-
Notifications
You must be signed in to change notification settings - Fork 168
/
ca_users.php
2798 lines (2582 loc) · 101 KB
/
ca_users.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<?php
/** ---------------------------------------------------------------------
* app/models/ca_users.php : table access class for table ca_users
* ----------------------------------------------------------------------
* CollectiveAccess
* Open-source collections management software
* ----------------------------------------------------------------------
*
* Software by Whirl-i-Gig (http://www.whirl-i-gig.com)
* Copyright 2008-2012 Whirl-i-Gig
*
* For more information visit http://www.CollectiveAccess.org
*
* This program is free software; you may redistribute it and/or modify it under
* the terms of the provided license as published by Whirl-i-Gig
*
* CollectiveAccess is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTIES whatsoever, including any implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*
* This source code is free and modifiable under the terms of
* GNU General Public License. (http://www.gnu.org/copyleft/gpl.html). See
* the "license.txt" file for details, or visit the CollectiveAccess web site at
* http://www.CollectiveAccess.org
*
* @package CollectiveAccess
* @subpackage models
* @license http://www.gnu.org/copyleft/gpl.html GNU Public License version 3
*
* ----------------------------------------------------------------------
*/
/**
*
*/
require_once(__CA_LIB_DIR__."/core/AccessRestrictions.php");
require_once(__CA_APP_DIR__.'/models/ca_user_roles.php');
include_once(__CA_APP_DIR__."/helpers/utilityHelpers.php");
require_once(__CA_APP_DIR__.'/models/ca_user_groups.php');
require_once(__CA_APP_DIR__.'/models/ca_locales.php');
BaseModel::$s_ca_models_definitions['ca_users'] = array(
'NAME_SINGULAR' => _t('user'),
'NAME_PLURAL' => _t('users'),
'FIELDS' => array(
'user_id' => array(
'FIELD_TYPE' => FT_NUMBER, 'DISPLAY_TYPE' => DT_HIDDEN,
'IDENTITY' => true, 'DISPLAY_WIDTH' => 10, 'DISPLAY_HEIGHT' => 1,
'IS_NULL' => false,
'DEFAULT' => '',
'LABEL' => _t('User id'), 'DESCRIPTION' => _t('Unique numeric identifier used by CollectiveAccess internally to identify this user')
),
'user_name' => array(
'FIELD_TYPE' => FT_TEXT, 'DISPLAY_TYPE' => DT_FIELD,
'DISPLAY_WIDTH' => 40, 'DISPLAY_HEIGHT' => 1,
'IS_NULL' => false,
'DEFAULT' => '',
'LABEL' => _t('User name'), 'DESCRIPTION' => _t('The login name for this user. This name is used in combination with the password set below to access the system.'),
'BOUNDS_LENGTH' => array(1,255)
),
'userclass' => array(
'FIELD_TYPE' => FT_NUMBER, 'DISPLAY_TYPE' => DT_SELECT,
'DISPLAY_WIDTH' => 40, 'DISPLAY_HEIGHT' => 1,
'IS_NULL' => false,
'DEFAULT' => 0,
'LABEL' => _t('User class'), 'DESCRIPTION' => _t('"Full" user accounts may log into all CollectiveAccess interfaces. "Public" user accounts may only log into the publicly accessible front-end system (if one exists). "Deleted" users may not log into any interface – the account is considered removed.'),
"BOUNDS_CHOICE_LIST"=> array(
_t('full-access') => 0,
_t('public-access only') => 1,
_t('deleted') => 255
)
),
'password' => array(
'FIELD_TYPE' => FT_PASSWORD, 'DISPLAY_TYPE' => DT_FIELD,
'DISPLAY_WIDTH' => 60, 'DISPLAY_HEIGHT' => 1,
'IS_NULL' => false,
'DEFAULT' => '',
'LABEL' => _t('Password'), 'DESCRIPTION' => _t('The login password for this user. Passwords must be at least 4 characters and should ideally contain a combination of letters and numbers. Passwords are case-sensitive.'),
'BOUNDS_LENGTH' => array(4,100)
),
