| [ Index ] |
|
Code source de phpMyVisites 2.3 |
1 <?php 2 /* 3 * phpMyVisites : website statistics and audience measurements 4 * Copyright (C) 2002 - 2006 5 * http://www.phpmyvisites.net/ 6 * phpMyVisites is free software (license GNU/GPL) 7 * Authors : phpMyVisites team 8 */ 9 10 // $Id: User.class.php 231 2007-07-04 09:39:22Z matthieu_ $ 11 12 require_once INCLUDE_PATH . "/core/include/Cookie.class.php"; 13 14 define ('PMV_ANONYMOUS_LOGIN', 'anonymous'); 15 16 class User 17 { 18 var $cookie; 19 var $viewPermission; 20 var $adminPermission; 21 var $suPermission; 22 var $login; 23 var $password; 24 25 var $infoUser; 26 27 function User( ) 28 { 29 $this->alias = 'Anonymous'; 30 $this->login = PMV_ANONYMOUS_LOGIN; 31 32 $this->cookie = new Cookie( COOKIE_NAME_SESSION ); 33 $this->cookie->setExpire( 3600 ); 34 $this->viewPermission = array(); 35 $this->adminPermission = array(); 36 $this->suPermission = false; 37 $this->rssHash = false; 38 $this->rssHashUrl = false; 39 } 40 41 /** 42 * Singleton 43 */ 44 function &getInstance() 45 { 46 static $instance; 47 if (!isset($instance)){ 48 $c = __CLASS__; 49 $instance = new $c(); 50 } 51 return $instance; 52 53 } 54 55 function getInfo( $login ) 56 { 57 $r = query("SELECT * 58 FROM ".T_USERS." 59 WHERE login = '".$login."'"); 60 return mysql_fetch_assoc($r); 61 } 62 63 function getAlias() 64 { 65 return $this->alias; 66 } 67 68 function getLogin() 69 { 70 return $this->login; 71 } 72 73 function isCorrect( $login, $password) 74 { 75 $db =& Db::getInstance(); 76 $toReturn = false; 77 $conf =& PmvConfig::getInstance(); 78 $suLogin = $conf->content['su_login']; 79 $suPassword = $conf->content['su_password']; 80 81 //print($login . " and $password"); 82 if($login === $suLogin && $password === $suPassword ) 83 { 84 $this->suPermission = true; 85 $toReturn = true; 86 } 87 elseif( $login === PMV_ANONYMOUS_LOGIN) 88 { 89 $toReturn = true; 90 } 91 elseif( !empty($login) && !empty($password)) 92 { 93 if($db->isReady()) 94 { 95 // select password for the login 96 $r = query("SELECT password 97 FROM ".T_USERS." 98 WHERE login = '".$login."'"); 99 if(mysql_num_rows( $r ) > 0) 100 { 101 while( $rr = mysql_fetch_array($r) ) 102 { 103 if($rr['password'] === $password) 104 { 105 $toReturn = true; 106 break; 107 } 108 } 109 } 110 } 111 } 112 113 if($toReturn) 114 { 115 $this->setLoginAndPassword($login, $password ); 116 } 117 return $toReturn; 118 } 119 120 function setLoginAndPassword($login, $password) 121 { 122 $this->login = $login; 123 $this->password = $password; 124 $this->cookie->setVar('login',$login); 125 $this->cookie->setVar('password',$password); 126 $this->cookie->save(); 127 } 128 129 function getRssHash() 130 { 131 if($this->suPermission) 132 { 133 return md5( SU_LOGIN . SU_PASSWORD ); 134 } 135 else 136 { 137 return $this->rssHash; 138 } 139 } 140 141 function loadPermissions() 142 { 143 if(!$this->suPermission) 144 { 145 if($this->rssHashUrl) 146 { 147 if($this->rssHashUrl == md5( SU_LOGIN . SU_PASSWORD )) 148 { 149 $this->suPermission = true; 150 return; 151 } 152 153 $fieldName = 'rss_hash'; 154 $fieldValue = $this->rssHashUrl; 155 156 } 157 else 158 { 159 $fieldName = 'login'; 160 $fieldValue = $this->login; 161 } 162 $db =& Db::getInstance(); 163 if( $db->isReady() 164 && $db->areAllTablesInstalled()) 165 { 166 // load viewPersmissions and adminPermissions for each site 167 $r = query("SELECT * 168 FROM (".T_USERS." as u LEFT JOIN 169 ".T_USERS_LINK_GROUPS." USING (login)) 170 LEFT JOIN 171 ".T_GROUPS." USING ( idgroups ) 172 WHERE u.$fieldName = '".$fieldValue."' 173 "); 174 while( $rr = mysql_fetch_assoc($r)) 175 { 176 if($rr['view'] == '1') 177 $this->viewPermission[$rr['idsite']] = true; 178 179 if($rr['admin'] == '1') 180 $this->adminPermission[$rr['idsite']] = true; 181 } 182 183 $r = query("SELECT alias, rss_hash 184 FROM ".T_USERS." 185 WHERE login = '".$this->login."' 186 LIMIT 1"); 187 188 $r = mysql_fetch_assoc($r); 189 $this->alias = $r['alias']; 190 $this->rssHash = $r['rss_hash']; 191 } 192 } 193 else 194 { 195 $this->alias = $GLOBALS['lang']['admin_admin']; 196 } 197 } 198 199 function setRssHash( $hash ) 200 { 201 $this->rssHashUrl = $hash; 202 $this->loadPermissions(); 203 } 204 205 function NoSitePermission() 206 { 207 return $this->getSiteAllowed() == -1; 208 } 209 210 function getSiteAllowed() 211 { 212 $o_request =& Request::getInstance(); 213 $siteId = $o_request->getSiteId(); 214 215 if($this->suPermission 216 || isset($this->viewPermission[$siteId]) 217 || isset($this->adminPermission[$siteId])) 218 { 219 return $siteId; 220 } 221 foreach($this->adminPermission as $key => $v) 222 { 223 return $key; 224 } 225 foreach($this->viewPermission as $key => $v) 226 { 227 return $key; 228 } 229 return -1; 230 } 231 232 function isAuthorized( $moduleName ) 233 { 234 $request =& Request::getInstance(); 235 if( in_array( $request->getModuleNameFromUrl(), 236 array( 'view_rss', 'view_pdf', 'view_pdf_v2') 237 ) 238 ) 239 { 240 $this->setRssHash( $request->getRssHash() ); 241 } 242 243 if( in_array( $moduleName, array('login', 'logout', 'view_rss'))) 244 { 245 return true; 246 } 247 248 $needViewRight = array( 249 'contacts', 250 'index', 251 'other_language', 252 ); 253 $tryLogin = $this->cookie->getVar('login'); 254 $tryPassword = $this->cookie->getVar('password'); 255 256 if(empty($tryLogin)) 257 { 258 $tryLogin = PMV_ANONYMOUS_LOGIN; 259 } 260 261 if($this->isCorrect( $tryLogin, $tryPassword )) 262 { 263 $this->loadPermissions(); 264 $o_request =& Request::getInstance(); 265 $siteId = $this->getSiteAllowed(); 266 267 // no permission at all 268 if( $siteId == -1 ) 269 { 270 return false; 271 } 272 $o_request->setSiteId($siteId); 273 $siteAdmin = $o_request->getAdminSite(); 274 275 if( // other (install, general admin) 276 $this->suPermission 277 || 278 // view (+ contacts, other_langage, etc.) 279 ((in_array( $moduleName, $needViewRight) || substr_count($moduleName, 'view_') >= 1) 280 && isset($this->viewPermission[ $siteId ])) 281 || 282 // admin 283 (substr($moduleName, 0, 11) == 'admin_site_' 284 && 285 // have permission 286 ( 287 isset($this->adminPermission[ $siteAdmin ]) 288 || 289 // site not selected yet BUT i know I have some admin 290 // permission on one site 291 (!$siteAdmin && sizeof($this->adminPermission) > 0) 292 ) 293 ) 294 || 295 // asked for admin_index and we're sure he has at least one admin permission 296 ($moduleName === 'admin_index' && sizeof($this->adminPermission) > 0) 297 ) 298 { 299 return true; 300 } 301 if (($moduleName == 'admin_user') && ($request->getActionName() === 'modCur')) 302 { 303 // Modify current user 304 if ($tryLogin !== PMV_ANONYMOUS_LOGIN) { 305 return true; 306 } 307 } 308 309 } 310 return false; 311 } 312 313 function isSiteAllowedView( $id ) 314 { 315 return $this->suPermission || isset($this->viewPermission[$id]); 316 } 317 318 function isSiteAllowedAdmin( $id ) 319 { 320 return $this->suPermission || isset($this->adminPermission[$id]); 321 } 322 function hasSomeAdminRights() 323 { 324 return $this->suPermission || sizeof($this->adminPermission) > 0; 325 } 326 function getAllUsers() 327 { 328 $return = array(); 329 $r = query("SELECT login, alias 330 FROM ".T_USERS); 331 while($rr = mysql_fetch_assoc($r)) 332 { 333 if($rr['login'] != PMV_ANONYMOUS_LOGIN) 334 $return[$rr['login']] = $rr['alias']; 335 } 336 return $return; 337 } 338 } 339 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Mon Nov 26 14:10:01 2007 | par Balluche grâce à PHPXref 0.7 |
|
|