X-Git-Url: http://p2p-next.cs.pub.ro/gitweb/?a=blobdiff_plain;f=application%2Fmodels%2Fusers_model.php;h=d59987c7f503fa95f66e0e65da20b782c2050253;hb=9cc2a6602b47ac97d72efa51ec654418b252b4e4;hp=ef7dd37ed9cdcd9af13a09a1aec1203866ae98e2;hpb=6679566ca99a72ab9243e4eaef8e071f89283918;p=living-lab-site.git diff --git a/application/models/users_model.php b/application/models/users_model.php index ef7dd37..d59987c 100644 --- a/application/models/users_model.php +++ b/application/models/users_model.php @@ -50,37 +50,38 @@ class Users_model extends CI_Model { $enc_password = sha1($password); // TODO select only required fields. - $query = $this->db->query("SELECT * FROM `users` + $query = $this->db->query("SELECT u.*, a.activation_code + FROM `users` u LEFT JOIN `users_unactivated` a ON (u.id = a.user_id) WHERE $cond_user AND (auth_src = 'ldap' OR password = '$enc_password')"); // It is possible that the user has a LDAP account but he's // authenticating here for the first time so it does not have an entry // in `users` table. - if ($query->num_rows() !== 1) + if ($query->num_rows() === 0) { $ldap_userdata = $this->ldap_login($username, $password); + if ($ldap_userdata === FALSE) + return FALSE; $userdata = $this->convert_ldap_userdata($ldap_userdata); $this->register($userdata); $user = $this->login($username, $password); $user['import'] = TRUE; return $user; - - /* foreach ($ldap_userdata as $k => $v) - { - echo "

$k

"; - print_r($v); - } - die(); */ } $user = $query->row_array(); // Authenticate with LDAP. - if ($user['auth_src'] == 'ldap') - return ($this->ldap_login($username, $password) !== FALSE - ? $user : FALSE); + if ($user['auth_src'] == 'ldap' + && ! $this->ldap_login($username, $password)) + return FALSE; + + // Update last login time. + $this->db->query("UPDATE `users` + SET last_login = UTC_TIMESTAMP() + WHERE username = '$username'"); // If we are here internal authentication has successful. return $user; @@ -184,6 +185,8 @@ class Users_model extends CI_Model { /** * Adds a new user to DB. + * Do not add join_date and last_login column, they will be automatically + * added. * * @param array $data corresponds to DB columns */ @@ -212,22 +215,145 @@ class Users_model extends CI_Model { $vals = substr($vals, 0, -2); $query = $this->db->query("INSERT INTO `users` - ($cols) - VALUES ($vals)"); + ($cols, registration_date, last_login) + VALUES ($vals, utc_timestamp(), utc_timestamp())"); + + if ($query === FALSE) + return FALSE; + + // If registered with internal authentication it needs to activate + // the account. + $activation_code = Users_model::gen_activation_code($data['username']); + $user_id = $this->get_user_id($data['username']); + $query = $this->db->query("INSERT INTO `users_unactivated` + (user_id, activation_code) + VALUES ($user_id, '$activation_code')"); + $this->send_activation_email($user_id, $data['email'], + $activation_code, $data['username']); // TODO exception on failure return $query; } + public function get_user_id($username) + { + $query = $this->db->query("SELECT id FROM `users` + WHERE username = '$username'"); + + if ($query->num_rows() === 0) + return FALSE; + + return $query->row()->id; + } + + // TODO cleanup account activation + public function cleanup_account_activation() + { + + } + /** - * Returns data from `users` table for user with $user_id. + * Activated an account for an user having $user_id with $activation_code. * * @param int $user_id + * @param string $activation_code hexa 16 characters string + * @return returns TRUE if activation was successful and FALSE otherwise */ - public function get_userdata($user_id) + public function activate_account($user_id, $activation_code) { - $query = $this->db->query("SELECT * from `users` - WHERE id = $user_id"); + $query = $this->db->query("SELECT * FROM `users_unactivated` + WHERE user_id = $user_id + AND activation_code = '$activation_code'"); + + if ($query->num_rows() === 0) + return FALSE; + + $this->db->query("DELETE FROM `users_unactivated` + WHERE user_id = $user_id"); + + return TRUE; + } + + public function send_activation_email($user_id, $email = NULL, + $activation_code = NULL, $username = NULL) + { + if (!$activation_code || !$email || !$username) + { + if (!$email) + $cols = 'email, '; + else + $cols = ''; + + $userdata = $this->get_userdata($user_id, + $cols. "a.activation_code, username"); + $activation_code =& $userdata['activation_code']; + + if (!$email) + $email =& $userdata['email']; + $username =& $userdata['username']; + } + + if ($activation_code === NULL) + return TRUE; + + $subject = '['. $this->config->item('site_name') + . '] Account Activation'; + $activation_url = + site_url("user/activate/$user_id/code/$activation_code"); + $msg = sprintf($this->lang->line('user_activation_email_content'), + $username, $this->config->item('site_name'), site_url(), + $activation_url, $activation_code); + $headers = "From: ". $this->config->item('noreply_email'); + + return mail($email, $subject, $msg, $headers); + } + + public function recover_password($username, $email) + { + $userdata = $this->get_userdata($username, 'email, username, id'); + + if (strcmp($userdata['email'], $email) !== 0) + return FALSE; + + $recovered_password = Users_model::gen_password(); + + $this->set_userdata(intval($userdata['id']), array('password'=> + $recovered_password)); + + $subject = '['. $this->config->item('site_name') + . '] Password Recovery'; + $msg = sprintf($this->lang->line('user_password_recovery_email_content'), + $username, $this->config->item('site_name'), site_url(), + $recovered_password); + $headers = "From: ". $this->config->item('noreply_email'); + + mail($email, $subject, $msg, $headers); + + return TRUE; + } + + /** + * Returns data from `users` table. If $user is int it is used as an + * id, if it is string it is used as an username. + * + * @param mixed $user + * @param string $table_cols (optional) string with comma separated + * `users` table column names. Use a.activation_code to check user's + * account activation_code. If this value is NULL than the account is + * active. + * @return array associative array with userdata from DB + */ + public function get_userdata($user, $table_cols = '*') + { + if (is_int($user)) + $cond = "id = $user"; + else + $cond = "username = '$user'"; + + $query = $this->db->query("SELECT $table_cols + FROM `users` u LEFT JOIN `users_unactivated` a + ON (u.id = a.user_id) + WHERE $cond"); if ($query->num_rows() === 0) return FALSE; @@ -241,6 +367,7 @@ class Users_model extends CI_Model { * @param int $user_id * @param array $data key-value pairs with columns and new values to be * modified + * @return boolean returns TRUE on success and FALSE otherwise */ public function set_userdata($user_id, $data) { @@ -269,6 +396,57 @@ class Users_model extends CI_Model { // TODO exception return $query; } + + public static function gen_activation_code($str = '') + { + $ci =& get_instance(); + + $activation_code = substr( + sha1(''. $str. $ci->config->item('encryption_key') + . mt_rand()), + 0, + 16); + + return $activation_code; + } + + public static function gen_password() + { + $ci =& get_instance(); + $length = 16; + $chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ,.?!_-'; + $len_chars = strlen($chars); + $enc_key = $ci->config->item('encryption_key'); + $len_enc_key = strlen($enc_key); + $password = ''; + + for ($p = 0; $p < $length; $p++) + { + $i = (mt_rand(1, 100) * ord($enc_key[ mt_rand(0, $len_enc_key-1) ])) + % $len_chars; + $password .= $chars[$i]; + } + + return $password; + } + + public static function roles_to_string($roles) + { + $ci =& get_instance(); + $ci->lang->load('user'); + + if ($roles == USER_ROLE_STANDARD) + return $ci->lang->line('user_role_standard'); + else + { + $str_roles = ''; + + if ($roles & USER_ROLE_ADMIN) + $str_roles .= $ci->lang->line('user_role_admin') . '; '; + } + + return $str_roles; + } } /* End of file users_model.php */