Misc Classes: Database class integration.

core/authentication/resources/classes/plugins/database.php

@@ -26,85 +26,62 @@ class plugin_database {
 	 */
 	function database() {
 
-		//save the database connection to a local variable
-			include "root.php";
-			require_once "resources/classes/database.php";
-			$database = new database;
-			$database->connect();
-			$db = $database->db;
+		//set the default status
+			$user_authorized = false;
 
 		//check the username and password if they don't match then redirect to the login
-			$sql = "select * from v_users ";
+			$sql = "select * from v_users where ";
 			if (strlen($this->key) > 30) {
-				$sql .= "where api_key = :key ";
-				//$sql .= "where api_key = '".$this->key."' ";
+				$sql .= "api_key = :key ";
+				$parameters['api_key'] = $this->key;
 			}
 			else {
-				$sql .= "where lower(username) = lower(:username) ";
-				//$sql .= "where username = '".$this->username."' ";
+				$sql .= "lower(username) = lower(:username) ";
+				$parameters['username'] = $this->username;
 			}
-			if ($_SESSION["users"]["unique"]["text"] == "global") {
-				//unique username - global (example: email address)
-			}
-			else {
-				//unique username - per domain
+			if ($_SESSION["users"]["unique"]["text"] != "global") {
+				//unique username per domain (not globally unique across system - example: email address)
 				$sql .= "and domain_uuid = :domain_uuid ";
-				//$sql .= "and domain_uuid = '".$this->domain_uuid."' ";
+				$parameters['domain_uuid'] = $this->domain_uuid;
 			}
 			$sql .= "and (user_enabled = 'true' or user_enabled is null) ";
-			$prep_statement = $db->prepare($sql);
-			if ($_SESSION["users"]["unique"]["text"] != "global") {
-				$prep_statement->bindParam(':domain_uuid', $this->domain_uuid);
-			}
-			if (strlen($this->key) > 30) {
-				$prep_statement->bindParam(':key', $this->key);
-			}
-			if (strlen($this->username) > 0) {
-				$prep_statement->bindParam(':username', $this->username);
-			}
-			$prep_statement->execute();
-			$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-			$user_authorized = false;
-			if (is_array($result)) {
-				foreach ($result as &$row) {
+			$database = new database;
+			$row = $database->select($sql, $parameters, 'row');
+			if (is_array($row) && @sizeof($row) != 0) {
 
-					//get the domain uuid when users are unique globally
-						if ($_SESSION["users"]["unique"]["text"] == "global" && $row["domain_uuid"] != $this->domain_uuid) {
-							//set the domain_uuid
-								$this->domain_uuid = $row["domain_uuid"];
-								$this->domain_name = $_SESSION['domains'][$this->domain_uuid]['domain_name'];
+				//get the domain uuid when users are unique globally
+					if ($_SESSION["users"]["unique"]["text"] == "global" && $row["domain_uuid"] != $this->domain_uuid) {
+						//set the domain_uuid
+							$this->domain_uuid = $row["domain_uuid"];
+							$this->domain_name = $_SESSION['domains'][$this->domain_uuid]['domain_name'];
 
-							//set the domain session variables
-								$_SESSION["domain_uuid"] = $this->domain_uuid;
-								$_SESSION["domain_name"] = $this->domain_name;
+						//set the domain session variables
+							$_SESSION["domain_uuid"] = $this->domain_uuid;
+							$_SESSION["domain_name"] = $this->domain_name;
 
-							//set the setting arrays
-								$domain = new domains();
-								$domain->db = $db;
-								$domain->set();
-						}
+						//set the setting arrays
+							$domain = new domains();
+							$domain->db = $db;
+							$domain->set();
+					}
 
-					//set the user_uuid
-						$this->user_uuid = $row['user_uuid'];
-						$this->contact_uuid = $row['contact_uuid'];
+				//set the user_uuid
+					$this->user_uuid = $row['user_uuid'];
+					$this->contact_uuid = $row['contact_uuid'];
 
-					//if salt is not defined then use the default salt for backwards compatibility
-						if (strlen($row["salt"]) == 0) {
-							$row["salt"] = 'e3.7d.12';
-						}
+				//if salt is not defined then use the default salt for backwards compatibility
+					if (strlen($row["salt"]) == 0) {
+						$row["salt"] = 'e3.7d.12';
+					}
 
-					//compare the password provided by the user with the one in the database
-						if (md5($row["salt"].$this->password) == $row["password"]) {
-							$user_authorized = true;
-						} elseif (strlen($this->key) >  30 && $this->key == $row["api_key"]) {
-							$user_authorized = true;
-						} else {
-							$user_authorized = false;
-						}
+				//compare the password provided by the user with the one in the database
+					if (md5($row["salt"].$this->password) == $row["password"]) {
+						$user_authorized = true;
+					}
+					else if (strlen($this->key) > 30 && $this->key == $row["api_key"]) {
+						$user_authorized = true;
+					}
 
-					//end the loop
-						break;
-				}
 			}
 			unset($result);
 
@@ -119,14 +96,10 @@ class plugin_database {
 			$result["domain_uuid"] = $this->domain_uuid;
 			$result["contact_uuid"] = $this->contact_uuid;
 			$result["sql"] = $sql;
-			if ($user_authorized) {
-				$result["authorized"] = "true";
-			}
-			else {
-				$result["authorized"] = "false";
-			}
+			$result["authorized"] = $user_authorized ? 'true' : 'false';
+
 			return $result;
 	}
 }
 
-?>
+?>

core/authentication/resources/classes/plugins/ldap.php

@@ -23,13 +23,6 @@ class plugin_ldap {
 	 */
 	function ldap() {
 
-		//save the database connection to a local variable
-			include "root.php";
-			require_once "resources/classes/database.php";
-			$database = new database;
-			$database->connect();
-			$db = $database->db;
-
 		//use ldap to validate the user credentials
 			if (isset($_SESSION["ldap"]["certpath"])) {
 				$s = "LDAPTLS_CERT=" . $_SESSION["ldap"]["certpath"]["text"];
@@ -41,13 +34,13 @@ class plugin_ldap {
 			}
 			$host = $_SESSION["ldap"]["server_host"]["text"];
 			$port = $_SESSION["ldap"]["server_port"]["numeric"];
-			$connect = ldap_connect($host,$port)
+			$connect = ldap_connect($host, $port)
 				or die("Could not connect to the LDAP server.");
 			//ldap_set_option($connect, LDAP_OPT_NETWORK_TIMEOUT, 10);
 			ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
 			//ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
 
-		//set the default for $user_authorized to false
+		//set the default status
 			$user_authorized = false;
 
 		//provide backwards compatability
@@ -69,54 +62,37 @@ class plugin_ldap {
 						$user_authorized = true;
 						break;
 					}
-					else {
-						//connection failed
-						$user_authorized = false;
-					}
-				}
-				else {
-					//password not provided
-					$user_authorized = false;
 				}
 			}
 
 		//check to see if the user exists
 			 if ($user_authorized) {
 				$sql = "select * from v_users ";
-				$sql .= "where username=:username ";
-				if ($_SESSION["users"]["unique"]["text"] == "global") {
-					//unique username - global (example: email address)
-				}
-				else {
-					//unique username - per domain
-					$sql .= "and domain_uuid=:domain_uuid ";
-				}
-				$prep_statement = $db->prepare($sql);
+				$sql .= "where username = :username ";
 				if ($_SESSION["users"]["unique"]["text"] != "global") {
-					$prep_statement->bindParam(':domain_uuid', $this->domain_uuid);
+					//unique username per domain (not globally unique across system - example: email address)
+					$sql .= "and domain_uuid = :domain_uuid ";
+					$parameters['domain_uuid'] = $this->domain_uuid;
 				}
-				$prep_statement->bindParam(':username', $this->username);
-				$prep_statement->execute();
-				$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-				if (count($result) > 0) {
-					foreach ($result as &$row) {
-							if ($_SESSION["users"]["unique"]["text"] == "global" && $row["domain_uuid"] != $this->domain_uuid) {
-								//get the domain uuid
-									$this->domain_uuid = $row["domain_uuid"];
-									$this->domain_name = $_SESSION['domains'][$this->domain_uuid]['domain_name'];
-
-								//set the domain session variables
-									$_SESSION["domain_uuid"] = $this->domain_uuid;
-									$_SESSION["domain_name"] = $this->domain_name;
-
-								//set the setting arrays
-									$domain = new domains();
-									$domain->db = $db;
-									$domain->set();
-							}
-							$this->user_uuid = $row["user_uuid"];
-							$this->contact_uuid = $row["contact_uuid"];
+				$parameters['username'] = $this->username;
+				$database = new database;
+				$row = $database->select($sql, $parameters, 'row');
+				if (is_array($row) && @sizeof($row) != 0) {
+					if ($_SESSION["users"]["unique"]["text"] == "global" && $row["domain_uuid"] != $this->domain_uuid) {
+						//get the domain uuid
+							$this->domain_uuid = $row["domain_uuid"];
+							$this->domain_name = $_SESSION['domains'][$this->domain_uuid]['domain_name'];
+
+						//set the domain session variables
+							$_SESSION["domain_uuid"] = $this->domain_uuid;
+							$_SESSION["domain_name"] = $this->domain_name;
+
+						//set the setting arrays
+							$domain = new domains();
+							$domain->set();
 					}
+					$this->user_uuid = $row["user_uuid"];
+					$this->contact_uuid = $row["contact_uuid"];
 				}
 				else {
 					//salt used with the password to create a one way hash
@@ -127,53 +103,40 @@ class plugin_ldap {
 						$this->user_uuid = uuid();
 						$this->contact_uuid = uuid();
 
-					//add the user
-						$sql = "insert into v_users ";
-						$sql .= "(";
-						$sql .= "domain_uuid, ";
-						$sql .= "user_uuid, ";
-						$sql .= "contact_uuid, ";
-						$sql .= "username, ";
-						$sql .= "password, ";
-						$sql .= "salt, ";
-						$sql .= "add_date, ";
-						$sql .= "add_user, ";
-						$sql .= "user_enabled ";
-						$sql .= ") ";
-						$sql .= "values ";
-						$sql .= "(";
-						$sql .= "'".$this->domain_uuid."', ";
-						$sql .= "'".$this->user_uuid."', ";
-						$sql .= "'".$this->contact_uuid."', ";
-						$sql .= "'".strtolower($this->username)."', ";
-						$sql .= "'".md5($salt.$password)."', ";
-						$sql .= "'".$salt."', ";
-						$sql .= "now(), ";
-						$sql .= "'".strtolower($this->username)."', ";
-						$sql .= "'true' ";
-						$sql .= ")";
-						$db->exec(check_sql($sql));
-						unset($sql);
-
-					//add the user to group user
-						$group_name = 'user';
-						$sql = "insert into v_user_groups ";
-						$sql .= "(";
-						$sql .= "user_group_uuid, ";
-						$sql .= "domain_uuid, ";
-						$sql .= "group_name, ";
-						$sql .= "user_uuid ";
-						$sql .= ")";
-						$sql .= "values ";
-						$sql .= "(";
-						$sql .= "'".uuid()."', ";
-						$sql .= "'".$this->domain_uuid."', ";
-						$sql .= "'".$group_name."', ";
-						$sql .= "'".$this->user_uuid."' ";
-						$sql .= ")";
-						$db->exec(check_sql($sql));
-						unset($sql);
+					//build user insert array
+						$array['users'][0]['user_uuid'] = $this->user_uuid;
+						$array['users'][0]['domain_uuid'] = $this->domain_uuid;
+						$array['users'][0]['contact_uuid'] = $this->contact_uuid;
+						$array['users'][0]['username'] = strtolower($this->username);
+						$array['users'][0]['password'] = md5($salt.$password);
+						$array['users'][0]['salt'] = $salt;
+						$array['users'][0]['add_date'] = now();
+						$array['users'][0]['add_user'] = strtolower($this->username);
+						$array['users'][0]['user_enabled'] = 'true';
+
+					//build user group insert array
+						$array['user_groups'][0]['user_group_uuid'] = uuid();
+						$array['user_groups'][0]['domain_uuid'] = $this->domain_uuid;
+						$array['user_groups'][0]['group_name'] = 'user';
+						$array['user_groups'][0]['user_uuid'] = $this->user_uuid;
+
+					//grant temporary permissions
+						$p = new permissions;
+						$p->add('user_add', 'temp');
+						$p->add('user_group_add', 'temp');
+
+					//execute insert
+						$database = new database;
+						$database->app_name = 'authentication';
+						$database->app_uuid = 'a8a12918-69a4-4ece-a1ae-3932be0e41f1';
+						$database->save($array);
+						unset($array);
+
+					//revoke temporary permissions
+						$p->delete('user_add', 'temp');
+						$p->delete('user_group_add', 'temp');
 				}
+				unset($sql, $parameters, $row);
 			}
 
 		//result array
@@ -185,14 +148,9 @@ class plugin_ldap {
 			}
 			$result["user_uuid"] = $this->user_uuid;
 			$result["domain_uuid"] = $this->domain_uuid;
-			if ($user_authorized) {
-				$result["authorized"] = "true";
-			}
-			else {
-				$result["authorized"] = "false";
-			}
+			$result["authorized"] = $user_authorized ? 'true' : 'false';
 			return $result;
 	}
 }
 
-?>
+?>

core/groups/resources/classes/permission.php

@@ -29,105 +29,113 @@
 
 		//delete the permissions
 			function delete() {
-				//set the variables
-					$db = $this->db;
 				//get unprotected groups and their domain uuids (if any)
-					$sql = "select group_name, domain_uuid from v_groups where group_protected <> 'true' ";
-					$prep_statement = $db->prepare(check_sql($sql));
-					$prep_statement->execute();
-					$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-					$result_count = count($result);
-					if ($result_count > 0) {
+					$sql = "select group_name, domain_uuid ";
+					$sql .= "from v_groups ";
+					$sql .= "where group_protected <> 'true' ";
+					$database = new database;
+					$result = $database->select($sql, null, 'all');
+					if (is_array($result) && @sizeof($result) != 0) {
 						foreach($result as $row) {
 							$unprotected_groups[$row['group_name']] = $row['domain_uuid'];
 						}
 					}
-					unset ($prep_statement, $sql, $result, $result_count);
+					unset($sql, $result, $row);
 				//delete unprotected group permissions
 					if (is_array($unprotected_groups) && sizeof($unprotected_groups) > 0) {
+						$x = 0;
 						foreach ($unprotected_groups as $unprotected_group_name => $unprotected_domain_uuid) {
-							$sql = "delete from v_group_permissions where ";
-							$sql .= "group_name = '".$unprotected_group_name."' ";
-							$sql .= "and domain_uuid ".(($unprotected_domain_uuid != '') ? " = '".$unprotected_domain_uuid."' " : " is null ");
-							if (false === $db->exec($sql)) {
-								//echo $db->errorCode() . "<br>";
-								$info = $db->errorInfo();
-								print_r($info);
-								// $info[0] == $db->errorCode() unified error code
-								// $info[1] is the driver specific error code
-								// $info[2] is the driver specific error string
-							}
+							//build delete array
+								$array['group_permissions'][$x]['group_name'] = $unprotected_group_name;
+								$array['group_permissions'][$x]['domain_uuid'] = $unprotected_domain_uuid != '' ? $unprotected_domain_uuid : null;
+							$x++;
+						}
+						if (is_array($array) && @sizeof($array) != 0) {
+							//grant temporary permissions
+								$p = new permissions;
+								$p->add('group_permission_delete', 'temp');
+							//execute delete
+								$database = new database;
+								$database->app_name = 'groups';
+								$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+								$database->delete($array);
+								unset($array);
+							//revoke temporary permissions
+								$p->delete('group_permission_delete', 'temp');
 						}
 					}
 			}
 
 		//restore the permissions
 			function restore() {
-				//set the variables
-					$db = $this->db;
-
 				//delete the group permisisons
 					$this->delete();
 
 				//get the $apps array from the installed apps from the core and mod directories
 					$config_list = glob($_SERVER["DOCUMENT_ROOT"] . PROJECT_PATH . "/*/*/app_config.php");
-					$x=0;
+					$x = 0;
 					foreach ($config_list as &$config_path) {
 						include($config_path);
 						$x++;
 					}
 
 				//restore default permissions
-					foreach($apps as $row) {
+					$x = 0;
+					foreach ($apps as $row) {
 						foreach ($row['permissions'] as $permission) {
 							//set the variables
 							if ($permission['groups']) {
 								foreach ($permission['groups'] as $group) {
 									//check group protection
-									$sql = "select * from v_groups ";
-									$sql .= "where group_name = '".$group."' ";
+									$sql = "select count(*) from v_groups ";
+									$sql .= "where group_name = :group_name ";
 									$sql .= "and group_protected = 'true'";
-									$prep_statement = $db->prepare(check_sql($sql));
-									if ($prep_statement) {
-										$prep_statement->execute();
-										$result = $prep_statement->fetchAll(PDO::FETCH_ASSOC);
-										unset ($prep_statement);
-										if (count($result) == 0) {
-											//if the item uuid is not currently in the db then add it
-											$sql = "select * from v_group_permissions ";
-											$sql .= "where permission_name = '".$permission['name']."' ";
-											$sql .= "and group_name = '$group' ";
-											$prep_statement = $db->prepare(check_sql($sql));
-											if ($prep_statement) {
-												$prep_statement->execute();
-												$result = $prep_statement->fetchAll(PDO::FETCH_ASSOC);
-												unset ($prep_statement);
-												if (count($result) == 0) {
-													//insert the default permissions into the database
-													$sql = "insert into v_group_permissions ";
-													$sql .= "(";
-													$sql .= "group_permission_uuid, ";
-													$sql .= "permission_name, ";
-													$sql .= "group_name ";
-													$sql .= ") ";
-													$sql .= "values ";
-													$sql .= "(";
-													$sql .= "'".uuid()."', ";
-													$sql .= "'".$permission['name']."', ";
-													$sql .= "'".$group."' ";
-													$sql .= ");";
-													$db->exec(check_sql($sql));
-													unset($sql);
-												} // if count
-											} // if prepared statement
-										} // if count
-									} // if prepared statement
-								} // foreach group permission
-							} // if permission
-						} // foreach permission
-					} // foreach app
-
-			} // function
-	} // class
+									$parameters['group_name'] = $group;
+									$database = new database;
+									$num_rows = $database->select($sql, $parameters, 'column');
+									unset($sql, $parameters);
+
+									if ($num_rows == 0) {
+										//if the item uuid is not currently in the db then add it
+										$sql = "select count(*) from v_group_permissions ";
+										$sql .= "where permission_name = :permission_name ";
+										$sql .= "and group_name = :group_name ";
+										$parameters['permission_name'] = $permission['name'];
+										$parameters['group_name'] = $group;
+										$database = new database;
+										$num_rows = $database->select($sql, $parameters, 'column');
+										unset($sql, $parameters);
+
+										if ($num_rows == 0) {
+											//build default permissions insert array
+												$array['group_permissions'][$x]['group_permission_uuid'] = uuid();
+												$array['group_permissions'][$x]['permission_name'] = $permission['name'];
+												$array['group_permissions'][$x]['group_name'] = $group;
+											$x++;
+										}
+									}
+								}
+							}
+						}
+					}
+					if (is_array($array) && @sizeof($array)) {
+						//grant temporary permissions
+							$p = new permissions;
+							$p->add('group_permission_add', 'temp');
+
+						//execute insert
+							$database = new database;
+							$database->app_name = 'groups';
+							$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+							$database->save($array);
+							unset($array);
+
+						//revoke temporary permissions
+							$p->delete('group_permission_add', 'temp');
+					}
+
+			}
+
+	}
 
 ?>

resources/classes/captcha.php

@@ -34,8 +34,6 @@ class captcha {
 	/**
 	* Called when the object is created
 	*/
-	//public $db;
-	//public $domain_uuid;
 	public $code;
 
 	/**