Changeset 650


Ignore:
Timestamp:
Mar 27, 2014, 10:53:03 PM (11 years ago)
Author:
chronos
Message:
  • Opraveno: Pamatování si přihlášení po uzavření prohlížeče. Přestalo fungovat po přesunu uživatelských akcí do modulu User z hlavní stránky FrontPage.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/Modules/User/User.php

    r634 r650  
    3535    return(sha1(sha1($Password).$Salt));
    3636  }
    37  
     37
    3838  function Verify($Password, $Salt, $StoredHash)
    3939  {
    4040    return($this->Hash($Password, $Salt) == $StoredHash);
    4141  }
    42  
     42
    4343  function GetSalt()
    4444  {
     
    4848}
    4949
    50 // TODO: Make User class more general without dependencies to System, Mail, Log 
     50// TODO: Make User class more general without dependencies to System, Mail, Log
    5151
    5252class User extends Model
     
    6060  /** @var Password */
    6161  var $PasswordHash;
    62  
     62
    6363  function __construct($System)
    6464  {
     
    7777      // Refresh time of last access
    7878      $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array('ActivityTime' => 'NOW()'));
    79     } else $this->Database->insert('UserOnline', array('SessionId' => $SID, 
    80       'User' => null, 'LoginTime' => 'NOW()', 'ActivityTime' => 'NOW()', 
    81       'IpAddress' => GetRemoteAddress(), 'HostName' => gethostbyaddr(GetRemoteAddress()), 
     79    } else $this->Database->insert('UserOnline', array('SessionId' => $SID,
     80      'User' => null, 'LoginTime' => 'NOW()', 'ActivityTime' => 'NOW()',
     81      'IpAddress' => GetRemoteAddress(), 'HostName' => gethostbyaddr(GetRemoteAddress()),
    8282      'ScriptName' => $_SERVER['PHP_SELF']));
    8383
     
    9191        $DbRow = $DbResult->fetch_assoc();
    9292        if(sha1($_COOKIE['LoginUserId'].$DbRow['StayLoggedHash']) == $_COOKIE['LoginHash'])
    93         {               
     93        {
    9494          $this->Database->query('DELETE FROM `UserOnline` WHERE `SessionId`="'.$SID.'"');
    9595          $this->Database->query('UPDATE `UserOnline` SET `SessionId`="'.$SID.'" WHERE `Id`='.$DbRow['Id']);
     
    9797      }
    9898    }
    99    
     99
    100100    // Check login
    101101    $Query = $this->Database->select('UserOnline', '*', '`SessionId`="'.$SID.'"');
    102102    $Row = $Query->fetch_assoc();
    103     if($Row['User'] != '') 
     103    if($Row['User'] != '')
    104104    {
    105105      $Query = $this->Database->query('SELECT `User`.*, `UserCustomerRel`.`Customer` AS `Member` FROM `User` '.
    106         ' LEFT JOIN `UserCustomerRel` ON `UserCustomerRel`.`User`=`User`.`Id` WHERE `User`.`Id`='.$Row['User']);     
     106        ' LEFT JOIN `UserCustomerRel` ON `UserCustomerRel`.`User`=`User`.`Id` WHERE `User`.`Id`='.$Row['User']);
    107107      $this->User = $Query->fetch_assoc();
    108108      $Result = USER_LOGGED;
    109     } else 
     109    } else
    110110    {
    111111      $Query = $this->Database->select('User', '*', 'Id IS NULL');
     
    141141        if($Query->num_rows > 0) $Result = NAME_USED;
    142142        else
    143         { 
     143        {
    144144          $Query = $this->Database->select('User', '*', 'Email = "'.$Email.'"');
    145145          if($Query->num_rows > 0) $Result = EMAIL_USED;
     
