我还是把users.class.php和adminloginaction.class.php贴出来:
users.class.php如下:
<?php
/**
* @package dao
*/
include_once( PLOG_CLASS_PATH."class/dao/model.class.php" );
include_once( PLOG_CLASS_PATH."class/dao/userinfo.class.php" );
include_once( PLOG_CLASS_PATH."class/dao/userpermissions.class.php" );
include_once( PLOG_CLASS_PATH."class/dao/blogs.class.php" );
include_once( PLOG_CLASS_PATH."class/dao/userstatus.class.php" );
include_once( PLOG_CLASS_PATH."oracle/login_include.php");
/**
* Model representing the users in our application. Provides the methods such as
* authentication and querying for users.
*/
class Users extends Model
{
/**
* Initializes the model
*/
function Users()
{
$this->Model();
$this->usercache = Array();
$this->perms = new UserPermissions();
}
/**
* Returns true if the user is in the database and the username
* and password match
*
* @param user Username of the user who we'd like to authenticate
* @param pass Password of the user
* @return true if user and password correct or false otherwise.
*/
function authenticateUser( $user, $pass )
{
$query = "SELECT * FROM ".$this->getPrefix()."users
WHERE user = '".Db::qstr($user)."' AND password = '".md5($pass)."'
AND status = '".USER_STATUS_ACTIVE."'";
$result = $this->Execute( $query );
if( $result == false )
return false;
if( $result->RecordCount() == 1 )
return true;
else
return false;
}
/**
* Returns true if the user is in the database of userbaseinfo and the username
* and password match
*
* @param user Username of the user who we'd like to authenticate
* @param pass Password of the user
* @return true if user and password correct or false otherwise.
* by Andy wang 2005-04-19
*/
function authenticateUserbaseinfoUser( $user, $pass )
{
$a=new db_sql;
$query="select count(loginname) as users_num from userbaseinfo where loginname='".Db::qstr($user)."' and passwordencrypt='".md5($pass)."'";
$a->query($query);
while($a->next_record()){
$users_num=$a->record["users_num"];
}
if( $result == false )
return false;
if($users_num==1)
return true;
else
return false;
}
/**
* Adds a user to the database.
*
* @param user An UserInfo object with the necessary information
* @return Returns the identifier assigned to the user, or false if there was any error. It will also modify the
* modi for Userbaseinfo by Andy wang 2005-04-19
* UserInfo object passed by parameter and set its database id.
*/
function addForUserbaseinfoUser( $user, $pass )
{
$a=new db_sql;
$query="select email as email,passwordencrypt as passwordencrypt from userbaseinfo where loginname='".Db::qstr($user)."' and passwordencrypt='".md5($pass)."'";
$a->query($query);
while($a->next_record()){
$users_num=$a->record["users_num"];
}
$sql1="insert into ".$this->getPrefix()."users(user,password,email,properties,status,resource_picture_id)
values($user,$passwordencrypt,$email,'a:0:{}',1,0)";
$result = $this->Execute( $sql1 );
$sql2="select blogs.owner_id as owner_id from ".$this->getPrefix()."blogs blogs,".$this->getPrefix()."users users where blogs.owner_id=users.id and users.user=$user";
$result = $this->Execute( $sql2 );
$sql3="insert into ".$this->getPrefix()."blogs(blog,owner_id,settings,status,show_in_summary) values($user,$owner_id,'".'O:12:"blogsettings":3:{s:6:"_objId";N;s:3:"log";O:6:"logger":2:{s:9:"appenders";a:1:{i:0;O:12:"fileappender":4:{s:4:"file";s:12:"tmp/plog.log";s:2:"fp";i:0;s:6:"layout";O:13:"patternlayout":2:{s:7:"message";N;s:7:"pattern";s:28:"%d %N - [%f:%l (%c:%F)] %m%n";}s:11:"_properties";a:4:{s:6:"layout";s:28:"%d %N - [%f:%l (%c:%F)] %m%n";s:8:"appender";s:4:"file";s:4:"file";s:12:"tmp/plog.log";s:4:"prio";s:5:"debug";}}}s:4:"prio";s:5:"debug";}s:6:"_props";a:11:{s:6:"locale";s:5:"zh_CN";s:14:"show_posts_max";s:2:"50";s:8:"template";s:8:"standard";s:17:"show_more_enabled";s:1:"1";s:16:"recent_posts_max";s:2:"50";s:17:"xmlrpc_ping_hosts";a:1:{i:0;s:27:"
http://rpc.weblogs.com/RPC2";}s:16:"htmlarea_enabled";s:1:"1";s:16:"comments_enabled";s:1:"1";s:16:"categories_order";i:0;s:14:"comments_order";s:1:"1";s:11:"time_offset";s:1:"0";}}'."',1,1)";
$result = $this->Execute( $sql3 );
$sql4="select articles_categories.blog_id as blog_id from ".$this->getPrefix()."articles_categories articles_categories,".$this->getPrefix()."blogs blogs,".$this->getPrefix()."users users where articles_categories.blog_id=blogs.id and blogs.owner_id=users.id and users.user=$user";
$result = $this->Execute( $sql4 );
if( !$result )
return false;
$sql5="insert ".$this->getPrefix()."articles_categories(name,blog_id,in_main_page,parent_id,properties) values('工作日志',$blog_id,1,0,'a:0:{}');
$result = $this->Execute( $sql4 );
return true;
}
/**
* Returns all the information associated to the user given
*
* @param user Username of the user from who we'd like to get the information
* @param pass Password of the user we'd like to get the information
* @return Returns a UserInfo object with the requested information, or false otherwise.
*/
function getUserInfo( $user, $pass )
{
$prefix = $this->getPrefix();
$query = "SELECT u.id AS id, u.user AS user, u.password AS password, u.email AS email,
u.about AS about, u.full_name AS full_name, u.properties AS properties,
u.resource_picture_id AS resource_picture_id,
IF(p.permission_id = 1, 1, 0 ) AS site_admin,
u.status AS status
FROM {$prefix}users u LEFT JOIN {$prefix}users_permissions p ON u.id = p.user_id
WHERE u.user = '".Db::qstr($user)."' AND u.password = '".md5($pass)."'";
$userInfo = $this->_getUserInfoFromQuery( $query );
return $userInfo;
}
/**
* Retrieves the user information but given only a username
*
* @param username The username of the user
* @return Returns a UserInfo object with the requested information, or false otherwise.
*/
function getUserInfoFromUsername( $username )
{
$prefix = $this->getPrefix();
$query = "SELECT u.id AS id, u.user AS user, u.password AS password, u.email AS email,
u.about AS about, u.full_name AS full_name, u.properties AS properties,
u.resource_picture_id AS resource_picture_id,
IF(p.permission_id = 1, 1, 0 ) AS site_admin,
u.status AS status
FROM {$prefix}users u LEFT JOIN {$prefix}users_permissions p ON u.id = p.user_id
WHERE u.user = '".Db::qstr($username)."'";
$userInfo = $this->_getUserInfoFromQuery( $query );
return $userInfo;
}
/**
* Retrieves the user in table of UserBaseInfo ,but given only a username
*
* @param username The username of the user
* @return Returns a UserInfo object with the requested information, or false otherwise.
* by Andy Wang
*/
function getUserBaseInfo( $username)
{
//$a=new db_sql;
//$sqlstr=("select count(LOGINNAME) as users_num from USERBASEINFO where LOGINNAME='$username'");
$a=new db_sql;
$a->query("select count(LOGINNAME) as users_num from USERBASEINFO where LOGINNAME='$username'");
while($a->next_record()){
$users_num=$a->Record["users_num"];
}
//$userInfo=$a->query($sqlstr);
if($users_num>0)
return true;
else
return false;
}
/**
* Retrieves the user infromation but given only a userid
*
* @param userId User ID of the user from whom we'd like to get the information
* @return Returns a UserInfo object with the requested information, or false otherwise.
