w3systemsDevelopment: sessions/userLogin.h Source File

00001 /*
00002 
00003   userLogin.h
00004   Generic Security for the web.  
00005 
00006 */
00007 #ifndef USER_LOGIN_H
00008 #define USER_LOGIN_H
00009 
00010 
00011 #include "openDB.hpp"
00012 #include "connectstring"
00013 #include "read_base.hpp"
00014 #include <map>
00015 #include <vector>
00016 #include "cgiCookie.h"
00017 
00018 
00019 class openService
00020 {
00021   public:
00022 
00023   string id,service_name,sequence,tree_depth,menu_name,
00024          uri,xml_params,xml_param1,xml_param2;
00025   bool local_uri, secure;
00026 
00027   openService()
00028   {;}
00029   virtual ~openService()
00030   {;}
00031   openService(const openService&in):id(in.id), sequence(in.sequence),
00032          tree_depth(in.tree_depth), service_name(in.service_name),  menu_name(in.menu_name),
00033          uri(in.uri), local_uri(in.local_uri), xml_params(in.xml_params), xml_param1(in.xml_param1),
00034          xml_param2(in.xml_param2)
00035   {;}
00036   openService & operator = ( const openService & in )
00037   {
00038     id=in.id;
00039     sequence=in.sequence;
00040     tree_depth=in.tree_depth;
00041     service_name=in.service_name;
00042     menu_name=in.menu_name;
00043     uri=in.uri;
00044     local_uri=in.local_uri;
00045     xml_params=in.xml_params;
00046     xml_param1=in.xml_param1;
00047     xml_param2=in.xml_param2;
00048     secure=in.secure;
00049     return *this;
00050   }
00051 };
00052 
00053 typedef map < string, openService > serviceMap;
00054 typedef vector < string > serviceVector;
00055 
00056 class userLogin
00057 {  
00058 public:
00059   // defaulted to auction Bidder, 
00060   // changes must be set before validation checkUser or testLoginStatus
00061   string userCols; // must reflect id, first, last, login, password, phone_number, email prperties
00062   string userTable;
00063   string loginName;
00064   string passwordName;
00065   
00066   // must be set before calling services
00067   string role_id;
00068     
00069   // all have this
00070   string id, first, last, login, password, phone_number, email;
00071   
00072   string sql;
00073   string lastError;
00074   serviceMap services;
00075   serviceVector serviceNames;  
00076   string fieldTemp;
00077   quickQuery qqry;
00078   openRS & rs;
00079   
00080 protected:
00081   
00082   void setVars(void)
00083   {
00084     id=rs.getField(0).format();
00085     first=rs.getField(1).format();
00086     last=rs.getField(2).format();
00087     login=rs.getField(3).format();
00088     password=rs.getField(4).format();
00089     phone_number=rs.getField(5).format();
00090     email=rs.getField(6).format();
00091   }
00092   
00093 public:
00094 
00095   userLogin(string userCols,string userTable,string loginName,string passwordName)
00096   :qqry(),rs(qqry.getRS()),
00097   userCols(userCols),userTable(userTable),loginName(loginName),passwordName(passwordName)
00098   {;}
00099   
00100   // defaulted values
00101   userLogin():qqry(),rs(qqry.getRS()),
00102   userCols(" Id, First_Name , Last_Name , EMail , Password, Day_Phone, EMail "),
00103   userTable("Bidder"),loginName("EMail"),passwordName("Password")
00104   {;}
00105   
00106   virtual ~userLogin(){;}
00107   
00108   // The name in these context is typically related to the site  
00109   string & getSiteRole( string roleName )
00110   {
00111     sql = "select id from metasite.roles where name = '" + roleName + "'";    
00112     
00113     if( rs.open(sql) )
00114     {
00115       role_id = rs.getField(0).format();
00116       rs.close();
00117     }
00118     else 
00119     {
00120       lastError += rs.getErrors();
00121       lastError += " - " + sql;
00122     }
00123     return role_id;
00124   }
00125   virtual bool checkUser( const char * user, const char * password )
00126   {
00127     // be pessimistic about the return code
00128     bool bRet = false;
00129     // be pessimistic about the error string
00130     lastError = "Bad Login / Password combination: ";
00131     // establish cookies
00132     cgiCookie cookie;
00133     // cookies valid for entire site
00134     cookie.setPath("/");
00135 
00136     if( user && password && strlen(user) && strlen(password) )
00137     {
00138       // check validity of user & password
00139       sql = "Select ";
00140       sql += userCols;
00141       sql += " from " ;            
00142       sql += userTable;
00143       sql += " where " + loginName + " = '";
00144       sql += user;
00145       sql += "' and " + passwordName += " = '";
00146       sql += password;
00147       sql += "'";
00148 
00149       if( rs.open(sql) )
00150       {
00151         // set the data vars
00152         setVars();
00153 
00154         // error? what error?
