PageRenderTime 27ms CodeModel.GetById 22ms RepoModel.GetById 0ms app.codeStats 0ms

/core/members.class.php

http://snowcms.googlecode.com/
PHP | 1195 lines | 682 code | 131 blank | 382 comment | 128 complexity | c66a9356dfb9d1640cca98a8b43f4da2 MD5 | raw file
Possible License(s): CC-BY-SA-3.0 
    

  1. <?php

    2. 

  2. ////////////////////////////////////////////////////////////////////////////

    3. 

  3. //                              SnowCMS v2.0                              //

    4. 

  4. //                           By the SnowCMS Team                          //

    5. 

  5. //                             www.snowcms.com                            //

    6. 

  6. //            Released under the Microsoft Reciprocal License             //

    7. 

  7. //                 www.opensource.org/licenses/ms-rl.html                 //

    8. 

  8. ////////////////////////////////////////////////////////////////////////////

    9. 

  9. //                                                                        //

    10. 

  10. //       SnowCMS originally pawned by soren121 started in early 2008      //

    11. 

  11. //                                                                        //

    12. 

  12. ////////////////////////////////////////////////////////////////////////////

    13. 

  13. //                                                                        //

    14. 

  14. //                  SnowCMS v2.0 began in November 2009                   //

    15. 

  15. //                                                                        //

    16. 

  16. ////////////////////////////////////////////////////////////////////////////

    17. 

  17. //                       File version: SnowCMS 2.0                        //

    18. 

  18. ////////////////////////////////////////////////////////////////////////////

    19. 

  19. 

    20. 

  20. if(!defined('INSNOW'))

    21. 

  21. {

    22. 

  22. 	die('Nice try...');

    23. 

  23. }

    24. 

  24. 

    25. 

  25. /*

    26. 

  26. 	Class: Members

    27. 

  27. 

    28. 

  28. 	This is a class which allows the system and plugins to load various

    29. 

  29. 	information about either an individual or multiple accounts. Anything

    30. 

  30. 	relating to the obtaining or modification of member information should be

    31. 

  31. 	done via the Members class as the current site may not be using SnowCMS's

    32. 

  32. 	built in member database (You know, like someone is using a bridge ;))

    33. 

  33. */

    34. 

  34. class Members

    35. 

  35. {

    36. 

  36. 	// Variable: loaded

    37. 

  37. 	// An array containing members which have already been loaded once (they

    38. 

  38. 	// don't need to be twice ;))

    39. 

  39. 	private $loaded;

    40. 

  40. 

    41. 

  41. 	/*

    42. 

  42. 		Constructor: __construct

    43. 

  43. 

    44. 

  44. 		Parameters:

    45. 

  45. 			none

    46. 

  46. 	*/

    47. 

  47. 	public function __construct()

    48. 

  48. 	{

    49. 

  49. 		$this->loaded = array();

    50. 

  50. 	}

    51. 

  51. 

    52. 

  52. 	/*

    53. 

  53. 		Method: load

    54. 

  54. 

    55. 

  55. 		This method loads the specified members into an array, which can be

    56. 

  56. 		retrieved via <Members::get>

    57. 

  57. 

    58. 

  58. 		Parameters:

    59. 

  59. 			mixed $members - Either an array or single interger containing the

    60. 

  60. 											 member ID(s) of which members you want to load the

    61. 

  61. 											 information of.

    62. 

  62. 

    63. 

  63. 		Returns:

    64. 

  64. 			bool - Returns true if the information was successfully loaded, false

    65. 

  65. 						 on failure.

    66. 

  66. 	*/

    67. 

  67. 	public function load($members)

    68. 

  68. 	{

    69. 

  69. 		// Not an array? Easy fix!

    70. 

  70. 		if(!is_array($members))

    71. 

  71. 		{

    72. 

  72. 			$members = array((int)$members);

    73. 

  73. 		}

    74. 

  74. 		else

    75. 

  75. 		{

    76. 

  76. 			if(count($members) > 0)

    77. 

  77. 			{

    78. 

  78. 				foreach($members as $key => $member_id)

    79. 

  79. 				{

    80. 

  80. 					if((int)$member_id > 0)

    81. 

  81. 					{

    82. 

  82. 						$members[$key] = (int)$member_id;

    83. 

  83. 					}

    84. 

  84. 					else

    85. 

  85. 					{

    86. 

  86. 						unset($members[$key]);

    87. 

  87. 					}

    88. 

  88. 				}

    89. 

  89. 

    90. 

  90. 				$members = array_unique($members);

    91. 

  91. 			}

    92. 

  92. 		}

    93. 

  93. 

    94. 

  94. 		// Alright, so do you want to do this yourself? ;) If you do do this

    95. 

  95. 		// yourself, set the handled parameter to a bool, otherwise, if it is

    96. 

  96. 		// null, this method will just do it itself!!! :P

    97. 

  97. 		$handled = null;

    98. 

  98. 		api()->run_hooks('load_members', array(&$handled, &$members));

    99. 

  99. 

    100. 

  100. 		if($handled === null && count($members) > 0)

    101. 

  101. 		{

    102. 

  102. 			// Make sure this member isn't already loaded, otherwise it is a waste

    103. 

  103. 			// of resources.

    104. 

  104. 			foreach($members as $member_id)

    105. 

  105. 			{

    106. 

  106. 				if(isset($this->loaded[$member_id]))

    107. 

  107. 				{

    108. 

  108. 					unset($members[$member_id]);

    109. 

  109. 				}

    110. 

  110. 			}

    111. 

  111. 

    112. 

  112. 			if(count($members) > 0)

    113. 

  113. 			{

    114. 

  114. 				$result = db()->query('

    115. 

  115. 					SELECT

    116. 

  116. 						*

    117. 

  117. 					FROM {db->prefix}members

    118. 

  118. 					WHERE member_id IN({int_array:members})

    119. 

  119. 					LIMIT {int:member_count}',

    120. 

  120. 					array(

    121. 

  121. 						'members' => $members,

    122. 

  122. 						'member_count' => count($members),

    123. 

  123. 					), 'load_members_query');

    124. 

  124. 

    125. 

  125. 				if($result->num_rows() > 0)

    126. 

  126. 				{

    127. 

  127. 					while($row = $result->fetch_assoc())

    128. 

  128. 					{

    129. 

  129. 						$member = array(

    130. 

  130. 												'id' => $row['member_id'],

    131. 

  131. 												'name' => $row['display_name'],

    132. 

  132. 												'username' => $row['member_name'],

    133. 

  133. 												'password' => $row['member_pass'],

    134. 

  134. 												'email' => $row['member_email'],

    135. 

  135. 												'groups' => explode(',', $row['member_groups']),

    136. 

  136. 												'member_groups' => explode(',', $row['member_groups']),

    137. 

  137. 												'last_active' => $row['member_last_active'],

    138. 

  138. 												'registered' => $row['member_registered'],

    139. 

  139. 												'ip' => $row['member_ip'],

    140. 

  140. 												'is_activated' => !empty($row['member_activated']),

    141. 

  141. 												'acode' => $row['member_acode'],

    142. 

  142. 												'data' => array(),

    143. 

  143. 											);

    144. 

  144. 

    145. 

  145. 						// Got something to add?

    146. 

  146. 						api()->run_hooks('members_load_array', array(&$member, $row));

    147. 

  147. 

    148. 

  148. 						$this->loaded[$row['member_id']] = $member;

    149. 

  149. 					}

    150. 

  150. 

