Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
L
ludotheque
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
18
Issues
18
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Denis S. Valdenaire
ludotheque
Commits
95bd2c4a
Commit
95bd2c4a
authored
Feb 16, 2016
by
Denis S. Valdenaire
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
validation pour deplacement
parent
06c8e222
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
8 additions
and
100 deletions
+8
-100
classes/account.php
classes/account.php
+3
-0
classes/user.php
classes/user.php
+5
-100
No files found.
classes/account.php
View file @
95bd2c4a
...
...
@@ -104,7 +104,10 @@ class Account extends Record {
return
$rset
->
value
(
"num"
);
}
// this has nothing to do here
// this should be a call to the compta API
public
static
function
create_for_member
(
$id
)
{
// SQL INSERT accounts SELECT members
$sql
=
" INSERT INTO accounts
(name, description, account_type_id)
...
...
classes/user.php
View file @
95bd2c4a
...
...
@@ -19,6 +19,11 @@ class User extends Record {
}
public
static
function
fetch
(
$id
)
{
$user
=
json_decode
(
file_get_contents
(
$GLOBALS
[
"saas_auth_url"
]
.
"?o=users&i="
.
$id
));
// SQL SELECT users
$sql
=
"SELECT id, name, password_digest, email, active
FROM users
...
...
@@ -30,17 +35,6 @@ class User extends Record {
return
$user
;
}
public
static
function
fetch_all
(
&
$users
)
{
$users
=
array
();
// SQL SELECT users
$sql
=
"SELECT id, name, email, active,
created_at, updated_at
FROM users
ORDER BY name"
;
$GLOBALS
[
"data"
]
->
select
(
$sql
,
$users
,
"User"
,
true
);
return
sizeof
(
$users
);
}
public
static
function
validate
(
$name
,
$password
)
{
// SQL SELECT users
$sql
=
"SELECT id, name, email, active, password_digest
...
...
@@ -65,46 +59,6 @@ class User extends Record {
return
$GLOBALS
[
"data"
]
->
update
(
$sql
);
}
// give credit where credit is due - cut-and-pasted from
// http://php.net/manual/fr/function.crypt.php#114060
// FIXME : audit this
private
function
generate_hash
(
$password
,
$cost
=
11
){
/* To generate the salt, first generate enough random bytes. Because
* base64 returns one character for each 6 bits, the we should generate
* at least 22*6/8=16.5 bytes, so we generate 17. Then we get the first
* 22 base64 characters
*/
$salt
=
substr
(
base64_encode
(
openssl_random_pseudo_bytes
(
17
)),
0
,
22
);
/* As blowfish takes a salt with the alphabet ./A-Za-z0-9 we have to
* replace any '+' in the base64 string with '.'. We don't have to do
* anything about the '=', as this only occurs when the b64 string is
* padded, which is always after the first 22 characters.
*/
$salt
=
str_replace
(
"+"
,
"."
,
$salt
);
/* Next, create a string that will be passed to crypt, containing all
* of the settings, separated by dollar signs
*/
$param
=
'$'
.
implode
(
'$'
,
array
(
"2y"
,
//select the most secure version of blowfish (>=PHP 5.3.7)
str_pad
(
$cost
,
2
,
"0"
,
STR_PAD_LEFT
),
//add the cost in two digits
$salt
//add the salt
));
//now do the actual hashing
return
crypt
(
$password
,
$param
);
}
/*
* Check the password against a hash generated by the generate_hash
* function.
*/
private
function
validate_pw
(
$password
,
$hash
){
/* Regenerating the with an available hash as the options parameter should
* produce the same hash if the same password is passed.
*/
return
crypt
(
$password
,
$hash
)
==
$hash
;
}
public
static
function
fetch_by_name
(
$user
)
{
// SQL SELECT users
$sql
=
"SELECT id, name, password_digest, email, active
...
...
@@ -117,53 +71,4 @@ class User extends Record {
public
function
has_role
(
$role_name
)
{
return
(
array_key_exists
(
$role_name
,
$this
->
roles
));
}
public
function
update_roles
()
{
if
(
!
array_key_exists
(
"roles"
,
$_REQUEST
)
||
!
is_array
(
$_REQUEST
[
"roles"
]))
{
// no roles posted : delete all and return
// SQL DELETE user_roles
$sql
=
" DELETE FROM user_roles WHERE user_id = "
.
$this
->
id
;
return
$GLOBALS
[
"data"
]
->
delete
(
$sql
);
}
else
{
$list_to_delete
=
""
;
while
(
list
(
$key
,
$val
)
=
each
(
$this
->
roles
))
{
if
(
!
in_array
(
$key
,
$_REQUEST
[
"roles"
]))
{
$list_to_delete
.=
"'"
.
$key
.
"',"
;
}
}
reset
(
$this
->
roles
);
if
(
$list_to_delete
!=
""
)
{
// SQL DELETE user_roles JOIN roles
$sql
=
" DELETE ur
FROM user_roles ur
JOIN roles r ON ur.role_id = r.id
WHERE ur.user_id = "
.
$this
->
id
.
"
AND r.name IN ( "
.
substr
(
$list_to_delete
,
0
,
-
1
)
.
") "
;
$GLOBALS
[
"data"
]
->
delete
(
$sql
);
}
$list_to_add
=
""
;
while
(
list
(
$key
,
$val
)
=
each
(
$_REQUEST
[
"roles"
]))
{
if
(
!
$this
->
has_role
(
$val
))
{
$list_to_add
.=
"'"
.
$val
.
"',"
;
}
}
if
(
$list_to_add
!=
""
)
{
// SQL INSERT user_roles SELECT roles
$sql
=
" INSERT INTO user_roles (user_id, role_id, created_at)
SELECT "
.
$this
->
id
.
", id, now()
FROM roles r
WHERE r.name IN ("
.
substr
(
$list_to_add
,
0
,
-
1
)
.
")"
;
$GLOBALS
[
"data"
]
->
insert
(
$sql
);
}
}
return
true
;
}
function
change_state
(
$new_state
)
{
// SQL UPDATE users
$sql
=
" UPDATE users SET active = "
.
$new_state
.
",
updated_at = now()
WHERE id = "
.
$this
->
id
;
return
$GLOBALS
[
"data"
]
->
update
(
$sql
);
}
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment