Location: PHPKode > projects > phpMyVisites > phpmv2/core/include/User.class.php
<?php
/* 
 * phpMyVisites : website statistics and audience measurements
 * Copyright (C) 2002 - 2006
 * http://www.phpmyvisites.net/ 
 * phpMyVisites is free software (license GNU/GPL)
 * Authors : phpMyVisites team
*/

// $Id: User.class.php 231 2007-07-04 09:39:22Z matthieu_ $

require_once INCLUDE_PATH . "/core/include/Cookie.class.php";

define ('PMV_ANONYMOUS_LOGIN', 'anonymous'); 

class User
{	
	var $cookie;
	var $viewPermission;
	var $adminPermission;
	var $suPermission;
	var $login;
	var $password;
	
	var $infoUser;
	
	function User( )
	{
		$this->alias = 'Anonymous';
		$this->login = PMV_ANONYMOUS_LOGIN;

		$this->cookie = new Cookie( COOKIE_NAME_SESSION );
		$this->cookie->setExpire( 3600 );
		$this->viewPermission = array();
		$this->adminPermission = array();
		$this->suPermission = false;
		$this->rssHash = false;
		$this->rssHashUrl = false;
	}
	
	/**
     * Singleton
     */
    function &getInstance()
    {
        static $instance;
        if (!isset($instance)){
            $c = __CLASS__;
            $instance = new $c();
        }
		return $instance;
        
    }
	
	function getInfo( $login )
	{
		$r = query("SELECT *
						FROM ".T_USERS."
						WHERE login = '".$login."'");
		return mysql_fetch_assoc($r);			
	}
	
	function getAlias()
	{
		return $this->alias;
	}
	
	function getLogin()
	{
		return $this->login;
	}
	
	function isCorrect( $login, $password)
	{
		$db =& Db::getInstance();
		$toReturn = false;
		$conf =& PmvConfig::getInstance();
		$suLogin = $conf->content['su_login'];
		$suPassword = $conf->content['su_password'];
		
		//print($login . " and $password");
		if($login === $suLogin && $password === $suPassword	)
		{
			$this->suPermission = true;
			$toReturn =  true;
		}
		elseif( $login === PMV_ANONYMOUS_LOGIN)
		{
			$toReturn = true;
		}
		elseif( !empty($login) && !empty($password))
		{
			if($db->isReady())
			{
				// select password for the login
				$r = query("SELECT password
							FROM ".T_USERS."
							WHERE login = '".$login."'");
				if(mysql_num_rows( $r ) > 0)
				{
					while( $rr = mysql_fetch_array($r) )
					{
						if($rr['password'] === $password)
						{
							$toReturn = true;
							break;
						}
					}
				}
			}
		}
		
		if($toReturn)
		{
			$this->setLoginAndPassword($login, $password );
		}
		return $toReturn;
	}
	
	function setLoginAndPassword($login, $password)
	{
		$this->login = $login;
		$this->password = $password;
		$this->cookie->setVar('login',$login);
		$this->cookie->setVar('password',$password);
		$this->cookie->save();		
	}
	
	function getRssHash()
	{
		if($this->suPermission)
		{
			return md5( SU_LOGIN . SU_PASSWORD );
		}
		else
		{
			return $this->rssHash;
		}
	}
	
	function loadPermissions()
	{
		if(!$this->suPermission)
		{
			if($this->rssHashUrl)
			{
				if($this->rssHashUrl == md5( SU_LOGIN . SU_PASSWORD ))
				{
					$this->suPermission = true;
					return;
				}
				
				$fieldName = 'rss_hash';
				$fieldValue = $this->rssHashUrl;
				
			}
			else
			{
				$fieldName = 'login';
				$fieldValue = $this->login;
			}
			$db =& Db::getInstance();
			if( $db->isReady()
					&& $db->areAllTablesInstalled())
			{
				// load viewPersmissions and adminPermissions for each site
				$r = query("SELECT *
							FROM (".T_USERS." as u LEFT JOIN
										".T_USERS_LINK_GROUPS." USING (login))
											LEFT JOIN
												".T_GROUPS." USING ( idgroups )
							WHERE u.$fieldName = '".$fieldValue."'
										");
				while( $rr = mysql_fetch_assoc($r))
				{
					if($rr['view'] == '1')
						$this->viewPermission[$rr['idsite']] = true;
					
					if($rr['admin'] == '1')
						$this->adminPermission[$rr['idsite']] = true;
				}
				
