Location: PHPKode > projects > Webgenerator-X content management system > wgx_rc1.5/WG-X/UserManager.php
<?
/*
* This file is part of Webgenerator-X,
* an object oriented website management engine working an top of
* Apache/PHP4/MySQL.
* http://www.webgenerator-x.com
* @2001 REGNI Giorgio
* hide@address.com
*
* Webgenerator-X is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* Webgenerator-X is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Foobar; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
*/

/*************************************************************************/
/* REGNI Giorgio
   2/05/2001
   WG-X
   User managment: class UserManager
   This file defines all utilities needed to get user info , log user,
   deconnect user etc...
   
   user data string:
   userID,login,groupID,grouprights,realname,email,website,websiteurl
   
   global variables: userlogged set by check_session: is true when a valid user is logged
   					 userdata is an array containing user information when userlogged is true
					 usererr contain user error message when an error occured
					 
	6/9/2001 added check fo non nul session
	if a session is null, all  check session function return false
*/

class An_UserManager {
	
	function An_UserManager()
	{
	}
	
	// return a valid login to store in the database
	// add slashes etc...
	// can crypt it of you wonna
	function make_dblogin( $login )
	{
		return addslashes( trim($login) );
	}
	
	// restore a login name from database
	// strip slashes etc...
	function make_login( $dblogin )
	{
		return stripslashes($dblogin);
	}
	
	// calculate an unique session value
	function make_session() {
        srand(time());
        $session= md5(uniqid(rand()));
        return($session);
	}
	
	// return true if admin $userID,$adminsession is a valid logged user
	function check_admin_session($userID,$adminsession)
	{
		global $db_prefix,$userlogged,$userdata,$user;
		
		if ($adminsession=="")
			return false;
		
		$ok=false;
		
		$sql = "select 
				userID
			from 
				$db_prefix"."users
			where 
				userID='" . intval($userID) . "'
			and
				session='$adminsession'
			";

		$res = mysql_query($sql);
		if ($res)
			if (mysql_num_rows($res)) {
					 mysql_free_result($res) ;
					$ok = true;
					$userlogged=true;
					$user = $this->make_userstring($userID);
					$userdata = $this->make_userarray( $user );
				}
		
		return $ok;
	}
	
	// take an url and make it an url with &adminsession=xxx
	// only for admins
	// userID get var is set only for admins !!!!
	function make_admin_session_url($url) {

		global $adminsession,$userID;
		
		if (ereg("\?",$url)) {
			$string = "&userID="  . $userID."&adminsession="  . $adminsession;
		} else {
			$string = "?userID="  . $userID."&adminsession="  . $adminsession;
		}
		$string = $url . $string;
	
		return($string);
	}
	
	// return true if actual admin user can admin $module
	function can_admin( $module )
	{
		global $userdata;		//cookie
		
		$ok=false;
		
		$rights = strtoupper( $userdata[rights] );
		$module = strtoupper( $module );
		
		if ( strstr($userdata[rights],"wgxadmin:full") )
			$ok=true;
		else
		{
			$ar_rights = explode( " ", $rights );
			if (in_array( $module, $ar_rights ) )
				$ok = true;
		}
		
		return $ok;
	}
	
	//return true if user is a full administrator (ie with all rights)
	function is_fulladmin()
	{
		global $userdata;		//cookie
		
		$ok=false;
		
		if ( strstr($userdata[rights],"wgxadmin:full") )
			$ok=true;
		
		return $ok;
	}
	
	// return a string  with user data
	// need a valid userID and mysql connection!
	// userID,login,groupID,grouprights
	// error return false
	// same string as cookie $user
	function make_userstring($userID) {
		global $db_prefix;
		
		$query = "select 
				u.userID,u.login,u.groupID,g.rights,u.realname,u.email,u.website,u.websiteurl
			from
				$db_prefix"."users AS u,
				$db_prefix"."usergroups AS g
			where 
				u.userID = '$userID'
			and
				g.groupID = u.groupID
			";
			
		$result = mysql_query($query);
		if (!$result)
			return false;
			
		list($uID,$login,$groupID,$rights,$realname,$email,$website,$websiteurl) = mysql_fetch_row($result);
		
		mysql_free_result($result);
		
		$realname = stripslashes( $realname );
		
		if ($uID)
			return "$uID,$login,$groupID,$rights,$realname,$email,$website,$websiteurl";
		else
			return false;
	}
	
