Documentation is available at functions_security.php
- <?php
- function people_get_login_content() {
- //outputs the code for the log-in page
- $returnString;
- if( $_GET['object'] ) {
- $returnString .= people_get_change_password_content();
- } else {
- $returnString .= '
- <table width="290px" cellpadding="4" bgcolor="#FFFFFF">
- <form id="loginForm" method="post">
- <tr>
- <td bgcolor="#eeeeee" colspan="2" style="text-align:right;"> </td>
- </tr>
- <tr>
- <td bgcolor="#eeeeee">username</td>
- <td>'.form_input( 'username', NULL, array(), $GLOBALS['errorArray'] ).'</td>
- </tr>
- <tr>
- <td bgcolor="#eeeeee">password</td>
- <td>'.form_input( 'password', NULL, true ).'</td>
- </tr>
- <tr>
- <td bgcolor="#eeeeee" colspan="2" style="text-align:right;"><input type="button" class="submitLink" value="log in" '.mouseover().' onclick="this.form.submit();"></td>
- </tr>
- </form>
- </table>
- ';
- }
- return $returnString;
- }
- function people_get_change_password_content() {
- //outputs the code to change a user's password
- $returnString;
- if( $person = get_person( $_GET['object'] ) ) {
- if( $person['password'] ) {
- $returnString .= '
- <form action="../system_beta_1/system_management.php?p=people&object='.$_GET['object'].'" id="loginForm" method="post">
- <input type="hidden" name="action" value="change_password">
- old password: <input type="password" name="old_password" /><br />
- <p>new password: <input type="password" name="new_password" /><br /><br />
- verify new password: <input type="password" name="new_password_confirm" onKeyPress="return submitenter(this,event)"><br /><br />
- <input type="submit" name="userLogin" value="update" />
- </form>
- ';
- }
- } else {
- $returnString .= people_get_login_content();
- }
- return $returnString;
- }
- function people_log_in( $username, $password ) {
- //attempts to log the person in and returns the default start page if successful (nothing if not)
- global $db;
- if(strlen($username) > 0) {
- if(strlen(trim($password) ) > 0) {
- $safeUsername = addslashes( $username );
- $safePassword = sha1( $password );
- $type =& $GLOBALS['core']->get_object_type( 'people' );
- if( !$users = $type->get_byValue( array( array( 'attribute'=>'username', 'operator'=>'=', 'value'=>$safeUsername ), array( 'attribute'=>'password', 'operator'=>'=', 'value'=>$safePassword ) ) ) ) {
- $users = $type->get_byValue( array( array( 'attribute'=>'email', 'operator'=>'=', 'value'=>$safeUsername ), array( 'attribute'=>'password', 'operator'=>'=', 'value'=>$safePassword ) ) );
- }
- if( count($users) == 1 ) {
- $user = reset($users);
- if( ( $user->get_attribute('username') == $safeUsername || $user->get_attribute('email') == $safeUsername ) && $user->get_attribute('password') === $safePassword ) {
- $GLOBALS['user'] = reset($users);
- $user =& $GLOBALS['user'];
- if( isset( $GLOBALS['user'] ) ) {
- people_log_out();
- }
- session_start();
- session_regenerate_id();
- //setting a session property to be a reference may be a bad idea... we'll have to see
- $_SESSION["user"] = $user->id;
- $_SESSION["IP"] = $_SERVER["REMOTE_ADDR"];
- $_SESSION["timestamp"] = time();
- $user->set( array( 'sessionID'=>session_id(), 'sessionIP'=>$_SESSION['IP'], 'sessionTimestamp'=>$_SESSION['timestamp'] ) );
- } else {
- return array( "incorrect username or password" );
- }
- } else {
- return array( "incorrect username or password" );
- }
- } else {
- return array( 'password' => "password was empty" );
- }
- } else {
- return array( 'username' => "username was empty" );
- }
- }
- function people_log_out() {
- //logs out the current user
- global $db;
- $_SESSION = array();
- session_destroy();
- unset($_COOKIE[session_name()]);
- if( isset( $GLOBALS['user'] ) ) {
- $GLOBALS['user']->set( array( 'sessionID'=>'', 'sessionIP'=>'', 'sessionTimestamp'=>'' ) );
- unset( $GLOBALS['user'] );
- }
- header( "Location: http://".$_SERVER['HTTP_HOST']."/pi/Modules/people/login.php" );
- }
- function allowed( $permissionName, $objectArray = NULL ) {
- if( !isset( $GLOBALS['core'] ) ) { $GLOBALS['core'] = new core; }
- if( !isset($GLOBALS['permissions']) ) { $GLOBALS['permissions'] = array(); }
- if( !isset( $GLOBALS['user'] ) && $user =& get_object( $_SESSION['user'] ) ) {
- $GLOBALS['user'] =& $user;
- }
- if( array_key_exists( $permissionName, $GLOBALS['permissions'] ) ) { return $GLOBALS['permissions'][ $permissionName ]; }
- $permissionType =& $GLOBALS['core']->get_object_type( 'permissions' );
- if( $permissionName ) {
- if( !$permission = $permissionType->get_byValue( array( array( 'attribute'=>'name','operator'=>'=','value'=>$permissionName ) ) ) ) {
- //echo print_array($permission);
- $permission = new permission;
- $permission->set( array( 'name'=>$permissionName ) );
- } else { $permission = reset($permission); }
- } else { return true; }
- //if the permission is open, return true
- if( !count( $permission->constraintArray ) ) {
- $GLOBALS['permissions'][ $permissionName ] = ($objectArray ? $objectArray : true);
- return $GLOBALS['permissions'][ $permissionName ];
- }
- //if the permission has ben set but no-one is logged in return false
- if( !isset( $GLOBALS['user'] ) ) { return false; }
- else {
- if( $userConstraints = $GLOBALS['user']->get_satisfied_constraints() ) {
- foreach( $permission->constraintArray as $constraint ) {
- foreach( $userConstraints as $u_constraint ) {
- if( $u_constraint->id == $constraint->id ) {
- $GLOBALS['permissions'][ $permissionName ] = true;
- return $GLOBALS['permissions'][ $permissionName ];
- }
- }
- }
- }
- }
- $GLOBALS['permissions'][ $permissionName ] = false;
- return $GLOBALS['permissions'][ $permissionName ];
- /*
- if( $userConstraints = $GLOBALS['user']->get_satisfied_constraints() ) {
- foreach($userConstraints as $userConstraint ) {
- if( !$objectArray ) {
- if( array_key_exists( $userConstraint->id, $permission->constraintArray ) ) {
- $GLOBALS['permissions'][ $permissionName ] = true;
- return $GLOBALS['permissions'][ $permissionName ];
- }
- } else {
- $satisfiedPermissions = array();
- foreach( $permission['constraintArray'] as $constraint ) {
- if( !is_array($constraint) ) {
- echo '<strong>!permission error</strong>: view permission used in place of array permission<strong>!</strong>';
- return $objectArray;
- }
- if( $constraint['owner_constraint'] == $userConstraint ) {
- array_push( $satisfiedPermissions, $permission['constraintArray'] );
- break;
- }
- }
- }
- }
- }
- }*/
- /*
- //ok, so this is a start, but it doesn't allow sets of constraints to be defined on a per-constraint basis
- if( $objectArray ) {
- $returnArray = array();
- foreach( $satisfiedPermissions as $currentPermission ) {
- foreach( $objectArray as $object ) {
- $objectConstraints = get_satisfied_constraints( $object );
- for($i=0;$i<count($objectConstraints) && !isset($break);$i++) {
- if( in_array( $objectConstraints[$i], $currentPermission['array_constraints'] ) ) { array_push( $returnArray, $object ); break; }
- }
- }
- }
- $GLOBALS['permissions'][ $permissionName ] = $returnArray;
- return $GLOBALS['permissions'][ $permissionName ];
- } else {
- $GLOBALS['permissions'][ $permissionName ] = false;
- return $GLOBALS['permissions'][ $permissionName ];
- }*/
- }
- ?>
Documentation generated on Tue, 24 May 2005 03:58:07 -0400 by phpDocumentor 1.3.0RC3