
'XMLHttpRequest'))
if (!isset
($secReq['CONTENTTYPE']))
if (isset
($_GET['inToDiv']) &&
!empty($_GET['inToDiv']))
$secReq['CONTENTTYPE']=
'text/html';
$secReq['CONTENTTYPE']=
'text/javascript';
if (isset
($secReq['CONTENTTYPE']))
switch($secReq['CONTENTTYPE'])
return self::getHttpLoginForm();
if (empty($str_loginUrl)) $str_loginUrl =
OCSP_OBJ::getConf('SYSTEMURL') .
"/tools/login.php";
if (isset
($_SERVER['HTTP_REFERER'])) OCSP_SESSION::getInstance()->setDefaultValue('LOGIN_REFERER',$_SERVER['HTTP_REFERER']);
if ($debug) echoDebugLine(__FILE__
,__LINE__
,"<a href=\"$str_loginUrl\">$str_loginUrl</a><pre>".
print_r($_SESSION,TRUE).
"</pre>");
header("Location: $str_loginUrl");
* sets the headers for a http authentication
* NOTE: if you use this method logout is currently not available
$str_realm =
(empty($str_realm) ?
"openCSP Login" :
$str_realm);
header("WWW-Authenticate: Basic realm=\"{$str_realm}\"");
header("HTTP/1.0 401 Unauthorized");
// Bust cache in the head
header ("Expires: Mon, 26 Feb 2007 00:00:00 GMT"); // Date in the past
header ("Last-Modified: " .
gmdate("D, d M Y H:i:s") .
" GMT");
header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header ("Pragma: no-cache"); // HTTP/1.0
header('Content-Type: text/javascript; charset=utf-8');
* compositon ----------------------------------------------------------------
* array of groups the user belongs to directly
* (stored in T_SYS_GROUPMEMBERS);
* attributes ----------------------------------------------------------------
* array holding security requirements for the current function
// ---------------- DB Attributes -------------------------
* @staticvar string $myTable name of the db table
* @var string $dbConffile
* @var int $dbConfSeekLoop count loops in self::getDBConfFile()
// ---------------- Client Attributes -------------------------
* @var int $myCliId the client id the user belongs to
* @var CLIENT $myClient the client object
* @deprecated since pk-08-03-27 (CLIENT -> unit of work)
* array of client id's the user is assigned
* @var array $myClientLst
* @var int $myCtyId the client type of the users client
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
if ($debug) echoDebugMethod(__FILE__
,"static","OCSP_USER::factoryFromId($aId)");
if ($debug) echoDebugLine(__FILE__
,__LINE__
,"returning already loaded user for {$aId}");
if ($debug) echoDebugLine(__FILE__
,__LINE__
,"generating new user");
$obj_ret->db_SetKey('USR_ID',$aId,$debug);
if ($obj_ret->dbPopulate($debug))
return OCSP_USER::$usrList[$aId];
foreach(OCSP_USER::$usrList as $aId =>
&$obj_user)
if ($obj_user->getName() ==
$lName)
$obj_db =
OCSP_OBJ::defaultDBObj('r');
$str_query =
"SELECT * FROM " .
$this->myTable;
$str_query.=
" WHERE USR_LOGIN = " .
$obj_db->qs_getSlashedValue($lName);
if ($arr_usr =
$obj_db->quickQuery($str_query))
OCSP_USER::$usrList[$arr_usr['USR_ID']] =
new OCSP_USER();
OCSP_USER::$usrList[$arr_usr['USR_ID']]->setDBRow($arr_user);
return OCSP_USER::$usrList[$arr_usr['USR_ID']];
* factory a user object from the session
if ($debug) echoDebugMethod(__FILE__
,"static","OCSP_USER::factoryCurrentFromSession()");
$str_cmd =
"\$obj_user = new " .
$str_class .
"();";
$obj_user->sessPopulate($debug);
if (!$obj_user->isPublic())
OCSP_USER::$usrList[$obj_user->getId()] =
$obj_user;
self::$global_currentUser=
$obj_user;
* factory a user object from login + password
* @param string $className
if ($debug) echoDebugMethod(__FILE__
,"static","OCSP_USER::factoryCurrentFromLoginPasswd()");
if (!empty($className) &&
($className !=
'OCSP_USER'))
$str_cmd =
"\$obj_user = new " .
