sgbd(); $env = $this->env(); $users = array("list" => array(), "total" => 0); try{ $SELECT = "SELECT #--users.*"; $FROM = " FROM #--users"; $WHERE = ""; $WHERE .= (isset($alpha) ? ($WHERE ? " AND" : " WHERE")." LEFT(login, 1)=".$this->eq($alpha) : ""); if(isset($id_role)){ $SELECT .= ", #--users_roles.id_role"; $FROM .= " LEFT JOIN #--users_roles ON (" ." #--users_roles.id_user=#--users.id" ." AND #--users_roles.id_role=".$this->eq($id_role) .")"; $WHERE .= ($WHERE ? " AND" : " WHERE")." mw_users_roles.id_role IS NOT NULL"; } $LIMIT = ($env->config("max_list") ? " LIMIT ".$env->config("max_list")." OFFSET ".$start : ""); $sql = "SELECT count(*) as n FROM(".$SELECT.$FROM.$WHERE.") res"; $rst = $sgbd->query($sql); if($v_rst = $sgbd->fetch_assoc($rst)) $users["total"] = $v_rst["n"]; $sgbd->free_result($rst); if($users["total"] > 0){ $sql = "SELECT * FROM(".$SELECT.$FROM.$WHERE.$LIMIT.") res"; $rst = $sgbd->query($sql); while($v_rst = $sgbd->fetch_assoc($rst)) $users["list"][$v_rst["id"]] = $v_rst; $sgbd->free_result($rst); foreach($users["list"] as $id_user => $user){ if(($roles = $this->list_user_roles($id_user)) !== false){ $users["list"][$id_user]["roles"] = $roles; } else{ $users = false; break; } } } } catch(Exception $e) { $users = false; } return $users; } function list_user_roles($id_user){ $sgbd = $this->sgbd(); $roles = array(); try{ $rst = $sgbd->query("SELECT id_role FROM #--users_roles WHERE id_user=".$this->eq($id_user)); while($v_rst = $sgbd->fetch_assoc($rst)) $roles[] = $v_rst["id_role"]; $sgbd->free_result($rst); } catch(Exception $e) { $roles = false; } return $roles; } function user_by_id($id){ $sgbd = $this->sgbd(); $user = array(); try{ $sql = "SELECT * from #--users WHERE id=".$this->eq($id); $rst = $sgbd->query($sql); if($v_rst = $sgbd->fetch_assoc($rst)) $user = $v_rst; $sgbd->free_result($rst); if(($roles = $this->list_user_roles($user["id"])) !== false) $user["roles"] = $roles; else $user = false; } catch(Exception $e) { $user = false; } return $user; } function user($login){ $sgbd = $this->sgbd(); $user = array(); try{ $sql = "SELECT * from #--users WHERE login=".$this->eq($login); $rst = $sgbd->query($sql); if($v_rst = $sgbd->fetch_assoc($rst)) $user = $v_rst; $sgbd->free_result($rst); if($user){ if(($roles = $this->list_user_roles($user["id"])) !== false) $user["roles"] = $roles; else $user = false; } } catch(Exception $e) { $user = false; } return $user; } function user_exists($login){ $sgbd = $this->sgbd(); $EXISTS = 0; try{ $sql = "SELECT count(*) as n from #--users WHERE login=".$this->eq($login); $rst = $sgbd->query($sql); if($v_rst = $sgbd->fetch_assoc($rst)) $EXISTS = $v_rst["n"]; $sgbd->free_result($rst); } catch(Exception $e) { $EXISTS = false; } return $EXISTS; } function add_user($login, $password, $email, $roles){ $sgbd = $this->sgbd(); $user_id = false; try{ $sql = "INSERT INTO #--users(login, password, email) VALUES" ."( ".$this->eq($login) .", ".$this->eq($password) .", ".$this->eq($email) .")"; $sgbd->query($sql); $user_id = $sgbd->insert_id(); foreach($roles as $id_role){ $sql = "INSERT INTO #--users_roles(id_user, id_role) VALUES" ."( ".$user_id .", ".$this->eq($id_role) .")"; $sgbd->query($sql); } } catch(Exception $e) { $user_id = false; } return $user_id; } function set_user($id, $login, $password, $email, $roles){ $sgbd = $this->sgbd(); try{ $sql = "UPDATE #--users SET" ." login=".$this->eq($login) .", password=".$this->eq($password) .", email=".$this->eq($email) ." WHERE id=".$this->eq($id); $sgbd->query($sql); $sql = "DELETE FROM #--users_roles WHERE id_user=".$this->eq($id); $sgbd->query($sql); foreach($roles as $id_role){ $sql = "INSERT INTO #--users_roles(id_user, id_role) VALUES" ."( ".$this->eq($id) .", ".$this->eq($id_role) .")"; $sgbd->query($sql); } } catch(Exception $e) { return false; } return true; } function del_user($login){ if(($user = $this->user($login)) !== false){ $sgbd = $this->sgbd(); try{ $sql = "DELETE FROM #--users_roles WHERE id_user=".$user["id"]; $sgbd->query($sql); $sql = "DELETE FROM #--users WHERE login=".$this->eq($login)." AND id=".$user["id"]; $sgbd->query($sql); } catch(Exception $e) { return false; } } else return false; return true; } # ---------------------------------------------------------------------------------------- # roles # function init_roles(){ $sgbd = $this->sgbd(); $this->roles = array(); try{ $sql = "SELECT * FROM #--roles"; $rst = $sgbd->query($sql); while($v_rst = $sgbd->fetch_assoc($rst)) $this->roles[$v_rst["id"]] = $v_rst; $sgbd->free_result($rst); } catch(Exception $e) { $this->roles = false; } return $this->roles; } function roles(){ if(!isset($this->roles)) return false; return $this->roles; } function add_role($nom, $intitule){ $sgbd = $this->sgbd(); try{ $sql = "INSERT INTO #--roles(nom, intitule) VALUES(" ." ".$this->eq($nom) .", ".$this->eq($intitule) .")"; $rst = $sgbd->query($sql); $id_role = $sgbd->insert_id(); } catch(Exception $e) { $id_role = false; } return $id_role; } function get_role($id){ if($id === "0") return array( "id" => 0, "nom" => "", "intitule" => "" ); $sgbd = $this->sgbd(); $role = array(); try{ $sql = "SELECT * FROM #--roles WHERE id=".$this->eq($id); $rst = $sgbd->query($sql); if($v_rst = $sgbd->fetch_assoc($rst)) $role = $v_rst; $sgbd->free_result($rst); } catch(Exception $e) { $role = false; } return $role; } function set_role($id, $nom, $intitule){ $sgbd = $this->sgbd(); try{ $sql = "UPDATE #--roles SET" ." nom=".$this->eq($nom) .", intitule=".$this->eq($intitule) ." WHERE id=".$this->eq($id); $rst = $sgbd->query($sql); } catch(Exception $e) { return false; } return true; } function clear_role_actions($id_role){ $sgbd = $this->sgbd(); try{ $sql = "DELETE FROM #--actions_roles WHERE id_role=".$this->eq($id_role); $sgbd->query($sql); } catch(Exception $e) { return false; } return true; } function clear_role_users($id_role){ $sgbd = $this->sgbd(); try{ $sql = "DELETE FROM #--users_roles WHERE id_role=".$this->eq($id_role); $sgbd->query($sql); } catch(Exception $e) { return false; } return true; } function add_role_action($id_role, $action){ $sgbd = $this->sgbd(); try{ $sql = "INSERT INTO #--actions_roles(action, id_role) VALUES(".$this->eq($action).", ".$this->eq($id_role).")"; $sgbd->query($sql); $id_action_role = $sgbd->insert_id(); } catch(Exception $e) { $id_action_role = false; } return $id_action_role; } function del_role($id_role){ $sgbd = $this->sgbd(); try{ $sql = "DELETE FROM #--roles WHERE id=".$this->eq($id_role); $sgbd->query($sql); } catch(Exception $e) { return false; } return true; } function get_user_roles(){ $user_roles = array(); $user = $this->get_session_user(); if($user && isset($user["id"])){ $sgbd = $this->sgbd(); try{ $sql = "SELECT id_role FROM #--users_roles WHERE id_user=".$this->eq($user["id"]); $rst = $sgbd->query($sql); while($v_rst = $sgbd->fetch_assoc($rst)) $user_roles[] = $v_rst["id_role"]; $sgbd->free_result($rst); } catch(Exception $_e){ return false; } } else $user_roles[] = 0; if(!$user_roles) $user_roles[] = 0; return $user_roles; } function init_actions_roles(){ if(!isset($this->roles)) return false; $this->actions_roles = $this->read_actions_roles(); return $this->actions_roles; } function read_actions_roles($params = array()){ $group_by_action = isset($params["group_by_action"]) ? $params["group_by_action"] : false; $sgbd = $this->sgbd(); $actions_roles = array(); try{ $sql = "SELECT * FROM #--actions_roles"; $rst = $sgbd->query($sql); while($v_rst = $sgbd->fetch_assoc($rst)){ if($group_by_action){ if(!isset($actions_roles[$v_rst["action"]])) $actions_roles[$v_rst["action"]] = array(); $actions_roles[$v_rst["action"]][] = $v_rst["id_role"]; } else $actions_roles[$v_rst["id"]] = $v_rst; } $sgbd->free_result($rst); } catch(Exception $e) { $actions_roles = false; } return $actions_roles; } function get_action_roles($mod, $controller = "index", $action = "index"){ $sgbd = $this->sgbd(); $roles = array(); try{ $sql = "SELECT action, id_role" ." FROM #--actions_roles" ." WHERE action=".$this->eq($mod) ." OR action=".$this->eq($mod."/".$controller) ." OR action=".$this->eq($mod."/".$controller."/".$action); $rst = $sgbd->query($sql); while($v_rst = $sgbd->fetch_assoc($rst)){ if(!isset($roles[$v_rst["action"]])) $roles[$v_rst["action"]] = array(); $roles[$v_rst["action"]][$v_rst["id_role"]] = true; } $sgbd->free_result($rst); } catch(Exception $e) { $roles = false; } return $roles; } function get_actions($id_role = null){ $env = $this->env(); if($actions = $env->get_actions()){ if(($actions_roles = $this->read_actions_roles(array("group_by_action" => true))) !