From b68a8e3faf48cae4c65e9ed1a9c864fcf070094d Mon Sep 17 00:00:00 2001
From: Andy Smith <andy@m0vkg.org.uk>
Date: Thu, 18 Aug 2011 01:31:15 +0100
Subject: [PATCH] 'user', renamed from 'auth'

---
 application/controllers/user.php  | 129 +++++++++++++++++++++++
 application/models/user_model.php | 170 ++++++++++++++++++++++++++++++
 2 files changed, 299 insertions(+)
 create mode 100644 application/controllers/user.php
 create mode 100644 application/models/user_model.php

diff --git a/application/controllers/user.php b/application/controllers/user.php
new file mode 100644
index 00000000..7b73dd88
--- /dev/null
+++ b/application/controllers/user.php
@@ -0,0 +1,129 @@
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+
+class User extends CI_Controller {
+
+	/* Displays all notes in a list */
+	public function index()
+	{
+		$this->load->model('user_model');
+
+		$data['results'] = $this->user_model->users();
+
+		$this->load->view('layout/header');
+		$this->load->view('user/main', $data);
+		$this->load->view('layout/footer');
+	}
+
+	/*
+	function add() {
+	
+		$this->load->model('note');
+	
+		$this->load->library('form_validation');
+
+		$this->form_validation->set_rules('title', 'Note Title', 'required');
+		$this->form_validation->set_rules('content', 'Content', 'required');
+
+
+		if ($this->form_validation->run() == FALSE)
+		{
+			$this->load->view('layout/header');
+			$this->load->view('notes/add');
+			$this->load->view('layout/footer');
+		}
+		else
+		{	
+			$this->note->add();
+			
+			redirect('notes');
+		}
+	}
+	
+	function view($id) {
+		$this->load->model('note');
+		
+		$data['note'] = $this->note->view($id);
+		
+		// Display
+		$this->load->view('layout/header');
+		$this->load->view('notes/view',$data);
+		$this->load->view('layout/footer');
+	}
+	*/
+
+	function edit() {
+		$this->load->model('user_model');
+		$query = $this->user_model->get_by_id($this->uri->segment(3));
+		
+		$this->load->library('form_validation');
+
+		$this->form_validation->set_rules('user_name', 'Username', 'required');
+		$this->form_validation->set_rules('user_email', 'E-mail', 'required');
+		$this->form_validation->set_rules('user_type', 'Type', 'required');
+
+		$data = $query->row();
+
+		if ($this->form_validation->run() == FALSE)
+		{
+			$this->load->view('layout/header');
+			$this->load->view('user/edit', $data);
+			$this->load->view('layout/footer');
+		}
+		else
+		{
+			$this->user_model->edit();
+			$this->session->set_flashdata('notice', 'User updated');
+			redirect('user');
+		}
+	}
+
+	function login() {
+		$this->load->model('user_model');
+		$query = $this->user_model->get($this->input->post('user_name'));
+
+		$this->load->library('form_validation');
+
+		$this->form_validation->set_rules('user_name', 'Username', 'required');
+		$this->form_validation->set_rules('user_password', 'Password', 'required');
+
+		$data = $query->row();
+
+		if ($this->form_validation->run() == FALSE)
+		{
+			$this->load->view('layout/header');
+			$this->load->view('user/login', $data);
+			$this->load->view('layout/footer');
+		}
+		else
+		{
+			if($this->user_model->login() == 1) {
+				$this->session->set_flashdata('notice', 'User logged in');
+				$this->user_model->update_session($data->user_id);
+				redirect('dashboard');
+			} else {
+				$this->session->set_flashdata('notice', 'Incorrect username or password!');
+				redirect('user/login');
+			}
+		}
+	}
+
+	function logout() {
+		$this->load->model('user_model');
+
+		$user_name = $this->session->userdata('user_name');
+
+		$this->user_model->clear_session();
+
+		$this->session->set_flashdata('notice', 'User '.$user_name.' logged out.');
+		redirect('dashboard');
+	}
+
+	/*
+	function delete($id) {
+		$this->load->model('note');
+		$this->note->delete($id);
+		
+		redirect('notes');
+	}
+*/
+}
diff --git a/application/models/user_model.php b/application/models/user_model.php
new file mode 100644
index 00000000..f6230e73
--- /dev/null
+++ b/application/models/user_model.php
@@ -0,0 +1,170 @@
+<?php
+
+// Uses 'phpass' from http://www.openwall.com/phpass/ to implement password hashing
+require_once('application/third_party/PasswordHash.php');
+
+class User_Model extends CI_Model {
+
+    function __construct()
+    {
+        // Call the Model constructor
+        parent::__construct();
+    }
+
+	// Retrieve a user
+	function get($username) {
+		$this->db->where('user_name', $username);
+		$r = $this->db->get($this->config->item('auth_table'));
+		return $r;
+	}
+
+	function get_by_id($id) {
+		$this->db->where('user_id', $id);
+		$r = $this->db->get($this->config->item('auth_table'));
+		return $r;
+	}
+
+	function exists($username) {
+		if($this->get($username)->results()->num_rows == 0) {
+			return 0;
+		} else {
+			return 1;
+		}
+	}
+
+	function add($username, $password, $email, $type) {
+		if(!$this->exists($username)) {
+			$data = array(
+				'user_name' => $username,
+				'user_password' => $this->_hash($password),
+				'user_email' => $email,
+				'user_type' => $type
+			);
+
+			$this->db->insert($this->config->item('auth_table'));
+			return 1;
+		} else {
+			return 0;
+		}
+	}
+
+	function edit() {
+		
+		$data = array(
+			'user_name' => $this->input->post('user_name'),
+			'user_email' => $this->input->post('user_email'),
+			'user_type' => $this->input->post('user_type')
+		);
+
+		if($this->input->post('user_password') != NULL)
+		{
+			$data['user_password'] = $this->_hash($this->input->post('user_password'));
+		}
+
+		$this->db->where('user_id', $this->input->post('id'));
+		$this->db->update($this->config->item('auth_table'), $data);
+
+	}
+
+	function login() {
+		
+		$username = $this->input->post('user_name');
+		$password = $this->input->post('user_password');
+
+		return $this->authenticate($username, $password);
+	}
+
+	function clear_session() {
+	
+		$this->session->unset_userdata(array('user_id' => '', 'user_type' => '', 'user_email' => '', 'user_hash' => ''));
+
+	}
+		
+	function update_session($id) {
+		
+		$u = $this->get_by_id($id);
+
+		$userdata = array(
+			'user_id'		=> $u->row()->user_id,
+			'user_name'		=> $u->row()->user_name,
+			'user_type'		=> $u->row()->user_type,
+			'user_hash'		=> $this->_hash($u->row()->user_id."-".$u->row()->user_type)
+		);
+
+		$this->session->set_userdata($userdata);
+	}
+
+	function validate_session() {
+
+		if($this->session->userdata('user_id'))
+		{
+			$user_id = $this->session->userdata('user_id');
+			$user_type = $this->session->userdata('user_type');
+			$user_hash = $this->session->userdata('user_hash');
+
+			if($this->_auth($user_id."-".$user_type, $user_hash)) {
+				return 1;
+			} else {
+				$this->clear_session();
+				return 0;
+			}
+		} else {
+			return 0;
+		}
+	}
+
+	function authenticate($username, $password) {
+		$u = $this->get($username);
+		if($u->num_rows != 0)
+		{
+			if($this->_auth($password, $u->row()->user_password)) {
+				return 1;
+			}
+		}
+		return 0;
+	}
+
+	function authorize($level) {
+		$u = $this->get_by_id($this->session->userdata('user_id'));
+		if(($this->validate_session) && ($u->row()->user_type >= $level)) {
+			return 1;
+		} else {
+			return 0;
+		}
+	}
+
+	function set($username, $data) {
+		$this->db->where('user_name', $username);
+		$this->db->update($this->config->item('auth_table', $data));
+		return 1;
+	}
+
+	function users() {
+		$r = $this->db->get($this->config->item('auth_table'));
+		return $r;
+	}
+
+	private function _auth($password, $hash) {
+		$h = new PasswordHash(8, FALSE);
+		if($h->CheckPassword($password, $hash)) {
+			return 1;
+		} else {
+			return 0;
+		}
+	}
+
+	private function _hash($password) {
+		$h = new PasswordHash(8, FALSE);
+		$hash = $h->HashPassword($password);
+		unset($h);
+
+		if(strlen($hash) < 20) {
+			return 0;
+		} else {
+			return $hash;
+		}
+	}
+		
+}
+
+?>