Location: PHPKode > projects > Journalness > Journalness_4.1.1_Full/includes/users.class.php
<?php

// no direct access
defined( '_VALID_JOURNALNESS' ) or die( 'Restricted access' );

class Users
{

	/*
	** Class constructor
	*/
	function Users(){
		global $database;
	}

	function getUserList(){
		global $database;

		$query = "SELECT id, username FROM #__users ORDER BY username ASC";
		$userlist = $database->getArray($query);

		return $userlist;
	}

	function getUserInfo($uid){
		global $database;

		$uid = intval($uid);
		$uid = $database->QMagic($uid);
		$query = "SELECT * FROM #__users WHERE id = $uid";
		$result = $database->GetArray($query);
		$row = NULL;

		if(isset($result[0])){
			$row = $result[0];
		}

		return $row;
	}

	function register($vars){
		global $database, $form, $mailer;
		global $journalnessConfig_guest_name, $journalnessConfig_send_welcome_email;

      	$field = "register_username";
		$subuser = $vars['register_username'];
      	if(!$subuser || strlen($subuser = trim($subuser)) == 0){
        		$form->setError($field, "* Username has not been entered");
      	}else{
         		$subuser = stripslashes($subuser);
         		if(strlen($subuser) < 4){
				$form->setError($field, "* Username is too small");
			}elseif(strlen($subuser) > 20){
				$form->setError($field, "* Username is too big");
         		}elseif(strcasecmp($subuser, $journalnessConfig_guest_name) == 0){
				$form->setError($field, "* Username is reserved");
			}elseif($this->usernameTaken($subuser)){
				$form->setError($field, "* Username is already in use");
			}
			$vars['register_username'] = $subuser;
      	}

      	$field = "register_password";
		$subpass = $vars['register_password'];
		$subconf = $vars['register_password_confirm'];
		if(!$subpass){
			$form->setError($field, "* Password has not been entered");
		}else{
			$subpass = stripslashes($subpass);
			if(strlen($subpass) < 4){
				$form->setError($field, "* Password is too small");
			}elseif(strcasecmp($subpass, $subconf) != 0){
				$form->setError($field, "* Passwords do not match");
			}
			$subpass = trim($subpass);
		}

		$field = "register_password_confirm";
		if(!$subconf){
			$form->setError($field, "* Password has not been entered");
		}else{
			$subconf = stripslashes($subconf);
			if(strlen($subconf) < 4){
				$form->setError($field, "* Password is too small");
			}elseif(strcasecmp($subconf, $subpass) != 0){
				$form->setError($field, "* Passwords do not match");
			}
			$conf = trim($subconf);
		}
		$vars['register_password'] = $subpass;
		unset($vars['register_password_confirm']);
      
		$field = "register_email";
		$subemail = $vars['register_email'];
		if(!$subemail || strlen($subemail = trim($subemail)) == 0){
			$form->setError($field, "* Email has not been entered");
		}else{
			$regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
			."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
			."\.([a-z]{2,}){1}$";
			if(!eregi($regex,$subemail)){
				$form->setError($field, "* Invalid email address");
			}elseif($this->emailTaken($subemail)){
				$form->setError($field, "* Email address is already taken");
			}
			$subemail = stripslashes($subemail);
		}

		if($form->num_errors > 0){
			return 1;
		}else{
			if($this->addUser($vars)){
				if($journalnessConfig_send_welcome_email){
					$mailer->sendWelcome($subuser, $subemail);
				}
				return 0;
			}else{
				return 2;
			}
		}
	}

	function editprofile($vars){
		global $database, $form, $session;
		global $journalnessConfig_guest_name, $journalnessConfig_send_welcome_email;

		if(isset($vars['profile_username'])){
      		$field = "profile_username";
			$subuser = $vars['profile_username'];
      		if(!$subuser || strlen($subuser = trim($subuser)) == 0){
        			$form->setError($field, "* Username has not been entered");
      		}else{
         			$subuser = stripslashes($subuser);
         			if(strlen($subuser) < 4){
					$form->setError($field, "* Username is too small");
				}elseif(strlen($subuser) > 20){
					$form->setError($field, "* Username is too big");
         			}elseif(strcasecmp($subuser, $journalnessConfig_guest_name) == 0){
					$form->setError($field, "* Username is reserved");
				}elseif($this->usernameTaken($subuser) && $subuser != $session->username){
					$form->setError($field, "* Username is already in use");
				}
      		}
			$vars['profile_username'] = $subuser;
		}

