source: trunk/Demo/Packages/CoolWeb/Modules/UUser.pas

Last change on this file was 60, checked in by chronos, 12 years ago
File size: 5.0 KB
Line 
1unit UUser;
2
3{$mode Delphi}{$H+}
4
5interface
6
7uses
8 Classes, SysUtils, synacode, USqlDatabase, UCommon, UHTTPServer;
9
10const
11 AnonymousUserId = 1;
12
13type
14 EDuplicateItem = class(Exception);
15 ENotFound = class(Exception);
16
17 { TWebUser }
18
19 TWebUser = class
20 Id: Integer;
21 Name: string;
22 FullName: string;
23 Email: string;
24 Database: TSqlDatabase;
25 HandlerData: THTTPHandlerData;
26 procedure Delete(Id: Integer);
27 procedure Add(Name, Password, Email: string);
28 function GetIdByName(Name: string): Integer;
29 function GetIdByNamePassword(Name: string; PassWord: string): Integer;
30 procedure Load;
31 end;
32
33 { TWebOnlineUser }
34
35 TWebOnlineUser = class
36 Database: TSqlDatabase;
37 HandlerData: THTTPHandlerData;
38 Id: Integer;
39 User: Integer;
40 procedure Update;
41 procedure Login(User: Integer);
42 procedure Logout;
43 end;
44
45implementation
46
47resourcestring
48 SDuplicateUserItem = 'User name "%s" already used.';
49 SEmptyUserParameters = 'Missing user parameters';
50 SUserNotFound = 'User "%s" not found';
51
52{ TOnlineUser }
53
54procedure TWebOnlineUser.Update;
55var
56 DbRows: TDbRows;
57 Id: Integer;
58begin
59 try
60 DbRows := TDbRows.Create;
61 Database.Query(DbRows, 'SELECT * FROM `UserOnline` WHERE `SessionId`="' +
62 HandlerData.Request.Cookies.Values['SessionId'] + '"');
63 if DbRows.Count > 0 then begin
64 // Update exited
65 Id := StrToInt(DbRows[0].Values['Id']);
66 User := StrToInt(DbRows[0].Values['User']);
67 Database.Query(DbRows, 'UPDATE `UserOnline` SET `ActivityTime` = NOW() WHERE `Id`=' + IntToStr(Id));
68 end else begin
69 // Create new record
70 Database.Query(DbRows, 'INSERT INTO `UserOnline` (`User`, `ActivityTime`, `SessionId`) ' +
71 'VALUES (1, NOW(), "' + HandlerData.Request.Cookies.Values['SessionId'] + '")');
72 Id := Database.LastInsertId;
73 User := 1;
74 end;
75 finally
76 DbRows.Free;
77 end;
78end;
79
80procedure TWebOnlineUser.Login(User: Integer);
81var
82 DbRows: TDbRows;
83begin
84 Logout;
85 try
86 DbRows := TDbRows.Create;
87 Database.Query(DbRows, 'UPDATE `UserOnline` SET `User` = ' + IntToStr(User) + ', `LoginTime` = NOW() WHERE `SessionId`="' +
88 HandlerData.Request.Cookies.Values['SessionId'] + '"');
89 finally
90 DbRows.Free;
91 end;
92 Self.User := User;
93end;
94
95procedure TWebOnlineUser.Logout;
96var
97 DbRows: TDbRows;
98begin
99 if Id = AnonymousUserId then Update;
100 if User <> AnonymousUserId then begin
101 try
102 DbRows := TDbRows.Create;
103 Database.Query(DbRows, 'UPDATE `UserOnline` SET `User` = ' + IntToStr(AnonymousUserId) + ' WHERE `SessionId`="' +
104 HandlerData.Request.Cookies.Values['SessionId'] + '"');
105 finally
106 DbRows.Free;
107 end;
108 User := AnonymousUserId;
109 end;
110end;
111
112{ TUser }
113
114procedure TWebUser.Delete(Id: Integer);
115var
116 DbRows: TDbRows;
117begin
118 try
119 DbRows := TDbRows.Create;
120 Database.Query(DbRows, 'DELETE FROM `User` WHERE `Id`=' + IntToStr(Id));
121 finally
122 DbRows.Free;
123 end;
124end;
125
126procedure TWebUser.Add(Name, Password, Email: string);
127var
128 Salt: string;
129 DbRows: TDbRows;
130begin
131 if (Name = '') or (Password = '') or (Email = '') then raise Exception.Create(SEmptyUserParameters);
132 try
133 DbRows := TDbRows.Create;
134 Database.Query(DbRows, 'SELECT `Id` FROM `User` WHERE `Name`="' + Name + '"');
135 if DbRows.Count = 0 then begin
136 Salt := EncodeBase64(Copy(BinToHexString(SHA1(FloatToStr(Now))), 1, 8));
137 Database.Query(DbRows, 'INSERT INTO `User` (`Name`, `Password`, `Salt`, `Email`, `RegistrationTime`) VALUES ("' +
138 Name + '", SHA1(CONCAT("' + Password + '", "' + Salt + '")), "' + Salt +
139 '", "' + Email + '", NOW())');
140 end else raise EDuplicateItem.Create(Format(SDuplicateUserItem, [Name]));
141 finally
142 DbRows.Free;
143 end;
144end;
145
146function TWebUser.GetIdByName(Name: string): Integer;
147var
148 DbRows: TDbRows;
149begin
150 try
151 DbRows := TDbRows.Create;
152 Database.Query(DbRows, 'SELECT `Id` FROM `User` WHERE `Name`="' + Name + '"');
153 if DbRows.Count = 1 then Result := StrToInt(DbRows[0].Items[0].Value)
154 else raise ENotFound.Create(Format(SUserNotFound, [Name]));
155 finally
156 DBRows.Free;
157 end;
158end;
159
160function TWebUser.GetIdByNamePassword(Name: string; PassWord: string): Integer;
161var
162 DbRows: TDbRows;
163begin
164 try
165 DbRows := TDbRows.Create;
166 Database.Query(DbRows, 'SELECT `Id` FROM `User` WHERE `Name`="' + Name + '" AND ' +
167 '`Password` = SHA1(CONCAT("' + Password + '", Salt))');
168 if DbRows.Count = 1 then Result := StrToInt(DbRows[0].Items[0].Value)
169 else raise ENotFound.Create(Format(SUserNotFound, [Name]));
170 finally
171 DBRows.Free;
172 end;
173end;
174
175procedure TWebUser.Load;
176var
177 DbRows: TDbRows;
178begin
179 try
180 DbRows := TDbRows.Create;
181 Database.Query(DbRows, 'SELECT * FROM `User` WHERE `Id`="' + IntToStr(Id) + '"');
182 if DbRows.Count = 1 then begin
183 Name := DbRows[0].Values['Name'];
184 FullName := DbRows[0].Values['FullName'];
185 Email := DbRows[0].Values['Email'];
186 end else raise ENotFound.Create(Format(SUserNotFound, [IntToStr(Id)]));
187 finally
188 DBRows.Free;
189 end;
190end;
191
192end.
193
Note: See TracBrowser for help on using the repository browser.