<?php
/* vim: set expandtab tabstop=4 shiftwidth=4: */
// +----------------------------------------------------------------------+
// | PHP version 4 |
// +----------------------------------------------------------------------+
// | Copyright (c) 1997-2002 The PHP Group |
// +----------------------------------------------------------------------+
// | This source file is subject to version 2.0 of the PHP license, |
// | that is bundled with this package in the file LICENSE, and is |
// | available through the world-wide-web at |
// | http://www.php.net/license/2_02.txt. |
// | If you did not receive a copy of the PHP license and are unable to |
// | obtain it through the world-wide-web, please send a note to |
// | hide@address.com so we can mail you a copy immediately. |
// +----------------------------------------------------------------------+
// | Authors: Byrne Reese <byrne at majordojo dot com |
// +----------------------------------------------------------------------+
//
// $Id: users.inc,v 1.1.1.1 2003/06/03 14:12:24 byrnereese Exp $
include_once("users.conf");
require_once("utils.inc");
function require_login() {
global $USERS_BASE_URL;
Header("Location: $USERS_BASE_URL/login.php?returnto=".returnto_url_enc());
}
function connect_to_users_db() {
global $USERS_DBHOST,$USERS_DB, $USERS_DBUSER, $USERS_DBPASS;
if (!mysql_connect($USERS_DBHOST, $USERS_DBUSER, $USERS_DBPASS)) {
// couldn't connect
echo "could not connect ($USERS_DBHOST, $USERS_DBUSER, $USERS_DBPASS)";
}
if (!mysql_select_db($USERS_DB)) {
// couldn't connect
echo "could not select ($USERS_DB)";
}
}
function send_confirmation($email,$token) {
global $COMPANY_NAME,$USERS_BASE_URL,$WEB_MASTER,$WEB_MASTER_EMAIL;
mail($email, "Welcome to $COMPANY_NAME", "Thank you for signing up. This email has been sent to you automatically. Please click the link below in order to confirm your account.\n\n$USERS_BASE_URL/confirm_account.php?token=".base64_encode($token)."\n\nEmail: $email\nToken: ".base64_encode($token)."\n\nThanks,\n$WEB_MASTER","From: $WEB_MASTER <$WEB_MASTER_EMAIL>\n");
}
class User {
var $id;
var $email;
var $seclev;
var $status;
var $is_anonymous;
var $_PERMISSION_DATA;
# function isAdmin() {
# return ($this->utype == "admin");
# }
function load_from_db() {
global $USERS_DB;
$sql = "
SELECT email,status,seclev
FROM $USERS_DB.Users
WHERE userId=".$this->id;
$query = mysql_query($sql)
or die ("The query failed! (".mysql_error()."): $sql");
if ($query && (mysql_num_rows($query) > 0)) {
list($this->email,
$this->status,
$this->seclev) = mysql_fetch_row($query);
}
}
function init() {
global $USER_COOKIE,$_COOKIE,$COOKIE_KEY;
$this->is_anonymous = 0;
$cookie = $_COOKIE[$USER_COOKIE];
if (isset($COOKIE_KEY)) {
$iv = mcrypt_create_iv(mcrypt_get_iv_size (MCRYPT_BLOWFISH, MCRYPT_MODE_ECB), MCRYPT_RAND);
$cookie = mcrypt_decrypt(MCRYPT_BLOWFISH, $COOKIE_KEY, base64_decode($cookie), MCRYPT_MODE_ECB, $iv);
}
$cookie = rtrim($cookie);
$a = split('&', $cookie);
$i = 0;
while ($i < count($a)) {
$b = split ('=', $a[$i]);
$key = urldecode($b[0]);
$value = urldecode($b[1]);
$this->{$key} = $value;
$i++;
}
$this->id = $this->{'uid'};
}
function can_edit_users() {
return $this->get_permission('php_users','edit_users');
}
function can_list_users() {
return $this->get_permission('php_users','list_users');
}
function can_edit_self() {
return $this->get_permission('php_users','edit_self');
}
function can_set_perm() {
return $this->get_permission('php_users','set_perm');
}
function can_edit_perm() {
return $this->get_permission('php_users','edit_perm');
}
function set_user_cookie() {
global $USER_COOKIE,$COOKIE_PATH,$COOKIE_DOMAIN,$COOKIE_KEY;
$cookie = "email=".urlencode($this->email)."&uid=$this->id&seclev=$this->seclev";
if (isset($COOKIE_KEY)) {
$iv = mcrypt_create_iv(mcrypt_get_iv_size (MCRYPT_BLOWFISH, MCRYPT_MODE_ECB), MCRYPT_RAND);
$cookie = base64_encode(mcrypt_encrypt (MCRYPT_BLOWFISH, $COOKIE_KEY, $cookie, MCRYPT_MODE_ECB, $iv));
}
$expire = (time() + (3600 * 24 * 365 * 5));
setcookie($USER_COOKIE,$cookie,$expire,$COOKIE_PATH,$COOKIE_DOMAIN,0);
}
function unset_user_cookie() {
global $USER_COOKIE,$COOKIE_PATH,$COOKIE_DOMAIN;
setcookie($USER_COOKIE,"",(time() - 3600),$COOKIE_PATH,$COOKIE_DOMAIN);
}
function get_permission($domain,$label) {
global $__PERMISSIONS;
if ($this->is_anonymous) {
return $__PERMISSIONS[$domain][$label];
}
// fetch permissions in database if they have not already been fetched
if (!isset($this->_PERMISSION_DATA)) {
$this->_PERMISSION_DATA = get_permissions_for_user($this->id);
}
if (!isset($__PERMISSIONS[$domain][$label])) {
echo "Unknown permission $domain, $label";
exit;
} elseif (isset($this->_PERMISSION_DATA[$domain][$label])) {
return $this->_PERMISSION_DATA[$domain][$label];
} else {
return 0; // this should never happen
}
}
}
function get_permissions_for_user($user_id) {
global $USERS_DB;
connect_to_users_db();
$sql = "
SELECT domain,label,description,value
FROM $USERS_DB.permissions
WHERE user_id=".$user_id;
$query = mysql_query($sql) or die ("The query failed! (".mysql_error()."): <pre><tt>$sql</tt></pre>");
while ($query && (list($domain,$label,$description,$value) = mysql_fetch_row($query))) {
# $PERMS[<domain>][<permission lavel>] = <value>;
$PERMS[$domain][$label] = $value;
}
return $PERMS;
}
// This code is run every single time and initializes the
// $_CURRENT_USER object
$_CURRENT_USER = new User;
$_CURRENT_USER->is_anonymous = 1;
if (isset($_COOKIE[$USER_COOKIE])) {
$_CURRENT_USER->init();
}
?>