summaryrefslogtreecommitdiff
path: root/modules/user/helpers
diff options
context:
space:
mode:
Diffstat (limited to 'modules/user/helpers')
-rw-r--r--modules/user/helpers/group.php82
-rw-r--r--modules/user/helpers/user.php176
-rw-r--r--modules/user/helpers/user_event.php30
-rw-r--r--modules/user/helpers/user_installer.php142
-rw-r--r--modules/user/helpers/user_theme.php30
5 files changed, 460 insertions, 0 deletions
diff --git a/modules/user/helpers/group.php b/modules/user/helpers/group.php
new file mode 100644
index 0000000..59c9859
--- /dev/null
+++ b/modules/user/helpers/group.php
@@ -0,0 +1,82 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2013 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+/**
+ * This is the API for handling groups.
+ *
+ * Note: by design, this class does not do any permission checking.
+ */
+class group_Core {
+ /**
+ * The group of all possible visitors. This includes the guest user.
+ *
+ * @return Group_Definition the group object
+ */
+ static function everybody() {
+ return model_cache::get("group", 1);
+ }
+
+ /**
+ * The group of all logged-in visitors. This does not include guest users.
+ *
+ * @return Group_Definition the group object
+ */
+ static function registered_users() {
+ return model_cache::get("group", 2);
+ }
+
+ /**
+ * Look up a group by id.
+ * @param integer $id the user id
+ * @return Group_Definition the group object, or null if the id was invalid.
+ */
+ static function lookup($id) {
+ return self::_lookup_by_field("id", $id);
+ }
+
+ /**
+ * Look up a group by name.
+ * @param integer $id the group name
+ * @return Group_Definition the group object, or null if the name was invalid.
+ */
+ static function lookup_by_name($name) {
+ return self::_lookup_by_field("name", $name);
+ }
+
+ /**
+ * Search the groups by the field and value.
+ * @param string $field_name column to look up the user by
+ * @param string $value value to match
+ * @return Group_Definition the group object, or null if the name was invalid.
+ */
+ private static function _lookup_by_field($field_name, $value) {
+ try {
+ $group = model_cache::get("group", $value, $field_name);
+ if ($group->loaded()) {
+ return $group;
+ }
+ } catch (Exception $e) {
+ if (strpos($e->getMessage(), "MISSING_MODEL") === false) {
+ throw $e;
+ }
+ }
+ return null;
+ }
+}
diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php
new file mode 100644
index 0000000..f59cf76
--- /dev/null
+++ b/modules/user/helpers/user.php
@@ -0,0 +1,176 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2013 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+/**
+ * This is the API for handling users.
+ *
+ * Note: by design, this class does not do any permission checking.
+ */
+class user_Core {
+ /**
+ * Return the guest user.
+ *
+ * @todo consider caching
+ *
+ * @return User_Model
+ */
+ static function guest() {
+ return model_cache::get("user", 1);
+ }
+
+ /**
+ * Return an admin user. Prefer the currently logged in user, if possible.
+ *
+ * @return User_Model
+ */
+ static function admin_user() {
+ $active = identity::active_user();
+ if ($active->admin) {
+ return $active;
+ }
+
+ return ORM::factory("user")->where("admin", "=", 1)->order_by("id", "ASC")->find();
+ }
+
+ /**
+ * Is the password provided correct?
+ *
+ * @param user User Model
+ * @param string $password a plaintext password
+ * @return boolean true if the password is correct
+ */
+ static function is_correct_password($user, $password) {
+ $valid = $user->password;
+
+ // Try phpass first, since that's what we generate.
+ if (strlen($valid) == 34) {
+ require_once(MODPATH . "user/lib/PasswordHash.php");
+ $hashGenerator = new PasswordHash(10, true);
+ return $hashGenerator->CheckPassword($password, $valid);
+ }
+
+ $salt = substr($valid, 0, 4);
+ // Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes:
+ $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password));
+ if (!strcmp($guess, $valid)) {
+ return true;
+ }
+
+ // Passwords with <&"> created by G2 prior to 2.1 were hashed with entities
+ $sanitizedPassword = html::chars($password, false);
+ $guess = (strlen($valid) == 32) ? md5($sanitizedPassword)
+ : ($salt . md5($salt . $sanitizedPassword));
+ if (!strcmp($guess, $valid)) {
+ return true;
+ }
+
+ return false;
+ }
+
+ static function valid_password($password_input) {
+ if (!user::is_correct_password(identity::active_user(), $password_input->value)) {
+ $password_input->add_error("invalid_password", 1);
+ }
+ }
+
+ static function valid_username($text_input) {
+ if (!self::lookup_by_name($text_input->value)) {
+ $text_input->add_error("invalid_username", 1);
+ }
+ }
+
+ /**
+ * Create the hashed passwords.
