From 77e30dc5f1d1a67c339ae0242f8b6986efe0b286 Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Wed, 25 Jun 2014 16:42:10 +0300 Subject: [PATCH 01/23] v2 dev --- application/config/aauth.php | 7 ++- application/controllers/example.php | 16 +++---- application/libraries/Aauth.php | 69 ++++++++++++++++++++++++----- 3 files changed, 73 insertions(+), 19 deletions(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index 6f6ec8f..9e8f282 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -33,9 +33,14 @@ $config['aauth'] = array( 'perms' => 'aauth_perms', // perms to group 'perm_to_group' => 'aauth_perm_to_group', + // perms to group + 'perm_to_user' => 'aauth_perm_to_user', // pm table 'pms' => 'aauth_pms', - + // system variables + 'system_variables' => 'aauth_system_variables', + // user variables + 'user_variables' => 'aauth_user_variables', // remember time 'remember' => ' +3 days', diff --git a/application/controllers/example.php b/application/controllers/example.php index b34f913..936e978 100644 --- a/application/controllers/example.php +++ b/application/controllers/example.php @@ -31,14 +31,14 @@ class Example extends CI_Controller { print_r( //$this->aauth->is_admin() - //$this->aauth->get_user() - //$this->aauth->control_group("Mod") - //$this->aauth->control_perm(1) - //$this->aauth->list_groups() - //$this->aauth->list_users() - //$this->aauth->is_allowed(1) - //$this->aauth->is_admin() - //$this->aauth->create_perm("deneme",'defff') + //$this->aauth->get_user() + //$this->aauth->control_group("Mod") + //$this->aauth->control_perm(1) + //$this->aauth->list_groups() + //$this->aauth->list_users() + //$this->aauth->is_allowed(1) + //$this->aauth->is_admin() + //$this->aauth->create_perm("deneme",'defff') //$this->aauth->update_perm(3,'dess','asd') //$this->aauth->allow(1,1) //$this->aauth->add_member(1,1) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index d48383f..0260f3e 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -6,7 +6,7 @@ * Despite ease of use, it has also very advanced features like private messages, * groupping, access management, public access etc.. * - * @author Emre Akay + * @author Emre Akay * @contributor Jacob Tomlinson * * @copyright 2014 Emre Akay @@ -57,6 +57,7 @@ class Aauth { // Delete all errors at first $this->errors = array(); + // get main CI object $this->CI = & get_instance(); // Dependancies @@ -121,12 +122,14 @@ class Aauth { if ($query->num_rows() > 0) { $row = $query->row(); + // DDos protection if ( $this->config_vars['dos_protection'] and $row->last_login_attempt != '' and (strtotime("now") + 30 * $this->config_vars['try'] ) < strtotime($row->last_login_attempt) ) { $this->error($this->config_vars['exceeded']); return false; } } + // banned or nor verified $query = null; $query = $this->CI->db->where('email', $email); $query = $this->CI->db->where('banned', 1); @@ -226,6 +229,7 @@ class Aauth { if($this->CI->session->userdata('loggedin')) {return true;} + // cookie control else{ if( !$this->CI->input->cookie('user', TRUE) ){ return false; @@ -409,12 +413,15 @@ class Aauth { // set default group $this->add_member($user_id, $this->config_vars['default_group']); + // if verification activated if($this->config_vars['verification']){ $data = null; $data['banned'] = 1; $this->CI->db->where('id', $user_id); $this->CI->db->update($this->config_vars['users'], $data); + + // sends verifition ( !! e-mail settings must be set) $this->send_verification($user_id); } @@ -549,6 +556,7 @@ class Aauth { /** * Unban user * Activates user account + * Same with unban_user() * @param int $user_id User id to activate * @return bool Activation fails/succeeds */ @@ -563,6 +571,19 @@ class Aauth { return $this->CI->db->update($this->config_vars['users'], $data); } + /** + * Unban user + * Activates user account + * Same with unlock_user() + * @param int $user_id User id to activate + * @return bool Activation fails/succeeds + */ + public function unban_user($user_id) { + + return $this->unlock_user($user_id); + } + + /** * Check user banned * Checks if a user is banned @@ -884,7 +905,7 @@ class Aauth { * @param int|string $group_par Group id or name to remove user from * @return bool Remove success/failure */ - public function fire_member($user_id, $group_par) { + public function remove_member($user_id, $group_par) { $group_par = $this->get_group_id($group_par); $this->CI->db->where('user_id', $user_id); @@ -892,6 +913,18 @@ class Aauth { return $this->CI->db->delete($this->config_vars['user_to_group']); } + /** + * Fire member + * Remove a user from a group same as remove member + * @param int $user_id User id to remove from group + * @param int|string $group_par Group id or name to remove user from + * @return bool Remove success/failure + */ + public function fire_member($user_id, $group_par) { + + return $this->remove_member($user_id,$group_par); + } + /** * Is member * Check if current user is a member of a group @@ -1050,16 +1083,18 @@ class Aauth { $this->CI->db->where('id', $perm_id); return $this->CI->db->delete($this->config_vars['perms']); + + // also deletes from permission table } /** * Is allowed * Check if group is allowed to do specified action, admin always allowed - * @param int|string|bool $group_par Group id or name to check, or if false checks all user groups * @param int $perm_par Permission id or name to check + * @param int|string|bool $group_par Group id or name to check, or if false checks all user groups * @return bool */ - public function is_allowed($group_par=false, $perm_par){ + public function is_allowed($perm_par, $group_par=false){ $perm_id = $this->get_perm_id($perm_par); @@ -1102,13 +1137,13 @@ class Aauth { } /** - * Allow + * Allow Group * Add group to permission * @param int|string|bool $group_par Group id or name to allow * @param int $perm_par Permission id or name to allow * @return bool Allow success/failure */ - public function allow($group_par, $perm_par) { + public function allow_group($group_par, $perm_par) { $perm_id = $this->get_perm_id($perm_par); @@ -1130,13 +1165,13 @@ class Aauth { } /** - * Deny + * Deny Group * Remove group from permission * @param int|string|bool $group_par Group id or name to deny * @param int $perm_par Permission id or name to deny * @return bool Deny success/failure */ - public function deny($group_par, $perm_par) { + public function deny_group($group_par, $perm_par) { $perm_id = $this->get_perm_id($perm_par); @@ -1423,12 +1458,26 @@ class Aauth { * config * stacoverflow * login e ip aderesi de eklemek lazım - * list_users da grup_par verilirse ve adamın birden fazla grubu varsa nolurkun? + * list_users da grup_par verilirse ve adamın birden fazla grubu varsa nolurkun? // bi denemek lazım belki distinct ile düzelir * eğer grup silinmişse kullanıcıları da o gruptan sil (fire) * ismember la is admine 2. parametre olarak user id ekle * kepp infos errors die bişey yap ajax requestlerinde silinir errorlar + * user variables + * sistem variables + * user perms + * parametre olarak array alma + * mysql index fulltext index?? + * + * + * ----------- + * ok + * + * unban_user() added // unlock_user + * remove member added // fire_member + * allow changed to allow_group + * deny changed to deny_user * - * Done staff + * Done staff v1 * ----------- * tamam hacı // control die bi fonksiyon yazıp adam önce login omuşmu sonra da yetkisi var mı die kontrol et. yetkisi yoksa yönlendir ve aktivitiyi güncelle * tamam hacı // grupları yetkilendirme, yetki ekleme, alma alow deny From 361544600acd4784f76e33a19d26d7aaec59e85b Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Wed, 25 Jun 2014 16:55:05 +0300 Subject: [PATCH 02/23] v2 dev --- application/libraries/Aauth.php | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 0260f3e..5a823d8 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -1113,13 +1113,10 @@ class Aauth { } } else { - // all doors open to admin :) - if ( $this->is_admin( $this->CI->session->userdata('id')) ) {return true;} - - // if public is allowed - if( !$this->is_loggedin() and $this->is_allowed($perm_id, $this->config_vars['public_group']) ){ - return true; - } + // if public is allowed ot he is admin + if ( $this->is_admin( $this->CI->session->userdata('id')) or + $this->is_allowed($perm_id, $this->config_vars['public_group']) ) + {return true;} if (!$this->is_loggedin()){return false;} From 83be42c3c429eddde8776440270883bc6b9cedef Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Fri, 27 Jun 2014 19:02:39 +0300 Subject: [PATCH 03/23] allow_user( ) and deny_user() functions is implemented --- application/libraries/Aauth.php | 162 ++++++++++++++++++++++++-------- 1 file changed, 122 insertions(+), 40 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 5a823d8..093be21 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -18,6 +18,9 @@ * * The latest version of Aauth can be obtained from: * https://github.com/emreakay/CodeIgniter-Aauth + * + * + * $this->CI->session->userdata('id') */ class Aauth { @@ -164,7 +167,7 @@ class Aauth { $this->CI->session->set_userdata($data); - // id remember selected + // if remember selected if ($remember){ $expire = $this->config_vars['remember']; $today = date("Y-m-d"); @@ -226,14 +229,14 @@ class Aauth { */ public function is_loggedin() { - if($this->CI->session->userdata('loggedin')) - {return true;} + if ( $this->CI->session->userdata('loggedin') ) + { return true; } // cookie control - else{ - if( !$this->CI->input->cookie('user', TRUE) ){ + else { + if( ! $this->CI->input->cookie('user', TRUE) ){ return false; - }else{ + } else { $cookie = explode('-', $this->CI->input->cookie('user', TRUE)); if(!is_numeric( $cookie[0] ) or strlen($cookie[1]) < 13 ){return false;} else{ @@ -261,28 +264,27 @@ class Aauth { } } + return false; } /** - * Controls if a logged or public user has permiision + * Controls if a logged or public user has permission * If no permission, it stops script, it also updates last activity every time function called * @param bool $perm_par If not given just control user logged in or not */ - public function control($perm_par = false){ - - if(!$perm_par and !$this->is_loggedin()){ - echo $this->config_vars['no_access']; - die(); - } + public function control( $perm_par ){ + // if perm_par is given $perm_id = $this->get_perm_id($perm_par); $this->update_activity(); - if( !$this->is_allowed($perm_id) ) { + // if user or user's group allowed + if ( !$this->is_allowed($perm_id) or !$this->is_group_allowed($perm_id)){ echo $this->config_vars['no_access']; die(); } + } /** @@ -929,15 +931,19 @@ class Aauth { * Is member * Check if current user is a member of a group * @param int|string $group_par Group id or name to check + * @param int|bool $user_id User id, if not given current user * @return bool */ - public function is_member($group_par) { + public function is_member( $group_par, $user_id = false ) { - $user_id = $this->CI->session->userdata('id'); + // if user_id false (not given), current user + if(!$user_id){ + $user_id = $this->CI->session->userdata('id'); + } - $this->get_group_id($group_par); - // group_id given - if (is_numeric($group_par)) { + $group_id = $this->get_group_id($group_par); + // if found + if (is_numeric($group_id)) { $query = $this->CI->db->where('user_id', $user_id); $query = $this->CI->db->where('group_id', $group_par); @@ -950,19 +956,8 @@ class Aauth { } else { return FALSE; } - } - - // group_name given - else { - - $query = $this->CI->db->where('name', $group_par); - $query = $this->CI->db->get($this->config_vars['groups']); - - if ($query->num_rows() == 0) - return FALSE; - - $row = $query->row(); - return $this->is_member($row->id); + } else { + return false; } } @@ -1081,23 +1076,61 @@ class Aauth { */ public function delete_perm($perm_id) { + // deletes from perm_to_gropup table + $this->CI->db->where('pern_id', $perm_id); + $this->CI->db->delete($this->config_vars['perm_to_group']); + + // deletes from perm_to_user table + $this->CI->db->where('pern_id', $perm_id); + $this->CI->db->delete($this->config_vars['perm_to_group']); + + // deletes from permission table $this->CI->db->where('id', $perm_id); return $this->CI->db->delete($this->config_vars['perms']); + } + + /** + * Is user allowed + * Check if user allowed to do specified action, admin always allowed + * fist checks user permissions then check group permissions + * @param int $perm_par Permission id or name to check + * @param int|bool $user_id User id to check, or if false checks current user + * @return bool + */ + public function is_allowed($perm_par, $user_id=false){ + + $perm_id = $this->get_perm_id($perm_par); + + if( $user_id == false){ + $user_id = $this->CI->session->userdata('id'); + } + + $query = $this->CI->db->where('perm_id', $perm_id); + $query = $this->CI->db->where('user_id', $user_id); + $query = $this->CI->db->get( $this->config_vars['perm_to_user'] ); + + if( $query->num_rows() > 0){ + return true; + } elseif ($this->is_group_allowed($perm_id)) { + return true; + } else { + return false; + } - // also deletes from permission table } /** - * Is allowed + * Is Group allowed * Check if group is allowed to do specified action, admin always allowed * @param int $perm_par Permission id or name to check * @param int|string|bool $group_par Group id or name to check, or if false checks all user groups * @return bool */ - public function is_allowed($perm_par, $group_par=false){ + public function is_group_allowed($perm_par, $group_par=false){ $perm_id = $this->get_perm_id($perm_par); + // if group par is given if($group_par != false){ $group_par = $this->get_group_id($group_par); @@ -1112,27 +1145,75 @@ class Aauth { return false; } } + // if group par is not given + // checks current user's all groups else { - // if public is allowed ot he is admin + // if public is allowed or he is admin if ( $this->is_admin( $this->CI->session->userdata('id')) or - $this->is_allowed($perm_id, $this->config_vars['public_group']) ) + $this->is_group_allowed($perm_id, $this->config_vars['public_group']) ) {return true;} + // if is not login if (!