PageRenderTime 22ms CodeModel.GetById 27ms RepoModel.GetById 0ms app.codeStats 1ms

/scuttle/tags/scuttle-0.7.2-upstream/services/userservice.php

https://github.com/martijnvermaat/quick-hacks
PHP | 362 lines | 290 code | 56 blank | 16 comment | 52 complexity | 5d9f5dd5c9cb896db22a1de1a55cf444 MD5 | raw file
    

  1. <?php
    2. 

  2. class UserService {
    3. 

  3.     var $db;
    4. 

  4. 

  5.     function &getInstance(&$db) {
    6. 

  6.         static $instance;
    7. 

  7.         if (!isset($instance))
    8. 

  8.             $instance =& new UserService($db);
    9. 

  9.         return $instance;
    10. 

  10.     }
    11. 

  11. 

  12.     var $fields = array(
    13. 

  13.         'primary'   =>  'uId',
    14. 

  14.         'username'  =>  'username',
    15. 

  15.         'password'  =>  'password'
    16. 

  16.     );
    17. 

  17.     var $profileurl;
    18. 

  18.     var $tablename;
    19. 

  19.     var $sessionkey;
    20. 

  20.     var $cookiekey;
    21. 

  21.     var $cookietime = 1209600; // 2 weeks
    22. 

  22. 

  23.     function UserService(&$db) {
    24. 

  24.         $this->db =& $db;
    25. 

  25.         $this->tablename = $GLOBALS['tableprefix'] .'users';
    26. 

  26.         $this->sessionkey = $GLOBALS['cookieprefix'] .'-currentuserid';
    27. 

  27.         $this->cookiekey = $GLOBALS['cookieprefix'] .'-login';
    28. 

  28.         $this->profileurl = createURL('profile', '%2$s');
    29. 

  29.     }
    30. 

  30. 

  31.     function _checkdns($host) {
    32. 

  32.         if (function_exists('checkdnsrr')) {
    33. 

  33.             return checkdnsrr($host);
    34. 

  34.         } else {
    35. 

  35.             return $this->_checkdnsrr($host);
    36. 

  36.         }
    37. 

  37.     }
    38. 

  38. 

  39.     function _checkdnsrr($host, $type = "MX") {
    40. 

  40.         if(!empty($host)) {
    41. 

  41.             @exec("nslookup -type=$type $host", $output);
    42. 

  42.             while(list($k, $line) = each($output)) {
    43. 

  43.                 if(eregi("^$host", $line)) {
    44. 

  44.                     return true;
    45. 

  45.                 }
    46. 

  46.             }
    47. 

  47.             return false;
    48. 

  48.         }
    49. 

  49.     }
    50. 

  50. 

  51.     function _getuser($fieldname, $value) {
    52. 

  52.         $query = 'SELECT * FROM '. $this->getTableName() .' WHERE '. $fieldname .' = "'. $this->db->sql_escape($value) .'"';
    53. 

  53. 

  54.         if (! ($dbresult =& $this->db->sql_query($query)) ) {
    55. 

  55.             message_die(GENERAL_ERROR, 'Could not get user', '', __LINE__, __FILE__, $query, $this->db);
    56. 

  56.             return false;
    57. 

  57.         }
    58. 

  58. 

  59.         if ($row =& $this->db->sql_fetchrow($dbresult))
    60. 

  60.             return $row;
    61. 

  61.         else
    62. 

  62.             return false;
    63. 

  63.     }
    64. 

  64. 

  65.     function _randompassword() {
    66. 

  66.         $seed = (integer) md5(microtime());
    67. 

  67.         mt_srand($seed);
    68. 

  68.         $password = mt_rand(1, 99999999);
    69. 

  69.         $password = substr(md5($password), mt_rand(0, 19), mt_rand(6, 12));
    70. 

  70.         return $password;
    71. 

  71.     }
    72. 

  72. 

  73.     function _updateuser($uId, $fieldname, $value) {
    74. 

  74.         $updates = array ($fieldname => $value);
    75. 

  75.         $sql = 'UPDATE '. $this->getTableName() .' SET '. $this->db->sql_build_array('UPDATE', $updates) .' WHERE '. $this->getFieldName('primary') .'='. intval($uId);
    76. 

