40
70
'username' => $row->userName,
41
71
'name' => $row->name,
42
72
'usertype' => $row->userType,
74
'activeCourse' => $row->activeCourse,
75
// 'firstLogin' => $row->firstLogin
48
80
$this->session->set_userdata('authenticated', $userDetails);
82
//Log attempt as valid
83
$this->logLogin($username, 1);
89
//Log attempt as invalid
90
$this->logLogin($username, 0);
60
98
* This function logs the user out.
62
public function logout() {
99
* RESTRICTED-LEVEL: Self
101
public function logout() {
63
102
//Unset session data
64
103
$this->session->unset_userdata('authenticated');
69
* This function return TRUE if the user is logged in and FALSE otherwise.
71
public function isLoggedIn() {
72
if ($this->session->userdata('authenticated')) {
80
//Generates a password hash using a user-unique salt.
81
private function getSaltedHash($pwd)
84
* Step 1: Get encryption key
85
* Step 2: Salt is set to password (reversed)
86
* Step 3: Salt is encrypted with MD5
87
* Step 4: Salt is reversed (again)
88
* Step 5: Salt is encrypted with SHA1
93
//UNCOMMENT TO ACTIVATE SALT LATER IN DEVELOPMENT!!!
94
//$salt = sha1(strrev(md5(strrev($this->config->item('encryption_key')))));
108
* This function changes the users password.
109
* RESTRICTED-LEVEL: Self
111
public function changePassword($pwdOld, $pwdNew, $pwdHint) {
112
//Check that a user is logged in.
113
if($this->isLoggedIn()) {
114
$user = $this->getUserName();
115
$oldHash = $this->getSaltedHash($pwdOld);
116
$newHash = $this->getSaltedHash($pwdNew);
118
//Validate input with database
119
$this->db->select('userName');
120
$this->db->from('Users');
121
$this->db->where('userName', $user);
122
$this->db->where('passwd', $oldHash);
124
$query = $this->db->get();
125
$result = $query->result();
127
//If a matching DB record is found, update database.
130
'passwd' => $newHash,
131
'passwdHint' => $pwdHint
134
$this->db->where('userName', $user);
135
$this->db->update('Users', $data);
148
* This function registers user into the database.
149
* RESTRICTED-LEVEL: Teacher
151
public function addUser($userName, $name, $ssn, $password, $userType, $pwdHint, $email) {
152
//Check that a user is logged in and has the right privileges (is teacher)
153
if($this->isLoggedIn() && $this->getUserType() === 'Teacher') {
154
//Generate a salted hash
155
$hash = $this->getSaltedHash($password);
157
//Query-structure (All values are escaped automatically by codeigninte, producing safer queries.)
158
$this->db->set('userName', $userName);
159
$this->db->set('name', $name);
160
$this->db->set('ssn', $ssn);
161
$this->db->set('passwd', $hash);
162
$this->db->set('userType', $userType);
163
$this->db->set('passwdHint', $pwdHint);
164
$this->db->set('email', $email);
165
$result = $this->db->insert('Users');
167
//Check for my-sql error
179
* Updates the details of a user. Takes a username and an associative array of data with the details to be changed
181
public function updateUser($username, $data) {
182
$this->db->where("username", $username);
183
$this->db->update("Users", $data);
188
* This function removes users from the database.
189
* RESTRICTED-LEVEL: Teacher
191
public function removeUser($userName) {
192
//Check that a user is logged in, has the right privileges (is teacher) and not is the users own username.
193
if($this->isLoggedIn() && $this->getUserType() === 'Teacher' && $this->getUserName() != $userName) {
195
$this->db->where('userName', $userName);
196
$result = $this->db->delete('Users');
198
//Check for my-sql error
211
* This reset the password for the user.
212
* RESTRICTED-LEVEL: Teacher
214
public function resetUser($userName) {
215
//Check that a user is logged in, has the right privileges (is teacher) and not is the users own username.
216
if($this->isLoggedIn() && $this->getUserType() === 'Teacher' && $this->getUserName() != $userName) {
218
$this->db->select('userName, userType, ssn, email');
219
$this->db->from('Users');
220
$this->db->where('userName', $username);
222
$query = $this->db->get();
223
$result = $query->result();
225
//If a matching DB record is found.
227
//Prepare new hash depending on user-type
230
if ($row->userType == 'Student') {
231
$newPwdHash = $this->getSaltedHash($row->ssn);
233
else if ($row->userType == 'Teacher') {
234
//$newPwdHash = $this->getSaltedHash($row->email);
235
$newPwdHash = $this->getSaltedHash($row->email);
240
'passwd' => $newPwdHash,
241
'passwdHint' => 'default',
245
$this->db->where('userName', $userName);
246
$this->db->update('Users', $data);
259
* This parses a user list from ladok and returns an array with users.
260
* RESTRICTED-LEVEL: Teacher
262
public function parseLadok($string) {
263
//Check that a user is logged in and has the right privileges (is teacher).
264
if($this->isLoggedIn() && $this->getUserType() === 'Teacher') {
265
$userArray = array();
267
//Populate array with users from ladok
268
$ladokUsers = preg_split( '/\r\n|\r|\n/', $string);
271
foreach ($ladokUsers as $key => $value) {
272
$ladokUsers[$key] = trim($ladokUsers[$key]);
275
//Split after last name
276
foreach ($ladokUsers as $key => $value) {
277
$ladokUsers[$key] = explode(',', trim($ladokUsers[$key]));
280
//Replace whitespaces and tabs with divider.
281
foreach ($ladokUsers as $key => $value) {
282
foreach ($ladokUsers[$key] as $key2 => $value2) {
283
$ladokUsers[$key][$key2] = preg_replace('/\s+/', ' ', trim($ladokUsers[$key][$key2]));
287
//Generate user array
288
foreach ($ladokUsers as $key => $value) {
290
'ssn' => substr($ladokUsers[$key][0], 0, 11),
291
'lastname' => substr($ladokUsers[$key][0], 12, strlen($ladokUsers[$key][0])),
292
'firstname' => substr($ladokUsers[$key][1], 0, stripos($ladokUsers[$key][1], ' ')),
293
'email' => substr($ladokUsers[$key][1], (strrpos($ladokUsers[$key][1], ' ') + 1))
295
$temp['username'] = substr($temp['email'], 0, (stripos($temp['email'], '@')));
296
array_push($userArray, $temp);
299
//Return parsed user array
309
* Generates a salted password hash, encrypted with sha1.
310
* RESTRICTED-LEVEL: System
312
private function getSaltedHash($pwd) {
313
//Salt = CodeIgniters encryption-key from config
314
$salt = $this->config->item('encryption_key');
96
316
//Generate SHA1 hash using salt
97
317
$hash = sha1($salt.$pwd);
324
* Log the login attempt.
325
* RESTRICTED-LEVEL: System
327
private function logLogin($userName, $valid) {
329
'userName' => $userName,
330
'userAgent' => $this->session->userdata('user_agent'),
331
'userIP' => $this->session->userdata('ip_address'),
332
'browserID' => $this->session->userdata('session_id'),
336
$this->db->insert('logUserLoginAttempts', $data);
341
* This function return TRUE if the user is logged in and FALSE otherwise.
342
* RESTRICTED-LEVEL: System
344
public function isLoggedIn() {
345
if ($this->session->userdata('authenticated')) {
355
* This function returns the users type (or FALSE if user isn't logged in).
356
* RESTRICTED-LEVEL: System
358
public function getUserType() {
359
if($this->isLoggedIn()) {
360
$temp = $this->session->userdata('authenticated');
361
return $temp['usertype'];
369
* This function returns a boolean containing information if it is the first login.
370
* RESTRICTED-LEVEL: System
372
public function isFirstLogin() {
373
if($this->isLoggedIn()) {
374
$temp = $this->session->userdata('authenticated');
375
if ($temp['firstLogin'] == 1) {
385
* This function returns the username (or FALSE if user isn't logged in).
386
* RESTRICTED-LEVEL: System
388
public function getUserName() {
389
if($this->isLoggedIn()) {
390
$temp = $this->session->userdata('authenticated');
391
return $temp['username'];
398
* This function returns the name (or FALSE if user isn't logged in).
399
* RESTRICTED-LEVEL: System
401
public function getName() {
402
if($this->isLoggedIn()) {
403
$temp = $this->session->userdata('authenticated');
404
return $temp['name'];
411
* This function returns the SSN (or FALSE if user isn't logged in).
412
* RESTRICTED-LEVEL: System
414
public function getSSN() {
415
if($this->isLoggedIn()) {
416
$temp = $this->session->userdata('authenticated');
425
* This function fetches the active course info
427
public function getActiveCourse(){
429
if($this->isLoggedIn()) {
430
$temp = $this->session->userdata('authenticated');
431
$courseID = $temp['activeCourse'];
435
$this->db->select('name');
436
$this->db->from('Courses');
437
$this->db->where('courseID', $courseID);
440
$query = $this->db->get();
441
$result = $query->result();
443
foreach($result as $row) {
444
$courseName = $row->name;
448
'courseID' => $courseID,
449
'courseName' => $courseName
b'\\ No newline at end of file'
added
removed
codeigniter/application/models/user.php
