Changeset 148 for www/user.php
- Timestamp:
- Feb 15, 2009, 7:59:35 PM (15 years ago)
- File:
-
- 1 edited
-
www/user.php (modified) (7 diffs)
Legend:
- Unmodified
- Added
- Removed
-
www/user.php
r130 r148 1 1 <?php 2 2 3 define('NICK_USED', 'Přezdívka použita!'); 3 define('NICK_USED', 'Přihlašovací jméno již použito.'); 4 define('EMAIL_USED', 'Email je již použitý.'); 4 5 define('USER_REGISTRATED', 'Uživatel zaregistrován.'); 5 define('DATA_MISSING', 'Chybí emailová adresa, přezdívka, nebo některé z hesel!'); 6 define('PASSWORDS_UNMATCHED', 'Hesla si neodpovídají!'); 6 define('USER_REGISTRATION_CONFIRMED', 'Vaše registrace byla potvrzena.'); 7 define('DATA_MISSING', 'Chybí emailová adresa, přezdívka, nebo některé z hesel.'); 8 define('PASSWORDS_UNMATCHED', 'Hesla si neodpovídají.'); 9 define('ACCOUNT_LOCKED', 'Účet uzamčen. Po registraci je nutné provést aktivaci účtu podle zaslaného aktivačního emailu.'); 7 10 define('USER_NOT_LOGGED', 'Nejste přihlášen.'); 8 11 define('USER_LOGGED', 'Uživatel přihlášen.'); … … 12 15 define('USER_LOGGED_OUT', 'Byl jste odhlášen.'); 13 16 define('BAD_PASSWORD', 'Špatné heslo.'); 17 define('USER_NOT_FOUND', 'Uživatel nenalezen.'); 14 18 define('USER_TIMEOUT', 300); // in seconds 19 define('USER_PASSWORD_RECOVERY_SUCCESS', 'Přihlašovací údaje byly odeslány na zadanou emailovou adresu.'); 20 define('USER_PASSWORD_RECOVERY_FAIL', 'Podle zadaných údajů nebyl nalezen žádný uživatel.'); 21 define('USER_PASSWORD_RECOVERY_CONFIRMED', 'Nové heslo bylo aktivováno.'); 22 23 define('USER_EVENT_REGISTER', 1); 24 define('USER_EVENT_LOGIN', 2); 25 define('USER_EVENT_LOGOUT', 3); 26 define('USER_EVENT_OPTIONS_CHANGED', 4); 15 27 16 28 class User extends Module 17 29 { 30 var $Dependencies = array('Log'); 18 31 var $Roles = array(); 19 32 var $User = array(); 20 33 var $DefaultRole = 2; 21 var $AnonymousUserId = 1;34 var $AnonymousUserId = 80; 22 35 23 36 function Check() … … 29 42 { 30 43 // Refresh time of last access 31 $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array(' Time' => 'NOW()'));32 } else $this->Database->insert('UserOnline', array('SessionId' => $SID, 'User' => $this->AnonymousUserId, ' Time' => 'NOW()', 'IpAddress' => GetRemoteAddress(), 'HostName' => gethostbyaddr(GetRemoteAddress())));44 $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array('ActivityTime' => 'NOW()')); 45 } else $this->Database->insert('UserOnline', array('SessionId' => $SID, 'User' => $this->AnonymousUserId, 'LoginTime' => 'NOW()', 'ActivityTime' => 'NOW()', 'IpAddress' => GetRemoteAddress(), 'HostName' => gethostbyaddr(GetRemoteAddress()))); 33 46 //echo($this->Database->LastQuery); 34 35 // Odeber neaktivní uživatele36 $this->Database->delete('UserOnline', 'Time < DATE_SUB(NOW(), INTERVAL '.USER_TIMEOUT.' SECOND)');37 47 38 48 // Zkontroluj přihlášení 39 49 $Query = $this->Database->select('UserOnline', '*', 'SessionId="'.$SID.'"'); 40 50 $Row = $Query->fetch_array(); 41 if( ($Row['User'] != $this->AnonymousUserId) and ($Query->num_rows > 0))51 if($Row['User'] != $this->AnonymousUserId) 42 52 { 43 53 $Query = $this->Database->select('User', '*', "Id=".