id = $id; } $this->load($this->id); } function load($id = NULL) { if (is_numeric($id)) { $this->id = $id; } else { $this->username = $id; } $ret = false; if (is_numeric($this->id)) { $q = "SELECT * FROM " . DB_PREFIX . "users WHERE id=".$this->id; $ret = query_row($q); } else if ($this->username) { $q = "SELECT * FROM " . DB_PREFIX . "users WHERE username='".$this->username."'"; $ret = query_row($q); } if ( $ret) { $this->id = $ret->id; $this->username = $ret->username; $this->first_name = $ret->first_name; $this->last_name = $ret->last_name; $this->email = $ret->email; $this->language = $ret->language; $this->approved = $ret->approved; $this->level = $ret->role; $this->types = unserialize($ret->types); if (!$this->types) { $this->types = array(); } $this->activation_code = $ret->activation_code; } } function getUsername() { return $this->username; } function getActivationCode() { return $this->activation_code; } function getFullName() { return $this->first_name." ".$this->last_name; } function getURL() { return WWW_ROOT."user/settings/".$this->username; } function getRoles() { return $this->roles; } function hasAnyRole($required) { $lstr = ""; foreach ( $required as $r) { $lstr .= " ".$r; } //$psyhvel->out("debug", "checking permissions, must have:".$lstr); if ( count($required) == 0) { return True; } else if ( count($required) == 1 && !$required[0] ) { return True; } foreach ($required as $r) { if ( array_key_exists($r, $this->roles) ) { if ( $this->roles[$r] == 1) { return True; } } } //$psyhvel->out("debug", "...failed"); return False; } function hasRole($role) { if ( $this->roles[$role] == 1) { return True; } return False; } function getId() { return $this->id; } function getUserIdByUname($uname) { global $db; $q = "SELECT id FROM " . DB_PREFIX . "users WHERE uname='".$uname."'"; $ret = $db->query($q); $num = mysql_num_rows($ret); if ( $num == 1) { // OK $res = mysql_fetch_array($ret); return $res['id']; } return -1; } function getUsers() { global $db; return $db->query("SELECT *, concat(firstname, ' ', lastname) AS fullname FROM " . DB_PREFIX . "users LEFT JOIN " . DB_PREFIX . "userinfo ON " . DB_PREFIX . "users.id=" . DB_PREFIX . "userinfo.userid WHERE approved"); } function getUserById($id=false) { if (isset($id) && is_numeric($id)) { $user = new User(); $user->load($id); return $user; } return false; } function getAllUsers() { $res = query_rows("SELECT *, concat(first_name, ' ', last_name) AS fullname FROM " . DB_PREFIX . "users ORDER BY role DESC, fullname ASC"); return $res; } function getActiveUsersCount() { // users who have logged in at least once in period of three weeks $query = "SELECT * FROM ". DB_PREFIX ."users WHERE last_login >= DATE_ADD(NOW(), INTERVAL -21 DAY)"; $active = query($query); return mysql_num_rows($active); } function getInActiveUsersCount() { // users who haven't logged in at least once in period of three weeks $query = "SELECT * FROM ". DB_PREFIX ."users WHERE last_login < DATE_ADD(NOW(), INTERVAL -21 DAY)"; $inactive = query($query); return mysql_num_rows($inactive); } function getUnapprovedUsers() { $res = query_rows("SELECT *, concat(first_name, ' ', last_name) AS fullname FROM " . DB_PREFIX . "users WHERE approved=0;"); return $res; } function user_approve($id) { $q = "UPDATE " . DB_PREFIX . "users SET approved=1 WHERE id={$id}"; return query($q); } public function make_admin($id) { $role = 9; //$approved = 1; $res = query("UPDATE " . DB_PREFIX . "users SET role='{$role}' WHERE id={$id}"); if ($res) return 1; return 0; } function isAuthenticationCorrect($username, $password) { $res = query("SELECT * FROM " . DB_PREFIX . "users WHERE username='{$username}' AND approved=1"); $check = mysql_fetch_array($res); if ($this->valid_password($password, $check["password"], $check["salt"])){ return $check["id"]; } return false; } function authenticate_user($username, $password) { $res = query("SELECT * FROM " . DB_PREFIX . "users WHERE username='{$username}' AND approved=1"); $check = mysql_fetch_array($res); if ($this->valid_password($password, $check["password"], $check["salt"])){ $this->load($check["id"]); return $this; } } function updateLastLoginTime() { $q = "UPDATE " . DB_PREFIX . "users SET last_login=NOW() WHERE id={$this->getId()}"; return query($q); } function check_username_exists($username) { $res = query("SELECT count(username) FROM " . DB_PREFIX . "users WHERE username='{$username}'"); $check = mysql_fetch_row($res); return $check[0]; } function is_valid_username($username) { return preg_match('/^[a-zA-Z0-9_]+$/', $username); } function check_email_exists($email) { $res = query("SELECT count(email) FROM " . DB_PREFIX . "users WHERE email='{$email}'"); $check = mysql_fetch_row($res); return $check[0]; } function is_valid_email($email) { return filter_var($email, FILTER_VALIDATE_EMAIL); } function check_username_or_email_exists($identificator) { $q = query("SELECT count(*) FROM " . DB_PREFIX . "users WHERE username='{$identificator}' OR email='{$identificator}'"); $res = mysql_fetch_row($q); return $res[0]; } function get_user_by_username_or_email($identificator) { $res = query_row("SELECT * FROM " . DB_PREFIX . "users WHERE username='{$identificator}' OR email='{$identificator}'"); if (!$res) { return false; } $this->load($res->id); return $this; } public function create($username, $email, $password, $firstname, $lastname) { $salt = $this->generate_salt($username); $hash = $this->hash_password($password, $salt); $role = 1; if (count($this->getAllUsers()) == 0) { $role = 9; } $approved = 0; $activation_code = $this->generate_activation_code($username, $email); $q = "INSERT INTO " . DB_PREFIX . "users (first_name, last_name, email, username, password, salt, registered, activation_code, role) values ('".$firstname."', '".$lastname."', '".$email."', '".$username."', '".$hash."', '".$salt."', NOW(), '".$activation_code."', ".$role.")"; $uid = query_insert($q); if ($uid) return $uid; return 0; } private function generate_activation_code($username, $email) { return sha1('~'.$username.'~'.$email.'~'); } function send_confirmation_mail($user) { global $TeKe; $subject = _("Confirm your email address"); $token = $this->generate_activation_code($user->username, $user->email); $confirmation_link = WWW_ROOT . "actions/confirmemail.php?email={$user->email}&token={$token}"; $message = "Hi %s,\n\n"; $message .= "Thank you for registering.\n\n"; $message .= "Please visit the following link to activate your account:\n"; $message .= "%s\n\n"; $message .= "Thanks,\n"; $message .= "%s\n\n"; $message .= "--\n"; $message .= "Please do not reply to this message."; $msg = _($message); $msg = sprintf($msg, $user->getFullName(), $confirmation_link, SITE_NAME); return $TeKe->send_mail($user, $subject, $msg); } public function update_settings($user, $first_name, $last_name, $email, $language, $types) { global $TeKe; if (!($TeKe->is_logged_in() && get_logged_in_user()->getId() == $user->id)) { return false; } $types = serialize($types); $q = "UPDATE " . DB_PREFIX . "users SET first_name='{$first_name}', last_name='{$last_name}', email='{$email}', language='{$language}', types='{$types}' WHERE id = '{$user->id}'"; return query($q); } private function generate_salt($username) { $salt = sha1('~'.$username.'~'.microtime(TRUE).'~'); $salt = substr($salt, rand(0,30), 10); return $salt; } private function hash_password($password, $salt) { return sha1('~'.$password.'~'.$salt.'~'); } private function valid_password($password, $hash, $salt) { return $this->hash_password($password, $salt) == $hash; } private function create_password_reset_token($user) { $q = query("SELECT * FROM " . DB_PREFIX . "users WHERE id='{$user->id}'"); $res = mysql_fetch_array($q); $expiration_time = time() + (24 * 60 * 60); // expires in 24 hours $hash = $res["password"]; $salt = $res["salt"]; $token = $this->create_token($expiration_time, $hash, $salt); return $token . '-' . $expiration_time; } function create_token($expiration_time, $hash, $salt) { return sha1('~'.$expiration_time.'~'.$hash.'~'.$salt.'~'); } function send_password_reset_mail($user) { global $TeKe; $subject = sprintf(_("%s password reset"), SITE_NAME); $token = $this->create_password_reset_token($user); $password_link = WWW_ROOT . "password_reset?email={$user->email}&token={$token}"; $message = "Hi %s,\n\n"; $message .= "We have received your password reset request.\n\n"; $message .= "Please visit the following link to reset your password:\n"; $message .= "%s\n\n"; $message .= "The link will expire after 24 hours for security reasons.\n\n"; $message .= "If you did not request this forgotten password email, no action is needed, your password will not be reset as long as the link above is not visited.\n\n"; $message .= "Thanks,\n"; $message .= "%s \n\n"; $message .= "--\n"; $message .= "Please do not reply to this message."; //$msg = _("password_reset_email_msg"); $msg = _($message); $msg = sprintf($msg, $user->getFullName(), $password_link, SITE_NAME); return $TeKe->send_mail($user, $subject, $msg); } public function isValidToken($email, $token) { if (!$email || !$token) return false; $attrs = explode("-", $token); $token = $attrs[0]; $timestamp = $attrs[1]; if (!$this->isLinkExpired($timestamp)) { return false; } $q = query("SELECT * FROM " . DB_PREFIX . "users WHERE email='{$email}'"); $res = mysql_fetch_array($q); $hash = $res["password"]; $salt = $res["salt"]; return $this->create_token($timestamp, $hash, $salt) == $token; } function isLinkExpired($timestamp) { $current_timestamp = time(); if ($current_timestamp > $timestamp) { return false; } return true; } function reset_password($email, $password) { $q = query("SELECT * FROM " . DB_PREFIX . "users WHERE email='{$email}'"); $res = mysql_fetch_array($q); $username = $res["username"]; $salt = $this->generate_salt($username); $hash = $this->hash_password($password, $salt); $q = "UPDATE " . DB_PREFIX . "users SET password='{$hash}', salt='{$salt}' WHERE email = '{$email}'"; return query($q); } function change_password($user, $password) { global $TeKe; if (!($TeKe->is_logged_in() && get_logged_in_user()->getId() == $user->id)) { return false; } $salt = $this->generate_salt($user->username); $hash = $this->hash_password($password, $salt); $q = "UPDATE " . DB_PREFIX . "users SET password='{$hash}', salt='{$salt}' WHERE id={$user->id}"; return query($q); } function is_password_correct($user, $password) { $q = query("SELECT * FROM " . DB_PREFIX . "users WHERE id={$user->id}"); $res = mysql_fetch_array($q); return $this->valid_password($password, $res["password"], $res["salt"]); } } ?>