source: devel/www/user.php@ 96

Last change on this file since 96 was 96, checked in by george, 17 years ago
  • Přidáno: Možnost zobrazit aktuality v samostném okně po kliknutí.
  • Přidáno: Funkce obnovení zapomenutého hesla uživatele.
  • Property svn:executable set to *
File size: 9.8 KB
Line 
1<?php
2
3define('NICK_USED', 'Přezdívka použita!');
4define('USER_REGISTRATED', 'Uživatel zaregistrován.');
5define('DATA_MISSING', 'Chybí emailová adresa, přezdívka, nebo některé z hesel!');
6define('PASSWORDS_UNMATCHED', 'Hesla si neodpovídají!');
7define('USER_NOT_LOGGED', 'Nejste přihlášen.');
8define('USER_LOGGED', 'Uživatel přihlášen.');
9define('USER_NOT_REGISTRED', 'Uživatel neregistrován.');
10define('USER_ALREADY_LOGGED', 'Uživatel již přihlášen.');
11define('USER_LOGGED_IN', 'Byl jste přihlášen.');
12define('USER_LOGGED_OUT', 'Byl jste odhlášen.');
13define('BAD_PASSWORD', 'Špatné heslo.');
14define('USER_NOT_FOUND', 'Uživatele nenalezen.');
15define('USER_TIMEOUT', 300); // in seconds
16define('USER_PASSWORD_RECOVERY_SUCCESS', 'Přihlašovací údaje byly odeslány na zadanou emailovou adresu.');
17define('USER_PASSWORD_RECOVERY_FAIL', 'Podle zadaných údajů nebyl nalezen žádný uživatel.');
18define('USER_PASSWORD_RECOVERY_CONFIRMED', 'Nové heslo bylo aktivováno.');
19
20define('USER_EVENT_REGISTER', 1);
21define('USER_EVENT_LOGIN', 2);
22define('USER_EVENT_LOGOUT', 3);
23define('USER_EVENT_OPTIONS_CHANGED', 4);
24
25class User extends Module
26{
27 var $Dependencies = array('Log');
28 var $Roles = array();
29 var $User = array();
30 var $DefaultRole = 2;
31 var $AnonymousUserId = 1;
32
33 function Check()
34 {
35 $SID = session_id();
36 // Lookup user record
37 $Query = $this->Database->select('UserOnline', '*', 'SessionId="'.$SID.'"');
38 if($Query->num_rows > 0)
39 {
40 // Refresh time of last access
41 $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array('Time' => 'NOW()'));
42 } else $this->Database->insert('UserOnline', array('SessionId' => $SID, 'User' => $this->AnonymousUserId, 'Time' => 'NOW()', 'IpAddress' => GetRemoteAddress(), 'HostName' => gethostbyaddr(GetRemoteAddress())));
43 //echo($this->Database->LastQuery);
44
45 // Odeber neaktivní uživatele
46 $this->Database->delete('UserOnline', 'Time < DATE_SUB(NOW(), INTERVAL '.USER_TIMEOUT.' SECOND)');
47
48 // Zkontroluj přihlášení
49 $Query = $this->Database->select('UserOnline', '*', 'SessionId="'.$SID.'"');
50 $Row = $Query->fetch_array();
51 if($Row['User'] != $this->AnonymousUserId)
52 {
53 $Query = $this->Database->select('User', '*', "Id=".$Row['User']."");
54 $this->User = $Query->fetch_array();
55 $Result = USER_LOGGED;
56 } else
57 {
58 $Query = $this->Database->select('User', '*', "Id=".$this->AnonymousUserId);
59 $this->User = $Query->fetch_array();
60 $Result = USER_NOT_LOGGED;
61 }
62 //$this->LoadPermission($this->User['Role']);
63
64 // Role and permission
65 //$this->LoadRoles();
66
67 }
68
69 function Register($Nick, $Password, $Password2, $Email, $FirstName, $SecondName)
70 {
71 global $Options;
72 if(($Email == '') || ($Nick == '') || ($Password == '') || ($Password2 == '')) $Result = DATA_MISSING;
73 else if($Password != $Password2) $Result = PASSWORDS_UNMATCHED;
74 else
75 {
76 // Je uživatel registrován?
77 $Query = $this->Database->select('User', '*', 'Name = "'.$Nick.'"');
78 if($Query->num_rows > 0) $Result = NICK_USED;
79 else
80 {
81 $this->Database->insert('User', array('Name' => $Nick, 'FirstName' => $FirstName, 'SecondName' => $SecondName, 'Password' => sha1($Password), 'Email' => $Email, 'RegistrationTime' => 'NOW()'));
82 $Result = USER_REGISTRATED;
83 $this->System->Modules['Log']->NewRecord('User', 'Uživatel registrován', $Nick);
84 }
85 }
86 return($Result);
87 }
88
89 function Login($Nick, $Password)
90 {
91 $SID = session_id();
92 // Je uživatel registrován?
93 $Query = $this->Database->select('User', '*', 'Name="'.$Nick.'"');
94 if($Query->num_rows > 0)
95 {
96 $Row = $Query->fetch_array();
97 if($Row['Password'] != sha1($Password)) $Result = BAD_PASSWORD;
98 else
99 {
100 $this->Database->update('User', 'Id='.$Row['Id'], array('LastLoginTime' => 'NOW()'));
101 $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array('User' => $Row['Id']));
102 // načtení stavu stromu
103 $Result = USER_LOGGED_IN;
104 $this->System->Modules['Log']->NewRecord('User', 'Uživatel přihlášen', $Nick);
105 }
106 } else $Result = USER_NOT_REGISTRED;
107 $this->Check();
108 return($Result);
109 }
110
111 function Logout()
112 {
113 $SID = session_id();
114 $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array('User' => $this->AnonymousUserId));
115 $this->System->Modules['Log']->NewRecord('User', 'Uživatel odhlášen', $this->User['Name']);
116 $this->Check();
117 return(USER_LOGGED_OUT);
118 }
119
120 function LoadRoles()
121 {
122 $this->Roles = array();
123 $DbResult = $this->Database->select('UserRole', '*');
124 while($DbRow = $DbResult->fetch_array())
125 $this->Roles[] = $DbRow;
126 }
127
128 function LoadPermission($Role)
129 {
130 $this->User['Permission'] = array();
131 $DbResult = $this->Database->query('SELECT `UserRolePermission`.*, `PermissionOperation`.`Description` FROM `UserRolePermission` JOIN `PermissionOperation` ON `PermissionOperation`.`Id` = `UserRolePermission`.`Operation` WHERE `UserRolePermission`.`Role` = '.$Role);
132 if($DbResult->num_rows > 0)
133 while($DbRow = $DbResult->fetch_array())
134 $this->User['Permission'][$DbRow['Operation']] = $DbRow;
135 }
136
137 function PermissionMatrix()
138 {
139 $Result = array();
140 $DbResult = $this->Database->query('SELECT `UserRolePermission`.*, `PermissionOperation`.`Description`, `UserRole`.`Title` FROM `UserRolePermission` LEFT JOIN `PermissionOperation` ON `PermissionOperation`.`Id` = `UserRolePermission`.`Operation` LEFT JOIN `UserRole` ON `UserRole`.`Id` = `UserRolePermission`.`Role`');
141 while($DbRow = $DbResult->fetch_array())
142 {
143 $Value = '';
144 if($DbRow['Read']) $Value .= 'R';
145 if($DbRow['Write']) $Value .= 'W';
146 $Result[$DbRow['Description']][$DbRow['Title']] = $Value;
147 }
148 return($Result);
149 }
150
151 function CheckGroupPermission($GroupId, $OperationId)
152 {
153 // Check group-group relation
154 $DbResult = $this->Database->select('PermissionGroupAssignment', '*', '`Group`="'.$GroupId.'" AND `Type`="Group"');
155 while($DbRow = $DbResult->fetch_array())
156 {
157 if($this->CheckGroupPermission($DbRow['GroupOrOperation'], $OperationId) == true) return(true);
158 }
159
160 // Check group-operation relation
161 $DbResult = $this->Database->select('PermissionGroupAssignment', '*', '`Group`="'.$GroupId.'" AND `GroupOrOperation`="'.$OperationId.'" AND `Type`="Operation"');
