X-Git-Url: http://p2p-next.cs.pub.ro/gitweb/?a=blobdiff_plain;f=application%2Fmodels%2Fusers_model.php;h=76f378d905e54f5b6a3b92f1c1b337cbb090abf1;hb=faf92fa039c2be353c94d0d0e8e488e56eaa5058;hp=ef7dd37ed9cdcd9af13a09a1aec1203866ae98e2;hpb=6679566ca99a72ab9243e4eaef8e071f89283918;p=living-lab-site.git
diff --git a/application/models/users_model.php b/application/models/users_model.php
index ef7dd37..76f378d 100644
--- a/application/models/users_model.php
+++ b/application/models/users_model.php
@@ -50,37 +50,38 @@ class Users_model extends CI_Model {
$enc_password = sha1($password);
// TODO select only required fields.
- $query = $this->db->query("SELECT * FROM `users`
+ $query = $this->db->query("SELECT u.*, a.activation_code
+ FROM `users` u LEFT JOIN `users_unactivated` a ON (u.id = a.user_id)
WHERE $cond_user
AND (auth_src = 'ldap' OR password = '$enc_password')");
// It is possible that the user has a LDAP account but he's
// authenticating here for the first time so it does not have an entry
// in `users` table.
- if ($query->num_rows() !== 1)
+ if ($query->num_rows() === 0)
{
$ldap_userdata = $this->ldap_login($username, $password);
+ if ($ldap_userdata === FALSE)
+ return FALSE;
$userdata = $this->convert_ldap_userdata($ldap_userdata);
$this->register($userdata);
$user = $this->login($username, $password);
$user['import'] = TRUE;
return $user;
-
- /* foreach ($ldap_userdata as $k => $v)
- {
- echo "
$k
";
- print_r($v);
- }
- die(); */
}
$user = $query->row_array();
// Authenticate with LDAP.
- if ($user['auth_src'] == 'ldap')
- return ($this->ldap_login($username, $password) !== FALSE
- ? $user : FALSE);
+ if ($user['auth_src'] == 'ldap'
+ && ! $this->ldap_login($username, $password))
+ return FALSE;
+
+ // Update last login time.
+ $this->db->query("UPDATE `users`
+ SET last_login = UTC_TIMESTAMP()
+ WHERE username = '$username'");
// If we are here internal authentication has successful.
return $user;
@@ -184,6 +185,8 @@ class Users_model extends CI_Model {
/**
* Adds a new user to DB.
+ * Do not add join_date and last_login column, they will be automatically
+ * added.
*
* @param array $data corresponds to DB columns
*/
@@ -202,37 +205,177 @@ class Users_model extends CI_Model {
$vals = '';
foreach ($data as $col=> $val)
{
+ if ($val === NULL)
+ {
+ $cols .= "$col, ";
+ $vals .= "NULL, ";
+ continue;
+ }
+
$cols .= "$col, ";
if (is_int($val))
$vals .= "$val, ";
- else
+ else if (is_string($val))
$vals .= "'$val', ";
}
$cols = substr($cols, 0, -2);
$vals = substr($vals, 0, -2);
$query = $this->db->query("INSERT INTO `users`
- ($cols)
- VALUES ($vals)");
+ ($cols, registration_date, last_login)
+ VALUES ($vals, utc_timestamp(), utc_timestamp())");
+ if ($query === FALSE)
+ return FALSE;
+
+ // If registered with internal authentication it needs to activate
+ // the account.
+ $activation_code = Users_model::gen_activation_code($data['username']);
+ $user_id = $this->get_user_id($data['username']);
+ $query = $this->db->query("INSERT INTO `users_unactivated`
+ (user_id, activation_code)
+ VALUES ($user_id, '$activation_code')");
+ $this->send_activation_email($user_id, $data['email'],
+ $activation_code, $data['username']);
// TODO exception on failure
return $query;
}
+ public function get_user_id($username)
+ {
+ $query = $this->db->query("SELECT id FROM `users`
+ WHERE username = '$username'");
+
+ if ($query->num_rows() === 0)
+ return FALSE;
+
+ return $query->row()->id;
+ }
+
+ // TODO cleanup account activation
+ public function cleanup_account_activation()
+ {
+
+ }
+
/**
- * Returns data from `users` table for user with $user_id.
+ * Activated an account for an user having $user_id with $activation_code.
*
* @param int $user_id
+ * @param string $activation_code hexa 16 characters string
+ * @return returns TRUE if activation was successful and FALSE otherwise
+ */
+ public function activate_account($user_id, $activation_code)
+ {
+ $query = $this->db->query("SELECT * FROM `users_unactivated`
+ WHERE user_id = $user_id
+ AND activation_code = '$activation_code'");
+
+ if ($query->num_rows() === 0)
+ return FALSE;
+
+ $this->db->query("DELETE FROM `users_unactivated`
+ WHERE user_id = $user_id");
+
+ return TRUE;
+ }
+
+ public function send_activation_email($user_id, $email = NULL,
+ $activation_code = NULL, $username = NULL)
+ {
+ if (!$activation_code || !$email || !$username)
+ {
+ if (!$email)
+ $cols = 'email, ';
+ else
+ $cols = '';
+
+ $userdata = $this->get_userdata($user_id,
+ $cols. "a.activation_code, username");
+ $activation_code =& $userdata['activation_code'];
+
+ if (!$email)
+ $email =& $userdata['email'];
+ $username =& $userdata['username'];
+ }
+
+ if ($activation_code === NULL)
+ return TRUE;
+
+ $subject = '['. $this->config->item('site_name')
+ . '] Account Activation';
+ $activation_url =
+ site_url("user/activate/$user_id/code/$activation_code");
+ $msg = sprintf($this->lang->line('user_activation_email_content'),
+ $username, $this->config->item('site_name'), site_url(),
+ $activation_url, $activation_code);
+ $headers = "From: ". $this->config->item('noreply_email');
+
+ return mail($email, $subject, $msg, $headers);
+ }
+
+ public function recover_password($username, $email)
+ {
+ $userdata = $this->get_userdata($username, 'email, username, id');
+
+ if (strcmp($userdata['email'], $email) !== 0)
+ return FALSE;
+
+ $recovered_password = Users_model::gen_password();
+
+ $this->set_userdata(intval($userdata['id']), array('password'=>
+ $recovered_password));
+
+ $subject = '['. $this->config->item('site_name')
+ . '] Password Recovery';
+ $msg = sprintf($this->lang->line('user_password_recovery_email_content'),
+ $username, $this->config->item('site_name'), site_url(),
+ $recovered_password);
+ $headers = "From: ". $this->config->item('noreply_email');
+
+ mail($email, $subject, $msg, $headers);
+
+ return TRUE;
+ }
+
+ /**
+ * Returns data from `users` table. If $user is int it is used as an
+ * id, if it is string it is used as an username.
+ *
+ * @param mixed $user
+ * @param string $table_cols (optional) string with comma separated
+ * `users` table column names. Use a.activation_code to check user's
+ * account activation_code. If this value is NULL than the account is
+ * active.
+ * @return array associative array with userdata from DB
*/
- public function get_userdata($user_id)
+ public function get_userdata($user, $table_cols = '*')
{
- $query = $this->db->query("SELECT * from `users`
- WHERE id = $user_id");
+ if (is_int($user))
+ $cond = "id = $user";
+ else
+ $cond = "username = '$user'";
+
+ $query = $this->db->query("SELECT $table_cols
+ FROM `users` u LEFT JOIN `users_unactivated` a
+ ON (u.id = a.user_id)
+ WHERE $cond");
if ($query->num_rows() === 0)
return FALSE;
- return $query->row_array();
+ $userdata = $query->row_array();
+
+ // Post process userdata.
+ if (isset($userdata['picture']))
+ {
+ $userdata['picture_thumb'] = site_url(
+ "data/user_pictures/{$userdata['picture']}-thumb.jpg");
+ $userdata['picture'] = site_url(
+ "data/user_pictures/{$userdata['picture']}");
+ }
+
+ return $userdata;
}
/**
@@ -241,6 +384,7 @@ class Users_model extends CI_Model {
* @param int $user_id
* @param array $data key-value pairs with columns and new values to be
* modified
+ * @return boolean returns TRUE on success and FALSE otherwise
*/
public function set_userdata($user_id, $data)
{
@@ -256,8 +400,10 @@ class Users_model extends CI_Model {
{
if (is_int($val))
$set .= "$col = $val, ";
- else
+ else if (is_string($val))
$set .= "$col = '$val', ";
+ else if (is_null($var))
+ $set .= "$col = NULL, ";
}
$set = substr($set, 0, -2);
@@ -269,6 +415,57 @@ class Users_model extends CI_Model {
// TODO exception
return $query;
}
+
+ public static function gen_activation_code($str = '')
+ {
+ $ci =& get_instance();
+
+ $activation_code = substr(
+ sha1(''. $str. $ci->config->item('encryption_key')
+ . mt_rand()),
+ 0,
+ 16);
+
+ return $activation_code;
+ }
+
+ public static function gen_password()
+ {
+ $ci =& get_instance();
+ $length = 16;
+ $chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ,.?!_-';
+ $len_chars = strlen($chars);
+ $enc_key = $ci->config->item('encryption_key');
+ $len_enc_key = strlen($enc_key);
+ $password = '';
+
+ for ($p = 0; $p < $length; $p++)
+ {
+ $i = (mt_rand(1, 100) * ord($enc_key[ mt_rand(0, $len_enc_key-1) ]))
+ % $len_chars;
+ $password .= $chars[$i];
+ }
+
+ return $password;
+ }
+
+ public static function roles_to_string($roles)
+ {
+ $ci =& get_instance();
+ $ci->lang->load('user');
+
+ if ($roles == USER_ROLE_STANDARD)
+ return $ci->lang->line('user_role_standard');
+ else
+ {
+ $str_roles = '';
+
+ if ($roles & USER_ROLE_ADMIN)
+ $str_roles .= $ci->lang->line('user_role_admin') . '; ';
+ }
+
+ return $str_roles;
+ }
}
/* End of file users_model.php */