source: branches/mvc/Application/Model/User.php

Last change on this file was 47, checked in by chronos, 10 years ago
  • Odstraněno: Zbytečná PHP ukončovací značka "?>" z konce všech souborů.
  • Property svn:executable set to *
File size: 12.8 KB
Line 
1<?php
2
3class User extends Model
4{
5 var $Dependencies = array('Log');
6 var $Data = array();
7 var $DefaultRole = 2;
8 var $OnlineStateTimeout = 600; // in seconds
9 var $AnonymousUserId = 1;
10
11 var $Roles = array('Unknown', 'Anonymous', 'User', 'Administrator');
12
13 function PasswordHash($Name, $Password)
14 {
15 return(sha1(strtoupper($Name.':'.$Password)));
16 }
17
18 function Check()
19 {
20 $SID = session_id();
21
22 // Remove inactive users
23 $DbResult = $this->Database->select('UserOnline', 'Id, User', 'ActivityTime < DATE_SUB(NOW(), INTERVAL '.$this->OnlineStateTimeout.' SECOND)');
24 while($DbRow = $DbResult->fetch_array())
25 {
26 $this->System->Modules['User']->Data['Id'] = $DbRow['User'];
27 if($DbRow['User'] != $this->AnonymousUserId) $this->System->Modules['Log']->NewRecord('User', 'Logout');
28 $this->Database->delete('UserOnline', 'Id='.$DbRow['Id']);
29 }
30
31 // Lookup user record
32 $Query = $this->Database->select('UserOnline', '*', 'SessionId="'.$SID.'"');
33 if($Query->num_rows == 0)
34 $this->Database->insert('UserOnline', array('SessionId' => $SID, 'User' => $this->AnonymousUserId, 'LoginTime' => 'NOW()', 'ActivityTime' => 'NOW()', 'IpAddress' => GetRemoteAddress(), 'HostName' => gethostbyaddr(GetRemoteAddress()), 'ScriptName' => $_SERVER['PHP_SELF']));
35 //echo($this->Database->LastQuery);
36
37 // Check login
38 $Query = $this->Database->select('UserOnline', '*', 'SessionId="'.$SID.'"');
39 $Row = $Query->fetch_assoc();
40 if($Row['User'] != $this->AnonymousUserId)
41 {
42 $Query = $this->Database->select('User', '*', 'Id='.$Row['User']);
43 $this->Data = $Query->fetch_assoc();
44 $Result = $this->System->Translate('UserLogged');
45 } else
46 {
47 $Query = $this->Database->select('User', '*', 'Id='.$this->AnonymousUserId);
48 $this->Data = $Query->fetch_assoc();
49 $Result = $this->System->Translate('UserNotLogged');
50 }
51
52 // Refresh time of last access
53 $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array('ActivityTime' => 'NOW()'));
54
55 //$this->LoadPermission($this->Data['Role']);
56
57 // Role and permission
58 //$this->LoadRoles();
59 }
60
61 function Register($Login, $Password, $Password2, $Email, $Name)
62 {
63 global $Options, $Config;
64
65 if(($Email == '') || ($Login == '') || ($Password == '') || ($Password2 == '') || ($Name == '')) $Result = $this->System->Translate('MissingData');
66 else if($Password != $Password2) $Result = $this->System->Translate('PasswordsUnmatched');
67 else
68 {
69 // Je uživatel registrován?
70 $Query = $this->Database->select('User', '*', 'Login = "'.$Login.'"');
71 if($Query->num_rows > 0) $Result = $this->System->Translate('LoginUsed');
72 else
73 {
74 $Query = $this->Database->select('User', '*', 'Name = "'.$Name.'"');
75 if($Query->num_rows > 0) $Result = $this->System->Translate('NameUsed');
76 else
77 {
78 $Query = $this->Database->select('User', '*', 'Email = "'.$Email.'"');
79 if($Query->num_rows > 0) $Result = $this->System->Translate('EmailUsed');
80 else
81 {
82 $this->Database->insert('User', array('Name' => $Name, 'Login' => $Login, 'Password' => $this->PasswordHash($Login, $Password), 'Email' => $Email, 'RegistrationTime' => 'NOW()', 'Locked' => 1, 'Role' => 2));
83 $UserId = $this->Database->insert_id;
84
85 $Subject = FromUTF8('Registrace nového účtu', 'iso2');
86 $Message = 'Provedli jste registraci nového účtu na serveru <a href="http://'.$Config['System']['Host'].$Config['System']['RootFolder'].'/">http://'.$Config['System']['Host'].$Config['System']['RootFolder']."/</a>.<br/>\nPokud jste tak neučinili, měli by jste tento email ignorovat.<br/><br/>\n\nVáš účet je: ".$Login."\n<br/>Pro dokončení registrace klikněte na tento odkaz: ".'<a href="http://'.$Config['System']['Host'].$Config['System']['RootFolder'].'/?Action=UserRegisterConfirm&User='.$UserId.'&H='.$this->PasswordHash($Login, $Password).'">http://'.$Config['System']['Host'].$Config['System']['RootFolder'].'/?Action=UserRegisterConfirm&User='.$UserId.'&H='.$this->PasswordHash($Login, $Password).'</a>.'."\n<br/> \n\n<br/><br/>Na tento email neodpovídejte.";
87 $AdditionalHeaders = "To: ".$Name." <".$Email.">\n"."From: ".FromUTF8($Config['System']['Title'], 'iso2')." <noreplay@zdechov.net>\n"."MIME-Version: 1.0\n"."Content-type: text/html; charset=utf-8";
88 mail($Email, $Subject, $Message, $AdditionalHeaders);
89 $Result = $this->System->Translate('UserRegistrated');
90 $this->System->Modules['Log']->NewRecord('User', 'NewRegistration', $Login);
91 }
92 }
93 }
94 }
95 return($Result);
96 }
97
98 function RegisterConfirm($Id, $Hash)
99 {
100 $DbResult = $this->Database->select('User', 'Id, Login, Password', 'Id = '.$Id);
101 if($DbResult->num_rows > 0)
102 {
103 $Row = $DbResult->fetch_array();
104 if($Hash == $Row['Password'])
105 {
106 $this->Database->update('User', 'Id='.$Row['Id'], array('Locked' => 0));
107 $Output = $this->System->Translate('UserRegistrationConfirmed');
108 $this->System->Modules['Log']->NewRecord('User', 'RegisterConfirm', 'Login='.$Row['Login'].', Id='.$Row['Id']);
109 } else $Output = $this->System->Translate('PasswordsUnmatched');
110 } else $Output = $this->System->Translate('UserNotFound');
111 return($Output);
112 }
113
114 function Login($Login, $Password)
115 {
116 $SID = session_id();
117 $Query = $this->Database->select('User', '*', 'Login="'.$Login.'"');
118 if($Query->num_rows > 0)
119 {
120 $Row = $Query->fetch_assoc();
121 if($Row['Password'] != $this->PasswordHash($Login, $Password)) $Result = $this->System->Translate('BadPassword');
122 else if($Row['Locked'] == 1) $Result = $this->System->Translate('AccountLocked');
123 else
124 {
125 $this->Database->update('User', 'Id='.$Row['Id'], array('LastLoginTime' => 'NOW()', 'LastIpAddress' => GetRemoteAddress()));
126 $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array('User' => $Row['Id']));
127 // načtení stavu stromu