  76. 

  77.         // Execute the statement.
    78. 

  78.         $this->db->sql_transaction('begin');
    79. 

  79.         if (!($dbresult = & $this->db->sql_query($sql))) {
    80. 

  80.             $this->db->sql_transaction('rollback');
    81. 

  81.             message_die(GENERAL_ERROR, 'Could not update user', '', __LINE__, __FILE__, $sql, $this->db);
    82. 

  82.             return false;
    83. 

  83.         }
    84. 

  84.         $this->db->sql_transaction('commit');
    85. 

  85. 

  86.         // Everything worked out, so return true.
    87. 

  87.         return true;
    88. 

  88.     }
    89. 

  89. 

  90.     function getProfileUrl($id, $username) {
    91. 

  91.         return sprintf($this->profileurl, urlencode($id), urlencode($username));
    92. 

  92.     }
    93. 

  93. 

  94.     function getUserByUsername($username) {
    95. 

  95.         return $this->_getuser($this->getFieldName('username'), $username);
    96. 

  96.     }
    97. 

  97. 

  98.     function getUser($id) {
    99. 

  99.         return $this->_getuser($this->getFieldName('primary'), $id);
    100. 

  100.     }
    101. 

  101. 

  102.     function isLoggedOn() {
    103. 

  103.         return ($this->getCurrentUserId() !== false);
    104. 

  104.     }
    105. 

  105. 

  106.     function &getCurrentUser($refresh = FALSE, $newval = NULL) {
    107. 

  107.         static $currentuser;
    108. 

  108.         if (!is_null($newval)) //internal use only: reset currentuser
    109. 

  109.             $currentuser = $newval;
    110. 

  110.         else if ($refresh || !isset($currentuser)) {
    111. 

  111.             if ($id = $this->getCurrentUserId())
    112. 

  112.                 $currentuser = $this->getUser($id);
    113. 

  113.             else
    114. 

  114.                 return;
    115. 

  115.         }
    116. 

  116.         return $currentuser;
    117. 

  117.     }
    118. 

  118. 

  119.     function isAdmin($userid) {
    120. 

  120.         return false; //not implemented yet
    121. 

  121.     }
    122. 

  122. 

  123.     function getCurrentUserId() {
    124. 

  124.         if (isset($_SESSION[$this->getSessionKey()])) {
    125. 

  125.             return $_SESSION[$this->getSessionKey()];
    126. 

  126.         } else if (isset($_COOKIE[$this->getCookieKey()])) {
    127. 

  127.             $cook = split(':', $_COOKIE[$this->getCookieKey()]);
    128. 

  128.             //cookie looks like this: 'id:md5(username+password)'
    129. 

  129.             $query = 'SELECT * FROM '. $this->getTableName() .
    130. 

  130.                      ' WHERE MD5(CONCAT('.$this->getFieldName('username') .
    131. 

  131.                                      ', '.$this->getFieldName('password') .
    132. 

  132.                      ')) = \''.$this->db->sql_escape($cook[1]).'\' AND '.
    133. 

  133.                      $this->getFieldName('primary'). ' = '. $this->db->sql_escape($cook[0]);
    134. 

  134. 

  135.             if (! ($dbresult =& $this->db->sql_query($query)) ) {
    136. 

  136.                 message_die(GENERAL_ERROR, 'Could not get user', '', __LINE__, __FILE__, $query, $this->db);
    137. 

  137.                 return false;
    138. 

  138.             }
    139. 

  139. 

  140.             if ($row = $this->db->sql_fetchrow($dbresult)) {
    141. 

  141.                 $_SESSION[$this->getSessionKey()] = $row[$this->getFieldName('primary')];
    142. 

  142.                 return $_SESSION[$this->getSessionKey()];
    143. 

  143.             }
    144. 

  144.         }
    145. 

  145.         return false;
    146. 

  146.     }
    147. 

  147. 

  148.     function login($username, $password, $remember = FALSE) {
    149. 

  149.         $password = $this->sanitisePassword($password);
    150. 

  150.         $query = 'SELECT '. $this->getFieldName('primary') .' FROM '. $this->getTableName() .' WHERE '. $this->getFieldName('username') .' = "'. $this->db->sql_escape($username) .'" AND '. $this->getFieldName('password') .' = "'. $this->db->sql_escape($password) .'"';
    151. 

