PageRenderTime 45ms CodeModel.GetById 17ms RepoModel.GetById 1ms app.codeStats 0ms

/include/class.user.php

https://bitbucket.org/icarito/pmc
PHP | 491 lines | 332 code | 51 blank | 108 comment | 30 complexity | 17c463f8f1ccf6bf0cc41449e0c049cd MD5 | raw file
Possible License(s): GPL-3.0, LGPL-2.1
  1. <?php
  2. /**
  3. * Provides methods to interact with users
  4. *
  5. * @author Open Dynamics <info@o-dyn.de>
  6. * @name user
  7. * @version 0.4.7
  8. * @package Collabtive
  9. * @link http://www.o-dyn.de
  10. * @license http://opensource.org/licenses/gpl-license.php GNU General Public License v3 or laterg
  11. */
  12. class user
  13. {
  14. public $mylog;
  15. /**
  16. * Konstruktor
  17. * Initialisiert den Eventlog
  18. */
  19. function __construct()
  20. {
  21. $this->mylog = new mylog;
  22. }
  23. /**
  24. * Creates a user
  25. *
  26. * @param string $name Name of the member
  27. * @param string $email Email Address of the member
  28. * @param int $company Company ID of the member (unused)
  29. * @param string $pass Password
  30. * @param string $locale Localisation
  31. * @return int $insid ID of the newly created member
  32. */
  33. function add($name, $email, $company, $pass, $locale = "", $tags = "", $rate = 0.0)
  34. {
  35. $name = mysql_real_escape_string($name);
  36. $email = mysql_real_escape_string($email);
  37. $pass = mysql_real_escape_string($pass);
  38. $locale = mysql_real_escape_string($locale);
  39. $pass = mysql_real_escape_string($pass);
  40. $tags = mysql_real_escape_string($tags);
  41. $rate = (float) $rate;
  42. $company = (int) $company;
  43. $pass = sha1($pass);
  44. $ins1 = mysql_query("INSERT INTO user (name,email,pass,company,tags,locale,rate) VALUES ('$name','$email','$pass',$company,'$tags','$locale','$rate')");
  45. if ($ins1)
  46. {
  47. $insid = mysql_insert_id();
  48. $this->mylog->add($name, 'user', 1, 0);
  49. return $insid;
  50. }
  51. else
  52. {
  53. return false;
  54. }
  55. }
  56. /**
  57. * Edits a member
  58. *
  59. * @param int $id Member ID
  60. * @param string $name Member name
  61. * @param string $realname realname
  62. * @param string $role role
  63. * @param string $email Email
  64. * @param int $company Company ID of the member (unused)
  65. * @param string $zip ZIP-Code
  66. * @param string $gender Gender
  67. * @param string $url URL
  68. * @param string $address1 Adressline1
  69. * @param string $address2 Addressline2
  70. * @param string $state State
  71. * @param string $country Country
  72. * @param string $locale Localisation
  73. * @param string $avatar Avatar
  74. * @return bool
  75. */
  76. function edit($id, $name, $realname, $email, $tel1, $tel2, $company, $zip, $gender, $url, $address1, $address2, $state, $country, $tags, $locale, $avatar = "", $rate = 0.0)
  77. {
  78. $name = mysql_real_escape_string($name);
  79. $realname = mysql_real_escape_string($realname);
  80. $job = mysql_real_escape_string($role);
  81. $email = mysql_real_escape_string($email);
  82. $zip = mysql_real_escape_string($zip);
  83. $gender = mysql_real_escape_string($gender);
  84. $url = mysql_real_escape_string($url);
  85. $address1 = mysql_real_escape_string($address1);
  86. $address2 = mysql_real_escape_string($address2);
  87. $state = mysql_real_escape_string($state);
  88. $country = mysql_real_escape_string($country);
  89. $locale = mysql_real_escape_string($locale);
