diff --git a/conf/query_strings.ini b/conf/query_strings.ini index 606fcfe7a..28086a59e 100644 --- a/conf/query_strings.ini +++ b/conf/query_strings.ini @@ -35,6 +35,7 @@ [\?(?:.+&|)sc=(.+?)(?:&|$)] [\?(?:.+&|)search=(.+?)(?:&|$)] [\?(?:.+&|)search2=(.+?)(?:&|$)] +[\?(?:.+&|)searchfor=(.+?)(?:&|$)] [\?(?:.+&|)searchText=(.+?)(?:&|$)] [\?(?:.+&|)srch=(.+?)(?:&|$)] [\?(?:.+&|)string=(.+?)(?:&|$)] diff --git a/owa_auth.php b/owa_auth.php new file mode 100644 index 000000000..67e63e6e0 --- /dev/null +++ b/owa_auth.php @@ -0,0 +1,125 @@ + + * @copyright Copyright © 2006 Peter Adams + * @license http://www.gnu.org/copyleft/gpl.html GPL v2.0 + * @category owa + * @package owa + * @version $Revision$ + * @since owa 1.0.0 + */ +class owa_auth extends owa_base { + + /** + * User object + * + * @var unknown_type + */ + var $u; + + /** + * Array of permission roles that users can have + * + * @var array + */ + var $roles; + + /** + * Database Access Object + * + * @var unknown_type + */ + var $db; + + var $status_msg; + + /** + * Abstract class Constructor + * + * @return owa_auth + */ + function owa_auth() { + + $this->owa_base(); + $this->setRoles(); + + return; + + } + + /** + * Sets the permission levels of each role. + * + */ + function setRoles() { + + $this->roles = array('admin' => array('level' => 10, 'label' => 'Administrator'), + 'viewer' => array('level' => 2, 'label' => 'Report Viewer'), + 'guest' => array('level' => 1, 'label' => 'Guest') + + ); + + return; + + } + + /** + * Looks up the priviledge level for a particular role + * + * @param unknown_type $role + * @return unknown + */ + function getLevel($role) { + + return $this->roles['role']['level']; + } + + function authenticateUser() { + + return; + } + + /** + * Creates the concrete auth class + * + * @return object + */ + function &get_instance() { + + $config = &owa_settings::get_settings(); + return owa_lib::singleton($config['plugin_dir'].'/auth/', + 'owa_auth_', + $config['authentication']); + } + + function setCookies() { + + setcookie($this->config['ns'].'u', $this->u->user_id, time()+3600*24*365*30, '/', $_SERVER['SERVER_NAME']); + setcookie($this->config['ns'].'p', $this->u->password, time()+3600*24*365*30, '/', $_SERVER['SERVER_NAME']); + + return; + } + +} + + +?> \ No newline at end of file diff --git a/owa_base.php b/owa_base.php new file mode 100644 index 000000000..f1409d6ee --- /dev/null +++ b/owa_base.php @@ -0,0 +1,65 @@ + + * @copyright Copyright © 2006 Peter Adams + * @license http://www.gnu.org/copyleft/gpl.html GPL v2.0 + * @category owa + * @package owa + * @version $Revision$ + * @since owa 1.0.0 + */ +class owa_base { + + /** + * Configuration + * + * @var array + */ + var $config; + + /** + * Error Logger + * + * @var object + */ + var $e; + + /** + * Base Constructor + * + * @return owa_base + */ + function owa_base() { + + $this->config = &owa_settings::get_settings(); + $this->e = &owa_error::get_instance(); + + return; + } + +} + + +?> \ No newline at end of file diff --git a/owa_click.php b/owa_click.php index 28bd0f770..2dfc6567b 100644 --- a/owa_click.php +++ b/owa_click.php @@ -65,12 +65,14 @@ function process() { //$this->properties['os'] = $this->determine_os($this->properties['ua']); //$this->properties['os_id'] = $this->set_string_guid($this->properties['os']); + + // Make document id - $this->properties['page_url']= $this->stripDocumentUrl($this->properties['page_url']); + $this->properties['page_url']= $this->stripDocumentUrl(base64_decode($this->properties['page_url'])); $this->properties['document_id'] = $this->set_string_guid($this->properties['page_url']); //$this->setDocumentProperties($this->properties['page_url']); - $this->properties['target_url'] = $this->stripDocumentUrl($this->properties['target_url']); + $this->properties['target_url'] = $this->stripDocumentUrl(base64_decode($this->properties['target_url'])); $this->properties['target_id'] = $this->set_string_guid($this->properties['target_url']); // Resolve host name if ($this->config['resolve_hosts'] = true): diff --git a/owa_lib.php b/owa_lib.php index fe1303df3..7c7a84a31 100644 --- a/owa_lib.php +++ b/owa_lib.php @@ -456,6 +456,129 @@ function inputFilter($array) { } + /** + * Generic Factory method + * + * @param string $class_dir + * @param string $class_prefix + * @param string $class_name + * @param array $conf + * @return object + */ + function &factory($class_dir, $class_prefix, $class_name, $conf = array()) { + + $class_dir = strtolower($class_dir); + $classfile = $class_dir . $class_name . '.php'; + $class = $class_prefix . $class_name; + + /* + * Attempt to include a version of the named class, but don't treat + * a failure as fatal. The caller may have already included their own + * version of the named class. + */ + if (!class_exists($class)): + include_once $classfile; + endif; + + /* If the class exists, return a new instance of it. */ + if (class_exists($class)): + $obj = &new $class($conf); + return $obj; + endif; + + $null = null; + return $null; + } + + /** + * Generic Object Singleton + * + * @param string $class_dir + * @param string $class_prefix + * @param string $class_name + * @param array $conf + * @return object + */ + function &singleton($class_dir, $class_prefix, $class_name, $conf = array()) { + + static $instance; + + if (!isset($instance)): + $instance = &owa_lib::factory($class_dir, $class_prefix, $class_name, $conf = array()); + endif; + + return $instance; + } + + /** + * 301 HTP redirect the user to a new url + * + * @param string $url + */ + function redirectBrowser($url) { + + // 301 redirect to URL + header ('Location: '.$url); + header ('HTTP/1.0 301 Moved Permanently'); + return; + } + + /** + * Generates a link between admin screens + * + * @param array $query_params + * @return string + */ + function makeAdminLink($admin_page, $query_params = null, $make_query_string = true) { + + if ($make_query_string == true): + $get = owa_lib::makeLinkQueryString($query_params); + else: + $get = ''; + endif; + + //Return URL + return sprintf($this->config['inter_admin_link_template'], + $this->config['admin_url'], + $admin_page, + $get); + } + + function makeLinkQueryString($query_params) { + + $new_query_params = array(); + + //Load params passed by caller + if (!empty($this->caller_params)): + foreach ($this->caller_params as $name => $value) { + if (!empty($value)): + $new_query_params[$name] = $value; + endif; + } + endif; + + // Load overrides + if (!empty($query_params)): + foreach ($query_params as $name => $value) { + if (!empty($value)): + $new_query_params[$name] = $value; + endif; + } + endif; + + // Construct GET request + if (!empty($new_query_params)): + foreach ($new_query_params as $name => $value) { + if (!empty($value)): + $get .= $name . "=" . $value . "&"; + endif; + } + endif; + + return $get; + + } + } ?> diff --git a/owa_report.php b/owa_report.php index 7ed47b12d..4779940b5 100644 --- a/owa_report.php +++ b/owa_report.php @@ -22,6 +22,7 @@ require_once 'owa_api.php'; require_once 'owa_lib.php'; require_once 'owa_site.php'; +require_once 'owa_auth.php'; /** * Web Analytics Report @@ -99,6 +100,8 @@ class owa_report { */ var $prefs = array(); + var $auth; + /** * Constructor * @@ -109,9 +112,18 @@ function owa_report() { $this->config = &owa_settings::get_settings(); + // User authentication object + $this->auth = &owa_auth::get_instance(); + // Gets full set of params from URL - $this->_setParams(owa_lib::getRestparams()); - + + //if (empty($_POST['go_params'])): + $this->_setParams(owa_lib::getRestparams()); + //else: + // parse_str($_POST['go_params'], $post_params); + // $this->setParams($post_params); + //endif; + // Get default and user override display preferences. $this->prefs = $this->getPrefs(); @@ -215,6 +227,12 @@ function getSitesList() { } + function authenticateUser($role) { + + return $this->auth->authenticateUser($role); + + } + } ?> diff --git a/owa_settings_class.php b/owa_settings_class.php index 90046d075..fed99d1c3 100644 --- a/owa_settings_class.php +++ b/owa_settings_class.php @@ -111,6 +111,7 @@ function &get_settings() { $config['action_url'] = $OWA_CONFIG['public_url']."/action.php"; $config['images_url'] = $OWA_CONFIG['public_url']."/i"; $config['reporting_url'] = $OWA_CONFIG['public_url']."/reports/index.php"; + $config['home_url'] = $OWA_CONFIG['public_url']."/reports/index.php?page=dashboard_report.php"; $config['admin_url'] = $OWA_CONFIG['public_url']."/admin/index.php"; endif; @@ -158,6 +159,7 @@ function get_default_config() { 'impressions_table' => 'impressions', 'clicks_table' => 'clicks', 'exits_table' => 'exits', + 'users_table' => 'users', 'db_class' => '', 'db_type' => '', 'db_name' => OWA_DB_NAME, @@ -211,7 +213,9 @@ function get_default_config() { 'owa_rss_url' => 'http://www.openwebanalytics.com/?feed=rss2', 'use_summary_tables' => false, 'summary_framework' => '', - 'click_drawing_mode' => 'center_on_page' + 'click_drawing_mode' => 'center_on_page', + 'log_clicks' => true, + 'authentication' => 'simple' ); } diff --git a/owa_template.php b/owa_template.php index 7d271ad78..35c8998cc 100644 --- a/owa_template.php +++ b/owa_template.php @@ -18,6 +18,7 @@ require_once(OWA_INCLUDE_DIR.'/template_class.php'); require_once(OWA_BASE_DIR.'/owa_lib.php'); +require_once(OWA_BASE_DIR.'/owa_settings_class.php'); /** * OWA Wrapper for template class diff --git a/owa_user.php b/owa_user.php new file mode 100644 index 000000000..16984a2da --- /dev/null +++ b/owa_user.php @@ -0,0 +1,298 @@ + + * @copyright Copyright © 2006 Peter Adams + * @license http://www.gnu.org/copyleft/gpl.html GPL v2.0 + * @category owa + * @package owa + * @version $Revision$ + * @since owa 1.0.0 + */ +class owa_user extends owa_base { + + /** + * GUID for each user object + * + * @var int + */ + var $user_id; + + /** + * encrypted password + * + * @var string + */ + var $password; + + /** + * Priviledge Role + * + * @var string + */ + var $role; + + /** + * Display name + * + * @var string + */ + var $real_name; + + /** + * Email address + * + * @var string + */ + var $email_address; + + /** + * authentication key generated when user forgets their password. + * Used in forgot password email. + * + * @var string + */ + var $temp_passkey; + + /** + * Date the user was created + * + * @var int + */ + var $creation_date; + + /** + * Date the user object was last updated + * + * @var int + */ + var $last_update_date; + + /** + * Database access object + * + * @var object + */ + var $db; + + function owa_user() { + + $this->owa_base(); + $this->db = &owa_db::get_instance(); + + return; + } + + /** + * Base select sql statement + * + * @param string $constraint + * @return string + */ + function selectUser($constraint) { + + return sprintf(" SELECT + user_id, + password, + role, + real_name, + email_address, + temp_passkey, + creation_date, + last_update_date + FROM + %s + %s", + $this->config['ns'].