/lenasys/trunk : contents of codeigniter/application/models/user.php at revision 53.2.2

: (revision 53.2.2)

To get this branch, use:

bzr branch
http://gegoxaren.bato24.eu/bzr/lenasys/trunk

<?php
	Class User extends CI_Model {
		/*
		 *	Constructor
		 */
		function __construct() {
			parent::__construct();
			
			//Load required libraries and drivers
			$this->load->database();
			$this->load->library('session');
		}


		/*
		 *	This function returns the users password hint (or FALSE if user isn't logged in).
		 *  RESTRICTED-LEVEL: None
		 */ 
		public function getPasswordHint($user) {
			//Query-structure
			$this->db->select('passwdHint');
			$this->db->from('Users');
			$this->db->where('userName', $user);
			$this->db->limit(1);
			
			//Execute query
			$query = $this->db->get();
			$result = $query->result();
			
			//If a matching DB record is found.
			if($result) {
			    foreach($result as $row) {
			    	$hint = $row->passwdHint;
			    	
			    	//Return hint
			    	return $hint;
			    }
			}
			
			//No such user
			return FALSE;
		}


		/*
		 *	This function logs the user in (returns FALSE on fail).
		 *  RESTRICTED-LEVEL: None
		 */ 
		public function login($username, $password)
		{			
			//Generate a salted hash
			$hash = $this->getSaltedHash($password);
	
			//Query-structure
			$this->db->select('userName, name, passwd, userType, ssn');
			$this->db->from('Users');
			$this->db->where('userName', $username);
			$this->db->where('passwd', $hash);
			$this->db->limit(1);
			
			//Execute query
			$query = $this->db->get();
			$result = $query->result();
			
			//If a matching DB record is found.
			if($result) {
				//Prepare session data
				$userDetails = array();
				foreach($result as $row) {
					$userDetails = array(
						'username' => $row->userName,
						'name' => $row->name,
						'usertype' => $row->userType,
						'ssn' => $row->ssn
					);
				}
				
				//Set session data
				$this->session->set_userdata('authenticated', $userDetails);
				
				//Return success
				return TRUE;
			}

			//Return fail
			return FALSE;	
		}


		/*
		 *	This function logs the user out.
		 *  RESTRICTED-LEVEL: Self
		 */ 
		public function logout() {		
			//Unset session data
			$this->session->unset_userdata('authenticated');
		}
		

		/*
		 *	This function changes the users password.
		 *  RESTRICTED-LEVEL: Self
		 */ 
		public function changePassword($pwdOld, $pwdNew, $pwdHint) {
			//Check that a user is logged in.
			if($this->isLoggedIn()) {
				$user = $this->getUserName();
				$oldHash = $this->getSaltedHash($pwdOld);
				$newHash = $this->getSaltedHash($pwdNew);
				
				//Validate input with database
				$this->db->select('userName');
				$this->db->from('Users');
				$this->db->where('userName', $user);
				$this->db->where('passwd', $oldHash);
				$this->db->limit(1);
				$query = $this->db->get();
				$result = $query->result();
				
				//If a matching DB record is found, update database.
				if($result) {
					$data = array(
						'passwd' => $newHash,
						'passwdHint' => $pwdHint
					);
					
					$this->db->where('userName', $user);
					$this->db->update('Users', $data);
					
					//Return Success!
					return TRUE;							
				}
			}
			
			//Return error
			return FALSE;
		}


		/*
		 *	This function registers user into the database.
		 *  RESTRICTED-LEVEL: Teacher
		 */
		public function addUser($userName, $name, $ssn, $password, $userType, $pwdHint) {
			//Check that a user is logged in and has the right privileges (is teacher)
			if($this->isLoggedIn() && $this->getUserType() === 'Teacher') {
				//Generate a salted hash
				$hash = $this->getSaltedHash($password);
				
