Ignore:
Timestamp:
Apr 14, 2020, 11:13:32 PM (5 years ago)
Author:
chronos
Message:
  • Modified: Improved code formatting.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/Modules/User/UserModel.php

    r6 r7  
    3232  function Hash($Password, $Salt)
    3333  {
    34     return(sha1(sha1($Password).$Salt));
     34    return sha1(sha1($Password).$Salt);
    3535  }
    3636
    3737  function Verify($Password, $Salt, $StoredHash)
    3838  {
    39     return($this->Hash($Password, $Salt) == $StoredHash);
     39    return $this->Hash($Password, $Salt) == $StoredHash;
    4040  }
    4141
     
    7373    // Lookup user record
    7474    $Query = $this->Database->select('UserOnline', '*', 'SessionId="'.$SID.'"');
    75     if($Query->num_rows > 0)
     75    if ($Query->num_rows > 0)
    7676    {
    7777      // Refresh time of last access
     
    8383
    8484    // Logged permanently?
    85     if(array_key_exists('LoginHash', $_COOKIE))
     85    if (array_key_exists('LoginHash', $_COOKIE))
    8686    {
    8787      $DbResult = $this->Database->query('SELECT * FROM `UserOnline` WHERE `User`='.$_COOKIE['LoginUserId'].
    8888        ' AND `StayLogged`=1 AND SessionId!="'.$SID.'"');
    89       if($DbResult->num_rows > 0)
     89      if ($DbResult->num_rows > 0)
    9090      {
    9191        $DbRow = $DbResult->fetch_assoc();
    92         if(sha1($_COOKIE['LoginUserId'].$DbRow['StayLoggedHash']) == $_COOKIE['LoginHash'])
     92        if (sha1($_COOKIE['LoginUserId'].$DbRow['StayLoggedHash']) == $_COOKIE['LoginHash'])
    9393        {
    9494          $this->Database->query('DELETE FROM `UserOnline` WHERE `SessionId`="'.$SID.'"');
     
    101101    $Query = $this->Database->select('UserOnline', '*', '`SessionId`="'.$SID.'"');
    102102    $Row = $Query->fetch_assoc();
    103     if($Row['User'] != '')
     103    if ($Row['User'] != '')
    104104    {
    105105      $Query = $this->Database->query('SELECT `User`.* FROM `User` '.
     
    116116    // Remove nonactive users
    117117    $DbResult = $this->Database->select('UserOnline', '`Id`, `User`', '(`ActivityTime` < DATE_SUB(NOW(), INTERVAL '.$this->OnlineStateTimeout.' SECOND)) AND (`StayLogged` = 0)');
    118     while($DbRow = $DbResult->fetch_array())
     118    while ($DbRow = $DbResult->fetch_array())
    119119    {
    120120      $this->Database->delete('UserOnline', 'Id='.$DbRow['Id']);
    121       if(($DbRow['User'] != null) and $this->System->ModuleManager->ModulePresent('Log'))
     121      if (($DbRow['User'] != null) and $this->System->ModuleManager->ModulePresent('Log'))
    122122        $this->System->ModuleManager->Modules['Log']->NewRecord('User', 'Logout');
    123123    }
     
    130130  function Register($Login, $Password, $Password2, $Email, $Name)
    131131  {
    132     if(($Email == '') || ($Login == '') || ($Password == '') || ($Password2 == '')  || ($Name == '')) $Result = DATA_MISSING;
    133     else if($Password != $Password2) $Result = PASSWORDS_UNMATCHED;
     132    if (($Email == '') || ($Login == '') || ($Password == '') || ($Password2 == '')  || ($Name == '')) $Result = DATA_MISSING;
     133    else if ($Password != $Password2) $Result = PASSWORDS_UNMATCHED;
    134134    else
    135135    {
    136136      // Is user registred yet?
    137137      $Query = $this->Database->select('User', '*', 'Login = "'.$Login.'"');
    138       if($Query->num_rows > 0) $Result = LOGIN_USED;
     138      if ($Query->num_rows > 0) $Result = LOGIN_USED;
    139139      else
    140140      {
    141141        $Query = $this->Database->select('User', '*', 'Name = "'.$Name.'"');
    142         if($Query->num_rows > 0) $Result = NAME_USED;
     142        if ($Query->num_rows > 0) $Result = NAME_USED;
    143143        else
    144144        {
    145145          $Query = $this->Database->select('User', '*', 'Email = "'.$Email.'"');
    146           if($Query->num_rows > 0) $Result = EMAIL_USED;
     146          if ($Query->num_rows > 0) $Result = EMAIL_USED;
    147147          else
    148148          {
     
