oxerptype_user.php

Go to the documentation of this file.
00001 <?php
00002 
00003 require_once 'oxerptype.php';
00004 require_once realpath(dirname(__FILE__).'/../oxerpcompatability.php');
00005 
00009 class oxERPType_User extends oxERPType
00010 {
00015     static $CAN_NOT_IMPORT_SALT = 'ERROR: Can not import user password salt to shop config.';
00016 
00021     protected $_aFieldListVersions = array(
00022         '1' => array(
00023             'OXID'           => 'OXID',
00024             'OXACTIV'        => 'OXACTIV',
00025             'OXRIGHTS'       => 'OXRIGHTS',
00026             'OXSHOPID'       => 'OXSHOPID',
00027             'OXUSERNAME'     => 'OXUSERNAME',
00028             'OXPASSWORD'     => 'OXPASSWORD',
00029             'OXCUSTNR'       => 'OXCUSTNR',
00030             'OXUSTID'        => 'OXUSTID',
00031             'OXCOMPANY'      => 'OXCOMPANY',
00032             'OXFNAME'        => 'OXFNAME',
00033             'OXLNAME'        => 'OXLNAME',
00034             'OXSTREET'       => 'OXSTREET',
00035             'OXSTREETNR'     => 'OXSTREETNR',
00036             'OXADDINFO'      => 'OXADDINFO',
00037             'OXCITY'         => 'OXCITY',
00038             'OXCOUNTRY'      => 'OXCOUNTRY',
00039             'OXCOUNTRYID'    => 'OXCOUNTRYID', //hard to obtain for external users, use getCountries ERP method, it should be correct countryid
00040             'OXZIP'          => 'OXZIP',
00041             'OXFON'          => 'OXFON',
00042             'OXFAX'          => 'OXFAX',
00043             'OXSAL'          => 'OXSAL',
00044             'OXBONI'         => 'OXBONI',
00045             'OXCREATE'       => 'OXCREATE', //always now
00046             'OXREGISTER'     => 'OXREGISTER',
00047             'OXPRIVFON'      => 'OXPRIVFON',
00048             'OXMOBFON'       => 'OXMOBFON',
00049             'OXBIRTHDATE'    => 'OXBIRTHDATE',
00050             'OXURL'          => 'OXURL',
00051             'OXBUERGELLASTCHECK'         => 'OXBUERGELLASTCHECK',
00052             'OXBUERGELTEXT'  => 'OXBUERGELTEXT',
00053             'OXBUERGELADRESSSTATUS'      => 'OXBUERGELADRESSSTATUS',
00054             'OXBUERGELADRESSTEXT'        => 'OXBUERGELADRESSTEXT',
00055             'OXDISABLEAUTOGRP'           => 'OXDISABLEAUTOGRP',
00056             'OXLDAPKEY'      => 'OXLDAPKEY',
00057             'OXWRONGLOGINS'  => 'OXWRONGLOGINS'
00058         ),
00059         '2' => array(
00060             'OXID' => 'OXID',
00061             'OXACTIVE' => 'OXACTIVE',
00062             'OXRIGHTS' => 'OXRIGHTS',
00063             'OXSHOPID' => 'OXSHOPID',
00064             'OXUSERNAME' => 'OXUSERNAME',
00065             'OXPASSWORD' => 'OXPASSWORD',
00066             'OXCUSTNR' => 'OXCUSTNR',
00067             'OXUSTID' => 'OXUSTID',
00068             'OXUSTIDSTATUS' => 'OXUSTIDSTATUS',
00069             'OXCOMPANY' => 'OXCOMPANY',
00070             'OXFNAME' => 'OXFNAME',
00071             'OXLNAME' => 'OXLNAME',
00072             'OXSTREET' => 'OXSTREET',
00073             'OXSTREETNR' => 'OXSTREETNR',
00074             'OXADDINFO' => 'OXADDINFO',
00075             'OXCITY' => 'OXCITY',
00076             'OXCOUNTRYID' => 'OXCOUNTRYID',
00077             'OXZIP' => 'OXZIP',
00078             'OXFON' => 'OXFON',
00079             'OXFAX' => 'OXFAX',
00080             'OXSAL' => 'OXSAL',
00081             'OXBONI' => 'OXBONI',
00082             'OXCREATE' => 'OXCREATE',
00083             'OXREGISTER' => 'OXREGISTER',
00084             'OXPRIVFON' => 'OXPRIVFON',
00085             'OXMOBFON' => 'OXMOBFON',
00086             'OXBIRTHDATE' => 'OXBIRTHDATE',
00087             'OXURL' => 'OXURL',
00088             'OXDISABLEAUTOGRP' => 'OXDISABLEAUTOGRP',
00089             'OXLDAPKEY' => 'OXLDAPKEY',
00090             'OXWRONGLOGINS' => 'OXWRONGLOGINS',
00091         ),
00092     );
00093 
00099     public function __construct()
