Changeset 7 for trunk/Modules/User/UserModel.php
- Timestamp:
- Apr 14, 2020, 11:13:32 PM (5 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Modules/User/UserModel.php
r6 r7 32 32 function Hash($Password, $Salt) 33 33 { 34 return (sha1(sha1($Password).$Salt));34 return sha1(sha1($Password).$Salt); 35 35 } 36 36 37 37 function Verify($Password, $Salt, $StoredHash) 38 38 { 39 return ($this->Hash($Password, $Salt) == $StoredHash);39 return $this->Hash($Password, $Salt) == $StoredHash; 40 40 } 41 41 … … 73 73 // Lookup user record 74 74 $Query = $this->Database->select('UserOnline', '*', 'SessionId="'.$SID.'"'); 75 if ($Query->num_rows > 0)75 if ($Query->num_rows > 0) 76 76 { 77 77 // Refresh time of last access … … 83 83 84 84 // Logged permanently? 85 if (array_key_exists('LoginHash', $_COOKIE))85 if (array_key_exists('LoginHash', $_COOKIE)) 86 86 { 87 87 $DbResult = $this->Database->query('SELECT * FROM `UserOnline` WHERE `User`='.$_COOKIE['LoginUserId']. 88 88 ' AND `StayLogged`=1 AND SessionId!="'.$SID.'"'); 89 if ($DbResult->num_rows > 0)89 if ($DbResult->num_rows > 0) 90 90 { 91 91 $DbRow = $DbResult->fetch_assoc(); 92 if (sha1($_COOKIE['LoginUserId'].$DbRow['StayLoggedHash']) == $_COOKIE['LoginHash'])92 if (sha1($_COOKIE['LoginUserId'].$DbRow['StayLoggedHash']) == $_COOKIE['LoginHash']) 93 93 { 94 94 $this->Database->query('DELETE FROM `UserOnline` WHERE `SessionId`="'.$SID.'"'); … … 101 101 $Query = $this->Database->select('UserOnline', '*', '`SessionId`="'.$SID.'"'); 102 102 $Row = $Query->fetch_assoc(); 103 if ($Row['User'] != '')103 if ($Row['User'] != '') 104 104 { 105 105 $Query = $this->Database->query('SELECT `User`.* FROM `User` '. … … 116 116 // Remove nonactive users 117 117 $DbResult = $this->Database->select('UserOnline', '`Id`, `User`', '(`ActivityTime` < DATE_SUB(NOW(), INTERVAL '.$this->OnlineStateTimeout.' SECOND)) AND (`StayLogged` = 0)'); 118 while ($DbRow = $DbResult->fetch_array())118 while ($DbRow = $DbResult->fetch_array()) 119 119 { 120 120 $this->Database->delete('UserOnline', 'Id='.$DbRow['Id']); 121 if (($DbRow['User'] != null) and $this->System->ModuleManager->ModulePresent('Log'))121 if (($DbRow['User'] != null) and $this->System->ModuleManager->ModulePresent('Log')) 122 122 $this->System->ModuleManager->Modules['Log']->NewRecord('User', 'Logout'); 123 123 } … … 130 130 function Register($Login, $Password, $Password2, $Email, $Name) 131 131 { 132 if (($Email == '') || ($Login == '') || ($Password == '') || ($Password2 == '') || ($Name == '')) $Result = DATA_MISSING;133 else if ($Password != $Password2) $Result = PASSWORDS_UNMATCHED;132 if (($Email == '') || ($Login == '') || ($Password == '') || ($Password2 == '') || ($Name == '')) $Result = DATA_MISSING; 133 else if ($Password != $Password2) $Result = PASSWORDS_UNMATCHED; 134 134 else 135 135 { 136 136 // Is user registred yet? 137 137 $Query = $this->Database->select('User', '*', 'Login = "'.$Login.'"'); 138 if ($Query->num_rows > 0) $Result = LOGIN_USED;138 if ($Query->num_rows > 0) $Result = LOGIN_USED; 139 139 else 140 140 { 141 141 $Query = $this->Database->select('User', '*', 'Name = "'.$Name.'"'); 142 if ($Query->num_rows > 0) $Result = NAME_USED;142 if ($Query->num_rows > 0) $Result = NAME_USED; 143 143 else 144 144 { 145 145 $Query = $this->Database->select('User', '*', 'Email = "'.$Email.'"'); 146 if ($Query->num_rows > 0) $Result = EMAIL_USED;146 if ($Query->num_rows > 0) $Result = EMAIL_USED; 147 147 else 148 148 { … … 175 175 176 176 $Result = USER_REGISTRATED; 177 if ($this->System->ModuleManager->ModulePresent('Log'))177 if ($this->System->ModuleManager->ModulePresent('Log')) 178 178 $this->System->ModuleManager->Modules['Log']->NewRecord('User', 'NewRegistration', $Login); 179 179 } … … 181 181 } 182 182 } 183 return ($Result);183 return $Result; 184 184 } 185 185 … … 187 187 { 188 188 $DbResult = $this->Database->select('User', 'Id, Login, Password', 'Id = '.