$className .
"();";
if (!$obj_user->checkPassword(NULL,$login,$passwd,$debug))
if ($obj_user->isValid($debug) &&
($obj_user->isEnabled()))
if (!$obj_user->isPublic())
OCSP_USER::$usrList[$obj_user->getId()] =
$obj_user;
self::$global_currentUser =
$obj_user;
$OCSP_OBJ['USER'] =
&self::$global_currentUser;
return self::$global_currentUser;
// ---------------------------------------------------------
// ---------------------------------------------------------
* returns the language id for the user
throw
new Exception(_OCSP_EXEP_NODBCONN_);
$cmd=
"UPDATE T_SYS_USER SET USR_ENABLED=0 WHERE USR_ID=".
$this->getId();
throw
new Exception(_OCSP_EXEP_NODBCONN_);
$cmd=
"UPDATE T_SYS_USER SET USR_ENABLED=1 WHERE USR_ID=".
$this->getId();
// ---------------------------------------------------------
// ---------------------------------------------------------
* returns the db-Conffile for the user
* @param boolean $useEnv (if True it is tried to find one from the environment)
* sets the database config file
* @param string $confFile
* @global array $OCSP_CONF
* returns if the dbObj is connected
* @param boolean $autoConnect try to connect
} else if (!$this->myDBObj->isConnected()) {
//$this->myDBObj->connect($this->getDBConfFile(),$this->isPublic(),False,$debug);
* @param boolean $asAdmin
* @requires __OCSP_PHPINCPATH__."common/pcf_templates.phpinc"
function &dbConnect($asAdmin=
False,$debug=
False) {
* loading the db object checks dbtype in the following order
* 1st: $OCSP_CONF['DBTYPE']
* 2nd: $_SERVER['DBTYPE']
* 3rd: $GLOBALS['OCSP']['DBTYPE']
* and sets $OCSP_CONF['DBTYPE'] if not isset or is empty
* @param boolean $withoutConnect (only return the database object)
* @param string $dbConffile
* @param boolean $useGlobal
* @global array $OCSP_CONF
* @global array $OCSP_OBJ
* @todo replace global arrays
function &getMyDBObj($withoutConnect=
False,$dbConffile=
"",$useGlobal=
True,$debug=
False)
if ($debug) echoDebugMethod(__FILE__
,get_class($this),"OCSP_USER::getMyDBObj()",($useGlobal ?
"use global" :
"DON'T use global"));
// $debug=True;echoDebugLine(__FILE__,__LINE__,"debug on");
if (isset
($DBCONF['CLASS']) &&
!empty($DBCONF['CLASS']))
if (isset
($DBCONF['INCLUDE']) &&
!empty($DBCONF['INCLUDE']))
if ($debug) echoDebugLine(__FILE__
,__LINE__
,"DB include: " .
$str_include);
require_once $str_include;
$str_dbClassName =
$DBCONF['CLASS'];
$str_objCmd =
"\$this->myDBObj = new " .
$str_dbClassName .
"();";
ocsp_logError(__FILE__
,__LINE__
,"Could not create DB object OCSP_DB_".
$OCSP_CONF['DBTYPE'],E_ERROR);
//if ($useGlobal) $OCSP_OBJ['USRDB']=&$this->myDBObj;
if (!$withoutConnect &&
!$this->myDBObj->isConnected())
// ---------------------------------------------------------
// ---------------------------------------------------------
public function touch($toDB=
False,$debug=
False)
$str_cmd =
"UPDATE T_SYS_USER SET USR_LASTLOGIN=" .
$this->myDBObj->qs_getNowStmt();
$str_cmd.=
" WHERE USR_ID=" .
