Changeset 650 for trunk/Modules/User/User.php

Timestamp:

Mar 27, 2014, 10:53:03 PM (11 years ago)

Author:

chronos

Message:

• Opraveno: Pamatování si přihlášení po uzavření prohlížeče. Přestalo fungovat po přesunu uživatelských akcí do modulu User z hlavní stránky FrontPage.

File:

• trunk/Modules/User/User.php (modified) (27 diffs)

trunk/Modules/User/User.php

@@ -35 +35 @@
     return(sha1(sha1($Password).$Salt));
   }
-  
+
   function Verify($Password, $Salt, $StoredHash)
   {
     return($this->Hash($Password, $Salt) == $StoredHash);
   }
-  
+
   function GetSalt()
   {
@@ -48 +48 @@
 }
 
-// TODO: Make User class more general without dependencies to System, Mail, Log 
+// TODO: Make User class more general without dependencies to System, Mail, Log
 
 class User extends Model
@@ -60 +60 @@
   /** @var Password */
   var $PasswordHash;
-  
+
   function __construct($System)
   {
@@ -77 +77 @@
       // Refresh time of last access
       $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array('ActivityTime' => 'NOW()'));
-    } else $this->Database->insert('UserOnline', array('SessionId' => $SID, 
-      'User' => null, 'LoginTime' => 'NOW()', 'ActivityTime' => 'NOW()', 
-      'IpAddress' => GetRemoteAddress(), 'HostName' => gethostbyaddr(GetRemoteAddress()), 
+    } else $this->Database->insert('UserOnline', array('SessionId' => $SID,
+      'User' => null, 'LoginTime' => 'NOW()', 'ActivityTime' => 'NOW()',
+      'IpAddress' => GetRemoteAddress(), 'HostName' => gethostbyaddr(GetRemoteAddress()),
       'ScriptName' => $_SERVER['PHP_SELF']));
 