$this->is_loggedin()){return false;} $group_pars = $this->list_groups( $this->CI->session->userdata('id') ); foreach ($group_pars as $g ){ - if($this->is_allowed($perm_id, $g -> id)){ + if($this->is_group_allowed($perm_id, $g -> id)){ return true; } } - return false; } } + /** + * Allow User + * Add User to permission + * @param int $user_id User id to deny + * @param int $perm_par Permission id or name to allow + * @return bool Allow success/failure + */ + public function allow_user($user_id, $perm_par) { + + $perm_id = $this->get_perm_id($perm_par); + + $query = $this->CI->db->where('user_id',$user_id); + $query = $this->CI->db->where('perm_id',$perm_id); + $query = $this->CI->db->get($this->config_vars['perm_to_user']); + + // if not inserted before + if ($query->num_rows() < 1) { + + $data = array( + 'user_id' => $user_id, + 'perm_id' => $perm_id + ); + + return $this->CI->db->insert($this->config_vars['perm_to_group'], $data); + } + return true; + } + + /** + * Deny User + * Remove user from permission + * @param int $user_id User id to deny + * @param int $perm_par Permission id or name to deny + * @return bool Deny success/failure + */ + public function deny_user($user_id, $perm_par) { + + $perm_id = $this->get_perm_id($perm_par); + + $this->CI->db->where('user_id', $user_id); + $this->CI->db->where('perm_id', $perm_id); + + return $this->CI->db->delete($this->config_vars['perm_to_group']); + } + + /** * Allow Group * Add group to permission @@ -1472,7 +1553,8 @@ class Aauth { * unban_user() added // unlock_user * remove member added // fire_member * allow changed to allow_group - * deny changed to deny_user + * deny changed to deny_group + * is member a yeni parametre eklendi * * Done staff v1 * ----------- From 270dc685400a58d5f75b71b27aa72a765b2e31d0 Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Fri, 27 Jun 2014 19:27:57 +0300 Subject: [PATCH 04/23] ip_address will be also updated in update_last_login() --- application/libraries/Aauth.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 093be21..ea6fe9c 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -735,6 +735,7 @@ class Aauth { $user_id = $this->CI->session->userdata('id'); $data['last_login'] = date("Y-m-d H:i:s"); + $data['ip_address'] = $this->CI->input->ip_address(); $this->CI->db->where('id', $user_id); return $this->CI->db->update($this->config_vars['users'], $data); @@ -1528,12 +1529,11 @@ class Aauth { /** * Coming with v2 * ------------- - * public id sini 0 a eşitleyip öyle kontrol yapabilirdik + * public id sini 0 a eşitleyip öyle kontrol yapabilirdik (oni boşver uşağum) * permission id yi permission parametre yap - * performance impr. // tablo isimlerini configden çekmesin - * captcha + * performance impr. // tablo isimlerini configden çekmesin (şimdilik çeksin) + * captcha (hmm bi bakalım) * mail fonksiyonları imtihanı - * config * stacoverflow * login e ip aderesi de eklemek lazım * list_users da grup_par verilirse ve adamın birden fazla grubu varsa nolurkun? // bi denemek lazım belki distinct ile düzelir @@ -1555,6 +1555,8 @@ class Aauth { * allow changed to allow_group * deny changed to deny_group * is member a yeni parametre eklendi + * allow_user() added + * deny_user() added * * Done staff v1 * ----------- From 20aab13344bb6b92320bd072b301c7b82e27cf6a Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Fri, 27 Jun 2014 19:33:34 +0300 Subject: [PATCH 05/23] bug fixed in delete_group() --- application/libraries/Aauth.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index ea6fe9c..b28e4b6 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -870,6 +870,11 @@ class Aauth { */ public function delete_group($group_id) { + // bug fixed + // now users are deleted from user_to_group table + $this->CI->db->where('group_id', $group_id); + $this->CI->db->delete($this->config_vars['user_to_group']); + $this->CI->db->where('id', $group_id); return $this->CI->db->delete($this->config_vars['groups']); } @@ -1535,7 +1540,7 @@ class Aauth { * captcha (hmm bi bakalım) * mail fonksiyonları imtihanı * stacoverflow - * login e ip aderesi de eklemek lazım + * tamam // login e ip aderesi de eklemek lazım * list_users da grup_par verilirse ve adamın birden fazla grubu varsa nolurkun? // bi denemek lazım belki distinct ile düzelir * eğer grup silinmişse kullanıcıları da o gruptan sil (fire) * ismember la is admine 2. parametre olarak user id ekle From b34a57a379e40eb83bac2397be01b8f8738cb731 Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Fri, 27 Jun 2014 19:44:32 +0300 Subject: [PATCH 06/23] some changes --- application/libraries/Aauth.php | 52 ++++++++++++++++++++++++--------- 1 file changed, 39 insertions(+), 13 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index b28e4b6..803f928 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -970,12 +970,12 @@ class Aauth { /** * Is admin * Check if current user is a member of the admin group - * @param int|string $group_par Group id or name to check + * @param int $user_id User id to check, if it is not given checks current user * @return bool */ - public function is_admin() { + public function is_admin( $user_id = false ) { - return $this->is_member($this->config_vars['admin_group']); + return $this->is_member($this->config_vars['admin_group'],$user_id); } /** @@ -1431,7 +1431,7 @@ class Aauth { } ######################## - # Error/Info Functions + # Error / Info Functions ######################## /** @@ -1445,6 +1445,16 @@ class Aauth { $this->CI->session->set_flashdata('errors', $this->errors); } + /** + * Keep Errors + * keeps the flash data flash data + * more info about flash data + * http://ellislab.com/codeigniter/user-guide/libraries/sessions.html + */ + public function keep_errors(){ + $this->session->keep_flashdata('errors'); + } + /** * Get Errors Array * Return array of errors @@ -1465,7 +1475,7 @@ class Aauth { * @param string $divider Separator for errors * @return string String of errors separated by delimiter */ - public function get_errors($divider = '
'){ + public function print_errors($divider = '
'){ $msg = ''; $msg_num = count($this->errors); @@ -1492,6 +1502,16 @@ class Aauth { $this->CI->session->set_flashdata('infos', $this->errors); } + /** + * Keep Infos + * keeps the flash data + * more info about flash data + * http://ellislab.com/codeigniter/user-guide/libraries/sessions.html + */ + public function keep_infos(){ + $this->session->keep_flashdata('infos'); + } + /** * Get Info Array * Return array of info @@ -1512,7 +1532,7 @@ class Aauth { * @param string $divider Separator for info * @return string String of info separated by delimiter */ - public function get_infos($divider = '
'){ + public function print_infos($divider = '
'){ $msg = ''; $msg_num = count($this->infos); @@ -1542,14 +1562,14 @@ class Aauth { * stacoverflow * tamam // login e ip aderesi de eklemek lazım * list_users da grup_par verilirse ve adamın birden fazla grubu varsa nolurkun? // bi denemek lazım belki distinct ile düzelir - * eğer grup silinmişse kullanıcıları da o gruptan sil (fire) - * ismember la is admine 2. parametre olarak user id ekle - * kepp infos errors die bişey yap ajax requestlerinde silinir errorlar + * tamam // eğer grup silinmişse kullanıcıları da o gruptan sil (fire) + * tamam // ismember la is admine 2. parametre olarak user id ekle + * tamam // kepp infos errors die bişey yap ajax requestlerinde silinir errorlar * user variables * sistem variables - * user perms + * tamam // user perms * parametre olarak array alma - * mysql index fulltext index?? + * biraz tamam // 4mysql index fulltext index?? * * * ----------- @@ -1557,11 +1577,17 @@ class Aauth { * * unban_user() added // unlock_user * remove member added // fire_member - * allow changed to allow_group - * deny changed to deny_group + * allow() changed to allow_group + * deny() changed to deny_group * is member a yeni parametre eklendi * allow_user() added * deny_user() added + * keep_infos() added + * kepp_errors() added + * get_errors() changed to print_errors() + * get_infos() changed to print_infos() + * + * * * Done staff v1 * ----------- From 982cb87c956125a0d97ea039dc0b7666602dd62d Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Sat, 28 Jun 2014 10:27:37 +0300 Subject: [PATCH 07/23] User and Aauth System Variables. set_user_var( $key, $value, $user_id = false ) get_user_var( $key, $user_id = false) set_aauth_var( $key, $value, $user_id = false ) get_aauth_var( $key, $user_id = false) functions added --- application/libraries/Aauth.php | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 803f928..f262177 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -1548,7 +1548,31 @@ class Aauth { return $msg; } -} + ######################## + # User Variables + ######################## + + public function set_user_var( $key, $value, $user_id = false ) { + + } + + public function get_user_var( $key, $user_id = false){ + + } + + ######################## + # Aauth System Variables + ######################## + + public function set_aauth_var( $key, $value ) { + + } + + public function get_aauth_var( $key ){ + + } + +} // end class /** From 386a77e71f894eb46e7dc98ce0293079b246105d Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Sat, 28 Jun 2014 11:07:29 +0300 Subject: [PATCH 08/23] PhpDocs of User and Aauth System Variables. --- application/libraries/Aauth.php | 54 ++++++++++++++++++++++++++++++++- 1 file changed, 53 insertions(+), 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index f262177..3034ab1 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -20,7 +20,7 @@ * https://github.com/emreakay/CodeIgniter-Aauth * * - * $this->CI->session->userdata('id') + * */ class Aauth { @@ -1448,6 +1448,7 @@ class Aauth { /** * Keep Errors * keeps the flash data flash data + * Benefitial by using Ajax Requests * more info about flash data * http://ellislab.com/codeigniter/user-guide/libraries/sessions.html */ @@ -1505,6 +1506,7 @@ class Aauth { /** * Keep Infos * keeps the flash data + * Benefitial by using Ajax Requests * more info about flash data * http://ellislab.com/codeigniter/user-guide/libraries/sessions.html */ @@ -1552,28 +1554,68 @@ class Aauth { # User Variables ######################## + /** + * Set User Variable as key value + * if variable not set before, it will ve set + * if set, overwrites the value + * @param string $key + * @param string $value + * @param int $user_id ; if not given current user + * @return bool + */ public function set_user_var( $key, $value, $user_id = false ) { + if ( ! $user_id ){ + $user_id = $this->CI->session->userdata('id'); + } + } + /** + * Get User Variable by key + * Return string of variable value or false + * @param string $key + * @param int $user_id ; if not given current user + * @return bool|string , false if var is not set, the value of var if set + */ public function get_user_var( $key, $user_id = false){ + if ( ! $user_id ){ + $user_id = $this->CI->session->userdata('id'); + } + } ######################## # Aauth System Variables ######################## + /** + * Set Aauth System Variable as key value + * if variable not set before, it will be set + * if set, overwrites the value + * @param string $key + * @param string $value + * @return bool + */ public function set_aauth_var( $key, $value ) { + } + /** + * Get Aauth System Variable by key + * Return string of variable value or false + * @param string $key + * @return bool|string , false if var is not set, the value of var if set + */ public function get_aauth_var( $key ){ } } // end class +// $this->CI->session->userdata('id') /** * Coming with v2 @@ -1594,6 +1636,8 @@ class Aauth { * tamam // user perms * parametre olarak array alma * biraz tamam // 4mysql index fulltext index?? + * geçici ban ve e-mail ile tkrar aktifleştime olayı + * * * * ----------- @@ -1610,6 +1654,14 @@ class Aauth { * kepp_errors() added * get_errors() changed to print_errors() * get_infos() changed to print_infos() + * User and Aauth System Variables. +set_user_var( $key, $value, $user_id = false ) +get_user_var( $key, $user_id = false) +set_aauth_var( $key, $value, $user_id = false ) +get_aauth_var( $key, $user_id = false) +functions added + * + * * * * From 7c050bc8b08018e11aa731bf6a75e61ad37e2275 Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Mon, 30 Jun 2014 17:16:53 +0300 Subject: [PATCH 09/23] unset_user_var() added perm_id to perm_par some minor changes --- application/libraries/Aauth.php | 65 ++++++++++++++++++++++++++------- 1 file changed, 52 insertions(+), 13 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 3034ab1..864666f 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -80,7 +80,9 @@ class Aauth { /** * Hash password * Hash the password for storage in the database + * (thanks to Jacob Tomlinson for contribution) * @param string $pass Password to hash + * @param $userid * @return string Hashed password */ function hash_password($pass, $userid) { @@ -1058,12 +1060,14 @@ class Aauth { /** * Update permission * Updates permission name and description - * @param int $perm_id Permission id + * @param int|string $perm_par Permission id or permission name * @param string $perm_name New permission name * @param string $definition Permission description * @return bool Update success/failure */ - public function update_perm($perm_id, $perm_name, $definition=false) { + public function update_perm($perm_par, $perm_name, $definition=false) { + + $perm_id = $this->get_perm_id($perm_par); $data['name'] = $perm_name; @@ -1077,10 +1081,12 @@ class Aauth { /** * Delete permission * Delete a permission from database. WARNING Can't be undone - * @param int $perm_id Permission id to delete + * @param int|string $perm_par Permission id or perm name to delete * @return bool Delete success/failure */ - public function delete_perm($perm_id) { + public function delete_perm($perm_par) { + + $perm_id = $this->get_perm_id($perm_par); // deletes from perm_to_gropup table $this->CI->db->where('pern_id', $perm_id); @@ -1569,8 +1575,26 @@ class Aauth { $user_id = $this->CI->session->userdata('id'); } + + } + + + /** + * Unset User Variable as key value + * @param string $key + * @param int $user_id ; if not given current user + * @return bool + */ + public function unset_user_var( $key, $user_id = false ) { + + if ( ! $user_id ){ + $user_id = $this->CI->session->userdata('id'); + } + + } + /** * Get User Variable by key * Return string of variable value or false @@ -1584,6 +1608,16 @@ class Aauth { $user_id = $this->CI->session->userdata('id'); } + $query = $this->CI->db->where('user_id', $user_id); + $query = $this->CI->db->where('key', $key); + + $query = $this->CI->db->get( $this->config_vars['user_variables'] ); + + // if variable not set + if ($query->num_rows() < 1) { + return false; + } + } ######################## @@ -1617,25 +1651,30 @@ class Aauth { // $this->CI->session->userdata('id') +/* coming with v3 +---------------- + * captcha (hmm bi bakalım) + * parametre olarak array alma + * stacoverflow + * public id sini 0 a eşitleyip öyle kontrol yapabilirdik (oni boşver uşağum) + * +*/ + /** * Coming with v2 * ------------- - * public id sini 0 a eşitleyip öyle kontrol yapabilirdik (oni boşver uşağum) - * permission id yi permission parametre yap - * performance impr. // tablo isimlerini configden çekmesin (şimdilik çeksin) - * captcha (hmm bi bakalım) + * + * tmam // permission id yi permission parametre yap * mail fonksiyonları imtihanı - * stacoverflow * tamam // login e ip aderesi de eklemek lazım * list_users da grup_par verilirse ve adamın birden fazla grubu varsa nolurkun? // bi denemek lazım belki distinct ile düzelir * tamam // eğer grup silinmişse kullanıcıları da o gruptan sil (fire) * tamam // ismember la is admine 2. parametre olarak user id ekle * tamam // kepp infos errors die bişey yap ajax requestlerinde silinir errorlar - * user variables + * tmam // user variables * sistem variables - * tamam // user perms - * parametre olarak array alma - * biraz tamam // 4mysql index fulltext index?? + * user perms + * tamam gibi // 4mysql index fulltext index?? * geçici ban ve e-mail ile tkrar aktifleştime olayı * * From 2a74c1131d9f448d230b1929e66e8ae1d10915f0 Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Mon, 30 Jun 2014 17:22:52 +0300 Subject: [PATCH 10/23] get_user_var implemented --- application/libraries/Aauth.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 864666f..ccf0f79 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -1614,8 +1614,12 @@ class Aauth { $query = $this->CI->db->get( $this->config_vars['user_variables'] ); // if variable not set - if ($query->num_rows() < 1) { - return false; + if ($query->num_rows() < 1) { return false;} + + else { + + $row = $query->row(); + return $row->value; } } From 628d6d149a027894bfc8a9b2b0862f3d37070bca Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Mon, 30 Jun 2014 19:14:13 +0300 Subject: [PATCH 11/23] set_user_var() implemented --- application/libraries/Aauth.php | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index ccf0f79..9c05bc3 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -1575,7 +1575,32 @@ class Aauth { $user_id = $this->CI->session->userdata('id'); } + // if var not set, set + if ( ! $this->get_user_var($key,$user_id) ) { + $data = array( + 'key' => $key, + 'value' => $value, + 'user_id' => $user_id + ); + + $this->db->insert( $this->config_vars['user_variables'] , $data); + + } + // if var already set, overwrite + else { + + $data = array( + 'key' => $key, + 'value' => $value, + 'user_id' => $user_id + ); + + $this->db->where( 'key', $key ); + $this->db->where( 'user_id', $user_id); + $this->db->update( $this->config_vars['user_variables'], $data); + + } } From aea9449d921a19dc671cb863cc472dd882d07b5c Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Mon, 30 Jun 2014 19:16:35 +0300 Subject: [PATCH 12/23] unset_user_var() implemented --- application/libraries/Aauth.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 9c05bc3..584b6da 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -1584,7 +1584,7 @@ class Aauth { 'user_id' => $user_id ); - $this->db->insert( $this->config_vars['user_variables'] , $data); + return $this->db->insert( $this->config_vars['user_variables'] , $data); } // if var already set, overwrite @@ -1598,8 +1598,8 @@ class Aauth { $this->db->where( 'key', $key ); $this->db->where( 'user_id', $user_id); - $this->db->update( $this->config_vars['user_variables'], $data); + return $this->db->update( $this->config_vars['user_variables'], $data); } } @@ -1616,6 +1616,10 @@ class Aauth { $user_id = $this->CI->session->userdata('id'); } + $this->db->where('key', $key); + $this->db->where('user_id', $user_id); + + return $this->db->delete( $this->config_vars['user_variables'] ); } From 221e686a22710cb7c1235db8e059b325e3826096 Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Mon, 30 Jun 2014 23:49:02 +0300 Subject: [PATCH 13/23] user and aauth system variables implemented --- application/config/aauth.php | 2 +- application/libraries/Aauth.php | 47 +++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+), 1 deletion(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index 9e8f282..5282bbf 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -38,7 +38,7 @@ $config['aauth'] = array( // pm table 'pms' => 'aauth_pms', // system variables - 'system_variables' => 'aauth_system_variables', + 'aauth_variables' => 'aauth_system_variables', // user variables 'user_variables' => 'aauth_user_variables', diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 584b6da..6316e2f 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -1667,6 +1667,41 @@ class Aauth { */ public function set_aauth_var( $key, $value ) { + // if var not set, set + if ( ! $this->get_aauth_var($key) ) { + + $data = array( + 'key' => $key, + 'value' => $value, + ); + + return $this->db->insert( $this->config_vars['aauth_variables'] , $data); + + } + // if var already set, overwrite + else { + + $data = array( + 'key' => $key, + 'value' => $value, + ); + + $this->db->where( 'key', $key ); + return $this->db->update( $this->config_vars['aauth_variables'], $data); + } + + } + + /** + * Unset Aauth System Variable as key value + * @param string $key + * @return bool + */ + public function unset_aauth_var( $key ) { + + $this->db->where('key', $key); + + return $this->db->delete( $this->config_vars['aauth_variables'] ); } @@ -1678,6 +1713,18 @@ class Aauth { */ public function get_aauth_var( $key ){ + $query = $this->CI->db->where('key', $key); + + $query = $this->CI->db->get( $this->config_vars['aauth_variables'] ); + + // if variable not set + if ($query->num_rows() < 1) { return false;} + + else { + + $row = $query->row(); + return $row->value; + } } } // end class From 3f917d83b17f10469908beda0f85e3c8a532e37b Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Wed, 2 Jul 2014 00:23:02 +0300 Subject: [PATCH 14/23] Ddos protection feature has removed --- application/config/aauth.php | 3 -- application/libraries/Aauth.php | 75 ++++++++++++++++++++------------- 2 files changed, 46 insertions(+), 32 deletions(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index 5282bbf..7f7f904 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -51,9 +51,6 @@ $config['aauth'] = array( // non alphanumeric characters that are allowed in a name 'valid_chars' => array(' ', '\''), - // it limits login attempts - 'dos_protection' => true, - // login attempts time interval // default 10 times in one minute 'try' => 10, diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 6316e2f..4eb7d56 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -115,26 +115,15 @@ class Aauth { $this->CI->input->set_cookie($cookie); - if( !valid_email($email) or !ctype_alnum($pass) or strlen($pass) < 5 or strlen($pass) > $this->config_vars['max'] ) { + // verification + if( !valid_email($email) or !ctype_alnum($pass) or strlen($pass) < 5 or + strlen($pass) > $this->config_vars['max'] ) + { $this->error($this->config_vars['wrong']); - return false;} - - $query = $this->CI->db->where('email', $email); - $query = $this->CI->db->get($this->config_vars['users']); - - $user_id = $query->row()->id; - - if ($query->num_rows() > 0) { - $row = $query->row(); - - // DDos protection - if ( $this->config_vars['dos_protection'] and $row->last_login_attempt != '' and (strtotime("now") + 30 * $this->config_vars['try'] ) < strtotime($row->last_login_attempt) ) { - $this->error($this->config_vars['exceeded']); - return false; - } + return false; } - // banned or nor verified + // if user is not verified $query = null; $query = $this->CI->db->where('email', $email); $query = $this->CI->db->where('banned', 1); @@ -146,6 +135,12 @@ class Aauth { return false; } + // to find user id + $query = $this->CI->db->where('email', $email); + $query = $this->CI->db->get($this->config_vars['users']); + + $user_id = $query->row()->id; + $query = null; $query = $this->CI->db->where('email', $email); @@ -156,7 +151,7 @@ class Aauth { $row = $query->row(); - if ($query->num_rows() > 0) { + if ( $query->num_rows() > 0 ) { // If email and pass matches // create session @@ -170,7 +165,7 @@ class Aauth { $this->CI->session->set_userdata($data); // if remember selected - if ($remember){ + if ( $remember ){ $expire = $this->config_vars['remember']; $today = date("Y-m-d"); $remember_date = date("Y-m-d", strtotime($today . $expire) ); @@ -385,15 +380,15 @@ class Aauth { $valid = true; - if (!$this->check_email($email)) { + if ( ! $this->check_email($email)) { $this->error($this->config_vars['email_taken']); $valid = false; } - if (!valid_email($email)){ + if ( ! valid_email($email)){ $this->error($this->config_vars['email_invalid']); $valid = false; } - if (strlen($pass) < 5 or strlen($pass) > $this->config_vars['max'] ){ + if ( strlen($pass) < 5 or strlen($pass) > $this->config_vars['max'] ){ $this->error($this->config_vars['pass_invalid']); $valid = false; } @@ -513,7 +508,8 @@ class Aauth { $query = $this->CI->db->where('verification_code', $ver_code); $query = $this->CI->db->get( $this->config_vars['users'] ); - if( $query->num_rows() >0 ){ + // if ver code is true + if( $query->num_rows() > 0 ){ $data = array( 'verification_code' => '', @@ -549,7 +545,8 @@ class Aauth { public function ban_user($user_id) { $data = array( - 'banned' => 1 + 'banned' => 1, + 'verification_code' => '' ); $this->CI->db->where('id', $user_id); @@ -1104,7 +1101,7 @@ class Aauth { /** * Is user allowed * Check if user allowed to do specified action, admin always allowed - * fist checks user permissions then check group permissions + * first checks user permissions then check group permissions * @param int $perm_par Permission id or name to check * @param int|bool $user_id User id to check, or if false checks current user * @return bool @@ -1702,7 +1699,6 @@ class Aauth { $this->db->where('key', $key); return $this->db->delete( $this->config_vars['aauth_variables'] ); - } /** @@ -1752,11 +1748,11 @@ class Aauth { * tamam // ismember la is admine 2. parametre olarak user id ekle * tamam // kepp infos errors die bişey yap ajax requestlerinde silinir errorlar * tmam // user variables - * sistem variables - * user perms + * tamam // sistem variables + * tmam // user perms * tamam gibi // 4mysql index fulltext index?? * geçici ban ve e-mail ile tkrar aktifleştime olayı - * + * ddos protect olayını daha mantıklı hale getür * * * ----------- @@ -1804,4 +1800,25 @@ functions added * tamam ama engelleme ve limit olayı koymadım. // pm için okundu ve göster, sil, engelle? die fonksiyonlar eklencek , gönderilen pmler, alınan pmler, arasındaki pmler, * tamm// already existedleri info yap onlar error değil hacım * + + + + +/* +// if user's email is found +if ($query->num_rows() > 0) { +$row = $query->row(); + +// DDos protection +if ( $this->config_vars['dos_protection'] and $row->last_login_attempt != '' and +(strtotime("now") + 30 * $this->config_vars['try'] ) < strtotime($row->last_login_attempt) ) { +$this->error($this->config_vars['exceeded']); +return false; +} +} */ + + + + + From 72c5596865bdd0eb91b06f6fb70ca35ef28da147 Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Wed, 2 Jul 2014 00:25:15 +0300 Subject: [PATCH 15/23] logout() is debugged --- application/libraries/Aauth.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 4eb7d56..6377479 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -286,11 +286,20 @@ class Aauth { /** * Logout user - * Destroys the CodeIgniter session to log out user. + * Destroys the CodeIgniter session and remove cookies to log out user. * @return bool If session destroy successful */ public function logout() { + $cookie = array( + 'name' => 'user', + 'value' => '', + 'expire' => time()-3600, + 'path' => '/', + ); + + $this->CI->input->set_cookie($cookie); + return $this->CI->session->sess_destroy(); } From ecbadd961d1f4ea9906ed4919d72fe4d89a14621 Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Wed, 2 Jul 2014 12:42:37 +0300 Subject: [PATCH 16/23] ddos protection changed --- application/config/aauth.php | 8 ++- application/libraries/Aauth.php | 96 ++++++++++++++++++++++----------- 2 files changed, 72 insertions(+), 32 deletions(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index 7f7f904..4355c5c 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -51,9 +51,13 @@ $config['aauth'] = array( // non alphanumeric characters that are allowed in a name 'valid_chars' => array(' ', '\''), + // ddos protection, + //if it is true, the user will be banned temporary when he exceed the login 'try' + 'ddos_protection' => true, + // login attempts time interval - // default 10 times in one minute - 'try' => 10, + // default 20 times in one hour + 'max_login_attempt' => 20, // to register email verifitaion need? true / false 'verification' => false, diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 6377479..ae3e00a 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -123,6 +123,19 @@ class Aauth { return false; } + $query = null; + $query = $this->CI->db->where('email', $email); + $query = $this->CI->db->get($this->config_vars['users']); + $row = $query->row(); + + // only email found and login attempts exceeded + if ($query->num_rows() > 0 and ! $this->update_login_attempts($row->email)) { + + $this->error($this->config_vars['wrong']); + return false; + + } + // if user is not verified $query = null; $query = $this->CI->db->where('email', $email); @@ -135,7 +148,7 @@ class Aauth { return false; } - // to find user id + // to find user id, create sessions and cookies $query = $this->CI->db->where('email', $email); $query = $this->CI->db->get($this->config_vars['users']); @@ -147,10 +160,12 @@ class Aauth { // Database stores pasword hashed password $query = $this->CI->db->where('pass', $this->hash_password($pass, $user_id)); $query = $this->CI->db->where('banned', 0); + $query = $this->CI->db->get($this->config_vars['users']); $row = $query->row(); + // if email and pass matches and not banned if ( $query->num_rows() > 0 ) { // If email and pass matches @@ -187,32 +202,9 @@ class Aauth { $this->update_activity(); return TRUE; - - } else { - - $query = $this->CI->db->where('email', $email); - $query = $this->CI->db->get($this->config_vars['users']); - $row = $query->row(); - - if ($query->num_rows() > 0) { - - if ( $row->last_login_attempt == null or (strtotime("now") - 600) > strtotime($row->last_login_attempt) ) - { - $data = array( - 'last_login_attempt' => date("Y-m-d H:i:s") - ); - - } else if (!($row->last_login_attempt != '' and (strtotime("now") + 30 * $this->config_vars['try'] ) < strtotime($row->last_login_attempt))) { - - $newtimestamp = strtotime("$row->last_login_attempt + 30 seconds"); - $data = array( - 'last_login_attempt' => date( 'Y-m-d H:i:s', $newtimestamp ) - ); - } - - $query = $this->CI->db->where('email', $email); - $this->CI->db->update($this->config_vars['users'], $data); - } + } + // if not matches + else { $this->error($this->config_vars['wrong']); return FALSE; @@ -272,12 +264,11 @@ class Aauth { */ public function control( $perm_par ){ - // if perm_par is given $perm_id = $this->get_perm_id($perm_par); $this->update_activity(); - // if user or user's group allowed - if ( !$this->is_allowed($perm_id) or !$this->is_group_allowed($perm_id)){ + // if user or user's group not allowed + if ( ! $this->is_allowed($perm_id) or ! $this->is_group_allowed($perm_id) ){ echo $this->config_vars['no_access']; die(); } @@ -749,6 +740,48 @@ class Aauth { return $this->CI->db->update($this->config_vars['users'], $data); } + + /** + * Update login attempt and if exceeds return false + * Update user's last login attemp date and number date + * @param string $email User email + * @return bool + */ + public function update_login_attempts($email) { + + $user_id = $this->get_user_id($email); + + $query = $this->CI->db->where('id', $user_id); + $query = $this->CI->db->get( $this->config_vars['users'] ); + $row = $query->row(); + + $data = []; + + if ( $row->last_login_attempt == date("Y-m-d H:0:0")) { + + $data['login_attempts'] = $row->login_attempts + 1; + + $query = $this->CI->db->where('id', $user_id); + $this->CI->db->update($this->config_vars['users'], $data); + + } else { + + $data['last_login_attempt'] = date("Y-m-d H:0:0"); + $data['login_attempts'] = 1; + + $this->CI->db->where('id', $user_id); + $this->CI->db->update($this->config_vars['users'], $data); + + } + + if ( $data['login_attempts'] > $this->config_vars['max_login_attempt'] ) { + return false; + } else { + return true; + } + + } + /** * Update remember * Update amount of time a user is remembered for @@ -1763,6 +1796,9 @@ class Aauth { * geçici ban ve e-mail ile tkrar aktifleştime olayı * ddos protect olayını daha mantıklı hale getür * + * lock_user (until parametrsi) + * unlock_user + * * * ----------- * ok From 4e0db4a59192d069cd2eff87da219553a99cb8c3 Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Wed, 2 Jul 2014 12:43:34 +0300 Subject: [PATCH 17/23] ddos protection --- application/libraries/Aauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index ae3e00a..37678d3 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -129,7 +129,7 @@ class Aauth { $row = $query->row(); // only email found and login attempts exceeded - if ($query->num_rows() > 0 and ! $this->update_login_attempts($row->email)) { + if ($query->num_rows() > 0 and $this->config_vars['ddos_protection'] and ! $this->update_login_attempts($row->email)) { $this->error($this->config_vars['wrong']); return false; From 0cdf506727327906fa4d006d2a0a0a6bdf04c131 Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Wed, 2 Jul 2014 12:48:03 +0300 Subject: [PATCH 18/23] ddos protection --- application/libraries/Aauth.php | 1 - 1 file changed, 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 37678d3..8c90d2b 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -133,7 +133,6 @@ class Aauth { $this->error($this->config_vars['wrong']); return false; - } // if user is not verified From 6aba5838381618f6d77e4bdf5411f0d442e44bcc Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Wed, 2 Jul 2014 12:52:49 +0300 Subject: [PATCH 19/23] ddos protection --- application/libraries/Aauth.php | 1 + 1 file changed, 1 insertion(+) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 8c90d2b..b402c76 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -123,6 +123,7 @@ class Aauth { return false; } + $query = null; $query = $this->CI->db->where('email', $email); $query = $this->CI->db->get($this->config_vars['users']); From ab95c6689b23489899c7037fec3a1662bf761bc5 Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Wed, 2 Jul 2014 13:52:48 +0300 Subject: [PATCH 20/23] print_error and print_infos changed --- application/controllers/example.php | 10 ++++++++-- application/libraries/Aauth.php | 24 ++++++++++++++---------- 2 files changed, 22 insertions(+), 12 deletions(-) diff --git a/application/controllers/example.php b/application/controllers/example.php index 936e978..d9e129a 100644 --- a/application/controllers/example.php +++ b/application/controllers/example.php @@ -21,7 +21,8 @@ class Example extends CI_Controller { if ($this->aauth->login('admin@admin.com', 'password', true)) echo 'tmm'; - + else + echo 'hyr'; //echo date("Y-m-d H:i:s"); } @@ -161,9 +162,14 @@ class Example extends CI_Controller { } function create_user() { - $a = $this->aauth->create_user("ess@as.com", "asd", "asdasd"); + + echo "as"; + + $a = $this->aauth->create_user("aaasada@aaasda.com", "asd", "asdasd11"); print_r($this->aauth->get_user($a)); + + $this->aauth->print_errors(); } public function is_banned() { diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index b402c76..61cc7d9 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -397,7 +397,9 @@ class Aauth { $valid = false; } - if (!$valid) { return false; } + if (!$valid) { + echo "2"; + return false; } $data = array( 'email' => $email, @@ -405,6 +407,8 @@ class Aauth { 'name' => $name, ); + echo "3"; + if ( $this->CI->db->insert($this->config_vars['users'], $data )){ $user_id = $this->CI->db->insert_id(); @@ -755,7 +759,8 @@ class Aauth { $query = $this->CI->db->get( $this->config_vars['users'] ); $row = $query->row(); - $data = []; + + $data = array(); if ( $row->last_login_attempt == date("Y-m-d H:0:0")) { @@ -1516,10 +1521,9 @@ class Aauth { } /** - * Get Errors - * Return string of errors separated by delimiter + * Print Errors + * Prints string of errors separated by delimiter * @param string $divider Separator for errors - * @return string String of errors separated by delimiter */ public function print_errors($divider = '
'){ @@ -1534,7 +1538,7 @@ class Aauth { $i++; } - return $msg; + echo $msg; } /** @@ -1574,10 +1578,10 @@ class Aauth { } /** - * Get Info - * Return string of info separated by delimiter + * Print Info + * Print string of info separated by delimiter * @param string $divider Separator for info - * @return string String of info separated by delimiter + * */ public function print_infos($divider = '
'){ @@ -1592,7 +1596,7 @@ class Aauth { $i++; } - return $msg; + echo $msg; } ######################## From c78c66a5f11017943e0e6615f77ef4fc73376b77 Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Thu, 3 Jul 2014 17:15:43 +0300 Subject: [PATCH 21/23] minor changes some bugs fixed --- application/config/aauth.php | 5 +- application/controllers/example.php | 195 +++++- application/libraries/Aauth.php | 940 +++++++++++++++------------- 3 files changed, 688 insertions(+), 452 deletions(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index 4355c5c..34c4c1b 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -38,7 +38,7 @@ $config['aauth'] = array( // pm table 'pms' => 'aauth_pms', // system variables - 'aauth_variables' => 'aauth_system_variables', + 'system_variables' => 'aauth_system_variables', // user variables 'user_variables' => 'aauth_user_variables', @@ -57,7 +57,7 @@ $config['aauth'] = array( // login attempts time interval // default 20 times in one hour - 'max_login_attempt' => 20, + 'max_login_attempt' => 10, // to register email verifitaion need? true / false 'verification' => false, @@ -91,6 +91,7 @@ $config['aauth'] = array( 'no_user' => 'User not Exist', 'not_verified' => 'Please verify your account.', 'group_exist' => 'Group already exists', + 'no_group' => 'Group doesn\'t exists', 'self_pm' => 'It is not reasonable to send pm to yourself :)', 'no_pm' => 'Pm not found', diff --git a/application/controllers/example.php b/application/controllers/example.php index d9e129a..774c42e 100644 --- a/application/controllers/example.php +++ b/application/controllers/example.php @@ -19,11 +19,13 @@ class Example extends CI_Controller { public function index() { - if ($this->aauth->login('admin@admin.com', 'password', true)) + if ($this->aauth->login('aa@a.com', '12345')) echo 'tmm'; else echo 'hyr'; //echo date("Y-m-d H:i:s"); + + $this->aauth->print_errors(); } function debug(){ @@ -95,11 +97,16 @@ class Example extends CI_Controller { //$this->aauth->_reset_login_attempts(1); } + public function login_fast(){ + $this->aauth->login_fast(1); + } public function is_loggedin() { if ($this->aauth->is_loggedin()) echo 'girdin'; + + print_r( $this->aauth->get_user() ); } public function logout() { @@ -109,7 +116,7 @@ class Example extends CI_Controller { public function is_member() { - if ($this->aauth->is_member('Admin')) + if ($this->aauth->is_member('deneme',9)) echo 'uye'; } @@ -128,14 +135,19 @@ class Example extends CI_Controller { } } - public function group() { + public function get_group_name() { + + echo $this->aauth->get_group_name(1); + } + + public function get_group_id() { echo $this->aauth->get_group_id("Admin"); } public function list_users() { echo '
';
-        print_r($this->aauth->list_users("Mod"));
+        print_r($this->aauth->list_users());
         echo '
'; } @@ -147,25 +159,27 @@ class Example extends CI_Controller { public function check_email() { - if ($this->aauth->check_email("emre@emreakay.com")) + if ($this->aauth->check_email("aa@a.com")) echo 'uygun '; else echo 'alindi '; - echo $this->aauth->get_errors(); - - echo ' sadsad'; + $this->aauth->print_errors(); } public function get_user() { - print_r($this->aauth->get_user(1)); + print_r($this->aauth->get_user()); } function create_user() { - echo "as"; + $a = $this->aauth->create_user("aaa@a.com", "12345", "aa"); + + if ($a) + echo "tmm "; + else + echo "hyr "; - $a = $this->aauth->create_user("aaasada@aaasda.com", "asd", "asdasd11"); print_r($this->aauth->get_user($a)); @@ -183,39 +197,180 @@ class Example extends CI_Controller { print_r($a); } + function delete_user() { + + $a = $this->aauth->delete_user(7); + + print_r($a); + } + + function unban_user() { + + $a = $this->aauth->unban_user(6); + + print_r($a); + } + function update_user() { - $a = $this->aauth->update_user(3, "xxx@ssdas.com", "asd", "asdasd"); + $a = $this->aauth->update_user(6, "a@a.com", "12345", "tested"); + + print_r($a); + } + + function update_activity() { + $a = $this->aauth->update_activity(); + + print_r($a); + } + + function update_login_attempt() { + $a = $this->aauth->update_login_attempts("a@a.com"); print_r($a); } function create_group() { - $a = $this->aauth->create_group("denemeee"); + $a = $this->aauth->create_group("deneme"); } function delete_group() { - $a = $this->aauth->delete_group(3); + $a = $this->aauth->delete_group("deneme"); } function update_group() { - $a = $this->aauth->update_group(4, "zxxx"); + $a = $this->aauth->update_group("deneme", "zxxx"); } function add_member() { - $a = $this->aauth->add_member(1, 4); + $a = $this->aauth->add_member(8, "deneme"); } function fire_member() { - $a = $this->aauth->fire_member(1, 4); + $a = $this->aauth->fire_member(8, "deneme"); + } + + + function create_perm() { + + $a = $this->aauth->create_perm("deneme","def"); + } + + + function update_perm() { + + $a = $this->aauth->update_perm("deneme","deneme","xxx"); + } + + function delete_perm() { + + $a = $this->aauth->update_perm("deneme","deneme","xxx"); + } + + function allow_user() { + + $a = $this->aauth->allow_user(9,"deneme"); + } + + + function deny_user() { + + $a = $this->aauth->deny_user(9,"deneme"); + } + + function allow_group() { + + $a = $this->aauth->allow_group("deneme","deneme"); + } + + function deny_group() { + + $a = $this->aauth->deny_group("deneme","deneme"); + } + + function list_perms() { + + $a = $this->aauth->list_perms(); + print_r($a); + } + + function get_perm_id() { + + $a = $this->aauth->get_perm_id("deneme"); + print_r($a); + } + + + function send_pm() { + + $a = $this->aauth->send_pm(1,8,'s',"w"); + $this->aauth->print_errors(); + } + + function list_pms(){ + + print_r( $this->aauth->list_pms() ); + } + + function get_pm(){ + + print_r( $this->aauth->get_pm(39,false)); + } + + function delete_pm(){ + + $this->aauth->delete_pm(41); + } + + + function count_unread_pms(){ + + echo $this->aauth->count_unread_pms(8); + } + + function error(){ + + $this->aauth->error("asd"); + $this->aauth->error("xasd"); + $this->aauth->keep_errors(); + $this->aauth->print_errors(); + + } + + function keep_errors(){ + + $this->aauth->print_errors(); + //$this->aauth->keep_errors(); + } + + function set_user_var(){ + $this->aauth->set_user_var("emre","akasy"); + } + + function unset_user_var(){ + $this->aauth->unset_user_var("emre"); + } + + function get_user_var(){ + echo $this->aauth->get_user_var("emre"); + } + + function set_system_var(){ + $this->aauth->set_system_var("emre","akay"); + } + + function unset_system_var(){ + $this->aauth->unset_system_var("emre"); + } + + function get_system_var(){ + echo $this->aauth->get_system_var("emre"); } - - -} +}//end /* End of file welcome.php */ diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 61cc7d9..4665189 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -57,9 +57,6 @@ class Aauth { */ public function __construct() { - // Delete all errors at first - $this->errors = array(); - // get main CI object $this->CI = & get_instance(); @@ -77,24 +74,12 @@ class Aauth { $this->config_vars = & $this->CI->config->item('aauth'); } - /** - * Hash password - * Hash the password for storage in the database - * (thanks to Jacob Tomlinson for contribution) - * @param string $pass Password to hash - * @param $userid - * @return string Hashed password - */ - function hash_password($pass, $userid) { - - $salt = md5($userid); - return hash('sha256', $salt.$pass); - } ######################## - # User Functions + # Login Functions ######################## + //tested /** * Login user * Check provided details against the database. Add items to error array on fail, create session if success @@ -132,7 +117,7 @@ class Aauth { // only email found and login attempts exceeded if ($query->num_rows() > 0 and $this->config_vars['ddos_protection'] and ! $this->update_login_attempts($row->email)) { - $this->error($this->config_vars['wrong']); + $this->error($this->config_vars['exceeded']); return false; } @@ -211,6 +196,7 @@ class Aauth { } } + //tested /** * Check user login * Checks if user logged in, also checks remember. @@ -275,6 +261,7 @@ class Aauth { } + //tested /** * Logout user * Destroys the CodeIgniter session and remove cookies to log out user. @@ -294,52 +281,7 @@ class Aauth { return $this->CI->session->sess_destroy(); } - /** - * List users - * Return users as an object array - * @param bool|int $group_par Specify group id to list group or false for all users - * @param string $limit Limit of users to be returned - * @param bool $offset Offset for limited number of users - * @param bool $include_banneds Include banned users - * @return array Array of users - */ - public function list_users($group_par = FALSE, $limit = FALSE, $offset = FALSE, $include_banneds = FALSE) { - - // if group_par is given - if ($group_par != FALSE) { - - $group_par = $this->get_group_id($group_par); - $this->CI->db->select('*') - ->from($this->config_vars['users']) - ->join($this->config_vars['user_to_group'], $this->config_vars['users'] . ".id = " . $this->config_vars['user_to_group'] . ".user_id") - ->where($this->config_vars['user_to_group'] . ".group_id", $group_par); - - // if group_par is not given, lists all users - } else { - - $this->CI->db->select('*') - ->from($this->config_vars['users']); - } - - // banneds - if (!$include_banneds) { - $this->CI->db->where('banned != ', 1); - } - - // limit - if ($limit) { - - if ($offset == FALSE) - $this->CI->db->limit($limit); - else - $this->CI->db->limit($limit, $offset); - } - - $query = $this->CI->db->get(); - - return $query->result(); - } - + //tested /** * Fast login * Login with just a user id @@ -368,6 +310,174 @@ class Aauth { } } + /** + * Reset last login attempts + * Sets a users 'last login attempts' to null + * @param int $user_id User id to reset + * @return bool Reset fails/succeeds + */ + public function reset_login_attempts($user_id) { + + $data['last_login_attempts'] = null; + $this->CI->db->where('id', $user_id); + return $this->CI->db->update($this->config_vars['users'], $data); + } + + /** + * Remind password + * Emails user with link to reset password + * @param string $email Email for account to remind + */ + public function remind_password($email){ + + $query = $this->CI->db->where( 'email', $email ); + $query = $this->CI->db->get( $this->config_vars['users'] ); + + if ($query->num_rows() > 0){ + $row = $query->row(); + + $ver_code = random_string('alnum', 16); + + $data['verification_code'] = $ver_code; + + $this->CI->db->where('email', $email); + $this->CI->db->update($this->config_vars['users'], $data); + + $this->CI->email->from( $this->config_vars['email'], $this->config_vars['name']); + $this->CI->email->to($row->email); + $this->CI->email->subject($this->config_vars['reset']); + $this->CI->email->message($this->config_vars['remind'] . ' ' . + $this->config_vars['remind'] . $row->id . '/' . $ver_code ); + $this->CI->email->send(); + } + } + + /** + * Reset password + * Generate new password and email it to the user + * @param int $user_id User id to reset password for + * @param string $ver_code Verification code for account + * @return bool Password reset fails/succeeds + */ + public function reset_password($user_id, $ver_code){ + + $query = $this->CI->db->where('id', $user_id); + $query = $this->CI->db->where('verification_code', $ver_code); + $query = $this->CI->db->get( $this->config_vars['users'] ); + + $pass = random_string('alphanum',8); + + if( $query->num_rows() > 0 ){ + + $data = array( + 'verification_code' => '', + 'pass' => $this->hash_password($pass, $user_id) + ); + + $row = $query->row(); + $email = $row->email; + + $this->CI->db->where('id', $user_id); + $this->CI->db->update($this->config_vars['users'] , $data); + + $this->CI->email->from( $this->config_vars['email'], $this->config_vars['name']); + $this->CI->email->to($email); + $this->CI->email->subject($this->config_vars['reset']); + $this->CI->email->message($this->config_vars['new_password'] . $pass); + $this->CI->email->send(); + + return true; + } + + return false; + } + + //tested + /** + * Update last login + * Update user's last login date + * @param int|bool $user_id User id to update or false for current user + * @return bool Update fails/succeeds + */ + public function update_last_login($user_id = FALSE) { + + if ($user_id == FALSE) + $user_id = $this->CI->session->userdata('id'); + + $data['last_login'] = date("Y-m-d H:i:s"); + $data['ip_address'] = $this->CI->input->ip_address(); + + $this->CI->db->where('id', $user_id); + return $this->CI->db->update($this->config_vars['users'], $data); + } + + + //tested + /** + * Update login attempt and if exceeds return false + * Update user's last login attemp date and number date + * @param string $email User email + * @return bool + */ + public function update_login_attempts($email) { + + $user_id = $this->get_user_id($email); + + $query = $this->CI->db->where('id', $user_id); + $query = $this->CI->db->get( $this->config_vars['users'] ); + $row = $query->row(); + + + $data = array(); + + if ( strtotime($row->last_login_attempt) == strtotime(date("Y-m-d H:0:0"))) { + + $data['login_attempts'] = $row->login_attempts + 1; + + $query = $this->CI->db->where('id', $user_id); + $this->CI->db->update($this->config_vars['users'], $data); + + } else { + + $data['last_login_attempt'] = date("Y-m-d H:0:0"); + $data['login_attempts'] = 1; + + $this->CI->db->where('id', $user_id); + $this->CI->db->update($this->config_vars['users'], $data); + + } + + if ( $data['login_attempts'] > $this->config_vars['max_login_attempt'] ) { + return false; + } else { + return true; + } + + } + + /** + * Update remember + * Update amount of time a user is remembered for + * @param int $user_id User id to update + * @param int $expression + * @param int $expire + * @return bool Update fails/succeeds + */ + public function update_remember($user_id, $expression=null, $expire=null) { + + $data['remember_time'] = $expire; + $data['remember_exp'] = $expression; + + $query = $this->CI->db->where('id',$user_id); + return $this->CI->db->update($this->config_vars['users'], $data); + } + + + ######################## + # User Functions + ######################## + + //tested /** * Create user * Creates a new user @@ -380,10 +490,12 @@ class Aauth { $valid = true; + // if email is already exist if ( ! $this->check_email($email)) { $this->error($this->config_vars['email_taken']); $valid = false; } + if ( ! valid_email($email)){ $this->error($this->config_vars['email_invalid']); $valid = false; @@ -398,7 +510,6 @@ class Aauth { } if (!$valid) { - echo "2"; return false; } $data = array( @@ -407,8 +518,6 @@ class Aauth { 'name' => $name, ); - echo "3"; - if ( $this->CI->db->insert($this->config_vars['users'], $data )){ $user_id = $this->CI->db->insert_id(); @@ -441,6 +550,7 @@ class Aauth { } } + //tested /** * Update user * Updates existing user details @@ -470,370 +580,223 @@ class Aauth { return $this->CI->db->update($this->config_vars['users'], $data); } + //tested /** - * Send verification email - * Sends a verification email based on user id - * @param int $user_id User id to send verification email to + * List users + * Return users as an object array + * @param bool|int $group_par Specify group id to list group or false for all users + * @param string $limit Limit of users to be returned + * @param bool $offset Offset for limited number of users + * @param bool $include_banneds Include banned users + * @return array Array of users */ - public function send_verification($user_id){ - - $query = $this->CI->db->where( 'id', $user_id ); - $query = $this->CI->db->get( $this->config_vars['users'] ); - - if ($query->num_rows() > 0){ - $row = $query->row(); + public function list_users($group_par = FALSE, $limit = FALSE, $offset = FALSE, $include_banneds = FALSE) { - $ver_code = random_string('alnum', 16); + // if group_par is given + if ($group_par != FALSE) { - $data['verification_code'] = $ver_code; + $group_par = $this->get_group_id($group_par); + $this->CI->db->select('*') + ->from($this->config_vars['users']) + ->join($this->config_vars['user_to_group'], $this->config_vars['users'] . ".id = " . $this->config_vars['user_to_group'] . ".user_id") + ->where($this->config_vars['user_to_group'] . ".group_id", $group_par); - $this->CI->db->where('id', $user_id); - $this->CI->db->update($this->config_vars['users'], $data); + // if group_par is not given, lists all users + } else { - $this->CI->email->from( $this->config_vars['email'], $this->config_vars['name']); - $this->CI->email->to($row->email); - $this->CI->email->subject($this->config_vars['email']); - $this->CI->email->message($this->config_vars['code'] . $ver_code . - $this->config_vars['link'] . $user_id . '/' . $ver_code ); - $this->CI->email->send(); + $this->CI->db->select('*') + ->from($this->config_vars['users']); } - } - - /** - * Verify user - * Activates user account based on verification code - * @param int $user_id User id to activate - * @param string $ver_code Code to validate against - * @return bool Activation fails/succeeds - */ - public function verify_user($user_id, $ver_code){ - - $query = $this->CI->db->where('id', $user_id); - $query = $this->CI->db->where('verification_code', $ver_code); - $query = $this->CI->db->get( $this->config_vars['users'] ); - - // if ver code is true - if( $query->num_rows() > 0 ){ - $data = array( - 'verification_code' => '', - 'banned' => 0 - ); - - $this->CI->db->where('id', $user_id); - $this->CI->db->update($this->config_vars['users'] , $data); - return true; + // banneds + if (!