	// used to create $userdata from cookie $user
	function make_userarray( $userstring )
	{
		$usertemp = explode( ",",$userstring);		// set userdate table from cookie user
	
		return array( userID=>$usertemp[0],login=>$usertemp[1],groupID=>$usertemp[2],rights=>$usertemp[3],realname=>$usertemp[4],email=>$usertemp[5],website=>$usertemp[6],websiteurl=>$usertemp[7]);
	}
	
	// this will update the user cookies
	// used to change user datas
	// datas are retrieve from database
	function Update_Data_Cookie($userID)
	{
		global $user,$userdata;
		
		$user = $this->make_userstring($userID);
		setcookie("user",$user,time()+3600*24*7);		// expire in 1 week
		mysql_query( "update $db_prefix"."users set session = '$session' where userID='$userID'");
		$userdata = $this->make_userarray( $user );
	}
	
	// log an user in the system
	// that means settting cookie and session id
	// return false if impossible
	// return true if log successfull
	// don't log in for administration
	// use AdminLogin instead
	function Login($login,$pass)
	{
		global $db_prefix,$user,$userlogged,$userdata,$session;
		
		$logok=false;
		
		$query = "select 
				userID
			from
				$db_prefix"."users 
			where 
				login = '".$this->make_dblogin($login)."' 
			and 
				password = '".$this->make_dblogin($pass)."'
			";
	
		$result = mysql_query($query);
		if ($result)
		{
			if ( mysql_num_rows($result) == 1)
			{
				// OK !
				list ($userID)=mysql_fetch_row($result);
				mysql_free_result($result);
				$session = $this->make_session();
				
				setcookie("session",$session,time()+3600*24*7);  // expire in 1 week
				$user = $this->make_userstring($userID);
				setcookie("user",$user,time()+3600*24*7);		// expire in 1 week
				mysql_query( "update $db_prefix"."users set session = '$session' where userID='$userID'");
				$logok = true;
				$userlogged=true;
				$userdata = $this->make_userarray( $user );
			}
		}
		return $logok;
	}

	// return true if $session and table $userdata point to a valid logged user
	// userdata must a valid user array given by the function make_userarray !
	function check_session($userdata,$session)
	{
		global $db_prefix,$userlogged,$user;
		
		if ($session=="")
			return false;
		
		$ok=false;
		$sql = "select 
				userID
			from 
				$db_prefix"."users
			where 
				userID='" . intval($userdata[userID]) . "'
			and
				session='$session'
			";
		
		$res = mysql_query($sql);
		if ($res)
			if (mysql_num_rows($res)==1) {
					 mysql_free_result($res);
					$ok = true;
					setcookie("session",$session,time()+3600*24*7);  // expire in 1 week
					setcookie("user",$user,time()+3600*24*7);		// expire in 1 week
					$userlogged=true;
				}
		
		return $ok;
	}
	
	// log an admin user in the system
	// an empty string in impossible
	// else return a session value for the user
	// set up 2 global variables: userID and adminsession
	function AdminLogin($login,$pass)
	{
		global $db_prefix,$userID,$adminsession,$userdata,$user,$userlogged;
		
		$logok=false;
		
		$query = "select 
				u.userID,g.rights
			from
				$db_prefix"."users AS u,
				$db_prefix"."usergroups AS g
			where 
				u.login = '".$this->make_dblogin($login)."' 
			and 
				u.password = '".$this->make_dblogin($pass)."'
			and
				g.groupID=u.groupID";
	
		$result = mysql_query($query);
		if ($result)
			if ( mysql_num_rows($result) == 1)
			{
				// OK !
				list ($userID,$rights)=mysql_fetch_row($result);
				mysql_free_result($result);
				
				// chech if it's an administrator who wants to admin ?
				if (strstr($rights,"wgxadmin") )
				{
					$adminsession = $this->make_session();
					// log as an administrator
					$logok = true;
					mysql_query( "update $db_prefix"."users set session = '$adminsession' where userID='$userID'");
					$user = $this->make_userstring($userID);
					$userlogged=true;
					$userdata = $this->make_userarray( $user );
				}
			}
			
		if ($logok)
			return $adminsession;
		else
			return '';
	}
	
	// call this to log out an admin
	function AdminLogout()
	{
		global $db_prefix,$adminsession,$userID;
		
		mysql_query( "update $db_prefix"."users set session = '' where userID='$userID'");
		$adminsession="";
		$userID="";
	}
	
	//  logout an user !
	function Logout()
	{
		global $session,$user,$userlogged;
		
		$session="";
		$user="";
		$userlogged=false;
		
		setcookie("session");
		setcookie("user");		// expire in 1 week
	}
}
	
$USERMANAGER = new An_UserManager();
$userlogged = false;
?>
Return current item: Webgenerator-X content management system