Location: PHPKode > projects > Phpbbantispam > files/includes/functions_insert_user.php
<?php
/***************************************************************************
 * Filename:          functions_mod_user.php
 * Description:       A library consisting of a user class and some wrapper
 *                    functions which can be used by MOD authors to handle
 *                    user registration
 * Author:            Graham Eames (hide@address.com)
 * Last Modified:     20-Aug-2004
 * File Version:      1.2
 *
 * Acknowlegments:    A few pieces of code in this come from usercp_register.php
 *                    Much of the rest is adapted from my convertors
 *
 ***************************************************************************/

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

// This code requires certain functions to be included, so we'll include the
// files just in case they are not already used on the calling page
// NB. This requires that the calling script has set the $phpbb_root_path variable
// and also that the $db object has been initialized      
if ( !defined('IN_PHPBB') )
{
	die('Hacking attempt');
}
if ( !defined('IN_ANTISPAM') )
{
	die('Hacking attempt');
}
include_once($phpbb_root_path . 'includes/functions_validate.' . $phpEx);
include_once($phpbb_root_path . 'includes/functions_post.' . $phpEx);
include_once($phpbb_root_path . 'includes/bbcode.' . $phpEx);

class user
{
	// These are the 3 critical values for any user
	var $username;
	var $user_password;
	var $user_email;

	var $user_id;

	// The remaining userdata fields are stored in an array
	var $user_fields;

	// This stores details of any usergroups that the user should be in
	var $groups;

	// The constructor for this class
	//
	// The password must be in MD5 format, but we'll handle escaping any special
	// characters in any field within the function
	function user($name, $password, $email)
	{
		global $board_config;

		$this->username = $this->sql_escape($name);
		$this->user_password = $this->sql_escape($password);
		$this->user_email = $this->sql_escape($email);

		$this->user_id = '';

		// Now we need to set the remaining fields to some default values
		// If you wish to integrate with another MOD, you should add any initilization
		// it requires after this
		$this->user_fields['user_regdate'] = time();
		$this->user_fields['user_from'] = '';
		$this->user_fields['user_occ'] = '';
		$this->user_fields['user_interests'] = '';
		$this->user_fields['user_website'] = '';
		$this->user_fields['user_icq'] = '';
		$this->user_fields['user_aim'] = '';
		$this->user_fields['user_yim'] = '';
		$user_fields['user_msnm'] = '';
		$this->user_fields['user_sig'] = '';
		$this->user_fields['user_sig_bbcode_uid'] = ( $board_config['allow_bbcode'] ) ? make_bbcode_uid() : '';
		$this->user_fields['user_avatar'] = '';
		$this->user_fields['user_avatar_type'] = USER_AVATAR_NONE;
		$this->user_fields['user_viewemail'] = 1;
		$this->user_fields['user_attachsig'] = 1;
		$this->user_fields['user_allowsmile'] = $board_config['allow_smilies'];
		$this->user_fields['user_allowhtml'] = $board_config['allow_html'];
		$this->user_fields['user_allowbbcode'] = $board_config['allow_bbcode'];
		$this->user_fields['user_allow_viewonline'] = 1;
		$this->user_fields['user_notify'] = 0;
		$this->user_fields['user_notify_pm'] = 1;
		$this->user_fields['user_popup_pm'] = 1;
		$this->user_fields['user_timezone'] = $board_config['board_timezone'];
		$this->user_fields['user_dateformat'] = $board_config['default_dateformat'];
		$this->user_fields['user_lang'] = $board_config['default_lang'];
		$this->user_fields['user_style'] = $board_config['default_style'];
		$this->user_fields['user_level'] = USER;
		$this->user_fields['user_posts'] = 0;
	}

	// This function escapes any special characters in a string to allow for safe
	// use in the SQL query. It is used in the constructor and should be used on 
	// any data passed to set_field()
	function sql_escape($data)
	{
		return str_replace("\'", "''", addslashes($data));
	}

	// This function is used to set any of the user fields if you do not want to
	// use the default values. Any field listed in the array in this function
	// will have special characters escaped
	function set_field($field_name, $data)
	{
		// It's not the most efficient, but we escape everything just to be safe
		$this->user_fields[$field_name] = $this->sql_escape($data);
	}

	// This function allows you to set a specific user_id for this user
	// You should only call this if you know that the user_id you are specifying
	// is not already in use.
	// This is provided mainly for convertor use and not for normal use
	function set_user_id($id)
	{
		$this->user_id = intval($id);
	}

	// This function returns the user_id of the user.
	// It is only really useful after the call to insert_user()
	function get_user_id()
	{
		return $this->user_id;
	}

	// This function is used to set any usergroups the user should be added to
	// upon registration.
	// It can be called as many times as required
	function add_to_group($group_id)
	{
		$this->groups[] = $group_id;
	}

	// This function validates the userdata to ensure that the user can be inserted
	// into the database. It checks for duplicate usernames, disallowed usernames,
	// invalid email addresses and disallowed email addresses
	//
	// Returns true if the user can be inserted, false otherwise
	function validate_user()
	{
		$name_check = validate_username(stripslashes(str_replace("''", "\'", $this->username)));
		if ($name_check['error'])
		{
			return false;
		}

