BAOBAB
Public Member Functions | List of all members
CO_Security_DB Class Reference
Inheritance diagram for CO_Security_DB:
Collaboration diagram for CO_Security_DB:

Public Member Functions

 __construct ( $in_pdo_object, $in_access_object=NULL)
 
 get_security_ids_for_id ( $in_id, $no_personal)
 
 add_personal_token_from_current_login ( $in_to_id, $in_id)
 
 remove_personal_token_from_this_login ( $in_to_id, $in_id)
 
 get_personal_ids_for_id ( $in_id)
 
 get_all_personal_ids_except_for_id ( $in_id=0)
 
 get_logins_that_have_any_of_my_ids ()
 
 get_logins_with_personal_ids ()
 
 get_all_login_ids ()
 
 is_this_a_personal_id ( $in_id)
 
 is_this_a_login_id ( $in_id)
 
 i_have_all_ids ( $in_id)
 
 get_all_tokens ()
 
 get_all_visible_logins ()
 
 get_initial_record_by_login_id ( $in_login_id)
 
 get_credentials_by_api_key ( $in_api_key)
 
 get_initial_record_by_id ( $in_id)
 
 get_single_record_by_login_id ( $in_login_id, $and_write=false)
 
 get_multiple_records_by_login_id ( $in_login_id_array, $and_write=false)
 
 get_all_login_objects ( $and_write=false)
 
 get_all_login_objects_with_access ( $in_security_token, $and_write=false)
 
 count_all_login_objects_with_access ($in_security_token)
 
 get_all_user_objects_with_access ($in_security_token)
 
- Public Member Functions inherited from A_CO_DB
 _instantiate_record ( $in_db_result)
 
 execute_query ( $in_sql, $in_parameters=NULL, $exec_only=false)
 
 get_db_backup ()
 
 get_access_class_by_id ( $in_id)
 
 can_i_see_this_record ( $in_id)
 
 get_single_raw_row_by_id ( $in_id, $and_write=false)
 
 get_single_record_by_id ( $in_id, $and_write=false)
 
 get_multiple_records_by_id ( $in_id_array, $and_write=false)
 
 get_all_readable_records ( $open_only=false, $in_this_id=NULL)
 
 get_all_writeable_records ( $in_this_id=NULL)
 
 lock_record ( $in_record_id)
 
 write_record ( $params_associative_array)
 
 delete_record ( $id)
 

Additional Inherited Members

- Public Attributes inherited from A_CO_DB
 $access_object
 
 $class_description
 
 $error
 
 $table_name
 
- Protected Member Functions inherited from A_CO_DB
 _create_read_security_predicate ()
 
 _create_write_security_predicate ()
 
 _create_security_predicate ( $write=false)
 
- Protected Attributes inherited from A_CO_DB
 $_pdo_object
 
 $_existing_record_objects
 

Detailed Description

This is the base class for the security database. It assumes that it will have logins and Security ID table rows.

Definition at line 39 of file co_security_db.class.php.

Constructor & Destructor Documentation

◆ __construct()

CO_Security_DB::__construct (   $in_pdo_object,
  $in_access_object = NULL 
)

This is the initializer.

Parameters
$in_pdo_objectThe PDO instance for this database.
$in_access_objectThe access object (if any) for this login.

Reimplemented from A_CO_DB.

Definition at line 45 of file co_security_db.class.php.

47  {
48  parent::__construct($in_pdo_object, $in_access_object);
49 
50  $this->table_name = 'co_security_nodes'; // This is the name of the SQL table we will query.
51 
52  $this->class_description = 'The security database class.'; // A simple explanation of what this class is.
53  }

Member Function Documentation

◆ add_personal_token_from_current_login()

CO_Security_DB::add_personal_token_from_current_login (   $in_to_id,
  $in_id 
)

This adds a personal token, from one record, to the IDs of another record. This is a somewhat dangerous call, as it does not use a security predicate. That's deliberate, as we need to be able to change the security IDs of an item without necessarily being allowed to affect it.

Returns
true, if the operation was successful.
Parameters
$in_to_idThe ID of the object we are affecting.
$in_idThe ID (personal token) to be added.

Definition at line 119 of file co_security_db.class.php.

121  {
122  $in_to_id = intval($in_to_id);
123  $in_id = intval($in_id);
124  // If the current login does not own the given ID as a personal token, then we can't proceed.
125  if (CO_Config::use_personal_tokens()) {
126  $sql = 'SELECT ids FROM '.$this->table_name.' WHERE (id=?)';
127  $params = [$in_to_id];
128  $temp = $this->execute_query($sql, $params);
129  if (isset($temp) && $temp && is_array($temp) && count($temp) ) {
130  $ret = explode(',', $temp[0]['ids']);
131 
132  if (isset($ret) && is_array($ret)) {
133  $ret = array_map('intval', $ret);
134  $ret[] = $in_id;
135  sort($ret);
136  $ret = array_unique($ret);
137  $new_ids = implode(',', array_unique($ret));
138 
139  $sql = 'UPDATE '.$this->table_name.' SET ids=? WHERE id=?';
140  $params = [$new_ids, $in_to_id];
141  $this->execute_query($sql, $params, true);
142  if ($this->error == NULL) {
143  return true;
144  };
145  }
146  } else {
147  $ret = Array();
148  }
149  }
150 
151  return false;
152  }
A_CO_DB\execute_query
execute_query( $in_sql, $in_parameters=NULL, $exec_only=false)
Definition: a_co_db.class.php:292

References A_CO_DB\execute_query().

