BlueShoes Application Framework made with PHP http://www.blueshoes.org/


Packageindex Classtrees Modulegroups Elementlist Report XML Files
File: C:/usr/local/lib/php/blueshoes-4.2/core/auth/cug/Bs_CugDb.class.php
BlueShoes Application Framework - auth/cug

Bs_CugDb

Bs_Object
   |
  +-- Bs_Cug
     |
    +-- Bs_CugDb

CUG Class using a database. Extended from Bs_Cug, look there too.

 

public class Bs_CugDb extends Bs_Cug

CUG Class using a database. Extended from Bs_Cug, look there too.
This is a subclass of Bs_Cug and customized for the use with a database.It's tested and developed for use with MySql as DB. If you want an other DB, you may needto add code or subclass this one.Your users are organized in a DB table. Give the table name and maybe the db namein the vars $userDbName and $userTableName.The structure of that table needs to have the following fields:'user''pass'It *may* have the following 'lifecycle' fields'isActive''startDatetime''endDatetime'It's a good idea to have the 'ID' field as well and it may have any other fields.If all the lifecycle fields are there, they will be used.NOTE: Times are written in GMT, not in any local or server time.Features: (mostly not available in Bs_Cug, only in Bs_CugDb)- hack detection- anti hack mechanism- account lifecycle- automatic password recovery using username/email (todo)- logging (with automatic db-table generation)-Example user-db-table:CREATE TABLE CugSomething (ID INT UNSIGNED NOT NULL AUTO_INCREMENT DEFAULT 0,user VARCHAR(20) NOT NULL DEFAULT '',pass VARCHAR(20) NOT NULL DEFAULT '',isActive TINYINT NOT NULL DEFAULT 0,startDatetime DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',endDatetime DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',PRIMARY KEY ID (ID),KEY user (user));dependencies: Bs_Cug, Bs_MySql

Authors
Version4.0.$id$
Copyrightblueshoes.org
 

Methods inherited from Bs_Cug
bs_cug, letmein, logout, getloginform, treatloginform, redirect, _validatelogindata, lookslikehack, _preparelogdata, _hackalert, _timeoutonloginfailure, _loadloginform

Methods inherited from Bs_Object
isex, isexception, tostring, tohtml, persist, unpersist, bs_object, bbsetoutput, bbawake, bbisawake, bbxmsg, bbxfunctionstart, bbxfunctionend, bbxecho, bbxvar, bbxvardump, bbforcetrace, bbbufferstart, bbbufferget, bbbufferendflush, bbbufferendclean

Public Method Summary
void

Bs_CugDb(string $cugName)

Constructor.
void

setDbObject(object [unknown] &$bsDb)

sets a db object for this class.
bool

checkLogDbTable()

checks if the log db table is ok.
string

getDbString([ string $which ])

returns the dbname-dbtable string to use in queries.
int

getNumLoginFailures()

tells how many times this user failed to login in a row.
bool

resetPassword(string $userOrMail, [ string $automail ])

resets the users password to a newly created one, and mails it to the user

Private Method Summary
bool

_validateLogin()

validates the login.Warning: documentation is missing.
void

_logAttempt( $isOk, string $failedReason, string $looksLikeHack, string $realData)

logs the login attempt if needed.Warning: documentation is missing.

Fields inherited from Bs_Cug
$_app, $form, $bssession, $_postvars, $_cugname, $redirectpage, $formtarget, $language, $maxnumattempts, $checkforhack, $actiononhack, $logattempts, $checkcasesensitive, $userfieldnames, $errormsg

Public Field Summary
string

$userDbName

the db of the user table.
string

$userTableName

the db table where the users are.
string

$logDbName

the db of the log table.
string

$logTableName

the db table to log to. is also used to determine if it's

Private Field Summary
object [unknown]

$_bsDb

refenrece to global main db connection (see constructor).

Private Constant Summary
BS_CUGDB_VERSION >>4.0.$x$<< Warning: documentation is missing.

Public Method Details

Bs_CugDb

public void Bs_CugDb( string $cugName )
  Constructor.

Parameter
string $cugName
Returns void

setDbObject

public void setDbObject( object [unknown] &$bsDb )
  sets a db object for this class.
the global bsdb object that may be set in the constructor won't be used anymore.

Parameter
object [unknown] &$bsDb
Returns void

checkLogDbTable

public bool checkLogDbTable( )
  checks if the log db table is ok.
this is needed if an operation on it failed. maybe the table structure isnot up-to-date or does not exist at all.the needed changes will be made automatically. note that your user needsthe appropriate rights (alter, create, index...)hint: first try your query, if it fails check the table using this method.if this method returns FALSE then try your query again.

Returns bool

(TRUE if table was ok, FALSE if changes have/had to be made.)
Throws bs_exception

getDbString

public string getDbString( [ string $which ] )
  returns the dbname-dbtable string to use in queries.
example: "dbname.dbtable" if logDbName/userDbName is set,"dbtable" if not.

Parameter
string $which = >>'user'<<
(one of 'user' (default) or 'log'.)
Returns string

Throws bool FALSE (if the appropriate table name is not set or empty.)

getNumLoginFailures

public int getNumLoginFailures( )
  tells how many times this user failed to login in a row.

Returns int

(number of failed logins in a row for that user. returns int 0 if we dunno.)
Throws bs_exception @2do finish code. moved here temporarily. timeout etc does not belong here.

resetPassword

public bool resetPassword( string $userOrMail, [ string $automail ] )
  resets the users password to a newly created one, and mails it to the user
if that's desired (see param $automail).

Parameter
string $userOrMail
string $automail = >>TRUE<<
(default is TRUE, tells if the new password should be mailed to the user automatically.)
Returns bool

Private Method Details

_validateLogin

private bool _validateLogin( )
  validates the login.
returns boolean that tells if login was ok. sets $this->errorMsg.*important*: to stop hacks we are doing 2 things here:1) log everything2) unix-like timeout on failed logins.for this to work, we/you may *not* spit out any htmlto the client before this method is run. if you send outsome tags, then timeout 10 seconds, the hacker doesn't needto wait. he already knows after the first few tags that hislogin failed.note: usernames need to be unique in the database, and there may not be twowith the same letters but different case. otherwise the 2nd user maynot log in. you would notice that quite fast :)could be coded differently, but i don't feel like doing it.

Warning: documentation is missing.

Returns bool

(see above)

_logAttempt

private void _logAttempt( $isOk, string $failedReason, string $looksLikeHack, string $realData )
  logs the login attempt if needed.
overwrites parent method.params: same as in Bs_Cug->_prepareLogData() so look there.that function is used here.

Warning: documentation is missing.

Parameter
$isOk
Warning: documentation is missing.
string $failedReason
Warning: documentation is missing.
string $looksLikeHack
Warning: documentation is missing.
string $realData
Warning: documentation is missing.
Returns void

Public Field Details

$userDbName

public string $userDbName

>><<

the db of the user table.

See Also $userTableName

$userTableName

public string $userTableName

>><<

the db table where the users are.

See Also $userDbName

$logDbName

public string $logDbName

>><<

the db of the log table.

See Also $logTableName

$logTableName

public string $logTableName

>><<

the db table to log to. is also used to determine if it's
a hack attempt. (history)

See Also $logDbName

Private Field Details

$_bsDb

private object [unknown] $_bsDb

>><<

refenrece to global main db connection (see constructor).

Private Constant Details

BS_CUGDB_VERSION

 define( BS_CUGDB_VERSION, >>4.0.$x$<< )
Case: default: case sensitive


Packageindex Classtrees Modulegroups Elementlist Report XML Files
PHPDoc 1.0beta