2007-12-12 16:29:16 +00:00
< ? php
class UserService {
2008-11-14 10:53:10 +00:00
var $db ;
2007-12-12 16:29:16 +00:00
2008-11-14 10:53:10 +00:00
function & getInstance ( & $db ) {
static $instance ;
if ( ! isset ( $instance ))
$instance =& new UserService ( $db );
return $instance ;
}
2007-12-12 16:29:16 +00:00
2008-11-14 10:53:10 +00:00
var $fields = array (
2007-12-12 16:29:16 +00:00
'primary' => 'uId' ,
'username' => 'username' ,
'password' => 'password'
2008-11-14 10:53:10 +00:00
);
var $profileurl ;
var $tablename ;
var $sessionkey ;
var $cookiekey ;
var $cookietime = 1209600 ; // 2 weeks
function UserService ( & $db ) {
$this -> db =& $db ;
$this -> tablename = $GLOBALS [ 'tableprefix' ] . 'users' ;
$this -> sessionkey = $GLOBALS [ 'cookieprefix' ] . INSTALLATION_ID . '-currentuserid' ;
$this -> cookiekey = $GLOBALS [ 'cookieprefix' ] . INSTALLATION_ID . '-login' ;
$this -> profileurl = createURL ( 'profile' , '%2$s' );
}
function _checkdns ( $host ) {
if ( function_exists ( 'checkdnsrr' )) {
return checkdnsrr ( $host );
} else {
return $this -> _checkdnsrr ( $host );
}
2007-12-12 16:29:16 +00:00
}
2008-11-14 10:53:10 +00:00
function _checkdnsrr ( $host , $type = " MX " ) {
if ( ! empty ( $host )) {
@ exec ( " nslookup -type= $type $host " , $output );
while ( list ( $k , $line ) = each ( $output )) {
if ( eregi ( " ^ $host " , $line )) {
return true ;
}
}
return false ;
}
2007-12-12 16:29:16 +00:00
}
2008-11-14 10:53:10 +00:00
function _getuser ( $fieldname , $value ) {
$query = 'SELECT * FROM ' . $this -> getTableName () . ' WHERE ' . $fieldname . ' = "' . $this -> db -> sql_escape ( $value ) . '"' ;
2007-12-12 16:29:16 +00:00
2008-11-14 10:53:10 +00:00
if ( ! ( $dbresult =& $this -> db -> sql_query ( $query )) ) {
message_die ( GENERAL_ERROR , 'Could not get user' , '' , __LINE__ , __FILE__ , $query , $this -> db );
return false ;
}
if ( $row =& $this -> db -> sql_fetchrow ( $dbresult ))
return $row ;
else
return false ;
2007-12-12 16:29:16 +00:00
}
2008-11-14 10:53:10 +00:00
function & getUsers ( $nb = 0 ) {
$query = 'SELECT * FROM ' . $this -> getTableName () . ' ORDER BY `uId` DESC' ;
if ( $nb > 0 ) {
$query .= ' LIMIT 0, ' . $nb ;
}
if ( ! ( $dbresult =& $this -> db -> sql_query ( $query )) ) {
message_die ( GENERAL_ERROR , 'Could not get user' , '' , __LINE__ , __FILE__ , $query , $this -> db );
return false ;
}
while ( $row = & $this -> db -> sql_fetchrow ( $dbresult )) {
$users [] = $row ;
}
return $users ;
}
2007-12-12 16:29:16 +00:00
2008-11-14 10:53:10 +00:00
function _randompassword () {
$seed = ( integer ) md5 ( microtime ());
mt_srand ( $seed );
$password = mt_rand ( 1 , 99999999 );
$password = substr ( md5 ( $password ), mt_rand ( 0 , 19 ), mt_rand ( 6 , 12 ));
return $password ;
2008-01-11 12:55:10 +00:00
}
2008-11-14 10:53:10 +00:00
function _updateuser ( $uId , $fieldname , $value ) {
$updates = array ( $fieldname => $value );
$sql = 'UPDATE ' . $this -> getTableName () . ' SET ' . $this -> db -> sql_build_array ( 'UPDATE' , $updates ) . ' WHERE ' . $this -> getFieldName ( 'primary' ) . '=' . intval ( $uId );
// Execute the statement.
