projects / platal.git / blob
? search:


53c4f3c059678413f894eaaa472ae861ab289c49
[platal.git] / classes / user.php
1 <?php
2 /***************************************************************************
3 * Copyright (C) 2003-2008 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
18 * Foundation, Inc., *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
21
22 class User extends PlUser
23 {
24 private $_profile_fetched = false;
25 private $_profile = null;
26
27 // Implementation of the login to uid method.
28 protected function getLogin($login)
29 {
30 global $globals;
31
32 if ($login instanceof Profile) {
33 $this->_profile = $login;
34 $this->_profile_fetched = true;
35 $res = XDB::query('SELECT ap.uid
36 FROM account_profiles AS ap
37 WHERE ap.pid = {?} AND FIND_IN_SET(\'owner\', perms)',
38 $login->id());
39 if ($res->numRows()) {
40 return $res->fetchOneCell();
41 }
42 throw new UserNotFoundException();
43 }
44
45 // If $data is an integer, fetches directly the result.
46 if (is_numeric($login)) {
47 $res = XDB::query('SELECT a.uid
48 FROM accounts AS a
49 WHERE a.uid = {?}', $login);
50 if ($res->numRows()) {
51 return $res->fetchOneCell();
52 }
53
54 throw new UserNotFoundException();
55 }
56
57 // Checks whether $login is a valid hruid or not.
58 $res = XDB::query('SELECT a.uid
59 FROM accounts AS a
60 WHERE a.hruid = {?}', $login);
61 if ($res->numRows()) {
62 return $res->fetchOneCell();
63 }
64
65 // From now, $login can only by an email alias, or an email redirection.
66 // If it doesn't look like a valid address, appends the plat/al's main domain.
67 $login = trim(strtolower($login));
68 if (strstr($login, '@') === false) {
69 $login = $login . '@' . $globals->mail->domain;
70 }
71
72 // Checks if $login is a valid alias on the main domains.
73 list($mbox, $fqdn) = explode('@', $login);
74 if ($fqdn == $globals->mail->domain || $fqdn == $globals->mail->domain2) {
75 $res = XDB::query('SELECT a.uid
76 FROM accounts AS a
77 INNER JOIN aliases AS al ON (al.id = a.uid AND al.type IN (\'alias\', \'a_vie\'))
78 WHERE al.alias = {?}', $mbox);
79 if ($res->numRows()) {
80 return $res->fetchOneCell();
81 }
82
83 /** TODO: implements this by inspecting the profile.
84 if (preg_match('/^(.*)\.([0-9]{4})$/u', $mbox, $matches)) {
85 $res = XDB::query('SELECT a.uid
86 FROM accounts AS a
87 INNER JOIN aliases AS al ON (al.id = a.uid AND al.type IN ('alias', 'a_vie'))
88 WHERE al.alias = {?} AND a.promo = {?}', $matches[1], $matches[2]);
89 if ($res->numRows() == 1) {
90 return $res->fetchOneCell();
91 }
92 }*/
93
94 throw new UserNotFoundException();
95 }
96
97 // Looks for $login as an email alias from the dedicated alias domain.
98 if ($fqdn == $globals->mail->alias_dom || $fqdn == $globals->mail->alias_dom2) {
99 $res = XDB::query("SELECT redirect
100 FROM virtual_redirect
101 INNER JOIN virtual USING(vid)
102 WHERE alias = {?}", $mbox . '@' . $globals->mail->alias_dom);
103 if ($redir = $res->fetchOneCell()) {
104 // We now have a valid alias, which has to be translated to an hruid.
105 list($alias, $alias_fqdn) = explode('@', $redir);
106 $res = XDB::query("SELECT a.uid
107 FROM accounts AS a
108 LEFT JOIN aliases AS al ON (al.id = a.uid AND al.type IN ('alias', 'a_vie'))
109 WHERE al.alias = {?}", $alias);
110 if ($res->numRows()) {
111 return $res->fetchOneCell();
112 }
113 }
114
115 throw new UserNotFoundException();
116 }
117
118 // Looks for an account with the given email.
119 $res = XDB::query('SELECT a.uid
120 FROM accounts AS a
121 WHERE a.email = {?}', $login);
122 if ($res->numRows() == 1) {
123 return $res->fetchOneCell();
124 }
125
126 // Otherwise, we do suppose $login is an email redirection.
127 $res = XDB::query("SELECT a.uid
128 FROM accounts AS a
129 LEFT JOIN emails AS e ON (e.uid = a.uid)
130 WHERE e.email = {?}", $login);
131 if ($res->numRows() == 1) {
132 return $res->fetchOneCell();
133 }
134
135 throw new UserNotFoundException($res->fetchColumn(1));
136 }
137
138 protected static function loadMainFieldsFromUIDs(array $uids, $sorted = null)
139 {
140 foreach ($uids as $key=>$uid) {
141 $uids[$key] = XDB::format('{?}', $uid);
142 }
143 $joins = '';
144 $orderby = '';
145 if (!is_null($sorted)) {
146 $order = array();
147 $with_ap = false;
148 $with_pd = false;
149 foreach (explode(',', $sorted) as $part) {
150 $desc = ($part[0] == '-');
151 if ($desc) {
152 $part = substr($desc, 1);
153 }
154 switch ($part) {
155 case 'promo':
156 $with_pd = true;
157 $with_ap = true;
158 $part = 'IF (pd.promo IS NULL, \'ext\', pd.promo)';
159 break;
160 case 'full_name':
161 $part = 'a.full_name';
162 break;
163 case 'display_name':
164 $part = 'a.display_name';
165 break;
166 default:
167 $part = null;
168 }
169 if (!is_null($part)) {
170 if ($desc) {
171 $part .= ' DESC';
172 }
173 $order[] = $part;
174 }
175 }
176 if (count($order) > 0) {
177 if ($with_ap) {
178 $joins .= "LEFT JOIN account_profiles AS ap ON (ap.uid = a.uid AND FIND_IN_SET('owner', ap.perms))\n";
179 }
180 if ($with_pd) {
181 $joins .= "LEFT JOIN profile_display AS pd ON (pd.pid = ap.pid)\n";
182 }
183 $orderby = 'ORDER BY ' . implode(', ', $order);
184 }
185 }
186 global $globals;
187 return XDB::iterator('SELECT a.uid, a.hruid, a.registration_date,
188 CONCAT(af.alias, \'@' . $globals->mail->domain . '\') AS forlife,
189 CONCAT(ab.alias, \'@' . $globals->mail->domain . '\') AS bestalias,
190 a.full_name, a.display_name, a.sex = \'female\' AS gender,
191 IF(a.state = \'active\', at.perms, \'\') AS perms,
192 a.email_format, a.is_admin, a.state, a.type, a.skin,
193 FIND_IN_SET(\'watch\', a.flags) AS watch, a.comment,
194 a.weak_password IS NOT NULL AS weak_access,
195 a.token IS NOT NULL AS token_access
196 FROM accounts AS a
197 INNER JOIN account_types AS at ON (at.type = a.type)
198 LEFT JOIN aliases AS af ON (af.id = a.uid AND af.type = \'a_vie\')
199 LEFT JOIN aliases AS ab ON (ab.id = a.uid AND FIND_IN_SET(\'bestalias\', ab.flags))
200 ' . $joins . '
201 WHERE a.uid IN (' . implode(', ', $uids) . ')
202 ' . $orderby);
203 }
204
205 // Implementation of the data loader.
206 protected function loadMainFields()
207 {
208 if ($this->hruid !== null && $this->forlife !== null
209 && $this->bestalias !== null && $this->display_name !== null
210 && $this->full_name !== null && $this->perms !== null
211 && $this->gender !== null && $this->email_format !== null) {
212 return;
213 }
214 $this->fillFromArray(self::loadMainFieldsFromUIDs(array($this->user_id))->next());
215 }
216
217 // Specialization of the fillFromArray method, to implement hacks to enable
218 // lazy loading of user's main properties from the session.
219 // TODO(vzanotti): remove the conversion hacks once the old codebase will
220 // stop being used actively.
221 protected function fillFromArray(array $values)
222 {
223 // It might happen that the 'user_id' field is called uid in some places
224 // (eg. in sessions), so we hard link uid to user_id to prevent useless
225 // SQL requests.
226 if (!isset($values['user_id']) && isset($values['uid'])) {
227 $values['user_id'] = $values['uid'];
228 }
229
230 // Also, if display_name and full_name are not known, but the user's
231 // surname and last name are, we can construct the former two.
232 if (isset($values['prenom']) && isset($values['nom'])) {
233 if (!isset($values['display_name'])) {
234 $values['display_name'] = ($values['prenom'] ? $values['prenom'] : $values['nom']);
235 }
236 if (!isset($values['full_name'])) {
237 $values['full_name'] = $values['prenom'] . ' ' . $values['nom'];
238 }
239 }
240
241 // We also need to convert the gender (usually named "femme"), and the
242 // email format parameter (valued "texte" instead of "text").
243 if (isset($values['femme'])) {
244 $values['gender'] = (bool) $values['femme'];
245 }
246 if (isset($values['mail_fmt'])) {
247 $values['email_format'] = $values['mail_fmt'];
248 }
249
250 parent::fillFromArray($values);
251 }
252
253 // Specialization of the buildPerms method
254 // This function build 'generic' permissions for the user. It does not take
255 // into account page specific permissions (e.g X.net group permissions)
256 protected function buildPerms()
257 {
258 if (!is_null($this->perm_flags)) {
259 return;
260 }
261 if ($this->perms === null) {
262 $this->loadMainFields();
263 }
264 $this->perm_flags = self::makePerms($this->perms, $this->is_admin);
265 }
266
267 // We do not want to store the password in the object.
