Commit 8ac35e56 authored by thejoelinux's avatar thejoelinux

alignement du code

parent 4b4395c3
......@@ -97,7 +97,6 @@ class data {
public function insert ($query) {
if (!$this->db_handle->query($query)) {
trigger_error($query, E_USER_NOTICE);
throw new data_exception(
mysqli_errno($this->db_handle),
mysqli_error($this->db_handle),
......
......@@ -11,47 +11,4 @@ class Role extends Record {
$this->id = $id;
}
}
/* fetch ALL the roles, with the selected field = user_id if the
user has the role, NULL otherwise.
Be sure to use user->has_role to check if a user has a role.
I can't see the point of doing that
Back to a better solution but we'll see that next
OK ! Now i see. I need a list of to modify a user and give him more roles
What i do now is another function for that.
*/
public static function fetch_user_roles($user_id) {
$roles = array();
// SQL SELECT roles user_roles
$sql = "SELECT r.name
FROM roles r, user_roles ur
WHERE r.id = ur.role_id AND ur.user_id = ".$user_id;
$GLOBALS["data"]->select($sql, $rset);
if($rset->numrows) {
do {
$roles[$rset->value("name")] = 1;
} while($rset->nextrow());
}
return $roles;
}
public static function fetch_roles_for_user($user_id) {
$roles = array();
// SELECT user_roles roles
$sql = " SELECT r.id, r.name, r.description, ur.user_id AS selected
FROM roles r
LEFT JOIN user_roles ur ON r.id = ur.role_id AND ur.user_id = ".$user_id;
$GLOBALS["data"]->select($sql, $roles, "Role");
return $roles;
}
public static function fetch_all(&$roles) {
$roles = array();
// SQL SELECT roles
$sql = "SELECT id, name, description
FROM roles
ORDER BY name";
$GLOBALS["data"]->select($sql, $roles, "Role");
return sizeof($roles);
}
}
......@@ -97,7 +97,6 @@ class rset {
}
}
/* Returns true if the query has failed
*
*/
......
<?php
// This class store/retrieve the sessions in/from the database.
// You will need this if you have more than one webserver
// to enable the persistence of sessions accross different front servers.
class session_db extends data {
private $life_time = 0;
public function __construct() {
session_set_save_handler(
array(&$this, 'open'),
array(&$this, 'close'),
array(&$this, 'read'),
array(&$this, 'write'),
array(&$this, 'destroy'),
array(&$this, 'gc')
);
$this->connect();
// session_name("whatever");
$this->life_time = ini_get('session.gc_maxlifetime');
// -- Define a lifetime on session cookie
if ( ini_get('session.use_only_cookies') == 1 && intval($this->life_time)>0 ) {
ini_set('session.cookie_secure', FALSE);
ini_set('session.cookie_httponly', TRUE);
session_set_cookie_params($this->life_time);
}
session_start();
}
public function __destruct() {
// DEBUG trigger_error('session_db::__destruct called', E_USER_NOTICE);
}
public function open() {
// DEBUG trigger_error('session_db::open called', E_USER_NOTICE);
// -- Maintain session cookie updated for each requests
if ( ini_get('session.use_only_cookies')==1 && intval($this->life_time)>0 ) {
setcookie(session_name(),session_id(),(time()+$this->life_time), '/');
}
return true;
}
public function close() {
// DEBUG trigger_error('session_db::close called', E_USER_NOTICE);
$this->gc($this->life_time);
return true;
}
public function read($id) {
// DEBUG trigger_error('session_db::read called', E_USER_NOTICE);
// SQL SELECT sessions
$sql = " SELECT session_data
FROM sessions
WHERE session_key = '$id'";
if ( $this->select($sql, $rset) ) {
if ( $rset->numrows ) {
return base64_decode($rset->value("session_data"));
}
}
return '';
}
public function write($id, $data) {
// DEBUG trigger_error('session_db::write called', E_USER_NOTICE);
// SQL INSERT sessions
$sql = " REPLACE INTO sessions
(session_key, session_expires, session_data)
VALUES ('$id', '".(time() + $this->life_time)."',
'".base64_encode($data)."')";
return $this->insert($sql);
}
public function destroy($id, $key_only = FALSE) {
// DEBUG trigger_error('session_db::destroy called', E_USER_NOTICE);
// SQL DELETE sessions
$sql = " DELETE FROM ".$this->tbpx."sessions
WHERE session_key = '".$id."'";
return $this->delete($sql);
}
public function gc($max) {
// DEBUG trigger_error('session_db::gc called', E_USER_NOTICE);
// SQL DELETE sessions
$sql = " DELETE LOW_PRIORITY FROM sessions
WHERE session_expires < ".(time() - $this->life_time);
return $this->delete($sql);
}
}
......@@ -6,9 +6,12 @@
class session_saas {
private $life_time = 0;
private $debug = false;
public function __construct() {
// DEBUG trigger_error('session_db::__construct called', E_USER_NOTICE);
if($this->debug) {
trigger_error('session_saas::__construct called', E_USER_NOTICE);
}
session_set_save_handler(
array(&$this, 'open'),
array(&$this, 'close'),
......@@ -29,11 +32,15 @@ class session_saas {
}
public function __destruct() {
// DEBUG trigger_error('session_db::__destruct called', E_USER_NOTICE);
if($this->debug) {
trigger_error('session_saas::__destruct called', E_USER_NOTICE);
}
}
public function open() {
// DEBUG trigger_error('session_db::open called', E_USER_NOTICE);
if($this->debug) {
trigger_error('session_saas::open called', E_USER_NOTICE);
}
// -- Maintain session cookie updated for each requests
if ( ini_get('session.use_only_cookies')==1 && intval($this->life_time)>0 ) {
setcookie(session_name(),session_id(),(time()+$this->life_time), '/');
......@@ -42,20 +49,28 @@ class session_saas {
}
public function close() {
// DEBUG trigger_error('session_db::close called', E_USER_NOTICE);
if($this->debug) {
trigger_error('session_saas::close called', E_USER_NOTICE);
}
$this->gc($this->life_time);
return true;
}
public function read($id) {
// DEBUG trigger_error('session_db::read called', E_USER_NOTICE);
$session = json_decode(file_get_contents($GLOBALS["saas_auth_url"].
"?o=saas_sessions&a=read&i=".$id));
return base64_decode($session->data);
if($this->debug) {
trigger_error('session_saas::read called', E_USER_NOTICE);
}
if($session = json_decode(file_get_contents($GLOBALS["saas_auth_url"].
"?o=saas_sessions&a=read&i=".$id))) {
return base64_decode($session->data);
}
return '';
}
public function write($id, $data) {
// DEBUG trigger_error('session_db::write called', E_USER_NOTICE);
if($this->debug) {
trigger_error('session_saas::write called', E_USER_NOTICE);
}
$postdata = http_build_query(
array(
......@@ -79,7 +94,9 @@ class session_saas {
}
public function destroy($id, $key_only = FALSE) {
// DEBUG trigger_error('session_db::destroy called', E_USER_NOTICE);
if($this->debug) {
trigger_error('session_saas::destroy called', E_USER_NOTICE);
}
$postdata = http_build_query(
array(
'o' => 'saas_sessions',
......@@ -101,7 +118,9 @@ class session_saas {
}
public function gc($max) {
// DEBUG trigger_error('session_db::gc called', E_USER_NOTICE);
if($this->debug) {
trigger_error('session_saas::gc called', E_USER_NOTICE);
}
return json_decode(file_get_contents($GLOBALS["saas_auth_url"].
"?o=saas_sessions&a=gc"));
}
......
......@@ -19,11 +19,9 @@ class User extends Record {
}
public static function fetch($id) {
// TODO
//$user = json_decode(file_get_contents($GLOBALS["saas_auth_url"].
// "?o=users&i=".$id));
// SQL SELECT users
$sql = "SELECT id, name, password_digest, email, active
FROM users
......@@ -66,14 +64,6 @@ class User extends Record {
return $user;
}
public function update_password() {
$new_password = $this->generate_hash($GLOBALS["data"]->db_escape_string($_REQUEST["password_change"]));
// SQL UPDATE users
$sql = " UPDATE users SET password_digest = '".$new_password."'
WHERE id = ".$this->id;
return $GLOBALS["data"]->update($sql);
}
public static function fetch_by_name($user) {
// SQL SELECT users
$sql = "SELECT id, name, password_digest, email, active
......
......@@ -76,18 +76,18 @@ class AppController {
if(!array_key_exists($GLOBALS["application_instance_id"],
$_SESSION["user"]->roles)) {
$this->render("no_access");
} else {
$this->set("roles", $_SESSION["user"]->roles[$GLOBALS["application_instance_id"]]);
$this->set("current_user", $_SESSION["user"]);
exit();
}
$this->set("roles", $_SESSION["user"]->roles[$GLOBALS["application_instance_id"]]);
$this->set("current_user", $_SESSION["user"]);
if(!method_exists($this, "_".$_REQUEST["a"])) {
if($this->format == "html") {
$this->render("bad_method");
} else {
header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request', true, 400);
}
exit();
if(!method_exists($this, "_".$_REQUEST["a"])) {
if($this->format == "html") {
$this->render("bad_method");
} else {
header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request', true, 400);
}
exit();
}
}
......
......@@ -18,90 +18,8 @@ class UsersController extends AppController {
$this->render($render);
}
function _create() {
try {
$user = new User(0);
$user->create();
$user = User::fetch($user->id);
$user->update_roles();
$users = array();
User::fetch_all($users);
$this->set("objects", $users);
return "users/list";
} catch(data_exception $e) {
return "data_exception";
}
}
function _update() {
try {
$user = User::fetch($GLOBALS["data"]->db_escape_string($_REQUEST["i"]));
if($user->id != 0) {
$user->update();
$user->update_roles();
User::fetch_all($users);
$this->set("objects", $users);
$render = "users/list";
} else {
$render = "users/not_found"; // TODO
}
} catch(data_exception $e) {
$render = "data_exception";
}
return $render;
}
function _login() {
return "users/loginform";
}
function _options_update() {
try {
$user = User::fetch($GLOBALS["data"]->db_escape_string($_REQUEST["i"]));
if($user->id != 0) {
if($user->update()) {
$this->set_message("Les changements ont été enregistrés");
}
if($GLOBALS["data"]->db_escape_string($_REQUEST["password_change"]) != "") {
if($user->update_password()) {
$this->set_message("Le mot de passe a été mis à jour");
}
}
$this->set("user", $user);
return "users/options";
}
return "users/not_found"; // TODO
} catch(data_exception $e) {
return "data_exception";
}
}
function _options() {
try {
$user = User::fetch($GLOBALS["data"]->db_escape_string($_REQUEST["i"]));
if($user->id != 0) {
$this->set("user", $user);
return "users/options";
}
return "users/not_found"; // TODO
} catch(data_exception $e) {
return "data_exception";
}
}
function _switch_state() { // API CALL
try {
$user = User::fetch($GLOBALS["data"]->db_escape_string($_REQUEST["i"]));
if($user->id != 0) {
$user->change_state($GLOBALS["data"]->db_escape_string($_REQUEST["state"]));
echo json_encode($user);
exit();
} else {
return "unprocessable";
}
} catch(data_exception $e) {
return "data_exception";
}
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment