prepare('createAccountStmt','INSERT INTO '.\SYSTEM\DBD\UserTable::NAME_PG. ' ('.\SYSTEM\DBD\UserTable::FIELD_USERNAME.','.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.',' .\SYSTEM\DBD\UserTable::FIELD_EMAIL.','.\SYSTEM\DBD\UserTable::FIELD_LOCALE.','.\SYSTEM\DBD\UserTable::FIELD_ACCOUNT_FLAG.')'. ' VALUES ($1, $2, $3, $4, $5) RETURNING *;', array( $username , $password, $email, $locale, 1 )); } else { $result = $con->prepare('createAccountStmt','INSERT INTO '.\SYSTEM\DBD\UserTable::NAME_MYS. ' ('.\SYSTEM\DBD\UserTable::FIELD_USERNAME.','.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.',' .\SYSTEM\DBD\UserTable::FIELD_EMAIL.','.\SYSTEM\DBD\UserTable::FIELD_LOCALE.','.\SYSTEM\DBD\UserTable::FIELD_ACCOUNT_FLAG.')'. ' VALUES (?, ?, ?, ?, ?);', array( $username , $password, $email, $locale, 1 )); } if( !$result || !self::login($dbinfo, $username, $password, $locale)){ return self::REGISTER_FAIL;} return ($advancedResult ? $result->next() : self::REGISTER_OK); } public static function login(\SYSTEM\DB\DBInfo $dbinfo, $username, $password_sha, $password_md5, $locale=NULL, $advancedResult=false){ self::startSession(); if(!isset($password_sha)){ self::trackLogins($dbinfo, NULL, self::LOGIN_FAIL); $_SESSION['user'] = NULL; return self::LOGIN_FAIL;} $con = new \SYSTEM\DB\Connection($dbinfo); if(isset($password_md5)){ if(\SYSTEM\system::isSystemDbInfoPG()){ $result = $con->prepare('loginAccountStmt', 'SELECT * FROM '.\SYSTEM\DBD\UserTable::NAME_PG. ' WHERE lower('.\SYSTEM\DBD\UserTable::FIELD_USERNAME.') LIKE lower($1)'. ' AND ('.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $2 OR '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_MD5.' = $3 );', array($username, $password_sha, $password_md5) ); } else { $result = $con->prepare('loginAccountStmt', 'SELECT * FROM '.\SYSTEM\DBD\UserTable::NAME_MYS. ' WHERE lower('.\SYSTEM\DBD\UserTable::FIELD_USERNAME.') LIKE lower(?)'. ' AND ('.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = ? OR '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_MD5.' = ? );', array($username, $password_sha, $password_md5) ); } }else{ if(\SYSTEM\system::isSystemDbInfoPG()){ $result = $con->prepare('loginAccountStmtSHA', 'SELECT * FROM '.\SYSTEM\DBD\UserTable::NAME_PG. ' WHERE lower('.\SYSTEM\DBD\UserTable::FIELD_USERNAME.') LIKE lower($1)'. ' AND '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $2;', array($username, $password_sha) ); } else { $result = $con->prepare('loginAccountStmtSHA', 'SELECT * FROM '.\SYSTEM\DBD\UserTable::NAME_MYS. ' WHERE lower('.\SYSTEM\DBD\UserTable::FIELD_USERNAME.') LIKE lower(?)'. ' AND '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = ?;', array($username, $password_sha) ); } } //Database check if(!$result){ new \SYSTEM\LOG\WARNING("Login Failed, Db result was not valid"); $_SESSION['user'] = NULL; return self::LOGIN_FAIL;} $row = $result->next(); if(!$row){ new \SYSTEM\LOG\WARNING("Login Failed, User was not found in db"); $_SESSION['user'] = NULL; return self::LOGIN_FAIL;} // set password_sha if it is empty if(!$row[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA]){ $res = $con->prepare( 'updatePasswordSHAStmt', 'UPDATE '.\SYSTEM\DBD\UserTable::NAME.' SET '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $1 WHERE '.\SYSTEM\DBD\UserTable::FIELD_ID.' = $2'.' RETURNING '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.';', array($password_sha,$row[\SYSTEM\DBD\UserTable::FIELD_ID])); $res = $res->next(); $row[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA] = $res[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA]; } // set session variables $_SESSION['user'] = new User( $row[\SYSTEM\DBD\UserTable::FIELD_ID], $row[\SYSTEM\DBD\UserTable::FIELD_USERNAME], $row[\SYSTEM\DBD\UserTable::FIELD_EMAIL], $row[\SYSTEM\DBD\UserTable::FIELD_JOINDATE], time(), getenv('REMOTE_ADDR'), 0, NULL, $row[\SYSTEM\DBD\UserTable::FIELD_LOCALE]); if(isset($locale)){ \SYSTEM\locale::set($locale);} // track succesful user login self::trackLogins($dbinfo, $row[\SYSTEM\DBD\UserTable::FIELD_ID]); return ($advancedResult ? $row : self::LOGIN_OK); } private static function trackLogins(\SYSTEM\DB\DBInfo $dbinfo, $userID){ $con = new \SYSTEM\DB\Connection($dbinfo); if(\SYSTEM\system::isSystemDbInfoPG()){ $con->prepare( 'trackLoginAccountStmt', 'UPDATE '.