1: <?php
  2: /**
  3:  * This file contains the frontend user collection and item class.
  4:  *
  5:  * @package          Core
  6:  * @subpackage       GenericDB_Model
  7:  * @version          SVN Revision $Rev:$
  8:  *
  9:  * @author           Murat Purc <murat@purc.de>
 10:  * @copyright        four for business AG <www.4fb.de>
 11:  * @license          http://www.contenido.org/license/LIZENZ.txt
 12:  * @link             http://www.4fb.de
 13:  * @link             http://www.contenido.org
 14:  */
 15: 
 16: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
 17: 
 18: /**
 19:  * Frontend user collection
 20:  *
 21:  * @package Core
 22:  * @subpackage GenericDB_Model
 23:  */
 24: class cApiFrontendUserCollection extends ItemCollection {
 25: 
 26:     /**
 27:      * Constructor function
 28:      */
 29:     public function __construct() {
 30:         global $cfg;
 31:         parent::__construct($cfg['tab']['frontendusers'], 'idfrontenduser');
 32:         $this->_setItemClass('cApiFrontendUser');
 33: 
 34:         // set the join partners so that joins can be used via link() method
 35:         $this->_setJoinPartner('cApiClientCollection');
 36:     }
 37: 
 38:     /**
 39:      * Checks if a specific user already exists
 40:      *
 41:      * @param string $sUsername specifies the username to search for
 42:      * @return bool
 43:      */
 44:     public function userExists($sUsername) {
 45:         global $client;
 46: 
 47:         $feUsers = new cApiFrontendUserCollection();
 48:         $feUsers->setWhere('idclient', $client);
 49:         $feUsers->setWhere('username', strtolower($sUsername));
 50:         $feUsers->query();
 51: 
 52:         return ($feUsers->next()) ? true : false;
 53:     }
 54: 
 55:     /**
 56:      * Creates a new user
 57:      *
 58:      * @param string $username Specifies the username
 59:      * @param string $password Specifies the password (optional)
 60:      * @return cApiFrontendUser
 61:      */
 62:     public function create($username, $password = '') {
 63:         global $client, $auth;
 64: 
 65:         // Check if the username already exists
 66:         $this->select("idclient = " . (int) $client . " AND username = '" . $this->escape($username) . "'");
 67: 
 68:         if ($this->next()) {
 69:             return $this->create($username . '_' . substr(md5(rand()), 0, 10), $password);
 70:         }
 71: 
 72:         $item = parent::createNewItem();
 73:         $item->set('idclient', $client);
 74:         $item->set('username', $username);
 75:         $item->set('salt', md5($username . rand(1000, 9999) . rand(1000, 9999) . rand(1000, 9999)));
 76:         $item->set('password', $password);
 77:         $item->set('created', date('Y-m-d H:i:s'), false);
 78:         $item->set('author', $auth->auth['uid']);
 79:         $item->set('active', 0);
 80: 
 81:         $item->store();
 82: 
 83:         // Put this user into the default groups
 84:         $feGroups = new cApiFrontendGroupCollection();
 85:         $feGroups->select("idclient = " . (int) $client . " AND defaultgroup = 1");
 86: 
 87:         $feGroupMembers = new cApiFrontendGroupMemberCollection();
 88: 
 89:         $iduser = $item->get('idfrontenduser');
 90: 
 91:         while (($feGroup = $feGroups->next()) !== false) {
 92:             $idgroup = $feGroup->get('idfrontendgroup');
 93:             $feGroupMembers->create($idgroup, $iduser);
 94:         }
 95: 
 96:         return $item;
 97:     }
 98: 
 99:     /**
100:      * Overridden delete method to remove user from groupmember table
101:      * before deleting user.
102:      *
103:      * @param int $itemId specifies the frontend user
104:      * @return bool
105:      */
106:     public function delete($itemId) {
107:         // delete group memberships
108:         $feGroupMembers = new cApiFrontendGroupMemberCollection();
109:         $feGroupMembers->select('idfrontenduser = ' . (int) $itemId);
110:         while (($item = $feGroupMembers->next()) !== false) {
111:             $feGroupMembers->delete($item->get('idfrontendgroupmember'));
112:         }
113: 
114:         // delete user
115:         return parent::delete($itemId);
116:     }
117: 
118: }
119: 
120: /**
121:  * Frontend user item
122:  *
123:  * @package Core
124:  * @subpackage GenericDB_Model
125:  */
126: class cApiFrontendUser extends Item {
127: 
128:     /**
129:      * Constructor function
130:      *
131:      * @param mixed $mId Specifies the ID of item to load
132:      */
133:     public function __construct($mId = false) {
134:         global $cfg;
135:         parent::__construct($cfg['tab']['frontendusers'], 'idfrontenduser');
136:         if ($mId !== false) {
137:             $this->loadByPrimaryKey($mId);
138:         }
139:     }
140: 
141:     /**
142:      * Overridden setField method to md5 the password.
143:      * Sets the value of a specific field.
144:      *
145:      * @param string $field Specifies the field to set
146:      * @param string $value Specifies the value to set
147:      * @param bool $safe Flag to use defined inFilter
148:      * @return bool
149:      */
150:     public function setField($field, $value, $safe = true) {
151:         if ($field == 'password') {
152:             return parent::setField($field, hash('sha256', md5($value) . $this->get('salt')), $safe);
153:         } else {
154:             return parent::setField($field, $value, $safe);
155:         }
156:     }
157: 
158:     /**
159:      * Sets the password to a raw value without md5 encoding.
160:      *
161:      * @param string $password Raw password
162:      * @return bool
163:      */
164:     public function setRawPassword($password) {
165:         return parent::setField('password', $password);
166:     }
167: 
168:     /**
169:      * Checks if the given password matches the password in the database
170:      *
171:      * @param string $password Password to check
172:      * @return bool True if the password is correct, false otherwise
173:      */
174:     public function checkPassword($password) {
175:         if ($this->isLoaded() === false) {
176:             return false;
177:         }
178: 
179:         $pass = $this->get('password');
180:         $salt = $this->get('salt');
181: 
182:         return (hash('sha256', md5($password) . $salt) == $pass);
183:     }
184: 
185:     /**
186:      * Saves modified user entry
187:      *
188:      * @return bool
189:      */
190:     public function store() {
191:         global $auth;
192: 
193:         $this->set('modified', date('Y-m-d H:i:s'), false);
194:         $this->set('modifiedby', $auth->auth['uid']);
195:         return parent::store();
196:     }
197: 
198:     /**
199:      * Returns list of all groups belonging to current user
200:      *
201:      * @return array List of frontend group ids
202:      */
203:     public function getGroupsForUser() {
204:         $feGroupMembers = new cApiFrontendGroupMemberCollection();
205:         $feGroupMembers->setWhere('idfrontenduser', $this->get('idfrontenduser'));
206:         $feGroupMembers->query();
207: 
208:         $groups = array();
209:         while (($feGroupMember = $feGroupMembers->next()) !== false) {
210:             $groups[] = $feGroupMember->get('idfrontendgroup');
211:         }
212:         return $groups;
213:     }
214: 
215: }
216: