<?php
/***********************************************************************************************************
*
* <p>Contains functions responsible for adding, editing, logins, and all other handeling of user accounts</p>
*
* @author heidtc < hide@address.com >
*
************************************************************************************************************/
Class User_Control
{
private $Database_Control;
private $Message_Control;
private $User;
public $page_numbers = '';
public $recordset = '';
/***************************************************
* <p>constructor for user control.</p>
*
* @access public
* @author heidtc < hide@address.com >
* @param Object [$Database] The database object
* @return type description
***************************************************/
public function __construct($DC, $MC)
{
$this->Database_Control = $DC;
$this->Message_Control = $MC;
require_once( MODELS . '/user.php');
$this->User = new User;
}
/*************************************************
* <p>Gets all of the account info for one user</p>
*
* @access public
* @author heidtc < hide@address.com >
* @param string [$person_id] id of a person
* @return recordset Account info of user
*************************************************/
public function get_user($user_id = '')
{
$sql_id = 'select_user';
$params = array('USER_ID' => $user_id);
$this->recordset = $this->Database_Control->get_recordset($sql_id, 'core', $params);
return $this->recordset;
}
/*********************************************************
* <p>Generates a list of users and some minor detail</p>
*
* @access public
* @author heidtc < hide@address.com >
* @param int [$offset] starting point for query results
* @return recordset List of users and minor info
**********************************************************/
public function list_users($limit = 0, $offset = 0, $order_by = 'USER_ID ASC')
{
$sql_id = 'select_users';
$params = array('LIMIT' => $limit,
'OFFSET' => $offset,
'ORDER_BY' => $order_by,
'table_name' => 'XPS_USER',
'js_funct' => 'launchCoreModule',
'mod_id' => 'UserAdmin',
);
$this->page_numbers = $this->Database_Control->get_page_numbers($sql_id, 'core', $params);
$this->recordset = $this->Database_Control->get_recordset($sql_id, 'core', $params);
$sort = explode(' ', $order_by);
return array('page_numbers'=>$this->page_numbers, 'users'=>$this->recordset, 'sort'=>$sort);
}
/***************************************************************
* <p>Prepares and inserts form data into the database</p>
*
* @access public
* @author heidtc < hide@address.com >
* @param postdata [$form_data] Data to be inserted into database
* @return string Status message
***************************************************************/
public function insert_user($params)
{
$error_count = 0;
$message = '';
$params['ACCOUNT_ACTIVE'] = 0;
if($params['PASSWORD_NEW'] == $params['PASSWORD_REPEAT'])
{
$params['PASSWORD_TEXT'] = sha1($params['PASSWORD_NEW'].$params['PASSWORD_SALT']);
}
else
{
$message = $this->Message_Control->get_message('user_password_unmatched','core');
$error_count = 1;
return array('message' => $message, 'error_count' => $error_count);
}
$user_count = $this->Database_Control->get_recordset('count_users', 'core', $params);
if($user_count[0]['USER_COUNT'] == 0)
{
$params['IS_ADMIN'] = 1;
$params['account_auto_activate'] = 2;
}
else
{
$params['IS_ADMIN'] = 0;
}
if($params['account_auto_activate'] == 2)
{
$params['ACCOUNT_ACTIVE'] = 1;
}
//THIS IS A FIX FOR INSERT PARAMS...How did this ever work???
$paramsClone = $params;
unset($paramsClone['PASSWORD_NEW']);
unset($paramsClone['PASSWORD_REPEAT']);
unset($paramsClone['module_id']);
unset($paramsClone['f']);
unset($paramsClone['save']);
unset($paramsClone['account_auto_activate']);
unset($paramsClone['url']);
unset($paramsClone['smtp_server']);
//END FIX
$bool = $this->Database_Control->execute_sql('insert_user', 'core', $paramsClone);
$message = $params['USER_ID'];
if($bool)
{
$message .= $this->Message_Control->get_message('user_insert_complete','core');
}
else
{
$message .= $this->Message_Control->get_message('user_insert_failed','core');
$error_count = 1;
}
switch($params['account_auto_activate'])
{
case 0:
$message .= ' ' . $this->Message_Control->get_message('admin_activate','core');
break;
case 1:
$message .= ' ' . $this->Message_Control->get_message('email_activate','core');
$this->generate_email($params);
break;
case 2:
$message .= ' ' . $this->Message_Control->get_message('no_email_activate','core');
break;
default:
break;
}
return array('message' => $message, 'error_count' => $error_count);
}
/**************************************************************
* <p>
*
* @access private
* @author brian cook < hide@address.com >
* @param postdata [$user_data] Data to generate a GUID
* @return boolean
***************************************************************/
private function generate_email($params)
{
$guid = '';
$site_url = '';
$i = 0;
while($i < 32)
{
$salt = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@$^*';
$num = rand(0, 70) % strlen($salt);
$tmp = substr($salt, $num, 1);
$guid .= $tmp;
$i++;
}
require_once('helpers/xpm3/XPM3_MAIL.php');
$params['CONFIRM_GUID'] = $guid;
$this->Database_Control->execute_sql('enter_user_guid', 'core', $params);
//$site_url .= $_SERVER['HTTP_HOST'] . '/xps3';
$email_message .= $this->Message_Control->get_message('email_thank', 'core');
$email_message .= "\n" . $params['url'] . '?f=email_activate_user&USER_ID=' . $params['USER_ID'] . '&confirm_guid=' . $guid;
$admins = $this->Database_Control->get_recordset('get_admin_email', 'core');
$admin_email = $admins[0]['EMAIL'];
if($params['account_auto_activate'] == 1)
{
$user_mail = new XPM3_MAIL;
$user_mail->relay($params['smtp_server']);
$user_mail->delivery('relay');
$user_mail->from($admin_email, 'xps administrator');
$user_mail->addto($params['EMAIL']);
$user_mail->text($email_message);
$user_mail->send($this->Message_Control->get_message('welcome_message', 'core'));
}
$email_message = $this->Message_Control->get_message('new_user_registered', 'core') . "\n";
$email_message .= "User ID: " . $params['USER_ID'] . "\n";
$email_message .= "Name: " . $params['FIRST_NAME'] . ' ' . $params['LAST_NAME'] . "\n";
$email_message .= "Email Address: " . $params['EMAIL'] . "\n";
if($params['account_auto_activate'] == 0)
{
$email_message .= "To activate the user, click the link below \n" . $params['url'] . '?f=email_activate_user&USER_ID=' . $params['USER_ID'] . '&confirm_guid=' . $guid;
}
$admin_mail = new XPM3_MAIL;
$admin_mail->relay($params['smtp_server']);
$admin_mail->delivery('relay');
$admin_mail->from($admin_email, 'xps administrator');
$admin_mail->addto($admin_email);
$admin_mail->text($email_message);
$admin_mail->send($this->Message_Control->get_message('site_title', 'core'));
return $admin_email->results;
}
public function email_activate_user($params=array())
{
$user = $this->Database_Control->get_recordset('select_user', 'core', $params);
if(strcmp($params['confirm_guid'], $user[0]['CONFIRM_GUID']) == 0)
{
return $this->activate_user($params['USER_ID']);
}
}
/**************************************************************
* <p>
*
* @access public
* @author heidtc < hide@address.com >
* @param postdata [$form_data] Data to be updated into database
* @return error_count and message
***************************************************************/
public function change_user_password($params=array())
{
$error_count = 0;
$message = '';
$old_password_info = $this->Database_Control->get_recordset('get_user_password', 'core', $params);
if(!sha1($params['PASSWORD_OLD'].$old_password_info[0]['PASSWORD_SALT']) == $old_password_info[0]['PASSWORD_TEXT'])
{
$error_count++;
$message .= $this->Message_Control->get_message('user_password_unmatched', 'core');