				//Query-structure (All values are escaped automatically by codeigninte, producing safer queries.)
				$this->db->set('userName', $userName);
				$this->db->set('name', $name);
				$this->db->set('ssn', $ssn);
				$this->db->set('passwd', $password);
				$this->db->set('userType', $userType);
				$this->db->set('passwdHint', $pwdHint);
				$result = $this->db->insert('Users');
				
				//Check for my-sql error
				if($result) {
					//Return success
					return TRUE;
				} 
			}
			
			//Return error
			return FALSE;
		}
		
		
		/*
		 *	This function removes users from the database.
		 *  RESTRICTED-LEVEL: Teacher
		 */ 
		public function removeUser($userName) {
			//Check that a user is logged in, has the right privileges (is teacher) and not is the users own username.
			if($this->isLoggedIn() && $this->getUserType() === 'Teacher' && $this->getUserName() != $userName) {
				//Query-structure
				$this->db->where('userName', $userName);
				$result = $this->db->delete('Users');		 
				
				//Check for my-sql error
				if($result) {
					//Return success
					return TRUE;
				} 
			}
			
			//Return error
			return FALSE;
		}
		

		/*
		 *	Generates a salted password hash, encrypted with sha1.
		 */		
		private function getSaltedHash($pwd) {
			//Salt = CodeIgniters encryption-key from config
			$salt = $this->config->item('encryption_key');
			
			//Generate SHA1 hash using salt
			$hash = sha1($salt.$pwd);
			
			return $hash;
		}
		
		
		/*
		 *	This function return TRUE if the user is logged in and FALSE otherwise.
		 *  RESTRICTED-LEVEL: System
		 */ 
		public function isLoggedIn() {	
			if ($this->session->userdata('authenticated')) {
				return TRUE;
			}
			
			return FALSE;
		}
		
		
		/*
		 *	This function returns the users type (or FALSE if user isn't logged in).
		 *  RESTRICTED-LEVEL: System
		 */ 
		public function getUserType() {	
			if($this->isLoggedIn()) {
				$temp = $this->session->userdata('authenticated');
				return $temp['usertype'];
			}
			
			return FALSE;
		}
		
		
		/*
		 *	This function returns the username (or FALSE if user isn't logged in).
		 *  RESTRICTED-LEVEL: System
		 */ 
		public function getUserName() {	
			if($this->isLoggedIn()) {
				$temp = $this->session->userdata('authenticated');
				return $temp['username'];
			}
			
			return FALSE;
		}
	}
?>

36.3.1 by Daniel Hermansson Added login functionality	1	<?php
	2	Class User extends CI_Model {
	3	/*
	4	* Constructor
	5	*/
	6	function __construct() {
	7	parent::__construct();
	8
53.2.2 by Daniel Hermansson Activated hash salting, and cleaned up some code.	9	//Load required libraries and drivers
36.3.1 by Daniel Hermansson Added login functionality	10	$this->load->database();
	11	$this->load->library('session');
	12	}
	13
53.2.2 by Daniel Hermansson Activated hash salting, and cleaned up some code.	14
	15	/*
	16	* This function returns the users password hint (or FALSE if user isn't logged in).
	17	* RESTRICTED-LEVEL: None
	18	*/
	19	public function getPasswordHint($user) {
	20	//Query-structure
	21	$this->db->select('passwdHint');
	22	$this->db->from('Users');
	23	$this->db->where('userName', $user);
	24	$this->db->limit(1);
	25
	26	//Execute query
	27	$query = $this->db->get();
	28	$result = $query->result();
	29
	30	//If a matching DB record is found.
	31	if($result) {
	32	foreach($result as $row) {
	33	$hint = $row->passwdHint;
	34
	35	//Return hint
	36	return $hint;
	37	}
	38	}
	39
	40	//No such user
	41	return FALSE;
	42	}
	43
	44
36.3.1 by Daniel Hermansson Added login functionality	45	/*
52.1.1 by b11johgu Added controllers for examplepage, templatelayout.	46	* This function logs the user in (returns FALSE on fail).
53.2.2 by Daniel Hermansson Activated hash salting, and cleaned up some code.	47	* RESTRICTED-LEVEL: None
36.3.1 by Daniel Hermansson Added login functionality	48	*/
	49	public function login($username, $password)
	50	{
	51	//Generate a salted hash
	52	$hash = $this->getSaltedHash($password);
	53
	54	//Query-structure
	55	$this->db->select('userName, name, passwd, userType, ssn');
	56	$this->db->from('Users');
	57	$this->db->where('userName', $username);
	58	$this->db->where('passwd', $hash);
	59	$this->db->limit(1);
	60
	61	//Execute query
	62	$query = $this->db->get();
	63	$result = $query->result();
	64
	65	//If a matching DB record is found.
	66	if($result) {
	67	//Prepare session data
	68	$userDetails = array();
	69	foreach($result as $row) {
	70	$userDetails = array(
	71	'username' => $row->userName,
	72	'name' => $row->name,
	73	'usertype' => $row->userType,
	74	'ssn' => $row->ssn
	75	);
	76	}
	77
	78	//Set session data
	79	$this->session->set_userdata('authenticated', $userDetails);
	80
	81	//Return success
	82	return TRUE;
52.1.1 by b11johgu Added controllers for examplepage, templatelayout.	83	}
	84
	85	//Return fail
	86	return FALSE;
36.3.1 by Daniel Hermansson Added login functionality	87	}
	88
	89
	90	/*
	91	* This function logs the user out.
53.2.2 by Daniel Hermansson Activated hash salting, and cleaned up some code.	92	* RESTRICTED-LEVEL: Self
36.3.1 by Daniel Hermansson Added login functionality	93	*/
	94	public function logout() {
	95	//Unset session data
	96	$this->session->unset_userdata('authenticated');
	97	}
	98
	99
	100	/*
52.1.1 by b11johgu Added controllers for examplepage, templatelayout.	101	* This function changes the users password.
53.2.2 by Daniel Hermansson Activated hash salting, and cleaned up some code.	102	* RESTRICTED-LEVEL: Self
52.1.1 by b11johgu Added controllers for examplepage, templatelayout.	103	*/
	104	public function changePassword($pwdOld, $pwdNew, $pwdHint) {
	105	//Check that a user is logged in.
	106	if($this->isLoggedIn()) {
	107	$user = $this->getUserName();
	108	$oldHash = $this->getSaltedHash($pwdOld);
	109	$newHash = $this->getSaltedHash($pwdNew);
	110
53.2.2 by Daniel Hermansson Activated hash salting, and cleaned up some code.	111	//Validate input with database
52.1.1 by b11johgu Added controllers for examplepage, templatelayout.	112	$this->db->select('userName');
	113	$this->db->from('Users');
	114	$this->db->where('userName', $user);
	115	$this->db->where('passwd', $oldHash);
	116	$this->db->limit(1);
	117	$query = $this->db->get();
	118	$result = $query->result();
	119
53.2.2 by Daniel Hermansson Activated hash salting, and cleaned up some code.	120	//If a matching DB record is found, update database.