@@ -91 +91 @@
         $DbRow = $DbResult->fetch_assoc();
         if(sha1($_COOKIE['LoginUserId'].$DbRow['StayLoggedHash']) == $_COOKIE['LoginHash'])
-        {               
+        {
           $this->Database->query('DELETE FROM `UserOnline` WHERE `SessionId`="'.$SID.'"');
           $this->Database->query('UPDATE `UserOnline` SET `SessionId`="'.$SID.'" WHERE `Id`='.$DbRow['Id']);
@@ -97 +97 @@
       }
     }
-    
+
     // Check login
     $Query = $this->Database->select('UserOnline', '*', '`SessionId`="'.$SID.'"');
     $Row = $Query->fetch_assoc();
-    if($Row['User'] != '') 
+    if($Row['User'] != '')
     {
       $Query = $this->Database->query('SELECT `User`.*, `UserCustomerRel`.`Customer` AS `Member` FROM `User` '.
-        ' LEFT JOIN `UserCustomerRel` ON `UserCustomerRel`.`User`=`User`.`Id` WHERE `User`.`Id`='.$Row['User']);      
+        ' LEFT JOIN `UserCustomerRel` ON `UserCustomerRel`.`User`=`User`.`Id` WHERE `User`.`Id`='.$Row['User']);
       $this->User = $Query->fetch_assoc();
       $Result = USER_LOGGED;
-    } else 
+    } else
     {
       $Query = $this->Database->select('User', '*', 'Id IS NULL');
@@ -141 +141 @@
         if($Query->num_rows > 0) $Result = NAME_USED;
         else
-        { 
+        {
           $Query = $this->Database->select('User', '*', 'Email = "'.$Email.'"');
           if($Query->num_rows > 0) $Result = EMAIL_USED;
@@ -148 +148 @@
             $PasswordHash = new PasswordHash();
             $Salt = $PasswordHash->GetSalt();
-            $this->Database->insert('User', array('Name' => $Name, 'Login' => $Login, 
-              'Password' => $PasswordHash->Hash($Password, $Salt), 'Salt' => $Salt, 
-              'Email' => $Email, 'RegistrationTime' => 'NOW()', 
+            $this->Database->insert('User', array('Name' => $Name, 'Login' => $Login,
+              'Password' => $PasswordHash->Hash($Password, $Salt), 'Salt' => $Salt,
+              'Email' => $Email, 'RegistrationTime' => 'NOW()',
               'Locked' => 1, 'PhoneNumber' => $PhoneNumber, 'ICQ' => $ICQ));
             $UserId = $this->Database->insert_id;
-            $this->Database->insert('PermissionUserAssignment', array('User' => $UserId, 
+            $this->Database->insert('PermissionUserAssignment', array('User' => $UserId,
               'AssignedGroup' => 2));
-          
+
             $NewPassword = substr(sha1(strtoupper($Login)), 0, 7);
-            
+
             // Send activation mail to user email
             $ServerURL = 'http://'.$this->System->Config['Web']['Host'].$this->System->Config['Web']['RootFolder'];
@@ -172 +172 @@
             $Mail->From = $this->System->Config['Web']['Title'].' <noreplay@zdechov.net>';
             $Mail->Send();
-            
+
             $Result = USER_REGISTRATED;
             $this->System->ModuleManager->Modules['Log']->NewRecord('User', 'NewRegistration', $Login);
@@ -210 +210 @@
       if(!$PasswordHash->Verify($Password, $Row['Salt'], $Row['Password'])) $Result = BAD_PASSWORD;
       else if($Row['Locked'] == 1) $Result = ACCOUNT_LOCKED;
-      else 
-      {
-        $this->Database->update('User', 'Id='.$Row['Id'], array('LastLoginTime' => 'NOW()', 
+      else
+      {
+        $this->Database->update('User', 'Id='.$Row['Id'], array('LastLoginTime' => 'NOW()',
           'LastIpAddress' => GetRemoteAddress()));
-        $Hash = new PasswordHash();     
+        $Hash = new PasswordHash();
         $StayLoggedSalt = $Hash->GetSalt();
         $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array(
           'User' => $Row['Id'], 'StayLogged' => $StayLogged, 'StayLoggedHash' => $StayLoggedSalt));
-        if($StayLogged) 
+        if($StayLogged)
         {
-          setcookie('LoginUserId', $Row['Id'], time()+365*24*60*60);
-          setcookie('LoginHash', sha1($Row['Id'].$StayLoggedSalt), time()+365*24*60*60);
+          setcookie('LoginUserId', $Row['Id'], time()+365*24*60*60, $this->System->Link('/'));
+          setcookie('LoginHash', sha1($Row['Id'].$StayLoggedSalt), time()+365*24*60*60, $this->System->Link('/'));
         } else {
-          setcookie('LoginUserId', '', time() - 3600);
-          setcookie('LoginHash', '', time() - 3600);
+          setcookie('LoginUserId', '', time() - 3600, $this->System->Link('/'));
+          setcookie('LoginHash', '', time() - 3600, $this->System->Link('/'));
         }
-        
+
         $Result = USER_LOGGED_IN;
         $this->Check();
@@ -281 +281 @@
     if(array_key_exists($GroupId, $this->PermissionGroupCache))
     {
-      $PermissionExists = true; 
-    } else 
-    {          
-      // If no permission combination exists in cache, do new check of database items            
-      $DbResult = $this->Database->select('PermissionGroupAssignment', '*', '`Group`="'.$GroupId.'" AND `AssignedGroup` IS NOT NULL');      
+      $PermissionExists = true;
+    } else
+    {
+      // If no permission combination exists in cache, do new check of database items
+      $DbResult = $this->Database->select('PermissionGroupAssignment', '*', '`Group`="'.$GroupId.'" AND `AssignedGroup` IS NOT NULL');
       $DbRow = array();
-      while($DbRow[] = $DbResult->fetch_array());      
+      while($DbRow[] = $DbResult->fetch_array());
       $this->PermissionGroupCache[$GroupId] = $DbRow;
-      $PermissionExists = true; 
+      $PermissionExists = true;
     }
     if($PermissionExists)
@@ -303 +303 @@
     if(array_key_exists($GroupId.','.$OperationId, $this->PermissionGroupCacheOp))
     {
-      $PermissionExists = true; 
-    } else 
-    {          
-      // If no permission combination exists in cache, do new check of database items            
+      $PermissionExists = true;
+    } else
+    {
+      // If no permission combination exists in cache, do new check of database items
       $DbResult = $this->Database->select('PermissionGroupAssignment', '*', '`Group`="'.$GroupId.'" AND `AssignedOperation`="'.$OperationId.'"');
       if($DbResult->num_rows > 0) $this->PermissionGroupCacheOp[$GroupId.','.$OperationId] = true;
         else $this->PermissionGroupCacheOp[$GroupId.','.$OperationId] = false;
-      $PermissionExists = true; 
+      $PermissionExists = true;
     }
     if($PermissionExists)
@@ -328 +328 @@
       $ModuleId = $DbRow['Id'];
     } else return(false);
-    
+
     // First try to check cache
-    if(in_array(array($Module, $Operation, $ItemType, $ItemType), $this->PermissionCache)) 
+    if(in_array(array($Module, $Operation, $ItemType, $ItemType), $this->PermissionCache))
     {
       $OperationId = array_search(array($Module, $Operation, $ItemType, $ItemIndex), $this->PermissionCache);
       $PermissionExists = is_numeric($OperationId);
-    } else 
-    {    
+    } else
+    {
       // If no permission combination exists in cache, do new check of database items
       $DbResult = $this->Database->select('PermissionOperation', 'Id', '`Module`="'.$ModuleId.'" AND `Item`="'.$ItemType.'" AND `ItemId`='.$ItemIndex.' AND `Operation`="'.$Operation.'"');
@@ -344 +344 @@
         $this->PermissionCache[$DbRow['Id']] = array($Module, $Operation, $ItemType, $ItemIndex);
         $PermissionExists = true;
-      } else 
-      {          
-        $this->PermissionCache[count($this->PermissionCache).'_'] = array($Module, $Operation, $ItemType, $ItemIndex);        
+      } else
+      {
+        $this->PermissionCache[count($this->PermissionCache).'_'] = array($Module, $Operation, $ItemType, $ItemIndex);
         $PermissionExists = false;
       }
-    } 
+    }
 