return array('message' => $message, 'error_count' => $error_count);
}
if($params['PASSWORD_NEW'] == $params['PASSWORD_REPEAT'])
{
$params['PASSWORD_TEXT'] = sha1($params['PASSWORD_NEW'].$params['PASSWORD_SALT']);
$bool = $this->Database_Control->execute_sql('update_user_password', 'core', $params);
if(!$bool)
{
$error_count++;
$message .= $this->Message_Control->get_message('user_update_failed', 'core');
return array('message' => $message, 'error_count' => $error_count);
}
else
{
$message .= $this->Message_Control->get_message('user_update_complete', 'core');
return array('message' => $message, 'error_count' => $error_count);
}
}
else
{
$message = $this->Message_Control->get_message('user_password_unmatched','core');
$error_count = 1;
return array('message' => $message, 'error_count' => $error_count);
}
}
/**************************************************************
* <p>Prepares and updates form data into the database</p>
*
* @access public
* @author heidtc < hide@address.com >
* @param postdata [$form_data] Data to be updated into database
* @return type description
***************************************************************/
public function update_user($form_data)
{
$original_info = $this->Database_Control->get_recordset('select_user', 'core', array('USER_ID' => $form_data['USER_ID']));
$error_count = 0;
foreach($form_data as $key => $val)
{
$original_info[0][$key] = $val;
}
$bool = $this->Database_Control->execute_sql('update_user', 'core', $original_info[0]);
$message = $original_info[0]['USER_ID'];
if($bool)
{
$message .= $this->Message_Control->get_message('user_update_complete','core');
}
else
{
$message .= $this->Message_Control->get_message('user_update_failed','core');
$error_count++;
}
return array('message' => $message, 'error_count' => $error_count);
}
/**************************************
* <p>deletes a user account</p>
*
* @access public
* @author heidtc < hide@address.com >
* @param string [$person_id] id of user
* @return type description
**************************************/
public function delete_user($user_id = '')
{
$sql_id = 'delete_user';
$params = array('USER_ID' => $user_id);
$message = '';
if($user_id == $_SESSION['username'])
{
$message .= $this->Message_Control->get_message('self_delete','core');
exit("{success:false, error:{ name:'Deletion Error',description:'$message'} }");
}
$bool = $this->Database_Control->execute_sql($sql_id, 'core', $params);
return $bool;
}
/*******************************************
* <p>Activates a user account</p>
*
* @access public
* @author heidtc < hide@address.com >
* @param string [$person_id] id of user
* @return type description
*******************************************/
public function activate_user($user_id = '')
{
$sql_id = 'update_user_active';
$params = array('USER_ID' => $user_id,
'ACCOUNT_ACTIVE' => 1);
$bool = $this->Database_Control->execute_sql($sql_id, 'core', $params);
return $bool;
}
/********************************************
* <p>Deactivates a user account</p>
*
* @access public
* @author heidtc < hide@address.com >
* @param string [$person_id] id of user
* @return type description
********************************************/
public function deactivate_user($user_id = '')
{
$sql_id = 'update_user_active';
$params = array('USER_ID' => $user_id,
'ACCOUNT_ACTIVE' => 0);
$bool = $this->Database_Control->execute_sql($sql_id, 'core', $params);
return $bool;
}
/***************************************
* <p>logs a user onto the system</p>
*
* @access public
* @author heidtc < hide@address.com >, Travis Rennemann <hide@address.com>
* @param string [$username] Username
* @param string [$password] Password
* @return type description
****************************************/
public function login_user($username, $password)
{
$stored_password ='';
$stored_salt = '';
$error_count = 0;
$message = '';
$sql_id = 'select_user_login';
$params = array('USER_ID' => $username);
$this->recordset = $this->Database_Control->get_recordset($sql_id, 'core',$params);
if(isset($this->recordset[0]))
{
$stored_password = $this->recordset[0]['PASSWORD_TEXT'];
$stored_salt = $this->recordset[0]['PASSWORD_SALT'];
}
if( $stored_password == sha1($password . $stored_salt) )
{
if(isset($this->recordset[0]) and ($this->recordset[0]['ACCOUNT_ACTIVE'] == 1) )
{
$this->User->begin_session($username, $this->recordset);
//$message = $this->Message_Control->get_message('user_login_complete','core');
}
else
{
$message = $this->Message_Control->get_message('user_account_inactive','core');
$error_count++;
}
}
else
{
$message = $this->Message_Control->get_message('user_login_failed','core');
$error_count++;
}
return array('message' => $message, 'error_count' => $error_count);
}
/**************************************
* <p>logs a user out of the system</p>
*
* @access public
* @author heidtc < hide@address.com >
* @return type description
**************************************/
public function logout_user()
{
$this->User->end_session();
return $this->Message_Control->get_message('user_logout_complete','core');
}
/*********************************************************
* <p>Sends confirmation email</p>
*
* @access public
* @author heidtc < hide@address.com >
* @param string [$user_id] id of user
* @param string [$type] pre-set email type OR a message id
* @return string Completion status
**********************************************************/
public function send_email($user_id, $type)
{
$sql_id = 'select_user_email';
$params = array('USER_ID' => $user_id);
$rs = $this->Database_Control->get_recordset($sql_id, $params);
$user_email = $rs[0]['EMAIL'];
$message = $this->prepare_email($type);
if($this->User->launch_email($user_email, $message))
return $this->Message_Control->get_message('send_email_complete');
else
return $this->Message_Control->get_message('send_email_failed');
}
/************************************
* PRIVATE FUNCTIONS *
************************************/
/*********************************************************
* <p>Updates user address info</p>
*
* @access private
* @author heidtc < hide@address.com >
* @param postdata [$form_data] Data to be updated into database
* @return boolean Completion status
**********************************************************/
private function update_user_address($form_data)
{
$sql_id = 'update_user_address';
//@todo need to make user email table
$params = array('');
$this->Database_Control->execute_sql_statement($sql_id, $params);
}
/*********************************************************
* <p>Updates user email info</p>
*
* @access private
* @author heidtc < hide@address.com >
* @param postdata [$form_data] Data to be updated into database
* @return boolean Completion status
**********************************************************/
private function update_user_email($form_data)
{
$sql_id = 'update_user_email';
//@todo need to make user email table
$params = array('');
$this->Database_Control->execute_sql_statement($sql_id, $params);
}
/*********************************************************
* <p>Updates user phone info</p>
*
* @access private
* @author heidtc < hide@address.com >
* @param postdata [$form_data] Data to be updated into database
* @return boolean Completion status
**********************************************************/
private function update_user_phone($form_data)
{
$sql_id = 'update_user_phone';
//@todo need to make user email table
$params = array('');
$this->Database_Control->execute_sql_statement($sql_id, $params);
}
/****************************************************************
* <p>Prepares emails</p>
*
* @access private
* @author heidtc < hide@address.com >
* @param string [$type] pre-set email type OR a message id
* @return string Prepared email message
****************************************************************/
private function prepare_email($type)
{
switch($type)
{
case 'user_confirmation':
$message = $this->Message_Control->get_message('email_user_confirmation');
//Do something to message
$prepared_message = $message;
break;
case 'admin_confirmation':
$message = $this->Message_Control->get_message('email_admin_confirmation');
//Do something to message
$prepared_message = $message;
break;
case 'reset_password':
$message = $this->Message_Control->get_message('email_reset_password');
//Do something to message
$prepared_message = $message;
break;
default:
$prepared_message = $this->Message_Control->get_message($type);
break;
}
return $prepared_message;
}
}//END CLASS
?>