Here is the call graph for this function:

◆ count_all_login_objects_with_access()

CO_Security_DB::count_all_login_objects_with_access (   $in_security_token)

You give a security ID, and you will get a count of all login objects that have that token in their list (or are of that ID).

This is not restricted, and will count logins that we don't otherwise know about.

It does not count the "God" admin, which always has access.

Returns
an integer, with the total count of logins with access to the ID. -1, if we are not allowed to see the token.
Parameters
$in_security_tokenAn integer, with the requested security token.

Definition at line 835 of file co_security_db.class.php.

836  {
837  $ret = -1;
838 
839  $in_security_token = intval($in_security_token);
840 
841  // No security predicate, but we do have to "own" the given token.
842  if (($this->access_object->god_mode() && $in_security_token) || in_array($in_security_token, $this->access_object->get_security_ids())) {
843  $sql = 'SELECT * FROM '.$this->table_name.' WHERE (login_id IS NOT NULL) AND (login_id<>\'\') AND (id<>?)';
844  $temp = $this->execute_query($sql, Array(intval(CO_Config::god_mode_id()))); // We just get everything.
845  if (isset($temp) && $temp && is_array($temp) && count($temp) ) {
846  $ret = 0;
847 
848  foreach ($temp as $result) {
849  $id = intval($result['id']);
850  $ids = explode(',', $result['ids']);
851  if (isset($ids) && is_array($ids) && count($ids)) {
852  $ids = array_map('trim', $ids);
853  $ids = array_map('intval', $ids);
854  array_push($ids, $id);
855  $ids = array_unique($ids);
856  foreach ($ids as $single_id) {
857  if ($single_id == $in_security_token) {
858  $ret += 1;
859  break;
860  }
861  }
862  }
863  }
864  }
865  }
866 
867  return $ret;
868  }

References A_CO_DB\execute_query().

Here is the call graph for this function:

◆ get_all_login_ids()

CO_Security_DB::get_all_login_ids ( )

This returns all of the login IDs in the database.

This should only be called from the ID fetcher in the access class, as it does not do a security predicate.

Returns
an array of integers, each, a login ID.

Definition at line 374 of file co_security_db.class.php.

374  {
375  $ret = NULL;
376 
377  $sql = 'SELECT id FROM '.$this->table_name.' WHERE (access_class LIKE \'%Login%\') AND (login_id IS NOT NULL) AND (login_id<>\'\')';
378 
379  $temp = $this->execute_query($sql, Array());
380  if (isset($temp) && $temp && is_array($temp) && count($temp) ) {
381  $ret = "";
382  foreach ($temp as $i) {
383  if ($i['id']) {
384  if ($ret) {
385  $ret .= ",";
386  }
387  $ret .= $i['id'];
388  }
389  }
390  $ret = explode(",", $ret);
391  if (isset($ret) && is_array($ret) && count($ret)) {
392  $ret = array_unique(array_map('intval', $ret));
393  $ret_temp = Array();
394  foreach ($ret as $i) {
395  if (0 < $i) {
396  array_push($ret_temp, $i);
397  }
398  }
399  sort($ret_temp);
400  $ret = $ret_temp;
401  }
402  } else {
403  $ret = Array();
404  }
405 
406  return $ret;
407  }

References A_CO_DB\execute_query().

Referenced by is_this_a_login_id().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ get_all_login_objects()

CO_Security_DB::get_all_login_objects (   $and_write = false)

This is a security-vetted search for all login objects (visible to the current user).

Returns
an array of instances.
Parameters
$and_writeIf true, then we only want ones we have write access to.

Definition at line 710 of file co_security_db.class.php.

