Location: PHPKode > projects > QuickTicket > quickticket/bin/qti_class_vip.php
<?php

// QuickTicket 2.5 build:20101222

class cFLD
{

public $id = '';     // field key (can be "emails_i")
public $uid = '';
public $sort = false;// default sort order (ASC,DESC,FALSE)
public $name = '';   // field translation
public $class_th = '';
public $style_th = '';
public $class_td = '';
public $style_td = '';
public $class_dynamic = false; // To use this, define an array('formula-%s','field',array-of-classes). Note: keys of the array-of-classes must be strings
public $style_dynamic = false; // To use this, define an array('formula-%s','field',array-of-styles). Note: keys of the array-of-styles must be strings

function cFLD($id,$name,$class_th='',$style_th='',$class_td='',$style_td='',$sort=false)
{
  $this->id = $id;
  $this->uid = ( substr($id,-2,2)=='_i' ? substr($id,0,-2) : $id );
  $this->name = $name;
  $this->class_th = $class_th;
  $this->style_th = $style_th;
  $this->class_td = $class_td;
  $this->style_td = $style_td;
  $this->sort = $sort;
}

function AddStyleDynamic($arr)
{
  // Change $this->style_td to add a dynamic style based on the parameters in $this->style_dynamic and according to the values in $arr
  if ( !is_array($arr) ) return; // row not defined
  if ( count($arr)==0 ) return; // row not defined
  if ( !is_array($this->style_dynamic) ) return; // formula not defined
  if ( count($this->style_dynamic)!=3 ) return; // formula not defined
  if ( !is_string($this->style_dynamic[0]) ) return; // formula not defined
  if ( !is_string($this->style_dynamic[1]) ) return; // formula not defined
  if ( !is_array($this->style_dynamic[2]) ) return; // styles not defined
  $key      = $this->style_dynamic[1];
  $arrStyle = $this->style_dynamic[2]; 
  $strStyle = '';
  if ( isset($arr[$key]) ) {
  if ( isset($arrStyle[strval($arr[$key])]) ) {
    $strStyle = (empty($this->style_td) ? '' : ';').sprintf( $this->style_dynamic[0], $arrStyle[strval($arr[$key])] );
  }}
  return $strStyle;
}

function AddClassDynamic($arr)
{
  // Change $this->style_td to add a dynamic style based on the parameters in $this->style_dynamic and according to the values in $arr
  if ( !is_array($arr) ) return; // row not defined
  if ( count($arr)==0 ) return; // row not defined
  if ( !is_array($this->class_dynamic) ) return; // formula not defined
  if ( count($this->class_dynamic)!=3 ) return; // formula not defined
  if ( !is_string($this->class_dynamic[0]) ) return; // formula not defined
  if ( !is_string($this->class_dynamic[1]) ) return; // formula not defined
  if ( !is_array($this->class_dynamic[2]) ) return; // styles not defined
  $key      = $this->class_dynamic[1];
  $arrClass = $this->class_dynamic[2]; 
  $strClass = '';
  if ( isset($arr[$key]) ) {
  if ( isset($arrClass[strval($arr[$key])]) ) {
    $strClass = ' '.sprintf( $this->class_dynamic[0], $arrClass[strval($arr[$key])] );
  }}
  return $strClass;
}

}

// ==========
// VIP means Visitor In Page: This class includes info on the current user and the current page,
// The class also provides major lists or global stats used in most of the pages
// ==========

class cVIP implements IAuthenticate
{

public $auth = false;
public $id = 0;
public $coockieconfirm = false;
public $username = 'Guest';
public $role = 'V'; //A=Administator,M=Moderator,U=User,V=Visitor
public $numpost = 0;

public $selfurl = 'qti_index.php';
public $selfname = '';
public $selfuri = '';  // URL parameters
public $exiturl = 'qti_index.php';
public $exitname = 'Back';

public $sections = array(); // list of sectionstitles (translated) visible for the current user ($oVIP->role)
public $types = array();    // list of types
public $statuses = array(); // list of statuses
public $states = array();   // other info

