<?php
/**
* Defines the {@link OFFL_User} class.
*
* @package offl
* @author Stephen Rochelle <hide@address.com>
*/
if (strtr(__FILE__, "\\", "/") == $_SERVER["SCRIPT_FILENAME"])
{ die ("Cannot access file directly!"); }
require_once($DOC_ROOT . "/lib/classes/offl_dbobject.php");
/**
* Defines interfaces for OFFL users (login accounts).
*
* Includes lookups for associated {@link OFFL_FFLTeam FFL teams} and league-level administrative rights.
*
* @package offl
*/
class OFFL_User extends OFFL_DBObject
{
/**
* @var integer
*/
var $_user_id = NULL;
/**
* @var string
*/
var $_username = "";
/**
* @var string
*/
var $_password = "";
/**
* @var boolean
*/
var $_admin = 0;
/**
* @var string
*/
var $_user_fname = "";
/**
* @var string
*/
var $_user_lname = "";
/**
* @var string
*/
var $_user_email = "";
/**
* @var array
*/
var $_league_id_array = array();
/**
* @var array
*/
var $_fflteam_id_array = array();
/**
* @var array
*/
var $_league_admin_array = array();
/**
* Constructor
*
* @param integer $user_id Optional: If set, loads user from database
* @see populate()
*/
function OFFL_User ($user_id = NULL)
{
OFFL_DBObject::OFFL_DBObject();
if (!is_null($user_id))
{
$this->_user_id = $user_id;
$this->populate();
}
}
/**
* Pulls info from database. {@link $_user_id} must be set.
* @return boolean TRUE if successful, FALSE otherwise.
*/
function populate()
{
if(is_null($this->_user_id))
{
$this->_emsg = "\$_user_id is not set. Cannot populate OFFL_User object.";
error_log ($this->_emsg);
return FALSE;
}
$sql = "SELECT * FROM users WHERE user_id=" . $this->_user_id;
$result = mysql_query($sql,$this->_conn) or die (mysql_error() . ": $sql");
if(mysql_num_rows($result) == 0)
{
$this->_emsg = "No user records found for user_id $this->_user_id.";
error_log ($this->_emsg);
return FALSE;
}
$this->_username = htmlspecialchars(stripslashes(mysql_result($result,0,"username")));
$this->_admin = mysql_result($result,0,"admin");
$this->_user_fname = htmlspecialchars(stripslashes(mysql_result($result,0,"fname")));
$this->_user_lname = htmlspecialchars(stripslashes(mysql_result($result,0,"lname")));
$this->_user_email = htmlspecialchars(stripslashes(mysql_result($result,0,"email")));
$this->_league_id_array = array_diff(array_unique(explode(",", mysql_result($result,0,"league_ids"))), array(""));
$this->_fflteam_id_array = array_diff(explode(",", mysql_result($result,0,"fflteam_ids")), array(""));
$this->_league_admin_array = array_diff(array_unique(explode(",", mysql_result($result,0,"league_admin"))), array(""));
return TRUE;
}
/**
* Saves the user to the database. Determines SELECT vs INSERT based on {@link $_user_id}.
*/
function save()
{
if (is_null($this->_user_id))
{
$sql = "INSERT INTO users (username";
if (!is_null($this->_password))
{ $sql .= ", password"; }
$sql .= ", admin, fname, lname, email, league_ids, fflteam_ids, league_admin) VALUES ('" . mysql_escape_string($this->_username) . "'";
if (strlen($this->_password))
{ $sql .= ", '" . $this->_password . "'"; }
$sql .= ", " . $this->_admin . ", '" . mysql_escape_string($this->_user_fname) . "', '" . mysql_escape_string($this->_user_lname) . "', '" . mysql_escape_string($this->_user_email) . "', '" . implode(",", $this->_league_id_array) . "', '" . implode(",", $this->_fflteam_id_array) . "', '" . implode(",", $this->_league_admin_array) . "')";
}
else
{
$sql = "UPDATE users SET username='" . mysql_escape_string($this->_username) . "'";
if (strlen($this->_password))
{ $sql .= ", password='" . $this->_password . "'"; }
$sql .= ", admin=" . $this->_admin . ", fname='" . mysql_escape_string($this->_user_fname) . "', lname='" . mysql_escape_string($this->_user_lname) . "', email='" . mysql_escape_string($this->_user_email) . "', league_ids='" . implode(",", $this->_league_id_array) . "', fflteam_ids='" . implode(",", $this->_fflteam_id_array) . "', league_admin='" . implode(",", $this->_league_admin_array) . "' WHERE user_id=" . $this->_user_id;
}
$result = mysql_query($sql,$this->_conn) or die (mysql_error() . ": $sql");
}
/**
* @return integer
*/
function getUserID()
{
return $this->_user_id;
}
/**
* @param string $username
*/
function setUsername($username)
{
$this->_username = $username;
}
/**
* @return string
*/
function getUsername()
{
return $this->_username;
}
/**
* Checks to see if the given username is suitable (i.e. not existant in the database)
*
* N.B. This isn't an atomic save operation.
*
* @param string $username Proposed username to be validated
* @return boolean TRUE if username is allowable, FALSE if not.
*/
function validateUsername($username)
{
$sql = "SELECT user_id FROM users WHERE username='" . $username . "'";
$result = mysql_query($sql,$this->_conn) or die (mysql_error() . ": $sql");
$rows = mysql_num_rows($result);
mysql_free_result($result);
if ($rows == 0)
{ return TRUE; }
return FALSE;
}
/**
* @param string $password
*/
function setPassword($password)
{
$this->_password = md5($password);
}
/**
* @param string $password
*/
function setCryptPassword($password)
{
$this->_password = $password;
}
/**
* @return string
*/
function getPassword()
{
return $this->_password;
}
/**
* Returns the MD5 hash of the user's password. For cookie-login purposes.
*
* @return string|boolean 32-character hash, or FALSE if {@link $_user_id} not set
*/
function getPasswordHash()
{
if (is_null($this->_user_id))
{ return FALSE; }
$sql = "SELECT password FROM users WHERE user_id=" . $this->_user_id;
$result = mysql_query($sql,$this->_conn) or die (mysql_errno() . " – " . mysql_error() . ": $sql");
if (mysql_num_rows($result) == 0)
{ return FALSE; }
$hash = mysql_result($result, 0, "password");
mysql_free_result($result);
return $hash;
}
/**
* Validates a login based on encrypted cookie
*
* @param string $hash The MD5 hash stored in the OFFL_COOKIE_NAME login cookie. Hash validates against a string of form "{@link $_user_id}--md5({@link $_password})".
* @return integer|boolean {@link $_user_id} of the validated user or FALSE (remember to distinguish between UID 0 and FALSE)
*/
function getUserIDByHash($hash)
{
$sql = "SELECT user_id FROM users";
$result = mysql_query($sql,$this->_conn) or die (mysql_errno() . " – " . mysql_error() . ": $sql");
$rows = mysql_num_rows($result);
for($i = 0; $i < $rows; $i++)
{
$user = new OFFL_User(mysql_result($result, $i, "user_id"));
if ($hash === md5($user->getUsername() . "--" . $user->getPasswordHash()))
{ return $user->getUserID(); }
}
return FALSE;
}
/**
* @param boolean $admin
*/
function setAdmin($admin)
{
$this->_admin = $admin;
}
/**
* @return boolean
*/
function getAdmin()
{
return $this->_admin;
}
/**
* @param string $user_fname
*/
function setFirstName($user_fname)
{
$this->_user_fname = $user_fname;
}
/**
* @return string
*/
function getFirstName()
{
return $this->_user_fname;
}
/**
* @param string $user_lname
*/
function setLastName($user_lname)
{
$this->_user_lname = $user_lname;
}
/**
* @return string
*/
function getLastName()
{
return $this->_user_lname;
}
/**
* @param string $user_email
*/
function setEmail($user_email)
{
$this->_user_email = $user_email;
}
/**
* @return string
*/
function getEmail()
{
return $this->_user_email;
}
/**
* Shortcut function for a formatted name string
*
* $param boolean $email Optional: set FALSE to disable mailto: link
* @return string Takes the form <a href="mailto:{@link $_user_email}">{@link $_user_fname} {@link $_user_lname}</a>
*/
function getName($email = TRUE)
{
$retStr = "";
if($email && strlen($this->_user_email))
{ $retStr .= "<a href=\"mailto:" . $this->_user_email . "\">"; }
$name = trim($this->_user_fname . " " . $this->_user_lname);
if (strlen($name) == 0)
{ $name = $this->_username; }
$retStr .= $name;
if($email && strlen($this->_user_email))
{ $retStr .= "</a>"; }
return $retStr;
}
/**
* @param array $fflteam_id_array
*/
function setFFLTeamIDs($fflteam_id_array)
{
$this->_fflteam_id_array = $fflteam_id_array;
}
/**
* @return array
*/
function getFFLTeamIDs()
{
return $this->_fflteam_id_array;
}
/**
* Adds an {@link OFFL_FFLTeam} to this user
*
* @param integer $fflteam_id
*/
function addFFLTeamID($fflteam_id)
{
$this->_fflteam_id_array[] = $fflteam_id;
}
/**
* Removes an {@link OFFL_FFLTeam} from this user, if found
*
