validation pour deplacement

95bd2c4a · Denis S. Valdenaire · 06c8e222 · 95bd2c4a · 95bd2c4a
Commit 95bd2c4a authored Feb 16, 2016 by Denis S. Valdenaire
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 100 deletions

classes/account.php classes/account.php +3 -0

classes/user.php classes/user.php +5 -100

No files found.
--- a/classes/account.php
+++ b/classes/account.php
@@ -104,7 +104,10 @@ class Account extends Record {
        return $rset->value("num");
    }

+    // this has nothing to do here
+    // this should be a call to the compta API
    public static function create_for_member($id) {
+        
        // SQL INSERT accounts SELECT members
        $sql = " INSERT INTO accounts 
            (name, description, account_type_id)

--- a/classes/user.php
+++ b/classes/user.php
@@ -19,6 +19,11 @@ class User extends Record {
    }

    public static function fetch($id) {
+        $user = json_decode(file_get_contents($GLOBALS["saas_auth_url"].
+                "?o=users&i=".$id));
+
+
+
        // SQL SELECT users
        $sql = "SELECT id, name, password_digest, email, active
            FROM users
@@ -30,17 +35,6 @@ class User extends Record {
        return $user;
    }

-    public static function fetch_all(&$users) {
-        $users = array();
-        // SQL SELECT users
-        $sql = "SELECT id, name, email, active,
-                created_at, updated_at
-            FROM users
-            ORDER BY name"; 
-        $GLOBALS["data"]->select($sql, $users, "User", true);
-        return sizeof($users);
-    }
-
    public static function validate($name, $password) {
        // SQL SELECT users
        $sql = "SELECT id, name, email, active, password_digest
@@ -65,46 +59,6 @@ class User extends Record {
        return $GLOBALS["data"]->update($sql);
    }

-    // give credit where credit is due - cut-and-pasted from
-    // http://php.net/manual/fr/function.crypt.php#114060
-    // FIXME : audit this
-    private function generate_hash($password, $cost=11){
-        /* To generate the salt, first generate enough random bytes. Because
-         * base64 returns one character for each 6 bits, the we should generate
-         * at least 22*6/8=16.5 bytes, so we generate 17. Then we get the first
-         * 22 base64 characters
-         */
-        $salt = substr(base64_encode(openssl_random_pseudo_bytes(17)),0,22);
-        /* As blowfish takes a salt with the alphabet ./A-Za-z0-9 we have to
-         * replace any '+' in the base64 string with '.'. We don't have to do
-         * anything about the '=', as this only occurs when the b64 string is
-         * padded, which is always after the first 22 characters.
-         */
-        $salt = str_replace("+",".",$salt);
-        /* Next, create a string that will be passed to crypt, containing all
-         * of the settings, separated by dollar signs
-         */
-        $param='$'.implode('$',array(
-                "2y", //select the most secure version of blowfish (>=PHP 5.3.7)
-                str_pad($cost,2,"0",STR_PAD_LEFT), //add the cost in two digits
-                $salt //add the salt
-        ));
-      
-        //now do the actual hashing
-        return crypt($password,$param);
-    }
-
-    /*
-    * Check the password against a hash generated by the generate_hash
-    * function.
-    */
-    private function validate_pw($password, $hash){
-        /* Regenerating the with an available hash as the options parameter should
-         * produce the same hash if the same password is passed.
-         */
-        return crypt($password, $hash)==$hash;
-    }
-
    public static function fetch_by_name($user) {
        // SQL SELECT users
        $sql = "SELECT id, name, password_digest, email, active
@@ -117,53 +71,4 @@ class User extends Record {
    public function has_role($role_name) {
        return (array_key_exists($role_name, $this->roles));
    }
-
-    public function update_roles() {
-        if(!array_key_exists("roles", $_REQUEST) || !is_array($_REQUEST["roles"])) {
-            // no roles posted : delete all and return
-            // SQL DELETE user_roles
-            $sql = " DELETE FROM user_roles WHERE user_id = ".$this->id;
-            return $GLOBALS["data"]->delete($sql);
-        } else {
-            $list_to_delete = "";
-            while(list($key, $val) = each($this->roles)) {
-                if(!in_array($key, $_REQUEST["roles"])) {
-                    $list_to_delete .= "'".$key."',";
-                }
-            }
-            reset($this->roles);
-            if($list_to_delete != "") {
-                // SQL DELETE user_roles JOIN roles
-                $sql = " DELETE ur
-                            FROM user_roles ur
-                            JOIN roles r ON ur.role_id = r.id
-                         WHERE ur.user_id = ".$this->id."
-                         AND r.name IN ( ".substr($list_to_delete, 0, -1).") ";
-                $GLOBALS["data"]->delete($sql);
-            }
-            $list_to_add = "";
-            while(list($key, $val) = each($_REQUEST["roles"])) {
-                if(!$this->has_role($val)) {
-                    $list_to_add .= "'".$val."',";
-                }
-            }
-            if($list_to_add != "") {
-                // SQL INSERT user_roles SELECT roles
-                $sql = " INSERT INTO user_roles (user_id, role_id, created_at) 
-                    SELECT ".$this->id.", id, now()
-                    FROM roles r
-                    WHERE r.name IN (".substr($list_to_add, 0, -1).")";
-                $GLOBALS["data"]->insert($sql);
-            }
-        }
-        return true;
-    }
-
-    function change_state($new_state) {
-        // SQL UPDATE users
-        $sql = " UPDATE users SET active = ".$new_state.",
-                    updated_at = now()
-                WHERE id = ".$this->id;
-        return $GLOBALS["data"]->update($sql);
-    }
 }