Location: PHPKode > projects > WB News > users.php
<?php

/*========================================================*\
||########################################################||
||#                                                      #||
||#     WB News v1.0.0                                   #||
||# ---------------------------------------------------- #||
||#     Copyright (c) 2004-2005                          #||
||#     Created: 17th September 2005                     #||
||#     Filename: users.php                              #||
||#                                                      #||
||########################################################||
/*========================================================*/

/**
 *  @author $Author: pmcilwaine $
 *	@version $Id: users.php,v 1.3.2.2.2.1 2008/07/14 11:02:38 pmcilwaine Exp $
 */

/**
 * @see Auth
 * @package public
 *  
 * This class is a wrapper for the Auth Class for the public side of WB News.
 * It adds a login and registration form, as well as a way to handle protected areas
 */
class User
{

	var $config;
	var $tmpl;
	var $DB;
	var $auth;
	var $userinfo;

	function User( $_ = NULL )
	{
		global $config, $tmpl, $DB, $auth, $userinfo;

		$this->config = $config;
		$this->tmpl = $tmpl;
		$this->DB = $DB;
		$this->auth = $auth;
		$this->userinfo = $userinfo;
	}

	/**
	 * @return boolean
	 */
	function protectedArea()
	{
		return $this->auth->is_logged();
	}

	/**
	 *
	 *
	 */
	function register()
	{
		if ( $this->config['systemstatus'] != 0 )
		{
			return FALSE;
		}

		$myform = "register";
		if ( $_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["form"]) && $_POST["form"] == $myform )
		{
			switch ( Submit() )
			{
			case "Register":

				$err_msg = array();
				
				$username = sanitize_post( "username" );
				$password = sanitize_post( "password" );
				$postname = sanitize_post( "postname" );
				$email = sanitize_post( "email" );
				
				if ( "" == $username )
				{
					$err_msg["username"] = "You must enter a username";
				}
				else if ( strlen($username) <= 3 )
				{
					$err_msg["username"] = "Username must be 4 or more characters";
				}

				$username = addslashes( $username );
				$cond = array();
				$cond[] = "\"username\"='$username'";
				$cond = join( " AND ", $cond );

				$ids = $this->DB->ListBy( TBL_USERS, $cond, array("userid") );
				if ( is_array($ids) && count($ids) != 0 )
				{
					$err_msg["username"] = "Username already in use";
				}
				
				if ( "" == $email )
				{
					$err_msg["email"] = "You must enter an email";
				}
				else if ( !preg_match( "/^([a-zA-Z0-9])+([.a-zA-Z0-9_-])*@([a-zA-Z0-9_-])+(.[a-zA-Z0-9_-]+)+[a-zA-Z0-9_-]$/", $email) )
				{
					$err_msg["email"] = "Invalid email format";
				}
				
				if ( isset($_POST["set_password"]) &&
					$_POST["password"] != $_POST["check_password"] )
				{
					$err_msg["password"] = "Both passwords must match.";
				}
				else if ( strlen($password) < 4 || strlen($password) > 32 )
				{
					$err_msg["password"] = "Password must be 4 to 32 characters long";
				}
				
				if ( count($err_msg) > 0 )
				{
					$_SESSION["formdata"] =& $_POST;
					$_SESSION["err_msg"][$myform] = $err_msg;
					break;
				}

				$usergroupid = addslashes( $this->config["default_usergroupid"] );
				$postname = addslashes( $postname );
				$email = addslashes( $email );
				$password = md5( $password . $this->config['salt'] );

				$query[] = "INSERT INTO " . TBL_USERS;
				$query[] = " (userid, usergroupid, username, password, postname, email)";
				$query[] = " VALUES( 'NULL', '$usergroupid', '$username', '$password', '$postname', '$email' )";

				$this->DB->query( join( " ", $query ) );

				$this->tmpl->SetFilename( BuildPath( "registered.ihtml" ) );
				$this->tmpl->AddParam( "username", stripslashes(htmlspecialchars( $username )) );
				return $this->tmpl->GetHTML();
			}
		}

		$this->tmpl->SetFilename( BuildPath( "register-user.ihtml" ) );

		$formdata =& $this->tmpl->AddParam( "formdata", array() );
		$this->tmpl->AddParam( "action", make_url_html() );

		$formdata["hidden"] = array(
			"form" => $myform
			);
		
		$formdata["username"] = NULL;
		$formdata["postname"] = NULL;
		$formdata["email"] = NULL;
		
		$this->tmpl->AddParam( "buttons", "Register" );
		
		if ( isset($_SESSION["formdata"]) )
		{
			if ( isset($_SESSION["err_msg"][$myform]) )
			{
				$this->tmpl->AddParam( "msg", $_SESSION["err_msg"][$myform] );
			}

			$formdata["username"] = sanitize_post_html( "username", NULL, $_SESSION["formdata"] );
			$formdata["postname"] = sanitize_post_html( "postname", NULL, $_SESSION["formdata"] );
			$formdata["email"] = sanitize_post_html( "email", NULL, $_SESSION["formdata"] );
			
			unset( $_SESSION["formdata"], $_SESSION["err_msg"][$myform] );
		}
		
		return $this->tmpl->GetHTML();
	}

	/**
	 *
	 *
	 */
	function logIn()
	{
		if ( $this->config['systemstatus'] != 0 )
		{
			return FALSE;
		}
		
		$myform = "login";

		if ( $_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["form"]) && $_POST["form"] == $myform )
		{
			switch ( Submit() )
			{
			case "Login":
				$this->auth->Auth_ValidateLogin();
				
				$_SESSION["err_msg"] = array("Login"=>"Invalid username/password");
				$_SESSION["formdata"] = array();
				break;
			}
		}
		
		$this->tmpl->SetFilename( BuildPath( "user-login.ihtml" ) );

		$formdata =& $this->tmpl->AddParam( "formdata", array() );
		$this->tmpl->AddParam( "action", make_url_html() );

		$formdata["hidden"] = array(
			"form" => $myform
			);
		
		$formdata["username"] = NULL;
		
		$this->tmpl->AddParam( "buttons", "Login" );
		
		if ( isset($_SESSION["formdata"]) )
		{
			if ( isset($_SESSION["err_msg"]) )
			{
				$this->tmpl->AddParam( "msg", $_SESSION["err_msg"] );
			}
			
			unset( $_SESSION["formdata"], $_SESSION["err_msg"] );
		}
		
		return $this->tmpl->GetHTML();
	}
	
	/**
	 * Log a user out
	 * @return boolean
	 */
	function logout()
	{
		if ( $this->config['systemstatus'] != 0 )
		{
			return FALSE;
		}

		return $this->auth->logout();
	}

}

return;

?>
Return current item: WB News