$include_banneds) { + $this->CI->db->where('banned != ', 1); } - return false; - } - /** - * Reset last login attempts - * Sets a users 'last login attempts' to null - * @param int $user_id User id to reset - * @return bool Reset fails/succeeds - */ - public function reset_login_attempts($user_id) { - - $data['last_login_attempts'] = null; - $this->CI->db->where('id', $user_id); - return $this->CI->db->update($this->config_vars['users'], $data); - } - - /** - * Ban user - * Bans a user account - * @param int $user_id User id to ban - * @return bool Ban fails/succeeds - */ - public function ban_user($user_id) { - - $data = array( - 'banned' => 1, - 'verification_code' => '' - ); - - $this->CI->db->where('id', $user_id); - - return $this->CI->db->update($this->config_vars['users'], $data); - } - - /** - * Unban user - * Activates user account - * Same with unban_user() - * @param int $user_id User id to activate - * @return bool Activation fails/succeeds - */ - public function unlock_user($user_id) { + // limit + if ($limit) { - $data = array( - 'banned' => 0 - ); + if ($offset == FALSE) + $this->CI->db->limit($limit); + else + $this->CI->db->limit($limit, $offset); + } - $this->CI->db->where('id', $user_id); + $query = $this->CI->db->get(); - return $this->CI->db->update($this->config_vars['users'], $data); + return $query->result(); } + //tested /** - * Unban user - * Activates user account - * Same with unlock_user() - * @param int $user_id User id to activate - * @return bool Activation fails/succeeds + * Get user + * Get user information + * @param int|bool $user_id User id to get or false for current user + * @return object User information */ - public function unban_user($user_id) { - - return $this->unlock_user($user_id); - } - + public function get_user($user_id = FALSE) { - /** - * Check user banned - * Checks if a user is banned - * @param int $user_id User id to check - * @return bool Flase if banned, True if not - */ - public function is_banned($user_id) { + if ($user_id == FALSE) + $user_id = $this->CI->session->userdata('id'); $query = $this->CI->db->where('id', $user_id); - $query = $this->CI->db->where('banned', 1); - - $query = $this->CI->db->get($this->config_vars['users']); - - if ($query->num_rows() > 0) - return TRUE; - else - return FALSE; - } - - /** - * Delete user - * Delete a user from database. WARNING Can't be undone - * @param int $user_id User id to delete - */ - public function delete_user($user_id) { - - $this->CI->db->where('id', $user_id); - $this->CI->db->delete($this->config_vars['users']); - } - - /** - * Check email - * Checks if an email address is available - * @param string $email Email to check - * @return bool True if available, False if not - */ - public function check_email($email) { - - $this->CI->db->where("email", $email); $query = $this->CI->db->get($this->config_vars['users']); - if ($query->num_rows() > 0) { - $this->info($this->config_vars['email_taken']); + if ($query->num_rows() <= 0){ + $this->error($this->config_vars['no_user']); return FALSE; } - else - return TRUE; - } - - /** - * Remind password - * Emails user with link to reset password - * @param string $email Email for account to remind - */ - public function remind_password($email){ - - $query = $this->CI->db->where( 'email', $email ); - $query = $this->CI->db->get( $this->config_vars['users'] ); - - if ($query->num_rows() > 0){ - $row = $query->row(); - - $ver_code = random_string('alnum', 16); - - $data['verification_code'] = $ver_code; - - $this->CI->db->where('email', $email); - $this->CI->db->update($this->config_vars['users'], $data); - - $this->CI->email->from( $this->config_vars['email'], $this->config_vars['name']); - $this->CI->email->to($row->email); - $this->CI->email->subject($this->config_vars['reset']); - $this->CI->email->message($this->config_vars['remind'] . ' ' . - $this->config_vars['remind'] . $row->id . '/' . $ver_code ); - $this->CI->email->send(); - } + return $query->row(); } /** - * Reset password - * Generate new password and email it to the user - * @param int $user_id User id to reset password for - * @param string $ver_code Verification code for account - * @return bool Password reset fails/succeeds + * Verify user + * Activates user account based on verification code + * @param int $user_id User id to activate + * @param string $ver_code Code to validate against + * @return bool Activation fails/succeeds */ - public function reset_password($user_id, $ver_code){ + public function verify_user($user_id, $ver_code){ $query = $this->CI->db->where('id', $user_id); $query = $this->CI->db->where('verification_code', $ver_code); $query = $this->CI->db->get( $this->config_vars['users'] ); - $pass = random_string('alphanum',8); - - if( $query->num_rows() > 0 ){ - - $data = array( - 'verification_code' => '', - 'pass' => $this->hash_password($pass, $user_id) - ); - - $row = $query->row(); - $email = $row->email; - - $this->CI->db->where('id', $user_id); - $this->CI->db->update($this->config_vars['users'] , $data); - - $this->CI->email->from( $this->config_vars['email'], $this->config_vars['name']); - $this->CI->email->to($email); - $this->CI->email->subject($this->config_vars['reset']); - $this->CI->email->message($this->config_vars['new_password'] . $pass); - $this->CI->email->send(); - - return true; - } - - return false; - } - - /** - * Update activity - * Update user's last activity date - * @param int|bool $user_id User id to update or false for current user - * @return bool Update fails/succeeds - */ - public function update_activity($user_id = FALSE) { - - if ($user_id == FALSE) - $user_id = $this->CI->session->userdata('id'); - - if($user_id==false){return false;} - - $data['last_activity'] = date("Y-m-d H:i:s"); - - $query = $this->CI->db->where('id',$user_id); - return $this->CI->db->update($this->config_vars['users'], $data); - } - - /** - * Update last login - * Update user's last login date - * @param int|bool $user_id User id to update or false for current user - * @return bool Update fails/succeeds - */ - public function update_last_login($user_id = FALSE) { - - if ($user_id == FALSE) - $user_id = $this->CI->session->userdata('id'); + // if ver code is true + if( $query->num_rows() > 0 ){ - $data['last_login'] = date("Y-m-d H:i:s"); - $data['ip_address'] = $this->CI->input->ip_address(); + $data = array( + 'verification_code' => '', + 'banned' => 0 + ); - $this->CI->db->where('id', $user_id); - return $this->CI->db->update($this->config_vars['users'], $data); + $this->CI->db->where('id', $user_id); + $this->CI->db->update($this->config_vars['users'] , $data); + return true; + } + return false; } - /** - * Update login attempt and if exceeds return false - * Update user's last login attemp date and number date - * @param string $email User email - * @return bool + * Send verification email + * Sends a verification email based on user id + * @param int $user_id User id to send verification email to */ - public function update_login_attempts($email) { - - $user_id = $this->get_user_id($email); + public function send_verification($user_id){ - $query = $this->CI->db->where('id', $user_id); + $query = $this->CI->db->where( 'id', $user_id ); $query = $this->CI->db->get( $this->config_vars['users'] ); - $row = $query->row(); + if ($query->num_rows() > 0){ + $row = $query->row(); - $data = array(); - - if ( $row->last_login_attempt == date("Y-m-d H:0:0")) { + $ver_code = random_string('alnum', 16); - $data['login_attempts'] = $row->login_attempts + 1; + $data['verification_code'] = $ver_code; - $query = $this->CI->db->where('id', $user_id); + $this->CI->db->where('id', $user_id); $this->CI->db->update($this->config_vars['users'], $data); - } else { + $this->CI->email->from( $this->config_vars['email'], $this->config_vars['name']); + $this->CI->email->to($row->email); + $this->CI->email->subject($this->config_vars['email']); + $this->CI->email->message($this->config_vars['code'] . $ver_code . + $this->config_vars['link'] . $user_id . '/' . $ver_code ); + $this->CI->email->send(); + } + } - $data['last_login_attempt'] = date("Y-m-d H:0:0"); - $data['login_attempts'] = 1; + //not tested excatly + /** + * Delete user + * Delete a user from database. WARNING Can't be undone + * @param int $user_id User id to delete + */ + public function delete_user($user_id) { - $this->CI->db->where('id', $user_id); - $this->CI->db->update($this->config_vars['users'], $data); + $this->CI->db->where('id', $user_id); + $this->CI->db->delete($this->config_vars['users']); - } + // delete from perm_to_user + $this->CI->db->where('user_id', $user_id); + $this->CI->db->delete($this->config_vars['perm_to_user']); - if ( $data['login_attempts'] > $this->config_vars['max_login_attempt'] ) { - return false; - } else { - return true; - } + // delete from user_to_group + $this->CI->db->where('user_id', $user_id); + $this->CI->db->delete($this->config_vars['user_to_group']); + // delete user vars + $this->CI->db->where('user_id', $user_id); + $this->CI->db->delete($this->config_vars['user_variables']); } + //tested /** - * Update remember - * Update amount of time a user is remembered for - * @param int $user_id User id to update - * @param int $expression - * @param int $expire - * @return bool Update fails/succeeds + * Ban user + * Bans a user account + * @param int $user_id User id to ban + * @return bool Ban fails/succeeds */ - public function update_remember($user_id, $expression=null, $expire=null) { + public function ban_user($user_id) { - $data['remember_time'] = $expire; - $data['remember_exp'] = $expression; + $data = array( + 'banned' => 1, + 'verification_code' => '' + ); + + $this->CI->db->where('id', $user_id); - $query = $this->CI->db->where('id',$user_id); return $this->CI->db->update($this->config_vars['users'], $data); } + //tested /** - * Get user - * Get user information - * @param int|bool $user_id User id to get or false for current user - * @return object User information + * Unban user + * Activates user account + * Same with unlock_user() + * @param int $user_id User id to activate + * @return bool Activation fails/succeeds */ - public function get_user($user_id = FALSE) { + public function unban_user($user_id) { - if ($user_id == FALSE) - $user_id = $this->CI->session->userdata('id'); + $data = array( + 'banned' => 0 + ); + + $this->CI->db->where('id', $user_id); + + return $this->CI->db->update($this->config_vars['users'], $data); + } + + //tested + /** + * Check user banned + * Checks if a user is banned + * @param int $user_id User id to check + * @return bool False if banned, True if not + */ + public function is_banned($user_id) { $query = $this->CI->db->where('id', $user_id); + $query = $this->CI->db->where('banned', 1); + $query = $this->CI->db->get($this->config_vars['users']); - if ($query->num_rows() <= 0){ - $this->error($this->config_vars['no_user']); + if ($query->num_rows() > 0) + return TRUE; + else return FALSE; - } - return $query->row(); } /** * Get user id - * Get user id from email address - * @param string $email Email address for user + * Get user id from email address, if par. not given, return current user's id + * @param string|bool $email Email address for user * @return int User id */ public function get_user_id($email=false) { - if(!$email){ + if( ! $email){ $query = $this->CI->db->where('id', $this->CI->session->userdata('id')); } else { $query = $this->CI->db->where('email', $email); @@ -866,10 +829,66 @@ class Aauth { return $query = $this->CI->db->get()->result(); } + //tested + /** + * Check email + * Checks if an email address is available + * @param string $email Email to check + * @return bool True if available, False if not + */ + public function check_email($email) { + + $this->CI->db->where("email", $email); + $query = $this->CI->db->get($this->config_vars['users']); + + if ($query->num_rows() > 0) { + $this->info($this->config_vars['email_taken']); + return FALSE; + } + else + return TRUE; + } + + //tested + /** + * Update activity + * Update user's last activity date + * @param int|bool $user_id User id to update or false for current user + * @return bool Update fails/succeeds + */ + public function update_activity($user_id = FALSE) { + + if ($user_id == FALSE) + $user_id = $this->CI->session->userdata('id'); + + if($user_id==false){return false;} + + $data['last_activity'] = date("Y-m-d H:i:s"); + + $query = $this->CI->db->where('id',$user_id); + return $this->CI->db->update($this->config_vars['users'], $data); + } + + //tested + /** + * Hash password + * Hash the password for storage in the database + * (thanks to Jacob Tomlinson for contribution) + * @param string $pass Password to hash + * @param $userid + * @return string Hashed password + */ + function hash_password($pass, $userid) { + + $salt = md5($userid); + return hash('sha256', $salt.$pass); + } + ######################## # Group Functions ######################## + //tested /** * Create group * Creates a new group @@ -893,6 +912,7 @@ class Aauth { return FALSE; } + //tested /** * Update group * Change a groups name @@ -900,7 +920,9 @@ class Aauth { * @param string $group_name New group name * @return bool Update success/failure */ - public function update_group($group_id, $group_name) { + public function update_group($group_par, $group_name) { + + $group_id = $this->get_group_id($group_par); $data['name'] = $group_name; @@ -908,13 +930,16 @@ class Aauth { return $this->CI->db->update($this->config_vars['groups'], $data); } + //tested /** * Delete group * Delete a group from database. WARNING Can't be undone * @param int $group_id User id to delete * @return bool Delete success/failure */ - public function delete_group($group_id) { + public function delete_group($group_par) { + + $group_id = $this->get_group_id($group_par); // bug fixed // now users are deleted from user_to_group table @@ -925,6 +950,7 @@ class Aauth { return $this->CI->db->delete($this->config_vars['groups']); } + //tested /** * Add member * Add a user to a group @@ -934,16 +960,22 @@ class Aauth { */ public function add_member($user_id, $group_par) { - $group_par = $this->get_group_id($group_par); + $group_id = $this->get_group_id($group_par); + + if( ! $group_id ) { + + $this->error( $this->config_vars['group_exist'] ); + return false; + } $query = $this->CI->db->where('user_id',$user_id); - $query = $this->CI->db->where('group_id',$group_par); + $query = $this->CI->db->where('group_id',$group_id); $query = $this->CI->db->get($this->config_vars['user_to_group']); if ($query->num_rows() < 1) { $data = array( 'user_id' => $user_id, - 'group_id' => $group_par + 'group_id' => $group_id ); return $this->CI->db->insert($this->config_vars['user_to_group'], $data); @@ -952,6 +984,7 @@ class Aauth { return true; } + //tested /** * Remove member * Remove a user from a group @@ -967,18 +1000,7 @@ class Aauth { return $this->CI->db->delete($this->config_vars['user_to_group']); } - /** - * Fire member - * Remove a user from a group same as remove member - * @param int $user_id User id to remove from group - * @param int|string $group_par Group id or name to remove user from - * @return bool Remove success/failure - */ - public function fire_member($user_id, $group_par) { - - return $this->remove_member($user_id,$group_par); - } - + //tested /** * Is member * Check if current user is a member of a group @@ -989,30 +1011,26 @@ class Aauth { public function is_member( $group_par, $user_id = false ) { // if user_id false (not given), current user - if(!$user_id){ + if( ! $user_id){ $user_id = $this->CI->session->userdata('id'); } $group_id = $this->get_group_id($group_par); - // if found - if (is_numeric($group_id)) { - $query = $this->CI->db->where('user_id', $user_id); - $query = $this->CI->db->where('group_id', $group_par); - $query = $this->CI->db->get($this->config_vars['user_to_group']); + $query = $this->CI->db->where('user_id', $user_id); + $query = $this->CI->db->where('group_id', $group_id); + $query = $this->CI->db->get($this->config_vars['user_to_group']); - $row = $query->row(); + $row = $query->row(); - if ($query->num_rows() > 0) { - return TRUE; - } else { - return FALSE; - } + if ($query->num_rows() > 0) { + return TRUE; } else { - return false; + return FALSE; } } + //tested /** * Is admin * Check if current user is a member of the admin group @@ -1021,9 +1039,10 @@ class Aauth { */ public function is_admin( $user_id = false ) { - return $this->is_member($this->config_vars['admin_group'],$user_id); + return $this->is_member($this->config_vars['admin_group'], $user_id); } + //tested /** * List groups * List all groups @@ -1035,6 +1054,8 @@ class Aauth { return $query->result(); } + + //tested /** * Get group name * Get group name from group id @@ -1053,13 +1074,14 @@ class Aauth { return $row->name; } + //tested /** * Get group id - * Get group id from group name or id + * Get group id from group name or id ( ! Case sensitive) * @param int|string $group_par Group id or name to get * @return int Group id */ - public function get_group_id($group_par) { + public function get_group_id ( $group_par ) { if( is_numeric($group_par) ) { return $group_par; } @@ -1077,6 +1099,7 @@ class Aauth { # Permission Functions ######################## + //tested /** * Create permission * Creates a new permission type @@ -1101,6 +1124,7 @@ class Aauth { return FALSE; } + //tested /** * Update permission * Updates permission name and description @@ -1109,19 +1133,21 @@ class Aauth { * @param string $definition Permission description * @return bool Update success/failure */ - public function update_perm($perm_par, $perm_name, $definition=false) { + public function update_perm($perm_par, $perm_name=false, $definition=false) { $perm_id = $this->get_perm_id($perm_par); - $data['name'] = $perm_name; + if ($perm_name != false) + $data['name'] = $perm_name; - if ($definition!=false) - $data['definition'] = $perm_name; + if ($definition != false) + $data['definition'] = $definition; $this->CI->db->where('id', $perm_id); return $this->CI->db->update($this->config_vars['perms'], $data); } + //not ok /** * Delete permission * Delete a permission from database. WARNING Can't be undone @@ -1219,11 +1245,11 @@ class Aauth { return true; } } - return false; } } + //tested /** * Allow User * Add User to permission @@ -1247,11 +1273,12 @@ class Aauth { 'perm_id' => $perm_id ); - return $this->CI->db->insert($this->config_vars['perm_to_group'], $data); + return $this->CI->db->insert($this->config_vars['perm_to_user'], $data); } return true; } + //tested /** * Deny User * Remove user from permission @@ -1266,10 +1293,10 @@ class Aauth { $this->CI->db->where('user_id', $user_id); $this->CI->db->where('perm_id', $perm_id); - return $this->CI->db->delete($this->config_vars['perm_to_group']); + return $this->CI->db->delete($this->config_vars['perm_to_user']); } - + //tested /** * Allow Group * Add group to permission @@ -1280,24 +1307,26 @@ class Aauth { public function allow_group($group_par, $perm_par) { $perm_id = $this->get_perm_id($perm_par); + $group_id = $this->get_group_id($group_par); - $query = $this->CI->db->where('group_id',$group_par); + $query = $this->CI->db->where('group_id',$group_id); $query = $this->CI->db->where('perm_id',$perm_id); $query = $this->CI->db->get($this->config_vars['perm_to_group']); if ($query->num_rows() < 1) { - $group_par = $this->get_group_id($group_par); $data = array( - 'group_id' => $group_par, + 'group_id' => $group_id, 'perm_id' => $perm_id ); return $this->CI->db->insert($this->config_vars['perm_to_group'], $data); } + return true; } + //tested /** * Deny Group * Remove group from permission @@ -1308,14 +1337,15 @@ class Aauth { public function deny_group($group_par, $perm_par) { $perm_id = $this->get_perm_id($perm_par); + $group_id = $this->get_group_id($group_par); - $group_par = $this->get_group_id($group_par); - $this->CI->db->where('group_id', $group_par); + $this->CI->db->where('group_id', $group_id); $this->CI->db->where('perm_id', $perm_id); return $this->CI->db->delete($this->config_vars['perm_to_group']); } + //tested /** * List Permissions * List all permissions @@ -1327,6 +1357,7 @@ class Aauth { return $query->result(); } + //tested /** * Get permission id * Get permission id from permisison name or id @@ -1351,6 +1382,7 @@ class Aauth { # Private Message Functions ######################## + //tested /** * Send Private Message * Send a private message to another user @@ -1378,6 +1410,18 @@ class Aauth { return false; } + $query = $this->CI->db->where('id', $sender_id); + $query = $this->CI->db->where('banned', 0); + + $query = $this->CI->db->get( $this->config_vars['users'] ); + + // if user not exist or banned + if ( $query->num_rows() < 1 ){ + $this->error($this->config_vars['no_user']); + return false; + } + + $data = array( 'sender_id' => $sender_id, 'receiver_id' => $receiver_id, @@ -1389,6 +1433,7 @@ class Aauth { return $query = $this->CI->db->insert( $this->config_vars['pms'], $data ); } + //tested /** * List Private Messages * If receiver id not given retruns current user's pms, if sender_id given, it returns only pms from given sender @@ -1415,6 +1460,7 @@ class Aauth { return $query->result(); } + //tested /** * Get Private Message * Get private message by id @@ -1424,8 +1470,6 @@ class Aauth { */ public function get_pm($pm_id, $set_as_read = true){ - if ($set_as_read) $this->set_as_read_pm($pm_id); - $query = $this->CI->db->where('id', $pm_id); $query = $this->CI->db->get( $this->config_vars['pms'] ); @@ -1433,9 +1477,12 @@ class Aauth { $this->error( $this->config_vars['no_pm'] ); } + if ($set_as_read) $this->set_as_read_pm($pm_id); + return $query->result(); } + //tested /** * Delete Private Message * Delete private message by id @@ -1447,6 +1494,7 @@ class Aauth { return $this->CI->db->delete( $this->config_vars['pms'], array('id' => $pm_id) ); } + //tested /** * Count unread Private Message * Count number of unread private messages @@ -1459,13 +1507,14 @@ class Aauth { $receiver_id = $this->CI->session->userdata('id'); } - $query = $this->CI->db->where('reciever_id', $receiver_id); + $query = $this->CI->db->where('receiver_id', $receiver_id); $query = $this->CI->db->where('read', 0); $query = $this->CI->db->get( $this->config_vars['pms'] ); return $query->num_rows(); } + //tested /** * Set Private Message as read * Set private message as read @@ -1484,6 +1533,7 @@ class Aauth { # Error / Info Functions ######################## + //tested /** * Error * Add message to error array and set flash data @@ -1495,6 +1545,7 @@ class Aauth { $this->CI->session->set_flashdata('errors', $this->errors); } + //not working /** * Keep Errors * keeps the flash data flash data @@ -1503,9 +1554,10 @@ class Aauth { * http://ellislab.com/codeigniter/user-guide/libraries/sessions.html */ public function keep_errors(){ - $this->session->keep_flashdata('errors'); + $this->CI->session->keep_flashdata('errors'); } + //tested /** * Get Errors Array * Return array of errors @@ -1520,6 +1572,7 @@ class Aauth { } } + //tested /** * Print Errors * Prints string of errors separated by delimiter @@ -1541,6 +1594,7 @@ class Aauth { echo $msg; } + //tested /** * Info * Add message to info array and set flash data @@ -1552,6 +1606,7 @@ class Aauth { $this->CI->session->set_flashdata('infos', $this->errors); } + //not working /** * Keep Infos * keeps the flash data @@ -1563,6 +1618,7 @@ class Aauth { $this->session->keep_flashdata('infos'); } + //tested /** * Get Info Array * Return array of info @@ -1577,6 +1633,7 @@ class Aauth { } } + //tested /** * Print Info * Print string of info separated by delimiter @@ -1603,6 +1660,7 @@ class Aauth { # User Variables ######################## + //tested /** * Set User Variable as key value * if variable not set before, it will ve set @@ -1618,6 +1676,11 @@ class Aauth { $user_id = $this->CI->session->userdata('id'); } + // if specified user is not found + if ( ! $this->get_user($user_id)){ + return false; + } + // if var not set, set if ( ! $this->get_user_var($key,$user_id) ) { @@ -1627,7 +1690,7 @@ class Aauth { 'user_id' => $user_id ); - return $this->db->insert( $this->config_vars['user_variables'] , $data); + return $this->CI->db->insert( $this->config_vars['user_variables'] , $data); } // if var already set, overwrite @@ -1639,14 +1702,14 @@ class Aauth { 'user_id' => $user_id ); - $this->db->where( 'key', $key ); - $this->db->where( 'user_id', $user_id); + $this->CI->db->where( 'key', $key ); + $this->CI->db->where( 'user_id', $user_id); - return $this->db->update( $this->config_vars['user_variables'], $data); + return $this->CI->db->update( $this->config_vars['user_variables'], $data); } } - + //tested /** * Unset User Variable as key value * @param string $key @@ -1659,14 +1722,19 @@ class Aauth { $user_id = $this->CI->session->userdata('id'); } - $this->db->where('key', $key); - $this->db->where('user_id', $user_id); + // if specified user is not found + if ( ! $this->get_user($user_id)){ + return false; + } + + $this->CI->db->where('key', $key); + $this->CI->db->where('user_id', $user_id); - return $this->db->delete( $this->config_vars['user_variables'] ); + return $this->CI->db->delete( $this->config_vars['user_variables'] ); } - + //tested /** * Get User Variable by key * Return string of variable value or false @@ -1680,6 +1748,11 @@ class Aauth { $user_id = $this->CI->session->userdata('id'); } + // if specified user is not found + if ( ! $this->get_user($user_id)){ + return false; + } + $query = $this->CI->db->where('user_id', $user_id); $query = $this->CI->db->where('key', $key); @@ -1700,6 +1773,7 @@ class Aauth { # Aauth System Variables ######################## + //tested /** * Set Aauth System Variable as key value * if variable not set before, it will be set @@ -1708,17 +1782,17 @@ class Aauth { * @param string $value * @return bool */ - public function set_aauth_var( $key, $value ) { + public function set_system_var( $key, $value ) { // if var not set, set - if ( ! $this->get_aauth_var($key) ) { + if ( ! $this->get_system_var($key) ) { $data = array( 'key' => $key, 'value' => $value, ); - return $this->db->insert( $this->config_vars['aauth_variables'] , $data); + return $this->CI->db->insert( $this->config_vars['system_variables'] , $data); } // if var already set, overwrite @@ -1729,35 +1803,37 @@ class Aauth { 'value' => $value, ); - $this->db->where( 'key', $key ); - return $this->db->update( $this->config_vars['aauth_variables'], $data); + $this->CI->db->where( 'key', $key ); + return $this->CI->db->update( $this->config_vars['system_variables'], $data); } } + //tested /** * Unset Aauth System Variable as key value * @param string $key * @return bool */ - public function unset_aauth_var( $key ) { + public function unset_system_var( $key ) { - $this->db->where('key', $key); + $this->CI->db->where('key', $key); - return $this->db->delete( $this->config_vars['aauth_variables'] ); + return $this->CI->db->delete( $this->config_vars['system_variables'] ); } + //tested /** * Get Aauth System Variable by key * Return string of variable value or false * @param string $key * @return bool|string , false if var is not set, the value of var if set */ - public function get_aauth_var( $key ){ + public function get_system_var( $key ){ $query = $this->CI->db->where('key', $key); - $query = $this->CI->db->get( $this->config_vars['aauth_variables'] ); + $query = $this->CI->db->get( $this->config_vars['system_variables'] ); // if variable not set if ($query->num_rows() < 1) { return false;} @@ -1779,7 +1855,11 @@ class Aauth { * parametre olarak array alma * stacoverflow * public id sini 0 a eşitleyip öyle kontrol yapabilirdik (oni boşver uşağum) - * + * lock_user (until parametrsi) + * unlock_user + * send_pm() in errounda receiver ve sender için ayrı errorlar olabilür + * ddos protect olayını daha mantıklı hale getür + * geçici ban ve e-mail ile tkrar aktifleştime olayı */ /** @@ -1797,11 +1877,9 @@ class Aauth { * tamam // sistem variables * tmam // user perms * tamam gibi // 4mysql index fulltext index?? - * geçici ban ve e-mail ile tkrar aktifleştime olayı - * ddos protect olayını daha mantıklı hale getür + * tamam //delete_user dan sonra grup ve perms ler de silinmeli + * login() içinde login'i doğru şekilde olsa da yine de login attempt artıyo kesin düzeltilecek * - * lock_user (until parametrsi) - * unlock_user * * * ----------- @@ -1821,8 +1899,10 @@ class Aauth { * User and Aauth System Variables. set_user_var( $key, $value, $user_id = false ) get_user_var( $key, $user_id = false) -set_aauth_var( $key, $value, $user_id = false ) -get_aauth_var( $key, $user_id = false) +unset +set_system_var( $key, $value, $user_id = false ) +get_system_var( $key, $user_id = false) +unset functions added * * From f05e97e4e47f66e2e47eee7adc2ccfb52c1dff30 Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Thu, 3 Jul 2014 21:34:34 +0300 Subject: [PATCH 22/23] minor changes some bugs fixed --- application/controllers/example.php | 2 +- application/libraries/Aauth.php | 2 +- sql/Aauth_v2.sql | 171 ++++++++++++++++++++++++++++ sql/aauth.sql | 144 ----------------------- 4 files changed, 173 insertions(+), 146 deletions(-) create mode 100644 sql/Aauth_v2.sql delete mode 100644 sql/aauth.sql diff --git a/application/controllers/example.php b/application/controllers/example.php index 774c42e..e4a462b 100644 --- a/application/controllers/example.php +++ b/application/controllers/example.php @@ -173,7 +173,7 @@ class Example extends CI_Controller { function create_user() { - $a = $this->aauth->create_user("aaa@a.com", "12345", "aa"); + $a = $this->aauth->create_user("admin@admin.com", "12345", "Admin"); if ($a) echo "tmm "; diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 4665189..cb14686 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -11,7 +11,7 @@ * * @copyright 2014 Emre Akay * - * @version 1.0 + * @version 2.0 * * @license LGPL * @license http://opensource.org/licenses/LGPL-3.0 Lesser GNU Public License diff --git a/sql/Aauth_v2.sql b/sql/Aauth_v2.sql new file mode 100644 index 0000000..52aafbd --- /dev/null +++ b/sql/Aauth_v2.sql @@ -0,0 +1,171 @@ +/* +Navicat MySQL Data Transfer + +Source Server : local +Source Server Version : 50508 +Source Host : localhost:3306 +Source Database : aauth_v2_dev + +Target Server Type : MYSQL +Target Server Version : 50508 +File Encoding : 65001 + +Date: 2014-07-03 21:23:21 +*/ + +SET FOREIGN_KEY_CHECKS=0; + +-- ---------------------------- +-- Table structure for `aauth_groups` +-- ---------------------------- +DROP TABLE IF EXISTS `aauth_groups`; +CREATE TABLE `aauth_groups` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `name` text, + PRIMARY KEY (`id`), + KEY `id_index` (`id`) +) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8; + +-- ---------------------------- +-- Records of aauth_groups +-- ---------------------------- +INSERT INTO `aauth_groups` VALUES ('1', 'Admin'); +INSERT INTO `aauth_groups` VALUES ('2', 'Public'); +INSERT INTO `aauth_groups` VALUES ('3', 'Default'); + +-- ---------------------------- +-- Table structure for `aauth_perms` +-- ---------------------------- +DROP TABLE IF EXISTS `aauth_perms`; +CREATE TABLE `aauth_perms` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `name` text, + `definition` text, + PRIMARY KEY (`id`), + KEY `id_index` (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- ---------------------------- +-- Records of aauth_perms +-- ---------------------------- + +-- ---------------------------- +-- Table structure for `aauth_perm_to_group` +-- ---------------------------- +DROP TABLE IF EXISTS `aauth_perm_to_group`; +CREATE TABLE `aauth_perm_to_group` ( + `perm_id` int(11) DEFAULT NULL, + `group_id` int(11) DEFAULT NULL, + KEY `perm_id_group_id_index` (`perm_id`,`group_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- ---------------------------- +-- Records of aauth_perm_to_group +-- ---------------------------- + +-- ---------------------------- +-- Table structure for `aauth_perm_to_user` +-- ---------------------------- +DROP TABLE IF EXISTS `aauth_perm_to_user`; +CREATE TABLE `aauth_perm_to_user` ( + `perm_id` int(11) DEFAULT NULL, + `user_id` int(11) DEFAULT NULL, + KEY `perm_id_user_id_index` (`perm_id`,`user_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- ---------------------------- +-- Records of aauth_perm_to_user +-- ---------------------------- + +-- ---------------------------- +-- Table structure for `aauth_pms` +-- ---------------------------- +DROP TABLE IF EXISTS `aauth_pms`; +CREATE TABLE `aauth_pms` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `sender_id` int(11) NOT NULL, + `receiver_id` int(11) NOT NULL, + `title` text NOT NULL, + `message` text, + `date` datetime DEFAULT NULL, + `read` int(11) DEFAULT '0', + PRIMARY KEY (`id`), + KEY `full_index` (`id`,`sender_id`,`receiver_id`,`read`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- ---------------------------- +-- Records of aauth_pms +-- ---------------------------- + +-- ---------------------------- +-- Table structure for `aauth_system_variables` +-- ---------------------------- +DROP TABLE IF EXISTS `aauth_system_variables`; +CREATE TABLE `aauth_system_variables` ( + `key` text NOT NULL, + `value` text +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- ---------------------------- +-- Records of aauth_system_variables +-- ---------------------------- + +-- ---------------------------- +-- Table structure for `aauth_users` +-- ---------------------------- +DROP TABLE IF EXISTS `aauth_users`; +CREATE TABLE `aauth_users` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `email` text COLLATE utf8_turkish_ci NOT NULL, + `pass` text COLLATE utf8_turkish_ci NOT NULL, + `name` text COLLATE utf8_turkish_ci, + `banned` int(11) DEFAULT '0', + `last_login` datetime DEFAULT NULL, + `last_activity` datetime DEFAULT NULL, + `last_login_attempt` datetime DEFAULT NULL, + `forgot_exp` text COLLATE utf8_turkish_ci, + `remember_time` datetime DEFAULT NULL, + `remember_exp` text COLLATE utf8_turkish_ci, + `verification_code` text COLLATE utf8_turkish_ci, + `ip_address` text COLLATE utf8_turkish_ci, + `login_attempts` int(11) DEFAULT '0', + PRIMARY KEY (`id`), + KEY `id_index` (`id`) +) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8 COLLATE=utf8_turkish_ci; + +-- ---------------------------- +-- Records of aauth_users +-- ---------------------------- +INSERT INTO `aauth_users` VALUES ('1', 'admin@admin.com', 'dd5073c93fb477a167fd69072e95455834acd93df8fed41a2c468c45b394bfe3', 'Admin', '0', null, null, null, null, null, null, null, null, '0'); + +-- ---------------------------- +-- Table structure for `aauth_user_to_group` +-- ---------------------------- +DROP TABLE IF EXISTS `aauth_user_to_group`; +CREATE TABLE `aauth_user_to_group` ( + `user_id` int(11) NOT NULL DEFAULT '0', + `group_id` int(11) NOT NULL DEFAULT '0', + PRIMARY KEY (`user_id`,`group_id`), + KEY `user_id_group_id_index` (`user_id`,`group_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- ---------------------------- +-- Records of aauth_user_to_group +-- ---------------------------- +INSERT INTO `aauth_user_to_group` VALUES ('1', '1'); +INSERT INTO `aauth_user_to_group` VALUES ('1', '3'); + +-- ---------------------------- +-- Table structure for `aauth_user_variables` +-- ---------------------------- +DROP TABLE IF EXISTS `aauth_user_variables`; +CREATE TABLE `aauth_user_variables` ( + `user_id` int(11) NOT NULL, + `key` text NOT NULL, + `value` text, + KEY `user_id_index` (`user_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- ---------------------------- +-- Records of aauth_user_variables +-- ---------------------------- diff --git a/sql/aauth.sql b/sql/aauth.sql deleted file mode 100644 index 93704cd..0000000 --- a/sql/aauth.sql +++ /dev/null @@ -1,144 +0,0 @@ --- phpMyAdmin SQL Dump --- version 3.3.9 --- http://www.phpmyadmin.net --- --- Anamakine: localhost --- Üretim Zamanı: 18 Eylül 2013 saat 10:18:09 --- Sunucu sürümü: 5.5.8 --- PHP Sürümü: 5.3.5 - -SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO"; - - -/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; -/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; -/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; -/*!40101 SET NAMES utf8 */; - --- --- Veritabanı: `aauth2` --- - --- -------------------------------------------------------- - --- --- Tablo için tablo yapısı `aauth_groups` --- - -CREATE TABLE IF NOT EXISTS `aauth_groups` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `name` text, - PRIMARY KEY (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=4 ; - --- --- Tablo döküm verisi `aauth_groups` --- - -INSERT INTO `aauth_groups` (`id`, `name`) VALUES -(1, 'admin'), -(2, 'public'), -(3, 'default'); - --- -------------------------------------------------------- - --- --- Tablo için tablo yapısı `aauth_perms` --- - -CREATE TABLE IF NOT EXISTS `aauth_perms` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `name` text, - `definition` text, - PRIMARY KEY (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ; - --- --- Tablo döküm verisi `aauth_perms` --- - - --- -------------------------------------------------------- - --- --- Tablo için tablo yapısı `aauth_perm_to_group` --- - -CREATE TABLE IF NOT EXISTS `aauth_perm_to_group` ( - `perm_id` int(11) DEFAULT NULL, - `group_id` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; - --- --- Tablo döküm verisi `aauth_perm_to_group` --- - - --- -------------------------------------------------------- - --- --- Tablo için tablo yapısı `aauth_pm` --- - -CREATE TABLE IF NOT EXISTS `aauth_pm` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `sender_id` int(11) NOT NULL, - `receiver_id` int(11) NOT NULL, - `message` text, - `date` datetime DEFAULT NULL, - `read` int(11) DEFAULT '0', - PRIMARY KEY (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ; - --- --- Tablo döküm verisi `aauth_pm` --- - - --- -------------------------------------------------------- - --- --- Tablo için tablo yapısı `aauth_users` --- - -CREATE TABLE IF NOT EXISTS `aauth_users` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `email` text COLLATE utf8_turkish_ci NOT NULL, - `pass` text COLLATE utf8_turkish_ci NOT NULL, - `name` text COLLATE utf8_turkish_ci, - `banned` int(11) DEFAULT '0', - `last_login` datetime DEFAULT NULL, - `last_activity` datetime DEFAULT NULL, - `last_login_attempt` datetime DEFAULT NULL, - `forgot_exp` text COLLATE utf8_turkish_ci, - `remember_time` datetime DEFAULT NULL, - `remember_exp` text COLLATE utf8_turkish_ci, - `verification_code` text COLLATE utf8_turkish_ci, - PRIMARY KEY (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_turkish_ci AUTO_INCREMENT=2 ; - --- --- Tablo döküm verisi `aauth_users` --- - -INSERT INTO `aauth_users` (`id`, `email`, `pass`, `name`, `banned`, `last_login`, `last_activity`, `last_login_attempt`, `forgot_exp`, `remember_time`, `remember_exp`, `verification_code`) VALUES -(1, 'admin@admin.com', 'admin pass', 'Admin', 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL); - --- -------------------------------------------------------- - --- --- Tablo için tablo yapısı `aauth_user_to_group` --- - -CREATE TABLE IF NOT EXISTS `aauth_user_to_group` ( - `user_id` int(11) NOT NULL DEFAULT '0', - `group_id` int(11) NOT NULL DEFAULT '0', - PRIMARY KEY (`user_id`,`group_id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; - --- --- Tablo döküm verisi `aauth_user_to_group` --- - -INSERT INTO `aauth_user_to_group` (`user_id`, `group_id`) VALUES -(1, 1); From de03499784c45b7dd67a732e08e45cfb44be1e5f Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Fri, 4 Jul 2014 13:57:54 +0300 Subject: [PATCH 23/23] minor changes --- application/libraries/Aauth.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index cb14686..37634d8 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -1691,7 +1691,6 @@ class Aauth { ); return $this->CI->db->insert( $this->config_vars['user_variables'] , $data); - } // if var already set, overwrite else { @@ -1731,7 +1730,6 @@ class Aauth { $this->CI->db->where('user_id', $user_id); return $this->CI->db->delete( $this->config_vars['user_variables'] ); - } //tested @@ -1879,6 +1877,7 @@ class Aauth { * tamam gibi // 4mysql index fulltext index?? * tamam //delete_user dan sonra grup ve perms ler de silinmeli * login() içinde login'i doğru şekilde olsa da yine de login attempt artıyo kesin düzeltilecek + * keep_errors ve keep_infos calismiyor * * *