Location: PHPKode > projects > WaveWatcher > wavewatcher3/classes/user.php
<?
/******************************************************************************
 * Name           :    User
 * Description    :    Class to manage user information
 *****************************************************************************/

require_once("../classes/dbconnection.php");

class User
{
   // database connection
   var $m_dbcn;

   // user information
   var $m_user_id;
   var $m_name;
   var $m_password;
   var $m_company;
   var $m_email;
   var $m_location;
   var $m_phone;
   var $m_type;
   var $m_last_login;
   var $m_comments;

   var $m_session_user_id;

   // constructor
   function User()
   {
       //Create new instance of DBConnection
       $this->m_dbcn = new DBConnection();
       $this->m_user_id = -1;
   }

   // login if username and password are correct
   function Login($name, $password)
   {
       // check if there is a DBConnection object
       if (!is_object($this->m_dbcn))
           return FALSE;

       // make sure that there is no hidden SQL queries in the string parameters
       if ($this->FindSqlSyntax(array($name,$password)))
           return FALSE;

       // check if user is logged in
       if ($this->IsLoggedIn())
           $this->Logout();

       // send a query to the database
       $cn = $this->m_dbcn->Connect();
       $result = $this->m_dbcn->Query("SELECT user_id FROM users WHERE name = '$name' AND password = PASSWORD('$password')",array("users","READ"));
       $this->m_dbcn->Disconnect($cn);

       if ($result)
       {
              $row = $this->m_dbcn->FetchRow($result);

              if (!$row)
                  return FALSE;
              else
              {
                  if (!session_is_registered('UserID'))
                       session_register('UserID');

                  // save user ID in a session variable
                  global $UserID;
                  $UserID = $row[0];
                  $user_id = $UserID;

                  // make sure that $user_id is an integer
                  if (!settype($user_id, "integer"))
                       return FALSE;

                  if ($user_id <= 0)
                       return FALSE;

                  $this->m_session_user_id = $UserID;

                  $date = date("ymd H:i:s");

                  // update the time when the user logged in
                  $cn = $this->m_dbcn->Connect();
                  $this->m_dbcn->Query("UPDATE users SET lastlogin = '$date' WHERE user_id = $user_id",array("users","WRITE"));
                  $this->m_dbcn->Disconnect($cn);

                  return TRUE;
              }
       }

       return FALSE;
   }

   // logging out
   function Logout()
   {
       $this->m_session_user_id = 0;
       return session_destroy();
   }

   // check if user is logged in
   function IsLoggedIn()
   {
       if (session_is_registered('UserID'))
       {
            global $UserID;
            $user_id = $UserID;

            // make sure that $user_id is an integer
            if (!settype($user_id, "integer"))
                return FALSE;

            if ($user_id > 0)
                return TRUE;
       }

       return FALSE;
   }

   // check if user is administrator
   function IsAdmin()
   {
       // check if user is logged in
        if ($this->IsLoggedIn())
        {
            // check if there is a DBConnection object
            if (!is_object($this->m_dbcn))
                return FALSE;

            global $UserID;
            $user_id = $UserID;

            // make sure that $user_id is an integer
            if (!settype($user_id, "integer"))
                return FALSE;

            // get the users type
            $cn = $this->m_dbcn->Connect();
            $result = $this->m_dbcn->Query("SELECT type FROM users WHERE user_id = $user_id",array("users","READ"));
            $this->m_dbcn->Disconnect($cn);

            $row = $this->m_dbcn->FetchRow($result);

            if ($row)
            {
                if ($row[0] == "admin")
                    return TRUE;
            }
        }

        return FALSE;
   }

   // get a row from a querys resultset
   function FetchRow($result)
   {
       // check if there is a DBConnection object
       if (!is_object($this->m_dbcn))
           return FALSE;

       return $this->m_dbcn->FetchRow($result);
   }

   // check so that no unwanted SQL queries are inside the strings
   function FindSqlSyntax($string_arr)
   {
       foreach($string_arr as $str)
       {
           if (is_string($str))
           {
               $str = strtoupper($str);

               $pos = strpos($str,"SELECT ");
               if ($pos !== FALSE)
                   return TRUE;

               $pos = strpos($str,"UPDATE ");
               if ($pos !== FALSE)
                   return TRUE;

               $pos = strpos($str,"INSERT ");
               if ($pos !== FALSE)
                   return TRUE;

               $pos = strpos($str,"DELETE ");
               if ($pos !== FALSE)
                   return TRUE;
           }
           else
               return TRUE;
       }

       return FALSE;
   }

   // get information about all users
   function GetAllUsers()
   {
       // check if there is a DBConnection object
       if (!is_object($this->m_dbcn))
           return FALSE;

