Secure PHP Development- P42 ppsx
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (74.94 KB, 5 trang )
Listing 6-2 (Continued)
if ($status)
{
$this->show_status($this->getMessage(‘USER_MODIFY_SUCCESSFUL’),
$USERMNGR_MNGR);
} else {
$this->show_status($this->getMessage(‘USER_MODIFY_FAILED’),
$USERMNGR_MNGR);
}
}
function deleteUser()
{
global $USERMNGR_MNGR,
$ROOT_USER;
$user_id = $this->getRequestField(‘user_id’);
$this->emptyError($user_id, ‘USER_ID_MISSING’);
$userObj = new User($this->dbi, $user_id);
$userObj->getUserInfo();
$email = $userObj->getEMAIL();
if (! strcmp($email, $ROOT_USER))
{
$this->alert(‘USER_DELETE_NOT_ALLOWED’);
} else {
$status = $userObj->deleteUser();
}
if ($status)
{
$this->show_status($this->getMessage(‘USER_DELETE_SUCCESSFUL’),
$USERMNGR_MNGR);
} else {
$this->show_status($this->getMessage(‘USER_DELETE_FAILED’),
$USERMNGR_MNGR);
}
}
176 Part II: Developing Intranet Solutions
09 549669 ch06.qxd 4/4/03 9:24 AM Page 176
function menu(&$t)
{
$userObj = new User($this->dbi);
$users = $userObj->getUserList();
$t->set_block(‘mainBlock’,’userBlock’, ‘ublock’);
while(list($uid, $email) = each($users))
{
$t->set_var( array(
‘USER_ID’ => $uid,
‘USER_NAME’ => $email,
)
);
$t->parse(‘ublock’, ‘userBlock’, true);
}
return TRUE;
}
function modify_screen(&$t)
{
global $DUMMY_PASSWD;
$user_id = $this->getRequestField(‘user_id’);
$userObj = new User($this->dbi, $user_id);
$status = $userObj->getUserInfo();
if (! $status)
{
$this->alert(‘USER_INFO_MISSING’);
} else {
$userType = $userObj->getTYPE();
}
Continued
Chapter 6: Central User Management System 177
09 549669 ch06.qxd 4/4/03 9:24 AM Page 177
Listing 6-2 (Continued)
$userTypes = $userObj->getUserTypeList();
$t->set_block(‘mainBlock’,’typeBlock’, ‘tblock’);
$chosen = ‘’;
while(list($tid, $typeName) = each($userTypes))
{
$chosen = ($tid == $userType) ? ‘selected’ : ‘’;
$t->set_var(
array(
‘TYPE_ID’ => $tid,
‘USER_TYPE’ => $typeName,
‘CHOSEN’ => $chosen
)
);
$t->parse(‘tblock’, ‘typeBlock’, true);
}
$fields = $userObj->getUserFieldList();
foreach ($fields as $f)
{
$t->set_var($f, null);
}
$activeON = ( $userObj->getACTIVE()) ? ‘checked’ : null;
$activeOFF = (!$userObj->getACTIVE()) ? ‘checked’ : null;
$t->set_var(array(
‘EMAIL’ => $userObj->getEMAIL(),
‘PASSWORD’ => $DUMMY_PASSWD,
‘ACTIVE_ON’ => $activeON,
‘ACTIVE_OFF’ => $activeOFF,
‘ACTION’ => ‘modify’,
‘USER_ID’ => $user_id
)
);
return TRUE;
}
178 Part II: Developing Intranet Solutions
09 549669 ch06.qxd 4/4/03 9:24 AM Page 178
function add_screen(&$t)
{
$userObj = new User($this->dbi);
$userTypes = $userObj->getUserTypeList();
$t->set_block(‘mainBlock’,’typeBlock’, ‘tblock’);
$chosen = ‘’;
while(list($tid, $typeName) = each($userTypes))
{
$t->set_var( array(
‘TYPE_ID’ => $tid,
‘USER_TYPE’ => $typeName,
‘CHOSEN’ => $chosen
)
);
$t->parse(‘tblock’, ‘typeBlock’, true);
}
$fields = $userObj->getUserFieldList();
foreach ($fields as $f)
{
$t->set_var($f, null);
}
$t->set_var(‘ACTIVE_ON’, ‘selected’);
$t->set_var(‘ACTIVE_OFF’, null);
$t->set_var(‘ACTION’, ‘add’);
return TRUE;
}
function checkPassword($pwd1, $pwd2)
{
global $MIN_PASSWORD_SIZE, $DUMMY_PASSWD;
$this->emptyError($pwd1, ‘PASSWORD1_MISSING’);
$this->emptyError($pwd2, ‘PASSWORD2_MISSING’);
Continued
Chapter 6: Central User Management System 179
09 549669 ch06.qxd 4/4/03 9:24 AM Page 179
Listing 6-2 (Continued)
if (strcmp($pwd1, $pwd2))
{
$this->alert(‘PASSWORD_MISMATCH’);
} else if (strlen($pwd1) < $MIN_PASSWORD_SIZE) {
$this->alert(‘INVALID_PASSWORD’);
}
}
function checkInput()
{
$username = $this->getRequestField(‘username’);
$password1 = $this->getRequestField(‘password1’);
$password2 = $this->getRequestField(‘password2’);
$user_type = $this->getRequestField(‘user_type’);
$this->emptyError($username, ‘USERNAME_MISSING’);
$this->emptyError($user_type, ‘USER_TYPE_MISSING’);
$this->checkPassword($password1, $password2);
}
function authorize()
{
global $ADMINISTRATIVE_USER;
$userObj = new User($this->dbi, $this->getUID());
$type = $userObj->getTYPE();
return ($type == $ADMINISTRATIVE_USER) ? TRUE : FALSE;
}
}//class
$SESSION_USERNAME = null;
$SESSION_USER_ID = null;
global $APP_DB_URL;
180 Part II: Developing Intranet Solutions
09 549669 ch06.qxd 4/4/03 9:24 AM Page 180
