Class.Users

1. <?php
2. /*=======================================================================
3. | UberCMS - Advanced Website and Content Management System for uberEmu
4. | #######################################################################
5. | Copyright (c) 2010, Roy 'Meth0d'
6. | http://www.meth0d.org
7. | #######################################################################
8. | This program is free software: you can redistribute it and/or modify
9. | it under the terms of the GNU General Public License as published by
10. | the Free Software Foundation, either version 3 of the License, or
11. | (at your option) any later version.
12. | #######################################################################
13. | This program is distributed in the hope that it will be useful,
14. | but WITHOUT ANY WARRANTY; without even the implied warranty of
15. | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16. | GNU General Public License for more details.
17. \======================================================================*/
18.  
19. class uberUsers
20. {
21.     /**************************************************************************************************/
22.    
23.     private $userCache = Array();
24.  
25.     /**************************************************************************************************/
26.  
27.     private $blockedNames = Array('roy', 'meth0d', 'method', 'graph1x', 'graphix', 'admin', 'administrator',
28.         'mod', 'moderator', 'guest', 'undefined');
29.     private $blockedNameParts = Array('moderate', 'staff', 'manage', 'system', 'admin', 'uber');
30.    
31.     /**************************************************************************************************/
32.    
33.     public function IsValidEmail($email = '')
34.     {
35.         return preg_match("/^[a-z0-9_\.-]+@([a-z0-9]+([\-]+[a-z0-9]+)*\.)+[a-z]{2,7}$/i", $email);
36.     }
37.    
38.     public function IsValidName($nm = '')
39.     {
40.         if (preg_match('/^[a-z0-9]+$/i', $nm) && strlen($nm) >= 1 && strlen($nm) <= 32)
41.         {
42.             return true;
43.         }
44.        
45.         return false;
46.     }
47.    
48.     public function IsNameTaken($nm = '')
49.     {
50.         return ((mysql_num_rows(dbquery("SELECT null FROM users WHERE username = '" . $nm . "' LIMIT 1")) > 0) ? true : false);
51.     }
52.    
53.     public function IdExists($id = 0)
54.     {
55.         return ((mysql_num_rows(dbquery("SELECT null FROM users WHERE id = '" . $id . "' LIMIT 1")) > 0) ? true : false);
56.     }
57.    
58.     public function IsNameBlocked($nm = '')
59.     {  
60.         foreach ($this->blockedNames as $bl)
61.         {
62.             if (strtolower($nm) == strtolower($bl))
63.             {
64.                 return true;
65.             }
66.         }
67.        
68.         foreach ($this->blockedNameParts as $bl)
69.         {
70.             if (strpos(strtolower($nm), strtolower($bl)) !== false)
71.             {
72.                 return true;
73.             }
74.         }
75.        
76.         return false;
77.     }  
78.    
79.     /**************************************************************************************************/
80.    
81.     function Add($username = '', $passwordHash = '', $email = 'default@localhost', $rank = 1, $figure = '', $sex = 'M')
82.     {
83. dbquery("INSERT INTO users (username,password,mail,auth_ticket,rank,look,gender,motto,credits,activity_points,account_created,last_online,ip_reg,ip_last) VALUES ('" . $username . "','" . $passwordHash . "','" . $email . "','','" . $rank . "','" . $figure . "','" . $sex . "','','25000','10000', UNIX_TIMESTAMP(), UNIX_TIMESTAMP() ,'" .$_SERVER['REMOTE_ADDR'] . "','" .$_SERVER['REMOTE_ADDR'] . "')");
84. $id = intval(mysql_result(dbquery("SELECT id FROM users WHERE username = '" . $username . "' ORDER BY id DESC LIMIT 1"), 0));
85. dbquery("INSERT INTO user_info (user_id,bans,cautions,reg_timestamp,login_timestamp,cfhs,cfhs_abusive) VALUES ('" . $id . "','0','0','" . time(). "','" . time() . "','0','0')");
86. return $id;
87. }
88.    
89.     function Delete($id)
90.     {
91.         dbquery("DELETE FROM messenger_friendships WHERE user_one_id = '" . $id . "' OR user_two_id = '" . $id . "'");
92.         dbquery("DELETE FROM messenger_requests WHERE to_id = '" . $id . "' OR from_id = '" . $id . "'");
93.         dbquery("DELETE FROM users WHERE id = '" . $id . "' LIMIT 1");
94.         dbquery("DELETE FROM user_subscriptions WHERE user_id = '" . $id . "'");
95.         dbquery("DELETE FROM user_info WHERE user_id = '" . $id . "' LIMIT 1");
96.         dbquery("DELETE FROM user_items WHERE user_id = '" . $id . "'");
97.     }
98.    
99.     /**************************************************************************************************/
100.    
101.     function ValidateUser($username, $password)
102.     {
103.         return mysql_num_rows(dbquery("SELECT null FROM users WHERE username = '" . $username . "' AND password = '" . $password. "' LIMIT 1"));
104.     }
105.    
106.     /**************************************************************************************************/
107.    
108.     function Name2id($username = '')
109.     {
110.         return @intval(mysql_result(dbquery("SELECT id FROM users WHERE username = '" . $username . "' LIMIT 1"), 0));
111.     }
112.    
113.     function Id2name($id = -1)
114.     {
115.         if (isset($this->userCache[$id]['username']))
116.         {
117.             return $this->userCache[$id]['username'];
118.         }  
119.    
120.         $name = mysql_result(dbquery("SELECT username FROM users WHERE id = '" . $id . "' LIMIT 1"), 0);
121.         $this->userCache[$id]['username'] = $name;
122.         return $name;
123.     }  
124.    
125.     /**************************************************************************************************/
126.    
127.     function CacheUser($id)
128.     {
129.         $data = mysql_fetch_assoc(dbquery("SELECT * FROM users WHERE id = '" . $id . "' LIMIT 1"));
130.        
131.         foreach ($data as $key => $value)
132.         {
133.             $this->userCache[$id][$key] = $value;
134.         }
135.     }
136.    
137.     function GetUserVar($id, $var, $allowCache = true)
138.     {
139.         if ($allowCache && isset($this->userCache[$id][$var]))
140.         {
141.             return $this->userCache[$id][$var];
142.         }  
143.    
144.         $val = @mysql_result(dbquery("SELECT " . $var . " FROM users WHERE id = '" . $id . "' LIMIT 1"), 0);
145.         $this->userCache[$id][$var] = $val;
146.         return $val;
147.     }
148.    
149.     // do not remove - still used in hk
150.     function formatUsername($id, $link = true, $styles = true)
151.     {
152.         $datas = dbquery("SELECT id,rank,username FROM users WHERE id = '" . $id . "' LIMIT 1");
153.        
154.         if (mysql_num_rows($datas) == 0)
155.         {
156.             return '<s>Unknown User</s>';
157.         }
158.        
159.         $data = mysql_fetch_assoc($datas);
160.        
161.         $prefix = '';
162.         $name = $data['username'];
163.         $suffix = '';
164.        
165.         if ($link)
166.         {
167.             $prefix .= '<a href="/user/' . clean($data['username']) . '">';
168.             $suffix .= '</a>';
169.         }
170.        
171.         if ($styles)
172.         {
173.             $rank = $this->getRank($id);
174.            
175.             $rankData = dbquery("SELECT prefix,suffix FROM ranks WHERE id = '" . $rank . "' LIMIT 1");
176.            
177.             if (mysql_num_rows($rankData) == 1)
178.             {
179.                 $rankData = mysql_fetch_assoc($rankData);
180.                
181.                 $prefix .= $rankData['prefix'];
182.                 $suffix .= $rankData['suffix'];
183.             }
184.         }
185.        
186.         return clean($prefix . $name . $suffix, true);
187.     }
188.     // do not remove - still used in hk
189.    
190.     /**************************************************************************************************/
191.  
192.     function getRank($id)
193.     {
194.         if (isset($this->userCache[$id]['rank']))
195.         {
196.             return $this->userCache[$id]['rank'];
197.         }
198.    
199.         $rankId = @intval(mysql_result(dbquery("SELECT rank FROM users WHERE id = '" . intval($id) . "' LIMIT 1"), 0));
200.         $this->userCache[$id]['rank'] = $rankId;
201.         return $rankId;
202.     }
203.    
204.     function getRankVar($rankId, $var)
205.     {
206.         return mysql_result(dbquery("SELECT " . $var . " FROM ranks WHERE id = '" . intval($rankId) . "' LIMIT 1"), 0);
207.     }
208.    
209.     function getRankName($rankId)
210.     {
211.         return $this->getRankVar($rankId, 'name');
212.     }
213.    
214.     function hasFuse($id, $fuse)
215.     {      
216.         if (mysql_num_rows(dbquery("SELECT null FROM fuserights WHERE rank <= '" . $this->getRank($id) . "' AND fuse = '" . $fuse . "' LIMIT 1")) == 1)
217.         {
218.             return true;
219.         }
220.        
221.         return false;
222.     }
223.    
224.     /**************************************************************************************************/
225.  
226.     function GetFriendCount($id, $onlineOnly = false)
227.     {
228.         $i = 0;
229.         $q = dbquery("SELECT user_two FROM friendships WHERE user_one = '" . $id . "'");
230.        
231.         while ($friend = mysql_fetch_assoc($q))
232.         {
233.             if (!$onlineOnly)
234.             {
235.                 $i++;
236.             }
237.             else
238.             {
239.                 $isOnline = mysql_result(dbquery("SELECT online FROM users WHERE id = '" . $friend['user_two'] . "' LIMIT 1"), 0);
240.                    
241.                 if ($isOnline == "1")
242.                 {
243.                     $i++;
244.                 }
245.             }
246.         }
247.        
248.         return $i;
249.     }
250.    
251.     /**************************************************************************************************/
252.  
253.     function CheckSSO($id)
254.     {
255.         global $core;
256.        
257.         if (strlen($this->getUserVar($id, 'auth_ticket')) <= 3)
258.         {
259.             dbquery("UPDATE users SET auth_ticket = '" . $core->generateTicket($this->getUserVar($id, 'username')) . "' WHERE id = '" . $id . "' LIMIT 1");
260.         }
261.     }
262.    
