my Q&a external user file

1. <?php
2.  
3. /*
4.     Question2Answer 1.0-beta-2 (c) 2010, Gideon Greenspan
5.  
6.     http://www.question2answer.org/
7.  
8.  
9.     File: qa-external-example/qa-external-users.php
10.     Version: 1.0-beta-2
11.     Date: 2010-03-08 13:08:01 GMT
12.  
13.  
14.     This software is licensed for use in websites which are connected to the
15.     public world wide web and which offer unrestricted access worldwide. It
16.     may also be freely modified for use on such websites, so long as a
17.     link to http://www.question2answer.org/ is displayed on each page.
18.  
19.  
20.     THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
21.     INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22.     AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
23.     THE COPYRIGHT HOLDER BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
24.     SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
25.     TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26.     PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
27.     LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
28.     NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
29.     SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30.  
31.  
32. Your functions for integrating with your existing user management system.
33. This file is used if QA_EXTERNAL_USERS is set to true in qa-config.php.
34. */
35.  
36. /*
37.     ==========================================================================
38.           YOU MUST MODIFY THIS FUNCTION *BEFORE* QA CREATES ITS DATABASE
39.     ==========================================================================
40.  
41.     qa_get_mysql_user_column_type()
42.  
43.     You should return the appropriate MySQL column type to use for the userid,
44.     for smooth integration with your existing users. Allowed options are:
45.  
46.     SMALLINT, SMALLINT UNSIGNED, MEDIUMINT, MEDIUMINT UNSIGNED, INT, INT UNSIGNED,
47.     BIGINT, BIGINT UNSIGNED or VARCHAR(x) where x is the maximum length.
48. */
49.  
50. function qa_get_mysql_user_column_type() {
51.  
52.     //  Set this before anything else
53.  
54.     return 'MEDIUMINT UNSIGNED';
55. }
56.  
57.  
58.  
59. /*
60.     ==========================================================================
61.     YOU MUST MODIFY THIS FUNCTION, BUT CAN DO SO AFTER QA CREATES ITS DATABASE
62.     ==========================================================================
63.  
64.     qa_get_login_links($relative_url_prefix, $redirect_back_to_url)
65.  
66.     You should return an array containing URLs for the login, register and logout pages on
67.     your site. These URLs will be used as appropriate within the QA site.
68.  
69.     You may return absolute or relative URLs for each page. If you do not want one of the links
70.     to show, omit it from the array, or use null or an empty string.
71.  
72.     If you use absolute URLs, then return an array with the URLs in full (see example 1 below).
73.  
74.     If you use relative URLs, the URLs should start with $relative_url_prefix, followed by the
75.     relative path from the root of the QA site to your login page. Like in example 2 below, if
76.     the QA site is in a subdirectory, $relative_url_prefix.'../' refers to your site root.
77.  
78.     Now, about $redirect_back_to_url. Let's say a user is viewing a page on the QA site, and
79.     clicks a link to the login URL that you returned from this function. After they log in using
80.     the form on your main site, they want to automatically go back to the page on the QA site
81.     where they came from. This can be done with an HTTP redirect, but how does your login page
82.     know where to redirect the user to? The solution is $redirect_back_to_url, which is the URL
83.     of the page on the QA site where you should send the user once they've successfully logged
84.     in. To implement this, you can add $redirect_back_to_url as a parameter to the login URL
85.     that you return from this function. Your login page can then read it in from this parameter,
86.     and redirect the user back to the page after they've logged in. The same applies for your
87.     register and logout pages. Note that the URL you are given in $redirect_back_to_url is
88.     relative to the root of the QA site, so you may need to add something.
89. */
90.  
91. function qa_get_login_links($relative_url_prefix, $redirect_back_to_url) {
92.  
93.     //  Until you edit this function, don't show login, register or logout links
94.  
95.     return array(
96.             'login' => 'http://extranet.domain.com/login/',
97.             //  'register' => 'http://extranet.domain.com/register/',
98.             'logout' => 'http://extranet.domain.com/logout/'
99.     );
100. }
101.  
