From dcb1d7a5b6c057f34f8cc4aa69275cc4ddb109d3 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 9 Mar 2015 18:08:15 +0100 Subject: +AGB, +DeleteUser feature --- inc/database.inc.php | 15 +-------------- inc/session.inc.php | 2 +- inc/user.inc.php | 52 +++++++++++++++++++++++++++++++--------------------- 3 files changed, 33 insertions(+), 36 deletions(-) (limited to 'inc') diff --git a/inc/database.inc.php b/inc/database.inc.php index efc330f..f76c9e7 100644 --- a/inc/database.inc.php +++ b/inc/database.inc.php @@ -14,21 +14,8 @@ class Database private static $dbh = false; private static $statements = array(); - /** - * Get database schema version - used for checking for updates - * @return int Version of db schema - */ - public static function getExpectedSchemaVersion() - { - return 9; - } - public static function needSchemaUpdate() - { - return Property::getCurrentSchemaVersion() < self::getExpectedSchemaVersion(); - } - - /** + /** * Connect to the DB if not already connected. */ private static function init() diff --git a/inc/session.inc.php b/inc/session.inc.php index 6718006..891a465 100644 --- a/inc/session.inc.php +++ b/inc/session.inc.php @@ -86,7 +86,7 @@ class Session { if (self::$sid === false) return; Database::exec('DELETE FROM websession WHERE sid = :sid', array('sid' => self::$sid)); - @setcookie('sid', '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true); + @setcookie('sid', '', time() - CONFIG_SESSION_TIMEOUT, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true); self::$sid = false; self::$data = false; } diff --git a/inc/user.inc.php b/inc/user.inc.php index ef29003..e2b7e43 100644 --- a/inc/user.inc.php +++ b/inc/user.inc.php @@ -43,7 +43,7 @@ class User { if (!isset(self::$user['userid'])) return false; - return (int)self::$user['userid']; + return (int) self::$user['userid']; } public static function getMail() @@ -106,9 +106,8 @@ class User return false; if (is_null(self::$organization)) { self::$organization = Database::queryFirst('SELECT organizationid, name FROM satellite_suffix ' - . ' INNER JOIN satellite USING (organizationid) ' - . ' WHERE suffix = :org LIMIT 1', - array('org' => self::$user['organization'])); + . ' INNER JOIN satellite USING (organizationid) ' + . ' WHERE suffix = :org LIMIT 1', array('org' => self::$user['organization'])); } return self::$organization; } @@ -133,9 +132,12 @@ class User Session::save(); } self::$isShib = true; - if (!isset($_SERVER['sn'])) $_SERVER['sn'] = ''; - if (!isset($_SERVER['givenName'])) $_SERVER['givenName'] = ''; - if (!isset($_SERVER['mail'])) $_SERVER['mail'] = ''; + if (!isset($_SERVER['sn'])) + $_SERVER['sn'] = ''; + if (!isset($_SERVER['givenName'])) + $_SERVER['givenName'] = ''; + if (!isset($_SERVER['mail'])) + $_SERVER['mail'] = ''; $shibId = md5($_SERVER['persistent-id']); self::$user = array( 'userid' => 0, @@ -159,6 +161,7 @@ class User // No match in database, user is not signed up return true; } + self::$user['userid'] = $user['userid']; if (Session::getUid() === false) { Session::setUid($user['userid']); Session::save(); @@ -182,18 +185,18 @@ class User Database::exec("INSERT INTO user (shibid, login, organizationid, firstname, lastname, email) " . " VALUES (:shibid, :shibid, :org, '', '', '') " . " ON DUPLICATE KEY UPDATE firstname = '', lastname = '', email = ''", array( - 'shibid' => self::$user['shibid'], - 'org' => self::getOrganizationId() + 'shibid' => self::$user['shibid'], + 'org' => self::getOrganizationId() )); } else { Database::exec("INSERT INTO user (shibid, login, organizationid, firstname, lastname, email) " . " VALUES (:shibid, :shibid, :org, :firstname, :lastname, :email) " . " ON DUPLICATE KEY UPDATE firstname = VALUES(firstname), lastname = VALUES(lastname), email = VALUES(email)", array( - 'shibid' => self::$user['shibid'], - 'firstname' => self::$user['firstname'], - 'lastname' => self::$user['lastname'], - 'email' => self::$user['email'], - 'org' => self::getOrganizationId() + 'shibid' => self::$user['shibid'], + 'firstname' => self::$user['firstname'], + 'lastname' => self::$user['lastname'], + 'email' => self::$user['email'], + 'org' => self::getOrganizationId() )); } } @@ -204,23 +207,23 @@ class User return false; $pw = Crypto::hash6($pass); $ret = Database::exec('UPDATE user SET password = :pass WHERE userid = :user LIMIT 1', array( - 'pass' => $pw, - 'user' => self::getId() + 'pass' => $pw, + 'user' => self::getId() )); return $ret == 1; } - public static function updateMail($mail) { if (!self::isLoggedIn() || self::$isShib || !self::$isInDb) return false; $ret = Database::exec('UPDATE user SET email = :mail WHERE userid = :user LIMIT 1', array( - 'mail' => $mail, - 'user' => self::getId() + 'mail' => $mail, + 'user' => self::getId() )); return $ret == 1 || $mail === self::get('email'); } + public static function login($user, $pass) { $ret = Database::queryFirst('SELECT userid, password FROM user WHERE login = :user LIMIT 1', array(':user' => $user)); @@ -240,15 +243,22 @@ class User foreach ($_COOKIE as $name => $value) { if (substr($name, 0, 5) !== '_shib') continue; - @setcookie($name, '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true); + @setcookie($name, '', time() - CONFIG_SESSION_TIMEOUT, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true); } Session::delete(); if (self::$isShib) { - Header('Location: ?do=Logout&noredirect=yes'); + Header('Location: ' . CONFIG_PREFIX . '?do=Logout&noredirect=yes'); } else { Header('Location: ?do=Main'); } exit(0); } + public static function delete() + { + if (!User::isLoggedIn() || !User::isInDatabase()) + return true; + return Database::exec("DELETE FROM user WHERE userid = :userid LIMIT 1", array('userid' => User::getId()), true) > 0; + } + } -- cgit v1.2.3-55-g7522