Location: PHPKode > projects > Huygens Remote Manager > hrm/inc/User.inc
<?php
// This file is part of the Huygens Remote Manager
// Copyright and license notice: see license.txt

require_once "Database.inc";
require_once "Setting.inc";
require_once "hrm_config.inc";
require_once "ActiveDirectory.inc";

global $authenticateAgainst;
global $use_ldaps;

if ( $authenticateAgainst == "LDAP" ) {
  require_once "Ldap.inc";
}

//!---------------------------------------------------------
// @class    Owner
// @desc     Represents an owner of a setting. Superclass of
//           class user.
//!---------------------------------------------------------
Class Owner {
  public $name;          // @public name          String    The owners name might be a job id or a user's login name
  // add user management
  public $email;         // @public email         String    The owners email address
  public $group;         // @public group         String    The owners group
 
  //!---------------------------------------------------------
  // @function    Owner::Owner
  // @desc        Konstruktor. Creates a new owner.
  // @return      void
  //!---------------------------------------------------------
  function Owner() {
    $this->name = '';
    // add user management
    $this->email = '';
    $this->group = '';
  }

  //!---------------------------------------------------------
  // @function    Owner::name
  // @desc        Answer the name of the owner
  // @return      String
  //!---------------------------------------------------------
  function name() {
    return $this->name;
  }

  // add user management
  //!---------------------------------------------------------
  // @function    Owner::email
  // @desc        Answer the email address of the owner
  // @return      String
  //!---------------------------------------------------------
  function email() {
    return $this->email;
  }

  // add user management
  //!---------------------------------------------------------
  // @function    Owner::group
  // @desc        Answer the group of the owner
  // @return      String
  //!---------------------------------------------------------
  function group() {
    return $this->group;
  }

  //!---------------------------------------------------------
  // @function    Owner::setName
  // @desc        Set the name of the owner. Might be the name
  //              of a person or the id of a job.
  // @param       name    String    The name of the owner
  // @return      void
  //!---------------------------------------------------------
  function setName($name) {
    $this->name = $name;
  } 

  // add user management
  //!---------------------------------------------------------
  // @function    Owner::setEmail
  // @desc        Set the email address of the owner
  // @param       email   String    The email address of the owner
  // @return      void
  //!---------------------------------------------------------
  function setEmail($email) {
    $this->email = $email;
  }
  
  // add user management
  //!---------------------------------------------------------
  // @function    Owner::setGroup
  // @desc        Set the group of the owner
  // @param       name    String    The group of the owner
  // @return      void
  //!---------------------------------------------------------
  function setGroup($group) {
    $this->group = $group;
  }

} // end of class Owner

//!---------------------------------------------------------
// @class    User
// @desc     Represents a user. Keeps track of the user's  
//           state (is the user logged in, etc).
//!---------------------------------------------------------
Class User extends Owner{ 
  public $isLoggedIn;   // @public isLoggedIn    Boolean   True if the user is logged in.
  public $lastActivity; // @public lastActivity  Timestamp Time of the last activity of the user
  public $ip;           // @public ip            String    The user's current ip address
  public $authMode;     // @public authMode      String    One of "MYSQL", "LDAP", or "ACTIVE_DIR"
  
  //!---------------------------------------------------------
  // @function    User::User
  // @desc        Konstruktor. Creates a new empty user.
  // @return      void
  //!---------------------------------------------------------
  function User() {
    global $authenticateAgainst;
    $this->isLoggedIn = False;
    $this->lastActivity = time();
    $this->ip = '';
    if ( !(
           ( $authenticateAgainst == "MYSQL"      ) ||
           ( $authenticateAgainst == "LDAP"       ) ||
           ( $authenticateAgainst == "ACTIVE_DIR" ) )) {
      throw new Exception( "Bad value $authenticateAgainst." );
    }
    
    $this->authMode  = $authenticateAgainst;
      
    // Call the parent constructor too.
    parent::__construct();
  } 

  //!---------------------------------------------------------
  // @function    User::isLoggedIn
  // @desc        Answer true if the user is logged in.
  // @return      Boolean
  //!---------------------------------------------------------
  function isLoggedIn() {
    return $this->isLoggedIn;
  } 

  //!---------------------------------------------------------
  // @function    User::encrypt
  // @desc        Answer an encrypted version of string
  // @param       string     String    The string to be encrypted
  // @return      String
  //!---------------------------------------------------------  
  function encrypt($string, $seed) {
    global $useDESEncryption;
    if ($useDESEncryption) {
      $result = crypt($string, $seed);
    } else { 
      $result = md5($string);
    } 
    return $result;
  }
  //!---------------------------------------------------------
  // @function    User::ldap_encrypt
  // @desc        Answer an encrypted version of string
  // @param       string     String    The string to be encrypted; form {type}passwd
  // @return      String
  //!---------------------------------------------------------  
  function parse_ldap_password($dbPassword) {
      preg_match("/^\{(.*)\}(.*)$/", $dbPassword, $dbp);
      return array($dbp[2], $dbp[1]);
  }
  
  function ldap_encrypt($string, $dbPasswordType, $dbPassword) {
      if ($dbPasswordType == "crypt") {
          $result = crypt($string, $dbPassword);
      } else if ($dbPasswordType == "md5") {
          $result = md5($string);
      } else {
          $result = "unknown type '$dbPasswordType'";
      }
      return $result;
  }

  //!---------------------------------------------------------
  // @function    User::logIn
  // @desc        Try to log the user in. 
  //              If log in is successful, name, ip and last 
  //              activity are registered. The result is true in
  //              this case.
  // @param       name     String    The login name of the user
  // @param       password String    The password of the user
  // @param       ip       String    The ip address of the user
  // @return      boolean
  //!---------------------------------------------------------  
  function logIn($name, $password, $ip) { 
    $this->setName($name);
    $this->isLoggedIn = False;
    $result = $this->checkLogin($name, $password);
    if ($result) {
      $this->isLoggedIn = True;
      $this->lastActivity = time();
      $this->name = $name;
      $this->ip = $ip;
    }
    return $result;
  }

  //!---------------------------------------------------------
  // @function    User::logOut
  // @desc        Log the user out. isLoggedIn will be false
  //              afterwards.
  // @return      void
  //!---------------------------------------------------------  
  function logOut() { 
    $this->isLoggedIn = False;
  }

  //!---------------------------------------------------------
  // @function    User::password
  // @desc        Answer the users encrypted password.
  // @param       name     String    The login name of the user
  // @return      String
  //!---------------------------------------------------------  
  function password($name, $password) {

    // If the user is the admin, we check against the MYSQL DB
    if ( $name == $this->getAdminName() ) {
        // db code
        $db = new DatabaseConnection();
        $password = $db->queryLastValue($db->passwordQueryString($name));
        return $password; 
    }

    switch ( $this->authMode ) {

      case "LDAP":
          
        // ldap code
        $my_ldap = new Ldap();
        $my_ldap->connectForReading();
        $user_data = $my_ldap->loadUser($name, $password);
        return $user_data["password"];
        break;

    case "ACTIVE_DIR":
      
      // This function must not be called for ACTIVE_DIR.
      echo "User::password() cannot be called for ACTIVE_DIR!\n";
      exit( 1 );
    
    case "MYSQL":
      
          // db code
          $db = new DatabaseConnection();
          $password = $db->queryLastValue($db->passwordQueryString($name));
          return $password; 
    
      break;
    
    default:

      throw new Exception("Bad value for $authMode in User::password().");

    }
    
  }

  //!---------------------------------------------------------
  // @function    User::isStatusAccepted
  // @desc        Answer true if the subscription of the user 
  //              has been accepted by the administrtator.
  // @param       name     String    The login name of the user 
  // @return      Boolean
  //!---------------------------------------------------------
  function isStatusAccepted() {
  	$result = false;
  	$db = new DatabaseConnection();
  	$status = $db->getUserStatus($this->name());
  	$result = ($status==$this->getAcceptedStatus());
  	return $result;
  }
  
  //!---------------------------------------------------------
  // @function    User::isLoginRestrictedToAdmin
  // @desc        Answer true if the login has been restricted to the
  //              the administrtator.
  // @return      Boolean
  //!---------------------------------------------------------
  function isLoginRestrictedToAdmin() {
  	$result = !( Versions::isDBUpToDate( ) );
  	return $result;
  }
 
  //!---------------------------------------------------------
  // @function    User::isSuspended
  // @desc        Answer true if the user's account has been
  //              suspended by the administrtator.
  // @param       name     String    The login name of the user 
  // @return      Boolean
  //!---------------------------------------------------------
  function isSuspended() {
  	$result = false;
  	$db = new DatabaseConnection();
  	$status = $db->getUserStatus($this->name());
  	$result = ($status==$this->getSuspendedStatus());
  	return $result;
  }
  
  //!---------------------------------------------------------
  // @function    User::exists
  // @desc        Answer true if the user's account exists.
  // @param       name     String    The login name of the user 
  // @return      Boolean
  //!---------------------------------------------------------
  function exists() {
  	$result = false;
  	$db = new DatabaseConnection();
  	return $db->checkUser($this->name());
  }
  
  //!---------------------------------------------------------
  // @function    User::checkLogin
  // @desc        Answer true if the login is granted.
  // @param       name     String    The login name of the user
  // @param       password String    The password of the user 
  // @return      Boolean
  //!---------------------------------------------------------    
  function checkLogin($name, $password) {
    $result = false;
    
    // If the db is outdated and the user is not the admin, we do not allow
    // the login
    if ( ($this->isLoginRestrictedToAdmin() == true) && (strcmp($name, 'admin') != 0)  )
      return $result;

    // If the user is the admin, we check the MYSQL DB
    if ( $name == $this->getAdminName() ) {
      $result = $this->checkLoginAgainstHRMDatabase($name, $password);
      return $result;
    }
    
    // Check other login names against the chosen authentication mechanism
    switch ( $this->authMode ) {

      case "LDAP":
 
        $result = $this->checkLoginAgainstLDAP($name, $password);
        break;
      
      case "ACTIVE_DIR":
        
        $result = $this->checkLoginAgainstACTIVEDIR($name, $password);
        break;
        
      case "MYSQL":

        $result = $this->checkLoginAgainstHRMDatabase($name, $password);
        break;

      default:
      
        throw new Exception("Bad value for $authMode in User::checkLogin().");
    }
    
    return $result;
  }

  //!---------------------------------------------------------
  // @function    User::checkLoginAgainstHRMDatabase
  // @desc        Answer true if the login is granted.
  // @param       name     String    The login name of the user
  // @param       password String    The password of the user 
  // @return      Boolean
  //!---------------------------------------------------------    
  function checkLoginAgainstHRMDatabase($name, $password) {
  	// add user management
    if (!$this->isStatusAccepted()) return false;
    $dbPassword = $this->password($name, $password);
    if (!$dbPassword) return false;
    $result = ($dbPassword == ($this->encrypt($password, substr($dbPassword, 0, 2))));
    return $result;
  }
  	
  //!---------------------------------------------------------
  // @function    User::checkLoginAgainstLDAP
  // @desc        Answer true if the login is granted.
  // @param       name     String    The login name of the user
  // @param       password String    The password of the user 
  // @return      Boolean
  //!---------------------------------------------------------    
  function checkLoginAgainstLDAP($name, $password) {
		$ldap = new Ldap();
		$result = $ldap->authenticate(strtolower($name), $password);
		return $result;
  }

  //!---------------------------------------------------------
  // @function    User::checkLoginAgainstACTIVEDIR
  // @desc        Answer true if the login is granted.
  // @param       name     String    The login name of the user
  // @param       password String    The password of the user 
  // @return      Boolean
  //!---------------------------------------------------------    
  function checkLoginAgainstACTIVEDIR($name, $password) {
    $activeDir = new ActiveDirectory( );
    $result = $activeDir->authenticate( strtolower($name), $password );
	return $result;
  }
  