== false){ foreach($actions as $module_name => $module){ if(isset($id_role)) $actions[$module_name]["module_allowed"] = isset($actions_roles[$module_name]) && in_array($id_role, $actions_roles[$module_name]); $actions[$module_name]["is_public"] = isset($actions_roles[$module_name]) && in_array(0, $actions_roles[$module_name]); foreach($module["controleurs"] as $controleur_name => $controleur){ if(isset($id_role)) $actions[$module_name]["controleurs"][$controleur_name]["controleur_allowed"] = isset($actions_roles[$module_name."/".$controleur_name]) && in_array($id_role, $actions_roles[$module_name."/".$controleur_name]); $actions[$module_name]["controleurs"][$controleur_name]["is_public"] = isset($actions_roles[$module_name."/".$controleur_name]) && in_array(0, $actions_roles[$module_name."/".$controleur_name]); foreach($controleur["als"] as $index_als => $al){ if($al["actions"]){ if(isset($id_role)){ $HAS_ACTION_NOT_ALLOWED = false; foreach($al["actions"] as $action_name){ if( !isset($actions_roles[$module_name."/".$controleur_name."/".$action_name]) || !in_array($id_role, $actions_roles[$module_name."/".$controleur_name."/".$action_name]) ){ $HAS_ACTION_NOT_ALLOWED = true; break; } } if(!$HAS_ACTION_NOT_ALLOWED){ $actions[$module_name]["controleurs"][$controleur_name]["als"][$index_als]["action_allowed"] = true; } } $HAS_ACTION_NOT_ALLOWED = false; foreach($al["actions"] as $action_name){ if( !isset($actions_roles[$module_name."/".$controleur_name."/".$action_name]) || !in_array(0, $actions_roles[$module_name."/".$controleur_name."/".$action_name]) ){ $HAS_ACTION_NOT_ALLOWED = true; break; } } if(!$HAS_ACTION_NOT_ALLOWED){ $actions[$module_name]["controleurs"][$controleur_name]["als"][$index_als]["is_public"] = true; } } } } } return $actions; } } return array(); } # ---------------------------------------------------------------------------------------- # log in / out # function login($login, $password){ if(($user = $this->user($login)) !== false){ if($this->password_ok($user, $password)){ if(!$this->set_session($user)) $user = false; } else{ $this->clear_session(); $user = array(); } } return $user; } function logout(){ return $this->clear_session(); } function user_ok($user){ return strcmp(md5($user["password"].$_SESSION["id"]), $_SESSION["pass"]) == 0 && $_SESSION["ip"] == $_SERVER["REMOTE_ADDR"]; } function password_ok($user, $password){ if(!$user) return false; return strcmp(md5($user["password"].$_SESSION["id"]), $password) == 0 && $_SESSION["ip"] == $_SERVER["REMOTE_ADDR"]; } # ---------------------------------------------------------------------------------------- # session # function load_session(){ @session_start(); if(!isset($_SESSION["id"])) $this->clear_session(); $user = array(); if(isset($_SESSION["user"])){ $user = $this->user($_SESSION["user"]); } elseif(isset($_COOKIE["user"]) && isset($_COOKIE["pass"])){ if($user = $this->user($_COOKIE["user"])){ $user["password"] = $_COOKIE["pass"]; $this->set_session($user); } } if($user){ if(!$this->user_ok($user)){ $this->clear_session(); $user = array(); } } else $user = array(); $this->user = $user; return $user; } function set_session($user){ $_SESSION["user"] = $user["login"]; $_SESSION["pass"] = md5($user["password"].$_SESSION["id"]); $env = $this->env(); return setcookie("user", $user["login"], time() + (60 * 60 * 24 * 7), $env->path("web")) && setcookie("pass", $user["password"], time() + (60 * 60 * 24 * 7), $env->path("web")); } function clear_session(){ unset($_SESSION["user"]); unset($_SESSION["pass"]); $_SESSION["ip"] = $_SERVER["REMOTE_ADDR"]; $_SESSION["id"] = md5(rand()); $env = $this->env(); return setcookie("user", "", 0, $env->path("web")) && setcookie("pass", "", 0, $env->path("web")); } function get_session_user(){ return $this->user; } # ---------------------------------------------------------------------------------------- # uploads # function check_user_uploads_dir($user = null){ $env = $this->env(); if((!isset($user) || !$user) && !isset($this->user["id"])) return false; $user_dir = $env->path("content")."uploads/".(isset($user) && $user ? $user : $this->user["id"]); if(!file_exists($user_dir)) @mkdir($user_dir); return file_exists($user_dir); } } ?>