52.1.1 by b11johgu Added controllers for examplepage, templatelayout.	121	if($result) {
	122	$data = array(
	123	'passwd' => $newHash,
	124	'passwdHint' => $pwdHint
	125	);
	126
	127	$this->db->where('userName', $user);
	128	$this->db->update('Users', $data);
	129
	130	//Return Success!
	131	return TRUE;
	132	}
	133	}
	134
	135	//Return error
	136	return FALSE;
	137	}
	138
53.2.2 by Daniel Hermansson Activated hash salting, and cleaned up some code.	139
	140	/*
	141	* This function registers user into the database.
	142	* RESTRICTED-LEVEL: Teacher
	143	*/
	144	public function addUser($userName, $name, $ssn, $password, $userType, $pwdHint) {
	145	//Check that a user is logged in and has the right privileges (is teacher)
	146	if($this->isLoggedIn() && $this->getUserType() === 'Teacher') {
	147	//Generate a salted hash
	148	$hash = $this->getSaltedHash($password);
	149
	150	//Query-structure (All values are escaped automatically by codeigninte, producing safer queries.)
	151	$this->db->set('userName', $userName);
	152	$this->db->set('name', $name);
	153	$this->db->set('ssn', $ssn);
	154	$this->db->set('passwd', $password);
	155	$this->db->set('userType', $userType);
	156	$this->db->set('passwdHint', $pwdHint);
	157	$result = $this->db->insert('Users');
	158
	159	//Check for my-sql error
	160	if($result) {
	161	//Return success
	162	return TRUE;
	163	}
	164	}
	165
	166	//Return error
	167	return FALSE;
	168	}
	169
52.1.1 by b11johgu Added controllers for examplepage, templatelayout.	170
	171	/*
	172	* This function removes users from the database.
53.2.2 by Daniel Hermansson Activated hash salting, and cleaned up some code.	173	* RESTRICTED-LEVEL: Teacher
52.1.1 by b11johgu Added controllers for examplepage, templatelayout.	174	*/
	175	public function removeUser($userName) {
	176	//Check that a user is logged in, has the right privileges (is teacher) and not is the users own username.
	177	if($this->isLoggedIn() && $this->getUserType() === 'Teacher' && $this->getUserName() != $userName) {
	178	//Query-structure
	179	$this->db->where('userName', $userName);
	180	$result = $this->db->delete('Users');
	181
	182	//Check for my-sql error
	183	if($result) {
	184	//Return success
	185	return TRUE;
	186	}
	187	}
	188
	189	//Return error
	190	return FALSE;
	191	}
	192
	193
	194	/*
53.2.2 by Daniel Hermansson Activated hash salting, and cleaned up some code.	195	* Generates a salted password hash, encrypted with sha1.
52.1.1 by b11johgu Added controllers for examplepage, templatelayout.	196	*/
53.2.2 by Daniel Hermansson Activated hash salting, and cleaned up some code.	197	private function getSaltedHash($pwd) {
	198	//Salt = CodeIgniters encryption-key from config
	199	$salt = $this->config->item('encryption_key');
36.3.1 by Daniel Hermansson Added login functionality	200
	201	//Generate SHA1 hash using salt
	202	$hash = sha1($salt.$pwd);
	203
	204	return $hash;
	205	}
53.2.2 by Daniel Hermansson Activated hash salting, and cleaned up some code.	206
	207
	208	/*
	209	* This function return TRUE if the user is logged in and FALSE otherwise.
	210	* RESTRICTED-LEVEL: System
	211	*/
	212	public function isLoggedIn() {
	213	if ($this->session->userdata('authenticated')) {
	214	return TRUE;
	215	}
	216
	217	return FALSE;
	218	}
	219
	220
	221	/*
	222	* This function returns the users type (or FALSE if user isn't logged in).
	223	* RESTRICTED-LEVEL: System
	224	*/
	225	public function getUserType() {
	226	if($this->isLoggedIn()) {
	227	$temp = $this->session->userdata('authenticated');
	228	return $temp['usertype'];
	229	}
	230
	231	return FALSE;
	232	}
	233
	234
	235	/*
	236	* This function returns the username (or FALSE if user isn't logged in).
	237	* RESTRICTED-LEVEL: System
	238	*/
	239	public function getUserName() {
	240	if($this->isLoggedIn()) {
	241	$temp = $this->session->userdata('authenticated');
	242	return $temp['username'];
	243	}
	244
	245	return FALSE;
	246	}
36.3.1 by Daniel Hermansson Added login functionality	247	}
36.3.1 by Daniel Hermansson Added login functionality	248	?>