id", "", "post", array("id" => "g-edit-user-form")); $form->set_attr("class", "g-narrow"); $group = $form->group("edit_user")->label(t("Edit User: %name", array("name" => $user->name))); $group->input("full_name")->label(t("Full Name"))->id("g-fullname")->value($user->full_name); self::_add_locale_dropdown($group, $user); $group->password("password")->label(t("Password"))->id("g-password"); $group->password("password2")->label(t("Confirm Password"))->id("g-password2") ->matches($group->password); $group->input("email")->label(t("Email"))->id("g-email")->value($user->email); $group->input("url")->label(t("URL"))->id("g-url")->value($user->url); $form->add_rules_from($user); module::event("user_edit_form", $user, $form); $group->submit("")->value(t("Save")); return $form; } static function get_edit_form_admin($user) { $form = new Forge( "admin/users/edit_user/$user->id", "", "post", array("id" => "g-edit-user-form")); $group = $form->group("edit_user")->label(t("Edit User")); $group->input("name")->label(t("Username"))->id("g-username")->value($user->name); $group->inputs["name"]->error_messages( "in_use", t("There is already a user with that username")); $group->input("full_name")->label(t("Full Name"))->id("g-fullname")->value($user->full_name); self::_add_locale_dropdown($group, $user); $group->password("password")->label(t("Password"))->id("g-password"); $group->password("password2")->label(t("Confirm Password"))->id("g-password2") ->matches($group->password); $group->input("email")->label(t("Email"))->id("g-email")->value($user->email); $group->input("url")->label(t("URL"))->id("g-url")->value($user->url); $group->checkbox("admin")->label(t("Admin"))->id("g-admin")->checked($user->admin); $form->add_rules_from($user); $form->edit_user->password->rules("-required"); module::event("user_edit_form_admin", $user, $form); $group->submit("")->value(t("Modify User")); return $form; } static function get_add_form_admin() { $form = new Forge("admin/users/add_user", "", "post", array("id" => "g-add-user-form")); $form->set_attr('class', "g-narrow"); $group = $form->group("add_user")->label(t("Add User")); $group->input("name")->label(t("Username"))->id("g-username") ->error_messages("in_use", t("There is already a user with that username")); $group->input("full_name")->label(t("Full Name"))->id("g-fullname"); $group->password("password")->label(t("Password"))->id("g-password"); $group->password("password2")->label(t("Confirm Password"))->id("g-password2") ->matches($group->password); $group->input("email")->label(t("Email"))->id("g-email"); $group->input("url")->label(t("URL"))->id("g-url"); self::_add_locale_dropdown($group); $group->checkbox("admin")->label(t("Admin"))->id("g-admin"); $user = ORM::factory("user"); $form->add_rules_from($user); module::event("user_add_form_admin", $user, $form); $group->submit("")->value(t("Add User")); return $form; } private static function _add_locale_dropdown(&$form, $user=null) { $locales = locales::installed(); foreach ($locales as $locale => $display_name) { $locales[$locale] = SafeString::of_safe_html($display_name); } if (count($locales) > 1) { // Put "none" at the first position in the array $locales = array_merge(array("" => t("« none »")), $locales); $selected_locale = ($user && $user->locale) ? $user->locale : ""; $form->dropdown("locale") ->label(t("Language Preference")) ->options($locales) ->selected($selected_locale); } } static function get_delete_form_admin($user) { $form = new Forge("admin/users/delete_user/$user->id", "", "post", array("id" => "g-delete-user-form")); $group = $form->group("delete_user")->label( t("Are you sure you want to delete user %name?", array("name" => $user->name))); $group->submit("")->value(t("Delete user %name", array("name" => $user->name))); return $form; } static function get_login_form($url) { $form = new Forge($url, "", "post", array("id" => "g-login-form")); $form->set_attr('class', "g-narrow"); $group = $form->group("login")->label(t("Login")); $group->input("name")->label(t("Username"))->id("g-username")->class(null); $group->password("password")->label(t("Password"))->id("g-password")->class(null); $group->inputs["name"]->error_messages("invalid_login", t("Invalid name or password")); $group->submit("")->value(t("Login")); return $form; } /** * Make sure that we have a session and group_ids cached in the session. */ static function load_user() { $session = Session::instance(); if (!($user = $session->get("user"))) { $session->set("user", $user = user::guest()); } // The installer cannot set a user into the session, so it just sets an id which we should // upconvert into a user. if ($user === 2) { $user = model_cache::get("user", 2); user::login($user); $session->set("user", $user); } if (!