"Varchar",
'Surname' => "Varchar",
'Email' => "Varchar",
'Password' => "Varchar(64)", // support for up to SHA256!
'RememberLoginToken' => "Varchar(50)",
'NumVisit' => "Int",
'LastVisited' => 'Datetime',
'Bounced' => 'Boolean',
'AutoLoginHash' => 'Varchar(10)',
'AutoLoginExpired' => 'Datetime',
'BlacklistedEmail' => 'Boolean',
'PasswordEncryption' => "Enum('none', 'none')",
'Salt' => "Varchar(50)"
);
static $belongs_many_many = array(
"Groups" => "Group",
);
static $has_many = array(
'UnsubscribedRecords' => 'Member_UnsubscribeRecord'
);
static $default_sort = "Surname, FirstName";
static $indexes = array(
'Email' => true,
);
/**
* This method is used to initialize the static database members
*
* Since PHP doesn't support any expressions for the initialization of
* static member variables we need a method that does that.
*
* This method adds all supported encryption algorithms to the
* PasswordEncryption Enum field.
*
* @todo Maybe it would be useful to define this in DataObject and call
* it automatically?
*/
public static function init_db_fields() {
self::$db['PasswordEncryption'] = "Enum(array('none', '" .
implode("', '", array_map("addslashes",
Security::get_encryption_algorithms())) .
"'), 'none')";
}
/**
* Logs this member in
*
* @param bool $remember If set to TRUE, the member will be logged in
* automatically the next time.
*/
function logIn($remember = false) {
session_regenerate_id(true);
Session::set("loggedInAs", $this->ID);
$this->NumVisit++;
if($remember) {
$token = substr(md5(uniqid(rand(), true)), 0, 49 - strlen($this->ID));
$this->RememberLoginToken = $token;
Cookie::set('alc_enc', $this->ID . ':' . $token);
} else {
$this->RememberLoginToken = null;
Cookie::set('alc_enc', null);
Cookie::forceExpiry('alc_enc');
}
$this->write();
}
/**
* Log the user in if the "remember login" cookie is set
*
* The remember login token will be changed on every successful
* auto-login.
*/
static function autoLogin() {
if(strpos(Cookie::get('alc_enc'), ':') && !Session::get("loggedInAs")) {
list($uid, $token) = explode(':', Cookie::get('alc_enc'), 2);
$SQL_uid = Convert::raw2sql($uid);
$member = DataObject::get_one(
"Member", "Member.ID = '$SQL_uid'");
if($member && $member->RememberLoginToken != $token) $member = null;
if($member) {
session_regenerate_id(true);
Session::set("loggedInAs", $member->ID);
$token = substr(md5(uniqid(rand(), true)),
0, 49 - strlen($member->ID));
$member->RememberLoginToken = $token;
Cookie::set('alc_enc', $member->ID . ':' . $token);
$member->NumVisit++;
$member->write();
}
}
}
/**
* Logs this member out.
*/
function logOut() {
Session::clear("loggedInAs");
session_regenerate_id(true);
$this->RememberLoginToken = null;
Cookie::set('alc_enc', null);
Cookie::forceExpiry('alc_enc');
$this->write();
}
/**
* Generate an auto login hash
*
* @todo This is relative insecure, check if we should fix it (Markus)
*/
function generateAutologinHash() {
$linkHash = sprintf('%10d', time() );
while( DataObject::get_one( 'Member', "`AutoLoginHash`='$linkHash'" ) )
$linkHash = sprintf('%10d', abs( time() * rand( 1, 10 ) ) );
$this->AutoLoginHash = $linkHash;
$this->AutoLoginExpired = date('Y-m-d', time() + ( 60 * 60 * 24 * 14 ) );
$this->write();
}
/**
* Log a member in with an auto login hash link
*/
static function autoLoginHash($RAW_hash) {
$SQL_hash = Convert::raw2sql($RAW_hash);
$member = DataObject::get_one('Member',"`AutoLoginHash`='$SQL_hash' AND `AutoLoginExpired` > NOW()");
if($member)
$member->logIn();
return $member;
}
/**
* Send signup, change password or forgot password informations to an user
*
* @param string $type Information type to send ("signup",
* "changePassword" or "forgotPassword")
*/
function sendInfo($type = 'signup') {
switch($type) {
case "signup":
$e = new Member_SignupEmail();
break;
case "changePassword":
$e = new Member_ChangePasswordEmail();
break;
case "forgotPassword":
$e = new Member_ForgotPasswordEmail();
break;
}
$e->populateTemplate($this);
$e->send();
}
/**
* Returns the fields for the member form
*
* @return FieldSet Returns a {@link FieldSet} containing the fields for
* the member form.
*/
function getMemberFormFields() {
return new FieldSet(
new TextField("FirstName", "First Name"),
new TextField("Surname", "Surname"),
new TextField("Email", "Email"),
new TextField("Password", "Password")
);
}
/**
* Factory method for the member validator
*
* @return Member_Validator Returns an instance of a
* {@link Member_Validator} object.
*/
function getValidator() {
return new Member_Validator();
}
/**
* Returns the current logged in user
*
* @return bool|Member Returns the member object of the current logged in
* user or FALSE.
*/
static function currentUser() {
$id = Session::get("loggedInAs");
if(!$id) {
self::autoLogin();
$id = Session::get("loggedInAs");
}
if($id) {
return DataObject::get_one("Member", "Member.ID = $id");
}
}
/**
* Get the ID of the current logged in user
*
* @return int Returns the ID of the current logged in user or 0.
*/
static function currentUserID() {
$id = Session::get("loggedInAs");
if(!$id) {
self::autoLogin();
$id = Session::get("loggedInAs");
}
return is_numeric($id) ? $id : 0;
}
/**
* Add the members email address to the blacklist
*
* With this method the blacklisted email table is updated to ensure that
* no promotional material is sent to the member (newsletters).
* Standard system messages are still sent such as receipts.
*
* @param bool $val Set to TRUE if the address should be added to the
* blacklist, otherwise to FALSE.
*/
function setBlacklistedEmail($val) {
if($val && $this->Email) {
$blacklisting = new Email_BlackList();
$blacklisting->BlockedEmail = $this->Email;
$blacklisting->MemberID = $this->ID;
$blacklisting->write();
}
$this->setField("BlacklistedEmail", $val);
}
/*
* Generate a random password
*
* BDC - added randomiser to kick in if there's no words file on the
* filesystem.
*
* @return string Returns a random password.
*/
static function createNewPassword() {
if(file_exists('/usr/share/silverstripe/wordlist.txt')) {
$words = file('/usr/share/silverstripe/wordlist.txt');
list($usec, $sec) = explode(' ', microtime());
srand($sec + ((float) $usec * 100000));
$word = trim($words[rand(0,sizeof($words)-1)]);
$number = rand(10,999);
return $word . $number;
} else {
$random = rand();
$string = md5($random);
$output = substr($string, 0, 6);
return $output;
}
}
/**
* Event handler called before writing to the database
*
* If an email's filled out look for a record with the same email and if
* found update this record to merge with that member.
*/
function onBeforeWrite() {
if(isset($this->changed['Password']) && $this->changed['Password']) {
// Password was changed: encrypt the password according the settings
$encryption_details = Security::encrypt_password($this->Password);
$this->Password = $encryption_details['password'];
$this->Salt = $encryption_details['salt'];
$this->PasswordEncryption = $encryption_details['algorithm'];
$this->changed['Salt'] = true;
$this->changed['PasswordEncryption'] = true;
}
if($this->Email) {
if($this->ID) {
$idClause = "AND `Member`.ID <> $this->ID";
} else {
$idClause = "";
}
$existingRecord = DataObject::get_one(
"Member", "Email = '" . addslashes($this->Email) . "' $idClause");
// Debug::message("Found an existing member for email $this->Email");
if($existingRecord) {
$newID = $existingRecord->ID;
if($this->ID) {
DB::query("UPDATE Group_Members SET MemberID = $newID WHERE MemberID = $this->ID");
}
$this->ID = $newID;
// Merge existing data into the local record
foreach($existingRecord->getAllFields() as $k => $v) {
if(!isset($this->changed[$k]) || !$this->changed[$k]) $this->record[$k] = $v;
}
}
}
parent::onBeforeWrite();
}
/**
* Check if the member is in one of the given groups
*
* @param array $groups Groups to check
* @return bool Returns TRUE if the member is in one of the given groups,
* otherwise FALSE.