$Row['User'].""); 44 54 $this->User = $Query->fetch_array(); 45 55 $Result = USER_LOGGED; 46 } else 56 } else 47 57 { 48 58 $Query = $this->Database->select('User', '*', "Id=".$this->AnonymousUserId); … … 50 60 $Result = USER_NOT_LOGGED; 51 61 } 52 $this->LoadPermission($this->User['Role']); 62 63 // Odeber neaktivní uživatele 64 $DbResult = $this->Database->select('UserOnline', 'Id, User', 'ActivityTime < DATE_SUB(NOW(), INTERVAL '.USER_TIMEOUT.' SECOND)'); 65 while($DbRow = $DbResult->fetch_array()) 66 { 67 $this->Database->delete('UserOnline', 'Id='.$DbRow['User']); 68 $this->System->Modules['Log']->NewRecord('User', 'Logout'); 69 } 70 //$this->LoadPermission($this->User['Role']); 53 71 54 72 // Role and permission 55 $this->LoadRoles(); 56 } 57 58 function Register($Nick, $Password, $Password2, $Email, $FullName) 59 { 60 global $Options; 73 //$this->LoadRoles(); 74 } 75 76 function Register($Nick, $Password, $Password2, $Email, $FirstName, $SecondName) 77 { 78 global $Options, $Config; 79 61 80 if(($Email == '') || ($Nick == '') || ($Password == '') || ($Password2 == '')) $Result = DATA_MISSING; 62 81 else if($Password != $Password2) $Result = PASSWORDS_UNMATCHED; 63 else 82 else 64 83 { 65 84 // Je uživatel registrován? 66 85 $Query = $this->Database->select('User', '*', 'Name = "'.$Nick.'"'); 67 if($Query->num_rows() > 0) $Result = NICK_USED; 68 else 69 { 70 $this->Database->insert('User', array('Name' => addslashes($Nick), 'FullName' => addslashes($FullName), 'Password' => addslashes($Password), 'Email' => htmlspecialchars($Email), 'Role' => $this->DefaultRole)); 71 $Result = USER_REGISTRATED; 86 if($Query->num_rows > 0) $Result = NICK_USED; 87 else 88 { 89 $Query = $this->Database->select('User', '*', 'Email = "'.$Email.'"'); 90 if($Query->num_rows > 0) $Result = EMAIL_USED; 91 else 92 { 93 $this->Database->insert('User', array('Name' => $Nick, 'FirstName' => $FirstName, 'SecondName' => $SecondName, 'Password' => sha1($Password), 'Email' => $Email, 'RegistrationTime' => 'NOW()', 'Locked' => 1)); 94 $UserId = $this->Database->insert_id; 95 96 $Subject = FromUTF8('Registrace nového účtu', 'iso2'); 97 $Message = 'Provedli jste registraci nového účtu na serveru <a href="http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'">http://'.$Config['Web']['Host'].$Config['Web']['RootFolder']."</a>.<br>\nPokud jste tak neučinili, měli by jste tento email ignorovat.<br><br>\n\nVáš účet je: ".$Nick."\n<br>Pro dokončení registrace klikněte na ".'<a href="http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'/?Action=UserRegisterConfirm&User='.$UserId.'&H='.sha1($Password).'">tento odkaz</a>.'."\n<br> \n\n<br><br>Na tento email neodpovídejte."; 98 $AdditionalHeaders = "To: ".$Nick." <".$Email.">\n"."From: ".FromUTF8($Config['Web']['Title'], 'iso2')." <noreplay@zdechov.net>\n"."MIME-Version: 1.0\n"."Content-type: text/html; charset=utf-8"; 99 mail($Email, $Subject, $Message, $AdditionalHeaders); 100 $Result = USER_REGISTRATED; 101 $this->System->Modules['Log']->NewRecord('User', 'NewRegistration', $Nick); 102 } 72 103 } 73 104 } 74 105 return($Result); 106 } 107 108 function RegisterConfirm($Id, $Hash) 109 { 110 $DbResult = $this->Database->select('User', 'Id, Name, Password', 'Id = '.$Id); 111 if($DbResult->num_rows > 0) 112 { 113 $Row = $DbResult->fetch_array(); 114 if($Hash == $Row['Password']) 115 { 116 $this->Database->update('User', 'Id='.$Row['Id'], array('Locked' => 0)); 117 $Output = USER_REGISTRATION_CONFIRMED; 118 $this->System->Modules['Log']->NewRecord('User', 'RegisterConfirm', 'Username='.$Row['Name']); 119 } else $Output = PASSWORDS_UNMATCHED; 120 } else $Output = USER_NOT_FOUND; 121 return($Output); 75 122 } 76 123 … … 83 130 { 84 131 $Row = $Query->fetch_array(); 85 if($Row['Password'] != $Password) $Result = BAD_PASSWORD; 132 if($Row['Password'] != sha1($Password)) $Result = BAD_PASSWORD; 133 else if($Row['Locked'] == 1) $Result = ACCOUNT_LOCKED; 86 134 else 87 135 { 88 $this->Database->update('User', 'Id='.$Row['Id'], array('LastLoginTime' => 'NOW()')); 136 $this->Database->update('User', 'Id='.$Row['Id'], array('LastLoginTime' => 'NOW()')); 89 137 $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array('User' => $Row['Id'])); 90 138 // načtení stavu stromu 91 $Result = USER_LOGGED_IN; 139 $Result = USER_LOGGED_IN; 140 $this->System->Modules['Log']->NewRecord('User', 'Login', 'Nick='.$Nick.',Host='.gethostbyaddr(GetRemoteAddress())); 92 141 } 93 142 } else $Result = USER_NOT_REGISTRED; 143 $this->Check(); 94 144 return($Result); 95 145 } … … 99 149 $SID = session_id(); 100 150 $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array('User' => $this->AnonymousUserId)); 151 $this->System->Modules['Log']->NewRecord('User', 'Logout', $this->User['Name']); 152 $this->Check(); 101 153 return(USER_LOGGED_OUT); 102 154 } … … 129 181 if($DbRow['Write']) $Value .= 'W'; 130 182 $Result[$DbRow['Description']][$DbRow['Title']] = $Value; 131 } 183 } 132 184 return($Result); 133 185 } 186 187 function CheckGroupPermission($GroupId, $OperationId) 188 { 189 // Check group-group relation 190 $DbResult = $this->Database->select('PermissionGroupAssignment', '*', '`Group`="'.$GroupId.'" AND `Type`="Group"'); 191 while($DbRow = $DbResult->fetch_array()) 192 { 193 if($this->CheckGroupPermission($DbRow['GroupOrOperation'], $OperationId) == true) return(true); 194 } 195 196 // Check group-operation relation 197 $DbResult = $this->Database->select('PermissionGroupAssignment', '*', '`Group`="'.$GroupId.'" AND `GroupOrOperation`="'.$OperationId.'" AND `Type`="Operation"'); 198 if($DbResult->num_rows > 0) return(true); 199 return(false); 200 } 201 202 function CheckPermission($Module, $Operation, $ItemType = '', $ItemIndex = 0) 203 { 204 $DbResult = $this->Database->select('PermissionOperation', 'Id', '`Module`="'.$Module.'" AND `Item`="'.$ItemType.'" AND `ItemId`='.$ItemIndex.' AND `Operation`="'.$Operation.'"'); 205 if($DbResult->num_rows > 0) 206 { 207 $DbRow = $DbResult->fetch_array(); 208 $OperationId = $DbRow['Id']; 209 210 // Check user-operation relation 211 $DbResult = $this->Database->select('PermissionUserAssignment', '*', '`User`="'.$this->User['Id'].'" AND `GroupOrOperation`="'.$OperationId.'" AND `Type`="Operation"'); 212 if($DbResult->num_rows > 0) return(true); 213 214 // Check user-group relation 215 $DbResult = $this->Database->select('PermissionUserAssignment', 'GroupOrOperation', '`User`="'.$this->User['Id'].'" AND `Type`="Group"'); 216 while($DbRow = $DbResult->fetch_array()) 217 { 218 if($this->CheckGroupPermission($DbRow['GroupOrOperation'], $OperationId) == true) return(true); 219 } 220 return(false); 221 } else return(false); 222 } 223 224 function PasswordRecoveryRequest($Name, $Email) 225 { 226 global $Config; 227 228 $DbResult = $this->Database->select('User', 'Name, Id, Email, Password', '`Name`="'.$Name.'" AND `Email`="'.$Email.'"'); 229 if($DbResult->num_rows > 0) 230 { 231 $Row = $DbResult->fetch_array(); 232 $NewPassword = substr(sha1(strtoupper($Row['Name'])), 0, 7); 233 234 $Subject = 'Obnova hesla'; 235 $Message = 'Požádali jste o zaslání nového hesla na serveru <a href="http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'">http://'.$Config['Web']['Host'].$Config['Web']['RootFolder']."</a>.<br>\nPokud jste tak neučinili, měli by jste tento email ignorovat.<br><br>\n\nVaše nové heslo k účtu ".$Row['Name']." je: ".$NewPassword."\n<br>Pro aktivaci tohoto hesla klikněte na ".'<a href="http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'/?Action=PasswordRecoveryConfirm&User='.$Row['Id'].'&H='.$Row['Password'].'&P='.$NewPassword.'">tento odkaz</a>.'."\n<br> Po přihlášení si prosím změňte heslo na nové.\n\n<br><br>Na tento email neodpovídejte."; 236 $AdditionalHeaders = "To: ".$Row['Name']." <".$Row['Email'].">\n"."From: ".FromUTF8($Config['Web']['Title'], 'iso2')." <noreplay@zdechov.net>\n"."MIME-Version: 1.0\n"."Content-type: text/html; charset=utf-8"; 237 mail($Row['Email'], $Subject, $Message, $AdditionalHeaders); 238 $Output = USER_PASSWORD_RECOVERY_SUCCESS; 239 $this->System->Modules['Log']->NewRecord('User', 'PasswordRecoveryRequest', 'Username='.$Name.',Email='.$Email); 240 } else $Output = USER_PASSWORD_RECOVERY_FAIL; 241 return($Output); 242 } 243 244 function PasswordRecoveryConfirm($Id, $Hash, $NewPassword) 245 { 246 $DbResult = $this->Database->select('User', 'Id, Name, Password', 'Id = '.$Id); 247 if($DbResult->num_rows > 0) 248 { 249 $Row = $DbResult->fetch_array(); 250 $NewPassword2 = substr(sha1(strtoupper($Row['Name'])), 0, 7); 251 if(($NewPassword == $NewPassword2) and ($Hash == $Row['Password'])) 252 { 253 $this->Database->update('User', 'Id='.$Row['Id'], array('Password' => sha1($NewPassword), 'Locked' => 0)); 254 $Output = USER_PASSWORD_RECOVERY_CONFIRMED; 255 $this->System->Modules['Log']->NewRecord('User', 'PasswordRecoveryConfirm', 'Username='.$Row['Name']); 256 } else $Output = PASSWORDS_UNMATCHED; 257 } else $Output = USER_NOT_FOUND; 258 return($Output); 259 } 134 260 } 135 261
Note:
See TracChangeset
for help on using the changeset viewer.
