4 * Class Users_model models user information from DB
10 class Users_model extends CI_Model {
13 public function __construct()
15 parent::__construct();
17 if ($this->db === NULL)
19 $this->load->library('singleton_db');
20 $this->db = $this->singleton_db->connect();
25 * Check authentication credentials. $username can be username or e-mail.
27 * @param string $username
28 * @param string $password
29 * @return mixed can return FALSE if authentication failed, a `users`DB row
30 * as an associative array if authentication was successful
32 public function login($username, $password)
34 $this->load->helper('email');
36 // User logs with e-mail address.
37 if (! valid_email($username))
38 $cond_user = "username = '$username'";
40 $cond_user = "email = '$username'";
42 $enc_password = sha1($password);
44 $query = $this->db->query("SELECT u.*, a.activation_code
45 FROM `users` u LEFT JOIN `users_unactivated` a ON (u.id = a.user_id)
47 AND (auth_src = 'ldap' OR password = '$enc_password')");
49 // It is possible that the user has a LDAP account but he's
50 // authenticating here for the first time so it does not have an entry
52 if ($query->num_rows() === 0)
54 $ldap_userdata = $this->ldap_login($username, $password);
55 if ($ldap_userdata === FALSE)
57 $userdata = $this->convert_ldap_userdata($ldap_userdata);
58 $this->register($userdata);
60 $user = $this->login($username, $password);
61 $user['import'] = TRUE;
65 $user = $query->row_array();
67 // Authenticate with LDAP.
68 if ($user['auth_src'] == 'ldap'
69 && ! $this->ldap_login($username, $password))
72 if (empty($user['username']) || empty($user['email'])
73 || empty($user['first_name']) || empty($user['last_name'])
74 || empty($user['country']))
75 $user['import'] = TRUE;
77 // Update last login time.
78 $this->db->query("UPDATE `users`
79 SET last_login = UTC_TIMESTAMP()
80 WHERE username = '$username'");
82 // If we are here internal authentication has successful.
87 * Begin the OpenID login by redirecting user to the OP to authenticate.
89 * @param string $openid
91 public function openid_begin_login($openid)
93 $this->lang->load('openid');
94 $this->load->library('openid');
96 $request_to = site_url('user/check_openid_login');
98 $req = array('nickname');
99 $opt = array('fullname', 'email', 'dob', 'country');
100 $policy = site_url('user/openid_policy');
102 $ax_attributes[] = Auth_OpenID_AX_AttrInfo::make(
103 'http://axschema.org/contact/email', 1, TRUE);
104 $ax_attributes[] = Auth_OpenID_AX_AttrInfo::make(
105 'http://axschema.org/namePerson/first', 1, TRUE);
106 $ax_attributes[] = Auth_OpenID_AX_AttrInfo::make(
107 'http://axschema.org/namePerson/last', 1, TRUE);
108 $ax_attributes[] = Auth_OpenID_AX_AttrInfo::make(
109 'http://axschema.org/contact/country', 1, TRUE);
111 $this->openid->set_request_to($request_to);
112 $this->openid->set_trust_root(base_url());
113 $this->openid->set_sreg(TRUE, $req, $opt, $policy);
114 $this->openid->set_ax(TRUE, $ax_attributes);
116 // Redirection to OP site will follow.
117 $this->openid->authenticate($openid);
121 * Finalize the OpenID login. Register user if is here for the first time.
123 * @return mixed returns a `users` DB row as an associative array if
124 * authentication was successful or Auth_OpenID_CANCEL/_FAILURE if it was
127 public function openid_complete_login()
129 $this->lang->load('openid');
130 $this->load->library('openid');
132 $request_to = site_url('user/check_openid_login');
133 $this->openid->set_request_to($request_to);
135 $response = $this->openid->get_response();
137 if ($response->status === Auth_OpenID_CANCEL
138 || $response->status === Auth_OpenID_FAILURE)
139 return $response->status;
141 // Auth_OpenID_SUCCESS
142 $openid = $response->getDisplayIdentifier();
143 //$esc_openid = htmlspecialchars($openid, ENT_QUOTES);
145 // Get user_id to see if it's the first time the user logs in with
147 $query = $this->db->query("SELECT * from `users_openid`
148 WHERE openid_url = '$openid'");
151 // First time with OpenID => register user
152 if ($query->num_rows() === 0)
154 $user_id = $this->openid_register($response);
157 // Not first time with OpenID.
