X-Git-Url: http://git.dj3c1t.com/?a=blobdiff_plain;f=mw%2Fapp%2Fdata%2Fmodules%2Fsql%2Fmw_data_users.php;h=66783faf957a18ade793912510330f6bb7370f67;hb=e1b64e4088232b9d7b4acb2dc24279bb38fcafba;hp=0a1cf541521cbfa6a84e0494b6cee84f1919cc19;hpb=3c17f81e1d2fb68f69cfa620ca00ad63e83cc17c;p=mtweb diff --git a/mw/app/data/modules/sql/mw_data_users.php b/mw/app/data/modules/sql/mw_data_users.php index 0a1cf54..66783fa 100644 --- a/mw/app/data/modules/sql/mw_data_users.php +++ b/mw/app/data/modules/sql/mw_data_users.php @@ -3,15 +3,15 @@ class mw_data_users extends mw_data{ var $users; - var $_user; - var $user_status; - var $action_status; + var $user; + var $roles; + var $actions_roles; # ---------------------------------------------------------------------------------------- # users # - function users($start = 0, $alpha = null, $status = null){ + function users($start = 0, $alpha = null, $id_role = null){ $sgbd = $this->sgbd(); $env = $this->env(); $users = array("list" => array(), "total" => 0); @@ -20,12 +20,12 @@ $FROM = " FROM #--users"; $WHERE = ""; $WHERE .= (isset($alpha) ? ($WHERE ? " AND" : " WHERE")." LEFT(login, 1)=".$this->eq($alpha) : ""); - if(isset($status)){ - $SELECT .= ", #--users_roles.id_role as status"; + if(isset($id_role)){ + $SELECT .= ", #--users_roles.id_role"; $FROM .= " LEFT JOIN #--users_roles ON (" ." #--users_roles.id_user=#--users.id" - ." AND #--users_roles.id_role=".$this->eq($status) + ." AND #--users_roles.id_role=".$this->eq($id_role) .")"; $WHERE .= ($WHERE ? " AND" : " WHERE")." mw_users_roles.id_role IS NOT NULL"; } @@ -40,8 +40,8 @@ while($v_rst = $sgbd->fetch_assoc($rst)) $users["list"][$v_rst["id"]] = $v_rst; $sgbd->free_result($rst); foreach($users["list"] as $id_user => $user){ - if(($status = $this->list_user_status($id_user)) !== false){ - $users["list"][$id_user]["status"] = $status; + if(($roles = $this->list_user_roles($id_user)) !== false){ + $users["list"][$id_user]["roles"] = $roles; } else{ $users = false; @@ -54,16 +54,16 @@ return $users; } - function list_user_status($id_user){ + function list_user_roles($id_user){ $sgbd = $this->sgbd(); - $status = array(); + $roles = array(); try{ $rst = $sgbd->query("SELECT id_role FROM #--users_roles WHERE id_user=".$this->eq($id_user)); - while($v_rst = $sgbd->fetch_assoc($rst)) $status[] = $v_rst["id_role"]; + while($v_rst = $sgbd->fetch_assoc($rst)) $roles[] = $v_rst["id_role"]; $sgbd->free_result($rst); } - catch(Exception $e) { $status = false; } - return $status; + catch(Exception $e) { $roles = false; } + return $roles; } function user_by_id($id){ @@ -74,7 +74,7 @@ $rst = $sgbd->query($sql); if($v_rst = $sgbd->fetch_assoc($rst)) $user = $v_rst; $sgbd->free_result($rst); - if(($status = $this->list_user_status($user["id"])) !== false) $user["status"] = $status; + if(($roles = $this->list_user_roles($user["id"])) !== false) $user["roles"] = $roles; else $user = false; } catch(Exception $e) { $user = false; } @@ -90,7 +90,7 @@ if($v_rst = $sgbd->fetch_assoc($rst)) $user = $v_rst; $sgbd->free_result($rst); if($user){ - if(($status = $this->list_user_status($user["id"])) !== false) $user["status"] = $status; + if(($roles = $this->list_user_roles($user["id"])) !== false) $user["roles"] = $roles; else $user = false; } } @@ -111,7 +111,7 @@ return $EXISTS; } - function add_user($login, $password, $email, $status){ + function add_user($login, $password, $email, $roles){ $sgbd = $this->sgbd(); $user_id = false; try{ @@ -123,7 +123,7 @@ .")"; $sgbd->query($sql); $user_id = $sgbd->insert_id(); - foreach($status as $id_role){ + foreach($roles as $id_role){ $sql = "INSERT INTO #--users_roles(id_user, id_role) VALUES" ."( ".$user_id @@ -136,7 +136,7 @@ return $user_id; } - function set_user($id, $login, $password, $email, $status){ + function set_user($id, $login, $password, $email, $roles){ $sgbd = $this->sgbd(); try{ $sql = @@ -148,7 +148,7 @@ $sgbd->query($sql); $sql = "DELETE FROM #--users_roles WHERE id_user=".$this->eq($id); $sgbd->query($sql); - foreach($status as $id_role){ + foreach($roles as $id_role){ $sql = "INSERT INTO #--users_roles(id_user, id_role) VALUES" ."( ".$this->eq($id) @@ -165,10 +165,10 @@ if(($user = $this->user($login)) !== false){ $sgbd = $this->sgbd(); try{ - $sql = "DELETE FROM #--users WHERE login=".$this->eq($login)." AND id=".$user["id"]; - $sgbd->query($sql); $sql = "DELETE FROM #--users_roles WHERE id_user=".$user["id"]; $sgbd->query($sql); + $sql = "DELETE FROM #--users WHERE login=".$this->eq($login)." AND id=".$user["id"]; + $sgbd->query($sql); } catch(Exception $e) { return false; } } @@ -177,20 +177,25 @@ } # ---------------------------------------------------------------------------------------- - # status + # roles # - function init_user_status($status = array()){ + function init_roles(){ $sgbd = $this->sgbd(); - $this->user_status = array(); + $this->roles = array(); try{ $sql = "SELECT * FROM #--roles"; $rst = $sgbd->query($sql); - while($v_rst = $sgbd->fetch_assoc($rst)) $this->user_status[$v_rst["id"]] = $v_rst; + while($v_rst = $sgbd->fetch_assoc($rst)) $this->roles[$v_rst["id"]] = $v_rst; $sgbd->free_result($rst); } - catch(Exception $e) { $this->user_status = false; } - return $this->user_status; + catch(Exception $e) { $this->roles = false; } + return $this->roles; + } + + function roles(){ + if(!isset($this->roles)) return false; + return $this->roles; } function add_role($nom, $intitule){ @@ -243,7 +248,7 @@ function clear_role_actions($id_role){ $sgbd = $this->sgbd(); try{ - $sql = "DELETE FROM #--action_status WHERE id_status=".$this->eq($id_role); + $sql = "DELETE FROM #--actions_roles WHERE id_role=".$this->eq($id_role); $sgbd->query($sql); } catch(Exception $e) { return false; } @@ -263,12 +268,12 @@ function add_role_action($id_role, $action){ $sgbd = $this->sgbd(); try{ - $sql = "INSERT INTO #--action_status(action, id_status) VALUES(".$this->eq($action).", ".$this->eq($id_role).")"; + $sql = "INSERT INTO #--actions_roles(action, id_role) VALUES(".$this->eq($action).", ".$this->eq($id_role).")"; $sgbd->query($sql); - $id_action_status = $sgbd->insert_id(); + $id_action_role = $sgbd->insert_id(); } - catch(Exception $e) { $id_action_status = false; } - return $id_action_status; + catch(Exception $e) { $id_action_role = false; } + return $id_action_role; } function del_role($id_role){ @@ -281,102 +286,97 @@ return true; } - function status(){ - if(!isset($this->user_status)) return false; - return $this->user_status; - } - - function get_user_status(){ - $user_status = array(); + function get_user_roles(){ + $user_roles = array(); $user = $this->get_session_user(); if($user && isset($user["id"])){ $sgbd = $this->sgbd(); try{ $sql = "SELECT id_role FROM #--users_roles WHERE id_user=".$this->eq($user["id"]); $rst = $sgbd->query($sql); - while($v_rst = $sgbd->fetch_assoc($rst)) $user_status[] = $v_rst["id_role"]; + while($v_rst = $sgbd->fetch_assoc($rst)) $user_roles[] = $v_rst["id_role"]; $sgbd->free_result($rst); } catch(Exception $_e){ return false; } } - else $user_status[] = 0; - if(!$user_status) $user_status[] = 0; - return $user_status; + else $user_roles[] = 0; + if(!$user_roles) $user_roles[] = 0; + return $user_roles; } - function init_action_status($status = array()){ - if(!isset($this->user_status)) return false; - $this->action_status = $this->read_action_status(); - return $this->action_status; + function init_actions_roles(){ + if(!isset($this->roles)) return false; + $this->actions_roles = $this->read_actions_roles(); + return $this->actions_roles; } - function read_action_status($params = array()){ + function read_actions_roles($params = array()){ $group_by_action = isset($params["group_by_action"]) ? $params["group_by_action"] : false; $sgbd = $this->sgbd(); - $action_status = array(); + $actions_roles = array(); try{ - $sql = "SELECT * FROM #--action_status"; + $sql = "SELECT * FROM #--actions_roles"; $rst = $sgbd->query($sql); while($v_rst = $sgbd->fetch_assoc($rst)){ if($group_by_action){ - if(!isset($action_status[$v_rst["action"]])) $action_status[$v_rst["action"]] = array(); - $action_status[$v_rst["action"]][] = $v_rst["id_status"]; + if(!isset($actions_roles[$v_rst["action"]])) $actions_roles[$v_rst["action"]] = array(); + $actions_roles[$v_rst["action"]][] = $v_rst["id_role"]; } - else $action_status[$v_rst["id"]] = $v_rst; + else $actions_roles[$v_rst["id"]] = $v_rst; } $sgbd->free_result($rst); } - catch(Exception $e) { $action_status = false; } - return $action_status; + catch(Exception $e) { $actions_roles = false; } + return $actions_roles; } - function get_action_status($mod, $controller = "index", $action = "index", $set_status = array()){ + function get_action_roles($mod, $controller = "index", $action = "index"){ $sgbd = $this->sgbd(); - $status = array(); + $roles = array(); try{ $sql = - "SELECT action, id_status" - ." FROM #--action_status" + "SELECT action, id_role" + ." FROM #--actions_roles" ." WHERE action=".$this->eq($mod) ." OR action=".$this->eq($mod."/".$controller) ." OR action=".$this->eq($mod."/".$controller."/".$action); $rst = $sgbd->query($sql); while($v_rst = $sgbd->fetch_assoc($rst)){ - if(!isset($status[$v_rst["action"]])) $status[$v_rst["action"]] = array(); - $status[$v_rst["action"]][$v_rst["id_status"]] = true; + if(!isset($roles[$v_rst["action"]])) $roles[$v_rst["action"]] = array(); + $roles[$v_rst["action"]][$v_rst["id_role"]] = true; } $sgbd->free_result($rst); } - catch(Exception $e) { $status = false; } - return $status; + catch(Exception $e) { $roles = false; } + return $roles; } function get_actions($id_role = null){ $env = $this->env(); if($actions = $env->get_actions()){ - if(($action_status = $this->read_action_status(array("group_by_action" => true))) !== false){ + if(($actions_roles = $this->read_actions_roles(array("group_by_action" => true))) !== false){ foreach($actions as $module_name => $module){ if(isset($id_role)) $actions[$module_name]["module_allowed"] = - isset($action_status[$module_name]) - && in_array($id_role, $action_status[$module_name]); + isset($actions_roles[$module_name]) + && in_array($id_role, $actions_roles[$module_name]); $actions[$module_name]["is_public"] = - isset($action_status[$module_name]) - && in_array(0, $action_status[$module_name]); + isset($actions_roles[$module_name]) + && in_array(0, $actions_roles[$module_name]); foreach($module["controleurs"] as $controleur_name => $controleur){ if(isset($id_role)) $actions[$module_name]["controleurs"][$controleur_name]["controleur_allowed"] = - isset($action_status[$module_name."/".$controleur_name]) - && in_array($id_role, $action_status[$module_name."/".$controleur_name]); + isset($actions_roles[$module_name."/".$controleur_name]) + && in_array($id_role, $actions_roles[$module_name."/".$controleur_name]); $actions[$module_name]["controleurs"][$controleur_name]["is_public"] = - isset($action_status[$module_name."/".$controleur_name]) - && in_array(0, $action_status[$module_name."/".$controleur_name]); + isset($actions_roles[$module_name."/".$controleur_name]) + && in_array(0, $actions_roles[$module_name."/".$controleur_name]); foreach($controleur["als"] as $index_als => $al){ if($al["actions"]){ if(isset($id_role)){ $HAS_ACTION_NOT_ALLOWED = false; foreach($al["actions"] as $action_name){ if( - !isset($action_status[$module_name."/".$controleur_name."/".$action_name]) - || !in_array($id_role, $action_status[$module_name."/".$controleur_name."/".$action_name]) + !isset($actions_roles[$module_name."/".$controleur_name."/".$action_name]) + || !in_array($id_role, $actions_roles[$module_name."/".$controleur_name."/".$action_name]) ){ $HAS_ACTION_NOT_ALLOWED = true; break; @@ -389,8 +389,8 @@ $HAS_ACTION_NOT_ALLOWED = false; foreach($al["actions"] as $action_name){ if( - !isset($action_status[$module_name."/".$controleur_name."/".$action_name]) - || !in_array(0, $action_status[$module_name."/".$controleur_name."/".$action_name]) + !isset($actions_roles[$module_name."/".$controleur_name."/".$action_name]) + || !in_array(0, $actions_roles[$module_name."/".$controleur_name."/".$action_name]) ){ $HAS_ACTION_NOT_ALLOWED = true; break; @@ -409,95 +409,6 @@ return array(); } - # ---------------------------------------------------------------------------------------- - # log in / out - # - - function login($login, $password){ - if(($user = $this->user($login)) !== false){ - if($this->password_ok($user, $password)){ - if(!$this->set_session($user)) $user = false; - } - else{ - $this->clear_session(); - $user = array(); - } - } - return $user; - } - - function logout(){ - return $this->clear_session(); - } - - function user_ok($user){ - return - strcmp(md5($user["password"].$_SESSION["id"]), $_SESSION["pass"]) == 0 - && $_SESSION["ip"] == $_SERVER["REMOTE_ADDR"]; - } - - function password_ok($user, $password){ - if(!$user) return false; - return - strcmp(md5($user["password"].$_SESSION["id"]), $password) == 0 - && $_SESSION["ip"] == $_SERVER["REMOTE_ADDR"]; - } - - # ---------------------------------------------------------------------------------------- - # session - # - - function load_session(){ - @session_start(); - if(!isset($_SESSION["id"])) $this->clear_session(); - if( - $user = ( - isset($_COOKIE["user"]) || isset($_SESSION["user"]) ? - $this->user(isset($_COOKIE["user"]) ? $_COOKIE["user"] : $_SESSION["user"]) - : array() - ) - ){ - if(isset($_COOKIE["user"])) $this->set_session($user); - if(!$this->user_ok($user)){ - $this->clear_session(); - $user = array(); - } - } - $this->_user = $user; - return $user; - } - - function set_session($user){ - $_SESSION["user"] = $user["login"]; - $_SESSION["pass"] = md5($user["password"].$_SESSION["id"]); - $env = $this->env(); - return setcookie("user", $user["login"], time() + (60 * 60 * 24 * 7), $env->path("web")); - } - - function clear_session(){ - unset($_SESSION["user"]); - unset($_SESSION["pass"]); - $_SESSION["ip"] = $_SERVER["REMOTE_ADDR"]; - $_SESSION["id"] = md5(rand()); - $env = $this->env(); - return setcookie("user", "", 0, $env->path("web")); - } - - function get_session_user(){ - return $this->_user; - } - - # ---------------------------------------------------------------------------------------- - # uploads - # - - function check_user_uploads_dir($user = null){ - $env = $this->env(); - $user_dir = $env->path("content")."uploads/".(isset($user) ? $user : $this->_user["id"]); - if(!file_exists($user_dir)) @mkdir($user_dir); - return file_exists($user_dir); - } - } ?> \ No newline at end of file