* @param integer $fflteam_id
* @return boolean TRUE if removed, FALSE if not found
*/
function removeFFLTeamID($fflteam_id)
{
$key = array_search($fflteam_id, $this->_fflteam_id_array);
if ($key === FALSE)
{ return FALSE; }
unset($this->_fflteam_id_array[$key]);
sort($this->_fflteam_id_array);
return TRUE;
}
/**
* @param array $league_id_array
*/
function setLeagueIDs($league_id_array)
{
$this->_league_id_array = $league_id_array;
}
/**
* @return array
*/
function getLeagueIDs()
{
return $this->_league_id_array;
}
/**
* Adds an {@link OFFL_League} to this user
*
* @param integer $league_id
*/
function addLeagueID($league_id)
{
$this->_league_id_array[] = $league_id;
$this->_league_id_array = array_unique($this->_league_id_array);
}
/**
* Removes an {@link OFFL_League} from this user, if found
*
* @param integer $league_id
* @return boolean TRUE if removed, FALSE if not found
*/
function removeLeagueID($league_id)
{
$key = array_search($league_id, $this->_fflteam_id_array);
if ($key === FALSE)
{ return FALSE; }
unset($this->_league_id_array[$key]);
sort($this->_league_id_array);
return TRUE;
}
/**
* @param array $league_admin_array
*/
function setLeagueAdminIDs($league_admin_array)
{
$this->_league_admin_array = $league_admin_array;
}
/**
* @return array
*/
function getLeagueAdminIDs()
{
return $this->_league_admin_array;
}
/**
* Adds an {@link OFFL_League} to this user's administrative privileges.
*
* @param integer $league_id
*/
function addLeagueAdminID($league_id)
{
$this->_league_admin_array[] = $league_id;
$this->_league_admin_array = array_unique($this->_league_admin_array);
}
/**
* Removes an {@link OFFL_League} from this user's administrative privileges, if found
*
* @param integer $league_id
* @return boolean TRUE if removed, FALSE if not found
*/
function removeLeagueAdminID($league_id)
{
$key = array_search($league_id, $this->_league_admin_array);
if ($key === FALSE)
{ return FALSE; }
unset($this->_league_admin_array[$key]);
sort($this->_league_admin_array);
return TRUE;
}
/**
* Authenticates a user login. This function is deprecated.
*
* @param string $uname User name
* @param string $pword Password
* @return OFFL_User|NULL returns relevant user if password correct, else NULL.
*/
function authenticate($uname,$pword)
{
$sql = "SELECT user_id FROM users WHERE username='" . mysql_escape_string($uname) . "' AND password=MD5('" . mysql_escape_string($pword) . "')";
$result = mysql_query($sql,$this->_conn) or die (mysql_error() . ": $sql");
if(mysql_num_rows($result) == 0)
{ return NULL; }
$user = new OFFL_User(mysql_result($result,0,"user_id"));
mysql_free_result($result);
return $user;
}
/**
* Authenticates a cryptographic user login.
*
* @param string $uname User name
* @param string $phash Password hash
* @return OFFL_User|NULL returns relevant user if password correct, else NULL.
*/
function cryptAuth($uname,$phash)
{
$sql = "SELECT user_id, password FROM users WHERE username='" . mysql_escape_string($uname) . "'";
$result = mysql_query($sql,$this->_conn) or die (mysql_error() . ": $sql");
if(mysql_num_rows($result) == 0)
{ return NULL; }
$hash = mysql_result($result,0,"password");
$hash = md5($hash . $_SESSION["login_time"]);
if ($phash != $hash)
{ return NULL; }
$user = new OFFL_User(mysql_result($result,0,"user_id"));
mysql_free_result($result);
return $user;
}
/**
* Returns all users in the FFL system
*
* @return array Array of OFFL_User objects
*/
function getAllUsers()
{
$retArr = array();
$sql = "SELECT user_id FROM users";
$result = mysql_query($sql, $this->_conn) or die (mysql_errno() . " – " . mysql_error() . ": " . $sql);
for ($i = 0; $i < mysql_num_rows($result); $i++)
{ $retArr[] = new OFFL_User(mysql_result($result, $i, "user_id")); }
mysql_free_result ($result);
return $retArr;
}
} // end OFFL_User class
?>