UsersPermissions
extends Users
in package
User Permissions Login class
IMPORTANT: Requires a data source. See UsersDataSourceMySQLi.class.php for code which provides this for MySQLi
UsersPermissions extends the Users class to include boolean permissions.
Tags
Table of Contents
- $configuration : array<string|int, string>
- $data : array<string|int, string>
- $errors : array<string|int, string>
- $workingOn : array<string|int, string>
- __construct() : mixed
- Extends Users::_construct
- addPermission() : mixed
- Adds a permission to the permissions table
- admin() : string
- Sets up the admin function which allows users to edit themselves and, optionally, others
- allUsersHTML() : string
- Get all users from data source and put them in an HTML list
- clearErrors() : mixed
- clears the errors array
- editScreen() : string
- Extends Users::editScreen
- errors() : string
- getter for $this->errors
- HTML() : string
- Main display function.
- isAdmin() : bool
- getter for isAdmin
- isAuthorized() : mixed
- returns boolean as to whether the user has the passed in permission
- logOut() : mixed
- Logs user out of system
- name() : string
- getter for login name
- addEdit() : mixed
- Adds/Updates existing record
- emptyWorkingOn() : array<string|int, string>
- Creates a variable designed to replace $this->workingOn
- getNextScript() : string
- Simple helper script to calculate next script to call
- initWorkingOn() : mixed
- Initializes $this->workingOn
- logInScreen() : string
- Creates the fields needed for a login screen
- makeHTMLField() : string
- Creates an HTML field for display
- validate() : mixed
- Extends Users::validate
Properties
$configuration
protected
array<string|int, string>
$configuration
= array(
/*
* what to use for html input fields
* These are passed to sprintf, with label, fieldname, title, placeholder and current value, in that order
*/
'screens' => array('login form' => "<h1>Login</h1>
<form class='login_form' action='%s' method='post'>
%s
<input type='submit' value='Login'></form>
", 'edit form' => "<form class='login_form' action='%s' method='post'>
%s
<input type='submit' name='btnUpdate' value='Update'>
</form>", 'loginScreen' => "<div class='login_field'>
<input class='login_field' type='text' name='username' placeholder='Username' required autofocus>
</div>
<div class='login_field'>
<input class='login_field' type='password' name='password' placeholder='Password' required>
</div>", 'adminScreen' => "<input type='hidden' name='doAdmin' value='1'>
", 'validateScript' => ''),
'html input fields' => array('text' => "<div class='login_field'>
<label>%s
<input class='login_field' type='text' name='%s' title='%s' placeholder='%s' value='~~%s~~'>
</label>
</div>", 'password' => "<div class='login_field'>
<label>%s
<input class='login_field' type='password' name='%s' title='%s' placeholder='%s'>
</label>
</div>", 'boolean' => "<div class='login_field'>
<label>%s
<input class='login_field' type='checkbox' name='%s' title='%s' value='1' %s ~~%s~~>
</label>
</div>", 'textarea' => "<div class='login_field'>
<label>%s
<textarea class='login_field' name='%s' title='%s' placeholder='%s'>~~%s~~</textarea>
</label>
</div>"),
'input prefix' => 'admin_',
// prefix the name with this in a form
'tables' => array('users' => array(
'table' => '_users',
// table name for user records
'id' => '_user_id',
// ID column name
'display' => array(
// fields which are displayed to select
'login',
),
'form test' => 'login',
// field to test if form submitted
'fields' => array('login' => array(
'label' => 'Username',
// login name column name
'html type' => 'text',
'filter' => '/^[a-zA-Z0-9_]+$/',
'instructions' => 'Username can only contain alpha numerics and an underscore',
'hint' => 'Change User Name',
'unique' => rue,
), 'pass' => array(
'label' => 'Password',
// password column name
'html type' => 'password',
'instructions' => 'Leave blank to keep same password',
'hint' => 'Change Password',
), 'admin' => array('label' => 'isAdmin', 'html type' => 'boolean', 'restrict' => rue, 'instructions' => 'If checked, user will be able to add/edit users'), 'enabled' => array('label' => 'Enabled', 'html type' => 'boolean', 'restrict' => rue, 'instructions' => 'Uncheck to disable log in')),
)),
)
Contains the configuration for the class
May be modified by the calling program. Must be replicated in userDataSource class
$data
protected
array<string|int, string>
$data
= array()
Contains the information for the current logged in user
$errors
protected
array<string|int, string>
$errors
= array()
Contains errors that can occur
$workingOn
protected
array<string|int, string>
$workingOn
= array()
During administration, contains the record being modified
Methods
__construct()
Extends Users::_construct
public
__construct([array<string|int, string> $customFields = array() ]) : mixed
Adds additional fields needed for permissions. However, this information is not actually used in the code, but is included here for documentation and/or possible extensions
Parameters
- $customFields : array<string|int, string> = array()
-
Array of definition modifications to underlying structure
Return values
mixed —addPermission()
Adds a permission to the permissions table
public
addPermission(mixed $connection, mixed $category, mixed $name, mixed $description, mixed $defaultValue) : mixed
This simply adds a permission to the permissions table, adding the category if it doesn't exist already. Since this is already written in usersPermissionsDataSource, we simply call it.
Parameters
- $connection : mixed
- $category : mixed
- $name : mixed
- $description : mixed
- $defaultValue : mixed
Tags
Return values
mixed —admin()
Sets up the admin function which allows users to edit themselves and, optionally, others
public
admin(usersDataSource $connection[, mixed $nextScript = null ]) : string
This should be called the first time, then repeatedly called until it is done (it returns the string "Updated", "Failed" or "No changes".
The first iteration returns an edit screen displaying the users information for them to edit. It will display an HTML INPUT for each field that is not restricted. The user can then edit the chosen entries and press the button, which will call the script again, and update the record.
If the user has the admin right, the Edit screen also displays a list of all users as an unsigned list of anchors. If the user clicks on one of those, it will choose that user, load their data and allow the user to edit that users record. NOTE: this is the only way to edit fields with the restrict flag set.
Parameters
- $connection : usersDataSource
-
A connection to the data source
- $nextScript : mixed = null
Return values
string —This may be an HTML table or a single screen
allUsersHTML()
Get all users from data source and put them in an HTML list
public
allUsersHTML(usersDataSource $connection[, string $nextPage = null ]) : string
Will retrieve the ID and login name of all users, putting them in a list of anchors to allow an admin to select one for editing
Parameters
- $connection : usersDataSource
-
A connection to the data source
- $nextPage : string = null
-
The URL of the page to be used in the link
Return values
string —an unordered list (UL) containing links with names
clearErrors()
clears the errors array
public
clearErrors() : mixed
Return values
mixed —editScreen()
Extends Users::editScreen
public
editScreen(usersPermissionsDataSource $connection) : string
Adds permissions in div of class category
Parameters
- $connection : usersPermissionsDataSource
Tags
Return values
string —HTML containing all of the INPUT records a user can edit
errors()
getter for $this->errors
public
errors() : string
Return values
string —html div containing one paragraph for every error
HTML()
Main display function.
public
HTML(usersDataSource $connection[, string $nextScript = null ]) : string
This function should be called to perform the login. It performs all functions needed to log in and validate, but once logged in, will return an empty string.
Parameters
- $connection : usersDataSource
-
A connection to the data source
- $nextScript : string = null
-
The url to be run when logged in
Return values
string —A (possibly empty) HTML div
isAdmin()
getter for isAdmin
public
isAdmin() : bool
Return values
bool —true if user is an admin, false if not
isAuthorized()
returns boolean as to whether the user has the passed in permission
public
isAuthorized(string $permission) : mixed
If user is an admin, they automatically have all permissions, otherwise we check for the permission. NOTE: the existence of a permission is not validated. If a permission does not exist, will return false for anyone but an admin
Parameters
- $permission : string
-
short form of permission
Tags
Return values
mixed —logOut()
Logs user out of system
public
logOut([string $nextScript = null ]) : mixed
destroys itself ($_SESSION['user'], then session, then calls $nextScript by doing a header call.
Parameters
- $nextScript : string = null
-
URL of next script to call
Return values
mixed —name()
getter for login name
public
name() : string
Return values
string —user name
addEdit()
Adds/Updates existing record
protected
addEdit(usersPermissionsDataSource $connection) : mixed
Extending Users::addEdit by updating the permissions
Parameters
- $connection : usersPermissionsDataSource
Tags
Return values
mixed —emptyWorkingOn()
Creates a variable designed to replace $this->workingOn
protected
emptyWorkingOn() : array<string|int, string>
Initializes all fields to something non-null and sets id to -1
Return values
array<string|int, string> —An array initialized with all records needed
getNextScript()
Simple helper script to calculate next script to call
protected
getNextScript([string $nextScript = null ]) : string
Returns one of three URL strings, in order of precedence $nextScript $configuration['screens']['validateScript'] PHP_SELF
Parameters
- $nextScript : string = null
-
URL to call
Return values
string —URL
initWorkingOn()
Initializes $this->workingOn
protected
initWorkingOn(mixed $connection, mixed $id) : mixed
This is a modification to Users::initWorkingOn to add permissions
Parameters
- $connection : mixed
- $id : mixed
Return values
mixed —logInScreen()
Creates the fields needed for a login screen
protected
logInScreen([string $nextScript = null ]) : string
Populates %s's in 'login form' with values for $nextScript and 'loginScreen'
Parameters
- $nextScript : string = null
-
URL to call form
Return values
string —HTML code for display
makeHTMLField()
Creates an HTML field for display
protected
makeHTMLField(string $field, array<string|int, string> $record, string $value) : string
Retrieves the template for the record type, then populates it from $record, $value and $field. The template MUST have %s's in the following order for an HTML INPUT field label= name= title= placeholder= value
Knows how to handle INPUT types TEXT, TEXTAREA, PASSWORD and special html type boolean, which is checkboxes.
Parameters
- $field : string
-
name of the field to populate
- $record : array<string|int, string>
-
Record from $configuration[...][fields]
- $value : string
-
the current value to put in INPUT
Return values
string —An HTML INPUT entity
validate()
Extends Users::validate
protected
validate(string $username, string $password, usersPermissionsDataSource $connection) : mixed
Loads permissions if user was validated
Parameters
- $username : string
- $password : string
- $connection : usersPermissionsDataSource