Location: PHPKode > projects > simpleMVC > myGifts/includes/User.class.php
<?php

define (_USER_ERR_GENERIC, 1);
define (_USER_ERR_NONAME, 2);
define (_USER_ERR_NOPWD, 4);
define (_USER_ERR_NAMEINVALID, 8);
define (_USER_ERR_PWDINVALID, 16);
define (_USER_ERR_EMAILINVALID, 32);
define (_USER_ERR_NAMEDUPLICATE, 64);
define (_USER_ERR_NAMELENGTH, 128);
define (_USER_ERR_AUTHBADPWD, 256);
define (_USER_ERR_AUTHBADUSER, 512);
define (_USER_ERR_RENAMETOOEARLY, 1024);

define (_USER_SYSTEM_ID, "1");

class User
{
	var $id;
	
	var $name;
	var $email;
	var $password;
	

	function User($id = "")
	{
		global $database;
        
        if (!empty($id)) {
			$sqlQuery = "select * from gft_user where id='".addslashes($id)."'";
	 		$database->loadObject($this, $sqlQuery);
        }
	}
	
    function getCurrentUser()
    {
        $visitorID = $_COOKIE["visitorID"];
        if (!empty($visitorID)) {
	        return new User($visitorID);
	    } else
	    	return null;
    }

    function login($name, $password, $rememberme)
    {
		global $database, $user;
        
		$sqlQuery = "select * from gft_user where name='".addslashes($name)."' and password='".md5($password)."'";
 		$user = $database->loadObject(new User(), $sqlQuery);
		
 		if ($user == null)
 			return "ERROR_CANTLOGIN";
 		else {
 			$user->remember($rememberme);
	        return 0;
	    }
    }

	function remember($permanent = FALSE) {
		if ($this->id == "") {
			$this->id = $this->generateID();
		}
		if ($permanent)
			setcookie("visitorID", $this->id, mktime (0,0,0,1,1,2020));
		else
			setcookie("visitorID", $this->id);
	}

	function logout() {
		setcookie("visitorID", "", mktime (0,0,0,1,1,2000));
		
		return 0;
	}

	function getParams() {
	}
	
	function saveUser($name, $email, $password, $accessLevel = 1) {
		global $database, $user;
		
		$accessLevel = (int) $accessLevel;
		if (empty($name))
			return "ERROR_MISSINGPARAMETER";

		if (empty($this->id)) {
			if (empty($password))
				return "ERROR_MISSINGPARAMETER";

			//if ($user->accessLevel == 2) {
				$sqlQuery = "insert into gft_user (id, name, password, accessLevel, creationDate) values('".User::generateID()."', '".addslashes($name)."', '".md5($password)."', $accessLevel, now())";
			//}
		} else {
			$sqlQuery = "update gft_user set name='".addslashes($name)."', email='".addslashes($email)."'";
			if (isset($accessLevel) && $user->accessLevel == 2)
				$sqlQuery .= ", accessLevel=$accessLevel";
			$sqlQuery .= " where id='".addslashes($this->id)."'";
		}
		
		if (!empty($sqlQuery))
 			if (!$database->query($sqlQuery))
 				return "ERROR_CANTSAVE";
 		
 		return 0;
	}

	function changePassword($password, $password2) {
		global $database;
		
		if ($password != $password2)
			return "ERROR_PASSWORD_NOTMATCH";
			
		$sqlQuery = "update gft_user set password='".md5($password)."' where id='".addslashes($this->id)."'";
		
 		$database->query($sqlQuery);
 		
 		return 0;
	}
	
	function generateID() {
		return md5 (uniqid (rand()));
	}
	
	function generateTicket() {
		global $database;
        
		$ticket = User::generateID();
		$sqlQuery = "INSERT INTO gft_auth (ticket, user, IP, userAgent, creationDate) values('".addslashes($ticket)."', '".addslashes($this->id)."', '".addslashes($_SERVER["REMOTE_ADDR"])."', '".addslashes($_SERVER["HTTP_USER_AGENT"])."', now())";
        $result = $database->query($sqlQuery);
        
        setcookie("auth", $ticket, 0, "/");
        return true;
	}

	function sendMail($to, $subject, $message)
	{
		$result = mail($to, $subject, $message,	"From: \"$this->name\" <$this->email>\r\n"
												."X-Mailer: myGifts/PHP");
		if ($result)
			return 0;
		else
			return "ERROR_CANTSENDMAIL";
	}
	/* Work in progress
	function verifyAuth($authLevel) {
		global $database;

