Merge branch 'master' of github.com:gebhardtdasense/system into logfix

db/qq/QP.php

@@ -27,7 +27,7 @@ class QP {
     
     public static function QI($params,$params_mys = null){
         $qq = self::QQ($params,$params_mys);
-        return $qq->affectedRows() != (0||null);}
+        return $qq->affectedRows() != (0||null);}  
     //override this
     protected static function query(){
         throw new \SYSTEM\LOG\ERROR('query function of your QP Class not overwritten!');}

dbd/qq/SYS_SAIMOD_SECURITY_USERS.php

@@ -5,8 +5,7 @@ class SYS_SAIMOD_SECURITY_USERS extends \SYSTEM\DB\QP {
     protected static function query(){
         return new \SYSTEM\DB\QQuery(get_class(),
 //pg            
-'SELECT id,username,email,joindate,locale, EXTRACT(EPOCH FROM last_active) as last_active ,account_flag FROM system.user WHERE username LIKE $1 OR email LIKE $1 ORDER BY last_active DESC LIMIT 100;',
+'SELECT id,username,email,joindate,locale, EXTRACT(EPOCH FROM last_active) as last_active, account_flag FROM system.user WHERE username LIKE $1 OR email LIKE $1 ORDER BY last_active DESC LIMIT 100;',
 //mys
-'SELECT id,username,email,joindate,locale,last_active,account_flag FROM system_user WHERE username LIKE ? OR email LIKE ? ORDER BY last_active DESC LIMIT 100;'
-);}}
-
+'SELECT id,username,email,joindate,locale,unix_timestamp(last_active)as last_active, account_flag FROM system_user WHERE username LIKE ? OR email LIKE ? ORDER BY last_active DESC LIMIT 100;'
+);}}

dbd/qq/SYS_SECURITY_LOGIN_MD5.php

@@ -6,10 +6,10 @@ class SYS_SECURITY_LOGIN_MD5 extends \SYSTEM\DB\QP {
         return new \SYSTEM\DB\QQuery(get_class(),
 //pg            
 'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_PG.
-' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower($1)'.
+' WHERE (lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower($1) OR lower('.\SYSTEM\DBD\system_user::FIELD_EMAIL.') LIKE lower($1))'.
 ' AND ('.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = $2 OR  '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_MD5.' = $3 );',
 //mys
 'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_MYS.
-' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower(?)'.
+' WHERE (lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower(?) OR lower('.\SYSTEM\DBD\system_user::FIELD_EMAIL.') LIKE lower(?))'.
 ' AND ('.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = ? OR '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_MD5.' = ? );'
 );}}

dbd/qq/SYS_SECURITY_LOGIN_SHA1.php

@@ -6,10 +6,10 @@ class SYS_SECURITY_LOGIN_SHA1 extends \SYSTEM\DB\QP {
         return new \SYSTEM\DB\QQuery(get_class(),
 //pg            
 'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_PG.
-' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower($1)'.
+' WHERE (lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower($1) OR lower('.\SYSTEM\DBD\system_user::FIELD_EMAIL.') LIKE lower($1))'.
 ' AND '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = $2;',
 //mys
 'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_MYS.
-' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower(?)'.
+' WHERE (lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower(?) OR lower('.\SYSTEM\DBD\system_user::FIELD_EMAIL.') LIKE lower(?))'.
 ' AND '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = ?;'
 );}}

dbd/qq/SYS_SECURITY_UPDATE_LASTACTIVE.php

@@ -10,10 +10,10 @@ class SYS_SECURITY_UPDATE_LASTACTIVE extends \SYSTEM\DB\QP {
         return new \SYSTEM\DB\QQuery(get_class(),
 //pg            
 'UPDATE '.\SYSTEM\DBD\system_user::NAME_PG.
-' SET '.\SYSTEM\DBD\system_user::FIELD_LAST_ACTIVE.'= to_timestamp($1)'.
-' WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = $2;',
+' SET '.\SYSTEM\DBD\system_user::FIELD_LAST_ACTIVE.' = NOW()'.
+' WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = $1;',
 //mys
 'UPDATE '.\SYSTEM\DBD\system_user::NAME_MYS.
-' SET '.\SYSTEM\DBD\system_user::FIELD_LAST_ACTIVE.'= ?'.
+' SET '.\SYSTEM\DBD\system_user::FIELD_LAST_ACTIVE.' = NOW()'.
 ' WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = ?;'
 );}}