\SYSTEM\DBD\UserTable::NAME_PG.' SET '.\SYSTEM\DBD\UserTable::FIELD_LAST_ACTIVE.'= to_timestamp($1) '. 'WHERE '.\SYSTEM\DBD\UserTable::FIELD_ID.' = $2;', array(microtime(true), $userID)); } else { $con->prepare( 'trackLoginAccountStmt', 'UPDATE '.\SYSTEM\DBD\UserTable::NAME_MYS.' SET '.\SYSTEM\DBD\UserTable::FIELD_LAST_ACTIVE.'= ? '. 'WHERE '.\SYSTEM\DBD\UserTable::FIELD_ID.' = ?;', array(microtime(true), $userID)); } } public static function getUser(){ if(!self::isLoggedIn()){ return NULL;} return $_SESSION['user'];} /** * Determine if username exists * * @param String $username */ public static function available(\SYSTEM\DB\DBInfo $dbinfo, $username){ $con = new \SYSTEM\DB\Connection($dbinfo); if(\SYSTEM\system::isSystemDbInfoPG()){ $res = $con->prepare( 'availableStmt', 'SELECT COUNT(*) as count FROM '.\SYSTEM\DBD\UserTable::NAME_PG. ' WHERE lower('.\SYSTEM\DBD\UserTable::FIELD_USERNAME.') like lower($1) ;', array($username)); } else { $res = $con->prepare( 'availableStmt', 'SELECT COUNT(*) as count FROM '.\SYSTEM\DBD\UserTable::NAME_MYS. ' WHERE lower('.\SYSTEM\DBD\UserTable::FIELD_USERNAME.') like lower(?) ;', array($username)); } if(!($res = $res->next())){ throw new \SYSTEM\LOG\ERRROR("Cannot determine the availability of username!");} if($res['count'] != 0){ return self::AVAILABLE_FAIL;} return self::AVAILABLE_OK; } //checks for a right for a logged in user public static function check(\SYSTEM\DB\DBInfo $dbinfo, $rightid){ //Not logged in? Go away. //If you think you need rights for your guests ur doing smth wrong ;-) $user = null; if(!($user = self::getUser())){ return false;} $con = new \SYSTEM\DB\Connection($dbinfo); if(\SYSTEM\system::isSystemDbInfoPG()){ $res = $con->prepare( 'security_check', 'SELECT COUNT(*) as count FROM '.\SYSTEM\DBD\UserRightsTable::NAME_PG. ' WHERE "'.\SYSTEM\DBD\UserRightsTable::FIELD_USERID.'" = $1'. ' AND "'.\SYSTEM\DBD\UserRightsTable::FIELD_RIGHTID.'" = $2;', array($user->id, $rightid)); } else { $res = $con->prepare( 'security_check', 'SELECT COUNT(*) as count FROM '.\SYSTEM\DBD\UserRightsTable::NAME_MYS. ' WHERE '.\SYSTEM\DBD\UserRightsTable::FIELD_USERID.' = ?'. ' AND '.\SYSTEM\DBD\UserRightsTable::FIELD_RIGHTID.' = ?;', array($user->id, $rightid)); } if(!($res = $res->next())){ throw new \SYSTEM\LOG\ERROR("Cannot determine if you have the required rights!");} if($res['count'] == 0){ return false;} return true; } //Session public static function logout(){ self::startSession(); session_destroy(); return self::LOGOUT_OK; } public static function save($key,$value){ self::startSession(); $_SESSION['values'][$key] = $value;} public static function load($key){ self::startSession(); if(!isset($_SESSION['values'][$key])){ return NULL;} return $_SESSION['values'][$key]; } public static function isLoggedIn(){ self::startSession(); return (isset($_SESSION['user']) && $_SESSION['user'] instanceof User);} private static function startSession(){ if(!isset($_SESSION)){ session_start();} } //This functions is called from \SYSTEM\locale::set() public static function _db_setLocale($dbinfo, $lang){ $user = self::getUser(); if(!$user){ throw new \SYSTEM\LOG\ERROR("You need to be logged in");} $con = new \SYSTEM\DB\Connection($dbinfo); if(\SYSTEM\system::isSystemDbInfoPG()){ $res = $con->prepare( 'updateUserLocaleStmt', 'UPDATE '.\SYSTEM\DBD\UserTable::NAME_PG.' SET '.\SYSTEM\DBD\UserTable::FIELD_LOCALE.' = $1 '. 'WHERE '.\SYSTEM\DBD\UserTable::FIELD_ID.' = $2'.' RETURNING '.\SYSTEM\DBD\UserTable::FIELD_LOCALE.';', array($lang, $user->id)); }else{ $res = $con->prepare( 'updateUserLocaleStmt', 'UPDATE '.\SYSTEM\DBD\UserTable::NAME_MYS.' SET '.\SYSTEM\DBD\UserTable::FIELD_LOCALE.' = ? '. 'WHERE '.\SYSTEM\DBD\UserTable::FIELD_ID.' = ?;', array($lang, $user->id)); } return true; } }