$Id); 189 if ($DbResult->num_rows > 0)189 if ($DbResult->num_rows > 0) 190 190 { 191 191 $Row = $DbResult->fetch_array(); 192 192 $NewPassword = substr(sha1(strtoupper($Row['Login'])), 0, 7); 193 if ($Hash == $NewPassword)193 if ($Hash == $NewPassword) 194 194 { 195 195 $this->Database->update('User', 'Id='.$Row['Id'], array('Locked' => 0)); 196 196 $Output = USER_REGISTRATION_CONFIRMED; 197 if ($this->System->ModuleManager->ModulePresent('Log'))197 if ($this->System->ModuleManager->ModulePresent('Log')) 198 198 $this->System->ModuleManager->Modules['Log']->NewRecord('User', 'RegisterConfirm', 'Login='. 199 199 $Row['Login'].', Id='.$Row['Id']); 200 200 } else $Output = PASSWORDS_UNMATCHED; 201 201 } else $Output = USER_NOT_FOUND; 202 return ($Output);202 return $Output; 203 203 } 204 204 205 205 function Login($Login, $Password, $StayLogged = false) 206 206 { 207 if ($StayLogged) $StayLogged = 1; else $StayLogged = 0;207 if ($StayLogged) $StayLogged = 1; else $StayLogged = 0; 208 208 $SID = session_id(); 209 209 $Query = $this->Database->select('User', '*', 'Login="'.$Login.'"'); 210 if ($Query->num_rows > 0)210 if ($Query->num_rows > 0) 211 211 { 212 212 $Row = $Query->fetch_assoc(); 213 213 $PasswordHash = new PasswordHash(); 214 if (!$PasswordHash->Verify($Password, $Row['Salt'], $Row['Password'])) $Result = BAD_PASSWORD;215 else if ($Row['Locked'] == 1) $Result = ACCOUNT_LOCKED;214 if (!$PasswordHash->Verify($Password, $Row['Salt'], $Row['Password'])) $Result = BAD_PASSWORD; 215 else if ($Row['Locked'] == 1) $Result = ACCOUNT_LOCKED; 216 216 else 217 217 { … … 222 222 $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array( 223 223 'User' => $Row['Id'], 'StayLogged' => $StayLogged, 'StayLoggedHash' => $StayLoggedSalt)); 224 if ($StayLogged)224 if ($StayLogged) 225 225 { 226 226 setcookie('LoginUserId', $Row['Id'], time()+365*24*60*60, $this->System->Link('/')); … … 233 233 $Result = USER_LOGGED_IN; 234 234 $this->Check(); 235 if (array_key_exists('Log', $this->System->ModuleManager->Modules))235 if (array_key_exists('Log', $this->System->ModuleManager->Modules)) 236 236 $this->System->ModuleManager->Modules['Log']->NewRecord('User', 'Login', 'Login='.$Login.',Host='.gethostbyaddr(GetRemoteAddress())); 237 237 } 238 238 } else $Result = USER_NOT_REGISTRED; 239 return ($Result);239 return $Result; 240 240 } 241 241 … … 244 244 $SID = session_id(); 245 245 $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array('User' => null)); 246 if ($this->System->ModuleManager->ModulePresent('Log'))246 if ($this->System->ModuleManager->ModulePresent('Log')) 247 247 $this->System->ModuleManager->Modules['Log']->NewRecord('User', 'Logout', $this->User['Login']); 248 248 $this->Check(); 249 return (USER_LOGGED_OUT);249 return USER_LOGGED_OUT; 250 250 } 251 251 … … 254 254 $this->Roles = array(); 255 255 $DbResult = $this->Database->select('UserRole', '*'); 256 while ($DbRow = $DbResult->fetch_array())256 while ($DbRow = $DbResult->fetch_array()) 257 257 $this->Roles[] = $DbRow; 258 258 } … … 262 262 $this->User['Permission'] = array(); 263 263 $DbResult = $this->Database->query('SELECT `UserRolePermission`.*, `PermissionOperation`.`Description` FROM `UserRolePermission` JOIN `PermissionOperation` ON `PermissionOperation`.`Id` = `UserRolePermission`.`Operation` WHERE `UserRolePermission`.`Role` = '.