user.pm

codestriker is a develop useful tool to review code on web user interface.

###############################################################################
# Codestriker: Copyright (c) 2001, 2002 David Sitsky.  All rights reserved.
# sits@users.sourceforge.net
#
# This program is free software; you can redistribute it and modify it under
# the terms of the GPL.

# Model object for handling user data.

package Codestriker::Model::User;

use strict;

use Codestriker::DB::DBI;

# Create a User object from an existing record in the database.
sub new {
    my ($class, $email) = @_;
    my $self = {};

    $self->{email} = $email;

    # Retrieve the specific user record.
    my $dbh = Codestriker::DB::DBI->get_connection();
    eval {
        my $select_user =
          $dbh->prepare_cached('SELECT password_hash, challenge, admin ' .
                               'FROM usertable ' .
                               'WHERE email = ?');
        $select_user->execute($email);

        my ($password_hash, $challenge, $admin) = $select_user->fetchrow_array();
        $select_user->finish();

        $self->{password_hash} = $password_hash;
        $self->{challenge} = $challenge;
        $self->{admin} = $admin;
    };
    my $success = $@ ? 0 : 1;

    Codestriker::DB::DBI->release_connection($dbh, $success);
    die $dbh->errstr unless $success;

    # Return the user record found.
    bless $self, $class;
    return $self;
}

# Determine if the specific user already exists.
sub exists {
    my ($type, $email) = @_;

    # Obtain a database connection.
    my $dbh = Codestriker::DB::DBI->get_connection();

    my $count = 0;
    eval {
        my $select_email =
          $dbh->prepare_cached('SELECT COUNT(*) FROM usertable ' .
                               'WHERE email = ?');
        $select_email->execute($email);
        ($count) = $select_email->fetchrow_array();
        $select_email->finish();
    };
    my $success = $@ ? 0 : 1;

    Codestriker::DB::DBI->release_connection($dbh, $success);
    die $dbh->errstr unless $success;

    return $count;
}

# Checks if the specified password matches this user record.
sub check_password {
    my ($self, $password) = @_;

    return crypt($password, $self->{password_hash}) eq $self->{password_hash};
}

# Update an existing user record with a new password.
sub update_password {
    my ($self, $new_password) = @_;

    $self->update_password_hash(_hash_password($new_password));
}

# Update an existing user record with a new password_hash.
sub update_password_hash {
    my ($self, $password_hash) = @_;

    my $dbh = Codestriker::DB::DBI->get_connection();
    eval {
        my $update_user =
          $dbh->prepare_cached('UPDATE usertable SET password_hash = ? ' .
                               'WHERE email = ?');
        $update_user->execute($password_hash, $self->{email});
    };
    my $success = $@ ? 0 : 1;

    Codestriker::DB::DBI->release_connection($dbh, $success);
    die $dbh->errstr unless $success;

    $self->{password_hash} = $password_hash;
}

# Update an existing user record with new admin status.
sub update_admin {
    my ($self, $new_admin) = @_;

    my $dbh = Codestriker::DB::DBI->get_connection();
    eval {
        my $update_user =
          $dbh->prepare_cached('UPDATE usertable SET admin = ? ' .
                               'WHERE email = ?');
        $update_user->execute($new_admin, $self->{email});
    };
    my $success = $@ ? 0 : 1;

    Codestriker::DB::DBI->release_connection($dbh, $success);
    die $dbh->errstr unless $success;

    $self->{admin} = $new_admin;
}

# Create a new user into the database with all of the specified properties.
# Return the new challenge which has been assigned to the user.
sub create {
    my ($type, $email, $admin) = @_;

    # Obtain a database connection.
    my $dbh = Codestriker::DB::DBI->get_connection();

    # Create a random password for the new user.
    my $new_password = _create_random_password();
    my $password_hash = _hash_password($new_password);

    # Insert the row into the database.
    eval {
        my $insert_user =
          $dbh->prepare_cached('INSERT INTO usertable (email, password_hash, admin) ' .
                               'VALUES (?, ?, ?)');

        $insert_user->execute($email, $password_hash, $admin);
    };
    my $success = $@ ? 0 : 1;

    Codestriker::DB::DBI->release_connection($dbh, $success);
    die $dbh->errstr unless $success;

    # Return the password that was created.
    return $new_password;
}

# Create a challenge key into the user table for supporting the
# case where a user can update their password via a
# challenge/response protocol.
sub create_challenge {
    my ($self) = @_;

    # Obtain a database connection.
    my $dbh = Codestriker::DB::DBI->get_connection();

    # Create a random challenge for the user.
    my $new_password = _create_random_password();
    my $challenge = _hash_password($new_password);

    # Set this challenge into the user record.
    eval {
        my $challenge_update =
          $dbh->prepare_cached('UPDATE usertable ' .
                               'SET challenge = ? ' .
                               'WHERE email = ? ');
        $challenge_update->execute($challenge, $self->{email});
    };
    my $success = $@ ? 0 : 1;

    Codestriker::DB::DBI->release_connection($dbh, $success);
    die $dbh->errstr unless $success;

    return $challenge;
}

# Method for producing a hash from a password.
sub _hash_password {
    my ($password) = @_;

    # List of characters that can be used for the salt.  Exclude '.' for
    # now since that can cause issues when outputting URLs ending in a '.'.
    my @salt_characters = ( '/', 'A'..'Z', 'a'..'z', '0' ..'9' );

    # Generate the salt.  Generate an 8 character value in case we are on
    # a system which uses MD5 digests (48 bit - 6 * 8).  Older systems just
    # use the first two characters.
    my $salt = '';
    for (my $i = 0; $i < 8; $i++) {
        $salt .= $salt_characters[rand(64)];
    }

    # Crypt the password.
    my $cryptedpassword = crypt($password, $salt);

    # Return the crypted password.
    return $cryptedpassword;
 }

# Method for creating a random password consisting of alphanumeric
# characters.
sub _create_random_password {
    my @password_characters = ( 'A'..'Z', 'a'..'z', '0' ..'9' );
    return join("", map{ $password_characters[rand 62] } (1..8));
}

1;