$this->config['users_table'], + $constraint); + + } + + /** + * DOA method for looking up a user by their user_id + * + * @param int $user_id + * @return object + */ + function getUserByPK($user_id) { + + $constraint = sprintf("WHERE user_id = '%s'", $user_id); + return $this->getUser($constraint); + } + + /** + * DOA method for looking up user by temp passkey + * + * @param string $key + * @return object + */ + function getUserByTempPasskey($key) { + + $constraint = sprintf("WHERE temp_passkey = '%s'", $key); + return $this->getUser($constraint); + + } + + /** + * DOA method for looking up user by email address + * + * @param string $email_address + * @return object + */ + function getUserByEmail($email_address) { + + $constraint = sprintf("WHERE email_address = '%s'", $email_address); + return $this->getUser($constraint); + } + + /** + * Base DOA method for retrieving a single user from the DB. + * + * @param string $constraint + * @return object + */ + function getUser($constraint) { + + $user = $this->db->get_row($this->selectUser($constraint)); + + if ($user): + + $this->_setAttributes($user); + return true; + else: + return false; + endif; + + } + + /** + * DOA Method for returnign an array of all users + * + * @return unknown + */ + function getAllUsers() { + + return $user = $this->db->get_results($this->selectUser('')); + + } + + + /** + * Sets user object attributes + * + * @param unknown_type $array + */ + function _setAttributes($array) { + + foreach ($array as $n => $v) { + + $this->$n = $v; + + } + + return; + } + + /** + * Saves user object to the DB + * + * @return boolean + */ + function save() { + + $check = $this->db->get_row(sprintf("SELECT + user_id + FROM + %s + WHERE + user_id = '%s'", + $this->config['ns'].$this->config['users_table'], + $this->user_id + )); + + if (empty($check)): + + return $this->db->query(sprintf("INSERT INTO %s ( + user_id, + password, + role, + real_name, + email_address, + temp_passkey, + creation_date, + last_update_date) + VALUES + ('%s', '%s', '%s', '%s', '%s', '%d', '%d')", + $this->config['ns'].$this->config['users_table'], + $this->user_id, + $this->password, + $this->role, + $this->real_name, + $this->email_address, + $this->temp_passkey, + time(), + time())); + else: + return "primary_key_exists"; + endif; + + } + + /** + * Updates already existing user object + * + * @return boolean + */ + function update() { + + return $this->db->query(sprintf("UPDATE + %s + SET + user_id = '%s', + password = '%s', + role = '%s', + real_name = '%s', + email_address = '%s', + temp_passkey = '%s', + creation_date = '%s', + last_update_date = '%s' + WHERE + user_id = '%s'", + $this->config['ns'].$this->config['users_table'], + $this->user_id, + $this->password, + $this->role, + $this->real_name, + $this->email_address, + $this->temp_passkey, + $this->creation_date, + time(), + $this->user_id)); + + + } + + +} + +?> \ No newline at end of file diff --git a/plugins/auth/none.php b/plugins/auth/none.php new file mode 100644 index 000000000..47e093b2e --- /dev/null +++ b/plugins/auth/none.php @@ -0,0 +1,72 @@ + + * @copyright Copyright © 2006 Peter Adams + * @license http://www.gnu.org/copyleft/gpl.html GPL v2.0 + * @category owa + * @package owa + * @version $Revision$ + * @since owa 1.0.0 + */ + +class owa_auth_none extends owa_auth { + + function owa_auth_none($role) { + + $this->owa_auth(); + + return; + } + + /** + * Used to auth a new browser that has no cookies set + * + * @param string $user_id + * @param string $password + * @return boolean + */ + function authenticateNewBrowser($user_id, $password) { + + return; + } + + + /** + * Used by controllers to check if the user exists and if they are priviledged. + * + * @param string $necessary_role + */ + function authenticateUser($necessary_role) { + + return; + + } + + + +} + + +?> \ No newline at end of file diff --git a/plugins/auth/simple.php b/plugins/auth/simple.php new file mode 100644 index 000000000..d74ee6b45 --- /dev/null +++ b/plugins/auth/simple.php @@ -0,0 +1,274 @@ + + * @copyright Copyright © 2006 Peter Adams + * @license http://www.gnu.org/copyleft/gpl.html GPL v2.0 + * @category owa + * @package owa + * @version $Revision$ + * @since owa 1.0.0 + */ + +class owa_auth_simple extends owa_auth { + + function owa_auth_simple($role) { + + $this->owa_auth(); + $this->eq = &eventQueue::get_instance(); + + return; + } + + /** + * Simple Password Encryption Scheme + * + * @param string $password + * @return string + */ + function encryptPassword($password) { + + return md5(strtolower($password).strlen($password)); + } + + /** + * Used to auth a new browser that has no cookies set + * + * @param string $user_id + * @param string $password + * @return boolean + */ + function authenticateNewBrowser($user_id, $password) { + + $this->e->debug("Login attempt from ". $user_id); + + $is_user = $this->isUser($user_id, $this->encryptPassword($password)); + + if ($is_user == true): + $this->setCookies(); + return true; + else: + return false; + endif; + + return; + } + + /** + * Checks to see if the user credentials match a real user object in the DB + * + * @param string $user_id + * @param string $password + * @return boolean + */ + function isUser($user_id, $password) { + + // md5 password + + // fetch user credenticals from the db + $this->u = new owa_user; + $this->u->getUserByPK($user_id); + + //$this->e->debug('Password-hash: '.$password); + //$this->e->debug('Password-db : '.