$this->getId();
$this->myDBObj->executeCmd($str_cmd);
* sets a database row to the object fields
* sets each key (=columname) value
* if $row['__OCSP_OBJ_VALS__'] isset and an array this values are set as object values
* else if $asPopulated object values are loaded
* @param array $row the row form a select * from DBMS_TABLEOBJ::myTable
* @param boolean $asPopulated set populateTS as if the object has been populated
function setDBRow($row,$asPopulated=
True,$debug=
False)
$bol_ret =
parent::setDBRow($row,$asPopulated,$debug);
$this->isValid =
$asPopulated;
* only saves none public user
return parent::dbSave($debug);
* inserts a new row to the table
* @param boolean $debug show debug info
* @returns int returns the autoIncFld ID if exists or 1 on success
// ---------------------------------------------------------
// db row getter / setter
// ---------------------------------------------------------
* @param string $newPassword
// ---------------------------------------------------------
// ---------------------------------------------------------
* populates a user from the session
if ($debug) echoDebugLine(__FILE__
,__LINE__
,"\$arr_usrData: <pre>" .
print_r($arr_usrData,True) .
"</pre>");
if ($arr_usrData['HTTP_USER_AGENT'] !=
$_SERVER['HTTP_USER_AGENT'])
if (!isset
($arr_usrData['ROW']) ||
!is_array($arr_usrData['ROW']))
if (intval($arr_usrData['ROW']['USR_ID']))
foreach($arr_usrData['ROW'] as $str_col =>
$mix_val)
$this->{$str_col} =
$mix_val;
if ($debug) echoDebugLine(__FILE__
,__LINE__
,'Session Timed Out');
//$this->sessSave($debug);
$this->myCliId=
$arr_usrData['CLI_ID'];
$this->myCtyId=
$arr_usrData['CTY_ID'];
* stores the user to the session
* @version pk-08-06-11 store only if $this is current user
//'REMOTE_ADDR' => $_SERVER["REMOTE_ADDR"],
//'REMOTE_PORT' => $_SERVER["REMOTE_PORT"],
'HTTP_USER_AGENT' =>
$_SERVER["HTTP_USER_AGENT"]
* sets session user timestamp
// ---------------------------------------------------------
// ---------------------------------------------------------
* populates the groups from the database (T_SYS_GROUPMEMBER)
$str_query =
"SELECT * FROM T_SYS_GROUPMEMBER WHERE USR_ID=" .
$this->getId();
if ($obj_cursor =
$this->myDBObj->query($str_query))
while($arr_grp =
$obj_cursor->fetchArrayFld())
$this->myGroups[$arr_grp['GRP_ID']] =
$arr_grp;
$this->myGroups[0]=
array('GRP_ID' =>
0,'GRP_NAME' =>
"Public");
* returns the default group of the user
* returns an array with group id's direct assigned to the user
* @param boolean $forceReload (reload the groups from the db)
if (intval($arr_grp['GRP_ID']) &&
($arr_grp['GRP_ID'] !=
$arr_ret[0]))
$arr_ret[] =
$arr_grp['GRP_ID'];
* returns if the user is a member of $aGroup
return ($this->isPublic() ?
False :
True);
* returns a string containing group id's
* @param boolean $forceReload
public function getGroups($sep=
",",$forceReload=
False,$debug=
False) {
if ($debug) echo
"<p><b>USER::getGroups($sep,....)</b> (".
get_class($this).
")</p><blockquote>\n";
// user is not logged in no need to check
if ($debug) echo
"<p>(NOT LOGGEDIN) Returning: ".
$GLOBALS['OCSP_GROUPS']['PUBLIC'].
$sep.
$GLOBALS['OCSP_GROUPS']['NOTLOGGEDIN'].
"</p></blockquote>";
if ($debug) echo
"<p>Returns: $s_ret<p></blockquote>";
* returns an array with group id's direct assigned to the user where he is admin
* @param boolean $forceReload (reload the groups from the db)
if (intval($arr_grp['GRP_ISADMIN']))
$arr_ret[] =
$arr_grp['GRP_ID'];
* returns if a user is admin
public function isAdmin($debug=
False) {
* returns if the user is group admin
if ($aGrpId <
1) return False;
if ($this->isAdmin($debug)) return True;
* adds the user to $aGrpId
* @note this method does only work for self selectable groups
function addToGroup($aGrpId,$ro=
False,$asAdmin=
False,$debug=
False) {
* remove the user from $aGrpId
* @note this method does only work for self selectable groups
// ---------------------------------------------------------
// ---------------------------------------------------------
* checks username and password and setts $this->user if ok
* @version pk-07-02-22 check table version
$str_query =
"SELECT * FROM T_SYS_USER ";
$str_query.=
" WHERE TRIM(UPPER(USR_LOGIN)) = ".
$dbObj->qs_getSlashedValue(strtoupper(trim($aName)));
$str_query.=
" AND USR_MD5PWD = ".
$dbObj->qs_getSlashedValue(md5($aPasswd));
// if ($debug) echoDebugLine(__FILE__,__LINE__,"<p>" . $str_query . "</p>");
if ($arr_row =
$dbObj->quickQuery($str_query))
// convert old style mysql passwords
$str_query =
"SELECT * FROM T_SYS_USER ";
$str_query.=
" WHERE TRIM(UPPER(USR_LOGIN) = ".
$dbObj->qs_getSlashedValue(strtoupper(trim($aName)));
$str_query.=
" AND USR_MD5PWD <> ".
$dbObj->qs_getSlashedValue(md5($aPasswd));
$str_query.=
" AND (USR_PWD = PASSWORD(" .
$dbObj->qs_getSlashedValue($aPasswd) .
")";
if ($arr_row =
$dbObj->quickQuery($str_query))
$str_cmd =
"UPDATE T_SYS_USER SET USR_MD5PWD = ".
$dbObj->qs_getSlashedValue(md5($aPasswd));
$str_cmd.=
" WHERE USR_ID=".
intval($arr_row['USR_ID']);
$dbObj->executeCmd($str_cmd);
* returns if the user is public or is a logined user
* as this function is called durring the dbConnection cal
* you MUST not use $this->getDBField() method here this
* will lead to an endless loop.
* a user is public if no login name is set
* @version pk-08-06-11 don't use $this->getDBField() => endless loop
$str_login=
(isset
($this->USR_LOGIN) ?
$this->USR_LOGIN :
"");
if (isset
($this->USR_ID) &&
intval($this->USR_ID))
* returns if the user is enabled by default
* NOTE: does not check current page settings
* merges $secReq with $this->curSecReq
* checks the user against a merge of $this->curSecReq and $addSecReq
* @param array $addSecReq
function isAllowed($addSecReq=
NULL,$debug=
False)
if (isset
($arr_secReq['PUBLIC']) &&
$arr_secReq['PUBLIC'])
if (isset
($arr_secReq['USER']) &&
intval($arr_secReq['USER']))
if (isset
($arr_secReq['DEFAULTGROUP']) &&
intval($arr_secReq['DEFAULTGROUP']))
if (isset
($arr_secReq['GROUP']))
if (!$obj_grpTree->userIsMember(intval($arr_secReq['GROUP']),$this->getId(),True,$debug))
if (isset
($arr_secReq['GROUPADMIN']))
if (!$obj_grpTree->userIsAdmin(intval($arr_secReq['GROUP']),$this->getId(),$debug))
if (isset
($arr_secReq['GROUPWRITE']))
if (!$obj_grpTree->userIsAdmin(intval($arr_secReq['GROUPWRITE']),$this->getId(),$debug))
if (isset
($arr_secReq['IP']) &&
!empty($arr_secReq['IP']))
if ($_SERVER['REMOTE_ADDR'] !=
$arr_secReq['IP'])
// all checks passed successfully
* @dprecated since pk-08-03-14
* @return boolean False if the current user has not enough rights to do this
if ($this->userId == $
$GLOBALS['OCSP_OBJ']['USER']->getId()) return False; // user can not delete himself
if (!$
$GLOBALS['OCSP_OBJ']['USER']->isAdmin()) {
$s_cmd=
"DELETE FROM T_CLI_USER WHERE USR_ID=".
$this->getId();
if ($debug) echo
"<p>$s_cmd</p>";
$GLOBALS['OCSP_OBJ']['USRDB']->executeCmd($s_cmd);
$s_cmd=
"DELETE FROM T_SYS_GROUPMEMBER WHERE USR_ID=".
$this->getId();
if ($debug) echo
"<p>$s_cmd</p>";
$GLOBALS['OCSP_OBJ']['USRDB']->executeCmd($s_cmd);
$s_cmd=
"DELETE FROM T_SYS_USER WHERE USR_ID=".
