PageRenderTime 45ms CodeModel.GetById 19ms RepoModel.GetById 0ms app.codeStats 1ms

/vendor/joomla/libraries/joomla/user/user.php

https://github.com/bhar1red/anahita
PHP | 614 lines | 259 code | 89 blank | 266 comment | 44 complexity | de2df045ff3d9ef424f7f2504c76cc5e MD5 | raw file
Possible License(s): GPL-2.0, LGPL-2.1
  1. <?php
  2. /**
  3. * @version $Id: user.php 14401 2010-01-26 14:10:00Z louis $
  4. * @package Joomla.Framework
  5. * @subpackage User
  6. * @copyright Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved.
  7. * @license GNU/GPL, see LICENSE.php
  8. * Joomla! is free software. This version may have been modified pursuant to the
  9. * GNU General Public License, and as distributed it includes or is derivative
  10. * of works licensed under the GNU General Public License or other free or open
  11. * source software licenses. See COPYRIGHT.php for copyright notices and
  12. * details.
  13. */
  14. // Check to ensure this file is within the rest of the framework
  15. defined('JPATH_BASE') or die();
  16. jimport( 'joomla.html.parameter');
  17. /**
  18. * User class. Handles all application interaction with a user
  19. *
  20. * @package Joomla.Framework
  21. * @subpackage User
  22. * @since 1.5
  23. */
  24. class JUser extends JObject
  25. {
  26. /**
  27. * Unique id
  28. * @var int
  29. */
  30. var $id = null;
  31. /**
  32. * The users real name (or nickname)
  33. * @var string
  34. */
  35. var $name = null;
  36. /**
  37. * The login name
  38. * @var string
  39. */
  40. var $username = null;
  41. /**
  42. * The email
  43. * @var string
  44. */
  45. var $email = null;
  46. /**
  47. * MD5 encrypted password
  48. * @var string
  49. */
  50. var $password = null;
  51. /**
  52. * Clear password, only available when a new password is set for a user
  53. * @var string
  54. */
  55. var $password_clear = '';
  56. /**
  57. * Description
  58. * @var string
  59. */
  60. var $usertype = null;
  61. /**
  62. * Description
  63. * @var int
  64. */
  65. var $block = null;
  66. /**
  67. * Description
  68. * @var int
  69. */
  70. var $sendEmail = null;
  71. /**
  72. * The group id number
  73. * @var int
  74. */
  75. var $gid = null;
  76. /**
  77. * Description
  78. * @var datetime
  79. */
  80. var $registerDate = null;
  81. /**
  82. * Description
  83. * @var datetime
  84. */
  85. var $lastvisitDate = null;
  86. /**
  87. * Description
  88. * @var string activation hash
  89. */
  90. var $activation = null;
  91. /**
  92. * Description
  93. * @var string
  94. */
  95. var $params = null;
  96. /**
  97. * Description
  98. * @var string integer
  99. */
  100. var $aid = null;
  101. /**
  102. * Description
  103. * @var boolean
  104. */
  105. var $guest = null;
  106. /**
  107. * User parameters
  108. * @var object
  109. */
  110. var $_params = null;
  111. /**
  112. * Error message
  113. * @var string
  114. */
  115. var $_errorMsg = null;
  116. /**
  117. * Constructor activating the default information of the language
  118. *
  119. * @access protected
  120. */
  121. function __construct($identifier = 0)
  122. {
  123. // Create the user parameters object
  124. $this->_params = new JParameter( '' );
  125. // Load the user if it exists
  126. if (!empty($identifier)) {
  127. $this->load($identifier);
  128. }
  129. else
  130. {
  131. //initialise
  132. $this->id = 0;
  133. $this->gid = 0;
  134. $this->sendEmail = 0;
  135. $this->aid = 0;
  136. $this->guest = 1;
  137. }
  138. }
  139. /**
  140. * Returns a reference to the global User object, only creating it if it
  141. * doesn't already exist.
  142. *
  143. * This method must be invoked as:
  144. * <pre> $user =& JUser::getInstance($id);</pre>
  145. *
  146. * @access public
  147. * @param int $id The user to load - Can be an integer or string - If string, it is converted to ID automatically.
  148. * @return JUser The User object.
  149. * @since 1.5
  150. */
  151. public static function &getInstance($id = 0)
  152. {
  153. static $instances;
  154. if (!isset ($instances)) {
  155. $instances = array ();
  156. }
  157. // Find the user id
  158. if(!is_numeric($id))
  159. {
  160. jimport('joomla.user.helper');
  161. if (!$id = JUserHelper::getUserId($id)) {
  162. JError::raiseWarning( 'SOME_ERROR_CODE', 'JUser::_load: User '.$id.' does not exist' );
  163. $retval = false;
  164. return $retval;
  165. }
  166. }
  167. if (empty($instances[$id])) {
  168. $user = new JUser($id);
  169. $instances[$id] = $user;
  170. }
  171. return $instances[$id];
  172. }
  173. /**
  174. * Method to get a parameter value
  175. *
  176. * @access public
  177. * @param string $key Parameter key
  178. * @param mixed $default Parameter default value
  179. * @return mixed The value or the default if it did not exist
  180. * @since 1.5
  181. */
  182. function getParam( $key, $default = null )
  183. {
  184. return $this->_params->get( $key, $default );
  185. }
  186. /**
  187. * Method to set a parameter
  188. *
  189. * @access public
  190. * @param string $key Parameter key
  191. * @param mixed $value Parameter value
  192. * @return mixed Set parameter value
  193. * @since 1.5
  194. */
  195. function setParam( $key, $value )
  196. {
  197. return $this->_params->set( $key, $value );
  198. }
  199. /**
  200. * Method to set a default parameter if it does not exist
  201. *
  202. * @access public
  203. * @param string $key Parameter key
  204. * @param mixed $value Parameter value
  205. * @return mixed Set parameter value
  206. * @since 1.5
  207. */
  208. function defParam( $key, $value )
  209. {
  210. return $this->_params->def( $key, $value );
  211. }
  212. /**
  213. * Method to check JUser object authorization against an access control
  214. * object and optionally an access extension object
  215. *
  216. * @access public
  217. * @param string $acoSection The ACO section value
  218. * @param string $aco The ACO value
  219. * @param string $axoSection The AXO section value [optional]
  220. * @param string $axo The AXO value [optional]
  221. * @return boolean True if authorized
  222. * @since 1.5
  223. */
  224. function authorize( $acoSection, $aco, $axoSection = null, $axo = null )
  225. {
  226. // the native calls (Check Mode 1) work on the user id, not the user type
  227. $acl = & JFactory::getACL();
  228. $value = $acl->getCheckMode() == 1 ? $this->id : $this->usertype;
  229. return $acl->acl_check( $acoSection, $aco, 'users', $value, $axoSection, $axo );
  230. }
  231. /**
  232. * Pass through method to the table for setting the last visit date
  233. *
  234. * @access public
  235. * @param int $timestamp The timestamp, defaults to 'now'
  236. * @return boolean True on success
  237. * @since 1.5
  238. */
  239. function setLastVisit($timestamp=null)
  240. {
  241. // Create the user table object
  242. $table =& $this->getTable();
  243. $table->load($this->id);
  244. return $table->setLastVisit($timestamp);
  245. }
  246. /**
  247. * Method to get the user parameters
  248. *
  249. * This function tries to load an xml file based on the users usertype. The filename of the xml
  250. * file is the same as the usertype. The functionals has a static variable to store the parameters
  251. * setup file base path. You can call this function statically to set the base path if needed.
  252. *
  253. * @access public
  254. * @param boolean If true, loads the parameters setup file. Default is false.
  255. * @param path Set the parameters setup file base path to be used to load the user parameters.
  256. * @return object The user parameters object
  257. * @since 1.5
  258. */
  259. function &getParameters($loadsetupfile = false, $path = null)
  260. {
  261. static $parampath;
  262. // Set a custom parampath if defined
  263. if( isset($path) ) {
  264. $parampath = $path;
  265. }
  266. // Set the default parampath if not set already
  267. if( !isset($parampath) ) {
  268. $parampath = JPATH_ADMINISTRATOR.DS.'components'.DS.'com_users'.DS.'models';
  269. }
  270. if($loadsetupfile)
  271. {
  272. $type = str_replace(' ', '_', strtolower($this->usertype));
  273. $file = $parampath.DS.$type.'.xml';
  274. if(!file_exists($file)) {
  275. $file = $parampath.DS.'user.xml';
  276. }
  277. $this->_params->loadSetupFile($file);
  278. }
  279. return $this->_params;
  280. }
  281. /**
  282. * Method to get the user parameters
  283. *
  284. * @access public
  285. * @param object The user parameters object
  286. * @since 1.5
  287. */
  288. function setParameters($params )
  289. {
  290. $this->_params = $params;
  291. }
  292. /**
  293. * Method to get the user table object
  294. *
  295. * This function uses a static variable to store the table name of the user table to
  296. * it instantiates. You can call this function statically to set the table name if
  297. * needed.
  298. *
  299. * @access public
  300. * @param string The user table name to be used
  301. * @param string The user table prefix to be used
  302. * @return object The user table object
  303. * @since 1.5
  304. */
  305. function &getTable( $type = null, $prefix = 'JTable' )
  306. {
  307. static $tabletype;
  308. //Set the default tabletype;
  309. if(!isset($tabletype)) {
  310. $tabletype['name'] = 'user';
  311. $tabletype['prefix'] = 'JTable';
  312. }
  313. //Set a custom table type is defined
  314. if(isset($type)) {
  315. $tabletype['name'] = $type;
  316. $tabletype['prefix'] = $prefix;
  317. }
  318. // Create the user table object
  319. $table =& JTable::getInstance( $tabletype['name'], $tabletype['prefix'] );
  320. return $table;
  321. }
  322. /**
  323. * Method to bind an associative array of data to a user object
  324. *
  325. * @access public
  326. * @param array $array The associative array to bind to the object
  327. * @return boolean True on success
  328. * @since 1.5
  329. */
  330. function bind(& $array)
  331. {
  332. jimport('joomla.user.helper');
  333. // Lets check to see if the user is new or not
  334. if (empty($this->id))
  335. {
  336. // Check the password and create the crypted password
  337. if (empty($array['password'])) {
  338. $array['password'] = JUserHelper::genRandomPassword();
  339. $array['password2'] = $array['password'];
  340. }
  341. if ($array['password'] != $array['password2']) {
  342. $this->setError( JText::_( 'PASSWORD DO NOT MATCH.' ) );
  343. return false;
  344. }
  345. $this->password_clear = JArrayHelper::getValue( $array, 'password', '', 'string' );
  346. $salt = JUserHelper::genRandomPassword(32);
  347. $crypt = JUserHelper::getCryptedPassword($array['password'], $salt);
  348. $array['password'] = $crypt.':'.$salt;
  349. // Set the registration timestamp
  350. $now =& JFactory::getDate();
  351. $this->set( 'registerDate', $now->toMySQL() );
  352. // Check that username is not greater than 150 characters
  353. $username = $this->get( 'username' );
  354. if ( strlen($username) > 150 )
  355. {
  356. $username = substr( $username, 0, 150 );
  357. $this->set( 'username', $username );
  358. }
  359. // Check that password is not greater than 100 characters
  360. $password = $this->get( 'password' );
  361. if ( strlen($password) > 100 )
  362. {
  363. $password = substr( $password, 0, 100 );
  364. $this->set( 'password', $password );
  365. }
  366. }
  367. else
  368. {
  369. // Updating an existing user
  370. if (!empty($array['password']))
  371. {
  372. if ( $array['password'] != $array['password2'] ) {
  373. $this->setError( JText::_( 'PASSWORD DO NOT MATCH.' ) );
  374. return false;
  375. }
  376. $this->password_clear = JArrayHelper::getValue( $array, 'password', '', 'string' );
  377. $salt = JUserHelper::genRandomPassword(32);
  378. $crypt = JUserHelper::getCryptedPassword($array['password'], $salt);
  379. $array['password'] = $crypt.':'.$salt;
  380. }
  381. else
  382. {
  383. $array['password'] = $this->password;
  384. }
  385. }
  386. // TODO: this will be deprecated as of the ACL implementation
  387. $db =& JFactory::getDBO();
  388. $gid = array_key_exists('gid', $array ) ? $array['gid'] : $this->get('gid');
  389. $query = 'SELECT name'
  390. . ' FROM #__core_acl_aro_groups'
  391. . ' WHERE id = ' . (int) $gid
  392. ;
  393. $db->setQuery( $query );
  394. $this->set( 'usertype', $db->loadResult());
  395. if ( array_key_exists('params', $array) )
  396. {
  397. $params = '';
  398. $this->_params->bind($array['params']);
  399. if ( is_array($array['params']) ) {
  400. $params = $this->_params->toString();
  401. } else {
  402. $params = $array['params'];
  403. }
  404. $this->params = $params;
  405. }
  406. // Bind the array
  407. if (!$this->setProperties($array)) {
  408. $this->setError("Unable to bind array to user object");
  409. return false;
  410. }
  411. // Make sure its an integer
  412. $this->id = (int) $this->id;
  413. return true;
  414. }
  415. /**
  416. * Method to save the JUser object to the database
  417. *
  418. * @access public
  419. * @param boolean $updateOnly Save the object only if not a new user
  420. * @return boolean True on success
  421. * @since 1.5
  422. */
  423. function save( $updateOnly = false )
  424. {
  425. // Create the user table object
  426. $table =& $this->getTable();
  427. $this->params = $this->_params->toString();
  428. $table->bind($this->getProperties());
  429. // Check and store the object.
  430. if (!$table->check()) {
  431. $this->setError($table->getError());
  432. return false;
  433. }
  434. // If user is made a Super Admin group and user is NOT a Super Admin
  435. $my =& JFactory::getUser();
  436. if ( $this->get('gid') == 25 && $my->get('gid') != 25 )
  437. {
  438. // disallow creation of Super Admin by non Super Admin users
  439. $this->setError(JText::_( 'WARNSUPERADMINCREATE' ));
  440. return false;
  441. }
  442. // If user is made an Admin group and user is NOT a Super Admin
  443. if ($this->get('gid') == 24 && !($my->get('gid') == 25 || ($this->get('id') == $my->id && $my->get('gid') == 24)))
  444. {
  445. // disallow creation of Admin by non Super Admin users
  446. $this->setError(JText::_( 'WARNSUPERADMINCREATE' ));
  447. return false;
  448. }
  449. //are we creating a new user
  450. $isnew = !$this->id;
  451. // If we aren't allowed to create new users return
  452. if ($isnew && $updateOnly) {
  453. return true;
  454. }
  455. // Get the old user
  456. $old = new JUser($this->id);
  457. // Fire the onBeforeStoreUser event.
  458. JPluginHelper::importPlugin( 'user' );
  459. $dispatcher =& JDispatcher::getInstance();
  460. $dispatcher->trigger( 'onBeforeStoreUser', array( $old->getProperties(), $isnew ) );
  461. //Store the user data in the database
  462. if (!$result = $table->store()) {
  463. $this->setError($table->getError());
  464. }
  465. // Set the id for the JUser object in case we created a new user.
  466. if (empty($this->id)) {
  467. $this->id = $table->get( 'id' );
  468. }
  469. // Fire the onAftereStoreUser event
  470. $dispatcher->trigger( 'onAfterStoreUser', array( $this->getProperties(), $isnew, $result, $this->getError() ) );
  471. return $result;
  472. }
  473. /**
  474. * Method to delete the JUser object from the database
  475. *
  476. * @access public
  477. * @param boolean $updateOnly Save the object only if not a new user
  478. * @return boolean True on success
  479. * @since 1.5
  480. */
  481. function delete( )
  482. {
  483. JPluginHelper::importPlugin( 'user' );
  484. //trigger the onBeforeDeleteUser event
  485. $dispatcher =& JDispatcher::getInstance();
  486. $dispatcher->trigger( 'onBeforeDeleteUser', array( $this->getProperties() ) );
  487. // Create the user table object
  488. $table =& $this->getTable();
  489. $result = false;
  490. if (!$result = $table->delete($this->id)) {
  491. $this->setError($table->getError());
  492. }
  493. //trigger the onAfterDeleteUser event
  494. $dispatcher->trigger( 'onAfterDeleteUser', array( $this->getProperties(), $result, $this->getError()) );
  495. return $result;
  496. }
  497. /**
  498. * Method to load a JUser object by user id number
  499. *
  500. * @access public
  501. * @param mixed $identifier The user id of the user to load
  502. * @param string $path Path to a parameters xml file
  503. * @return boolean True on success
  504. * @since 1.5
  505. */
  506. function load($id)
  507. {
  508. // Create the user table object
  509. $table =& $this->getTable();
  510. // Load the JUserModel object based on the user id or throw a warning.
  511. if(!$table->load($id)) {
  512. JError::raiseWarning( 'SOME_ERROR_CODE', 'JUser::_load: Unable to load user with id: '.$id );
  513. return false;
  514. }
  515. /*
  516. * Set the user parameters using the default xml file. We might want to
  517. * extend this in the future to allow for the ability to have custom
  518. * user parameters, but for right now we'll leave it how it is.
  519. */
  520. $this->_params->loadINI($table->params);
  521. // Assuming all is well at this point lets bind the data
  522. $this->setProperties($table->getProperties());
  523. return true;
  524. }
  525. }