    151. 

  151. 					$result = db()->query('

    152. 

  152. 						SELECT

    153. 

  153. 							member_id, variable, value

    154. 

  154. 						FROM {db->prefix}member_data

    155. 

  155. 						WHERE member_id IN({int_array:members})',

    156. 

  156. 						array(

    157. 

  157. 							'members' => $members,

    158. 

  158. 						), 'load_members_data_query');

    159. 

  159. 

    160. 

  160. 					if($result->num_rows() > 0)

    161. 

  161. 					{

    162. 

  162. 						while($row = $result->fetch_assoc())

    163. 

  163. 						{

    164. 

  164. 							$this->loaded[$row['member_id']]['data'][$row['variable']] = $row['value'];

    165. 

  165. 						}

    166. 

  166. 					}

    167. 

  167. 				}

    168. 

  168. 			}

    169. 

  169. 

    170. 

  170. 			$handled = true;

    171. 

  171. 		}

    172. 

  172. 		elseif($handled === null)

    173. 

  173. 		{

    174. 

  174. 			$handled = false;

    175. 

  175. 		}

    176. 

  176. 

    177. 

  177. 		return !empty($handled);

    178. 

  178. 	}

    179. 

  179. 

    180. 

  180. 	/*

    181. 

  181. 		Method: get

    182. 

  182. 

    183. 

  183. 		After the member(s) information has been loaded via <Members::get> the

    184. 

  184. 		data can be retrieved through this method.

    185. 

  185. 

    186. 

  186. 		Parameters:

    187. 

  187. 			mixed $members - Either an array of integers or an integer containing

    188. 

  188. 											 the member you want to get the loaded information of.

    189. 

  189. 

    190. 

  190. 		Returns:

    191. 

  191. 			array - If you set the members parameter as an array, you will

    192. 

  192. 							retrieve an array containing nested arrays, the index of the

    193. 

  193. 							subarrays being the members id. If a single integer is

    194. 

  194. 							supplied, then a single array will be returned. However, if

    195. 

  195. 							the member id supplied has not yet been loaded, the value will

    196. 

  196. 							be false.

    197. 

  197. 	*/

    198. 

  198. 	public function get($members)

    199. 

  199. 	{

    200. 

  200. 		// If they aren't requesting multiple members we will handle the return

    201. 

  201. 		// differently -- after all, we will simply do a foreach and call on

    202. 

  202. 		// this method with a single ID to load up multiple members information.

    203. 

  203. 		if(!is_array($members))

    204. 

  204. 		{

    205. 

  205. 			$members = (int)$members;

    206. 

  206. 			$member_data = -1;

    207. 

  207. 

    208. 

  208. 			// You want to do the loading? Set the member_data variable to something other

    209. 

  209. 			// than -1, otherwise, this method will get the data itself. Set member_data to

    210. 

  210. 			// null if that member has not been loaded.

    211. 

  211. 			api()->run_hooks('members_get', array(&$member_data, &$members));

    212. 

  212. 

    213. 

  213. 			if($member_data == -1 && isset($this->loaded[$members]))

    214. 

  214. 			{

    215. 

  215. 				$member_data = $this->loaded[$members];

    216. 

  216. 			}

    217. 

  217. 			elseif($member_data == -1)

    218. 

  218. 			{

    219. 

  219. 				$member_data = null;

    220. 

  220. 			}

    221. 

  221. 

    222. 

  222. 			// Wanna touch it?

    223. 

  223. 			api()->run_hooks('post_members_get', array(&$member_data, &$members));

    224. 

  224. 

    225. 

  225. 			return $member_data === null ? false : $member_data;

    226. 

  226. 		}

    227. 

  227. 		else

    228. 

  228. 		{

    229. 

  229. 			// Load all those members ;)

    230. 

  230. 			$member_data = array();

    231. 

  231. 			foreach($members as $member_id)

    232. 

  232. 			{

    233. 

  233. 				$member_data[$member_id] = $this->get($member_id);

    234. 

  234. 			}

    235. 

  235. 

    236. 

  236. 			// Simple, no?

    237. 

  237. 			return $member_data;

    238. 

  238. 		}

    239. 

  239. 	}

    240. 

  240. 

    241. 

  241. 	/*

    242. 

  242. 		Method: add

    243. 

  243. 

    244. 

  244. 		Creates a member with the supplied information.

    245. 

  245. 

    246. 

  246. 		Parameters:

    247. 

  247. 			string $member_name - The login name of the member you want to create.

    248. 

  248. 			string $member_pass - The unhashed password the member uses to login

    249. 

  249. 														with.

    250. 

  250. 			string $member_email - The email of the member.

    251. 

  251. 			array $options - An optional array containing extra information (such

    252. 

  252. 											 as their hash, display name, ip, data (member_data

    253. 

  253. 											 table), if none of these are supplied, the system

    254. 

  254. 											 automatically creates this info.)

    255. 

  255. 

    256. 

  256. 		Returns:

    257. 

  257. 			int - Returns an integer if the member was successfully created (which

    258. 

  258. 						is the new new members ID) or true on failure.

    259. 

  259. 	*/

    260. 

  260. 	public function add($member_name, $member_pass, $member_email, $options = array())

    261. 

  261. 	{

    262. 

  262. 		global $func;

    263. 

  263. 

    264. 

  264. 		// Allows a plugin to handle the creation of members themselves ;)

    265. 

  265. 		// Set the handled parameter to an integer or false, otherwise the

    266. 

  266. 		// system will handle the creation of the member.

    267. 

  267. 		$handled = null;

    268. 

  268. 		api()->run_hooks('members_add', array(&$handled, $member_name, $member_pass, $member_email, $options));

    269. 

  269. 

    270. 

  270. 		if($handled === null)

    271. 

  271. 		{

    272. 

  272. 			$member_name = trim($member_name);

    273. 

  273. 

    274. 

  274. 			// Now make sure that the member name and email are allowed, we don't

    275. 

  275. 			// want them to be in use already, as that would be pretty bad :P

    276. 

  276. 			if(!$this->name_allowed($member_name) || !$this->email_allowed($member_email) || !$this->password_allowed($member_name, $member_pass))

    277. 

  277. 			{

    278. 

  278. 				return false;

    279. 

  279. 			}

    280. 

  280. 

    281. 

  281. 			// Have you set a display name? Gotta check that!

    282. 

  282. 			if(!empty($options['display_name']) && !$this->name_allowed($options['display_name']))

    283. 

  283. 			{

    284. 

  284. 				return false;

    285. 

  285. 			}

    286. 

  286. 			elseif(empty($options['display_name']))

    287. 

  287. 			{

    288. 

  288. 				// We will just make your login name your display name too...

    289. 

  289. 				$options['display_name'] = $member_name;

    290. 

  290. 			}

    291. 

  291. 

    292. 

  292. 			// No member groups assigned? Member it is! (If the member is not an

    293. 

  293. 			// administrator, they must have at least the member group assigned to

    294. 

  294. 			// them)

    295. 

  295. 			if(isset($options['member_groups']) && is_array($options['member_groups']) && !in_array('administrator', $options['member_groups']) && !in_array('member', $options['member_groups']))

    296. 

  296. 			{

    297. 

  297. 				return false;

    298. 

  298. 			}

    299. 

  299. 			elseif(!isset($options['member_groups']) || !is_array($options['member_groups']))

    300. 

  300. 			{

    301. 

  301. 				$options['member_groups'] = array('member');

    302. 

  302. 			}

    303. 

  303. 

    304. 

  304. 			// Registration time can be manually set, must be greater than 0

    305. 

  305. 			// though :P

    306. 

  306. 			if(isset($options['member_registered']) && $options['member_registered'] <= 0)

    307. 

  307. 			{

    308. 

  308. 				return false;

    309. 

  309. 			}

    310. 

  310. 			elseif(!isset($options['member_registered']))

    311. 

  311. 			{

    312. 

  312. 				$options['member_registered'] = time_utc();

    313. 

  313. 			}

    314. 

  314. 

    315. 

  315. 			// An IP?

    316. 

  316. 			if(empty($options['member_ip']))

    317. 

  317. 			{

    318. 

  318. 				$options['member_ip'] = member()->ip();

    319. 

  319. 			}

    320. 

  320. 

    321. 

  321. 			// Is the member activated?

    322. 

  322. 			$options['member_activated'] = !empty($options['member_activated']) ? 1 : 0;

    323. 

  323. 

    324. 

  324. 			// If the member is not activated, then we will generate an activation

    325. 

  325. 			// code...

    326. 

  326. 			$options['member_acode'] = empty($options['member_activated']) && empty($options['member_acode']) ? sha1($this->rand_str(mt_rand(30, 40))) : (!empty($options['member_acode']) ? $options['member_acode'] : '');

    327. 

  327. 

    328. 

  328. 			// Alright! Now insert that member!!!

    329. 

  329. 			$result = db()->insert('insert', '{db->prefix}members',

    330. 

  330. 									array(

    331. 

  331. 										'member_name' => 'string', 'member_pass' => 'string', 'display_name' => 'string',

    332. 

  332. 										'member_email' => 'string', 'member_groups' => 'string', 'member_registered' => 'int',

    333. 

  333. 										'member_ip' => 'string', 'member_activated' => 'int', 'member_acode' => 'string',

    334. 

  334. 									),

    335. 

  335. 									array(

    336. 

  336. 										htmlchars($member_name), sha1($func['strtolower'](htmlchars($member_name)). $member_pass), htmlchars($options['display_name']),

    337. 

  337. 										htmlchars($member_email), implode(',', $options['member_groups']), $options['member_registered'],

    338. 

  338. 										$options['member_ip'], $options['member_activated'], $options['member_acode'],

    339. 

  339. 									), array(), 'members_add_query');

    340. 

  340. 

    341. 

  341. 			$handled = $result->success() ? $result->insert_id() : false;

    342. 

  342. 

    343. 

  343. 			// Maybe there is some default data that needs insertion?

    344. 

  344. 			if(!empty($handled))

    345. 

  345. 			{

    346. 

  346. 				$data = array();

    347. 

  347. 

    348. 

  348. 				// If you want to add data, do:

    349. 

  349. 				// $data[] = array(varible, value)

    350. 

  350. 				api()->run_hooks('members_add_default_data', array(&$data));

    351. 

  351. 

    352. 

  352. 				// Anything?

    353. 

  353. 				if(count($data) > 0)

    354. 

  354. 				{

    355. 

  355. 					foreach($data as $key => $value)

    356. 

  356. 					{

    357. 

  357. 						$data[$key] = array($handled, $value[0], $value[1]);

    358. 

  358. 					}

    359. 

  359. 

    360. 

  360. 					db()->insert('replace', '{db->prefix}member_data',

    361. 

  361. 						array(

    362. 

  362. 							'member_id' => 'int', 'variable' => 'string-255', 'value' => 'string',

    363. 

  363. 						),

    364. 

  364. 						$data, array('member_id'), 'members_add_default_data_query');

    365. 

  365. 				}

    366. 

  366. 			}

    367. 

  367. 		}

    368. 

  368. 

    369. 

  369. 		return (string)$handled == (string)(int)$handled ? (int)$handled : false;

    370. 

  370. 	}

    371. 

  371. 

    372. 

  372. 	/*

    373. 

  373. 		Method: name_allowed

    374. 

  374. 

    375. 

  375. 		Checks to see if the specified member name is allowed, or already taken.

    376. 

  376. 

    377. 

  377. 		Parameters:

    378. 

  378. 			string $member_name - The member name to check.

    379. 

  379. 			int $member_id - If there is a certain member which you want to

    380. 

  380. 											 exclude from your search, give it here ;) Default is

    381. 

  381. 											 0, which is to search all members.

    382. 

  382. 

    383. 

  383. 		Returns:

    384. 

  384. 			bool - Returns true if the name is allowed, false if not.

    385. 

  385. 	*/

    386. 

  386. 	public function name_allowed($member_name, $member_id = 0)

    387. 

  387. 	{

    388. 

  388. 		global $func;

    389. 

  389. 

    390. 

  390. 		if(empty($member_id))

    391. 

  391. 		{

    392. 

  392. 			$member_id = 0;

    393. 

  393. 		}

    394. 

  394. 

    395. 

  395. 		// You know what to do, set it to a bool if you handle it ;)

    396. 

  396. 		$handled = null;

    397. 

  397. 		api()->run_hooks('members_name_allowed', array(&$handled, &$member_name, &$member_id));

    398. 

  398. 

    399. 

  399. 		if($handled === null)

    400. 

  400. 		{

    401. 

  401. 			// Make sure the name isn't too long, or too short!

    402. 

  402. 			if($func['strlen']($member_name) < settings()->get('members_min_name_length', 'int', 1) || $func['strlen']($member_name) > settings()->get('members_max_name_length', 'int', 80))

    403. 

  403. 			{

    404. 

  404. 				return false;

    405. 

  405. 			}

    406. 

  406. 

    407. 

  407. 			// Lower it!!! (And htmlspecialchars it as well :P)

    408. 

  408. 			$member_name = $func['strtolower'](htmlchars($member_name));

    409. 

  409. 

    410. 

  410. 			// First check to see if it is a reserved name...

    411. 

  411. 			$disallowed_names = explode("\n", $func['strtolower'](settings()->get('disallowed_names', 'string')));

    412. 

  412. 

    413. 

  413. 			if(count($disallowed_names))

    414. 

  414. 			{

    415. 

  415. 				foreach($disallowed_names as $disallowed_name)

    416. 

  416. 				{

    417. 

  417. 					$disallowed_name = trim($disallowed_name);

    418. 

  418. 

    419. 

  419. 					// Any wildcards?

    420. 

  420. 					if($func['strpos']($disallowed_name, '*') !== false)

    421. 

  421. 					{

    422. 

  422. 						if(preg_match('~^'. str_replace('*', '(?:.*?)?', $disallowed_name). '$~i', $member_name))

    423. 

  423. 						{

    424. 

  424. 							return false;

    425. 

  425. 						}

    426. 

  426. 					}

    427. 

  427. 					elseif($member_name == $disallowed_name)

    428. 

  428. 					{

    429. 

  429. 						return false;

    430. 

  430. 					}

    431. 

  431. 				}

    432. 

  432. 			}

    433. 

  433. 

    434. 

  434. 			// Now search the database...

    435. 

  435. 			$result = db()->query('

    436. 

  436. 				SELECT

    437. 

  437. 					member_id

    438. 

  438. 				FROM {db->prefix}members

    439. 

  439. 				WHERE '. (db()->case_sensitive ? '(LOWER(member_name) = {string:member_name} OR LOWER(display_name) = {string:member_name})' : '(member_name = {string:member_name} OR display_name = {string:member_name})'). ' AND member_id != {int:member_id}

    440. 