00100     {
00101         parent::__construct();
00102 
00103         $oCompat = oxNew('OXERPCompatability');
00104         if ($oCompat->isPasswordSaltInOxUser() && (oxERPBase::getUsedDbFieldsVersion() < 3)) {
00105             // also read OXPASSSALT, which will be included into combo, but removed from output
00106             $this->_aFieldList['OXPASSSALT'] = 'OXPASSSALT';
00107         }
00108 
00109         $this->_sTableName      = 'oxuser';
00110         $this->_sShopObjectName = 'oxuser';
00111     }
00112 
00122     public function getSQL( $sWhere, $iLanguage = 0,$iShopID = 1)
00123     {
00124         $myConfig = oxConfig::getInstance();
00125         $oStr = getStr();
00126 
00127         // add type 'user' for security reasons
00128         if ( $oStr->strstr( $sWhere, 'where' ) ) {
00129             $sWhere .= ' and ';
00130         } else {
00131             $sWhere .= ' where ';
00132         }
00133 
00134         $sWhere .= ' oxrights = \'user\'';
00135         //MAFI also check for shopid to restrict access
00136         if ( !$myConfig->getConfigParam( 'blMallUsers' ) ) {
00137             $sWhere .= ' AND oxshopid = \''.$iShopID.'\'';
00138         }
00139 
00140         return parent::getSQL( $sWhere, $iLanguage);;
00141     }
00142 
00150     public function checkWriteAccess($sOxid)
00151     {
00152         $myConfig = oxConfig::getInstance();
00153 
00154         if (!$myConfig->getConfigParam('blMallUsers')) {
00155             parent::checkWriteAccess($sOxid);
00156         }
00157     }
00158 
00166     public function getObjectForDeletion( $sId)
00167     {
00168         $myConfig = oxConfig::getInstance();
00169 
00170         if ( !isset( $sId ) ) {
00171             throw new Exception( "Missing ID!");
00172         }
00173 
00174         $oUser = oxNew( $this->getShopObjectName(), "core");
00175         if ( !$oUser->exists( $sId ) ) {
00176             throw new Exception( $this->getShopObjectName(). " " . $sId. " does not exists!");
00177         }
00178 
00179         //We must load the object here, to check shopid and return it for further checks
00180         $oUser->load($sId);
00181 
00182         //if blMallUsers is true its possible to delete all users of all shops
00183         if ( $oUser->getShopId() != $myConfig->getShopId() && !$myConfig->getConfigParam('blMallUsers' ) ) {
00184             throw new Exception( "No right to delete object {$sId} !");
00185         }
00186 
00187         //set to false, to allow a deletion, even if its normally not allowed
00188         $oUser->setIsDerived(false);
00189         return $oUser;
00190     }
00191 
00201     protected function getSqlFieldName($sField, $iLanguage = 0, $iShopID = 1)
00202     {
00203         if ('1' == oxERPBase::getUsedDbFieldsVersion()) {
00204             switch ($sField) {
00205                 case 'OXACTIV':
00206                     return "OXACTIVE as OXACTIV";
00207                     break;
00208                 case 'OXACTIVFROM':
00209                     return "OXACTIVEFROM as OXACTIVEFROM";
00210                     break;
00211                 case 'OXACTIVTO':
00212                     return "OXACTIVETO as OXACTIVTO";
00213                     break;
00214                 case 'OXCOUNTRY':
00215                     return "(select oxtitle from oxcountry where oxcountry.oxid=OXCOUNTRYID limit 1) as OXCOUNTRY";
00216                     break;
00217                 case 'OXBUERGELLASTCHECK':
00218                     return "'0000-00-00 00:00:00' as $sField";
00219                     break;
00220                 case 'OXBUERGELADRESSSTATUS':
00221                     return "'0' as $sField";
00222                     break;
00223                 case 'OXBUERGELTEXT':
00224                 case 'OXBUERGELADRESSTEXT':
00225                     return "'' as $sField";
00226                     break;
00227             }
00228         }
00229 
00230         return parent::getSqlFieldName($sField, $iLanguage, $iShopID);
00231     }
00232 
00233 
00243     protected function _preAssignObject($oShopObject, $aData, $blAllowCustomShopId)
00244     {
00245         $aData = parent::_preAssignObject($oShopObject, $aData, $blAllowCustomShopId);
00246 
00247         $oCompat = oxNew('OXERPCompatability');
00248         if ($oCompat->isPasswordSaltSupported() && (oxERPBase::getUsedDbFieldsVersion() < 3)) {
00249             // emulate passwd and salt with only passwd field: check if combined
00250             // combine rules: array(passwd, salt, md5(passwd+salt))
00251             $aCombo = @explode(':', $aData['OXPASSWORD']);
00252             if (is_array($aCombo) && (3 == count($aCombo)) && (md5($aCombo[0].$aCombo[1]) == $aCombo[2])) {
00253                 // combo detected
00254                 $aData['OXPASSWORD'] = $aCombo[0];
00255                 if ($oCompat->isPasswordSaltInOxUser()) {
00256                     $aData['OXPASSSALT'] = $aCombo[1];
00257                 } else {
00258                     $sConfigSalt = oxConfig::getInstance()->getConfigParam( 'sPasswdSalt' );
00259                     $sConfigSalt = unpack('H*', $sConfigSalt);
00260                     $sConfigSalt = $sConfigSalt[1];
00261                     if ($aCombo[1] != $sConfigSalt) {
00262                         // note: can not import config value here, since it will break other passwds
00263                         throw new Exception( self::$CAN_NOT_IMPORT_SALT );
00264                     }
00265                 }
00266             }
00267         }
00268         return $aData;
00269     }
00270 
00280     protected function _preSaveObject($oShopObject, $aData)
00281     {
00282         $oCompat = oxNew('OXERPCompatability');
00283         if ($oCompat->isPasswordSaltSupported()) {
00284             if (method_exists($oShopObject, 'getPasswordHash')) {
00285                 $oShopObject->getPasswordHash();
00286             } else {
00287                 if ( $oShopObject->oxuser__oxpassword->value ) {
00288                     if ( strpos( $oShopObject->oxuser__oxpassword->value, 'ox_' ) === 0 ) {
00289                         // decodable pass ?
00290                         $oShopObject->setPassword( oxUtils::getInstance()->strRem( $oShopObject->oxuser__oxpassword->value ) );
00291                     } elseif ( ( strlen( $oShopObject->oxuser__oxpassword->value ) < 32 ) && ( strpos( $oShopObject->oxuser__oxpassword->value, 'openid_' ) !== 0 ) ) {
00292                         // plain pass ?
00293                         $oShopObject->setPassword( $oShopObject->oxuser__oxpassword->value );
00294                     }
00295                 }
00296             }
00297         }
00298         return parent::_preSaveObject($oShopObject, $aData);
00299     }
00300 
00308     public function addExportData( $aFields )
00309     {
00310         $oCompat = oxNew('OXERPCompatability');
00311         if ($oCompat->isPasswordSaltSupported() && (oxERPBase::getUsedDbFieldsVersion() < 3)) {
00312             $sSalt = '';
00313             if ($oCompat->isPasswordSaltInOxUser()) {
00314                 $sSalt = $aFields['OXPASSSALT'];
00315                 $aFields['OXPASSSALT'] = null;
00316                 unset($aFields['OXPASSSALT']);
00317             } else {
00318                 $sSalt = oxConfig::getInstance()->getConfigParam( 'sPasswdSalt' );
00319                 $sSalt = unpack('H*', $sSalt);
00320                 $sSalt = $sSalt[1];
00321             }
00322             $sCheckSum = md5($aFields['OXPASSWORD'].$sSalt);
00323             $aFields['OXPASSWORD'] = implode(':', array($aFields['OXPASSWORD'], $sSalt, $sCheckSum));
00324         }
00325         return $aFields;
00326     }
00327 
00328 }