<?php
// The source code packaged with this file is Free Software, Copyright (C) 2005 by
// Ricardo Galli <gallir at uib dot es>.
// It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise.
// You can get copies of the licenses here:
// http://www.affero.org/oagpl.html
// AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING".
if(!defined('mnminclude')){header('Location: ../404error.php');die();}
class User {
var $read = false;
var $id = 0;
var $username = '';
var $level = 'normal';
var $modification = false;
var $date = false;
var $pass = '';
var $email = '';
var $names = '';
var $lang = 1;
var $karma = 10;
var $public_email = '';
var $location = '';
var $occupation = '';
var $language = '';
var $url = '';
var $aim = '';
var $msn = '';
var $yahoo = '';
var $gtalk = '';
var $skype = '';
var $irc = '';
var $avatar_source = '';
// For stats
var $total_votes = 0;
var $published_votes = 0;
var $total_links = 0;
var $published_links = 0;
var $extra = '';
function User($id=0) {
if ($id>0) {
$this->id = $id;
$this->read();
}
}
function Create(){
global $db, $main_smarty,$the_template,$my_base_url,$my_pligg_base;
if($this->username == ''){return false;}
if($this->pass == ''){return false;}
if($this->email == ''){return false;}
if (!user_exists($this->username)) {
require_once(mnminclude.'check_behind_proxy.php');
$userip=check_ip_behind_proxy();
$saltedpass=generateHash($this->pass);
if(pligg_validate()){
if ($db->query("INSERT IGNORE INTO " . table_users . " (user_login, user_email, user_pass, user_date, user_ip,user_categories) VALUES ('".$this->username."', '".$this->email."', '".$saltedpass."', now(), '".$userip."', '')")) {
$result = $db->get_row("SELECT user_email, user_pass, user_karma, user_lastlogin FROM " . table_users . " WHERE user_login = '".$this->username."'");
$encode=md5($this->email . $result->user_karma . $this->username. pligg_hash().$main_smarty->get_config_vars('PLIGG_Visual_Name'));
$username = $this->username;
$password = $this->pass;
$my_base_url=$my_base_url;
$my_pligg_base=$my_pligg_base;
$domain = $main_smarty->get_config_vars('PLIGG_Visual_Name');
$validation = my_base_url . my_pligg_base . "/validation.php?code=$encode&uid=".$this->username;
$str = $main_smarty->get_config_vars('PLIGG_PassEmail_verification_message');
eval("\$str = \"$str\";");
$message = "$str";
if(phpnum()>=5)
require("class.phpmailer5.php");
else
require("class.phpmailer4.php");
$mail = new PHPMailer();
$mail->From = $main_smarty->get_config_vars('PLIGG_PassEmail_From');
$mail->FromName = $main_smarty->get_config_vars('PLIGG_PassEmail_Name');
$mail->AddAddress($this->email);
$mail->AddReplyTo($main_smarty->get_config_vars('PLIGG_PassEmail_From'));
$mail->IsHTML(false);
$mail->Subject = $main_smarty->get_config_vars('PLIGG_PassEmail_Subject_verification');
$mail->CharSet = 'utf-8';
$mail->Body = $message;
//print_r($mail);
if(!$mail->Send())
{
return false;
exit;
}
return true;
} else {
return false;
}
} else{
if ($db->query("INSERT IGNORE INTO " . table_users . " (user_login, user_email, user_pass, user_date, user_ip, user_lastlogin,user_categories) VALUES ('".$this->username."', '".$this->email."', '".$saltedpass."', now(), '".$userip."', now(),'')")) {
return true;
} else {
return false;
}
}
} else {
die('User already exists');
}
}
function store() {
global $db, $current_user, $cached_users;
if(!$this->date) $this->date=time();
$user_login = $db->escape($this->username);
$user_level = $this->level;
$user_karma = $this->karma;
$user_date = $this->date;
$user_pass = $db->escape($this->pass);
$user_email = $db->escape($this->email);
$user_names = $db->escape($this->names);
$user_url = $db->escape(htmlentities($this->url));
$user_public_email = $db->escape($this->public_email);
$user_location = $db->escape($this->location);
$user_occupation = $db->escape($this->occupation);
$user_language = $db->escape($this->language);
$user_aim = $db->escape($this->aim);
$user_msn = $db->escape($this->msn);
$user_yahoo = $db->escape($this->yahoo);
$user_gtalk = $db->escape($this->gtalk);
$user_skype = $db->escape($this->skype);
$user_irc = $db->escape(htmlentities($this->irc));
$user_avatar_source = $db->escape($this->avatar_source);
if (strlen($user_pass) < 49){
$saltedpass=generateHash($user_pass);}
else{
$saltedpass=$user_pass;}
if($this->id===0) {
$this->id = $db->insert_id;
} else {
// Username is never updated
$sql = "UPDATE " . table_users . " set user_avatar_source='$user_avatar_source' ";
$extra_vars = $this->extra;
if(is_array($extra_vars)){
foreach($extra_vars as $varname => $varvalue){
$sql .= ", " . $varname . " = '" . $varvalue . "' ";
}
}
$sql .= " , user_login='$user_login', user_occupation='$user_occupation', user_language='$user_language', user_location='$user_location', public_email='$user_public_email', user_level='$user_level', user_karma=$user_karma, user_date=FROM_UNIXTIME($user_date), user_pass='$saltedpass', user_email='$user_email', user_names='$user_names', user_url='$user_url', user_aim='$user_aim', user_msn='$user_msn', user_yahoo='$user_yahoo', user_gtalk='$user_gtalk', user_skype='$user_skype', user_irc='$user_irc' WHERE user_id=$this->id";
//die($sql);
$db->query($sql);
//lets remove the old cached data
if(array_key_exists($this->id, $cached_users))
{
unset($cached_users[$this->id]);
}
}
}
function read($data = "long") {
// $data = long -- return all user data
// $data = short -- return just basic info
global $db, $current_user, $cached_users;
if($this->id > 0)
{
$where = "user_id = $this->id";
}
else if(!empty($this->username))
{
$where = "user_login='".$db->escape($this->username)."'";
// if we only know the users login, check the cache to see if it's
// already in there and set $this->id so the code below can find it in the cache.
foreach($cached_users as $user){
if($user->user_login == $this->username){$this->id = $user->user_id;}
}
}
if(!empty($where)) {
// this is a simple cache type system
// when we lookup a user from the DB, store the results in memory
// in case we need to lookup that user information again
// good for sites where the content is submitted by the same group of people
if(isset($cached_users[$this->id])){
$user = $cached_users[$this->id];
}else{
if(!$user = $db->get_row("SELECT * FROM " . table_users . " WHERE $where")){return false;}
if($this->id > 0)
{
//only cache when the id is provided.
$cached_users[$this->id] = $user;
}
}
$this->id =$user->user_id;
$this->username = $user->user_login;
$this->level = $user->user_level;
$this->email = $user->user_email;
$this->avatar_source = $user->user_avatar_source;
$this->karma = $user->user_karma;
// if short, then stop here
if($data == 'short'){return true;}
$this->names = $user->user_names;
$date=$user->user_date;
$this->date=unixtimestamp($date);
$date=$user->user_modification;
$this->modification=unixtimestamp($date);
$this->pass = $user->user_pass;
$this->public_email = $user->public_email;
$this->location = $user->user_location;
$this->occupation = $user->user_occupation;
$this->language = $user->user_language;
$this->url = $user->user_url;
$this->aim = $user->user_aim;
$this->msn = $user->user_msn;
$this->yahoo = $user->user_yahoo;
$this->gtalk = $user->user_gtalk;
$this->skype = $user->user_skype;
$this->irc = $user->user_irc;
$this->read = true;
$this->extra_field = object_2_array($user, 0, 0);
return true;
}
$this->read = false;
return false;
}
function all_stats($from = false) {
global $db;
if (!is_numeric($this->id)) die();
if ($from !== false) {
$link_date = "AND link_date > FROM_UNIXTIME($from)";
$vote_date = "AND vote_date > FROM_UNIXTIME($from)";
$comment_date = "AND comment_date > FROM_UNIXTIME($from)";
} else {
$link_date = "";
$vote_date = "";