    148148            $PasswordHash = new PasswordHash();
    149149            $Salt = $PasswordHash->GetSalt();
    150             $this->Database->insert('User', array('Name' => $Name, 'Login' => $Login, 
    151               'Password' => $PasswordHash->Hash($Password, $Salt), 'Salt' => $Salt, 
    152               'Email' => $Email, 'RegistrationTime' => 'NOW()', 
     150            $this->Database->insert('User', array('Name' => $Name, 'Login' => $Login,
     151              'Password' => $PasswordHash->Hash($Password, $Salt), 'Salt' => $Salt,
     152              'Email' => $Email, 'RegistrationTime' => 'NOW()',
    153153              'Locked' => 1, 'PhoneNumber' => $PhoneNumber, 'ICQ' => $ICQ));
    154154            $UserId = $this->Database->insert_id;
    155             $this->Database->insert('PermissionUserAssignment', array('User' => $UserId, 
     155            $this->Database->insert('PermissionUserAssignment', array('User' => $UserId,
    156156              'AssignedGroup' => 2));
    157          
     157
    158158            $NewPassword = substr(sha1(strtoupper($Login)), 0, 7);
    159            
     159
    160160            // Send activation mail to user email
    161161            $ServerURL = 'http://'.$this->System->Config['Web']['Host'].$this->System->Config['Web']['RootFolder'];
     
    172172            $Mail->From = $this->System->Config['Web']['Title'].' <noreplay@zdechov.net>';
    173173            $Mail->Send();
    174            
     174
    175175            $Result = USER_REGISTRATED;
    176176            $this->System->ModuleManager->Modules['Log']->NewRecord('User', 'NewRegistration', $Login);
     
    210210      if(!$PasswordHash->Verify($Password, $Row['Salt'], $Row['Password'])) $Result = BAD_PASSWORD;
    211211      else if($Row['Locked'] == 1) $Result = ACCOUNT_LOCKED;
    212       else 
    213       {
    214         $this->Database->update('User', 'Id='.$Row['Id'], array('LastLoginTime' => 'NOW()', 
     212      else
     213      {
     214        $this->Database->update('User', 'Id='.$Row['Id'], array('LastLoginTime' => 'NOW()',
    215215          'LastIpAddress' => GetRemoteAddress()));
    216         $Hash = new PasswordHash();     
     216        $Hash = new PasswordHash();
    217217        $StayLoggedSalt = $Hash->GetSalt();
    218218        $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array(
    219219          'User' => $Row['Id'], 'StayLogged' => $StayLogged, 'StayLoggedHash' => $StayLoggedSalt));
    220         if($StayLogged) 
     220        if($StayLogged)
    221221        {
    222           setcookie('LoginUserId', $Row['Id'], time()+365*24*60*60);
    223           setcookie('LoginHash', sha1($Row['Id'].$StayLoggedSalt), time()+365*24*60*60);
     222          setcookie('LoginUserId', $Row['Id'], time()+365*24*60*60, $this->System->Link('/'));
     223          setcookie('LoginHash', sha1($Row['Id'].$StayLoggedSalt), time()+365*24*60*60, $this->System->Link('/'));
    224224        } else {
    225           setcookie('LoginUserId', '', time() - 3600);
    226           setcookie('LoginHash', '', time() - 3600);
     225          setcookie('LoginUserId', '', time() - 3600, $this->System->Link('/'));
     226          setcookie('LoginHash', '', time() - 3600, $this->System->Link('/'));
    227227        }
    228        
     228
    229229        $Result = USER_LOGGED_IN;
    230230        $this->Check();
     
    281281    if(array_key_exists($GroupId, $this->PermissionGroupCache))
    282282    {
    283       $PermissionExists = true; 
    284     } else 
    285     {         
    286       // If no permission combination exists in cache, do new check of database items           
    287       $DbResult = $this->Database->select('PermissionGroupAssignment', '*', '`Group`="'.$GroupId.'" AND `AssignedGroup` IS NOT NULL');     
     283      $PermissionExists = true;
     284    } else
     285    {
     286      // If no permission combination exists in cache, do new check of database items
     287      $DbResult = $this->Database->select('PermissionGroupAssignment', '*', '`Group`="'.$GroupId.'" AND `AssignedGroup` IS NOT NULL');
    288288      $DbRow = array();
    289       while($DbRow[] = $DbResult->fetch_array());     
     289      while($DbRow[] = $DbResult->fetch_array());
    290290      $this->PermissionGroupCache[$GroupId] = $DbRow;
    291       $PermissionExists = true; 
     291      $PermissionExists = true;
    292292    }
    293293    if($PermissionExists)
     