$this -> db -> sql_transaction ( 'begin' );
if ( ! ( $dbresult = & $this -> db -> sql_query ( $sql ))) {
$this -> db -> sql_transaction ( 'rollback' );
message_die ( GENERAL_ERROR , 'Could not update user' , '' , __LINE__ , __FILE__ , $sql , $this -> db );
return false ;
}
$this -> db -> sql_transaction ( 'commit' );
// Everything worked out, so return true.
return true ;
2007-12-12 16:29:16 +00:00
}
2008-11-14 10:53:10 +00:00
function getProfileUrl ( $id , $username ) {
return sprintf ( $this -> profileurl , urlencode ( $id ), urlencode ( $username ));
2007-12-12 16:29:16 +00:00
}
2008-11-14 10:53:10 +00:00
function getUserByUsername ( $username ) {
return $this -> _getuser ( $this -> getFieldName ( 'username' ), $username );
}
2007-12-12 16:29:16 +00:00
2008-11-14 10:53:10 +00:00
function getUser ( $id ) {
return $this -> _getuser ( $this -> getFieldName ( 'primary' ), $id );
2007-12-12 16:29:16 +00:00
}
2008-11-14 10:53:10 +00:00
function isLoggedOn () {
return ( $this -> getCurrentUserId () !== false );
}
2007-12-12 16:29:16 +00:00
2008-11-14 10:53:10 +00:00
function & getCurrentUser ( $refresh = FALSE , $newval = NULL ) {
static $currentuser ;
if ( ! is_null ( $newval )) //internal use only: reset currentuser
$currentuser = $newval ;
else if ( $refresh || ! isset ( $currentuser )) {
if ( $id = $this -> getCurrentUserId ())
$currentuser = $this -> getUser ( $id );
else
return null ;
}
return $currentuser ;
2007-12-12 16:29:16 +00:00
}
2008-11-14 10:53:10 +00:00
function isAdmin ( $userid ) {
$user = $this -> getUser ( $userid );
if ( isset ( $GLOBALS [ 'admin_users' ])
&& in_array ( $user [ 'username' ], $GLOBALS [ 'admin_users' ])) {
return true ;
} else {
return false ;
}
2007-12-12 16:29:16 +00:00
}
2008-11-14 10:53:10 +00:00
function getCurrentUserId () {
if ( isset ( $_SESSION [ $this -> getSessionKey ()])) {
//echo "session";die($_SESSION[$this->getSessionKey()]);
return $_SESSION [ $this -> getSessionKey ()];
} else if ( isset ( $_COOKIE [ $this -> getCookieKey ()])) {
//echo "cookie";die();
$cook = split ( ':' , $_COOKIE [ $this -> getCookieKey ()]);
//cookie looks like this: 'id:md5(username+password)'
$query = 'SELECT * FROM ' . $this -> getTableName () .
' WHERE MD5(CONCAT(' . $this -> getFieldName ( 'username' ) .
', ' . $this -> getFieldName ( 'password' ) .
')) = \'' . $this -> db -> sql_escape ( $cook [ 1 ]) . '\' AND ' .
$this -> getFieldName ( 'primary' ) . ' = ' . $this -> db -> sql_escape ( $cook [ 0 ]);
if ( ! ( $dbresult =& $this -> db -> sql_query ( $query )) ) {
message_die ( GENERAL_ERROR , 'Could not get user' , '' , __LINE__ , __FILE__ , $query , $this -> db );
return false ;
}
if ( $row = $this -> db -> sql_fetchrow ( $dbresult )) {
$_SESSION [ $this -> getSessionKey ()] = $row [ $this -> getFieldName ( 'primary' )];
return $_SESSION [ $this -> getSessionKey ()];
}
}
return false ;
2007-12-12 16:29:16 +00:00
}
2008-11-14 10:53:10 +00:00
function login ( $username , $password , $remember = FALSE ) {
$password = $this -> sanitisePassword ( $password );
$query = 'SELECT ' . $this -> getFieldName ( 'primary' ) . ' FROM ' . $this -> getTableName () . ' WHERE ' . $this -> getFieldName ( 'username' ) . ' = "' . $this -> db -> sql_escape ( $username ) . '" AND ' . $this -> getFieldName ( 'password' ) . ' = "' . $this -> db -> sql_escape ( $password ) . '"' ;
if ( ! ( $dbresult =& $this -> db -> sql_query ( $query )) ) {
message_die ( GENERAL_ERROR , 'Could not get user' , '' , __LINE__ , __FILE__ , $query , $this -> db );
return false ;
}
if ( $row =& $this -> db -> sql_fetchrow ( $dbresult )) {
$id = $_SESSION [ $this -> getSessionKey ()] = $row [ $this -> getFieldName ( 'primary' )];
if ( $remember ) {
$cookie = $id . ':' . md5 ( $username . $password );
setcookie ( $this -> cookiekey , $cookie , time () + $this -> cookietime , '/' );
}
return true ;
} else {
return false ;
}
2007-12-12 16:29:16 +00:00
}
2008-11-14 10:53:10 +00:00
function logout () {
@ setcookie ( $this -> getCookiekey (), '' , time () - 1 , '/' );
unset ( $_COOKIE [ $this -> getCookiekey ()]);
session_unset ();
$this -> getCurrentUser ( TRUE , false );
2007-12-12 16:29:16 +00:00
}
2008-11-14 10:53:10 +00:00
function getWatchlist ( $uId ) {
// Gets the list of user IDs being watched by the given user.
