Source for file SqlSession.php

Documentation is available at SqlSession.php

  1. <?php
  2. /*
  3. * This file is part of Sylar.
  4. *
  5. * Sylar is free software: you can redistribute it and/or modify
  6. * it under the terms of the GNU Lesser General Public License as published by
  7. * the Free Software Foundation, either version 3 of the License, or
  8. * (at your option) any later version.
  9. *
  10. * Sylar is distributed in the hope that it will be useful,
  11. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. * GNU Lesser General Public License for more details.
  14. *
  15. * You should have received a copy of the GNU Lesser General Public License
  16. * along with Sylar. If not, see <http://www.gnu.org/licenses/>.
  17. *
  18. * @copyright Copyright Sylar Development Team
  19. * @license http://www.gnu.org/licenses/ GNU Public License V2.0
  20. * @see https://launchpad.net/sylar/
  21. * @see http://www.giano-solutions.com
  22. */
  23.  
  24. import('sylar.common.system.ConfigBox');
  25. import('sylar.common.db.mysql.MysqlDriver');
  26. import('sylar.common.system.Logger');
  27. import('sylar.common.security.Session');
  28. import('sylar.common.security.StorageSession');
  29. import('sylar.common.system.ExceptionInSylar');
  30.  
  31. /**
  32. * Sql Class for Session Storage on DB
  33. *
  34. * It manage the sql command needed from Session Objects to storage and access data
  35. *
  36. * @package Sylar
  37. * @version 1.0
  38. * @since 16/feb/08
  39. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  40. * @copyright Sylar Development Team
  41. */
  42. class Sylar_SqlSession implements Sylar_StorageSession{
  43. function __construct(){
  44. # nothing to do
  45. }
  46. function __destruct() {
  47. # nothing to do
  48. }
  49.  
  50. /**
  51. * Query SQL for login procedure
  52. * If Login query is ok it return an hash with all info to Session Class. Return false otherwise.
  53. * Login process can be done with password and other information like email, username and userid.
  54. *
  55. * @since 16/feb/08
  56. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  57. *
  58. * @param string $encryptedPassword
  59. * @param string $username
  60. * @param string $email
  61. * @param int $user_id
  62. * @return array
  63. */
  64. public function login($encryptedPassword, $username=null, $email=null, $user_id=null){
  65. $log = new Sylar_Logger();
  66. $db = new Sylar_MysqlDriver();
  67. $params = 0;
  68. try{
  69. $sql = "select * from SYLAR_users where password = '".$encryptedPassword."' and active=1 and deleted=0 ";
  70. // controls and add param to select
  71. if(!is_null($username)){
  72. $params++;
  73. $sql .= " and username = '".$db->quoteString($username)."' ";
  74. }
  75. // controls and add param to select
  76. if(!is_null($email)){
  77. $params++;
  78. $sql .= " and email = '".$db->quoteString($email)."' ";
  79. }
  80. // controls and add param to select
  81. if(!is_null($user_id) && $user_id>0){
  82. $params++;
  83. settype($user_id, "integer");
  84. $sql .= " and user_id = '".$user_id."' ";
  85. }
  86. if($params <1){
  87. throw new ExceptionInSylar("No data provided for login process.", 10010 );
  88. return false;
  89. }
  90. $db->execSmartQuery($sql);
  91. if($db->resultRows()==1){
  92. // User exists and load base data from db in array
  93. $aAppo = array();
  94. $row=$db->fetchArrayByName();
  95. $log->logEvent("Login running for: ".$username.". [Sylar_SqlSession::Login]","VERBOSE");
  96. return $row;
  97. }else{
  98. if($db->resultRows()>1){
  99. // Sometings is WRONG! more than one user with the same username! Impossible!
  100. throw new ExceptionInSylar("ERROR! More than one user with same username: ".$username." in the Storage! [Sylar_SqlSession::Login]", 10012 );
  101. $log->logEvent("ERROR! More than one user with same username: ".$username." in the Storage! [Sylar_SqlSession::Login]","FATAL");
  102. }
  103. if($db->isConnected()){ $db->disconnect(); }
  104. throw new ExceptionInSylar("User Not found for Login. [Sylar_SqlSession::Login]", 10011 );
  105. return false;
  106. }
  107. }catch (ExceptionInSylar $ex){
  108. // Pass the exceptions to caller method
  109. throw $ex;
  110. return false;
  111. }
  112. }
  113.  
  114. /**
  115. * Query SQL to extract all groups where the user is in
  116. *
  117. * @since 16/feb/08
  118. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  119. *
  120. * @param string $user_id
  121. * @return array
  122. */
  123. public function loadUserGroups($user_id=0){
  124. $log = new Sylar_Logger();
  125. $db = new Sylar_MysqlDriver();
  126. try{
  127. $sql = " SELECT
  128. SYLAR_usergroups.group_id as group_id,
