git.dj3c1t.com Git - mtweb/blob - mw/app/data/modules/sql/mw_data_users.php

   1 <?php
   2
   3   class mw_data_users extends mw_data{
   4
   5     var $users;
   6     var $_user;
   7     var $user_status;
   8     var $action_status;
   9
  10     # ----------------------------------------------------------------------------------------
  11     #                                                                                    users
  12     #
  13
  14     function users($start = 0, $alpha = null, $status = null){
  15       $sgbd = $this->sgbd();
  16       $env = $this->env();
  17       $users = array("list" => array(), "total" => 0);
  18       try{
  19         $SELECT = "SELECT #--users.*";
  20         $FROM = " FROM #--users";
  21         $WHERE = "";
  22         $WHERE .= (isset($alpha) ? ($WHERE ? " AND" : " WHERE")." LEFT(login, 1)=".$this->eq($alpha) : "");
  23         if(isset($status)){
  24           $SELECT .= ", #--users_roles.id_role as status";
  25           $FROM .=
  26            " LEFT JOIN #--users_roles ON ("
  27           ." #--users_roles.id_user=#--users.id"
  28           ." AND #--users_roles.id_role=".$this->eq($status)
  29           .")";
  30           $WHERE .= ($WHERE ? " AND" : " WHERE")." mw_users_roles.id_role IS NOT NULL";
  31         }
  32         $LIMIT = ($env->config("max_list") ? " LIMIT ".$env->config("max_list")." OFFSET ".$start : "");
  33         $sql = "SELECT count(*) as n FROM(".$SELECT.$FROM.$WHERE.") res";
  34         $rst = $sgbd->query($sql);
  35         if($v_rst = $sgbd->fetch_assoc($rst)) $users["total"] = $v_rst["n"];
  36         $sgbd->free_result($rst);
  37         if($users["total"] > 0){
  38           $sql = "SELECT * FROM(".$SELECT.$FROM.$WHERE.$LIMIT.") res";
  39           $rst = $sgbd->query($sql);
  40           while($v_rst = $sgbd->fetch_assoc($rst)) $users["list"][$v_rst["id"]] = $v_rst;
  41           $sgbd->free_result($rst);
  42           foreach($users["list"] as $id_user => $user){
  43             if(($status = $this->list_user_status($id_user)) !== false){
  44               $users["list"][$id_user]["status"] = $status;
  45             }
  46             else{
  47               $users = false;
  48               break;
  49             }
  50           }
  51         }
  52       }
  53       catch(Exception $e) { $users = false; }
  54       return $users;
  55     }
  56
  57     function list_user_status($id_user){
  58       $sgbd = $this->sgbd();
  59       $status = array();
  60       try{
  61         $rst = $sgbd->query("SELECT id_role FROM #--users_roles WHERE id_user=".$this->eq($id_user));
  62         while($v_rst = $sgbd->fetch_assoc($rst)) $status[] = $v_rst["id_role"];
  63         $sgbd->free_result($rst);
  64       }
  65       catch(Exception $e) { $status = false; }
  66       return $status;
  67     }
  68
  69     function user_by_id($id){
  70       $sgbd = $this->sgbd();
  71       $user = array();
  72       try{
  73         $sql = "SELECT * from #--users WHERE id=".$this->eq($id);
  74         $rst = $sgbd->query($sql);
  75         if($v_rst = $sgbd->fetch_assoc($rst)) $user = $v_rst;
  76         $sgbd->free_result($rst);
  77         if(($status = $this->list_user_status($user["id"])) !== false) $user["status"] = $status;
  78         else $user = false;
  79       }
  80       catch(Exception $e) { $user = false; }
  81       return $user;
  82     }
  83
  84     function user($login){
  85       $sgbd = $this->sgbd();
  86       $user = array();
  87       try{
  88         $sql = "SELECT * from #--users WHERE login=".$this->eq($login);
  89         $rst = $sgbd->query($sql);
  90         if($v_rst = $sgbd->fetch_assoc($rst)) $user = $v_rst;
  91         $sgbd->free_result($rst);
  92         if($user){
  93           if(($status = $this->list_user_status($user["id"])) !== false) $user["status"] = $status;