// --------

public function __construct()
{
  if ( $this->IsAuthenticated() )
  {
    $this->auth = true;
    if ( isset($_SESSION[QT.'_usr_id']) ) $this->id = intval($_SESSION[QT.'_usr_id']);
    if ( isset($_SESSION[QT.'_usr_name']) ) $this->username = $_SESSION[QT.'_usr_name'];
    if ( isset($_SESSION[QT.'_usr_role']) ) $this->role = $_SESSION[QT.'_usr_role'];
    if ( isset($_SESSION[QT.'_usr_posts']) ) $this->numpost = $_SESSION[QT.'_usr_posts'];
  }

  if ( !$this->auth ) {
  if ( isset($_COOKIE[QT.'_cookname']) && isset($_COOKIE[QT.'_cookpass']) ) {

    global $oDB;
    $oDB->Query('SELECT * FROM '.TABUSER.' WHERE name="'.$_COOKIE[QT.'_cookname'].'" AND pwd="'.$_COOKIE[QT.'_cookpass'].'"');
    if ( $row=$oDB->Getrow() )
    {
      $this->auth = true;
      if ( isset($row['id']) ) $this->id = intval($row['id']);
      if ( isset($row['name']) ) $this->username= $row['name'];
      if ( isset($row['role']) ) $this->role = substr($row['role'],0,1);
      if ( isset($row['numpost']) ) { if ( !empty($row['numpost']) ) $this->numpost=intval($row['numpost']); }
      $this->Register();
      $this->coockieconfirm=true;
    }

  }}
}

// --------

public function IsStaff() { return ($this->role=='M' || $this->role=='A'); }

// --------

public function IsPrivate($str,$id)
{
  // Check the privacy setting. $str is the user's privacy level
  // Returns true/false if current user can see the private info
  if ( $str=='2' || $this->id==$id || $this->IsStaff() ) return false;
  if ( $str=='1' && $this->role!='V') return false;
  return true;
}

// --- [i] ---

public function LangAdd($strType='',$strLang='en',$strId='',$strName='',$bCheck=false)
{
  QTargs( 'cVIP->LangAdd',array($strType,$strLang,$strId,$strName,$bCheck),array('str','str','str','str','boo') );
  QTargs( 'cVIP->LangAdd',array($strType,$strLang,$strId,$strName),'empty' );

  // Process

  global $oDB;
  if ( $bCheck )
  {
  $oDB->Query('SELECT count(objid) AS countid FROM '.TABLANG.' WHERE objtype="'.$strType.'" AND objlang="'.strtolower($strLang).'" AND objid="'.$strId.'"');
  $row=$oDB->Getrow();
  if ( $row['countid']!=0 ) return False;
  }
  $oDB->Query('INSERT INTO '.TABLANG.' (objtype,objlang,objid,objname) VALUES ("'.$strType.'","'.strtolower($strLang).'","'.$strId.'","'.addslashes(QTconv($strName,'3',QTI_CONVERT_AMP,false)).'")');
  return true;
}

// --- [i] ---

public function LangDel($strType='',$strId='')
{  
  if ( is_array($strType) ) $strType = implode('" OR objtype="',$strType);
  QTargs( 'cVIP->LangDel',array($strType,$strId) );
  QTargs( 'cVIP->LangDel',array($strType,$strId),'empty' );

  // Process

  global $oDB;
  $oDB->Query( 'DELETE FROM '.TABLANG.' WHERE (objtype="'.$strType.'") AND objid="'.$strId.'"' );
}

// --- [i] ---

public function LangGet($strType='',$strLang='en',$strId='*')
{
  // Return the object name (translated)
  // Can return an array of object names (in this language) when $strId is '*'
  // Can return an array of object translation when $strLang is '*'

  QTargs('cVIP->LangGet',array($strType,$strLang,$strId));
  QTargs('cVIP->LangGet',array($strType,$strLang,$strId),'empty');
  if ( $strId==='*' && $strLang==='*' ) die('cVIP->LangGet: Arg 2 and 3 cannot be *.');

