users/usersSQL : Add users storage in SQL and the users abstraction class

git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@2276 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
2015-09-12 15:26:16 +00:00
parent 800411803c
commit 94bc27f7d4
2 changed files with 352 additions and 0 deletions
--- a/users.php
+++ b/users.php
@@ -0,0 +1,144 @@
+<?php
+/** The abstraction class of the users 
+    Allow to manage the users in multiple storages (SQL, HTPasswd, passwd file).
+    CRUD the users and allow to modify the password */
+class users
+{
+  /** Connect to the storage */
+  public function connect ()
+  {
+  }
+
+  /** Initialise the storage 
+      Create the structure of data needed to the class */
+  public function initStorage ()
+  {
+  }
+
+  /** Create a new user
+      If the password is not provided, create a default passwd (can be disable
+      password) */
+  public function adduser ($email, $firstname, $lastname, $password=null)
+  {
+  } 
+
+  /** Delete a user */
+  public function deluser ($email)
+  {
+  }
+
+  /** Update a user */
+  public function updateuser ($oldemail, $newemail, $firstname, $lastname)
+  {
+  }
+
+  /** List the users */
+  public function listusers ()
+  {
+  }
+
+  /** Change password 
+      @param string $email the user email to change the password
+      @param string $oldpassword The old password (to check if the user have the
+         rights to change the password)
+      @param string $newpassword The new password to be recorded */
+  public function changepassword ($email, $oldpassword, $newpassword)
+  {
+  }
+
+  /** Overwrite password (without oldpassword check)
+      Must be reserved to the administrators. For the users, use changepassword
+      method
+      @param string $email the user email to change the password
+      @param string $newpassword The new password to be recorded */
+  public function overwritepassword ($email, $newpassword)
+  {
+  }
+
+  /** Check if the provided password is correctely associated to the email user
+    */
+  public function checkValidPassword ($email, $password)
+  {
+  }
+
+  /** Check if the user provided is correct */
+  public function checkEmail ($email)
+  {
+    if (! is_string ($email))
+      throw new Exception (dgettext("domframework", 
+                                    "Invalid email provided : not a string"),
+                           500);
+    if (strlen ($email) < 5)
+      throw new Exception (dgettext("domframework", 
+                                    "Invalid email provided : too short"),
+                           500);
+    return true;
+  }
+
+  /** Check if the firstname provided is correct */
+  public function checkFirstname ($firstname)
+  {
+    if (! is_string ($firstname))
+      throw new Exception (dgettext("domframework", 
+                                   "Invalid firstname provided : not a string"),
+                           500);
+    if (strlen ($firstname) < 1)
+      throw new Exception (dgettext("domframework", 
+                                    "Invalid firstname provided : too short"),
+                           500);
+    return true;
+  }
+
+  /** Check if the lastname provided is correct */
+  public function checkLastname ($lastname)
+  {
+    if (! is_string ($lastname))
+      throw new Exception (dgettext("domframework", 
+                                    "Invalid lastname provided : not a string"),
+                           500);
+    return true;
+  }
+
+  /** Check if the password provided is correct */
+  public function checkPassword ($password)
+  {
+    if (! is_string ($password))
+      throw new Exception (dgettext("domframework", 
+                                    "Invalid password provided : not a string"),
+                           500);
+    if (strlen ($password) < 5)
+      throw new Exception (dgettext("domframework", 
+                                    "Invalid password provided : too short"),
+                           500);
+    if (strlen ($password) >= 128)
+      throw new Exception (dgettext("domframework", 
+                                    "Invalid password provided : too long"),
+                           500);
+    return true;
+  }
+
+  /** Crypt the password with the best algorithm available */
+  public function cryptPasswd ($password)
+  {
+    if (! function_exists ("openssl_random_pseudo_bytes"))
+      throw new Exception (dgettext("domframework",
+                           "No PHP support for openssl_random_pseudo_bytes"),
+                           500);
+    $cost = 11;
+    $salt = substr (base64_encode (openssl_random_pseudo_bytes (17)), 0, 22);
+    $salt = str_replace ("+", ".", $salt);
+    $param = '$'.implode ('$', array(
+             "2y", //select the most secure version of blowfish (>=PHP 5.3.7)
+             str_pad ($cost, 2, "0", STR_PAD_LEFT), //add the cost in two digits
+             $salt //add the salt
+    ));
+    //now do the actual hashing
+    return crypt ($password, $param);
+  }
+
+  /** Check if the password is enough complex
+      Return True if the password is enough complex */
+  public function passwdComplexity ($password)
+  {
+  }
+}