162 if($DbResult->num_rows > 0) return(true);
163 return(false);
164 }
165
166 function CheckPermission($Module, $Operation, $ItemType = '', $ItemIndex = 0)
167 {
168 $DbResult = $this->Database->select('PermissionOperation', 'Id', '`Module`="'.$Module.'" AND `Item`="'.$ItemType.'" AND `ItemId`='.$ItemIndex.' AND `Operation`="'.$Operation.'"');
169 if($DbResult->num_rows > 0)
170 {
171 $DbRow = $DbResult->fetch_array();
172 $OperationId = $DbRow['Id'];
173
174 // Check user-operation relation
175 $DbResult = $this->Database->select('PermissionUserAssignment', '*', '`User`="'.$this->User['Id'].'" AND `GroupOrOperation`="'.$OperationId.'" AND `Type`="Operation"');
176 if($DbResult->num_rows > 0) return(true);
177
178 // Check user-group relation
179 $DbResult = $this->Database->select('PermissionUserAssignment', 'GroupOrOperation', '`User`="'.$this->User['Id'].'" AND `Type`="Group"');
180 while($DbRow = $DbResult->fetch_array())
181 {
182 if($this->CheckGroupPermission($DbRow['GroupOrOperation'], $OperationId) == true) return(true);
183 }
184 return(false);
185 } else return(false);
186 }
187
188 function PasswordRecoveryRequest($Name, $Email)
189 {
190 global $Config;
191
192 $DbResult = $this->Database->select('User', 'Name, Id, Email, Password', '`Name`="'.$Name.'" AND `Email`="'.$Email.'"');
193 if($DbResult->num_rows > 0)
194 {
195 $Row = $DbResult->fetch_array();
196 $NewPassword = substr(sha1(strtoupper($Row['Name'])), 0, 7);
197
198 $Subject = 'Obnova hesla';
199 $Message = 'Požádali jste o zaslání nového hesla na serveru <a href="http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'">http://'.$Config['Web']['Host'].$Config['Web']['RootFolder']."</a>.<br>\nPokud jste tak neučinili, měli by jste tento email ignorovat.<br><br>\n\nVaše nové heslo k účtu ".$Row['Name']." je: ".$NewPassword."\n<br>Pro aktivaci tohoto hesla klikněte na ".'<a href="http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'/?Action=PasswordRecoveryConfirm&amp;User='.$Row['Id'].'&amp;H='.$Row['Password'].'&amp;P='.$NewPassword.'">tento odkaz</a>.'."\n<br> Po přihlášení si prosím změňte heslo na nové.\n\n<br><br>Na tento email neodpovídejte.";
200 $AdditionalHeaders = "To: ".$Row['Name']." <".$Row['Email'].">\n"."From: ".from_utf8($Config['Web']['Title'], 'iso2')." <noreplay@zdechov.net>\n"."MIME-Version: 1.0\n"."Content-type: text/html; charset=utf-8";
201 mail($Row['Email'], $Subject, $Message, $AdditionalHeaders);
202 $Output = USER_PASSWORD_RECOVERY_SUCCESS;
203 } else $Output = USER_PASSWORD_RECOVERY_FAIL;
204 return($Output);
205 }
206
207 function PasswordRecoveryConfirm($Id, $Hash, $NewPassword)
208 {
209 $DbResult = $this->Database->select('User', 'Id, Name, Password', 'Id = '.$Id);
210 if($DbResult->num_rows > 0)
211 {
212 $Row = $DbResult->fetch_array();
213 $NewPassword2 = substr(sha1(strtoupper($Row['Name'])), 0, 7);
214 if(($NewPassword == $NewPassword2) and ($Hash == $Row['Password']))
215 {
216 $this->Database->update('User', 'Id='.$Row['Id'], array('Password' => sha1($NewPassword)));
217 $Output = USER_PASSWORD_RECOVERY_CONFIRMED;
218 } else $Output = PASSWORDS_UNMATCHED;
219 } else $Output = USER_NOT_FOUND;
220 return($Output);
221 }
222}
223
224?>
Note: See TracBrowser for help on using the repository browser.