  94           else $user = false;
  95         }
  96       }
  97       catch(Exception $e) { $user = false; }
  98       return $user;
  99     }
 100
 101     function user_exists($login){
 102       $sgbd = $this->sgbd();
 103       $EXISTS = 0;
 104       try{
 105         $sql = "SELECT count(*) as n from #--users WHERE login=".$this->eq($login);
 106         $rst = $sgbd->query($sql);
 107         if($v_rst = $sgbd->fetch_assoc($rst)) $EXISTS = $v_rst["n"];
 108         $sgbd->free_result($rst);
 109       }
 110       catch(Exception $e) { $EXISTS = false; }
 111       return $EXISTS;
 112     }
 113
 114     function add_user($login, $password, $email, $status){
 115       $sgbd = $this->sgbd();
 116       $user_id = false;
 117       try{
 118         $sql =
 119          "INSERT INTO #--users(login, password, email) VALUES"
 120         ."( ".$this->eq($login)
 121         .", ".$this->eq($password)
 122         .", ".$this->eq($email)
 123         .")";
 124         $sgbd->query($sql);
 125         $user_id = $sgbd->insert_id();
 126         foreach($status as $id_role){
 127           $sql =
 128            "INSERT INTO #--users_roles(id_user, id_role) VALUES"
 129           ."( ".$user_id
 130           .", ".$this->eq($id_role)
 131           .")";
 132           $sgbd->query($sql);
 133         }
 134       }
 135       catch(Exception $e) { $user_id = false; }
 136       return $user_id;
 137     }
 138
 139     function set_user($id, $login, $password, $email, $status){
 140       $sgbd = $this->sgbd();
 141       try{
 142         $sql =
 143          "UPDATE #--users SET"
 144         ."  login=".$this->eq($login)
 145         .", password=".$this->eq($password)
 146         .", email=".$this->eq($email)
 147         ." WHERE id=".$this->eq($id);
 148         $sgbd->query($sql);
 149         $sql = "DELETE FROM #--users_roles WHERE id_user=".$this->eq($id);
 150         $sgbd->query($sql);
 151         foreach($status as $id_role){
 152           $sql =
 153            "INSERT INTO #--users_roles(id_user, id_role) VALUES"
 154           ."( ".$this->eq($id)
 155           .", ".$this->eq($id_role)
 156           .")";
 157           $sgbd->query($sql);
 158         }
 159       }
 160       catch(Exception $e) { return false; }
 161       return true;
 162     }
 163
 164     function del_user($login){
 165       if(($user = $this->user($login)) !== false){
 166         $sgbd = $this->sgbd();
 167         try{
 168           $sql = "DELETE FROM #--users WHERE login=".$this->eq($login)." AND id=".$user["id"];
 169           $sgbd->query($sql);
 170           $sql = "DELETE FROM #--users_roles WHERE id_user=".$user["id"];
 171           $sgbd->query($sql);
 172         }
 173         catch(Exception $e) { return false; }
 174       }
 175       else return false;
 176       return true;
 177     }
 178
 179     # ----------------------------------------------------------------------------------------
 180     #                                                                                   status
 181     #
 182
 183     function init_user_status($status = array()){
 184       $sgbd = $this->sgbd();
 185       $this->user_status = array();
 186       try{
 187         $sql = "SELECT * FROM #--roles";
 188         $rst = $sgbd->query($sql);
 189         while($v_rst = $sgbd->fetch_assoc($rst)) $this->user_status[$v_rst["id"]] = $v_rst;
 190         $sgbd->free_result($rst);
 191       }
 192       catch(Exception $e) { $this->user_status = false; }
 193       return $this->user_status;
 194     }
 195
 196     function add_role($nom, $intitule){
 197       $sgbd = $this->sgbd();
 198       try{
 199         $sql =
 200          "INSERT INTO #--roles(nom, intitule) VALUES("
 201         ."  ".$this->eq($nom)
 202         .", ".$this->eq($intitule)
 203         .")";
 204         $rst = $sgbd->query($sql);
 205         $id_role = $sgbd->insert_id();