$this->u->password); + + if (($user_id == $this->u->user_id)): + if ($password === $this->u->password): + return true; + else: + return false; + endif; + else: + return false; + endif; + } + + /** + * Checks to see if the user has appropriate priviledges + * + * @param string $necessary_role + * @return boolean + */ + function isPriviledged($necessary_role) { + + // compare priviledge levels + if ($this->getLevel($this->u->role) >= $this->getLevel($necessary_role)): + // authenticated + return true;; + else: + // not high enough priviledge level + return false; + endif; + + } + + /** + * Looks up user by temporary Passkey Column in db + * + * @param unknown_type $key + * @return unknown + */ + function authenticateUserTempPasskey($key) { + + $this->u = new owa_user; + $this->u->getUserByTempPasskey($key); + + if (!empty($this->u->user_id)): + return true; + else: + $this->showResetPasswordErrorPage; + endif; + + } + + /** + * Used by controllers to check if the user exists and if they are priviledged. + * + * @param string $necessary_role + */ + function authenticateUser($necessary_role) { + + if (!empty($_COOKIE[$this->config['ns'].'u']) && (!empty($_COOKIE[$this->config['ns'].'p']))): + $user_id = $_COOKIE[$this->config['ns'].'u']; + $password = $_COOKIE[$this->config['ns'].'p']; + else: + $this->showLoginPage(); + endif; + + $is_user = $this->isUser($user_id, $password); + + if ($is_user == true): + $priviledged = $this->isPriviledged($necessary_role); + if ($priviledged == true): + return; + else: + $this->showPriviledgeErrorPage(); + endif; + else: + $this->showLoginErrorPage(); + endif; + + return; + + } + + /** + * Send user to the Login page Controller + * + * @param array $params + */ + + function showLoginPage($params = array()) { + + $url = $this->config['public_url'].'/login.php?page=login&go='.urlencode(owa_lib::get_current_url()); + $this->redirectToUrl($url); + return; + + } + + /** + * Shown when the user does not enough priviledges + * + */ + function showPriviledgeErrorPage() { + + $url = $this->config['public_url'].'/login.php?page=not_priviledged'; + $this->redirectToUrl($url); + return; + + } + + function showLoginErrorPage() { + + $url = $this->config['public_url'].'/login.php?page=bad_pass&go='.urlencode(owa_lib::get_current_url()); + $this->redirectToUrl($url); + return; + + } + + /** + * Shown after the temp passkey is found in the database + * + */ + function showResetPasswordPage() { + + $url = $this->config['public_url'].'/login.php?page=reset_password'; + $this->redirectToUrl($url); + return; + } + + /** + * Shown when the temp passkey is not found in the DB + * + */ + function showResetPasswordErrorPage() { + $url = $this->config['public_url'].'/login.php?page=reset_password_error'; + $this->redirectToUrl($url); + return; + } + + /** + * Shown when the temp passkey has been set nd mailed. + * + */ + function showRequestNewPasswordSuccessPage() { + $url = $this->config['public_url'].'/login.php?page=request_password_success'; + $this->redirectToUrl($url); + return; + } + + function redirectToUrl($url) { + + header ('Location: '.$url); + header ('HTTP/1.0 301 Moved Permanently'); + + return; + } + + function setTempPasskey($email_address) { + + $this->u = new owa_user; + $this->u->getUserByEmail($email_address); + + + + if (!empty($this->u->user_id)): + + $this->eq->log(array('email_address' => $this->u->email_address), 'user.set_temp_passkey'); + return true; + //$this->showRequestNewPasswordSuccessPage(); + else: + return false; + //$this->showResetPasswordErrorPage(); + endif; + + return; + + } + + +} + + +?> \ No newline at end of file diff --git a/plugins/event_handlers/observer_password_reset.php b/plugins/event_handlers/observer_password_reset.php new file mode 100644 index 000000000..60f079b9f --- /dev/null +++ b/plugins/event_handlers/observer_password_reset.php @@ -0,0 +1,149 @@ + + * @copyright Copyright © 2006 Peter Adams + * @license http://www.gnu.org/copyleft/gpl.html GPL v2.0 + * @category owa + * @package owa + * @version $Revision$ + * @since owa 1.0.0 + */ + +class Log_observer_password_reset extends owa_observer { + + /** + * Email that mail should go to + * + * @var string + */ + var $_to; + + /** + * Subject of email + * + * @var string + */ + var $_subject; + + /** + * Constructor + * + * @param string $priority + * @param array $conf + * @return Log_observer_announce + */ + function Log_observer_password_reset($priority, $conf) { + + // Call the base class constructor. + $this->owa_observer($priority); + + // Configure the observer to listen for event types + $this->_event_type = array('user.set_temp_passkey', 'user.reset_password'); + + return; + } + + /** + * Notify Event Handler + * + * @param unknown_type $event + * @access public + */ + function notify($event) { + + $this->m = $event['message']; + + switch ($event['event_type']) { + case "user.set_temp_passkey": + $this->setTempPasskey(); + break; + case "user.reset_password": + $this->resetPassword(); + break; + } + + return; + } + + function setTempPasskey() { + + $u = new owa_user; + $u->getUserByEmail($this->m['email_address']); + $u->temp_passkey = md5($u->user_id.time().rand()); + $status = $u->update(); + + // Create mail msg template + if ($status == true): + + $msg = new owa_template(); + + $msg->set_template('password_reset_request_email.tpl'); + $msg->set('key', $u->temp_passkey); + $email = $msg->fetch(); + + //send mail + + mail($u->email_address, + "Request for Password Reset", + $email); + + $this->e->debug('sending password reset request mail to: '.$u->email_address); + endif; + + return; + + } + + function resetPassword() { + + $u = new owa_user; + $u->getUserByTempPasskey($this->m['key']); + $u->temp_passkey = ''; + $u->password = $this->m['password']; + $status = $u->update(); + + if ($status == true): + + $msg = new owa_template(); + + $msg->set_template('password_reset_email.tpl'); + $msg->set('ip', $this->m['ip']); + $email = $msg->fetch(); + + //send mail + + mail($u->email_address, + "Password Reset", + $email); + + $this->e->debug('sending password reset mail to: '.$u->email_address); + endif; + + + return; + } +} + +?