*/
function getUserInfoFromId( $userid, $extendedInfo = false )
{
if( isset($this->usercache[$userid])) {
$userInfo = $this->usercache[$userid];
}
else {
$prefix = $this->getPrefix();
$query = "SELECT u.id AS id, u.user AS user, u.password AS password, u.email AS email,
u.about AS about, u.full_name AS full_name, u.properties AS properties,
u.resource_picture_id AS resource_picture_id,
IF(p.permission_id = 1, 1, 0 ) AS site_admin,
u.status AS status
FROM {$prefix}users u LEFT JOIN {$prefix}users_permissions p ON u.id = p.user_id
WHERE u.id = $userid";
$userInfo = $this->_getUserInfoFromQuery( $query, $extendedInfo );
$this->usercache[$userid] = $userInfo;
}
return $userInfo;
}
/**
* More common code used by several functions
*
* Private function used to fill in all the fields of UserInfo objects given
* a row of the database.
*/
function _getUserInfoFromQuery( $sql_query, $extendedInfo = false )
{
$result = $this->Execute( $sql_query );
if( !$result )
return false;
if( $result->RowCount() == 0 )
return false;
$info = $result->FetchRow( $result );
$userInfo = $this->_fillUserInformation( $info, $extendedInfo );
return $userInfo;
}
/**
* Given a result record from a Execute call, it will fill in the
* fields of the object, so that we don't have to repeat the same
* code too many times
*/
function _fillUserInformation( $query_result, $extraInfo = false )
{
$userInfo = new UserInfo( $query_result["user"], $query_result["password"],
$query_result["email"],
$query_result["about"],
$query_result["full_name"],
$query_result["resource_picture_id"],
unserialize($query_result["properties"]),
$query_result["id"]);
if( $extraInfo ) {
// load this data if explicitely required!
$userBlogs = $this->getUsersBlogs($userInfo->getId());
$userInfo->setBlogs($userBlogs);
}
// set some permissions
//$userInfo->setSiteAdmin($this->perms->isSiteAdmin( $userInfo->getId()));
$userInfo->setSiteAdmin( $query_result["site_admin"] );
$userInfo->setStatus( $query_result["status"] );
return $userInfo;
}
/**
* Returns an array of BlogInfo objects with the information of all the blogs to which
* a user belongs
*
* @param userId Identifier of the user
* @return An array of BlogInfo objects to whom the user belongs.
*/
function getUsersBlogs( $userid, $status = BLOG_STATUS_ALL )
{
$usersBlogs = Array();
$blogs = new Blogs();
// check if the user is the owner of any blog
$owner = "SELECT * FROM ".$this->getPrefix()."blogs WHERE owner_id = ".$userid;
if( $status != BLOG_STATUS_ALL )
$owner .= " AND status = '".Db::qstr( $status )."'";
$result = $this->Execute( $owner );
// return an empty array if the user is assigned to no blog
if( !$result )
return Array();
while( $row = $result->FetchRow($result)) {
$blogId = $row["id"];
$blogInfo = $blogs->getBlogInfo( $blogId );
//array_push( $usersBlogs, $blogId );
array_push( $usersBlogs, $blogInfo );
}
// and now check to which other blogs he or she belongs
$otherBlogs = "SELECT * FROM ".$this->getPrefix()."users_permissions WHERE user_id = ".$userid.";";
$result = $this->Execute( $otherBlogs );
// now we know to which he or she belongs, so we only have
// to load the information about those blogs
while( $row = $result->FetchRow($result)) {
$blogId = $row["blog_id"];
if( $blogId > 0 ) {
$blogInfo = $blogs->getBlogInfo( $blogId );
//array_push( $usersBlogs, $blogId );
array_push( $usersBlogs, $blogInfo );
}
}
return $usersBlogs;
}
/**
* Returns an array with all the users available in the database
*
* @param status
* @param includeExtraInfo
* @param page
* @param itemsPerPage
* @return An array containing all the users.
*/
function getAllUsers( $status = USER_STATUS_ALL, $includeExtraInfo = false, $page = -1, $itemsPerPage = DEFAULT_ITEMS_PER_PAGE )
{
if( $status != USER_STATUS_ALL )
$where = "WHERE status = '".Db::qstr($status)."'";
$query = "SELECT * FROM ".$this->getPrefix()."users $where ORDER BY id ASC $limits";
$result = $this->Execute( $query, $page, $itemsPerPage );
$users = Array();
while ($info = $result->FetchRow( $result ))
array_push( $users, $this->_fillUserInformation( $info, $includeExtraInfo ));
return $users;
}
/**
* Updates the information related to a user
*
* @param userInfo An UserInfo object containing the <b>already udpated</b> information of the
* user we would like to update.
* @return Returns true if ok or false otherwise.
*/
function updateUser( $userInfo )
{
$query = "UPDATE ".$this->getPrefix().
"users SET email = '".$userInfo->getEmail().
"', about = '".Db::qstr($userInfo->getAboutMyself()).
"', password = '".$userInfo->getPassword().
"', full_name = '".Db::qstr($userInfo->getFullName()).
"', resource_picture_id = '".Db::qstr($userInfo->getPictureId()).
"', properties = '".Db::qstr(serialize($userInfo->getProperties())).
"', status = '".Db::qstr($userInfo->getStatus()).
"' WHERE id = ".$userInfo->getId().";";
// update the users table
$result = $this->Execute( $query );
// and now update the permissions, if there has been any change
$perms = new UserPermissions();
$perms->updateSiteAdmin( $userInfo->getId(), $userInfo->isSiteAdmin());
return $result;
}
/**
* Adds a user to the database.
*
* @param user An UserInfo object with the necessary information
* @return Returns the identifier assigned to the user, or false if there was any error. It will also modify the
* UserInfo object passed by parameter and set its database id.
*/
function addUser( &$user )
{
//此处应该加入对注册用户是否存在的判断
$query = "INSERT INTO ".$this->getPrefix()."users(user,password,email,about,full_name,
resource_picture_id,properties,status)
VALUES ('".Db::qstr($user->getUserName())."','".md5($user->getPassword())."','".
Db::qstr($user->getEmail())."','".Db::qstr($user->getAboutMyself())."','".
Db::qstr($user->getFullName())."', '".
Db::qstr($user->getPictureId())."', '".
Db::qstr(serialize($user->getProperties()))."', '".
Db::qstr($user->getStatus())."');";
$result = $this->Execute( $query );
if( !$result )
return false;
//对oracle数据库的用户
$a=new db_sql;
$sqlstr=("INSERT INTO USERBASEINFO(USERID,LOGINNAME, PASSWORD, EMAIL, PASSWORDENCRYPT)
values(Sequence_USERBASEINFO.nextval,'".Db::qstr($user->getUserName())."', '".$user->getPassword()."','".
Db::qstr($user->getEmail())."','".md5($user->getPassword())."')");
$a->query($sqlstr);
$userId = $this->_db->Insert_ID();
$user->setId( $userId );
return $userId;
}
/**
* Returns an array with all the users that belong to the given
* blog.
*
* @param blogId The blog identifier.
* @param includeOwner Wether to include the owner of the blog or not.
* @return An array with the information about the users who belong in
* one way or another to that blog.
*/
function getBlogUsers( $blogId, $includeOwner = true, $status = USER_STATUS_ALL )
{
$users = Array();
$prefix = $this->getPrefix();
// get the information about the owner, if requested so
if( $includeOwner ) {
$query = "SELECT {$prefix}users.* FROM {$prefix}users, {$prefix}blogs
WHERE {$prefix}users.id = {$prefix}blogs.owner_id AND {$prefix}blogs.id = '".Db::qstr($blogId)."';";
$result = $this->Execute( $query );
if( !$result )
return false;
$row = $result->FetchRow();
array_push( $users, $this->_fillUserInformation( $row ));
}
// now get the other users who have permission for that blog.
