Location: PHPKode > projects > EXtensible Production Suite (XPS) > xpsdev/core/controls/user_control.php
<?php

/***********************************************************************************************************
*
* <p>Contains functions responsible for adding, editing, logins, and all other handeling of user accounts</p>
*
* @author heidtc < hide@address.com >
*
************************************************************************************************************/
Class User_Control
{

	private $Database_Control;
	private $Message_Control;
	private $User;

	public $page_numbers	= '';
	public $recordset		= '';

	/***************************************************
	* <p>constructor for user control.</p>
	*
	* @access   public
	* @author 	heidtc < hide@address.com >
	* @param	Object [$Database] The database object
	* @return	type description
	***************************************************/
	public function __construct($DC, $MC)
	{
		$this->Database_Control = $DC;
		$this->Message_Control = $MC;

		require_once( MODELS . '/user.php');
		$this->User = new User;
	}

	/*************************************************
	* <p>Gets all of the account info for one user</p>
	*
	* @access   public
	* @author 	heidtc < hide@address.com >
	* @param	string [$person_id] id of a person
	* @return	recordset Account info of user
	*************************************************/
	public function get_user($user_id = '')
	{
		$sql_id = 'select_user';
		$params = array('USER_ID' => $user_id);
		$this->recordset = $this->Database_Control->get_recordset($sql_id, 'core', $params);
		return $this->recordset;
	}

	/*********************************************************
	* <p>Generates a list of users and some minor detail</p>
	*
	* @access   public
	* @author 	heidtc < hide@address.com >
	* @param	int [$offset] starting point for query results
	* @return	recordset List of users and minor info
	**********************************************************/
	public function list_users($limit = 0, $offset = 0, $order_by = 'USER_ID ASC')
	{
		$sql_id = 'select_users';
		$params = array('LIMIT' => $limit,
						'OFFSET' => $offset,
						'ORDER_BY' => $order_by,
						'table_name' => 'XPS_USER',
						'js_funct' => 'launchCoreModule',
						'mod_id' => 'UserAdmin',
						);

		$this->page_numbers = $this->Database_Control->get_page_numbers($sql_id, 'core', $params);
		$this->recordset 	= $this->Database_Control->get_recordset($sql_id, 'core', $params);
		$sort = explode(' ', $order_by);
		return array('page_numbers'=>$this->page_numbers, 'users'=>$this->recordset, 'sort'=>$sort);
	}

	/***************************************************************
	* <p>Prepares and inserts form data into the database</p>
	*
	* @access   public
	* @author 	heidtc < hide@address.com >
	* @param	postdata [$form_data] Data to be inserted into database
	* @return	string Status message
	***************************************************************/
	public function insert_user($params)
	{
		$error_count = 0;
        $message = '';
        $params['ACCOUNT_ACTIVE'] = 0;

        if($params['PASSWORD_NEW'] == $params['PASSWORD_REPEAT'])
		{
			$params['PASSWORD_TEXT'] = sha1($params['PASSWORD_NEW'].$params['PASSWORD_SALT']);
		}
		else
		{
			$message = $this->Message_Control->get_message('user_password_unmatched','core');
            $error_count = 1;
			return array('message' => $message, 'error_count' => $error_count);
		}

        $user_count = $this->Database_Control->get_recordset('count_users', 'core', $params);

        if($user_count[0]['USER_COUNT'] == 0)
        {
            $params['IS_ADMIN'] = 1;
            $params['account_auto_activate'] = 2;
        }
        else
        {
            $params['IS_ADMIN'] = 0;
        }

        if($params['account_auto_activate'] == 2)
        {
            $params['ACCOUNT_ACTIVE'] = 1;
        }

		//THIS IS A FIX FOR INSERT PARAMS...How did this ever work???
		$paramsClone = $params;
		unset($paramsClone['PASSWORD_NEW']);
		unset($paramsClone['PASSWORD_REPEAT']);
		unset($paramsClone['module_id']);
		unset($paramsClone['f']);
		unset($paramsClone['save']);
		unset($paramsClone['account_auto_activate']);
		unset($paramsClone['url']);
		unset($paramsClone['smtp_server']);
		//END FIX

        $bool = $this->Database_Control->execute_sql('insert_user', 'core', $paramsClone);