$this->getId();
if ($debug) echo
"<p>$s_cmd</p>";
$GLOBALS['OCSP_OBJ']['USRDB']->executeCmd($s_cmd);
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* returns an array of GRP_ID's where the user is admin
* @param boolean $strict only direct assigned groups
* @param boolean $idsOnly return an array with group ids only
$arr_grps =
$obj_grpTree->getUserGroupTreeArray($debug);
foreach($arr_grps as $int_grpId =>
$arr_grpNode)
if ($arr_grpNode['ADMIN'])
if (!isset
($arr_ret[$int_grpId]))
$arr_ret[$int_grpId] =
$arr_grpNode['ROW'];
if ($arr_children =
$obj_grpTree->getAllChildGroups($int_grpId,$arr_ret,$debug))
foreach($arr_children as $int_childId =>
$arr_row)
$arr_ret[$int_childId] =
$arr_row;
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* opens a connection to the database and checks username and password
* if username and password don't match the connection is closed
* else the connection is assigned to $GLOBALS['OCSP_OBJ'][$this->gDBIDX]
* @params string $aPasswd (clear text)
* @params string $aConffile (database conf file to include)
* @params boolean $asAdmin (user is admin)
* @version pk-05-10-28 $GLOBALS['OCSP']['USR_LOGIN_SHORTENTO'] added
* @deprecated since pk-08-03-14
function login($aName,$aPasswd,$aConffile=
NULL,$asAdmin=
False,$debug=
False) {
$this->isCurrentUser=
True; // <pk-07-06-01 />
if (!empty($aConffile)) {$this->dbConffile=
$aConffile;}
if (!($dbObj=
$this->dbConnect($asAdmin,$debug))) {
if (!empty($GLOBALS['OCSP']['LOGINLOGFILE'])) {
if ($fp=
fopen($GLOBALS['OCSP']['LOGINLOGFILE'],"a")) {
if ($debug) ocsp_logError(__FILE__
,__LINE__
,"NO Database Conffile");
if (isset
($GLOBALS['OCSP']['USR_LOGIN_SHORTENTO']) &&
intval($GLOBALS['OCSP']['USR_LOGIN_SHORTENTO'])) { // <pk-05-10-28>
// this is usefull if some other db fields like EMAIL are used to
// if this is set $aName's largen then $GLOBALS['OCSP']['USR_LOGIN_SHORTENTO']
// are cut at the max position
$aName=
substr($aName,0,$GLOBALS['OCSP']['USR_LOGIN_SHORTENTO']);
$query2 =
"SELECT *, PASSWORD(".
$dbObj->qs_getPassword($aPasswd).
") AS PWD,OLD_PASSWORD(".
$dbObj->qs_getSlashedValue($aPasswd).
") AS OLD_PWD FROM T_SYS_USER ";
$query2.=
" WHERE UPPER(USR_LOGIN) LIKE UPPER(".
$dbObj->qs_getSlashedValue(strtoupper($aName)).
")";
if ($user=
$dbObj->quickQuery($query2)) {
if ($user['PWD'] !=
$user['USR_PWD']) {
if (!empty($GLOBALS['OCSP']['LOGINLOGFILE'])) {
if ($fp=
fopen($GLOBALS['OCSP']['LOGINLOGFILE'],"a")) {
fwrite($fp,"\t\tDATABASE: ".
$dbObj->myDB.
"\n");
fwrite($fp,"\t\tQ2_PWD: -->".
$user['PWD'].
"<-->".
$user['USR_PWD'].
"<--\n");
if (!empty($GLOBALS['OCSP']['LOGINLOGFILE'])) {
if ($fp=
fopen($GLOBALS['OCSP']['LOGINLOGFILE'],"a")) {
fwrite($fp,"\t\tDATABASE: ".
$dbObj->myDB.
"\n");
fwrite($fp,"\t\tQ2_PWD: -->".
$user['PWD'].
"<-->".
$user['USR_PWD'].
"<--\n");
$this->userName=
$this->user['USR_LOGIN'];
$this->userId =
$this->user['USR_ID'];
$this->dbConffile =
$this->user['USR_DBCONFFILE'];
if (($asAdmin) &&
(!$this->isAdmin)) {
if ($debug) {echo
"<pre>";print_r($this->groups);echo
"</pre>";}
// reconnect to not grant admin right to the scripts
// if user ist not an admin
if (!($dbObj=
$this->dbConnect())) return False;
if (!$this->loadGroups($debug)) return False;
$cmd=
"UPDATE T_SYS_USER SET USR_LASTLOGIN=".