$session->get("group_ids")) { $ids = array(); foreach ($user->groups as $group) { $ids[] = $group->id; } $session->set("group_ids", $ids); } } /** * Return the array of group ids this user belongs to * * @return array */ static function group_ids() { return Session::instance()->get("group_ids", array(1)); } /** * Return the active user. If there's no active user, return the guest user. * * @return User_Model */ static function active() { // @todo (maybe) cache this object so we're not always doing session lookups. $user = Session::instance()->get("user", null); if (!isset($user)) { // Don't do this as a fallback in the Session::get() call because it can trigger unnecessary // work. $user = user::guest(); } return $user; } /** * Return the guest user. * * @todo consider caching * * @return User_Model */ static function guest() { return model_cache::get("user", 1); } /** * Change the active user. * * @return User_Model */ static function set_active($user) { $session = Session::instance(); $session->set("user", $user); $session->delete("group_ids"); self::load_user(); } /** * Create a new user. * * @param string $name * @param string $full_name * @param string $password * @return User_Model */ static function create($name, $full_name, $password) { $user = ORM::factory("user")->where("name", $name)->find(); if ($user->loaded) { throw new Exception("@todo USER_ALREADY_EXISTS $name"); } $user->name = $name; $user->full_name = $full_name; $user->password = $password; // Required groups $user->add(group::everybody()); $user->add(group::registered_users()); $user->save(); return $user; } /** * Is the password provided correct? * * @param user User Model * @param string $password a plaintext password * @return boolean true if the password is correct */ static function is_correct_password($user, $password) { $valid = $user->password; // Try phpass first, since that's what we generate. if (strlen($valid) == 34) { require_once(MODPATH . "user/lib/PasswordHash.php"); $hashGenerator = new PasswordHash(10, true); return $hashGenerator->CheckPassword($password, $valid); } $salt = substr($valid, 0, 4); // Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes: $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password)); if (!strcmp($guess, $valid)) { return true; } // Passwords with <&"> created by G2 prior to 2.1 were hashed with entities $sanitizedPassword = html::specialchars($password, false); $guess = (strlen($valid) == 32) ? md5($sanitizedPassword) : ($salt . md5($salt . $sanitizedPassword)); if (!strcmp($guess, $valid)) { return true; } return false; } /** * Create the hashed passwords. * @param string $password a plaintext password * @return string hashed password */ static function hash_password($password) { require_once(MODPATH . "user/lib/PasswordHash.php"); $hashGenerator = new PasswordHash(10, true); return $hashGenerator->HashPassword($password); } /** * Log in as a given user. * @param object $user the user object. */ static function login($user) { $user->login_count += 1; $user->last_login = time(); $user->save(); user::set_active($user); module::event("user_login", $user); } /** * Log out the active user and destroy the session. * @param object $user the user object. */ static function logout() { $user = user::active(); if (!$user->guest) { try { Session::instance()->destroy(); } catch (Exception $e) { Kohana::log("error", $e); } module::event("user_logout", $user); } } /** * Look up a user by id. * @param integer $id the user id * @return User_Model the user object, or null if the id was invalid. */ static function lookup($id) { return self::_lookup_user_by_field("id", $id); } /** * Look up a user by name. * @param integer $name the user name * @return User_Model the user object, or null if the name was invalid. */ static function lookup_by_name($name) { return self::_lookup_user_by_field("name", $name); } /** * Look up a user by hash. * @param integer $hash the user hash value * @return User_Model the user object, or null if the name was invalid. */ static function lookup_by_hash($hash) { return self::_lookup_user_by_field("hash", $hash); } /** * List the users * @param mixed filters (@see Database.php * @return array the user list. */ static function get_user_list($filter=array()) { $user = ORM::factory("user"); foreach($filter as $method => $args) { switch ($method) { case "in": $user->in($args[0], $args[1]); break; default: $user->$method($args); } } return $user->find_all(); } /** * Look up a user by field value. * @param string search field * @param string search value * @return User_Core the user object, or null if the name was invalid. */ private static function _lookup_user_by_field($field_name, $value) { try { $user = model_cache::get("user", $value, $field_name); if ($user->loaded) { return $user; } } catch (Exception $e) { if (strpos($e->getMessage(), "MISSING_MODEL") === false) { throw $e; } } return null; } }