711  {
712  $ret = Array();
713 
714  // Can only look for tokens we can see.
715 
716  $predicate = $this->_create_security_predicate($and_write);
717 
718  if ($predicate) { // If we got a predicate, then we AND it with the rest of the statement.
719  $predicate .= ' AND ';
720  }
721 
722  $sql = 'SELECT * FROM '.$this->table_name.' WHERE '.$predicate. '(login_id IS NOT NULL) AND (login_id<>\'\')';
723  $temp = $this->execute_query($sql, Array()); // We just get everything.
724  if (isset($temp) && $temp && is_array($temp) && count($temp) ) {
725  foreach ($temp as $result) {
726  $result = $this->_instantiate_record($result);
727  if ($result) {
728  array_push($ret, $result);
729  }
730  }
731  }
732 
733  // At this point, only managers (or the login object, itself) can see logins. God, too, of course.
734  $my_id = $this->access_object->get_login_id();
735  $my_login_instance_is_manager = $this->access_object->god_mode() || ($this->access_object->get_login_item() instanceof CO_Login_Manager);
736  $temp_ret = Array();
737 
738  foreach ($ret as $instance) {
739  if (($instance->id() == $my_id) || $my_login_instance_is_manager) {
740  array_push($temp_ret, $instance);
741  }
742  }
743 
744  return $temp_ret;
745  }
A_CO_DB\_instantiate_record
_instantiate_record( $in_db_result)
Definition: a_co_db.class.php:181
A_CO_DB\_create_security_predicate
_create_security_predicate( $write=false)
Definition: a_co_db.class.php:167

References A_CO_DB\_create_security_predicate(), A_CO_DB\_instantiate_record(), and A_CO_DB\execute_query().

Here is the call graph for this function:

◆ get_all_login_objects_with_access()

CO_Security_DB::get_all_login_objects_with_access (   $in_security_token,
  $and_write = false 
)

You give a security ID, and you will get all login objects that have that token in their list (or are of that ID).

This is restricted to use security vetting, so only logins visible to the current login.

Returns
an array of instances.
Parameters
$in_security_tokenAn integer, with the requested security token.
$and_writeIf true, then we only want ones we have write access to.

Definition at line 755 of file co_security_db.class.php.

757  {
758  $ret = Array();
759 
760  $in_security_token = intval($in_security_token);
761 
762  $access_ids = $this->access_object->get_security_ids();
763 
764  // Can only look for tokens we can see.
765  if (($this->access_object->god_mode() && $in_security_token) || in_array($in_security_token, $access_ids)) {
766  $predicate = $this->_create_security_predicate($and_write);
767 
768  if ($predicate) { // If we got a predicate, then we AND it with the rest of the statement.
769  $predicate .= ' AND ';
770  }
771 
772  $sql = 'SELECT * FROM '.$this->table_name.' WHERE '.$predicate.'(login_id IS NOT NULL) AND (login_id<>\'\')';
773  $temp = $this->execute_query($sql, Array()); // We just get everything.
774  if (isset($temp) && $temp && is_array($temp) && count($temp) ) {
775  $ret = Array();
776 
777  foreach ($temp as $result) {
778  $id = intval($result['id']);
779  $id_array = Array($id);
780  $ids = explode(',', $result['ids']);
781  if (isset($ids) && is_array($ids) && count($ids)) {
782  $ids = array_map('trim', $ids);
783  $ids = array_map('intval', $ids);
784 
785  foreach ($ids as $single_id) {
786  array_push($id_array, $single_id);
787  }
788  }
789 
790  $found = (2 > $in_security_token);
791 
792  if (!$found) {
793  foreach ($id_array as $test_id) {
794  if ($test_id == $in_security_token) {
795  $found = true;
796  break;
797  }
798  }
799  }
800 
801  if ($found) {
802  $result = $this->_instantiate_record($result);
803  if ($result) {
804  array_push($ret, $result);
805  }
806  }
807  }
808  }
809  }
810 
811  // At this point, only managers (or the login object, itself) can see logins. God, too, of course.
812  $my_id = $this->access_object->get_login_id();
813  $my_login_instance_is_manager = $this->access_object->god_mode() || ($this->access_object->get_login_item() instanceof CO_Login_Manager);
814  $temp_ret = Array();
815 
816  foreach ($ret as $instance) {
817  if (($instance->id() == $my_id) || $my_login_instance_is_manager) {
818  array_push($temp_ret, $instance);
819  }
820  }
821 
822  return $temp_ret;
823  }

References A_CO_DB\_create_security_predicate(), A_CO_DB\_instantiate_record(), and A_CO_DB\execute_query().

Here is the call graph for this function:

◆ get_all_personal_ids_except_for_id()

CO_Security_DB::get_all_personal_ids_except_for_id (   $in_id = 0)

This returns just the "personal" IDs for ALL logins, EXCEPT for the given ID.

This should only be called from the ID fetcher in the access class, as it does not do a security predicate.

Returns
an array of integers, each, a personal security ID.
Parameters
$in_idThe integer ID of the row we want exempted. If not specified, then all IDs are returned.

Definition at line 247 of file co_security_db.class.php.

248  {
249  $ret = NULL;
250 
251  if (!CO_Config::use_personal_tokens()) {
252  return $ret;
253  }
254 
255  $sql = 'SELECT personal_ids FROM '.$this->table_name.' WHERE (access_class LIKE \'%Login%\') AND (login_id IS NOT NULL) AND (id<>?)';
256 
257  $temp = $this->execute_query($sql, Array(intval($in_id)));
258  if (isset($temp) && $temp && is_array($temp) && count($temp) ) {
259  $ret = "";
260  foreach ($temp as $i) {
261  if ($i['personal_ids']) {
262  if ($ret) {
263  $ret .= ",";
264  }
265  $ret .= $i['personal_ids'];
266  }
267  }
268  $ret = explode(",", $ret);
269  if (isset($ret) && is_array($ret) && count($ret)) {
270  $ret = array_unique(array_map('intval', $ret));
271  $ret_temp = Array();
272  foreach ($ret as $i) {
273  if (0 < $i) {
274  array_push($ret_temp, $i);
275  }
276  }
277  sort($ret_temp);
278  $ret = $ret_temp;
279  }
280  } else {
281  $ret = Array();
282  }
283 
284  return $ret;
285  }

References A_CO_DB\execute_query().

Referenced by is_this_a_personal_id().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ get_all_tokens()

CO_Security_DB::get_all_tokens ( )

This returns the entire list of IDs in the Security Database.

It should only ever be called by the "God" admin.

Returns
an array of integers, each, a security ID for the given login, and the first element is always the login ID itself.

Definition at line 494 of file co_security_db.class.php.

494  {
495  $ret = NULL;
496 
497  if ($this->access_object->god_mode()) {
498  $sql = 'SELECT id FROM '.$this->table_name.' WHERE true ORDER BY id';
499  $temp = $this->execute_query($sql, Array());
500  if (isset($temp) && $temp && is_array($temp) && count($temp) ) {
501  $ret = [];
502  foreach($temp as $row) {
503  $ret[] = intval($row['id']);
504  }
505  }
506  }
507  return $ret;
508  }

References A_CO_DB\execute_query().

Here is the call graph for this function:

◆ get_all_user_objects_with_access()

CO_Security_DB::get_all_user_objects_with_access (   $in_security_token)

You give a security ID, and you will get an array, with the user objects, associated with login objects that have that token in their list (or are of that ID).

This is security restricted, and will not return users that we don't otherwise know about.

Returns
an array, with the user objects, associated with login objects that have that token in their list (or are of that ID).
Parameters
$in_security_tokenAn integer, with the requested security token.

Definition at line 878 of file co_security_db.class.php.

879  {
880  $ret = array();
881 
882  $in_security_token = intval($in_security_token);
883  $access_instance = $this->access_object;
884 
885  // No security predicate, but we do have to "own" the given token.
886  if (($access_instance->god_mode() && $in_security_token) || in_array($in_security_token, $access_instance->get_security_ids())) {
887  $sql = 'SELECT * FROM '.$this->table_name.' WHERE (login_id IS NOT NULL) AND (login_id<>\'\') AND (id<>?)';
888  $temp = $this->execute_query($sql, Array(intval(CO_Config::god_mode_id()))); // We just get everything.
889  if (isset($temp) && $temp && is_array($temp) && count($temp) ) {
890  foreach ($temp as $result) {
891  $id = intval($result['id']);
892  $ids = explode(',', $result['ids']);
893  if (isset($ids) && is_array($ids) && count($ids)) {
894  $ids = array_map('trim', $ids);
895  $ids = array_map('intval', $ids);
896  array_push($ids, $id);
897  $ids = array_unique($ids);
898  foreach ($ids as $single_id) {
899  if ($single_id == $in_security_token) {
900  array_push($ret, $id);
901  break;
902  }
903  }
904  }
905  }
906  }
907  }
908 
909  $returnVar = array();
910  foreach ($ret as $id) {
911  $temp2 = $access_instance->get_user_from_login($id);
912  if (isset($temp2) && $temp2) {
913  array_push($returnVar, $temp2);
914  }
915  }
916 
917  return $returnVar;
918  }

References A_CO_DB\$access_object, and A_CO_DB\execute_query().

Here is the call graph for this function:

◆ get_all_visible_logins()

CO_Security_DB::get_all_visible_logins ( )

This is an extremely simple function that gets the ID, Login ID (string), and name of logins visible to the current login. It's goal is to be extremely fast and result in a relatively small response.

Returns
a simple associative array, indexed by login ID, with each element being an array, containing the name of the login object in [0], and the login ID, in [1]. It reurns ALL logins visible to the current login.

Definition at line 517 of file co_security_db.class.php.

517  {
518  $ret = array();
519  $sql = 'SELECT id,object_name,login_id FROM '.$this->table_name.' WHERE';
520 
521  $predicate = $this->_create_read_security_predicate();
522 
523  if ($predicate) {
524  $sql = "$sql $predicate AND";
525  }
526 
527  $sql = "$sql login_id<>''";
528 
529  $temp = $this->execute_query($sql, Array());
530  if (isset($temp) && $temp && is_array($temp) && count($temp) ) {
531  foreach($temp as $value) {
532  $ret[$value["id"]] = [$value["object_name"], $value["login_id"]];
533  }
534  }
535 
536  return $ret;
537  }
A_CO_DB\_create_read_security_predicate
_create_read_security_predicate()
Definition: a_co_db.class.php:104

References A_CO_DB\_create_read_security_predicate(), and A_CO_DB\execute_query().

