Dominique.Fournier/DomFramework
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

users/usersSQL : Add users storage in SQL and the users abstraction class

Browse Source 
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@2276 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
Dominique Fournier
2015-09-12 15:26:16 +00:00
parent 800411803c
commit 94bc27f7d4
2 changed files with 352 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

144
users.php Normal file
View File

@@ -0,0 +1,144 @@
<?php
/** The abstraction class of the users
Allow to manage the users in multiple storages (SQL, HTPasswd, passwd file).
CRUD the users and allow to modify the password */
class users
{
/** Connect to the storage */
public function connect ()
{
}
/** Initialise the storage
Create the structure of data needed to the class */
public function initStorage ()
{
}
/** Create a new user
If the password is not provided, create a default passwd (can be disable
password) */
public function adduser ($email, $firstname, $lastname, $password=null)
{
}
/** Delete a user */
public function deluser ($email)
{
}
/** Update a user */
public function updateuser ($oldemail, $newemail, $firstname, $lastname)
{
}
/** List the users */
public function listusers ()
{
}
/** Change password
@param string $email the user email to change the password
@param string $oldpassword The old password (to check if the user have the
rights to change the password)
@param string $newpassword The new password to be recorded */
public function changepassword ($email, $oldpassword, $newpassword)
{
}
/** Overwrite password (without oldpassword check)
Must be reserved to the administrators. For the users, use changepassword
method
@param string $email the user email to change the password
@param string $newpassword The new password to be recorded */
public function overwritepassword ($email, $newpassword)
{
}
/** Check if the provided password is correctely associated to the email user
*/
public function checkValidPassword ($email, $password)
{
}
/** Check if the user provided is correct */
public function checkEmail ($email)
{
if (! is_string ($email))
throw new Exception (dgettext("domframework",
"Invalid email provided : not a string"),
500);
if (strlen ($email) < 5)
throw new Exception (dgettext("domframework",
"Invalid email provided : too short"),
500);
return true;
}
/** Check if the firstname provided is correct */
public function checkFirstname ($firstname)
{
if (! is_string ($firstname))
throw new Exception (dgettext("domframework",
"Invalid firstname provided : not a string"),
500);
if (strlen ($firstname) < 1)
throw new Exception (dgettext("domframework",
"Invalid firstname provided : too short"),
500);
return true;
}
/** Check if the lastname provided is correct */
public function checkLastname ($lastname)
{
if (! is_string ($lastname))
throw new Exception (dgettext("domframework",
"Invalid lastname provided : not a string"),
500);
return true;
}
/** Check if the password provided is correct */
public function checkPassword ($password)
{
if (! is_string ($password))
throw new Exception (dgettext("domframework",
"Invalid password provided : not a string"),
500);
if (strlen ($password) < 5)
throw new Exception (dgettext("domframework",
"Invalid password provided : too short"),
500);
if (strlen ($password) >= 128)
throw new Exception (dgettext("domframework",
"Invalid password provided : too long"),
500);
return true;
}
/** Crypt the password with the best algorithm available */
public function cryptPasswd ($password)
{
if (! function_exists ("openssl_random_pseudo_bytes"))
throw new Exception (dgettext("domframework",
"No PHP support for openssl_random_pseudo_bytes"),
500);
$cost = 11;
$salt = substr (base64_encode (openssl_random_pseudo_bytes (17)), 0, 22);
$salt = str_replace ("+", ".", $salt);
$param = '$'.implode ('$', array(
"2y", //select the most secure version of blowfish (>=PHP 5.3.7)
str_pad ($cost, 2, "0", STR_PAD_LEFT), //add the cost in two digits
$salt //add the salt
));
//now do the actual hashing
return crypt ($password, $param);
}
/** Check if the password is enough complex
Return True if the password is enough complex */
public function passwdComplexity ($password)
{
}
}

208
userssql.php Normal file
View File

@@ -0,0 +1,208 @@
<?php
/** DomFramework
@package domframework
@author Dominique Fournier <dominique@fournier38.fr> */
require_once ("domframework/dblayer.php");
require_once ("domframework/users.php");
/** Store the users in SQL database. Manage the creation of the users,
modification, delete, password management*/
class userssql extends users
{
/** The database connector */
private $dsn;
private $username;
private $password;
private $driver_options;
/** The db connector */
private $db;
/** The table to store the informations */
public $table = "authusers";
/** The tableprefix text to prepend to table name (Should finish by _)
Just allow chars ! */
public $tableprefix = "";
/** the fields */
public $fieldEmail = "email";
public $fieldFirstname = "firstname";
public $fieldLastname = "lastname";
public $fieldPassword = "password";
public $fieldLastchange = "lastchange";
public function __construct ($dsn, $username=null, $password=null,
$driver_options=null)
{
$this->dsn = $dsn;
$this->username = $username;
$this->password = $password;
$this->driver_options = $driver_options;
}
/** Connect to the storage */
public function connect ()
{
if ($this->table === null)
throw new Exception (dgettext("domframework","No SQL table defined"),
500);
if ($this->fieldEmail === null)
throw new Exception (dgettext("domframework",
"No fieldIdentifier defined"), 500);
if ($this->fieldPassword === null)
throw new Exception (dgettext("domframework",
"No fieldPassword defined"), 500);
if ($this->fieldLastname === null)
throw new Exception (dgettext("domframework",
"No fieldLastname defined"), 500);
if ($this->fieldFirstname === null)
throw new Exception (dgettext("domframework",
"No fieldFirstname defined"), 500);
if ($this->fieldLastchange === null)
throw new Exception (dgettext("domframework",
"No fieldLastchange defined"), 500);
$this->db = new dblayer ($this->dsn, $this->username, $this->password,
$this->driver_options);
$this->db->table = $this->table;
$this->db->fields = array (
$this->fieldEmail=>array ("varchar", "255", "not null"),
$this->fieldFirstname=>array ("varchar", "255", "not null"),
$this->fieldLastname=>array ("varchar", "255"),
$this->fieldPassword=>array ("varchar", "255"),
$this->fieldLastchange=>array ("datetime"));
$this->db->primary = $this->fieldEmail;
$this->db->unique = array ($this->fieldEmail);
$this->db->tableprefix = $this->tableprefix;
}
/** Initialise the storage
Create the structure of data needed to the class */
public function initStorage ()
{
if ($this->db === null)
$this->connect ();
return $this->db->createTable ();
}
/** Create a new user
If the password is not provided, create a default passwd (can be disable
password) */
public function adduser ($email, $firstname, $lastname, $password=null)
{
if ($this->db === null)
$this->connect ();
$this->checkEmail ($email);
$this->checkFirstname ($firstname);
$this->checkLastname ($lastname);
if ($password !== null)
{
$this->checkPassword ($password);
$password = $this->cryptPasswd ($password);
}
return $this->db->insert (array ($this->fieldEmail=>$email,
$this->fieldFirstname=>$firstname,
$this->fieldLastname=>$lastname,
$this->fieldPassword=>$password));
}
/** Delete a user */
public function deluser ($email)
{
if ($this->db === null)
$this->connect ();
$this->checkEmail ($email);
return $this->db->delete ($email);
}
/** Update a user */
public function updateuser ($oldemail, $newemail, $firstname, $lastname)
{
if ($this->db === null)
$this->connect ();
$this->checkEmail ($oldemail);
$this->checkEmail ($newemail);
$this->checkFirstname ($firstname);
$this->checkLastname ($lastname);
return $this->db->update ($oldemail,
array ($this->fieldEmail=>$newemail,
$this->fieldFirstname=>$firstname,
$this->fieldLastname=>$lastname));
}
/** List the users */
public function listusers ()
{
if ($this->db === null)
$this->connect ();
return $this->db->read (null, array ($this->fieldEmail,
$this->fieldFirstname,
$this->fieldLastname));
}
/** Change password
@param string $email the user email to change the password
@param string $oldpassword The old password (to check if the user have the
rights to change the password)
@param string $newpassword The new password to be recorded */
public function changepassword ($email, $oldpassword, $newpassword)
{
if ($this->db === null)
$this->connect ();
$this->checkEmail ($email);
$this->checkPassword ($oldpassword);
$this->checkPassword ($newpassword);
if ($this->checkValidPassword ($email, $oldpassword) !== true)
throw new Exception (dgettext("domframework",
"Bad old password provided"), 401);
$cryptedPassword = $this->cryptPasswd ($newpassword);
return $this->db->update ($email,
array ($this->fieldPassword=>$cryptedPassword,
$this->fieldLastchange=>
date ("Y-m-d H:i:s", time())));
}
/** Overwrite password (without oldpassword check)
Must be reserved to the administrators. For the users, use changepassword
method
@param string $email the user email to change the password
@param string $newpassword The new password to be recorded */
public function overwritepassword ($email, $newpassword)
{
if ($this->db === null)
$this->connect ();
$this->checkEmail ($email);
$this->checkPassword ($newpassword);
$data = $this->db->read (array (array ($this->fieldEmail, $email)),
array ($this->fieldPassword));
if (count ($data) === 0)
throw new Exception (dgettext("domframework",
"No information found for this email"), 404);
$cryptedPassword = $this->cryptPasswd ($newpassword);
return $this->db->update ($email,
array ($this->fieldPassword=>$cryptedPassword,
$this->fieldLastchange=>
date ("Y-m-d H:i:s", time())));
}
/** Check if the provided password is correctely associated to the email user
*/
public function checkValidPassword ($email, $password)
{
if ($this->db === null)
$this->connect ();
$this->checkEmail ($email);
$this->checkPassword ($password);
$data = $this->db->read (array (array ($this->fieldEmail, $email)),
array ($this->fieldPassword));
if (count ($data) === 0)
throw new Exception (dgettext("domframework",
"No information found for this email"), 404);
if (! isset ($data[0][$this->fieldPassword]))
throw new Exception (dgettext("domframework",
"No password available for this email"), 404);
$cryptedPassword = $data[0][$this->fieldPassword];
if (crypt ($password, $cryptedPassword) !== $cryptedPassword)
return false;
return true;
}
}