Blame | Last modification | View Log
<?php
/*
*/
if (!(defined('ALCASAR_SESSION') && (ALCASAR_SESSION === 1))){
exit();
}
require_once('mysql.class.php');// the mysql class in already OK!
require_once(ALCASAR_ADMIN_PATH_INC.'/config.inc.php');
require_once('attrmap.php');
class radiusMysqlUser
{
// public properties
// no public properties
// private properties
private $database = null;
private $username = null;
private $userpassword = null; //$userpassword attribute = Crypt-Password
private $userInfos = Array("id"=>"0","Username"=>"","Name"=>"","Mail"=>"","Department"=>"","WorkPhone"=>"","HomePhone"=>"","Mobile"=>"");
private $checkItems = Array();
private $replyItems = Array();
private $op = Array();
private $groups = Array();
//TO DO : init $userInfos, $checkItems and $replyItems fields and operator from config file !!!! URGENT
// protected properties
// no protected properties
// Class constructor
public function __construct($dbOptions = Array())
{
/*
Db init and config init to do!
*/
if (count($dbOptions) == 0){
global $config;
$this->database = new mysql($config['mysql_host'],$config['mysql_user'],$config['mysql_pwd'],$config['mysql_db']);
} else {
// TO DO
//$this->database = new mysql("127.0.0.1","root","","radius");
}
$this->_init();
}
// Class destructor
public function __destruct()
{
//$this->mysql->close(); //is private !
$this->database = null;
}
// public methods
public static function find($options = Array(), $escape=false)
{
$database = new mysql("127.0.0.1","root","","radius");
/*
If the options are not xss clean, escape all options string by calling _escapeDatas() method.
*/
if ($escape == true) {
//$this->_extractArray($options, true); //create variable from $options array and get xss clean for mysql database
$options = $this->_escapeDatas($options); //create variable from $options array and get xss clean for mysql database
}
/*
The differents $options values are :
$distinct -> only distinct response ?
$username -> only for this username
$fields -> fields to return (default : username)
$search -> search value to find
$search_IN -> search in this/those field(s)(text or array)
$limit -> to limit the resultset
$offset -> offset (work with $limit for pagination)
$sortby -> sort by x field (default : no sorting)
$sortdir -> sort direction (ASC/DESC) (default : no sorting)
$radius_attr-> radius attribute to find (text or array) if search_IN = radius
*/
//mysql_real_escape_string
$sql = "SELECT ";
// distinct option
if ((isset($distinct))&&($distinct=="distinct"))
$sql .= "DISTINCT ";
// field option (make sure that the field exist!)
if ((isset($options['fields']))&&($options['fields']!='')){
$sql .= $options['fields'].", username ";
}else{
$sql .= "username ";
}
$sql .= "FROM userinfo ";
// search option
if ((isset($options['username']))&&($options['username']!='')){
}
// where option
if ((isset($options['username']))&&($options['username']!=""))
{
$sql .= "WHERE username='".$options['username']."'";
$this->username = $options['username'];
}
// sort
if ((isset($options['sortby']))&&($options['sortby']!='')){
$sql .= "ORDER BY ".$options['sortby']." ";
if ((isset($options['sortdir']))&&($options['sortdir']!='')){
$sql .= "LIMIT ".$options['sortdir']." ";
}
}
// limit / offset
if ((isset($options['limit']))&&($options['limit']!='')){
if ((isset($options['offset']))&&($options['offset']!='')){
$sql .= "LIMIT $offset $limit ";
} else {
$sql .= "LIMIT $limit ";
}
}
$sql .= ";";
// query
$result = $database->query($sql);
// return the result values
return $result;
}
public function load($username, $attribute = false) //ok
{
/*
Load an user from mysql database. If $attribute==true, get all chekitems and replyitems attributes too.
*/
$sql = "SELECT * FROM userinfo WHERE UserName='$username';";
$result = $this->database->query($sql);
if (count($result) != 1) return false;
$this->userInfos = $result[0];
$sql = "SELECT * FROM radusergroup WHERE UserName='$username';";
$groups = $this->database->query($sql);
foreach ($groups as $group){
$this->groups[] = $group['groupname'];
}
if ($attribute === true){
// get from radcheck table
$rows=null;
$sql = "SELECT * FROM radcheck WHERE username='$username';";
$rows = $this->database->query($sql);
foreach ($rows as $row){
$this->checkItems[$row['attribute']] = $row['value'];
}
// get from radreply table
$rows=null;
$sql = "SELECT * FROM radreply WHERE username='$username';";
$rows = $this->database->query($sql);
foreach ($rows as $row){
$this->replyItems[$row['attribute']] = $row['value'];
}
}
return true;
}
public function add()
{
/*
Add the current user with all his attribute in the mysql database
(only if the user not already exist)
*/
$sql = "";
//INSERT INTO table (a,b,c) VALUES (1,2,3)
//INSERT userinfo table (insert)
$sql = "INSERT INTO userinfo (UserName, Name, Mail, Department, WorkPhone, HomePhone, Mobile) VALUES ($this->username, $this->userInfos['Name'], $this->userInfos['Mail'], $this->userInfos['Department'],$this->userInfos['WorkPhone'],$this->userInfos['HomePhone'],$this->userInfos['Mobile'])";
$this->database->exec($sql);
//INSERT radcheck table (insert)
foreach($this->checkItems as $key => $value){
if ($value!=""){
$sql = "INSERT INTO radcheck (UserName, attribute, op, value) VALUES ($this->username, $key, $this->op[$key], $value)";
$this->database->exec($sql);
}
}
//INSERT radreply table (insert)
foreach($this->replyItems as $key => $value){
if ($value!=""){
$sql = "INSERT INTO radreply (UserName, attribute, op, value) VALUES ($this->username, $key, $this->op[$key], $value)";
$this->database->exec($sql);
}
}
//INSERT radusergroup table (insert)
foreach($this->groups as $group){
$sql = "INSERT INTO radusergroup (userName, groupname, priority) VALUES ($this->username, $group, 1)";
$this->database->exec($sql);
}
//INSERT radpostauth table (insert)
//$sql = "INSERT INTO radpostauth () VALUES ()";
// NOT YET !