		$email_check = validate_email(stripslashes(str_replace("''", "\'", $this->user_email)));
		if ($email_check['error'])
		{
			return false;
		}
		return true;
	}

	// This is the function which actually inserts the user into the database
	//
	// NB. This function does not validate the user allowing you to register names
	// and email addresses which might otherwise be disallowed, if you want to
	// validate the data you should call validate_user() first
	//
	// Returns true on success, false otherwise
	function insert_user()
	{
		global $db;

		// Get the user_id if one has not already been set
		if ($this->user_id == '')
		{
			$sql = "SELECT MAX(user_id) AS total
				FROM " . USERS_TABLE;
			if ( !($result = $db->sql_query($sql)) )
			{
				message_die(GENERAL_ERROR, 'Could not obtain next user_id information', '', __LINE__, __FILE__, $sql);
			}

			if ( !($row = $db->sql_fetchrow($result)) )
			{
				message_die(GENERAL_ERROR, 'Could not obtain next user_id information', '', __LINE__, __FILE__, $sql);
			}
			$this->user_id = $row['total'] + 1;
		}

		// Build the main SQL query
		$sql = "INSERT INTO " . USERS_TABLE . "	(user_id, username, user_regdate, user_password, user_email, user_icq, user_website, user_occ, user_from, user_interests, user_sig, user_sig_bbcode_uid, user_avatar, user_avatar_type, user_viewemail, user_aim, user_yim, user_msnm, user_attachsig, user_allowsmile, user_allowhtml, user_allowbbcode, user_allow_viewonline, user_notify, user_notify_pm, user_popup_pm, user_timezone, user_dateformat, user_lang, user_style, user_level, user_allow_pm, user_active, user_actkey, user_posts) ";
		$sql .= "VALUES (" . $this->user_id . ", '" . $this->username . "', '" . $this->user_fields['user_regdate'] . "', '" . $this->user_password . "', '" . $this->user_email . "', '" . $this->user_fields['user_icq'] . "', '" . $this->user_fields['user_website'] . "', '" . $this->user_fields['user_occ'] . "', '" . $this->user_fields['user_from'] . "', '" . $this->user_fields['user_interests'] . "', '" . $this->user_fields['user_sig'] . "', '" . $this->user_fields['user_sig_bbcode_uid'] . "', '" . $this->user_fields['user_avatar'] . "', '" . $this->user_fields['user_avatar_type'] . "', " . $this->user_fields['user_viewemail'] . ", '" . str_replace(' ', '+', $this->user_fields['user_aim']) . "', '" . $this->user_fields['user_yim'] . "', '" . $this->user_fields['user_msnm'] . "', " . $this->user_fields['user_attachsig'] . ", " . $this->user_fields['user_allowsmile'] . ", " . $this->user_fields['user_allowhtml'] . ", " . $this->user_fields['user_allowbbcode'] . ", " . $this->user_fields['user_allow_viewonline'] . ", " . $this->user_fields['user_notify'] . ", " . $this->user_fields['user_notify_pm'] . ", " . $this->user_fields['user_popup_pm'] . ", " . $this->user_fields['user_timezone'] . ", '" . $this->user_fields['user_dateformat'] . "', '" . $this->user_fields['user_lang'] . "', " . $this->user_fields['user_style'] . ", " . $this->user_fields['user_level'] . ", 1, 1, '', '" . $this->user_fields['user_posts'] . "')";

		// Insert the user
		if ( !($result = $db->sql_query($sql, BEGIN_TRANSACTION)) )
		{
			$error = true;
		}

		// Insert the personal group
		$sql = "INSERT INTO " . GROUPS_TABLE . " (group_name, group_description, group_single_user, group_moderator)
			VALUES ('', 'Personal User', 1, 0)";
		if ( !($result = $db->sql_query($sql)) )
		{
			$error = true;
		}

		$group_id = $db->sql_nextid();

		// Insert the user_group entry
		$sql = "INSERT INTO " . USER_GROUP_TABLE . " (user_id, group_id, user_pending)
			VALUES (" . $this->user_id . ", $group_id, 0)";
		if( !($result = $db->sql_query($sql, END_TRANSACTION)) )
		{
			$error = true;
		}

		// Add the user to any applicable groups
		for ($i=0; $i<count($this->groups); $i++)
		{
			$sql = "INSERT INTO " . USER_GROUP_TABLE . " (user_id, group_id, user_pending)
				VALUES (" . $this->user_id . ", " . $this->groups[$i] . ", 0)";
			if( !($result = $db->sql_query($sql)) )
			{
				$error = true;
			}
		}
		return ($error == true) ? false : true;
	}
}

// Now we have a few wrapper functions for those who don't need the full power
// of the class and just want to call a simple function

function insert_user($username, $user_password, $user_email, $group_id = '')
{
	$user = new user($username, $user_password, $user_email);

	if ($group_id != '')
	{
		$user->add_to_group($group_id);
	}

	$result = $user->validate_user();
	if ($result)
	{
		$result = $user->insert_user();
	}
	return $result;
}
?>
Return current item: Phpbbantispam