Location: PHPKode > projects > O - OpenSource GroupWare > osgw/osgw/classes/class.security.php
<?php
/**************************************************************************
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.

   @Authors:	Ryan Thompson(hide@address.com)
***************************************************************************/
/*$Id: class.security.php,v 1.2 2003/12/08 05:30:18 rthomp Exp $*/
class security
{
	var $ssl = FALSE;	//Use HTTPS ???
	var $protocol = 'http://';
	
	/*!
		@function get_protocol()
		@author Ryan Thompson
		@abstract Returns the protocol to use in generating URLs for links
		@version 0.1
		@return $this->protocol - The protocol to use in generating links
		@since 11-10-2003
	*/
	function protocol()
	{
		
		if($this->ssl)
		{
			return $this->protocol = 'https://';
		} else {
			return $this->protocol = 'http://';
		}
	}
	
	/*!
		@function get_accessible_services()
		@author Ryan Thompson
		@abstract Returns a list of services accessible by user
		@version 0.1
		@params $user_id
		@return $services
		@since 05-12-2003
	*/
	function get_accessible_services($user_id)
	{
		GLOBAL $db;
		
		$sql = "SELECT o_services.* FROM o_services LEFT JOIN o_user_rights
			ON o_services.code=o_user_rights.service WHERE o_user_rights.user_id='$user_id' 
			AND o_user_rights.rights > '0' ORDER BY sort_order";
		$db->query($sql);
		while($db->fetch_results())
		{
			$services[] = $db->record;	
		}
		
		return $services;
	}
	
	/*!
		@function random_string()
		@author Ryan Thompson
		@abstract Generates a random string of given length $len (Generally used to generate passwords)
		@version 0.1
		@params $len - Length of string to generate
		@return $str - The generated string
	*/
	function random_string($len = 8)
	{
		
		$chars = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v',
			'w','x','y','z','A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U',
			'V','W','X','Y','Z','1','2','3','4','5','6','7','8','9','0');
			
		$str = NULL;
		for($i = 0; $i < $len; $i++)
		{
			$seed = rand(0, count($chars));
			$str .= $chars[$seed];
		}
		
		
		return $str;
			
					
	}
	
	/*!
		@function encrypt_password()
		@author Ryan Thompson
		@abstract Generates a 32-bit MD5 x2 hash from $password
		@version 0.1
		@params $password - Plain text password to encrypt
		@return $password - Hashed password
		@since 11-10-2003
	*/
	function encrypt_password($password)
	{
		return md5(md5($password));
	}

	/*!
		@function account_enabled()
		@author Ryan Thompson
		@abstract Determines whether given user account is enabled or disabled
		@version 0.1
		@params $user_id - User ID of account to be checked
		@return TRUE/FALSE
	*/
	function account_enabled($user_id)
	{
		GLOBAL $error, $db;

		$sql = "SELECT disabled FROM o_user_security WHERE user_id='". $user_id ."'";
		$db->query($sql);
		$db->fetch_results();
		
		if(!is_null($db->record['disabled']))
		{
			$error->get_message(1002);
			return FALSE;
		} else {
			//Not disabled

			return TRUE;
		}
	}
	
	/*!
		@function check_password()
		@author Ryan Thompson
		@abstract Checks given password against password in Database
		@version 0.1
		@params $date - Array containing username and password
		@return $user_id - User ID of match account.
		@since 25-03-2003
	*/
	function check_password($username, $password)
	{
		GLOBAL $error, $db;
		
		$db->query("SELECT user_id FROM o_users WHERE username='$username' AND password='$password'");
		if($db->num_rows == 0)
		{
			$error->get_message(1000);
			return FALSE;
		} else {
			$db->fetch_results();
			return $db->record['user_id'];
		}
	}

	/*!
		@function unique_id()
		@author Ryan Thompson
		@abstract Generates a unique session id
		@version 0.1
		@return $unique_id - Random 32-bit string
		@since 11-10-2003
	*/
	function unique_id()
	{
		return md5(uniqid(rand(),1));
	}