  90. $avatar = mysql_real_escape_string($avatar);
  91. $rate = (float) $rate;
  92. $id = (int) $id;
  93. // $company = (int) $company;
  94. if ($avatar != "")
  95. {
  96. $upd = mysql_query("UPDATE user SET name='$name',email='$email',tel1='$tel1', tel2='$tel2',company='$company',zip='$zip',gender='$gender',url='$url',adress='$address1',adress2='$address2',state='$state',country='$country',tags='$tags',locale='$locale',avatar='$avatar',rate='$rate' WHERE ID = $id");
  97. }
  98. else
  99. {
  100. // realname='$realname',,role='$role'
  101. $upd = mysql_query("UPDATE user SET name='$name',email='$email', tel1='$tel1', tel2='$tel2', company='$company',zip='$zip',gender='$gender',url='$url',adress='$address1',adress2='$address2',state='$state',country='$country',tags='$tags',locale='$locale',rate='$rate' WHERE ID = $id");
  102. }
  103. if ($upd)
  104. {
  105. $this->mylog->add($name, 'user', 2, 0);
  106. return true;
  107. }
  108. else
  109. {
  110. return false;
  111. }
  112. }
  113. /**
  114. * Change a password
  115. *
  116. * @param int $id Eindeutige Mitgliedsnummer
  117. * @param string $oldpass Altes Passwort
  118. * @param string $newpass Neues Passwort
  119. * @param string $repeatpass Repetition of the new password
  120. * @return bool
  121. */
  122. function editpass($id, $oldpass, $newpass, $repeatpass)
  123. {
  124. $oldpass = mysql_real_escape_string($oldpass);
  125. $newpass = mysql_real_escape_string($newpass);
  126. $repeatpass = mysql_real_escape_string($repeatpass);
  127. $id = (int) $id;
  128. if ($newpass != $repeatpass)
  129. {
  130. return false;
  131. }
  132. $id = mysql_real_escape_string($id);
  133. $newpass = sha1($newpass);
  134. $oldpass = sha1($oldpass);
  135. $chk = mysql_query("SELECT ID, name FROM user WHERE ID = $id AND pass = '$oldpass'");
  136. $chk = mysql_fetch_row($chk);
  137. $chk = $chk[0];
  138. $name = $chk[1];
  139. if (!$chk)
  140. {
  141. return false;
  142. }
  143. $upd = mysql_query("UPDATE user SET pass='$newpass' WHERE ID = $id");
  144. if ($upd)
  145. {
  146. return true;
  147. }
  148. else
  149. {
  150. return false;
  151. }
  152. }
  153. /**
  154. * Change a password as admin
  155. *
  156. * @param int $id User ID
  157. * @param string $newpass New passwort
  158. * @param string $repeatpass Repetition of the new password
  159. * @return bool
  160. */
  161. function admin_editpass($id, $newpass, $repeatpass)
  162. {
  163. $newpass = mysql_real_escape_string($newpass);
  164. $repeatpass = mysql_real_escape_string($repeatpass);
  165. $id = (int) $id;
  166. if ($newpass != $repeatpass)
  167. {
  168. return false;
  169. }
  170. $id = mysql_real_escape_string($id);
  171. $newpass = sha1($newpass);
  172. $upd = mysql_query("UPDATE user SET pass='$newpass' WHERE ID = $id");
  173. if ($upd)
  174. {
  175. return true;
  176. }
  177. else
  178. {
  179. return false;
  180. }
  181. }
  182. /**
  183. * Delete a user
  184. *
  185. * @param int $id User ID
  186. * @return bool
  187. */
  188. function del($id)
  189. {
  190. $id = (int) $id;
  191. $chk = mysql_query("SELECT name FROM user WHERE ID = $id");
  192. $chk = mysql_fetch_row($chk);
  193. $name = $chk[0];
  194. $del = mysql_query("DELETE FROM user WHERE ID = $id");
  195. $del2 = mysql_query("DELETE FROM projekte_assigned WHERE user = $id");
  196. $del3 = mysql_query("DELETE FROM milestones_assigned WHERE user = $id");
