diff options
| -rw-r--r-- | modules/gallery/config/identity.php | 36 | ||||
| -rw-r--r-- | modules/gallery/helpers/group.php (renamed from modules/user/helpers/group.php) | 113 | ||||
| -rw-r--r-- | modules/gallery/helpers/user.php (renamed from modules/user/helpers/user.php) | 253 | ||||
| -rw-r--r-- | modules/gallery/libraries/Identity.php | 230 | ||||
| -rw-r--r-- | modules/gallery/libraries/drivers/Identity.php | 129 | ||||
| -rw-r--r-- | modules/gallery/models/item.php | 2 | ||||
| -rw-r--r-- | modules/gallery/models/log.php | 17 | ||||
| -rw-r--r-- | modules/notification/helpers/notification.php | 21 | ||||
| -rw-r--r-- | modules/user/controllers/admin_users.php | 65 | ||||
| -rw-r--r-- | modules/user/controllers/login.php | 5 | ||||
| -rw-r--r-- | modules/user/controllers/password.php | 15 | ||||
| -rw-r--r-- | modules/user/libraries/drivers/Identity/Gallery.php | 258 |
12 files changed, 892 insertions, 252 deletions
diff --git a/modules/gallery/config/identity.php b/modules/gallery/config/identity.php new file mode 100644 index 00000000..f2064127 --- /dev/null +++ b/modules/gallery/config/identity.php @@ -0,0 +1,36 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +/* + * @package User + * + * User settings, defined as arrays, or "groups". If no group name is + * used when loading the cache library, the group named "default" will be used. + * + * Each group can be used independently, and multiple groups can be used at once. + * + * Group Options: + * driver - User backend driver. Gallery comes with Gallery user driver. + * + * params - Driver parameters, specific to each driver. + */ +$config["default"] = array ( + "driver" => "gallery", + "params" => array(), +); diff --git a/modules/user/helpers/group.php b/modules/gallery/helpers/group.php index b13895bc..074a7b83 100644 --- a/modules/user/helpers/group.php +++ b/modules/gallery/helpers/group.php @@ -24,85 +24,100 @@ * Note: by design, this class does not do any permission checking. */ class group_Core { + static function get_edit_form_admin($group) { + $form = new Forge("admin/users/edit_group/$group->id", "", "post", array("id" => "g-edit-group-form")); + $form_group = $form->group("edit_group")->label(t("Edit Group")); + $form_group->input("name")->label(t("Name"))->id("g-name")->value($group->name); + $form_group->inputs["name"]->error_messages( + "in_use", t("There is already a group with that name")); + $form_group->submit("")->value(t("Save")); + $form->add_rules_from(self::get_edit_rules()); + return $form; + } + + static function get_add_form_admin() { + $form = new Forge("admin/users/add_group", "", "post", array("id" => "g-add-group-form")); + $form->set_attr('class', "g-narrow"); + $form_group = $form->group("add_group")->label(t("Add Group")); + $form_group->input("name")->label(t("Name"))->id("g-name"); + $form_group->inputs["name"]->error_messages( + "in_use", t("There is already a group with that name")); + $form_group->submit("")->value(t("Add Group")); + $group = ORM::factory("group"); + $form->add_rules_from(self::get_edit_rules()); + return $form; + } + + static function get_delete_form_admin($group) { + $form = new Forge("admin/users/delete_group/$group->id", "", "post", + array("id" => "g-delete-group-form")); + $form_group = $form->group("delete_group")->label( + t("Are you sure you want to delete group %group_name?", array("group_name" => $group->name))); + $form_group->submit("")->value(t("Delete")); + return $form; + } + /** * Create a new group. * * @param string $name - * @return Group_Model + * @return Group_Core */ static function create($name) { - $group = ORM::factory("group")->where("name", $name)->find(); - if ($group->loaded) { - throw new Exception("@todo GROUP_ALREADY_EXISTS $name"); - } - - $group->name = $name; - $group->save(); - - return $group; + return Identity::instance()->create_group($name); } /** * The group of all possible visitors. This includes the guest user. * - * @return Group_Model + * @return Group_Core */ static function everybody() { - return model_cache::get("group", 1); + return Identity::instance()->everybody(); } /** * The group of all logged-in visitors. This does not include guest users. * - * @return Group_Model + * @return Group_Core */ static function registered_users() { - return model_cache::get("group", 2); + return Identity::instance()->everybody(); + } + + /** + * Look up a group by id. + * @param integer $id the user id + * @return Group_Model the group object, or null if the id was invalid. + */ + static function lookup($id) { + return Identity::instance()->lookup_group($id); } /** * Look up a group by name. * @param integer $id the group name - * @return Group_Model the group object, or null if the name was invalid. + * @return Group_Core the group object, or null if the name was invalid. */ static function lookup_by_name($name) { - $group = model_cache::get("group", $name, "name"); - if ($group->loaded) { - return $group; - } - return null; + return Identity::instance()->lookup_group_by_name($name); } - static function get_edit_form_admin($group) { - $form = new Forge("admin/users/edit_group/$group->id", "", "post", array("id" => "g-edit-group-form")); - $form_group = $form->group("edit_group")->label(t("Edit Group")); - $form_group->input("name")->label(t("Name"))->id("g-name")->value($group->name); - $form_group->inputs["name"]->error_messages( - "in_use", t("There is already a group with that name")); - $form_group->submit("")->value(t("Save")); - $form->add_rules_from($group); - return $form; - } - - static function get_add_form_admin() { - $form = new Forge("admin/users/add_group", "", "post", array("id" => "g-add-group-form")); - $form->set_attr('class', "g-narrow"); - $form_group = $form->group("add_group")->label(t("Add Group")); - $form_group->input("name")->label(t("Name"))->id("g-name"); - $form_group->inputs["name"]->error_messages( - "in_use", t("There is already a group with that name")); - $form_group->submit("")->value(t("Add Group")); - $group = ORM::factory("group"); - $form->add_rules_from($group); - return $form; + /** + * List the groups + * @param mixed options to apply to the selection of the user + * @return array the group list. + */ + static function groups($filter=array()) { + return Identity::instance()->list_groups($filter); } - static function get_delete_form_admin($group) { - $form = new Forge("admin/users/delete_group/$group->id", "", "post", - array("id" => "g-delete-group-form")); - $form_group = $form->group("delete_group")->label( - t("Are you sure you want to delete group %group_name?", array("group_name" => $group->name))); - $form_group->submit("")->value(t("Delete")); - return $form; + /** + * Return the edit rules associated with an group. + * + * @return stdClass containing the rules + */ + static function get_edit_rules() { + return Identity::instance()->get_edit_rules("group"); } } diff --git a/modules/user/helpers/user.php b/modules/gallery/helpers/user.php index 6ae9203d..2044964f 100644 --- a/modules/user/helpers/user.php +++ b/modules/gallery/helpers/user.php @@ -35,7 +35,7 @@ class user_Core { ->matches($group->password); $group->input("email")->label(t("Email"))->id("g-email")->value($user->email); $group->input("url")->label(t("URL"))->id("g-url")->value($user->url); - $form->add_rules_from($user); + $form->add_rules_from(self::get_edit_rules()); module::event("user_edit_form", $user, $form); $group->submit("")->value(t("Save")); @@ -57,8 +57,7 @@ class user_Core { $group->input("email")->label(t("Email"))->id("g-email")->value($user->email); $group->input("url")->label(t("URL"))->id("g-url")->value($user->url); $group->checkbox("admin")->label(t("Admin"))->id("g-admin")->checked($user->admin); - $form->add_rules_from($user); - $form->edit_user->password->rules("-required"); + $form->add_rules_from(self::get_edit_rules()); module::event("user_edit_form_admin", $user, $form); $group->submit("")->value(t("Modify User")); @@ -79,8 +78,7 @@ class user_Core { $group->input("url")->label(t("URL"))->id("g-url"); self::_add_locale_dropdown($group); $group->checkbox("admin")->label(t("Admin"))->id("g-admin"); - $user = ORM::factory("user"); - $form->add_rules_from($user); + $form->add_rules_from(self::get_edit_rules()); module::event("user_add_form_admin", $user, $form); $group->submit("")->value(t("Add User")); @@ -124,19 +122,73 @@ class user_Core { } /** + * Return the active user. If there's no active user, return the guest user. + * + * @return User_Model + */ + static function active() { + // @todo (maybe) cache this object so we're not always doing session lookups. + $user = Session::instance()->get("user", null); + if (!isset($user)) { + // Don't do this as a fallback in the Session::get() call because it can trigger unnecessary + // work. + $user = self::guest(); + } + return $user; + } + + /** + * Change the active user. + * + * @return User_Model + */ + static function set_active($user) { + $session = Session::instance(); + $session->set("user", $user); + $session->delete("group_ids"); + self::load_user(); + } + + /** + * Return the array of group ids this user belongs to + * + * @return array + */ + static function group_ids() { + return Session::instance()->get("group_ids", array(1)); + } + + + static function cookie_locale() { + $cookie_data = Input::instance()->cookie("g_locale"); + $locale = null; + if ($cookie_data) { + if (preg_match("/^([a-z]{2,3}(?:_[A-Z]{2})?)$/", trim($cookie_data), $matches)) { + $requested_locale = $matches[1]; + $installed_locales = locales::installed(); + if (isset($installed_locales[$requested_locale])) { + $locale = $requested_locale; + } + } + } + return $locale; + } + + /** * Make sure that we have a session and group_ids cached in the session. */ static function load_user() { $session = Session::instance(); if (!