  129. SYLAR_usergroups.name as name
  130. FROM
  131. SYLAR_usergroups,
  132. SYLAR_rel_users_usergroups
  133. WHERE
  134. SYLAR_rel_users_usergroups.group_id = SYLAR_usergroups.group_id and
  135. SYLAR_rel_users_usergroups.user_id = ".$user_id."
  136. ";
  137. $result = $db->execSmartQuery($sql);
  138. $aAppo = array();
  139. while ($row = $db->fetchArrayByName()) {
  140. $aAppo[$row["group_id"]] = $row["name"];
  141. }
  142. if($db->resultRows()<1){
  143. $log->logEvent("User logged but he has no group. [Sylar_SqlSession::Login]","WARNING");
  144. }
  145. return $aAppo;
  146. }catch (ExceptionInSylar $ex){
  147. // Pass the exceptions to caller method
  148. throw $ex;
  149. return false;
  150. }
  151. }
  152. /**
  153. * Query SQL to extract all permission of user
  154. *
  155. * @since 16/feb/08
  156. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  157. *
  158. * @param string $user_id
  159. * @return array
  160. */
  161. public function loadUserPermissions($user_id=0){
  162. $log = new Sylar_Logger();
  163. $db = new Sylar_MysqlDriver();
  164. try{
  165. $sql = " SELECT
  166. SYLAR_permissions.permission_id as permission_id,
  167. SYLAR_permissions.code as code
  168. FROM
  169. SYLAR_permissions,
  170. SYLAR_rel_usergroup_permission,
  171. SYLAR_usergroups,
  172. SYLAR_rel_users_usergroups
  173. WHERE
  174. SYLAR_rel_usergroup_permission.permission_id = SYLAR_permissions.permission_id and
  175. SYLAR_rel_users_usergroups.group_id = SYLAR_rel_usergroup_permission.group_id and
  176. SYLAR_rel_users_usergroups.group_id = SYLAR_usergroups.group_id and
  177. SYLAR_rel_users_usergroups.user_id = $user_id
  178. ";
  179. $result = $db->execSmartQuery($sql);
  180. $aAppo = array();
  181. while ($row = $db->fetchArrayByName()) {
  182. $aAppo[$row["permission_id"]] = $row["code"];
  183. }
  184. if($db->resultRows()<1){
  185. $log->logEvent("User logged but he has no permission. [Sylar_SqlSession::Login]","WARNING");
  186. }
  187. return $aAppo;
  188. }catch (ExceptionInSylar $ex){
  189. // Pass the exceptions to caller method
  190. throw $ex;
  191. return false;
  192. }
  193. }
  194. /**
  195. * Set the information about user as logged on the storage DB
  196. *
  197. * @since 16/feb/08
  198. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  199. *
  200. * @param string $username
  201. * @param int $user_id not request field. if it's 0 the method ignore it
  202. * @return boolean
  203. */
  204. public function setUserAsLogged($username, $user_id=0){
  205. $log = new Sylar_Logger();
  206. $db = new Sylar_MysqlDriver();
  207. try{
  208. if($user_id>0){ $sqlAdd = " and user_id=".$user_id; }
  209. $sql = "update SYLAR_users set last_login=NOW(), num_login=num_login+1, session_id='".Sylar_Session::getSessionID()."' where username = '".$db->quoteString($username)."' ".$sqlAdd;
  210. $results = $db->execSmartQuery($sql);
  211. //TODO Control on affected rows
  212. $log->logEvent("Updating status for login in DB: ".$username.". [Sylar_SqlSession::setUserAsLogged]","VERBOSE");
  213. return true;
  214. }catch (Exception $ex){
  215. //$log->logEvent("Error! During Login process... SQL. [Sylar_SqlSession::setUserAsLogged] ex: ".$ex->getMessage(), "WARNING");
  216. if($db->isConnected()){ $db->disconnect(); }
  217. // Pass the exceptions to caller method
  218. throw $ex;
  219. return false;
  220. }
  221. }
  222.  
  223. /**
  224. * Set the information about user as NOT logged on the storage DB
  225. *
  226. * @since 16/feb/08
  227. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  228. *
  229. * @param string $username
  230. * @param int $user_id not request field. if it's 0 the method ignore it
  231. * @return boolean
  232. */
  233. public function setUserAsNotLogged($username, $user_id=0){
  234. $log = new Sylar_Logger();
  235. $db = new Sylar_MysqlDriver();
  236. try{
  237. if($user_id>0){ $sqlAdd = " and user_id=".$user_id; }
  238. $sql = "update SYLAR_users set last_logout=NOW() where username = '".$db->quoteString($username)."' ".$sqlAdd;
  239. $results = $db->execSmartQuery($sql);
  240. $log->logEvent("Updating status for logout in DB: ".$username.". [Sylar_SqlSession::setUserAsNotLogged]","VERBOSE");
  241. return true;
  242. }catch (Exception $ex){
  243. //$log->logEvent("Error! During Logout process... SQL. [Sylar_SqlSession::setUserAsNotLogged] ex: ".$ex->getMessage(), "WARNING");
  244. if($db->isConnected()){ $db->disconnect(); }
  245. // Pass the exceptions to caller method
  246. throw $ex;
  247. return false;
  248. }
  249. }
  250.  
  251. }
  252.  
  253. ?>

Documentation generated on Thu, 24 Apr 2008 16:14:22 +0200 by phpDocumentor 1.3.0RC3