    175175
    176176            $Result = USER_REGISTRATED;
    177             if($this->System->ModuleManager->ModulePresent('Log'))
     177            if ($this->System->ModuleManager->ModulePresent('Log'))
    178178              $this->System->ModuleManager->Modules['Log']->NewRecord('User', 'NewRegistration', $Login);
    179179          }
     
    181181      }
    182182    }
    183     return($Result);
     183    return $Result;
    184184  }
    185185
     
    187187  {
    188188    $DbResult = $this->Database->select('User', 'Id, Login, Password', 'Id = '.$Id);
    189     if($DbResult->num_rows > 0)
     189    if ($DbResult->num_rows > 0)
    190190    {
    191191      $Row = $DbResult->fetch_array();
    192192      $NewPassword = substr(sha1(strtoupper($Row['Login'])), 0, 7);
    193       if($Hash == $NewPassword)
     193      if ($Hash == $NewPassword)
    194194      {
    195195        $this->Database->update('User', 'Id='.$Row['Id'], array('Locked' => 0));
    196196        $Output = USER_REGISTRATION_CONFIRMED;
    197         if($this->System->ModuleManager->ModulePresent('Log'))
     197        if ($this->System->ModuleManager->ModulePresent('Log'))
    198198          $this->System->ModuleManager->Modules['Log']->NewRecord('User', 'RegisterConfirm', 'Login='.
    199199            $Row['Login'].', Id='.$Row['Id']);
    200200      } else $Output = PASSWORDS_UNMATCHED;
    201201    } else $Output = USER_NOT_FOUND;
    202     return($Output);
     202    return $Output;
    203203  }
    204204
    205205  function Login($Login, $Password, $StayLogged = false)
    206206  {
    207     if($StayLogged) $StayLogged = 1; else $StayLogged = 0;
     207    if ($StayLogged) $StayLogged = 1; else $StayLogged = 0;
    208208    $SID = session_id();
    209209    $Query = $this->Database->select('User', '*', 'Login="'.$Login.'"');
    210     if($Query->num_rows > 0)
     210    if ($Query->num_rows > 0)
    211211    {
    212212      $Row = $Query->fetch_assoc();
    213213      $PasswordHash = new PasswordHash();
    214       if(!$PasswordHash->Verify($Password, $Row['Salt'], $Row['Password'])) $Result = BAD_PASSWORD;
    215       else if($Row['Locked'] == 1) $Result = ACCOUNT_LOCKED;
     214      if (!$PasswordHash->Verify($Password, $Row['Salt'], $Row['Password'])) $Result = BAD_PASSWORD;
     215      else if ($Row['Locked'] == 1) $Result = ACCOUNT_LOCKED;
    216216      else
    217217      {
     
    222222        $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array(
    223223          'User' => $Row['Id'], 'StayLogged' => $StayLogged, 'StayLoggedHash' => $StayLoggedSalt));
    224         if($StayLogged)
     224        if ($StayLogged)
    225225        {
    226226          setcookie('LoginUserId', $Row['Id'], time()+365*24*60*60, $this->System->Link('/'));
     
    233233        $Result = USER_LOGGED_IN;
    234234        $this->Check();
    235         if(array_key_exists('Log', $this->System->ModuleManager->Modules))
     235        if (array_key_exists('Log', $this->System->ModuleManager->Modules))
    236236          $this->System->ModuleManager->Modules['Log']->NewRecord('User', 'Login', 'Login='.$Login.',Host='.gethostbyaddr(GetRemoteAddress()));
    237237      }
    238238    } else $Result = USER_NOT_REGISTRED;
    239     return($Result);
     239    return $Result;
    240240  }
    241241
     
    244244    $SID = session_id();
    245245    $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array('User' => null));
    246     if($this->System->ModuleManager->ModulePresent('Log'))
     246    if ($this->System->ModuleManager->ModulePresent('Log'))
    247247      $this->System->ModuleManager->Modules['Log']->NewRecord('User', 'Logout', $this->User['Login']);
    248248    $this->Check();
    249     return(USER_LOGGED_OUT);
     249    return USER_LOGGED_OUT;
    250250  }
    251251
     
    254254    $this->Roles = array();
    255255    $DbResult = $this->Database->select('UserRole', '*');
    256     while($DbRow = $DbResult->fetch_array())
     256    while ($DbRow = $DbResult->fetch_array())
    257257      $this->Roles[] = $DbRow;
    258258  }
     
    262262    $this->User['Permission'] = array();
    263263    $DbResult = $this->Database->query('SELECT `UserRolePermission`.*, `PermissionOperation`.`Description` FROM `UserRolePermission` JOIN `PermissionOperation` ON `PermissionOperation`.`Id` = `UserRolePermission`.`Operation` WHERE `UserRolePermission`.`Role` = '.$Role);
    264     if($DbResult->num_rows > 0)
    265     while($DbRow = $DbResult->fetch_array())
     264    if ($DbResult->num_rows > 0)
     265    while ($DbRow = $DbResult->fetch_array())
    266266      $this->User['Permission'][$DbRow['Operation']] = $DbRow;
    267267  }
     