      	$field = "profile_newpassword";
		$subnewpass = $vars['profile_newpassword'];
		$subconf = $vars['profile_newpassword_confirm'];
		if($subnewpass){
			$subnewpass = stripslashes($subnewpass);
			if(strlen($subnewpass) < 4){
				$form->setError($field, "* Password is too small");
			}elseif(strcasecmp($subnewpass, $subconf) != 0){
				$form->setError($field, "* Passwords do not match");
			}
			$subnewpass = trim($subnewpass);
		}
		$vars['profile_newpassword_confirm'] = $subnewpass;

		$field = "profile_newpassword_confirm";
		if($subconf || $subnewpass){
			$subconf = stripslashes($subconf);
			if(strlen($subconf) < 4){
				$form->setError($field, "* Password is too small");
			}elseif(strcasecmp($subconf, $subnewpass) != 0){
				$form->setError($field, "* Passwords do not match");
			}
			$subconf = trim($subconf);
		}
		$vars['profile_newpassword_confirm'] = $subconf;
      
		$field = "profile_email";
		$subemail = $vars['profile_email'];
		if(!$subemail || strlen($subemail = trim($subemail)) == 0){
			$form->setError($field, "* Email has not been entered");
		}else{
			$regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
			."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
			."\.([a-z]{2,}){1}$";
			if(!eregi($regex,$subemail)){
				$form->setError($field, "* Invalid email address");
			}elseif($this->emailTaken($subemail) && $session->userdata['email'] != $subemail){
				$form->setError($field, "* Email address is already taken");
			}
			$subemail = stripslashes($subemail);
		}
		$vars['profile_email'] = $subemail;

		if($form->num_errors > 0){
			return 1;
		}else{
			if($this->submitProfile($vars)){
				return 0;
			}else{
				return 2;
			}
		}
	}

	function submitProfile($vars){
		global $database, $session, $mailer, $journalnessConfig_user_activation, $journalnessConfig_encrypt_type;

		// Create Date-of-birth value
		if(empty($vars['profile_dob_Year']) || empty($vars['profile_dob_Day']) || empty($vars['profile_dob_Month'])){
			$dob_date = "NULL";
		}else{
			$dob_date = $vars['profile_dob_Year'];
			$dob_date .= "-" . $vars['profile_dob_Month'];
			$dob_date .= "-" . $vars['profile_dob_Day'];
		}
		$vars['profile_dob'] = $dob_date;
		unset($vars['profile_dob_Year']);
		unset($vars['profile_dob_Day']);
		unset($vars['profile_dob_Month']);

		// Encrypt password if neccessary
		$subpass = $vars['profile_newpassword'];
		$subconf = $vars['profile_newpassword_confirm'];
		if(($subpass && $subconf) && (strcmp($subpass, $subconf) == 0)){
			$phpver = phpversion();
			if(extension_loaded("mhash") && $journalnessConfig_encrypt_type == "sha1"){
				$tempPassword = $subpass . "7b949c8716";  // A very basic salting of the password
				$subpass = bin2hex(mhash(MHASH_SHA1, $tempPassword));
			}elseif($phpver >= "4.3.0" && $journalnessConfig_encrypt_type == "sha1"){
				$tempPassword = $subpass . "7b949c8716";  // A very basic salting of the password
				$subpass = sha1($tempPassword);
			}elseif($journalnessConfig_encrypt_type == "sha1"){
				die("Please load the MHASH extension or install PHP >= 4.3.0 to use SHA-1");
			}

			if(extension_loaded("mhash") && $journalnessConfig_encrypt_type == "md5"){
				$tempPassword = $subpass . "7b949c8716";  // A very basic salting of the password
				$subpass = bin2hex(mhash(MHASH_MD5, $tempPassword));
			}elseif($phpver >= "4.3.0" && $journalnessConfig_encrypt_type == "md5"){
				$tempPassword = $subpass . "7b949c8716";  // A very basic salting of the password
				$subpass = md5($tempPassword);
			}
			$vars['profile_password'] = $subpass;
		}
		unset($vars['profile_newpassword']);
		unset($vars['profile_newpassword_confirm']);