'fname' => array(
'FIELD_TYPE' => FT_TEXT, 'DISPLAY_TYPE' => DT_FIELD,
'DISPLAY_WIDTH' => 60, 'DISPLAY_HEIGHT' => 1,
'IS_NULL' => false,
'DEFAULT' => '',
'LABEL' => _t('First name'), 'DESCRIPTION' => _t('The forename of this user.'),
'BOUNDS_LENGTH' => array(0,255)
),
'lname' => array(
'FIELD_TYPE' => FT_TEXT, 'DISPLAY_TYPE' => DT_FIELD,
'DISPLAY_WIDTH' => 60, 'DISPLAY_HEIGHT' => 1,
'IS_NULL' => false,
'DEFAULT' => '',
'LABEL' => _t('Last name'), 'DESCRIPTION' => _t('The surname of this user.'),
'BOUNDS_LENGTH' => array(1,255)
),
'email' => array(
'FIELD_TYPE' => FT_TEXT, 'DISPLAY_TYPE' => DT_FIELD,
'DISPLAY_WIDTH' => 60, 'DISPLAY_HEIGHT' => 1,
'IS_NULL' => false,
'DEFAULT' => '',
'LABEL' => _t('E-mail'), 'DESCRIPTION' => _t('The e-mail address of this user. The address will be used for all mail-based system notifications and alerts to this user.'),
'BOUNDS_LENGTH' => array(0,255)
),
'vars' => array(
'FIELD_TYPE' => FT_VARS, 'DISPLAY_TYPE' => DT_OMIT,
'DISPLAY_WIDTH' => 88, 'DISPLAY_HEIGHT' => 15,
'IS_NULL' => false,
'DEFAULT' => '',
'LABEL' => 'User variable storage', 'DESCRIPTION' => 'Storage area for user variables'
),
'volatile_vars' => array(
'FIELD_TYPE' => FT_VARS, 'DISPLAY_TYPE' => DT_OMIT,
'DISPLAY_WIDTH' => 88, 'DISPLAY_HEIGHT' => 15,
'IS_NULL' => false,
'DEFAULT' => '',
'LABEL' => 'Volatile user variable storage', 'DESCRIPTION' => 'Storage area for user variables of limited size that change often'
),
'active' => array(
'FIELD_TYPE' => FT_BIT, 'DISPLAY_TYPE' => DT_CHECKBOXES,
'DISPLAY_WIDTH' => 10, 'DISPLAY_HEIGHT' => 1,
'IS_NULL' => false,
'DEFAULT' => '',
'LABEL' => _t('Account is activated?'), "DESCRIPTION" => "If checked, indicates user account is active. Only active users are allowed to log into the system.",
'BOUNDS_VALUE' => array(0,1)
),
'confirmed_on' => array(
'FIELD_TYPE' => FT_DATETIME, 'DISPLAY_TYPE' => DT_OMIT,
'DISPLAY_WIDTH' => 10, 'DISPLAY_HEIGHT' => 1,
'IS_NULL' => true,
'DEFAULT' => '',
'LABEL' => _t('Confirmed on'), 'DESCRIPTION' => _t('Confirmed on')
),
'confirmation_key' => array(
'FIELD_TYPE' => FT_TEXT, 'DISPLAY_TYPE' => DT_OMIT,
'DISPLAY_WIDTH' => 32, 'DISPLAY_HEIGHT' => 1,
'IS_NULL' => true,
'DEFAULT' => '',
'LABEL' => _t('Confirmation key'), 'DESCRIPTION' => _t('Confirmation key used for email verification.'),
'BOUNDS_LENGTH' => array(0,32)
),
'entity_id' => array(
'FIELD_TYPE' => FT_NUMBER, 'DISPLAY_TYPE' => DT_FIELD,
'DISPLAY_WIDTH' => 40, 'DISPLAY_HEIGHT' => 1,
'IS_NULL' => true,
'DEFAULT' => '',
'LABEL' => _t('Entity'), 'DESCRIPTION' => _t('The entity this user login is associated with.')
)
)
);
class ca_users extends BaseModel {
# ---------------------------------
# --- Object attribute properties
# ---------------------------------
# Describe structure of content object's properties - eg. database fields and their
# associated types, what modes are supported, et al.
#
private $_user_pref_defs;
# ------------------------------------------------------
# --- Basic object parameters
# ------------------------------------------------------
# what table does this class represent?
protected $TABLE = 'ca_users';
# what is the primary key of the table?
protected $PRIMARY_KEY = 'user_id';
# ------------------------------------------------------
# --- Properties used by standard editing scripts
#
# These class properties allow generic scripts to properly display
# records from the table represented by this class
#
# ------------------------------------------------------
# Array of fields to display in a listing of records from this table
protected $LIST_FIELDS = array('user_name');
# When the list of "list fields" above contains more than one field,
# the LIST_DELIMITER text is displayed between fields as a delimiter.
# This is typically a comma or space, but can be any string you like
protected $LIST_DELIMITER = ' ';
# What you'd call a single record from this table (eg. a "person")
protected $NAME_SINGULAR;
# What you'd call more than one record from this table (eg. "people")
protected $NAME_PLURAL;
# List of fields to sort listing of records by; you can use
# SQL 'ASC' and 'DESC' here if you like.
protected $ORDER_BY = array('user_name');
# Maximum number of record to display per page in a listing
protected $MAX_RECORDS_PER_PAGE = 20;
# How do you want to page through records in a listing: by number pages ordered
# according to your setting above? Or alphabetically by the letters of the first
# LIST_FIELD?
protected $PAGE_SCHEME = 'alpha'; # alpha [alphabetical] or num [numbered pages; default]
# If you want to order records arbitrarily, add a numeric field to the table and place
# its name here. The generic list scripts can then use it to order table records.
protected $RANK = '';
# ------------------------------------------------------
# Hierarchical table properties
# ------------------------------------------------------
protected $HIERARCHY_TYPE = null;
protected $HIERARCHY_LEFT_INDEX_FLD = null;
protected $HIERARCHY_RIGHT_INDEX_FLD = null;
protected $HIERARCHY_PARENT_ID_FLD = null;
protected $HIERARCHY_DEFINITION_TABLE = null;
protected $HIERARCHY_ID_FLD = null;
protected $HIERARCHY_POLY_TABLE = null;
# ------------------------------------------------------
# Change logging
# ------------------------------------------------------
protected $UNIT_ID_FIELD = null;
protected $LOG_CHANGES_TO_SELF = false;
protected $LOG_CHANGES_USING_AS_SUBJECT = array(
"FOREIGN_KEYS" => array(
),
"RELATED_TABLES" => array(
)
);
/**
* Container for persistent user-specific variables
*/
private $opa_user_vars;
private $opa_user_vars_have_changed = false;
/**
* Container for volatile (often changing) persistent user-specific variables
* of limited size. This is meant for storage of values that change on every request. By
* segregating these values from less volatile (and often much larger) user var data we can
* avoid the cost of writing large blocks of data to the database on every request
*/
private $opa_volatile_user_vars;
private $opa_volatile_user_vars_have_changed = false;
# ------------------------------------------------------
# Search
# ------------------------------------------------------
protected $SEARCH_CLASSNAME = 'UserSearch';
protected $SEARCH_RESULT_CLASSNAME = 'UserSearchResult';
# ------------------------------------------------------
# $FIELDS contains information about each field in the table. The order in which the fields
# are listed here is the order in which they will be returned using getFields()
protected $FIELDS;
/**
* authentication configuration
*/
protected $opo_auth_config = null;
/**
* User and group role caches
*/
static $s_user_role_cache = array();
static $s_group_role_cache = array();
static $s_user_type_access_cache = array();
static $s_user_bundle_access_cache = array();
static $s_user_action_access_cache = array();
static $s_user_type_with_access_cache = array();
# ------------------------------------------------------
# --- Constructor
#
# This is a function called when a new instance of this object is created. This
# standard constructor supports three calling modes:
#
# 1. If called without parameters, simply creates a new, empty objects object
# 2. If called with a single, valid primary key value, creates a new objects object and loads
# the record identified by the primary key value
#
# ------------------------------------------------------
public function __construct($pn_id=null, $pb_use_cache=false) {
parent::__construct($pn_id, $pb_use_cache); # call superclass constructor
$this->opo_auth_config = Configuration::load($this->getAppConfig()->get("authentication_config"));
}
# ----------------------------------------
/**
* Loads user record.
*
* @access public
* @param integer $pm_user_id User id to load. If you pass a string instead of an integer, the record with a user name matching the string will be loaded.
* @return bool Returns true if no error, false if error occurred
*/
public function load($pm_user_id=null, $pb_use_cache=false) {
if (is_numeric($pm_user_id)) {
$vn_rc = parent::load($pm_user_id);
} else {
if (is_array($pm_user_id)) {
$vn_rc = parent::load($pm_user_id);
} else {
$vn_rc = parent::load(array("user_name" => $pm_user_id));
}
}
# load user vars (the get() method automatically unserializes the data)
$this->opa_user_vars = $this->get("vars");
$this->opa_volatile_user_vars = $this->get("volatile_vars");
if (!isset($this->opa_user_vars) || !is_array($this->opa_user_vars)) {
$this->opa_user_vars = array();
}
if (!isset($this->opa_volatile_user_vars) || !is_array($this->opa_volatile_user_vars)) {
$this->opa_volatile_user_vars = array();
}
return $vn_rc;
}
# ----------------------------------------
/**
* Creates new user record. You must set all required user fields before calling this method. If errors occur you can use the standard Table class error handling methods to figure out what went wrong.
*
* Required fields are user_name, password, fname and lname.
*
* @access public
* @return bool Returns true if no error, false if error occurred
*/
public function insert($pa_options=null) {
# Confirmation key is an md5 hash than can be used as a confirmation token. The idea
# is that you create a new user record with the 'active' field set to false. You then
# send the confirmation key to the new user (usually via e-mail) and ask them to respond
# with the key. If they do, you know that the e-mail address is valid.
$vs_confirmation_key = md5(tempnam(caGetTempDirPath(),"meow").time().rand(1000, 999999999));
$this->set("confirmation_key", $vs_confirmation_key);
# set user vars (the set() method automatically serializes the vars array)
$this->set("vars",$this->opa_user_vars);
$this->set("volatile_vars",$this->opa_volatile_user_vars);
return parent::insert($pa_options);
}
# ----------------------------------------
/**
* Saves changes to user record. You must make sure all required user fields are set before calling this method. If errors occur you can use the standard Table class error handling methods to figure out what went wrong.
*
* Required fields are user_name, password, fname and lname.
*
* If you do not call this method at the end of your request changed user vars will not be saved! If you are also using the Auth class, the Auth->close() method will call this for you.
*
* @access public
* @return bool Returns true if no error, false if error occurred
*/
public function update($pa_options=null) {
$this->clearErrors();
# set user vars (the set() method automatically serializes the vars array)
if ($this->opa_user_vars_have_changed) {
$this->set("vars",$this->opa_user_vars);
}
if ($this->opa_volatile_user_vars_have_changed) {
$this->set("volatile_vars",$this->opa_volatile_user_vars);
}
unset(ca_users::$s_user_role_cache[$this->getPrimaryKey()]);
unset(ca_users::$s_group_role_cache[$this->getPrimaryKey()]);
return parent::update();
}
# ----------------------------------------
/**
* Deletes user. Unlike standard model rows, ca_users rows should never actually be deleted because they need to exist for logging purposes.
* So this version of delete() marks the row as deleted by setting ca_users.userclass = 255 and *not* invoking to BaseModel::delete()
* @access public
* @return bool Returns true if no error, false if error occurred
*/
public function delete() {
$this->clearErrors();
$this->set('userclass', 255);
return $this->update();
}
# ----------------------------------------
# --- Authentication
# ----------------------------------------
/**
* Returns true if the provided clear-text password ($ps_password) is valid for the currently loaded record.
*
* Note: If "user_old_style_passwords" configuration directive is set to a non-blank, non-zero
* value in the application configuration file, passwords are encrypted using the PHP crypt() function. Otherwise
* the md5 hash of the clear-text password is used.
*
* @access public
* @param string $ps_password Clear-text password
* @return bool Returns true if password is valid, false if not
*/
# Returns true if password (clear text) is correct for the current user
public function verify($ps_password) {
return (md5($ps_password) == $this->get("password")) ? true : false;
}
# ----------------------------------------
# --- User variables
# ----------------------------------------
/**
* Sets user variable. User variables are names ("keys") with associated values (strings, numbers or arrays).
* Once a user variable is set its value persists across instantiations until deleted or changed.
*
* Changes to user variables are saved when the insert() (for new user records) or update() (for existing user records)
* method is called. If you do not call either of these any changes will be lost when the request completes.
*
* @access public
* @param string $ps_key Name of user variable
* @param mixed $pm_val Value of user variable. Can be string, number or array.
* @param array $pa_options Associative array of options. Supported options are:
* - ENTITY_ENCODE_INPUT = Convert all "special" HTML characters in variable value to entities; default is true
* - URL_ENCODE_INPUT = Url encodes variable value; default is false
* - volatile = Places value in "volatile" variable storage, which is usually faster. Only store small values, not large blocks of text or binary data, that are expected to frequently as volatile.
* @return bool Returns true on successful save, false if the variable name or value was invalid
*/
public function setVar ($ps_key, $pm_val, $pa_options=null) {
if (is_object($pm_val)) { return false; }
if (!is_array($pa_options)) { $pa_options = array(); }
$this->clearErrors();
if ($ps_key) {
if (isset($pa_options['volatile']) && $pa_options['volatile']) {
$va_vars =& $this->opa_volatile_user_vars;
$vb_has_changed =& $this->opa_volatile_user_vars_have_changed;
unset($this->opa_user_vars[$ps_key]);
} else {
$va_vars =& $this->opa_user_vars;
$vb_has_changed =& $this->opa_user_vars_have_changed;
unset($this->opa_volatile_user_vars_have_changed[$ps_key]);
}
if (isset($pa_options["ENTITY_ENCODE_INPUT"]) && $pa_options["ENTITY_ENCODE_INPUT"]) {
if (is_string($pm_val)) {
$vs_proc_val = htmlentities(html_entity_decode($pm_val));
} else {
$vs_proc_val = $pm_val;
}
} else {
if (isset($pa_options["URL_ENCODE_INPUT"]) && $pa_options["URL_ENCODE_INPUT"]) {
$vs_proc_val = urlencode($pm_val);
} else {
$vs_proc_val = $pm_val;
}
}
if (
(
(is_array($vs_proc_val) && !is_array($va_vars[$ps_key]))
||
(!is_array($vs_proc_val) && is_array($va_vars[$ps_key]))
||
(is_array($vs_proc_val) && (is_array($va_vars[$ps_key])) && (sizeof($vs_proc_val) != sizeof($va_vars[$ps_key])))
||
(md5(print_r($vs_proc_val, true)) != md5(print_r($va_vars[$ps_key], true)))
)
) {
$vb_has_changed = true;
$va_vars[$ps_key] = $vs_proc_val;
} else {
if ((string)$vs_proc_val != (string)$va_vars[$ps_key]) {
$vb_has_changed = true;
$va_vars[$ps_key] = $vs_proc_val;
}
}
return true;
}
return false;
}
# ----------------------------------------
/**
* Deletes user variable. Once deleted, you must call insert() (for new user records) or update() (for existing user records)
* to make the deletion permanent.
*
* @access public
* @param string $ps_key Name of user variable
* @return bool Returns true if variable was defined, false if it didn't exist
*/
public function deleteVar ($ps_key) {
$this->clearErrors();
if (isset($this->opa_user_vars[$ps_key])) {
unset($this->opa_user_vars[$ps_key]);
$this->opa_user_vars_have_changed = true;
return true;
} else {
if (isset($this->opa_volatile_user_vars[$ps_key])) {
unset($this->opa_volatile_user_vars[$ps_key]);
$this->opa_volatile_user_vars_have_changed = true;
return true;
} else {
return false;
}
}
}
# ----------------------------------------
/**
* Returns value of user variable. Returns null if variable does not exist.
*
* @access public
* @param string $ps_key Name of user variable
* @return mixed Value of variable (string, number or array); null is variable is not defined.
*/
public function getVar ($ps_key) {
$this->clearErrors();
if (isset($this->opa_user_vars[$ps_key])) {
return (is_array($this->opa_user_vars[$ps_key])) ? $this->opa_user_vars[$ps_key] : stripSlashes($this->opa_user_vars[$ps_key]);
} else {
if (isset($this->opa_volatile_user_vars[$ps_key])) {
return (is_array($this->opa_volatile_user_vars[$ps_key])) ? $this->opa_volatile_user_vars[$ps_key] : stripSlashes($this->opa_volatile_user_vars[$ps_key]);
}
}
return null;
}
# ----------------------------------------
/**
* Returns list of user variable names
*
* @access public
* @return array Array of uservar names, or empty array if none are defined
*/
public function getVarKeys() {
$va_keys = array();
if (isset($this->opa_user_vars) && is_array($this->opa_user_vars)) {
$va_keys = array_keys($this->opa_user_vars);
}
if (isset($this->opa_volatile_user_vars) && is_array($this->opa_volatile_user_vars)) {
$va_keys = array_merge($va_keys, array_keys($this->opa_volatile_user_vars));
}
return $va_keys;
}
# ----------------------------------------
/**
* Returns list of users
*
* @param array $pa_options Optional array of options. Options include:
* sort
* sort_direction
* userclass
* @return array List of users. Array is keyed on user_id and value is array with all ca_users fields + the last_login time as a unix timestamp
*
*/
public function getUserList($pa_options=null) {
$ps_sort_field= isset($pa_options['sort']) ? $pa_options['sort'] : '';
$ps_sort_direction= isset($pa_options['sort_direction']) ? $pa_options['sort_direction'] : 'asc';
$pa_userclass= isset($pa_options['userclass']) ? $pa_options['userclass'] : array();
if(!is_array($pa_userclass)) { $pa_userclass = array($pa_userclass); }
$o_db = $this->getDb();
$va_valid_sorts = array('lname,fname', 'user_name', 'email', 'last_login', 'active');
if (!in_array($ps_sort_field, $va_valid_sorts)) {