		if ($authLevel == 1 || $authLevel == "") {
			if (empty($_COOKIE["visitorID"]) || empty($this->name))
                return false;
  
 			return true;
		} else {
            $ticket = $_COOKIE["auth"];
            $sqlQuery = "SELECT u.authLevel FROM gft_auth a, gft_user u WHERE ticket='".addslashes($ticket)."' and u.id='".addslashes($this->id)."' and a.user = u.id AND IP='".addslashes($_SERVER["REMOTE_ADDR"])."' and userAgent='".addslashes($_SERVER["HTTP_USER_AGENT"])."' and updateDate > date_sub(now(), interval 20 minute)";
            $result = $database->fetch($sqlQuery);
            if ($result && mysql_num_rows($result) == 1) {
                $this->isLogged = true;
                $this->currentAuth = $object->authLevel;
                $object = @mysql_fetch_object ($result);
                if ($object->authLevel >= $authLevel) {
                    $sqlQuery = "UPDATE gft_auth a SET updateDate=now() WHERE ticket='".addslashes($ticket)."'";
                    $result = $env->executeQuery($sqlQuery);
                    return true;
                }
 			}
		}
		return false;
	}

	function checkValidity() {
		global $env;
		
		$errorCode = 0;
		
		if ($this->name == "") {
			$errorCode |= _USER_ERR_NONAME;
		} else {
			$this->name = trim(eregi_replace("[^a-z0-9éèàùôâê'-]", "", $this->name));
		}
		
		if (strlen($this->name) < 3 || strlen($this->name) > 11) {
			$errorCode |= _USER_ERR_NAMELENGTH;
		} else {
            if (eregi("(chiotte|merde|bordel|fuck|conne|connerie|chier|cretin|cul|debile|merdique|bite|anus|encule|putain|salope|connard|connasse|petasse|pute|sexe|naze|pipi|caca|zizi|foutre|carte|jdc|bustarret)", $this->name)) {
                $errorCode |= _USER_ERR_NAMEINVALID;
            }
        }
        
		if ($this->needsAuth > 1) {
			if ($this->password == "") {
				$errorCode |= _USER_ERR_NOPWD;
			}
			if (strlen($this->password) < 3 || strlen($this->password) > 16) {
				$errorCode |= _USER_ERR_PWDINVALID;
			}
		}
		if ($this->name != "anonyme") {
			if ($this->id == "") {
				$sqlQuery = "SELECT 1 FROM phub_user WHERE name = '".$this->name."' or oldName = '".$this->name."'";
			} else {
				$sqlQuery = "SELECT 1 FROM phub_user WHERE (name = '".$this->name."' or oldName = '".$this->name."') AND id != '".$this->id."'";
			}
			$result = $env->executeQuery($sqlQuery);
			if ($result) {
				$object = @mysql_fetch_object ($result);
				if ($object) {
					$errorCode |= _USER_ERR_NAMEDUPLICATE;
				}
			}
		}
		
		return $errorCode;
	}
	
	function checkConfig() {
		global $env, $nocookie, $testcookie;
		
		$env->logMessage($env->LOG_INFO, "Checking config.");
		if ($testcookie != 1) {
			if ($nocookie == "") {
				setcookie("testcookie", "1");
				$nextUrl = $env->appendUri($env->getCurrentUrl(), "nocookie", "1");
				header ("Location: $nextUrl");
				exit;
			}
			$env->logMessage($env->LOG_INFO, "Test cookie is OK.");
			return FALSE;
		}
		return TRUE;
	}
	*/
	
	
}


Controler::registerHandler("login", "all", "User", array("user", "name", "password", "rememberme"));
Controler::registerHandler("changePassword", "all", "User", array("user", "password", "password2"), 1);
//Controler::registerNextAction("changePassword", "myList");
Controler::registerHandler("logout", "action", "User", array("user"), 1);
Controler::registerNextAction("logout", "myList");

Controler::registerHandler("adminUsers", "display", "User", null, 2);
Controler::registerHandler("editUser", "display", "User", array("id"), 2);
Controler::registerHandler("editProfile", "display", "User", array("user"), 1);
Controler::registerHandler("saveUser", "action", "User", array("id", "name", "email", "password", "accessLevel"), 1);
//Controler::registerNextAction("saveUser", "adminUsers");

?>
Return current item: simpleMVC