dbd/sql/mysql/data/sai_api.sql

@@ -33,5 +33,16 @@ INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `nam
 INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (51, 42, 3, 3, 'error', 'error', 'INT');
 INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (52, 42, 0, 3, 'stats', 'name', null);
 INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (53, 42, 3, 52, null, 'filter', 'UINT');
+INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (54, 42, 2, 3, 'user', 'username', 'STRING');
+INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (55, 42, 2, 3, 'addright', 'id', 'UINT');
+INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (56, 42, 2, 3, 'addright', 'name', 'STRING');
+INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (57, 42, 2, 3, 'addright', 'description', 'STRING');
+INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (58, 42, 2, 3, 'deleteright', 'id', 'UINT');
+INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (59, 42, 2, 3, 'deleterightconfirm', 'id', 'UINT');
+INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (60, 42, 2, 3, 'addrightuser', 'rightid', 'UINT');
+INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (61, 42, 2, 3, 'addrightuser', 'userid', 'UINT');
+INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (62, 42, 2, 3, 'deleterightuser', 'rightid', 'UINT');
+INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (63, 42, 2, 3, 'deleterightuser', 'userid', 'UINT');
+INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (120, 42, 3, 3, 'users', 'search', 'STRING');
 
-INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (300, 42, 4, -1, NULL, '_lang', 'LANG');
+INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (300, 42, 4, -1, NULL, '_lang', 'LANG');

dbd/sql/mysql/data/system_rights.sql

@@ -0,0 +1,5 @@
+INSERT INTO `system_rights` (`ID`, `name`, `description`) VALUES (6, 'SYS_SAI_SECURITY_RIGHTS_EDIT', 'Allows deleting, editing and adding of Right in the SAI module Security');
+INSERT INTO `system_rights` (`ID`, `name`, `description`) VALUES (5, 'SYS_SAI_SECURITY', 'Allows access to the Security Module in SAI');
+INSERT INTO `system_rights` (`ID`, `name`, `description`) VALUES (10, 'SYS_SAI_LOCALE', 'Allows access to the Locale Module in SAI to edit or add Multilanguage Text');
+INSERT INTO `system_rights` (`ID`, `name`, `description`) VALUES (15, 'SYS_SAI_IMG', 'Allows access to the Image Module in SAI to delete or add Pictures');
+INSERT INTO `system_rights` (`ID`, `name`, `description`) VALUES (1, 'SYS_SAI', 'SAI access right');

dbd/sql/mysql/schema/system_api.sql

@@ -0,0 +1,12 @@
+CREATE TABLE `system_api` (
+	`ID` INT(10) UNSIGNED NOT NULL,
+	`group` INT(10) UNSIGNED NOT NULL,
+	`type` TINYINT(3) UNSIGNED NOT NULL,
+	`parentID` INT(11) NOT NULL,
+	`parentValue` CHAR(50) NULL DEFAULT NULL,
+	`name` CHAR(50) NOT NULL,
+	`verify` CHAR(50) NULL DEFAULT NULL,
+	PRIMARY KEY (`ID`, `group`)
+)
+COLLATE='utf8_general_ci'
+ENGINE=MyISAM;

dbd/sql/mysql/schema/system_locale_string.sql

@@ -0,0 +1,10 @@
+CREATE TABLE `system_locale_string` (
+	`id` CHAR(35) NOT NULL,
+	`category` INT(10) UNSIGNED NOT NULL,
+	`enUS` TEXT NOT NULL,
+	`deDE` TEXT NOT NULL,
+	PRIMARY KEY (`id`)
+)
+COMMENT='Shall hold strings and its translation'
+COLLATE='utf8_general_ci'
+ENGINE=MyISAM;