  //!---------------------------------------------------------
  // @function    User::emailAddress
  // @desc        Answer the user's email address.
  // @return      String
  //!---------------------------------------------------------    
  function emailAddress() {

	$result = "";
    
    switch ( $this->authMode ) {

      case "LDAP":

        $ldap = new Ldap();
        $result = $ldap->emailAddress($this->name());
        return $result;
        break;

      case "ACTIVE_DIR":

        $activeDir = new ActiveDirectory( );
        $result = $activeDir->emailAddress($this->name());
        return $result;
        break;
        
      case "MYSQL":

        $db = new DatabaseConnection(); 
        $result = $db->emailAddress($this->name);
        break;

      default:

        throw new Exception("Bad value for $authMode in User::emailAddress().");
    }
    
    return $result;
  } 
  
  //!---------------------------------------------------------
  // @function    User::getAcceptedStatus
  // @desc        Answer the status that signifies that the user
  // 			  is accepted in the hrm-database
  // @return      String
  //!---------------------------------------------------------    
  function getAcceptedStatus() {
  	return 'a';
  }
  
  //!---------------------------------------------------------
  // @function    User::getSuspendedStatus
  // @desc        Answer the status that signifies that the
  //              user's account is suspended
  // @return      String
  //!---------------------------------------------------------    
  function getSuspendedStatus() {
  	return 'd';
  }

  //!---------------------------------------------------------
  // @function    User::getAdminName
  // @desc        The name of the system administrator account
  // @return      String
  //!---------------------------------------------------------  
  function getAdminName() {
  	return 'admin';
  }
  
  //!---------------------------------------------------------
  // @function    User::isAdmin
  // @desc        Answer wether the receiver is the system 
  // 			  administrator.
  // @return      String
  //!---------------------------------------------------------  
  function isAdmin() {
  	return $this->name()==$this->getAdminName();
  }
  
  //!---------------------------------------------------------
  // @function    User::load
  // @desc        load email and group of the user
  // @return      
  //!--------------------------------------------------------- 
  function load() {
  	global $email_admin;
    
    switch ( $this->authMode ) {

      case "LDAP":
        
        echo("User::load() not implemented for LDAP.\n");
        exit( 1 );
      
      case "ACTIVE_DIR":
        
        echo("User::load() not implemented for ACTIVE_DIR.\n");
        exit( 1 );
      
      case "MYSQL":
        
        if ($this->isAdmin()) {
          $db = new DatabaseConnection();
          $this->setEmail($email_admin);
          $db->updateMail($this->name(), $email_admin);
        } else {
          $this->setEmail($this->emailAddress());
        }
        // get user group
        $this->setGroup($this->group());
        break;
      }
  }
  
  //!---------------------------------------------------------
  // @function    User::group
  // @desc        Answer the group name from the database or
  //			  the default group name if ldap is used.
  // @return      String
  //!--------------------------------------------------------- 
  function userGroup() {
    switch ( $this->authMode ) {

      case "LDAP":

        $ldap = new Ldap();
        $result = $ldap->getGroup($this->name());
        return $result;
        break;

      case "ACTIVE_DIR":

        $activeDir = new ActiveDirectory( );
        $result = $activeDir->getGroup( $this->name() );
        return $result;
        break;
      
      case "MYSQL":

  		$db = new DatabaseConnection();
  		$result = $db->getGroup($this->name());
        break;

      default:

        throw new Exception("Bad value for $authMode in User::userGroup().");
    }

    return $result; 
  }
  
  //!---------------------------------------------------------
  // @function    User::updateLastAccessDate
  // @desc        update the last accesss date in the database
  // @return      
  //!--------------------------------------------------------- 
  function updateLastAccessDate() {
  	// TODO: user will not exist in db when ldap is used
  	$db = new DatabaseConnection();
  	$db->updateLastAccessDate($this->name());
  }

} 



?>
Return current item: Huygens Remote Manager