  197. $del4 = mysql_query("DELETE FROM tasks_assigned WHERE user = $id");
  198. $del5 = mysql_query("DELETE FROM log WHERE user = $id");
  199. $del6 = mysql_query("DELETE FROM timetracker WHERE user = $id");
  200. if ($del)
  201. {
  202. $this->mylog->add($name, 'user', 3, 0);
  203. return true;
  204. }
  205. else
  206. {
  207. return false;
  208. }
  209. }
  210. /**
  211. * Get a user profile
  212. *
  213. * @param int $id User ID
  214. * @return array $profile Profile
  215. */
  216. function getProfile($id)
  217. {
  218. $id = (int) $id;
  219. $companyobj = new company();
  220. $sel = mysql_query("SELECT * FROM user WHERE ID = $id");
  221. $profile = mysql_fetch_array($sel);
  222. if (!empty($profile))
  223. {
  224. $profile["name"] = stripslashes($profile["name"]);
  225. if (isset($profile["company"]))
  226. {
  227. $profile["company"] = stripslashes($profile["company"]);
  228. }
  229. if (isset($profile["adress"]))
  230. {
  231. $profile["adress"] = stripslashes($profile["adress"]);
  232. }
  233. if (isset($profile["adress2"]))
  234. {
  235. $profile["adress2"] = stripslashes($profile["adress2"]);
  236. }
  237. if (isset($profile["state"]))
  238. {
  239. $profile["state"] = stripslashes($profile["state"]);
  240. }
  241. if (isset($profile["country"]))
  242. {
  243. $profile["country"] = stripslashes($profile["country"]);
  244. }
  245. $tagsobj = new tags();
  246. $profile["tagsarr"] = $tagsobj->splitTagStr($profile["tags"]);
  247. //$profile["company"] = $companyobj->getProfile($profile["company"]);
  248. $rolesobj = (object) new roles();
  249. $profile["role"] = $rolesobj->getUserRole($profile["ID"]);
  250. return $profile;
  251. }
  252. else
  253. {
  254. return false;
  255. }
  256. }
  257. /**
  258. * Get the avatar of a user
  259. *
  260. * @param int $id User ID
  261. * @return array $profile Avatar
  262. */
  263. function getAvatar($id)
  264. {
  265. $id = (int) $id;
  266. $sel = mysql_query("SELECT avatar FROM user WHERE ID = $id");
  267. $profile = mysql_fetch_row($sel);
  268. $profile = $profile[0];
  269. if (!empty($profile))
  270. {
  271. return $profile;
  272. }
  273. else
  274. {
  275. return false;
  276. }
  277. }
  278. /**
  279. * Log a user in
  280. *
  281. * @param string $user User name
  282. * @param string $pass Password
  283. * @return bool
  284. */
  285. function login($user, $pass)
  286. {
  287. if (!$user)
  288. {
  289. return false;
  290. }
  291. $user = mysql_real_escape_string($user);
  292. $pass = mysql_real_escape_string($pass);
  293. $pass = sha1($pass);
  294. $sel1 = mysql_query("SELECT ID,name,locale,lastlogin,gender FROM user WHERE name = '$user' AND pass = '$pass'");
  295. $chk = mysql_fetch_array($sel1);
  296. if ($chk["ID"] != "")
  297. {
  298. $rolesobj = new roles();
  299. $now = time();
  300. $_SESSION['userid'] = $chk['ID'];
  301. $_SESSION['username'] = stripslashes($chk['name']);
  302. $_SESSION['lastlogin'] = $now;
  303. $_SESSION['userlocale'] = $chk['locale'];
  304. $_SESSION['usergender'] = $chk['gender'];
  305. $_SESSION["userpermissions"] = $rolesobj->getUserRole($chk["ID"]);
  306. /*
  307. session_register('userid');
  308. session_register('username');
  309. session_register('lastlogin');
  310. session_register('usergender');
  311. session_register('userlocale');
  312. */
  313. $userid = $_SESSION['userid'];