//FUNCTION SET PASSWORD MUST BE CALLED MANUALLY !!!
}
public function delete() //ok
{
if ($this->username === null)
return false;
/*
Delete the current user from the mysql database
note : this function doesn't delete any accounting record of the current user
*/
if ($this->userid == 0) return 0; //0 record deleted
//can be better with transaction
$sql1 = "DELETE FROM radreply WHERE username = $this->username ;";
$sql2 = "DELETE FROM radcheck WHERE username = $this->username ;";
$sql3 = "DELETE FROM radpostauth WHERE username = $this->username ;";
$sql4 = "DELETE FROM radusergroup WHERE username = $this->username ;";
$sql5 = "DELETE FROM userinfo WHERE username = $this->username ;";
$nb1 = $this->database->exec($sql1);
$nb2 = $this->database->exec($sql2);
$nb3 = $this->database->exec($sql3);
$nb4 = $this->database->exec($sql4);
$nb5 = $this->database->exec($sql5);
return ($nb1+$nb2+$nb3+$nb4+$nb5); // n record deleted
}
public function update()
{
if ($this->username === null)
return false;
/*
Update the current user with all his attribute in the mysql database
(only if the user does not already exist)
*/
if ($this->userid == 0) return 0; //0 record deleted
//UPDATE userinfo table (update)
//UPDATE radcheck table (update)
//UPDATE radreply table (update)
//UPDATE radusergroup table (update)
//UPDATE radpostauth table (update)
}
public function save() //ok
{
if ($this->username === null)
return false;
/*
insert or Update the current user with all his attribute in the mysql database
(use add() and update() method)
*/
if ($this->userInfos['id'] != 0){
// User was loaded, so it exist
return $this->update();
}else{
// load function was not called, we must test if the user exist!
$options['username'] = $this->username;
$users = radiusMysqlUser::find($options);
if (count($users)==0){
//username do not exist
} elseif (count($users)==1){
//username already exist
return $this->update();
} else {
// error in database, we fixe it
$this->delete();
return $this->add();
}
}
}
public function get($userInfo = 'null') //ok
{
/*
return userInfos
*/
if (array_key_exists($userInfo, $this->userInfos)){
return $this->userInfos[$userInfo];
} else {
return $this->userInfos;
}
}
public function set($userInfo) //ok
{
/*
Set a value in userInfos
*/
if (array_key_exists($userInfo, $this->userInfos)){
$this->userInfos[$userInfo] = $userInfo;
}
if (strtolower($userInfo) == "username") $this->username = $userInfo;
}
public function getAttribute($attribute = null)
{
/*
Get a checkItem or replyItem from the user or get the value from the mysql database
*/
if ($attribute == null){
return array_merge($this->checkItems, $this->replyItems);
} else {
if (array_key_exists($attribute, $this->userInfos)){
return $this->userInfos[$attribute];
} elseif (array_key_exists($attribute, $this->checkItems)){
return $this->checkItems[$attribute];
} elseif (array_key_exists($attribute, $this->replyItems)){
return $this->replyItems[$attribute];
} else{
return null;
}
}
}
public function setAttribute($attribute)
{
/*
Set a checkItem or replyItem of the user
*/
}
public function checkPassword($pwd)
{
// Check the user password
// Return true or false
}
public function setPassword($pwd = null, $username = null)
{
if ($pwd==null){
$pwd = $this->_encrypt($this->checkitems);
} else {
}
// Set or change the user password
/*
$sql =
"SELECT value FROM $config[sql_check_table] WHERE username = '$login'
AND attribute = '$config[sql_password_attribute]';");
"UPDATE $config[sql_check_table] SET value = '$passwd' $text3 WHERE
attribute = '$config[sql_password_attribute]' AND username = '$login';"
"INSERT INTO $config[sql_check_table] (attribute,value,username $text1)
VALUES ('$config[sql_password_attribute]','$passwd','$login' $text2);"
*/
}
// private methods
private function _escapeDatas($options)
{
}
private function _encrypt()
{
$numargs=func_num_args();
$passwd=func_get_arg(0);
# calcul d'un salt pour forcer le chiffrement en MD5 au lieu de blowfish par defaut dans php version mdva > 2007.1
$salt='$1$passwd$';
if ($numargs == 2){
$salt=func_get_arg(1);
return crypt($passwd,$salt);
}
return crypt($passwd,$salt);
}
private function _init()
{
//TO DO : supprimer les variables globales
global $attrmap, $attr_type, $attr_op;
foreach ($attrmap as $attr){
if ($attr_type[$attr]=="checkItem"){
$this->checkItems[$attr] = "";
}elseif ($attr_type[$attr]=="replyItem"){
$this->replyItems[$attr] = "";
}
if ($attr_op[$attr] != ""){
$this->op[$attr] = $attr_op[$attr];
} else {
$this->op[$attr] = "=";
}
}
}
// protected methods
// no protected method
}
?>
Generated by GNU Enscript 1.6.6.