<?PHP
/**
* /logic/user/user.class.php
*
* Governs everything about users.
*
* @package AgaresCore4
* @author Agares Media <hide@address.com>
* @copyright Copyright (c) 2007, 2008, 2009 Agares Media. All rights reserved.
*/
/**
* user() Class
*
* Governs everything about users.
* @package AgaresCore4
* @var interger $currentuserid The class variable that holds the current users userid.
*/
loadclass('rootclass');
class user extends rootclass {
var $currentuserid;
public function __construct() {
$this->currentuserid = 0;
}
public function __destruct() {
//
}
/**
* setcookie() Method
*
* This method will create a logged in cookie for the user specified in $userkey. The ac4uid cookie is set for a longer period of time to
* match the length of time the ac4perm cookie is set.
*
* @access public
* @param integer $userkey The primary key for the user in question
* @return boolean Returns true if the cookies were set, false otherwise
* @see remember()
*/
public function setcookie($userkey) {
$userpassword = $this->get($userkey, '`user_password`'); // Let's grab the users hashed password value
$cookievalue = md5($userpassword . $this->getsid()); // The hash value stored in the cookie is a hash of the password hash along with the session id
$cookievalue = serialize($cookievalue); // Before writing to the cookie, the data is serialized
if (setcookie("ac4login", $cookievalue, time()+360000, '/') && setcookie("ac4uid", $userkey, time()+36000000, '/')) {
return true;
} else {
return false;
}
}
/**
* readcookie() Method
*
* This method looks to see if the login cookie has been set. If so, it returns the value of the cookie, otherwise it returns false
*
* @access private
* @return mixed Returns the value of the cookie if it is set, otherwise it returns false.
*/
private function readcookie() {
if(isset($_COOKIE['ac4login'])) {
return unserialize($_COOKIE['ac4login']);
} else {
return false;
}
}
/**
* validatecookie() Method
*
* Verifies that the cookie is set, the session is still current, etc. Also updates the user database for the current IP address and time stamp the user logged in.
*
* @access public
* @return boolean Returns true if the user was validated, otherwise redirects to login
*/
public function validatecookie() {
global $defaultloginpage, $router;
if ($this->verifycookie()==false) {
$router->reroute("$defaultloginpage"); // Reroutes to the login page
exit();
}
}
/**
* verifycookie() Method
*
* Verifies that the cookie is set, the session is still current, etc. Also updates the user database for the current IP address and time stamp the user logged in.
*
* @access public
* @return boolean Returns true if the user was validated, otherwise false
*/
public function verifycookie() {
global $database;
if(isset($_COOKIE['ac4uid']) && is_numeric($_COOKIE['ac4uid'])) {
$userkey = $this->clean($_COOKIE['ac4uid']);
if(isset($_COOKIE['ac4perm'])) { // First we'll try and see if the user has a permanent cookie
$keys = @$this->get($this->clean($_COOKIE['ac4uid']), '`user_key`, `user_remember_key`');
$finalkey = md5($keys['user_key'] . $keys['user_remember_key'] . $_SERVER['REMOTE_ADDR']);
if($this->clean($_COOKIE['ac4perm'])==$finalkey) {
$this->debug('User perm validated as UID: '.$this->clean($_COOKIE['ac4uid']));
$this->currentuserid = $this->clean($_COOKIE['ac4uid']);
$database->query('UPDATE `users` SET `user_last_ip`="'.$database->clean($_SERVER['REMOTE_ADDR']).'", `user_last_visit_date`="'.date("Ymd").'" WHERE `id`='.$this->clean($_COOKIE['ac4uid']).';');
return true;
} else {
$this->debug('User perm validation failed as UID: '.$this->clean($_COOKIE['ac4uid']));
$this->removecookie(); // Deletes the permanent ac4perm cookie so we can try logining in again.
return false; // Was unable to authenticate cookie
}
} else {
if($this->readcookie()!=false){
$userpassword = $this->get($userkey, '`user_password`');
$cookievalue = md5($userpassword . $this->getsid());
if($this->readcookie()==$cookievalue){
$this->debug('User validated as UID: '.$this->clean($_COOKIE['ac4uid']));
$this->currentuserid = $this->clean($_COOKIE['ac4uid']);
$database->query('UPDATE `users` SET `user_last_ip`="'.$database->clean($_SERVER['REMOTE_ADDR']).'", `user_last_visit_date`="'.date("Ymd").'" WHERE `id`='.$this->clean($_COOKIE['ac4uid']).';');
return true;
} else {
$this->debug('User validation failed as UID: '.$this->clean($_COOKIE['ac4uid']));
return false; // Was unable to authenticate cookie
}
} else {
$this->debug('User validation failed. No ac4login cookie set.');
return false; // Return false, no cookie set
}
}
} else {
$this->debug('User validation failed. No UID set.');
return false; // Return false, no cookie set
}
}
/**
* remember() Method
*
* Sets a persistent cookie
* @access public
*/
public function remember($userkey) {
$keys = $this->get($userkey, '`user_key`, `user_remember_key`, `user_last_ip`');
$finalkey = md5($keys['user_key'] . $keys['user_remember_key'] . $keys['user_last_ip']);
setcookie("ac4perm", $finalkey, time()+36000000, '/');
}
/**
* removepermcookie() Method
*
* Removes the AgaresCore 4 permanent login cookie (ac4perm) Returns true on success, false on failure
*
* @access public
* @return boolean Returns true on success, false on failure
*/
public function removepermcookie() {
if(setcookie("ac4perm", false, time()-3600, '/')) {
return true;
} else {
return false;
}
}
/**
* removecookie() Method
*
* Removes the AgaresCore 4 login cookies. Returns true on success, false on failure
*
* @access public
* @return boolean Returns true on success, false on failure
*/
public function removecookie() {