  440. 				LIMIT 1',

    441. 

  441. 				array(

    442. 

  442. 					'member_name' => $member_name,

    443. 

  443. 					'member_id' => $member_id,

    444. 

  444. 				), 'members_name_allowed_query');

    445. 

  445. 

    446. 

  446. 			// We find any matches?

    447. 

  447. 			if($result->num_rows() > 0)

    448. 

  448. 			{

    449. 

  449. 				return false;

    450. 

  450. 			}

    451. 

  451. 		}

    452. 

  452. 

    453. 

  453. 		// Are we still going? Then return the handled value, unless it wasn't

    454. 

  454. 		// modified, in which case, that means we handled it and we didn't find

    455. 

  455. 		// the name!

    456. 

  456. 		return $handled === null ? true : !empty($handled);

    457. 

  457. 	}

    458. 

  458. 

    459. 

  459. 	/*

    460. 

  460. 		Method: email_allowed

    461. 

  461. 

    462. 

  462. 		Checks to see if the specified email is allowed (either the whole

    463. 

  463. 		address itself, or the domain) and not already taken.

    464. 

  464. 

    465. 

  465. 		Parameters:

    466. 

  466. 			string $member_email - The email to check.

    467. 

  467. 			int $member_id - If there is a certain member which you want to

    468. 

  468. 											 exclude from your search, give it here ;) Default is

    469. 

  469. 											 0, which is to search all members.

    470. 

  470. 

    471. 

  471. 		Returns:

    472. 

  472. 			bool - Returns true if the email address is allowed, false if not.

    473. 

  473. 	*/

    474. 

  474. 	public function email_allowed($member_email, $member_id = 0)

    475. 

  475. 	{

    476. 

  476. 		global $func;

    477. 

  477. 

    478. 

  478. 		// You know what to do, set it to a bool if you handle it ;)

    479. 

  479. 		$handled = null;

    480. 

  480. 		api()->run_hooks('members_email_allowed', array(&$handled, $member_email));

    481. 

  481. 

    482. 

  482. 		if($handled === null)

    483. 

  483. 		{

    484. 

  484. 			$member_email = $func['strtolower'](htmlchars($member_email));

    485. 

  485. 

    486. 

  486. 			// Check the email checker function.

    487. 

  487. 			if(!is_email($member_email))

    488. 

  488. 			{

    489. 

  489. 				return false;

    490. 

  490. 			}

    491. 

  491. 

    492. 

  492. 			// Now check disallowed emails...

    493. 

  493. 			$disallowed_emails = explode("\n", $func['strtolower'](settings()->get('disallowed_emails', 'string')));

    494. 

  494. 

    495. 

  495. 			if(count($disallowed_emails) > 0)

    496. 

  496. 			{

    497. 

  497. 				foreach($disallowed_emails as $disallowed_email)

    498. 

  498. 				{

    499. 

  499. 					$disallowed_email = trim($disallowed_email);

    500. 

  500. 

    501. 

  501. 					// Any wildcards?

    502. 

  502. 					if($func['strpos']($disallowed_email, '*') !== false)

    503. 

  503. 					{

    504. 

  504. 						if(preg_match('~^'. str_replace('*', '(?:.*?)?', $disallowed_email). '$~i', $member_email))

    505. 

  505. 						{

    506. 

  506. 							return false;

    507. 

  507. 						}

    508. 

  508. 					}

    509. 

  509. 					elseif($member_email == $disallowed_email)

    510. 

  510. 					{

    511. 

  511. 						return false;

    512. 

  512. 					}

    513. 

  513. 				}

    514. 

  514. 			}

    515. 

  515. 

    516. 

  516. 			// Or maybe, just maybe, it is already in use...

    517. 

  517. 			$result = db()->query('

    518. 

  518. 				SELECT

    519. 

  519. 					member_id

    520. 

  520. 				FROM {db->prefix}members

    521. 

  521. 				WHERE '. (db()->case_sensitive ? 'LOWER(member_email) = {string:member_email}' : 'member_email = {string:member_email}'). ' AND member_id != {int:member_id}

    522. 

  522. 				LIMIT 1',

    523. 

  523. 				array(

    524. 

  524. 					'member_email' => $member_email,

    525. 

  525. 					'member_id' => $member_id,

    526. 

  526. 				), 'members_email_allowed_query');

    527. 

  527. 

    528. 

  528. 			if($result->num_rows() > 0)

    529. 

  529. 			{

    530. 

  530. 				return false;

    531. 

  531. 			}

    532. 

  532. 		}

    533. 

  533. 

    534. 

  534. 		return $handled === null ? true : !empty($handled);

    535. 

  535. 	}

    536. 

  536. 

    537. 

  537. 	/*

    538. 

  538. 		Method: password_allowed

    539. 

  539. 

    540. 

  540. 		Checks to see if the supplied password is allowed.

    541. 

  541. 

    542. 

  542. 		Parameters:

    543. 

  543. 			string $member_name - The login name of the member you are checking

    544. 

  544. 														the password of.

    545. 

  545. 			string $member_pass - The password to check.

    546. 

  546. 

    547. 

  547. 		Returns:

    548. 

  548. 			bool - Returns true if the password is allowed, false if not.

    549. 

  549. 

    550. 

  550. 		Note:

    551. 

  551. 			The supplied password parameter should NOT be hashed, it should

    552. 

  552. 			be the password in its original (unhashed) form.

    553. 

  553. 	*/

    554. 

  554. 	public function password_allowed($member_name, $member_pass)

    555. 

  555. 	{

    556. 

  556. 		global $func;

    557. 

  557. 

    558. 

  558. 		$handled = null;

    559. 

  559. 		api()->run_hooks('members_password_allowed', array(&$handled, $member_pass));

    560. 

  560. 

    561. 

  561. 		if($handled === null)

    562. 

  562. 		{

    563. 

  563. 			// Just a low setting? So the password must have at least 3

    564. 

  564. 			// characters.

    565. 

  565. 			if(settings()->get('password_security', 'int') == 1)

    566. 

  566. 			{

    567. 

  567. 				$handled = $func['strlen']($member_pass) >= 4;

    568. 

  568. 			}

    569. 

  569. 			// Medium requires the password be at least 6 characters and cannot

    570. 

  570. 			// contain the users name.

    571. 

  571. 			elseif(settings()->get('password_security', 'int') == 2)

    572. 

  572. 			{

    573. 

  573. 				$handled = $func['strlen']($member_pass) >= 6 && $func['stripos']($member_pass, $member_name) === false;

    574. 

  574. 			}

    575. 

  575. 			// High requires that the password be at least 8 characters, cannot

    576. 

  576. 			// contain the users name and it also must be alphanumeric.

    577. 

  577. 			else

    578. 

  578. 			{

    579. 

  579. 				$handled = $func['strlen']($member_pass) >= 8 && $func['stripos']($member_pass, $member_name) === false && preg_match('~[0-9]+~', $member_pass);

    580. 

  580. 			}

    581. 

  581. 		}

    582. 

  582. 

    583. 

  583. 		return !empty($handled);

    584. 

  584. 	}

    585. 

  585. 

    586. 

  586. 	/*

    587. 

  587. 		Method: authenticate

    588. 

  588. 

    589. 

  589. 		This method takes a login name and a password, and checks to see if the

    590. 

  590. 		supplied credentials would actually allow the user to login... This

    591. 

  591. 		could be use for various things, oh, say, someone commenting under a

    592. 

  592. 		username, but they don't actually want to login to post under their

    593. 

  593. 		account (you know, like they are in a hurry/in a public place), hint

    594. 

  594. 		hint ;) or actually verifying the login of a member...

    595. 

  595. 

    596. 

  596. 		Parameters:

    597. 

  597. 			string $member_name - The name of the member to check the credentials

    598. 

  598. 														of.

    599. 

  599. 			string $member_pass - The password to attempt to login with.

    600. 

  600. 			string $pass_hash - This can be either false, which means that the

    601. 

  601. 													supplied password is not hashed at all (in which

    602. 

  602. 													case, this method hashes it), it can also be true,

    603. 

  603. 													which means that the password was hashed in this

    604. 

  604. 													format: SHA1(LOWER(members name) + members

    605. 

  605. 													password) or a string that was used to salt the

    606. 

  606. 													supplied hashed password. That means that the

    607. 

  607. 													members password hashed in this format:

    608. 

  608. 													SHA1(SHA1(LOWER(members name) + members password)

    609. 

  609. 													+ password hash).

    610. 

  610. 

    611. 

  611. 		Returns:

    612. 

  612. 			bool - Returns true if the credentials were correct, false on failure.

    613. 

  613. 	*/

    614. 

  614. 	public function authenticate($member_name, $member_pass, $pass_hash = false)

    615. 

  615. 	{

    616. 

  616. 		global $func;

    617. 

  617. 

    618. 

  618. 		// You should get this idea by now :P

    619. 

  619. 		$authenticated = null;

    620. 

  620. 		api()->run_hooks('members_authenticate', array(&$authenticated, $member_name, $member_pass, $pass_hash));

    621. 

  621. 

    622. 

  622. 		if($authenticated === null)

    623. 

  623. 		{

    624. 

  624. 			$member_name = htmlchars(trim($member_name));

    625. 

  625. 

    626. 

  626. 			// Password not hashed..? That's fine, I'll do it myself, then. :P

    627. 

  627. 			if(empty($pass_hash))

    628. 

  628. 			{

    629. 

  629. 				$member_pass = sha1($func['strtolower'](htmlchars($member_name)). $member_pass);

    630. 

  630. 				$pass_hash = true;

    631. 

  631. 			}

    632. 

  632. 

    633. 

  633. 			// Alright, let's query that database!

    634. 

  634. 			$result = db()->query('

    635. 

  635. 				SELECT

    636. 

  636. 					member_pass

    637. 

  637. 				FROM {db->prefix}members

    638. 

  638. 				WHERE member_name = {string:member_name}

    639. 

  639. 				LIMIT 1',

    640. 

  640. 				array(

    641. 

  641. 					'member_name' => $member_name,

    642. 

  642. 				), 'members_authenticate_query');

    643. 

  643. 

    644. 

  644. 			// Did we get anything?

    645. 

  645. 			if($result->num_rows() > 0)

    646. 

  646. 			{

    647. 

  647. 				// Sure, we may have gotten a result, but that doesn't mean their

    648. 

  648. 				// password is right :P

    649. 

  649. 				$row = $result->fetch_assoc();

    650. 

  650. 

    651. 

  651. 				// So let's check

    652. 

  652. 				if($member_pass == $row['member_pass'] || (!empty($pass_hash) && $pass_hash !== true && $member_pass == sha1($row['member_pass']. $pass_hash)))

    653. 

  653. 				{

    654. 

  654. 					return true;

    655. 

  655. 				}

    656. 

  656. 				else

    657. 

  657. 				{

    658. 

  658. 					// Maybe you would like to check..?

    659. 

  659. 					$authenticated = false;

    660. 

  660. 					api()->run_hooks('members_authenticate_other', array(&$authenticated, $member_name, $member_pass, $pass_hash, $row));

    661. 

  661. 

    662. 

  662. 					return !empty($authenticated);

    663. 

  663. 				}

    664. 

  664. 			}

    665. 

  665. 			else

    666. 

  666. 			{

    667. 

  667. 				// We got nothing!

    668. 

  668. 				return false;

    669. 

  669. 			}

    670. 

  670. 		}

    671. 

  671. 

    672. 

  672. 		return !empty($authenticated);

    673. 

  673. 	}

    674. 

  674. 

    675. 

  675. 	/*

    676. 

  676. 		Method: rand_str

    677. 

  677. 

    678. 

  678. 		Generates a random as long as the supplied length.

    679. 

  679. 

    680. 

  680. 		Parameters:

    681. 

  681. 			int $length - The length of the random string you want to create.

    682. 

  682. 										If no length is supplied, a random length between

    683. 

  683. 										1 and 100 is used.

    684. 

  684. 

    685. 

  685. 		Returns:

    686. 

  686. 			string - Returns the randomly (pseudo-random, of course, because we

    687. 

  687. 							 all know, computers can't really make true random stuff ;))

    688. 

  688. 							 generated string.

    689. 

  689. 	*/

    690. 

  690. 	public function rand_str($length = 0)

    691. 

  691. 	{

    692. 

  692. 		// If for some very strange, unknown reason you want to do a random

    693. 

  693. 		// string, be my guest!

    694. 

  694. 		$handled = null;

    695. 

  695. 		$str = '';

    696. 

  696. 		api()->run_hooks('members_rand_str', array(&$handled, &$length, &$str));

    697. 

  697. 

    698. 

  698. 		if($handled === null)

    699. 

  699. 		{

    700. 

  700. 			if(empty($length) || $length < 1)

    701. 

  701. 			{

    702. 

  702. 				$length = mt_rand(1, 100);

    703. 

  703. 			}

    704. 

  704. 

    705. 

  705. 			$chars = array(

    706. 

  706. 								 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',

    707. 

  707. 								 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',

    708. 

  708. 								 '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '~', '!', '@', '#', '$', '%', '^', '*', '-', '_', '+', '=', '?',

    709. 

  709. 							 );

    710. 

  710. 

    711. 

  711. 			$str = '';

    712. 

  712. 			for($i = 0; $i < $length; $i++)

    713. 

  713. 			{

    714. 

  714. 				$str .= $chars[array_rand($chars)];

    715. 

  715. 			}

    716. 

  716. 

    717. 

  717. 			return $str;

    718. 

  718. 		}

    719. 

  719. 		else

    720. 

  720. 		{

    721. 

  721. 			return $str;

    722. 

  722. 		}

    723. 

  723. 	}

    724. 

  724. 

    725. 

  725. 	/*

    726. 

  726. 		Method: update

    727. 

  727. 

    728. 

  728. 		Updates the information of a supplied member ID.

    729. 

  729. 

    730. 

  730. 		Parameters:

    731. 

  731. 			int $member_id - The member ID to update.

    732. 

  732. 			array $options - An array containing the information you want to

    733. 

  733. 											 update.

    734. 

  734. 

    735. 

  735. 		Returns:

    736. 

  736. 			bool - Returns true if the member was successfully updated, false if

    737. 

  737. 						 not (such as if the member does not exist).

    738. 

  738. 

    739. 

  739. 		Note:

    740. 

  740. 			For the $options parameter, these are acceptable indices to use:

    741. 

  741. 

    742. 

  742. 				member_name - Their login name, however, if this is changed, their

    743. 

  743. 											current password MUST be supplied, otherwise, the

    744. 

  744. 											update will fail (password must not be hashed yet),

    745. 

  745. 											their member name must be supplied if their password

    746. 

  746. 											is changed as well.

    747. 

  747. 

    748. 

  748. 				member_pass - The users new password.

    749. 

