From 2aea6cdeb9290e8daf5bb6b41bb95d8bb1fd4d92 Mon Sep 17 00:00:00 2001
From: konrad <konrad@6e3c4bff-ac9f-4ac1-96c5-d2ea494d3e33>
Date: Sun, 16 Dec 2007 21:21:03 +0000
Subject: [PATCH] add customer class

git-svn-id: https://silmor.de/svn/softmagic/smoke/trunk@82 6e3c4bff-ac9f-4ac1-96c5-d2ea494d3e33
---
 www/inc/cauth_hash.php      |    6 +++
 www/inc/cauth_mhash.php     |    6 +++
 www/inc/cauth_string.php    |    6 +++
 www/inc/customer.php        |   93 +++++++++++++++++++++++++++++++++++++++++++
 www/inc/loader_nonadmin.php |    5 ++-
 www/inc/random.php          |    6 +++
 www/inc/session.php         |    2 -
 7 files changed, 121 insertions(+), 3 deletions(-)
 create mode 100644 www/inc/customer.php

diff --git a/www/inc/cauth_hash.php b/www/inc/cauth_hash.php
index 879ea2b..c3d6ef2 100644
--- a/www/inc/cauth_hash.php
+++ b/www/inc/cauth_hash.php
@@ -26,4 +26,10 @@ function calcAuth($cha,$tok)
 	}
 }
 
+/**helper for Customer::authenticate and Customer::setPassword*/
+function calcPasswd($pass,$salt)
+{
+	return $salt.":".hash("sha1",$salt.$pass);
+}
+
 ?>
\ No newline at end of file
diff --git a/www/inc/cauth_mhash.php b/www/inc/cauth_mhash.php
index 7f32602..9813969 100644
--- a/www/inc/cauth_mhash.php
+++ b/www/inc/cauth_mhash.php
@@ -26,4 +26,10 @@ function calcAuth($cha,$tok)
 	}
 }
 
+/**helper for Customer::authenticate and Customer::setPassword*/
+function calcPasswd($pass,$salt)
+{
+	return $salt.":".bin2hex(mhash(MHASH_SHA1,$salt.$pass));
+}
+
 ?>
\ No newline at end of file
diff --git a/www/inc/cauth_string.php b/www/inc/cauth_string.php
index 2f70290..546a8f9 100644
--- a/www/inc/cauth_string.php
+++ b/www/inc/cauth_string.php
@@ -22,4 +22,10 @@ function calcAuth($key,$tok)
 	}
 }
 
+/**helper for Customer::authenticate and Customer::setPassword*/
+function calcPasswd($pass,$salt)
+{
+	return $salt.":".strtolower(sha1($salt.$pass));
+}
+
 ?>
\ No newline at end of file
diff --git a/www/inc/customer.php b/www/inc/customer.php
new file mode 100644
index 0000000..b503dc3
--- /dev/null
+++ b/www/inc/customer.php
@@ -0,0 +1,93 @@
+<?
+/*(c) Konrad Rosenbaum, 2007; see COPYING for details*/
+
+/**this class can be used to access a customers data*/
+class Customer
+{
+	private $id;
+	
+	/**construct an empty customer; if $id is given it tries to pre-load from the database*/
+	public function __construct($id=false)
+	{
+		$this->id=false;
+		if($id!==false){
+			$this->getByID($id);
+		}
+	}
+	
+	/**tries to get the customer by its ID, returns false if it fails*/
+	public function getByID($id)
+	{
+		global $db;
+		$res=$db->select("customer","customerid","where customerid=".$db->escapeInt($id));
+		if(count($res)>0){
+			$this->id=$id+0;
+			return true;
+		}else
+			return false;
+	}
+	
+	/**tries to get the customer by its email address, returns false if it fails*/
+	public function getByMail($mail)
+	{
+		global $db;
+		$res=$db->select("customer","customerid","where email=".$db->escapeString($mail));
+		if(count($res)>0){
+			$this->id=$res[0]["customerid"];
+			return true;
+		}else
+			return false;
+	}
+	
+	/**checks whether the customer exists in the database; getByID or getByMail must have been called first*/
+	public function exists()
+	{
+		return $this->id !== false;
+	}
+	
+	/**creates the customer in the database; getByID or getByMail must not have been called yet; 
+	returns the new ID on success or false on failure*/
+	public function create($name)
+	{
+		if($this->id!==false)return;
+		global $db;
+		$this->id=$db->insert("customer",array("name"=>$name));
+		return $this->id;
+	}
+	
+	/**sets the email of this customer*/
+	public function setMail($mail)
+	{
+		if($this->id===false)return;
+		global $db;
+		$db->update("customer",array("email"=>$mail),"customerid=".$db->escapeInt($this->id));
+	}
+	
+	/**sets the password of this customer*/
+	public function setPassword($pwd)
+	{
+		if($this->id===false)return;
+		global $db;
+		$pass=calcPasswd($pwd,getSalt());
+		$db->update("customer",array("passwd"=>$pass),"customerid=".$db->escapeInt($this->id));
+	}
+	
+	/**checks whether $password matches the stored password for this customer; returns true on success*/
+	public function authenticate($passwd)
+	{
+		if($this->id===false)return false;
+		//get record
+		global $db;
+		$res=$db->select("customer","passwd","customerid=".$db->escapeInt($this->id));
+		//found anything?
+		if(count($res)<0)return false;
+		//is it a password
+		if(!is_string($res[0]["passwd"]) || strlen($res[0]["passwd"])<10)return false;
+		//check
+		$pwd=explode(":",$res[0]["passwd"]);
+		$pwd2=calcPasswd($passwd,$pwd[0]);
+		return $pwd2 == $res[0]["passwd"];
+	}
+};
+
+?>
\ No newline at end of file
diff --git a/www/inc/loader_nonadmin.php b/www/inc/loader_nonadmin.php
index c0a2c65..fe7b5a0 100644
--- a/www/inc/loader_nonadmin.php
+++ b/www/inc/loader_nonadmin.php
@@ -12,6 +12,9 @@ include("./inc/cart.php");
 include('./inc/error.php');
 include('./inc/language_manager.php');
 include('./inc/parser.php');
-include('./inc/config_manager.php')
+include('./inc/config_manager.php');
+include('./inc/customer.php');
+//load hash lib
+include("./inc/cauth_".$HashLib.".php");
 
 ?>
\ No newline at end of file
diff --git a/www/inc/random.php b/www/inc/random.php
index 096e88f..9b19645 100644
--- a/www/inc/random.php
+++ b/www/inc/random.php
@@ -44,4 +44,10 @@ function getRandom($bits)
 	return substr($ret,0,$bits);
 }
 
+/**return a salt value for Customer::setPassword */
+function getSalt()
+{
+	return getRandom(16*4);
+}
+
 ?>
\ No newline at end of file
diff --git a/www/inc/session.php b/www/inc/session.php
index 3b1bb05..cfcdf89 100644
--- a/www/inc/session.php
+++ b/www/inc/session.php
@@ -217,6 +217,4 @@ class Session
 	}
 };
 
-include("cauth_".$HashLib.".php");
-
 ?>
\ No newline at end of file
-- 
1.7.2.5