githubFork/roundcubemail.git

			@@ -1,6 +1,6 @@
			<?php

			/*
			/**
			+-----------------------------------------------------------------------+
			\| This file is part of the Roundcube Webmail client \|
			\| Copyright (C) 2005-2012, The Roundcube Dev Team \|
			@@ -29,6 +29,7 @@
			public $ID;
			public $data;
			public $language;
			public $prefs;

			/**
			* Holds database connection.
			@@ -50,6 +51,14 @@
			* @var array
			*/
			private $identities = array();

			/**
			* Internal emails cache
			*
			* @var array
			*/
			private $emails;


			const SEARCH_ADDRESSBOOK = 1;
			const SEARCH_MAIL = 2;
			@@ -78,7 +87,6 @@
			$this->language = $sql_arr['language'];
			}
			}


			/**
			* Build a user name string (as e-mail address)
			@@ -118,7 +126,6 @@
			return false;
			}


			/**
			* Get the preferences saved for this user
			*
			@@ -126,10 +133,14 @@
			*/
			function get_prefs()
			{
			$prefs = array();
			if (isset($this->prefs)) {
			return $this->prefs;
			}

			$this->prefs = array();

			if (!empty($this->language))
			$prefs['language'] = $this->language;
			$this->prefs['language'] = $this->language;

			if ($this->ID) {
			// Preferences from session (write-master is unavailable)
			@@ -147,21 +158,22 @@
			}

			if ($this->data['preferences']) {
			$prefs += (array)unserialize($this->data['preferences']);
			$this->prefs += (array)unserialize($this->data['preferences']);
			}
			}

			return $prefs;
			return $this->prefs;
			}


			/**
			* Write the given user prefs to the user's record
			*
			* @param array $a_user_prefs User prefs to save
			* @param bool $no_session Simplified language/preferences handling
			*
			* @return boolean True on success, False on failure
			*/
			function save_prefs($a_user_prefs)
			function save_prefs($a_user_prefs, $no_session = false)
			{
			if (!$this->ID)
			return false;
			@@ -178,45 +190,53 @@
			$config = $this->rc->config;

			// merge (partial) prefs array with existing settings
			$save_prefs = $a_user_prefs + $old_prefs;
			$this->prefs = $save_prefs = $a_user_prefs + $old_prefs;
			unset($save_prefs['language']);

			// don't save prefs with default values if they haven't been changed yet
			foreach ($a_user_prefs as $key => $value) {
			if ($value === null \|\| (!isset($old_prefs[$key]) && ($value == $config->get($key))))
			if ($value === null \|\| (!isset($old_prefs[$key]) && ($value == $config->get($key)))) {
			unset($save_prefs[$key]);
			}
			}

			$save_prefs = serialize($save_prefs);
			if (!$no_session) {
			$this->language = $_SESSION['language'];
			}

			$this->db->query(
			"UPDATE ".$this->db->table_name('users', true).
			" SET `preferences` = ?, `language` = ?".
			" WHERE `user_id` = ?",
			$save_prefs,
			$_SESSION['language'],
			$this->language,
			$this->ID);

			$this->language = $_SESSION['language'];

			// Update success
			if ($this->db->affected_rows() !== false) {
			$config->set_user_prefs($a_user_prefs);
			$this->data['preferences'] = $save_prefs;

			if (isset($_SESSION['preferences'])) {
			$this->rc->session->remove('preferences');
			$this->rc->session->remove('preferences_time');
			if (!$no_session) {
			$config->set_user_prefs($this->prefs);

			if (isset($_SESSION['preferences'])) {
			$this->rc->session->remove('preferences');
			$this->rc->session->remove('preferences_time');
			}
			}

			return true;
			}
			// Update error, but we are using replication (we have read-only DB connection)
			// and we are storing session not in the SQL database
			// we can store preferences in session and try to write later (see get_prefs())
			else if ($this->db->is_replicated() && $config->get('session_storage', 'db') != 'db') {
			else if (!$no_session && $this->db->is_replicated()
			&& $config->get('session_storage', 'db') != 'db'
			) {
			$_SESSION['preferences'] = $save_prefs;
			$_SESSION['preferences_time'] = time();
			$config->set_user_prefs($a_user_prefs);
			$config->set_user_prefs($this->prefs);
			$this->data['preferences'] = $save_prefs;
			}

			@@ -224,12 +244,46 @@
			}

			/**
			* Generate a unique hash to identify this user which
			* Generate a unique hash to identify this user whith
			*/
			function get_hash()
			{
			$key = substr($this->rc->config->get('des_key'), 1, 4);
			return md5($this->data['user_id'] . $key . $this->data['username'] . '@' . $this->data['mail_host']);
			$prefs = $this->get_prefs();

			// generate a random hash and store it in user prefs
			if (empty($prefs['client_hash'])) {
			$prefs['client_hash'] = md5($this->data['username'] . mt_rand() . $this->data['mail_host']);
			$this->save_prefs(array('client_hash' => $prefs['client_hash']));
			}

			return $prefs['client_hash'];
			}

			/**
			* Return a list of all user emails (from identities)
			*
			* @param bool Return only default identity
			*
			* @return array List of emails (identity_id, name, email)
			*/
			function list_emails($default = false)
			{
			if ($this->emails === null) {
			$this->emails = array();

