name = "[unbenannter Benutzer]"; $this->login = ""; $this->password = ""; $this->autologin = false; $this->root = ""; $this->modules = array(); $this->level = USER_ALL; $this->editable = USER_ADMIN; } /** @see CmsObject::load() */ //----------------------------------------------- function load($path=array()){ //----------------------------------------------- parent::load($path); if(!$this->classId){ return; } $query = sprintf("SELECT * FROM bruckm_user WHERE id = %d", $this->classId); $result = dbQuery($query); $line = mysqli_fetch_array($result, MYSQLI_ASSOC); $this->login = $line['login']; $this->autologin = $line['autologin']; $this->level = $line['level']; $this->root = $line['root']; if (!empty($line['modules'])) { $this->modules = explode(",", $line['modules']); } } /** @see Page::doSave() */ //---------------------------------------------- function doSave(){ //---------------------------------------------- $query = sprintf("UPDATE bruckm_user SET login = %s, name = %s, autologin = %d, level = %d, root = %s, modules = %s WHERE id = %d", sqlstring($this->login), sqlstring($this->name), sqlnum($this->autologin), sqlnum($this->level), sqlstring($this->root), sqlstring(implode(",", $this->modules)), sqlnum($this->classId)); dbQuery($query); parent::doSave(); } /** @see Page::doCreate() */ //---------------------------------------------- function doCreate(){ //---------------------------------------------- $query = sprintf("INSERT INTO bruckm_user (login, password, level, root, modules) VALUES (%s, %s, %s, %s, %s)", sqlstring($this->login), sqlstring(md5($this->password)), sqlnum($this->level), sqlstring($this->root), sqlstring(implode(",", $this->modules))); dbQuery($query); $this->classId = mysql_insert_id(); parent::doCreate(); } /** @see Page::doDelete() */ //----------------------------------------------- function doDelete(){ //----------------------------------------------- parent::doDelete(); $query = sprintf("DELETE FROM bruckm_user WHERE id = %d LIMIT 1", $this->classId); dbQuery($query); } /** @see Page::canBeDeleted() */ //----------------------------------------------- function canBeDeleted(){ //----------------------------------------------- if($this->level < USER_ADMIN){ return true; } $query = sprintf("SELECT COUNT(id) FROM bruckm_user WHERE level = %d", USER_ADMIN); $result = dbQuery($query); $line = mysqli_fetch_array($result, MYSQL_NUM); if($line[0] > 1){ return true; } logError(1, "Attempt to delete admin user", __FILE__, __LINE__); $this->addError("Der Benutzer kann nicht gelöscht werden, da es mindestens einen Administrator geben muss!"); return false; } /** @see Page::install() */ //----------------------------------------------- function install(){ //----------------------------------------------- $query = sprintf("CREATE TABLE IF NOT EXISTS bruckm_user ( id INT NOT NULL AUTO_INCREMENT, login VARCHAR(32) not null DEFAULT '', name VARCHAR(100) not null DEFAULT '', password VARCHAR(32) not null DEFAULT '', level TINYINT not null DEFAULT 1, autologin TINYINT not null DEFAULT 0, root VARCHAR(32) not null DEFAULT '', modules VARCHAR(32) not null DEFAULT '', PRIMARY KEY(id), KEY(login) )"); dbQuery($query); } /** @see CmsObject::update() */ //----------------------------------------------- function update(){ //----------------------------------------------- parent::update(); if(isset($_POST['login'])){ if(strlen($_POST['login']) < 3){ $this->addError("Der Login muss mindestens 4 Zeichen lang sein!"); } else{ $this->login = $_POST['login']; } } if(!empty($_POST['password1'])){ if(strlen($_POST['password1']) < 5){ $this->addError("Das Passwort muss mindestens 5 Zeichen lang sein!"); } else if($_POST['password1'] == $this->login){ $this->addError("Das