> diff --git a/plugins/install/mysql/owa_install_base.php b/plugins/install/mysql/owa_install_base.php index 406cc2beb..7f542712d 100644 --- a/plugins/install/mysql/owa_install_base.php +++ b/plugins/install/mysql/owa_install_base.php @@ -89,7 +89,8 @@ function owa_install_base() { $this->config['visitors_table'], $this->config['impressions_table'], $this->config['clicks_table'], - $this->config['exits_table'] + $this->config['exits_table'], + $this->config['users_table'] ); return; } @@ -166,6 +167,9 @@ function create($table) { case $this->config['exits_table']: return $this->create_exits_table(); break; + case $this->config['users_table']: + return $this->create_users_table(); + break; } @@ -466,6 +470,7 @@ function create_referers_table() { } + function create_documents_table() { return $this->db->query( @@ -482,18 +487,22 @@ function create_documents_table() { } - function create_exits_table() { + function create_users_table() { return $this->db->query( sprintf(" CREATE TABLE %1\$s ( - id BIGINT, - url varchar(255), - page_title varchar(255), - page_type varchar(255), - PRIMARY KEY (id) + user_id varchar(255), + password VARCHAR(255), + role VARCHAR(255), + real_name VARCHAR(255), + email_address VARCHAR(255), + temp_passkey VARCHAR(255), + creation_date BIGINT, + last_update_date BIGINT, + PRIMARY KEY (user_id) )", - $this->config['ns'].$this->config['exits_table']) + $this->config['ns'].$this->config['users_table']) ); } diff --git a/plugins/install/mysql/owa_install_update_to_1_0.php b/plugins/install/mysql/owa_install_update_to_1_0.php index b3251189e..d58ba70fe 100644 --- a/plugins/install/mysql/owa_install_update_to_1_0.php +++ b/plugins/install/mysql/owa_install_update_to_1_0.php @@ -76,7 +76,8 @@ class owa_install_update_to_1_0 extends owa_install { function owa_install_update_to_1_0() { $this->owa_install(); $this->tables = array( $this->config['impressions_table'], - $this->config['clicks_table'] + $this->config['clicks_table'], + $this->config['users_table'] ); return; } @@ -119,6 +120,10 @@ function create($table) { return $this->create_impressions_table(); break; + case $this->config['users_table']: + return $this->create_users_table(); + break; + } return; @@ -177,6 +182,27 @@ function create_impressions_table() { } + function create_users_table() { + + return $this->db->query( + sprintf(" + CREATE TABLE %1\$s ( + user_id varchar(255), + password VARCHAR(255), + role VARCHAR(255), + real_name VARCHAR(255), + email_address VARCHAR(255), + temp_passkey VARCHAR(255), + creation_date BIGINT, + last_update_date BIGINT, + PRIMARY KEY (user_id) + )", + $this->config['ns'].$this->config['users_table']) + ); + + } + + function update_schema_version() { $check = $this->db->get_row(sprintf("SELECT value from %s where id = 'packages'", diff --git a/public/admin/install.php b/public/admin/install.php index 2420b0d48..0b93a0d76 100644 --- a/public/admin/install.php +++ b/public/admin/install.php @@ -20,6 +20,8 @@ require_once(OWA_BASE_DIR.'/owa_php.php'); require_once(OWA_BASE_DIR.'/owa_template.php'); require_once(OWA_BASE_DIR.'/owa_installer.php'); +require_once(OWA_BASE_DIR.'/owa_user.php'); +require_once(OWA_BASE_DIR.'/owa_lib.php'); /** * OWA Installation Script @@ -113,6 +115,11 @@ $page->set('page_title', 'Installation Error'); $body->set('page_h1', 'There was an Error During Installation'); break; + case "set_admin_user": + $body_tpl = 'installer_admin_user.tpl'; + $page->set('page_title', 'Administrator Account Profile Setup'); + $body->set('page_h1', 'Setup your profile by filling in the fields below.'); + break; } @@ -133,8 +140,8 @@ // Package specific msg $status_msg = $install_status; endif; - $body->set('page_h1', 'Installation Complete'); - $body_tpl = 'installer_success.tpl'; + $body->set('page_h1', 'Set Administrator User Profile'); + $body_tpl = 'installer_set_admin_user.tpl'; else: $status_msg = 'The installation failed. See error log for details.'; $body->set('page_h1', 'Installation Problem'); @@ -142,6 +149,19 @@ endif; break; + + case "set_admin_profile": + $params = owa_lib::inputFilter($_GET); + $u = new owa_user; + $u->user_id = $params['user_id']; + $u->password = md5($params['password']); + $u->real_name = $params['real_name']; + $u->email_address = $params['email_address']; + $u->role = 'admin'; + $u->save(); + $body->set('page_h1', 'Installation Complete'); + $body_tpl = 'installer_success.tpl'; + break; } // Global Template assignments diff --git a/public/admin/options.php b/public/admin/options.php index 0bb9db850..5cda073cf 100644 --- a/public/admin/options.php +++ b/public/admin/options.php @@ -21,6 +21,10 @@ require_once(OWA_BASE_DIR.'/owa_template.php'); require_once(OWA_BASE_DIR.'/owa_site.php'); require_once(OWA_BASE_DIR.'/owa_news.php'); +require_once(OWA_BASE_DIR.'/owa_lib.php'); +require_once(OWA_BASE_DIR.'/owa_user.php'); +require_once(OWA_BASE_DIR.'