$Role); 264 if ($DbResult->num_rows > 0)265 while ($DbRow = $DbResult->fetch_array())264 if ($DbResult->num_rows > 0) 265 while ($DbRow = $DbResult->fetch_array()) 266 266 $this->User['Permission'][$DbRow['Operation']] = $DbRow; 267 267 } … … 271 271 $Result = array(); 272 272 $DbResult = $this->Database->query('SELECT `UserRolePermission`.*, `PermissionOperation`.`Description`, `UserRole`.`Title` FROM `UserRolePermission` LEFT JOIN `PermissionOperation` ON `PermissionOperation`.`Id` = `UserRolePermission`.`Operation` LEFT JOIN `UserRole` ON `UserRole`.`Id` = `UserRolePermission`.`Role`'); 273 while ($DbRow = $DbResult->fetch_array())273 while ($DbRow = $DbResult->fetch_array()) 274 274 { 275 275 $Value = ''; 276 if ($DbRow['Read']) $Value .= 'R';277 if ($DbRow['Write']) $Value .= 'W';276 if ($DbRow['Read']) $Value .= 'R'; 277 if ($DbRow['Write']) $Value .= 'W'; 278 278 $Result[$DbRow['Description']][$DbRow['Title']] = $Value; 279 279 } 280 return ($Result);280 return $Result; 281 281 } 282 282 … … 285 285 $PermissionExists = false; 286 286 // First try to check cache group-group relation 287 if (array_key_exists($GroupId, $this->PermissionGroupCache))287 if (array_key_exists($GroupId, $this->PermissionGroupCache)) 288 288 { 289 289 $PermissionExists = true; … … 294 294 '") AND (`AssignedGroup` IS NOT NULL)'); 295 295 $DbRow = array(); 296 while ($DbRow[] = $DbResult->fetch_array());296 while ($DbRow[] = $DbResult->fetch_array()); 297 297 $this->PermissionGroupCache[$GroupId] = $DbRow; 298 298 $PermissionExists = true; 299 299 } 300 if ($PermissionExists)301 { 302 foreach ($this->PermissionGroupCache[$GroupId] as $DbRow)303 { 304 if ($DbRow['AssignedGroup'] != '')305 if ($this->CheckGroupPermission($DbRow['AssignedGroup'], $OperationId) == true) return(true);300 if ($PermissionExists) 301 { 302 foreach ($this->PermissionGroupCache[$GroupId] as $DbRow) 303 { 304 if ($DbRow['AssignedGroup'] != '') 305 if ($this->CheckGroupPermission($DbRow['AssignedGroup'], $OperationId) == true) return true; 306 306 } 307 307 } 308 308 309 309 // Check group-operation relation 310 if (array_key_exists($GroupId.','.$OperationId, $this->PermissionGroupCacheOp))310 if (array_key_exists($GroupId.','.$OperationId, $this->PermissionGroupCacheOp)) 311 311 { 312 312 $PermissionExists = true; … … 315 315 // If no permission combination exists in cache, do new check of database items 316 316 $DbResult = $this->Database->select('PermissionGroupAssignment', '*', '`Group`="'.$GroupId.'" AND `AssignedOperation`="'.$OperationId.'"'); 317 if ($DbResult->num_rows > 0) $this->PermissionGroupCacheOp[$GroupId.','.$OperationId] = true;317 if ($DbResult->num_rows > 0) $this->PermissionGroupCacheOp[$GroupId.','.$OperationId] = true; 318 318 else $this->PermissionGroupCacheOp[$GroupId.','.$OperationId] = false; 319 319 $PermissionExists = true; 320 320 } 321 if ($PermissionExists)322 { 323 return ($this->PermissionGroupCacheOp[$GroupId.','.$OperationId]);324 } 325 return (false);321 if ($PermissionExists) 322 { 323 return $this->PermissionGroupCacheOp[$GroupId.','.$OperationId]; 324 } 325 return false; 326 326 } 327 327 … … 330 330 // Get module id 331 331 $DbResult = $this->Database->select('Module', 'Id', '`Name`="'.$Module.'"'); 332 if ($DbResult->num_rows > 0)332 if ($DbResult->num_rows > 0) 333 333 { 334 334 $DbRow = $DbResult->fetch_assoc(); 335 335 $ModuleId = $DbRow['Id']; 336 } else return (false);336 } else return false; 337 337 338 338 // First try to check cache 339 if (in_array(array($Module, $Operation, $ItemType, $ItemType), $this->PermissionCache))339 if (in_array(array($Module, $Operation, $ItemType, $ItemType), $this->PermissionCache)) 340 340 { 341 341 $OperationId = array_search(array($Module, $Operation, $ItemType, $ItemIndex), $this->PermissionCache); … … 346 346 $DbResult = $this->Database->select('PermissionOperation', 'Id', '(`Module`="'.