From 6679566ca99a72ab9243e4eaef8e071f89283918 Mon Sep 17 00:00:00 2001 From: Calin Burloiu Date: Tue, 20 Sep 2011 18:45:50 +0300 Subject: [PATCH] user login and registration works; no activation facility yet --- application/config/config.php | 2 +- application/config/form_validation.php | 33 +++- application/controllers/user.php | 172 +++++++++++------- .../language/english/form_validation_lang.php | 8 +- application/language/english/user_lang.php | 2 + application/models/users_model.php | 129 ++++++++++++- application/views/header.php | 2 +- application/views/user/register_view.php | 112 +++++++++--- css/default.css | 4 +- system/helpers/date_helper.php | 2 +- 10 files changed, 361 insertions(+), 105 deletions(-) diff --git a/application/config/config.php b/application/config/config.php index f707636..81ea72d 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -328,7 +328,7 @@ $config['compress_output'] = FALSE; | regarding date handling. | */ -$config['time_reference'] = 'local'; +$config['time_reference'] = 'gmt'; /* diff --git a/application/config/form_validation.php b/application/config/form_validation.php index bd30bb4..1e7c787 100644 --- a/application/config/form_validation.php +++ b/application/config/form_validation.php @@ -19,43 +19,58 @@ $config = array( array( 'field'=>'username', 'label'=>'lang:user_username', - 'rules'=>'trim|required|min_length[5]|max_length[32]' - . '|strtolower|callback__valid_username' + 'rules'=>'trim|callback__required_by_register|min_length[5]|max_length[32]' + . '|strtolower|xss_clean|callback__valid_username' ), array( 'field'=>'password', 'label'=>'lang:user_password', - 'rules'=>'required' + 'rules'=>'callback__required_by_register|min_length[5]|max_length[32]' ), array( 'field'=>'password-confirmation', 'label'=>'lang:user_password_confirmation', - 'rules'=>'required' + 'rules'=>'callback__required_by_register|matches[password]' + ), + array( + 'field'=>'old-password', + 'label'=>'lang:user_old_password', + 'rules'=>'min_length[5]|max_length[32]|callback__valid_old_password[username]' + ), + array( + 'field'=>'new-password', + 'label'=>'lang:user_new_password', + 'rules'=>'min_length[5]|max_length[32]' + ), + array( + 'field'=>'new-password-confirmation', + 'label'=>'lang:user_new_password_confirmation', + 'rules'=>'callback__change_password_cond|matches[new-password]' ), array( 'field'=>'email', 'label'=>'lang:user_email', - 'rules'=>'required' + 'rules'=>'trim|required|xss_clean|valid_email' ), array( 'field'=>'first-name', 'label'=>'lang:user_first_name', - 'rules'=>'required' + 'rules'=>'trim|required|ucwords|xss_clean|prep_for_form' ), array( 'field'=>'last-name', 'label'=>'lang:user_last_name', - 'rules'=>'required' + 'rules'=>'trim|required|ucwords|xss_clean|prep_for_form' ), array( 'field'=>'birth-date', 'label'=>'lang:user_birth_date', - 'rules'=>'' + 'rules'=>'trim|callback__valid_date' ), array( 'field'=>'locality', 'label'=>'lang:user_locality', - 'rules'=>'' + 'rules'=>'trim|ucwords|xss_clean|prep_for_form' ) ) ); diff --git a/application/controllers/user.php b/application/controllers/user.php index 985bf43..b9feb10 100644 --- a/application/controllers/user.php +++ b/application/controllers/user.php @@ -8,16 +8,14 @@ */ class User extends CI_Controller { - private $username = NULL; - private $email = NULL; - private $user_id = NULL; - private $ldap_user_info = NULL; + private $import = FALSE; public function __construct() { parent::__construct(); $this->lang->load('user'); + $this->load->model('users_model'); } public function index() @@ -34,7 +32,6 @@ class User extends CI_Controller { public function login($redirect = '') { $this->load->library('form_validation'); - $this->load->model('users_model'); $this->form_validation->set_error_delimiters('', ''); @@ -54,36 +51,28 @@ class User extends CI_Controller { // ** $this->load->view('html_begin', $this->html_head_params); $this->load->view('header', array('selected_menu' => 'login')); - - $this->load->view('user/login_view', array( - 'redirect'=> $redirect - )); + + $main_params['content'] = $this->load->view('user/login_view', + array('redirect'=> $redirect), TRUE); + $main_params['side'] = $this->load->view('side_default', NULL, TRUE); + $this->load->view('main', $main_params); $this->load->view('footer'); $this->load->view('html_end'); } else { - if ($this->user_id !== NULL) + if (! $this->import) { - $this->session->set_userdata(array( - 'user_id'=> $this->user_id, - 'username'=> $this->username - )); - // Redirect to last page before login. header('Location: '. site_url(urldecode_segments($redirect))); } else { - $this->session->set_userdata(array( - 'username'=> $this->username - )); - - // Redirect to register page because an user authenticates here - // for the first time with LDAP. - // TODO - header('Location: '. site_url(urldecode_segments($redirect))); + // Redirect to account page because an user authenticates here + // for the first time with external authentication. The page + // will display imported data. + header('Location: '. site_url('user/account')); } } } @@ -106,7 +95,6 @@ class User extends CI_Controller { public function register($redirect = '') { $this->load->library('form_validation'); - $this->load->model('users_model'); $this->load->helper('localization'); $this->load->helper('date'); @@ -115,6 +103,16 @@ class User extends CI_Controller { if ($this->form_validation->run('register') === FALSE) { + // Edit account data if logged in, otherwise register. + if ($user_id = $this->session->userdata('user_id')) + { + $userdata = $this->users_model->get_userdata($user_id); + } + else + { + $userdata = FALSE; + } + $params = array('title' => $this->lang->line('ui_nav_menu_register') .' – ' @@ -128,43 +126,59 @@ class User extends CI_Controller { // ** $this->load->view('html_begin', $this->html_head_params); $this->load->view('header', array('selected_menu' => 'register')); - - $this->load->view('user/register_view', array( - 'redirect'=> $redirect - )); + + $main_params['content'] = $this->load->view('user/register_view', + array('userdata'=> $userdata, 'redirect'=> $redirect), + TRUE); + $main_params['side'] = $this->load->view('side_default', NULL, TRUE); + $this->load->view('main', $main_params); $this->load->view('footer'); $this->load->view('html_end'); } else { - if ($this->user_id !== NULL) + $user_id = $this->input->post('user-id'); + $data['email'] = $this->input->post('email'); + $data['first_name'] = $this->input->post('first-name'); + $data['last_name'] = $this->input->post('last-name'); + $data['birth_date'] = $this->input->post('birth-date'); + $data['country'] = $this->input->post('country'); + $data['locality'] = $this->input->post('locality'); + $data['ui_lang'] = $this->input->post('ui-lang'); + $data['time_zone'] = $this->input->post('time-zone'); + + // Edit account data + if ($user_id) { - $this->session->set_userdata(array( - 'user_id'=> $this->user_id, - 'username'=> $this->username - )); - - // Redirect to last page before login. - header('Location: '. site_url(urldecode_segments($redirect))); + $password = $this->input->post('new-password'); + if ($password) + $data['password'] = $this->input->post('new-password'); + + $this->users_model->set_userdata($user_id, $data); } + // Registration else { - $this->session->set_userdata(array( - 'username'=> $this->username - )); - - // Redirect to register page because an user authenticates here - // for the first time with LDAP. - // TODO - header('Location: '. site_url(urldecode_segments($redirect))); + $data['username'] = $this->input->post('username'); + $data['password'] = $this->input->post('password'); + + $this->users_model->register($data); } + + // Redirect to last page before login. + header('Location: '. site_url(urldecode_segments($redirect))); } } + public function account($redirect = '') + { + $this->register($redirect); + } + public function _valid_username($username) { - return (preg_match('/^[a-z0-9\._]+$/', $username) == 1); + return (preg_match('/^[a-z0-9\._]+$/', $username) === 1); } public function _valid_username_or_email($username) @@ -176,33 +190,65 @@ class User extends CI_Controller { else return $this->_valid_username($username); } + + public function _valid_date($date) + { + if (! $date) + return TRUE; + + return (preg_match('/[\d]{4}-[\d]{2}-[\d]{2}/', $date) === 1); + } + + public function _valid_old_password($old_password, $field_username) + { + if (! $old_password) + return TRUE; + + $username= $this->input->post($field_username); + + if ($this->users_model->login($username, $old_password)) + return TRUE; + + return FALSE; + } + + public function _change_password_cond($param) + { + $old = $this->input->post('old-password'); + $new = $this->input->post('new-password'); + $newc = $this->input->post('new-password-confirmation'); + + return (!$old && !$new && !$newc) + || ($old && $new && $newc); + } + + public function _required_by_register($param) + { + $user_id = $this->input->post('user-id'); + + if (! $user_id && ! $param) + return FALSE; + + return TRUE; + } public function _do_login($username, $field_password) { - $password = $this->input->post('password'); + $password = $this->input->post($field_password); - $this->load->model('users_model'); $user = $this->users_model->login($username, $password); - // Authentication failed + // Authentication failed. if ($user === FALSE) return FALSE; - // First authentication of a user with LDAP, i.e. the user does not - // have an user_id in `users` DB table yet. - if ($user['auth_src'] == 'ldap_first_time') - { - $this->ldap_user_info = $user; - $this->username = $user['uid'][0]; - $this->email = $user['mail'][0]; - return TRUE; - } - - // Authentication when the user has an user_id in the DB. - $this->username = $user['username']; - $this->email = $user['email']; - $this->user_id = $user['id']; - + // Authentication successful: set session with user data. + $this->session->set_userdata(array( + 'user_id'=> $user['id'], + 'username'=> $user['username'], + 'auth_src'=> $user['auth_src'] + )); + $this->import = $user['import']; return TRUE; } } diff --git a/application/language/english/form_validation_lang.php b/application/language/english/form_validation_lang.php index 23c3b2f..95d38d8 100644 --- a/application/language/english/form_validation_lang.php +++ b/application/language/english/form_validation_lang.php @@ -2,9 +2,13 @@ include('system/language/english/form_validation_lang.php'); -$lang['_valid_username'] = 'You must enter a valid username with letters, numbers, . (dots) or _ (underscores).'; +$lang['_valid_username'] = 'You must enter a valid username with letters, numbers, . (dots) or _ (underscores).'; $lang['_valid_username_or_email'] = "You must enter an e-mail address or a valid username."; -$lang['_do_login'] = "Wrong %s, or wrong %s."; +$lang['_do_login'] = "Wrong %s, or wrong %s."; +$lang['_valid_date'] = "Invalid %s! Use the specified format or leave the field blank if you don't want to specify it."; +$lang['_valid_old_password'] = "Wrong %s."; +$lang['_change_password_cond'] = 'If you want to change your password complete all three password related fields.'; +$lang['_required_by_register'] = 'The %s field is required.'; /* End of file form_validation_lang.php */ diff --git a/application/language/english/user_lang.php b/application/language/english/user_lang.php index af60408..a4a64cf 100644 --- a/application/language/english/user_lang.php +++ b/application/language/english/user_lang.php @@ -20,6 +20,8 @@ $lang['user_role'] = 'Roles'; $lang['user_auth_src'] = 'Authentication Source'; $lang['user_video_prefs'] = 'Video Preferences'; $lang['user_note_required_fields'] = '* Required fields!'; +$lang['user_submit_register'] = 'Register'; +$lang['user_submit_save'] = 'Save'; /* End of file user_lang.php */ /* Location: ./application/language/english/user_lang.php */ \ No newline at end of file diff --git a/application/models/users_model.php b/application/models/users_model.php index 966f206..ef7dd37 100644 --- a/application/models/users_model.php +++ b/application/models/users_model.php @@ -58,7 +58,22 @@ class Users_model extends CI_Model { // authenticating here for the first time so it does not have an entry // in `users` table. if ($query->num_rows() !== 1) - return $this->ldap_login($username, $password); + { + $ldap_userdata = $this->ldap_login($username, $password); + $userdata = $this->convert_ldap_userdata($ldap_userdata); + $this->register($userdata); + + $user = $this->login($username, $password); + $user['import'] = TRUE; + return $user; + + /* foreach ($ldap_userdata as $k => $v) + { + echo "

