Location: PHPKode > projects > Online Fantasy Football League > offl-0.2.6/www/lib/classes/offl_user.php
<?php
/**
 * Defines the {@link OFFL_User} class.
 *
 * @package offl
 * @author Stephen Rochelle <hide@address.com>
 */

if (strtr(__FILE__, "\\", "/") == $_SERVER["SCRIPT_FILENAME"])
{	die ("Cannot access file directly!");	}

require_once($DOC_ROOT . "/lib/classes/offl_dbobject.php");
/**
 * Defines interfaces for OFFL users (login accounts).
 *
 * Includes lookups for associated {@link OFFL_FFLTeam FFL teams} and league-level administrative rights.
 *
 * @package offl
 */
class OFFL_User extends OFFL_DBObject
{
	/**
	 * @var integer
	 */
	var $_user_id = NULL;
	/**
	 * @var string
	 */
	var $_username = "";
	/**
	 * @var string
	 */
	var $_password = "";
	/**
	 * @var boolean
	 */
	var $_admin = 0;
	/**
	 * @var string
	 */
	var $_user_fname = "";
	/**
	 * @var string
	 */
	var $_user_lname = "";
	/**
	 * @var string
	 */
	var $_user_email = "";
	/**
	 * @var array
	 */
	var $_league_id_array = array();
	/**
	 * @var array
	 */
	var $_fflteam_id_array = array();
	/**
	 * @var array
	 */
	var $_league_admin_array = array();

	/**
	 * Constructor
	 *
	 * @param integer $user_id Optional: If set, loads user from database
	 * @see populate()
	 */
	function OFFL_User ($user_id = NULL)
	{
		OFFL_DBObject::OFFL_DBObject();

		if (!is_null($user_id))
		{
			$this->_user_id = $user_id;
			$this->populate();
		}
	}

	/**
	 * Pulls info from database.  {@link $_user_id} must be set.
	 * @return boolean TRUE if successful, FALSE otherwise.
	 */
	function populate()
	{
		if(is_null($this->_user_id))
		{
			$this->_emsg = "\$_user_id is not set.	Cannot populate OFFL_User object.";
			error_log ($this->_emsg);
			return FALSE;
		}
		$sql = "SELECT * FROM users WHERE user_id=" . $this->_user_id;
		$result = mysql_query($sql,$this->_conn) or die (mysql_error() . ": $sql");

		if(mysql_num_rows($result) == 0)
		{
			$this->_emsg = "No user records found for user_id $this->_user_id.";
			error_log ($this->_emsg);
			return FALSE;
		}

		$this->_username = htmlspecialchars(stripslashes(mysql_result($result,0,"username")));
		$this->_admin = mysql_result($result,0,"admin");
		$this->_user_fname = htmlspecialchars(stripslashes(mysql_result($result,0,"fname")));
		$this->_user_lname = htmlspecialchars(stripslashes(mysql_result($result,0,"lname")));
		$this->_user_email = htmlspecialchars(stripslashes(mysql_result($result,0,"email")));
		$this->_league_id_array = array_diff(array_unique(explode(",", mysql_result($result,0,"league_ids"))), array(""));
		$this->_fflteam_id_array = array_diff(explode(",", mysql_result($result,0,"fflteam_ids")), array(""));
		$this->_league_admin_array = array_diff(array_unique(explode(",", mysql_result($result,0,"league_admin"))), array(""));

		return TRUE;
	}

	/**
	 * Saves the user to the database.  Determines SELECT vs INSERT based on {@link $_user_id}.
	 */
	function save()
	{
		if (is_null($this->_user_id))
		{
			$sql = "INSERT INTO users (username";
			if (!is_null($this->_password))
			{	$sql .= ", password";	}
			$sql .= ", admin, fname, lname, email, league_ids, fflteam_ids, league_admin) VALUES ('" . mysql_escape_string($this->_username) . "'";
			if (strlen($this->_password))
			{	$sql .= ", '" . $this->_password . "'";	}
			$sql .= ", " . $this->_admin . ", '" . mysql_escape_string($this->_user_fname) . "', '" . mysql_escape_string($this->_user_lname) . "', '" . mysql_escape_string($this->_user_email) . "', '" . implode(",", $this->_league_id_array) . "', '" . implode(",", $this->_fflteam_id_array) . "', '" . implode(",", $this->_league_admin_array) . "')";
		}
		else
		{
			$sql = "UPDATE users SET username='" . mysql_escape_string($this->_username) . "'";
			if (strlen($this->_password))
			{	$sql .= ", password='" . $this->_password . "'";	}
			$sql .= ", admin=" . $this->_admin . ", fname='" . mysql_escape_string($this->_user_fname) . "', lname='" . mysql_escape_string($this->_user_lname) . "', email='" . mysql_escape_string($this->_user_email) . "', league_ids='" . implode(",", $this->_league_id_array) . "', fflteam_ids='" . implode(",", $this->_fflteam_id_array) . "', league_admin='" . implode(",", $this->_league_admin_array) . "' WHERE user_id=" . $this->_user_id;
		}
		$result = mysql_query($sql,$this->_conn) or die (mysql_error() . ": $sql");
	}

	/**
	 * @return integer
	 */
	function getUserID()
	{
		return $this->_user_id;
	}

	/**
	 * @param string $username
	 */
	function setUsername($username)
	{
		$this->_username = $username;
	}

	/**
	 * @return string
	 */
	function getUsername()
	{
		return $this->_username;
	}

	/**
	 * Checks to see if the given username is suitable (i.e. not existant in the database)
	 *
	 * N.B. This isn't an atomic save operation.
	 *
	 * @param string $username Proposed username to be validated
	 * @return boolean TRUE if username is allowable, FALSE if not.
	 */
	function validateUsername($username)
	{
		$sql = "SELECT user_id FROM users WHERE username='" . $username . "'";
		$result = mysql_query($sql,$this->_conn) or die (mysql_error() . ": $sql");
		$rows = mysql_num_rows($result);
		mysql_free_result($result);
		if ($rows == 0)
		{	return TRUE;	}
		return FALSE;
	}

	/**
	 * @param string $password
	 */
	function setPassword($password)
	{
		$this->_password = md5($password);
	}

	/**
	 * @param string $password
	 */
	function setCryptPassword($password)
	{
		$this->_password = $password;
	}

	/**
	 * @return string
	 */
	function getPassword()
	{
		return $this->_password;
	}

	/**
	 * Returns the MD5 hash of the user's password.  For cookie-login purposes.
	 *
	 * @return string|boolean 32-character hash, or FALSE if {@link $_user_id} not set
	 */
	function getPasswordHash()
	{
		if (is_null($this->_user_id))
		{	return FALSE;	}
		$sql = "SELECT password FROM users WHERE user_id=" . $this->_user_id;
		$result = mysql_query($sql,$this->_conn) or die (mysql_errno() . " &ndash; " . mysql_error() . ": $sql");
		if (mysql_num_rows($result) == 0)
		{	return FALSE;	}
		$hash = mysql_result($result, 0, "password");
		mysql_free_result($result);
		return $hash;
	}

	/**
	 * Validates a login based on encrypted cookie
	 *
	 * @param string $hash The MD5 hash stored in the OFFL_COOKIE_NAME login cookie.  Hash validates against a string of form "{@link $_user_id}--md5({@link $_password})".
	 * @return integer|boolean {@link $_user_id} of the validated user or FALSE (remember to distinguish between UID 0 and FALSE)
	 */
	function getUserIDByHash($hash)
	{
		$sql = "SELECT user_id FROM users";
		$result = mysql_query($sql,$this->_conn) or die (mysql_errno() . " &ndash; " . mysql_error() . ": $sql");
		$rows = mysql_num_rows($result);
		for($i = 0; $i < $rows; $i++)
		{
			$user = new OFFL_User(mysql_result($result, $i, "user_id"));
			if ($hash === md5($user->getUsername() . "--" . $user->getPasswordHash()))
			{	return $user->getUserID();	}
		}
		return FALSE;
	}

	/**
	 * @param boolean $admin
	 */
	function setAdmin($admin)
	{
		$this->_admin = $admin;
	}

	/**
	 * @return boolean
	 */
	function getAdmin()
	{
		return $this->_admin;
	}

	/**
	 * @param string $user_fname
	 */
	function setFirstName($user_fname)
	{
		$this->_user_fname = $user_fname;
	}

	/**
	 * @return string
	 */
	function getFirstName()
	{
		return $this->_user_fname;
	}

	/**
	 * @param string $user_lname
	 */
	function setLastName($user_lname)
	{
		$this->_user_lname = $user_lname;
	}

	/**
	 * @return string
	 */
	function getLastName()
	{
		return $this->_user_lname;
	}

	/**
	 * @param string $user_email
	 */
	function setEmail($user_email)
	{
		$this->_user_email = $user_email;
	}

	/**
	 * @return string
	 */
	function getEmail()
	{
		return $this->_user_email;
	}

	/**
	 * Shortcut function for a formatted name string
	 *
	 * $param boolean $email Optional: set FALSE to disable mailto: link
	 * @return string Takes the form <a href="mailto:{@link $_user_email}">{@link $_user_fname} {@link $_user_lname}</a>
	 */
	function getName($email = TRUE)
	{
		$retStr = "";
		if($email && strlen($this->_user_email))
		{	$retStr .= "<a href=\"mailto:" . $this->_user_email . "\">";	}
		$name = trim($this->_user_fname . " " . $this->_user_lname);
		if (strlen($name) == 0)
		{	$name = $this->_username;	}
		$retStr .= $name;
		if($email && strlen($this->_user_email))
		{	$retStr .= "</a>";	}
		return $retStr;
	}

	/**
	 * @param array $fflteam_id_array
	 */
	function setFFLTeamIDs($fflteam_id_array)
	{
		$this->_fflteam_id_array = $fflteam_id_array;
	}

	/**
	 * @return array
	 */
	function getFFLTeamIDs()
	{
		return $this->_fflteam_id_array;
	}

	/**
	 * Adds an {@link OFFL_FFLTeam} to this user
	 *
	 * @param integer $fflteam_id
	 */
	function addFFLTeamID($fflteam_id)
	{
		$this->_fflteam_id_array[] = $fflteam_id;
	}

	/**
	 * Removes an {@link OFFL_FFLTeam} from this user, if found
	 *
	 * @param integer $fflteam_id
	 * @return boolean TRUE if removed, FALSE if not found
	 */
	function removeFFLTeamID($fflteam_id)
	{
		$key = array_search($fflteam_id, $this->_fflteam_id_array);
		if ($key === FALSE)
		{	return FALSE;	}
		unset($this->_fflteam_id_array[$key]);
		sort($this->_fflteam_id_array);
		return TRUE;
	}

	/**
	 * @param array $league_id_array
	 */
	function setLeagueIDs($league_id_array)
	{
		$this->_league_id_array = $league_id_array;
	}

	/**
	 * @return array
	 */
	function getLeagueIDs()
	{
		return $this->_league_id_array;
	}

	/**
	 * Adds an {@link OFFL_League} to this user
	 *
	 * @param integer $league_id
	 */
	function addLeagueID($league_id)
	{
		$this->_league_id_array[] = $league_id;
		$this->_league_id_array = array_unique($this->_league_id_array);
	}

	/**
	 * Removes an {@link OFFL_League} from this user, if found
	 *
	 * @param integer $league_id
	 * @return boolean TRUE if removed, FALSE if not found
	 */
	function removeLeagueID($league_id)
	{
		$key = array_search($league_id, $this->_fflteam_id_array);
		if ($key === FALSE)
		{	return FALSE;	}
		unset($this->_league_id_array[$key]);
		sort($this->_league_id_array);
		return TRUE;
	}

	/**
	 * @param array $league_admin_array
	 */
	function setLeagueAdminIDs($league_admin_array)
	{
		$this->_league_admin_array = $league_admin_array;
	}

	/**
	 * @return array
	 */
	function getLeagueAdminIDs()
	{
		return $this->_league_admin_array;
	}

	/**
	 * Adds an {@link OFFL_League} to this user's administrative privileges.
	 *
	 * @param integer $league_id
	 */
	function addLeagueAdminID($league_id)
	{
		$this->_league_admin_array[] = $league_id;
		$this->_league_admin_array = array_unique($this->_league_admin_array);
	}

	/**
	 * Removes an {@link OFFL_League} from this user's administrative privileges, if found
	 *
	 * @param integer $league_id
	 * @return boolean TRUE if removed, FALSE if not found
	 */
	function removeLeagueAdminID($league_id)
	{
		$key = array_search($league_id, $this->_league_admin_array);
		if ($key === FALSE)
		{	return FALSE;	}
		unset($this->_league_admin_array[$key]);
		sort($this->_league_admin_array);
		return TRUE;
	}

	/**
	 * Authenticates a user login.  This function is deprecated.
	 *
	 * @param string $uname User name
	 * @param string $pword Password
	 * @return OFFL_User|NULL returns relevant user if password correct, else NULL.
	 */
	function authenticate($uname,$pword)
	{
		$sql = "SELECT user_id FROM users WHERE username='" . mysql_escape_string($uname) . "' AND password=MD5('" . mysql_escape_string($pword) . "')";
		$result = mysql_query($sql,$this->_conn) or die (mysql_error() . ": $sql");

		if(mysql_num_rows($result) == 0)
		{	return NULL;	}
		$user = new OFFL_User(mysql_result($result,0,"user_id"));
		mysql_free_result($result);
		return $user;
	}

	/**
	 * Authenticates a cryptographic user login.
	 *
	 * @param string $uname User name
	 * @param string $phash Password hash
	 * @return OFFL_User|NULL returns relevant user if password correct, else NULL.
	 */
	function cryptAuth($uname,$phash)
	{
		$sql = "SELECT user_id, password FROM users WHERE username='" . mysql_escape_string($uname) . "'";
		$result = mysql_query($sql,$this->_conn) or die (mysql_error() . ": $sql");

		if(mysql_num_rows($result) == 0)
		{	return NULL;	}

		$hash = mysql_result($result,0,"password");
		$hash = md5($hash . $_SESSION["login_time"]);

		if ($phash != $hash)
		{	return NULL;	}

		$user = new OFFL_User(mysql_result($result,0,"user_id"));
		mysql_free_result($result);
		return $user;
	}

	/**
	 *	Returns all users in the FFL system
	 *
	 * @return array Array of OFFL_User objects
	 */
	function getAllUsers()
	{
		$retArr = array();
		$sql = "SELECT user_id FROM users";
		$result = mysql_query($sql, $this->_conn) or die (mysql_errno() . " &ndash; " . mysql_error() . ": " . $sql);
		for ($i = 0; $i < mysql_num_rows($result); $i++)
		{	$retArr[] = new OFFL_User(mysql_result($result, $i, "user_id"));	}
		mysql_free_result ($result);
		return $retArr;
	}

} // end OFFL_User class
?>
Return current item: Online Fantasy Football League