    271271    $Result = array();
    272272    $DbResult = $this->Database->query('SELECT `UserRolePermission`.*, `PermissionOperation`.`Description`, `UserRole`.`Title` FROM `UserRolePermission` LEFT JOIN `PermissionOperation` ON `PermissionOperation`.`Id` = `UserRolePermission`.`Operation` LEFT JOIN `UserRole` ON `UserRole`.`Id` = `UserRolePermission`.`Role`');
    273     while($DbRow = $DbResult->fetch_array())
     273    while ($DbRow = $DbResult->fetch_array())
    274274    {
    275275      $Value = '';
    276       if($DbRow['Read']) $Value .= 'R';
    277       if($DbRow['Write']) $Value .= 'W';
     276      if ($DbRow['Read']) $Value .= 'R';
     277      if ($DbRow['Write']) $Value .= 'W';
    278278      $Result[$DbRow['Description']][$DbRow['Title']] = $Value;
    279279    }
    280     return($Result);
     280    return $Result;
    281281  }
    282282
     
    285285    $PermissionExists = false;
    286286    // First try to check cache group-group relation
    287     if(array_key_exists($GroupId, $this->PermissionGroupCache))
     287    if (array_key_exists($GroupId, $this->PermissionGroupCache))
    288288    {
    289289      $PermissionExists = true;
     
    294294        '") AND (`AssignedGroup` IS NOT NULL)');
    295295      $DbRow = array();
    296       while($DbRow[] = $DbResult->fetch_array());
     296      while ($DbRow[] = $DbResult->fetch_array());
    297297        $this->PermissionGroupCache[$GroupId] = $DbRow;
    298298      $PermissionExists = true;
    299299    }
    300     if($PermissionExists)
    301     {
    302       foreach($this->PermissionGroupCache[$GroupId] as $DbRow)
    303       {
    304         if($DbRow['AssignedGroup'] != '')
    305         if($this->CheckGroupPermission($DbRow['AssignedGroup'], $OperationId) == true) return(true);
     300    if ($PermissionExists)
     301    {
     302      foreach ($this->PermissionGroupCache[$GroupId] as $DbRow)
     303      {
     304        if ($DbRow['AssignedGroup'] != '')
     305        if ($this->CheckGroupPermission($DbRow['AssignedGroup'], $OperationId) == true) return true;
    306306      }
    307307    }
    308308
    309309    // Check group-operation relation
    310     if(array_key_exists($GroupId.','.$OperationId, $this->PermissionGroupCacheOp))
     310    if (array_key_exists($GroupId.','.$OperationId, $this->PermissionGroupCacheOp))
    311311    {
    312312      $PermissionExists = true;
     
    315315      // If no permission combination exists in cache, do new check of database items
    316316      $DbResult = $this->Database->select('PermissionGroupAssignment', '*', '`Group`="'.$GroupId.'" AND `AssignedOperation`="'.$OperationId.'"');
    317       if($DbResult->num_rows > 0) $this->PermissionGroupCacheOp[$GroupId.','.$OperationId] = true;
     317      if ($DbResult->num_rows > 0) $this->PermissionGroupCacheOp[$GroupId.','.$OperationId] = true;
    318318        else $this->PermissionGroupCacheOp[$GroupId.','.$OperationId] = false;
    319319      $PermissionExists = true;
    320320    }
    321     if($PermissionExists)
    322     {
    323       return($this->PermissionGroupCacheOp[$GroupId.','.$OperationId]);
    324     }
    325     return(false);
     321    if ($PermissionExists)
     322    {
     323      return $this->PermissionGroupCacheOp[$GroupId.','.$OperationId];
     324    }
     325    return false;
    326326  }
    327327
     
    330330    // Get module id
    331331    $DbResult = $this->Database->select('Module', 'Id', '`Name`="'.$Module.'"');
    332     if($DbResult->num_rows > 0)
     332    if ($DbResult->num_rows > 0)
    333333    {
    334334      $DbRow = $DbResult->fetch_assoc();
    335335      $ModuleId = $DbRow['Id'];
    336     } else return(false);
     336    } else return false;
    337337
    338338    // First try to check cache
    339     if(in_array(array($Module, $Operation, $ItemType, $ItemType), $this->PermissionCache))
     339    if (in_array(array($Module, $Operation, $ItemType, $ItemType), $this->PermissionCache))
    340340    {
    341341      $OperationId = array_search(array($Module, $Operation, $ItemType, $ItemIndex), $this->PermissionCache);
     