102.  
103.  
104. /*
105.     ==========================================================================
106.     YOU MUST MODIFY THIS FUNCTION, BUT CAN DO SO AFTER QA CREATES ITS DATABASE
107.     ==========================================================================
108.  
109.     qa_get_logged_in_user($qa_db_connection)
110.  
111.     You should check (using $_COOKIE, $_SESSION or whatever is appropriate) whether a user is
112.     currently logged in. If not, return null. If so, return an array with the following elements:
113.  
114.     * userid: a user id appropriate for your response to qa_get_mysql_user_column_type()
115.     * publicusername: a user description you are willing to show publicly, e.g. the username
116.     * email: the logged in user's email address
117.     * level: one of the QA_USER_LEVEL_* values below to denote the user's privileges:
118.  
119.     QA_USER_LEVEL_BASIC, QA_USER_LEVEL_EDITOR, QA_USER_LEVEL_ADMIN, QA_USER_LEVEL_SUPER
120.  
121.     The result of this function will be passed to your other function qa_get_logged_in_user_html()
122.     so you may add any other elements to the returned array if they will be useful to you.
123.  
124.     $qa_db_connection is an open connection to the QA database. If your database is shared with
125.     QA, you can use this with PHP's MySQL functions such as mysql_query() to run queries.
126.  
127.     In order to access the admin interface of your QA site, ensure that the array element 'level'
128.     contains QA_USER_LEVEL_ADMIN or QA_USER_LEVEL_SUPER when you are logged in.
129. */
130.  
131. function qa_get_logged_in_user($qa_db_connection) {
132.     session_start();
133.  
134.     $logged_in = false;
135.     define('LOGIN_VAR_NAME', 'HEAJTECHINFOSUP_LOGIN');
136.  
137.     if (isset($_SESSION[LOGIN_VAR_NAME]) && $_SESSION[LOGIN_VAR_NAME] === '1') {
138.         $logged_in = true;
139.         $userid=$_SESSION['user']['id'];
140.         $username=$_SESSION['user']['first'].' '.$_SESSION['user']['name'];
141.         $usermail = $_SESSION['user']['email'];
142.         $admins = array('mylastnamefirstname','hislastnamefirstname');
143.         $isadmin = (in_array($_SESSION['user']['alphasort'],$admins));
144.         return array(
145.                 'userid' => $userid,
146.                 'publicusername' => $username,
147.                 'email' => $usermail,
148.                 'level' => ($isadmin) ? QA_USER_LEVEL_ADMIN : QA_USER_LEVEL_BASIC
149.         );
150.     }
151.     else  if(isset($_COOKIE[LOGIN_VAR_NAME]) && strlen($_COOKIE[LOGIN_VAR_NAME]) > 4) {
152.         parse_str($_COOKIE[LOGIN_VAR_NAME]);
153.         // check the user and md5(password) hash stored inside the cookie against the database
154.         //$user = isRegistered($usr, $hash, false, true);
155.  
156.         $link = mysql_connect('my_ip:3306', 'dbuser', 'dbpassword') or die("Impossible de se connecter : " . mysql_error());
157.  
158.         $sql="SELECT U_id,U_name,U_first,U_password, U_is_student, SaturnCode,sex FROM (
159.                           SELECT id AS U_id,name AS U_name,first AS U_first,password AS U_password, is_student AS U_is_student, SaturnCode,sex FROM teachers WHERE login='$usr'
160.                           UNION ALL
161.                           SELECT id AS U_id,name AS U_name,first AS U_first,password AS U_password, is_student AS U_is_student, SaturnCode,sex FROM students WHERE login='$usr'
162.                           ) AS sels LIMIT 0 , 1";
163.  
164.         $result=mysql_fetch_assoc(
165.                 mysql_query($sql,
166.                 $link
167.                 )
168.         );
169.  