if(setcookie("ac4login", false, time()-3600, '/') && setcookie("ac4uid", false, time()-3600, '/') && $this->removepermcookie()) {
return true;
} else {
return false;
}
}
/**
* generatepass() Method
*
* This returns a string with the properly encoded and formated password for the user/password specified
*
* @access public
* @param integer $userkey The primary key for the user in question
* @param string $stringpassword The plain text password that the user most likely entered in a login form
* @return string Returns a string with the properly encoded and formated password for the user/password specified
*/
public function generatepass($userkey, $stringpassword) {
global $globalsalt; // The global salt is set in settings.php
$userhash = $this->get($userkey, '`user_key`');
$finalpass = md5($userhash[0] . $stringpassword . $globalsalt);
return $finalpass;
}
/**
* checkpass() Method
*
* This method returns true if the information provided matches the password stored in the database,
* otherwise it returns false
*
* @access public
* @param integer $userkey The primary key for the user in question
* @param string $stringpassword The plain text password that the user most likely entered in a login form
* @return boolean Returns true if the information provided matches the password stored in the database, otherwise it returns false
*/
public function checkpass($userkey, $stringpassword) {
$inputpass = $this->generatepass($userkey, $stringpassword);
$userpassword = $this->get($userkey, '`user_password`');
if($inputpass==$userpassword[0]) {
return true;
} else {
return false;
}
}
/**
* getsid() Method
*
* Returns the current session ID.
* @access public
* @return mixed Returns the current session ID or false if no session exists (should never happen)
*/
public function getsid() {
if(isset($_SESSION)) {
return session_id();
} else {
return false;
}
}
/**
* getuid() Method
*
* Resolves and returns the User ID number based off the primary key
* @access public
* @param string $username The username you wish to look up the user id of.
* @return mixed Returns an integer value, corresponding to the user id. If the query fails, returns false.
*/
public function getuid($username) {
global $database;
if($result = $database->query('SELECT `id` FROM `users` WHERE `username`="'.$this->clean($username).'";')) {
return $result[0][0];
} else {
return false;
}
}
/**
* get() Method
*
* The get() method returns information regarding the user specified in $user, and returns the columns specified in $columns
* Be careful to properly sanitize any user submitted data before feeding it to this method.
*
* @access public
* @param integer $user The user number of the user you wish to look up
* @param string $columns The comma seperated list of columns to return. By default this method returns all columns.
*/
public function get($user, $columns = '*') {
global $database; // $database is the global database connection
try {
if ($result = $database->query('SELECT '.$columns.' FROM `users` WHERE `id`='.$user.';')) {
return $result[0];
} else {
throw new Exception('A query used to access the user database failed. $user='.$user.' $columns='.$columns);
}
} catch(Exception $e) {
$this->errorReport($e);
}
}
/**
* permissions() Method
*
* Returns the numeric permission level for the $user specified
*
* @access public
* @param integer $user The user number of the user to look up permissions for. If not specified, this will return guest privledges
* @return integer Returns the numeric permission level for the $user specified
*/
public function permissions($user=0) {
try {
if($user!=0) {
$group_id = $this->get($user, '`group_id`');
$this->debug('User permission level: ' . $group_id['group_id']);
return $group_id['group_id']; // Return the permission level of the user
} else {
return 997; // Return 997, which is the default "Guest"
}
} catch(Exception $e) {
$this->errorReport($e);
}
}
/**
* createuser() Method
*
* Creates a new user
*
* @access public
* @param array $userfields
* @return void
*/
public function createuser($userfields) {
global $database;
$database->query("INSERT INTO `users` (`id`,`group_id`,`username`,`user_password`,`user_email`,`user_ip`,`user_points`,`user_slogan`,`user_description`,`user_location`,`user_avatar`,`user_last_visit_date`,`user_register_date`,`user_posts`,`user_comments`,`user_warnings`,`user_language`,`user_timezone`,`user_website`,`user_birthday`,`user_aim`,`user_msn`,`user_skype`,`user_signature`,`user_hobbies`,`user_favorite_music`,`user_favorite_movies`,`user_favorite_games`,`user_about`,`user_mood`,`user_key`,`user_remember_key`,`user_last_ip`) VALUES ({$userfields['id']},{$userfields['group_id']},'{$userfields['username']}','{$userfields['user_password']}','{$userfields['user_email']}','{$userfields['user_ip']}',{$userfields['user_points']},'{$userfields['user_slogan']}','{$userfields['user_description']}','{$userfields['user_location']}','{$userfields['user_avatar']}',{$userfields['user_last_visit_date']},{$userfields['user_register_date']},{$userfields['user_posts']},{$userfields['user_comments']},{$userfields['user_warnings']},'{$userfields['user_language']}','{$userfields['user_timezone']}','{$userfields['user_website']}',{$userfields['user_birthday']},'{$userfields['user_aim']}','{$userfields['user_msn']}','{$userfields['user_skype']}','{$userfields['user_signature']}','{$userfields['user_hobbies']}','{$userfields['user_favorite_music']}','{$userfields['user_favorite_movies']}','{$userfields['user_favorite_games']}','{$userfields['user_about']}','{$userfields['user_mood']}','{$userfields['user_key']}','{$userfields['user_remember_key']}','{$userfields['user_last_ip']}');");
}
}