/owa_auth.php'); + /** * OWA Options Admin interface * @@ -33,8 +37,18 @@ * @since owa 1.0.0 */ +// Create instance of OWA $owa = new owa_php; +$auth = &owa_auth::get_instance(); + +// Clean Input arrays +if ($_POST): + $params = owa_lib::inputFilter($_POST); +else: + $params = owa_lib::inputFilter($_GET); +endif; + // Create Template Objects $page = & new owa_template; $body = & new owa_template; @@ -42,25 +56,55 @@ $body_tpl = 'options.tpl';// This is the inner template $body->set('page_title', 'OWA Options'); -switch ($_GET['owa_page']) { - - case "manage_sites": - $body_tpl = 'options_manage_sites.tpl'; - $site = new owa_site; - $sites = $site->getAllSites(); - $body->set('sites', $sites); - break; - -} +if ($params['owa_page']): + + switch ($params['owa_page']) { + + case "manage_sites": + $auth->authenticateUser('admin'); + $body_tpl = 'options_manage_sites.tpl'; + $site = new owa_site; + $sites = $site->getAllSites(); + $body->set('sites', $sites); + break; + case "user_roster": + $auth->authenticateUser('admin'); + $body_tpl = 'options_user_roster.tpl'; + $u = new owa_user; + $users = $u->getAllUsers(); + $body->set('users', $users); + break; + case "user_roster_success": + $auth->authenticateUser('admin'); + $body_tpl = 'options_user_roster.tpl'; + $u = new owa_user; + $users = $u->getAllUsers(); + $body->set('users', $users); + $body->set('status', 'User profile Saved Successfully.'); + break; + case "edit_user_profile": + $auth->authenticateUser('admin'); + $body_tpl = 'options_edit_user_profile.tpl'; + $u = new owa_user; + $u->getUserByPK($params['user_id']); + $body->set('user', get_object_vars($u)); + $body->set('roles', $auth->roles); + $body->set('page_title', 'OWA - Edit User Profile'); + $body->set('headline', 'Edit User Profile'); + break; + } -switch ($_POST['action']) { +endif; + + +switch ($params['action']) { case "add_site": $site = new owa_site; - $site->name = $_POST['name']; - $site->description = $_POST['description']; - $site->site_family = $_POST['site_family']; + $site->name = $params['name']; + $site->description = $params['description']; + $site->site_family = $params['site_family']; $site_id = $site->addNewSite(); if ($site_id != false): @@ -86,10 +130,6 @@ $owa->reset_config(); break; - -} - -switch ($_GET['action']) { case "get_tag": $status_msg = ""; @@ -101,6 +141,20 @@ $body->set('tag', $tag); break; + + case "edit_user_profile": + $u = new owa_user; + $u->getUserByPK($params['user_id']); + $u->email_address = $params['email_address']; + $u->real_name = $params['real_name']; + $u->role = $params['role']; + $u->update(); + + $t = new owa_template(); + $url = $t->make_admin_link('options.php', array('owa_page' => 'user_roster_success')); + owa_lib::redirectBrowser($url); + + break; } //Fetch latest OWA news diff --git a/public/i/user_icon_large.jpg b/public/i/user_icon_large.jpg new file mode 100644 index 000000000..0ddf2e8c1 Binary files /dev/null and b/public/i/user_icon_large.jpg differ diff --git a/public/i/user_icon_small.jpg b/public/i/user_icon_small.jpg new file mode 100644 index 000000000..b920a061c Binary files /dev/null and b/public/i/user_icon_small.jpg differ diff --git a/public/login.php b/public/login.php new file mode 100644 index 000000000..e794ebc01 --- /dev/null +++ b/public/login.php @@ -0,0 +1,189 @@ + + * @copyright Copyright © 2006 Peter Adams + * @license http://www.gnu.org/copyleft/gpl.html GPL v2.0 + * @category owa + * @package owa + * @version $Revision$ + * @since owa 1.0.0 + */ + +// Instantiate OWA +$owa = new owa_php; + +// Clean Input arrays +if ($_POST): + $params = owa_lib::inputFilter($_POST); +else: + $params = owa_lib::inputFilter($_GET); +endif; + +// Decode the redirect URL +$params['go'] = urldecode($params['go']); + + +// page controllers + +if (!empty($params['page'])): + + $page = & new owa_template($params); + $page->set_template($owa->config['report_wrapper']); + $body = & new owa_template($params); + + switch ($params['page']) { + + case "login": + $params['user_id'] = $_COOKIE['u']; + $body->set_template('login_form.tpl');// This is the inner template + $body->set('headline', 'Please login using the from below'); + $body->set('u', $_COOKIE['u']); + + if (!empty($params['go'])): + + $body->set('go', $params['go']); + else: + $body->set('go', $page->config['home_url']); + endif; + + $body->set('status_msg', ''); + + break; + + case "bad_pass": + $params['user_id'] = $_COOKIE['u']; + $body->set_template('login_form.tpl');// This is the inner template + $body->set('headline', 'Login Failed'); + $body->set('u', $_COOKIE['u']); + + if (!empty($params['go'])): + + $body->set('go', $params['go']); + else: + $body->set('go', $page->config['home_url']); + endif; + + $body->set('status_msg', 'Your Password or user name was not correct.'); + + break; + + case "not_priviledged": + print "you are not priviledege to access the requested resource."; + break; + case "request_new_password": + $body->set_template('request_password_form.tpl');// This is the inner template + $body->set('headline', 'Type in the email addressthat you registered with'); + $body->set('u', $_COOKIE['u']); + break; + case "request_new_password_success": + $body->set_template('status.tpl');// This is the inner template + $body->set('headline', 'Almost done!'); + $body->set('status_msg', 'An e-mail has been sent to your address with further instructions.'); + break; + case "request_new_password_error": + $body->set_template('error.tpl');// This is the inner template + $body->set('page_h1', 'Houston, we have a problem...'); + $body->set('error_msg', 'The e-mail address that you entered was not found in our database.'); + break; + case "reset_password": + + $auth = & owa_auth::get_instance(); + $status = $auth->authenticateUserTempPasskey($params['k']); + + $body->set_template('reset_password_form.tpl');// This is the inner template + $body->set('headline', 'Choose a new password...'); + $body->set('key', $params['k']); + $body->set('status_msg', ''); + break; + case "reset_password_success": + $body->set_template('status.tpl');// This is the inner template + $body->set('page_h1', 'Success!'); + $body->set('status_msg', 'Your Password has been changed.'); + break; + + } + + $page->set('content', $body); + echo $page->fetch(); + +endif; + + +// Action controllers +if (!empty($params['action'])): + + switch ($params['action']) { + + case "auth": + $owa->e->debug('performing authentication'); + $auth = &owa_auth::get_instance(); + $status = $auth->authenticateNewBrowser($params['user_id'], $params['password']); + + if ($status == true): + $url = $params['go']; + else: + $url = $_SERVER['PHP_SELF'].'