  151. 

  152.         if (! ($dbresult =& $this->db->sql_query($query)) ) {
    153. 

  153.             message_die(GENERAL_ERROR, 'Could not get user', '', __LINE__, __FILE__, $query, $this->db);
    154. 

  154.             return false;
    155. 

  155.         }
    156. 

  156. 

  157.         if ($row =& $this->db->sql_fetchrow($dbresult)) {
    158. 

  158.             $id = $_SESSION[$this->getSessionKey()] = $row[$this->getFieldName('primary')];
    159. 

  159.             if ($remember) {
    160. 

  160.                 $cookie = $id .':'. md5($username.$password);
    161. 

  161.                 setcookie($this->cookiekey, $cookie, time() + $this->cookietime);
    162. 

  162.             }
    163. 

  163.             return true;
    164. 

  164.         } else {
    165. 

  165.             return false;
    166. 

  166.         }
    167. 

  167.     }
    168. 

  168. 

  169.     function logout() {
    170. 

  170.         @setcookie($this->cookiekey, NULL, time() - 1);
    171. 

  171.         unset($_COOKIE[$this->cookiekey]);
    172. 

  172.         session_unset();
    173. 

  173.         $this->getCurrentUser(TRUE, false);
    174. 

  174.     }
    175. 

  175. 

  176.     function getWatchlist($uId) {
    177. 

  177.         // Gets the list of user IDs being watched by the given user.
    178. 

  178.         $query = 'SELECT watched FROM '. $GLOBALS['tableprefix'] .'watched WHERE uId = '. intval($uId);
    179. 

  179. 

  180.         if (! ($dbresult =& $this->db->sql_query($query)) ) {
    181. 

  181.             message_die(GENERAL_ERROR, 'Could not get watchlist', '', __LINE__, __FILE__, $query, $this->db);
    182. 

  182.             return false;
    183. 

  183.         }
    184. 

  184. 

  185.         $arrWatch = array();
    186. 

  186.         if ($this->db->sql_numrows($dbresult) == 0)
    187. 

  187.             return $arrWatch;
    188. 

  188.         while ($row =& $this->db->sql_fetchrow($dbresult))
    189. 

  189.             $arrWatch[] = $row['watched'];
    190. 

  190.         return $arrWatch;
    191. 

  191.     }
    192. 

  192. 

  193.     function getWatchNames($uId, $watchedby = false) {
    194. 

  194.         // Gets the list of user names being watched by the given user.
    195. 

  195.         // - If $watchedby is false get the list of users that $uId watches
    196. 

  196.         // - If $watchedby is true get the list of users that watch $uId
    197. 

  197.         if ($watchedby) {
    198. 

  198.             $table1 = 'b';
    199. 

  199.             $table2 = 'a';
    200. 

  200.         } else {
    201. 

  201.             $table1 = 'a';
    202. 

  202.             $table2 = 'b';
    203. 

  203.         }
    204. 

  204.         $query = 'SELECT '. $table1 .'.'. $this->getFieldName('username') .' FROM '. $GLOBALS['tableprefix'] .'watched AS W, '. $this->getTableName() .' AS a, '. $this->getTableName() .' AS b WHERE W.watched = a.'. $this->getFieldName('primary') .' AND W.uId = b.'. $this->getFieldName('primary') .' AND '. $table2 .'.'. $this->getFieldName('primary') .' = '. intval($uId) .' ORDER BY '. $table1 .'.'. $this->getFieldName('username');
    205. 

  205. 

  206.         if (!($dbresult =& $this->db->sql_query($query))) {
    207. 

  207.             message_die(GENERAL_ERROR, 'Could not get watchlist', '', __LINE__, __FILE__, $query, $this->db);
    208. 

  208.             return false;
    209. 

  209.         }
    210. 

  210. 

  211.         $arrWatch = array();
    212. 

  212.         if ($this->db->sql_numrows($dbresult) == 0) {
    213. 

  213.             return $arrWatch;
    214. 

  214.         }
    215. 

  215.         while ($row =& $this->db->sql_fetchrow($dbresult)) {
    216. 