    346346      $DbResult = $this->Database->select('PermissionOperation', 'Id', '(`Module`="'.$ModuleId.
    347347        '") AND (`Item`="'.$ItemType.'") AND (`ItemId`='.$ItemIndex.') AND (`Operation`="'.$Operation.'")');
    348       if($DbResult->num_rows > 0)
     348      if ($DbResult->num_rows > 0)
    349349      {
    350350        $DbRow = $DbResult->fetch_array();
     
    359359    }
    360360
    361     if($PermissionExists)
    362     {
    363       if($this->User['Id'] == null) $UserCondition = '(`User` IS NULL)';
     361    if ($PermissionExists)
     362    {
     363      if ($this->User['Id'] == null) $UserCondition = '(`User` IS NULL)';
    364364        else $UserCondition = '(`User`="'.$this->User['Id'].'")';
    365365      // Check user-operation relation
    366366      $DbResult = $this->Database->select('PermissionUserAssignment', '*', $UserCondition.' AND (`AssignedOperation`="'.$OperationId.'")');
    367       if($DbResult->num_rows > 0) return(true);
     367      if ($DbResult->num_rows > 0) return true;
    368368
    369369      // Check user-group relation
    370370      $DbResult = $this->Database->select('PermissionUserAssignment', 'AssignedGroup', $UserCondition);
    371       while($DbRow = $DbResult->fetch_array())
    372       {
    373        if($this->CheckGroupPermission($DbRow['AssignedGroup'], $OperationId) == true) return(true);
    374       }
    375       return(false);
    376     } else return(false);
     371      while ($DbRow = $DbResult->fetch_array())
     372      {
     373       if ($this->CheckGroupPermission($DbRow['AssignedGroup'], $OperationId) == true) return true;
     374      }
     375      return false;
     376    } else return false;
    377377  }
    378378
     
    380380  {
    381381    $DbResult = $this->Database->select('User', 'Login, Name, Id, Email, Password', '`Login`="'.$Login.'" AND `Email`="'.$Email.'"');
    382     if($DbResult->num_rows > 0)
     382    if ($DbResult->num_rows > 0)
    383383    {
    384384      $Row = $DbResult->fetch_array();
     
    399399
    400400      $Output = USER_PASSWORD_RECOVERY_SUCCESS;
    401       if($this->System->ModuleManager->ModulePresent('Log'))
     401      if ($this->System->ModuleManager->ModulePresent('Log'))
    402402        $this->System->ModuleManager->Modules['Log']->NewRecord('User', 'PasswordRecoveryRequest', 'Login='.$Login.',Email='.$Email);
    403403    } else $Output = USER_PASSWORD_RECOVERY_FAIL;
    404     return($Output);
     404    return $Output;
    405405  }
    406406
     
    408408  {
    409409    $DbResult = $this->Database->select('User', 'Id, Login, Password', 'Id = '.$Id);
    410     if($DbResult->num_rows > 0)
     410    if ($DbResult->num_rows > 0)
    411411    {
    412412      $Row = $DbResult->fetch_array();
    413413      $NewPassword2 = substr(sha1(strtoupper($Row['Login'])), 0, 7);
    414       if(($NewPassword == $NewPassword2) and ($Hash == $Row['Password']))
     414      if (($NewPassword == $NewPassword2) and ($Hash == $Row['Password']))
    415415      {
    416416        $PasswordHash = new PasswordHash();
     
    418418        $this->Database->update('User', 'Id='.$Row['Id'], array('Password' => $PasswordHash->Hash($NewPassword, $Salt),
    419419          'Salt' => $Salt, 'Locked' => 0));
    420         if($this->System->ModuleManager->ModulePresent('Log'))
     420        if ($this->System->ModuleManager->ModulePresent('Log'))
    421421          $this->System->ModuleManager->Modules['Log']->NewRecord('User', 'PasswordRecoveryConfirm', 'Login='.$Row['Login']);
    422422      } else $Output = PASSWORDS_UNMATCHED;
    423423    } else $Output = USER_NOT_FOUND;
    424     return($Output);
     424    return $Output;
    425425  }
    426426
     
    428428  {
    429429    $DbResult = $this->Database->select('APIToken', 'User', '`Token`="'.$Token.'"');
    430     if($DbResult->num_rows > 0)
     430    if ($DbResult->num_rows > 0)
    431431    {
    432432      $DbRow = $DbResult->fetch_assoc();
    433433      $User = new User($this->System);
    434434      $User->User = array('Id' => $DbRow['User']);
    435       return($User->CheckPermission($Module, $Operation));
    436     } else return(false);
     435      return $User->CheckPermission($Module, $Operation);
     436    } else return false;
    437437  }
    438438}
Note: See TracChangeset for help on using the changeset viewer.