From b0e9e89aad3e4824061ffcc0b971357b65819bb1 Mon Sep 17 00:00:00 2001 From: Ingo Schommer Date: Fri, 14 Sep 2007 18:23:28 +0000 Subject: [PATCH] mlanthaler: Bugfix: The added isset() caused a bug when adding a new member because it produces an invalid SQL statement ("... WHERE (ID IN ())"). (merged from branches/gsoc) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@41784 467b73ca-7a2a-4603-9d3b-597d59a354a9 --- security/Member.php | 230 ++++++++++++++++++++++---------------------- 1 file changed, 115 insertions(+), 115 deletions(-) diff --git a/security/Member.php b/security/Member.php index f56946657..a90713931 100644 --- a/security/Member.php +++ b/security/Member.php @@ -1,6 +1,6 @@ "Varchar", 'Surname' => "Varchar", @@ -23,13 +23,13 @@ class Member extends DataObject { static $has_many = array( 'UnsubscribedRecords' => 'Member_UnsubscribeRecord' ); - + static $default_sort = "Surname, FirstName"; - + static $indexes = array( 'Email' => true, ); - + /** * Logs this member in. */ @@ -38,7 +38,7 @@ class Member extends DataObject { $this->NumVisit++; $this->write(); } - + /** *Logs this member in. */ @@ -46,34 +46,34 @@ class Member extends DataObject { Cookie::set('alc_enc',null); Session::clear("loggedInAs"); } - + function generateAutologinHash() { $linkHash = sprintf('%10d', time() ); - + while( DataObject::get_one( 'Member', "`AutoLoginHash`='$linkHash'" ) ) $linkHash = sprintf('%10d', abs( time() * rand( 1, 10 ) ) ); - + $this->AutoLoginHash = $linkHash; $this->AutoLoginExpired = date('Y-m-d', time() + ( 60 * 60 * 24 * 14 ) ); - + $this->write(); } - + /** * Log a member in with an auto login hash link */ static function autoLoginHash( $RAW_hash ) { - + $SQL_hash = Convert::raw2sql( $RAW_hash ); - + $member = DataObject::get_one('Member',"`AutoLoginHash`='$SQL_hash' AND `AutoLoginExpired` > NOW()"); - + if( $member ) $member->logIn(); - + return $member; } - + function sendInfo($type = 'signup'){ switch($type) { case "signup": $e = new Member_SignupEmail(); break; @@ -83,7 +83,7 @@ class Member extends DataObject { $e->populateTemplate($this); $e->send(); } - + function getMemberFormFields() { return new FieldSet( new TextField("FirstName", "First Name"), @@ -92,7 +92,7 @@ class Member extends DataObject { new TextField("Password", "Password") ); } - + function getValidator() { return new Member_Validator(); } @@ -103,7 +103,7 @@ class Member extends DataObject { */ static function currentUser() { self::autoLogin(); - + // Return the details if($id = Session::get("loggedInAs")) { return DataObject::get_one("Member", "Member.ID = $id"); @@ -118,17 +118,17 @@ class Member extends DataObject { $lf = new LoginForm(null, null, null, null, false); $lf->performLogin($data); - + } } - + static function currentUserID() { self::autoLogin(); $id = Session::get("loggedInAs"); return is_numeric($id) ? $id : 0; } - + /** * before the save of this member, the blacklisted email table is updated to ensure no * promotional material is sent to the member. (newsletters) @@ -150,11 +150,11 @@ class Member extends DataObject { // Look for a record with the same email if($this->ID) $idClause = "AND `Member`.ID <> $this->ID"; else $idClause = ""; - + $existingRecord = DataObject::get_one("Member", "Email = '" . addslashes($this->Email) . "' $idClause"); - + // Debug::message("Found an existing member for email $this->Email"); - + // If found if($existingRecord) { // Update this record to merge with that member @@ -164,34 +164,34 @@ class Member extends DataObject { } $this->ID = $newID; // Merge existing data into the local record - + foreach($existingRecord->getAllFields() as $k => $v) { if(!isset($this->changed[$k]) || !$this->changed[$k]) $this->record[$k] = $v; } } } - + parent::onBeforeWrite(); } - + /** * Check if the member is in one of the given groups */ public function inGroups( $groups ) { foreach( $this->Groups() as $group ) $memberGroups[] = $group->Title; - + return count( array_intersect( $memberGroups, $groups ) ) > 0; } - + public function inGroup( $groupID ) { foreach( $this->Groups() as $group ) if( $groupID == $group->ID ) return true; - - return false; + + return false; } - + /* * Generate a random password * BDC - added randomiser to kick in if there's no words file on the filesystem. @@ -199,13 +199,13 @@ class Member extends DataObject { static function createNewPassword() { if(file_exists('/usr/share/silverstripe/wordlist.txt')) { $words = file('/usr/share/silverstripe/wordlist.txt'); - + list($usec, $sec) = explode(' ', microtime()); srand($sec + ((float) $usec * 100000)); - + $word = trim($words[rand(0,sizeof($words)-1)]); $number = rand(10,999); - + return $word . $number; } else { $random = rand(); @@ -248,20 +248,20 @@ class Member extends DataObject { foreach($groups as $group) if($group->CanCMS) return true; } } - - + + //----------------------------------------------------------------------------------------// public function getTitle() { if($this->getField('ID') === 0) return $this->getField('Surname'); return $this->getField('Surname') . ', ' . $this->getField('FirstName'); - } - + } + public function getName() { return $this->FirstName . ' ' . $this->Surname; } - + public function setName( $name ) { $nameParts = explode( ' ', $name ); $this->Surname = array_pop( $nameParts ); @@ -281,7 +281,7 @@ class Member extends DataObject { if($unsecure) foreach($unsecure as $unsecureItem) { $groups->push($unsecureItem); } - + $groupIDs = $groups->column(); $collatedGroups = array(); foreach($groups as $group) { @@ -290,7 +290,7 @@ class Member extends DataObject { $table = "Group_Members"; - if(isset($collatedGroups)) { + if(count($collatedGroups) > 0) { $collatedGroups = implode(", ", array_unique($collatedGroups)); $result = singleton('Group')->instance_get("`ID` IN ($collatedGroups)", "ID", "", "", "Member_GroupSet"); @@ -322,15 +322,15 @@ class Member extends DataObject { } return $ret; } - + public static function mapInGroups( $groups = null ) { - + if( !$groups ) return Member::map(); - + $groupIDList = array(); - + if( is_a( $groups, 'DataObjectSet' ) ) foreach( $groups as $group ) $groupIDList[] = $group->ID; @@ -338,39 +338,39 @@ class Member extends DataObject { $groupIDList = $groups; else $groupIDList[] = $groups; - + if( empty( $groupIDList ) ) - return Member::map(); - + return Member::map(); + return new SQLMap( singleton('Member')->extendedSQL( "`GroupID` IN (" . implode( ',', $groupIDList ) . ")", "Surname, FirstName", "", "INNER JOIN `Group_Members` ON `MemberID`=`Member`.`ID`") ); } - - + + /** * Return a map of all members in the groups given that have CMS permissions * Defaults to all groups with CMS permissions */ public static function mapInCMSGroups( $groups = null ) { if( !$groups || $groups->Count() == 0 ) - $groups = DataObject::get('Group',"", "", "INNER JOIN `Permission` ON `Permission`.GroupID = `Group`.ID AND `Permission`.Code IN ('ADMIN', 'CMS_ACCESS_AssetAdmin')"); - + $groups = DataObject::get('Group',"", "", "INNER JOIN `Permission` ON `Permission`.GroupID = `Group`.ID AND `Permission`.Code IN ('ADMIN', 'CMS_ACCESS_AssetAdmin')"); + $groupIDList = array(); - + if( is_a( $groups, 'DataObjectSet' ) ) foreach( $groups as $group ) $groupIDList[] = $group->ID; elseif( is_array( $groups ) ) $groupIDList = $groups; - + /*if( empty( $groupIDList ) ) return Member::map(); */ - + $filterClause = ($groupIDList) ? "`GroupID` IN (" . implode( ',', $groupIDList ) . ")" : ""; - - return new SQLMap( singleton('Member')->extendedSQL( $filterClause, "Surname, FirstName", "", "INNER JOIN `Group_Members` ON `MemberID`=`Member`.`ID` INNER JOIN `Group` ON `Group`.`ID`=`GroupID`") ); + + return new SQLMap( singleton('Member')->extendedSQL( $filterClause, "Surname, FirstName", "", "INNER JOIN `Group_Members` ON `MemberID`=`Member`.`ID` INNER JOIN `Group` ON `Group`.`ID`=`GroupID`") ); } - - /** + + /** * When passed an array of groups, and a component set of groups, this function * will return the array of groups the member is NOT in. * @param grouplist an array of group code names. @@ -378,7 +378,7 @@ class Member extends DataObject { */ public function memberNotInGroups($groupList,$memberGroups = null){ if(!$memberGroups) $memberGroups = $this->Groups(); - + foreach($memberGroups as $group){ if(in_array($group->Code,$groupList)){ $index = array_search($group->Code,$groupList); @@ -412,7 +412,7 @@ class Member extends DataObject { return $fields; } - + function unsubscribeFromNewsletter( $newsletterType ) { // record today's date in unsubscriptions // this is a little bit redundant @@ -436,8 +436,8 @@ class Member extends DataObject { */ class Member_GroupSet extends ComponentSet { /** - * Control group membership with a number of checkboxes. - * - If the checkbox fields are present in $data, then the member will be added to the group with the same codename. + * Control group membership with a number of checkboxes. + * - If the checkbox fields are present in $data, then