       // check if the user is a an administrator
       if (!$this->IsAdmin())
           return FALSE;

       // get information of all the users in the database
       $cn = $this->m_dbcn->Connect();
       $result = $this->m_dbcn->Query("SELECT user_id,name,email,type FROM users ORDER BY name",array("users","READ"));
       $this->m_dbcn->Disconnect();

       return $result;
   }

   // get users all information
   function GetUserDetails($user_id)
   {
       global $UserID;
       $this->m_session_user_id = $UserID;

       if ($user_id == 0)
           $user_id = $this->m_session_user_id;

       // make sure that $user_id is an integer
       if (!settype($user_id, "integer"))
           return FALSE;

       if ($user_id < 0)
           return FALSE;

       if ($user_id != $this->m_user_id)
       {
           // check if the user is a an administrator or that $user_id is the ID of the logged in user
           if ($this->IsAdmin() or $user_id == $this->m_session_user_id)
           {
               // check if there is a DBConnection object
               if (!is_object($this->m_dbcn))
                   return FALSE;

               // get users information
               $cn = $this->m_dbcn->Connect();
               $result = $this->m_dbcn->Query("SELECT * FROM users WHERE user_id = $user_id",array("users","READ"));
               $this->m_dbcn->Disconnect($cn);

               $row = $this->m_dbcn->FetchRow($result);

               if ($row)
               {
                   $this->m_user_id = $row[0];
                   $this->m_name = $row[1];
                   $this->m_password = $row[2];
                   $this->m_company = $row[3];
                   $this->m_email = $row[4];
                   $this->m_location = $row[5];
                   $this->m_phone = $row[6];
                   $this->m_type = $row[7];
                   $this->m_last_login = $row[8];
                   $this->m_comments = $row[9];

                   return TRUE;
               }
           }

           return FALSE;
       }

       return TRUE;
   }

   // get users id
   function GetUserID($user_id = 0)
   {
       if (!$this->GetUserDetails($user_id))
           return FALSE;

       return $this->m_user_id;
   }

   // get users name
   function GetUserName($user_id = 0)
   {
       if (!$this->GetUserDetails($user_id))
           return FALSE;

       return $this->m_name;
   }

   // get users crypted password
   function GetUserPassword($user_id = 0)
   {
       if (!$this->GetUserDetails($user_id))
           return FALSE;

       return $this->m_password;
   }

   // get users companyname
   function GetUserCompany($user_id = 0)
   {
       if (!$this->GetUserDetails($user_id))
           return FALSE;

       return $this->m_company;
   }

   // get users emails
   function GetUserEmail($user_id = 0)
   {
       if (!$this->GetUserDetails($user_id))
           return FALSE;

       return $this->m_email;
   }

   // get users location
   function GetUserLocation($user_id = 0)
   {
       if (!$this->GetUserDetails($user_id))
           return FALSE;

       return $this->m_location;
   }

   // get users phonenumbers
   function GetUserPhone($user_id = 0)
   {
       if (!$this->GetUserDetails($user_id))
           return FALSE;

       return $this->m_phone;
   }

   // get users usertype
   function GetUserType($user_id = 0)
   {
       if (!$this->GetUserDetails($user_id))
           return FALSE;

       return $this->m_type;
   }

   // get users last logintime
   function GetUserLastLogin($user_id = 0)
   {
       if (!$this->GetUserDetails($user_id))
           return FALSE;

       return $this->m_last_login;
   }

   // get users comments
   function GetUserComments($user_id = 0)
   {
       // check if the user is a an administrator
       if ($this->IsAdmin())
       {
           if (!$this->GetUserDetails($user_id))
               return FALSE;

           return $this->m_comments;
       }

       return FALSE;
   }

   // add or modify users userinformation
   function SetUserDetails($name,$password,$company,$email,$location,$phone,$user_id = 0)
   {
        // check if there is a DBConnection object
        if (!is_object($this->m_dbcn))
            return FALSE;

        // make sure that there is no hidden SQL queries in the string parameters
        if ($this->FindSqlSyntax(array($name,$password,$email,$location,$phone)))
            return FALSE;

        if ($user_id > 0)
        {
            global $UserID;
            $id = $UserID;

            // make sure that $id is an integer
            if (!settype($id, "integer"))
                return FALSE;

            // make sure that $user_id is an integer
            if (!settype($user_id, "integer"))
                return FALSE;

