Skip to content
Snippets Groups Projects
Commit 7c013159 authored by Giovannoni Laurent's avatar Giovannoni Laurent
Browse files

FEAT #2681

parent 1848ad96
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 220 additions and 329 deletions
core/trunk/core/class/ActionControler.php
+ 3
1
View file @ 7c013159
......@@ -248,7 +248,7 @@ class ActionControler
$prep_query = self::update_prepare($action);
$query="update ".self::$actions_table." set "
. $prep_query['QUERY']
." where id=?";
. " where id=?";
$prep_query['VALUES'][] = $action->id;
......@@ -336,6 +336,7 @@ class ActionControler
private function update_prepare($action)
{
$result=array();
$arrayValues=array();
foreach($action->getArray() as $key => $value)
{
if(!empty($value))
......@@ -361,6 +362,7 @@ class ActionControler
{
$columns=array();
$values=array();
$arrayValues=array();
foreach($action->getArray() as $key => $value)
{
//For now all fields in the actions table are strings or dates
......
core/trunk/core/class/ObjectControlerAbstract.php
+ 108
167
View file @ 7c013159
......@@ -15,7 +15,6 @@ abstract class ObjectControler
{
static protected $db;
static protected $computed_properties = array();
//"docserver_id","user_id","mr_owner_entity_id"
static protected $foolish_ids = array();
static protected $specific_id ;
......@@ -48,21 +47,19 @@ abstract class ObjectControler
$preparation = self::insert_prepare(
$object, self::$computed_properties
);
$query = "insert into $tableName (" . $preparation['properties']
. ") values(" . $preparation['values'] . ")";
self::$db = new dbquery();
self::$db->connect();
try{
if (_DEBUG) {
echo "insert: " . functions::xssafe($query) . " // ";
}
self::$db->query($query);
self::$db = new Database();
$stmt = self::$db->query($query, $preparation['arrayValues']);
if ($stmt) {
$result = true;
} catch (Exception $e) {
echo 'Impossible to insert object ' . functions::xssafe($object->toString()) . ' // ';
} else {
$result = false;
}
self::$db->disconnect();
}
return $result;
}
......@@ -82,50 +79,46 @@ abstract class ObjectControler
$result = array();
$properties = array();
$values = array();
$arrayValues = array();
foreach ($object->getArray() as $key => $value) {
if( !in_array($key,$computed_properties)) {
if(!in_array($key,$computed_properties)) {
// Adding property
$properties[] = $key;
// Adding property value
if (substr_compare($key, '_id', -3) == 0
|| substr_compare($key, '_number', -7) == 0) {
if (in_array($key, self::$foolish_ids)) {
/*
* UNBELIEVABLE! THERE ARE IDS WHICH ARE NOT LONG INTEGERS!
* A choice needs to be done, and if string is kept, random
* generating must be implemented.
*/
$values[] = "'" . $value . "'";
//$values[] = "'" . $value . "'";
} else {
// Number
if (empty($value)) {
// Default value
$value = 0;
}
$values[] = $value;
}
$arrayValues[] = $value;
$values[] = '?';
} elseif(substr_compare($key, "is_", 0, 3) == 0
|| substr_compare($key, "can_", 0, 4) == 0) {
// Boolean
if ($value === true) {
$values[] = "'Y'";
$boolValue = "Y";
} elseif ($value === false) {
$values[] = "'N'";
$boolValue = "N";
} else {
$values[] = "'" . $value . "'";
$boolValue = $value;
}
$values[] = '?';
$arrayValues[] = $boolValue;
} else {
// Character or date
if ($value == 'CURRENT_TIMESTAMP' || $value == 'SYSDATE') {
$values[] = $value;
} else {
$values[] = "'" . $value . "'";
}
$values[] = '?';
$arrayValues[] = $value;
}
}
}
$result['properties'] = implode(",", $properties);
$result['values'] = implode(",", $values);
$result['arrayValues'] = $arrayValues;
return $result;
}
......@@ -148,28 +141,23 @@ abstract class ObjectControler
$table_id = self::$specific_id;
}
if (in_array($table_id, self::$foolish_ids)) {
$query = "update $tableName set "
. self::update_prepare($object, self::$computed_properties)
. " where $table_id='".$object->$table_id."'";
} else {
$query = "update $tableName set "