$query = 'SELECT watched FROM ' . $GLOBALS [ 'tableprefix' ] . 'watched WHERE uId = ' . intval ( $uId );
if ( ! ( $dbresult =& $this -> db -> sql_query ( $query )) ) {
message_die ( GENERAL_ERROR , 'Could not get watchlist' , '' , __LINE__ , __FILE__ , $query , $this -> db );
return false ;
}
$arrWatch = array ();
if ( $this -> db -> sql_numrows ( $dbresult ) == 0 )
return $arrWatch ;
while ( $row =& $this -> db -> sql_fetchrow ( $dbresult ))
$arrWatch [] = $row [ 'watched' ];
return $arrWatch ;
2007-12-12 16:29:16 +00:00
}
2008-11-14 10:53:10 +00:00
function getWatchNames ( $uId , $watchedby = false ) {
// Gets the list of user names being watched by the given user.
// - If $watchedby is false get the list of users that $uId watches
// - If $watchedby is true get the list of users that watch $uId
if ( $watchedby ) {
$table1 = 'b' ;
$table2 = 'a' ;
} else {
$table1 = 'a' ;
$table2 = 'b' ;
}
$query = 'SELECT ' . $table1 . '.' . $this -> getFieldName ( 'username' ) . ' FROM ' . $GLOBALS [ 'tableprefix' ] . 'watched AS W, ' . $this -> getTableName () . ' AS a, ' . $this -> getTableName () . ' AS b WHERE W.watched = a.' . $this -> getFieldName ( 'primary' ) . ' AND W.uId = b.' . $this -> getFieldName ( 'primary' ) . ' AND ' . $table2 . '.' . $this -> getFieldName ( 'primary' ) . ' = ' . intval ( $uId ) . ' ORDER BY ' . $table1 . '.' . $this -> getFieldName ( 'username' );
if ( ! ( $dbresult =& $this -> db -> sql_query ( $query ))) {
message_die ( GENERAL_ERROR , 'Could not get watchlist' , '' , __LINE__ , __FILE__ , $query , $this -> db );
return false ;
}
$arrWatch = array ();
if ( $this -> db -> sql_numrows ( $dbresult ) == 0 ) {
return $arrWatch ;
}
while ( $row =& $this -> db -> sql_fetchrow ( $dbresult )) {
$arrWatch [] = $row [ $this -> getFieldName ( 'username' )];
}
return $arrWatch ;
2007-12-12 16:29:16 +00:00
}
2008-11-14 10:53:10 +00:00
function getWatchStatus ( $watcheduser , $currentuser ) {
// Returns true if the current user is watching the given user, and false otherwise.
$query = 'SELECT watched FROM ' . $GLOBALS [ 'tableprefix' ] . 'watched AS W INNER JOIN ' . $this -> getTableName () . ' AS U ON U.' . $this -> getFieldName ( 'primary' ) . ' = W.watched WHERE U.' . $this -> getFieldName ( 'primary' ) . ' = ' . intval ( $watcheduser ) . ' AND W.uId = ' . intval ( $currentuser );
if ( ! ( $dbresult =& $this -> db -> sql_query ( $query )) ) {
message_die ( GENERAL_ERROR , 'Could not get watchstatus' , '' , __LINE__ , __FILE__ , $query , $this -> db );
return false ;
}
$arrWatch = array ();
if ( $this -> db -> sql_numrows ( $dbresult ) == 0 )
return false ;
else
return true ;
2007-12-12 16:29:16 +00:00
}
2008-11-14 10:53:10 +00:00
function setWatchStatus ( $subjectUserID ) {
if ( ! is_numeric ( $subjectUserID ))
return false ;
$currentUserID = $this -> getCurrentUserId ();
$watched = $this -> getWatchStatus ( $subjectUserID , $currentUserID );
if ( $watched ) {
$sql = 'DELETE FROM ' . $GLOBALS [ 'tableprefix' ] . 'watched WHERE uId = ' . intval ( $currentUserID ) . ' AND watched = ' . intval ( $subjectUserID );
if ( ! ( $dbresult =& $this -> db -> sql_query ( $sql ))) {
$this -> db -> sql_transaction ( 'rollback' );
message_die ( GENERAL_ERROR , 'Could not add user to watch list' , '' , __LINE__ , __FILE__ , $sql , $this -> db );
return false ;
}
} else {
$values = array (
2007-12-12 16:29:16 +00:00
'uId' => intval ( $currentUserID ),
'watched' => intval ( $subjectUserID )
2008-11-14 10:53:10 +00:00
);
$sql = 'INSERT INTO ' . $GLOBALS [ 'tableprefix' ] . 'watched ' . $this -> db -> sql_build_array ( 'INSERT' , $values );
if ( ! ( $dbresult =& $this -> db -> sql_query ( $sql ))) {
$this -> db -> sql_transaction ( 'rollback' );
message_die ( GENERAL_ERROR , 'Could not add user to watch list' , '' , __LINE__ , __FILE__ , $sql , $this -> db );
return false ;
}
}
$this -> db -> sql_transaction ( 'commit' );
return true ;
2007-12-12 16:29:16 +00:00
}
2008-11-14 10:53:10 +00:00
function addUser ( $username , $password , $email ) {
// Set up the SQL UPDATE statement.
$datetime = gmdate ( 'Y-m-d H:i:s' , time ());
$password = $this -> sanitisePassword ( $password );
$values = array ( 'username' => $username , 'password' => $password , 'email' => $email , 'uDatetime' => $datetime , 'uModified' => $datetime );
$sql = 'INSERT INTO ' . $this -> getTableName () . ' ' . $this -> db -> sql_build_array ( 'INSERT' , $values );
// Execute the statement.
$this -> db -> sql_transaction ( 'begin' );
if ( ! ( $dbresult = & $this -> db -> sql_query ( $sql ))) {
$this -> db -> sql_transaction ( 'rollback' );
message_die ( GENERAL_ERROR , 'Could not insert user' , '' , __LINE__ , __FILE__ , $sql , $this -> db );
return false ;
}
$this -> db -> sql_transaction ( 'commit' );
// Everything worked out, so return true.
return true ;
2007-12-12 16:29:16 +00:00
}
2008-11-14 10:53:10 +00:00
function updateUser ( $uId , $password , $name , $email , $homepage , $uContent ) {
if ( ! is_numeric ( $uId ))
return false ;
// Set up the SQL UPDATE statement.
$moddatetime = gmdate ( 'Y-m-d H:i:s' , time ());
if ( $password == '' )
$updates = array ( 'uModified' => $moddatetime , 'name' => $name , 'email' => $email , 'homepage' => $homepage , 'uContent' => $uContent );
else
$updates = array ( 'uModified' => $moddatetime , 'password' => $this -> sanitisePassword ( $password ), 'name' => $name , 'email' => $email , 'homepage' => $homepage , 'uContent' => $uContent );
$sql = 'UPDATE ' . $this -> getTableName () . ' SET ' . $this -> db -> sql_build_array ( 'UPDATE' , $updates ) . ' WHERE ' . $this -> getFieldName ( 'primary' ) . '=' . intval ( $uId );
// Execute the statement.
$this -> db -> sql_transaction ( 'begin' );
if ( ! ( $dbresult = & $this -> db -> sql_query ( $sql ))) {
$this -> db -> sql_transaction ( 'rollback' );
message_die ( GENERAL_ERROR , 'Could not update user' , '' , __LINE__ , __FILE__ , $sql , $this -> db );
return false ;
}
$this -> db -> sql_transaction ( 'commit' );
// Everything worked out, so return true.
return true ;
}
2007-12-12 16:29:16 +00:00
2008-11-14 10:53:10 +00:00
function getAllUsers ( ) {
$query = 'SELECT * FROM ' . $this -> getTableName ();
2008-09-11 16:51:00 +00:00
2008-11-14 10:53:10 +00:00
if ( ! ( $dbresult =& $this -> db -> sql_query ( $query )) ) {
message_die ( GENERAL_ERROR , 'Could not get users' , '' , __LINE__ , __FILE__ , $query , $this -> db );
return false ;
}
2008-09-11 16:51:00 +00:00
2008-11-14 10:53:10 +00:00
$rows = array ();
2008-09-11 16:51:00 +00:00
2008-11-14 10:53:10 +00:00
while ( $row = $this -> db -> sql_fetchrow ( $dbresult ) ) {
$rows [] = $row ;
}
2008-09-11 16:51:00 +00:00
2008-11-14 10:53:10 +00:00
return $rows ;
}
2008-09-11 16:51:00 +00:00
2008-11-14 10:53:10 +00:00
function deleteUser ( $uId ) {
$query = 'DELETE FROM ' . $this -> getTableName () . ' WHERE uId = ' . intval ( $uId );
2008-09-11 16:51:00 +00:00
2008-11-14 10:53:10 +00:00
if ( ! ( $dbresult = & $this -> db -> sql_query ( $query ))) {
message_die ( GENERAL_ERROR , 'Could not delete user' , '' , __LINE__ , __FILE__ , $query , $this -> db );
return false ;
}
2008-09-11 16:51:00 +00:00
2008-11-14 10:53:10 +00:00
return true ;
}
2008-09-11 16:51:00 +00:00
2008-11-14 10:53:10 +00:00
function sanitisePassword ( $password ) {
return sha1 ( trim ( $password ));
}
2007-12-12 16:29:16 +00:00
2008-11-14 10:53:10 +00:00
function generatePassword ( $uId ) {
if ( ! is_numeric ( $uId ))
return false ;
2007-12-12 16:29:16 +00:00
2008-11-14 10:53:10 +00:00
$password = $this -> _randompassword ();
2007-12-12 16:29:16 +00:00
2008-11-14 10:53:10 +00:00
if ( $this -> _updateuser ( $uId , $this -> getFieldName ( 'password' ), $this -> sanitisePassword ( $password )))
return $password ;
else
return false ;
}
2007-12-12 16:29:16 +00:00
2008-11-14 10:53:10 +00:00
function isReserved ( $username ) {
if ( in_array ( $username , $GLOBALS [ 'reservedusers' ])) {
return true ;
} else {
return false ;
}
2007-12-12 16:29:16 +00:00
}
2008-11-14 11:36:23 +00:00
function isValidUsername ( $username ) {
if ( strlen ( $username ) > 24 ) {
// too long usernames are cut by database and may cause bugs when compared
return false ;
} else {
return true ;
}
return true ;
}
2007-12-12 16:29:16 +00:00
2008-11-14 10:53:10 +00:00
function isValidEmail ( $email ) {
if ( eregi ( " ^[_a-z0-9-]+( \ .[_a-z0-9-]+)*@[a-z0-9-]+( \ .[a-z0-9-]+)*( \ .[a-z] { 2,6}) $ " , $email )) {
list ( $emailUser , $emailDomain ) = split ( " @ " , $email );
2007-12-12 16:29:16 +00:00
2008-11-14 10:53:10 +00:00
// Check if the email domain has a DNS record
if ( $this -> _checkdns ( $emailDomain )) {
return true ;
}
}
return false ;
2007-12-12 16:29:16 +00:00
}
2008-11-14 10:53:10 +00:00
// Properties
function getTableName () { return $this -> tablename ; }
function setTableName ( $value ) { $this -> tablename = $value ; }
2007-12-12 16:29:16 +00:00
2008-11-14 10:53:10 +00:00
function getFieldName ( $field ) { return $this -> fields [ $field ]; }
function setFieldName ( $field , $value ) { $this -> fields [ $field ] = $value ; }
2007-12-12 16:29:16 +00:00
2008-11-14 10:53:10 +00:00
function getSessionKey () { return $this -> sessionkey ; }
function setSessionKey ( $value ) { $this -> sessionkey = $value ; }
2007-12-12 16:29:16 +00:00
2008-11-14 10:53:10 +00:00
function getCookieKey () { return $this -> cookiekey ; }
function setCookieKey ( $value ) { $this -> cookiekey = $value ; }
2007-12-12 16:29:16 +00:00
}
?>