            // get user information
            $cn = $this->m_dbcn->Connect();
            $result = $this->m_dbcn->Query("SELECT name,type,password FROM users WHERE user_id = $id",array("users","READ"));
            $this->m_dbcn->Disconnect($cn);

            $row = $this->m_dbcn->FetchRow($result);

            if ($row and ($row[0] == $name or $row[1] == "admin"))
            {
                $pass = "";

                if ($password != $row[2])
                    $pass = "password = PASSWORD('$password'),";

                // update the users information
                $cn = $this->m_dbcn->Connect();
                $result = $this->m_dbcn->Query("UPDATE users SET $pass company = '$company',email = '$email',
                                  location = '$location', phone = '$phone' WHERE user_id = $user_id",array("users","WRITE"));
                $this->m_dbcn->Disconnect($cn);

                if ($result)
                {
                    if ($user_id == $id)
                        return $this->GetUserID();
                    else
                        return $user_id;
                }
            }
        }
        else
        {
            // check if the user exist in the database
            $cn = $this->m_dbcn->Connect();
            $result = $this->m_dbcn->Query("SELECT name FROM users WHERE name = '$name'",array("users","READ"));
            $this->m_dbcn->Disconnect($cn);

            $row = $this->m_dbcn->FetchRow($result);

            if (!$row)
            {
                // add user to the database
                $cn = $this->m_dbcn->Connect();
                $result = $this->m_dbcn->Query("INSERT INTO users (name,password,company,email,location,phone)
                                 VALUES ('$name',PASSWORD('$password'),'$company','$email',
                                 '$location','$phone')",array("users","WRITE"));
                $this->m_dbcn->Disconnect($cn);

                if ($result)
                {
                    // get the new users ID
                    $cn = $this->m_dbcn->Connect();
                    $result = $this->m_dbcn->Query("SELECT user_id FROM users WHERE name = '$name'",array("users","READ"));
                    $this->m_dbcn->Disconnect($cn);

                    $row = $this->m_dbcn->FetchRow($result);

                    if ($row)
                        return $row[0];
                }
            }
        }

        return FALSE;
   }

   // modify user comments
   function SetUserComments($user_id,$comments)
   {
       // check if there is a DBConnection object
       if (!is_object($this->m_dbcn))
           return FALSE;

       // make sure that $user_id is an integer
       if (!settype($user_id, "integer"))
           return FALSE;

       // check if the user is a an administrator
       if ($this->IsAdmin())
       {
           if ($user_id <= 0)
              return FALSE;

           // update the users comments
           $cn = $this->m_dbcn->Connect();
           $result = $this->m_dbcn->Query("UPDATE users SET comments = '$comments' WHERE user_id = $user_id",array("users","WRITE"));
           $this->m_dbcn->Disconnect($cn);

           return $result;
       }

       return FALSE;
   }
   // update log with user and time of latest refresh
   function usageLog($user_name){
       // check if there is a DBConnection object
        $date = date("ymd H:i:s");
           $cn = $this->m_dbcn->Connect();
           $result = $this->m_dbcn->Query("INSERT INTO usagelog (user_name, time) VALUES ('$user_name', '$date')", array("usagelog", "WRITE"));
           $this->m_dbcn->Disconnect($cn);
   }
   // modify a users type
   function SetUserType($user_id,$type = 0)
   {
       // check if there is a DBConnection object
       if (!is_object($this->m_dbcn))
           return FALSE;

       // make sure that $user_id is an integer
       if (!settype($user_id, "integer"))
           return FALSE;

       // check if the user is a an administrator
       if ($this->IsAdmin())
       {
           // update the users type
           $cn = $this->m_dbcn->Connect();

           if ($type == 1)
               $result = $this->m_dbcn->Query("UPDATE users SET type = 'admin' WHERE user_id = $user_id",array("users","WRITE"));
           else
               $result = $this->m_dbcn->Query("UPDATE users SET type = 'reguser' WHERE user_id = $user_id",array("users","WRITE"));

           $this->m_dbcn->Disconnect($cn);

           if ($result)
               return TRUE;
        }

        return FALSE;
   }

   // removes a user from the database
   function RemoveUser($user_id)
   {
       // check if there is a DBConnection object
       if (!is_object($this->m_dbcn))
           return FALSE;

       // make sure that $user_id is an integer
       if (!settype($user_id, "integer"))
           return FALSE;

       global $UserID;
       $id = $UserID;

       // make sure that $id is an integer
       if (!settype($id, "integer"))
           return FALSE;