		$message = $params['USER_ID'];
		if($bool)
		{
			$message .= $this->Message_Control->get_message('user_insert_complete','core');
		}
		else
		{
			$message .= $this->Message_Control->get_message('user_insert_failed','core');
            $error_count = 1;
		}

        switch($params['account_auto_activate'])
        {
            case 0:
                $message .= ' ' . $this->Message_Control->get_message('admin_activate','core');
                break;
            case 1:
                $message .= ' ' . $this->Message_Control->get_message('email_activate','core');
                $this->generate_email($params);
                break;
            case 2:
                $message .= ' ' . $this->Message_Control->get_message('no_email_activate','core');
                break;
            default:
                break;

        }

		return array('message' => $message, 'error_count' => $error_count);
	}


    /**************************************************************
	* <p>
	*
	* @access   private
	* @author 	brian cook < hide@address.com >
	* @param	postdata [$user_data] Data to generate a GUID
	* @return	boolean
	***************************************************************/
    private function generate_email($params)
    {
        $guid = '';

        $site_url = '';

        $i = 0;

        while($i < 32)
        {
            $salt = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@$^*';
            $num = rand(0, 70) % strlen($salt);
            $tmp = substr($salt, $num, 1);
            $guid .= $tmp;
            $i++;
        }

        require_once('helpers/xpm3/XPM3_MAIL.php');

        $params['CONFIRM_GUID'] = $guid;
        $this->Database_Control->execute_sql('enter_user_guid', 'core', $params);

        //$site_url .= $_SERVER['HTTP_HOST'] . '/xps3';

        $email_message .= $this->Message_Control->get_message('email_thank', 'core');
        $email_message .= "\n" . $params['url'] . '?f=email_activate_user&USER_ID=' . $params['USER_ID'] . '&confirm_guid=' . $guid;

        $admins = $this->Database_Control->get_recordset('get_admin_email', 'core');
        $admin_email = $admins[0]['EMAIL'];

        if($params['account_auto_activate'] == 1)
        {
            $user_mail = new XPM3_MAIL;
            $user_mail->relay($params['smtp_server']);
            $user_mail->delivery('relay');
            $user_mail->from($admin_email, 'xps administrator');
            $user_mail->addto($params['EMAIL']);
            $user_mail->text($email_message);
            $user_mail->send($this->Message_Control->get_message('welcome_message', 'core'));
        }

        $email_message = $this->Message_Control->get_message('new_user_registered', 'core') . "\n";
        $email_message .= "User ID: " . $params['USER_ID'] . "\n";
        $email_message .= "Name: " . $params['FIRST_NAME'] . ' ' . $params['LAST_NAME'] . "\n";
        $email_message .= "Email Address: " . $params['EMAIL'] . "\n";
        if($params['account_auto_activate'] == 0)
        {
            $email_message .= "To activate the user, click the link below \n" . $params['url'] . '?f=email_activate_user&USER_ID=' . $params['USER_ID'] . '&confirm_guid=' . $guid;
        }

        $admin_mail = new XPM3_MAIL;
        $admin_mail->relay($params['smtp_server']);
        $admin_mail->delivery('relay');
        $admin_mail->from($admin_email, 'xps administrator');
        $admin_mail->addto($admin_email);
        $admin_mail->text($email_message);
        $admin_mail->send($this->Message_Control->get_message('site_title', 'core'));

        return $admin_email->results;
    }

    public function email_activate_user($params=array())
    {
        $user = $this->Database_Control->get_recordset('select_user', 'core', $params);
        if(strcmp($params['confirm_guid'], $user[0]['CONFIRM_GUID']) == 0)
        {
            return $this->activate_user($params['USER_ID']);
        }
    }

    /**************************************************************
	* <p>
	*
	* @access   public
	* @author 	heidtc < hide@address.com >
	* @param	postdata [$form_data] Data to be updated into database
	* @return	error_count and message
	***************************************************************/
    public function change_user_password($params=array())
    {

        $error_count = 0;
        $message = '';

        $old_password_info = $this->Database_Control->get_recordset('get_user_password', 'core', $params);
        if(!sha1($params['PASSWORD_OLD'].$old_password_info[0]['PASSWORD_SALT']) == $old_password_info[0]['PASSWORD_TEXT'])
        {
            $error_count++;
            $message .= $this->Message_Control->get_message('user_password_unmatched', 'core');
            return array('message' => $message, 'error_count' => $error_count);
        }

        if($params['PASSWORD_NEW'] == $params['PASSWORD_REPEAT'])
		{
			$params['PASSWORD_TEXT'] = sha1($params['PASSWORD_NEW'].$params['PASSWORD_SALT']);
            $bool = $this->Database_Control->execute_sql('update_user_password', 'core', $params);

            if(!$bool)
            {
                $error_count++;
                $message .= $this->Message_Control->get_message('user_update_failed', 'core');
                return array('message' => $message, 'error_count' => $error_count);
            }
            else
            {
                $message .= $this->Message_Control->get_message('user_update_complete', 'core');
                return array('message' => $message, 'error_count' => $error_count);
            }

		}
		else
		{
			$message = $this->Message_Control->get_message('user_password_unmatched','core');
            $error_count = 1;
			return array('message' => $message, 'error_count' => $error_count);
		}
    }

	/**************************************************************
	* <p>Prepares and updates form data into the database</p>
	*
	* @access   public
	* @author 	heidtc < hide@address.com >
	* @param	postdata [$form_data] Data to be updated into database
	* @return	type description
	***************************************************************/
	public function update_user($form_data)
	{
		$original_info = $this->Database_Control->get_recordset('select_user', 'core', array('USER_ID' => $form_data['USER_ID']));
        $error_count = 0;

		foreach($form_data as $key => $val)
		{
			$original_info[0][$key] = $val;
		}

		$bool = $this->Database_Control->execute_sql('update_user', 'core', $original_info[0]);
		$message = $original_info[0]['USER_ID'];
		if($bool)
		{
			$message .= $this->Message_Control->get_message('user_update_complete','core');
		}
		else
		{
			$message .= $this->Message_Control->get_message('user_update_failed','core');
            $error_count++;
		}

		return array('message' => $message, 'error_count' => $error_count);
	}

	/**************************************
	* <p>deletes a user account</p>
	*
	* @access   public
	* @author 	heidtc < hide@address.com >
	* @param	string [$person_id] id of user
	* @return	type description
	**************************************/
	public function delete_user($user_id = '')
	{
		$sql_id = 'delete_user';
		$params = array('USER_ID' => $user_id);
        $message = '';

        if($user_id == $_SESSION['username'])
        {
            $message .= $this->Message_Control->get_message('self_delete','core');
			exit("{success:false, error:{ name:'Deletion Error',description:'$message'} }");
        }

		$bool = $this->Database_Control->execute_sql($sql_id, 'core', $params);
		return $bool;
	}

	/*******************************************
	* <p>Activates a user account</p>
	*
	* @access   public
	* @author 	heidtc < hide@address.com >
	* @param	string [$person_id] id of user
	* @return	type description
	*******************************************/
	public function activate_user($user_id = '')
	{
		$sql_id = 'update_user_active';
		$params = array('USER_ID' => $user_id,
						'ACCOUNT_ACTIVE' => 1);

		$bool = $this->Database_Control->execute_sql($sql_id, 'core', $params);
		return $bool;
	}

	/********************************************
	* <p>Deactivates a user account</p>
	*
	* @access   public
	* @author 	heidtc < hide@address.com >
	* @param	string [$person_id] id of user
	* @return	type description
	********************************************/
	public function deactivate_user($user_id = '')
	{
		$sql_id = 'update_user_active';
		$params = array('USER_ID' => $user_id,
						'ACCOUNT_ACTIVE' => 0);

		$bool = $this->Database_Control->execute_sql($sql_id, 'core', $params);
		return $bool;
	}



	/***************************************
	* <p>logs a user onto the system</p>
	*
	* @access   public
	* @author 	heidtc < hide@address.com >, Travis Rennemann <hide@address.com>
	* @param	string [$username] Username
	* @param	string [$password] Password
	* @return	type description
	****************************************/
	public function login_user($username, $password)
	{
		$stored_password ='';
		$stored_salt = '';
        $error_count = 0;
        $message = '';
		$sql_id = 'select_user_login';
		$params = array('USER_ID' => $username);

