Merge branch 'master' of github.com:roundcube/roundcubemail

Thomas Bruederli

2012-11-17 6ddb16d181e285d4f0ef0ef55bdd0ba787f1b583

 program/include/rcube_user.php

@@ -5,8 +5,11 @@
 | program/include/rcube_user.inc                                        |
 |                                                                       |
 | This file is part of the Roundcube Webmail client                     |
 | Copyright (C) 2005-2010, The Roundcube Dev Team                       |
 | Licensed under the GNU GPL                                            |
 | Copyright (C) 2005-2012, The Roundcube Dev Team                       |
 |                                                                       |
 | Licensed under the GNU General Public License version 3 or            |
 | any later version with exceptions for skins & plugins.                |
 | See the README file for a full license statement.                     |
 |                                                                       |
 | PURPOSE:                                                              |
 |   This class represents a system user linked and provides access      |
@@ -14,18 +17,16 @@
 |                                                                       |
 +-----------------------------------------------------------------------+
 | Author: Thomas Bruederli <roundcube@gmail.com>                        |
 | Author: Aleksander Machniak <alec@alec.pl>                            |
 +-----------------------------------------------------------------------+

 $Id$

*/


/**
 * Class representing a system user
 *
 * @package    Core
 * @author     Thomas Bruederli <roundcube@gmail.com>
 * @package    Framework
 * @subpackage Core
 */
class rcube_user
{
@@ -36,16 +37,23 @@
    /**
     * Holds database connection.
     *
     * @var rcube_mdb2
     * @var rcube_db
     */
    private $db;

    /**
     * rcmail object.
     * Framework object.
     *
     * @var rcmail
     * @var rcube
     */
    private $rc;

    /**
     * Internal identities cache
     *
     * @var array
     */
    private $identities = array();

    const SEARCH_ADDRESSBOOK = 1;
    const SEARCH_MAIL = 2;
@@ -58,12 +66,12 @@
     */
    function __construct($id = null, $sql_arr = null)
    {
        $this->rc = rcmail::get_instance();
        $this->rc = rcube::get_instance();
        $this->db = $this->rc->get_dbh();

        if ($id && !$sql_arr) {
            $sql_result = $this->db->query(
                "SELECT * FROM ".get_table_name('users')." WHERE user_id = ?", $id);
                "SELECT * FROM ".$this->db->table_name('users')." WHERE user_id = ?", $id);
            $sql_arr = $this->db->fetch_assoc($sql_result);
        }

@@ -124,9 +132,9 @@
            if (!empty($_SESSION['preferences'])) {
                // Check last write attempt time, try to write again (every 5 minutes)
                if ($_SESSION['preferences_time'] < time() - 5 * 60) {
          $saved_prefs = unserialize($_SESSION['preferences']);
                    $saved_prefs = unserialize($_SESSION['preferences']);
                    $this->rc->session->remove('preferences');
               $this->rc->session->remove('preferences_time');
                    $this->rc->session->remove('preferences_time');
                    $this->save_prefs($saved_prefs);
                }
                else {
@@ -170,7 +178,7 @@
        $save_prefs = serialize($save_prefs);

        $this->db->query(
            "UPDATE ".get_table_name('users').
            "UPDATE ".$this->db->table_name('users').
            " SET preferences = ?".
                ", language = ?".
            " WHERE user_id = ?",
@@ -213,8 +221,14 @@
     */
    function get_identity($id = null)
    {
        $result = $this->list_identities($id ? sprintf('AND identity_id = %d', $id) : '');
        return $result[0];
        $id = (int)$id;
        // cache identities for better performance
        if (!array_key_exists($id, $this->identities)) {
            $result = $this->list_identities($id ? 'AND identity_id = ' . $id : '');
            $this->identities[$id] = $result[0];
        }

        return $this->identities[$id];
    }


@@ -229,7 +243,7 @@
        $result = array();

        $sql_result = $this->db->query(
            "SELECT * FROM ".get_table_name('identities').
            "SELECT * FROM ".$this->db->table_name('identities').
            " WHERE del <> 1 AND user_id = ?".
            ($sql_add ? " ".$sql_add : "").
            " ORDER BY ".$this->db->quoteIdentifier('standard')." DESC, name ASC, identity_id ASC",
@@ -264,7 +278,7 @@
        $query_params[] = $iid;
        $query_params[] = $this->ID;

        $sql = "UPDATE ".get_table_name('identities').
        $sql = "UPDATE ".$this->db->table_name('identities').
            " SET changed = ".$this->db->now().", ".join(', ', $query_cols).
            " WHERE identity_id = ?".
                " AND user_id = ?".
@@ -272,6 +286,8 @@

        call_user_func_array(array($this->db, 'query'),
            array_merge(array($sql), $query_params));

        $this->identities = array();

        return $this->db->affected_rows();
    }
@@ -298,12 +314,14 @@
        $insert_cols[]   = 'user_id';
        $insert_values[] = $this->ID;

        $sql = "INSERT INTO ".get_table_name('identities').
        $sql = "INSERT INTO ".$this->db->table_name('identities').
            " (changed, ".join(', ', $insert_cols).")".
            " VALUES (".$this->db->now().", ".join(', ', array_pad(array(), sizeof($insert_values), '?')).")";

        call_user_func_array(array($this->db, 'query'),
            array_merge(array($sql), $insert_values));

        $this->identities = array();

        return $this->db->insert_id('identities');
    }
@@ -321,7 +339,7 @@
            return false;

        $sql_result = $this->db->query(
            "SELECT count(*) AS ident_count FROM ".get_table_name('identities').
            "SELECT count(*) AS ident_count FROM ".$this->db->table_name('identities').
            " WHERE user_id = ? AND del <> 1",
            $this->ID);

@@ -332,12 +350,14 @@
            return -1;

        $this->db->query(
            "UPDATE ".get_table_name('identities').
            "UPDATE ".$this->db->table_name('identities').
            " SET del = 1, changed = ".$this->db->now().
            " WHERE user_id = ?".
                " AND identity_id = ?",
            $this->ID,
            $iid);

        $this->identities = array();

        return $this->db->affected_rows();
    }
@@ -352,13 +372,15 @@
    {
        if ($this->ID && $iid) {
            $this->db->query(
                "UPDATE ".get_table_name('identities').
                "UPDATE ".$this->db->table_name('identities').
                " SET ".$this->db->quoteIdentifier('standard')." = '0'".
                " WHERE user_id = ?".
                    " AND identity_id <> ?".
                    " AND del <> 1",
                $this->ID,
                $iid);

            unset($this->identities[0]);
        }
    }

@@ -370,7 +392,7 @@
    {
        if ($this->ID) {
            $this->db->query(
                "UPDATE ".get_table_name('users').
                "UPDATE ".$this->db->table_name('users').
                " SET last_login = ".$this->db->now().
                " WHERE user_id = ?",
                $this->ID);
@@ -397,15 +419,22 @@
     */
    static function query($user, $host)
    {
        $dbh = rcmail::get_instance()->get_dbh();
        $dbh    = rcube::get_instance()->get_dbh();
        $config = rcube::get_instance()->config;

        // query for matching user name
        $query = "SELECT * FROM ".get_table_name('users')." WHERE mail_host = ? AND %s = ?";
        $sql_result = $dbh->query(sprintf($query, 'username'), $host, $user);
        $sql_result = $dbh->query("SELECT * FROM " . $dbh->table_name('users')
            ." WHERE mail_host = ? AND username = ?", $host, $user);

        // query for matching alias
        if (!($sql_arr = $dbh->fetch_assoc($sql_result))) {
            $sql_result = $dbh->query(sprintf($query, 'alias'), $host, $user);
        $sql_arr = $dbh->fetch_assoc($sql_result);

        // username not found, try aliases from identities
        if (empty($sql_arr) && $config->get('user_aliases') && strpos($user, '@')) {
            $sql_result = $dbh->limitquery("SELECT u.*"
                ." FROM " . $dbh->table_name('users') . " u"
                ." JOIN " . $dbh->table_name('identities') . " i ON (i.user_id = u.user_id)"
                ." WHERE email = ? AND del <> 1", 0, 1, $user);

            $sql_arr = $dbh->fetch_assoc($sql_result);
        }

@@ -428,83 +457,99 @@
    {
        $user_name  = '';
        $user_email = '';
        $rcmail = rcmail::get_instance();
        $rcube      = rcube::get_instance();
        $dbh        = $rcube->get_dbh();

        // try to resolve user in virtuser table and file
        if ($email_list = self::user2email($user, false, true)) {
            $user_email = is_array($email_list[0]) ? $email_list[0]['email'] : $email_list[0];
        }

        $data = $rcmail->plugins->exec_hook('user_create',
           array('user'=>$user, 'user_name'=>$user_name, 'user_email'=>$user_email, 'host'=>$host));
        $data = $rcube->plugins->exec_hook('user_create', array(
            'host'       => $host,
            'user'       => $user,
            'user_name'  => $user_name,
            'user_email' => $user_email,
            'email_list' => $email_list,
            'language'   =>  $_SESSION['language'],
        ));

        // plugin aborted this operation
        if ($data['abort'])
        if ($data['abort']) {
            return false;

        $user_name  = $data['user_name'];
        $user_email = $data['user_email'];

        $dbh = $rcmail->get_dbh();
        }

        $dbh->query(
            "INSERT INTO ".get_table_name('users').
            " (created, last_login, username, mail_host, alias, language)".
            " VALUES (".$dbh->now().", ".$dbh->now().", ?, ?, ?, ?)",
            strip_newlines($user),
            strip_newlines($host),
            strip_newlines($data['alias'] ? $data['alias'] : $user_email),
            strip_newlines($data['language'] ? $data['language'] : $_SESSION['language']));
            "INSERT INTO ".$dbh->table_name('users').
            " (created, last_login, username, mail_host, language)".
            " VALUES (".$dbh->now().", ".$dbh->now().", ?, ?, ?)",
            strip_newlines($data['user']),
            strip_newlines($data['host']),
            strip_newlines($data['language']));

        if ($user_id = $dbh->insert_id('users')) {
            // create rcube_user instance to make plugin hooks work
            $user_instance = new rcube_user($user_id);
            $rcmail->user  = $user_instance;
            $user_instance = new rcube_user($user_id, array(
                'user_id'   => $user_id,
                'username'  => $data['user'],
                'mail_host' => $data['host'],
                'language'  => $data['language'],
            ));
            $rcube->user = $user_instance;
            $mail_domain = $rcube->config->mail_domain($data['host']);
            $user_name   = $data['user_name'];
            $user_email  = $data['user_email'];
            $email_list  = $data['email_list'];

            $mail_domain = $rcmail->config->mail_domain($host);

            if ($user_email == '') {
                $user_email = strpos($user, '@') ? $user : sprintf('%s@%s', $user, $mail_domain);
            }
            if ($user_name == '') {
                $user_name = $user != $user_email ? $user : '';
            }

            if (empty($email_list))
            if (empty($email_list)) {
                if (empty($user_email)) {
                    $user_email = strpos($data['user'], '@') ? $user : sprintf('%s@%s', $data['user'], $mail_domain);
                }
                $email_list[] = strip_newlines($user_email);
            }
            // identities_level check
            else if (count($email_list) > 1 && $rcmail->config->get('identities_level', 0) > 1)
            else if (count($email_list) > 1 && $rcube->config->get('identities_level', 0) > 1) {
                $email_list = array($email_list[0]);
            }

            if (empty($user_name)) {
                $user_name = $data['user'];
            }