Here is the call graph for this function:

◆ get_credentials_by_api_key()

CO_Security_DB::get_credentials_by_api_key (   $in_api_key)

This is a special "raw" function for getting login credentials from an API key.

Returns
an associative array, with the login ID and hashed password that correspond to the API key.
Parameters
$in_api_keyThe API Key of the element.

Definition at line 573 of file co_security_db.class.php.

574  {
575  $ret = NULL;
576 
577  $sql = 'SELECT * FROM '.$this->table_name.' WHERE api_key LIKE ?';
578  $params = Array(trim($in_api_key).' - %');
579 
580  $temp = $this->execute_query($sql, $params);
581  if (isset($temp) && $temp && is_array($temp) && count($temp) ) {
582  $result = $this->_instantiate_record($temp[0]);
583  if (isset($result) && ($result instanceof CO_Security_Login) && $result && $result->is_api_key_valid($in_api_key)) {
584  $ret = Array('login_id' => $result->login_id, 'hashed_password' => $result->get_crypted_password());
585  if ($result->id() == CO_Config::god_mode_id()) {
586  $ret['hashed_password'] = $in_api_key;
587  }
588  } elseif (isset($result) && ($result instanceof CO_Security_Login)) {
589  $this->error = $result->error;
590  }
591  }
592 
593  return $ret;
594  }

References A_CO_DB\_instantiate_record(), and A_CO_DB\execute_query().

Here is the call graph for this function:

◆ get_initial_record_by_id()

CO_Security_DB::get_initial_record_by_id (   $in_id)

This is a very "raw" function that should ONLY be called from a special check from the access class.

It has no security screening, as this is just for checking.

Returns
a newly-instantiated record.
Parameters
$in_idThe ID of the element.

Definition at line 604 of file co_security_db.class.php.

605  {
606  $ret = NULL;
607 
608  $sql = 'SELECT * FROM '.$this->table_name.' WHERE id=?';
609 
610  $temp = $this->execute_query($sql, Array(intval($in_id)));
611  if (isset($temp) && $temp && is_array($temp) && count($temp) ) {
612  $result = $this->_instantiate_record($temp[0]);
613  if ($result) {
614  $ret = $result;
615  }
616  }
617 
618  return $ret;
619  }

References A_CO_DB\_instantiate_record(), and A_CO_DB\execute_query().

Here is the call graph for this function:

◆ get_initial_record_by_login_id()

CO_Security_DB::get_initial_record_by_login_id (   $in_login_id)

This is a very "raw" function that should ONLY be called from the access instance __construct() method (or a special check from the access class).

It is designed to fetch the current login object from its string login ID, so we can extract the id.

It has no security screening, as it needs to be called before the security screens can be put into place.

Returns
a newly-instantiated record.
Parameters
$in_login_idThe login ID of the element.

Definition at line 549 of file co_security_db.class.php.

550  {
551  $ret = NULL;
552 
553  $sql = 'SELECT * FROM '.$this->table_name.' WHERE login_id=?';
554  $params = Array(trim($in_login_id));
555 
556  $temp = $this->execute_query($sql, $params);
557  if (isset($temp) && $temp && is_array($temp) && count($temp) ) {
558  $result = $this->_instantiate_record($temp[0]);
559  if ($result) {
560  $ret = $result;
561  }
562  }
563 
564  return $ret;
565  }

References A_CO_DB\_instantiate_record(), and A_CO_DB\execute_query().

Here is the call graph for this function:

◆ get_logins_that_have_any_of_my_ids()

CO_Security_DB::get_logins_that_have_any_of_my_ids ( )

This returns IDs that have our personal IDs.

Returns
an associative array of arrays of integer, keyed by integer. The key is the ID of the login, and the value is an array of integer, with the IDs that match. NULL, if an error.

Definition at line 293 of file co_security_db.class.php.

293  {
294  $ret = NULL;
295 
296  // Will not work for God Mode, as God doesn't have personal IDs.
297  if (!CO_Config::use_personal_tokens() || $this->access_object->god_mode()) {
298  return $ret;
299  }
300 
301  // We can only check personal IDs relevant to our login.
302  $in_ids = $this->access_object->get_personal_security_ids();
303  $in_id = $this->access_object->get_login_id();
304 
305  $sql = 'SELECT id,ids FROM '.$this->table_name.' WHERE (access_class LIKE \'%Login%\') AND (login_id IS NOT NULL) AND (id<>?)';
306 
307  $temp = $this->execute_query($sql, Array(intval($in_id)));
308  if (isset($temp) && $temp && is_array($temp) && count($temp) ) {
309  $ret = [];
310  foreach ($temp as $i) {
311  $tmp = [];
312  if (isset($i['id']) && $i['id'] && isset($i['ids']) && $i['ids']) {
313  $key = intval($i['id']);
314  $ids = array_unique(array_map('intval', explode(',', $i['ids'])));
315  if (1 < $key && count($ids)) {
316  sort($ids);
317  $tmp_ids = [];
318  foreach($ids as $tmp_id) {
319  if (in_array($tmp_id, $in_ids)) {
320  $tmp_ids[] = $tmp_id;
321  }
322  }
323  if (count($tmp_ids)) {
324  $ret[$key] = $tmp_ids;
325  }
326  }
327  }
328  }
329  }
330 
331  return $ret;
332  }

References A_CO_DB\execute_query().

Here is the call graph for this function:

◆ get_logins_with_personal_ids()

CO_Security_DB::get_logins_with_personal_ids ( )

This returns IDs that have personal IDs. This only works for the God admin.

Returns
an associative array of arrays of integer, keyed by integer. The key is the ID of the login, and the value is an array of integer, with the Personal IDs that match. NULL, if an error.

Definition at line 341 of file co_security_db.class.php.

341  {
342  $ret = NULL;
343 
344  // Will only work for God Mode.
345  if (!CO_Config::use_personal_tokens() || !$this->access_object->god_mode()) {
346  return $ret;
347  }
348 
349  $sql = 'SELECT id,personal_ids FROM '.$this->table_name.' WHERE (access_class LIKE \'%Login%\') AND (login_id IS NOT NULL) AND (personal_ids IS NOT NULL) AND (personal_ids<>\'\')';
350 
351  $temp = $this->execute_query($sql, Array());
352  if (isset($temp) && $temp && is_array($temp) && count($temp) ) {
353  $ret = [];
354  foreach ($temp as $i) {
355  $tmp = [];
356  if (isset($i['id']) && $i['id'] && isset($i['personal_ids']) && $i['personal_ids']) {
357  $key = intval($i['id']);
358  $ids = array_unique(array_map('intval', explode(',', $i['personal_ids'])));
359  $ret[$key] = $ids;
360  }
361  }
362  }
363  return $ret;
364  }

References A_CO_DB\execute_query().

Here is the call graph for this function:

◆ get_multiple_records_by_login_id()

CO_Security_DB::get_multiple_records_by_login_id (   $in_login_id_array,
  $and_write = false 
)

This is a security-screened multiple login fetcher.

Returns
an array of newly-instantiated objects.

Definition at line 647 of file co_security_db.class.php.

649  {
650  $ret = NULL;
651 
652  $predicate = $this->_create_security_predicate($and_write);
653 
654  if ($predicate) { // If we got a predicate, then we AND it with the rest of the statement.
655  $predicate .= ' AND ';
656  }
657 
658  $sql = 'SELECT * FROM '.$this->table_name.' WHERE '.$predicate. '(';
659 
660  $params = Array();
661 
662  foreach ($in_login_id_array as $id) {
663  if (trim($id)) {
664  if (0 < count($params)) {
665  $sql .= ') OR (';
666  }
667  $sql.= 'login_id=?';
668  array_push($params, $id);
669  }
670  }
671 
672  $sql .= ')';
673 
674  if (0 < count($params)) {
675  $temp = $this->execute_query($sql, $params);
676  if (isset($temp) && $temp && is_array($temp) && count($temp) ) {
677  $ret = Array();
678  foreach ($temp as $result) {
679  $result = $this->_instantiate_record($result);
680  if ($result) {
681  array_push($ret, $result);
682  }
683  }
684  usort($ret, function($a, $b){return ($a->id() > $b->id());});
685  }
686  }
687 
688  // At this point, only managers (or the login object, itself) can see logins. God, too, of course.
689  $my_id = $this->access_object->get_login_id();
690  $my_login_instance_is_manager = $this->access_object->god_mode() || ($this->access_object->get_login_item() instanceof CO_Login_Manager);
691  $temp_ret = Array();
692 
693  if (isset($ret) && is_array($ret) && count($ret)) {
694  foreach ($ret as $instance) {
695  if (($instance->id() == $my_id) || $my_login_instance_is_manager) {
696  array_push($temp_ret, $instance);
697  }
698  }
699  }
700 
701  return $temp_ret;
702  }

References A_CO_DB\_create_security_predicate(), A_CO_DB\_instantiate_record(), and A_CO_DB\execute_query().

Referenced by get_single_record_by_login_id().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ get_personal_ids_for_id()

CO_Security_DB::get_personal_ids_for_id (   $in_id)

This returns just the "personal" IDs for the given ID.

This should only be called from the ID fetcher in the access class, as it does not do a security predicate.

Returns
an array of integers, each, a personal security ID for the given login.
Parameters
$in_idThe integer ID of the row.