  749. 

    750. 

  750. 				display_name - The members display name.

    751. 

  751. 

    752. 

  752. 				member_email - The members email address.

    753. 

  753. 

    754. 

  754. 				member_groups - An array containing the members groups.

    755. 

  755. 

    756. 

  756. 				member_ip - The IP of the member.

    757. 

  757. 

    758. 

  758. 				member_activated - The current status of the member. 0 means

    759. 

  759. 													 unactivated, 1 means activated and 11 means that

    760. 

  760. 													 the member changed their email and that the

    761. 

  761. 													 administrator has set the option to require the

    762. 

  762. 													 member to verify their new email address before

    763. 

  763. 													 it is changed.

    764. 

  764. 

    765. 

  765. 				member_acode - An activation code for activating or reactivating

    766. 

  766. 											 their account.

    767. 

  767. 

    768. 

  768. 				data - An array formatted as so: variable => value, simple, no? If

    769. 

  769. 							 you want to delete a data variable for the specified member,

    770. 

  770. 							 set the value to false.

    771. 

  771. 

    772. 

  772. 				admin_override - Set this to true if it is the administrator

    773. 

  773. 												 modifying the account, in which case a password

    774. 

  774. 												 request is set up and an email sent asking the

    775. 

  775. 												 user to set a new password.

    776. 

  776. 	*/

    777. 

  777. 	public function update($member_id, $options)

    778. 

  778. 	{

    779. 

  779. 		global $func;

    780. 

  780. 

    781. 

  781. 		// No options? No go!

    782. 

  782. 		if(count($options) == 0)

    783. 

  783. 		{

    784. 

  784. 			return false;

    785. 

  785. 		}

    786. 

  786. 

    787. 

  787. 		$handled = null;

    788. 

  788. 		api()->run_hooks('members_update', array(&$handled, &$member_id, &$options));

    789. 

  789. 

    790. 

  790. 		if($handled === null)

    791. 

  791. 		{

    792. 

  792. 			// Make sure it is an integer.

    793. 

  793. 			if((string)$member_id != (string)(int)$member_id)

    794. 

  794. 			{

    795. 

  795. 				return false;

    796. 

  796. 			}

    797. 

  797. 

    798. 

  798. 			// Can't update a profile that doesn't exist, can we?

    799. 

  799. 			$result = db()->query('

    800. 

  800. 				SELECT

    801. 

  801. 					member_id

    802. 

  802. 				FROM {db->prefix}members

    803. 

  803. 				WHERE member_id = {int:member_id}

    804. 

  804. 				LIMIT 1',

    805. 

  805. 				array(

    806. 

  806. 					'member_id' => $member_id,

    807. 

  807. 				), 'members_update_profile_exists');

    808. 

  808. 

    809. 

  809. 			if($result->num_rows() == 0)

    810. 

  810. 			{

    811. 

  811. 				return false;

    812. 

  812. 			}

    813. 

  813. 			elseif(isset($options['data']))

    814. 

  814. 			{

    815. 

  815. 				$member_data = $options['data'];

    816. 

  816. 				unset($options['data']);

    817. 

  817. 			}

    818. 

  818. 

    819. 

  819. 			$allowed_columns = array(

    820. 

  820. 				'member_name' => 'string-80',

    821. 

  821. 				'member_pass' => 'string-40',

    822. 

  822. 				'display_name' => 'string-255',

    823. 

  823. 				'member_email' => 'string-255',

    824. 

  824. 				'member_groups' => 'string-255',

    825. 

  825. 				'member_registered' => 'int',

    826. 

  826. 				'member_ip' => 'string-150',

    827. 

  827. 				'member_activated' => 'int',

    828. 

  828. 				'member_acode' => 'string-40',

    829. 

  829. 			);

    830. 

  830. 

    831. 

  831. 			api()->run_hooks('members_update_allowed_columns', array(&$allowed_columns));

    832. 

  832. 

    833. 

  833. 			$data = array();

    834. 

  834. 			foreach($allowed_columns as $column => $type)

    835. 

  835. 			{

    836. 

  836. 				// Only add the data if the column exists...

    837. 

  837. 				if(isset($options[$column]))

    838. 

  838. 				{

    839. 

  839. 					$data[$column] = $options[$column];

    840. 

  840. 				}

    841. 

  841. 			}

    842. 

  842. 

    843. 

  843. 			// Let's let you check the data (just incase ;)) first...

    844. 

  844. 			api()->run_hooks('members_update_check_data', array(&$handled, &$data));

    845. 

  845. 

    846. 

  846. 			// If a hook didn't change handled, we can do our stuff :P

    847. 

  847. 			if($handled !== false)

    848. 

  848. 			{

    849. 

  849. 				if(isset($data['member_groups']) && !is_array($data['member_groups']))

    850. 

  850. 				{

    851. 

  851. 					$data['member_groups'] = array($data['member_groups']);

    852. 

  852. 				}

    853. 

  853. 

    854. 

  854. 				// Make sure their name and password are OK, if supplied!

    855. 

  855. 				if(isset($data['member_name']) && !$this->name_allowed($data['member_name'], $member_id))

    856. 

  856. 				{

    857. 

  857. 					// Must be taken!

    858. 

  858. 					return false;

    859. 

  859. 				}

    860. 

  860. 				elseif(isset($data['member_pass']) && !$this->password_allowed(isset($data['member_name']) ? $data['member_name'] : '', $data['member_pass']))

    861. 

  861. 				{

    862. 

  862. 					return false;

    863. 

  863. 				}

    864. 

  864. 				elseif(isset($data['member_email']) && !$this->email_allowed($data['member_email'], $member_id))

    865. 

  865. 				{

    866. 

  866. 					return false;

    867. 

  867. 				}

    868. 

  868. 				elseif(isset($data['display_name']) && !$this->name_allowed($data['display_name'], $member_id))

    869. 

  869. 				{

    870. 

  870. 					return false;

    871. 

  871. 				}

    872. 

  872. 				elseif((isset($data['member_groups']) && !is_array($data['member_groups'])) || (isset($data['member_groups']) && (!in_array('member', $data['member_groups']) && !in_array('administrator', $data['member_groups']))))

    873. 

  873. 				{

    874. 

  874. 					return false;

    875. 

  875. 				}

    876. 

  876. 

    877. 

  877. 				// Remove any blank groups.

    878. 

  878. 				if(isset($data['member_groups']) && count($data['member_groups']) > 0)

    879. 

  879. 				{

    880. 

  880. 					$member_groups = array();

    881. 

  881. 					foreach($data['member_groups'] as $group_id)

    882. 

  882. 					{

    883. 

  883. 						if(strlen(trim($group_id)) > 0)

    884. 

  884. 						{

    885. 

  885. 							$member_groups[] = trim($group_id);

    886. 

  886. 						}

    887. 

  887. 					}

    888. 

  888. 

    889. 

  889. 					// There, all done :-)

    890. 

  890. 					$data['member_groups'] = $member_groups;

    891. 

  891. 				}

    892. 

  892. 

    893. 

  893. 				// Now we need to hash the password, maybe! They're user name must

    894. 

  894. 				// be supplied, because we salt their password with their user name.

    895. 

  895. 				if(!empty($options['member_name']) && !empty($options['member_pass']))

    896. 

  896. 				{

    897. 

  897. 					$data['member_pass'] = sha1($func['strtolower']($options['member_name']). $options['member_pass']);

    898. 

  898. 				}

    899. 