the member will be added to the group with the same codename. * - If the checkbox fields are *NOT* present in $data, then the member willb e removed from the group with the same codename. * @param checkboxes an array list of the checkbox fieldnames (Only values are used.) eg array(0,1,2); * @param data The form data. usually in the format array(0 => 2) (just pass the checkbox data from your form); @@ -445,23 +445,23 @@ class Member_GroupSet extends ComponentSet { function setByCheckboxes($checkboxes, $data) { foreach($checkboxes as $checkbox) { if($data[$checkbox]){ - $add[] = $checkbox; + $add[] = $checkbox; }else{ $remove[] = $checkbox; - } + } } if($add)$this->addManyByCodename($add); if($remove) $this->removeManyByCodename($remove); } - + /** - * Allows you to set groups based on a checkboxsetfield. - * (pass the form element from your post data directly to this method, and it + * Allows you to set groups based on a checkboxsetfield. + * (pass the form element from your post data directly to this method, and it * will update the groups and add and remove the member as appropriate) * @param checkboxsetField - the CheckboxSetField (with data) from your form. - * + * * On the form setup - * + * $fields->push( new CheckboxSetField( "NewsletterSubscriptions", @@ -470,21 +470,21 @@ class Member_GroupSet extends ComponentSet { $selectedgroups = $member->Groups()->Map("ID","ID") ) ); - * - * - * - * On the form handler: + * + * + * + * On the form handler: $groups = $member->Groups(); $checkboxfield = $form->Fields()->fieldByName("NewsletterSubscriptions"); $groups->setByCheckboxSetField($checkboxfield); - * + * */ function setByCheckboxSetField($checkboxsetfield){ - - // Get the values from the formfield. + + // Get the values from the formfield. $values = $checkboxsetfield->Value(); $sourceItems = $checkboxsetfield->getSource(); - + if($sourceItems){ // If (some) values are present, add and remove as necessary. if($values){ @@ -494,9 +494,9 @@ class Member_GroupSet extends ComponentSet { $add[] = $k; }else{ $remove[] = $k; - } + } } - + // else we should be removing all from the necessary groups. }else{ $remove = $sourceItems; @@ -504,14 +504,14 @@ class Member_GroupSet extends ComponentSet { if($add)$this->addManyByGroupID($add); if($remove) $this->RemoveManyByGroupID($remove); - + }else{ USER_ERROR("Member::setByCheckboxSetField() - No source items could be found for checkboxsetfield ". $checkboxsetfield->Name(),E_USER_WARNING); } } - + /** - * Adds this member to the groups based on the + * Adds this member to the groups based on the * groupID. */ function addManyByGroupID($groupIds){ @@ -521,11 +521,11 @@ class Member_GroupSet extends ComponentSet { $this->add($group); } } - + } - + /** - * Removes the member from many groups based on + * Removes the member from many groups based on * the group ID. */ function removeManyByGroupID($groupIds){ @@ -535,9 +535,9 @@ class Member_GroupSet extends ComponentSet { $this->remove($group); } } - + } - + /** * Returns the groups from an array of GroupIDs */ @@ -548,8 +548,8 @@ class Member_GroupSet extends ComponentSet { return DataObject::get_by_id("Group",$ids[0]); } } - - + + /** * Adds this member to the groups passed. */ @@ -561,7 +561,7 @@ class Member_GroupSet extends ComponentSet { } } } - + /** * Removes this member from the groups passed. */ @@ -570,24 +570,24 @@ class Member_GroupSet extends ComponentSet { if($groups){ foreach($groups as $group){ $this->remove($group); - } + } } } - + /** * Helper function to return the appropriate group via a codename. */ protected function codenamesToGroups($codenames) { $list = "'" . implode("', '", $codenames) . "'"; $output = DataObject::get("Group", "Code IN ($list)"); - + // Some are missing - throw warnings if(!$output || $output->Count() != sizeof($list)) { foreach($codenames as $codename) $missing[$codename] = $codename; if($output) foreach($output as $record) unset($missing[$record->Code]); if($missing) user_error("The following group-codes aren't matched to any groups: " . implode(", ", $missing) . ". You probably need to link up the correct group codes in phpMyAdmin", E_USER_WARNING); } - + return $output; } } @@ -595,7 +595,7 @@ class Member_GroupSet extends ComponentSet { class Member_SignupEmail extends Email_Template { - protected + protected $from = 'ask@perweek.co.nz', $to = '$Email', $subject = "Thanks for signing up", @@ -603,24 +603,24 @@ class Member_SignupEmail extends Email_Template {

