Location: PHPKode > scripts > PHP Users > php_users-1.0-b1/php_users-1.0-b1/include/users.inc
<?php
/* vim: set expandtab tabstop=4 shiftwidth=4: */
// +----------------------------------------------------------------------+
// | PHP version 4                                                        |
// +----------------------------------------------------------------------+
// | Copyright (c) 1997-2002 The PHP Group                                |
// +----------------------------------------------------------------------+
// | This source file is subject to version 2.0 of the PHP license,       |
// | that is bundled with this package in the file LICENSE, and is        |
// | available through the world-wide-web at                              |
// | http://www.php.net/license/2_02.txt.                                 |
// | If you did not receive a copy of the PHP license and are unable to   |
// | obtain it through the world-wide-web, please send a note to          |
// | hide@address.com so we can mail you a copy immediately.               |
// +----------------------------------------------------------------------+
// | Authors: Byrne Reese <byrne at majordojo dot com                     |
// +----------------------------------------------------------------------+
//
// $Id: users.inc,v 1.1.1.1 2003/06/03 14:12:24 byrnereese Exp $

include_once("users.conf");
require_once("utils.inc");

function require_login() {
  global $USERS_BASE_URL;
  Header("Location: $USERS_BASE_URL/login.php?returnto=".returnto_url_enc());
}

function connect_to_users_db() {
  global $USERS_DBHOST,$USERS_DB, $USERS_DBUSER, $USERS_DBPASS;
  if (!mysql_connect($USERS_DBHOST, $USERS_DBUSER, $USERS_DBPASS)) {
    // couldn't connect
    echo "could not connect ($USERS_DBHOST, $USERS_DBUSER, $USERS_DBPASS)"; 	
  }
  if (!mysql_select_db($USERS_DB)) {
    // couldn't connect
    echo "could not select ($USERS_DB)"; 	
  }
}

function send_confirmation($email,$token) {
  global $COMPANY_NAME,$USERS_BASE_URL,$WEB_MASTER,$WEB_MASTER_EMAIL;
  mail($email, "Welcome to $COMPANY_NAME", "Thank you for signing up. This email has been sent to you automatically. Please click the link below in order to confirm your account.\n\n$USERS_BASE_URL/confirm_account.php?token=".base64_encode($token)."\n\nEmail: $email\nToken: ".base64_encode($token)."\n\nThanks,\n$WEB_MASTER","From: $WEB_MASTER <$WEB_MASTER_EMAIL>\n");    
}

class User {
  var $id;
  var $email;
  var $seclev;
  var $status;
  var $is_anonymous;
  
  var $_PERMISSION_DATA;

#  function isAdmin() {
#    return ($this->utype == "admin");
#  }

  function load_from_db() {
    global $USERS_DB;
    $sql = "
   SELECT email,status,seclev 
     FROM $USERS_DB.Users 
    WHERE userId=".$this->id;
    $query = mysql_query($sql) 
       or die ("The query failed! (".mysql_error()."): $sql"); 
    if ($query && (mysql_num_rows($query) > 0)) {
      list($this->email,
	   $this->status,
	   $this->seclev) = mysql_fetch_row($query);
    }
  }

  function init() {
    global $USER_COOKIE,$_COOKIE,$COOKIE_KEY;
    $this->is_anonymous = 0;
    $cookie = $_COOKIE[$USER_COOKIE];
    if (isset($COOKIE_KEY)) {
      $iv = mcrypt_create_iv(mcrypt_get_iv_size (MCRYPT_BLOWFISH, MCRYPT_MODE_ECB), MCRYPT_RAND);
      $cookie = mcrypt_decrypt(MCRYPT_BLOWFISH, $COOKIE_KEY, base64_decode($cookie), MCRYPT_MODE_ECB, $iv);
    }
    $cookie = rtrim($cookie);
    $a = split('&', $cookie);
    $i = 0;
    while ($i < count($a)) {
      $b = split ('=', $a[$i]);
      $key = urldecode($b[0]);
      $value = urldecode($b[1]);
      $this->{$key} = $value;
      $i++;
    }
    $this->id = $this->{'uid'};
  }

  function can_edit_users() {
    return $this->get_permission('php_users','edit_users');
  }
  function can_list_users() {
    return $this->get_permission('php_users','list_users');
  }
  function can_edit_self() {
    return $this->get_permission('php_users','edit_self');
  }
  function can_set_perm() {
    return $this->get_permission('php_users','set_perm');
  }
  function can_edit_perm() {
    return $this->get_permission('php_users','edit_perm');
  }
  
  function set_user_cookie() {
    global $USER_COOKIE,$COOKIE_PATH,$COOKIE_DOMAIN,$COOKIE_KEY;
    $cookie = "email=".urlencode($this->email)."&uid=$this->id&seclev=$this->seclev";
    if (isset($COOKIE_KEY)) {
      $iv = mcrypt_create_iv(mcrypt_get_iv_size (MCRYPT_BLOWFISH, MCRYPT_MODE_ECB), MCRYPT_RAND);
      $cookie = base64_encode(mcrypt_encrypt (MCRYPT_BLOWFISH, $COOKIE_KEY, $cookie, MCRYPT_MODE_ECB, $iv));
    }
    $expire = (time() + (3600 * 24 * 365 * 5));
    setcookie($USER_COOKIE,$cookie,$expire,$COOKIE_PATH,$COOKIE_DOMAIN,0);
  }
  
  function unset_user_cookie() {
    global $USER_COOKIE,$COOKIE_PATH,$COOKIE_DOMAIN;
    setcookie($USER_COOKIE,"",(time() - 3600),$COOKIE_PATH,$COOKIE_DOMAIN);
  }

  function get_permission($domain,$label) {
    global $__PERMISSIONS;
    if ($this->is_anonymous) {
      return $__PERMISSIONS[$domain][$label];
    }
    // fetch permissions in database if they have not already been fetched
    if (!isset($this->_PERMISSION_DATA)) {
      $this->_PERMISSION_DATA = get_permissions_for_user($this->id);
    }
    if (!isset($__PERMISSIONS[$domain][$label])) {
      echo "Unknown permission $domain, $label";
      exit;
    } elseif (isset($this->_PERMISSION_DATA[$domain][$label])) {
      return $this->_PERMISSION_DATA[$domain][$label];
    } else {
      return 0; // this should never happen
    }
  }
 
}

function get_permissions_for_user($user_id) {
  global $USERS_DB;
  connect_to_users_db();
  $sql = "
  SELECT domain,label,description,value
    FROM $USERS_DB.permissions 
   WHERE user_id=".$user_id;
  $query = mysql_query($sql) or die ("The query failed! (".mysql_error()."): <pre><tt>$sql</tt></pre>"); 
  while ($query && (list($domain,$label,$description,$value) = mysql_fetch_row($query))) {
#   $PERMS[<domain>][<permission lavel>] = <value>;
    $PERMS[$domain][$label] = $value;
  }
  return $PERMS;
}

// This code is run every single time and initializes the
// $_CURRENT_USER object
$_CURRENT_USER = new User; 
$_CURRENT_USER->is_anonymous = 1;
if (isset($_COOKIE[$USER_COOKIE])) {
  $_CURRENT_USER->init();
}

?>
Return current item: PHP Users