$dbObj->qs_getNowStmt();
if (isset
($user['USR_LASTCHANGE']) &&
(doubleval($user['USR_LASTCHANGE']))) {
// don't overwrite last change column
$cmd.=
" ,USR_LASTCHANGE=".
$dbObj->qs_getSlashedValue($user['USR_LASTCHANGE']);
$cmd.=
" WHERE USR_ID=".
$this->userId;
$dbObj->executeCmd($cmd);
$this->setSession($debug);
if ($debug) echoDebug(__FILE__
,"<p>Returning ".
($this->isValid ?
"True" :
"False" ).
" Line:".__LINE__.
"</p>");
* logsout the current user
function logout($debug=
False) {
if ($debug) echo
"<p><b>USER::logout(...)</b> (".
get_class($this).
")</p>";
$this->clearSession($debug);
* shows the login screen and returns to the current page
* @param int $method (OCSP_AUTH_xxxx)
* @todo only OCSP_AUTH_HTTP implemented
function loginScreen($method=
OCSP_AUTH_HTTP,$form=
"") {
if (empty($GLOBALS['OCSP']['REALM'])) $GLOBALS['OCSP']['REALM'] =
$_SERVER['SERVER_NAME'].
" ".
$_SERVER['REQUEST_URI'];
header("WWW-Authenticate: Basic realm=\"".
$GLOBALS['OCSP']['REALM'].
"\"");
header("HTTP/1.0 401 Unauthorized");
function checkGroup($aGroup,$withWrite=
False,$isAdmin=
False) {
if ($aGroup==
0) return $this->isGroupMember($GLOBALS['OCSP']['GROUPS']['ADMIN']);
else return $this->groups[$aGroup]['GRP_ISADMIN'];
if ($aGroup==
0) return True;
else return ($this->groups[$aGroup]['GRP_READONLY'] ?
False :
True);
if (!is_array($this->groups)) return False;
while(list
($key,$val)=
each($this->groups)) {
if ($val['GRP_RIGHTS'] >=
$rights)
* checks security requirements
* @version pk-06-07-23 checking SEC_REQ[GROUP|GROUPWRITE] changed to avoid warnings
* @version pk-06-08-15 $SEC_REQ['USER'] added
* not final use override this method to populate the additionl
// ----------------------------------------------------------------------------
// ----------------------------------------------------------------------------
* returns if this user can see an other user (is in the same group)
if (!intval($usrId)) return False; // nobody kann edit public as it is (should not be) not stored in the db
if ($this->isAdmin()) return True; // admin is always allowed
$s_query =
"SELECT COUNT(*) FROM T_SYS_GROUPMEMBER g1 JOIN T_SYS_GROUPMEMBER g2 USING(GRP_ID)";
$s_query.=
" WHERE g1.USR_ID=".
intval($usrId);
$s_query.=
" AND g2.USR_ID=".
$this->getId();
if (intval($GLOBALS['OCSP_OBJ']['USRDB']->quickQuery($s_query,0))) {
* returns if this user has the right to edit another user
* @param mixed $user (integer or OCSP_USER)
if (!intval($usrId)) return False; // nobody kann edit public as it is (should not be) not stored in the db
if ($this->isAdmin()) return True; // admin is always allowed
$s_query =
"SELECT COUNT(*) FROM T_SYS_GROUPMEMBER g1 JOIN T_SYS_GROUPMEMBER g2 USING(GRP_ID)";
$s_query.=
" WHERE g1.USR_ID=".
intval($usrId);
$s_query.=
" AND g2.USR_ID=".
$this->getId();
$s_query.=
" And g2.GRP_ISADMIN=1";
// ----------------------------------------------------------------------------
// ----------------------------------------------------------------------------
* returns if myCliIDTS is ok (means not outdated)
return ($this->myCliIDTS >
(time()-
ini_get('max_execution_time')));
* returns an array of client id's the user is assigned to
* @param boolean $forceReload
public function getmyClientIds($ctyId=
0,$forceReload=
False,$debug=
False)
'?CLI_ID' =>
"CLI_ID IN (SELECT CLI_ID FROM T_CLI_USER WHERE USR_ID=" .
$this->getId() .
