PageRenderTime 54ms CodeModel.GetById 23ms RepoModel.GetById 0ms app.codeStats 0ms

/concreteOLD/models/user.php

https://bitbucket.org/selfeky/xclusivescardwebsite
PHP | 514 lines | 401 code | 64 blank | 49 comment | 85 complexity | fb4d34fafb75cbcbf65d35996d6e8cb1 MD5 | raw file
  1. <?php defined('C5_EXECUTE') or die("Access Denied.");
  2. /**
  3. * @package Users
  4. * @author Andrew Embler <andrew@concrete5.org>
  5. * @copyright Copyright (c) 2003-2008 Concrete5. (http://www.concrete5.org)
  6. * @license http://www.concrete5.org/license/ MIT License
  7. *
  8. */
  9. /**
  10. * The user object deals primarily with logging users in and session-related activities.
  11. *
  12. * @package Users
  13. * @category Concrete
  14. * @copyright Copyright (c) 2003-2008 Concrete5. (http://www.concrete5.org)
  15. * @license http://www.concrete5.org/license/ MIT License
  16. *
  17. */
  18. class User extends Object {
  19. public $uID = '';
  20. public $uName = '';
  21. public $uGroups = array();
  22. public $superUser = false;
  23. public $uTimezone = NULL;
  24. protected $uDefaultLanguage = null;
  25. /**
  26. * @param int $uID
  27. * @param boolean $login
  28. * @return User
  29. */
  30. public static function getByUserID($uID, $login = false, $cacheItemsOnLogin = true) {
  31. $db = Loader::db();
  32. $v = array($uID);
  33. $q = "SELECT uID, uName, uIsActive, uLastOnline, uTimezone, uDefaultLanguage FROM Users WHERE uID = ?";
  34. $r = $db->query($q, $v);
  35. if ($r) {
  36. $row = $r->fetchRow();
  37. $nu = new User();
  38. $nu->uID = $row['uID'];
  39. $nu->uName = $row['uName'];
  40. $nu->uIsActive = $row['uIsActive'];
  41. $nu->uDefaultLanguage = $row['uDefaultLanguage'];
  42. $nu->uLastLogin = $row['uLastLogin'];
  43. $nu->uTimezone = $row['uTimezone'];
  44. $nu->uGroups = $nu->_getUserGroups(true);
  45. $nu->superUser = ($nu->getUserID() == USER_SUPER_ID);
  46. if ($login) {
  47. User::regenerateSession();
  48. $_SESSION['uID'] = $row['uID'];
  49. $_SESSION['uName'] = $row['uName'];
  50. $_SESSION['uBlockTypesSet'] = false;
  51. $_SESSION['uGroups'] = $nu->uGroups;
  52. $_SESSION['uLastOnline'] = $row['uLastOnline'];
  53. $_SESSION['uTimezone'] = $row['uTimezone'];
  54. $_SESSION['uDefaultLanguage'] = $row['uDefaultLanguage'];
  55. if ($cacheItemsOnLogin) {
  56. Loader::helper('concrete/interface')->cacheInterfaceItems();
  57. }
  58. $nu->recordLogin();
  59. }
  60. }
  61. return $nu;
  62. }
  63. protected static function regenerateSession() {
  64. unset($_SESSION['dashboardMenus']);
  65. session_regenerate_id(true);
  66. }
  67. /**
  68. * @param int $uID
  69. * @return User
  70. */
  71. public function loginByUserID($uID) {
  72. return User::getByUserID($uID, true);
  73. }
  74. public static function isLoggedIn() {
  75. return $_SESSION['uID'] > 0 && $_SESSION['uName'] != '';
  76. }
  77. public function checkLogin() {
  78. if ($_SESSION['uID'] > 0) {
  79. $db = Loader::db();
  80. $row = $db->GetRow("select uID, uIsActive from Users where uID = ? and uName = ?", array($_SESSION['uID'], $_SESSION['uName']));
  81. $checkUID = $row['uID'];
  82. if ($checkUID == $_SESSION['uID']) {
  83. if (!$row['uIsActive']) {
  84. return false;
  85. }
  86. $_SESSION['uOnlineCheck'] = time();
  87. if (($_SESSION['uOnlineCheck'] - $_SESSION['uLastOnline']) > (ONLINE_NOW_TIMEOUT / 2)) {
  88. $db = Loader::db();
  89. $db->query("update Users set uLastOnline = {$_SESSION['uOnlineCheck']} where uID = {$this->uID}");
  90. $_SESSION['uLastOnline'] = $_SESSION['uOnlineCheck'];
  91. }
  92. return true;
  93. } else {
  94. return false;
  95. }
  96. }
  97. }