+ * @param string $password a plaintext password
+ * @return string hashed password
+ */
+ static function hash_password($password) {
+ require_once(MODPATH . "user/lib/PasswordHash.php");
+ $hashGenerator = new PasswordHash(10, true);
+ return $hashGenerator->HashPassword($password);
+ }
+
+ /**
+ * Look up a user by id.
+ * @param integer $id the user id
+ * @return User_Model the user object, or null if the id was invalid.
+ */
+ static function lookup($id) {
+ return self::_lookup_user_by_field("id", $id);
+ }
+
+ /**
+ * Look up a user by name.
+ * @param integer $name the user name
+ * @return User_Model the user object, or null if the name was invalid.
+ */
+ static function lookup_by_name($name) {
+ return self::_lookup_user_by_field("name", $name);
+ }
+
+ /**
+ * Look up a user by hash.
+ * @param integer $hash the user hash value
+ * @return User_Model the user object, or null if the name was invalid.
+ */
+ static function lookup_by_hash($hash) {
+ return self::_lookup_user_by_field("hash", $hash);
+ }
+
+ /**
+ * List the users
+ * @param mixed filters (@see Database.php
+ * @return array the user list.
+ */
+ static function get_user_list($filter=array()) {
+ $user = ORM::factory("user");
+
+ foreach($filter as $method => $args) {
+ switch ($method) {
+ case "in":
+ $user->in($args[0], $args[1]);
+ break;
+ default:
+ $user->$method($args);
+ }
+ }
+ return $user->find_all();
+ }
+
+ /**
+ * Look up a user by field value.
+ * @param string search field
+ * @param string search value
+ * @return User_Core the user object, or null if the name was invalid.
+ */
+ private static function _lookup_user_by_field($field_name, $value) {
+ try {
+ $user = model_cache::get("user", $value, $field_name);
+ if ($user->loaded()) {
+ return $user;
+ }
+ } catch (Exception $e) {
+ if (strpos($e->getMessage(), "MISSING_MODEL") === false) {
+ throw $e;
+ }
+ }
+ return null;
+ }
+} \ No newline at end of file
diff --git a/modules/user/helpers/user_event.php b/modules/user/helpers/user_event.php
new file mode 100644
index 0000000..40f6dde
--- /dev/null
+++ b/modules/user/helpers/user_event.php
@@ -0,0 +1,30 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2013 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+class user_event_Core {
+ static function admin_menu($menu, $theme) {
+ $menu->add_after("appearance_menu", Menu::factory("link")
+ ->id("users_groups")
+ ->label(t("Users/Groups"))
+ ->url(url::site("admin/users")));
+
+ return $menu;
+ }
+}
diff --git a/modules/user/helpers/user_installer.php b/modules/user/helpers/user_installer.php
new file mode 100644
index 0000000..67f6a3d
--- /dev/null
+++ b/modules/user/helpers/user_installer.php
@@ -0,0 +1,142 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2013 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+class user_installer {
+ static function can_activate() {
+ return array("warn" => array(IdentityProvider::confirmation_message()));
+ }
+
+ static function activate() {
+ IdentityProvider::change_provider("user");
+ // Set the latest version in initialize() below
+ }
+
+ static function upgrade($version) {
+ if ($version == 1) {
+ module::set_var("user", "mininum_password_length", 5);
+ module::set_version("user", $version = 2);
+ }
+
+ if ($version == 2) {
+ db::build()
+ ->update("users")
+ ->set("email", "unknown@unknown.com")
+ ->where("guest", "=", 0)
+ ->and_open()
+ ->where("email", "IS", null)
+ ->or_where("email", "=", "")
+ ->close()
+ ->execute();
+ module::set_version("user", $version = 3);