*/
public function inGroups(array $groups) {
foreach($this->Groups() as $group)
$memberGroups[] = $group->Title;
return count(array_intersect($memberGroups, $groups)) > 0;
}
/**
* Check if the member is in the given group
*
* @param int $groupID ID of the group to check
* @return bool Returns TRUE if the member is in the given group,
* otherwise FALSE.
*/
public function inGroup($groupID) {
foreach($this->Groups() as $group) {
if($groupID == $group->ID)
return true;
}
return false;
}
/**
* Alias for {@link inGroup}
*
* @param int $groupID ID of the group to check
* @return bool Returns TRUE if the member is in the given group,
* otherwise FALSE.
* @see inGroup()
*/
public function isInGroup($groupID) {
return $this->inGroup($groupID);
}
/**
* Returns true if this user is an administrator.
* Administrators have access to everything. The lucky bastards! ;-)
*
* @return Returns TRUE if this user is an administrator.
* @todo Should this function really exists? Is not {@link isAdmin()} the
* only right name for this?
* @todo Is {@link Group}::CanCMSAdmin not deprecated?
*/
function _isAdmin() {
if($groups = $this->Groups()) {
foreach($groups as $group) {
if($group->CanCMSAdmin)
return true;
}
}
return Permission::check('ADMIN');
}
/**
* Check if the user is an administrator
*
* Alias for {@link _isAdmin()} because the method is used in both ways
* all over the framework.
*
* @return Returns TRUE if this user is an administrator.
* @see _isAdmin()
*/
public function isAdmin() {
return $this->_isAdmin();
}
function _isCMSUser() {
if($groups = $this->Groups()) {
foreach($groups as $group) {
if($group->CanCMS)
return true;
}
}
}
//------------------- HELPER METHODS -----------------------------------//
/**
* Get the complete name of the member
*
* @return string Returns the first- and surname of the member. If the ID
* of the member is equal 0, only the surname is returned.
*/
public function getTitle() {
if($this->getField('ID') === 0)
return $this->getField('Surname');
return $this->getField('Surname') . ', ' . $this->getField('FirstName');
}
/**
* Get the complete name of the member
*
* @return string Returns the first- and surname of the member.
*/
public function getName() {
return $this->FirstName . ' ' . $this->Surname;
}
/**
* Set first- and surname
*
* This method assumes that the last part of the name is the surname, e.g.
* A B C will result in firstname A B and surname C
*
* @param string $name The name
*/
public function setName($name) {
$nameParts = explode(' ', $name);
$this->Surname = array_pop($nameParts);
$this->FirstName = join(' ', $nameParts);
}
/**
* Alias for {@link setName}
*
* @param string $name The name
* @see setName()
*/
public function splitName($name) {
return $this->setName($name);
}
//---------------------------------------------------------------------//
/**
* Get a "many-to-many" map that holds for all members their group
* memberships
*
* @return Member_GroupSet Returns a map holding for all members their
* group memberships.
*/
public function Groups() {
$groups = $this->getManyManyComponents("Groups");
$unsecure = DataObject::get("Group_Unsecure", "");
if($unsecure) {
foreach($unsecure as $unsecureItem) {
$groups->push($unsecureItem);
}
}
$groupIDs = $groups->column();
$collatedGroups = array();
foreach($groups as $group) {
$collatedGroups = array_merge((array)$collatedGroups,
$group->collateAncestorIDs());
}
$table = "Group_Members";
if(count($collatedGroups) > 0) {
$collatedGroups = implode(", ", array_unique($collatedGroups));
$result = singleton('Group')->instance_get("`ID` IN ($collatedGroups)", "ID", "", "", "Member_GroupSet");
} else {
$result = new Member_GroupSet();
}
$result->setComponentInfo("many-to-many", $this, "Member", $table,
"Group");
return $result;
}
/**
* Get member SQLMap
*
* @param string $filter Filter for the SQL statement (WHERE clause)
* @param string $sort Sorting function (ORDER clause)
* @param string $blank Shift a blank member in the items
* @return SQLMap Returns an SQLMap that returns all Member data.