  98. public function __construct() {
  99. $args = func_get_args();
  100. if (isset($args[1])) {
  101. // first, we check to see if the username and password match the admin username and password
  102. // $username = uName normally, but if not it's email address
  103. $username = $args[0];
  104. $password = $args[1];
  105. if (!$args[2]) {
  106. $_SESSION['uGroups'] = false;
  107. }
  108. $password = User::encryptPassword($password, PASSWORD_SALT);
  109. $v = array($username, $password);
  110. if (defined('USER_REGISTRATION_WITH_EMAIL_ADDRESS') && USER_REGISTRATION_WITH_EMAIL_ADDRESS == true) {
  111. $q = "select uID, uName, uIsActive, uIsValidated, uTimezone, uDefaultLanguage from Users where uEmail = ? and uPassword = ?";
  112. } else {
  113. $q = "select uID, uName, uIsActive, uIsValidated, uTimezone, uDefaultLanguage from Users where uName = ? and uPassword = ?";
  114. }
  115. $db = Loader::db();
  116. $r = $db->query($q, $v);
  117. if ($r) {
  118. $row = $r->fetchRow();
  119. if ($row['uID'] && $row['uIsValidated'] === '0' && defined('USER_VALIDATE_EMAIL_REQUIRED') && USER_VALIDATE_EMAIL_REQUIRED == TRUE) {
  120. $this->loadError(USER_NON_VALIDATED);
  121. } else if ($row['uID'] && $row['uIsActive']) {
  122. $this->uID = $row['uID'];
  123. $this->uName = $row['uName'];
  124. $this->uIsActive = $row['uIsActive'];
  125. $this->uTimezone = $row['uTimezone'];
  126. $this->uDefaultLanguage = $row['uDefaultLanguage'];
  127. $this->uGroups = $this->_getUserGroups($args[2]);
  128. if ($row['uID'] == USER_SUPER_ID) {
  129. $this->superUser = true;
  130. } else {
  131. $this->superUser = false;
  132. }
  133. $this->recordLogin();
  134. if (!$args[2]) {
  135. User::regenerateSession();
  136. $_SESSION['uID'] = $row['uID'];
  137. $_SESSION['uName'] = $row['uName'];
  138. $_SESSION['superUser'] = $this->superUser;
  139. $_SESSION['uBlockTypesSet'] = false;
  140. $_SESSION['uGroups'] = $this->uGroups;
  141. $_SESSION['uTimezone'] = $this->uTimezone;
  142. $_SESSION['uDefaultLanguage'] = $this->uDefaultLanguage;
  143. Loader::helper('concrete/interface')->cacheInterfaceItems();
  144. }
  145. } else if ($row['uID'] && !$row['uIsActive']) {
  146. $this->loadError(USER_INACTIVE);
  147. } else {
  148. $this->loadError(USER_INVALID);
  149. }
  150. $r->free();
  151. } else {
  152. $this->loadError(USER_INVALID);
  153. }
  154. } else {
  155. // then we just get session info
  156. if (isset($_SESSION['uID'])) {
  157. $this->uID = $_SESSION['uID'];
  158. $this->uName = $_SESSION['uName'];
  159. $this->uTimezone = $_SESSION['uTimezone'];
  160. if (isset($_SESSION['uDefaultLanguage'])) {
  161. $this->uDefaultLanguage = $_SESSION['uDefaultLanguage'];
  162. }
  163. $this->superUser = ($_SESSION['uID'] == USER_SUPER_ID) ? true : false;
  164. } else {
  165. $this->uID = null;
  166. $this->uName = null;
  167. $this->superUser = false;
  168. $this->uDefaultLanguage = null;
  169. $this->uTimezone = null;
  170. }
  171. $this->uGroups = $this->_getUserGroups();
  172. if (!isset($args[2])) {
  173. $_SESSION['uGroups'] = $this->uGroups;
  174. }
  175. }
  176. return $this;
  177. }
  178. function recordLogin() {
  179. $db = Loader::db();
  180. $uLastLogin = $db->getOne("select uLastLogin from Users where uID = ?", array($this->uID));
  181. $db->query("update Users set uLastLogin = ?, uPreviousLogin = ?, uNumLogins = uNumLogins + 1 where uID = ?", array(time(), $uLastLogin, $this->uID));
  182. }
  183. function recordView($c) {
  184. $db = Loader::db();
  185. $uID = ($this->uID > 0) ? $this->uID : 0;
  186. $cID = $c->getCollectionID();
  187. $v = array($cID, $uID);
