oxerptype_user.php

Go to the documentation of this file.
00001 <?php
00002 
00003 require_once( 'oxerptype.php');
00004 require_once( realpath(dirname(__FILE__).'/../oxerpcompatability.php'));
00005 
00006 class oxERPType_User extends oxERPType
00007 {
00008     static $CAN_NOT_IMPORT_SALT = 'ERROR: Can not import user password salt to shop config.';
00009     protected $_aFieldListVersions = array(
00010         '1' => array(
00011             'OXID'           => 'OXID',
00012             'OXACTIV'        => 'OXACTIV',
00013             'OXRIGHTS'       => 'OXRIGHTS',
00014             'OXSHOPID'       => 'OXSHOPID',
00015             'OXUSERNAME'     => 'OXUSERNAME',
00016             'OXPASSWORD'     => 'OXPASSWORD',
00017             'OXCUSTNR'       => 'OXCUSTNR',
00018             'OXUSTID'        => 'OXUSTID',
00019             'OXCOMPANY'      => 'OXCOMPANY',
00020             'OXFNAME'        => 'OXFNAME',
00021             'OXLNAME'        => 'OXLNAME',
00022             'OXSTREET'       => 'OXSTREET',
00023             'OXSTREETNR'     => 'OXSTREETNR',
00024             'OXADDINFO'      => 'OXADDINFO',
00025             'OXCITY'         => 'OXCITY',
00026             'OXCOUNTRY'      => 'OXCOUNTRY',
00027             'OXCOUNTRYID'    => 'OXCOUNTRYID', //hard to obtain for external users, use getCountries ERP method, it should be correct countryid
00028             'OXZIP'          => 'OXZIP',
00029             'OXFON'          => 'OXFON',
00030             'OXFAX'          => 'OXFAX',
00031             'OXSAL'          => 'OXSAL',
00032             'OXBONI'         => 'OXBONI',
00033             'OXCREATE'       => 'OXCREATE', //always now
00034             'OXREGISTER'     => 'OXREGISTER',
00035             'OXPRIVFON'      => 'OXPRIVFON',
00036             'OXMOBFON'       => 'OXMOBFON',
00037             'OXBIRTHDATE'    => 'OXBIRTHDATE',
00038             'OXURL'          => 'OXURL',
00039             'OXBUERGELLASTCHECK'         => 'OXBUERGELLASTCHECK',
00040             'OXBUERGELTEXT'  => 'OXBUERGELTEXT',
00041             'OXBUERGELADRESSSTATUS'      => 'OXBUERGELADRESSSTATUS',
00042             'OXBUERGELADRESSTEXT'        => 'OXBUERGELADRESSTEXT',
00043             'OXDISABLEAUTOGRP'           => 'OXDISABLEAUTOGRP',
00044             'OXLDAPKEY'      => 'OXLDAPKEY',
00045             'OXWRONGLOGINS'  => 'OXWRONGLOGINS'
00046         ),
00047         '2' => array(
00048             'OXID' => 'OXID',
00049             'OXACTIVE' => 'OXACTIVE',
00050             'OXRIGHTS' => 'OXRIGHTS',
00051             'OXSHOPID' => 'OXSHOPID',
00052             'OXUSERNAME' => 'OXUSERNAME',
00053             'OXPASSWORD' => 'OXPASSWORD',
00054             'OXCUSTNR' => 'OXCUSTNR',
00055             'OXUSTID' => 'OXUSTID',
00056             'OXUSTIDSTATUS' => 'OXUSTIDSTATUS',
00057             'OXCOMPANY' => 'OXCOMPANY',
00058             'OXFNAME' => 'OXFNAME',
00059             'OXLNAME' => 'OXLNAME',
00060             'OXSTREET' => 'OXSTREET',
00061             'OXSTREETNR' => 'OXSTREETNR',
00062             'OXADDINFO' => 'OXADDINFO',
00063             'OXCITY' => 'OXCITY',
00064             'OXCOUNTRYID' => 'OXCOUNTRYID',
00065             'OXZIP' => 'OXZIP',
00066             'OXFON' => 'OXFON',
00067             'OXFAX' => 'OXFAX',
00068             'OXSAL' => 'OXSAL',
00069             'OXBONI' => 'OXBONI',
00070             'OXCREATE' => 'OXCREATE',
00071             'OXREGISTER' => 'OXREGISTER',
00072             'OXPRIVFON' => 'OXPRIVFON',
00073             'OXMOBFON' => 'OXMOBFON',
00074             'OXBIRTHDATE' => 'OXBIRTHDATE',
00075             'OXURL' => 'OXURL',
00076             'OXDISABLEAUTOGRP' => 'OXDISABLEAUTOGRP',
00077             'OXLDAPKEY' => 'OXLDAPKEY',
00078             'OXWRONGLOGINS' => 'OXWRONGLOGINS',
00079         ),
00080     );
00081 
00082     public function __construct()
00083     {
00084         parent::__construct();
00085 
00086         $oCompat = oxNew('OXERPCompatability');
00087         if ($oCompat->isPasswordSaltInOxUser() && (oxERPBase::getUsedDbFieldsVersion() < 3)) {
00088             // also read OXPASSSALT, which will be included into combo, but removed from output
00089             $this->_aFieldList['OXPASSSALT'] = 'OXPASSSALT';
00090         }
00091 
00092         $this->_sTableName      = 'oxuser';
00093         $this->_sShopObjectName = 'oxuser';
00094     }
00095 
00103     public function getSQL( $sWhere, $iLanguage = 0,$iShopID = 1)
00104     {
00105         $myConfig = oxConfig::getInstance();
00106 
00107         // add type 'user' for security reasons
00108         if( strstr( $sWhere, 'where'))
00109             $sWhere .= ' and ';
00110         else
00111             $sWhere .= ' where ';
00112 
00113         $sWhere .= ' oxrights = \'user\'';
00114         //MAFI also check for shopid to restrict access
00115         if(!$myConfig->getConfigParam('blMallUsers')){
00116             $sWhere .= ' AND oxshopid = \''.$iShopID.'\'';
00117         }
00118 
00119         return parent::getSQL( $sWhere, $iLanguage);;
00120     }
00121 
00122     public function checkWriteAccess($sOxid)
00123     {
00124         $myConfig = oxConfig::getInstance();
00125 
00126         if (!$myConfig->getConfigParam('blMallUsers')) {
00127             parent::checkWriteAccess($sOxid);
00128         }
00129     }
00130 
00131     public function getObjectForDeletion( $sId)
00132     {
00133         $myConfig = oxConfig::getInstance();
00134 
00135         if( !isset($sId))
00136             throw new Exception( "Missing ID!");
00137 
00138         $oUser = oxNew( $this->getShopObjectName(), "core");
00139         if(!$oUser->exists($sId)){
00140             throw new Exception( $this->getShopObjectName(). " " . $sId. " does not exists!");
00141         }
00142 
00143         //We must load the object here, to check shopid and return it for further checks
00144         $oUser->Load($sId);
00145 
00146         //if blMallUsers is true its possible to delete all users of all shops
00147         if($oUser->getShopId() != $myConfig->getShopId() && !$myConfig->getConfigParam('blMallUsers'))
00148             throw new Exception( "No right to delete object {$sId} !");
00149 
00150         //set to false, to allow a deletion, even if its normally not allowed
00151         $oUser->setIsDerived(false);
00152         return $oUser;
00153     }
00154 
00155     public function getFunctionSuffix()
00156     {
00157         return parent::getFunctionSuffix();
00158     }
00159 
00168     protected function getSqlFieldName($sField, $iLanguage = 0, $iShopID = 1)
00169     {
00170         if ('1' == oxERPBase::getUsedDbFieldsVersion()) {
00171             switch ($sField) {
00172                 case 'OXACTIV':
00173                     return "OXACTIVE as OXACTIV";
00174                 case 'OXACTIVFROM':
00175                     return "OXACTIVEFROM as OXACTIVEFROM";
00176                 case 'OXACTIVTO':
00177                     return "OXACTIVETO as OXACTIVTO";
00178                 case 'OXCOUNTRY':
00179                     return "(select oxtitle from oxcountry where oxcountry.oxid=OXCOUNTRYID limit 1) as OXCOUNTRY";
00180                 case 'OXBUERGELLASTCHECK':
00181                     return "'0000-00-00 00:00:00' as $sField";
00182                 case 'OXBUERGELADRESSSTATUS':
00183                     return "'0' as $sField";
00184                 case 'OXBUERGELTEXT':
00185                 case 'OXBUERGELADRESSTEXT':
00186                     return "'' as $sField";
00187             }
00188         }
00189 
00190         return parent::getSqlFieldName($sField, $iLanguage, $iShopID);
