stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-04-30 10:09:12 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
2c711d8908137b6ff25941f06fe0a3f9ac02596d
gallery3/modules/user/helpers/user.php

386 lines
12 KiB
PHP
Raw Blame History

<?php defined("SYSPATH") or die("No direct script access.");
/**
* Gallery - a web based photo album viewer and editor
* Copyright (C) 2000-2009 Bharat Mediratta
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
/**
* This is the API for handling users.
*
* Note: by design, this class does not do any permission checking.
*/
class user_Core {
static function get_edit_form($user) {
$form = new Forge("users/update/$user->id", "", "post", array("id" => "g-edit-user-form"));
$form->set_attr("class", "g-narrow");
$group = $form->group("edit_user")->label(t("Edit User: %name", array("name" => $user->name)));
$group->input("full_name")->label(t("Full Name"))->id("g-fullname")->value($user->full_name);
self::_add_locale_dropdown($group, $user);
$group->password("password")->label(t("Password"))->id("g-password");
$group->password("password2")->label(t("Confirm Password"))->id("g-password2")
->matches($group->password);
$group->input("email")->label(t("Email"))->id("g-email")->value($user->email);
$group->input("url")->label(t("URL"))->id("g-url")->value($user->url);
$form->add_rules_from($user);
module::event("user_edit_form", $user, $form);
$group->submit("")->value(t("Save"));
return $form;
}
static function get_edit_form_admin($user) {
$form = new Forge(
"admin/users/edit_user/$user->id", "", "post", array("id" => "g-edit-user-form"));
$group = $form->group("edit_user")->label(t("Edit User"));
$group->input("name")->label(t("Username"))->id("g-username")->value($user->name);
$group->inputs["name"]->error_messages(
"in_use", t("There is already a user with that username"));
$group->input("full_name")->label(t("Full Name"))->id("g-fullname")->value($user->full_name);
self::_add_locale_dropdown($group, $user);
$group->password("password")->label(t("Password"))->id("g-password");
$group->password("password2")->label(t("Confirm Password"))->id("g-password2")
->matches($group->password);
$group->input("email")->label(t("Email"))->id("g-email")->value($user->email);
$group->input("url")->label(t("URL"))->id("g-url")->value($user->url);
$group->checkbox("admin")->label(t("Admin"))->id("g-admin")->checked($user->admin);
$form->add_rules_from($user);
$form->edit_user->password->rules("-required");
module::event("user_edit_form_admin", $user, $form);
$group->submit("")->value(t("Modify User"));
return $form;
}
static function get_add_form_admin() {
$form = new Forge("admin/users/add_user", "", "post", array("id" => "g-add-user-form"));
$form->set_attr('class', "g-narrow");
$group = $form->group("add_user")->label(t("Add User"));
$group->input("name")->label(t("Username"))->id("g-username")
->error_messages("in_use", t("There is already a user with that username"));
$group->input("full_name")->label(t("Full Name"))->id("g-fullname");
$group->password("password")->label(t("Password"))->id("g-password");
$group->password("password2")->label(t("Confirm Password"))->id("g-password2")
->matches($group->password);
$group->input("email")->label(t("Email"))->id("g-email");
$group->input("url")->label(t("URL"))->id("g-url");
self::_add_locale_dropdown($group);
$group->checkbox("admin")->label(t("Admin"))->id("g-admin");
$user = ORM::factory("user");
$form->add_rules_from($user);
module::event("user_add_form_admin", $user, $form);
$group->submit("")->value(t("Add User"));
return $form;
}
private static function _add_locale_dropdown(&$form, $user=null) {
$locales = locales::installed();
foreach ($locales as $locale => $display_name) {
$locales[$locale] = SafeString::of_safe_html($display_name);
}
if (count($locales) > 1) {
// Put "none" at the first position in the array
$locales = array_merge(array("" => t("« none »")), $locales);
$selected_locale = ($user && $user->locale) ? $user->locale : "";
$form->dropdown("locale")
->label(t("Language Preference"))
->options($locales)
->selected($selected_locale);
}
}
static function get_delete_form_admin($user) {
$form = new Forge("admin/users/delete_user/$user->id", "", "post",
array("id" => "g-delete-user-form"));
$group = $form->group("delete_user")->label(
t("Are you sure you want to delete user %name?", array("name" => $user->name)));
$group->submit("")->value(t("Delete user %name", array("name" => $user->name)));
return $form;
}
static function get_login_form($url) {
$form = new Forge($url, "", "post", array("id" => "g-login-form"));
$form->set_attr('class', "g-narrow");
$group = $form->group("login")->label(t("Login"));
$group->input("name")->label(t("Username"))->id("g-username")->class(null);
$group->password("password")->label(t("Password"))->id("g-password")->class(null);
$group->inputs["name"]->error_messages("invalid_login", t("Invalid name or password"));
$group->submit("")->value(t("Login"));
return $form;
}
/**
* Make sure that we have a session and group_ids cached in the session.
*/
static function load_user() {
$session = Session::instance();
if (!($user = $session->get("user"))) {
$session->set("user", $user = user::guest());
}
// The installer cannot set a user into the session, so it just sets an id which we should
// upconvert into a user.
if ($user === 2) {
$user = model_cache::get("user", 2);
user::login($user);
$session->set("user", $user);
}
if (!$session->get("group_ids")) {
$ids = array();
foreach ($user->groups as $group) {
$ids[] = $group->id;
}
$session->set("group_ids", $ids);
}
}
/**
* Return the array of group ids this user belongs to
*
* @return array
*/
static function group_ids() {
return Session::instance()->get("group_ids", array(1));
}
/**
* Return the active user. If there's no active user, return the guest user.
