diff options
Diffstat (limited to 'site/app/models/user.php')
| -rw-r--r-- | site/app/models/user.php | 166 |
1 files changed, 4 insertions, 162 deletions
diff --git a/site/app/models/user.php b/site/app/models/user.php index 6a92c7b..ded13d3 100644 --- a/site/app/models/user.php +++ b/site/app/models/user.php @@ -53,18 +53,7 @@ class User extends AppModel 'joinTable' => 'addons_users', 'foreignKey' => 'user_id', 'associationForeignKey' => 'addon_id' - ), - 'CollectionSubscriptions' => - array('className' => 'Collection', - 'joinTable' => 'collection_subscriptions', - 'foreignKey' => 'user_id', - 'associationForeignKey' => 'collection_id' - ), - 'Collections' => - array('className' => 'Collection', - 'joinTable' => 'collections_users', - 'foreignKey' => 'user_id', - 'associationForeignKey' => 'collection_id') + ) ); var $hasMany_full = array('Approval' => array('className' => 'Approval', @@ -103,13 +92,11 @@ class User extends AppModel 'limit' => '', 'foreignKey' => 'user_id', 'dependent' => true, - 'exclusive' => false, + 'exculsive' => false, 'finderSql' => '' - ), + ) ); - - var $translated_fields = array('bio'); - + var $validate = array( 'email' => VALID_EMAIL, 'password' => VALID_NOT_EMPTY, @@ -167,150 +154,5 @@ class User extends AppModel return parent::beforeValidate(); } - - /* Password handling inspired by Django. */ - - /** - * Check a raw password against the User's stored password. - * If the User has an old-style md5 password it will be updated - * to the new hashing scheme if the $rawPassword checks. - * - * $self must be an assoc array containing 'password' and 'id'. - */ - function checkPassword($self, $rawPassword) { - $storedPassword = $self['password']; - if (strpos($storedPassword, '$') === false) { - // Old-style password. - $hashedPassword = md5($rawPassword); - $valid = !empty($storedPassword) && $storedPassword == $hashedPassword; - // Update to the new scheme. - if ($valid) { - // Using SQL so we don't upset $this->User. - $newPassword = $this->createPassword($rawPassword); - $this->execute("UPDATE users - SET `password`='{$newPassword}' - WHERE `id`={$self['id']}"); - } - return $valid; - } - return $this->_checkPassword($rawPassword, $storedPassword); - } - - /** - * Validate a new-style password. - */ - function _checkPassword($rawPassword, $encPassword) { - if (empty($encPassword)) { - return false; - } - list($algo, $salt, $storedPassword) = split('\$', $encPassword); - $hashedPassword = $this->getHexDigest($algo, $salt, $rawPassword); - // Check isset to make sure the split worked. - return isset($storedPassword) && $storedPassword == $hashedPassword; - } - - /** - * Create a password that looks like '$algorithm$salt$encrypted'. - */ - function createPassword($rawPassword, $algo='sha512') { - // 64 chars ought to be enough salt for anybody. - $salt = $this->getHexDigest($algo, uniqid(rand(), true), uniqid(rand(), true)); - $salt = substr($salt, 0, 64); - - $hashedPassword = $this->getHexDigest($algo, $salt, $rawPassword); - $password = $algo.'$'.$salt.'$'.$hashedPassword; - return $password; - } - - /** - * Returns a string of the hexdigest of the given plaintext password and - * salt using the given algorithm. - */ - function getHexDigest($algo, $salt, $rawPassword) { - return hash($algo, $salt.$rawPassword); - } - - function setResetCode($user_id) { - $code = md5(mt_rand()); - $expires = strtotime(PASSWORD_RESET_EXPIRES.' days'); - $this->save(array('id' => $user_id, - 'resetcode' => $code, - 'resetcode_expires' => date('Y-m-d H:i:s', $expires))); - return $code; - } - - function checkResetCode($user_id, $code) { - $user = $this->find(array("User.id = {$user_id}", - "User.resetcode_expires > NOW()")); - return $user && $code == $user['User']['resetcode']; - } - - /** - * Get subscriptions - * - * @param int $userId user id - */ - function getSubscriptions($userId) { - - // Just bind to the collection subscriptions relation. - $this->bindModel(array( - 'hasAndBelongsToMany' => array( - 'CollectionSubscriptions' => - $this->hasAndBelongsToMany_full['CollectionSubscriptions'] - ) - )); - $user = $this->findById($userId); - - $collectionIds = array(); - //Fetch collections to get translations - foreach($user['CollectionSubscriptions'] as $collection) { - $collectionIds[] = $collection['id']; - } - - $criteria = array('Collection.id' => $collectionIds); - $subscriptions = $this->Collection->findAll($criteria); - return $subscriptions; - } - - /** - * Get IDs of collections this user has write access to - * - * @param int $userId user id - * @param int $app (optional) only show collections with this app ID, defaults to all - * @param array $filterAddons (optional) list of add-ons to exclude: - * collections containing these will not be returned - * @return array unsorted list of IDs this user has write access to - */ - function getCollections($userId, $app = null, $filterAddons = array()) { - if (!is_numeric($userId)) return false; - - $db =& ConnectionManager::getDataSource($this->useDbConfig); - if (!empty($filterAddons)) { - $_join = ' LEFT JOIN addons_collections AS ac ON (ac.collection_id = c.id ' - .'AND ac.addon_id IN ('.implode(',', array_map(array($db, 'value'), $filterAddons)).'))'; - $_where = ' AND ac.addon_id IS NULL'; - } else { - $_join = ''; - $_where = ''; - } - - if (!empty($app) && is_numeric($app)) { - $_where .= " AND c.application_id = {$app}"; - } - - $res = $this->query( - "SELECT DISTINCT c.id " - ."FROM collections_users AS cu " - ."INNER JOIN collections AS c ON (cu.collection_id = c.id) " - .$_join - ."WHERE cu.user_id = {$userId} " - ."AND cu.role IN (".implode(',', array(COLLECTION_ROLE_OWNER, - COLLECTION_ROLE_ADMIN, COLLECTION_ROLE_PUBLISHER))."){$_where}"); - - $collectionIds = array(); - foreach($res as &$_coll) $collectionIds[] = $_coll['c']['id']; - - return $collectionIds; - } } ?> |