. self::update_prepare($object, self::$computed_properties)
. " where $table_id=".$object->$table_id;
}
self::$db=new dbquery();
self::$db->connect();
try{
if (_DEBUG) {
echo "update: " . functions::xssafe($query) . " // ";
}
self::$db->query($query);
$prep_query = self::update_prepare($object, self::$computed_properties);
$prep_query['arrayValues'][] = $object->$table_id;
$query = "update $tableName set "
. $prep_query['query']
. " where $table_id=?";
self::$db = new Database();
$stmt = self::$db->query($query, $prep_query['arrayValues']);
if ($stmt) {
$result = true;
} catch (Exception $e) {
echo 'Impossible to update object ' . functions::xssafe($object->toString()) . ' // ';
} else {
$result = false;
}
self::$db->disconnect();
}
return $result;
}
......@@ -182,6 +170,7 @@ abstract class ObjectControler
private function update_prepare($object, $computed_properties)
{
$result = array();
$arrayValues=array();
foreach ($object->getArray() as $key => $value) {
if (!in_array($key,$computed_properties)) {
if($key == self::$specific_id) {
......@@ -189,33 +178,38 @@ abstract class ObjectControler
} elseif (substr_compare($key, '_id', -3) == 0
|| substr_compare($key, '_number', -7) == 0) {
if (in_array($key, self::$foolish_ids)) {
$result[] = $key . "='" . $value . "'";
//$result[] = $key . "='" . $value . "'";
} else {
// Number
if (empty($value)) {
// Default value
$value = 0;
}
$result[] = $key . "=" . $value;
}
$result[] = $key . "=?";
$arrayValues[]=$value;
} elseif (substr_compare($key, 'is_', 0, 3) == 0
|| substr_compare($key, 'can_', 0, 4) == 0) {
// Boolean
if ($value === true) {
$result[] = $key . "='Y'" ;
$boolValue = "Y";
} elseif ($value === false) {
$result[] = $key . "='N'";
$boolValue = "N";
} else {
$result[] = $key . "='" . $value . "'";
$boolValue = $value;
}
$result[] = $key . "=?";
$arrayValues[] = $boolValue;
} else {
// Character or date
$result[] = $key . "='" . $value . "'";
$result[] = $key . "=?";
$arrayValues[] = $value;
}
}
}
// Return created string minus last ", "
return implode(",", $result);
$theResult['query'] = implode(",", $result);
$theResult['arrayValues'] = $arrayValues;
return $theResult;
}
/**
......@@ -226,7 +220,7 @@ abstract class ObjectControler
* @param string $class_name
* @return unknown_type
*/
protected function advanced_get($id, $table_name, $whereComp='')
protected function advanced_get($id, $table_name)
{
if (strlen($id) == 0) {
return null;
......@@ -234,43 +228,31 @@ abstract class ObjectControler
$object_name = $table_name;
$table_id = $table_name . '_id';
if( isset(self::$specific_id) && !empty(self::$specific_id)) {
if(isset(self::$specific_id) && !empty(self::$specific_id)) {
$table_id = self::$specific_id;
}
self::$db = new dbquery();
self::$db->connect();
if (in_array($table_id, self::$foolish_ids)) {
$select = "select * from $table_name where $table_id='$id' ".$whereComp;
} else {
$select = "select * from $table_name where $table_id=$id" . $whereComp;
}
try {
self::$db->query($select);
if (self::$db->nb_result() == 0) {
return null;
} else {
// Constructing result
$object = new $object_name();
$queryResult = self::$db->fetch_object();
foreach ((array)$queryResult as $key => $value) {
if (_ADVANCED_DEBUG) {
echo "Getting property: " . functions::xssafe($key)
. " with value: " . functions::xssafe($value) . " // ";
}
if ($value == 't') { /* BUG FROM PGSQL DRIVER! */
$value = true; /* */
} elseif ($value == 'f') { /* */
$value = false; /* */
} /**************************/
$object->$key = $value;
}
self::$db = new Database();
$select = "select * from $table_name where $table_id=?";
$stmt = self::$db->query($select, array($id));
if ($stmt->rowCount() == 0) {
return null;
} else {
// Constructing result
$object = new $object_name();
$queryResult = $stmt->fetchObject();
foreach ((array)$queryResult as $key => $value) {
if ($value == 't') { /* BUG FROM PGSQL DRIVER! */
$value = true; /* */
} elseif ($value == 'f') { /* */
$value = false; /* */
} /**************************/
$object->$key = $value;
}
} catch (Exception $e) {
echo "Impossible to get object " . functions::xssafe($id) . " // ";
}
self::$db->disconnect();
return $object;
}
......@@ -282,7 +264,7 @@ abstract class ObjectControler
* @param string $class_name
* @return unknown_type
*/
protected function advanced_getWithPDO($id, $table_name, $whereComp='', $params=array())
protected function advanced_getWithComp($id, $table_name, $whereComp='', $params=array())
{
if (strlen($id) == 0) {
return null;
......@@ -295,7 +277,6 @@ abstract class ObjectControler
$table_id = self::$specific_id;
}
require_once 'core/class/class_db_pdo.php';
$database = new Database();
$theQuery = "SELECT * FROM $table_name WHERE $table_id = :id " . $whereComp;
$queryParams = array(':id' => $id);
......@@ -317,9 +298,6 @@ abstract class ObjectControler
for ($cpt=0;$cpt<count($rows);$cpt++) {
foreach ($rows[$cpt] as $key => $value) {
if (_ADVANCED_DEBUG) {
echo "Getting property: $key with value: " . functions::xssafe($value) . " // ";
}
if ($value == 't') { /* BUG FROM PGSQL DRIVER! */
$value = true; /* */
} elseif ($value == 'f') { /* */
......@@ -351,30 +329,18 @@ abstract class ObjectControler
if (isset(self::$specific_id) && !empty(self::$specific_id)) {
$table_id = self::$specific_id;
}
self::$db = new dbquery();
self::$db->connect();
if (isset(self::$foolish_ids)
&& in_array($table_id, self::$foolish_ids)) {
$query = "delete from $table_name where $table_id='"
. $object->$table_id . "'";
} else {
$query = "delete from $table_name where $table_id="
. $object->$table_id;
}
try{
if (_DEBUG) {
echo "delete: " . functions::xssafe($query) . " // ";
}
self::$db->query($query);
self::$db = new Database();
$query = "delete from $table_name where $table_id=?";
$stmt = self::$db->query($query, array($object->$table_id));
if ($stmt) {
$result = true;
} catch (Exception $e) {
echo 'Impossible to delete object with id=' . functions::xssafe($object->$table_id)
. ' // ';
} else {
$result = false;
}
self::$db->disconnect();
return $result;
}
......@@ -396,26 +362,18 @@ abstract class ObjectControler
if (isset(self::$specific_id) && !empty(self::$specific_id)) {
$table_id = self::$specific_id;
}
self::$db = new dbquery();
self::$db->connect();
if (in_array($table_id, self::$foolish_ids) ){
$query = "update $table_name set enabled = 'Y' where $table_id='"
. $object->$table_id . "'";
} else {
$query="update $table_name set enabled = 'Y' where $table_id=".$object->$table_id;
}
try{
if(_DEBUG){
echo "enable: " . functions::xssafe($query) . " // ";
}
self::$db->query($query);
self::$db = new Database();
$query="update $table_name set enabled = 'Y' where $table_id=?";
$stmt = self::$db->query($query, array($object->$table_id));
if ($stmt) {
$result = true;
} catch (Exception $e) {
echo 'Impossible to enable object with id=' . functions::xssafe($object->$table_id)
. ' // ';
} else {
$result = false;
}
self::$db->disconnect();
return $result;
}
......@@ -437,26 +395,18 @@ abstract class ObjectControler
if (isset(self::$specific_id) && !empty(self::$specific_id)) {
$table_id = self::$specific_id;
}
self::$db = new dbquery();
self::$db->connect();
if (in_array($table_id, self::$foolish_ids) ){
$query = "update $table_name set status = 'OK' where lower($table_id)=lower('"
. $object->$table_id . "')";
} else {
$query="update $table_name set status = 'OK' where lower($table_id)=lower(".$object->$table_id.")";
}
try{
if(_DEBUG){
echo "enable: " . functions::xssafe($query) . " // ";
}
self::$db->query($query);
self::$db = new Database();
$query="update $table_name set status = 'OK' where lower(?)=lower(?)";
$stmt = self::$db->query($query, array($table_id,$object->$table_id));
if ($stmt) {
$result = true;
} catch (Exception $e) {
echo 'Impossible to enable object with id=' . functions::xssafe($object->$table_id)
. ' // ';
} else {
$result = false;
}
self::$db->disconnect();
return $result;
}
......@@ -478,27 +428,18 @@ abstract class ObjectControler
if (isset(self::$specific_id) && !empty(self::$specific_id)) {
$table_id = self::$specific_id;
}
self::$db = new dbquery();
self::$db->connect();
if (in_array($table_id, self::$foolish_ids)) {
$query = "update $table_name set enabled = 'N' where $table_id='"
. $object->$table_id . "'";
} else {
$query = "update $table_name set enabled = 'N' where $table_id="
. $object->$table_id;
}
try {
if (_DEBUG) {
echo "disable: " . functions::xssafe($query) . " // ";
}
self::$db->query($query);
self::$db = new Database();
$query = "update $table_name set enabled = 'N' where $table_id=?";
$stmt = self::$db->query($query, array($object->$table_id));
if ($stmt) {
$result = true;
} catch (Exception $e) {
echo 'Impossible to disable object with id=' . functions::xssafe($object->$table_id)
. ' // ';
} else {
$result = false;
}
self::$db->disconnect();
return $result;
}
}
core/trunk/core/class/SecurityControler.php
+ 68
88
View file @ 7c013159
<?php
/*
* Copyright 2008,2009,2010 Maarch
* Copyright 2008-2015 Maarch
*
* This file is part of Maarch Framework.
*
......@@ -70,20 +70,15 @@ class SecurityControler
if (empty($securityId)) {
return null;
}
$db = new dbquery();
$db->connect();
$db = new Database();
$query = "select * from " . SECURITY_TABLE . " where security_id = "
. $securityId;
try {
$db->query($query);
} catch (Exception $e){
echo _NO_ACCESS_WITH_ID . ' ' . functions::xssafe($securityId) . ' // ';
}
$query = "select * from " . SECURITY_TABLE . " where security_id = ?";
if ($db->nb_result() > 0) {
$stmt = $db->query($query, array($securityId));
if ($stmt->rowCount() > 0) {
$access = new SecurityObj();
$queryResult = $db->fetch_object();
$queryResult = $stmt->fetchObject();
foreach ($queryResult as $key => $value) {
$access->$key = $value;
}
......@@ -104,21 +99,15 @@ class SecurityControler
if (empty($groupId)) {
return null;
}
$db = new dbquery();
$db->connect();
// Querying database
$query = "select * from " . SECURITY_TABLE . " where group_id = '"
. $groupId . "'";
try {
$db->query($query);
} catch (Exception $e) {
echo _NO_GROUP_WITH_ID . ' ' . functions::xssafe($groupId) . ' // ';
}
$db = new Database();
$query = "select * from " . SECURITY_TABLE . " where group_id = ?";
$stmt = $db->query($query, array($groupId));
$security = array();
if ($db->nb_result() > 0) {
while ($queryResult = $db->fetch_object()) {
if ($stmt->rowCount() > 0) {
while ($queryResult = $stmt->fetchObject()) {
$access = new SecurityObj();
foreach ($queryResult as $key => $value) {
$access->$key = $value;
......@@ -138,7 +127,7 @@ class SecurityControler
*/
public function save($security, $mode="add")
{
if (! isset($security)) {
if (!isset($security)) {
return false;
}
......@@ -159,22 +148,19 @@ class SecurityControler
*/
private function _insert($security)
{
if (! isset($security)) {
if (!isset($security)) {
return false;
}
$db = new dbquery();
$db->connect();
$db = new Database();
$prepQuery = $this->_insertPrepare($security);
$query = "insert into " . SECURITY_TABLE . " (" . $prepQuery['COLUMNS']
. ") values (" . $prepQuery['VALUES'] . ")";
try {
$db->query($query);
$ok = true;
} catch (Exception $e) {
echo _CANNOT_INSERT_ACCESS . " " . functions::xssafe($security->toString()) . ' // ';
$ok = false;
}
$stmt = $db->query($query, $prepQuery['ARRAY_VALUES']);
$ok = true;
return $ok;
}
......@@ -186,22 +172,21 @@ class SecurityControler
*/
private function _update($security)
{
if (! isset($security)) {
if (!isset($security)) {
return false;
}
$db = new dbquery();
$db->connect();
$db = new Database();
$prep_query = $this->_updatePrepare($security);
$query = "update " . SECURITY_TABLE . " set "
. $this->_updatePrepare($security) . " where security_id="
. $security->security_id;
try {
$db->query($query);
$ok = true;
} catch (Exception $e) {
echo _CANNOT_UPDATE_ACCESS . " " . functions::xssafe($security->toString()) . ' // ';
$ok = false;
}
. $prep_query['QUERY'] . " where security_id=?";
$prep_query['VALUES'][] = $security->security_id;
$stmt = self::$db->query($query, $prep_query['VALUES']);
$ok = true;
return $ok;
}
......@@ -213,20 +198,16 @@ class SecurityControler
*/
public function delete($securityId)
{
if (! isset($securityId) || empty($securityId)) {
if (!isset($securityId) || empty($securityId)) {
return false;
}
$db = new dbquery();
$db->connect();
$query = "delete from " . SECURITY_TABLE . " where security_id="
. $securityId;
try {
$db->query($query);
$ok = true;
} catch (Exception $e) {
echo _CANNOT_DELETE_SECURITY_ID . " " . functions::xssafe($securityId) . ' // ';
$ok = false;
}
$db = new Database();
$query = "delete from " . SECURITY_TABLE . " where security_id=?";
$db->query($query, array($securityId));
$ok = true;
return $ok;
}
......@@ -238,20 +219,16 @@ class SecurityControler
*/
public function deleteForGroup($groupId)
{
if (! isset($groupId) || empty($groupId)) {
if (!isset($groupId) || empty($groupId)) {
return false;
}
$db = new dbquery();
$db->connect();
$query = "delete from " . SECURITY_TABLE . " where group_id='"
. $groupId . "'";
try {
$db->query($query);
$ok = true;
} catch (Exception $e) {
echo _CANNOT_DELETE . ' ' . _GROUP_ID . " " . functions::xssafe($groupId) . ' // ';
$ok = false;
}
$db = new Database();
$query = "delete from " . SECURITY_TABLE . " where group_id=?";
$db->query($query, array($groupId));
$ok = true;
return $ok;
}
......@@ -264,17 +241,21 @@ class SecurityControler
private function _updatePrepare($security)
{
$result = array();
$arrayValues=array();
foreach ($security->getArray() as $key => $value) {
// For now all fields in the usergroups table are strings or date
// excepts the security_id
if (! empty($value)) {
if ($key <> 'security_id') {
$result[] = $key . "='" . $value . "'";
$result[]=$key."=?";
$arrayValues[]=$value;
}
}
}
// Return created string minus last ", "
return implode(",", $result);
return array(
'QUERY' => implode(",",$result),
'VALUES' => $arrayValues,
);
}
/**
......@@ -287,19 +268,22 @@ class SecurityControler
{
$columns = array();
$values = array();
$arrayValues = array();
foreach ($security->getArray() as $key => $value) {
// For now all fields in the security table are strings
// or date excepts the security_id
if (! empty($value)) {
if ($key <> 'security_id') {
$columns[] = $key;
$values[] = "'" . $value . "'";
$values[] = "?";
$arrayValues[]=$value;
}
}
}
return array(
'COLUMNS' => implode(",", $columns),
'VALUES' => implode(",", $values),
'ARRAY_VALUES' => $arrayValues
);
}
......@@ -354,8 +338,7 @@ class SecurityControler
*/
public function process_security_where_clause($whereClause, $userId)
{
if (! empty($whereClause)) {
if (!empty($whereClause)) {
$whereClause = str_replace("&#039;", "'", $whereClause);
$where = ' where ' . $whereClause;
// Process with the core vars
......@@ -413,12 +396,11 @@ class SecurityControler
"@user", "'" . trim($userId) . "'", $whereClause
);
}
$db = new dbquery();
$db->connect();
$query = "select mail from " . USERS_TABLE . " where user_id = '"
. $userId . "'";
$db->query($query);
$userObj = $db->fetch_object();
$db = new Database();
$query = "select mail from " . USERS_TABLE . " where user_id = ?";
$stmt = $db->query($query, array($userId));
$userObj = $stmt->fetchObject();
if (preg_match('/@email/', $whereClause)) {
$whereClause = str_replace(
"@email", "'" . trim($userObj->mail) . "'", $whereClause
......@@ -440,8 +422,6 @@ class SecurityControler
$tab['collections'] = array();
$tab['security'] = array();
$func = new functions();
$db = new dbquery();
$db->connect();
if ($userId == "superadmin") {
for ($i = 0; $i < count($_SESSION['collections']); $i ++) {
......