  // Process

  global $oDB;
  if ( $strId==='*' )
  {
    $arr = array();
    $oDB->Query('SELECT objid,objname FROM '.TABLANG.' WHERE objtype="'.$strType.'" AND objlang="'.strtolower($strLang).'"');
    while($row=$oDB->Getrow())
    {
      if ( !empty($row['objname']) ) $arr[$row['objid']]=$row['objname'];
    }
    return $arr;
  }
  elseif ( $strLang==='*' )
  {
    $arr = array();
    $oDB->Query('SELECT objlang,objname FROM '.TABLANG.' WHERE objtype="'.$strType.'" AND objid="'.$strId.'"');
    while($row=$oDB->Getrow())
    {
      $arr[$row['objlang']]=$row['objname'];
    }
    return $arr;
  }
  else
  {
    $oDB->Query('SELECT objname FROM '.TABLANG.' WHERE objtype="'.$strType.'" AND objlang="'.strtolower($strLang).'" AND objid="'.$strId.'"');
    $row=$oDB->Getrow();
    return (empty($row['objname']) ? '' : $row['objname']);
  }
}

// --------

public function Register()
{
  $_SESSION[QT.'_usr_auth'] = 'yes';
  $_SESSION[QT.'_usr_id'] = $this->id;
  $_SESSION[QT.'_usr_name'] = $this->username;
  $_SESSION[QT.'_usr_role'] = $this->role;
  $_SESSION[QT.'_usr_posts']= $this->numpost;
}

public function Unregister($row)
{
  // delete avatar first
  if ( isset($row['photo']) )
  {
  if ( file_exists(QTI_DIR_PIC.$row['photo']) ) unlink(QTI_DIR_PIC.$row['photo']);
  }

  // update post.userid, post.username, topic.firstpostuser, topic.lastpostuser, topic.firstpostname, topic.lastpostname
  global $oDB;
  $oDB->Query('UPDATE '.TABPOST.' SET userid=0, username="Visitor" WHERE userid='.$row['id']);
  $oDB->Query('UPDATE '.TABTOPIC.' SET firstpostuser=0, firstpostname="Visitor" WHERE firstpostuser='.$row['id']);
  $oDB->Query('UPDATE '.TABTOPIC.' SET lastpostuser=0, lastpostname="Visitor" WHERE lastpostuser='.$row['id']);
  $oDB->Query('UPDATE '.TABSECTION.' SET moderator=1,moderatorname="Admin" WHERE moderator='.$row['id']);

  // Delete user
  $oDB->Query('DELETE FROM '.TABUSER.' WHERE id='.$row['id']);

  // Unregister global sys (will be recomputed on next page)
  Unset($_SESSION[QT]['sys_states']);
}

// --------
// @$strTitle: title of the message box. When null or empty string, uses the page name ($this->selfname)
//  when $strTitle=="0", it makes a direct exit
// @$strMessage: message body.
// @$strSkin: the skin folder
// @$intTime: the pause (in second) before redirecting to the exit page. Use 0 to NOT redirect.
// @$strWidth: css width parameter ("300px" or "90%")
// @$strIdHead: css id of the header
// @$strIdMain: css id of the body

public function EndMessage($strTitle,$strMessage='Access denied',$strSkin='skin/default',$intTime=0,$strWidth='300px',$strTitleId='msgboxtitle',$strBodyId='msgbox')
{
  global $oHtml;
  $this->exiturl = str_replace('&amp;','&',$this->exiturl);
  if ( $strTitle=='0' ) $oHtml->Redirect($this->exiturl,$this->exitname);
  if ( empty($strTitle) ) $strTitle = $this->selfname;
  