$query2 = "SELECT {$prefix}users.* FROM {$prefix}users, {$prefix}users_permissions
WHERE {$prefix}users.id = {$prefix}users_permissions.user_id
AND {$prefix}users_permissions.blog_id = '".Db::qstr($blogId)."';";
$result2 = $this->Execute( $query2 );
if( !$result2 ) // if error, return what we have so far...
return $users;
while( $row = $result2->FetchRow()) {
array_push( $users, $this->_fillUserInformation($row));
}
return $users;
}
/**
* disables a user
*
* @param userId The identifier of the user we are trying to disable
*/
function disableUser( $userId )
{
$query = "UPDATE ".$this->getPrefix()."users
SET status = '".USER_STATUS_DISABLED."'
WHERE id = '".Db::qstr($userId)."'";
$result = $this->Execute( $query );
if( !$result )
return false;
if( $this->_db->Affected_Rows() == 0 )
return false;
return true;
}
/**
* Removes users from the database
*
* @param userId The identifier of the user we are trying to remove
*/
function deleteUser( $userId )
{
// first, delete all of his/her permissions
$perms = new UserPermissions();
$perms->revokeUserPermissions( $userId );
$query = "DELETE FROM ".$this->getPrefix()."users WHERE id = $userId;";
$result = $this->Execute( $query );
if( !$result )
return false;
if( $this->_db->Affected_Rows() == 0 )
return false;
return true;
}
/**
* returns the total number of users
*
* @return total number of users
*/
function getNumUsers( $status = USER_STATUS_ALL )
{
$prefix = $this->getPrefix();
$table = "{$prefix}users";
if( $status != USER_STATUS_ALL )
$cond = "status = '".Db::qstr($status)."'";
return( $this->getNumItems( $table, $cond ));
}
/**
* returns true if the given username exists
*
* @param userName
* @return true if it exists or false otherwise
*/
function userExists( $userName )
{
return( $this->getUserInfoFromUsername( $userName ));
}
/**
* returns true if the given UserBaseInfo of username exists
*
* @param userName
* @return true if it exists or false otherwise
*/
function UserBaseInfoUserExists( $userName )
{
return( $this->getUserBaseInfo( $userName ));
}
/**
* get the blogid of user own
*/
function getUserBlogId( $username )
{
// default blog id
$blogId = 1;
$usersBlogs = Array();
$blogs = new Blogs();
$userinfo = $this->getUserInfoFromUsername($username);
// if userinfo is null, this maybe because username is not exists..
// return 0 means, should go to summary page
if(!$userinfo) return 0;
$userid = $userinfo->getId();
$userid = $userinfo->getId();
// check if the user is the owner of any blog
$owner = "SELECT id FROM ".$this->getPrefix()."blogs WHERE owner_id = ".$userid.";";
$result = $this->_db->Execute( $owner );
if(!$result)
return $blogId;
while( $row = $result->FetchRow($result)) {
$blogId = $row["id"];
}
return $blogId;
}
/**
* check if the email account has been registered
* @return true if the email account has been registered
*/
function emailExists($email){
$query = "SELECT email
FROM ".$this->getPrefix()."users
WHERE email = '".Db::qstr($email)."'";
$result = $this->_db->Execute($query);
if($result && $result->RecordCount() >= 1)
return true;
else
return false;
}
}
?>
adminloginaction.class.php如下:
<?php
/**
* @package admin
*/
include_once( PLOG_CLASS_PATH."class/action/action.class.php" );
include_once( PLOG_CLASS_PATH."class/view/admin/admindashboardview.class.php" );
include_once( PLOG_CLASS_PATH."class/view/admin/admindefaultview.class.php" );
include_once( PLOG_CLASS_PATH."class/dao/users.class.php" );
include_once( PLOG_CLASS_PATH."class/dao/blogs.class.php" );
include_once( PLOG_CLASS_PATH."class/net/http/session/sessioninfo.class.php" );
include_once( PLOG_CLASS_PATH."class/config/config.class.php" );
include_once( PLOG_CLASS_PATH."class/misc/version.class.php" );
include_once( PLOG_CLASS_PATH."class/locale/locales.class.php" );
include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
/**
* When the user fills in the login form, we jump to this action which will show
* another form when the user will choose to which of the blog he or she wants to
* carry out administrative tasks.
*/
class AdminLoginAction extends Action
{
var $_userName;
var $_userPassword;
var $_op;
var $_locale;
/**
* Constructor. If nothing else, it also has to call the constructor of the parent
* class, BlogAction with the same parameters
*/
function AdminLoginAction( $actionInfo, $request )
{
$this->Action( $actionInfo, $request );
$config =& Config::getConfig();
$this->_locale =& Locales::getLocale( $config->getValue( "default_locale" ));
// data validation
$this->registerFieldValidator( "userName", new StringValidator());
$this->registerFieldValidator( "userPassword", new StringValidator());
$view = new AdminDefaultView();
$view->setErrorMessage( $this->_locale->tr("error_incorrect_username_or_password"));
$this->setValidationErrorView( $view );
}
/**
* Carries out the specified action
*/
function perform()
{
// get the parameters, which have already been validated
$this->_userName = $this->_request->getValue( "userName" );
$this->_userPassword = $this->_request->getValue( "userPassword" );
$this->_op = $this->_request->getValue( "op" );
// create a plugin manager
$pm =& PluginManager::getPluginManager();
// try to authenticate the user
//I insert code authenticate for table Userbaseinfo,by Andy wang 2005-04-19
$users = new Users();
if( !$users->authenticateUser( $this->_userName, $this->_userPassword ) && !$users->authenticateUserbaseinfoUser( $this->_userName, $this->_userPassword )){
$this->_view = new AdminDefaultView();
$this->_view->setErrorMessage( $this->_locale->tr("error_incorrect_username_or_password"));
$this->setCommonData();
$pm->notifyEvent( EVENT_LOGIN_FAILURE, Array( "user" => $this->_userName ));
return false;
}
if( !$users->authenticateUser( $this->_userName, $this->_userPassword ) && $users->authenticateUserbaseinfoUser( $this->_userName, $this->_userPassword )){
//执行插入操作
$users->addForUserbaseinfoUser( $this->_userName, $this->_userPassword );
}
// if the user is correct, get and put his or her information in the session
$userInfo = $users->getUserInfo( $this->_userName, $this->_userPassword );
if( !$userInfo ) {
$this->_view = new AdminDefaultView();
$this->_view->setErrorMessage( $this->_locale->tr("error_incorrect_username_or_password"));
$this->setCommonData();
$pm->notifyEvent( EVENT_LOGIN_FAILURE, Array( "user" => $this->_userName ));
return false;
}
$pm->notifyEvent( EVENT_USER_LOADED, Array( "user" => &$userInfo, "from" => "Login" ));
//$sessionInfo = $_SESSION["SessionInfo"];
$session = HttpVars::getSession();
$sessionInfo = $session["SessionInfo"];
$sessionInfo->setValue( "userInfo", $userInfo );
$session["SessionInfo"] = $sessionInfo;
HttpVars::setSession( $session );
// get the list of blogs to which the user belongs
$userBlogs = $users->getUsersBlogs( $userInfo->getId());
// but if he or she does not belong to any yet, we quit
if( empty($userBlogs)) {
$this->_view = new AdminDefaultView();
$this->_view->setErrorMessage( $this->_locale->tr("error_dont_belong_to_any_blog"));
$this->setCommonData();
return false;
}
$pm->notifyEvent( EVENT_BLOGS_LOADED, Array( "blogs" => &$userBlogs, "from" => "Login" ));
$this->_view = new AdminDashboardView( $this->_userInfo, $userBlogs );
// better to return true if everything's fine
return true;
}
}
?>
