OXID eShop CE: core/objects/oxerptype

00001 <?php
00002 
00003 require_once 'oxerptype.php';
00004 require_once realpath(dirname(__FILE__).'/../oxerpcompatability.php');
00005 
00009 class oxERPType_User extends oxERPType
00010 {
00015     static $CAN_NOT_IMPORT_SALT = 'ERROR: Can not import user password salt to shop config.';
00016 
00021     protected $_aFieldListVersions = array(
00022         '1' => array(
00023             'OXID'           => 'OXID',
00024             'OXACTIV'        => 'OXACTIV',
00025             'OXRIGHTS'       => 'OXRIGHTS',
00026             'OXSHOPID'       => 'OXSHOPID',
00027             'OXUSERNAME'     => 'OXUSERNAME',
00028             'OXPASSWORD'     => 'OXPASSWORD',
00029             'OXCUSTNR'       => 'OXCUSTNR',
00030             'OXUSTID'        => 'OXUSTID',
00031             'OXCOMPANY'      => 'OXCOMPANY',
00032             'OXFNAME'        => 'OXFNAME',
00033             'OXLNAME'        => 'OXLNAME',
00034             'OXSTREET'       => 'OXSTREET',
00035             'OXSTREETNR'     => 'OXSTREETNR',
00036             'OXADDINFO'      => 'OXADDINFO',
00037             'OXCITY'         => 'OXCITY',
00038             'OXCOUNTRY'      => 'OXCOUNTRY',
00039             'OXCOUNTRYID'    => 'OXCOUNTRYID', //hard to obtain for external users, use getCountries ERP method, it should be correct countryid
00040             'OXZIP'          => 'OXZIP',
00041             'OXFON'          => 'OXFON',
00042             'OXFAX'          => 'OXFAX',
00043             'OXSAL'          => 'OXSAL',
00044             'OXBONI'         => 'OXBONI',
00045             'OXCREATE'       => 'OXCREATE', //always now
00046             'OXREGISTER'     => 'OXREGISTER',
00047             'OXPRIVFON'      => 'OXPRIVFON',
00048             'OXMOBFON'       => 'OXMOBFON',
00049             'OXBIRTHDATE'    => 'OXBIRTHDATE',
00050             'OXURL'          => 'OXURL',
00051             'OXBUERGELLASTCHECK'         => 'OXBUERGELLASTCHECK',
00052             'OXBUERGELTEXT'  => 'OXBUERGELTEXT',
00053             'OXBUERGELADRESSSTATUS'      => 'OXBUERGELADRESSSTATUS',
00054             'OXBUERGELADRESSTEXT'        => 'OXBUERGELADRESSTEXT',
00055             'OXDISABLEAUTOGRP'           => 'OXDISABLEAUTOGRP',
00056             'OXLDAPKEY'      => 'OXLDAPKEY',
00057             'OXWRONGLOGINS'  => 'OXWRONGLOGINS'
00058         ),
00059         '2' => array(
00060             'OXID' => 'OXID',
00061             'OXACTIVE' => 'OXACTIVE',
00062             'OXRIGHTS' => 'OXRIGHTS',
00063             'OXSHOPID' => 'OXSHOPID',
00064             'OXUSERNAME' => 'OXUSERNAME',
00065             'OXPASSWORD' => 'OXPASSWORD',
00066             'OXCUSTNR' => 'OXCUSTNR',
00067             'OXUSTID' => 'OXUSTID',
00068             'OXUSTIDSTATUS' => 'OXUSTIDSTATUS',
00069             'OXCOMPANY' => 'OXCOMPANY',
00070             'OXFNAME' => 'OXFNAME',
00071             'OXLNAME' => 'OXLNAME',
00072             'OXSTREET' => 'OXSTREET',
00073             'OXSTREETNR' => 'OXSTREETNR',
00074             'OXADDINFO' => 'OXADDINFO',
00075             'OXCITY' => 'OXCITY',
00076             'OXCOUNTRYID' => 'OXCOUNTRYID',
00077             'OXZIP' => 'OXZIP',
00078             'OXFON' => 'OXFON',
00079             'OXFAX' => 'OXFAX',
00080             'OXSAL' => 'OXSAL',
00081             'OXBONI' => 'OXBONI',
00082             'OXCREATE' => 'OXCREATE',
00083             'OXREGISTER' => 'OXREGISTER',
00084             'OXPRIVFON' => 'OXPRIVFON',
00085             'OXMOBFON' => 'OXMOBFON',
00086             'OXBIRTHDATE' => 'OXBIRTHDATE',
00087             'OXURL' => 'OXURL',
00088             'OXDISABLEAUTOGRP' => 'OXDISABLEAUTOGRP',
00089             'OXLDAPKEY' => 'OXLDAPKEY',
00090             'OXWRONGLOGINS' => 'OXWRONGLOGINS',
00091         ),
00092     );
00093 
00099     public function __construct()
00100     {
00101         parent::__construct();
00102 
00103         $oCompat = oxNew('OXERPCompatability');
00104         if ($oCompat->isPasswordSaltInOxUser() && (oxERPBase::getUsedDbFieldsVersion() < 3)) {
00105             // also read OXPASSSALT, which will be included into combo, but removed from output
00106             $this->_aFieldList['OXPASSSALT'] = 'OXPASSSALT';
00107         }
00108 
00109         $this->_sTableName      = 'oxuser';
00110         $this->_sShopObjectName = 'oxuser';
00111     }
00112 
00122     public function getSQL( $sWhere, $iLanguage = 0,$iShopID = 1)
00123     {
00124         $myConfig = oxConfig::getInstance();
00125         $oStr = getStr();
00126 
00127         // add type 'user' for security reasons
00128         if ( $oStr->strstr( $sWhere, 'where' ) ) {
00129             $sWhere .= ' and ';
00130         } else {
00131             $sWhere .= ' where ';
00132         }
00133 
00134         $sWhere .= ' oxrights = \'user\'';
00135         //MAFI also check for shopid to restrict access
00136         if ( !$myConfig->getConfigParam( 'blMallUsers' ) ) {
00137             $sWhere .= ' AND oxshopid = \''.$iShopID.'\'';
00138         }
00139 
00140         return parent::getSQL( $sWhere, $iLanguage);;
00141     }
00142 
00150     public function checkWriteAccess($sOxid)
00151     {
00152         $myConfig = oxConfig::getInstance();
00153 
00154         if (!$myConfig->getConfigParam('blMallUsers')) {
00155             parent::checkWriteAccess($sOxid);
00156         }
00157     }
00158 
00166     public function getObjectForDeletion( $sId)
00167     {
00168         $myConfig = oxConfig::getInstance();
00169 
00170         if ( !isset( $sId ) ) {
00171             throw new Exception( "Missing ID!");
00172         }
00173 
00174         $oUser = oxNew( $this->getShopObjectName(), "core");
00175         if ( !$oUser->exists( $sId ) ) {
00176             throw new Exception( $this->getShopObjectName(). " " . $sId. " does not exists!");
00177         }
00178 
00179         //We must load the object here, to check shopid and return it for further checks
00180         $oUser->load($sId);
00181 
00182         //if blMallUsers is true its possible to delete all users of all shops
00183         if ( $oUser->getShopId() != $myConfig->getShopId() && !$myConfig->getConfigParam('blMallUsers' ) ) {
00184             throw new Exception( "No right to delete object {$sId} !");
00185         }
00186 
00187         //set to false, to allow a deletion, even if its normally not allowed
00188         $oUser->setIsDerived(false);
00189         return $oUser;
00190     }
00191 
00201     protected function getSqlFieldName($sField, $iLanguage = 0, $iShopID = 1)
00202     {
00203         if ('1' == oxERPBase::getUsedDbFieldsVersion()) {
00204             switch ($sField) {
00205                 case 'OXACTIV':
00206                     return "OXACTIVE as OXACTIV";
00207                 case 'OXACTIVFROM':
00208                     return "OXACTIVEFROM as OXACTIVEFROM";
00209                 case 'OXACTIVTO':
00210                     return "OXACTIVETO as OXACTIVTO";
00211                 case 'OXCOUNTRY':
00212                     return "(select oxtitle from oxcountry where oxcountry.oxid=OXCOUNTRYID limit 1) as OXCOUNTRY";
00213                 case 'OXBUERGELLASTCHECK':
00214                     return "'0000-00-00 00:00:00' as $sField";
00215                 case 'OXBUERGELADRESSSTATUS':
00216                     return "'0' as $sField";
00217                 case 'OXBUERGELTEXT':
00218                 case 'OXBUERGELADRESSTEXT':
00219                     return "'' as $sField";
00220             }
00221         }
00222 
00223         return parent::getSqlFieldName($sField, $iLanguage, $iShopID);
00224     }
00225 
00226 
00236     protected function _preAssignObject($oShopObject, $aData, $blAllowCustomShopId)
00237     {
00238         $aData = parent::_preAssignObject($oShopObject, $aData, $blAllowCustomShopId);
00239 
00240         $oCompat = oxNew('OXERPCompatability');
00241         if ($oCompat->isPasswordSaltSupported() && (oxERPBase::getUsedDbFieldsVersion() < 3)) {
00242             // emulate passwd and salt with only passwd field: check if combined
00243             // combine rules: array(passwd, salt, md5(passwd+salt))
00244             $aCombo = @explode(':', $aData['OXPASSWORD']);
00245             if (is_array($aCombo) && (3 == count($aCombo)) && (md5($aCombo[0].$aCombo[1]) == $aCombo[2])) {
00246                 // combo detected
00247                 $aData['OXPASSWORD'] = $aCombo[0];
00248                 if ($oCompat->isPasswordSaltInOxUser()) {
00249                     $aData['OXPASSSALT'] = $aCombo[1];
00250                 } else {
00251                     $sConfigSalt = oxConfig::getInstance()->getConfigParam( 'sPasswdSalt' );
00252                     $sConfigSalt = unpack('H*', $sConfigSalt);
00253                     $sConfigSalt = $sConfigSalt[1];
00254                     if ($aCombo[1] != $sConfigSalt) {
00255                         // note: can not import config value here, since it will break other passwds
00256                         throw new Exception( self::$CAN_NOT_IMPORT_SALT );
00257                     }
00258                 }
00259             }
00260         }
00261         return $aData;
00262     }
00263 
00273     protected function _preSaveObject($oShopObject, $aData)
00274     {
00275         $oCompat = oxNew('OXERPCompatability');
00276         if ($oCompat->isPasswordSaltSupported()) {
00277             if (method_exists($oShopObject, 'getPasswordHash')) {
00278                 $oShopObject->getPasswordHash();
00279             } else {
00280                 if ( $oShopObject->oxuser__oxpassword->value ) {
00281                     if ( strpos( $oShopObject->oxuser__oxpassword->value, 'ox_' ) === 0 ) {
00282                         // decodable pass ?
00283                         $oShopObject->setPassword( oxUtils::getInstance()->strRem( $oShopObject->oxuser__oxpassword->value ) );
00284                     } elseif ( ( strlen( $oShopObject->oxuser__oxpassword->value ) < 32 ) && ( strpos( $oShopObject->oxuser__oxpassword->value, 'openid_' ) !== 0 ) ) {
00285                         // plain pass ?
00286                         $oShopObject->setPassword( $oShopObject->oxuser__oxpassword->value );
00287                     }
00288                 }
00289             }
00290         }
00291         return parent::_preSaveObject($oShopObject, $aData);
00292     }
00293 
00301     public function addExportData( $aFields )
00302     {
00303         $oCompat = oxNew('OXERPCompatability');
00304         if ($oCompat->isPasswordSaltSupported() && (oxERPBase::getUsedDbFieldsVersion() < 3)) {
00305             $sSalt = '';
00306             if ($oCompat->isPasswordSaltInOxUser()) {
00307                 $sSalt = $aFields['OXPASSSALT'];
00308                 $aFields['OXPASSSALT'] = null;
00309                 unset($aFields['OXPASSSALT']);
00310             } else {
00311                 $sSalt = oxConfig::getInstance()->getConfigParam( 'sPasswdSalt' );
00312                 $sSalt = unpack('H*', $sSalt);
00313                 $sSalt = $sSalt[1];
00314             }
00315             $sCheckSum = md5($aFields['OXPASSWORD'].$sSalt);
00316             $aFields['OXPASSWORD'] = implode(':', array($aFields['OXPASSWORD'], $sSalt, $sCheckSum));
00317         }
00318         return $aFields;
00319     }
00320 
00321 }
oxerptype_user.php