				$r = query("SELECT alias, rss_hash 
							FROM ".T_USERS."
							WHERE login = '".$this->login."'
							LIMIT 1");
				
				$r = mysql_fetch_assoc($r);
				$this->alias = $r['alias'];
				$this->rssHash = $r['rss_hash'];
			}
		}
		else
		{
			$this->alias = $GLOBALS['lang']['admin_admin'];
		}
	}
	
	function setRssHash( $hash )
	{
		$this->rssHashUrl = $hash;
		$this->loadPermissions();
	}
    
    function NoSitePermission()
    {
    	return $this->getSiteAllowed() == -1;
    }
    
	function getSiteAllowed()
	{
		$o_request =& Request::getInstance();
		$siteId = $o_request->getSiteId();
		
		if($this->suPermission
			|| isset($this->viewPermission[$siteId]) 
			|| isset($this->adminPermission[$siteId]))
		{
			return $siteId;
		}
		foreach($this->adminPermission as $key => $v)
		{
			return $key;
		}
		foreach($this->viewPermission as $key => $v)
		{
			return $key;
		}
		return -1;
	}
	
	function isAuthorized( $moduleName )
	{
		$request =& Request::getInstance();
		if( in_array(	$request->getModuleNameFromUrl(), 
						array( 'view_rss', 'view_pdf', 'view_pdf_v2')
				)
		)
		{
			$this->setRssHash( $request->getRssHash()  );
		}
		
		if( in_array( $moduleName, array('login', 'logout', 'view_rss'))) 
		{
			return true;
		}
		
		$needViewRight = array(
					'contacts',
					'index',
					'other_language',
					);
		$tryLogin = $this->cookie->getVar('login');
		$tryPassword = $this->cookie->getVar('password');
		
		if(empty($tryLogin))
		{
			$tryLogin = PMV_ANONYMOUS_LOGIN;
		}
		
		if($this->isCorrect( $tryLogin, $tryPassword ))
		{
			$this->loadPermissions();
			$o_request =& Request::getInstance();
			$siteId    = $this->getSiteAllowed();
			
			// no permission at all
			if( $siteId == -1 ) 
			{
				return false;
			}
			$o_request->setSiteId($siteId);
			$siteAdmin = $o_request->getAdminSite();
			
			if( // other (install, general admin)
				$this->suPermission
			||
				// view (+ contacts, other_langage, etc.)
				((in_array( $moduleName, $needViewRight) || substr_count($moduleName, 'view_') >= 1)
					&& isset($this->viewPermission[ $siteId ]))
			||
				// admin
				(substr($moduleName, 0, 11) == 'admin_site_'
					&& 
						// have permission
						( 
							isset($this->adminPermission[ $siteAdmin ])
							|| 
							// site not selected yet BUT i know I have some admin 
							// permission on one site
							(!$siteAdmin && sizeof($this->adminPermission) > 0)
						)
				)
			||
				// asked for admin_index and we're sure he has at least one admin permission
				($moduleName === 'admin_index' && sizeof($this->adminPermission) > 0)
			)
			{
				return true;
			}
			if (($moduleName == 'admin_user') && ($request->getActionName() === 'modCur')) 
			{
				// Modify current user
				if ($tryLogin !== PMV_ANONYMOUS_LOGIN) {
					return true;
				}
			}
			
		}
		return false;
	}
	
	function isSiteAllowedView( $id )
	{
		return $this->suPermission || isset($this->viewPermission[$id]);
	}

	function isSiteAllowedAdmin( $id )
	{
		return $this->suPermission || isset($this->adminPermission[$id]);
	}
	function hasSomeAdminRights()
	{
		return  $this->suPermission ||  sizeof($this->adminPermission) > 0;
	}
	function getAllUsers()
	{
		$return = array();
		$r = query("SELECT login, alias
					FROM ".T_USERS);
		while($rr = mysql_fetch_assoc($r))
		{
			if($rr['login'] != PMV_ANONYMOUS_LOGIN)
				$return[$rr['login']] = $rr['alias'];
		}
		return $return;
	}
}
?>
Return current item: phpMyVisites