00191     }
00192 
00193 
00203     protected function _preAssignObject($oShopObject, $aData, $blAllowCustomShopId)
00204     {
00205         $aData = parent::_preAssignObject($oShopObject, $aData, $blAllowCustomShopId);
00206 
00207         $oCompat = oxNew('OXERPCompatability');
00208         if ($oCompat->isPasswordSaltSupported() && (oxERPBase::getUsedDbFieldsVersion() < 3)) {
00209             // emulate passwd and salt with only passwd field: check if combined
00210             // combine rules: array(passwd, salt, md5(passwd+salt))
00211             $aCombo = @explode(':', $aData['OXPASSWORD']);
00212             if (is_array($aCombo) && (3 == count($aCombo)) && (md5($aCombo[0].$aCombo[1]) == $aCombo[2])) {
00213                 // combo detected
00214                 $aData['OXPASSWORD'] = $aCombo[0];
00215                 if ($oCompat->isPasswordSaltInOxUser()) {
00216                     $aData['OXPASSSALT'] = $aCombo[1];
00217                 } else {
00218                     $sConfigSalt = oxConfig::getInstance()->getConfigParam( 'sPasswdSalt' );
00219                     $sConfigSalt = unpack('H*', $sConfigSalt);
00220                     $sConfigSalt = $sConfigSalt[1];
00221                     if ($aCombo[1] != $sConfigSalt) {
00222                         // note: can not import config value here, since it will break other passwds
00223                         throw new Exception( self::$CAN_NOT_IMPORT_SALT );
00224                     }
00225                 }
00226             }
00227         }
00228         return $aData;
00229     }
00230 
00240     protected function _preSaveObject($oShopObject, $aData)
00241     {
00242         $oCompat = oxNew('OXERPCompatability');
00243         if ($oCompat->isPasswordSaltSupported()) {
00244             if (method_exists($oShopObject, 'getPasswordHash')) {
00245                 $oShopObject->getPasswordHash();
00246             } else {
00247                 if ( $oShopObject->oxuser__oxpassword->value ) {
00248                     if ( strpos( $oShopObject->oxuser__oxpassword->value, 'ox_' ) === 0 ) {
00249                         // decodable pass ?
00250                         $oShopObject->setPassword( oxUtils::getInstance()->strRem( $oShopObject->oxuser__oxpassword->value ) );
00251                     } elseif ( ( strlen( $oShopObject->oxuser__oxpassword->value ) < 32 ) && ( strpos( $oShopObject->oxuser__oxpassword->value, 'openid_' ) !== 0 ) ) {
00252                         // plain pass ?
00253                         $oShopObject->setPassword( $oShopObject->oxuser__oxpassword->value );
00254                     }
00255                 }
00256             }
00257         }
00258         return parent::_preSaveObject($oShopObject, $aData);
00259     }
00260 
00266     public function addExportData( $aFields)
00267     {
00268         $oCompat = oxNew('OXERPCompatability');
00269         if ($oCompat->isPasswordSaltSupported() && (oxERPBase::getUsedDbFieldsVersion() < 3)) {
00270             $sSalt = '';
00271             if ($oCompat->isPasswordSaltInOxUser()) {
00272                 $sSalt = $aFields['OXPASSSALT'];
00273                 $aFields['OXPASSSALT'] = null;
00274                 unset($aFields['OXPASSSALT']);
00275             } else {
00276                 $sSalt = oxConfig::getInstance()->getConfigParam( 'sPasswdSalt' );
00277                 $sSalt = unpack('H*', $sSalt);
00278                 $sSalt = $sSalt[1];
00279             }
00280             $sCheckSum = md5($aFields['OXPASSWORD'].$sSalt);
00281             $aFields['OXPASSWORD'] = implode(':', array($aFields['OXPASSWORD'], $sSalt, $sCheckSum));
00282         }
00283         return $aFields;
00284     }
00285 
00286 }
Generated on Tue Apr 21 15:45:44 2009 for OXID eShop CE by  doxygen 1.5.5