Definition at line 208 of file co_security_db.class.php.

209  {
210  $ret = NULL;
211 
212  if (!CO_Config::use_personal_tokens()) {
213  return $ret;
214  }
215 
216  $sql = 'SELECT personal_ids FROM '.$this->table_name.' WHERE (access_class LIKE \'%Login%\') AND (login_id IS NOT NULL) AND (id=?)';
217 
218  $temp = $this->execute_query($sql, Array(intval($in_id)));
219  if (isset($temp) && $temp && is_array($temp) && count($temp) ) {
220  $ret = explode(',', $temp[0]['personal_ids']);
221  if (isset($ret) && is_array($ret) && count($ret)) {
222  $ret = array_unique(array_map('intval', $ret));
223  $ret_temp = Array();
224  foreach ($ret as $i) {
225  if (0 < $i) {
226  array_push($ret_temp, $i);
227  }
228  }
229  sort($ret_temp);
230  $ret = $ret_temp;
231  }
232  } else {
233  $ret = Array();
234  }
235 
236  return $ret;
237  }

References A_CO_DB\execute_query().

Here is the call graph for this function:

◆ get_security_ids_for_id()

CO_Security_DB::get_security_ids_for_id (   $in_id,
  $no_personal 
)

This returns just the security IDs (including the item ID, itself) for the given ID.

This should only be called from the ID fetcher in the access class, as it does not do a security predicate.

Returns
an array of integers, each, a security ID for the given login, and the first element is always the login ID itself.
Parameters
$in_idThe integer ID of the row.
$no_personalThis is optional. If we DO NOT want personal tokens included, this should be set to true.

Definition at line 63 of file co_security_db.class.php.

65  {
66  $ret = NULL;
67 
68  $fetch_sql = "ids";
69  if (CO_Config::use_personal_tokens() && !$no_personal) {
70  $fetch_sql .= ",personal_ids";
71  } else {
72  $no_personal = false;
73  }
74 
75  $sql = 'SELECT '.$fetch_sql.' FROM '.$this->table_name.' WHERE (access_class LIKE \'%Login%\') AND (login_id IS NOT NULL) AND (id=?)';
76  $params = Array(intval($in_id));
77  $temp = $this->execute_query($sql, $params);
78 // Commented out, but useful for debug.
79 // echo('SQL:<pre>'.htmlspecialchars(print_r($sql, true)).'</pre>');
80 // echo('PARAMS:<pre>'.htmlspecialchars(print_r($params, true)).'</pre>');
81 // echo('RESPONSE:<pre>'.htmlspecialchars(print_r($temp, true)).'</pre>');
82 // echo('<pre>'.($no_personal ? 'NO ' : '').'PERSONAL</pre>');
83 // echo('ERROR:<pre>'.htmlspecialchars(print_r($this->error, true)).'</pre>');
84  if (isset($temp) && $temp && is_array($temp) && count($temp) ) {
85  $ret = isset($temp[0]['ids']) ? explode(',', $temp[0]['ids']) : [];
86  if (!$no_personal && isset($temp[0]['personal_ids'])) {
87  $ret_temp = explode(',', $temp[0]['personal_ids']);
88  foreach ($ret_temp as $i) {
89  if (0 < $i) {
90  array_push($ret, $i);
91  }
92  }
93  }
94  if (isset($ret) && is_array($ret) && count($ret)) {
95  $ret = array_unique(array_map('intval', $ret));
96  $ret_temp = Array();
97  foreach ($ret as $i) {
98  if (0 < $i) {
99  array_push($ret_temp, $i);
100  }
101  }
102  sort($ret_temp);
103  $ret = $ret_temp;
104  }
105  array_unshift($ret, $in_id);
106  } else {
107  $ret = Array($in_id);
108  }
109 
110  return $ret;
111  }

References A_CO_DB\execute_query().

Here is the call graph for this function:

◆ get_single_record_by_login_id()

CO_Security_DB::get_single_record_by_login_id (   $in_login_id,
  $and_write = false 
)

This is a security-screened method to fetch a single instance of a record object, based on its ID.

Returns
a single, newly-instantiated object.
Parameters
$in_login_idThe login ID of the requested login object.
$and_writeIf this is true, then we need the item to be modifiable.

Definition at line 627 of file co_security_db.class.php.

629  {
630  $ret = NULL;
631 
632  $temp = $this->get_multiple_records_by_login_id(Array($in_login_id), $and_write);
633 
634  if (isset($temp) && $temp && is_array($temp) && count($temp) ) {
635  $ret = $temp[0];
636  }
637 
638  return $ret;
639  }
CO_Security_DB\get_multiple_records_by_login_id
get_multiple_records_by_login_id( $in_login_id_array, $and_write=false)
Definition: co_security_db.class.php:647

References get_multiple_records_by_login_id().