		// Check if email has changed
		$query = "SELECT email FROM #__users WHERE id = '" . $session->uid . "'";
		$result = $database->GetArray($query);
		$originalemail = $result[0]['email'];

		$subemail = $vars['profile_email'];
		if(strcasecmp($originalemail, $subemail) !== 0){
			if($journalnessConfig_user_activation && !$session->is_admin){
				$query = "UPDATE #__users SET email = '$subemail', verified = '0' WHERE id = '" . $session->uid . "'";
				$database->Execute($query);
				$mailer->sendAuthEmail($session->uid);
				$session->logout();
			}else{
				$query = "UPDATE #__users SET email = $subemail WHERE id = '" . $session->uid . "'";
				$database->Execute($query);
			}
		}

		foreach($vars as $key => $value){
			$newkey = substr($key, 8);
			$key = substr($key, 0, 8);
			if($key == "profile_"){
				if($value == "NULL"){
					$submit_vars[$newkey] = "NULL";
				}else{
					$submit_vars[$newkey] = $database->QMagic(htmlspecialchars($value));
				}
			}
		}

		$query = "UPDATE #__users SET ";
		$count = count($submit_vars);
		$i=1;
		foreach($submit_vars as $key => $value){
			if($count == $i){
				$query .= "" . $key . " = " . $value . " ";
			}else{
				$query .= "" . $key . " = " . $value . ", ";
			}
			$i++;
		}
		$query .= "WHERE id = '" . $session->uid . "'";
		$database->Execute($query);

		if ($database->ErrorNo()) {
			return 0;
		}

		return 1;
	}

	function addUser($vars){
		global $database, $mailer, $journalnessConfig_user_activation, $journalnessConfig_encrypt_type;

		// Create Date-of-birth value
		if(empty($vars['register_dob_Year']) || empty($vars['register_dob_Day']) || empty($vars['register_dob_Month'])){

		}else{
			$dob_date = $vars['register_dob_Year'];
			$dob_date .= "-" . $vars['register_dob_Month'];
			$dob_date .= "-" . $vars['register_dob_Day'];
			$vars['register_dob'] = $dob_date;
		}
		unset($vars['register_dob_Year']);
		unset($vars['register_dob_Day']);
		unset($vars['register_dob_Month']);

		// Encrypt password
		$subpass = $vars['register_password'];
		$phpver = phpversion();
		if(extension_loaded("mhash") && $journalnessConfig_encrypt_type == "sha1"){
			$tempPassword = $subpass . "7b949c8716";  // A very basic salting of the password
			$subpass = bin2hex(mhash(MHASH_SHA1, $tempPassword));
		}elseif($phpver >= "4.3.0" && $journalnessConfig_encrypt_type == "sha1"){
			$tempPassword = $subpass . "7b949c8716";  // A very basic salting of the password
			$subpass = sha1($tempPassword);
		}elseif($journalnessConfig_encrypt_type == "sha1"){
			die("Please load the MHASH extension or install PHP >= 4.3.0 to use SHA-1");
		}

		if(extension_loaded("mhash") && $journalnessConfig_encrypt_type == "md5"){
			$tempPassword = $subpass . "7b949c8716";  // A very basic salting of the password
			$subpass = bin2hex(mhash(MHASH_MD5, $tempPassword));
		}elseif($phpver >= "4.3.0" && $journalnessConfig_encrypt_type == "md5"){
			$tempPassword = $subpass . "7b949c8716";  // A very basic salting of the password
			$subpass = md5($tempPassword);
		}
		$vars['register_password'] = $subpass;

		if($journalnessConfig_user_activation){
			$vars['register_verified'] = "0";
		}else{
			$vars['register_verified'] = "1";
		}

		$vars['register_is_admin'] = "0";
		$vars['register_is_super_admin'] = "0";

		foreach($vars as $key => $value){
			$newkey = substr($key, 9);
			$key = substr($key, 0, 9);
			if($key == "register_"){
				$register_vars[$newkey] = $database->QMagic(htmlspecialchars($value));
			}
		}

