Class user

Description

The user class This class managed users. It pre-supposes a particular database structure based on three tables: uuser, ugroup, and uuser_group.

Please see the example schemas for Phplib for further details.

Located in /user-defs.php (line 46)


	
			
Direct descendents
Class Description
 class session THE SESSION CLASS A class to manage user sessions. A session is simply a thing which contains information about a user who has logged on to the system, so in fact the session is just an extension of a user.
 class authorised_user The Authorised User class This derived class just allows us a different way of defining a new user, when we know their authorisation code.
Variable Summary
Method Summary
 user user ([string $userid = ""])
 integer authenticate (string $authid, [string $password = ""])
 integer authenticate_authid (string $authid)
 integer authenticate_ipaddress (string $ip)
 boolean authenticate_password (string $submitted_passwd)
 integer authenticate_userid (string $userid, [string $submitted_password = ""])
 string friendlyName ()
 void generate_password (string $plaintext_password, [string $salt = ""])
 string get_auth_code ()
 string get_groups ()
 bool get_user_by_auth_code (string $auth_code)
 bool get_user_by_id (string $userid)
 bool get_user_by_ip (string $ip)
 string group_ids_list ([string $delim = ","])
 string group_names_list ([string $delim = ","])
 bool ismemberof_group (string $groupname)
 bool ismemberof_group_in (mixed $groupnames_list)
 bool ismemberof_group_with_id (string $groupid)
 bool isvalid ()
 void set_password (mixed $plaintext_password, string $password)
 void set_remote_authentication (mixed $auth_source, [integer $auth_method = "md5"], [string $auth_dbname = ""], [string $auth_tablename = ""], [array $auth_mappings = false])
 void set_security_profile ([string $encryption = "md5"], integer $expiry_days, integer $max_attempts, boolean $history_cycle, integer $delay_ms, integer $min_chars, [boolean $char_uniqueness = "low"], [boolean $alphanum_mixed = false], [boolean $apply_stopwords = false])
 boolean valid_password (string $password, string &$errmsgs)
Variables
mixed $authentication_method = "md5" (line 121)

User authentication method

mixed $auth_code = "" (line 52)

Optional authorisation hash code

mixed $email = "" (line 66)

User e-mail address

mixed $enabled = false (line 70)

True of user is active/enabled

mixed $first_name = "" (line 58)

First name of the person

mixed $group_info (line 80)

Group membership details in full, as associative array

mixed $group_names = array() (line 78)

Array of group membership names (strings)

mixed $hasgroups = false (line 76)

True if user has a group membership

mixed $hasIPlist = false (line 88)

Flag, true if user has auto-login IP addresses

mixed $honorific_prefix = "" (line 56)

Honorific prefix Eg. 'Mr.', 'Ms.', 'Mrs.' etc.

mixed $IP (line 86)

List of IP addresses this user will be auto-logged-in from.

mixed $last_name = "" (line 62)

Last name of the person

mixed $limit_logins = 0 (line 74)

Limit of logins allowed (0=unlimited)

mixed $locked (line 98)

Flag, true if this user account is locked

mixed $mid_names = "" (line 60)

Middle names or initials of the person

mixed $name = "" (line 54)

Formatted full display name of the person

mixed $passwd_alphanum_mixed = false (line 113)

Security profile: if true, passwords must be mixture of alpha & numeric

mixed $passwd_apply_stopwords = false (line 115)

Security profile: if true, passwords must not match built-in stopword list

mixed $passwd_char_uniqueness = "medium" (line 111)

Security profile: char uniqueness level - none, low, medium, or high

mixed $passwd_delay_ms = 0 (line 107)

Security profile: delay in millisec after a password failure

mixed $passwd_encryption = "md5" (line 101)

Security profile: how passwords are encrypted:

'none', 'md5', 'md5salted', 'custom'

mixed $passwd_expiry_days = 90 (line 103)

Security profile: no. of days a password lasts

mixed $passwd_expiry_ts = 0 (line 92)

Date-time that the password will expire at (Unix timestamp)

mixed $passwd_failures = 0 (line 96)

Number of consequetive password failures we have had

mixed $passwd_forever = false (line 90)

Flag, true if user password never expires

mixed $passwd_history = array() (line 94)

Array of previously used passwords

mixed $passwd_history_cycle = 0 (line 117)

Security profile: password history cycle - number of saved passwords

mixed $passwd_max_attempts = 5 (line 105)

Security profile: no. of consequetive password failures allowed

mixed $passwd_min_chars = 6 (line 109)

