<?php
/**
* SASHA :: inc/lib/lib.user.php
*
* This contains all of the user classes.
*
* @package SASHA
* @copyright (C) 2006-2010 Gordon P. Hemsley
* @license docs/LICENSE BSD License
* @version $Id: lib.user.php 84 2010-01-21 01:26:56Z gphemsley $
*/
/**
* User
*
* Base class for User
*
* @package SASHA
* @subpackage User
*/
class User
{
/**
* User->user_info
*
* @var array $user_info Contains information about the current user
*/
var $user_info;
/**
* User::__construct()
*
* Gets user information for the given user ID.
*
* @param int $user_id User ID for which to get information
* @return array User information
*/
function __construct( $user_id )
{
global $Database;
global $config;
$this->user_info = array(
'id' => USER_ANONYMOUS,
'username' => 'Anonymous',
'email' => 'hide@address.com',
'full_name' => 'Anonymous',
'preferred_name' => 'Anonymous',
'default_institution' => $config['default_institution'],
'type' => UT_ANONYMOUS
);
$sql = 'SELECT u.*
FROM users u
WHERE u.user_id = ' . (int) $user_id;
$result = $Database->query( $sql );
if( $Database->has_result( $result ) )
{
while( $user = $Database->fetch_assoc( $result ) )
{
$this->user_info['id'] = (int) $user['user_id'];
$this->user_info['username'] = $user['username'];
$this->user_info['email'] = $user['email_address'];
$this->user_info['full_name'] = $user['full_name'];
$this->user_info['preferred_name'] = $user['preferred_name'];
$this->user_info['default_institution'] = $user['default_institution'];
// $this->user_info['type'] = (int) $user['user_type'];
}
}
$Database->free_result( $result );
return $this->user_info;
}
/**
* User::_check_username_availability()
*
* Checks whether the given username is already in use.
*
* @access protected
* @param string $username Username to check
* @return bool Availability of username
*/
protected function _check_username_availability( $username )
{
global $Database;
$sql = "SELECT username
FROM users
WHERE username = '" . $Database->escape( $username ) . "'";
$result = $Database->query( $sql );
$username = $Database->fetch_assoc( $result );
$Database->free_result( $result );
if( !empty( $username ) )
{
return FALSE;
}
else
{
return TRUE;
}
}
/**
* User::validate_username()
*
* Checks whether the given username is valid.
*
* @access protected
* @param string $username Username to validate
* @return bool Validity of username
*/
protected function _validate_username( $username )
{
return (bool) preg_match( '/[a-z0-9_-]+/i', $username );
}
/**
* User::_check_password_strength()
*
* Checks whether the given password is strong.
*
* @access protected
* @param string $password Password to check
* @return bool Strength of password
*/
protected function _check_password_strength( $password )
{
return (bool) preg_match( '/.{6,}/', $password );
}
/**
* User::validate_email_address()
*
* Checks whether the given e-mail address is valid.
*
* @access protected
* @param string $email_address E-mail address to validate
* @return bool Validity of e-mail address
*/
protected function _validate_email_address( $email_address )
{
return (bool) preg_match( '/.+@(.+\.)+.+/', $email_address );
}
/**
* User::_check_email_address_availability()
*
* Checks whether the given e-mail address is already in use.
*
* @access protected
* @param string $email_address E-mail address to check
* @return bool Availability of e-mail address
*/
protected function _check_email_address_availability( $email_address )
{
global $Database;
$sql = "SELECT email_address
FROM users
WHERE email_address = '" . $Database->escape( $email_address ) . "'";
$result = $Database->query( $sql );
$email_address = $Database->fetch_assoc( $result );
$Database->free_result( $result );
if( !empty( $email_address ) )
{
return FALSE;
}
else
{
return TRUE;
}
}
/**
* User::register_user()
*
* Creates a new user.
*
* @todo Add user type to the mix.
*
* @param string $username Username
* @param string $password Password
* @param string $password_confirm Confirm password
* @param string $email_address E-mail address
* @param string $full_name Full name
* @param string $preferred_name Preferred name
* @param string $default_institution Default institution
* @return bool Was registration successful?
*/
function register_user( $username, $password, $password_confirm, $email_address, $full_name, $preferred_name, $default_institution )
{
global $SASHA, $Database;
$error = FALSE;
// Make sure username is valid.
if( empty( $username ) || !$this->_validate_username( $username ) )
{
print_message( 'bad', 'Please enter a valid username. Usernames may only contain letters, numbers, hyphens, and underscores.', 'Invalid username.' );
$error = TRUE;
}
// Make sure username is available.
if( !empty( $username ) && !$this->_check_username_availability( $username ) )
{
print_message( 'bad', 'Sorry, that username is taken. Please choose a different username.', 'Username taken.' );
$error = TRUE;
}
// Make sure passwords match.
if( $password !== $password_confirm )
{
print_message( 'bad', 'Please ensure that both passwords are the same.', 'Password mismatch.' );
$error = TRUE;
}
// Make sure password is strong enough.
if( empty( $password ) || !$this->_check_password_strength( $password ) )
{
print_message( 'bad', 'Please enter a stronger password, with at least 6 characters. It is recommended that you use uppercase and lowercase letters, numbers, and symbols for the best security.', 'Weak password.' );
$error = TRUE;
}
// Make sure e-mail address is valid.
if( empty( $email_address ) || !$this->_validate_email_address( $email_address ) )
{
print_message( 'bad', 'Please enter a valid e-mail address.', 'Invalid e-mail address.' );
$error = TRUE;
}
// Make sure e-mail address is available.
if( !empty( $email_address ) && !$this->_check_email_address_availability( $email_address ) )
{
print_message( 'bad', 'Sorry, that e-mail address is already in use. Please use a different e-mail address.', 'E-mail address in use.' );
$error = TRUE;
}
// Make sure institution is valid.
if( empty( $default_institution ) || !$SASHA->validate_institution( $default_institution ) )
{
print_message( 'bad', 'Please select a valid institution.', 'Invalid institution.' );
$error = TRUE;
}
// If there was an error, we can't continue.
if( $error )
{
return FALSE;
}
$sql = "INSERT INTO users ( username, password, email_address, full_name, preferred_name, default_institution, registration_date, user_type )
VALUES ( '" . $Database->escape( strtolower( $username ) ) . "', '" . sha1( $password ) . "', '" . $Database->escape( $email_address ) . "', '" . $Database->escape( $full_name ) . "', '" . $Database->escape( $preferred_name ) . "', '" . $Database->escape( $default_institution ) . "', " . time() . ', ' . UT_STUDENT . ' )';
if( $result = $Database->query( $sql ) )
{
return TRUE;
}
else
{
return FALSE;
}
}
/**
* User::print_registration_form()
*
* Prints user registration form.
*
* @param array $defaults Default values to pre-propagate the form
* @return void Prints user registration form
*/
function print_registration_form( $defaults = array() )
{
global $SASHA;
$form_data = array(
array(
'type' => 'header',
'name' => 'registration-header',
'label' => 'Register',
'data' => array(
'level' => 2
)
),
array(
'type' => 'text',
'name' => 'username',
'label' => 'Username',
'data' => array(
'size' => 25,
'maxlength' => 255,
'value' => @$defaults['username']
)
),
array(
'type' => 'password',
'name' => 'password',
'label' => 'Password',
'data' => array(
'size' => 25,
'maxlength' => 255,
'value' => @$defaults['password']
)
),
array(
'type' => 'password',
'name' => 'password_confirm',
'label' => 'Confirm Password',
'data' => array(
'size' => 25,
'maxlength' => 255,
'value' => @$defaults['password_confirm']
)
),
array(
'type' => 'text',
'name' => 'email',
'label' => 'E-mail Address',
'data' => array(
'size' => 30,
'maxlength' => 320,
'value' => @$defaults['email']
)
),
array(
'type' => 'text',
'name' => 'full_name',
'label' => 'Full Name',
'data' => array(
'size' => 50,
'value' => @$defaults['full_name']
)
),
array(
'type' => 'text',
'name' => 'preferred_name',
'label' => 'Preferred Name',
'data' => array(
'size' => 30,
'value' => @$defaults['preferred_name']
)
),
array(
'type' => 'institution',
'name' => 'default_institution',
'label' => 'Default Institution',
'data' => array( @$defaults['default_institution'] )
),
array(
'type' => 'submit',
'name' => 'submit',
'data' => array(
'value' => 'Register'
)
)
);
print_message( NULL, 'SASHA requires you to be a registered user in order to store your personal data. Please use the form below to register a new user.' );
$SASHA->create_form( 'registration-form', ROOT . 'register.php', $form_data );
}
}
?>