128 $Result = $this->System->Translate('UserLoggedIn');
129 $this->System->Modules['Log']->NewRecord('User', 'Login', 'Login='.$Login.',Host='.gethostbyaddr(GetRemoteAddress()));
130 }
131 } else $Result = $this->System->Translate('UserNotRegistred');
132 $this->Check();
133 return($Result);
134 }
135
136 function Logout()
137 {
138 $SID = session_id();
139 $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array('User' => $this->AnonymousUserId));
140 $this->System->Modules['Log']->NewRecord('User', 'Logout', $this->Data['Login']);
141 $this->Check();
142 return($this->System->Translate('UserLoggedOut'));
143 }
144
145 function LoadRoles()
146 {
147 $this->Roles = array();
148 $DbResult = $this->Database->select('UserRole', '*');
149 while($DbRow = $DbResult->fetch_array())
150 $this->Roles[] = $DbRow;
151 }
152
153 function LoadPermission($Role)
154 {
155 $this->Data['Permission'] = array();
156 $DbResult = $this->Database->query('SELECT `UserRolePermission`.*, `PermissionOperation`.`Description` FROM `UserRolePermission` JOIN `PermissionOperation` ON `PermissionOperation`.`Id` = `UserRolePermission`.`Operation` WHERE `UserRolePermission`.`Role` = '.$Role);
157 if($DbResult->num_rows > 0)
158 while($DbRow = $DbResult->fetch_array())
159 $this->Data['Permission'][$DbRow['Operation']] = $DbRow;
160 }
161
162 function PermissionMatrix()
163 {
164 $Result = array();
165 $DbResult = $this->Database->query('SELECT `UserRolePermission`.*, `PermissionOperation`.`Description`, `UserRole`.`Title` FROM `UserRolePermission` LEFT JOIN `PermissionOperation` ON `PermissionOperation`.`Id` = `UserRolePermission`.`Operation` LEFT JOIN `UserRole` ON `UserRole`.`Id` = `UserRolePermission`.`Role`');
166 while($DbRow = $DbResult->fetch_array())
167 {
168 $Value = '';
169 if($DbRow['Read']) $Value .= 'R';
170 if($DbRow['Write']) $Value .= 'W';
171 $Result[$DbRow['Description']][$DbRow['Title']] = $Value;
172 }
173 return($Result);
174 }
175
176 function CheckGroupPermission($GroupId, $OperationId)
177 {
178 // Check group-group relation
179 $DbResult = $this->Database->select('PermissionGroupAssignment', '*', '`Group`="'.$GroupId.'" AND `Type`="Group"');
180 while($DbRow = $DbResult->fetch_array())
181 {
182 if($this->CheckGroupPermission($DbRow['GroupOrOperation'], $OperationId) == true) return(true);
183 }
184
185 // Check group-operation relation
186 $DbResult = $this->Database->select('PermissionGroupAssignment', '*', '`Group`="'.$GroupId.'" AND `GroupOrOperation`="'.$OperationId.'" AND `Type`="Operation"');
187 if($DbResult->num_rows > 0) return(true);
188 return(false);
189 }
190
191 function CheckPermission($Module, $Operation, $ItemType = '', $ItemIndex = 0)
192 {
193 $DbResult = $this->Database->select('PermissionOperation', 'Id', '`Module`="'.$Module.'" AND `Item`="'.$ItemType.'" AND `ItemId`='.$ItemIndex.' AND `Operation`="'.$Operation.'"');
194 if($DbResult->num_rows > 0)
195 {
196 $DbRow = $DbResult->fetch_array();
197 $OperationId = $DbRow['Id'];
198
199 // Check user-operation relation
200 $DbResult = $this->Database->select('PermissionUserAssignment', '*', '`User`="'.$this->Data['Id'].'" AND `GroupOrOperation`="'.$OperationId.'" AND `Type`="Operation"');
201 if($DbResult->num_rows > 0) return(true);
202
203 // Check user-group relation
204 $DbResult = $this->Database->select('PermissionUserAssignment', 'GroupOrOperation', '`User`="'.$this->Data['Id'].'" AND `Type`="Group"');