*
* @todo Improve documentation of this function! (Markus)
*/
public function map($filter = "", $sort = "", $blank="") {
$ret = new SQLMap(singleton('Member')->extendedSQL($filter, $sort));
if($blank) {
$blankMember = new Member();
$blankMember->Surname = $blank;
$blankMember->ID = 0;
$ret->getItems()->shift($blankMember);
}
return $ret;
}
/**
* Get a member SQLMap of members in specific groups
*
* @param mixed $groups Optional groups to include in the map. If NULL is
* passed, all groups are returned, i.e.
* {@link map()} will be called.
* @return SQLMap Returns an SQLMap that returns all Member data.
* @see map()
*
* @todo Improve documentation of this function! (Markus)
*/
public static function mapInGroups($groups = null) {
if(!$groups)
return Member::map();
$groupIDList = array();
if(is_a($groups, 'DataObjectSet')) {
foreach( $groups as $group )
$groupIDList[] = $group->ID;
} elseif(is_array($groups)) {
$groupIDList = $groups;
} else {
$groupIDList[] = $groups;
}
if(empty($groupIDList))
return Member::map();
return new SQLMap(singleton('Member')->extendedSQL(
"`GroupID` IN (" . implode( ',', $groupIDList ) .
")", "Surname, FirstName", "", "INNER JOIN `Group_Members` ON `MemberID`=`Member`.`ID`"));
}
/**
* Get a map of all members in the groups given that have CMS permissions
*
* If no groups are passed, all groups with CMS permissions will be used.
*
* @param array $groups Groups to consider or NULL to use all groups with
* CMS permissions.
* @return SQLMap Returns a map of all members in the groups given that
* have CMS permissions.
*/
public static function mapInCMSGroups($groups = null) {
if(!$groups || $groups->Count() == 0) {
$groups = DataObject::get('Group', "", "",
"INNER JOIN `Permission` ON `Permission`.GroupID = `Group`.ID AND `Permission`.Code IN ('ADMIN', 'CMS_ACCESS_AssetAdmin')");
}
$groupIDList = array();
if(is_a($groups, 'DataObjectSet')) {
foreach($groups as $group)
$groupIDList[] = $group->ID;
} elseif(is_array($groups)) {
$groupIDList = $groups;
}
/*if( empty( $groupIDList ) )
return Member::map(); */
$filterClause = ($groupIDList)
? "`GroupID` IN (" . implode( ',', $groupIDList ) . ")"
: "";
return new SQLMap(singleton('Member')->extendedSQL($filterClause,
"Surname, FirstName", "",
"INNER JOIN `Group_Members` ON `MemberID`=`Member`.`ID` INNER JOIN `Group` ON `Group`.`ID`=`GroupID`"));
}
/**
* Get the groups in which the member is NOT in
*
* When passed an array of groups, and a component set of groups, this
* function will return the array of groups the member is NOT in.
*
* @param array $groupList An array of group code names.
* @param array $memberGroups A component set of groups (if set to NULL,
* $this->groups() will be used)
* @return array Groups in which the member is NOT in.
*/
public function memberNotInGroups($groupList, $memberGroups = null){
if(!$memberGroups)
$memberGroups = $this->Groups();
foreach($memberGroups as $group) {
if(in_array($group->Code, $groupList)) {
$index = array_search($group->Code, $groupList);
unset($groupList[$index]);
}
}
return $groupList;
}
/**
* Return a {@link FieldSet} of fields that would appropriate for editing
* this member.
*
* @return FieldSet Return a FieldSet of fields that would appropriate for
* editing this member.
*/
public function getCMSFields() {
$fields = new FieldSet(
//new TextField("Salutation", "Title"),
new HeaderField( "Personal Details" ),
new TextField("FirstName", "First Name"),
new TextField("Surname", "Surname"),
new HeaderField( "User Details" ),
new TextField("Email", "Email"),
/*new TextField("Password", "Password")*/
new PasswordField("Password", "Password")
//new TextareaField("Address","Address"),
//new TextField("JobTitle", "Job Title"),
//new TextField( "Organisation", "Organisation" ),
//new OptionsetField("HTMLEmail","Mail Format", array( 1 => 'HTML', 0 => 'Text only' ) )
);
$this->extend('updateCMSFields', $fields);
// if($this->hasMethod('updateCMSFields')) $this->updateCMSFields($fields);
return $fields;
}
/**
* Add an extension to the Member class
*
* This method can be used to add behaviour to Member class. The extension
* affects the entire class - all members will get the additional
* behaviour. However, if you want to restrict things, you should add
* appropriate Permission::checkMember() calls to the extensions's
* methods.
*
* @param string $extensionName Class name of the extension to add
*/
public static function add_role($extensionName) {
DataObject::add_extension('Member', $extensionName);
}
/**
* Unsubscribe from newsletter
*
* @param NewsletterType $newsletterType Newsletter type to unsubscribe
* from
*/
function unsubscribeFromNewsletter(NewsletterType $newsletterType) {
// record today's date in unsubscriptions
// this is a little bit redundant
$unsubscribeRecord = new Member_UnsubscribeRecord();
$unsubscribeRecord->unsubscribe($this, $newsletterType);
$this->Groups()->remove($newsletterType->GroupID);
}
function requireDefaultRecords() {
parent::requireDefaultRecords();
if(!DB::query("SELECT * FROM Member")->value() && isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
Security::findAnAdministrator($_REQUEST['username'], $_REQUEST['password']);
Database::alteration_message("Added admin account","created");
}
}
}
/**
* Special kind of {@link ComponentSet} that has special methods for
* manipulating a user's membership
*/
class Member_GroupSet extends ComponentSet {
/**
* Control group membership with a number of checkboxes.
* - If the checkbox fields are present in $data, then the member will be
* added to the group with the same codename.
* - If the checkbox fields are *NOT* present in $data, then the member
* will be removed from the group with the same codename.
*
* @param array $checkboxes An array list of the checkbox fieldnames (only
* values are used). E.g. array(0, 1, 2)
* @param array $data The form data. Uually in the format array(0 => 2)
* (just pass the checkbox data from your form)
*/
function setByCheckboxes(array $checkboxes, array $data) {
foreach($checkboxes as $checkbox) {
if($data[$checkbox]) {
$add[] = $checkbox;
} else {
$remove[] = $checkbox;
}
}
if($add)
$this->addManyByCodename($add);
if($remove)
$this->removeManyByCodename($remove);
}
/**
* Allows you to set groups based on a CheckboxSetField
*
* Pass the form element from your post data directly to this method, and
* it will update the groups and add and remove the member as appropriate.
*
* On the form setup:
*
*
* $fields->push(
* new CheckboxSetField(
* "NewsletterSubscriptions",
* "Receive email notification of events in ",
* $sourceitems = DataObject::get("NewsletterType")->toDropDownMap("GroupID","Title"),
* $selectedgroups = $member->Groups()->Map("ID","ID")
* )
* );
*
*
* On the form handler:
*
*
* $groups = $member->Groups();
* $checkboxfield = $form->Fields()->fieldByName("NewsletterSubscriptions");
* $groups->setByCheckboxSetField($checkboxfield);
*
*
* @param CheckboxSetField $checkboxsetfield The CheckboxSetField (with
* data) from your form.
*/
function setByCheckboxSetField(CheckboxSetField $checkboxsetfield) {
// Get the values from the formfield.
$values = $checkboxsetfield->Value();
$sourceItems = $checkboxsetfield->getSource();
if($sourceItems) {
// If (some) values are present, add and remove as necessary.
if($values) {
// update the groups based on the selections
foreach($sourceItems as $k => $item) {
if(in_array($k,$values)) {
$add[] = $k;
} else {
$remove[] = $k;
}
}
// else we should be removing all from the necessary groups.
} else {
$remove = $sourceItems;
}
if($add)
$this->addManyByGroupID($add);
if($remove)
$this->RemoveManyByGroupID($remove);
} else {
USER_ERROR("Member::setByCheckboxSetField() - No source items could be found for checkboxsetfield " .