?page=bad_pass&'.$params['go']; + endif; + break; + case "request_new_password": + $auth = &owa_auth::get_instance(); + $status = $auth->setTempPasskey($params['email_address']); + + if ($status == true): + $url = $_SERVER['PHP_SELF'].'?page=request_new_password_success'; + else: + $url = $_SERVER['PHP_SELF'].'?page=request_new_password_error'; + endif; + break; + case "reset_password": + $auth = & owa_auth::get_instance(); + $status = $auth->authenticateUserTempPasskey($params['k']); + + //check to see if psswords match + + // log to event queue + if ($status == true): + $eq = & eventQueue::get_instance(); + $new_password = array('key' => $params['k'], 'password' => $auth->encryptPassword($params['password']), 'ip' => $_SERVER['REMOTE_ADDR']); + $eq->log($new_password, 'user.reset_password'); + + $url = $_SERVER['PHP_SELF'].'?page=reset_password_success'; + + endif; + + break; + + } + // 301 redirect to URL + header ('Location: '.$url); + header ('HTTP/1.0 301 Moved Permanently'); + return; + +endif; + +?> diff --git a/public/reports/click_report.php b/public/reports/click_report.php index f2ffc0ef9..6ba61d2a6 100644 --- a/public/reports/click_report.php +++ b/public/reports/click_report.php @@ -17,6 +17,7 @@ // require_once(OWA_BASE_DIR.'/owa_report.php'); +require_once(OWA_BASE_DIR.'/owa_auth.php'); /** * Document Report @@ -30,6 +31,9 @@ * @since owa 1.0.0 */ +$auth = &owa_auth::get_instance(); +$auth->authenticateUser('viewer'); + $report = new owa_report; // Setup the templates diff --git a/public/reports/content_report.php b/public/reports/content_report.php index 7f72dd8e1..32285f8d5 100644 --- a/public/reports/content_report.php +++ b/public/reports/content_report.php @@ -17,6 +17,7 @@ // require_once(OWA_BASE_DIR.'/owa_report.php'); +require_once(OWA_BASE_DIR.'/owa_auth.php'); /** * Content Report @@ -30,7 +31,11 @@ * @since owa 1.0.0 */ +$auth = &owa_auth::get_instance(); +$auth->authenticateUser('viewer'); + $report = new owa_report; +$report->authenticateUser('viewer'); // Setup the templates diff --git a/public/reports/dashboard_report.php b/public/reports/dashboard_report.php index dfae4d3f3..2b0d84fcb 100644 --- a/public/reports/dashboard_report.php +++ b/public/reports/dashboard_report.php @@ -18,17 +18,25 @@ require_once(OWA_BASE_DIR.'/owa_report.php'); require_once(OWA_BASE_DIR.'/owa_news.php'); +require_once(OWA_BASE_DIR.'/owa_auth.php'); + +/** + * Dashboard Report + * + * @author Peter Adams + * @copyright Copyright © 2006 Peter Adams + * @license http://www.gnu.org/copyleft/gpl.html GPL v2.0 + * @category owa + * @package owa + * @version $Revision$ + * @since owa 1.0.0 + */ + +$auth = &owa_auth::get_instance(); +$auth->authenticateUser('viewer'); $report = new owa_report; -// Set the reporting period -/* -if (!empty($report->params['period'])): - $report->set_period($report->params['period']); -else: - $report->set_period('today'); -endif; - */ // Setup the templates $body = & new owa_template($report->params); diff --git a/public/reports/document_report.php b/public/reports/document_report.php index 8f7f55183..3f4789270 100644 --- a/public/reports/document_report.php +++ b/public/reports/document_report.php @@ -17,6 +17,7 @@ // require_once(OWA_BASE_DIR.'/owa_report.php'); +require_once(OWA_BASE_DIR.'/owa_auth.php'); /** * Document Report @@ -30,6 +31,9 @@ * @since owa 1.0.0 */ +$auth = &owa_auth::get_instance(); +$auth->authenticateUser('viewer'); + $report = new owa_report; // Setup the templates diff --git a/public/reports/feeds_report.php b/public/reports/feeds_report.php index dbb08bb08..d73649355 100644 --- a/public/reports/feeds_report.php +++ b/public/reports/feeds_report.php @@ -17,6 +17,7 @@ // require_once(OWA_BASE_DIR.'/owa_report.php'); +require_once(OWA_BASE_DIR.'/owa_auth.php'); /** * Feeds Report @@ -30,6 +31,9 @@ * @since owa 1.0.0 */ +$auth = &owa_auth::get_instance(); +$auth->authenticateUser('viewer'); + $report = new owa_report; // Setup the templates diff --git a/public/reports/index.php b/public/reports/index.php index 7a7681f6b..00b4d8999 100644 --- a/public/reports/index.php +++ b/public/reports/index.php @@ -18,7 +18,8 @@ include_once '../set_env.php'; include_once OWA_BASE_DIR.'/owa_php.php'; - +include_once OWA_BASE_DIR.'/owa_lib.php'; +include_once OWA_BASE_DIR.'/owa_auth.php'; /** * Generic Report Controler * @@ -32,7 +33,8 @@ */ //$config['report_wrapper'] = ''; -$owa = new owa($config); +$owa = new owa($config); include_once($owa->config['reporting_dir'].$_GET['page']); + ?> \ No newline at end of file diff --git a/public/reports/session_report.php b/public/reports/session_report.php index ba27e5ad2..4fc3c7b6e 100644 --- a/public/reports/session_report.php +++ b/public/reports/session_report.php @@ -17,6 +17,7 @@ // require_once(OWA_BASE_DIR.'/owa_report.php'); +require_once(OWA_BASE_DIR.'/owa_auth.php'); /** * Session Report @@ -30,6 +31,9 @@ * @since owa 1.0.0 */ +$auth = &owa_auth::get_instance(); +$auth->authenticateUser('viewer'); + $report = new owa_report; // Setup the templates diff --git a/public/reports/traffic_report.php b/public/reports/traffic_report.php index 2d7e64c41..8a72fa8cc 100644 --- a/public/reports/traffic_report.php +++ b/public/reports/traffic_report.php @@ -17,6 +17,7 @@ // require_once(OWA_BASE_DIR.'/owa_report.php'); +require_once(OWA_BASE_DIR.'