Fixed 51e8df3026cb99e9dbce4294273d967dfef9324f.
[kolarny.git] / classes / auth.php
1 <?php
2
3 require_once "database.php";
4 require_once "room.php";
5
6 define("P_USERMOD", 2);
7 define("P_ADMIN", 2);
8 define("P_GROUNDSMAN", 1);
9 define("P_BIKEMOD", 1);
10 define("P_SUMMARIES", 2);
11
12 class User {
13         private $data = array('login' => 'Anonymous', 'privileges' => -1, 'id' => -1);
14         private $newpass = false;
15         public $lastErrorMessage;
16
17         public function __construct( $login = null, $passwd = null) {
18                 if (is_null($login)) return;
19                 if (!is_null($passwd)) $AND = " AND `password` = SHA1(?)"; else $AND = "";
20                 $query = DB::query("SELECT *,
21                         SUBSTRING(`room`,1,1) AS `building`, 
22                         SUBSTRING(`room`,2,CHAR_LENGTH(`room`)-3) AS `floor`,
23                         SUBSTRING(`room`,-2) AS `roomNumber`,
24                         CONCAT_WS(' ', `surname`, `forename`) AS `name`
25                         FROM `users` WHERE LOWER(`login`) = LOWER(?) $AND;");
26                 $query->set(0, $login);
27                 if (!is_null($passwd)) $query->set(1, $passwd);
28                 $res = $query->commit();
29                 if (mysql_num_rows($res)>0) $this->data = mysql_fetch_array($res);
30         }
31
32         private function setData($data) {
33                 $this->data = $data;
34         }
35
36         public static function listAll($cond = null) {
37                 /* Cond is not used! */
38                 $query = DB::query("SELECT *,CONCAT_WS(' ', `surname`, `forename`) AS `name`
39                         FROM `users` ORDER BY login,surname,forename");
40                 $res = $query->commit();
41                 $array = array();
42                 while ($row = mysql_fetch_array($res)) {
43                         $u = new User();
44                         $u->setData($row);
45                         $array[] = $u;
46                 }
47                 return $array;
48         }
49
50         public function has_privileges( $min = 0 ) {
51                 return ($this->data['privileges'] >= $min);
52         }
53         
54         public function update() {
55                 if ($this->id == -1) {
56                         /* New user */
57                         $query = DB::query("INSERT INTO `users` SET `login` = ?, `forename` = ?, `surname` = ?, `room` = ?, `email` = ?, `phone` = ?, `password` = SHA1(?), `privileges` = 0;", 
58                                 array($this->login, $this->forename, $this->surname, $this->room, $this->email, $this->phone, $this->password));
59                         if ($query->commit()) {
60                                 $this->data['id'] = $query->lastId();
61                                 $this->data['privileges'] = 0;
62                         } else die("SQL query died in User::update.");
63                 } else {
64                         /* Update */
65                         $query = DB::query("UPDATE `users` SET `login` = ?, `forename` = ?, `surname` = ?, `room` = ?, `email` = ?, `phone` = ?, `privileges` = ? WHERE `id` = ?",
66                                 array($this->login, $this->forename, $this->surname, $this->room, $this->email, $this->phone, $this->privileges, $this->id) );
67                         $query->commit() or die("SQL query died in User::update.");
68                         if ($this->newpass) {
69                                 $query = DB::query("UPDATE `users` SET `password` = SHA1(?) WHERE `id` = ?;",
70                                         array($this->password, $this->id));
71                                 $query->commit() or die("SQL query died in User::update.");
72                         }
73                 }
74                 
75                 return true;
76         }
77
78         public function delete() {
79                 $query = DB::query("DELETE FROM `users` WHERE `id` = ?", array($this->id));
80                 $query->commit() or die("SQL query died in User::delete.");
81         }
82
83         public function __get( $name ) {
84                 return $this->data[$name];
85         }
86
87         public function setLogin($value) {
88                 $tu = new User($value);
89                 if ($tu->id == -1)
90                         { $this->data['login'] = $value; return true; }
91                 else { $this->lastErrorMessage = tr("Takový uživatel již existuje."); return false; }
92         }
93
94         public function setPassword($value) {
95                 if (strlen($value) >= 6) 
96                         { $this->data['password'] = $value; $this->newpass = true; return true; }
97                 else { $this->lastErrorMessage = tr("Heslo musí mít alespoň 6 znaků."); return false; }
98         }
99
100         public function setForename($value) {
101                 if (strlen($value) > 0) 
102                         { $this->data['forename'] = $value; return true; }
103                 else { $this->lastErrorMessage = tr("Zadejte prosím svě křestní jméno."); return false; }
104         }
105
106         public function setSurname($value) {
107                 if (strlen($value) > 0) 
108                         { $this->data['surname'] = $value; return true; }
109                 else { $this->lastErrorMessage = tr("Zadejte prosím své příjmení."); return false; }
110         }
111
112         public function setRoom($value) {
113                 if (validate_room($value)) 
114                         { $this->data['room'] = $value; return true; }
115                 else { $this->lastErrorMessage = tr("Neplatné číslo pokoje."); return false; }
116         }
117
118         public function setEmail($value) {
119                 if (preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/", $value))
120                         { $this->data['email'] = $value; return true; }
121                 else { $this->lastErrorMessage = tr("Neplatná emailová adresa."); return false; }
122         }
123         
124         public function setPhone($value) {
125                 if (preg_match('/^(\+[0-9]{3})?[0-9 ]{8,}$/', $value)) 
126                         { $this->data['phone'] = $value; return true; }
127                 else { $this->lastErrorMessage = tr("Neplatné telefonní číslo."); return false; }
128         }
129 }
130
131 class Auth {
132         public $user = null;
133
134         public function __construct() {
135                 /* Initialize session */
136                 session_start();
137                 if (!isset($_SESSION['user'])) { $_SESSION['user'] = null; }
138                 if ($_SESSION['user'] != null) $this->login();
139         }
140
141         public function login($user = null, $passwd = null) {
142                 if (is_null($user)) {
143                         /* Login thru session */
144                         $user = $_SESSION['user'];
145                 }
146                 $this->user = new User($user);
147                 if ($this->verify()) {
148                         $_SESSION['user'] = $this->user->login;
149                 }
150                 return true;
151         }
152
153         public function verify($priv = 0) {
154                 if ($this->user == null) $this->login();
155                 return $this->user->has_privileges($priv);
156         }
157
158         public function logout() {
159                 $_SESSION['user'] = $_SESSION['pass'] = $_SESSION['userID'] = null;
160         }
161
162         public function __get( $name ) {
163                 return $this->user->$name;
164         }
165 }
166
167 ?>