00155         lastError = "";
00156         // return true
00157         bRet = true;
00158         rs.close();
00159       } // end if query returned data
00160       else
00161       {
00162         lastError += rs.getErrors();
00163         lastError += " no such user on this site, please try again. ";
00164       }
00165     } // end if user and password
00166     else
00167     {
00168       lastError += " both the login and password must be entered. ";
00169     }
00170     return bRet;
00171   }
00172 
00173   virtual bool testLoginStatus( void )
00174   {
00175     bool bRet = false;
00176     cgiCookie cookie;
00177     string & rId = id;    
00178     
00179     if( rId.length() > 0 )
00180     {
00181       // Check to see if a real user is here
00182       sql = "select ";
00183       sql += userCols;
00184       sql += " from " ;            
00185       sql += userTable; 
00186       sql += " where ";
00187       // physical id is always the first field of userCols      
00188       ocString pcols = userCols;
00189       sql += pcols.parse(",");
00190       sql += " = ";
00191       sql += rId;
00192       if( rs.open(sql) )
00193       {
00194         // set the data vars
00195         setVars();
00196 
00197         bRet = true;
00198         rs.close();
00199       } // end if query returned data
00200       else
00201       {
00202         lastError += "Could not fetch your login!\n";
00203         lastError += "<!--";
00204         lastError += sql;
00205         lastError += "-->";
00206       }
00207     } // end if Id has length
00208     return bRet;
00209   }
00210             
00211   bool fetchServices( string criteria = "" )
00212   {
00213     bool bRet = false;
00214     bool open = false;
00215 
00216     // get the role services - tie back to both roles and groups
00217     sql = "select distinct s.id, s.name, s.menu_name, s.uri, "// 0,1,2,3
00218           "s.local_uri, s.secure, " // 4,5
00219           "s.sequence, s.tree_depth, " // 6,7
00220           "s.xml_params " // 8
00221           "from metasite.services s "
00222           "inner join metasite.role_services rs on rs.service_id = s.id "
00223           "where rs.role_id = ";
00224     sql += role_id;
00225     if( criteria.length() )
00226     {
00227       sql += " and ";
00228       sql += criteria;
00229     }
00230     sql += " order by s.sequence, s.tree_depth";
00231 
00232     for( open = rs.open(sql); open; open = rs.next() )
00233     {
00234       bRet = true;
00235       openService service;
00236       service.id =    rs.getField(0).format();
00237       service.service_name =  rs.getField(1).format();
00238       service.menu_name =     rs.getField(2).format();
00239       service.uri =           rs.getField(3).format();
00240       service.xml_params =    rs.getField(8).format();
00241       service.local_uri =  dynamic_cast<longField&>(rs.getField(4)).get();
00242       service.secure =     dynamic_cast<longField&>(rs.getField(5)).get();
00243       service.sequence =      rs.getField(6).format();
00244       service.tree_depth =    rs.getField(7).format();
00245       string key = service.service_name;
00246       services.insert(make_pair(key,service));
00247       serviceNames.push_back(key);
00248     }
00249     rs.close();
00250     if( !bRet )
00251     {
00252       lastError += " no services for ";
00253       lastError += first;
00254       lastError += " ";
00255       lastError += last;
00256       lastError += " are enabled. <!--";
00257       lastError += sql;
00258       lastError += " | ";
00259       lastError += rs.getErrors();
00260       lastError += "-->";
00261     }
00262     return bRet;
00263 
00264   }  // end fetch services method
00265 
00266   serviceMap & Services( void )
00267   {
00268     return services;
00269   }
00270   
00271   serviceVector & ServiceNames( void )
00272   {
00273     return serviceNames;
00274   }
00275   
00276   int serviceCount( void )
00277   {
00278     return serviceNames.size();
00279   }
00280   openService & getService(int idx)
00281   {
00282     return services[serviceNames[idx]];
00283   }
00284   
00285   openService & getService(string serviceName)
00286   {
00287     return services[serviceName];
00288   }
00289  
00290 
00291 };
00292 
00293 
00294 
00295 #endif