170.         if (is_array($result)) {
171.             $user = $result[0];
172.             $password=$user['U_password'];
173.             if($hash == $password) {
174.                 $_SESSION['user'] = $user;
175.                 $_SESSION[LOGIN_VAR_NAME] = '1';
176.  
177.                 $userid=$_SESSION['user']['id'];
178.                 $username=$_SESSION['user']['first'].' '.$_SESSION['user']['name'];
179.                 $usermail = $_SESSION['user']['email'];
180.                 $admins = array('mylastnamefirstname','hislastnamefirstname');
181.                 $isadmin = (in_array($_SESSION['user']['alphasort'],$admins));
182.                 return array(
183.                         'userid' => $userid,
184.                         'publicusername' => $username,
185.                         'email' => $usermail,
186.                         'level' => ($isadmin) ? QA_USER_LEVEL_ADMIN : QA_USER_LEVEL_BASIC
187.                 );
188.  
189.             }
190.             else {
191.                 if (ini_get("session.use_cookies")) {
192.                     $params = session_get_cookie_params();
193.                     setcookie(session_name(), '', mktime(12,0,0,1, 1, 1990),
194.                             $params["path"], $params["domain"],
195.                             $params["secure"], $params["httponly"]
196.                     );
197.                 }
198.                 session_unset();
199.                 session_destroy();
200.                 die("login cookie: invalid hash");
201.             }
202.         }
203.         else {
204.             die("login cookie: no user found under the name $usr");
205.         }
206.  
207.     }
208. }
209.  
210.  
211.  
212. /*
213.     ==========================================================================
214.     YOU MUST MODIFY THIS FUNCTION, BUT CAN DO SO AFTER QA CREATES ITS DATABASE
215.     ==========================================================================
216.  
217.     qa_get_user_email($qa_db_connection, $userid)
218.  
219.     Return the email address for user $userid, or null if you don't know it.
220.  
221.     $qa_db_connection is an open connection to the QA database. If your database is shared with
222.     QA, you can use this with PHP's MySQL functions such as mysql_query() to run queries.
223. */
224.  
225. function qa_get_user_email($qa_db_connection, $userid) {
226.  
227.     //  Until you edit this function, always return null
228.  
229.     return null;
230.  
231.     /*
232.         Example 1 - suitable if:
233.  
234.         * Your database is shared with the QA site
235.         * Your database has a users table that contains emails
236.  
237.         $result=mysql_fetch_assoc(
238.             mysql_query(
239.                 "SELECT email FROM users WHERE userid='".mysql_real_escape_string($userid, $qa_db_connection)."'",
240.                 $qa_db_connection
241.             )
242.         );
243.  
244.         if (is_array($result))
245.             return $result['email'];
246.  
247.         return null;
248.     */
249.  
250. }
251.  
252.  
253.  
254. /*
255.     ==========================================================================
256.     YOU MUST MODIFY THIS FUNCTION, BUT CAN DO SO AFTER QA CREATES ITS DATABASE
257.     ==========================================================================
258.  
259.     qa_get_userids_from_public($qa_db_connection, $publicusernames)
260.  
261.     You should take the array of public usernames in $publicusernames, and return an array which
262.     maps those usernames to internal user ids. For each element of this array, the username you
263.     were given should be in the key, with the corresponding user id in the value.
264.  
265.     $qa_db_connection is an open connection to the QA database. If your database is shared with
266.     QA, you can use this with PHP's MySQL functions such as mysql_query() to run queries. If you
267.     access this database or any other, try to use a single query instead of one per user.
268. */
269.  
270. function qa_get_userids_from_public($qa_db_connection, $publicusernames) {
271.  
272.     //  Until you edit this function, always return null
273.  
274.     $escapedusernames=array();
275.      $link = mysql_connect('my_ip:3306', 'dbuser', 'dbpassword') or die("Impossible de se connecter : " . mysql_error());
276.  
277.  
278.     foreach ($publicusernames as $publicusername)
279.         $escapedusernames[]="'".mysql_real_escape_string($publicusername, $qa_db_connection)."'";
280.  
281.     $results=mysql_query(
282.             'SELECT U_id,U_name,U_first,U_password, U_is_student, SaturnCode,sex FROM (
283.                          SELECT id AS U_id,name AS U_name,first AS U_first,password AS U_password, is_student AS U_is_student, SaturnCode,sex FROM teachers WHERE login IN ('.implode(',', $escapedusernames).')
284.                          UNION ALL
285.                          SELECT id AS U_id,name AS U_name,first AS U_first,password AS U_password, is_student AS U_is_student, SaturnCode,sex FROM students WHERE login IN ('.implode(',', $escapedusernames).')
286.                          ) AS sels ',
287.             $link
288.     );
289.  
290.     $publictouserid=array();
291.  
292.     while ($result=mysql_fetch_assoc($results))
293.         $publictouserid[$result['username']]=$result['userid'];
294.  
295.     return $publictouserid;
296. }
297.  
298.  
299.  
300.  
301. /*
302.     ==========================================================================
303.     YOU MUST MODIFY THIS FUNCTION, BUT CAN DO SO AFTER QA CREATES ITS DATABASE
304.     ==========================================================================
305.  
306.     qa_get_public_from_userids($qa_db_connection, $userids)
307.  
308.     This is exactly like qa_get_userids_from_public(), but works in the other direction.
309.  
310.     You should take the array of user identifiers in $userids, and return an array which maps
311.     those to public usernames. For each element of this array, the userid you were given should
312.     be in the key, with the corresponding username in the value.
313.  
314.     $qa_db_connection is an open connection to the QA database. If your database is shared with
315.     QA, you can use this with PHP's MySQL functions such as mysql_query() to run queries. If you
316.     access this database or any other, try to use a single query instead of one per user.
317. */
318.  
319. function qa_get_public_from_userids($qa_db_connection, $userids) {
320.  
321.     //  Until you edit this function, always return null
322.     $escapeduserids=array();
323.         $link = mysql_connect('my_ip:3306', 'dbuser', 'dbpassword') or die("Impossible de se connecter : " . mysql_error());
324.  
325.  
326.     foreach ($userids as $userid)
327.         $escapeduserids[]="'".mysql_real_escape_string($userid, $qa_db_connection)."'";
328.  
329.     $results=mysql_query(
330.             'SELECT username, userid FROM users WHERE userid IN ('.implode(',', $escapeduserids).')',
331.             $qa_db_connection
332.     );
333.  
334.     $results=mysql_query(
335.             'SELECT U_id,U_name,U_first,U_password, U_is_student, SaturnCode,sex FROM (
336.                          SELECT id AS U_id,name AS U_name,first AS U_first,password AS U_password, is_student AS U_is_student, SaturnCode,sex FROM teachers WHERE U_id IN ('.implode(',', $escapeduserids).')
337.                          UNION ALL
338.                          SELECT id AS U_id,name AS U_name,first AS U_first,password AS U_password, is_student AS U_is_student, SaturnCode,sex FROM students WHERE U_id IN ('.implode(',', $escapeduserids).')
339.                          ) AS sels ',
340.             $link
341.     );
342.  
343.  
344.     $useridtopublic=array();
345.    
346.     while ($result=mysql_fetch_assoc($results))
347.         $useridtopublic[$result['userid']]=$result['login'];
348.  
349.     return $useridtopublic;
350. }
351.  
352.  
353.  
354. /*
355.     ==========================================================================
356.          YOU MAY MODIFY THIS FUNCTION, BUT THE DEFAULT BELOW WILL WORK OK
357.     ==========================================================================
358.  
359.     qa_get_logged_in_user_html($qa_db_connection, $logged_in_user, $relative_url_prefix)
360.  
361.     You should return HTML code which identifies the logged in user, to be displayed next to the
362.     logout link on the QA pages. This HTML will only be shown to the logged in user themselves.
363.  
364.     $logged_in_user is the array that you returned from qa_get_logged_in_user(). Hopefully this
365.     contains enough information to generate the HTML without another database query, but if not,
366.     $qa_db_connection is an open connection to the QA database.