268 // So, fetch it 'on demand'
269 public function password()
270 {
271 return XDB::fetchOneCell('SELECT a.password
272 FROM accounts AS a
273 WHERE a.uid = {?}', $this->id());
274 }
275
276 /** Overload PlUser::promo(): there no promo defined for a user in the current
277 * schema. The promo is a field from the profile.
278 */
279 public function promo()
280 {
281 if (!$this->hasProfile()) {
282 return '';
283 }
284 return $this->profile()->promo();
285 }
286
287 /** Return the main profile attached with this account if any.
288 */
289 public function profile()
290 {
291 if (!$this->_profile_fetched) {
292 $this->_profile_fetched = true;
293 $this->_profile = Profile::get($this);
294 }
295 return $this->_profile;
296 }
297
298 /** Return true if the user has an associated profile.
299 */
300 public function hasProfile()
301 {
302 return !is_null($this->profile());
303 }
304
305 /** Check if the user can edit to given profile.
306 */
307 public function canEdit(Profile $profile)
308 {
309 // XXX: Check permissions (e.g. secretary permission)
310 // and flags from the profile
311 return XDB::fetchOneCell('SELECT pid
312 FROM account_profiles
313 WHERE uid = {?} AND pid = {?}',
314 $this->id(), $profile->id());
315 }
316
317 /** Get the email alias of the user.
318 */
319 public function emailAlias()
320 {
321 global $globals;
322 $data = $this->emailAliases($globals->mail->alias_dom);
323 if (count($data) > 0) {
324 return array_pop($data);
325 }
326 return null;
327 }
328
329 /** Get all the aliases the user belongs to.
330 */
331 public function emailAliases($domain = null)
332 {
333 $where = '';
334 if (!is_null($domain)) {
335 $where = XDB::format(' AND alias LIKE CONCAT("%@", {?})', $domain);
336 }
337 return XDB::fetchColumn('SELECT v.alias
338 FROM virtual AS v
339 INNER JOIN virtual_redirect AS vr ON (v.vid = vr.vid)
340 WHERE (vr.redirect = {?} OR vr.redirect = {?})
341 ' . $where,
342 $this->forlifeEmail(), $this->m4xForlifeEmail());
343 }
344
345 /** Get the alternative forlife email
346 * TODO: remove this uber-ugly hack. The issue is that you need to remove
347 * all @m4x.org addresses in virtual_redirect first.
348 * XXX: This is juste to make code more readable, to be remove as soon as possible
349 */
350 public function m4xForlifeEmail()
351 {
352 global $globals;
353 trigger_error('USING M4X FORLIFE', E_USER_NOTICE);
354 return $this->login() . '@' . $globals->mail->domain2;
355 }
356
357 // Return permission flags for a given permission level.
358 public static function makePerms($perms, $is_admin)
359 {
360 $flags = new PlFlagSet($perms);
361 $flags->addFlag(PERMS_USER);
362 if ($is_admin) {
363 $flags->addFlag(PERMS_ADMIN);
364 }
365 return $flags;
366 }
367
368 // Implementation of the default user callback.
369 public static function _default_user_callback($login, $results)
370 {
371 $result_count = count($results);
372 if ($result_count == 0 || !S::has_perms()) {
373 Platal::page()->trigError("Il n'y a pas d'utilisateur avec l'identifiant : $login");
374 } else {
375 Platal::page()->trigError("Il y a $result_count utilisateurs avec cet identifiant : " . join(', ', $results));
376 }
377 }
378
379 // Implementation of the static email locality checker.
380 public static function isForeignEmailAddress($email)
381 {
382 global $globals;
383 if (strpos($email, '@') === false) {
384 return false;
385 }
386
387 list($user, $dom) = explode('@', $email);
388 return $dom != $globals->mail->domain &&
389 $dom != $globals->mail->domain2 &&
390 $dom != $globals->mail->alias_dom &&
391 $dom != $globals->mail->alias_dom2;
392 }
393
394 // Fetch a set of users from a list of UIDs
395 public static function getBuildUsersWithUIDs(array $uids, $sortby = null)
396 {
397 $fields = self::loadMainFieldsFromUIDs($uids, $sortby);
398 $users = array();
399 while (($list = $fields->next())) {
400 $users[] = User::getSilentWithValues(null, $list);
401 }
402 return $users;
403 }
404 }
405
406 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
407 ?>
plat/al