// swad_ID.c: Users' IDs
/*
SWAD (Shared Workspace At a Distance),
is a web platform developed at the University of Granada (Spain),
and used to support university teaching.
This file is part of SWAD core.
Copyright (C) 1999-2019 Antonio Caņas Vargas
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see .
*/
/*****************************************************************************/
/********************************* Headers ***********************************/
/*****************************************************************************/
#include // For isalnum, isdigit, etc.
#include // For boolean type
#include // For exit, system, malloc, free, rand, etc.
#include // For string functions
#include "swad_account.h"
#include "swad_box.h"
#include "swad_database.h"
#include "swad_form.h"
#include "swad_global.h"
#include "swad_HTML.h"
#include "swad_ID.h"
#include "swad_parameter.h"
#include "swad_QR.h"
#include "swad_user.h"
/*****************************************************************************/
/************** External global variables from others modules ****************/
/*****************************************************************************/
extern struct Globals Gbl;
/*****************************************************************************/
/***************************** Private constants *****************************/
/*****************************************************************************/
#define ID_MAX_IDS_PER_USER 3 // Maximum number of IDs per user
/*****************************************************************************/
/******************************* Private types *******************************/
/*****************************************************************************/
/*****************************************************************************/
/***************************** Private variables *****************************/
/*****************************************************************************/
const char *ID_ID_SECTION_ID = "id_section";
/*****************************************************************************/
/***************************** Private prototypes ****************************/
/*****************************************************************************/
static bool ID_CheckIfUsrIDIsValidUsingMinDigits (const char *UsrID,unsigned MinDigits);
static void ID_PutLinkToConfirmID (struct UsrData *UsrDat,unsigned NumID,
const char *Anchor);
static void ID_ShowFormChangeUsrID (const struct UsrData *UsrDat,
bool ItsMe,bool IShouldFillInID);
static void ID_RemoveUsrID (const struct UsrData *UsrDat,bool ItsMe);
static bool ID_CheckIfConfirmed (long UsrCod,const char *UsrID);
static void ID_RemoveUsrIDFromDB (long UsrCod,const char *UsrID);
static void ID_NewUsrID (const struct UsrData *UsrDat,bool ItsMe);
static void ID_InsertANewUsrIDInDB (long UsrCod,const char *NewID,bool Confirmed);
/*****************************************************************************/
/********************** Get list of IDs of a user ****************************/
/*****************************************************************************/
void ID_GetListIDsFromUsrCod (struct UsrData *UsrDat)
{
MYSQL_RES *mysql_res;
MYSQL_ROW row;
unsigned NumIDs;
unsigned NumID;
/***** Initialize list of IDs to an empty list *****/
ID_FreeListIDs (UsrDat);
if (UsrDat->UsrCod > 0)
{
/***** Get user's IDs from database *****/
// First the confirmed (Confirmed == 'Y')
// Then the unconfirmed (Confirmed == 'N')
NumIDs = (unsigned) DB_QuerySELECT (&mysql_res,"can not get user's IDs",
"SELECT UsrID,Confirmed FROM usr_IDs"
" WHERE UsrCod=%ld"
" ORDER BY Confirmed DESC,UsrID",
UsrDat->UsrCod);
if (NumIDs)
{
/***** Allocate space for the list *****/
ID_ReallocateListIDs (UsrDat,NumIDs);
/***** Get list of IDs *****/
for (NumID = 0;
NumID < NumIDs;
NumID++)
{
row = mysql_fetch_row (mysql_res);
/* Get ID from row[0] */
Str_Copy (UsrDat->IDs.List[NumID].ID,row[0],
ID_MAX_BYTES_USR_ID);
/* Get if ID is confirmed from row[1] */
UsrDat->IDs.List[NumID].Confirmed = (row[1][0] == 'Y');
}
}
/***** Free structure that stores the query result *****/
DB_FreeMySQLResult (&mysql_res);
}
}
/*****************************************************************************/
/***************** Free memory allocated for list of IDs *********************/
/*****************************************************************************/
void ID_ReallocateListIDs (struct UsrData *UsrDat,unsigned NumIDs)
{
/***** Free list of IDs if used *****/
ID_FreeListIDs (UsrDat);
/***** Assign number of IDs in list *****/
UsrDat->IDs.Num = NumIDs;
/***** Allocate space for the list *****/
if ((UsrDat->IDs.List = (struct ListIDs *) malloc (NumIDs * sizeof (struct ListIDs))) == NULL)
Lay_NotEnoughMemoryExit ();
}
/*****************************************************************************/
/***************** Free memory allocated for list of IDs *********************/
/*****************************************************************************/
void ID_FreeListIDs (struct UsrData *UsrDat)
{
/***** Free list *****/
if (UsrDat->IDs.Num && UsrDat->IDs.List)
free ((void *) UsrDat->IDs.List);
/***** Reset list *****/
UsrDat->IDs.List = NULL;
UsrDat->IDs.Num = 0;
}
/*****************************************************************************/
/***************** Get list of user codes from user's IDs ********************/
/*****************************************************************************/
// Returns the number of users with any of these IDs
// The list of users' codes is allocated inside this function and should be freed by caller
unsigned ID_GetListUsrCodsFromUsrID (struct UsrData *UsrDat,
const char *EncryptedPassword, // If NULL or empty ==> do not check password
struct ListUsrCods *ListUsrCods,
bool OnlyConfirmedIDs)
{
char *SubQueryAllUsrs = NULL;
char SubQueryOneUsr[1 + ID_MAX_BYTES_USR_ID + 1 + 1];
MYSQL_RES *mysql_res;
MYSQL_ROW row;
size_t MaxLength;
unsigned NumID;
unsigned NumUsr;
bool CheckPassword = false;
if (UsrDat->IDs.Num)
{
if (EncryptedPassword)
if (EncryptedPassword[0])
CheckPassword = true;
/***** Allocate memory for subquery string *****/
MaxLength = 512 + UsrDat->IDs.Num * (1 + ID_MAX_BYTES_USR_ID + 1) - 1;
if ((SubQueryAllUsrs = (char *) malloc (MaxLength + 1)) == NULL)
Lay_NotEnoughMemoryExit ();
SubQueryAllUsrs[0] = '\0';
/***** Get user's code(s) from database *****/
for (NumID = 0;
NumID < UsrDat->IDs.Num;
NumID++)
{
if (NumID)
Str_Concat (SubQueryAllUsrs,",",
MaxLength);
sprintf (SubQueryOneUsr,"'%s'",UsrDat->IDs.List[NumID].ID);
Str_Concat (SubQueryAllUsrs,SubQueryOneUsr,
MaxLength);
}
if (CheckPassword)
{
// Get user's code if I have written the correct password
// or if password in database is empty (new user)
ListUsrCods->NumUsrs =
(unsigned) DB_QuerySELECT (&mysql_res,"can not get user's codes",
"SELECT DISTINCT(usr_IDs.UsrCod) FROM usr_IDs,usr_data"
" WHERE usr_IDs.UsrID IN (%s)"
"%s"
" AND usr_IDs.UsrCod=usr_data.UsrCod"
" AND (usr_data.Password='%s' OR usr_data.Password='')",
SubQueryAllUsrs,
OnlyConfirmedIDs ? " AND usr_IDs.Confirmed='Y'" :
"",
EncryptedPassword);
}
else
ListUsrCods->NumUsrs =
(unsigned) DB_QuerySELECT (&mysql_res,"can not get user's codes",
"SELECT DISTINCT(UsrCod) FROM usr_IDs"
" WHERE UsrID IN (%s)"
"%s",
SubQueryAllUsrs,
OnlyConfirmedIDs ? " AND Confirmed='Y'" :
"");
/***** Free memory for subquery string *****/
free ((void *) SubQueryAllUsrs);
if (ListUsrCods->NumUsrs)
{
/***** Allocate space for the list of users' codes *****/
Usr_AllocateListUsrCods (ListUsrCods);
// The list should be freed by caller
/***** Fill the list *****/
for (NumUsr = 0;
NumUsr < ListUsrCods->NumUsrs;
NumUsr++)
{
/***** Get user's code *****/
row = mysql_fetch_row (mysql_res);
ListUsrCods->Lst[NumUsr] = Str_ConvertStrCodToLongCod (row[0]);
}
UsrDat->UsrCod = ListUsrCods->Lst[0]; // The first user found
}
else // ListUsrCods->NumUsrs == 0
{
ListUsrCods->Lst = NULL;
UsrDat->UsrCod = -1L;
}
/***** Free structure that stores the query result *****/
DB_FreeMySQLResult (&mysql_res);
}
else // List of user's IDs is empty
{
ListUsrCods->NumUsrs = 0;
ListUsrCods->Lst = NULL;
UsrDat->UsrCod = -1L;
}
return ListUsrCods->NumUsrs;
}
/*****************************************************************************/
/******* Put hidden parameter with the plain user's ID of other user *********/
/*****************************************************************************/
void ID_PutParamOtherUsrIDPlain (void)
{
Par_PutHiddenParamString ("OtherUsrID",
(Gbl.Usrs.Other.UsrDat.IDs.Num &&
Gbl.Usrs.Other.UsrDat.IDs.List) ? Gbl.Usrs.Other.UsrDat.IDs.List[0].ID :
"");
}
/*****************************************************************************/
/********* Get parameter plain user's ID of other user from a form ***********/
/*****************************************************************************/
void ID_GetParamOtherUsrIDPlain (void)
{
/***** Allocate space for the list *****/
ID_ReallocateListIDs (&Gbl.Usrs.Other.UsrDat,1);
/***** Get parameter *****/
Par_GetParToText ("OtherUsrID",Gbl.Usrs.Other.UsrDat.IDs.List[0].ID,
ID_MAX_BYTES_USR_ID);
// Users' IDs are always stored internally in capitals and without leading zeros
Str_RemoveLeadingZeros (Gbl.Usrs.Other.UsrDat.IDs.List[0].ID);
Str_ConvertToUpperText (Gbl.Usrs.Other.UsrDat.IDs.List[0].ID);
Gbl.Usrs.Other.UsrDat.IDs.List[0].Confirmed = true;
}
/*****************************************************************************/
/****** Check whether a user's ID without the ending letter is valid *********/
/*****************************************************************************/
// Returns true if the user's ID string is valid, or false if not
// A valid user's ID must...:
// 1. Must be ID_MIN_BYTES_USR_ID <= characters <= ID_MAX_BYTES_USR_ID.
// 2. All characters must be digits or letters
// 3. Must have a minimum number of digits
// Wrapper function to avoid passing extra parameters
bool ID_CheckIfUsrIDIsValid (const char *UsrID)
{
if (UsrID)
if (UsrID[0])
return ID_CheckIfUsrIDIsValidUsingMinDigits (UsrID,ID_MIN_DIGITS_USR_ID);
return false;
}
// Wrapper function to avoid passing extra parameters
bool ID_CheckIfUsrIDSeemsAValidID (const char *UsrID)
{
if (UsrID)
if (UsrID[0])
return ID_CheckIfUsrIDIsValidUsingMinDigits (UsrID,ID_MIN_DIGITS_AUTOMATIC_DETECT_USR_ID);
return false;
}
static bool ID_CheckIfUsrIDIsValidUsingMinDigits (const char *UsrID,unsigned MinDigits)
{
const char *Ptr;
unsigned NumDigits = 0;
unsigned Length;
/***** Check length *****/
if (!UsrID)
return false;
if (!UsrID[0])
return false;
Length = strlen (UsrID);
if (Length < ID_MIN_BYTES_USR_ID ||
Length > ID_MAX_BYTES_USR_ID)
return false; // 1. Must be ID_MIN_BYTES_USR_ID <= characters <= ID_MAX_BYTES_USR_ID
/**** Loop through user's ID *****/
