Commit 95bd2c4a authored by Denis S. Valdenaire's avatar Denis S. Valdenaire

validation pour deplacement

parent 06c8e222
......@@ -104,7 +104,10 @@ class Account extends Record {
return $rset->value("num");
}
// this has nothing to do here
// this should be a call to the compta API
public static function create_for_member($id) {
// SQL INSERT accounts SELECT members
$sql = " INSERT INTO accounts
(name, description, account_type_id)
......
......@@ -19,6 +19,11 @@ class User extends Record {
}
public static function fetch($id) {
$user = json_decode(file_get_contents($GLOBALS["saas_auth_url"].
"?o=users&i=".$id));
// SQL SELECT users
$sql = "SELECT id, name, password_digest, email, active
FROM users
......@@ -30,17 +35,6 @@ class User extends Record {
return $user;
}
public static function fetch_all(&$users) {
$users = array();
// SQL SELECT users
$sql = "SELECT id, name, email, active,
created_at, updated_at
FROM users
ORDER BY name";
$GLOBALS["data"]->select($sql, $users, "User", true);
return sizeof($users);
}
public static function validate($name, $password) {
// SQL SELECT users
$sql = "SELECT id, name, email, active, password_digest
......@@ -65,46 +59,6 @@ class User extends Record {
return $GLOBALS["data"]->update($sql);
}
// give credit where credit is due - cut-and-pasted from
// http://php.net/manual/fr/function.crypt.php#114060
// FIXME : audit this
private function generate_hash($password, $cost=11){
/* To generate the salt, first generate enough random bytes. Because
* base64 returns one character for each 6 bits, the we should generate
* at least 22*6/8=16.5 bytes, so we generate 17. Then we get the first
* 22 base64 characters
*/
$salt = substr(base64_encode(openssl_random_pseudo_bytes(17)),0,22);
/* As blowfish takes a salt with the alphabet ./A-Za-z0-9 we have to
* replace any '+' in the base64 string with '.'. We don't have to do
* anything about the '=', as this only occurs when the b64 string is
* padded, which is always after the first 22 characters.
*/
$salt = str_replace("+",".",$salt);
/* Next, create a string that will be passed to crypt, containing all
* of the settings, separated by dollar signs
*/
$param='$'.implode('$',array(
"2y", //select the most secure version of blowfish (>=PHP 5.3.7)
str_pad($cost,2,"0",STR_PAD_LEFT), //add the cost in two digits
$salt //add the salt
));
//now do the actual hashing
return crypt($password,$param);
}
/*
* Check the password against a hash generated by the generate_hash
* function.
*/
private function validate_pw($password, $hash){
/* Regenerating the with an available hash as the options parameter should
* produce the same hash if the same password is passed.
*/
return crypt($password, $hash)==$hash;
}
public static function fetch_by_name($user) {
// SQL SELECT users
$sql = "SELECT id, name, password_digest, email, active
......@@ -117,53 +71,4 @@ class User extends Record {
public function has_role($role_name) {
return (array_key_exists($role_name, $this->roles));
}
public function update_roles() {
if(!array_key_exists("roles", $_REQUEST) || !is_array($_REQUEST["roles"])) {
// no roles posted : delete all and return
// SQL DELETE user_roles
$sql = " DELETE FROM user_roles WHERE user_id = ".$this->id;
return $GLOBALS["data"]->delete($sql);
} else {
$list_to_delete = "";
while(list($key, $val) = each($this->roles)) {
if(!in_array($key, $_REQUEST["roles"])) {
$list_to_delete .= "'".$key."',";
}
}
reset($this->roles);
if($list_to_delete != "") {
// SQL DELETE user_roles JOIN roles
$sql = " DELETE ur
FROM user_roles ur
JOIN roles r ON ur.role_id = r.id
WHERE ur.user_id = ".$this->id."
AND r.name IN ( ".substr($list_to_delete, 0, -1).") ";
$GLOBALS["data"]->delete($sql);
}
$list_to_add = "";
while(list($key, $val) = each($_REQUEST["roles"])) {
if(!$this->has_role($val)) {
$list_to_add .= "'".$val."',";
}
}
if($list_to_add != "") {
// SQL INSERT user_roles SELECT roles
$sql = " INSERT INTO user_roles (user_id, role_id, created_at)
SELECT ".$this->id.", id, now()
FROM roles r
WHERE r.name IN (".substr($list_to_add, 0, -1).")";
$GLOBALS["data"]->insert($sql);
}
}
return true;
}
function change_state($new_state) {
// SQL UPDATE users
$sql = " UPDATE users SET active = ".$new_state.",
updated_at = now()
WHERE id = ".$this->id;
return $GLOBALS["data"]->update($sql);
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment