X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=WEB-INF%2Flib%2FttRegistrator.class.php;h=33d325971ff06cf54b89845827fb9269835d4dc8;hb=bbea8c35f79ef9699e4b6deab0be3c1108628ef0;hp=7082e6bc2412cec3623873f6d57a0d3b2622bfdd;hpb=75b65e92b21d45e2b09fb12daef169fb214a7acd;p=timetracker.git diff --git a/WEB-INF/lib/ttRegistrator.class.php b/WEB-INF/lib/ttRegistrator.class.php index 7082e6bc..33d32597 100644 --- a/WEB-INF/lib/ttRegistrator.class.php +++ b/WEB-INF/lib/ttRegistrator.class.php @@ -26,6 +26,9 @@ // | https://www.anuko.com/time_tracker/credits.htm // +----------------------------------------------------------------------+ +import('ttUserHelper'); +import('ttRoleHelper'); + // ttRegistrator class is used to register a user in Time Tracker. class ttRegistrator { var $user_name = null; // User name. @@ -35,7 +38,12 @@ class ttRegistrator { var $group_name = null; // Group name. var $currency = null; // Currency. var $lang = null; // Language. + var $created_by_id = null; // User, who uses the instance. + // Currently, there are 2 possibilities: + // 1) Self-registration, or null here. + // 2) Registration by admin with a user_id. var $group_id = null; // Group id, set after we create a group. + var $org_id = null; // Organization id, the same as group_id (top group in org). var $role_id = null; // Role id for top managers. var $user_id = null; // User id after registration. var $err = null; // Error object, passed to us as reference. @@ -52,6 +60,7 @@ class ttRegistrator { $this->currency = $fields['currency']; $this->lang = $fields['lang']; if (!$this->lang) $this->lang = 'en'; + $this->created_by_id = (int) $fields['created_by_id']; $this->err = $err; // Validate passed in parameters. @@ -61,8 +70,8 @@ class ttRegistrator { function validate() { global $i18n; - if (!ttValidString($this->group_name, true)) - $this->err->add($i18n->get('error.field'), $i18n->get('label.team_name')); + if (!ttValidString($this->group_name)) + $this->err->add($i18n->get('error.field'), $i18n->get('label.group_name')); if (!ttValidString($this->currency, true)) $this->err->add($i18n->get('error.field'), $i18n->get('label.currency')); if (!ttValidString($this->user_name)) @@ -77,6 +86,8 @@ class ttRegistrator { $this->err->add($i18n->get('error.not_equal'), $i18n->get('label.password'), $i18n->get('label.confirm_password')); if (!ttValidEmail($this->email, true)) $this->err->add($i18n->get('error.field'), $i18n->get('label.email')); + if (!ttUserHelper::canAdd()) + $this->err->add($i18n->get('error.user_count')); } // The register function registers a user in Time Tracker. @@ -84,6 +95,15 @@ class ttRegistrator { if ($this->err->yes()) return false; // There are errors, do not proceed. global $i18n; + global $user; + + // Protection from too many recent bot registrations from user IP. + if (!$this->created_by_id) { // No problems for logged in user (site admin). + if ($this->registeredRecently()) { + $this->err->add($i18n->get('error.access_denied')); + return false; + } + } import('ttUserHelper'); if (ttUserHelper::getUserByLogin($this->login)) { @@ -94,12 +114,12 @@ class ttRegistrator { // Create a new group. $this->group_id = $this->createGroup(); + $this->org_id = $this->group_id; if (!$this->group_id) { $this->err->add($i18n->get('error.db')); return false; } - import('ttRoleHelper'); if (!ttRoleHelper::createPredefinedRoles($this->group_id, $this->lang)) { $err->add($i18n->get('error.db')); return false; @@ -108,11 +128,13 @@ class ttRegistrator { $this->user_id = $this->createUser(); if (!$this->user_id) { - $err->add($i18n->get('error.db')); + $this->err->add($i18n->get('error.db')); return false; } - if (!$this->setCreatedBy($this->user_id)) + // Set created_by appropriately. + $created_by = $this->created_by_id ? $this->created_by_id : $this->user_id; + if (!$this->setCreatedBy($created_by)) return false; return true; @@ -123,20 +145,27 @@ class ttRegistrator { function createGroup() { $mdb2 = getConnection(); + $group_key = $mdb2->quote(ttRandomString()); $name = $mdb2->quote($this->group_name); $currency = $mdb2->quote($this->currency); $lang = $mdb2->quote($this->lang); + $plugins = $mdb2->quote(defined('DEFAULT_PLUGINS') ? DEFAULT_PLUGINS : null); $created = 'now()'; $created_ip = $mdb2->quote($_SERVER['REMOTE_ADDR']); - $sql = "insert into tt_teams (name, currency, lang, created, created_ip) values($name, $currency, $lang, $created, $created_ip)"; + $sql = "insert into tt_groups (group_key, name, currency, lang, plugins, created, created_ip)". + " values($group_key, $name, $currency, $lang, $plugins, $created, $created_ip)"; $affected = $mdb2->exec($sql); + if (is_a($affected, 'PEAR_Error')) return false; - if (!is_a($affected, 'PEAR_Error')) { - $group_id = $mdb2->lastInsertID('tt_teams', 'id'); - return $group_id; - } - return false; + $group_id = $mdb2->lastInsertID('tt_groups', 'id'); + + // Update org_id with group_id. + $sql = "update tt_groups set org_id = $group_id where org_id is NULL and id = $group_id"; + $affected = $mdb2->exec($sql); + if (is_a($affected, 'PEAR_Error')) return false; + + return $group_id; } // The createUser creates a user in database as part of registration process. @@ -149,9 +178,9 @@ class ttRegistrator { $email = $mdb2->quote($this->email); $created = 'now()'; $created_ip = $mdb2->quote($_SERVER['REMOTE_ADDR']); - $values = "values($login, $password, $name, $this->group_id, $this->role_id, $email, $created, $created_ip)"; + $values = "values($login, $password, $name, $this->group_id, $this->org_id, $this->role_id, $email, $created, $created_ip)"; - $sql = 'insert into tt_users (login, password, name, team_id, role_id, email, created, created_ip) '.$values; + $sql = 'insert into tt_users (login, password, name, group_id, org_id, role_id, email, created, created_ip) '.$values; $affected = $mdb2->exec($sql); if (!is_a($affected, 'PEAR_Error')) { $user_id = $mdb2->lastInsertID('tt_users', 'id'); @@ -161,14 +190,14 @@ class ttRegistrator { } // The setCreatedBy sets created_by field for both group and user to passed in user_id. - function setCreatedBy($user_id) { + private function setCreatedBy($user_id) { if ($this->err->yes()) return false; // There are errors, do not proceed. global $i18n; $mdb2 = getConnection(); // Update group. - $sql = "update tt_teams set created_by = $user_id where id = $this->group_id"; + $sql = "update tt_groups set created_by = $user_id where id = $this->group_id and org_id = $this->org_id"; $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) { $this->err->add($i18n->get('error.db')); @@ -176,7 +205,7 @@ class ttRegistrator { } // Update top manager. - $sql = "update tt_users set created_by = $user_id where id = $user_id and team_id = $this->group_id"; + $sql = "update tt_users set created_by = $user_id where id = $this->user_id and group_id = $this->group_id and org_id = $this->org_id"; $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) { $this->err->add($i18n->get('error.db')); @@ -185,4 +214,22 @@ class ttRegistrator { return true; } + + // registeredRecently determines if we already have a successful recent registration from user IP. + // "recent" means "within the last minute" and is set in a query by the following condition: + // "and created > now() - interval 1 minute". Change if necessary. + function registeredRecently() { + $mdb2 = getConnection(); + + $ip_part = ' created_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']); + $sql = 'select created from tt_groups where '.$ip_part.' and created > now() - interval 1 minute'; + $res = $mdb2->query($sql); + if (is_a($res, 'PEAR_Error')) + return false; + $val = $res->fetchRow(); + if ($val) + return true; + + return false; + } }