*
* @return User_Model
*/
static function active() {
// @todo (maybe) cache this object so we're not always doing session lookups.
$user = Session::instance()->get("user", null);
if (!isset($user)) {
// Don't do this as a fallback in the Session::get() call because it can trigger unnecessary
// work.
$user = user::guest();
}
return $user;
}
/**
* Return the guest user.
*
* @todo consider caching
*
* @return User_Model
*/
static function guest() {
return model_cache::get("user", 1);
}
/**
* Change the active user.
*
* @return User_Model
*/
static function set_active($user) {
$session = Session::instance();
$session->set("user", $user);
$session->delete("group_ids");
self::load_user();
}
/**
* Create a new user.
*
* @param string $name
* @param string $full_name
* @param string $password
* @return User_Model
*/
static function create($name, $full_name, $password) {
$user = ORM::factory("user")->where("name", $name)->find();
if ($user->loaded) {
throw new Exception("@todo USER_ALREADY_EXISTS $name");
}
$user->name = $name;
$user->full_name = $full_name;
$user->password = $password;
// Required groups
$user->add(group::everybody());
$user->add(group::registered_users());
$user->save();
return $user;
}
/**
* Is the password provided correct?
*
* @param user User Model
* @param string $password a plaintext password
* @return boolean true if the password is correct
*/
static function is_correct_password($user, $password) {
$valid = $user->password;
// Try phpass first, since that's what we generate.
if (strlen($valid) == 34) {
require_once(MODPATH . "user/lib/PasswordHash.php");
$hashGenerator = new PasswordHash(10, true);
return $hashGenerator->CheckPassword($password, $valid);
}
$salt = substr($valid, 0, 4);
// Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes:
$guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password));
if (!strcmp($guess, $valid)) {
return true;
}
// Passwords with <&"> created by G2 prior to 2.1 were hashed with entities
$sanitizedPassword = html::specialchars($password, false);
$guess = (strlen($valid) == 32) ? md5($sanitizedPassword)
: ($salt . md5($salt . $sanitizedPassword));
if (!strcmp($guess, $valid)) {
return true;
}
return false;
}
/**
* Create the hashed passwords.
* @param string $password a plaintext password
* @return string hashed password
*/
static function hash_password($password) {
require_once(MODPATH . "user/lib/PasswordHash.php");
$hashGenerator = new PasswordHash(10, true);
return $hashGenerator->HashPassword($password);
}
/**
* Log in as a given user.
* @param object $user the user object.
*/
static function login($user) {
$user->login_count += 1;
$user->last_login = time();
$user->save();
user::set_active($user);
module::event("user_login", $user);
}
/**
* Log out the active user and destroy the session.
* @param object $user the user object.
*/
static function logout() {
$user = user::active();
if (!$user->guest) {
try {
Session::instance()->destroy();
} catch (Exception $e) {
Kohana::log("error", $e);
}
module::event("user_logout", $user);
}
}
/**
* Look up a user by id.
* @param integer $id the user id
* @return User_Model the user object, or null if the id was invalid.
*/
static function lookup($id) {
return self::_lookup_user_by_field("id", $id);
}
/**
* Look up a user by name.
* @param integer $name the user name
* @return User_Model the user object, or null if the name was invalid.
*/
static function lookup_by_name($name) {
return self::_lookup_user_by_field("name", $name);
}
/**
* Look up a user by hash.
* @param integer $hash the user hash value
* @return User_Model the user object, or null if the name was invalid.
*/
static function lookup_by_hash($hash) {
return self::_lookup_user_by_field("hash", $hash);
}
/**
* List the users
* @param mixed filters (@see Database.php
* @return array the user list.
*/
static function get_user_list($filter=array()) {
$user = ORM::factory("user");
foreach($filter as $method => $args) {
switch ($method) {
case "in":
$user->in($args[0], $args[1]);
break;
default:
$user->$method($args);
}
}
return $user->find_all();
}
/**
* Look up a user by field value.
* @param string search field
* @param string search value
* @return User_Core the user object, or null if the name was invalid.
*/
private static function _lookup_user_by_field($field_name, $value) {
try {
$user = model_cache::get("user", $value, $field_name);
if ($user->loaded) {
return $user;
}
} catch (Exception $e) {
if (strpos($e->getMessage(), "MISSING_MODEL") === false) {
throw $e;
}
}
return null;
}
/**
* Create a hashed password using md5 plus salt.
* @param string $password plaintext password
* @param string $salt (optional) salt or hash containing salt (randomly generated if omitted)
* @return string hashed password
*/
private static function _md5Salt($password, $salt="") {
if (empty($salt)) {
for ($i = 0; $i < 4; $i++) {
$char = mt_rand(48, 109);
$char += ($char > 90) ? 13 : ($char > 57) ? 7 : 0;
$salt .= chr($char);
}
} else {
$salt = substr($salt, 0, 4);
}
return $salt . md5($salt . $password);
}
}
Reference in New Issue View Git Blame Copy Permalink