diff options
Diffstat (limited to 'inc/user.inc.php')
| -rw-r--r-- | inc/user.inc.php | 176 |
1 files changed, 176 insertions, 0 deletions
diff --git a/inc/user.inc.php b/inc/user.inc.php new file mode 100644 index 0000000..30630d4 --- /dev/null +++ b/inc/user.inc.php @@ -0,0 +1,176 @@ +<?php + +class User +{ + + private static $user = false; + private static $organization = NULL; + private static $isShib = false; + private static $isInDb = false; + + public static function isLoggedIn() + { + return self::$user !== false; + } + + public static function isShibbolethAuth() + { + return self::$isShib; + } + + public static function isInDatabase() + { + return self::$isInDb; + } + + public static function isLocalOnly() + { + return self::$user !== false && self::$isShib === false; + } + + public static function getName() + { + if (!self::isLoggedIn()) + return false; + return self::$user['firstname'] . ' ' . self::$user['lastname']; + } + + public static function getLastName() + { + if (!self::isLoggedIn()) + return false; + return self::$user['lastname']; + } + + public static function hasFullName() + { + return self::$user !== false && !empty(self::$user['firstname']) && !empty(self::$user['lastname']); + } + + public static function isTutor() + { + return isset(self::$user['role']) && self::$user['role'] === 'tutor'; + } + + public static function getOrganizationId() + { + $org = self::getOrganization(); + if (!isset($org['organizationid'])) + return false; + return $org['organizationid']; + } + + public static function getRemoteOrganizationId() + { + if (empty(self::$user['organization'])) + return false; + return self::$user['organization']; + } + + public static function getOrganization() + { + if (!self::isLoggedIn()) + return false; + if (is_null(self::$organization)) { + self::$organization = Database::queryFirst('SELECT organizationid, name FROM satellite_suffix ' + . ' INNER JOIN satellite USING (organizationid) ' + . ' WHERE suffix = :org LIMIT 1', + array('org' => self::$user['organization'])); + } + return self::$organization; + } + + public static function load() + { + if (self::isLoggedIn()) + return true; + Session::load(); + if (empty($_SERVER['persistent-id'])) { + if (Session::getUid() === false) + return false; + // Try user from local DB + self::$user = Database::queryFirst('SELECT userid, shibid, login, firstname, lastname, email FROM user WHERE userid = :uid LIMIT 1', array('uid' => Session::getUid())); + return self::$user !== false; + } + // Try bwIDM etc. + self::$isShib = true; + if (!isset($_SERVER['sn'])) $_SERVER['sn'] = ''; + if (!isset($_SERVER['givenName'])) $_SERVER['givenName'] = ''; + if (!isset($_SERVER['mail'])) $_SERVER['mail'] = ''; + $shibId = md5($_SERVER['persistent-id']); + self::$user = array( + 'userid' => 0, + 'shibid' => $shibId, + 'login' => NULL, + 'firstname' => $_SERVER['givenName'], + 'lastname' => $_SERVER['sn'], + 'email' => $_SERVER['mail'], + ); + // Figure out whether the user should be considered a tutor + if (isset($_SERVER['affiliation']) && preg_match('/(^|;)employee@/', $_SERVER['affiliation'])) + self::$user['role'] = 'tutor'; + elseif (isset($_SERVER['entitlement']) && strpos(";{$_SERVER['entitlement']};", ';http://bwidm.de/entitlement/bwLehrpool;') !== false) + self::$user['role'] = 'tutor'; + // Try to figure out organization + if (isset($_SERVER['affiliation']) && preg_match('/@([a-zA-Z\-\._]+)(;|$)/', $_SERVER['affiliation'], $out)) + self::$user['organization'] = $out[1]; + // Get matching db entry if any + $user = Database::queryFirst('SELECT userid, login, firstname, lastname, email, fixedname FROM user WHERE shibid = :shibid LIMIT 1', array('shibid' => $shibId)); + if ($user === false) { + // No match in database, user is not signed up + return true; + } + // Already signed up, see if we can fetch missing fields from DB + self::$user['login'] = $user['login']; + self::$isInDb = true; + foreach (array('firstname', 'lastname', 'email') as $key) { + if (empty(self::$user[$key])) + self::$user[$key] = $user[$key]; + } + return true; + } + + public static function deploy($anonymous) + { + if (empty(self::$user['shibid'])) + Util::traceError('NO SHIBID'); + if ($anonymous) { + Database::exec("INSERT INTO user (shibid, login, organizationid, firstname, lastname, email) " + . " VALUES (:shibid, :shibid, :org, '', '', '')", array( + 'shibid' => self::$user['shibid'], + 'org' => self::getOrganizationId() + )); + } else { + Database::exec("INSERT INTO user (shibid, login, organizationid, firstname, lastname, email) " + . " VALUES (:shibid, :shibid, :org, :firstname, :lastname, :email)", array( + 'shibid' => self::$user['shibid'], + 'firstname' => self::$user['firstname'], + 'lastname' => self::$user['lastname'], + 'email' => self::$user['email'], + 'org' => self::getOrganizationId() + )); + } + } + + public static function login($user, $pass) + { + $ret = Database::queryFirst('SELECT userid, password FROM user WHERE login = :user LIMIT 1', array(':user' => $user)); + if ($ret === false) + return false; + if (!Crypto::verify($pass, $ret['passwd'])) + return false; + Session::create(); + Session::setUid($ret['userid']); + Session::set('token', md5(rand() . time() . mt_rand() . $_SERVER['REMOTE_ADDR'] . rand() . $_SERVER['REMOTE_PORT'] . rand() . $_SERVER['HTTP_USER_AGENT'] . microtime(true))); + Session::save(); + return true; + } + + public static function logout() + { + Session::delete(); + Header('Location: ?do=Main&fromlogout'); + exit(0); + } + +} |