philipp/bm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
49fa19ed1ef590e8ccbd1a37e07dad34c865df71
bm/public_html/public/cms/modules/user.class.php
Philipp Hofer 447ae6d97d track bm files
2025-09-24 13:26:28 +02:00

438 lines
13 KiB
PHP
Raw Blame History

<?php
/** User
*
* @version 1.9.1
* @date 2007-03-27
* @author martin lenzelbauer
*
* @change 2007-06-10
* fixed bug in createDefaultUser()
*/
class User extends Page{
var $login; //login name
var $password; //password
var $autologin; //save login information in cookie
var $level; //USER_ADMIN, USER_GROUP or USER_ALL
var $root; // id(s) of root node(s) that are visible to this user
var $modules; // additional modules
/** C'tor
*/
//------------------------------------------------
function User($id, $parent){
//------------------------------------------------
parent::Page($id, $parent);
$this->name = "[unbenannter Benutzer]";
$this->login = "";
$this->password = "";
$this->autologin = false;
$this->root = "";
$this->modules = array();
$this->level = USER_ALL;
$this->editable = USER_ADMIN;
}
/** @see CmsObject::load()
*/
//-----------------------------------------------
function load($path=array()){
//-----------------------------------------------
parent::load($path);
if(!$this->classId){
return;
}
$query = sprintf("SELECT * FROM bruckm_user WHERE id = %d", $this->classId);
$result = dbQuery($query);
$line = mysqli_fetch_array($result, MYSQLI_ASSOC);
$this->login = $line['login'];
$this->autologin = $line['autologin'];
$this->level = $line['level'];
$this->root = $line['root'];
if (!empty($line['modules'])) {
$this->modules = explode(",", $line['modules']);
}
}
/** @see Page::doSave()
*/
//----------------------------------------------
function doSave(){
//----------------------------------------------
$query = sprintf("UPDATE bruckm_user SET login = %s, name = %s, autologin = %d, level = %d, root = %s, modules = %s WHERE id = %d",
sqlstring($this->login),
sqlstring($this->name),
sqlnum($this->autologin),
sqlnum($this->level),
sqlstring($this->root),
sqlstring(implode(",", $this->modules)),
sqlnum($this->classId));
dbQuery($query);
parent::doSave();
}
/** @see Page::doCreate()
*/
//----------------------------------------------
function doCreate(){
//----------------------------------------------
$query = sprintf("INSERT INTO bruckm_user (login, password, level, root, modules) VALUES (%s, %s, %s, %s, %s)",
sqlstring($this->login),
sqlstring(md5($this->password)),
sqlnum($this->level),
sqlstring($this->root),
sqlstring(implode(",", $this->modules)));
dbQuery($query);
$this->classId = mysql_insert_id();
parent::doCreate();
}
/** @see Page::doDelete()
*/
//-----------------------------------------------
function doDelete(){
//-----------------------------------------------
parent::doDelete();
$query = sprintf("DELETE FROM bruckm_user WHERE id = %d LIMIT 1", $this->classId);
dbQuery($query);
}
/** @see Page::canBeDeleted()
*/
//-----------------------------------------------
function canBeDeleted(){
//-----------------------------------------------
if($this->level < USER_ADMIN){
return true;
}
$query = sprintf("SELECT COUNT(id) FROM bruckm_user WHERE level = %d", USER_ADMIN);
$result = dbQuery($query);
$line = mysqli_fetch_array($result, MYSQL_NUM);
if($line[0] > 1){
return true;
}
logError(1, "Attempt to delete admin user", __FILE__, __LINE__);
$this->addError("Der Benutzer kann nicht gelöscht werden, da es mindestens einen Administrator geben muss!");
return false;
}
/** @see Page::install()
*/
//-----------------------------------------------
function install(){
//-----------------------------------------------
$query = sprintf("CREATE TABLE IF NOT EXISTS bruckm_user (
id INT NOT NULL AUTO_INCREMENT,
login VARCHAR(32) not null DEFAULT '',
name VARCHAR(100) not null DEFAULT '',
password VARCHAR(32) not null DEFAULT '',
level TINYINT not null DEFAULT 1,
autologin TINYINT not null DEFAULT 0,
root VARCHAR(32) not null DEFAULT '',
modules VARCHAR(32) not null DEFAULT '',
PRIMARY KEY(id),
KEY(login)
)");
dbQuery($query);
}
/** @see CmsObject::update()
*/
//-----------------------------------------------
function update(){
//-----------------------------------------------
parent::update();
if(isset($_POST['login'])){
if(strlen($_POST['login']) < 3){
$this->addError("Der Login muss mindestens 4 Zeichen lang sein!");
}
else{
$this->login = $_POST['login'];
}
}
if(!empty($_POST['password1'])){
if(strlen($_POST['password1']) < 5){
$this->addError("Das Passwort muss mindestens 5 Zeichen lang sein!");
}
else if($_POST['password1'] == $this->login){
$this->addError("Das Passwort muss sich vom Benutzernamen unterscheiden!");
}
else if($_POST['password1'] != $_POST['password2']){
$this->addError("Das Passwort und die Wiederholung stimmen nicht überein!");
}
else{
$this->changePassword($_POST['password1']);
}
}
if(isset($_POST['level'])){
$this->level = $_POST['level'];
}
if(isset($_POST['autologin'])){
$this->autologin = $_POST['autologin'];
}
if(isset($_POST['root'])){
$this->root = $_POST['root'];
}
if(isset($_POST['modules'])){
$this->modules = $_POST['modules'];
}
}
/** @see CmsObject::doPrintClassContent()
*/
//-----------------------------------------------
function doPrintClassContent(){
//-----------------------------------------------
$t = new Template(CMS_TEMPLATE_DIR."user.html");
if($this->autologin){
$t->setVar("AUTOLOGIN_ON", "checked=\"checked\"");
$t->setVar("AUTOLOGIN_OFF", "");
}
else{
$t->setVar("AUTOLOGIN_OFF", "checked=\"checked\"");
$t->setVar("AUTOLOGIN_ON", "");
}
$t->setVar("LOGIN", $this->login);
$levels = array(USER_ADMIN, USER_GROUP, USER_ALL);
foreach($levels as $i){
if($this->level == $i){
$t->setVar("LEVEL$i", "selected=\"selected\"");
}
else{
$t->setVar("LEVEL$i", "");
}
}
$t->setVar("ROOT", $this->root);
$t->setVar("MOD_GC_CHECKED", in_array("GalleryContainer", $this->modules) ? 'checked="checked"' : '');
$t->setVar("MOD_TR_CHECKED", in_array("TicketRoot", $this->modules) ? 'checked="checked"' : '');
$t->setVar("MOD_NR_CHECKED", in_array("NewsletterRoot", $this->modules) ? 'checked="checked"' : '');
$t->setVar("MOD_CR_CHECKED", in_array("CustomerRoot", $this->modules) ? 'checked="checked"' : '');
return $t->toString();
}
/** prints content for not editable objects
*/
//----------------------------------------------------
function doPrintNotEditable(){
//----------------------------------------------------
$out = $this->doPrintErrors();
$t = new Template(CMS_TEMPLATE_DIR."userpwd.html");
if($this->autologin){
$t->setVar("AUTOLOGIN_ON", "checked=\"checked\"");
$t->setVar("AUTOLOGIN_OFF", "");
}
else{
$t->setVar("AUTOLOGIN_OFF", "checked=\"checked\"");
$t->setVar("AUTOLOGIN_ON", "");
}
$t->setVar("LOGIN", $this->login);
$levels = array(USER_ADMIN, USER_GROUP, USER_ALL);
foreach($levels as $i){
if($this->level == $i){
$t->setVar("LEVEL$i", "selected=\"selected\"");
}
else{
$t->setVar("LEVEL$i", "");
}
}
$out .= $t->toString();
return $out;
}
/** @see CmsObject::printChildContent()
*/
//-----------------------------------------------
function printChildContent(){
//-----------------------------------------------
$t = new Template(CMS_TEMPLATE_DIR."child.html");
$t->setVar("TITLE", FlexiconFactory::nameOfClass(get_class($this)));
$t->setVar("NAME", $this->name);
switch($this->level){
case USER_ADMIN:
$t->setVar("CLASS", "user_admin");
break;
case USER_GROUP:
$t->setVar("CLASS", "user_group");
break;
case USER_ALL:
$t->setVar("CLASS", "user_all");
break;
}
$t->setVar("PATH", $this->printPath());
$t->setVar("ID", $this->id);
return $t->toString();
}
/** @see CmsObject::getCssClass()
*/
//------------------------------------------------
function getCssClass(){
//------------------------------------------------
if($this->level == USER_ADMIN){
return "itemUserAdmin";
}
if($this->level == USER_GROUP){
return "itemUserGroup";
}
return "itemUserAll";
}
// === ADDITIONAL METHODS ============================================= //
/** changes the user's password
*/
//----------------------------------------------
function changePassword($password){
//----------------------------------------------
$query = sprintf("UPDATE bruckm_user SET password = %s WHERE id = %d",
sqlstring(md5($password)),
sqlnum($this->classId));
dbQuery($query);
}
/** creates the default admin user during installation
* @param name user name
* @param login login name
* @param password password
*/
//----------------------------------------------
function createDefaultUser($name, $login, $password){
//----------------------------------------------
//check if there already is an admin
$query = sprintf("SELECT COUNT(id) FROM bruckm_user WHERE level = %d", USER_ADMIN);
$result = dbQuery($query);
$line = mysqli_fetch_array($result, MYSQL_NUM);
if($line[0] > 0){
return;
}
$query = sprintf("INSERT INTO bruckm_user (name, login, password, level) VALUES (%s, %s, %s, %d)",
sqlstring($name),
sqlstring($login),
sqlstring(md5($password)),
sqlnum(USER_ADMIN));
dbQuery($query);
$classId = mysql_insert_id();
$query = sprintf("INSERT INTO bruckm_index (name, lastUpdate, class, classId,
parentId, editable, listable, visible)
VALUES (%s, NOW(), %s, %d, 0, '3', '2', 1)",
sqlstring($name),
sqlstring("User"),
sqlnum($classId));
dbQuery($query);
}
/** performs login check and sets session variables
* @param login login
* @param password password
* @return true if the login was successfull
*/
//----------------------------------------------
function login($login=NULL, $password=NULL){
//---------------------------------------------
global $loginError;
//cookie autologin
if($login == NULL && $password == NULL){
if(!isset($_COOKIE['user'])){
return false;
}
$query = sprintf("SELECT * FROM bruckm_user WHERE login = %s", sqlstring($_COOKIE['user']));
$result = dbQuery($query);
if($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$query = sprintf("SELECT visible FROM bruckm_index WHERE class = 'User' and classId = %d", $line['id']);
$result2 = dbQuery($query);
$user = mysqli_fetch_array($result2, MYSQLI_ASSOC);
if(!$user['visible']){
$loginError = "Dieser Benutzer ist zur Zeit deaktiviert!";
return false;
}
$_SESSION['login'] = true;
$_SESSION['user'] = $line['login'];
$_SESSION['username'] = $line['name'];
$_SESSION['userid'] = $line['id'];
$_SESSION['userlevel'] = $line['level'];
$_SESSION['userroot'] = $line['root'];
$_SESSION['usermodules'] = explode(",", $line['modules']);
if($line['autologin']){
setcookie("user", $line['login'], time() + 60*60*24*30);
}
return true;
}
return false;
}
//form authentication
$query = sprintf("SELECT * FROM bruckm_user WHERE login = %s", sqlstring($_POST['login']));
$result = dbQuery($query);
if($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$query = sprintf("SELECT visible FROM bruckm_index WHERE class = 'User' and classId = %d", $line['id']);
$result2 = dbQuery($query);
$user = mysqli_fetch_array($result2, MYSQLI_ASSOC);
if(!$user['visible']){
$loginError = "Dieser Benutzer ist zur Zeit deaktiviert!";
return false;
}
if(md5($_POST['password']) != $line['password']){
logError(1, "Login failed: Wrong password (User: $_POST[username])", __FILE__, __LINE__);
$loginError = "Das Passwort ist falsch!";
return false;
}
$_SESSION['login'] = true;
$_SESSION['user'] = $line['login'];
$_SESSION['username'] = $line['name'];
$_SESSION['userid'] = $line['id'];
$_SESSION['userlevel'] = $line['level'];
$_SESSION['userroot'] = $line['root'];
$_SESSION['usermodules'] = explode(",", $line['modules']);
if($line['autologin']){
setcookie("user", $line['login'], time() + 60*60*24*30);
}
return true;
}
logError(1, "Login failed: Wrong username (User: $_POST[username])", __FILE__, __LINE__);
$loginError = "Der Benutzername ist falsch!";
return false;
}
/** delets the cookie
*/
//--------------------------------------------
function logout(){
//--------------------------------------------
setcookie("user", "", time() - 60*60*24);
}
/** returns the login
* @return string
*/
//-------------------------------------------
function getLogin(){
//-------------------------------------------
return $this->login;
}
};
?>
Reference in New Issue View Git Blame Copy Permalink