From 58eeaba11f1abcccb947fa907c9eb23dc12a76f6 Mon Sep 17 00:00:00 2001
From: emkael <emkael@tlen.pl>
Date: Wed, 9 Mar 2016 15:04:31 +0100
Subject:  * user management

---
 app/php/application.xml    |  5 +++++
 app/php/pages/Admin.page   |  1 +
 app/php/pages/Admin.php    |  7 ++++++
 app/php/pages/Login.page   | 17 ++++++++++++++
 app/php/pages/Login.php    | 20 +++++++++++++++++
 app/php/pages/Profile.page |  1 +
 app/php/pages/Profile.php  |  7 ++++++
 app/php/pages/Signup.page  | 37 +++++++++++++++++++++++++++++++
 app/php/pages/Signup.php   | 27 +++++++++++++++++++++++
 app/php/pages/config.xml   |  7 ++++++
 app/php/user/DbUser.php    | 55 ++++++++++++++++++++++++++++++++++++++++++++++
 11 files changed, 184 insertions(+)
 create mode 100644 app/php/pages/Admin.page
 create mode 100644 app/php/pages/Admin.php
 create mode 100644 app/php/pages/Login.page
 create mode 100644 app/php/pages/Login.php
 create mode 100644 app/php/pages/Profile.page
 create mode 100644 app/php/pages/Profile.php
 create mode 100644 app/php/pages/Signup.page
 create mode 100644 app/php/pages/Signup.php
 create mode 100644 app/php/pages/config.xml
 create mode 100644 app/php/user/DbUser.php

(limited to 'app')

diff --git a/app/php/application.xml b/app/php/application.xml
index 13a86e1..9f1cb34 100644
--- a/app/php/application.xml
+++ b/app/php/application.xml
@@ -43,6 +43,11 @@
       <route class="TBrowserLogRoute" Categories="System" />
     </module>
     -->
+
+    <module id="auth" class="System.Security.TAuthManager"
+            UserManager="users" LoginPage="Login" />
+    <module id="users" class="System.Security.TDbUserManager"
+            UserClass="Application.user.DbUser" />
   </modules>
   <services>
     <service id="page" class="TPageService" />
diff --git a/app/php/pages/Admin.page b/app/php/pages/Admin.page
new file mode 100644
index 0000000..431a6fb
--- /dev/null
+++ b/app/php/pages/Admin.page
@@ -0,0 +1 @@
+Page
diff --git a/app/php/pages/Admin.php b/app/php/pages/Admin.php
new file mode 100644
index 0000000..3e8ee1a
--- /dev/null
+++ b/app/php/pages/Admin.php
@@ -0,0 +1,7 @@
+<?php
+
+class Admin extends TPage {
+
+}
+
+?>
diff --git a/app/php/pages/Login.page b/app/php/pages/Login.page
new file mode 100644
index 0000000..d0825a0
--- /dev/null
+++ b/app/php/pages/Login.page
@@ -0,0 +1,17 @@
+<com:TForm>
+  Username: <com:TTextBox ID="Login" />
+  <com:TRequiredFieldValidator ControlToValidate="Login"
+                               Display="Dynamic"
+                               ErrorMessage="Username cannot be empty" />
+  <br />
+  Password: <com:TTextBox ID="Password" TextMode="Password" />
+  <com:TRequiredFieldValidator ControlToValidate="Password"
+                               Display="Dynamic"
+                               ErrorMessage="Password cannot be empty" />
+  <com:TCustomValidator ControlToValidate="Password"
+                        OnServerValidate="validatePassword"
+                        Display="Dynamic"
+                        ErrorMessage="Username and password don't match" />
+  <br />
+  <com:TButton Text="Login" OnCommand="loginUser" />
+</com:TForm>
diff --git a/app/php/pages/Login.php b/app/php/pages/Login.php
new file mode 100644
index 0000000..d7be42b
--- /dev/null
+++ b/app/php/pages/Login.php
@@ -0,0 +1,20 @@
+<?php
+
+class Login extends TPage {
+
+    public function loginUser($sender, $param) {
+        if ($this->Page->IsValid) {
+            $this->Response->redirect(
+                $this->Application->getModule('auth')->ReturnUrl
+                ?: NULL
+            );
+        }
+    }
+
+    public function validatePassword($sender, $param) {
+        $param->IsValid = $this->Application->getModule('auth')->login($this->Login->Text, $this->Password->Text);
+    }
+
+}
+
+?>
diff --git a/app/php/pages/Profile.page b/app/php/pages/Profile.page
new file mode 100644
index 0000000..99455ed
--- /dev/null
+++ b/app/php/pages/Profile.page
@@ -0,0 +1 @@
+Profile
diff --git a/app/php/pages/Profile.php b/app/php/pages/Profile.php
new file mode 100644
index 0000000..fb2c89f
--- /dev/null
+++ b/app/php/pages/Profile.php
@@ -0,0 +1,7 @@
+<?php
+
+class Profile extends TPage {
+
+}
+
+?>
diff --git a/app/php/pages/Signup.page b/app/php/pages/Signup.page
new file mode 100644
index 0000000..0e35da2
--- /dev/null
+++ b/app/php/pages/Signup.page
@@ -0,0 +1,37 @@
+<com:TForm>
+  Username: <com:TTextBox ID="Login" />
+  <com:TRequiredFieldValidator
+     ControlToValidate="Login"
+     Display="Dynamic"
+     ErrorMessage="Username cannot be empty" />
+  <com:TRegularExpressionValidator
+     ControlToValidate="Login"
+     RegularExpression="[a-zA-Z0-9_]{6,255}"
+     Display="Dynamic"
+     ErrorMessage="Username must contain 6-255 characters, all Latin alphanumeric or underscore" />
+  <com:TCustomValidator
+     ControlToValidate="Login"
+     OnServerValidate="checkUsername"
+     Display="Dynamic"
+     ErrorMessage="Username already exists" />
+  <br />
+  Password: <com:TTextBox ID="Password" TextMode="Password" />
+  <com:TRequiredFieldValidator
+     ControlToValidate="Password"
+     Display="Dynamic"
+     ErrorMessage="Password cannot be empty" />
+  <br />
+  Repeat password: <com:TTextBox ID="RePassword" TextMode="Password" />
+  <com:TCompareValidator
+     ControlToValidate="RePassword"
+     ControlToCompare="Password"
+     DataType="String"
+     Operator="Equal"
+     Display="Dynamic"
+     ErrorMessage="Passwords don't match" />
+  <br />
+  Admin: <com:TCheckBox ID="Admin" />
+  <br />
+  <com:TButton Text="Create" OnCommand="registerUser" />
+  <com:TValidationSummary />
+</com:TForm>
diff --git a/app/php/pages/Signup.php b/app/php/pages/Signup.php
new file mode 100644
index 0000000..c999e65
--- /dev/null
+++ b/app/php/pages/Signup.php
@@ -0,0 +1,27 @@
+<?php
+
+Prado::using('Application.model.User');
+
+class Signup extends TPage {
+
+    public function checkUsername($sender, $param) {
+        $param->IsValid = !User::finder()->countByLogin($this->Login->SafeText);
+    }
+
+    public function registerUser($sender, $param) {
+        if ($this->Page->IsValid) {
+            $newUser = new User();
+            $newUser->Login = $this->Login->SafeText;
+            $newUser->Password = password_hash($this->Password->Text, PASSWORD_DEFAULT);
+            $newUser->IsAdmin = $this->Admin->Checked;
+            $newUser->save();
+            $this->Response->redirect($this->Request->constructUrl(
+                $this->Service->ID,
+                NULL
+            ));
+        }
+    }
+
+}
+
+?>
diff --git a/app/php/pages/config.xml b/app/php/pages/config.xml
new file mode 100644
index 0000000..d387667
--- /dev/null
+++ b/app/php/pages/config.xml
@@ -0,0 +1,7 @@
+<configuration>
+  <authorization>
+    <allow pages="Admin,Signup" roles="Admin" />
+    <deny pages="Admin,Signup" />
+    <deny pages="Profile" users="?" />
+  </authorization>
+</configuration>
diff --git a/app/php/user/DbUser.php b/app/php/user/DbUser.php
new file mode 100644
index 0000000..e864bc0
--- /dev/null
+++ b/app/php/user/DbUser.php
@@ -0,0 +1,55 @@
+<?php
+
+Prado::using('System.Security.TDbUserManager');
+Prado::using('Application.model.User');
+
+class DbUser extends TDbUser {
+
+    private $_record;
+
+    public function setDbRecord(User $record) {
+        $this->_record = $record;
+    }
+
+    public function getDbRecord() {
+        return $this->_record;
+    }
+
+    public function createUser($username) {
+        $dbUser = User::finder()->findByLogin($username);
+        if (!$dbUser) {
+            return NULL;
+        }
+        $user = new DbUser($this->Manager);
+        $user->DbRecord = $dbUser;
+        $user->Name = $dbUser->Login;
+        if ($dbUser->IsAdmin) {
+            $user->Roles = 'Admin';
+        }
+        $user->IsGuest = FALSE;
+        return $user;
+    }
+
+    public function validateUser($login, $password) {
+        $user = User::finder()->findByLogin($login);
+        $dbPassword = $user ? $user->Password : '';
+        if (password_verify($password, $dbPassword) && $user) {
+            $user->LastLogin = date('Y-m-d H:i:s');
+            $user->save();
+            return TRUE;
+        } else {
+            return FALSE;
+        }
+    }
+
+    public function __call($name, $args) {
+        $match = array();
+        if (preg_match('/^getIs(.+)$/', $name, $match)) {
+            return $this->isInRole($match[1]);
+        }
+        throw new Exception('Unimplemented CustomDbUser method');
+    }
+
+}
+
+?>
-- 
cgit v1.2.3