githubFork/roundcubemail.git

			@@ -5,8 +5,11 @@
			\| program/include/rcube_user.inc \|
			\| \|
			\| This file is part of the Roundcube Webmail client \|
			\| Copyright (C) 2005-2010, The Roundcube Dev Team \|
			\| Licensed under the GNU GPL \|
			\| Copyright (C) 2005-2012, The Roundcube Dev Team \|
			\| \|
			\| Licensed under the GNU General Public License version 3 or \|
			\| any later version with exceptions for skins & plugins. \|
			\| See the README file for a full license statement. \|
			\| \|
			\| PURPOSE: \|
			\| This class represents a system user linked and provides access \|
			@@ -14,18 +17,16 @@
			\| \|
			+-----------------------------------------------------------------------+
			\| Author: Thomas Bruederli <roundcube@gmail.com> \|
			\| Author: Aleksander Machniak <alec@alec.pl> \|
			+-----------------------------------------------------------------------+

			$Id$

			*/


			/**
			* Class representing a system user
			*
			* @package Core
			* @author Thomas Bruederli <roundcube@gmail.com>
			* @package Framework
			* @subpackage Core
			*/
			class rcube_user
			{
			@@ -36,17 +37,26 @@
			/**
			* Holds database connection.
			*
			* @var rcube_mdb2
			* @var rcube_db
			*/
			private $db;

			/**
			* rcmail object.
			* Framework object.
			*
			* @var rcmail
			* @var rcube
			*/
			private $rc;

			/**
			* Internal identities cache
			*
			* @var array
			*/
			private $identities = array();

			const SEARCH_ADDRESSBOOK = 1;
			const SEARCH_MAIL = 2;

			/**
			* Object constructor
			@@ -56,12 +66,12 @@
			*/
			function __construct($id = null, $sql_arr = null)
			{
			$this->rc = rcmail::get_instance();
			$this->rc = rcube::get_instance();
			$this->db = $this->rc->get_dbh();

			if ($id && !$sql_arr) {
			$sql_result = $this->db->query(
			"SELECT * FROM ".get_table_name('users')." WHERE user_id = ?", $id);
			"SELECT * FROM ".$this->db->table_name('users')." WHERE user_id = ?", $id);
			$sql_arr = $this->db->fetch_assoc($sql_result);
			}

			@@ -122,9 +132,9 @@
			if (!empty($_SESSION['preferences'])) {
			// Check last write attempt time, try to write again (every 5 minutes)
			if ($_SESSION['preferences_time'] < time() - 5 * 60) {
			$saved_prefs = unserialize($_SESSION['preferences']);
			$saved_prefs = unserialize($_SESSION['preferences']);
			$this->rc->session->remove('preferences');
			$this->rc->session->remove('preferences_time');
			$this->rc->session->remove('preferences_time');
			$this->save_prefs($saved_prefs);
			}
			else {
			@@ -168,7 +178,7 @@
			$save_prefs = serialize($save_prefs);

			$this->db->query(
			"UPDATE ".get_table_name('users').
			"UPDATE ".$this->db->table_name('users').
			" SET preferences = ?".
			", language = ?".
			" WHERE user_id = ?",
			@@ -211,8 +221,14 @@
			*/
			function get_identity($id = null)
			{
			$result = $this->list_identities($id ? sprintf('AND identity_id = %d', $id) : '');
			return $result[0];
			$id = (int)$id;
			// cache identities for better performance
			if (!array_key_exists($id, $this->identities)) {
			$result = $this->list_identities($id ? 'AND identity_id = ' . $id : '');
			$this->identities[$id] = $result[0];
			}

			return $this->identities[$id];
			}


			@@ -227,7 +243,7 @@
			$result = array();

			$sql_result = $this->db->query(
			"SELECT * FROM ".get_table_name('identities').
			"SELECT * FROM ".$this->db->table_name('identities').
			" WHERE del <> 1 AND user_id = ?".
			($sql_add ? " ".$sql_add : "").
			" ORDER BY ".$this->db->quoteIdentifier('standard')." DESC, name ASC, identity_id ASC",
			@@ -262,7 +278,7 @@
			$query_params[] = $iid;
			$query_params[] = $this->ID;

			$sql = "UPDATE ".get_table_name('identities').
			$sql = "UPDATE ".$this->db->table_name('identities').
			" SET changed = ".$this->db->now().", ".join(', ', $query_cols).
			" WHERE identity_id = ?".
			" AND user_id = ?".
			@@ -270,6 +286,8 @@

			call_user_func_array(array($this->db, 'query'),
			array_merge(array($sql), $query_params));

			$this->identities = array();

			return $this->db->affected_rows();
			}
			@@ -296,12 +314,14 @@
			$insert_cols[] = 'user_id';
			$insert_values[] = $this->ID;

			$sql = "INSERT INTO ".get_table_name('identities').
			$sql = "INSERT INTO ".$this->db->table_name('identities').
			" (changed, ".join(', ', $insert_cols).")".
			" VALUES (".$this->db->now().", ".join(', ', array_pad(array(), sizeof($insert_values), '?')).")";

			call_user_func_array(array($this->db, 'query'),
			array_merge(array($sql), $insert_values));

			$this->identities = array();

			return $this->db->insert_id('identities');
			}
			@@ -319,7 +339,7 @@
			return false;

			$sql_result = $this->db->query(
			"SELECT count(*) AS ident_count FROM ".get_table_name('identities').
			"SELECT count(*) AS ident_count FROM ".$this->db->table_name('identities').
			" WHERE user_id = ? AND del <> 1",
			$this->ID);

			@@ -330,12 +350,14 @@
			return -1;

			$this->db->query(
			"UPDATE ".get_table_name('identities').
			"UPDATE ".$this->db->table_name('identities').
			" SET del = 1, changed = ".$this->db->now().
			" WHERE user_id = ?".
			" AND identity_id = ?",
			$this->ID,
			$iid);

			$this->identities = array();

			return $this->db->affected_rows();
			}
			@@ -350,13 +372,15 @@
			{
			if ($this->ID && $iid) {
			$this->db->query(
			"UPDATE ".get_table_name('identities').
			"UPDATE ".$this->db->table_name('identities').
			" SET ".$this->db->quoteIdentifier('standard')." = '0'".
			" WHERE user_id = ?".
			" AND identity_id <> ?".
			" AND del <> 1",
			$this->ID,
			$iid);

			unset($this->identities[0]);
			}
			}

			@@ -368,7 +392,7 @@
			{
			if ($this->ID) {
			$this->db->query(
			"UPDATE ".get_table_name('users').
			"UPDATE ".$this->db->table_name('users').
			" SET last_login = ".$this->db->now().
			" WHERE user_id = ?",
			$this->ID);
			@@ -395,18 +419,22 @@
			*/
			static function query($user, $host)
			{
			$dbh = rcmail::get_instance()->get_dbh();

			// use BINARY (case-sensitive) comparison on MySQL, other engines are case-sensitive
			$mod = preg_match('/^mysql/', $dbh->db_provider) ? 'BINARY' : '';
			$dbh = rcube::get_instance()->get_dbh();
			$config = rcube::get_instance()->config;

			// query for matching user name
			$query = "SELECT * FROM ".get_table_name('users')." WHERE mail_host = ? AND %s = $mod ?";
			$sql_result = $dbh->query(sprintf($query, 'username'), $host, $user);
			$sql_result = $dbh->query("SELECT * FROM " . $dbh->table_name('users')
			." WHERE mail_host = ? AND username = ?", $host, $user);

			// query for matching alias
			if (!($sql_arr = $dbh->fetch_assoc($sql_result))) {
			$sql_result = $dbh->query(sprintf($query, 'alias'), $host, $user);
			$sql_arr = $dbh->fetch_assoc($sql_result);

			// username not found, try aliases from identities
			if (empty($sql_arr) && $config->get('user_aliases') && strpos($user, '@')) {
			$sql_result = $dbh->limitquery("SELECT u.*"
			." FROM " . $dbh->table_name('users') . " u"
			." JOIN " . $dbh->table_name('identities') . " i ON (i.user_id = u.user_id)"
			." WHERE email = ? AND del <> 1", 0, 1, $user);

			$sql_arr = $dbh->fetch_assoc($sql_result);
			}

			@@ -429,83 +457,99 @@
			{
			$user_name = '';
			$user_email = '';
			$rcmail = rcmail::get_instance();
			$rcube = rcube::get_instance();
			$dbh = $rcube->get_dbh();

			// try to resolve user in virtuser table and file
			if ($email_list = self::user2email($user, false, true)) {
			$user_email = is_array($email_list[0]) ? $email_list[0]['email'] : $email_list[0];
			}

			$data = $rcmail->plugins->exec_hook('user_create',
			array('user'=>$user, 'user_name'=>$user_name, 'user_email'=>$user_email));
			$data = $rcube->plugins->exec_hook('user_create', array(
			'host' => $host,
			'user' => $user,
			'user_name' => $user_name,
			'user_email' => $user_email,
			'email_list' => $email_list,
			'language' => $_SESSION['language'],
			));

			// plugin aborted this operation
			if ($data['abort'])
			if ($data['abort']) {
			return false;

			$user_name = $data['user_name'];
			$user_email = $data['user_email'];

			$dbh = $rcmail->get_dbh();
			}

			$dbh->query(
			"INSERT INTO ".get_table_name('users').
			" (created, last_login, username, mail_host, alias, language)".
			" VALUES (".$dbh->now().", ".$dbh->now().", ?, ?, ?, ?)",
			strip_newlines($user),
			strip_newlines($host),
			strip_newlines($data['alias'] ? $data['alias'] : $user_email),
			strip_newlines($data['language'] ? $data['language'] : $_SESSION['language']));
			"INSERT INTO ".$dbh->table_name('users').
			" (created, last_login, username, mail_host, language)".
			" VALUES (".$dbh->now().", ".$dbh->now().", ?, ?, ?)",
			strip_newlines($data['user']),
			strip_newlines($data['host']),
			strip_newlines($data['language']));

			if ($user_id = $dbh->insert_id('users')) {
			// create rcube_user instance to make plugin hooks work
			$user_instance = new rcube_user($user_id);
			$rcmail->user = $user_instance;
			$user_instance = new rcube_user($user_id, array(
			'user_id' => $user_id,
			'username' => $data['user'],
			'mail_host' => $data['host'],
			'language' => $data['language'],
			));
			$rcube->user = $user_instance;
			$mail_domain = $rcube->config->mail_domain($data['host']);
			$user_name = $data['user_name'];
			$user_email = $data['user_email'];
			$email_list = $data['email_list'];

			$mail_domain = $rcmail->config->mail_domain($host);

			if ($user_email == '') {
			$user_email = strpos($user, '@') ? $user : sprintf('%s@%s', $user, $mail_domain);
			}
			if ($user_name == '') {
			$user_name = $user != $user_email ? $user : '';
			}

			if (empty($email_list))
			if (empty($email_list)) {
			if (empty($user_email)) {
			$user_email = strpos($data['user'], '@') ? $user : sprintf('%s@%s', $data['user'], $mail_domain);
			}
			$email_list[] = strip_newlines($user_email);
			}
			// identities_level check
			else if (count($email_list) > 1 && $rcmail->config->get('identities_level', 0) > 1)
			else if (count($email_list) > 1 && $rcube->config->get('identities_level', 0) > 1) {
			$email_list = array($email_list[0]);
			}

			if (empty($user_name)) {
			$user_name = $data['user'];
			}

			// create new identities records
			$standard = 1;
			foreach ($email_list as $row) {
			$record = array();
			$record = array();

			if (is_array($row)) {
			$record = $row;
			if (empty($row['email'])) {
			continue;
			}
			$record = $row;
			}
			else {
			$record['email'] = $row;
			}

			if (empty($record['name']))
			$record['name'] = $user_name;
			$record['name'] = strip_newlines($record['name']);
			$record['user_id'] = $user_id;
			if (empty($record['name'])) {
			$record['name'] = $user_name != $record['email'] ? $user_name : '';
			}

			$record['name'] = strip_newlines($record['name']);
			$record['user_id'] = $user_id;
			$record['standard'] = $standard;