     if($PermissionExists)
@@ -356 +356 @@
         else $UserCondition = '(`User`="'.$this->User['Id'].'")';
       // Check user-operation relation
-      $DbResult = $this->Database->select('PermissionUserAssignment', '*', $UserCondition.' AND (`AssignedOperation`="'.$OperationId.'")');      
+      $DbResult = $this->Database->select('PermissionUserAssignment', '*', $UserCondition.' AND (`AssignedOperation`="'.$OperationId.'")');
       if($DbResult->num_rows > 0) return(true);
 
@@ -389 +389 @@
         "Po přihlášení si prosím změňte heslo na nové.\n\n<br><br>Na tento email neodpovídejte.", 'text/html');
       $Mail->Send();
-      
+
       $Output = USER_PASSWORD_RECOVERY_SUCCESS;
       $this->System->ModuleManager->Modules['Log']->NewRecord('User', 'PasswordRecoveryRequest', 'Login='.$Login.',Email='.$Email);
@@ -407 +407 @@
         $PasswordHash = new PasswordHash();
         $Salt = $PasswordHash->GetSalt();
-        $this->Database->update('User', 'Id='.$Row['Id'], array('Password' => $PasswordHash->Hash($NewPassword, $Salt), 
+        $this->Database->update('User', 'Id='.$Row['Id'], array('Password' => $PasswordHash->Hash($NewPassword, $Salt),
           'Salt' => $Salt, 'Locked' => 0));
         $Output = USER_PASSWORD_RECOVERY_CONFIRMED;
@@ -420 +420 @@
 {
         var $UserPanel;
-        
+
   function __construct($System)
   {
@@ -431 +431 @@
     $this->Dependencies = array();
     $this->UserPanel = array();
-  }  
+  }
 
   function DoInstall()
@@ -470 +470 @@
         PRIMARY KEY (`Id`)
     ) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;");
-    
+
     $this->Database->query("CREATE TABLE IF NOT EXISTS `PermissionGroupAssignment` (
         `Id` int(11) NOT NULL AUTO_INCREMENT,
@@ -481 +481 @@
         KEY `AssignedOperation` (`AssignedOperation`)
         ) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;");
-    
+
     $this->Database->query("CREATE TABLE IF NOT EXISTS `PermissionOperation` (
             `Id` int(11) NOT NULL AUTO_INCREMENT,
@@ -494 +494 @@
                     KEY `ItemId` (`ItemId`)
                     ) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;");
-    
+
     $this->Database->query("CREATE TABLE IF NOT EXISTS `PermissionUserAssignment` (
                     `Id` int(11) NOT NULL AUTO_INCREMENT,
@@ -505 +505 @@
                             KEY `AssignedOperation` (`AssignedOperation`)
                     ) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;");
-    
+
     $this->Database->query("ALTER TABLE `PermissionGroupAssignment`
       ADD CONSTRAINT `PermissionGroupAssignment_ibfk_1` FOREIGN KEY (`Group`) REFERENCES `PermissionGroup` (`Id`),
       ADD CONSTRAINT `PermissionGroupAssignment_ibfk_2` FOREIGN KEY (`AssignedGroup`) REFERENCES `PermissionGroup` (`Id`),
       ADD CONSTRAINT `PermissionGroupAssignment_ibfk_3` FOREIGN KEY (`AssignedOperation`) REFERENCES `PermissionOperation` (`Id`);");
-    
+
     $this->Database->query("ALTER TABLE `PermissionOperation`
       ADD CONSTRAINT `PermissionOperation_ibfk_1` FOREIGN KEY (`Module`) REFERENCES `Module` (`Id`);");
-    
+
     $this->Database->query("ALTER TABLE `PermissionUserAssignment`
       ADD CONSTRAINT `PermissionUserAssignment_ibfk_2` FOREIGN KEY (`AssignedGroup`) REFERENCES `PermissionGroup` (`Id`),
@@ -519 +519 @@
       ADD CONSTRAINT `PermissionUserAssignment_ibfk_4` FOREIGN KEY (`User`) REFERENCES `User` (`Id`);");
   }
-  
+
   function DoUninstall()
-  {     
+  {
     $this->Database->query('DROP TABLE `PermissionUserAssignment`');
     $this->Database->query('DROP TABLE `PermissionGroupAssignment`');
@@ -529 +529 @@
     $this->Database->query('DROP TABLE `User`');
   }
-  
+
   function DoStart()
   {
@@ -583 +583 @@
         'Email' => array('Type' => 'String', 'Caption' => 'E-mail', 'Default' => ''),
       ),
-    ));    
+    ));
     $this->System->FormManager->RegisterClass('User', array(
       'Title' => 'Uživatelé',
@@ -642 +642 @@
       ),
     ));
-    
-  }  
-  
+
+  }
+
   function DoStop()
-  { 
-  } 
-  
+  {
+  }
+
   function TopBarCallback()
-  {     
+  {
     if($this->System->User->User['Id'] == null)
       $Output = '<a href="'.$this->System->Link('/user/?Action=LoginForm').'">Přihlášení</a> '.
-        '<a href="'.$this->System->Link('/user/?Action=UserRegister').'">Registrace</a>'; 
+        '<a href="'.$this->System->Link('/user/?Action=UserRegister').'">Registrace</a>';
       else $Output = $this->System->User->User['Name'].
         ' <a href="'.$this->System->Link('/user/?Action=UserMenu').'">Nabídka</a>'.
         ' <a href="'.$this->System->Link('/user/?Action=Logout').'">Odhlásit</a>';
 //   <a href="'.$this->System->Link('/?Action=UserOptions').'">Nastavení</a>';
-    return($Output);    
+    return($Output);
   }
 }