 206       }
 207       catch(Exception $e) { $id_role = false; }
 208       return $id_role;
 209     }
 210
 211     function get_role($id){
 212       if($id === "0") return array(
 213         "id" => 0,
 214         "nom" => "",
 215         "intitule" => ""
 216       );
 217       $sgbd = $this->sgbd();
 218       $role = array();
 219       try{
 220         $sql = "SELECT * FROM #--roles WHERE id=".$this->eq($id);
 221         $rst = $sgbd->query($sql);
 222         if($v_rst = $sgbd->fetch_assoc($rst)) $role = $v_rst;
 223         $sgbd->free_result($rst);
 224       }
 225       catch(Exception $e) { $role = false; }
 226       return $role;
 227     }
 228
 229     function set_role($id, $nom, $intitule){
 230       $sgbd = $this->sgbd();
 231       try{
 232         $sql =
 233          "UPDATE #--roles SET"
 234         ."  nom=".$this->eq($nom)
 235         .", intitule=".$this->eq($intitule)
 236         ." WHERE id=".$this->eq($id);
 237         $rst = $sgbd->query($sql);
 238       }
 239       catch(Exception $e) { return false; }
 240       return true;
 241     }
 242
 243     function clear_role_actions($id_role){
 244       $sgbd = $this->sgbd();
 245       try{
 246         $sql = "DELETE FROM #--action_status WHERE id_status=".$this->eq($id_role);
 247         $sgbd->query($sql);
 248       }
 249       catch(Exception $e) { return false; }
 250       return true;
 251     }
 252
 253     function clear_role_users($id_role){
 254       $sgbd = $this->sgbd();
 255       try{
 256         $sql = "DELETE FROM #--users_roles WHERE id_role=".$this->eq($id_role);
 257         $sgbd->query($sql);
 258       }
 259       catch(Exception $e) { return false; }
 260       return true;
 261     }
 262
 263     function add_role_action($id_role, $action){
 264       $sgbd = $this->sgbd();
 265       try{
 266         $sql = "INSERT INTO #--action_status(action, id_status) VALUES(".$this->eq($action).", ".$this->eq($id_role).")";
 267         $sgbd->query($sql);
 268         $id_action_status = $sgbd->insert_id();
 269       }
 270       catch(Exception $e) { $id_action_status = false; }
 271       return $id_action_status;
 272     }
 273
 274     function del_role($id_role){
 275       $sgbd = $this->sgbd();
 276       try{
 277         $sql = "DELETE FROM #--roles WHERE id=".$this->eq($id_role);
 278         $sgbd->query($sql);
 279       }
 280       catch(Exception $e) { return false; }
 281       return true;
 282     }
 283
 284     function status(){
 285       if(!isset($this->user_status)) return false;
 286       return $this->user_status;
 287     }
 288
 289     function get_user_status(){
 290       $user_status = array();
 291       $user = $this->get_session_user();
 292       if($user && isset($user["id"])){
 293         $sgbd = $this->sgbd();
 294         try{
 295           $sql = "SELECT id_role FROM #--users_roles WHERE id_user=".$this->eq($user["id"]);
 296           $rst = $sgbd->query($sql);
 297           while($v_rst = $sgbd->fetch_assoc($rst)) $user_status[] = $v_rst["id_role"];
 298           $sgbd->free_result($rst);
 299         }
 300         catch(Exception $_e){ return false; }
 301       }
 302       else $user_status[] = 0;
 303       if(!$user_status) $user_status[] = 0;
 304       return $user_status;
 305     }
 306
 307     function init_action_status($status = array()){
 308       if(!isset($this->user_status)) return false;
 309       $this->action_status = $this->read_action_status();
 310       return $this->action_status;
 311     }
 312
 313     function read_action_status($params = array()){
 314       $group_by_action = isset($params["group_by_action"]) ? $params["group_by_action"] : false;
 315       $sgbd = $this->sgbd();
 316       $action_status = array();
 317       try{
 318         $sql = "SELECT * FROM #--action_status";
 319         $rst = $sgbd->query($sql);
