diff options
Diffstat (limited to 'modules/gallery/helpers/user.php')
| -rw-r--r-- | modules/gallery/helpers/user.php | 248 |
1 files changed, 104 insertions, 144 deletions
diff --git a/modules/gallery/helpers/user.php b/modules/gallery/helpers/user.php index cb205170..9052e932 100644 --- a/modules/gallery/helpers/user.php +++ b/modules/gallery/helpers/user.php @@ -25,24 +25,34 @@ */ class user_Core { static function get_edit_form($user) { + $writable = self::is_writable(); $form = new Forge("users/update/$user->id", "", "post", array("id" => "g-edit-user-form")); $form->set_attr("class", "g-narrow"); $group = $form->group("edit_user")->label(t("Edit User: %name", array("name" => $user->name))); $group->input("full_name")->label(t("Full Name"))->id("g-fullname")->value($user->full_name); self::_add_locale_dropdown($group, $user); - $group->password("password")->label(t("Password"))->id("g-password"); - $group->password("password2")->label(t("Confirm Password"))->id("g-password2") - ->matches($group->password); + if ($writable) { + $group->password("password")->label(t("Password"))->id("g-password"); + $group->password("password2")->label(t("Confirm Password"))->id("g-password2") + ->matches($group->password); + } $group->input("email")->label(t("Email"))->id("g-email")->value($user->email); $group->input("url")->label(t("URL"))->id("g-url")->value($user->url); - $form->add_rules_from($user); + $form->add_rules_from(self::get_edit_rules()); module::event("user_edit_form", $user, $form); $group->submit("")->value(t("Save")); + + if (!$writable) { + foreach ($group->inputs as $input) { + $input->disabled("disabled"); + } + } return $form; } static function get_edit_form_admin($user) { + $writable = self::is_writable(); $form = new Forge( "admin/users/edit_user/$user->id", "", "post", array("id" => "g-edit-user-form")); $group = $form->group("edit_user")->label(t("Edit User")); @@ -51,17 +61,23 @@ class user_Core { "in_use", t("There is already a user with that username")); $group->input("full_name")->label(t("Full Name"))->id("g-fullname")->value($user->full_name); self::_add_locale_dropdown($group, $user); - $group->password("password")->label(t("Password"))->id("g-password"); - $group->password("password2")->label(t("Confirm Password"))->id("g-password2") - ->matches($group->password); + if ($writable) { + $group->password("password")->label(t("Password"))->id("g-password"); + $group->password("password2")->label(t("Confirm Password"))->id("g-password2") + ->matches($group->password); + } $group->input("email")->label(t("Email"))->id("g-email")->value($user->email); $group->input("url")->label(t("URL"))->id("g-url")->value($user->url); $group->checkbox("admin")->label(t("Admin"))->id("g-admin")->checked($user->admin); - $form->add_rules_from($user); - $form->edit_user->password->rules("-required"); + $form->add_rules_from(self::get_edit_rules()); module::event("user_edit_form_admin", $user, $form); $group->submit("")->value(t("Modify User")); + if (!$writable) { + foreach ($group->inputs as $input) { + $input->disabled("disabled"); + } + } return $form; } @@ -79,8 +95,7 @@ class user_Core { $group->input("url")->label(t("URL"))->id("g-url"); self::_add_locale_dropdown($group); $group->checkbox("admin")->label(t("Admin"))->id("g-admin"); - $user = ORM::factory("user"); - $form->add_rules_from($user); + $form->add_rules_from(self::get_edit_rules()); module::event("user_add_form_admin", $user, $form); $group->submit("")->value(t("Add User")); @@ -124,41 +139,6 @@ class user_Core { } /** - * Make sure that we have a session and group_ids cached in the session. - */ - static function load_user() { - $session = Session::instance(); - if (!($user = $session->get("user"))) { - $session->set("user", $user = user::guest()); - } - - // The installer cannot set a user into the session, so it just sets an id which we should - // upconvert into a user. - if ($user === 2) { - $user = model_cache::get("user", 2); - user::login($user); - $session->set("user", $user); - } - - if (!$session->get("group_ids")) { - $ids = array(); - foreach ($user->groups as $group) { - $ids[] = $group->id; - } - $session->set("group_ids", $ids); - } - } - - /** - * Return the array of group ids this user belongs to - * - * @return array - */ - static function group_ids() { - return Session::instance()->get("group_ids", array(1)); - } - - /** * Return the active user. If there's no active user, return the guest user. * * @return User_Model @@ -169,23 +149,12 @@ class user_Core { if (!isset($user)) { // Don't do this as a fallback in the Session::get() call because it can trigger unnecessary // work. - $user = user::guest(); + $user = self::guest(); } return $user; } /** - * Return the guest user. - * - * @todo consider caching - * - * @return User_Model - */ - static function guest() { - return model_cache::get("user", 1); - } - - /** * Change the active user. * * @return User_Model @@ -198,75 +167,42 @@ class user_Core { } /** - * Create a new user. + * Return the array of group ids this user belongs to * - * @param string $name - * @param string $full_name - * @param string $password - * @return User_Model + * @return array */ - static function create($name, $full_name, $password) { - $user = ORM::factory("user")->where("name", $name)->find(); - if ($user->loaded) { - throw new Exception("@todo USER_ALREADY_EXISTS $name"); - } - - $user->name = $name; - $user->full_name = $full_name; - $user->password = $password; - - // Required groups - $user->add(group::everybody()); - $user->add(group::registered_users()); - - $user->save(); - return $user; + static function group_ids() { + return Session::instance()->get("group_ids", array(1)); } /** - * Is the password provided correct? - * - * @param user User Model - * @param string $password a plaintext password - * @return boolean true if the password is correct + * Make sure that we have a session and group_ids cached in the session. This is one + * of the first calls to reference the user so call the Identity::instance to load the + * driver classes. */ - static function is_correct_password($user, $password) { - $valid = $user->password; - - // Try phpass first, since that's what we generate. - if (strlen($valid) == 34) { - require_once(MODPATH . "user/lib/PasswordHash.php"); - $hashGenerator = new PasswordHash(10, true); - return $hashGenerator->CheckPassword($password, $valid); + static function load_user() { + Identity::instance(); + $session = Session::instance(); + if (!($user = $session->get("user"))) { + $session->set("user", $user = self::guest()); } - $salt = substr($valid, 0, 4); - // Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes: - $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password)); - if (!strcmp($guess, $valid)) { - return true; + // The installer cannot set a user into the session, so it just sets an id which we should + // upconvert into a user. + // @todo what is user id===2 + if ($user === 2) { + $user = model_cache::get("user", 2); + self::login($user); + $session->set("user", $user); } - // Passwords with <&"> created by G2 prior to 2.1 were hashed with entities - $sanitizedPassword = html::specialchars($password, false); - $guess = (strlen($valid) == 32) ? md5($sanitizedPassword) - : ($salt . md5($salt . $sanitizedPassword)); - if (!strcmp($guess, $valid)) { - return true; + if (!$session->get("group_ids")) { + $ids = array(); + foreach ($user->groups as $group) { + $ids[] = $group->id; + } + $session->set("group_ids", $ids); } - - return false; - } - - /** - * Create the hashed passwords. - * @param string $password a plaintext password - * @return string hashed password - */ - static function hash_password($password) { - require_once(MODPATH . "user/lib/PasswordHash.php"); - $hashGenerator = new PasswordHash(10, true); - return $hashGenerator->HashPassword($password); } /** @@ -274,11 +210,12 @@ class user_Core { * @param object $user the user object. */ static function login($user) { + // @todo make this an interface call $user->login_count += 1; $user->last_login = time(); $user->save(); - user::set_active($user); + self::set_active($user); module::event("user_login", $user); } @@ -287,7 +224,7 @@ class user_Core { * @param object $user the user object. */ static function logout() { - $user = user::active(); + $user = self::active(); if (!$user->guest) { try { Session::instance()->destroy(); @@ -299,58 +236,81 @@ class user_Core { } /** + * @see Identity_Core::is_writable. + */ + static function is_writable() { + return Identity::instance()->is_writable(); + } + + /** + * @see Identity_Driver::guest. + */ + static function guest() { + return Identity::instance()->guest(); + } + + /** + * @see Identity_Driver::create_user. + */ + static function create($name, $full_name, $password) { + return Identity::instance()->create_user($name, $full_name, $password); + } + + /** + * @see Identity_Driver::is_correct_password. + */ + static function is_correct_password($user, $password) { + return Identity::instance()->is_correct_password($user, $password); + } + + /** + * @see Identity_Driver::hash_password. + */ + static function hash_password($password) { + return Identity::instance()->hash_password($password); + } + + /** * Look up a user by id. * @param integer $id the user id - * @return User_Model the user object, or null if the id was invalid. + * @return User_Definition the user object, or null if the id was invalid. */ static function lookup($id) { - return self::_lookup_user_by_field("id", $id); + return Identity::instance()->lookup_user_by_field("id", $id); } /** * Look up a user by name. * @param integer $name the user name - * @return User_Model the user object, or null if the name was invalid. + * @return User_Definition the user object, or null if the name was invalid. */ static function lookup_by_name($name) { - return self::_lookup_user_by_field("name", $name); + return Identity::instance()->lookup_user_by_field("name", $name); } /** * Look up a user by hash. - * @param integer $hash the user hash value - * @return User_Model the user object, or null if the name was invalid. + * @param string $name the user name + * @return User_Definition the user object, or null if the name was invalid. */ static function lookup_by_hash($hash) { - return self::_lookup_user_by_field("hash", $hash); + return Identity::instance()->lookup_user_by_field("hash", $hash); } /** - * List the users - * @param mixed filters (@see Database.php - * @return array the user list. + * @see Identity_Driver::get_user_list. */ static function get_user_list($filter=array()) { - $user = ORM::factory("user"); - - foreach($filter as $method => $args) { - switch ($method) { - case "in": - $user->in($args[0], $args[1]); - break; - default: - $user->$method($args); - } - } - return $user->find_all(); + return Identity::instance()->get_user_list($filter); } /** - * Look up a user by field value. - * @param string search field - * @param string search value - * @return User_Core the user object, or null if the name was invalid. + * @see Identity_Driver::get_edit_rules. */ + static function get_edit_rules() { + return Identity::instance()->get_edit_rules("user"); + } + private static function _lookup_user_by_field($field_name, $value) { try { $user = model_cache::get("user", $value, $field_name); |