  $oHtml->links   = array();
  $oHtml->links[] = '<link rel="shortcut icon" href="'.$strSkin.'/qti_icon.ico" />';
  $oHtml->links[] = '<link rel="stylesheet" type="text/css" href="'.$strSkin.'/qti_main.css" title="cssmain" />';
  $oHtml->links[] = '<link rel="stylesheet" type="text/css" href="bin/css/qti_print.css" media="print" />';
  echo $oHtml->Head();
  HtmlPageCtrl(0,'90%');
  $oHtml->Msgbox($strTitle,array('style'=>'width:'.$strWidth),array('id'=>$strTitleId),array('id'=>$strBodyId));
  echo $strMessage,'
  <p><a id="exiturl" href="',Href($this->exiturl),'">',$this->exitname,'</a></p>';
  $oHtml->Msgbox();
  HtmlPageCtrl(1);

  if ( $intTime>0 )
  {
  echo '
  <script type="text/javascript">
  <!--
  setTimeout(\'window.location=document.getElementById("exiturl").href\',',($intTime*1000),');
  -->
  </script>
  ';
  }
  echo $oHtml->End();

  exit;
}

// --------
// $strCanView user role (V[i], U, M or A) that can access the page (i=public access level)
// $bStopOff stop when application off-line

public function CanView($strCanView='V5',$bStopOff=true)
{  
  if ( $this->role=='A' ) { if ( $_SESSION[QT]['board_offline']=='1' ) echo '<p style="padding:4px;background-color:#ff0000;color:#ffffff">Board is offline but Administrators can make some actions.</p>'; return true; }
  if ( $strCanView=='U' && $this->role=='V') return false;
  if ( $strCanView=='M' && !$this->IsStaff() ) return false;  
  if ( $strCanView=='A' && $this->role!='A' ) return false;  
  if ( strlen($strCanView)==2 ) { $strPAL=substr($strCanView,-1,1); } else { $strPAL='5'; }
  if ( $this->role=='V' && $_SESSION[QT]['visitor_right']<$strPAL ) return false;
  if ( $_SESSION[QT]['board_offline']=='1' && $bStopOff ) return false;
  return true;
}


// --------

public function CanViewCalendar()
{
  if ( !isset($_SESSION[QT]['show_calendar']) ) return true;
  if ( $_SESSION[QT]['show_calendar']=='V' ) return true;
  if ( $_SESSION[QT]['show_calendar']=='U' && $this->role!='V' ) return true;
  return $this->IsStaff();
}

// --------

public function SysCount($strObject='topics')
{  
  global $oDB;
  switch($strObject)
  {
  case 'topics':
    $oDB->Query('SELECT count(id) as countid FROM '.TABTOPIC);
    $row = $oDB->Getrow();
    return intval($row['countid']);
    break;
  case 'replies':
    $oDB->Query('SELECT count(id) as countid FROM '.TABPOST.' WHERE type<>"P"');
    $row = $oDB->Getrow();
    return intval($row['countid']);
    break;
  case 'members':
    $oDB->Query('SELECT count(id) as countid FROM '.TABUSER.' WHERE id>0');
    $row = $oDB->Getrow();
    return intval($row['countid']);
    break;
  case 'states':
    $arr = array();
      $oDB->Query('SELECT max(id) as countid FROM '.TABUSER);
      $row = $oDB->Getrow();
    $arr['newuserid'] = intval($row['countid']);
      $oDB->Query('SELECT name,firstdate FROM '.TABUSER.' WHERE id='.$row['countid'] );
      $row = $oDB->Getrow();
    $arr['newusername'] = $row['name'];
    $arr['newuserdate'] = (empty($row['firstdate']) ? '0' : substr($row['firstdate'],0,8)); // date only
    return $arr;
    break;
  }
}

// --------

public function GetTypes()
{
  global $L;
  return array(
  'T'=>array('name'=>$L['Topic'],'color'=>''),
  'I'=>array('name'=>$L['Inspection'],'color'=>''),
  'A'=>array('name'=>$L['News'],'color'=>'')
  );
}

// --------

public function GetStatuses()
{
  $arr = array();

  global $oDB;  $oDB->Query( 'SELECT * FROM '.TABSTATUS.' ORDER BY id' );
  while($row=$oDB->Getrow())
  {
    $arr[$row['id']]['statusname'] = ucfirst(str_replace('_',' ',$row['name']));
    $arr[$row['id']]['statusdesc'] = '';
    $arr[$row['id']]['name'] = $row['name'];
    $arr[$row['id']]['icon'] = $row['icon'];
    $arr[$row['id']]['mailto'] = $row['mailto'];
    $arr[$row['id']]['color'] = $row['color'];
  }