$ps_sort_field = 'lname,fname';
}
if($ps_sort_direction != 'desc') {
$ps_sort_direction = 'asc';
}
$va_query_params = array();
$vs_user_class_sql = '';
if (is_array($pa_userclass) && sizeof($pa_userclass)) {
$vs_user_class_sql = " WHERE userclass IN (?)";
$va_query_params[] = $pa_userclass;
}
if ($ps_sort_field == 'last_login') {
$vs_sort = '';
} else {
$vs_sort = "ORDER BY {$ps_sort_field} {$ps_sort_direction}";
}
$qr_users = $o_db->query("
SELECT *
FROM ca_users
{$vs_user_class_sql}
{$vs_sort}
", $va_query_params);
$va_users = array();
while($qr_users->nextRow()) {
if (!is_array($va_vars = $qr_users->getVars('vars'))) { $va_vars = array(); }
if (is_array($va_volatile_vars = $qr_users->getVars('volatile_vars'))) {
$va_vars = array_merge($va_vars, $va_volatile_vars);
}
$va_users[$qr_users->get('user_id')] = array_merge($qr_users->getRow(), array('last_login' => $va_vars['last_login']));
}
return $va_users;
}
# ----------------------------------------
/**
* Returns HTML multiple <select> with list of "full" users
*
* @param array $pa_options (optional) array of options. Keys are:
* size = height of multiple select, in rows; default is 8
* name = HTML form element name to apply to role <select>; default is 'groups'
* id = DOM id to apply to role <select>; default is no id
* label = String to label form element with
* selected = User_id values to select
* @return string Returns HTML containing form element and form label
*/
public function userListAsHTMLFormElement($pa_options=null) {
$vn_size = (isset($pa_options['size']) && ($pa_options['size'] > 0)) ? $pa_options['size'] : 8;
$vs_name = (isset($pa_options['name'])) ? $pa_options['name'] : 'users';
$vs_id = (isset($pa_options['id'])) ? $pa_options['id'] : '';
$vs_label = (isset($pa_options['label'])) ? $pa_options['label'] : _t('Users');
$va_selected = (isset($pa_options['selected']) && is_array($pa_options['selected'])) ? $pa_options['selected'] : array();
$va_users = $this->getUserList($pa_options);
$vs_buf = '';
if (sizeof($va_users)) {
$vs_buf .= "<select multiple='1' name='{$vs_name}[]' size='{$vn_size}' id='{$vs_id}'>\n";
foreach($va_users as $vn_user_id => $va_user_info) {
$SELECTED = (in_array($vn_user_id, $va_selected)) ? "SELECTED='1'" : "";
$vs_buf .= "<option value='{$vn_user_id}' {$SELECTED}>".$va_user_info['fname'].' '.$va_user_info['lname'].($va_user_info['email'] ? " (".$va_user_info['email'].")" : "")."</option>\n";
}
$vs_buf .= "</select>\n";
}
if ($vs_buf && ($vs_format = $this->_CONFIG->get('form_element_display_format'))) {
$vs_format = str_replace("^ELEMENT", $vs_buf, $vs_format);
$vs_format = str_replace("^LABEL", $vs_label, $vs_format);
$vs_format = str_replace("^ERRORS", '', $vs_format);
$vs_buf = str_replace("^EXTRA", '', $vs_format);
}
return $vs_buf;
}
# ----------------------------------------
# --- Roles
# ----------------------------------------
/**
* Add roles to current user.
*
* @access public
* @param mixed $pm_roles Single role or list (array) of roles to add. Roles may be specified by name, code or id.
* @return integer Returns number of roles added or false if there was an error. The number of roles added will not necessarily match the number of roles you tried to add. If you try to add the same role twice, or to add a role that already exists for this user, addRoles() will silently ignore it.
*/
public function addRoles($pm_roles) {
if (!is_array($pm_roles)) {
$pm_roles = array($pm_roles);
}
if ($pn_user_id = $this->getPrimaryKey()) {
$t_role = new ca_user_roles();
$vn_roles_added = 0;
foreach ($pm_roles as $vs_role) {
$vb_got_role = 0;
if (is_numeric($vs_role)) {
$vb_got_role = $t_role->load($vs_role);
}
if (!$vb_got_role) {
if (!$t_role->load(array("name" => $vs_role))) {
if (!$t_role->load(array("code" => $vs_role))) {
continue;
}
}
$vb_got_role = 1;
}
$o_db = $this->getDb();
$o_db->query("
INSERT INTO ca_users_x_roles
(user_id, role_id)
VALUES
(?, ?)
", (int)$pn_user_id, (int)$t_role->getPrimaryKey());
if ($o_db->numErrors() == 0) {
$vn_roles_added++;
} else {
$this->postError(930, _t("Database error adding role '%1': %2", $vs_role, join(';', $o_db->getErrors())),"User->addRoles()");
}
}
return $vn_roles_added;
} else {
return false;
}
}
# ----------------------------------------
/**
* Remove roles from current user.
*
* @access public
* @param mixed $pm_roles Single role or list (array) of roles to remove. Roles may be specified by name, code or id.
* @return bool Returns true on success, false on error.