($user = $session->get("user"))) { - $session->set("user", $user = user::guest()); + $session->set("user", $user = self::guest()); } // The installer cannot set a user into the session, so it just sets an id which we should // upconvert into a user. + // @todo what is user id===2 if ($user === 2) { $user = model_cache::get("user", 2); - user::login($user); + self::login($user); $session->set("user", $user); } @@ -150,28 +202,33 @@ class user_Core { } /** - * Return the array of group ids this user belongs to - * - * @return array + * Log in as a given user. + * @param object $user the user object. */ - static function group_ids() { - return Session::instance()->get("group_ids", array(1)); + static function login($user) { + // @todo make this an interface call + $user->login_count += 1; + $user->last_login = time(); + $user->save(); + + self::set_active($user); + module::event("user_login", $user); } /** - * Return the active user. If there's no active user, return the guest user. - * - * @return User_Model + * Log out the active user and destroy the session. + * @param object $user the user object. */ - static function active() { - // @todo (maybe) cache this object so we're not always doing session lookups. - $user = Session::instance()->get("user", null); - if (!isset($user)) { - // Don't do this as a fallback in the Session::get() call because it can trigger unnecessary - // work. - $user = user::guest(); + static function logout() { + $user = self::active(); + if (!$user->guest) { + try { + Session::instance()->destroy(); + } catch (Exception $e) { + Kohana::log("error", $e); + } + module::event("user_logout", $user); } - return $user; } /** @@ -182,19 +239,7 @@ class user_Core { * @return User_Model */ static function guest() { - return model_cache::get("user", 1); - } - - /** - * Change the active user. - * - * @return User_Model - */ - static function set_active($user) { - $session = Session::instance(); - $session->set("user", $user); - $session->delete("group_ids"); - self::load_user(); + return Identity::instance()->guest(); } /** @@ -206,21 +251,7 @@ class user_Core { * @return User_Model */ static function create($name, $full_name, $password) { - $user = ORM::factory("user")->where("name", $name)->find(); - if ($user->loaded) { - throw new Exception("@todo USER_ALREADY_EXISTS $name"); - } - - $user->name = $name; - $user->full_name = $full_name; - $user->password = $password; - - // Required groups - $user->add(group::everybody()); - $user->add(group::registered_users()); - - $user->save(); - return $user; + return Identity::instance()->create_user($name, $full_name, $password); } /** @@ -231,31 +262,7 @@ class user_Core { * @return boolean true if the password is correct */ static function is_correct_password($user, $password) { - $valid = $user->password; - - // Try phpass first, since that's what we generate. - if (strlen($valid) == 34) { - require_once(MODPATH . "user/lib/PasswordHash.php"); - $hashGenerator = new PasswordHash(10, true); - return $hashGenerator->CheckPassword($password, $valid); - } - - $salt = substr($valid, 0, 4); - // Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes: - $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password)); - if (!strcmp($guess, $valid)) { - return true; - } - - // Passwords with <&"> created by G2 prior to 2.1 were hashed with entities - $sanitizedPassword = html::specialchars($password, false); - $guess = (strlen($valid) == 32) ? md5($sanitizedPassword) - : ($salt . md5($salt . $sanitizedPassword)); - if (!strcmp($guess, $valid)) { - return true; - } - - return false; + return Identity::instance()->is_correct_password($user, $password); } /** @@ -264,38 +271,7 @@ class user_Core { * @return string hashed password */ static function hash_password($password) { - require_once(MODPATH . "user/lib/PasswordHash.php"); - $hashGenerator = new PasswordHash(10, true); - return $hashGenerator->HashPassword($password); - } - - /** - * Log in as a given user. - * @param object $user the user object. - */ - static function login($user) { - $user->login_count += 1; - $user->last_login = time(); - $user->save(); - - user::set_active($user); - module::event("user_login", $user); - } - - /** - * Log out the active user and destroy the session. - * @param object $user the user object. - */ - static function logout() { - $user = user::active(); - if (!$user->guest) { - try { - Session::instance()->destroy(); - } catch (Exception $e) { - Kohana::log("error", $e); - } - module::event("user_logout", $user); - } + return Identity::instance()->hash_password($password); } /** @@ -304,11 +280,7 @@ class user_Core { * @return User_Model the user object, or null if the id was invalid. */ static function lookup($id) { - $user = model_cache::get("user", $id); - if ($user->loaded) { - return $user; - } - return null; + return Identity::instance()->lookup_user($id); } /** @@ -317,44 +289,33 @@ class user_Core { * @return User_Model the user object, or null if the name was invalid. */ static function lookup_by_name($name) { - $user = model_cache::get("user", $name, "name"); - if ($user->loaded) { - return $user; - } - return null; + return Identity::instance()->lookup_user_by_field("name", $name); } /** - * Create a hashed password using md5 plus salt. - * @param string $password plaintext password - * @param string $salt (optional) salt or hash containing salt (randomly generated if omitted) - * @return string hashed password + * Look up a user by hash. + * @param string $name the user name + * @return User_Model the user object, or null if the name was invalid. */ - private static function _md5Salt($password, $salt="") { - if (empty($salt)) { - for ($i = 0; $i < 4; $i++) { - $char = mt_rand(48, 109); - $char += ($char > 90) ? 13 : ($char > 57) ? 7 : 0; - $salt .= chr($char); - } - } else { - $salt = substr($salt, 0, 4); - } - return $salt . md5($salt . $password); + static function lookup_by_hash($hash) { + return Identity::instance()->lookup_user_by_field("hash", $hash); } - static function cookie_locale() { - $cookie_data = Input::instance()->cookie("g_locale"); - $locale = null; - if ($cookie_data) { - if (preg_match("/^([a-z]{2,3}(?:_[A-Z]{2})?)$/", trim($cookie_data), $matches)) { - $requested_locale = $matches[1]; - $installed_locales = locales::installed(); - if (isset($installed_locales[$requested_locale])) { - $locale = $requested_locale; - } - } - } - return $locale; + /** + * List the users + * @param mixed options to apply to the selection of the user(optional) + * @return array the group list. + */ + static function users($filter=array()) { + return Identity::instance()->list_users($filter); + } + + /** + * Return the edit rules associated with an user. + * + * @return stdClass containing the rules + */ + static function get_edit_rules() { + return Identity::instance()->get_edit_rules("user"); } }
\ No newline at end of file diff --git a/modules/gallery/libraries/Identity.php b/modules/gallery/libraries/Identity.php new file mode 100644 index 00000000..5e6f4217 --- /dev/null +++ b/modules/gallery/libraries/Identity.php @@ -0,0 +1,230 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ + +/** + * Provides a driver-based interface for managing users and groups. + */ +class Identity_Core { + protected static $instances = array(); + + // Configuration + protected $config; + + // Driver object + protected $driver; + + /** + * Returns a singleton instance of Identity. + * + * @param string configuration + * @return Identity_Core + */ + static function & instance($config="default") { + if (!isset(Identity::$instances[$config])) { + // Create a new instance + Identity::$instances[$config] = new Identity($config); + } + + return Identity::$instances[$config]; + } + + /** + * Loads the configured driver and validates it. + * + * @param array|string custom configuration or config group name + * @return void + */ + public function __construct($config="default") { + if (is_string($config)) { + $name = $config; + + // Test the config group name + if (($config = Kohana::config('identity.'.$config)) === NULL) { + throw new Exception("@todo NO USER LIBRARY CONFIGURATION FOR: $name"); + } + + if (is_array($config)) { + // Append the default configuration options + $config += Kohana::config('identity.default'); + } else { + // Load the default group + $config = Kohana::config('identity.default'); + } + + // Cache the config in the object + $this->config = $config; + + // Set driver name + $driver = 'Identity_'.ucfirst($this->config['driver']).'_Driver'; + + // Load the driver + if ( ! Kohana::auto_load($driver)) { + throw new Kohana_Exception('core.driver_not_found', $this->config['driver'], + get_class($this)); + } + + // Initialize the driver + $this->driver = new $driver($this->config['params']); + + // Validate the driver + if ( !($this->driver instanceof Identity_Driver)) + throw new Kohana_Exception('core.driver_implements', $this->config['driver'], + get_class($this), 'Identity_Driver'); + + Kohana::log('debug', 'Identity Library initialized'); + } + } + + /** + * Return the guest user. + * + * @todo consider caching + * + * @return Identity_Model + */ + public function guest() { + return $this->driver->guest(); + } + + /** + * Create a new user. + * + * @param string $name + * @param string $full_name + * @param string $password + * @return Identity_Model + */ + public function create_user($name, $full_name, $password) { + return $this->driver->create_user($name, $full_name, $password); + } + + /** + * Is the password provided correct? + * + * @param user Identity Model + * @param string $password a plaintext password + * @return boolean true if the password is correct + */ + public function is_correct_password($user, $password) { + return $this->driver->is_correct_password($user, $password); + } + + /** + * Create the hashed passwords. + * @param string $password a plaintext password + * @return string hashed password + */ + public function hash_password($password) { + return $this->driver->hash_password($password); + } + + /** + * Look up a user by id. + * @param integer $id the user id + * @return Identity_Model the user object, or null if the id was invalid. + */ + public function lookup_user($id) { + return $this->driver->lookup_user($id); + } + + /** + * Look up a user by field value. + * @param string search field + * @param string search value + * @return Identity_Model the user object, or null if the name was invalid. + */ + public function lookup_user_by_field($field_name, $value) { + return $this->driver->lookup_user_by_field($field_name, $value); + } + + /** + * Create a new group. + * + * @param string $name + * @return Group_Model + */ + public function create_group($name) { + return $this->driver->create_group($name); + } + + /** + * The group of all