  899. 				// If they didn't supply a user name but they did supply a password

    900. 

  900. 				// then we can't continue... Sorry!

    901. 

  901. 				elseif(empty($options['admin_override']) && ((!empty($options['member_name']) && empty($options['member_pass'])) || (empty($options['member_name']) && !empty($options['member_pass']))))

    902. 

  902. 				{

    903. 

  903. 					return false;

    904. 

  904. 				}

    905. 

  905. 				// However, if admin_override has been invoked then we will simply

    906. 

  906. 				// ignore the fact that their user name was not supplied. In order

    907. 

  907. 				// to get passed that hurdle we must then start the password reset

    908. 

  908. 				// process on the account.

    909. 

  909. 				elseif(!empty($options['admin_override']) && !empty($options['member_name']))

    910. 

  910. 				{

    911. 

  911. 					// Yup, invoke that password reset... Once we make sure the update

    912. 

  912. 					// actually takes effect.

    913. 

  913. 					$invoke_pwreset = true;

    914. 

  914. 				}

    915. 

  915. 

    916. 

  916. 				// Can't be a bool, the database wants an integer! Easy fix, though!

    917. 

  917. 				if(in_array('member_activated', array_keys($data)) && is_bool($data['member_activated']))

    918. 

  918. 				{

    919. 

  919. 					$data['member_activated'] = !empty($data['member_activated']) ? 1 : 0;

    920. 

  920. 				}

    921. 

  921. 

    922. 

  922. 				// Our data array could be empty, simply because they are updating

    923. 

  923. 				// member_data table information!

    924. 

  924. 				if(!empty($data))

    925. 

  925. 				{

    926. 

  926. 					$db_vars = array(

    927. 

  927. 						'member_id' => $member_id,

    928. 

  928. 					);

    929. 

  929. 					$values = array();

    930. 

  930. 					foreach($data as $column => $value)

    931. 

  931. 					{

    932. 

  932. 						$values[] = $column. ' = {'. $allowed_columns[$column]. ':'. $column. '_value}';

    933. 

  933. 						$db_vars[$column. '_value'] = $column == 'member_groups' ? implode(',', $value) : $value;

    934. 

  934. 					}

    935. 

  935. 

    936. 

  936. 					// Now update that data!

    937. 

  937. 					$result = db()->query('

    938. 

  938. 						UPDATE {db->prefix}members

    939. 

  939. 						SET '. implode(', ', $values). '

    940. 

  940. 						WHERE member_id = {int:member_id}

    941. 

  941. 						LIMIT 1',

    942. 

  942. 						$db_vars, 'members_update_query');

    943. 

  943. 

    944. 

  944. 					$handled = $result->success();

    945. 

  945. 

    946. 

  946. 					// We may need to invoke the password reset process on this

    947. 

  947. 					// account.

    948. 

  948. 					if($handled && !empty($invoke_pwreset))

    949. 

  949. 					{

    950. 

  950. 						require_once(coredir. '/forgotpw.php');

    951. 

  951. 

    952. 

  952. 						forgotpw_invoke($member_id, true);

    953. 

  953. 					}

    954. 

  954. 				}

    955. 

  955. 

    956. 

  956. 				// Changing member data? But only if the other options were

    957. 

  957. 				// successfully updated or if no other options were updated.

    958. 

  958. 				if(!empty($member_data) && count($member_data) > 0 && ($handled === null || $handled))

    959. 

  959. 				{

    960. 

  960. 					$data = array();

    961. 

  961. 					$delete = array();

    962. 

  962. 					foreach($member_data as $variable => $value)

    963. 

  963. 					{

    964. 

  964. 						// If the value isn't false we will update it.

    965. 

  965. 						if($value !== false)

    966. 

  966. 						{

    967. 

  967. 							// Be sure to typecast the value to a string.

    968. 

  968. 							$data[] = array($member_id, $variable, typecast()->to('string', $value));

    969. 

  969. 						}

    970. 

  970. 						else

    971. 

  971. 						{

    972. 

  972. 							// Otherwise, we delete it.

    973. 

  973. 							$delete[] = $variable;

    974. 

  974. 						}

    975. 

  975. 					}

    976. 

  976. 

    977. 

  977. 					if(count($data) > 0)

    978. 

  978. 					{

    979. 

  979. 						$result = db()->insert('replace', '{db->prefix}member_data',

    980. 

  980. 												array(

    981. 

  981. 													'member_id' => 'int', 'variable' => 'string-255', 'value' => 'string',

    982. 

  982. 												),

    983. 

  983. 												$data,

    984. 

  984. 												array('member_id'), 'members_update_data_query');

    985. 

  985. 

    986. 

  986. 						$handled = $result->success();

    987. 

  987. 					}

    988. 

  988. 

    989. 

  989. 					if(count($delete) > 0)

    990. 

  990. 					{

    991. 

  991. 						$result = db()->query('

    992. 

  992. 							DELETE FROM {db->prefix}member_data

    993. 

  993. 							WHERE member_id = {int:member_id} AND variable IN({string_array:variables})',

    994. 

  994. 							array(

    995. 

  995. 								'member_id' => $member_id,

    996. 

  996. 								'variables' => $delete,

    997. 

  997. 							), 'members_update_delete_data_query');

    998. 

  998. 

    999. 

  999. 						$handled = $result->success();

    1000. 

  1000. 					}

    1001. 

  1001. 				}

    1002. 

  1002. 

    1003. 

  1003. 				// This member will need to be reloaded ;)

    1004. 

  1004. 				unset($this->loaded[$member_id]);

    1005. 

  1005. 

    1006. 

  1006. 				api()->run_hooks('members_update_force_refresh', array($member_id));

    1007. 

  1007. 			}

    1008. 

  1008. 		}

    1009. 

  1009. 

    1010. 

  1010. 		return !empty($handled);

    1011. 

  1011. 	}

    1012. 

  1012. 

    1013. 

  1013. 	/*

    1014. 

  1014. 		Method: delete

    1015. 

  1015. 

    1016. 

  1016. 		Deletes the specified members.

    1017. 

  1017. 

    1018. 

  1018. 		Parameters:

    1019. 

  1019. 			mixed $members - This can either be an integer, or an array of integers.

    1020. 

  1020. 

    1021. 

  1021. 		Returns:

    1022. 

  1022. 			bool - Returns TRUE if the specified members were deleted, FALSE if not.

    1023. 

  1023. 

    1024. 

  1024. 		Note:

    1025. 

  1025. 			Be sure before executing this command that you verify their session id!

    1026. 

  1026. 			Check out <Members.verify>

    1027. 

  1027. 	*/

    1028. 

  1028. 	public function delete($members)

    1029. 

  1029. 	{

    1030. 

  1030. 		$handled = null;

    1031. 

  1031. 		api()->run_hooks('members_delete', array(&$handled, $members));

    1032. 

  1032. 

    1033. 

  1033. 		if($handled === null)

    1034. 

  1034. 		{

    1035. 

  1035. 			// Not an array? We will fix that!!!

    1036. 

  1036. 			if(!is_array($members))

    1037. 

  1037. 			{

    1038. 

  1038. 				$members = array($members);

    1039. 

  1039. 			}

    1040. 

  1040. 

    1041. 

  1041. 			// Yeah, we deleted nothing successfully! Ha!

    1042. 

  1042. 			if(count($members) == 0)

    1043. 

  1043. 			{

    1044. 

  1044. 				return true;

    1045. 

  1045. 			}

    1046. 

  1046. 

    1047. 