Here is the call graph for this function:

◆ i_have_all_ids()

CO_Security_DB::i_have_all_ids (   $in_id)

This method will check a given security record (indicated by its ID), and make sure that we have COMPLETE access to it. This means that we check ALL the ids, as well as the record's write (not read) token.

This is not "security-vetted," in order to make sure that we are looking at the complete record.

Returns
true, if we completely match. False, otherwise.
Parameters
$in_idThis is the ID of the record to check.

Definition at line 460 of file co_security_db.class.php.

461  {
462  $ret = false;
463 
464  if (intval($in_id)) {
465  $sql = 'SELECT write_security_id, ids FROM '.$this->table_name.' WHERE id=?';
466 
467  $result = $this->execute_query($sql, Array(intval($in_id)));
468 
469  if (isset($result) && is_array($result) && (1 == count($result))) {
470  $access_ids = $this->access_object->get_security_ids();
471  $write_security_id = intval($result[0]['write_security_id']);
472  $ids = (isset($result[0]['ids']) && trim($result[0]['ids'])) ? array_map('intval', explode(',', trim($result[0]['ids']))) : [];
473  $ids[] = $write_security_id;
474  sort($ids);
475  sort($access_ids);
476  $diff = array_diff($ids, $access_ids);
477 
478  if (is_array($diff) && !count($diff)) { // We only go true if there are no outliers. We have to have ALL of them.
479  $ret = true;
480  }
481  }
482  }
483  return $ret;
484  }

References A_CO_DB\execute_query().

Here is the call graph for this function:

◆ is_this_a_login_id()

CO_Security_DB::is_this_a_login_id (   $in_id)

This checks an ID, to see if it is a login ID.

Returns
true, if the ID is a login ID.
Parameters
$in_idThe ID we are checking. Must be greater than 1.

Definition at line 436 of file co_security_db.class.php.

437  {
438  $in_id = intval($in_id);
439 
440  if (1 < $in_id) {
441  $ret = $this->get_all_login_ids();
442 
443  if (!$this->error) {
444  return in_array($in_id, $ret);
445  }
446  }
447 
448  return false;
449  }

References get_all_login_ids().

Here is the call graph for this function:

◆ is_this_a_personal_id()

CO_Security_DB::is_this_a_personal_id (   $in_id)

This checks an ID, to see if it is a personal ID.

Returns
true, if the ID is a personal ID.
Parameters
$in_idThe ID we are checking. Must be greater than 1.

Definition at line 415 of file co_security_db.class.php.

416  {
417  $in_id = intval($in_id);
418 
419  if (CO_Config::use_personal_tokens() && (1 < $in_id)) {
420  $ret = $this->get_all_personal_ids_except_for_id();
421 
422  if (!$this->error) {
423  return in_array($in_id, $ret);
424  }
425  }
426 
427  return false;
428  }
CO_Security_DB\get_all_personal_ids_except_for_id
get_all_personal_ids_except_for_id( $in_id=0)
Definition: co_security_db.class.php:247

References get_all_personal_ids_except_for_id().

Here is the call graph for this function:

◆ remove_personal_token_from_this_login()

CO_Security_DB::remove_personal_token_from_this_login (   $in_to_id,
  $in_id 
)

This removes a personal token, from one record. This is a somewhat dangerous call, as it does not use a security predicate. That's deliberate, as we need to be able to change the security IDs of an item without necessarily being allowed to affect it.

Returns
true, if the operation was successful.
Parameters
$in_to_idThe ID of the object we are affecting.
$in_idThe ID (personal token) to be removed.

Definition at line 160 of file co_security_db.class.php.

162  {
163  $in_to_id = intval($in_to_id);
164  $in_id = intval($in_id);
165  // If the current login does not own the given ID as a personal token, then we can't proceed.
166  if (CO_Config::use_personal_tokens()) {
167  $sql = 'SELECT ids FROM '.$this->table_name.' WHERE (id=?)';
168  $params = [$in_to_id];
169  $temp = $this->execute_query($sql, $params);
170  if (isset($temp) && $temp && is_array($temp) && count($temp) ) {
171  $ret = explode(',', $temp[0]['ids']);
172 
173  if (isset($ret) && is_array($ret)) {
174  $return = false;
175  $ret = array_unique(array_map('intval', $ret));
176  sort($ret);
177 
178  if (($key = array_search($in_id, $ret)) !== false) {
179  $return = true;
180  unset($ret[$key]);
181  }
182 
183  $new_ids = implode(',', $ret);
184 
185  $sql = 'UPDATE '.$this->table_name.' SET ids=? WHERE id=?';
186  $params = [$new_ids, $in_to_id];
187  $this->execute_query($sql, $params, true);
188  if ($this->error == NULL) {
189  return $return;
190  };
191  }
192  } else {
193  $ret = Array();
194  }
195  }
196 
197  return false;
198  }

References A_CO_DB\execute_query().

Here is the call graph for this function: