Rev 610 | Go to most recent revision | Blame | Last modification | View Log
<?php
/*
*/
if (!(defined('ALCASAR_SESSION') && (ALCASAR_SESSION === 1))){
exit();
}
require_once('mysql.class.php');// the mysql class in already OK!
require_once(ALCASAR_ADMIN_PATH_INC.'/config.inc.php');
require_once('attrmap.php');
class radiusMysqlUser
{
// public properties
// no public properties
// private properties
private $database = null;
private $username = null;
private $userpassword = null; //$userpassword attribute = Crypt-Password
private $userInfos = Array("id"=>"0","Username"=>"","Name"=>"","Mail"=>"","Department"=>"","WorkPhone"=>"","HomePhone"=>"","Mobile"=>"");
private $checkItems = Array();
private $replyItems = Array();
private $op = Array();
private $groups = Array();
//TO DO : init $userInfos, $checkItems and $replyItems fields and operator from config file !!!! URGENT
// protected properties
// no protected properties
// Class constructor
public function __construct($dbOptions = Array())//ok
{
if (count($dbOptions) == 0){
global $config;
$this->database = new mysql($config['mysql_host'],$config['mysql_user'],$config['mysql_pwd'],$config['mysql_db']);
} else {
extract($dbOptions);
if (isset($mysql_host)&&isset($mysql_user)&&isset($mysql_pwd)&&isset($mysql_db)){
$this->database = new mysql($mysql_host,$mysql_user,$mysql_pwd,$mysql_db);
}
}
$this->_init();
}
// Class destructor
public function __destruct()
{
//$this->mysql->close(); //is private !
$this->database = null;
}
// public methods
public static function find($options = Array(), $escape=false)
{
$database = new mysql("127.0.0.1","root","","radius");
/*
If the options are not xss clean, escape all options string by calling _escapeDatas() method.
*/
if ($escape == true) {
//$this->_extractArray($options, true); //create variable from $options array and get xss clean for mysql database
$options = $this->_escapeDatas($options); //create variable from $options array and get xss clean for mysql database
}
/*
The differents $options values are :
$distinct -> only distinct response ?
$username -> only for this username
$fields -> fields to return (default : username)
$search -> search value to find
$search_IN -> search in this/those field(s)(text or array)
$limit -> to limit the resultset
$offset -> offset (work with $limit for pagination)
$sortby -> sort by x field (default : no sorting)
$sortdir -> sort direction (ASC/DESC) (default : no sorting)
$radius_attr-> radius attribute to find (text or array) if search_IN = radius
*/
//mysql_real_escape_string
$sql = "SELECT ";
// distinct option
if ((isset($distinct))&&($distinct=="distinct"))
$sql .= "DISTINCT ";
// field option (make sure that the field exist!)
if ((isset($options['fields']))&&($options['fields']!='')){
$sql .= $options['fields'].", username ";
}else{
$sql .= "username ";
}
$sql .= "FROM userinfo ";
// search option
if ((isset($options['username']))&&($options['username']!='')){
}
// where option
if ((isset($options['username']))&&($options['username']!=""))
{
$sql .= "WHERE username='".$options['username']."'";
$this->username = $options['username'];
}
// sort
if ((isset($options['sortby']))&&($options['sortby']!='')){
$sql .= "ORDER BY ".$options['sortby']." ";
if ((isset($options['sortdir']))&&($options['sortdir']!='')){
$sql .= "LIMIT ".$options['sortdir']." ";
}
}
// limit / offset
if ((isset($options['limit']))&&($options['limit']!='')){
if ((isset($options['offset']))&&($options['offset']!='')){
$sql .= "LIMIT $offset $limit ";
} else {
$sql .= "LIMIT $limit ";
}
}
$sql .= ";";
// query
$result = $database->query($sql);
// return the result values
return $result;
}
public function load($username, $attribute = false) //ok
{
/*
Load an user from mysql database. If $attribute==true, get all chekitems and replyitems attributes too.
*/
$sql = "SELECT * FROM userinfo WHERE UserName='$username';";
$result = $this->database->query($sql);
if (count($result) != 1) return false;
$this->userInfos = $result[0];
$sql = "SELECT * FROM radusergroup WHERE UserName='$username';";
$groups = $this->database->query($sql);
foreach ($groups as $group){
$this->groups[] = $group['groupname'];
}
if ($attribute === true){
// get from radcheck table
$rows=null;
$sql = "SELECT * FROM radcheck WHERE username='$username';";
$rows = $this->database->query($sql);
foreach ($rows as $row){
$this->checkItems[$row['attribute']] = $row['value'];
}
// get from radreply table
$rows=null;
$sql = "SELECT * FROM radreply WHERE username='$username';";
$rows = $this->database->query($sql);
foreach ($rows as $row){
$this->replyItems[$row['attribute']] = $row['value'];
}
}
return true;
}
public function add()//ok
{
/*
Add the current user with all his attribute in the mysql database
(only if the user not already exist)
*/
$sql = "";
//INSERT INTO table (a,b,c) VALUES (1,2,3)
//INSERT userinfo table (insert)
$sql = "INSERT INTO userinfo (UserName, Name, Mail, Department, WorkPhone, HomePhone, Mobile) VALUES ($this->username, $this->userInfos['Name'], $this->userInfos['Mail'], $this->userInfos['Department'],$this->userInfos['WorkPhone'],$this->userInfos['HomePhone'],$this->userInfos['Mobile'])";
$this->database->exec($sql);
//INSERT radcheck table (insert)
foreach($this->checkItems as $key => $value){
if ($value!=""){
$sql = "INSERT INTO radcheck (UserName, attribute, op, value) VALUES ($this->username, $key, $this->op[$key], $value)";
$this->database->exec($sql);
}
}
//INSERT radreply table (insert)
foreach($this->replyItems as $key => $value){
if ($value!=""){
$sql = "INSERT INTO radreply (UserName, attribute, op, value) VALUES ($this->username, $key, $this->op[$key], $value)";
$this->database->exec($sql);
}
}
//INSERT radusergroup table (insert)
foreach($this->groups as $group){
$sql = "INSERT INTO radusergroup (userName, groupname, priority) VALUES ($this->username, $group, 1)";
$this->database->exec($sql);
}
//INSERT radpostauth table (insert)
//$sql = "INSERT INTO radpostauth () VALUES ()";
// NOT YET !
//FUNCTION SET PASSWORD MUST BE CALLED MANUALLY !!!
}
public function delete() //ok
{
if ($this->username === null)
return false;
/*
Delete the current user from the mysql database
note : this function doesn't delete any accounting record of the current user
*/
if ($this->userid == 0) return 0; //0 record deleted
//can be better with transaction
$sql1 = "DELETE FROM radreply WHERE username = $this->username ;";
$sql2 = "DELETE FROM radcheck WHERE username = $this->username ;";
$sql3 = "DELETE FROM radpostauth WHERE username = $this->username ;";
$sql4 = "DELETE FROM radusergroup WHERE username = $this->username ;";
$sql5 = "DELETE FROM userinfo WHERE username = $this->username ;";
$nb1 = $this->database->exec($sql1);
$nb2 = $this->database->exec($sql2);
$nb3 = $this->database->exec($sql3);
$nb4 = $this->database->exec($sql4);
$nb5 = $this->database->exec($sql5);
return ($nb1+$nb2+$nb3+$nb4+$nb5); // n record deleted
}
public function update()
{
if ($this->username === null)
return false;
/*
Update the current user with all his attribute in the mysql database
(only if the user does not already exist)
*/
if ($this->userid == 0) return 0; //0 record deleted
//UPDATE userinfo table (update)
//UPDATE radcheck table (update)
foreach ($this->checkItems as $checkItem){
if ($checkItem == ""){
$this->_deleteItem($checkItem, "radcheck");
} else {
$this->_insertUpdateItem($checkItem, "radcheck");
}
}
//UPDATE radreply table (update)
foreach ($this->replyItems as $replyItem){
if ($replyItem == ""){
$this->_deleteItem($replyItem, "radreply");
} else {
$this->_insertUpdateItem($replyItem, "radreply");
}
}
//UPDATE radusergroup table (update)
foreach ($this->groups as $group){
if ($group == ""){
$this->_deletegroup($group);
} else {
$this->_insertUpdateGroup($group);
}
}
//UPDATE radpostauth table (update)
//NOT YET
}
public function save()
{
if ($this->username === null)
return false;
/*
insert or Update the current user with all his attribute in the mysql database
(use add() and update() method)
*/
if ($this->userInfos['id'] != 0){
// User was loaded, so it exist
return $this->update();
}else{
// load function was not called, we must test if the user exist!
$options['username'] = $this->username;
$users = radiusMysqlUser::find($options);
if (count($users)==0){
//username do not exist
} elseif (count($users)==1){
//username already exist
return $this->update();
} else {
// error in database, we fixe it
$this->delete();
return $this->add();
}
}
}
public function set($key = null, $val=null)//ok
{
/*
Set a value in userInfos, checkItem or replyItem
*/
//exit('hs1');
if (($key == null)||($val == null)){
//exit('hs2');
return false;
} else {
if (array_key_exists($key, $this->userInfos)){
$this->userInfos[$key] = $val;
//exit('hs3');
} elseif (array_key_exists($key, $this->checkItems)){
$this->checkItems[$key] = $val;
//exit('hs4');
} elseif (array_key_exists($key, $this->replyItems)){
$this->replyItems[$key] = $val;
//exit('hs5');
} else{
//exit('hs6');
return false;
}
return true;
}
}
public function get($key = null)//ok
{
/*
Get a userInfos, checkItem or replyItem from the user or get the value from the mysql database
*/
if ($key == null){
$tmp = array_merge($this->userInfos,$this->checkItems, $this->replyItems);
return array_change_key_case($tmp);
} else {
if (array_key_exists($key, $this->userInfos)){
return $this->userInfos[$key];
} elseif (array_key_exists($key, $this->checkItems)){
return $this->checkItems[$key];
} elseif (array_key_exists($key, $this->replyItems)){
return $this->replyItems[$key];
} else{
return null;
}
}
}
public function checkPassword($pwd)
{
// Check the user password
// Return true or false
}
public function setPassword($pwd = null, $username = null)
{
if ($pwd==null){
$pwd = $this->_encrypt($this->checkitems);
} else {
}
// Set or change the user password
/*
$sql =
"SELECT value FROM $config[sql_check_table] WHERE username = '$login'
AND attribute = '$config[sql_password_attribute]';");
"UPDATE $config[sql_check_table] SET value = '$passwd' $text3 WHERE
attribute = '$config[sql_password_attribute]' AND username = '$login';"
"INSERT INTO $config[sql_check_table] (attribute,value,username $text1)
VALUES ('$config[sql_password_attribute]','$passwd','$login' $text2);"
*/
}
public function groups()
{
return $this->groups;
}
public function addgroup($groupname)//ok
{
$this->groups[] = $groupname;
}
public function deletegroup($groupname)//ok
{
if (array_key_exists($groupname, $this->groups)){
unset($this->groups[$groupname]);
}
}
// private methods
private function _insertUpdateItem($itemName, $tableName)
{
// faire un select
$sqlSelect = "";
$result = $database->query($sqlSelect);
if (count($result) > 0){
// update si réponse select > 0
$sqlUpdate = "";
return $this->database->exec($sqlUpdate);
} else {
// insert si réponse select == 0
$sqlInsert = "";
return $this->database->exec($sqlInsert);
}
}
private function _deleteItem($itemName, $tableName)
{
$sql1 = "DELETE FROM $tableName WHERE username = $this->username AND attribute = $itemName;";
return $this->database->exec($sql1);
}
private function _insertUpdateGroup($groupName)
{
// faire un select
$sqlSelect = "";
$result = $database->query($sqlSelect);
if (count($result) > 0){
// update si réponse select > 0
$sqlUpdate = "";
return $this->database->exec($sqlUpdate);
} else {
// insert si réponse select == 0
$sqlInsert = "";
return $this->database->exec($sqlInsert);
}
}
private function _deletegroup($groupName)
{
$sql1 = "DELETE FROM radusergroup WHERE username = $this->username AND groupname = $groupName;";
return $this->database->exec($sql1);
}
private function _escapeDatas($options)
{
}
private function _encrypt()
{
$numargs=func_num_args();
$passwd=func_get_arg(0);
# calcul d'un salt pour forcer le chiffrement en MD5 au lieu de blowfish par defaut dans php version mdva > 2007.1
$salt='$1$passwd$';
if ($numargs == 2){
$salt=func_get_arg(1);
return crypt($passwd,$salt);
}
return crypt($passwd,$salt);
}
private function _init()
{
//TO DO : supprimer les variables globales
global $attrmap, $attr_type, $attr_op;
foreach ($attrmap as $attr){
if ($attr_type[$attr]=="checkItem"){
$this->checkItems[$attr] = "";
}elseif ($attr_type[$attr]=="replyItem"){
$this->replyItems[$attr] = "";
}
if ($attr_op[$attr] != ""){
$this->op[$attr] = $attr_op[$attr];
} else {
$this->op[$attr] = "=";
}
}
}
// protected methods
// no protected method
}
?>
Generated by GNU Enscript 1.6.6.