  188. $db->query("insert into PageStatistics (cID, uID, date) values (?, ?, NOW())", $v);
  189. }
  190. public function encryptPassword($uPassword, $salt = PASSWORD_SALT) {
  191. return md5($uPassword . ':' . $salt);
  192. }
  193. function isActive() {
  194. return $this->uIsActive;
  195. }
  196. function isSuperUser() {
  197. return $this->superUser;
  198. }
  199. function getLastOnline() {
  200. return $this->uLastOnline;
  201. }
  202. function getUserName() {
  203. return $this->uName;
  204. }
  205. function isRegistered() {
  206. return $this->getUserID() > 0;
  207. }
  208. function getUserID() {
  209. return $this->uID;
  210. }
  211. function getUserTimezone() {
  212. return $this->uTimezone;
  213. }
  214. function logout() {
  215. // First, we check to see if we have any collection in edit mode
  216. $this->unloadCollectionEdit();
  217. @session_unset();
  218. @session_destroy();
  219. Events::fire('on_user_logout');
  220. if ($_COOKIE['ccmUserHash']) {
  221. setcookie("ccmUserHash", "", 315532800, DIR_REL . '/');
  222. }
  223. }
  224. function checkUserForeverCookie() {
  225. if ($_COOKIE['ccmUserHash']) {
  226. $hashVal = explode(':', $_COOKIE['ccmUserHash']);
  227. $_uID = $hashVal[0];
  228. $uHash = $hashVal[1];
  229. if ($uHash == md5(PASSWORD_SALT . $_uID)) {
  230. User::loginByUserID($_uID);
  231. }
  232. }
  233. }
  234. function setUserForeverCookie() {
  235. $hashVal = md5(PASSWORD_SALT . $this->getUserID());
  236. setcookie("ccmUserHash", $this->getUserID() . ':' . $hashVal, time() + 1209600, DIR_REL . '/');
  237. }
  238. function getUserGroups() {
  239. $ugtmp = array();
  240. // we have to do this because we don't have a localized version of the guest and registered group names
  241. // when we called _getUserGroups() below. So we have to push out the defining of the guest and registered
  242. // names til runtime
  243. foreach($this->uGroups as $key => $value) {
  244. $ugtmp[$key] = $value;
  245. if ($key == GUEST_GROUP_ID) {
  246. $ugtmp[$key] = GUEST_GROUP_NAME;
  247. }
  248. if ($key == REGISTERED_GROUP_ID) {
  249. $ugtmp[$key] = REGISTERED_GROUP_NAME;
  250. }
  251. }
  252. return $ugtmp;
  253. }
  254. /**
  255. * Sets a default language for a user record
  256. */
  257. public function setUserDefaultLanguage($lang) {
  258. $db = Loader::db();
  259. $this->uDefaultLanguage = $lang;
  260. $_SESSION['uDefaultLanguage'] = $lang;
  261. $db->Execute('update Users set uDefaultLanguage = ? where uID = ?', array($lang, $this->getUserID()));
  262. }
  263. /**
  264. * Gets the default language for the logged-in user
  265. */
  266. public function getUserDefaultLanguage() {
  267. return $this->uDefaultLanguage;
  268. }
  269. function refreshUserGroups() {
  270. unset($_SESSION['uGroups']);
  271. $ug = $this->_getUserGroups();
  272. $_SESSION['uGroups'] = $ug;
  273. $this->uGroups = $ug;
  274. }
  275. function _getUserGroups($disableLogin = false) {
  276. if ((!empty($_SESSION['uGroups'])) && (!$disableLogin)) {
  277. $ug = $_SESSION['uGroups'];
  278. } else {
  279. $db = Loader::db();
  280. if ($this->uID) {
  281. $ug[REGISTERED_GROUP_ID] = REGISTERED_GROUP_ID;
  282. //$_SESSION['uGroups'][REGISTERED_GROUP_ID] = REGISTERED_GROUP_NAME;
  283. $uID = $this->uID;
  284. $q = "select Groups.gID, Groups.gName, Groups.gUserExpirationIsEnabled, Groups.gUserExpirationSetDateTime, Groups.gUserExpirationInterval, Groups.gUserExpirationAction, Groups.gUserExpirationMethod, UserGroups.ugEntered from UserGroups inner join Groups on (UserGroups.gID = Groups.gID) where UserGroups.uID = '$uID'";
  285. $r = $db->query($q);
  286. if ($r) {
  287. while ($row = $r->fetchRow()) {