			$sql_result = $this->db->query(
			"SELECT `identity_id`, `name`, `email`"
			." FROM " . $this->db->table_name('identities', true)
			." WHERE `user_id` = ? AND `del` <> 1"
			." ORDER BY `standard` DESC, `name` ASC, `email` ASC, `identity_id` ASC",
			$this->ID);

			while ($sql_arr = $this->db->fetch_assoc($sql_result)) {
			$this->emails[] = $sql_arr;
			}
			}

			return $default ? $this->emails[0] : $this->emails;
			}

			/**
			@@ -249,7 +303,6 @@

			return $this->identities[$id];
			}


			/**
			* Return a list of all identities linked with this user
			@@ -286,7 +339,6 @@
			return $result;
			}


			/**
			* Update a specific identity record
			*
			@@ -317,11 +369,12 @@
			call_user_func_array(array($this->db, 'query'),
			array_merge(array($sql), $query_params));

			// clear the cache
			$this->identities = array();
			$this->emails = null;

			return $this->db->affected_rows();
			}


			/**
			* Create a new identity record linked with this user
			@@ -341,7 +394,7 @@
			$insert_cols[] = $this->db->quote_identifier($col);
			$insert_values[] = $value;
			}
			$insert_cols[] = 'user_id';
			$insert_cols[] = $this->db->quote_identifier('user_id');
			$insert_values[] = $this->ID;

			$sql = "INSERT INTO ".$this->db->table_name('identities', true).
			@@ -351,11 +404,12 @@
			call_user_func_array(array($this->db, 'query'),
			array_merge(array($sql), $insert_values));

			// clear the cache
			$this->identities = array();
			$this->emails = null;

			return $this->db->insert_id('identities');
			}


			/**
			* Mark the given identity as deleted
			@@ -387,11 +441,12 @@
			$this->ID,
			$iid);

			// clear the cache
			$this->identities = array();
			$this->emails = null;

			return $this->db->affected_rows();
			}


			/**
			* Make this identity the default one for this user
			@@ -412,7 +467,6 @@
			}
			}


			/**
			* Update user's last_login timestamp
			*/
			@@ -427,16 +481,64 @@
			}
			}

			/**
			* Update user's failed_login timestamp and counter
			*/
			function failed_login()
			{
			if ($this->ID && ($rate = (int) $this->rc->config->get('login_rate_limit', 3))) {
			if (empty($this->data['failed_login'])) {
			$failed_login = new DateTime('now');
			$counter = 1;
			}
			else {
			$failed_login = new DateTime($this->data['failed_login']);
			$threshold = new DateTime('- 60 seconds');

			if ($failed_login < $threshold) {
			$failed_login = new DateTime('now');
			$counter = 1;
			}
			}

			$this->db->query(
			"UPDATE " . $this->db->table_name('users', true)
			. " SET `failed_login` = " . $this->db->fromunixtime($failed_login->format('U'))
			. ", `failed_login_counter` = " . ($counter ?: "`failed_login_counter` + 1")
			. " WHERE `user_id` = ?",
			$this->ID);
			}
			}

			/**
			* Checks if the account is locked, e.g. as a result of brute-force prevention
			*/
			function is_locked()
			{
			if (empty($this->data['failed_login'])) {
			return false;
			}

			if ($rate = (int) $this->rc->config->get('login_rate_limit', 3)) {
			$last_failed = new DateTime($this->data['failed_login']);
			$threshold = new DateTime('- 60 seconds');

			if ($last_failed > $threshold && $this->data['failed_login_counter'] >= $rate) {
			return true;
			}
			}

			return false;
			}

			/**
			* Clear the saved object state
			*/
			function reset()
			{
			$this->ID = null;
			$this->ID = null;
			$this->data = null;
			}


			/**
			* Find a user record matching the given name and host
			@@ -467,12 +569,12 @@
			}

			// user already registered -> overwrite username
			if ($sql_arr)
			if ($sql_arr) {
			return new rcube_user($sql_arr['user_id'], $sql_arr);
			else
			return false;
			}
			}

			return false;
			}

			/**
			* Create a new user record and return a rcube_user instance
			@@ -587,7 +689,6 @@
			return $user_id ? $user_instance : false;
			}


			/**
			* Resolve username using a virtuser plugins
			*
			@@ -602,7 +703,6 @@

			return $plugin['user'];
			}


			/**
			* Resolve e-mail address from virtuser plugins
			@@ -621,7 +721,6 @@

			return empty($plugin['email']) ? NULL : $plugin['email'];
			}


			/**
			* Return a list of saved searches linked with this user
			@@ -654,7 +753,6 @@

			return $result;
			}


			/**
			* Return saved search data.
			@@ -690,7 +788,6 @@
			return null;
			}


			/**
			* Deletes given saved search record
			*
			@@ -711,7 +808,6 @@

			return $this->db->affected_rows();
			}


			/**
			* Create a new saved search record linked with this user