		$this->recordset = $this->Database_Control->get_recordset($sql_id, 'core',$params);

		if(isset($this->recordset[0]))
		{
			$stored_password = $this->recordset[0]['PASSWORD_TEXT'];
			$stored_salt = $this->recordset[0]['PASSWORD_SALT'];
		}

		if( $stored_password == sha1($password . $stored_salt) )
		{
			if(isset($this->recordset[0]) and ($this->recordset[0]['ACCOUNT_ACTIVE'] == 1) )
			{
				$this->User->begin_session($username, $this->recordset);
                //$message = $this->Message_Control->get_message('user_login_complete','core');
			}
			else
			{
				$message = $this->Message_Control->get_message('user_account_inactive','core');
                $error_count++;
			}
		}
		else
		{
			$message = $this->Message_Control->get_message('user_login_failed','core');
            $error_count++;
		}

		return array('message' => $message, 'error_count' => $error_count);
	}

	/**************************************
	* <p>logs a user out of the system</p>
	*
	* @access   public
	* @author 	heidtc < hide@address.com >
	* @return	type description
	**************************************/
	public function logout_user()
	{
		$this->User->end_session();
		return $this->Message_Control->get_message('user_logout_complete','core');
	}

	/*********************************************************
	* <p>Sends confirmation email</p>
	*
	* @access   public
	* @author 	heidtc < hide@address.com >
	* @param	string [$user_id] id of user
	* @param	string [$type] pre-set email type OR a message id
	* @return	string Completion status
	**********************************************************/
	public function send_email($user_id, $type)
	{
		$sql_id = 'select_user_email';
		$params = array('USER_ID' => $user_id);

		$rs = $this->Database_Control->get_recordset($sql_id, $params);

		$user_email = $rs[0]['EMAIL'];
		$message = $this->prepare_email($type);

		if($this->User->launch_email($user_email, $message))
			return $this->Message_Control->get_message('send_email_complete');
		else
			return $this->Message_Control->get_message('send_email_failed');
	}

/************************************
*         PRIVATE FUNCTIONS         *
************************************/

	/*********************************************************
	* <p>Updates user address info</p>
	*
	* @access   private
	* @author 	heidtc < hide@address.com >
	* @param	postdata [$form_data] Data to be updated into database
	* @return	boolean Completion status
	**********************************************************/
	private function update_user_address($form_data)
	{
		$sql_id = 'update_user_address';

		//@todo need to make user email table
		$params = array('');

		$this->Database_Control->execute_sql_statement($sql_id, $params);
	}

	/*********************************************************
	* <p>Updates user email info</p>
	*
	* @access   private
	* @author 	heidtc < hide@address.com >
	* @param	postdata [$form_data] Data to be updated into database
	* @return	boolean Completion status
	**********************************************************/
	private function update_user_email($form_data)
	{
		$sql_id = 'update_user_email';

		//@todo need to make user email table
		$params = array('');

		$this->Database_Control->execute_sql_statement($sql_id, $params);
	}

	/*********************************************************
	* <p>Updates user phone info</p>
	*
	* @access   private
	* @author 	heidtc < hide@address.com >
	* @param	postdata [$form_data] Data to be updated into database
	* @return	boolean Completion status
	**********************************************************/
	private function update_user_phone($form_data)
	{
		$sql_id = 'update_user_phone';

		//@todo need to make user email table
		$params = array('');

		$this->Database_Control->execute_sql_statement($sql_id, $params);
	}

	/****************************************************************
	* <p>Prepares emails</p>
	*
	* @access   private
	* @author 	heidtc < hide@address.com >
	* @param	string [$type] pre-set email type OR a message id
	* @return	string Prepared email message
	****************************************************************/
	private function prepare_email($type)
	{
	    switch($type)
	    {
	        case 'user_confirmation':
				$message = $this->Message_Control->get_message('email_user_confirmation');
				//Do something to message
				$prepared_message = $message;
	        break;

	        case 'admin_confirmation':
				$message = $this->Message_Control->get_message('email_admin_confirmation');
				//Do something to message
				$prepared_message = $message;
	        break;

	        case 'reset_password':
				$message = $this->Message_Control->get_message('email_reset_password');
				//Do something to message
				$prepared_message = $message;
	        break;

	        default:
				$prepared_message = $this->Message_Control->get_message($type);
	        break;
	    }
	    return $prepared_message;
	}

}//END CLASS
?>
Return current item: EXtensible Production Suite (XPS)