KXStudio
/
Website
mirror of https://github.com/KXStudio/Website
1
0
Fork 0
Code Releases 0 Activity
KXStudio Website https://kx.studio/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
159 Commits
2 Branches
483MB
Tree: 5305e65238
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '5305e65238'
${ noResults }
Website/News/includes/model/User.php

276 lines
9.4KB
Raw Blame History 

  1. <?php

  2.     /**

  3.      * Class: User

  4.      * The User model.

  5.      *

  6.      * See Also:

  7.      *     <Model>

  8.      */

  9.     class User extends Model {

  10.         public $belongs_to = "group";

  11.         public $has_many = array("posts", "pages");

  12. 

  13.         /**

  14.          * Function: __construct

  15.          * See Also:

  16.          *     <Model::grab>

  17.          */

  18.         public function __construct($user_id, $options = array()) {

  19.             parent::grab($this, $user_id, $options);

  20. 

  21.             if ($this->no_results)

  22.                 return false;

  23. 

  24.             Trigger::current()->filter($this, "user");

  25.         }

  26. 

  27.         /**

  28.          * Function: find

  29.          * See Also:

  30.          *     <Model::search>

  31.          */

  32.         static function find($options = array(), $options_for_object = array()) {

  33.             fallback($options["order"], "id ASC");

  34.             return parent::search(get_class(), $options, $options_for_object);

  35.         }

  36. 

  37.         /**

  38.          * Function: authenticate

  39.          * Checks to see if a given Login and Password match a user in the database.

  40.          *

  41.          * Parameters:

  42.          *     $login - The Login to check.

  43.          *     $password - The matching Password to check.

  44.          *

  45.          * Returns:

  46.          *     @true@ or @false@

  47.          */

  48.         static function authenticate($login, $password) {

  49.             $check = new self(array("login" => $login));

  50. 

  51.             if ($check->no_results)

  52.                 return false;

  53.             else {

  54.                 if (self::checkPassword($password, $check->password))

  55.                     return true;

  56.                 elseif (md5($password) == $check->password) {

  57.                     # Backwards-compatibility:

  58.                     # if their old password is stored as MD5, update

  59.                     # it on authentication to the new hashing scheme.

  60.                     $check->update(null, self::hashPassword($password));

  61.                     return true;

  62.                 } elseif(SQL::current()->adapter == "mysql") {

  63.                     # Some imports might use MySQL password hashing (such as MovableType 3).

  64.                     # Try those too, and update the user if they match.

  65. 

  66.                     $sql = SQL::current();

  67.                     $old = $sql->query("SELECT OLD_PASSWORD(:pass)", array(":pass" => $password))->fetch();

  68.                     if ($old[0] == $check->password) {

  69.                         $check->update(null, self::hashPassword($password));

  70.                         return true;

  71.                     }

  72. 

  73.                     $new = $sql->query("SELECT PASSWORD(:pass)", array(":pass" => $password))->fetch();

  74.                     if ($new[0] == $check->password) {

  75.                         $check->update(null, self::hashPassword($password));

  76.                         return true;

  77.                     }

  78.                 }

  79.             }

  80. 

  81.             return false;

  82.         }

  83. 

  84.         /**

  85.          * Function: add

  86.          * Adds a user to the database with the passed username, password, and e-mail.

  87.          *

  88.          * Calls the @add_user@ trigger with the inserted user.

  89.          *

  90.          * Parameters:

  91.          *     $login - The Login for the new user.

  92.          *     $password - The Password for the new user. Don't hash this, it's done in the function.

  93.          *     $email - The E-Mail for the new user.

  94.          *     $full_name - The full name of the user.

  95.          *     $website - The user's website.

  96.          *     $group - The user's group (defaults to the configured default group).

  97.          *     $joined_at - Join date (defaults to now).

  98.          *     $hash_password - Hash the password automatically? (defaults to true)

  99.          *

  100.          * Returns:

  101.          *     The newly created <User>.

  102.          *

  103.          * See Also:

  104.          *     <update>

  105.          */

  106.         static function add($login,

  107.                             $password,

  108.                             $email,

  109.                             $full_name = "",

  110.                             $website = "",

  111.                             $group_ = null,

  112.                             $joined_at = null,

  113.                             $hash_password = true) {

  114.             $config = Config::current();

  115.             $sql = SQL::current();

  116.             $trigger = Trigger::current();

  117. 

  118.             if (empty($group))

  119.                 $group_id = $config->default_group;

  120.             else

  121.                 $group_id = ($group instanceof Group) ? $group->id : $group;

  122.             

  123.             $new_values = array("login"     => strip_tags($login),

  124.                                 "password"  => ($hash_password ? self::hashPassword($password) : $password),

  125.                                 "email"     => strip_tags($email),

  126.                                 "full_name" => strip_tags($full_name),

  127.                                 "website"   => strip_tags($website),

  128.                                 "group_id"  => $group_id,

  129.                                 "joined_at" => oneof($joined_at, datetime()));

  130. 

  131.             $trigger->filter($new_values, "before_add_user");

  132. 

  133.             $sql->insert("users", $new_values);

  134. 

  135.             $user = new self($sql->latest("users"));

  136. 

  137.             $trigger->call("add_user", $user);

  138. 

  139.             return $user;

  140.         }

  141. 

  142.         /**

  143.          * Function: update

  144.          * Updates the user with the given login, password, full name, e-mail, website, and <Group> ID.

  145.          *

  146.          * Passes all of the arguments to the update_user trigger.

  147.          *

  148.          * Parameters:

  149.          *     $login - The new Login to set.

  150.          *     $password - The new Password to set, already encoded.

  151.          *     $full_name - The new Full Name to set.

  152.          *     $email - The new E-Mail to set.

  153.          *     $website - The new Website to set.

  154.          *     $group_id - The new <Group> to set.

  155.          *

  156.          * See Also:

  157.          *     <add>

  158.          */

  159.         public function update($login     = null,

  160.                                $password  = null,

  161.                                $email     = null,

  162.                                $full_name = null,

  163.                                $website   = null,

  164.                                $group_id  = null,

  165.                                $joined_at = null) {

  166.             if ($this->no_results)

  167.                 return false;

  168. 

  169.             $sql = SQL::current();

  170.             $trigger = Trigger::current();

  171. 

  172.             $old = clone $this;

  173. 

  174.             foreach (array("login", "password", "email", "full_name", "website", "group_id", "joined_at") as $attr)

  175.                 $this->$attr = $$attr = ($$attr !== null ? $$attr : $this->$attr);

  176. 

  177.             $new_values = array("login"     => strip_tags($login),

  178.                                 "password"  => $password,

  179.                                 "email"     => strip_tags($email),

  180.                                 "full_name" => strip_tags($full_name),

  181.                                 "website"   => strip_tags($website),

  182.                                 "group_id"  => $group_id,

  183.                                 "joined_at" => $joined_at);

  184. 

  185.             $trigger->filter($new_values, "before_update_user");

  186. 

  187.             $sql->update("users",

  188.                          array("id" => $this->id),

  189.                          $new_values);

  190. 

  191.             $trigger->call("update_user", $this, $old);

  192.         }

  193. 

  194.         /**

  195.          * Function: delete

  196.          * Deletes a given user. Calls the @delete_user@ trigger and passes the <User> as an argument.

  197.          *

  198.          * Parameters:

  199.          *     $id - The user to delete.

  200.          */

  201.         static function delete($id) {

  202.             parent::destroy(get_class(), $id);

  203.         }

  204. 

  205.         /**

  206.          * Function: hashPassword

  207.          * Creates a secure hash of a user's password.

  208.          *

  209.          * Parameters:

  210.          *     $password - The unhashed password.

  211.          * 

  212.          * Returns:

  213.          *     The securely hashed password to be stored in the database.

  214.          */

  215.         static function hashPassword($password) {

  216.             $hasher = new PasswordHash(8, false);

  217.             $hashedPassword = $hasher->HashPassword($password);

  218.             return $hashedPassword;

  219.         }

  220. 

  221.         /**

  222.          * Function: checkPassword

  223.          * Checks a given password against the stored hash.

  224.          *

  225.          * Parameters:

  226.          *     $password - The unhashed password given during a login attempt.

  227.          *     $storedHash - The stored hash for the user.

  228.          * 

  229.          * Returns:

  230.          *     @true@ or @false@

  231.          */

  232.         static function checkPassword($password, $storedHash) {

  233.             $hasher = new PasswordHash(8, false);

  234.             return $hasher->CheckPassword($password, $storedHash);

  235.         }

  236. 

  237.         /**

  238.          * Function: group

  239.          * Returns a user's group. Example: $user->group->can("do_something")

  240.          * 

  241.          * !! DEPRECATED AFTER 2.0 !!

  242.          */

  243.         public function group() {

  244.             if ($this->no_results)

  245.                 return false;

  246. 

  247.             return new Group($this->group_id);

  248.         }

  249. 

  250.         /**

  251.          * Function: posts

  252.          * Returns all the posts of the user.

  253.          * 

  254.          * !! DEPRECATED AFTER 2.0 !!

  255.          */

  256.         public function posts() {

  257.             if ($this->no_results)

  258.                 return false;

  259. 

  260.             return Post::find(array("where" => array("user_id" => $this->id)));

  261.         }

  262. 

  263.         /**

  264.          * Function: pages

  265.          * Returns all the pages of the user.

  266.          * 

  267.          * !! DEPRECATED AFTER 2.0 !!

  268.          */

  269.         public function pages() {

  270.             if ($this->no_results)

  271.                 return false;

  272. 

  273.             return Page::find(array("where" => array("user_id" => $this->id)));

  274.         }

  275.     }