start working on User and Group classes

- User and Group has been moved to 'models' directory
- removed UserPass struct (passwords fields were put to User struct)
not working yet, we need support for binary blobs in morm

winixd/functions/account.cpp

@@ -61,12 +61,11 @@ bool Account::ActivateAccount(User * puser, long code, bool use_ses_log)
 	{
 		if( Tol(*user_code_str) == code )
 		{
-			if( db->ChangeUserStatus(puser->id, WINIX_ACCOUNT_READY) == WINIX_ERR_OK )
-			{
-				puser->aenv.remove(L"activation_code");
-				db->ChangeUserAdminEnv(puser->id, puser->aenv);
-				puser->status = WINIX_ACCOUNT_READY;
+			puser->status = WINIX_ACCOUNT_READY;
+			puser->aenv.remove(L"activation_code");
 
+			if( puser->update() )
+			{
 				log << log2 << "Account: account: " << puser->name << " activated" << logend;
 
 				if( use_ses_log )

winixd/functions/adduser.cpp

@@ -162,11 +162,11 @@ return true;
 */
 bool AddUser::AddNewUser(User & user, const std::wstring & pass)
 {
-	up.has_pass = true;
-	up.pass = pass;
-	system->crypt.PassHashCrypt(up);
+	user.has_pass = true;
+	user.password = pass;
+	system->crypt.PassHashCrypt(user);
 	
-	if( db->AddUser(user, up) == WINIX_ERR_OK )
+	if( user.insert() )
 	{
 		if( system->users.AddUser(user) )
 		{
@@ -213,7 +213,10 @@ bool AddUser::AddNewUser(const std::wstring & login,
 						 bool try_login,
 						 bool use_ses_log)
 {
-	user.Clear();
+	user.set_connector(model_connector);
+	user.clear();
+
+	//user.Clear();
 	user.name         = login;
 	user.email        = email;
 	user.super_user   = false;

winixd/functions/adduser.h

@@ -5,7 +5,7 @@
  */
 
 /* 
- * Copyright (c) 2010-2014, Tomasz Sowa
+ * Copyright (c) 2010-2021, Tomasz Sowa
  * All rights reserved.
  * 
  * Redistribution and use in source and binary forms, with or without
@@ -36,7 +36,7 @@
 #define headerfile_winix_functions_adduser
 
 #include "functionbase.h"
-#include "core/user.h"
+#include "models/user.h"
 
 namespace Winix
 {
@@ -69,7 +69,6 @@ public:
 
 private:
 
-	UserPass up;
 	User user;
 
 };

winixd/functions/env.cpp

@@ -47,7 +47,6 @@ Env::Env()
 {
 	fun.url = L"env";
 	puser   = 0;
-	req_id  = 0;
 }
 
 
@@ -64,9 +63,6 @@ bool Env::HasAccess()
 			return false;
 	}
 
-	if( !GetUser() )
-		return false;
-
 return true;
 }
 
@@ -77,27 +73,24 @@ bool Env::Parse(const std::wstring & env_str)
 	space.clear();
 	conf_parser.SetSpace(space);
 
-return (conf_parser.ParseSpace(env_str) == PT::SpaceParser::ok);
+	return (conf_parser.ParseSpace(env_str) == PT::SpaceParser::ok);
 }
 
 
-bool Env::EditAdminEnv(long user_id, const std::wstring & env_str, bool use_ses_log)
+bool Env::EditAdminEnv(const std::wstring & env_str, bool use_ses_log)
 {
 	if( Parse(env_str) )
 	{
-		if( db->ChangeUserAdminEnv(user_id, space) == WINIX_ERR_OK )
+		puser->aenv = space;
+
+		if( puser->update() )
 		{
-			User * puser = system->users.GetUser(user_id);
-
-			if( puser )
-				puser->aenv = space;
-
 			return true;
 		}
 		else
 		{
-			log << log1 << "Evn: a database problem with changing environment variables for user: "
-				<< cur->session->puser->name << ", id: " << cur->session->puser->id << logend;
+			log << log1 << "Evn: a database problem with changing admin environment variables for user: "
+				<< puser->name << ", id: " << puser->id << logend;
 		}
 	}
 	else
@@ -112,23 +105,20 @@ return false;
 }
 