367.  
368.     $relative_url_prefix is a relative URL to the root of the QA site, which may be useful if
369.     you want to include a link that uses relative URLs. If the QA site is in a subdirectory of
370.     your site, $relative_url_prefix.'../' refers to your site root (see example 1).
371.  
372.     If you don't know what to display for a user, you can leave the default below. This will
373.     show the public username, linked to the QA profile page for the user.
374. */
375.  
376. function qa_get_logged_in_user_html($qa_db_connection, $logged_in_user, $relative_url_prefix) {
377.  
378.     //  By default, show the public username linked to the QA profile page for the user
379.  
380.     $publicusername=$logged_in_user['publicusername'];
381.  
382.     return '<A HREF="'.htmlspecialchars($relative_url_prefix.'user/'.urlencode($publicusername)).
383.             '" CLASS="qa-user-link">'.htmlspecialchars($publicusername).'</A>';
384.  
385.     /*
386.         Example 1 - suitable if:
387.  
388.         * Your QA site:     http://www.mysite.com/qa/
389.         * Your user pages:   http://www.mysite.com/user/[username]
390.  
391.         $publicusername=$logged_in_user['publicusername'];
392.  
393.         return '<A HREF="'.htmlspecialchars($relative_url_prefix.'../user/'.urlencode($publicusername)).
394.             '" CLASS="qa-user-link">'.htmlspecialchars($publicusername).'</A>';
395.     */
396.  
397.     /*
398.         Example 2 - suitable if:
399.  
400.         * Your QA site:     http://qa.mysite.com/
401.         * Your user pages:   http://www.mysite.com/[username]/
402.         * 16x16 user photos:   http://www.mysite.com/[username]/photo-small.jpeg
403.  
404.         $publicusername=$logged_in_user['publicusername'];
405.  
406.         return '<A HREF="http://www.mysite.com/'.htmlspecialchars(urlencode($publicusername)).'/" CLASS="qa-user-link">'.
407.             '<IMG SRC="http://www.mysite.com/'.htmlspecialchars(urlencode($publicusername)).'/photo-small.jpeg" '.
408.             'STYLE="width:16px; height:16px; border:none; margin-right:4px;">'.htmlspecialchars($publicusername).'</A>';
409.     */
410.  
411. }
412.  
413.  
414.  
415. /*
416.     ==========================================================================
417.          YOU MAY MODIFY THIS FUNCTION, BUT THE DEFAULT BELOW WILL WORK OK
418.     ==========================================================================
419.  
420.     qa_get_users_html($qa_db_connection, $userids, $should_include_link, $relative_url_prefix)
421.  
422.     You should return an array of HTML to display for each user in $userids. For each element of
423.     this array, the userid should be in the key, with the corresponding HTML in the value.
424.  
425.     $qa_db_connection is an open connection to the QA database. If your database is shared with
426.     QA, you can use this with PHP's MySQL functions such as mysql_query() to run queries. If you
427.     access this database or any other, try to use a single query instead of one per user.
428.  
429.     If $should_include_link is true, the HTML may include links to user profile pages.
430.     If $should_include_link is false, links should not be included in the HTML.
431.  
432.     $relative_url_prefix is a relative URL to the root of the QA site, which may be useful if
433.     you want to include links that uses relative URLs. If the QA site is in a subdirectory of
434.     your site, $relative_url_prefix.'../' refers to your site root (see example 1).
435.  
436.     If you don't know what to display for a user, you can leave the default below. This will
437.     show the public username, linked to the QA profile page for each user.
438. */
439.  
440. function qa_get_users_html($qa_db_connection, $userids, $should_include_link, $relative_url_prefix) {
441.  
442.     //  By default, show the public username linked to the QA profile page for each user
443.  
444.     $useridtopublic=qa_get_public_from_userids($qa_db_connection, $userids);
445.  
446.     $usershtml=array();
447.  