core/trunk/core/class/ServiceControler.php
+ 5
5
View file @ 7c013159
......@@ -70,8 +70,7 @@ class ServiceControler
*/
public function connect()
{
$db = new dbquery();
$db->connect();
$db = new Database();
self::$usergroups_services_table = USERGROUPS_SERVICES_TABLE;
self::$db=$db;
......@@ -136,13 +135,14 @@ class ServiceControler
}
$ugc = new usergroups_controler();
self::connect();
self::$db->query(
$stmt = self::$db->query(
'select distinct us.service_id from ' . USERGROUPS_SERVICES_TABLE
. ' us, ' . USERGROUP_CONTENT_TABLE
. " uc where us.group_id = uc.group_id and uc.user_id = '". $user_id . "'"
. " uc where us.group_id = uc.group_id and uc.user_id = ?",
array($user_id)
);
while($res = self::$db->fetch_object()) {
while($res = $stmt->fetchObject()) {
$serviceId = $res->service_id;
if (in_array($serviceId, $tmpServices)) {
$services[$serviceId] = true;
......
core/trunk/core/class/StatusControler.php
+ 6
12
View file @ 7c013159
......@@ -373,23 +373,17 @@ class Maarch_Core_Class_StatusControler
return false;
}
self::$db = new dbquery();
self::$db->connect();
self::$db = new Database();
$func = new functions();
$query = 'select id from ' . STATUS_TABLE . " where id = '"
. $func->protect_string_db($status_id) . "'";
$query = 'select id from ' . STATUS_TABLE . " where id = ?";
try{
self::$db->query($query);
} catch (Exception $e){
echo _UNKNOWN . ' ' . _STATUS . ' ' . functions::xssafe($status_id) . ' // ';
}
$stmt = self::$db->query($query, array($status_id));
if (self::$db->nb_result() > 0) {
self::$db->disconnect();
if ($stmt->rowCount() > 0) {
return true;
}
self::$db->disconnect();
return false;
}
......
core/trunk/core/class/class_security.php
+ 26
52
View file @ 7c013159
......@@ -82,13 +82,6 @@ class security extends dbquery
*/
public function login($s_login,$pass, $method = false, $ra_code=false)
{
/*
$inspector = FirePHP::to('page');
$console = $inspector->console();
$console->log(date('H:i:s').' Login start');
*/
$array = array();
$error = '';
$uc = new users_controler();
......@@ -104,59 +97,40 @@ class security extends dbquery
$s_login = str_replace('>', '', $s_login);
$s_login = str_replace('<', '', $s_login);
if ($_SESSION['config']['usePDO'] == 'true') {
require_once 'core/class/class_db_pdo.php';
$database = new Database();
// #TODO : Not usefull anymore, loginmode field is always in users table
//Compatibility test, if loginmode column doesn't exists, Maarch can't crash
if ($this->test_column($_SESSION['tablename']['users'], 'loginmode')) {
// #TODO : do evolution of the loginmethod in sql query
if ($method == 'activex') {
$comp = " and STATUS <> 'DEL' and loginmode = 'activex'";
} else if ($method == 'ldap') {
$comp =" and STATUS <> 'DEL'";
$database = new Database();
// #TODO : Not usefull anymore, loginmode field is always in users table
//Compatibility test, if loginmode column doesn't exists, Maarch can't crash
if ($this->test_column($_SESSION['tablename']['users'], 'loginmode')) {
// #TODO : do evolution of the loginmethod in sql query
if ($method == 'activex') {
$comp = " and STATUS <> 'DEL' and loginmode = 'activex'";
} else if ($method == 'ldap') {
$comp =" and STATUS <> 'DEL'";
} else {
if ($ra_code <> false) {
$comp = " and password = :password and "
. "ra_code = :ra_code and ra_expiration_date >= :ra_expiration_date "
. "and status <> :status "
. "and (loginmode = :loginmode1 or loginmode = :loginmode2)";
$params = array(
'password' => $pass,
'ra_code' => md5($ra_code),
'ra_expiration_date' => date('Y-m-d 00:00:00'),
'status' => 'DEL',
'loginmode1' => 'standard',
'loginmode2' => 'sso',
);
} else {
if ($ra_code <> false) {
$comp = " and password = :password and ra_code = '"
. md5($ra_code) . "' and ra_expiration_date >= '" . date('Y-m-d 00:00:00') . "' and STATUS <> 'DEL' "
. "and (loginmode = 'standard' or loginmode = 'sso')";
}
else {
$comp = " and password = :password and STATUS <> 'DEL' "
. "and (loginmode = 'standard' or loginmode = 'sso')";
}
$params = array('password' => $pass);
}
} else {
$comp = " and password = :password and STATUS <> 'DEL'";
$params = array('password' => $pass);
}
$user = $uc->getWithPDO($s_login, $comp, $params);
} else {
// #TODO : Not usefull anymore, loginmode field is always in users table
//Compatibility test, if loginmode column doesn't exists, Maarch can't crash
if ($this->test_column($_SESSION['tablename']['users'], 'loginmode')) {
// #TODO : do evolution of the loginmethod in sql query
if ($method == 'activex') {
$comp = " and STATUS <> 'DEL' and loginmode = 'activex'";
} else if ($method == 'ldap') {
$comp =" and STATUS <> 'DEL'";
} else {
if ($ra_code <> false) {
$comp = " and password = '" . $pass . "' and ra_code = '"
. md5($ra_code) . "' and ra_expiration_date >= '" . date('Y-m-d 00:00:00') . "' and STATUS <> 'DEL' "
. "and (loginmode = 'standard' or loginmode = 'sso')";
}
else {
$comp = " and password = '" . $pass . "' and STATUS <> 'DEL' "
. "and (loginmode = 'standard' or loginmode = 'sso')";
}
}
} else {
$comp = " and password = '" . $pass . "' and STATUS <> 'DEL'";
}
$user = $uc->get($s_login, $comp);
$comp = " and password = :password and STATUS <> 'DEL'";
$params = array('password' => $pass);
}
$user = $uc->getWithComp($s_login, $comp, $params);
if (isset($user)) {
if ($user->__get('enabled') == 'Y') {
......
core/trunk/core/class/users_controler.php
+ 4
4
View file @ 7c013159
......@@ -64,11 +64,11 @@ class users_controler extends ObjectControler implements ObjectControlerIF
* disabled in the database (false by default)
* @return user object with properties from the database or null
*/
public function get($userId, $compWhere='', $canBeDisabled=false)
public function get($userId)
{
self::set_foolish_ids(array('user_id', 'docserver_location_id'));
self::set_specific_id('user_id');
$user = self::advanced_get($userId, USERS_TABLE, $compWhere);
$user = self::advanced_get($userId, USERS_TABLE);
if (isset($user)
) {
......@@ -86,11 +86,11 @@ class users_controler extends ObjectControler implements ObjectControlerIF
* (must begin with and or or)
* @return user object with properties from the database or null
*/
public function getWithPDO($userId, $compWhere='', $params=array())
public function getWithComp($userId, $compWhere='', $params=array())
{
self::set_foolish_ids(array('user_id', 'docserver_location_id'));
self::set_specific_id('user_id');
$user = self::advanced_getWithPDO($userId, USERS_TABLE, $compWhere, $params);
$user = self::advanced_getWithComp($userId, USERS_TABLE, $compWhere, $params);
if (isset($user)
&& ($user->__get('status') == 'OK'
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment