Example #1
0
 /**
  * Update the user table to include the last date of login and any other
  * specified attributes. Creates new user if neccesary.
  * If any attributes in User are set other than
  * username, those will also be written to db over-riding anything that may
  * have been there.  Returns User filled out with information matching
  * db. 
  *
  * @param User $user
  * @return User $user
  */
 public function touchUser(User $user)
 {
     // array to pass to db updating routines. Make an array out of our
     // properties.
     $update_values = array();
     foreach ($user->properties() as $key => $value) {
         $update_values[":" . $key] = $value;
     }
     // don't use usergroups though.
     unset($update_values[":usergroups"]);
     $update_values[":last_login"] = date("Y-m-d H:i:s");
     $this->beginTransaction();
     $strSQL = "SELECT * FROM xerxes_users WHERE username = :username";
     $arrResults = $this->select($strSQL, array(":username" => $user->username));
     if (count($arrResults) == 1) {
         // user already exists in database, so update the last_login time and
         // use any data specified in our User record to overwrite. Start
         // with what's already there, overwrite with anything provided in
         // the User object.
         $db_values = $arrResults[0];
         foreach ($db_values as $key => $value) {
             if (!(is_null($value) || is_numeric($key))) {
                 $dbKey = ":" . $key;
                 // merge with currently specified values
                 if (!array_key_exists($dbKey, $update_values)) {
                     $update_values[$dbKey] = $value;
                     //And add it to the user object too
                     //$user->$key = $value;
                 }
             }
         }
         $strSQL = "UPDATE xerxes_users " . "SET last_login = :last_login, suspended = :suspended, first_name = :first_name, " . "last_name = :last_name, email_addr = :email_addr " . "WHERE username = :username";
         $status = $this->update($strSQL, $update_values);
     } else {
         // add em otherwise
         $strSQL = "INSERT INTO xerxes_users " . "( username, last_login, suspended, first_name, last_name, email_addr) " . "VALUES (:username, :last_login, :suspended, :first_name, :last_name, :email_addr)";
         $status = $this->insert($strSQL, $update_values);
     }
     // add let's make our group assignments match, unless the group
     // assignments have been marked null which means to keep any existing ones
     // only.
     if (is_null($user->usergroups)) {
         // fetch what's in the db and use that please.
         $fetched = $this->select("SELECT usergroup FROM xerxes_user_usergroups WHERE username = :username", array(":username" => $user->username));
         if (count($fetched)) {
             $user->usergroups = $fetched[0];
         } else {
             $user->usergroups = array();
         }
     } else {
         $status = $this->delete("DELETE FROM xerxes_user_usergroups WHERE username = :username", array(":username" => $user->username));
         foreach ($user->usergroups as $usergroup) {
             $status = $this->insert("INSERT INTO xerxes_user_usergroups (username, usergroup) " . "VALUES (:username, :usergroup)", array(":username" => $user->username, ":usergroup" => $usergroup));
         }
     }
     $this->commit();
     return $user;
 }
Example #2
0
 /**
  * Determines if the database is searchable by user
  * 
  * @return boolean
  */
 public function isSearchableByUser(User $user)
 {
     $allowed = "";
     if ($this->searchable != 1) {
         $allowed = false;
         //nobody can search it!
     } elseif ($this->guest_access != "") {
         $allowed = true;
         //anyone can search it!
     } elseif (count($this->group_restrictions) > 0) {
         // user has to be authenticated, and in a group that is included in the restrictions,
         // or in an ip address associated with a restricted group.
         // @todo: setup user groups in user object
         $allowed = $user->isAuthenticated() && array_intersect($user->getUserGroups(), $this->group_restrictions);
         if (!$allowed) {
             // not by virtue of a login, but now check for ip address
             $ranges = array();
             foreach ($this->group_restrictions as $group) {
                 $ranges[] = $this->config()->getGroupLocalIpRanges($group);
                 // @todo: move this to registry?
             }
             $allowed = $user->isInLocalIpRange();
         }
     } else {
         // ordinary generally restricted resource.  they need to be
         // an authenticated user, or in the local ip range.
         if ($user->isAuthenticated() || $user->isInLocalIpRange()) {
             $allowed = true;
         }
     }
     return $allowed;
 }