            // create new identities records
            $standard = 1;
            foreach ($email_list as $row) {
               $record = array();
                $record = array();

                if (is_array($row)) {
                   $record = $row;
                    if (empty($row['email'])) {
                        continue;
                    }
                    $record = $row;
                }
                else {
                    $record['email'] = $row;
                }

               if (empty($record['name']))
                   $record['name'] = $user_name;
                $record['name'] = strip_newlines($record['name']);
                $record['user_id'] = $user_id;
                if (empty($record['name'])) {
                    $record['name'] = $user_name != $record['email'] ? $user_name : '';
                }

                $record['name']     = strip_newlines($record['name']);
                $record['user_id']  = $user_id;
                $record['standard'] = $standard;

                $plugin = $rcmail->plugins->exec_hook('identity_create',
                   array('login' => true, 'record' => $record));
                $plugin = $rcube->plugins->exec_hook('identity_create',
                    array('login' => true, 'record' => $record));

                if (!$plugin['abort'] && $plugin['record']['email']) {
                    $rcmail->user->insert_identity($plugin['record']);
                    $rcube->user->insert_identity($plugin['record']);
                }
                $standard = 0;
            }
        }
        else {
            raise_error(array(
            rcube::raise_error(array(
                'code' => 500,
                'type' => 'php',
                'line' => __LINE__,
@@ -524,8 +569,8 @@
     */
    static function email2user($email)
    {
        $rcmail = rcmail::get_instance();
        $plugin = $rcmail->plugins->exec_hook('email2user',
        $rcube = rcube::get_instance();
        $plugin = $rcube->plugins->exec_hook('email2user',
            array('email' => $email, 'user' => NULL));

        return $plugin['user'];
@@ -542,8 +587,8 @@
     */
    static function user2email($user, $first=true, $extended=false)
    {
        $rcmail = rcmail::get_instance();
        $plugin = $rcmail->plugins->exec_hook('user2email',
        $rcube = rcube::get_instance();
        $plugin = $rcube->plugins->exec_hook('user2email',
            array('email' => NULL, 'user' => $user,
                'first' => $first, 'extended' => $extended));

@@ -570,7 +615,7 @@

        $sql_result = $this->db->query(
            "SELECT search_id AS id, ".$this->db->quoteIdentifier('name')
            ." FROM ".get_table_name('searches')
            ." FROM ".$this->db->table_name('searches')
            ." WHERE user_id = ?"
                ." AND ".$this->db->quoteIdentifier('type')." = ?"
            ." ORDER BY ".$this->db->quoteIdentifier('name'),
@@ -604,7 +649,7 @@
            "SELECT ".$this->db->quoteIdentifier('name')
                .", ".$this->db->quoteIdentifier('data')
                .", ".$this->db->quoteIdentifier('type')
            ." FROM ".get_table_name('searches')
            ." FROM ".$this->db->table_name('searches')
            ." WHERE user_id = ?"
                ." AND search_id = ?",
            (int) $this->ID, (int) $id);
@@ -635,7 +680,7 @@
            return false;

        $this->db->query(
            "DELETE FROM ".get_table_name('searches')
            "DELETE FROM ".$this->db->table_name('searches')
            ." WHERE user_id = ?"
                ." AND search_id = ?",
            (int) $this->ID, $sid);
@@ -665,7 +710,7 @@
        $insert_cols[]   = $this->db->quoteIdentifier('data');
        $insert_values[] = serialize($data['data']);

        $sql = "INSERT INTO ".get_table_name('searches')
        $sql = "INSERT INTO ".$this->db->table_name('searches')
            ." (".join(', ', $insert_cols).")"
            ." VALUES (".join(', ', array_pad(array(), sizeof($insert_values), '?')).")";