  1047. 			// Now let's just make sure they are all plausible ids...

    1048. 

  1048. 			foreach($members as $key => $member_id)

    1049. 

  1049. 			{

    1050. 

  1050. 				$member_id = (int)$member_id;

    1051. 

  1051. 

    1052. 

  1052. 				if($member_id < 1)

    1053. 

  1053. 				{

    1054. 

  1054. 					unset($members[$key]);

    1055. 

  1055. 				}

    1056. 

  1056. 			}

    1057. 

  1057. 

    1058. 

  1058. 			$members = array_unique($members);

    1059. 

  1059. 

    1060. 

  1060. 			// Now delete those members!

    1061. 

  1061. 			$result = db()->query('

    1062. 

  1062. 				DELETE FROM {db->prefix}members

    1063. 

  1063. 				WHERE member_id IN({int_array:members})

    1064. 

  1064. 				LIMIT {int:member_count}',

    1065. 

  1065. 				array(

    1066. 

  1066. 					'members' => $members,

    1067. 

  1067. 					'member_count' => count($members),

    1068. 

  1068. 				), 'members_delete_query');

    1069. 

  1069. 

    1070. 

  1070. 			// Was it a success? We still have some more to do!

    1071. 

  1071. 			if($result->success())

    1072. 

  1072. 			{

    1073. 

  1073. 				// Now delete their data in the member_data table.

    1074. 

  1074. 				$result = db()->query('

    1075. 

  1075. 					DELETE FROM {db->prefix}member_data

    1076. 

  1076. 					WHERE member_id IN({int_array:members})',

    1077. 

  1077. 					array(

    1078. 

  1078. 						'members' => $members,

    1079. 

  1079. 					), 'members_delete_query_data');

    1080. 

  1080. 			}

    1081. 

  1081. 

    1082. 

  1082. 			$handled = $result->success();

    1083. 

  1083. 

    1084. 

  1084. 			api()->run_hooks('post_members_delete', array($members));

    1085. 

  1085. 		}

    1086. 

  1086. 

    1087. 

  1087. 		return !empty($handled);

    1088. 

  1088. 	}

    1089. 

  1089. 

    1090. 

  1090. 	/*

    1091. 

  1091. 		Method: name_to_id

    1092. 

  1092. 

    1093. 

  1093. 		Converts a username or email address to a member ID.

    1094. 

  1094. 

    1095. 

  1095. 		Parameters:

    1096. 

  1096. 			mixed $name - The username or email address to translate into a member

    1097. 

  1097. 										ID, this can also be an array of usernames/emails as

    1098. 

  1098. 										well.

    1099. 

  1099. 

    1100. 

  1100. 		Returns:

    1101. 

  1101. 			mixed - Returns an integer if one username or email address is

    1102. 

  1102. 							supplied, an associative rray containing the IDs

    1103. 

  1103. 							(LOWER(name/email) => ID). The value of the name/email will be

    1104. 

  1104. 							false (for arrays or single lookups) if the name/email was not

    1105. 

  1105. 							found.

    1106. 

  1106. 

    1107. 

  1107. 		Note:

    1108. 

  1108. 			Please note that this looks up usernames and email addresses, not

    1109. 

  1109. 			display names!

    1110. 

  1110. 	*/

    1111. 

  1111. 	public function name_to_id($name)

    1112. 

  1112. 	{

    1113. 

  1113. 		global $func;

    1114. 

  1114. 

    1115. 

  1115. 		// You might want to do this if you have your own member setup ;)

    1116. 

  1116. 		$handled = null;

    1117. 

  1117. 		api()->run_hooks('member_name_to_id', array(&$handled, &$name));

    1118. 

  1118. 

    1119. 

  1119. 		if($handled === null)

    1120. 

  1120. 		{

    1121. 

  1121. 			// Is it a bird, a plane, an array?!

    1122. 

  1122. 			if(!is_array($name))

    1123. 

  1123. 			{

    1124. 

  1124. 				// It's not an array, yet ;)

    1125. 

  1125. 				$name = array($name);

    1126. 

  1126. 			}

    1127. 

  1127. 

    1128. 

  1128. 			// Nothing? Bad!

    1129. 

  1129. 			if(count($name) == 0)

    1130. 

  1130. 			{

    1131. 

  1131. 				return false;

    1132. 

  1132. 			}

    1133. 

  1133. 

    1134. 

  1134. 			// Lowercase all the names.

    1135. 

  1135. 			foreach($name as $key => $value)

    1136. 

  1136. 			{

    1137. 

  1137. 				$name[$key] = $func['strtolower']($value);

    1138. 

  1138. 			}

    1139. 

  1139. 

    1140. 

  1140. 			// Simple in reality...

    1141. 

  1141. 			$result = db()->query('

    1142. 

  1142. 				SELECT

    1143. 

  1143. 					LOWER(member_name) AS name, LOWER(member_email) AS email, member_id AS id

    1144. 

  1144. 				FROM {db->prefix}members

    1145. 

  1145. 				WHERE ('. (db()->case_sensitive ? 'LOWER(member_name)' : 'member_name'). ' IN({string_array:names})) OR ('. (db()->case_sensitive ? 'LOWER(member_email)' : 'member_email'). ' IN({string_array:names}))',

    1146. 

  1146. 				array(

    1147. 

  1147. 					'names' => $name,

    1148. 

  1148. 				), 'member_name_to_id_query');

    1149. 

  1149. 

    1150. 

  1150. 			// Now it gets different... We may just return the ID itself, no array.

    1151. 

  1151. 			if(count($name) == 1)

    1152. 

  1152. 			{

    1153. 

  1153. 				if($result->num_rows() == 0)

    1154. 

  1154. 				{

    1155. 

  1155. 					return false;

    1156. 

  1156. 				}

    1157. 

  1157. 

    1158. 

  1158. 				list(,, $member_id) = $result->fetch_row();

    1159. 

  1159. 

    1160. 

  1160. 				return $member_id;

    1161. 

  1161. 			}

    1162. 

  1162. 			else

    1163. 

  1163. 			{

    1164. 

  1164. 				// Flip!!! :-)

    1165. 

  1165. 				$names = array_flip($name);

    1166. 

  1166. 

    1167. 

  1167. 				// For now, we will assume none were found.

    1168. 

  1168. 				foreach($names as $key => $name)

    1169. 

  1169. 				{

    1170. 

  1170. 					$names[$name] = false;

    1171. 

  1171. 				}

    1172. 

  1172. 

    1173. 

  1173. 				while($row = $result->fetch_assoc())

    1174. 

  1174. 				{

    1175. 

  1175. 					// They could have supplied a name and email address which are

    1176. 

  1176. 					// from the same member, so:

    1177. 

  1177. 					if(isset($names[$row['email']]))

    1178. 

  1178. 					{

    1179. 

  1179. 						$names[$row['email']] = $row['id'];

    1180. 

  1180. 					}

    1181. 

  1181. 

    1182. 

  1182. 					if(isset($names[$row['name']]))

    1183. 

  1183. 					{

    1184. 

  1184. 						$names[$row['name']] = $row['id'];

    1185. 

  1185. 					}

    1186. 

  1186. 				}

    1187. 

  1187. 

    1188. 

  1188. 				return $names;

    1189. 

  1189. 			}

    1190. 

  1190. 		}

    1191. 

  1191. 

    1192. 

  1192. 		return $handled;

    1193. 

  1193. 	}

    1194. 

  1194. }

    1195. 

  1195. ?>
    1196.