for (Ptr = UsrID;
*Ptr;
Ptr++)
if (isdigit ((int) *Ptr)) // If character is digit
NumDigits++;
else if (!((*Ptr >= 'A' && *Ptr <= 'Z') ||
(*Ptr >= 'a' && *Ptr <= 'z'))) // If character is not alpha
return false; // 2. All characters must be digits or letters
return (NumDigits >= MinDigits); // 3. Must have MinDigits digits at least
}
/*****************************************************************************/
/*************************** Write list of user's ID *************************/
/*****************************************************************************/
void ID_WriteUsrIDs (struct UsrData *UsrDat,const char *Anchor)
{
unsigned NumID;
bool ICanSeeUsrID;
bool ICanConfirmUsrID;
ICanSeeUsrID = ID_ICanSeeOtherUsrIDs (UsrDat);
ICanConfirmUsrID = ICanSeeUsrID &&
(UsrDat->UsrCod != Gbl.Usrs.Me.UsrDat.UsrCod) && // Not me
!Gbl.Form.Inside && // Not inside another form
Act_GetBrowserTab (Gbl.Action.Act) == Act_BRW_1ST_TAB; // Only in main browser tab
for (NumID = 0;
NumID < UsrDat->IDs.Num;
NumID++)
{
if (NumID)
fprintf (Gbl.F.Out," ");
fprintf (Gbl.F.Out,"",
UsrDat->IDs.List[NumID].Confirmed ? "USR_ID_C" :
"USR_ID_NC");
if (ICanSeeUsrID)
fprintf (Gbl.F.Out,"%s",UsrDat->IDs.List[NumID].ID);
else
fprintf (Gbl.F.Out,"********");
fprintf (Gbl.F.Out,"");
if (ICanConfirmUsrID &&
!UsrDat->IDs.List[NumID].Confirmed)
ID_PutLinkToConfirmID (UsrDat,NumID,Anchor);
}
}
/*****************************************************************************/
/***************** Check if I can see another user's IDs *********************/
/*****************************************************************************/
bool ID_ICanSeeOtherUsrIDs (const struct UsrData *UsrDat)
{
bool ItsMe = Usr_ItsMe (UsrDat->UsrCod);
if (ItsMe)
return true;
/***** Check if I have permission to see another user's IDs *****/
switch (Gbl.Usrs.Me.Role.Logged)
{
case Rol_NET:
case Rol_TCH:
/* Check 1: I can see the IDs of users who do not exist in database */
if (UsrDat->UsrCod <= 0) // User does not exist (when creating a new user)
return true;
/* Check 2: I can see the IDs of confirmed students */
if (UsrDat->Roles.InCurrentCrs.Role == Rol_STD && // A student
UsrDat->Accepted) // who accepted registration
return true;
/* Check 3: I can see the IDs of users with user's data empty */
// This check is made to not view simultaneously:
// - an ID
// - a name or an email
if (!UsrDat->Password[0] && // User has no password (never logged)
!UsrDat->Surname1[0] && // and who has no surname 1 (nobody filled user's surname 1)
!UsrDat->Surname2[0] && // and who has no surname 2 (nobody filled user's surname 2)
!UsrDat->FirstName[0] && // and who has no first name (nobody filled user's first name)
!UsrDat->Email[0]) // and who has no email (nobody filled user's email)
return true;
return false;
case Rol_DEG_ADM:
case Rol_CTR_ADM:
case Rol_INS_ADM:
case Rol_SYS_ADM:
return Usr_ICanEditOtherUsr (UsrDat);
default:
return false;
}
}
/*****************************************************************************/
/****************** Put a link to confirm another user's ID ******************/
/*****************************************************************************/
static void ID_PutLinkToConfirmID (struct UsrData *UsrDat,unsigned NumID,
const char *Anchor)
{
extern const char *The_ClassFormOutBoxBold[The_NUM_THEMES];
extern const char *Txt_Confirm_ID;
Act_Action_t NextAction;
/***** Begin form *****/
switch (UsrDat->Roles.InCurrentCrs.Role)
{
case Rol_STD:
NextAction = ActCnfID_Std;
break;
case Rol_NET:
case Rol_TCH:
NextAction = ActCnfID_Tch;
break;
default: // Guest, user or admin
NextAction = ActCnfID_Oth;
break;
}
Frm_StartFormAnchor (NextAction,Anchor);
if (Gbl.Action.Original != ActUnk)
{
Par_PutHiddenParamLong ("OriginalActCod",
Act_GetActCod (Gbl.Action.Original)); // Original action, used to know where we came from
switch (Gbl.Action.Original)
{
case ActSeeRecSevGst:
case ActSeeRecSevStd:
case ActSeeRecSevTch:
Usr_PutHiddenParSelectedUsrsCods ();
break;
default:
break;
}
}
Usr_PutParamUsrCodEncrypted (UsrDat->EncryptedUsrCod);
fprintf (Gbl.F.Out,"",
UsrDat->IDs.List[NumID].ID);
/***** Put link *****/
Frm_LinkFormSubmit (Txt_Confirm_ID,The_ClassFormOutBoxBold[Gbl.Prefs.Theme],NULL);
Ico_PutIconTextLink ("check.svg",
Txt_Confirm_ID);
Frm_LinkFormEnd ();
/***** End form *****/
Frm_EndForm ();
}
/*****************************************************************************/
/*********************** Show form to change my user's ID ********************/
/*****************************************************************************/
void ID_ShowFormChangeMyID (bool IShouldFillInID)
{
extern const char *Hlp_PROFILE_Account;
extern const char *Txt_ID;
char StrRecordWidth[10 + 1];
/***** Start section *****/
HTM_SECTION_Begin (ID_ID_SECTION_ID);
/***** Begin box *****/
snprintf (StrRecordWidth,sizeof (StrRecordWidth),
"%upx",
Rec_RECORD_WIDTH);
Box_BoxBegin (StrRecordWidth,Txt_ID,Acc_PutLinkToRemoveMyAccount,
Hlp_PROFILE_Account,Box_NOT_CLOSABLE);
/***** Show form to change ID *****/
ID_ShowFormChangeUsrID (&Gbl.Usrs.Me.UsrDat,
true, // ItsMe
IShouldFillInID);
/***** End box *****/
Box_BoxEnd ();
/***** End section *****/
HTM_SECTION_End ();
}
/*****************************************************************************/
/*********************** Show form to change my user's ID ********************/
/*****************************************************************************/
void ID_ShowFormChangeOtherUsrID (void)
{
extern const char *Hlp_PROFILE_Account;
extern const char *Txt_ID;
char StrRecordWidth[10 + 1];
/***** Start section *****/
HTM_SECTION_Begin (ID_ID_SECTION_ID);
/***** Begin box *****/
snprintf (StrRecordWidth,sizeof (StrRecordWidth),
"%upx",
Rec_RECORD_WIDTH);
Box_BoxBegin (StrRecordWidth,Txt_ID,NULL,
Hlp_PROFILE_Account,Box_NOT_CLOSABLE);
/***** Show form to change ID *****/
ID_ShowFormChangeUsrID (&Gbl.Usrs.Other.UsrDat,
false, // ItsMe
false); // IShouldFillInID
/***** End box *****/
Box_BoxEnd ();
/***** End section *****/
HTM_SECTION_End ();
}
/*****************************************************************************/
/*********************** Show form to change my user's ID ********************/
/*****************************************************************************/
static void ID_ShowFormChangeUsrID (const struct UsrData *UsrDat,
bool ItsMe,bool IShouldFillInID)
{
extern const char *Hlp_PROFILE_Account;
extern const char *The_ClassFormInBox[The_NUM_THEMES];
extern const char *Txt_Please_fill_in_your_ID;
extern const char *Txt_ID_X_confirmed;
extern const char *Txt_ID_X_not_confirmed;
extern const char *Txt_ID;
extern const char *Txt_Another_ID;
extern const char *Txt_Add_this_ID;
extern const char *Txt_The_ID_is_used_in_order_to_facilitate_;
unsigned NumID;
Act_Action_t NextAction;
/***** Show possible alerts *****/
Ale_ShowAlerts (ID_ID_SECTION_ID);
/***** Help message *****/
if (IShouldFillInID)
Ale_ShowAlert (Ale_WARNING,Txt_Please_fill_in_your_ID);
/***** Begin table *****/
HTM_TABLE_BeginWidePadding (2);
/***** List existing user's IDs *****/
for (NumID = 0;
NumID < UsrDat->IDs.Num;
NumID++)
{
if (NumID == 0)
{
HTM_TR_Begin (NULL);
HTM_TD_Begin ("class=\"REC_C1_BOT RT\"");
fprintf (Gbl.F.Out,"