$k

"; + print_r($v); + } + die(); */ + } $user = $query->row_array(); @@ -71,6 +86,25 @@ class Users_model extends CI_Model { return $user; } + /** + * Converts an array returned by LDAP login to an array which contains + * user data ready to be used in `users` DB. + * + * @param array $ldap_userdata + * @return array + */ + public function convert_ldap_userdata($ldap_userdata) + { + $userdata['username'] = $ldap_userdata['uid'][0]; + $userdata['email'] = $ldap_userdata['mail'][0]; + $userdata['first_name'] = $ldap_userdata['givenname'][0]; + $userdata['last_name'] = $ldap_userdata['sn'][0]; + + $userdata['auth_src'] = 'ldap'; + + return $userdata; + } + /** * Login with LDAP. * @@ -132,7 +166,7 @@ class Users_model extends CI_Model { public function ldap_dn_belongs_ou($dn, $ou) { if (!is_array($ou)) - $ou = array ($ou); + $ou = array ($ou); $founded = FALSE; $words = explode(',', $dn); @@ -142,10 +176,99 @@ class Users_model extends CI_Model { $value = $parts[1]; if (strtolower($key) == "ou" && in_array($value, $ou) ) - $founded = TRUE; + $founded = TRUE; } + return $founded; } + + /** + * Adds a new user to DB. + * + * @param array $data corresponds to DB columns + */ + public function register($data) + { + $this->load->helper('array'); + + // TODO verify mandatory data existance + + // Process data. + if (isset($data['password'])) + $data['password'] = sha1($data['password']); + // TODO picture data: save, convert, make it thumbnail + + $cols = ''; + $vals = ''; + foreach ($data as $col=> $val) + { + $cols .= "$col, "; + if (is_int($val)) + $vals .= "$val, "; + else + $vals .= "'$val', "; + } + $cols = substr($cols, 0, -2); + $vals = substr($vals, 0, -2); + + $query = $this->db->query("INSERT INTO `users` + ($cols) + VALUES ($vals)"); + + // TODO exception on failure + return $query; + } + + /** + * Returns data from `users` table for user with $user_id. + * + * @param int $user_id + */ + public function get_userdata($user_id) + { + $query = $this->db->query("SELECT * from `users` + WHERE id = $user_id"); + + if ($query->num_rows() === 0) + return FALSE; + + return $query->row_array(); + } + + /** + * Modifies data from `users` table for user with $user_id. + * + * @param int $user_id + * @param array $data key-value pairs with columns and new values to be + * modified + */ + public function set_userdata($user_id, $data) + { + // TODO verify mandatory data existance + + // Process data. + if (isset($data['password'])) + $data['password'] = sha1($data['password']); + // TODO picture data: save, convert, make it thumbnail + + $set = ''; + foreach ($data as $col => $val) + { + if (is_int($val)) + $set .= "$col = $val, "; + else + $set .= "$col = '$val', "; + } + $set = substr($set, 0, -2); + + $query_str = "UPDATE `users` + SET $set WHERE id = $user_id"; + //echo "