+ }
+
+ if ($version == 3) {
+ $password_length = module::get_var("user", "mininum_password_length", 5);
+ module::set_var("user", "minimum_password_length", $password_length);
+ module::clear_var("user", "mininum_password_length");
+ module::set_version("user", $version = 4);
+ }
+ }
+
+ static function uninstall() {
+ // Delete all users and groups so that we give other modules an opportunity to clean up
+ foreach (ORM::factory("user")->find_all() as $user) {
+ $user->delete();
+ }
+
+ foreach (ORM::factory("group")->find_all() as $group) {
+ $group->delete();
+ }
+
+ $db = Database::instance();
+ $db->query("DROP TABLE IF EXISTS {users};");
+ $db->query("DROP TABLE IF EXISTS {groups};");
+ $db->query("DROP TABLE IF EXISTS {groups_users};");
+ }
+
+ static function initialize() {
+ $db = Database::instance();
+ $db->query("CREATE TABLE IF NOT EXISTS {users} (
+ `id` int(9) NOT NULL auto_increment,
+ `name` varchar(32) NOT NULL,
+ `full_name` varchar(255) NOT NULL,
+ `password` varchar(64) NOT NULL,
+ `login_count` int(10) unsigned NOT NULL DEFAULT 0,
+ `last_login` int(10) unsigned NOT NULL DEFAULT 0,
+ `email` varchar(64) default NULL,
+ `admin` BOOLEAN default 0,
+ `guest` BOOLEAN default 0,
+ `hash` char(32) default NULL,
+ `url` varchar(255) default NULL,
+ `locale` char(10) default NULL,
+ PRIMARY KEY (`id`),
+ UNIQUE KEY(`hash`),
+ UNIQUE KEY(`name`))
+ DEFAULT CHARSET=utf8;");
+
+ $db->query("CREATE TABLE IF NOT EXISTS {groups} (
+ `id` int(9) NOT NULL auto_increment,
+ `name` char(64) default NULL,
+ `special` BOOLEAN default 0,
+ PRIMARY KEY (`id`),
+ UNIQUE KEY(`name`))
+ DEFAULT CHARSET=utf8;");
+
+ $db->query("CREATE TABLE IF NOT EXISTS {groups_users} (
+ `group_id` int(9) NOT NULL,
+ `user_id` int(9) NOT NULL,
+ PRIMARY KEY (`group_id`, `user_id`),
+ UNIQUE KEY(`user_id`, `group_id`))
+ DEFAULT CHARSET=utf8;");
+
+ $everybody = ORM::factory("group");
+ $everybody->name = "Everybody";
+ $everybody->special = true;
+ $everybody->save();
+
+ $registered = ORM::factory("group");
+ $registered->name = "Registered Users";
+ $registered->special = true;
+ $registered->save();
+
+ $guest = ORM::factory("user");
+ $guest->name = "guest";
+ $guest->full_name = "Guest User";
+ $guest->password = "";
+ $guest->guest = true;
+ $guest->save();
+
+ $admin = ORM::factory("user");
+ $admin->name = "admin";
+ $admin->full_name = "Gallery Administrator";
+ $admin->password = "admin";
+ $admin->email = "unknown@unknown.com";
+ $admin->admin = true;
+ $admin->save();
+
+ $root = ORM::factory("item", 1);
+ access::allow($everybody, "view", $root);
+ access::allow($everybody, "view_full", $root);
+
+ access::allow($registered, "view", $root);
+ access::allow($registered, "view_full", $root);
+
+ module::set_var("user", "minimum_password_length", 5);
+ }
+} \ No newline at end of file
diff --git a/modules/user/helpers/user_theme.php b/modules/user/helpers/user_theme.php
new file mode 100644
index 0000000..c608cdf
--- /dev/null
+++ b/modules/user/helpers/user_theme.php
@@ -0,0 +1,30 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2013 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+class user_theme_Core {
+ static function head($theme) {
+ return $theme->css("user.css")
+ . $theme->script("password_strength.js");
+ }
+
+ static function admin_head($theme) {
+ return $theme->css("user.css")
+ . $theme->script("password_strength.js");
+ }
+} \ No newline at end of file
generated by cgit v1.0-28-g1787 at 2026-01-09 07:44:34 +0000