	/*!
		@function update_password()
		@author Ryan Thompson
		@abstract Updates user password
		@version 0.1
		@params $passwords - array containing old password and new password
		@return TRUE/FALSE
	*/
	function update_password($passwords)
	{
		GLOBAL $db, $user;
		$old_password = $this->encrypt_password($passwords['old_password']);

		$sql = "SELECT username, password FROM o_users WHERE user_id='". $user->user_id ."' AND password='$old_password'";
		$db->query($sql);

		if($db->num_rows == 0)
		{
			echo "Wrong Password";
			return FALSE;
		}
		$db->fetch_results();
		
		if(!$this->password_length($passwords['new_password']))
		{
			echo "Too short";
			return FALSE;
		}

		$new_password = $this->encrypt_password($passwords['new_password']);
		$sql = "UPDATE o_users SET password='$new_password' WHERE user_id='". $user->user_id ."'";

		$db->query($sql);
		return TRUE;
	}
	
	/*!
		@function password_length()
		@author Ryan Thompson
		@abstract Verifies that password meets minimum length requirements (Default 8 set in DB)
		@version 0.1
		@params $password - Password to verify
		@return TRUE/FALSE
		@since 11-10-2003
	*/
	function password_length($password)
	{
		GLOBAL $db;
		$sql = "SELECT value FROM o_settings WHERE setting_id='1'";
		$db->query($sql);
		$db->fetch_results();
		
		if(strlen($password) < $db->record['value'])
		{
			return FALSE;
		} else {
			return TRUE;
		}

	}
	
	/*!
		@function compare()
		@author Ryan Thompson
		@abstract Compares old_password with new_password (Don't remember purpose)
		@version 0.1
		@params $new_password
		@params $old_password
	*/
	function compare($new_password, $old_password)
	{
		if($new_password != $old_password)
		{
			return FALSE;
		} else {
			return TRUE;
		}
	}
	
	/*!
		@function account_expired()
		@author Ryan Thompson
		@abstract Determines if account is expired
		@version 0.1
		@params $user_id - User ID of account to check
	*/
	function account_expired($user_id)
	{
		GLOBAL $db, $error;
		$sql = "SELECT password_change, password_expire, expire_type FROM o_user_security WHERE user_id='$user_id'";
		$db->query($sql);
		$db->fetch_results();
		if($db->record['expire_type'] == 'days')
		{
			//changed
			$seconds_from = $db->record['password_expire'] * 86400;
			$date_of_expiry = $db->record['password_change'] + $seconds_from;
			if($date_of_expiry < time())
			{
				//Need account expiry error
				$error->get_message(1001);
				return TRUE;
			}
		} else {
			if(time() > $db->record['password_expire'])
			{
				//Need account expiry error
				$error->get_message(1001);
				return TRUE;
			}

		}
		return FALSE;

	}
	
	/*!
		@function system_locked()
		@author Ryan Thompson
		@abstract Looks to see if System is in lockdown state
		@version 0.1
		@return TRUE/FALSE
		@since 25-03-2003
	*/
	function system_locked()
	{
		GLOBAL $error, $db;
		$db->query("SELECT value FROM o_settings WHERE setting_id='10'");
		$db->fetch_results();
		if($db->record['value'] == 'FALSE')
		{
			return FALSE;
		} else {
			$error->get_message(1004);
			return TRUE;
		}
		
	}
	
	/*!
		@function global_page()
		@author Ryan Thompson
		@abstract Looks to see if the current script can be accessed without a general session
		@version 0.3
		@return TRUE/FALSE
		@Deprecated -- Replaced by $service['no_session'] variable
	*/
	function global_page()
	{
		$script = $_SERVER['SCRIPT_NAME'];
		if(strstr($script, '/login.php') || strstr($script,'/forgot.php') || strstr($script, 'cron_job.php') || strstr($script, '/config/'))
		{
			return TRUE;
		} else {
			return FALSE;
		}
	}
	
	/*!
		@function enable_access()
		@author Ryan Thompson
		@abstract Adds user permission to access a service
		@version 0.1
		@params $user_id - User to be added
		@params $service - Service to give access to
		@params $access_level - Permission level 0 - 3
		@params $username - Optional - Used in case required by specific service and user info added (ie File Manager)
		@since 11-10-2003
	*/	
	function enable_access($user_id, $service, $access_level, $username = NULL)
	{
			GLOBAL $db;


			$sql = "INSERT INTO o_user_rights (user_id, service, rights) VALUES ('$user_id','$service','$access_level')";
			$db->query($sql);
			$this->add_to_service($service, $user_id, $username);
		
	}

	
	/*!
		@function update_access()
		@author Ryan Thompson
		@abstract Updates user access rights to service
		@version 0.1
		@params $user_id - User ID of user to update
		@params $service - Service to update access to
		@params $rights - New access rights
		@since 11-10-2003
	*/
	function update_access($user_id, $service, $rights)
	{
		GLOBAL $db;
		//First check to see if it exists (used to handle plugins)
		$sql = "SELECT rights FROM o_user_rights WHERE user_id='$user_id' AND service='$service'";
		$db->query($sql);
		if($db->num_rows == 0)
		{
			$this->enable_access($user_id, $service, $rights);	   
		} else {
		
			$sql = "UPDATE o_user_rights SET rights='$rights' WHERE user_id='$user_id' AND service='$service'";
			$db->query($sql);
		}
		return;
	}
	
	/*!
		@function write_file()
		@author Ryan Thompson
		@abstract Removes all access to all services for a user. (Usually for account dropping)
		@version 0.2
		@params $user_id - User ID to drop access to.
		@params $service - I don't think is needed
		@since 11-10-2003
	*/
	function remove_all_access($user_id, $service = NULL)
	{
		GLOBAL $db;
		$sql = "DELETE FROM o_user_rights WHERE user_id='". $user_id ."'";
		$db->query($sql);
		
		return;
	}

	/*!
		@function add_to_service()
		@author Ryan Thompson
		@abstract Runs service specific ADD USER script
		@version 0.2
		@params $service - Service User being added to
		@params $user_id - User ID of user being added to service
		@params $username - Optional - In case required for service specific scripts.
		@since 11-10-2003
	*/
	function add_to_service($service, $user_id, $username = NULL)
	{
		GLOBAL $O, $db;
		$sql = "SELECT location FROM o_services WHERE code='$service'";
		$db->query($sql);
		$db->fetch_results();
		$location = $db->record['location'];
		
		//Protect from crashes in case service doesn't require (hasn't added the file)
		$add_script = "{$O->dir}/$location/config/add_user.php";
		if(file_exists($add_script))
		{
			include($add_script);
		}
	}
	
	/*!
		@function add_to_service()
		@author Ryan Thompson
		@abstract Runs service specific ADD USER script
		@version 0.2
		@params $service - Service User being dropped from
		@params $username - Optional - In case required for service specific scripts.
		@params $user_id - User ID of user being dropped from service
		@since 11-10-2003
	*/
	function delete_from_service($service, $username, $user_id)
	{
		GLOBAL $O;
		$drop_script = "{$O->dir}/$service/config/drop_user.php";
		if(file_exists($drop_script))
		{
			include($drop_script);
		}
	}
	
	/*!
		@function get_access_level()
		@author Ryan Thompson
		@abstract Returns access level of script for a user
		@version 0.2
		@params $user_id
		@params $service
		@return $access_level
		@since 11-10-2003
	*/
	function get_access_level($user_id, $service)
	{
		
		GLOBAL $db;
		if(empty($service))
		{
			$service='ad';
		}
		
	
		$sql = "SELECT rights FROM o_user_rights WHERE user_id='$user_id' AND service='$service'";
		$db->query($sql);
		$db->fetch_results();
		return $db->record['rights'];
	}
}
Return current item: O - OpenSource GroupWare