263.     /**************************************************************************************************/
264.    
265.     function getCredits($id)
266.     {
267.         return $this->getUserVar($id, 'credits');
268.     }
269.    
270.     function setCredits($id, $newAmount)
271.     {
272.         global $core;
273.    
274.         dbquery("UPDATE users SET credits = '" . $newAmount. "' WHERE id = '" . $id . "' LIMIT 1");
275.         $core->Mus('updateCredits:' . $id);
276.     }
277.    
278.     function giveCredits($id, $amount)
279.     {
280.         global $core;
281.    
282.         return $this->setCredits($id, ($this->getCredits($id) + $amount));
283.         $core->Mus('updateCredits:' . $id);
284.     }
285.    
286.     function takeCredits($id, $amount)
287.     {
288.         global $core;
289.    
290.         return $this->setCredits($id, ($this->getCredits($id) - $amount));
291.         $core->Mus('updateCredits:' . $id);
292.     }  
293.    
294.     function renderHabboImage($id, $size = 'b', $dir = 2, $head_dir = 3, $action = 'wlk', $gesture = 'sml')
295.     {
296.         $look = $this->getUserVar($id, 'look');
297.        
298.         return 'http://www.habbo.co.uk/habbo-imaging/avatarimage?figure=' . $look . '&size=' . $size . '&action=' . $action . ',&gesture=' . $gesture . '&direction=' . $dir . '&head_direction=' . $head_dir;
299.     }
300.    
301.     function getClubDays($id)
302.     {
303.         $sql = dbquery("SELECT timestamp_activated, timestamp_expire FROM user_subscriptions WHERE subscription_id = 'habbo_club' AND user_id = '" . $id . "' LIMIT 1");
304.        
305.         if (mysql_num_rows($sql) == 0)
306.         {
307.             return 0;
308.         }
309.        
310.         $data = mysql_fetch_assoc($sql);
311.         $diff = $data['timestamp_expire'] - time();
312.        
313.         if ($diff <= 0)
314.         {
315.             return 0;
316.         }
317.        
318.         return ceil($diff / 86400);
319.     }
320.    
321.     function hasClub($id)
322.     {
323.         return ($this->getClubDays($id) > 0) ? true : false;
324.     }
325.    
326.     /**************************************************************************************************/
327.    
328.     public static function IsUserBanned($name)
329.     {
330.         if (uberUsers::GetBan('user', $name, true) != null)
331.         {
332.             return true;
333.         }
334.        
335.         return false;
336.     }
337.    
338.     public static function IsIpBanned($ip)
339.     {
340.         if (uberUsers::GetBan('ip', $ip, true) != null)
341.         {
342.             return true;
343.         }
344.        
345.         return false;
346.     }
347.    
348.     public static function GetBan($type, $value, $mustNotBeExpired = false)
349.     {
350.         $q = "SELECT * FROM bans WHERE bantype = '" . $type . "' AND value = '" . $value . "' ";
351.        
352.         if ($mustNotBeExpired)
353.         {
354.             $q .= "AND expire > " . time() . " ";
355.         }
356.        
357.         $q .= "LIMIT 1";
358.    
359.         $get = dbquery($q);
360.        
361.         if (mysql_num_rows($get) > 0)
362.         {
363.             return mysql_fetch_assoc($get);
364.         }
365.    
366.         return null;
367.     }  
368.    
369.     /**************************************************************************************************/
370.    
371.     public static function GetUserTags($userId)
372.     {
373.         $tagsArray = Array();
374.         $data = dbquery("SELECT id,tag FROM user_tags WHERE user_id = '" . $userId . "'");
375.        
376.         while ($tag = mysql_fetch_assoc($data))
377.         {
378.             $tagsArray[$tag['id']] = $tag['tag'];
379.         }
380.        
381.         return $tagsArray;
382.     }
383.    
384.     /**************************************************************************************************/
385.     // Password changer
386.     // Made by Wessel Verhey
387.     // http://smashindustry.com/
388.    
389.     public function changePassword($oldPassword, $newPassword, $newPasswordCheck, $userId)
390.     {
391.         if ($db->num_rows("SELECT password FROM users WHERE password = '".md5($oldPassword)."' AND id = '".$userId."' ") >= 0)
392.         {
393.             $message = "The old password field is incorrect.";
394.             return;
395.         }
396.         else if ($newPassword != $newPasswordCheck)
397.         {
398.             $message = "The new password and the new password check aren't the same.";
399.             return;
400.         }
401.         else if ($db->num_rows("SELECT password FROM users WHERE password = '".$oldPassword."' AND id = '".$userId."' ") == 1 && $newPassword == $newPasswordCheck)
402.         {
403.             $db->DoQuery("UPDATE users SET password = '".md5($newPassword)."' WHERE id = '".$userId."' LIMIT 1");
404.             return $message = "New password has been set!";
405.         }
406.         else
407.         {
408.             $message = "An unexpected error occured. Please contact the Hotel Founder.";
409.             return;
410.         }
411.     }
412.    
413. }
414.  
415. ?>