 
-bool Env::EditEnv(long user_id, const std::wstring & env_str, bool use_ses_log)
+bool Env::EditEnv(const std::wstring & env_str, bool use_ses_log)
 {
 	if( Parse(env_str) )
 	{
-		if( db->ChangeUserEnv(user_id, space) == WINIX_ERR_OK )
+		puser->env = space;
+
+		if( puser->update() )
 		{
-			User * puser = system->users.GetUser(user_id);
-
-			if( puser )
-				puser->env = space;
-
 			return true;
 		}
 		else
 		{
 			log << log1 << "Evn: a database problem with changing admin environment variables for user: "
-				<< cur->session->puser->name << ", id: " << cur->session->puser->id << logend;
+				<< puser->name << ", id: " << puser->id << logend;
 		}
 	}
 	else
@@ -146,67 +136,62 @@ return false;
 
 void Env::SaveEnv()
 {
-	if( GetUser() )
+	const std::wstring & env_str = cur->request->PostVar(L"envvar");
+	long user_id = puser->id;
+	bool status  = false;
+
+	if( cur->request->IsParam(L"a") )
 	{
-		const std::wstring & env_str = cur->request->PostVar(L"envvar");
-		long user_id = GetUser()->id;
-		bool status  = false;
-
-		if( cur->request->IsParam(L"a") )
-		{
-			if( cur->session->puser->super_user )
-				status = EditAdminEnv(user_id, env_str, true);
-		}
-		else
-		{
-			status = EditEnv(user_id, env_str, true);
-		}
-
-		if( status )
-			system->RedirectToLastItem();
+		if( cur->session->puser->super_user )
+			status = EditAdminEnv(env_str, true);
 	}
-}
-
-
-User * Env::GetUser()
-{
-	if( cur->request->id != req_id )
+	else
 	{
-		req_id  = cur->request->id;
-		puser   = 0;
-
-		if( cur->session->puser )
-		{
-			if( cur->session->puser->super_user && cur->request->IsPostVar(L"userid") )
-			{
-				long id = Tol(cur->request->PostVar(L"userid"));
-				puser   = system->users.GetUser(id);
-			}
-			else
-			{
-				puser = cur->session->puser;
-			}
-		}
+		status = EditEnv(env_str, true);
 	}
 
-return puser;
+	if( status )
+		system->RedirectToLastItem();
 }
 
 
+
 void Env::MakePost()
 {
+	puser = nullptr;
+
 	if( cur->session->puser )
 	{
+		puser = cur->session->puser;
+
 		if( cur->request->IsPostVar(L"changeuser") )
 		{
 			// show environments variables for the specified user
-			if( GetUser() )
-				log << log2 << "Env: changing user to: " << GetUser()->name << ", id: " << GetUser()->id << logend;
+			if( puser->super_user && cur->request->IsPostVar(L"userid") )
+			{
+				long id = Tol(cur->request->PostVar(L"userid"));
+				puser   = system->users.GetUser(id);
+
+				if( puser )
+				{
+					log << log2 << "Env: changing user to: " << puser->name << ", id: " << puser->id << logend;
+				}
+			}
+		}
+
+		if( puser )
+		{
+			/*
+			 * this puser should be set in a new struct (based on Model)
+			 * and put to templates
+			 *
+			 */
+
+			SaveEnv();
 		}
 		else
 		{
-			// save environment variables
-			SaveEnv();
+			cur->request->status = WINIX_ERR_PERMISSION_DENIED;
 		}
 	}
 }

winixd/functions/env.h

@@ -5,7 +5,7 @@
  */
 
 /* 
- * Copyright (c) 2012-2014, Tomasz Sowa
+ * Copyright (c) 2012-2021, Tomasz Sowa
  * All rights reserved.
  * 
  * Redistribution and use in source and binary forms, with or without
@@ -52,22 +52,18 @@ public:
 
 	Env();
 
-	bool EditAdminEnv(long user_id, const std::wstring & env_str, bool use_ses_log = false);
-	bool EditEnv(long user_id,      const std::wstring & env_str, bool use_ses_log = false);
-
 	bool HasAccess();
 	void MakePost();
 
-	// used mainly by templates
-	// can return a null pointer
-	User * GetUser();
 
 private:
 
 	PT::SpaceParser conf_parser;
 	PT::Space space;
 	User * puser;
-	size_t req_id;
+
+	bool EditAdminEnv(const std::wstring & env_str, bool use_ses_log = false);
+	bool EditEnv(const std::wstring & env_str, bool use_ses_log = false);
 
 	bool Parse(const std::wstring & env_str);
 	void SaveEnv();

winixd/functions/locale.cpp

@@ -5,7 +5,7 @@
  */
 
 /* 
- * Copyright (c) 2012-2014, Tomasz Sowa
+ * Copyright (c) 2012-2021, Tomasz Sowa
  * All rights reserved.
  * 
  * Redistribution and use in source and binary forms, with or without
@@ -66,7 +66,7 @@ void Locale::MakePost()
 		if( TemplatesFunctions::locale.HasLanguage(locale_id) )
 		{
 			cur->session->puser->locale_id = locale_id;
-			db->ChangeUserLocale(cur->session->puser->id, locale_id);
+			cur->session->puser->update();
 			TemplatesFunctions::locale.SetCurLang(locale_id);
 		}
 		else

winixd/functions/login.cpp

@@ -5,7 +5,7 @@
  */
 
 /* 
- * Copyright (c) 2008-2014, Tomasz Sowa
+ * Copyright (c) 2008-2021, Tomasz Sowa
  * All rights reserved.
  * 
  * Redistribution and use in source and binary forms, with or without
@@ -55,22 +55,21 @@ Login::Login()
 void Login::ClearTmpStruct()
 {
 	system->crypt.ClearString(pass_decrypted);
-	system->crypt.ClearString(pass_hashed);
-	system->crypt.ClearString(up.pass);
-	system->crypt.ClearString(up.pass_encrypted);
-	system->crypt.ClearString(up2.pass);
-	system->crypt.ClearString(up2.pass_encrypted);
+//	system->crypt.ClearString(up.pass);
+//	system->crypt.ClearString(up.pass_encrypted);
+//	system->crypt.ClearString(up2.pass);
+//	system->crypt.ClearString(up2.pass_encrypted);
 }
 
 
 
-bool Login::CheckPasswords(const std::wstring & password)
+bool Login::CheckPasswords(User & user, const std::wstring & password)
 {
-	if( !up.pass_encrypted.empty() )
+	if( !user.pass_encrypted.empty() )
 	{
-		if( system->crypt.RSA(false, config->pass_rsa_private_key, up.pass_encrypted, pass_decrypted) )
+		if( system->crypt.RSA(false, config->pass_rsa_private_key, user.pass_encrypted, pass_decrypted) )
 		{
-			PT::UTF8ToWide(pass_decrypted, up.pass);
+			PT::UTF8ToWide(pass_decrypted, user.password);
 		}
 		else
 		{
@@ -79,22 +78,22 @@ bool Login::CheckPasswords(const std::wstring & password)
 		}
 	}
 
-	pass_hashed   = password;
-	up2.pass_type = up.pass_type;
-	up2.pass      = password;
+	std::wstring password_from_db = user.password;
+	user.password = password;
 
-	if( up.pass_hash_salted )
+	if( user.pass_hash_salted )
 		salt = config->pass_hash_salt;
 	else
 		salt.clear();
 
-	if( !system->crypt.PassHash(salt, up2) )
+	if( !system->crypt.PassHash(salt, user) )
 	{
 		log << log1 << "Login: I cannot hash a password, login failure" << logend;
 		return false;
 	}
 
-	bool result = (up.pass == up2.pass);
+	// compare char by char until the end of the strings (time attacks)
+	bool result = (user.password == password_from_db);
 
 	if( !result )
 		log << log2 << "Login: incorrect login/password" << logend;
@@ -114,15 +113,25 @@ bool Login::CheckUserPass(const std::wstring & login, const std::wstring & passw
 {
 bool result;
 
-	if( db->GetUserPass(login, user_id, up) )
+	morm::Finder<User> finder(model_connector);
+
+	User user = finder.
+			select().
+			where().
+			eq(L"login", login).
+			get();
+
+	if( user.found() )
 	{
-		if( up.has_pass )
+		user_id = user.id;
+
+		if( user.has_pass )
 		{
-			result = CheckPasswords(password);
+			result = CheckPasswords(user, password);
 		}
 		else
 		{
-			log << log2 << "Login: this account has not a password set yet" << logend;
+			log << log2 << "Login: this account has no a password set yet" << logend;
 			result = false;
 		}
 	}

winixd/functions/login.h

@@ -5,7 +5,7 @@
  */
 
 /* 
- * Copyright (c) 2010-2014, Tomasz Sowa
+ * Copyright (c) 2010-2021, Tomasz Sowa
  * All rights reserved.
  * 
  * Redistribution and use in source and binary forms, with or without
@@ -36,7 +36,7 @@
 #define headerfile_winix_functions_login
 
 #include "functionbase.h"
-#include "core/user.h"
+#include "models/user.h"
 
 namespace Winix
 {
@@ -69,13 +69,11 @@ public:
 private:
 	
 	void ClearTmpStruct();
-	bool CheckPasswords(const std::wstring & password);
+	bool CheckPasswords(User & user, const std::wstring & password);
 	void CheckBan();
 	bool CheckAbuse();
 
-	UserPass up, up2;
 	std::string pass_decrypted;
-	std::wstring pass_hashed;
 	std::wstring salt;
 
 };

winixd/functions/passwd.cpp

@@ -110,10 +110,11 @@ bool result = false;
 
 	if( puser )
 	{
-		up.has_pass = true;
-		up.pass = new_password;
-		system->crypt.PassHashCrypt(up);
-		result = (db->ChangeUserPass(user_id, up) == WINIX_ERR_OK);
+		puser->has_pass = true;
+		puser->password = new_password;
+		system->crypt.PassHashCrypt(*puser);
+
+		result = puser->update();
 
 		if( result )
 			log << log2 << "Passwd: password for user " << puser->name << " has been changed" << logend;

winixd/functions/passwd.h

@@ -5,7 +5,7 @@
  */
 
 /* 
- * Copyright (c) 2011-2014, Tomasz Sowa
+ * Copyright (c) 2011-2021, Tomasz Sowa
  * All rights reserved.
  * 
  * Redistribution and use in source and binary forms, with or without
@@ -36,7 +36,7 @@
 #define headerfile_winix_functions_passwd
 
 #include "functionbase.h"
-#include "core/user.h"
+#include "models/user.h"
 
 namespace Winix
 {
@@ -61,8 +61,6 @@ public:
 
 private:
 
-	UserPass up;
-
 	void ChangePassword(User * puser);
 
 	bool ResetPassword(User * puser, long code, bool use_ses_log);

winixd/functions/rmuser.cpp

@@ -5,7 +5,7 @@
  */
 
 /* 
- * Copyright (c) 2012-2014, Tomasz Sowa
+ * Copyright (c) 2012-2021, Tomasz Sowa
  * All rights reserved.
  * 
  * Redistribution and use in source and binary forms, with or without
@@ -73,7 +73,7 @@ bool RmUser::RemoveUser(long user_id)
 			result = true;
 			log << log2 << "RmUser: user id: " << user_id << " name: " << name << " was removed" << logend;
 
-			if( db->RemoveUser(user_id) != WINIX_ERR_OK )
+			if( !puser->remove() )
 				log << log1 << "RmUser: I cannot remove a user id: " << user_id << " from database" << logend;
 		}
 	}

winixd/functions/timezone.cpp

@@ -5,7 +5,7 @@
  */
 
 /* 
- * Copyright (c) 2012-2014, Tomasz Sowa
+ * Copyright (c) 2012-2021, Tomasz Sowa
  * All rights reserved.
  * 
  * Redistribution and use in source and binary forms, with or without
@@ -64,7 +64,7 @@ void TimeZone::MakePost()
 		if( system->time_zones.HasZone(tz_id) )
 		{
 			cur->session->puser->time_zone_id = tz_id;
-			db->ChangeUserTimeZone(cur->session->puser->id, tz_id);
+			cur->session->puser->update();
 		}
 		else
 		{