possible visitors. This includes the guest user. + * + * @return Group_Model + */ + public function everybody() { + return $this->driver->everybody(); + } + + /** + * The group of all logged-in visitors. This does not include guest users. + * + * @return Group_Model + */ + public function registered_users() { + return $this->driver->everybody(); + } + + /** + * Look up a group by id. + * @param integer $id the user id + * @return Group_Model the group object, or null if the id was invalid. + */ + public function lookup_group($id) { + return $this->driver->lookup_group($id); + } + + /** + * Look up a group by name. + * @param integer $id the group name + * @return Group_Model the group object, or null if the name was invalid. + */ + public function lookup_group_by_name($name) { + return $this->driver->lookup_group_by_name($name); + } + + /** + * List the users + * @param mixed options to apply to the selection of the user + * @return array the group list. + */ + public function list_users($filter=array()) { + return $this->driver->list_users($filter); + } + + /** + * List the groups + * @param mixed options to apply to the selection of the user + * @return array the group list. + */ + public function list_groups($filter=array()) { + return $this->driver->list_groups($filter); + } + + /** + * Return the edit rules associated with an group. + * + * @param string $object_type to return rules for ("user"|"group") + * @return stdClass containing the rules + */ + public function get_edit_rules($object_type) { + return $this->driver->get_edit_rules($object_type); + } +} // End Identity diff --git a/modules/gallery/libraries/drivers/Identity.php b/modules/gallery/libraries/drivers/Identity.php new file mode 100644 index 00000000..31bcfe39 --- /dev/null +++ b/modules/gallery/libraries/drivers/Identity.php @@ -0,0 +1,129 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +interface Identity_Driver { + /** + * Return the guest user. + * + * @todo consider caching + * + * @return User_Model + */ + public function guest(); + + /** + * Create a new user. + * + * @param string $name + * @param string $full_name + * @param string $password + * @return User_Core + */ + public function create_user($name, $full_name, $password); + + /** + * Is the password provided correct? + * + * @param user User Model + * @param string $password a plaintext password + * @return boolean true if the password is correct + */ + public function is_correct_password($user, $password); + + /** + * Create the hashed passwords. + * @param string $password a plaintext password + * @return string hashed password + */ + public function hash_password($password); + /** + * Look up a user by id. + * @param integer $id the user id + * @return User_Core the user object, or null if the id was invalid. + */ + public function lookup_user($id); + + /** + * Look up a user by name. + * @param string search field + * @param string search value + * @return User_Core the user object, or null if the name was invalid. + */ + public function lookup_user_by_field($field, $value); + + /** + * Create a new group. + * + * @param string $name + * @return Group_Model + */ + public function create_group($name); + + /** + * The group of all possible visitors. This includes the guest user. + * + * @return Group_Model + */ + public function everybody(); + + /** + * The group of all logged-in visitors. This does not include guest users. + * + * @return Group_Model + */ + public function registered_users(); + + /** + * Look up a group by id. + * @param integer $id the user id + * @return Group_Model the group object, or null if the id was invalid. + */ + public function lookup_group($id); + + /** + * Look up a group by name. + * @param integer $id the group name + * @return Group_Model the group object, or null if the name was invalid. + */ + public function lookup_group_by_name($name); + + /** + * List the users + * @param mixed options to apply to the selection of the user + * @todo Do a longer write up on format of filters (@see Database.php) + * @return array the group list. + */ + public function list_users($filter=array()); + + /** + * List the groups + * @param mixed options to apply to the selection of the user + * @todo Do a longer write up on format of filters (@see Database.php) + * @return array the group list. + */ + public function list_groups($filter=array()); + + /** + * Return the edit rules associated with an group. + * + * @param string $object_type to return rules for ("user"|"group") + * @return stdClass containing the rules + */ + public function get_edit_rules($object_type); +} // End User Driver
\ No newline at end of file diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 246d5fcd..5d356841 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -332,7 +332,7 @@ class Item_Model extends ORM_MPTT { // This relationship depends on an outside module, which may not be present so handle // failures gracefully. try { - return model_cache::get("user", $this->owner_id); + return user::lookup($this->owner_id); } catch (Exception $e) { return null; } diff --git a/modules/gallery/models/log.php b/modules/gallery/models/log.php index 6734afb8..d143d7bd 100644 --- a/modules/gallery/models/log.php +++ b/modules/gallery/models/log.php @@ -18,5 +18,20 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class Log_Model extends ORM { - protected $has_one = array("user"); + /** + * @see ORM::__get() + */ + public function __get($column) { + if ($column == "user") { + // This relationship depends on an outside module, which may not be present so handle + // failures gracefully. + try { + return user::lookup($this->user_id); + } catch (Exception $e) { + return null; + } + } else { + return parent::__get($column); + } + } } diff --git a/modules/notification/helpers/notification.php b/modules/notification/helpers/notification.php index 88d92b16..8cf9f428 100644 --- a/modules/notification/helpers/notification.php +++ b/modules/notification/helpers/notification.php @@ -67,15 +67,20 @@ class notification { } static function get_subscribers($item) { - // @todo don't access the user table directly // @todo only return distinct email addresses - $users = ORM::factory("user") - ->join("subscriptions", "users.id", "subscriptions.user_id") - ->join("items", "subscriptions.item_id", "items.id") - ->where("email IS NOT", null) - ->where("items.left_ptr <=", $item->left_ptr) - ->where("items.right_ptr >", $item->right_ptr) - ->find_all(); + $subscriber_ids = array(); + foreach (ORM::factory("subscription") + ->select("user_id") + ->join("items", "subscriptions.item_id", "items.id") + ->where("items.left_ptr <=", $item->left_ptr) + ->where("items.right_ptr >", $item->right_ptr) + ->find_all() + ->as_array() as $subscriber) { + $subscriber_ids[] = $subscriber->user_id; + } + + $users = user::users(array("in" => array("id", $subscriber_ids), + "where" => array("email IS NOT" => null))); $subscribers = array(); foreach ($users as $user) { diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php index 0b748955..6c72440a 100644 --- a/modules/user/controllers/admin_users.php +++ b/modules/user/controllers/admin_users.php @@ -21,8 +21,8 @@ class Admin_Users_Controller extends Admin_Controller { public function index() { $view = new Admin_View("admin.html"); $view->content = new View("admin_users.html"); - $view->content->users = ORM::factory("user")->orderby("name")->find_all(); - $view->content->groups = ORM::factory("group")->orderby("name")->find_all(); + $view->content->users = user::users(array("orderby" => array("name" => "ASC"))); + $view->content->groups = group::groups(array("orderby" => array("name" => "ASC"))); print $view; } @@ -32,8 +32,7 @@ class Admin_Users_Controller extends Admin_Controller { $form = user::get_add_form_admin(); $valid = $form->validate(); $name = $form->add_user->inputs["name"]->value; - $user = ORM::factory("user")->where("name", $name)->find(); - if ($user->loaded) { + if ($user = user::lookup_by_name($name)) { $form->add_user->inputs["name"]->add_error("in_use", 1); $valid = false; } @@ -70,8 +69,8 @@ class Admin_Users_Controller extends Admin_Controller { access::forbidden(); } - $user = ORM::factory("user", $id); - if (!$user->loaded) { + $user = user::lookup($id); + if (empty($user)) { kohana::show_404(); } @@ -91,8 +90,8 @@ class Admin_Users_Controller extends Admin_Controller { } public function delete_user_form($id) { - $user = ORM::factory("user", $id); - if (!$user->loaded) { + $user = user::lookup($id); + if (empty($user)) { kohana::show_404(); } print user::get_delete_form_admin($user); @@ -101,8 +100,8 @@ class Admin_Users_Controller extends Admin_Controller { public function edit_user($id) { access::verify_csrf(); - $user = ORM::factory("user", $id); - if (!$user->loaded) { + $user = user::lookup($id); + if (empty($user)) { kohana::show_404(); } @@ -110,12 +109,9 @@ class Admin_Users_Controller extends Admin_Controller { $valid = $form->validate(); if ($valid) { $new_name = $form->edit_user->inputs["name"]->value; + $temp_user = user::lookup_by_name($new_name); if ($new_name != $user->name && - ORM::factory("user") - ->where("name", $new_name) - ->where("id !=", $user->id) - ->find() - ->loaded) { + ($temp_user && $temp_user->id != $user->id)) { $form->edit_user->inputs["name"]->add_error("in_use", 1); $valid = false; } else { @@ -151,8 +147,8 @@ class Admin_Users_Controller extends Admin_Controller { } public function edit_user_form($id) { - $user = ORM::factory("user", $id); - if (!$user->loaded) { + $user = user::lookup($id); + if (empty($user)) { kohana::show_404(); } @@ -166,23 +162,23 @@ class Admin_Users_Controller extends Admin_Controller { public function add_user_to_group($user_id, $group_id) { access::verify_csrf(); - $group = ORM::factory("group", $group_id); - $user = ORM::factory("user", $user_id); + $group = group::lookup($group_id); + $user = user::lookup($user_id); $group->add($user); $group->save(); } public function remove_user_from_group($user_id, $group_id) { access::verify_csrf(); - $group = ORM::factory("group", $group_id); - $user = ORM::factory("user", $user_id); + $group = group::lookup($group_id); + $user = user::lookup($user_id); $group->remove($user); $group->save(); } public function group($group_id) { $view = new View("admin_users_group.html"); - $view->group = ORM::factory("group", $group_id); + $view->group = group::lookup($group_id); print $view; } @@ -193,8 +189,8 @@ class Admin_Users_Controller extends Admin_Controller { $valid = $form->validate(); if ($valid) { $new_name = $form->add_group->inputs["name"]->value; - $group = ORM::factory("group")->where("name", $new_name)->find(); - if ($group->loaded) { + $group = group::lookup_by_name($new_name); + if (!empty($group)) { $form->add_group->inputs["name"]->add_error("in_use", 1); $valid = false; } @@ -219,8 +215,8 @@ class Admin_Users_Controller extends Admin_Controller { public function delete_group($id) { access::verify_csrf(); - $group = ORM::factory("group", $id); - if (!