$query_str

"; + $query = $this->db->query($query_str); + + // TODO exception + return $query; + } } /* End of file users_model.php */ diff --git a/application/views/header.php b/application/views/header.php index 9745938..0988aaf 100644 --- a/application/views/header.php +++ b/application/views/header.php @@ -55,7 +55,7 @@ >lang->line('ui_nav_menu_logout') ?> -
  • >lang->line('ui_nav_menu_account') ?>
    • diff --git a/application/views/user/register_view.php b/application/views/user/register_view.php index 1f77400..f5398d6 100644 --- a/application/views/user/register_view.php +++ b/application/views/user/register_view.php @@ -1,22 +1,58 @@ - + + + + + + + + + - + - + + + + + ` + + + - + @@ -24,17 +60,43 @@ - + + + + + + + + + + + + + + + + + + + + + - + @@ -42,41 +104,41 @@ - + - + - + - + - + @@ -84,17 +146,17 @@ - + - + @@ -104,7 +166,11 @@
    lang->line('user_note_required_fields') ?>
     
    lang->line('user_username'). ' * ' ?>lang->line('user_username'). ' * : ' ?> - + lang->line('user_username'). ': ' ?> +   +
    lang->line('user_password'). ' * ' ?>lang->line('user_password'). ' * : ' ?>
    lang->line('user_password_confirmation'). ' * ' ?>lang->line('user_password_confirmation'). ' * : ' ?>
    lang->line('user_old_password'). ' * : ' ?> + +
    lang->line('user_new_password'). ' * : ' ?> + +
    lang->line('user_new_password_confirmation'). ' * : ' ?> + +
    lang->line('user_email'). ' * ' ?>lang->line('user_email'). ' * : ' ?> - +
     
    lang->line('user_first_name'). ' * ' ?>lang->line('user_first_name'). ' * : ' ?> - +
    lang->line('user_last_name'). ' * ' ?>lang->line('user_last_name'). ' * : ' ?> - +
    lang->line('user_birth_date'). '  ' ?>lang->line('user_birth_date'). ' : ' ?> - (lang->line('user_date_format_hint') ?>) + (lang->line('user_date_format_hint') ?>)
    lang->line('user_country'). ' * ' ?>lang->line('user_country'). ' * : ' ?> - +
    lang->line('user_locality'). '  ' ?>lang->line('user_locality'). ' : ' ?> - +
     
    lang->line('user_ui_lang'). '  ' ?>lang->line('user_ui_lang'). ' : ' ?> - +
    lang->line('user_time_zone'). ' * ' ?>lang->line('user_time_zone'). ' * : ' ?> - +
    - + + + + +
    diff --git a/css/default.css b/css/default.css index 661dbd6..e958f38 100644 --- a/css/default.css +++ b/css/default.css @@ -29,11 +29,11 @@ h1 table.form th { text-align: right; - /*width: 25%;*/ + width: 24em; } table.form td { - vertical-align: bottom; + vertical-align: top; } .error diff --git a/system/helpers/date_helper.php b/system/helpers/date_helper.php index 553e8d7..65f15e9 100644 --- a/system/helpers/date_helper.php +++ b/system/helpers/date_helper.php @@ -608,4 +608,4 @@ if ( ! function_exists('timezones')) /* End of file date_helper.php */ -/* Location: ./system/helpers/date_helper.php */ \ No newline at end of file +/* Location: ./system/helpers/date_helper.php */ -- 2.20.1