205 while($DbRow = $DbResult->fetch_array())
206 {
207 if($this->CheckGroupPermission($DbRow['GroupOrOperation'], $OperationId) == true) return(true);
208 }
209 return(false);
210 } else return(false);
211 }
212
213 function PasswordRecoveryRequest($Login, $Email)
214 {
215 global $Config;
216
217 $DbResult = $this->Database->select('User', 'Login, Name, Id, Email, Password', '`Login`="'.$Login.'" AND `Email`="'.$Email.'"');
218 if($DbResult->num_rows > 0)
219 {
220 $Row = $DbResult->fetch_assoc();
221 $NewPassword = substr(sha1(strtoupper($Row['Login'])), 0, 7);
222
223 $Subject = 'Obnova hesla';
224 $Message = 'Požádali jste o zaslání nového hesla na serveru <a href="http://'.$Config['System']['Host'].$Config['System']['RootFolder'].'">http://'.$Config['System']['Host'].$Config['System']['RootFolder']."</a>.<br />\nPokud jste tak neučinili, měli by jste tento email ignorovat.<br /><br />\n\nVaše nové heslo k účtu ".$Row['Login']." je: ".$NewPassword."\n<br/>Pro aktivaci tohoto hesla klikněte na ".'<a href="http://'.$Config['System']['Host'].$Config['System']['RootFolder'].'/?Action=PasswordRecoveryConfirm&User='.$Row['Id'].'&H='.$Row['Password'].'&P='.$NewPassword.'">tento odkaz</a>.'."\n<br /> Po přihlášení si prosím změňte heslo na nové.\n\n<br/><br/>Na tento email neodpovídejte.";
225 $AdditionalHeaders = "To: ".$Row['Name']." <".$Row['Email'].">\n"."From: ".FromUTF8($Config['System']['Title'], 'iso2')." <noreplay@zdechov.net>\n"."MIME-Version: 1.0\n"."Content-type: text/html; charset=utf-8";
226 mail($Row['Email'], $Subject, $Message, $AdditionalHeaders);
227 $Output = $this->System->Translate('UserPasswordRecoverySuccess');
228 $this->System->Modules['Log']->NewRecord('User', 'PasswordRecoveryRequest', 'Login='.$Login.',Email='.$Email);
229 } else $Output = $this->System->Translate('UserPasswordRecoveryFail');
230 return($Output);
231 }
232
233 function PasswordRecoveryConfirm($Id, $Hash, $NewPassword)
234 {
235 $DbResult = $this->Database->select('User', 'Id, Login, Password', 'Id = '.$Id);
236 if($DbResult->num_rows > 0)
237 {
238 $Row = $DbResult->fetch_array();
239 $NewPassword2 = substr(sha1(strtoupper($Row['Login'])), 0, 7);
240 if(($NewPassword == $NewPassword2) and ($Hash == $Row['Password']))
241 {
242 $this->Database->update('User', 'Id='.$Row['Id'], array('Password' => sha1($NewPassword), 'Locked' => 0));
243 $Output = $this->System->Translate('UserPasswordRecoveryConfirmed');
244 $this->System->Modules['Log']->NewRecord('User', 'PasswordRecoveryConfirm', 'Login='.$Row['Login']);
245 } else $Output = $this->System->Translate('UserPasswordUnmatched');
246 } else $Output = $this->System->Translate('UserNotFound');
247 return($Output);
248 }
249
250 function ServerCount()
251 {
252 $DbResult = $this->Database->query('SELECT COUNT(*) FROM Server WHERE User='.$this->Data['Id']);
253 $DbRow = $DbResult->fetch_row();
254 return($DbRow[0]);
255 }
256
257 function RealmCount()
258 {
259 $Total = 0;
260 $DbResult = $this->Database->query('SELECT Id FROM Server WHERE User='.$this->User['Id']);
261 while($DbRow = $DbResult->fetch_assoc())
262 {
263 $Server = new Server($this->Database, $DbRow['Id']);
264 $Total += $Server->RealmCount();
265 }
266 return($Total);
267 }
268}
Note: See TracBrowser for help on using the repository browser.