Passwort muss sich vom Benutzernamen unterscheiden!"); } else if($_POST['password1'] != $_POST['password2']){ $this->addError("Das Passwort und die Wiederholung stimmen nicht überein!"); } else{ $this->changePassword($_POST['password1']); } } if(isset($_POST['level'])){ $this->level = $_POST['level']; } if(isset($_POST['autologin'])){ $this->autologin = $_POST['autologin']; } if(isset($_POST['root'])){ $this->root = $_POST['root']; } if(isset($_POST['modules'])){ $this->modules = $_POST['modules']; } } /** @see CmsObject::doPrintClassContent() */ //----------------------------------------------- function doPrintClassContent(){ //----------------------------------------------- $t = new Template(CMS_TEMPLATE_DIR."user.html"); if($this->autologin){ $t->setVar("AUTOLOGIN_ON", "checked=\"checked\""); $t->setVar("AUTOLOGIN_OFF", ""); } else{ $t->setVar("AUTOLOGIN_OFF", "checked=\"checked\""); $t->setVar("AUTOLOGIN_ON", ""); } $t->setVar("LOGIN", $this->login); $levels = array(USER_ADMIN, USER_GROUP, USER_ALL); foreach($levels as $i){ if($this->level == $i){ $t->setVar("LEVEL$i", "selected=\"selected\""); } else{ $t->setVar("LEVEL$i", ""); } } $t->setVar("ROOT", $this->root); $t->setVar("MOD_GC_CHECKED", in_array("GalleryContainer", $this->modules) ? 'checked="checked"' : ''); $t->setVar("MOD_TR_CHECKED", in_array("TicketRoot", $this->modules) ? 'checked="checked"' : ''); $t->setVar("MOD_NR_CHECKED", in_array("NewsletterRoot", $this->modules) ? 'checked="checked"' : ''); $t->setVar("MOD_CR_CHECKED", in_array("CustomerRoot", $this->modules) ? 'checked="checked"' : ''); return $t->toString(); } /** prints content for not editable objects */ //---------------------------------------------------- function doPrintNotEditable(){ //---------------------------------------------------- $out = $this->doPrintErrors(); $t = new Template(CMS_TEMPLATE_DIR."userpwd.html"); if($this->autologin){ $t->setVar("AUTOLOGIN_ON", "checked=\"checked\""); $t->setVar("AUTOLOGIN_OFF", ""); } else{ $t->setVar("AUTOLOGIN_OFF", "checked=\"checked\""); $t->setVar("AUTOLOGIN_ON", ""); } $t->setVar("LOGIN", $this->login); $levels = array(USER_ADMIN, USER_GROUP, USER_ALL); foreach($levels as $i){ if($this->level == $i){ $t->setVar("LEVEL$i", "selected=\"selected\""); } else{ $t->setVar("LEVEL$i", ""); } } $out .= $t->toString(); return $out; } /** @see CmsObject::printChildContent() */ //----------------------------------------------- function printChildContent(){ //----------------------------------------------- $t = new Template(CMS_TEMPLATE_DIR."child.html"); $t->setVar("TITLE", FlexiconFactory::nameOfClass(get_class($this))); $t->setVar("NAME", $this->name); switch($this->level){ case USER_ADMIN: $t->setVar("CLASS", "user_admin"); break; case USER_GROUP: $t->setVar("CLASS", "user_group"); break; case USER_ALL: $t->setVar("CLASS", "user_all"); break; } $t->setVar("PATH", $this->printPath()); $t->setVar("ID", $this->id); return $t->toString(); } /** @see CmsObject::getCssClass() */ //------------------------------------------------ function getCssClass(){ //------------------------------------------------ if($this->level == USER_ADMIN){ return "itemUserAdmin"; } if($this->level == USER_GROUP){ return "itemUserGroup"; } return "itemUserAll"; } // === ADDITIONAL METHODS ============================================= // /** changes the user's password */ //---------------------------------------------- function changePassword($password){ //---------------------------------------------- $query = sprintf("UPDATE bruckm_user SET password = %s WHERE id = %d", sqlstring(md5($password)), sqlnum($this->classId)); dbQuery($query); } /** creates the default admin user during installation * @param name user name * @param