			$plugin = $rcmail->plugins->exec_hook('identity_create',
			array('login' => true, 'record' => $record));
			$plugin = $rcube->plugins->exec_hook('identity_create',
			array('login' => true, 'record' => $record));

			if (!$plugin['abort'] && $plugin['record']['email']) {
			$rcmail->user->insert_identity($plugin['record']);
			$rcube->user->insert_identity($plugin['record']);
			}
			$standard = 0;
			}
			}
			else {
			raise_error(array(
			rcube::raise_error(array(
			'code' => 500,
			'type' => 'php',
			'line' => __LINE__,
			@@ -525,8 +569,8 @@
			*/
			static function email2user($email)
			{
			$rcmail = rcmail::get_instance();
			$plugin = $rcmail->plugins->exec_hook('email2user',
			$rcube = rcube::get_instance();
			$plugin = $rcube->plugins->exec_hook('email2user',
			array('email' => $email, 'user' => NULL));

			return $plugin['user'];
			@@ -543,12 +587,137 @@
			*/
			static function user2email($user, $first=true, $extended=false)
			{
			$rcmail = rcmail::get_instance();
			$plugin = $rcmail->plugins->exec_hook('user2email',
			$rcube = rcube::get_instance();
			$plugin = $rcube->plugins->exec_hook('user2email',
			array('email' => NULL, 'user' => $user,
			'first' => $first, 'extended' => $extended));

			return empty($plugin['email']) ? NULL : $plugin['email'];
			}


			/**
			* Return a list of saved searches linked with this user
			*
			* @param int $type Search type
			*
			* @return array List of saved searches indexed by search ID
			*/
			function list_searches($type)
			{
			$plugin = $this->rc->plugins->exec_hook('saved_search_list', array('type' => $type));

			if ($plugin['abort']) {
			return (array) $plugin['result'];
			}

			$result = array();

			$sql_result = $this->db->query(
			"SELECT search_id AS id, ".$this->db->quoteIdentifier('name')
			." FROM ".$this->db->table_name('searches')
			." WHERE user_id = ?"
			." AND ".$this->db->quoteIdentifier('type')." = ?"
			." ORDER BY ".$this->db->quoteIdentifier('name'),
			(int) $this->ID, (int) $type);

			while ($sql_arr = $this->db->fetch_assoc($sql_result)) {
			$sql_arr['data'] = unserialize($sql_arr['data']);
			$result[$sql_arr['id']] = $sql_arr;
			}

			return $result;
			}


			/**
			* Return saved search data.
			*
			* @param int $id Row identifier
			*
			* @return array Data
			*/
			function get_search($id)
			{
			$plugin = $this->rc->plugins->exec_hook('saved_search_get', array('id' => $id));

			if ($plugin['abort']) {
			return $plugin['result'];
			}

			$sql_result = $this->db->query(
			"SELECT ".$this->db->quoteIdentifier('name')
			.", ".$this->db->quoteIdentifier('data')
			.", ".$this->db->quoteIdentifier('type')
			." FROM ".$this->db->table_name('searches')
			." WHERE user_id = ?"
			." AND search_id = ?",
			(int) $this->ID, (int) $id);

			while ($sql_arr = $this->db->fetch_assoc($sql_result)) {
			return array(
			'id' => $id,
			'name' => $sql_arr['name'],
			'type' => $sql_arr['type'],
			'data' => unserialize($sql_arr['data']),
			);
			}

			return null;
			}


			/**
			* Deletes given saved search record
			*
			* @param int $sid Search ID
			*
			* @return boolean True if deleted successfully, false if nothing changed
			*/
			function delete_search($sid)
			{
			if (!$this->ID)
			return false;

			$this->db->query(
			"DELETE FROM ".$this->db->table_name('searches')
			." WHERE user_id = ?"
			." AND search_id = ?",
			(int) $this->ID, $sid);

			return $this->db->affected_rows();
			}


			/**
			* Create a new saved search record linked with this user
			*
			* @param array $data Hash array with col->value pairs to save
			*
			* @return int The inserted search ID or false on error
			*/
			function insert_search($data)
			{
			if (!$this->ID)
			return false;

			$insert_cols[] = 'user_id';
			$insert_values[] = (int) $this->ID;
			$insert_cols[] = $this->db->quoteIdentifier('type');
			$insert_values[] = (int) $data['type'];
			$insert_cols[] = $this->db->quoteIdentifier('name');
			$insert_values[] = $data['name'];
			$insert_cols[] = $this->db->quoteIdentifier('data');
			$insert_values[] = serialize($data['data']);

			$sql = "INSERT INTO ".$this->db->table_name('searches')
			." (".join(', ', $insert_cols).")"
			." VALUES (".join(', ', array_pad(array(), sizeof($insert_values), '?')).")";

			call_user_func_array(array($this->db, 'query'),
			array_merge(array($sql), $insert_values));

			return $this->db->insert_id('searches');
			}

			}