    303303    if(array_key_exists($GroupId.','.$OperationId, $this->PermissionGroupCacheOp))
    304304    {
    305       $PermissionExists = true; 
    306     } else 
    307     {         
    308       // If no permission combination exists in cache, do new check of database items           
     305      $PermissionExists = true;
     306    } else
     307    {
     308      // If no permission combination exists in cache, do new check of database items
    309309      $DbResult = $this->Database->select('PermissionGroupAssignment', '*', '`Group`="'.$GroupId.'" AND `AssignedOperation`="'.$OperationId.'"');
    310310      if($DbResult->num_rows > 0) $this->PermissionGroupCacheOp[$GroupId.','.$OperationId] = true;
    311311        else $this->PermissionGroupCacheOp[$GroupId.','.$OperationId] = false;
    312       $PermissionExists = true; 
     312      $PermissionExists = true;
    313313    }
    314314    if($PermissionExists)
     
    328328      $ModuleId = $DbRow['Id'];
    329329    } else return(false);
    330    
     330
    331331    // First try to check cache
    332     if(in_array(array($Module, $Operation, $ItemType, $ItemType), $this->PermissionCache)) 
     332    if(in_array(array($Module, $Operation, $ItemType, $ItemType), $this->PermissionCache))
    333333    {
    334334      $OperationId = array_search(array($Module, $Operation, $ItemType, $ItemIndex), $this->PermissionCache);
    335335      $PermissionExists = is_numeric($OperationId);
    336     } else 
    337     {   
     336    } else
     337    {
    338338      // If no permission combination exists in cache, do new check of database items
    339339      $DbResult = $this->Database->select('PermissionOperation', 'Id', '`Module`="'.$ModuleId.'" AND `Item`="'.$ItemType.'" AND `ItemId`='.$ItemIndex.' AND `Operation`="'.$Operation.'"');
     
    344344        $this->PermissionCache[$DbRow['Id']] = array($Module, $Operation, $ItemType, $ItemIndex);
    345345        $PermissionExists = true;
    346       } else 
    347       {         
    348         $this->PermissionCache[count($this->PermissionCache).'_'] = array($Module, $Operation, $ItemType, $ItemIndex);       
     346      } else
     347      {
     348        $this->PermissionCache[count($this->PermissionCache).'_'] = array($Module, $Operation, $ItemType, $ItemIndex);
    349349        $PermissionExists = false;
    350350      }
    351     } 
     351    }
    352352
    353353    if($PermissionExists)
     
    356356        else $UserCondition = '(`User`="'.$this->User['Id'].'")';
    357357      // Check user-operation relation
    358       $DbResult = $this->Database->select('PermissionUserAssignment', '*', $UserCondition.' AND (`AssignedOperation`="'.$OperationId.'")');     
     358      $DbResult = $this->Database->select('PermissionUserAssignment', '*', $UserCondition.' AND (`AssignedOperation`="'.$OperationId.'")');
    359359      if($DbResult->num_rows > 0) return(true);
    360360
     
    389389        "Po přihlášení si prosím změňte heslo na nové.\n\n<br><br>Na tento email neodpovídejte.", 'text/html');
    390390      $Mail->Send();
    391      
     391
    392392      $Output = USER_PASSWORD_RECOVERY_SUCCESS;
    393393      $this->System->ModuleManager->Modules['Log']->NewRecord('User', 'PasswordRecoveryRequest', 'Login='.$Login.',Email='.$Email);
     
    407407        $PasswordHash = new PasswordHash();
    408408        $Salt = $PasswordHash->GetSalt();
    409         $this->Database->update('User', 'Id='.$Row['Id'], array('Password' => $PasswordHash->Hash($NewPassword, $Salt), 
     409        $this->Database->update('User', 'Id='.$Row['Id'], array('Password' => $PasswordHash->Hash($NewPassword, $Salt),
    410410          'Salt' => $Salt, 'Locked' => 0));
    411411        $Output = USER_PASSWORD_RECOVERY_CONFIRMED;
     
    420420{
    421421        var $UserPanel;
    422        
     422
    423423  function __construct($System)
    424424  {
     
    431431    $this->Dependencies = array();
    432432    $this->UserPanel = array();
    433   } 
     433  }
    434434
    435435  function DoInstall()
     
    470470        PRIMARY KEY (`Id`)
    471471    ) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;");
    472    
     472
    473473    $this->Database->query("CREATE TABLE IF NOT EXISTS `PermissionGroupAssignment` (
    474474        `Id` int(11) NOT NULL AUTO_INCREMENT,
     
    481481        KEY `AssignedOperation` (`AssignedOperation`)
    482482        ) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;");
    483    
     483
    484484    $this->Database->query("CREATE TABLE IF NOT EXISTS `PermissionOperation` (
    485485            `Id` int(11) NOT NULL AUTO_INCREMENT,
     
    494494                    KEY `ItemId` (`ItemId`)
    495495                    ) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;");
    496    
     496
    497497    $this->Database->query("CREATE TABLE IF NOT EXISTS `PermissionUserAssignment` (
    498498                    `Id` int(11) NOT NULL AUTO_INCREMENT,
     
    505505                            KEY `AssignedOperation` (`AssignedOperation`)
    506506                    ) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;");
    507    
     507
    508508    $this->Database->query("ALTER TABLE `PermissionGroupAssignment`
    509509      ADD CONSTRAINT `PermissionGroupAssignment_ibfk_1` FOREIGN KEY (`Group`) REFERENCES `PermissionGroup` (`Id`),
    510510      ADD CONSTRAINT `PermissionGroupAssignment_ibfk_2` FOREIGN KEY (`AssignedGroup`) REFERENCES `PermissionGroup` (`Id`),
    511511      ADD CONSTRAINT `PermissionGroupAssignment_ibfk_3` FOREIGN KEY (`AssignedOperation`) REFERENCES `PermissionOperation` (`Id`);");
    512    
     512
    513513    $this->Database->query("ALTER TABLE `PermissionOperation`
    514514      ADD CONSTRAINT `PermissionOperation_ibfk_1` FOREIGN KEY (`Module`) REFERENCES `Module` (`Id`);");
    515    
     515
    516516    $this->Database->query("ALTER TABLE `PermissionUserAssignment`
    517517      ADD CONSTRAINT `PermissionUserAssignment_ibfk_2` FOREIGN KEY (`AssignedGroup`) REFERENCES `PermissionGroup` (`Id`),
     
    519519      ADD CONSTRAINT `PermissionUserAssignment_ibfk_4` FOREIGN KEY (`User`) REFERENCES `User` (`Id`);");
    520520  }
    521  
     521
    522522  function DoUninstall()
    523   {     
     523  {
    524524    $this->Database->query('DROP TABLE `PermissionUserAssignment`');
    525525    $this->Database->query('DROP TABLE `PermissionGroupAssignment`');
     
    529529    $this->Database->query('DROP TABLE `User`');
    530530  }
    531  
     531
    532532  function DoStart()
    533533  {
     
    583583        'Email' => array('Type' => 'String', 'Caption' => 'E-mail', 'Default' => ''),
    584584      ),
    585     ));   
     585    ));
    586586    $this->System->FormManager->RegisterClass('User', array(
    587587      'Title' => 'Uživatelé',
     
    642642      ),
    643643    ));
    644    
    645   } 
    646  
     644
     645  }
     646
    647647  function DoStop()
    648   { 
    649   } 
    650  
     648  {
     649  }
     650
    651651  function TopBarCallback()
    652   {     
     652  {
    653653    if($this->System->User->User['Id'] == null)
    654654      $Output = '<a href="'.$this->System->Link('/user/?Action=LoginForm').'">Přihlášení</a> '.
    655         '<a href="'.$this->System->Link('/user/?Action=UserRegister').'">Registrace</a>'; 
     655        '<a href="'.$this->System->Link('/user/?Action=UserRegister').'">Registrace</a>';
    656656      else $Output = $this->System->User->User['Name'].
    657657        ' <a href="'.$this->System->Link('/user/?Action=UserMenu').'">Nabídka</a>'.
    658658        ' <a href="'.$this->System->Link('/user/?Action=Logout').'">Odhlásit</a>';
    659659//   <a href="'.$this->System->Link('/?Action=UserOptions').'">Nastavení</a>';
    660     return($Output);   
     660    return($Output);
    661661  }
    662662}
Note: See TracChangeset for help on using the changeset viewer.