$group->loaded) { + $group = group::lookup($id); + if (empty($group)) { kohana::show_404(); } @@ -240,19 +236,20 @@ class Admin_Users_Controller extends Admin_Controller { } public function delete_group_form($id) { - $group = ORM::factory("group", $id); - if (!$group->loaded) { + $group = group::lookup($id); + if (empty($group)) { kohana::show_404(); } + print group::get_delete_form_admin($group); } public function edit_group($id) { access::verify_csrf(); - $group = ORM::factory("group", $id); - if (!$group->loaded) { - kohana::show_404(); + $group = group::lookup($id); + if (empty($group)) { + kohana::show_404(); } $form = group::get_edit_form_admin($group); @@ -260,7 +257,7 @@ class Admin_Users_Controller extends Admin_Controller { if ($valid) { $new_name = $form->edit_group->inputs["name"]->value; - $group = ORM::factory("group")->where("name", $new_name)->find(); + $group = group::lookup_by_name($name); if ($group->loaded) { $form->edit_group->inputs["name"]->add_error("in_use", 1); $valid = false; @@ -282,8 +279,8 @@ class Admin_Users_Controller extends Admin_Controller { } public function edit_group_form($id) { - $group = ORM::factory("group", $id); - if (!$group->loaded) { + $group = group::lookup($id); + if (empty($group)) { kohana::show_404(); } diff --git a/modules/user/controllers/login.php b/modules/user/controllers/login.php index 8bee7db5..2c4bd557 100644 --- a/modules/user/controllers/login.php +++ b/modules/user/controllers/login.php @@ -53,13 +53,12 @@ class Login_Controller extends Controller { print $form; } } - private function _auth($url) { $form = user::get_login_form($url); $valid = $form->validate(); if ($valid) { - $user = ORM::factory("user")->where("name", $form->login->inputs["name"]->value)->find(); - if (!$user->loaded || !user::is_correct_password($user, $form->login->password->value)) { + $user = user::lookup_by_name($form->login->inputs["name"]->value); + if (empty($user) || !user::is_correct_password($user, $form->login->password->value)) { log::warning( "user", t("Failed login for %name", diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php index 4629bbf2..817ff01c 100644 --- a/modules/user/controllers/password.php +++ b/modules/user/controllers/password.php @@ -32,10 +32,8 @@ class Password_Controller extends Controller { if (request::method() == "post") { $this->_change_password(); } else { - $user = ORM::factory("user") - ->where("hash", Input::instance()->get("key")) - ->find(); - if ($user->loaded) { + $user = user::lookyp_by_hash(Input::instance()->get("key")); + if (!empty($user)) { print $this->_new_password_form($user->hash); } else { throw new Exception("@todo FORBIDDEN", 503); @@ -48,7 +46,7 @@ class Password_Controller extends Controller { $valid = $form->validate(); if ($valid) { - $user = ORM::factory("user")->where("name", $form->reset->inputs["name"]->value)->find(); + $user = user::lockup_by_name($form->reset->inputs["name"]->value); if (!$user->loaded || empty($user->email)) { $form->reset->inputs["name"]->add_error("no_email", 1); $valid = false; @@ -118,11 +116,8 @@ class Password_Controller extends Controller { private function _change_password() { $view = $this->_new_password_form(); if ($view->content->validate()) { - $user = ORM::factory("user") - ->where("hash", $view->content->reset->hash->value) - ->find(); - - if (!$user->loaded) { + $user = user::lookyp_by_hash(Input::instance()->get("key")); + if (empty($user)) { throw new Exception("@todo FORBIDDEN", 503); } diff --git a/modules/user/libraries/drivers/Identity/Gallery.php b/modules/user/libraries/drivers/Identity/Gallery.php new file mode 100644 index 00000000..5e201cb7 --- /dev/null +++ b/modules/user/libraries/drivers/Identity/Gallery.php @@ -0,0 +1,258 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +/* + * Based on the Cache_Sqlite_Driver developed by the Kohana Team + */ +class Identity_Gallery_Driver implements Identity_Driver { + /** + * Return the guest user. + * + * @todo consider caching + * + * @return User_Model + */ + public function guest() { + return model_cache::get("user", 1); + } + + /** + * Create a new user. + * + * @param string $name + * @param string $full_name + * @param string $password + * @return User_Model + */ + public function create_user($name, $full_name, $password) { + $user = ORM::factory("user")->where("name", $name)->find(); + if ($user->loaded) { + throw new Exception("@todo USER_ALREADY_EXISTS $name"); + } + + $user->name = $name; + $user->full_name = $full_name; + $user->password = $password; + + // Required groups + $user->add(group::everybody()); + $user->add(group::registered_users()); + + $user->save(); + return $user; + } + + /** + * Is the password provided correct? + * + * @param user User Model + * @param string $password a plaintext password + * @return boolean true if the password is correct + */ + public function is_correct_password($user, $password) { + $valid = $user->password; + + // Try phpass first, since that's what we generate. + if (strlen($valid) == 34) { + require_once(MODPATH . "user/lib/PasswordHash.php"); + $hashGenerator = new PasswordHash(10, true); + return $hashGenerator->CheckPassword($password, $valid); + } + + $salt = substr($valid, 0, 4); + // Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes: + $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password)); + if (!strcmp($guess, $valid)) { + return true; + } + + // Passwords with <&"> created by G2 prior to 2.1 were hashed with entities + $sanitizedPassword = html::specialchars($password, false); + $guess = (strlen($valid) == 32) ? md5($sanitizedPassword) + : ($salt . md5($salt . $sanitizedPassword)); + if (!strcmp($guess, $valid)) { + return true; + } + + return false; + } + + /** + * Create the hashed passwords. + * @param string $password a plaintext password + * @return string hashed password + */ + public function hash_password($password) { + require_once(MODPATH . "user/lib/PasswordHash.php"); + $hashGenerator = new PasswordHash(10, true); + return $hashGenerator->HashPassword($password); + } + + /** + * Look up a user by id. + * @param integer $id the user id + * @return User_Model the user object, or null if the id was invalid. + */ + public function lookup_user($id) { + $user = model_cache::get("user", $id); + if ($user->loaded) { + return $user; + } + return null; + } + + /** + * Look up a user by field value. + * @param string search field + * @param string search value + * @return User_Core the user object, or null if the name was invalid. + */ + public function lookup_user_by_field($field_name, $value) { + try { + $user = model_cache::get("user", $value, $field_name); + if ($user->loaded) { + return $user; + } + } catch (Exception $e) { + if (strpos($e->getMessage(), "MISSING_MODEL") === false) { + throw $e; + } + } + return null; + } + + /** + * Create a new group. + * + * @param string $name + * @return Group_Model + */ + public function create_group($name) { + $group = ORM::factory("group")->where("name", $name)->find(); + if ($group->loaded) { + throw new Exception("@todo GROUP_ALREADY_EXISTS $name"); + } + + $group->name = $name; + $group->save(); + + return $group; + } + + /** + * The group of all possible visitors. This includes the guest user. + * + * @return Group_Model + */ + public function everybody() { + return model_cache::get("group", 1); + } + + /** + * The group of all logged-in visitors. This does not include guest users. + * + * @return Group_Model + */ + public function registered_users() { + return model_cache::get("group", 2); + } + + /** + * Look up a user by id. + * @param integer $id the user id + * @return User_Model the user object, or null if the id was invalid. + */ + public function lookup_group($id) { + $group = model_cache::get("group", $id); + if ($group->loaded) { + return $group; + } + return null; + } + + /** + * Look up a group by name. + * @param integer $id the group name + * @return Group_Model the group object, or null if the name was invalid. + */ + public function lookup_group_by_name($name) { + try { + $group = model_cache::get("group", $name, "name"); + if ($group->loaded) { + return $group; + } + } catch (Exception $e) { + if (strpos($e->getMessage(), "MISSING_MODEL") === false) { + throw $e; + } + } + return null; + } + + /** + * List the users + * @param mixed options to apply to the selection of the user + * @return array the group list. + */ + public function list_users($filter=array()) { + return $this->_do_search("user", $filter); + } + + + /** + * List the groups + * @param mixed options to apply to the selection of the user + * @return array the group list. + */ + public function list_groups($filter=array()) { + return $this->_do_search("group", $filter); + } + + /** + * Return the edit rules associated with an group. + * + * @param string $object_type to return rules for ("user"|"group") + * @return stdClass containing the rules + */ + public function get_edit_rules($object_type) { + return (object)ORM::factory($object_type)->rules; + } + + /** + * Build the query based on the supplied filters for the specified model. + * @param string $object_type to return rules for ("user"|"group") + * @param mixed $filters options to apply to the selection. + */ + private function _do_search($object_type, $filter) { + $object = ORM::factory($object_type); + + foreach ($filter as $method => $args) { + switch ($method) { + case "in": + $object->in($args[0], $args[1]); + break; + default: + $object->$method($args); + } + } + + return $object->find_all(); + } + +} // End Identity Gallery Driver
\ No newline at end of file |