Security profile: min characters in a new password

mixed $password = "" (line 64)

Text password (encrypted or plain)

mixed $remote_auth_dbname = NOT_MAPPED (line 123)

User authentication remote database name

mixed $remote_auth_fields = array() (line 127)

User authentication remote table field mapping

mixed $remote_auth_source = LOCAL_AUTH (line 119)

User authentication source

mixed $remote_auth_tablename = NOT_MAPPED (line 125)

User authentication remote user table

mixed $total_logins = 0 (line 72)

Total logins so far

mixed $userid = "" (line 48)

Login user id, string

mixed $user_groups_cnt = 0 (line 82)

Group membership count

mixed $user_record (line 84)

Complete user record as an associative array

mixed $user_type = "" (line 68)

User type: arbitrary textual type

mixed $valid = false (line 50)

True if user record is valid

Methods
Constructor user (line 135)

Constructor Create a new user object.

user user ([string $userid = ""])
  • string $userid: User ID of the user
authenticate (line 595)

Authenticate a user Tries all types of authentication we know about using the parameters passed to it.

  • return: Login type code
integer authenticate (string $authid, [string $password = ""])
  • string $authid: Unique user ID, authorization code or IP
  • string $password: Password for the user
authenticate_authid (line 712)

Authenticate a user by authorisation ID

  • return: Login type code
integer authenticate_authid (string $authid)
  • string $authid: Authorisation code/id of the user
authenticate_ipaddress (line 686)

Authenticate a user by IP address

  • return: Login type code
integer authenticate_ipaddress (string $ip)
  • string $ip: IP address of remote host accessing this site
authenticate_password (line 277)

Authenticate a password according to the appropriate encryption regime.

The encryption method used depends on whether the user is a normal (local) Axyl user, or one which is being maintained on a remote system.

  • return: True if the password was authenticated.
boolean authenticate_password (string $submitted_passwd)
  • string $submitted_passwd: Password submitted for authentication.
authenticate_userid (line 618)

Authenticate a user by userid/password.

  • return: Login type code
integer authenticate_userid (string $userid, [string $submitted_password = ""])
  • string $userid: Unique user ID of the user
  • string $submitted_password: Password for the user
friendlyName (line 1157)

Get friendly name

Make a 'friendly' name from a full one. Good for "Dear... ,"

  • return: Friendly name for the current user
string friendlyName ()
generate_password (line 363)

Generate a new password. Although we take note of whether the user is local or remote, in general we don't expect to be generating passwords for remotely maintained users.

void generate_password (string $plaintext_password, [string $salt = ""])
  • string $plaintext_password: The plaintext password we will use
  • string $salt: Optional salt for MD5 salted passwords
get_auth_code (line 937)

Get user Authorisation Code Return this user's unique authorisation code; generate one if it isn't there yet, from userid and current time.

  • return: The authorisation code for the current user
string get_auth_code ()
get_groups (line 961)

Get user groups info

For this user, populate the group data for this object. We read the uuser_group and ugroup tables and populate the two variables @see $user_groups and @see $group_info

  • return: The groups list for the user, delimited by pipe ("|")
string get_groups ()
get_user_by_auth_code (line 862)

Get user by Authorisation Code Internal function to return the user record from auth_code. The authorisation code is usually a string containing a complex key generated by something like MD5 or better.

  • return: True if the user was found with the given authorisation code
bool get_user_by_auth_code (string $auth_code)
  • string $auth_code: Authorisation code to match for this user
get_user_by_id (line 739)

Get user by ID Internal function to return the user record from id.

  • return: True if the user was found with the given user ID
bool get_user_by_id (string $userid)
  • string $userid: Unique user ID
get_user_by_ip (line 883)

Get user by IP Internal function to return the user record which has IP address(es) which coincide with the client IP address being used for this access.

  • return: True if a user was found with matching IP address
bool get_user_by_ip (string $ip)
  • string $ip: Allowed IP host or network to allow logins from
group_ids_list (line 1119)

Get group IDs list

Return a string with the comma-delimited list of group ids which this user belongs to in it. This is useful for using in an SQL statement like: WHERE group_id IN (group_ids_list()) for example. Note we only access the database to populate $this->group_info when we need to, not every session.