$ModuleId. 347 347 '") AND (`Item`="'.$ItemType.'") AND (`ItemId`='.$ItemIndex.') AND (`Operation`="'.$Operation.'")'); 348 if ($DbResult->num_rows > 0)348 if ($DbResult->num_rows > 0) 349 349 { 350 350 $DbRow = $DbResult->fetch_array(); … … 359 359 } 360 360 361 if ($PermissionExists)362 { 363 if ($this->User['Id'] == null) $UserCondition = '(`User` IS NULL)';361 if ($PermissionExists) 362 { 363 if ($this->User['Id'] == null) $UserCondition = '(`User` IS NULL)'; 364 364 else $UserCondition = '(`User`="'.$this->User['Id'].'")'; 365 365 // Check user-operation relation 366 366 $DbResult = $this->Database->select('PermissionUserAssignment', '*', $UserCondition.' AND (`AssignedOperation`="'.$OperationId.'")'); 367 if ($DbResult->num_rows > 0) return(true);367 if ($DbResult->num_rows > 0) return true; 368 368 369 369 // Check user-group relation 370 370 $DbResult = $this->Database->select('PermissionUserAssignment', 'AssignedGroup', $UserCondition); 371 while ($DbRow = $DbResult->fetch_array())372 { 373 if ($this->CheckGroupPermission($DbRow['AssignedGroup'], $OperationId) == true) return(true);374 } 375 return (false);376 } else return (false);371 while ($DbRow = $DbResult->fetch_array()) 372 { 373 if ($this->CheckGroupPermission($DbRow['AssignedGroup'], $OperationId) == true) return true; 374 } 375 return false; 376 } else return false; 377 377 } 378 378 … … 380 380 { 381 381 $DbResult = $this->Database->select('User', 'Login, Name, Id, Email, Password', '`Login`="'.$Login.'" AND `Email`="'.$Email.'"'); 382 if ($DbResult->num_rows > 0)382 if ($DbResult->num_rows > 0) 383 383 { 384 384 $Row = $DbResult->fetch_array(); … … 399 399 400 400 $Output = USER_PASSWORD_RECOVERY_SUCCESS; 401 if ($this->System->ModuleManager->ModulePresent('Log'))401 if ($this->System->ModuleManager->ModulePresent('Log')) 402 402 $this->System->ModuleManager->Modules['Log']->NewRecord('User', 'PasswordRecoveryRequest', 'Login='.$Login.',Email='.$Email); 403 403 } else $Output = USER_PASSWORD_RECOVERY_FAIL; 404 return ($Output);404 return $Output; 405 405 } 406 406 … … 408 408 { 409 409 $DbResult = $this->Database->select('User', 'Id, Login, Password', 'Id = '.$Id); 410 if ($DbResult->num_rows > 0)410 if ($DbResult->num_rows > 0) 411 411 { 412 412 $Row = $DbResult->fetch_array(); 413 413 $NewPassword2 = substr(sha1(strtoupper($Row['Login'])), 0, 7); 414 if (($NewPassword == $NewPassword2) and ($Hash == $Row['Password']))414 if (($NewPassword == $NewPassword2) and ($Hash == $Row['Password'])) 415 415 { 416 416 $PasswordHash = new PasswordHash(); … … 418 418 $this->Database->update('User', 'Id='.$Row['Id'], array('Password' => $PasswordHash->Hash($NewPassword, $Salt), 419 419 'Salt' => $Salt, 'Locked' => 0)); 420 if ($this->System->ModuleManager->ModulePresent('Log'))420 if ($this->System->ModuleManager->ModulePresent('Log')) 421 421 $this->System->ModuleManager->Modules['Log']->NewRecord('User', 'PasswordRecoveryConfirm', 'Login='.$Row['Login']); 422 422 } else $Output = PASSWORDS_UNMATCHED; 423 423 } else $Output = USER_NOT_FOUND; 424 return ($Output);424 return $Output; 425 425 } 426 426 … … 428 428 { 429 429 $DbResult = $this->Database->select('APIToken', 'User', '`Token`="'.$Token.'"'); 430 if ($DbResult->num_rows > 0)430 if ($DbResult->num_rows > 0) 431 431 { 432 432 $DbRow = $DbResult->fetch_assoc(); 433 433 $User = new User($this->System); 434 434 $User->User = array('Id' => $DbRow['User']); 435 return ($User->CheckPermission($Module, $Operation));436 } else return (false);435 return $User->CheckPermission($Module, $Operation); 436 } else return false; 437 437 } 438 438 }
Note:
See TracChangeset
for help on using the changeset viewer.