")"
if ($arr_clients =
$this->myDBObj->getArray('T_CLI_CLIENT',$arr_filter))
foreach($arr_clients as $arr_row)
'CLI_NAME1' =>
$arr_row['CLI_NAME1'],
'CTY_ID' =>
$arr_row['CTY_ID'],
'CLS_ID' =>
$arr_row['CLS_ID']
* returns if the user has the right to view a client's data
if ($debug) echo
"<p><b>USER::canShowClient($cliId)</b> (".
get_class($this).
")</p>\n";
if ($this->getCliId() ==
$cliId) return True;
return $this->isGroupMember($GLOBALS['OCSP_GROUPS']['CLIENT-ADMIN']);
* returns if the user has the right to edit a client
if ($debug) echo
"<p><b>USER::canEditClient($cliId)</b> (".
get_class($this).
")</p>\n";
if ($this->getCliId() ==
$cliId) return True;
if ($this->isGroupMember($GLOBALS['OCSP_GROUPS']['CLIENT-ADMIN'])) return True;
$s_query=
"SELECT CLU_ISADMIN FROM T_CLI_USER WHERE CLI_ID=".
intval($cliId).
" AND USR_ID=".
$this->getId();
if (intval($GLOBALS['OCSP_OBJ']['USRDB']->quickQuery($s_query,0))) return True;
* returns the client id from T_CLI_USER
* @param boolean $forceReload
* @version pk-05-12-11 bugfix returns null -> 0
* @version pk-06-04-19 use $this->myCliId[TS]
function getCliId($debug=
False,$forceReload=
False) {
$query=
"SELECT CLI_ID FROM T_CLI_USER WHERE USR_ID=".
$this->getId();
if ($debug) echo
"<blockquote>$query</blockquote>";
if (is_object($this->myClient)) { // we have to repopulate the clientobject to ensure it's the right one
$this->myClient->populate(); // reload the object values from the database
* sets the client id and generates a row in T_CLI_USER
* @param boolean $overwrite remove all rows for the user in T_CLI_USER
function setCliId($cliId,$overwrite=
True,$debug=
False) {
if($debug) echo
"<p><b>USER::setCliId($cliId,".
($overwrite ?
"REPLACE" :
"INSERT").
")</b> (".
get_class($this).
")</p>";
if (!intval($cliId)) return False;
$s_cmd=
"DELETE FROM T_CLI_USER WHERE USR_ID=".
$this->getId();
if ($debug) echo
"<blockquote><p>$s_cmd</p></blockquote>";
$GLOBALS['OCSP_OBJ']['USRDB']->executeCmd($s_cmd);
$s_cmd=
"INSERT INTO T_CLI_USER (USR_ID,CLI_ID) VALUES(".
$this->getId().
",".
intval($cliId).
")";
if ($GLOBALS['OCSP_OBJ']['USRDB']->executeCmd($s_cmd)) {
* returns a client object for the first client found for the user
* @global array $OCSP_CONF
if ($debug) echo
"<p><b>USER::getClient($debug)</b></p>";
require_once $GLOBALS['CLIENT']['PHPINCPATH'].
"CLIENT.phpclass";
if (!$this->myClient->getPopulateTS()) {
* returns the staff assigned to the user
$str_query =
"SELECT * FROM T_CLI_STAFF WHERE CST_ID IN (SELECT CST_ID FROM T_CLI_USER WHERE USR_ID=" .
$this->getId() .
")";
if ($arr_staffRow =
$this->myDBObj->quickQuery($str_query))
// client type functions -------------------------------------
* returns the client type id of the users client
* or False if no client could be found
* @param boolean $foreachReload or use cache (session) if available
if ($forceReload ||
(!intval($this->myCliId))) { // load the client
// check if we already have a clientobject loaded
// get the clientId without forceing a reload as this is done earlier
// the user belongs to no client return False
$s_query=
"SELECT CTY_ID FROM T_CLI_CLIENT WHERE CLI_ID=".
$this->myCliId;
$this->myCtyId=
$GLOBALS[$this->get_gDBIDX()]->quickQuery($s_query);
* checks if the user can show users of a type
* returns always True to the type the users client is
* if the type exists the columns
* checks if the user is in the show or admin group of the clienttype
if ($this->isAdmin()) return True; // no need to check because isGroupMember will return True
$s_query=
"SELECT FROM T_CLI_TYPE WHERE CTY_ID=".
$ctyId;
if ($a_cty=
$GLOBALS[$this->get_gDBIDX()]->query($s_query)) {
return False; // user is not member of relevant group and we do not want users can see other clients of theire group
return ($ctyId==
0); // return True for none specified type
* checks if the user has admin rights for a client
* User is group member of CLIENT_ADMIN or T_CLI_USER CLU_ISADMIN is True
* uses the array ($this->isCliAdminBuffer to buffer results)
* @param int $cliId if 0 $this->getCliId() is called
if (!isset
($isCliAdminBuffer[$clientId])) {
$s_query =
"SELECT CLU_ISADMIN FROM T_CLI_USER ";
$s_query.=
" WHERE CLI_ID=".
intval($cliId).
" AND USR_ID=".
$this->getId();
if ($s_res=
$GLOBALS[$this->get_gDBIDX()]->queryArray($s_query,0)) {
$isCliAdminBuffer[intval($cliId)]=
(intval($s_res) ?
True :
False);
$isCliAdminBuffer[intval($cliId)]=
False;
return $isCliAdminBuffer[intval($cliId)];
* checks if the user is staff of a client
* uses the array ($this->isCliAdminBuffer to buffer results)
* @param int $cliId if 0 $this->getCliId() is called
if ($this->getCliId()==
$clientId) return True;
$s_query=
"SELECT COUNT(*) FROM T_CLI_USER WHERE USR_ID=".
$this->getId().
" AND CLI_ID=".
intval($cliId);
return (intval($GLOBALS['OCSP_OBJ']['USRDB']->quickQuery($s_query,0)) ?
True :
False);
/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
* stores profile data to the database
* calls addProfileObj() for each value array
* @param boolean $multiArr if the profile allows multiple entries is $valArr a single entry or an array of entries?
* @param boolean $dataCheck check the data by calling
* @return int number of rows added
function addProfile($clpId,$valArr,$multiArr=
False,$dataCheck=
True,$debug=
False) {
if ($debug) echo
"<p><b>USER::addProfile($clpId,....)</b> (".
get_class($this).
")</p>";
if (!$this->getId()) return False;
if (!intval($clpId)) return False;
require_once $GLOBALS['OCSP']['DEFAULTCONFPATH'].
"client.conf.phpinc";
require_once $GLOBALS['CLIENT']['PHPINCPATH'].
"CLI_PROFILE.phpclass";
if ($debug) echo
"<blockquote>";
if ((!$profile->isMultiple()) ||
(!$multiArr)) {
// signle data row processing
foreach($valArr as $profileData) {
if ($this->addProfileObj($profile,$profileData,$dataCheck,$debug)) {
if ($debug) echo
"<p>Returns: <b>$noRows</b></p></blockquote>";
* stores profile data to the database
* processes only one data row
* @param CLP_PROFILE $profile
* @param boolean $dataCheck check the data by calling
function addProfileObj($profile,$valArr,$dataCheck=
True,$debug=
False) {
if ($debug) echo
"<p><b>USER::addProfileObj(...)</b> (".
get_class($this).
")</p>";
if ($debug) echo
"<blockquote><pre>".
print_r($valArr,True).
"</pre></blockquote>";
if (!$profile->getId()) return False; // empty profile
if (!is_array($valArr)) return False; // no data
$valArr['USR_ID']=
$this->getId();
if (($dataCheck) &&
(!$profile->checkEntryRowArr($valArr,$debug))) {
if ($profile->isMultiple()) {
return $profile->insertEntryRow($valArr,$debug);
return $profile->updateEntryRow($valArr,True,$debug);
* deletes all profile entries for the user
* @param CLP_PROFILE $profile
if ($debug) echo
"<p><b>USER::clearProfileObj(".
$profile->getId().
")</b> (".
get_class($this).
")</p>";
if ($profile->getKeyColName() ==
"USR_ID") {
$profile->deleteEntryRow($this->getId(),0,$debug);
$o_client->clearProfileData($profile,False,$debug);
Documentation generated on Thu, 08 Jan 2009 17:47:32 +0100 by phpDocumentor 1.4.0a2