/owa_auth.php'); /** * Traffic Report @@ -30,6 +31,9 @@ * @since owa 1.0.0 */ +$auth = &owa_auth::get_instance(); +$auth->authenticateUser('viewer'); + $report = new owa_report; // Setup the templates diff --git a/public/reports/visitor_report.php b/public/reports/visitor_report.php index cd56cbc93..961dc1a55 100644 --- a/public/reports/visitor_report.php +++ b/public/reports/visitor_report.php @@ -17,6 +17,7 @@ // require_once(OWA_BASE_DIR.'/owa_report.php'); +require_once(OWA_BASE_DIR.'/owa_auth.php'); /** * Visitor Report @@ -30,6 +31,9 @@ * @since owa 1.0.0 */ +$auth = &owa_auth::get_instance(); +$auth->authenticateUser('viewer'); + $report = new owa_report; // Setup the templates diff --git a/public/reports/visitors_report.php b/public/reports/visitors_report.php index 1549c8198..7128d7537 100644 --- a/public/reports/visitors_report.php +++ b/public/reports/visitors_report.php @@ -17,6 +17,7 @@ // require_once(OWA_BASE_DIR.'/owa_report.php'); +require_once(OWA_BASE_DIR.'/owa_auth.php'); /** * Visitors Report @@ -30,6 +31,9 @@ * @since owa 1.0.0 */ +$auth = &owa_auth::get_instance(); +$auth->authenticateUser('viewer'); + $report = new owa_report; // Setup the templates diff --git a/templates/css.tpl b/templates/css.tpl index 21afe1c3e..31d9d2822 100644 --- a/templates/css.tpl +++ b/templates/css.tpl @@ -74,6 +74,8 @@ fieldset{margin: 7px;} .owa_banner {background-color: #cccccc; padding:4px; font-weight:bold;} .visible {display:;} .invisible {display:none;} +.status {color: #ffffff; border: 2px solid #000000; padding: 5px; background-color: green; font-size: 14px; font-weight:bold;} + #admin_nav{font-size:12px;} #keywords{width:400px;} diff --git a/templates/error.tpl b/templates/error.tpl index 615357eac..2b5e7c9a4 100644 --- a/templates/error.tpl +++ b/templates/error.tpl @@ -1,8 +1,8 @@

-

- +
+
diff --git a/templates/installer_set_admin_user.tpl b/templates/installer_set_admin_user.tpl new file mode 100644 index 000000000..e4744766f --- /dev/null +++ b/templates/installer_set_admin_user.tpl @@ -0,0 +1,51 @@ + + +

+ +
+ +
+ +
+ +
+ Set your the Admin User Profile for your Installation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
User Name
Password
Password
Real Name
Email Address
+ +
+ +
+ +
+ \ No newline at end of file diff --git a/templates/login_form.tpl b/templates/login_form.tpl new file mode 100644 index 000000000..28fd23712 --- /dev/null +++ b/templates/login_form.tpl @@ -0,0 +1,43 @@ + + +

+ +
+ +
+ +
+ +
+ Login + + + + + + + + + + + + + + + + + + + + +
User Name
Password
+ + +
+ Forgot your password? +
+ +
+ +
+ \ No newline at end of file diff --git a/templates/options.tpl b/templates/options.tpl index a24505fe8..3cdf5e018 100644 --- a/templates/options.tpl +++ b/templates/options.tpl @@ -8,6 +8,8 @@ diff --git a/templates/options_edit_user_profile.tpl b/templates/options_edit_user_profile.tpl new file mode 100644 index 000000000..74e49e59b --- /dev/null +++ b/templates/options_edit_user_profile.tpl @@ -0,0 +1,46 @@ + + + + + +
+ +OWA User Accounts + + + + + + + + + + + + + + + + + + + + + + + +
UserRoleE-mail AddressOptions
+ + + + Delete user?
+ + + +
+ +
diff --git a/templates/options_user_roster.tpl b/templates/options_user_roster.tpl new file mode 100644 index 000000000..d247ea201 --- /dev/null +++ b/templates/options_user_roster.tpl @@ -0,0 +1,33 @@ + + + + +
+ + + +
+ +OWA User Accounts + + + + + + + + + + $value):?> + + + + + + + + + +
UserRoleLast UpdatedOptions
Edit
+ +
diff --git a/templates/password_reset_email.tpl b/templates/password_reset_email.tpl new file mode 100644 index 000000000..1669c592f --- /dev/null +++ b/templates/password_reset_email.tpl @@ -0,0 +1 @@ +Your OWA password was successfully changed on from IP address . diff --git a/templates/password_reset_request_email.tpl b/templates/password_reset_request_email.tpl new file mode 100644 index 000000000..6121e51b0 --- /dev/null +++ b/templates/password_reset_request_email.tpl @@ -0,0 +1,6 @@ +Someone, hopefully you, has requested a reset of their OWA password. + +If this message was generated in error, please disregard. If not, please click on the link below +to complete the process. + +config['public_url'].'/login.php?page=reset_password&k='.$key;?> \ No newline at end of file diff --git a/templates/request_password_form.tpl b/templates/request_password_form.tpl new file mode 100644 index 000000000..df42d8e51 --- /dev/null +++ b/templates/request_password_form.tpl @@ -0,0 +1,32 @@ + + +

+ +
+ +
+ +
+ +
+ Login + + + + + + + + + + + +
E-mail Address
+ + +
+ +
+ +
+ \ No newline at end of file diff --git a/templates/reset_password_form.tpl b/templates/reset_password_form.tpl new file mode 100644 index 000000000..25f74bf2a --- /dev/null +++ b/templates/reset_password_form.tpl @@ -0,0 +1,39 @@ + + +

+ +
+ +
+ +
+ +
+ Login + + + + + + + + + + + + + + + + + + +
New Password
Re-type your Password
+ + +
+ +
+ +
+ \ No newline at end of file diff --git a/templates/status.tpl b/templates/status.tpl new file mode 100644 index 000000000..7ba8d9405 --- /dev/null +++ b/templates/status.tpl @@ -0,0 +1,9 @@ +

+

+

+

+ +
+ + + \ No newline at end of file diff --git a/wp_plugin.php b/wp_plugin.php index 7025846ac..efdd63e87 100644 --- a/wp_plugin.php +++ b/wp_plugin.php @@ -41,6 +41,7 @@ $owa_config['action_url'] = get_bloginfo('url').'/index.php'; $owa_config['inter_report_link_template'] = '%s/%s&%s'; $owa_config['inter_admin_link_template'] = '%s/%s&%s'; +$owa_config['authentication'] = 'none'; // Needed to avoid a fetch of configuration from db during installation if (($_GET['action'] == 'activate') && ($_GET['plugin'] == 'owa/wp_plugin.php')):