  314. $seid = session_id();
  315. $staylogged = getArrayVal($_POST, 'staylogged');
  316. if ($staylogged == 1)
  317. {
  318. setcookie("PHPSESSID", "$seid", time() + 14 * 24 * 3600);
  319. }
  320. $upd1 = mysql_query("UPDATE user SET lastlogin = '$now' WHERE ID = $userid");
  321. return true;
  322. }
  323. else
  324. {
  325. return false;
  326. }
  327. }
  328. /**
  329. * Logout
  330. *
  331. * @return bool
  332. */
  333. function logout()
  334. {
  335. session_start();
  336. session_destroy();
  337. session_unset();
  338. setcookie("PHPSESSID", "");
  339. return true;
  340. }
  341. /**
  342. * Returns all users
  343. *
  344. * @param int $lim Limit
  345. * @return array $users Registrierte Mitglieder
  346. */
  347. function getAllUsers($lim = 10)
  348. {
  349. $lim = (int) $lim;
  350. $sel = mysql_query("SELECT COUNT(*) FROM `user`");
  351. $num = mysql_fetch_row($sel);
  352. $num = $num[0];
  353. SmartyPaginate::connect();
  354. // set items per page
  355. SmartyPaginate::setLimit($lim);
  356. SmartyPaginate::setTotal($num);
  357. $start = SmartyPaginate::getCurrentIndex();
  358. $lim = SmartyPaginate::getLimit();
  359. $sel2 = mysql_query("SELECT * FROM `user` ORDER BY ID DESC LIMIT $start,$lim");
  360. $users = array();
  361. while ($user = mysql_fetch_array($sel2))
  362. {
  363. $user["name"] = stripslashes($user["name"]);
  364. $user["company"] = stripslashes($user["company"]);
  365. $user["adress"] = stripslashes($user["adress"]);
  366. $user["adress2"] = stripslashes($user["adress2"]);
  367. $user["state"] = stripslashes($user["state"]);
  368. $user["country"] = stripslashes($user["country"]);
  369. array_push($users, $user);
  370. }
  371. if (!empty($users))
  372. {
  373. return $users;
  374. }
  375. else
  376. {
  377. return false;
  378. }
  379. }
  380. function getOnlinelist($offset = 30)
  381. {
  382. $offset = (int) $offset;
  383. $time = time();
  384. $now = $time - $offset;
  385. $sel = mysql_query("SELECT * FROM user WHERE lastlogin >= $now");
  386. $users = array();
  387. while ($user = mysql_fetch_array($sel))
  388. {
  389. $user["name"] = stripslashes($user["name"]);
  390. $user["company"] = stripslashes($user["company"]);
  391. $user["adress"] = stripslashes($user["adress"]);
  392. $user["adress2"] = stripslashes($user["adress2"]);
  393. $user["state"] = stripslashes($user["state"]);
  394. $user["country"] = stripslashes($user["country"]);
  395. array_push($users, $user);
  396. }
  397. if (!empty($users))
  398. {
  399. return $users;
  400. }
  401. else
  402. {
  403. return false;
  404. }
  405. }
  406. function isOnline($user, $offset = 30)
  407. {
  408. $user = (int) $user;
  409. $offset = (int) $offset;
  410. $time = time();
  411. $now = $time - $offset;
  412. $sel = mysql_query("SELECT ID FROM user WHERE lastlogin >= $now AND ID = $user");
  413. $user = mysql_fetch_row($sel);
  414. if (!empty($user))
  415. {
  416. return true;
  417. }
  418. else
  419. {
  420. return false;
  421. }
  422. }
  423. function getId($user){
  424. $user = mysql_real_escape_string($user);
  425. $sel = mysql_query("SELECT ID FROM user WHERE name = '$user'");
  426. $id = mysql_fetch_row($sel);
  427. $id = $id[0];
  428. $theid = array();
  429. $theid["ID"] = $id;
  430. if($id > 0)
  431. {
  432. return $theid;
  433. }
  434. else
  435. {
  436. return array();
  437. }
  438. }
  439. }
  440. ?>