blob: 16903f0e99d49d0acea2551c685533389d5e2d41 [file] [log] [blame]
droyfd2bab22007-11-27 21:08:43 +00001<?php
2/*******************************************************************************
Paul Pazderski10ba3f32019-08-28 13:47:44 +02003 * Copyright (c) 2007-2019 Eclipse Foundation and others.
droyfd2bab22007-11-27 21:08:43 +00004 * All rights reserved. This program and the accompanying materials
5 * are made available under the terms of the Eclipse Public License v1.0
6 * which accompanies this distribution, and is available at
7 * http://www.eclipse.org/legal/epl-v10.html
8 *
9 * Contributors:
10 * Paul Colton (Aptana)- initial API and implementation
11 * Eclipse Foundation
droye5dbd102008-07-30 17:54:18 +000012 * Matthew Mazaika <mmazaik us.ibm.com> - bug 242011
Paul Pazderski10ba3f32019-08-28 13:47:44 +020013 * Paul Pazderski - bug 463293: load user info from Eclipse account api
droyfd2bab22007-11-27 21:08:43 +000014*******************************************************************************/
15
atoulmee4934fa2009-01-27 12:31:15 +000016require_once(dirname(__FILE__) . "/backend_functions.php");
atoulmedbe670e2009-01-27 11:23:51 +000017
droyfd2bab22007-11-27 21:08:43 +000018class User {
19 public $errStrs;
20
21 public $userid = 0;
22 public $username = '';
23 public $first_name = '';
24 public $last_name = '';
25 public $email = '';
droy8da30b32007-11-29 21:00:26 +000026 public $primary_language_id = 0;
27 public $hours_per_week = 0;
28 public $is_committer = 0;
droyfd2bab22007-11-27 21:08:43 +000029 public $updated_on = '';
30 public $updated_at = '';
31 public $created_on = '';
32 public $created_at = '';
33
34 function load($email, $password) {
35 if($email != "" && $password != "") {
Paul Pazderskief834d32019-08-28 23:19:54 +020036 if (preg_match('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.[a-zA-Z.]{2,5}$', $email)) {
atoulmedbe670e2009-01-27 11:23:51 +000037 global $addon;
38 $addon->callHook('user_authentication', array(&$this, $email, $password));
droyfd2bab22007-11-27 21:08:43 +000039 }
40 }
droy3e7f3a82007-11-29 19:35:51 +000041
42 if($this->userid > 0) {
43 $Event = new EventLog("users", "userid", $this->userid, "__auth_success");
44 $Event->add();
45 }
46 else {
47 $Event = new EventLog("users", "userid", $_SERVER['REMOTE_ADDR'] . ":" . $email, "__auth_failure");
48 $Event->add();
49 }
droyfd2bab22007-11-27 21:08:43 +000050 return $this->userid;
Paul Pazderski10ba3f32019-08-28 13:47:44 +020051 }
52
53 // Update user information in database by requesting account api with authorized oauth token. Return user id.
54 function updateUser($access_token) {
55 $this->userid = $this->doUpdateUser($access_token);
56 if ($this->userid > 0) {
57 $Event = new EventLog("users", "userid", $this->userid, "__auth_success");
58 $Event->add();
59 } else {
60 $Event = new EventLog("users", "userid", $_SERVER['REMOTE_ADDR'], "__auth_failure");
61 $Event->add();
62 }
63 return $this->userid;
64 }
65
66 function doUpdateUser($access_token) {
67 $eclipse_profile_url = "https://accounts.eclipse.org/oauth2/UserInfo";
68
69 $options = array(
70 'http' => array(
71 'header' => array(
72 "Authorization: Bearer $access_token"
73 )
74 )
75 );
76 $context = stream_context_create($options);
77 $result = file_get_contents($eclipse_profile_url, false, $context);
78 if ($result === false) {
79 $GLOBALS['g_ERRSTRS'][1] = error_get_last()["message"];
80 return 0;
81 }
82
83 $profile = json_decode($result, true, 10);
84 if ($profile === null) {
85 $GLOBALS['g_ERRSTRS'][1] = error_get_last()["message"];
86 return 0;
87 }
88
89 $_sub = $profile["sub"];
90 $_username = $profile["name"];
91 $_first_name = $profile["given_name"];
92 $_last_name = $profile["family_name"];
93 $_is_committer = $profile["is_committer"] ? 1 : 0;
94
95 // check if user already exist or logged in for the first time
96 global $dbh;
97 $sql = "SELECT userid FROM users WHERE sub = '" . sqlSanitize($_sub, $dbh) . "'";
98 $result = mysqli_query($dbh, $sql);
99 if ($result === false) {
100 $GLOBALS['g_ERRSTRS'][1] = mysqli_error($dbh);
101 return 0;
102 }
103 $row = mysqli_fetch_array($result);
104 $_userid = $row !== null ? $row[0] : 0;
105 $first_login = ! $_userid;
106
107 if ($first_login) {
108 // try to match existing username to OpenID subject
109 $sql = "UPDATE users SET sub = '" . sqlSanitize($_sub, $dbh) . "' WHERE username = '" . sqlSanitize($_username, $dbh) . "' AND userid > 3 LIMIT 1";
110 $result = mysqli_query($dbh, $sql);
111 if ($result === false) {
112 $GLOBALS['g_ERRSTRS'][1] = mysqli_error($dbh);
113 return 0;
114 }
115 if (mysqli_affected_rows($dbh)) {
116 $sql = "SELECT userid FROM users WHERE sub = '" . sqlSanitize($_sub, $dbh) . "'";
117 $result = mysqli_query($dbh, $sql);
118 if ($result === false) {
119 $GLOBALS['g_ERRSTRS'][1] = mysqli_error($dbh);
120 return 0;
121 }
122 $row = mysqli_fetch_array($result);
123 $_userid = $row !== null ? $row[0] : 0;
124 $first_login = ! $_userid;
125 }
126 }
127
128 $sql = ($first_login ? "INSERT INTO " : "UPDATE ");
129 $sql .= "users SET ";
130 $sql .= "username = '" . sqlSanitize($_username, $dbh) . "', ";
131 $sql .= "first_name = '" . sqlSanitize($_first_name, $dbh) . "', ";
132 $sql .= "last_name = '" . sqlSanitize($_last_name, $dbh) . "', ";
133 $sql .= "is_committer = $_is_committer, ";
134 $sql .= "updated_on = NOW(), ";
135 $sql .= "updated_at = NOW()";
136 if ($first_login) {
137 $sql .= ", created_on = NOW(), ";
138 $sql .= "created_at = NOW(), ";
139 $sql .= "sub = '" . sqlSanitize($_sub, $dbh) . "'";
140 } else {
141 $sql .= " WHERE sub = '" . sqlSanitize($_sub, $dbh) . "'";
142 }
143 $result = mysqli_query($dbh, $sql);
144 if ($result === false) {
145 $GLOBALS['g_ERRSTRS'][1] = mysqli_error($dbh);
146 return 0;
147 }
148 return $first_login ? mysqli_insert_id($dbh) : $_userid;
droyfd2bab22007-11-27 21:08:43 +0000149 }
droy2d5fd192007-11-28 14:42:45 +0000150
151 function loadFromID($_userid) {
152 $rValue = false;
153 if($_userid != "") {
atoulme3e5e9342009-01-23 17:34:30 +0000154 global $dbh;
droy2d5fd192007-11-28 14:42:45 +0000155
atoulme3e5e9342009-01-23 17:34:30 +0000156 $_userid = sqlSanitize($_userid, $dbh);
droy2d5fd192007-11-28 14:42:45 +0000157
158 $sql = "SELECT *
159 FROM
160 users
161 WHERE userid = $_userid";
kitlo2c8d8a92018-04-19 13:25:09 -0400162 $result = mysqli_query($dbh, $sql);
kitlo1d027092018-04-19 17:44:07 -0400163 if($result && mysqli_num_rows($result) > 0) {
droy2d5fd192007-11-28 14:42:45 +0000164 $rValue = true;
kitlo1d027092018-04-19 17:44:07 -0400165 $myrow = mysqli_fetch_assoc($result);
droy2d5fd192007-11-28 14:42:45 +0000166
167 $this->userid = $myrow['userid'];
168 $this->username = $myrow['username'];
169 $this->first_name = $myrow['first_name'];
170 $this->last_name = $myrow['last_name'];
171 $this->email = $myrow['email'];
172 $this->primary_language_id = $myrow['primary_language_id'];
droy8da30b32007-11-29 21:00:26 +0000173 $this->is_committer = $myrow['is_committer'];
droy2d5fd192007-11-28 14:42:45 +0000174 $this->hours_per_week = $myrow['hours_per_week'];
175 $this->updated_on = $myrow['updated_on'];
176 $this->updated_at = $myrow['updated_at'];
177 $this->created_on = $myrow['created_on'];
178 $this->created_at = $myrow['created_at'];
179 }
180 else {
kitloa59efea2018-05-11 12:40:40 -0400181 $GLOBALS['g_ERRSTRS'][1] = mysqli_error($dbh);
droy2d5fd192007-11-28 14:42:45 +0000182 }
183 }
184 return $rValue;
185 }
droyfd2bab22007-11-27 21:08:43 +0000186}
187?>