  288. $expire = false;
  289. if ($row['gUserExpirationIsEnabled']) {
  290. switch($row['gUserExpirationMethod']) {
  291. case 'SET_TIME':
  292. if (time() > strtotime($row['gUserExpirationSetDateTime'])) {
  293. $expire = true;
  294. }
  295. break;
  296. case 'INTERVAL':
  297. if (time() > strtotime($row['ugEntered']) + ($row['gUserExpirationInterval'] * 60)) {
  298. $expire = true;
  299. }
  300. break;
  301. }
  302. }
  303. if ($expire) {
  304. if ($row['gUserExpirationAction'] == 'REMOVE' || $row['gUserExpirationAction'] == 'REMOVE_DEACTIVATE') {
  305. $db->Execute('delete from UserGroups where uID = ? and gID = ?', array($uID, $row['gID']));
  306. }
  307. if ($row['gUserExpirationAction'] == 'DEACTIVATE' || $row['gUserExpirationAction'] == 'REMOVE_DEACTIVATE') {
  308. $db->Execute('update Users set uIsActive = 0 where uID = ?', array($uID));
  309. }
  310. } else {
  311. $ug[$row['gID']] = $row['gName'];
  312. }
  313. }
  314. $r->free();
  315. }
  316. }
  317. // now we populate also with guest information, since presumably logged-in users
  318. // see the same stuff as guest
  319. $ug[GUEST_GROUP_ID] = GUEST_GROUP_ID;
  320. }
  321. return $ug;
  322. }
  323. function enterGroup($g, $joinType = "") {
  324. // takes a group object, and, if the user is not already in the group, it puts them into it
  325. $dt = Loader::helper('date');
  326. if (is_object($g)) {
  327. $gID = $g->getGroupID();
  328. $db = Loader::db();
  329. $db->Replace('UserGroups', array(
  330. 'uID' => $this->getUserID(),
  331. 'gID' => $g->getGroupID(),
  332. 'type' => $joinType,
  333. 'ugEntered' => $dt->getSystemDateTime()
  334. ),
  335. array('uID', 'gID'), true);
  336. Events::fire('on_user_enter_group', $this, $g);
  337. }
  338. }
  339. public function updateGroupMemberType($g, $joinType) {
  340. if ($g instanceof Group) {
  341. $db = Loader::db();
  342. $dt = Loader::helper('date');
  343. $db->Execute('update UserGroups set type = ?, ugEntered = ? where uID = ? and gID = ?', array($joinType, $dt->getSystemDateTime(), $this->uID, $g->getGroupID()));
  344. }
  345. }
  346. function exitGroup($g) {
  347. // takes a group object, and, if the user is in the group, they exit the group
  348. if (is_object($g)) {
  349. $gID = $g->getGroupID();
  350. $db = Loader::db();
  351. $ret = Events::fire('on_user_exit_group', $this, $g);
  352. $q = "delete from UserGroups where uID = '{$this->uID}' and gID = '{$gID}'";
  353. $r = $db->query($q);
  354. }
  355. }
  356. function getGroupMemberType($g) {
  357. $db = Loader::db();
  358. $r = $db->GetOne("select type from UserGroups where uID = ? and gID = ?", array($this->getUserID(), $g->getGroupID()));
  359. return $r;
  360. }
  361. function inGroup($g, $joinType = null) {
  362. $db = Loader::db();
  363. if (isset($joinType) && is_object($g)) {
  364. $v = array($this->uID, $g->getGroupID(), $joinType);
  365. $cnt = $db->GetOne("select gID from UserGroups where uID = ? and gID = ? and type = ?", $v);
  366. } else if (is_object($g)) {
  367. $v = array($this->uID, $g->getGroupID());
  368. $cnt = $db->GetOne("select gID from UserGroups where uID = ? and gID = ?", $v);
  369. }
  370. return $cnt > 0;
  371. }
  372. function loadMasterCollectionEdit($mcID, $ocID) {
  373. // basically, this function loads the master collection ID you're working on into session
  374. // so you can work on it without the system failing because you're editing a template
  375. $_SESSION['mcEditID'] = $mcID;
  376. $_SESSION['ocID'] = $ocID;
  377. }
  378. function loadCollectionEdit(&$c) {
  379. $c->refreshCache();
  380. // can only load one page into edit mode at a time.
  381. if ($c->isCheckedOut()) {
  382. return false;
  383. }
  384. $db = Loader::db();
  385. $cID = $c->getCollectionID();
  386. // first, we check to see if we have a collection in edit mode. If we do, we relinquish it
  387. $this->unloadCollectionEdit(false);
  388. $q = "select cIsCheckedOut, cCheckedOutDatetime from Pages where cID = '{$cID}'";
  389. $r = $db->query($q);
  390. if ($r) {
  391. $row = $r->fetchRow();
  392. if (!$row['cIsCheckedOut']) {
  393. $_SESSION['editCID'] = $cID;
  394. $uID = $this->getUserID();
  395. $dh = Loader::helper('date');
  396. $datetime = $dh->getSystemDateTime();
  397. $q2 = "update Pages set cIsCheckedOut = 1, cCheckedOutUID = '{$uID}', cCheckedOutDatetime = '{$datetime}', cCheckedOutDatetimeLastEdit = '{$datetime}' where cID = '{$cID}'";
  398. $r2 = $db->query($q2);
  399. $c->cIsCheckedOut = 1;
  400. $c->cCheckedOutUID = $uID;
  401. $c->cCheckedOutDatetime = $datetime;
  402. $c->cCheckedOutDatetimeLastEdit = $datetime;
  403. }
  404. }
  405. }
  406. function unloadCollectionEdit($removeCache = true) {
  407. // first we remove the cached versions of all of these pages
  408. $db = Loader::db();
  409. if ($this->getUserID() > 0) {
  410. $col = $db->GetCol("select cID from Pages where cCheckedOutUID = " . $this->getUserID());
  411. foreach($col as $cID) {
  412. $p = Page::getByID($cID);
  413. if ($removeCache) {
  414. $p->refreshCache();
  415. }
  416. }
  417. $q = "update Pages set cIsCheckedOut = 0, cCheckedOutUID = null, cCheckedOutDatetime = null, cCheckedOutDatetimeLastEdit = null where cCheckedOutUID = " . $this->getUserID();
  418. $r = $db->query($q);
  419. }
  420. }
  421. public function config($cfKey) {
  422. if ($this->isRegistered()) {
  423. $db = Loader::db();
  424. $val = $db->GetOne("select cfValue from Config where uID = ? and cfKey = ?", array($this->getUserID(), $cfKey));
  425. return $val;
  426. }
  427. }
  428. public function saveConfig($cfKey, $cfValue) {
  429. $db = Loader::db();
  430. $db->Replace('Config', array('cfKey' => $cfKey, 'cfValue' => $cfValue, 'uID' => $this->getUserID()), array('cfKey', 'uID'), true);
  431. }
  432. function refreshCollectionEdit(&$c) {
  433. if ($this->isLoggedIn() && $c->getCollectionCheckedOutUserID() == $this->getUserID()) {
  434. $db = Loader::db();
  435. $cID = $c->getCollectionID();
  436. $dh = Loader::helper('date');
  437. $datetime = $dh->getSystemDateTime();
  438. $q = "update Pages set cCheckedOutDatetimeLastEdit = '{$datetime}' where cID = '{$cID}'";
  439. $r = $db->query($q);
  440. $c->cCheckedOutDatetimeLastEdit = $datetime;
  441. }
  442. }
  443. function forceCollectionCheckInAll() {
  444. // This function forces checkin to take place
  445. $db = Loader::db();
  446. $q = "update Pages set cIsCheckedOut = 0, cCheckedOutUID = null, cCheckedOutDatetime = null, cCheckedOutDatetimeLastEdit = null";
  447. $r = $db->query($q);
  448. return $r;
  449. }
  450. }