Location: PHPKode > scripts > BIKE > jagermesh-bike-e2eba42/breeze/datasources/users.php
<?php

br()->importLib('DataSource');

class BrDataSourceUsers extends BrDataSource {

  function __construct() {

    $loginField = br()->config()->get('br/auth/db/login-field', 'login');

    parent::__construct(br()->config()->get('br/auth/db/table', 'users'), array('defaultOrder' => $loginField));

    $this->on('signup', function($dataSource, $params) { 

      if (br()->config()->get('br/auth/api/signupDiabled')) {

        throw new Exception('Sorry. Signup is currently disabled.');

      } else {

        $data = array();

        $row = $dataSource->insert($params, $data);

        $passwordField = br()->config()->get('br/auth/db/password-field', 'password');

        br()->log()->writeLn('User registered:');
        br()->log()->writeLn($row);
        br()->log()->writeLn($data);

        if ($mailTemplate = br()->config()->get('br/auth/mail/signup/template')) {
          $emailField = br()->config()->get('br/auth/db/email-field', 'email');
          if ($email = br($row, $emailField)) {
            br()->importAtBasePath('breeze/3rdparty/phpmailer/class.phpmailer.php');
            $mail = new PHPMailer(true);
            try {
              $mail->AddReplyTo(br()->config()->get('br/auth/mail/from', 'hide@address.com'));
              $mail->AddAddress($email);
              $mail->SetFrom(br()->config()->get('br/auth/mail/from', 'hide@address.com'));
              $mail->Subject = br()->config()->get('br/auth/mail/signup/subject', 'Registration complete');
              $user = $row;
              $user[$passwordField] = $data['password'];
              $message = br()->renderer()->fetch($mailTemplate, $user);
              $mail->MsgHTML($message, dirname($mailTemplate));
              br()->log()->writeLn('Sending signup mail to ' . $email);
              if ($mail->Send()) {
                br()->log()->writeLn('Sent');
              } else {
                throw new Exception('Mail was not sent because of unknown error');
              }
            } catch (phpmailerException $e) {
              br()->log()->writeLn('Can not send signup mail to ' . $email . '. Error: ' . $e->getMessage());
            } catch (Exception $e) {
              br()->log()->writeLn('Can not send signup mail to ' . $email . '. Error: ' . $e->getMessage());
            }
          } else {
            br()->log()->writeLn('Signup mail was not sent - email field not found or empty');
          }
        } else {
          br()->log()->writeLn('Signup mail was not sent - mail template not found or empty');
        }

        br()->auth()->setLogin($row);

        unset($row[$passwordField]);

        $row['loginToken'] = br()->guid();
        $row['expiresAt'] = time() + 60 * 60;

        return $row;

      }


      //br()->response()->redirect('?from=signup&password='.$data['password']);

    });

    $this->on('insert', function($dataSource, &$row, &$data) { 

      $loginField = br()->config()->get('br/auth/db/login-field', 'login');
      $loginFieldLabel = br()->config()->get('br/auth/db/login-field-label', 'login');
      $passwordField = br()->config()->get('br/auth/db/password-field', 'password');

      if ($login = br()->html2text(br($row, $loginField))) {
        if ($user = $dataSource->selectOne(array($loginField => $login))) {
          throw new Exception('Such user already exists');
        } else {
          if (!br($row, $passwordField)) {
            $data['password'] = substr(br()->guid(), 0, 8);
          } else {
            $data['password'] = $row[$passwordField];
          }
          $row[$passwordField]   = md5($data['password']);
          //$row['token']      = br()->guid();
          //$row['adminToken'] = br()->guid();
        }
      } else {
        throw new Exception('Please enter ' . $loginFieldLabel);
      }

    });

    $this->on('select', function($dataSource, &$filter) {

      $security = br()->config()->get('br/auth/db/api/select-user');

      if (!$security) {
        $security = 'login';
      }

      if (strpos($security, 'login') !== false) {
        $login = br()->auth()->getLogin();
        if (!$login) {
          throw new Exception('You are not allowed to see users');
        }
        if (strpos($security, 'anyone') === false) {
          $filter[br()->db()->rowidField()] = br()->db()->rowid($login);
        }
      } else
      if (strpos($security, 'anyone') === false) {
        throw new Exception('You are not allowed to see users');
      }

    });

    $this->before('update', function($dataSource, $row) { 

      if ($login = br()->auth()->getLogin()) {
        if (br()->config()->get('br/auth/db/api/update-user') != 'anyone') {
          if (br()->db()->rowid($login) != br()->db()->rowid($row)) {
            throw new Exception('You are not allowed to modify this user');
          }
        }
      } else {
        throw new Exception('You are not allowed to modify this user');
      }

    });

    $this->before('remove', function($dataSource, $row) { 

      if ($login = br()->auth()->getLogin()) {
        if (br()->config()->get('br/auth/db/api/remove-user') != 'anyone') {
          if (br()->db()->rowid($login) != br()->db()->rowid($row)) {
            throw new Exception('You are not allowed to remove this user');
          }
        }
      } else {
        throw new Exception('You are not allowed to remove this user');
      }

    });

    $this->before('update', function($dataSource, &$row) { 

      $passwordField = br()->config()->get('br/auth/db/password-field', 'password');

      if (isset($row[$passwordField])) {
        if ($row[$passwordField]) {
          $row[$passwordField] = md5($row[$passwordField]);
        } else {
          unset($row[$passwordField]);
        }
      }

    });