  216.             $arrWatch[] = $row[$this->getFieldName('username')];
    217. 

  217.         }
    218. 

  218.         return $arrWatch;
    219. 

  219.     }
    220. 

  220. 

  221.     function getWatchStatus($watcheduser, $currentuser) {
    222. 

  222.         // Returns true if the current user is watching the given user, and false otherwise.
    223. 

  223.         $query = 'SELECT watched FROM '. $GLOBALS['tableprefix'] .'watched AS W INNER JOIN '. $this->getTableName() .' AS U ON U.'. $this->getFieldName('primary') .' = W.watched WHERE U.'. $this->getFieldName('primary') .' = '. intval($watcheduser) .' AND W.uId = '. intval($currentuser);
    224. 

  224.         
    225. 

  225.         if (! ($dbresult =& $this->db->sql_query($query)) ) {
    226. 

  226.             message_die(GENERAL_ERROR, 'Could not get watchstatus', '', __LINE__, __FILE__, $query, $this->db);
    227. 

  227.             return false;
    228. 

  228.         }
    229. 

  229. 

  230.         $arrWatch = array();
    231. 

  231.         if ($this->db->sql_numrows($dbresult) == 0)
    232. 

  232.             return false;
    233. 

  233.         else 
    234. 

  234.             return true;
    235. 

  235.     }
    236. 

  236. 

  237.     function setWatchStatus($subjectUserID) {
    238. 

  238.         if (!is_numeric($subjectUserID))
    239. 

  239.             return false;
    240. 

  240. 

  241.         $currentUserID = $this->getCurrentUserId();
    242. 

  242.         $watched = $this->getWatchStatus($subjectUserID, $currentUserID);
    243. 

  243. 

  244.         if ($watched) {
    245. 

  245.             $sql = 'DELETE FROM '. $GLOBALS['tableprefix'] .'watched WHERE uId = '. intval($currentUserID) .' AND watched = '. intval($subjectUserID);
    246. 

  246.             if (!($dbresult =& $this->db->sql_query($sql))) {
    247. 

  247.                 $this->db->sql_transaction('rollback');
    248. 

  248.                 message_die(GENERAL_ERROR, 'Could not add user to watch list', '', __LINE__, __FILE__, $sql, $this->db);
    249. 

  249.                 return false;
    250. 

  250.             }
    251. 

  251.         } else {
    252. 

  252.             $values = array(
    253. 

  253.                 'uId' => intval($currentUserID),
    254. 

  254.                 'watched' => intval($subjectUserID)
    255. 

  255.             ); 
    256. 

  256.             $sql = 'INSERT INTO '. $GLOBALS['tableprefix'] .'watched '. $this->db->sql_build_array('INSERT', $values);
    257. 

  257.             if (!($dbresult =& $this->db->sql_query($sql))) {
    258. 

  258.                 $this->db->sql_transaction('rollback');
    259. 

  259.                 message_die(GENERAL_ERROR, 'Could not add user to watch list', '', __LINE__, __FILE__, $sql, $this->db);
    260. 

  260.                 return false;
    261. 

  261.             }
    262. 

  262.         }
    263. 

  263. 

  264.         $this->db->sql_transaction('commit');
    265. 

  265.         return true;
    266. 

  266.     }
    267. 

  267. 

  268.     function addUser($username, $password, $email) {
    269. 

  269.         // Set up the SQL UPDATE statement.
    270. 

  270.         $datetime = gmdate('Y-m-d H:i:s', time());
    271. 

  271.         $password = $this->sanitisePassword($password);
    272. 

  272.         $values = array('username' => $username, 'password' => $password, 'email' => $email, 'uDatetime' => $datetime, 'uModified' => $datetime);
    273. 

  273.         $sql = 'INSERT INTO '. $this->getTableName() .' '. $this->db->sql_build_array('INSERT', $values);
    274. 

  274. 

  275.         // Execute the statement.
    276. 

  276.         $this->db->sql_transaction('begin');
    277. 

  277.         if (!($dbresult = & $this->db->sql_query($sql))) {
    278. 

  278.             $this->db->sql_transaction('rollback');
    279. 

  279.             message_die(GENERAL_ERROR, 'Could not insert user', '', __LINE__, __FILE__, $sql, $this->db);
    280. 

  280.             return false;
    281. 

  281.         }
    282. 

  282.         $this->db->sql_transaction('commit');
    283. 

  283. 

  284.         // Everything worked out, so return true.
    285. 

  285.         return true;
    286. 

  286.     }
    287. 

  287. 

  288.     function updateUser($uId, $password, $name, $email, $homepage, $uContent) {
    289. 

  289.         if (!is_numeric($uId))
    290. 

  290.             return false;
    291. 

  291. 

  292.         // Set up the SQL UPDATE statement.
    293. 

  293.         $moddatetime = gmdate('Y-m-d H:i:s', time());
    294. 

  294.         if ($password == '')
    295. 

  295.             $updates = array ('uModified' => $moddatetime, 'name' => $name, 'email' => $email, 'homepage' => $homepage, 'uContent' => $uContent);
    296. 

  296.         else
    297. 

  297.             $updates = array ('uModified' => $moddatetime, 'password' => $this->sanitisePassword($password), 'name' => $name, 'email' => $email, 'homepage' => $homepage, 'uContent' => $uContent);
    298. 

  298.         $sql = 'UPDATE '. $this->getTableName() .' SET '. $this->db->sql_build_array('UPDATE', $updates) .' WHERE '. $this->getFieldName('primary') .'='. intval($uId);
    299. 

  299. 

  300.         // Execute the statement.
    301. 

  301.         $this->db->sql_transaction('begin');
    302. 

  302.         if (!($dbresult = & $this->db->sql_query($sql))) {
    303. 

  303.             $this->db->sql_transaction('rollback');
    304. 

  304.             message_die(GENERAL_ERROR, 'Could not update user', '', __LINE__, __FILE__, $sql, $this->db);
    305. 

  305.             return false;
    306. 

  306.         }
    307. 

  307.         $this->db->sql_transaction('commit');
    308. 

  308. 

  309.         // Everything worked out, so return true.
    310. 

  310.         return true;
    311. 

  311.     }
    312. 

  312. 

  313.     function sanitisePassword($password) {
    314. 

  314.         return sha1(trim($password));
    315. 

  315.     }
    316. 

  316. 

  317.     function generatePassword($uId) {
    318. 

  318.         if (!is_numeric($uId))
    319. 

  319.             return false;
    320. 

  320. 

  321.         $password = $this->_randompassword();
    322. 

  322. 

  323.         if ($this->_updateuser($uId, $this->getFieldName('password'), $this->sanitisePassword($password)))
    324. 

  324.             return $password;
    325. 

  325.         else
    326. 

  326.             return false;
    327. 

  327.     }
    328. 

  328. 

  329.     function isReserved($username) {
    330. 

  330.         if (in_array($username, $GLOBALS['reservedusers'])) {
    331. 

  331.             return true;
    332. 

  332.         } else {
    333. 

  333.             return false;
    334. 

  334.         }
    335. 

  335.     }
    336. 

  336. 

  337.     function isValidEmail($email) {
    338. 

  338.         if (eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$", $email)) {
    339. 

  339.             list($emailUser, $emailDomain) = split("@", $email);
    340. 

  340. 

  341.             // Check if the email domain has a DNS record
    342. 

  342.             if ($this->_checkdns($emailDomain)) {
    343. 

  343.                 return true;
    344. 

  344.             }
    345. 

  345.         }
    346. 

  346.         return false;
    347. 

  347.     }
    348. 

  348. 

  349.     // Properties
    350. 

  350.     function getTableName()       { return $this->tablename; }
    351. 

  351.     function setTableName($value) { $this->tablename = $value; }
    352. 

  352. 

  353.     function getFieldName($field)         { return $this->fields[$field]; }
    354. 

  354.     function setFieldName($field, $value) { $this->fields[$field] = $value; }
    355. 

  355. 

  356.     function getSessionKey()       { return $this->sessionkey; }
    357. 

  357.     function setSessionKey($value) { $this->sessionkey = $value; }
    358. 

  358. 

  359.     function getCookieKey()       { return $this->cookiekey; }
    360. 

  360.     function setCookieKey($value) { $this->cookiekey = $value; }
    361. 

  361. }
    362. 

  362. ?>
    363. 

  363.