448.     foreach ($userids as $userid) {
449.         $publicusername=$useridtopublic[$userid];
450.  
451.         $usershtml[$userid]=htmlspecialchars($publicusername);
452.  
453.         if ($should_include_link)
454.             $usershtml[$userid]='<A HREF="'.htmlspecialchars($relative_url_prefix.'user/'.urlencode($publicusername)).
455.                     '" CLASS="qa-user-link">'.$usershtml[$userid].'</A>';
456.     }
457.  
458.     return $usershtml;
459.  
460.     /*
461.         Example 1 - suitable if:
462.  
463.         * Your QA site:     http://www.mysite.com/qa/
464.         * Your user pages:   http://www.mysite.com/user/[username]
465.  
466.         $useridtopublic=qa_get_public_from_userids($qa_db_connection, $userids);
467.  
468.         foreach ($userids as $userid) {
469.             $publicusername=$useridtopublic[$userid];
470.  
471.             $usershtml[$userid]=htmlspecialchars($publicusername);
472.  
473.             if ($should_include_link)
474.                 $usershtml[$userid]='<A HREF="'.htmlspecialchars($relative_url_prefix.'../user/'.urlencode($publicusername)).
475.                     '" CLASS="qa-user-link">'.$usershtml[$userid].'</A>';
476.         }
477.  
478.         return $usershtml;
479.     */
480.  
481.     /*
482.         Example 2 - suitable if:
483.  
484.         * Your QA site:     http://qa.mysite.com/
485.         * Your user pages:   http://www.mysite.com/[username]/
486.         * User photos (16x16): http://www.mysite.com/[username]/photo-small.jpeg
487.  
488.         $useridtopublic=qa_get_public_from_userids($qa_db_connection, $userids);
489.  
490.         foreach ($userids as $userid) {
491.             $publicusername=$useridtopublic[$userid];
492.  
493.             $usershtml[$userid]='<IMG SRC="http://www.mysite.com/'.htmlspecialchars(urlencode($publicusername)).'/photo-small.jpeg" '.
494.                 'STYLE="width:16px; height:16px; border:0; margin-right:4px;">'.htmlspecialchars($publicusername);
495.  
496.             if ($should_include_link)
497.                 $usershtml[$userid]='<A HREF="http://www.mysite.com/'.htmlspecialchars(urlencode($publicusername)).
498.                     '/" CLASS="qa-user-link">'.$usershtml[$userid].'</A>';
499.         }
500.  
501.         return $usershtml;
502.     */
503.  
504. }
505.  
506.  
507.  
508. /*
509.     ==========================================================================
510.          YOU MAY MODIFY THIS FUNCTION, BUT THE DEFAULT BELOW WILL WORK OK
511.     ==========================================================================
512.  
513.     qa_user_report_action($qa_db_connection, $userid, $action, $questionid, $answerid, $commentid)
514.  
515.     Informs you about an action by user $userid that modified the database, such as posting,
516.     voting, etc... If you wish, you may use this to log user activity or monitor for abuse.
517.  
518.     $qa_db_connection is an open connection to the QA database. If your database is shared with
519.     QA, you can use this with PHP's MySQL functions such as mysql_query() to run queries.
520.  
521.     $action is one of:
522.     q_post, q_edit, q_hide, q_reshow, q_claim, q_vote_up, q_vote_down, q_vote_nil
523.     a_post, a_edit, a_hide, a_reshow, a_claim, a_vote_up, a_vote_down, a_vote_nil, a_select, a_unselect
524.     c_post, c_edit, c_hide, c_reshow, c_claim
525.  
526.     $questionid and/or $answerid and/or $commentid contain the ID of the relevant question or answer
527.     or comment affected, or null if this information is not appropriate for $action.
528.  
529.     FYI, you can get the IP address of the user from $_SERVER['REMOTE_ADDR'].
530. */
531.  
532. function qa_user_report_action($qa_db_connection, $userid, $action, $questionid, $answerid, $commentid) {
533.     // do nothing by default
534. }
535.  
536. ?>