*/
public function removeRoles($pm_roles) {
if (!is_array($pm_roles)) {
$pm_roles = array($pm_roles);
}
if ($pn_user_id = $this->getPrimaryKey()) {
$t_role = new ca_user_roles();
$vn_roles_added = 0;
$va_role_ids = array();
foreach ($pm_roles as $vs_role) {
$vb_got_role = 0;
if (is_numeric($vs_role)) {
$vb_got_role = $t_role->load($vs_role);
}
if (!$vb_got_role) {
if (!$t_role->load(array("name" => $vs_role))) {
if (!$t_role->load(array("code" => $vs_role))) {
continue;
}
}
$vb_got_role = 1;
}
if ($vb_got_role) {
$va_role_ids[] = intval($t_role->getPrimaryKey());
}
}
if (sizeof($va_role_ids) > 0) {
$o_db = $this->getDb();
$o_db->query("
DELETE FROM ca_users_x_roles
WHERE
(user_id = ?) AND (role_id IN (".join(", ", $va_role_ids)."))
", (int)$pn_user_id);
if ($o_db->numErrors()) {
$this->postError(931, _t("Database error: %1", join(';', $o_db->getErrors())),"User->removeRoles()");
return false;
} else {
return true;
}
} else {
$this->postError(931, _t("No roles specified"),"User->removeRoles()");
return false;
}
} else {
return false;
}
}
# ----------------------------------------
/**
* Removes all roles from current user.
*
* @access public
* @return bool Returns true on success, false on error.
*/
public function removeAllRoles() {
if ($vn_user_id = $this->getPrimaryKey()) {
$o_db = $this->getDb();
$o_db->query("DELETE FROM ca_users_x_roles WHERE user_id = ?", (int)$vn_user_id);
if ($o_db->numErrors()) {
$this->postError(931, _t("Database error: %1", join(';', $o_db->getErrors())),"User->removeAllRoles()");
return false;
} else {
return true;
}
} else {
return false;
}
}
# ----------------------------------------
/**
* Get list of all roles supported by the application. If you want to get the current user's roles, use getUserRoles()
*
* @access public
* @return integer Returns associative array of roles. Key is role id, value is array containing information about the role.
*
* The role information array contains the following keys:
* role_id (numeric id you can use in addRoles(), deleteRoles(), hasRole(), etc.)
* name (the full name of the role)
* code (a short code used for the role)
* description (narrative description of role)
*/
public function getRoleList() {
$t_role = new ca_user_roles();
return $t_role->getRoleList();
}
# ----------------------------------------
/**
* Get list of roles the current user has
*
* @access public
* @return array Returns associative array of roles. Key is role id, value is array containing information about the role.
*
* The role information array contains the following keys:
* role_id (numeric id you can use in addRoles(), deleteRoles(), hasRole(), etc.)
* name (the full name of the role)
* code (a short code used for the role)
* description (narrative description of role)
*/
public function getUserRoles() {
if ($pn_user_id = $this->getPrimaryKey()) {
if (isset(ca_users::$s_user_role_cache[$pn_user_id])) {
return ca_users::$s_user_role_cache[$pn_user_id];
} else {
$o_db = $this->getDb();
$qr_res = $o_db->query("
SELECT wur.role_id, wur.name, wur.code, wur.description, wur.rank, wur.vars
FROM ca_user_roles wur
INNER JOIN ca_users_x_roles AS wuxr ON wuxr.role_id = wur.role_id
WHERE wuxr.user_id = ?
ORDER BY wur.rank
", (int)$pn_user_id);
$va_roles = array();
while($qr_res->nextRow()) {
$va_roles[$qr_res->get("role_id")] = $qr_res->getRow();
}
return ca_users::$s_user_role_cache[$pn_user_id] = $va_roles;
}
} else {
return array();
}
}
# ----------------------------------------
/**
* Determines whether current user has a specified role.
*
* @access public
* @param mixed $pm_role The role to test for the current user. Role may be specified by name, code or id.
* @return bool Returns true if user has the role, false if not.
*/
public function hasUserRole($ps_role) {
if (!($pn_user_id = $this->getPrimaryKey())) {
return false;
}
$vb_got_role = 0;
$t_role = new ca_user_roles();
if (is_numeric($ps_role)) {
$vb_got_role = $t_role->load($ps_role);
}
if (!$vb_got_role) {
if (!$t_role->load(array("name" => $ps_role))) {
if (!$t_role->load(array("code" => $ps_role))) {
return false;
}
}
$vb_got_role = 1;
}
if ($vb_got_role) {
$o_db = $this->getDb();
$qr_res = $o_db->query("
SELECT *
FROM ca_users_x_roles
WHERE
(user_id = ?) AND
(role_id = ?)