$checkboxsetfield->Name(), E_USER_WARNING);
}
}
/**
* Adds this member to the groups based on the group IDs
*
* @param array $ids Group identifiers.
*/
function addManyByGroupID($groupIds){
$groups = $this->getGroupsFromIDs($groupIds);
if($groups) {
foreach($groups as $group) {
$this->add($group);
}
}
}
/**
* Removes the member from many groups based on the group IDs
*
* @param array $ids Group identifiers.
*/
function removeManyByGroupID($groupIds) {
$groups = $this->getGroupsFromIDs($groupIds);
if($groups) {
foreach($groups as $group) {
$this->remove($group);
}
}
}
/**
* Returns the groups from an array of group IDs
*
* @param array $ids Group identifiers.
* @return mixed Returns the groups from the array of Group IDs.
*/
function getGroupsFromIDs($ids){
if($ids && count($ids) > 1) {
return DataObject::get("Group", "ID IN (" . implode(",", $ids) . ")");
} else {
return DataObject::get_by_id("Group", $ids[0]);
}
}
/**
* Adds this member to the groups based on the group codenames
*
* @param array $codenames Group codenames
*/
function addManyByCodename($codenames) {
$groups = $this->codenamesToGroups($codenames);
if($groups) {
foreach($groups as $group){
$this->add($group);
}
}
}
/**
* Removes this member from the groups based on the group codenames
*
* @param array $codenames Group codenames
*/
function removeManyByCodename($codenames) {
$groups = $this->codenamesToGroups($codenames);
if($groups) {
foreach($groups as $group) {
$this->remove($group);
}
}
}
/**
* Helper function to return the appropriate groups via a codenames
*
* @param array $codenames Group codenames
* @return array Returns the the appropriate groups.
*/
protected function codenamesToGroups($codenames) {
$list = "'" . implode("', '", $codenames) . "'";
$output = DataObject::get("Group", "Code IN ($list)");
// Some are missing - throw warnings
if(!$output || ($output->Count() != sizeof($list))) {
foreach($codenames as $codename)
$missing[$codename] = $codename;
if($output) {
foreach($output as $record)
unset($missing[$record->Code]);
}
if($missing)
user_error("The following group-codes aren't matched to any groups: " .
implode(", ", $missing) .
". You probably need to link up the correct group codes in phpMyAdmin",
E_USER_WARNING);
}
return $output;
}
}
/**
* Class used as template to send an email to new members
*/
class Member_SignupEmail extends Email_Template {
protected
$from = '', // setting a blank from address uses the site's default administrator email
$to = '$Email',
$subject = "Thanks for signing up",
$body = '
Thanks for signing up to become a new member, your details are listed below for future reference.
You can login to the website using the credentials listed below:
Email: $Email
Password: $Password
Your password has been changed. Please keep this email, for future reference.
'; } /** * Member Validator */ class Member_Validator extends RequiredFields { protected $customRequired = array('FirstName', 'Email'); //, 'Password'); /** * Constructor */ public function __construct() { $required = func_get_args(); if(isset($required[0]) && is_array($required[0])) { $required = $required[0]; } $required = array_merge($required, $this->customRequired); parent::__construct($required); } /** * Check if the submitted member data is valid * * Check if a member with that email doesn't already exist, or if it does * that it is this member. * * @param array $data Submitted data * @return bool Returns TRUE if the submitted data is valid, otherwise * FALSE. */ function php($data) { $valid = parent::php($data); $member = DataObject::get_one('Member', "Email = '". Convert::raw2sql($data['Email']) ."'"); // if we are in a complex table field popup, use ctf[childID], else use // ID $id = (isset($_REQUEST['ctf']['childID'])) ? $_REQUEST['ctf']['childID'] : $_REQUEST['ID']; if(is_object($member) && $member->ID != $id) { $emailField = $this->form->dataFieldByName('Email'); $this->validationError($emailField->id(), "There already exists a member with this email", "required"); $valid = false; } return $valid; } } // Initialize the static DB variables to add the supported encryption // algorithms to the PasswordEncryption Enum field Member::init_db_fields(); ?>