User.class.php

<?php

/*
 @nom: User
 @auteur: Idleman (http://blog.idleman.fr)
 @description:  Classe de gestion des utilisateurs
 */

class User extends MysqlEntity{

    const OTP_INTERVAL = 30;
    const OTP_DIGITS   = 8;
    const OTP_DIGEST   = 'sha1';

    protected $id,$login,$password,$otpSecret;
    protected $TABLE_NAME = 'user';
    protected $object_fields =
    array(
        'id'=>'key',
        'login'=>'string',
        'password'=>'string',
        'otpSecret'=>'string',
    );

    protected $object_fields_uniques =
    array(
        'login'
    );

    function __construct(){
        parent::__construct();
    }

    function setId($id){
        $this->id = $id;
    }

    function isOtpSecretValid($otpSecret) {
        // Teste si la longueur est d'au moins 8 caractères
        // et en Base32: [A-Z] + [2-7]
        return is_string($otpSecret) && preg_match('/^[a-zA-Z2-7]{8,}$/', $otpSecret);
    }

    protected function getOtpControler() {
        return new \OTPHP\TOTP($this->otpSecret, array('interval'=>self::OTP_INTERVAL, 'digits'=>self::OTP_DIGITS, 'digest'=>self::OTP_DIGEST));
    }

    function getOtpKey() {
        $otp = $this->getOtpControler();
        return str_pad($otp->now(), $otp->digits, '0', STR_PAD_LEFT);
    }

    function exist($login,$password,$salt='',$otpEntered=Null){
        $userManager = new User();
        $user = $userManager->load(array('login'=>$login,'password'=>User::encrypt($password,$salt)));

        if (false!=$user) {
            $otpSecret = $user->otpSecret;

            global $configurationManager;
            switch (True) {
                case !$configurationManager->get('otpEnabled'):
                case empty($otpSecret) && empty($otpEntered):
                    // Pas d'OTP s'il est désactivé dans la configuration où s'il n'est pas demandé et fourni.
                    return $user;
            }
            $otp = $user->getOtpControler();
            if ($otp->verify($otpEntered) || $otp->verify($otpEntered, time()-10)) {
                return $user;
            }
        }

        return false;
    }

    static function get($login){
        $userManager = new User();
        return $userManager->load(array('login'=>$login,));
    }

    function getToken() {
        $hasPassword = !empty($this->password);
        $hasLogin = !empty($this->login);
        assert($hasLogin);
        assert($hasPassword);
        return sha1($this->password.$this->login);
    }

    public function add($login = false, $password = false, $salt = false, $logger = false) {
        if(!$logger) {
            require_once('Logger.class.php');
            $logger = new Logger('settings');
        }
        if(empty($login)) {
            $logger->appendLogs(_t("USER_ADD_MISSING_LOGIN"));
        }
        $existingUser = $this->load(array('login' => $login));
        if($existingUser instanceof User) {
            $logger->appendLogs(_t("USER_ADD_DUPLICATE"));
            $logger->save();
            return false;
        }
        if(empty($password)) {
            $logger->appendLogs(_t("USER_ADD_MISSING_PASSWORD"));
        }
        if($logger->hasLogs()) {
            $logger->save();
            return false;
        }
        $this->setLogin($login);
        $this->setPassword($password, $salt);
        $this->save();
        $this->createSideTables($login);
        $logger->appendLogs(_t("USER_ADD_OK"). ' '.$login);
        $logger->save();
        return true;
    }

    public function remove($userId) {
        require_once('Logger.class.php');
        $logger = new Logger('settings');
        if(empty($userId)) {
            $logger->appendLogs(_t("USER_DEL_MISSING_ID"));
            $logger->save();
            return false;
        }
        $user = $this->load(array('id' => $userId));
        if(!$user) {
            $logger->appendLogs(_t("USER_DEL_UNKNOWN_ID").' '.$userId);
            $logger->save();
            return false;
        }
        $this->setLogin($user->getLogin());
        $this->deleteSideTables();
        $this->delete(array('id' => $userId));
        $logger->appendLogs(_t("USER_DEL_OK").$user->getLogin());
        $logger->save();
        return true;
    }

    protected function createSideTables() {
        $this->manageSideTables();
    }

    protected function deleteSideTables() {
        $this->manageSideTables('remove');
    }

    protected function manageSideTables($action = 'add') {
        $actionMethod = $action === 'add' ? 'create' : 'destroy';
        $feedManager = new Feed();
        $feedManager->$actionMethod();
        $eventManager = new Event();
        $eventManager->$actionMethod();
        $folderManager = new Folder();
        $folderManager->$actionMethod();
        if($action === 'add' && $folderManager->rowCount() === '0') {
            $folderManager->setName(_t('GENERAL_FOLDER'));
            $folderManager->setParent(-1);
            $folderManager->setIsopen(1);
            $folderManager->save();
        }
    }

    static function existAuthToken($auth=null){
        $result = false;
        $userManager = new User();
        $users = $userManager->populate('id');
        $phpAuth = isset($_SERVER['PHP_AUTH_USER']) ? strtolower($_SERVER['PHP_AUTH_USER']) : false;
        if (empty($auth)) $auth = @$_COOKIE['leedStaySignedIn'];
        foreach($users as $user){
            if ($user->getToken()==$auth || strtolower($user->login)===$phpAuth){
                $result = $user;
                break;
            }
        }
        return $result;
    }

    static function generateSalt() {
        return ''.mt_rand().mt_rand();
    }

    function setStayConnected() {
        ///@TODO: set the current web directory, here and on del
        setcookie('leedStaySignedIn', $this->getToken(), time()+31536000);
    }

    static function delStayConnected() {
        setcookie('leedStaySignedIn', '', -1);
    }

    function getId(){
        return $this->id;
    }

    function getLogin(){
        return $this->login;
    }

    function setLogin($login){
        $this->login = $login;
    }

    function getPassword(){
        return $this->password;
    }

    function setPassword($password,$salt=''){
        $this->password = User::encrypt($password,$salt);
    }

    function getOtpSecret(){
        return $this->otpSecret;
    }

    function setOtpSecret($otpSecret){
        $this->otpSecret = $otpSecret;
    }

    function resetPassword($resetPassword, $salt=''){
        $this->setPassword($resetPassword, $salt);
        $this->otpSecret = '';
        $this->save();
    }

    static function encrypt($password, $salt=''){
        return sha1($password.$salt);
    }

}

?>