  // find translations

  $arrL = cVIP::LangGet('status',GetIso(),'*');
  foreach($arrL as $id=>$str)
  {
    if ( !empty($str) ) $arr[$id]['statusname'] = $str;
  }
  $arrL = cVIP::LangGet('statusdesc',GetIso(),'*');
  foreach($arrL as $id=>$str)
  {
    if ( !empty($str) ) $arr[$id]['statusdesc'] = $str;
  }

  return $arr;
}

// --------

public function StatusAdd($id='',$name='',$icon='',$color='',$mailto='')
{
  // Check

  if ( !is_string($id) || empty($id) ) die('cVIP->StatusAdd: Argument #1 must be a string');
  if ( !is_string($name) || empty($name) ) die('cVIP->StatusAdd: Argument #2 must be a string');
  if ( !is_string($icon) ) die('cVIP->AddStatusAdd Argument #3 must be a string');
  if ( !is_string($color) ) die('cVIP->StatusAdd: Argument #4 must be a string');
  if ( !is_string($mailto) ) die('cVIP->StatusAdd: Argument #5 must be a string');

  // Process

  global $oDB;
  $error = '';

  $id = strtoupper(substr(trim($id),0,1));
  $name = QTconv($name,'3',QTI_CONVERT_AMP);

  // unique id and name

  $oDB->Query('SELECT count(*) AS countid FROM '.TABSTATUS.' WHERE id="'.$id.'"');
  $row=$oDB->Getrow();
  if ( $row['countid']>0 ) $error = "Status id [$id] already used";
  $oDB->Query('SELECT count(*) AS countid FROM '.TABSTATUS.' WHERE name="'.addslashes($name).'"');
  $row=$oDB->Getrow();
  if ( $row['countid']>0 ) $error = "Status name [$name] already used";

  // Save

  if ( empty($error) )
  {
    $oDB->Query('INSERT INTO '.TABSTATUS.' (id,name,color,mailto,icon) VALUES ("'.$id.'","'.addslashes($name).'","'.$color.'","'.$mailto.'","'.$icon.'")');
  }
  
  // Exit
  
  if ( isset($_SESSION[QT]['sys_statuses']) ) unset($_SESSION[QT]['sys_statuses']);
  return $error;
}

// --------

public function StatusDelete($id='',$to='A')
{
  // Check

  if ( !is_string($id) || empty($id) ) die('cVIP->StatusDelete: Argument #1 must be a string');
  if ( !is_string($to) || empty($to) ) die('cVIP->StatusDelete: Argument #2 must be a string');
  $id = strtoupper(substr(trim($id),0,1));
  $to = strtoupper(substr(trim($to),0,1));
  if ( $id=='A' || $id=='A' ) die('cVIP->StatusDelete: Argument #1 cannot be A nor Z');
  if ( $id==$to ) die('cVIP->StatusDelete: Argument #1 equal #2');

  // Process - status id > to and delete id
  
  global $oDB;

  $oDB->Query( 'UPDATE '.TABTOPIC.' SET status="'.$to.'" WHERE status="'.$id.'"' );
  $oDB->Query( 'DELETE FROM '.TABSTATUS.' WHERE id="'.$id.'"' );
  $oDB->Query( 'DELETE FROM '.TABLANG.' WHERE (objtype="status" OR objtype="statusdesc") AND objid="'.$id.'"' );

  // Exit

  if ( isset($_SESSION[QT]['sys_statuses']) ) unset($_SESSION[QT]['sys_statuses']);
}

// --------

public function StatusChangeId($id='',$to='')
{
  // Check

  if ( !is_string($id) || empty($id) ) die('cVIP->StatusChangeId: Argument #1 must be a string');
  if ( !is_string($to) || empty($to) ) die('cVIP->StatusChangeId: Argument #2 must be a string');
  $id = strtoupper(substr(trim($id),0,1));
  $to = strtoupper(substr(trim($to),0,1));
  if ( $id=='A' || $id=='A' ) die('cVIP->StatusChangeId: Argument #1 cannot be A nor Z');
  if ( $to=='A' || $to=='A' ) die('cVIP->StatusChangeId: Argument #2 cannot be A nor Z');

