<?php
/**************************************************************************
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
@Authors: Ryan Thompson(hide@address.com)
***************************************************************************/
/*$Id: class.user.php,v 1.36 2004/05/04 05:32:43 rthomp Exp $*/
class user
{
var $user_id;
var $login_time;
var $username;
var $name;
/*!
@function login()
@author Ryan Thompson
@abstract Logs in a user
@version 0.1
@params $username
@params $password
@return TRUE/FALSE
@since 22-11-2003
*/
function login($username, $password)
{
GLOBAL $O, $session, $tracker, $security;
//Return password encrypted
$enc_password = $security->encrypt_password($password);
//Match username/password to an account
if($this->user_id = $security->check_password($username, $enc_password))
{
if($security->system_locked())
{
//If system is locked only users with administrator access to admin panel can log in.
if($security->get_access_level($this->user_id, 'ad') < 3)
{
return FALSE;
}
}
//Account Enabled
if(!$security->account_enabled($this->user_id))
{
return FALSE;
} elseif($security->account_expired($this->user_id))
{
return FALSE;
} else {
//All seems good. Create session.
if($session->create_session($this->user_id))
{
$tracker->login_success($this->user_id);
return TRUE;
}
}
} else {
//Track failed login for user
$tracker->login_fail($username);
return FALSE;
}
return TRUE;
}
function update_user_data($data)
{
GLOBAL $O, $db, $user;
$sql = "UPDATE o_users SET firstname='$data[firstname]',lastname='$data[lastname]',
email='$data[email]',website='$data[website]',icq='$data[icq]',msn='$data[msn]',
yahoo='$data[yahoo]',aim='$data[aim]' WHERE user_id='{$user->user_id}'";
$db->query($sql);
return TRUE;
}
function create_user($data)
{
GLOBAL $O, $db, $tracker, $groups, $lang, $layout, $security, $category;
$uid = $this->get_uid();
if($this->user_search($data['new_username']))
{
//return ERROR
echo "user exists";
return FALSE;
}
$sql = "SELECT value FROM o_settings WHERE setting_id='9'";
$db->query($sql);
$db->fetch_results();
if($db->record['value'] == 'TRUE')
{
$sql = "SELECT value FROM o_settings WHERE setting_id='1'";
$db->query($sql);
$db->fetch_results();
$data['new_password'] = $security->random_string($db->record['value']);
} else {
if(!$security->compare($data['new_password'], $data['confirm_password']))
{
//Return error.
echo "Compare failed";
return FALSE;
}
}
if(!$security->password_length($data['new_password']))
{
//Return error.
echo "Password too short";
return FALSE;
} else {
$password = $security->encrypt_password($data['new_password']);
$i = 0;
foreach($data['access_rights'] AS $key => $value)
{
$security->enable_access($uid, $key, $value, $data['new_username']);
}
$tracker->create_tracker($uid);
$tracker->create_user_security($uid);
$this->create_preferences($uid);
$category->add_default_categories($uid);
while($i < count($data['groups']))
{
$gid = $data['groups'][$i];
$groups->add_user($uid, $gid);
$i++;
}
$subject = $lang->get_msg('new_user_subject', 'ad');
$subject = str_replace('%SITENAME%', $layout->sitename, $subject);
$message = $lang->get_msg('new_user_message','ad');
$message = str_replace('%SITENAME%', $layout->sitename, $message);
$message = str_replace('%LOGIN%', $security->protocol. $O->url ."/login.php", $message);
$message = str_replace('%USERNAME%', $data['new_username'], $message);
$message = str_replace('%PASSWORD%', $data['new_password'], $message);
if($O->mailer($data['email'], $subject, $message))
{
$this->add_user($uid, $password, $data);
}
return TRUE;
}
}
function get_uid()
{
GLOBAL $O, $db;
$uid = rand(100000,999999);
$sql = "SELECT user_id FROM o_users WHERE user_id='$uid'";
$db->query($sql);
if($db->num_rows >= 1)
{
$this->get_uid();
} else {
return $uid;
}
}
function create_preferences($user_id)
{
GLOBAL $O, $db;
$sql = "SELECT * FROM o_preferences WHERE user_id='1'";
$db->query($sql);
while($db->fetch_results())
{
$prefs[$db->record['preference']][$db->record['service']] = $db->record;
}
foreach($prefs AS $key => $value)
{
foreach($prefs[$key] AS $key => $value)
{
$sql = "INSERT INTO o_preferences (service, user_id, preference, value) VALUES ('$key', '$user_id', '$value[preference]','$value[value]')";
$db->query($sql);
}
}
}
function user_search($username)
{
GLOBAL $O, $db;
$sql = "SELECT username FROM o_users WHERE username='$username'";
$db->query($sql);
if($db->num_rows >= 1)
{
return TRUE;
} else {
return FALSE;
}
}
function add_user($uid, $password, $data)
{
GLOBAL $O, $db;
$time = time();
$sql = "INSERT INTO o_users (user_id, username, firstname, lastname, password, email,
date_created) VALUES ('$uid','$data[new_username]','$data[firstname]',
'$data[lastname]','$password','$data[email]','$time')";
$db->query($sql);
return;
}
function get_user_agent()
{
return $_SERVER['HTTP_USER_AGENT'];
}
function get_user_ip()
{
return $_SERVER["REMOTE_ADDR"];
}
function drop_account($user_id)
{
GLOBAL $O, $db, $security, $error;
$sql = "SELECT username FROM o_users WHERE user_id='$user_id'";
$db->query($sql);
$db->fetch_results();
$username = $db->record['username'];
$sql = "SELECT location FROM o_services";
$db->query($sql);
$i = 0;
while($db->fetch_results())
{
$service[$i] = $db->record['location'];
$i++;
}
$i = 0;
//echo count($service);
while($i < count($service))
{
$security->delete_from_service($service[$i], $username, $user_id);
$i++;
}
$sql = "DELETE FROM o_users WHERE user_id='$user_id'";
$db->query($sql);
}
function forgot_password($email, $username)
{
GLOBAL $O, $db, $error, $layout, $security;
$db->query("SELECT user_id, firstname, lastname FROM o_users WHERE email='$email' AND username='$username'");
if($db->num_rows == 1)
{
$db->fetch_results();
$new_password = $security->random_string(8);
$fn = $db->record['firstname'];
$ln = $db->record['lastname'];
$uid = $db->record['user_id'];
$message = "$fn $ln\n\n
A request was made to create a new password for the account matching this address
at ". $O->sitename ." below is a new password to access your account\n\n
New Password: $new_password\n\n If you did not make this request sorry for the inconvenience";
if($O->mailer($email, $layout->sitename ." - Password Retrieval", $message))
{
$enc_password = $security->encrypt_password($new_password);
$sql = "UPDATE o_users SET password='$enc_password' WHERE user_id='$uid'";
$db->query($sql);
echo "A new password has been sent to the corresponding address";
}
} else {
$error->get_message(1003);
return FALSE;
}
}
/*!
@function get_preferences()
@author Ryan Thompson
@abstract Retrieves a user preference from the database
@version 0.1
@params $service - Current service the preference is for
@params $preference - The preference item were looking for
@return $value - The value of the preference
@since 07-11-2003
*/
function get_preference($service, $preference, $user_id)
{
GLOBAL $O, $db, $error;
$sql = "SELECT value FROM o_preferences WHERE service='$service' AND
preference='$preference' AND user_id='". $user_id ."'";
$db->query($sql);
$db->fetch_results();
return $db->record['value'];
}
/*!
@function get_default_service()
@author Ryan Thompson
@abstract Retrieves default service on user login
@version 0.1
@return $service_location
@since 06-11-2003
*/
function get_default_service($user_id)
{
GLOBAL $O, $db;
$service = $this->get_preference('gl', 'default_service', $user_id);
$sql = "SELECT location FROM o_services WHERE code='$service'";
$db->query($sql);
$db->fetch_results();
return $db->record['location'];
}
/*!
@function update_preferences()
@author Ryan Thompson
@abstract Updates users preferences and adds them if they're missing
@version 0.1
@params $data
@params $service
@params $user_id
@return TRUE
@since 09-12-2003
*/
function update_preferences($data, $service, $user_id)
{
GLOBAL $db;
foreach($data AS $key => $value)
{
//Make sure they have this preference to update. If not. Add it.
$sql = "SELECT preference FROM o_preferences WHERE preference='$key'
AND service='$service' AND user_id='$user_id'";
$db->query($sql);
if($db->num_rows == 0)
{
//Move add else where.
$sql = "INSERT INTO o_preferences (user_id, service, preference, value) VALUES
('$user_id','$service','$key','$value')";
} else {
$sql = "UPDATE o_preferences SET value='$value' WHERE preference='$key' AND user_id='$user_id'
AND service='$service'";
}
$db->query($sql);
}
return;
}
/*!
@function get_all_prefs()
@author Ryan Thompson
@abstract Gets all preferences relating to a service
@version 0.1
@params $service
@params $user_id
@return $pref_list[]
@since 09-12-2003
*/
function get_all_prefs($service, $user_id)
{
GLOBAL $db;
$sql = "SELECT * FROM o_preferences WHERE user_id='$user_id' AND service='$service'";
$db->query($sql);
while($db->fetch_results())
{
$pref = $db->record['preference'];
$pref_list[$db->record['preference']] = $db->record['value'];
}
return $pref_list;
}
}
?>