$comment_date = "";
}
if(!$this->read) $this->read();
$this->total_votes = $db->get_var("SELECT count(*) FROM " . table_votes . "," . table_links . " WHERE link_status != 'discard' AND vote_user_id = $this->id $vote_date AND link_id = vote_link_id");
$this->published_votes = $db->get_var("SELECT count(*) FROM " . table_votes . "," . table_links . " WHERE vote_user_id = $this->id AND link_id = vote_link_id AND link_status = 'published' AND vote_date < link_published_date $vote_date");
$this->total_links = $db->get_var("SELECT count(*) FROM " . table_links . " WHERE link_author = $this->id and (link_status='published' OR link_status='queued') $link_date");
$this->published_links = $db->get_var("SELECT count(*) FROM " . table_links . " WHERE link_author = $this->id AND link_status = 'published' $link_date");
$this->total_comments = $db->get_var("SELECT count(*) FROM " . table_comments . " WHERE comment_status='published' AND comment_user_id = $this->id $comment_date");
return true;
}
function fill_smarty($main_smarty, $stats = 1){
global $db;
$vars = '';
check_actions('profile_show', $vars);
$main_smarty->assign('user_publicemail', $this->public_email);
$main_smarty->assign('user_location', $this->location);
$main_smarty->assign('user_occupation', $this->occupation);
$main_smarty->assign('user_language', $this->language);
$main_smarty->assign('user_aim', $this->aim);
$main_smarty->assign('user_msn', $this->msn);
$main_smarty->assign('user_yahoo', $this->yahoo);
$main_smarty->assign('user_gtalk', $this->gtalk);
$main_smarty->assign('user_skype', $this->skype);
$main_smarty->assign('user_irc', $this->irc);
$main_smarty->assign('user_karma', $this->karma);
$main_smarty->assign('user_joined', get_date($this->date));
$main_smarty->assign('user_login', $this->username);
$main_smarty->assign('user_names', $this->names);
$main_smarty->assign('user_username', $this->username);
$users = $db->get_results("SELECT user_karma, COUNT(*) FROM ".table_users." WHERE user_level NOT IN ('Spammer') AND user_karma>0 AND (user_login!='anonymous' OR user_lastip) GROUP BY user_karma ORDER BY user_karma DESC",ARRAY_N);
$ranklist = array();
$rank = 1;
if ($users)
foreach ($users as $dbuser)
{
$ranklist[$dbuser[0]] = $rank;
$rank += $dbuser[1];
}
$main_smarty->assign('user_rank', $ranklist[$this->karma]);
/* global $db;
$groups = $db->get_results($sql="SELECT * FROM " . table_group_member . "
LEFT JOIN " . table_groups . " ON group_id=member_group_id
WHERE member_user_id = {$this->id}
AND member_status = 'active'
AND group_status = 'Enable'");
//print $sql;
for ($i=0; $i<sizeof($groups); $i++)
$groups[$i]->link = getmyurl("group_story", $groups[$i]->group_id);
$main_smarty->assign('user_groups', $groups);
print_r($main_smarty);
*/
user_group_read($this->id);
if($stats == 1){
$this->all_stats();
$main_smarty->assign('user_total_links', $this->total_links);
$main_smarty->assign('user_published_links', $this->published_links);
$main_smarty->assign('user_total_comments', $this->total_comments);
$main_smarty->assign('user_total_votes', $this->total_votes);
$main_smarty->assign('user_published_votes', $this->published_votes);
}
return $main_smarty;
}
}
function user_group_read($user_id,$order_by='')
{
global $db, $main_smarty, $view, $user, $rows, $page_size, $offset;
if (!is_numeric($user_id)) die();
if ($order_by == "")
$order_by = "group_name DESC";
include_once(mnminclude.'smartyvariables.php');
$groups = $db->get_results($sql="SELECT * FROM " . table_group_member . "
LEFT JOIN " . table_groups . " ON group_id=member_group_id
WHERE member_user_id = $user_id
AND member_status = 'active'
AND group_status = 'Enable'
ORDER BY $order_by");
if ($groups)
{
foreach($groups as $groupid)
$group_display .= "<li><div class='group_membership'><a href='".getmyurl("group_story_title", $groupid->group_safename)."'>".$groupid->group_name."</a></div></li>";