  // Process
  
  global $oDB;
  $error = '';

  // Unique name

  if ( array_key_exists($to,$this->statuses) ) return L('Status').' id ['.$to.'] '.strtolower(L('E_already_used'));

  // Save changes

  if ( empty($error) )
  {
  $oDB->Query('UPDATE '.TABTOPIC.' SET status="'.$to.'" WHERE status="'.$id.'"');
  $oDB->Query('UPDATE '.TABSTATUS.' SET id="'.$to.'" WHERE id="'.$id.'"');
  }

  // Exit
  
  if ( isset($_SESSION[QT]['sys_statuses']) ) unset($_SESSION[QT]['sys_statuses']);
  return $error;
}

// --------

public function SetSys()
{
  if ( !isset($_SESSION[QT]['sys_sections']) ) { $_SESSION[QT]['sys_sections'] = QTarrget(GetSections($this->role)); }
  if ( !isset($_SESSION[QT]['sys_statuses']) ) $_SESSION[QT]['sys_statuses'] = $this->GetStatuses();  
  if ( !isset($_SESSION[QT]['sys_states']) ) $_SESSION[QT]['sys_states'] = $this->SysCount('states');

  // Exit

  $this->types = $this->GetTypes();
  $this->sections = $_SESSION[QT]['sys_sections'];
  $this->statuses = $_SESSION[QT]['sys_statuses'];
  $this->states = $_SESSION[QT]['sys_states'];
}

// --------
// interface methods
// --------

public function IsAuthenticated()
{
  if ( isset($_SESSION[QT.'_usr_auth']) ) { if ( $_SESSION[QT.'_usr_auth']=='yes' ) return true; }
  return false;
}

// --------

public function Login($strUsername='',$strPwd='',$bRemember=FALSE)
{
  // login and return extra info (fullname and coppa)

  global $oDB;
  $oDB->Query( 'SELECT count(*) as countid FROM '.TABUSER.' WHERE name="'.$strUsername.'" AND pwd="'.sha1($strPwd).'"' );

  if ( $row = $oDB->Getrow() ) {
  if ( isset($row['countid']) ) {
  if ( $row['countid']==1 ) {

    $this->auth = true;

    // Get user info
    $oDB->Query('SELECT id,role,children,numpost,closed FROM '.TABUSER.' WHERE name="'.$strUsername.'" AND pwd="'.sha1($strPwd).'"');
    $row = $oDB->Getrow();
    $this->id = intval($row['id']);
    $this->username = $strUsername;
    $this->role = $row['role'];
    if ( !empty($row['numpost']) ) $this->numpost=intval($row['numpost']);

    // Register VIP info in session
    $this->Register();

    if ( $bRemember )
    {
    setcookie(QT.'_cookname', htmlspecialchars($this->username,ENT_QUOTES), time()+60*60*24*100, '/');
    setcookie(QT.'_cookpass', sha1($strPwd), time()+60*60*24*100, '/');
    setcookie(QT.'_cooklang', $_SESSION[QT]['language'], time()+60*60*24*100, '/');
    }

    // Reset parameters (because the Role can impact the lists)
    unset($_SESSION[QT]['sys_sections']);

    return array('fullname'=>$strUsername,'coppa'=>intval($row['children']),'closed'=>intval($row['closed']));

  }}}

  return array('fullname'=>'','coppa'=>0,'closed'=>0);

}

// --------

public function Logout()
{
  // Remove session info (and cookie)
  $_SESSION=array();
  session_destroy();
  if ( isset($_COOKIE[QT.'_cookname']) ) setcookie(QT.'_cookname', '', time()+60*60*24*100, '/');
  if ( isset($_COOKIE[QT.'_cookpass']) ) setcookie(QT.'_cookpass', '', time()+60*60*24*100, '/');
  if ( isset($_COOKIE[QT.'_cooklang']) ) setcookie(QT.'_cooklang', '', time()+60*60*24*100, '/');
}

// --------

}
Return current item: QuickTicket