login login name * @param password password */ //---------------------------------------------- function createDefaultUser($name, $login, $password){ //---------------------------------------------- //check if there already is an admin $query = sprintf("SELECT COUNT(id) FROM bruckm_user WHERE level = %d", USER_ADMIN); $result = dbQuery($query); $line = mysqli_fetch_array($result, MYSQL_NUM); if($line[0] > 0){ return; } $query = sprintf("INSERT INTO bruckm_user (name, login, password, level) VALUES (%s, %s, %s, %d)", sqlstring($name), sqlstring($login), sqlstring(md5($password)), sqlnum(USER_ADMIN)); dbQuery($query); $classId = mysql_insert_id(); $query = sprintf("INSERT INTO bruckm_index (name, lastUpdate, class, classId, parentId, editable, listable, visible) VALUES (%s, NOW(), %s, %d, 0, '3', '2', 1)", sqlstring($name), sqlstring("User"), sqlnum($classId)); dbQuery($query); } /** performs login check and sets session variables * @param login login * @param password password * @return true if the login was successfull */ //---------------------------------------------- function login($login=NULL, $password=NULL){ //--------------------------------------------- global $loginError; //cookie autologin if($login == NULL && $password == NULL){ if(!isset($_COOKIE['user'])){ return false; } $query = sprintf("SELECT * FROM bruckm_user WHERE login = %s", sqlstring($_COOKIE['user'])); $result = dbQuery($query); if($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){ $query = sprintf("SELECT visible FROM bruckm_index WHERE class = 'User' and classId = %d", $line['id']); $result2 = dbQuery($query); $user = mysqli_fetch_array($result2, MYSQLI_ASSOC); if(!$user['visible']){ $loginError = "Dieser Benutzer ist zur Zeit deaktiviert!"; return false; } $_SESSION['login'] = true; $_SESSION['user'] = $line['login']; $_SESSION['username'] = $line['name']; $_SESSION['userid'] = $line['id']; $_SESSION['userlevel'] = $line['level']; $_SESSION['userroot'] = $line['root']; $_SESSION['usermodules'] = explode(",", $line['modules']); if($line['autologin']){ setcookie("user", $line['login'], time() + 60*60*24*30); } return true; } return false; } //form authentication $query = sprintf("SELECT * FROM bruckm_user WHERE login = %s", sqlstring($_POST['login'])); $result = dbQuery($query); if($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){ $query = sprintf("SELECT visible FROM bruckm_index WHERE class = 'User' and classId = %d", $line['id']); $result2 = dbQuery($query); $user = mysqli_fetch_array($result2, MYSQLI_ASSOC); if(!$user['visible']){ $loginError = "Dieser Benutzer ist zur Zeit deaktiviert!"; return false; } if(md5($_POST['password']) != $line['password']){ logError(1, "Login failed: Wrong password (User: $_POST[username])", __FILE__, __LINE__); $loginError = "Das Passwort ist falsch!"; return false; } $_SESSION['login'] = true; $_SESSION['user'] = $line['login']; $_SESSION['username'] = $line['name']; $_SESSION['userid'] = $line['id']; $_SESSION['userlevel'] = $line['level']; $_SESSION['userroot'] = $line['root']; $_SESSION['usermodules'] = explode(",", $line['modules']); if($line['autologin']){ setcookie("user", $line['login'], time() + 60*60*24*30); } return true; } logError(1, "Login failed: Wrong username (User: $_POST[username])", __FILE__, __LINE__); $loginError = "Der Benutzername ist falsch!"; return false; } /** delets the cookie */ //-------------------------------------------- function logout(){ //-------------------------------------------- setcookie("user", "", time() - 60*60*24); } /** returns the login * @return string */ //------------------------------------------- function getLogin(){ //------------------------------------------- return $this->login; } }; ?>