dbd/sql/mysql/schema/system_rights.sql

@@ -0,0 +1,9 @@
+CREATE TABLE `system_rights` (
+	`ID` INT(10) NOT NULL AUTO_INCREMENT,
+	`name` CHAR(50) NOT NULL,
+	`description` CHAR(255) NOT NULL,
+	PRIMARY KEY (`ID`)
+)
+COLLATE='utf8_general_ci'
+ENGINE=MyISAM
+AUTO_INCREMENT=16;

dbd/sql/mysql/schema/system_user.sql

@@ -0,0 +1,15 @@
+CREATE TABLE `system_user` (
+	`id` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT,
+	`username` CHAR(32) NOT NULL,
+	`password_sha` CHAR(255) NULL DEFAULT NULL,
+	`password_md5` CHAR(255) NULL DEFAULT NULL,
+	`email` CHAR(255) NOT NULL,
+	`joindate` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+	`locale` CHAR(6) NOT NULL DEFAULT 'enUS',
+	`last_active` TIMESTAMP NOT NULL DEFAULT '0000-00-00 00:00:00',
+	`account_flag` INT(10) NULL DEFAULT NULL,
+	PRIMARY KEY (`id`)
+)
+COLLATE='utf8_general_ci'
+ENGINE=InnoDB
+AUTO_INCREMENT=1;

dbd/sql/mysql/schema/system_user_to_rights.sql

@@ -0,0 +1,7 @@
+CREATE TABLE `system_user_to_rights` (
+	`rightID` INT(10) NOT NULL DEFAULT '0',
+	`userID` INT(10) UNSIGNED NOT NULL DEFAULT '0',
+	PRIMARY KEY (`rightID`, `userID`)
+)
+COLLATE='utf8_general_ci'
+ENGINE=InnoDB;

security/Security.php

@@ -13,11 +13,11 @@ class Security {
         $result = \SYSTEM\DBD\SYS_SECURITY_CREATE::QI(array( $username , $password, $email, $locale, 1 ));
         if(!$result || !self::login($username, $password, $locale)){            
                 return self::FAIL;}                 
-        return ($advancedResult ? \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password)) : self::OK);
+        return ($advancedResult ? \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password),array($username, $username, $password)) : self::OK);
     }
      
     public static function changePassword($username, $password_sha_old, $password_sha_new){        
-        $row = \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password_sha_old));                        
+        $row = \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password_sha_old),array($username, $username, $password_sha_old));                        
         if(!$row){
             return self::FAIL;} // old password wrong                  
         $userID = $row['id'];        
@@ -31,9 +31,9 @@ class Security {
                 
         //Database check
         if(isset($password_md5)){      
-            $row = \SYSTEM\DBD\SYS_SECURITY_LOGIN_MD5::Q1(array($username, $password_sha, $password_md5));
+            $row = \SYSTEM\DBD\SYS_SECURITY_LOGIN_MD5::Q1(array($username, $password_sha, $password_md5),array($username, $username, $password_sha, $password_md5));
         }else{
-            $row = \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password_sha));}                    
+            $row = \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password_sha),array($username, $username, $password_sha));}                    
                     
         if(!$row){
             new \SYSTEM\LOG\WARNING("Login Failed, User was not found in db");                        
@@ -65,7 +65,7 @@ class Security {
                                         \SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL));        
         if(isset($locale)){
             \SYSTEM\locale::set($locale);}                
-        \SYSTEM\DBD\SYS_SECURITY_UPDATE_LASTACTIVE::QI(array(microtime(true), $row[\SYSTEM\DBD\system_user::FIELD_ID]));
+        \SYSTEM\DBD\SYS_SECURITY_UPDATE_LASTACTIVE::QI(array($row[\SYSTEM\DBD\system_user::FIELD_ID]));
         return ($advancedResult ? $row : self::OK);
     }