    $this->before('update', function($dataSource, &$row) { 

      $loginField = br()->config()->get('br/auth/db/login-field', 'login');
      $loginFieldLabel = br()->config()->get('br/auth/db/login-field-label', 'login');
      
      if (isset($row[$loginField])) {
        if ($login = br()->html2text($row[$loginField])) {
          if ($user = $dataSource->selectOne(array($loginField => $login, br()->db()->rowidField() => array('$ne' => br()->db()->rowid($row))))) {
            throw new Exception('Such user already exists');
          } else {
          }
        } else {
          throw new Exception('Please enter ' . $loginFieldLabel);
        }
      }

    });

    $this->on('login', function($dataSource, $params) { 

      $loginField = br()->config()->get('br/auth/db/login-field', 'login');
      $passwordField = br()->config()->get('br/auth/db/password-field', 'password');

      if (br($params, $loginField) && br($params, $passwordField)) {
        $filter = array( $loginField    => $params[$loginField]
                       , $passwordField => md5($params[$passwordField]) 
                       );
        $dataSource->callEvent('before:loginSelectUser', $params, $filter);
        if ($row = $dataSource->selectOne($filter)) {
          $denied = false;
          if ($dataSource->invokeMethodExists('isAccessDenied')) {
            $denied = $dataSource->invoke('isAccessDenied', $row);
          }
          if (!$denied) {
            $row[$passwordField] = md5($params[$passwordField]);
            br()->auth()->setLogin($row, br($params, 'remember'));

            unset($row[$passwordField]);

            $row['loginToken'] = br()->guid();
            $row['expiresAt'] = time() + 60 * 60;

            return $row;

          } else {
            throw new Exception('Access denied');
          }
        } else {
          throw new Exception('Invalid login/password or user not found');
        }
      } else {
        throw new Exception('Please enter login/password');
      }

    });

    $this->on('logout', function($dataSource, $params) { 

      br()->auth()->clearLogin();

      return true;

    });

    $this->on('calcFields', function($dataSource, &$row) { 

      $passwordField = br()->config()->get('br/auth/db/password-field', 'password');

      if ($login = br()->auth()->getLogin()) {
        if (br()->config()->get('br/auth/db/api/select-user') != 'anyone') {
          if (br()->db()->rowid($row) != $row['rowid']) {
            unset($row['adminToken']);
            unset($row['token']);
          }
        }
      } else {
        unset($row['adminToken']);
        unset($row['token']);
      }

      unset($row[$passwordField]);

    });

    $this->on('remindPassword', function($dataSource, $params) { 

      $loginField = br()->config()->get('br/auth/db/login-field', 'login');
      $loginFieldLabel = br()->config()->get('br/auth/db/login-field-label', 'login');
      $passwordField = br()->config()->get('br/auth/db/password-field', 'password');

      if ($login = br($params, $loginField)) {
        if ($user = $dataSource->selectOne(array($loginField => $login))) {
          $emailField = br()->config()->get('br/auth/db/email-field', 'email');
          if ($email = br($user, $emailField)) {
            if ($mailTemplate = br()->config()->get('br/auth/mail/forgot-password/template')) {
              br()->importAtBasePath('breeze/3rdparty/phpmailer/class.phpmailer.php');
              $mail = new PHPMailer(true);
              try {
                $mail->AddReplyTo(br()->config()->get('br/auth/mail/from', 'hide@address.com'));
                $mail->AddAddress($login);
                $mail->SetFrom(br()->config()->get('br/auth/mail/from', 'hide@address.com'));
                $mail->Subject = br()->config()->get('br/auth/mail/forgot-password/subject', 'Registration complete');
                $data = array();
                $data[$passwordField] = substr(br()->guid(), 0, 8);                
                $user[$passwordField] = $data[$passwordField];
                $data[$passwordField] = md5($data[$passwordField]);
                //$data['token']        = br()->guid();
                //$data['adminToken']   = br()->guid();
                $message = br()->renderer()->fetch($mailTemplate, $user);
                $mail->MsgHTML($message, br()->templatesPath());
                if ($mail->Body) {
                  if ($mail->Send()) {
                    $dataSource->update(br()->db()->rowidValue($user), $data);
                    br()->log()->writeLn('New password sent to ' . $email);
                    br()->log()->writeLn($user);
                    return true;
                  } else {
                    throw new Exception('Mail was not sent because of unknown error');
                  }
                } else {
                  throw new Exception('We can not send you new password because mail template is empty');
                }
              } catch (phpmailerException $e) {
                throw new Exception(br()->html2text($e->getMessage()));
              } catch (Exception $e) {
                throw new Exception(br()->html2text($e->getMessage()));
              }
            } else {
              throw new Exception('We can not reset your password - there is no mail template for this');
            }
          } else {
            throw new Exception('We can not reset your password - email field not found or empty');
          }
        } else {
          throw new Exception('User not found');
        }
      } else {
        throw new Exception('Please enter ' . $loginFieldLabel);
      }

    });

  }

}

//br()->registerDataSource($usersDataSource);

br()->importLib('RESTBinder');

class BrRESTUsersBinder extends BrRESTBinder {

  private $params;
  private $usersDataSource;

  function __construct($usersDataSource, $params = array()) {

    $this->usersDataSource = $usersDataSource;
    $this->params = $params;

    parent::__construct();

  }

  function doRouting() {

    $loginField = br()->config()->get('br/auth/db/login-field', 'login');

    parent::route( '/api/users'
                 , $this->usersDataSource
                 , array( 'security' => array( 'invoke' => ''
                                             , '.*'     => 'login'
                                             )
                        , 'filterMappings' => array( array( 'get'    => 'keyword'
                                                          , 'type'   => 'regexp'
                                                          , 'fields' => array($loginField)
                                                          )
                                                   , array( 'get'    => 'status'
                                                          , 'field'  => 'status'
                                                          )
                                                   )
                        , 'allowEmptyFilter' => true
                        )
                 );

  }

}
Return current item: BIKE