       // check if the user is a an administrator and that $user_id not is the ID of the logged in user
       if ($this->IsAdmin() and $user_id != $id)
       {
           // remove the user from the database
           $cn = $this->m_dbcn->Connect();
           $result = $this->m_dbcn->Query("DELETE FROM users WHERE user_id = $user_id",array("users","WRITE"));
           $this->m_dbcn->Disconnect($cn);

           if ($result)
           {
               // remove the removed users selected nodes
               $cn = $this->m_dbcn->Connect();
               $this->m_dbcn->Query("DELETE FROM nodes_users WHERE user_id = $user_id",array("nodes_users","WRITE"));
               $this->m_dbcn->Disconnect($cn);

               return TRUE;
           }
       }

       return FALSE;
   }

   // add and/or remove the nodes that the user shall monitor
   function SetUserNodes($nodes,$user_id = 0)
   {
       // check if there is a DBConnection object
        if (!is_object($this->m_dbcn))
            return FALSE;

        if ($user_id < 0)
            return FALSE;
        elseif ($user_id == 0)
        {
            // check if user is logged in
            if ($this->IsLoggedIn())
            {
                global $UserID;
                $user_id = $UserID;
            }
            else
                return FALSE;
        }

        // make sure that $user_id is an integer
        if (!settype($user_id, "integer"))
           return FALSE;

        $count = 0;
        $query = "INSERT INTO nodes_users (user_id,node_id) VALUES ";

        foreach($nodes as $node_id)
        {
            // check if $node_id is an integer
            if (settype($node_id, "integer"))
            {
                $query .= "($user_id,$node_id),";
                $count++;
            }
        }

        // remove the users selected nodes
        $cn = $this->m_dbcn->Connect();
        $retur = $this->m_dbcn->Query("DELETE FROM nodes_users WHERE user_id = $user_id",array("nodes_users","WRITE"));
        $this->m_dbcn->Disconnect($cn);

        if ($count > 0)
        {
            $query = substr($query,0,strlen($query)-1);

            // add the users selected nodes
            $cn = $this->m_dbcn->Connect();
            $result = $this->m_dbcn->Query($query,array("nodes_users","WRITE"));
            $this->m_dbcn->Disconnect($cn);

            return $result;
        }

        return $retur;
   }

   // get the nodes that the user selected to monitor
   function GetUserNodes($user_id = 0)
   {
        // check if there is a DBConnection object
        if (!is_object($this->m_dbcn))
            return FALSE;

        if ($user_id < 0)
            return FALSE;
        elseif ($user_id == 0)
        {
            global $UserID;
            $user_id = $UserID;
        }

        // make sure that $user_id is an integer
        if (!settype($user_id, "integer"))
           return FALSE;

        $retur = array();

        // get the users selected nodes
        $cn = $this->m_dbcn->Connect();
        $result = $this->m_dbcn->Query("SELECT node_id FROM nodes_users WHERE user_id = $user_id",array("nodes_users","READ"));
        $this->m_dbcn->Disconnect($cn);

        $i = 0;

        while ($row = $this->m_dbcn->FetchRow($result))
        {
            $retur[$i] = $row[0];
            $i++;
        }

        return $retur;
   }

   function GetUserPreferences($user_id = 0)
   {
		// check if there is a DBConnection object
        if (!is_object($this->m_dbcn))
            return FALSE;

        if ($user_id < 0)
            return FALSE;

        elseif ($user_id == 0)
        {
            global $UserID;
            $user_id = $UserID;
        }

        // make sure that $user_id is an integer
        if (!settype($user_id, "integer"))
           return FALSE;

        // get users preferences
        $cn = $this->m_dbcn->Connect();
        $result = $this->m_dbcn->Query("SELECT tooltip, viewmode FROM users WHERE user_id = $user_id");
        $this->m_dbcn->Disconnect($cn);

        return $this->m_dbcn->FetchRow($result);
   }


	function SetUserPreferences($tooltip, $viewmode, $user_id = 0)
	{
		// check if there is a DBConnection object
        if (!is_object($this->m_dbcn))
            return FALSE;

        if ($user_id < 0)
            return FALSE;

        elseif ($user_id == 0)
        {
            global $UserID;
            $user_id = $UserID;
        }

        // make sure that $user_id is an integer
        if (!settype($user_id, "integer"))
           return FALSE;

        // set users preferences
        $cn = $this->m_dbcn->Connect();
        $result = $this->m_dbcn->Query("UPDATE users SET viewmode = '$viewmode', tooltip='$tooltip' WHERE user_id = $user_id");
        $this->m_dbcn->Disconnect($cn);
	}
}



?>
Return current item: WaveWatcher