 320         while($v_rst = $sgbd->fetch_assoc($rst)){
 321           if($group_by_action){
 322             if(!isset($action_status[$v_rst["action"]])) $action_status[$v_rst["action"]] = array();
 323             $action_status[$v_rst["action"]][] = $v_rst["id_status"];
 324           }
 325           else $action_status[$v_rst["id"]] = $v_rst;
 326         }
 327         $sgbd->free_result($rst);
 328       }
 329       catch(Exception $e) { $action_status = false; }
 330       return $action_status;
 331     }
 332
 333     function get_action_status($mod, $controller = "index", $action = "index", $set_status = array()){
 334       $sgbd = $this->sgbd();
 335       $status = array();
 336       try{
 337         $sql =
 338          "SELECT action, id_status"
 339         ." FROM #--action_status"
 340         ." WHERE action=".$this->eq($mod)
 341         ." OR action=".$this->eq($mod."/".$controller)
 342         ." OR action=".$this->eq($mod."/".$controller."/".$action);
 343         $rst = $sgbd->query($sql);
 344         while($v_rst = $sgbd->fetch_assoc($rst)){
 345           if(!isset($status[$v_rst["action"]])) $status[$v_rst["action"]] = array();
 346           $status[$v_rst["action"]][$v_rst["id_status"]] = true;
 347         }
 348         $sgbd->free_result($rst);
 349       }
 350       catch(Exception $e) { $status = false; }
 351       return $status;
 352     }
 353
 354     function get_actions($id_role = null){
 355       $env = $this->env();
 356       if($actions = $env->get_actions()){
 357         if(($action_status = $this->read_action_status(array("group_by_action" => true))) !== false){
 358           foreach($actions as $module_name => $module){
 359             if(isset($id_role)) $actions[$module_name]["module_allowed"] =
 360                 isset($action_status[$module_name])
 361             &&  in_array($id_role, $action_status[$module_name]);
 362             $actions[$module_name]["is_public"] =
 363                 isset($action_status[$module_name])
 364             &&  in_array(0, $action_status[$module_name]);
 365             foreach($module["controleurs"] as $controleur_name => $controleur){
 366               if(isset($id_role)) $actions[$module_name]["controleurs"][$controleur_name]["controleur_allowed"] =
 367                   isset($action_status[$module_name."/".$controleur_name])
 368               &&  in_array($id_role, $action_status[$module_name."/".$controleur_name]);
 369               $actions[$module_name]["controleurs"][$controleur_name]["is_public"] =
 370                   isset($action_status[$module_name."/".$controleur_name])
 371               &&  in_array(0, $action_status[$module_name."/".$controleur_name]);
 372               foreach($controleur["als"] as $index_als => $al){
 373                 if($al["actions"]){
 374                   if(isset($id_role)){
 375                     $HAS_ACTION_NOT_ALLOWED = false;
 376                     foreach($al["actions"] as $action_name){
 377                       if(
 378                           !isset($action_status[$module_name."/".$controleur_name."/".$action_name])
 379                       ||  !in_array($id_role, $action_status[$module_name."/".$controleur_name."/".$action_name])
 380                       ){
 381                         $HAS_ACTION_NOT_ALLOWED = true;
 382                         break;
 383                       }
 384                     }
 385                     if(!$HAS_ACTION_NOT_ALLOWED){
 386                       $actions[$module_name]["controleurs"][$controleur_name]["als"][$index_als]["action_allowed"] = true;
 387                     }
 388                   }
 389                   $HAS_ACTION_NOT_ALLOWED = false;
 390                   foreach($al["actions"] as $action_name){
 391                     if(
 392                         !isset($action_status[$module_name."/".$controleur_name."/".$action_name])
 393                     ||  !in_array(0, $action_status[$module_name."/".$controleur_name."/".$action_name])
 394                     ){
 395                       $HAS_ACTION_NOT_ALLOWED = true;
 396                       break;
 397                     }
 398                   }
 399                   if(!$HAS_ACTION_NOT_ALLOWED){
 400                     $actions[$module_name]["controleurs"][$controleur_name]["als"][$index_als]["is_public"] = true;
 401                   }
 402                 }
 403               }
 404             }
 405           }
 406           return $actions;
 407         }
 408       }
 409       return array();
 410     }
 411
 412     # ----------------------------------------------------------------------------------------
 413     #                                                                             log in / out
 414     #
 415
 416     function login($login, $password){
 417       if(($user = $this->user($login)) !== false){
 418         if($this->password_ok($user, $password)){
 419           if(!$this->set_session($user)) $user = false;
 420         }
 421         else{
 422           $this->clear_session();
 423           $user = array();
 424         }
 425       }
 426       return $user;
 427     }
 428
 429     function logout(){
 430       return $this->clear_session();
 431     }
 432
 433     function user_ok($user){
 434       return
 435       strcmp(md5($user["password"].$_SESSION["id"]), $_SESSION["pass"]) == 0
 436       && $_SESSION["ip"] == $_SERVER["REMOTE_ADDR"];
 437     }
 438
 439     function password_ok($user, $password){
 440       if(!$user) return false;
 441       return
 442            strcmp(md5($user["password"].$_SESSION["id"]), $password) == 0
 443         && $_SESSION["ip"] == $_SERVER["REMOTE_ADDR"];
 444     }
 445
 446     # ----------------------------------------------------------------------------------------
 447     #                                                                                  session
 448     #
 449
 450     function load_session(){
 451       @session_start();
 452       if(!isset($_SESSION["id"])) $this->clear_session();
 453       if(
 454         $user = (
 455           isset($_COOKIE["user"]) || isset($_SESSION["user"]) ?
 456             $this->user(isset($_COOKIE["user"]) ? $_COOKIE["user"] : $_SESSION["user"])
 457           : array()
 458         )
 459       ){
 460         if(isset($_COOKIE["user"])) $this->set_session($user);
 461         if(!$this->user_ok($user)){
 462           $this->clear_session();
 463           $user = array();
 464         }
 465       }
 466       $this->_user = $user;
 467       return $user;
 468     }
 469
 470     function set_session($user){
 471       $_SESSION["user"] = $user["login"];
 472       $_SESSION["pass"] = md5($user["password"].$_SESSION["id"]);
 473       $env = $this->env();
 474       return setcookie("user", $user["login"], time() + (60 * 60 * 24 * 7), $env->path("web"));
 475     }
 476
 477     function clear_session(){
 478       unset($_SESSION["user"]);
 479       unset($_SESSION["pass"]);
 480       $_SESSION["ip"] = $_SERVER["REMOTE_ADDR"];
 481       $_SESSION["id"] = md5(rand());
 482       $env = $this->env();
 483       return setcookie("user", "", 0, $env->path("web"));
 484     }
 485
 486     function get_session_user(){
 487       return $this->_user;
 488     }
 489
 490     # ----------------------------------------------------------------------------------------
 491     #                                                                                  uploads
 492     #
 493
 494     function check_user_uploads_dir($user = null){
 495       $env = $this->env();
 496       $user_dir = $env->path("content")."uploads/".(isset($user) ? $user : $this->_user["id"]);
 497       if(!file_exists($user_dir)) @mkdir($user_dir);
 498       return file_exists($user_dir);
 499     }
 500
 501   }
 502
 503 ?>