Welcome, $FirstName.

Thanks for signing up to become a new member, your details are listed below for future reference.

-

You can login to the website using the credentials listed below: +

You can login to the website using the credentials listed below:

- +

Contact Information

'; - + function MemberData() { return $this->template_data->listOfFields( "FirstName","Surname","Email", @@ -659,33 +659,33 @@ class Member_ChangePasswordEmail extends Email_Template { protected $from = ''; // setting a blank from address uses the site's default administrator email protected $subject = "Your password has been changed"; protected $ss_template = 'ChangePasswordEmail'; - protected $to = '$Email'; + protected $to = '$Email'; } class Member_ForgotPasswordEmail extends Email_Template { protected $from = ''; protected $subject = "Your password"; protected $ss_template = 'ForgotPasswordEmail'; - protected $to = '$Email'; + protected $to = '$Email'; } /** * Record to keep track of which records a member has unsubscribed from and when */ class Member_UnsubscribeRecord extends DataObject { - + static $has_one = array( 'NewsletterType' => 'NewsletterType', 'Member' => 'Member' ); - + function unsubscribe( $member, $newsletterType ) { // $this->UnsubscribeDate()->setVal( 'now' ); $this->MemberID = ( is_numeric( $member ) ) ? $member : $member->ID; $this->NewsletterTypeID = ( is_numeric( $newletterType ) ) ? $newsletterType : $newsletterType->ID; - $this->write(); + $this->write(); } - protected + protected $from = 'ask@perweek.co.nz', $to = '$Email', $subject = "Your password has been changed", @@ -700,21 +700,21 @@ class Member_UnsubscribeRecord extends DataObject { class Member_Validator extends RequiredFields { protected $customRequired = array('FirstName', 'Email', 'Password'); - + public function __construct() { $required = func_get_args(); if(isset($required[0]) && is_array($required[0])) { $required = $required[0]; } $required = array_merge($required, $this->customRequired); - + parent::__construct($required); } - + function php($data) { $valid = parent::php($data); - + // Check if a member with that email doesn't already exist, or if it does that it is this member. $member = DataObject::get_one('Member', "Email = '". Convert::raw2sql($data['Email']) ."'"); // if we are in a complex table field popup, use ctf[childID], else use ID @@ -724,7 +724,7 @@ class Member_Validator extends RequiredFields { $this->validationError($emailField->id(), "There already exists a member with this email", "required"); $valid = false; } - + return $valid; } }