add customer class

git-svn-id: https://silmor.de/svn/softmagic/smoke/trunk@82 6e3c4bff-ac9f-4ac1-96c5-d2ea494d3e33

diff --git a/www/inc/cauth_hash.php b/www/inc/cauth_hash.php
index 879ea2b..c3d6ef2 100644 (file)
--- a/www/inc/cauth_hash.php
+++ b/www/inc/cauth_hash.php
@@ -26,4 +26,10 @@ function calcAuth($cha,$tok)
        }
 }
 
+/**helper for Customer::authenticate and Customer::setPassword*/
+function calcPasswd($pass,$salt)
+{
+       return $salt.":".hash("sha1",$salt.$pass);
+}
+
 ?>
\ No newline at end of file

diff --git a/www/inc/cauth_mhash.php b/www/inc/cauth_mhash.php
index 7f32602..9813969 100644 (file)
--- a/www/inc/cauth_mhash.php
+++ b/www/inc/cauth_mhash.php
@@ -26,4 +26,10 @@ function calcAuth($cha,$tok)
        }
 }
 
+/**helper for Customer::authenticate and Customer::setPassword*/
+function calcPasswd($pass,$salt)
+{
+       return $salt.":".bin2hex(mhash(MHASH_SHA1,$salt.$pass));
+}
+
 ?>
\ No newline at end of file

diff --git a/www/inc/cauth_string.php b/www/inc/cauth_string.php
index 2f70290..546a8f9 100644 (file)
--- a/www/inc/cauth_string.php
+++ b/www/inc/cauth_string.php
@@ -22,4 +22,10 @@ function calcAuth($key,$tok)
        }
 }
 
+/**helper for Customer::authenticate and Customer::setPassword*/
+function calcPasswd($pass,$salt)
+{
+       return $salt.":".strtolower(sha1($salt.$pass));
+}
+
 ?>
\ No newline at end of file

diff --git a/www/inc/customer.php b/www/inc/customer.php
new file mode 100644 (file)
index 0000000..b503dc3
--- /dev/null
+++ b/www/inc/customer.php
@@ -0,0 +1,93 @@
+<?
+/*(c) Konrad Rosenbaum, 2007; see COPYING for details*/
+
+/**this class can be used to access a customers data*/
+class Customer
+{
+       private $id;
+       
+       /**construct an empty customer; if $id is given it tries to pre-load from the database*/
+       public function __construct($id=false)
+       {
+               $this->id=false;
+               if($id!==false){
+                       $this->getByID($id);
+               }
+       }
+       
+       /**tries to get the customer by its ID, returns false if it fails*/
+       public function getByID($id)
+       {
+               global $db;
+               $res=$db->select("customer","customerid","where customerid=".$db->escapeInt($id));
+               if(count($res)>0){
+                       $this->id=$id+0;
+                       return true;
+               }else
+                       return false;
+       }
+       
+       /**tries to get the customer by its email address, returns false if it fails*/
+       public function getByMail($mail)
+       {
+               global $db;
+               $res=$db->select("customer","customerid","where email=".$db->escapeString($mail));
+               if(count($res)>0){
+                       $this->id=$res[0]["customerid"];
+                       return true;
+               }else
+                       return false;
+       }
+       
+       /**checks whether the customer exists in the database; getByID or getByMail must have been called first*/
+       public function exists()
+       {
+               return $this->id !== false;
+       }
+       
+       /**creates the customer in the database; getByID or getByMail must not have been called yet; 
+       returns the new ID on success or false on failure*/
+       public function create($name)
+       {
+               if($this->id!==false)return;
+               global $db;
+               $this->id=$db->insert("customer",array("name"=>$name));
+               return $this->id;
+       }
+       
+       /**sets the email of this customer*/
+       public function setMail($mail)
+       {
+               if($this->id===false)return;
+               global $db;
+               $db->update("customer",array("email"=>$mail),"customerid=".$db->escapeInt($this->id));
+       }
+       
+       /**sets the password of this customer*/
+       public function setPassword($pwd)
+       {
+               if($this->id===false)return;
+               global $db;
+               $pass=calcPasswd($pwd,getSalt());
+               $db->update("customer",array("passwd"=>$pass),"customerid=".$db->escapeInt($this->id));
+       }
+       
+       /**checks whether $password matches the stored password for this customer; returns true on success*/
+       public function authenticate($passwd)
+       {
+               if($this->id===false)return false;
+               //get record
+               global $db;
+               $res=$db->select("customer","passwd","customerid=".$db->escapeInt($this->id));
+               //found anything?
+               if(count($res)<0)return false;
+               //is it a password
+               if(!is_string($res[0]["passwd"]) || strlen($res[0]["passwd"])<10)return false;
+               //check
+               $pwd=explode(":",$res[0]["passwd"]);
+               $pwd2=calcPasswd($passwd,$pwd[0]);
+               return $pwd2 == $res[0]["passwd"];
+       }
+};
+
+?>
\ No newline at end of file

diff --git a/www/inc/loader_nonadmin.php b/www/inc/loader_nonadmin.php
index c0a2c65..fe7b5a0 100644 (file)
--- a/www/inc/loader_nonadmin.php
+++ b/www/inc/loader_nonadmin.php
@@ -12,6 +12,9 @@ include("./inc/cart.php");
 include('./inc/error.php');
 include('./inc/language_manager.php');
 include('./inc/parser.php');
-include('./inc/config_manager.php')
+include('./inc/config_manager.php');
+include('./inc/customer.php');
+//load hash lib
+include("./inc/cauth_".$HashLib.".php");
 
 ?>
\ No newline at end of file

diff --git a/www/inc/random.php b/www/inc/random.php
index 096e88f..9b19645 100644 (file)
--- a/www/inc/random.php
+++ b/www/inc/random.php
@@ -44,4 +44,10 @@ function getRandom($bits)
        return substr($ret,0,$bits);
 }
 
+/**return a salt value for Customer::setPassword */
+function getSalt()
+{
+       return getRandom(16*4);
+}
+
 ?>
\ No newline at end of file

diff --git a/www/inc/session.php b/www/inc/session.php
index 3b1bb05..cfcdf89 100644 (file)
--- a/www/inc/session.php
+++ b/www/inc/session.php
@@ -217,6 +217,4 @@ class Session
        }
 };
 
-include("cauth_".$HashLib.".php");
-
 ?>
\ No newline at end of file