$main_smarty->assign('group_display', $group_display);
}
return true;
}
function killspam($id)
{
global $db;
require_once(mnminclude.'link.php');
require_once(mnminclude.'votes.php');
require_once(mnminclude.'tags.php');
$user= $db->get_row('SELECT * FROM ' . table_users ." where user_id=$id");
if (!$user->user_id) return;
canIChangeUser($user->user_level);
$db->query('UPDATE `' . table_users . "` SET user_enabled=0, `user_pass` = '63205e60098a9758101eeff9df0912ccaaca6fca3e50cdce3', user_level = 'Spammer' WHERE `user_id` = $id");
$results = $db->get_results($sql="SELECT comment_id, comment_link_id FROM `" . table_comments . "` WHERE `comment_user_id` = $id");
if ($results)
foreach ($results as $result)
{
$db->query($sql='UPDATE `' . table_comments . '` SET `comment_status` = "spam" WHERE `comment_id` = "'.$result->comment_id.'"');
$vars = array('comment_id' => $result->comment_id);
check_actions('comment_spam', $vars);
$link = new Link;
$link->id=$result->comment_link_id;
$link->read();
$link->recalc_comments();
$link->store();
}
ban_ip($user->user_ip,$user->user_lastip);
$results = $db->get_results("SELECT * FROM `" . table_groups . "` WHERE group_creator = '$id'");
if ($results)
foreach ($results as $result)
{
$db->query('DELETE FROM `' . table_group_member . '` WHERE member_group_id = '.$result->group_id);
$db->query('DELETE FROM `' . table_group_shared . '` WHERE share_group_id = '.$result->group_id);
}
$db->query("DELETE FROM `" . table_groups . "` WHERE group_creator = '$id'");
$results = $db->get_results("SELECT vote_id,vote_link_id FROM `" . table_votes . "` WHERE `vote_user_id` = $id");
if ($results)
foreach ($results as $result)
{
$db->query('DELETE FROM `' . table_votes . '` WHERE `vote_id` = "'.$result->vote_id.'"');
$link = new Link;
$link->id=$result->vote_link_id;
$link->read();
$vote = new Vote;
$vote->type='links';
$vote->link=$result->vote_link_id;
if(Voting_Method == 1){
$link->votes=$vote->count();
$link->reports = $link->count_all_votes("<0");
} elseif(Voting_Method == 2) {
$link->votes=$vote->rating();
$link->votecount=$vote->count();
$link->reports = $link->count_all_votes("<0");
}
elseif(Voting_Method == 3){
$link->votes=$vote->count();
$link->karma = $vote->karma();
$link->reports = $link->count_all_votes("<0");
}
$link->store_basic();
$link->check_should_publish();
}
$results = $db->get_results($sql="SELECT link_id, link_url FROM `" . table_links . "` WHERE `link_author` = $id");
$filename = mnmpath.'local-antispam.txt';
$lines = file($filename,FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
$approved = file(mnmpath.'notspam.txt',FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
if ($results)
foreach ($results as $result)
{
if (preg_match('/:\/\/(www\.)?([^\/]+)(\/|$)/',$result->link_url,$m))
{
$domain = $m[2];
if (!in_array($domain,$lines) && !in_array($domain,$approved))
{
$lines[] = $domain;
$changed = 1;
}
}
$vars = array('link_id' => $result->link_id);
check_actions('story_spam', $vars);
}
if ($changed)
{
if (is_writable($filename)) {
if ($handle = fopen($filename, 'w')) {
fwrite($handle,join("\n",$lines));
fclose($handle);
}
}
}
$db->query($sql='UPDATE `' . table_links . '` SET `link_status` = "spam" WHERE `link_author` = "'.$id.'"');
$db->query('DELETE FROM `' . table_saved_links . '` WHERE `saved_user_id` = "'.$id.'"');
$db->query('DELETE FROM `' . table_trackbacks . '` WHERE `trackback_user_id` = "'.$id.'"');
$db->query('DELETE FROM `' . table_friends . '` WHERE `friend_id` = "'.$id.'"');
$db->query('DELETE FROM `' . table_messages . "` WHERE `sender`=$id OR `receiver`=$id");
}
function canIChangeUser($user_level) {
//Don't want to let admins reset other admins or god
$amIgod = checklevel('god');
if (($user_level == 'god' || $user_level == 'admin') && !$amIgod) {
echo "Access denied";
die;
}
}
?>