login refreshes databases

[sql-web.git] / lib / security.lib.php
diff --git a/lib/security.lib.php b/lib/security.lib.php

index 7557465526cf66a96010402dc94cdc699efa461e..0fc8a91365cbd4f7386fb3fa0516fba65a565922 100644 (file)
--- a/lib/security.lib.php
+++ b/lib/security.lib.php
@@ -3,8 +3,8 @@
  require_once('mitsql.lib.php');
  
  class Login {
-       var $id, $u, $p;
-    var $info;
+       private $id, $u, $p;
+    private $info;
      function Login($u, $p=null) {
                 if (empty($u)) return;
                 $this->u = $u;
@@ -82,12 +82,12 @@ class Login {
  }
  
  class User {
-       var $userId;
-       var $info;
-       var $dblist;
+       private $userId;
+       private $info;
+       private $dblist;
      function User($userId) {
                 $this->userId = $userId;
-        $sql = sprintf("SELECT User.UserId, Username, Password, Name, Email, UL, bEnabled, nBytesSoft, nBytesHard, nBytes, nDatabases, nDatabasesHard
+        $sql = sprintf("SELECT User.UserId, Username, Name, Email, UL, bEnabled, nBytesSoft, nBytesHard, nBytes, nDatabases, nDatabasesHard, IF(nBytes>nBytesHard,1,0) AS bOverQuota
                          FROM User
                                                 INNER JOIN UserQuota ON User.UserId = UserQuota.UserId
                                                 INNER JOIN UserStat ON User.UserId = UserStat.UserId
@@ -96,13 +96,12 @@ class User {
          $r = fetchRows(DBSelect($sql),'UserId');
          $this->info = count($r)?array_shift($r):$r;
                 $this->dblist = $this->getDBList();
-//             $this->pass = base64_decode($this->info['Password']);
      }
         function refresh() {
                 unset($this->dblist);
                 $this->User($this->userId);
                 /*
-        $sql = sprintf("SELECT UserId, Username, Password, Name, Email, UL, bEnabled
+        $sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled
                          FROM User
                          WHERE UserId = '%s'",
                          mysql_escape_string($this->userId));
@@ -121,6 +120,9 @@ class User {
      function getUsername() {
          return $this->exists()?$this->info['Username']:'';
      }
+    function isOverQuota() {
+        return $this->exists()?($this->info['bOverQuota']>0?true:false):'';
+    }
      function getBytes() {
          if($this->exists()) {
                         $arr['nBytes'] = $this->info['nBytes'];
@@ -195,11 +197,12 @@ class User {
                                                 mysql_escape_string($this->getUserId()));
  //                     $r = fetchRows(DBSelect($sql),'DatabaseId');
                         $r = fetchRows(DBSelect($sql),'Name');
+                       ksort($r);
                         return $r;
                 }
         }
         function addDB($name) {
-               if (in_array($name, $this->getDBList())) return false;
+               if (in_array($name, array_keys($this->getDBList()))) return false;
                 if (!addDB($name, $this->getUserId())) return false;
                 $this->setAccess($name);
                 return true;
@@ -218,7 +221,7 @@ function isLoggedIn($aLogin=null) {
          global $Login;
          $aLogin = $Login;
      }
-    return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->canLogin();
+    return !empty($aLogin) && ($aLogin instanceof Login) && $aLogin->canLogin();
  }
  
  function isAdmin($aLogin=null) {
@@ -226,18 +229,27 @@ function isAdmin($aLogin=null) {
          global $Login;
          $aLogin = $Login;
      }
-    return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->getUL()>=100;
+    return !empty($aLogin) && ($aLogin instanceof Login) && $aLogin->getUL()>=100;
  }
  
  function isImpersonating() {
         return isSess('_UserId') && isSess('UserId');
  }
  
+function isOffline() {
+       return (defined('OFFLINE') && OFFLINE);
+}
+
+function isOnline() {
+       return !isOffline();
+}
+
  function impersonate($userId=null) {
         $wasImpersonating = isImpersonating();
         if ($wasImpersonating) {
-               if (is_null($userId)) {
+               if (is_null($userId) || empty($userId)) {
                         sess('UserId',sess('_UserId'));
+                       sess('_UserId','');
                 } elseif ($userId>0) {
                         sess('UserId',$userId);
                 } else {
@@ -253,7 +265,7 @@ function impersonate($userId=null) {
  }
  
  function isSSL() {
-       return $_SERVER['SERVER_PORT'] == 443;
+       return isset($_SERVER['SERVER_PORT'])?($_SERVER['SERVER_PORT'] == 443):false;
  }
  
  function getSSLCert() {
@@ -280,15 +292,20 @@ function redirect($target=null,$secure=null) {
      $base = (is_null($target)||substr($target,0,1)=='?')?$_SERVER['REDIRECT_URL']:(dirname($_SERVER['REDIRECT_URL']).'/');
      redirectFull(is_null($target)?$base:($base.$target),$secure);
  }
+function redirectStart() {
+       redirectFull(BASE_URL,null);
+}
  function redirectFull($target,$secure) {
-       redirect2((((isSSL()&&is_null($secure))||$secure==true)?'https://':'http://').$_SERVER['SERVER_NAME'].$target);
+       //redirect2((((isSSL()&&is_null($secure))||$secure==true)?'https://':'http://').$_SERVER['SERVER_NAME'].$target);
+       redirect2((((isSSL()&&is_null($secure))||$secure==true)?'https://scripts-cert.mit.edu':'http://scripts.mit.edu').$target);
  }
  function redirect2($target) {
         header('Location: '.$target);
         exit;
  }
  function flipSSL() {
-       return (isSSL()?'http://':'https://').$_SERVER['SERVER_NAME'].$_SERVER['REDIRECT_URL'];
+       //return (isSSL()?'http://':'https://').$_SERVER['SERVER_NAME'].$_SERVER['REDIRECT_URL'];
+       return (isSSL()?'http://scripts.mit.edu':'https://scripts-cert.mit.edu').$_SERVER['REDIRECT_URL'];
  }
  
  ## USER SCRIPTS