  • return: List of group ID's comma-delimited
string group_ids_list ([string $delim = ","])
  • string $delim: Delimiter character (defaults to comma)
group_names_list (line 1139)

Get group names list

Return a string with the comma-delimited list of group names which this user belongs to in it. Eg. "Editor,Author,Admin"

  • return: List of group name's comma-delimited
string group_names_list ([string $delim = ","])
  • string $delim: Delimiter character (defaults to comma)
ismemberof_group (line 1046)

Is user a member of a named group. The argument passed in must be a single group name string (ie. not a numeric group id) which is defined in the database.

Return true if the user is a member of the named group.

  • return: True if the user is a member of the group, else false
bool ismemberof_group (string $groupname)
  • string $groupname: Name of the group we are checking user membership of
ismemberof_group_in (line 1065)

Is user a member of one group of many Check user against a list of groups, return true if member of at least one of them. The list in $groupnames can be either a comma-delimited string of group names, OR an array of group names.

  • return: True if user is member of at least one of the groups, else false
bool ismemberof_group_in (mixed $groupnames_list)
  • mixed $groupnames_list: Comma-delimited list OR array of group names
ismemberof_group_with_id (line 1092)

Is user a member of a group with ID Return true if the user is a member of the group with given ID.

  • return: True if the user is a member of the group, else false
bool ismemberof_group_with_id (string $groupid)
  • string $groupid: ID of the group we are checking user membership of
isvalid (line 1105)

Return true if the current user is a valid one. This is false when the user has not been authorised, or the user ID wasn't found etc. It is an error condition for this to be false.

  • return: True if the current user object is valid
bool isvalid ()
password_expired (line 416)

Check whether the password for this user has expired. Returns true if it has, else false.

$return boolean True if this user has an expired password.

void password_expired ()
push_password_history (line 449)

Push the current password on the history stack. Trim the history

to the number we are supposed to retain in the cycle. This method only does anything if 'passwd_cycle_history' is non-zero. It also checks and makes sure that the password isn't already in the history array, and if it is, does nothing.

void push_password_history ()
save_password_data (line 398)

Save the password data as stored in this object, to the user record.

$return boolean True if the data was saved ok.

void save_password_data ()
set_password (line 248)

Set the user login password. Store it according to the encryption mode. We assume a plain text password is being supplied.

NB: Axyl-encrypted passwords always have an 'axenc_' prefix.

void set_password (mixed $plaintext_password, string $password)
  • string $password: Plain text password to set for this user $return string The password which is going to be stored
set_password_expiry (line 438)

Set the password expiry timestamp afresh. We use the settings for how long passwords should last, and add this to the time now to get the expiry datetime.

void set_password_expiry ()
set_remote_authentication (line 172)

Set the user authentication method. This determines how we authenticate the user. Normally we just authenticate via the local database, but this method allows that to be varied for remotely maintained account details.

void set_remote_authentication (mixed $auth_source, [integer $auth_method = "md5"], [string $auth_dbname = ""], [string $auth_tablename = ""], [array $auth_mappings = false])
  • integer $auth_method: Code for auth moethod 0=local, 1=remote db
  • string $auth_dbname: Name of the remote database
  • string $auth_tablename: Name of the remote database table
  • array $auth_mappings: Array of field mappings for account info
set_security_profile (line 208)

Set the user security profile. This is a bunch of parameters which will are applied to ALL users, including this one, when passwords are being set, created or otherwise checked.

void set_security_profile ([string $encryption = "md5"], integer $expiry_days, integer $max_attempts, boolean $history_cycle, integer $delay_ms, integer $min_chars, [boolean $char_uniqueness = "low"], [boolean $alphanum_mixed = false], [boolean $apply_stopwords = false])
  • string $encryption: Password encryption: 'none', 'md5', 'md5salted', 'custom'
  • integer $expiry_days: No. of days passwords last before expiring
  • integer $max_attempts: Max. no. of consequetive failed logins
  • boolean $history_cycle: No. saved passwords before cycling the list
  • integer $delay_ms: Delay in mS, for a failed login
  • integer $min_chars: Minimum characters in a new password
  • boolean $char_uniqueness: Char uniqueness level ('low', 'medium', 'high')
  • boolean $alphanum_mixed: Whether a mix of alpha and numerics are required
  • boolean $apply_stopwords: Whether to apply stopword list to passwords
valid_password (line 476)

Validate password against all the rules for it. Returns true if the password passed all the tests, else false. Also provides a resulting error message which is either a nullstring "", or an explanation of why the validation failed.

  • return: True if password validated ok, else false.
boolean valid_password (string $password, string &$errmsgs)
  • string $password: Plain text password to validate
  • string &$errmsgs: An array of error message explaining failure.

Documentation generated by phpDocumentor 1.3.0RC3