", (int)$pn_user_id, (int)$t_role->getPrimaryKey());
if (!$qr_res) { return false; }
if ($qr_res->nextRow()) {
return true;
} else {
return false;
}
} else {
$this->postError(940, _t("Invalid role '%1'", $ps_role),"User->hasRole()");
return false;
}
}
# ----------------------------------------
/**
* Determines whether current user has a specified role attached to their user record or
* to an associated group.
*
* @access public
* @param mixed $pm_role The role to test for the current user. Role may be specified by name, code or id.
* @return bool Returns true if user has the role, false if not.
*/
public function hasRole($ps_role) {
if ($this->hasUserRole($ps_role)) {
return true;
} else {
if ($this->hasGroupRole($ps_role)) {
return true;
}
}
return false;
}
# ----------------------------------------
/**
* Returns HTML multiple <select> with full list of roles for currently loaded user
*
* @param array $pa_options (optional) array of options. Keys are:
* size = height of multiple select, in rows; default is 8
* name = HTML form element name to apply to role <select>; default is 'roles'
* id = DOM id to apply to role <select>; default is no id
* label = String to label form element with
* @return string Returns HTML containing form element and form label
*/
public function roleListAsHTMLFormElement($pa_options=null) {
$vn_size = (isset($pa_options['size']) && ($pa_options['size'] > 0)) ? $pa_options['size'] : 8;
$vs_name = (isset($pa_options['name'])) ? $pa_options['name'] : 'roles';
$vs_id = (isset($pa_options['id'])) ? $pa_options['id'] : '';
$vs_label = (isset($pa_options['label'])) ? $pa_options['label'] : _t('Roles');
$va_roles = $this->getRoleList();
$vs_buf = '';
if (sizeof($va_roles)) {
if(!$va_user_roles = $this->getUserRoles()) { $va_user_roles = array(); }
$vs_buf .= "<select multiple='1' name='{$vs_name}[]' size='{$vn_size}' id='{$vs_id}'>\n";
foreach($va_roles as $vn_role_id => $va_role_info) {
$SELECTED = (isset($va_user_roles[$vn_role_id]) && $va_user_roles[$vn_role_id]) ? "SELECTED='1'" : "";
$vs_buf .= "<option value='{$vn_role_id}' {$SELECTED}>".$va_role_info['name']." [".$va_role_info["code"]."]</option>\n";
}
$vs_buf .= "</select>\n";
}
if ($vs_buf && ($vs_format = $this->_CONFIG->get('form_element_display_format'))) {
$vs_format = str_replace("^ELEMENT", $vs_buf, $vs_format);
$vs_format = str_replace("^LABEL", $vs_label, $vs_format);
$vs_format = str_replace("^ERRORS", '', $vs_format);
$vs_buf = str_replace("^EXTRA", '', $vs_format);
}
return $vs_buf;
}
# ----------------------------------------
# --- Groups
# ----------------------------------------
/**
* Add current user to one or more groups.
*
* @access public
* @param mixed $pm_groups Single group or list (array) of group to add user to. Groups may be specified by name, short name or numeric id.
* @return integer Returns number of groups user was added to or false if there was an error. The number of groups user was added to will not necessarily match the number of groups you passed in $pm_groups. If you try to add the user to the same group twice, or to a group that the user is already a member of, addToGroups() will silently ignore it.
*/
public function addToGroups($pm_groups) {
if (!is_array($pm_groups)) {
$pm_groups = array($pm_groups);
}
if ($pn_user_id = $this->getPrimaryKey()) {
$t_group = new ca_user_groups();
$vn_groups_added = 0;
foreach ($pm_groups as $vs_group) {
$vb_got_group = 0;
if (is_numeric($vs_group)) {
$vb_got_group = $t_group->load($vs_group);
}
if (!$vb_got_group) {
if (!$t_group->load(array("name" => $vs_group))) {
if (!$t_group->load(array("code" => $vs_group))) {
continue;
}
}
$vb_got_group = 1;
}
$o_db = $this->getDb();
$o_db->query("
INSERT INTO ca_users_x_groups
(user_id, group_id)
VALUES
(?, ?)
", (int)$pn_user_id, (int)$t_group->getPrimaryKey());
if ($o_db->numErrors() == 0) {
$vn_groups_added++;
} else {
$this->postError(935, _t("Database error: %1", join(';', $o_db->getErrors())),"User->addToGroups()");
}
}
return $vn_groups_added;
} else {
return false;
}
}
# ----------------------------------------
/**
* Remove current user from one or more groups.
*
* @access public
* @param mixed $pm_groups Single group or list (array) of groups to remove current user from. Groups may be specified by name, short name or id.
* @return bool Returns true on success, false on error.
*/
public function removeFromGroups($pm_groups) {
if (!is_array($pm_groups)) {