		$query = "INSERT INTO #__users (";
		$count = count($register_vars);
		$i=1;
		foreach($register_vars as $key => $value){
			if($count == $i){
				$query .= "" . $key . ") VALUES (";
			}else{
				$query .= "" . $key . ", ";
			}
			$i++;
		}
		$i=1;
		foreach($register_vars as $key => $value){
			if($count == $i){
				$query .= $value . ")";
			}else{
				$query .= $value . ", ";
			}
			$i++;
		}
		$database->Execute($query);

		if ($database->ErrorNo()) {
			return 0;
		}

		if($journalnessConfig_user_activation){
			$uid = $database->Insert_ID();
			if(empty($uid)){
				$query = "SELECT max(id) as id FROM #__users";
				$result = $database->GetArray($query);
				$uid = $result[0]['id'];
			}
			$mailer->sendAuthEmail($uid);
		}

		return 1;
	}

	function usernameTaken($username){
		global $database;

		$username = $database->QMagic($username);
		$query = "SELECT username FROM #__users WHERE username = $username";
		$result = $database->GetArray($query);

		return (count($result) > 0);
	}

	function emailTaken($email){
		global $database;

		$email = $database->QMagic($email);
		$query = "SELECT email FROM #__users WHERE email = $email";
		$result = $database->GetArray($query);

		return (count($result) > 0);
	}

	function updateSignature($signature){
		global $entry, $session, $database;

		$signature = $entry->prepareTextInput($signature, "0");
		$query = "UPDATE #__users SET sig = " . $signature . " WHERE id = '" . $session->uid . "'";
		$database->Execute($query);

	}

	function getSignature(){
		global $session, $entry, $database;

		$query = "SELECT sig FROM #__users WHERE id = '" . $session->uid . "'";
		$result = $database->GetArray($query);
		$row['text'] = $result[0]['sig'];
		$row['html'] = $entry->prepareText($row['text']);

		return $row;
	}

	function updateClipboard($clipboard){
		global $entry, $session, $database, $lang;

		$clipboard = $entry->prepareTextInput($clipboard, "0");
		$query = "UPDATE #__users SET clip = " . $clipboard . " WHERE id = '" . $session->uid . "'";
		$result = $database->Execute($query);

	}

	function getClipboard(){
		global $session, $database;

		$query = "SELECT clip FROM #__users WHERE id = '" . $session->uid . "'";
		$result = $database->GetArray($query);
		$row = $result[0]['clip'];

		return $row;
	}

	function generatePassword($length) {
		$_vowels = array ('a', 'e', 'i', 'o', 'u');   
		$_consonants = array ('b', 'c', 'd', 'f', 'g', 'h', 'k', 'm', 'n','p', 'r', 's', 't', 'v', 'w', 'x', 'z');   
		$_syllables = array ();   
		foreach ($_vowels as $v) {
			foreach ($_consonants as $c) {   
				array_push($_syllables,"$c$v");   
				array_push($_syllables,"$v$c");
			}
		}

		$newpass = NULL;
		for( $i=0;$i<=($length/2);$i++){
			$newpass = $newpass . $_syllables[array_rand($_syllables)];
		}

		return $newpass;

	}

	function sendResetConfirmation($subemail){
		global $mailer, $form;

		$field = "email";
		if(!$subemail || strlen($subemail = trim($subemail)) == 0){
			$form->setError($field, "* Email has not been entered");
		}else{
			$regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
			."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
			."\.([a-z]{2,}){1}$";
			if(!eregi($regex,$subemail)){
				$form->setError($field, "* Invalid email address");
			}elseif(!$this->emailTaken($subemail)){
				$form->setError($field, "* Email address does not exist");
			}
			$subemail = stripslashes($subemail);
		}

		if($form->num_errors > 0){
			return 1;
		}else{
			if($mailer->sendPasswordResetConfirm($subemail)){
				return 0;
			}else{
				return 2;
			}
		}
	}

	function sendResetPassword($resetcode){
		global $mailer, $database;

		$resetcode = $database->QMagic($resetcode);
		$query = "SELECT * FROM #__passwordreset WHERE resetcode = $resetcode";
		$result = $database->GetArray($query);

		if(count($result) > 0){
			$uid = $result[0]['uid'];
			$uid = $database->QMagic($uid);
			$query = "SELECT email FROM #__users WHERE id = $uid";
			$result = $database->GetArray($query);

			if($mailer->sendPasswordReset($result[0]['email'])){
				return 0;
			}else{
				return 2;
			}
		}else{
			return 2;
		}
	}

}

$users 	= new Users();

?>
Return current item: Journalness