159 $user_id = $query->row()->user_id;
162 $query = $this->db->query("SELECT * FROM `users`
163 WHERE id = $user_id");
164 $userdata = $query->row_array();
165 $userdata['import'] = $import;
167 if (empty($userdata['username']) || empty($userdata['email'])
168 || empty($userdata['first_name'])
169 || empty($userdata['last_name'])
170 || empty($userdata['country']))
171 $userdata['import'] = TRUE;
173 // Update last login time.
174 $this->db->query("UPDATE `users`
175 SET last_login = UTC_TIMESTAMP()
176 WHERE id = $user_id");
182 * Register an user that logged in with OpenID for the first time.
184 * @param object $op_response object returned by Janrain
185 * Consumer::complete method.
186 * @return mixed the user_id inserted or FALSE on error
188 public function openid_register($op_response)
190 $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($op_response);
191 $ax_resp = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($op_response);
194 $email = $ax_resp->get('http://axschema.org/contact/email');
195 if (empty($email) || is_a($email, 'Auth_OpenID_AX_Error'))
196 $data['email'] = $sreg_resp->get('email', '');
198 $data['email'] = $email[0];
201 $first_name = $ax_resp->get('http://axschema.org/namePerson/first');
202 if (empty($first_name) || is_a($first_name, 'Auth_OpenID_AX_Error'))
203 $data['first_name'] = '';
205 $data['first_name'] = $first_name[0];
208 $last_name = $ax_resp->get('http://axschema.org/namePerson/last');
209 if (empty($last_name) || is_a($last_name, 'Auth_OpenID_AX_Error'))
210 $data['last_name'] = '';
212 $data['last_name'] = $last_name[0];
214 // First Name and Last Name
215 if (empty($data['first_name']) || empty($data['last_name']))
217 $fullname = $sreg_resp->get('fullname');
221 if (empty($data['first_name']))
222 $data['first_name'] = substr(
223 $fullname, 0, strrpos($fullname, ' '));
224 if (empty($data['last_name']))
225 $data['last_name'] = substr(
226 $fullname, strrpos($fullname, ' ') + 1);
231 $data['username'] = $sreg_resp->get('nickname');
232 if (!$data['username'])
234 if (!empty($data['email']))
236 $data['email'] = strtolower($data['email']);
237 $data['username'] = substr($data['email'],
238 0, strpos($data['email'], '@'));
239 $data['username'] = preg_replace(array('/[^a-z0-9\._]*/'),
240 array(''), $data['username']);
242 else if(!empty($data['first_name']) || !empty($data['last_name']))
244 $data['username'] = $data['first_name'] . '_'
245 . $data['last_name'];
248 $data['username'] = $this->gen_username();
250 $data['username'] = substr($data['username'], 0, 24);
251 if ($this->get_userdata($data['username']))
253 $chars = 'abcdefghijklmnopqrstuvwxyz0123456789';
254 $len_chars = strlen($chars);
255 $data['username'] .= '_';
258 $data['username'] .= $chars[ mt_rand(0, $len_chars - 1) ];
259 } while($this->get_userdata($data['username']));
261 $data['username'] = 'autogen_' . $data['username'];
264 $country = $ax_resp->get('http://axschema.org/contact/country');
265 if (empty($country) || is_a($country, 'Auth_OpenID_AX_Error'))
266 $data['country'] = $sreg_resp->get('country', '');
268 $data['country'] = $country[0];
271 $data['birth_date'] = $sreg_resp->get('dob', NULL);
274 $data['auth_src'] = 'openid';
278 if (!$this->register($data, $op_response->getDisplayIdentifier()))
281 $query = $this->db->query("SELECT id from `users`
282 WHERE username = '{$data['username']}'");
283 return $query->row()->id;
287 * Converts an array returned by LDAP login to an array which contains
288 * user data ready to be used in `users` DB.
290 * @param array $ldap_userdata
293 public function convert_ldap_userdata($ldap_userdata)
295 $userdata['username'] = $ldap_userdata['uid'][0];
296 $userdata['email'] = $ldap_userdata['mail'][0];
297 $userdata['first_name'] = $ldap_userdata['givenname'][0];
298 $userdata['last_name'] = $ldap_userdata['sn'][0];
300 $userdata['auth_src'] = 'ldap';
308 * @param string $username
309 * @param string $password
311 * @author Alex Herișanu, Răzvan Deaconescu, Călin-Andrei Burloiu
313 public function ldap_login($username, $password)
315 $this->config->load('ldap');
317 // First connection: binding.
319 $ds = ldap_connect($this->config->item('ldap_server')) or die("Can't connect to ldap server.\n");
320 if (!@ldap_bind($ds, $this->config->item('ldap_bind_user'),
321 $this->config->item('ldap_bind_password')))
324 die("Can't connect to ".$this->config->item('ldap_server')."\n");
327 $sr = ldap_search($ds, "dc=cs,dc=curs,dc=pub,dc=ro", "(uid=" . $username . ")");
328 if (ldap_count_entries($ds, $sr) > 1)
329 die("Multiple entries with the same uid in LDAP database??");
330 if (ldap_count_entries($ds, $sr) < 1) {
335 $info = ldap_get_entries($ds, $sr);
336 $dn = $info[0]["dn"];
339 // Second connection: connect with user's credentials.
340 $ds = ldap_connect($this->config->item('ldap_server')) or die("Can't connect to ldap server\n");
341 if (!@ldap_bind($ds, $dn, $password) or $password == '') {
346 // Verifify if DN belongs to the requested OU.
347 $info[0]['ou_ok'] = $this->ldap_dn_belongs_ou( $dn, $this->config->item('ldap_req_ou') );
349 // Set authentication source.
350 $info[0]['auth_src'] = 'ldap_first_time';
356 * Verify if a user belongs to a group.
358 * @param string $dn = "ou=Student,ou=People..."
359 * @param array $ou = array ("Student", etc
360 * @return TRUE or FALSE
361 * @author Răzvan Herișanu, Răzvan Deaconescu, Călin-Andrei Burloiu
363 public function ldap_dn_belongs_ou($dn, $ou)
369 $words = explode(',', $dn);
370 foreach ($words as $c) {
371 $parts = explode("=", $c);
375 if (strtolower($key) == "ou" && in_array($value, $ou) )
383 * Adds a new user to DB.
384 * Do not add join_date and last_login column, they will be automatically
386 * Provide an 'openid' with the OpenID as value in order to register users
387 * logging in this way.
389 * @param array $data corresponds to DB columns
391 public function register($data, $openid = NULL)
393 $this->load->helper('array');
395 // TODO verify mandatory data existance
398 if (isset($data['password']))
399 $data['password'] = sha1($data['password']);
401 if (empty($data['birth_date']))
402 $data['birth_date'] = NULL;
406 foreach ($data as $col=> $val)
418 else if (is_string($val))
421 $cols = substr($cols, 0, -2);
422 $vals = substr($vals, 0, -2);
424 $query = $this->db->query("INSERT INTO `users`
425 ($cols, registration_date, last_login)
426 VALUES ($vals, utc_timestamp(), utc_timestamp())");
427 if ($query === FALSE)
430 // If registered with OpenID insert a row in `users_openid`.
434 $query = $this->db->query("SELECT id from `users`
435 WHERE username = '{$data['username']}'");
436 if ($query->num_rows() === 0)
438 $user_id = $query->row()->id;
440 // Insert row in `users_openid`.
441 $query = $this->db->query("INSERT INTO `users_openid`
442 (openid_url, user_id)
443 VALUES ('$openid', $user_id)");
448 // If registered with internal authentication it needs to activate
450 if ($data['auth_src'] == 'internal')
452 $activation_code = Users_model::gen_activation_code($data['username']);
453 $user_id = $this->get_user_id($data['username']);
454 $query = $this->db->query("INSERT INTO `users_unactivated`
455 (user_id, activation_code)
456 VALUES ($user_id, '$activation_code')");
457 $this->send_activation_email($user_id, $data['email'],
458 $activation_code, $data['username']);
461 // TODO exception on failure
465 public function get_user_id($username)
467 $query = $this->db->query("SELECT id FROM `users`
468 WHERE username = '$username'");
470 if ($query->num_rows() === 0)
473 return $query->row()->id;
476 // TODO cleanup account activation
477 public function cleanup_account_activation()
483 * Activated an account for an user having $user_id with $activation_code.
485 * @param int $user_id
486 * @param string $activation_code hexa 16 characters string
487 * @return returns TRUE if activation was successful and FALSE otherwise
489 public function activate_account($user_id, $activation_code)
491 $query = $this->db->query("SELECT * FROM `users_unactivated`
492 WHERE user_id = $user_id
493 AND activation_code = '$activation_code'");
495 if ($query->num_rows() === 0)
498 $this->db->query("DELETE FROM `users_unactivated`
499 WHERE user_id = $user_id");
504 public function send_activation_email($user_id, $email = NULL,
505 $activation_code = NULL, $username = NULL)
507 if (!$activation_code || !$email || !$username)
514 $userdata = $this->get_userdata($user_id,
515 $cols. "a.activation_code, username");
516 $activation_code =& $userdata['activation_code'];
519 $email =& $userdata['email'];
520 $username =& $userdata['username'];
523 if ($activation_code === NULL)
526 $subject = '['. $this->config->item('site_name')
527 . '] Account Activation';
529 site_url("user/activate/$user_id/code/$activation_code");
530 $msg = sprintf($this->lang->line('user_activation_email_content'),
531 $username, $this->config->item('site_name'), site_url(),
532 $activation_url, $activation_code);
533 $headers = "From: ". $this->config->item('noreply_email');
535 return mail($email, $subject, $msg, $headers);
538 public function recover_password($username, $email)
540 $userdata = $this->get_userdata($username, 'email, username, id');
542 if (strcmp($userdata['email'], $email) !== 0)
545 $recovered_password = Users_model::gen_password();
547 $this->set_userdata(intval($userdata['id']), array('password'=>
548 $recovered_password));
550 $subject = '['. $this->config->item('site_name')
551 . '] Password Recovery';
552 $msg = sprintf($this->lang->line('user_password_recovery_email_content'),
553 $username, $this->config->item('site_name'), site_url(),
554 $recovered_password);
555 $headers = "From: ". $this->config->item('noreply_email');
557 mail($email, $subject, $msg, $headers);
563 * Returns data from `users` table. If $user is int it is used as an
564 * id, if it is string it is used as an username.
567 * @param string $table_cols (optional) string with comma separated
568 * `users` table column names. Use a.activation_code to check user's
569 * account activation_code. If this value is NULL than the account is
571 * @return array associative array with userdata from DB
573 public function get_userdata($user, $table_cols = '*')
576 $cond = "id = $user";
578 $cond = "username = '$user'";
580 $query = $this->db->query("SELECT $table_cols
581 FROM `users` u LEFT JOIN `users_unactivated` a
582 ON (u.id = a.user_id)
585 if ($query->num_rows() === 0)
588 $userdata = $query->row_array();
590 // Post process userdata.
591 if (isset($userdata['picture']))
593 $userdata['picture_thumb'] = site_url(
594 "data/user_pictures/{$userdata['picture']}-thumb.jpg");
595 $userdata['picture'] = site_url(
596 "data/user_pictures/{$userdata['picture']}");
603 * Modifies data from `users` table for user with $user_id.
605 * @param int $user_id
606 * @param array $data key-value pairs with columns and new values to be
608 * @return boolean returns TRUE on success and FALSE otherwise
610 public function set_userdata($user_id, $data)
612 // TODO verify mandatory data existance
615 if (isset($data['password']))
616 $data['password'] = sha1($data['password']);
617 // TODO picture data: save, convert, make it thumbnail
619 if (empty($data['birth_date']))
620 $data['birth_date'] = NULL;
623 foreach ($data as $col => $val)
627 $set .= "$col = NULL, ";
632 $set .= "$col = $val, ";
633 else if (is_string($val))
634 $set .= "$col = '$val', ";
636 $set = substr($set, 0, -2);
638 $query_str = "UPDATE `users`
639 SET $set WHERE id = $user_id";
640 //echo "<p>$query_str</p>";
641 $query = $this->db->query($query_str);
647 public static function gen_activation_code($str = '')
649 $ci =& get_instance();
651 $activation_code = substr(
652 sha1(''. $str. $ci->config->item('encryption_key')
657 return $activation_code;
660 public static function gen_password()
662 $ci =& get_instance();
664 $chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ,.?!_-';
665 $len_chars = strlen($chars);
666 $enc_key = $ci->config->item('encryption_key');
667 $len_enc_key = strlen($enc_key);
670 for ($p = 0; $p < $length; $p++)
672 $i = (mt_rand(1, 100) * ord($enc_key[ mt_rand(0, $len_enc_key-1) ]))
674 $password .= $chars[$i];
680 public static function gen_username()
682 $chars = 'abcdefghijklmnopqrstuvwxyz0123456789._';
683 $len_chars = strlen($chars);
687 for ($i = 0; $i < $len; $i++)
688 $username .= $chars[ mt_rand(0, $len_chars - 1) ];
693 public static function roles_to_string($roles)
695 $ci =& get_instance();
696 $ci->lang->load('user');
698 if ($roles == USER_ROLE_STANDARD)
699 return $ci->lang->line('user_role_standard');
704 if ($roles & USER_ROLE_ADMIN)
705 $str_roles .= $ci->lang->line('user_role_admin') . '; ';
712 /* End of file users_model.php */
713 /* Location: ./application/models/users_model.php */