<?php/** * Provides methods to interact with users * * @author Open Dyna

1. <?php
2. /**
3. * Provides methods to interact with users
4. *
5. * @author Open Dynamics <info@o-dyn.de>
6. * @name user
7. * @version 0.7
8. * @package Collabtive
9. * @link http://www.o-dyn.de
10. * @license http://opensource.org/licenses/gpl-license.php GNU General Public License v3 or laterg
11. */
12. class user
13. {
14. public $mylog;
15.  
16. /**
17. * Constructor
18. * Initializes event log
19. */
20. function __construct()
21. {
22. $this->mylog = new mylog;
23. }
24.  
25. /**
26. * Creates a user
27. *
28. * @param string $name Name of the member
29. * @param string $email E-mail address of the member
30. * @param string $company Company of the member
31. * @param string $pass Password
32. * @param string $locale Localisation
33. * @param float $rate Hourly rate
34. * @return int $insid ID of the newly created member
35. */
36. function add($name, $email, $company, $pass, $locale = "", $tags = "", $rate = 0.0)
37. {
38. $name = mysql_real_escape_string($name);
39. $email = mysql_real_escape_string($email);
40. $company = mysql_real_escape_string($company);
41. $pass = mysql_real_escape_string($pass);
42. $locale = mysql_real_escape_string($locale);
43. $tags = mysql_real_escape_string($tags);
44. $rate = (float) $rate;
45.  
46. $pass = sha1($pass);
47.  
48. $ins1 = mysql_query("INSERT INTO user (name,email,company,pass,locale,tags,rate) VALUES ('$name','$email','$company','$pass','$locale','$tags','$rate')");
49.  
50. if ($ins1)
51. {
52. $insid = mysql_insert_id();
53. $this->mylog->add($name, 'user', 1, 0);
54. return $insid;
55. }
56. else
57. {
58. return false;
59. }
60. }
61.  
62. /**
63. * Edits a member
64. *
65. * @param int $id Member ID
66. * @param string $name Member name
67. * @param string $realname realname
68. * @param string $role role
69. * @param string $email Email
70. * @param string $company Company of the member
71. * @param string $zip ZIP-Code
72. * @param string $gender Gender
73. * @param string $url URL
74. * @param string $address1 Adressline1
75. * @param string $address2 Addressline2
76. * @param string $state State
77. * @param string $country Country
78. * @param string $locale Localisation
79. * @param string $avatar Avatar
80. * @return bool
81. */
82. function edit($id, $name, $realname, $email, $tel1, $tel2, $company, $zip, $gender, $url, $address1, $address2, $state, $country, $tags, $locale, $avatar = "", $rate = 0.0)
83. {
84. $name = mysql_real_escape_string($name);
85. $realname = mysql_real_escape_string($realname);
86.  
87. //modified for SQL Lab
88. //$company = mysql_real_escape_string($company);
89. $email = mysql_real_escape_string($email);
90. $tel1 = mysql_real_escape_string($tel1);
91. $tel2 = mysql_real_escape_string($tel2);
92. $zip = mysql_real_escape_string($zip);
93. $gender = mysql_real_escape_string($gender);
94. $url = mysql_real_escape_string($url);
95. $address1 = mysql_real_escape_string($address1);
96. $address2 = mysql_real_escape_string($address2);
97. $state = mysql_real_escape_string($state);
98. $country = mysql_real_escape_string($country);
99. $tags = mysql_real_escape_string($tags);
100. $locale = mysql_real_escape_string($locale);
101. $avatar = mysql_real_escape_string($avatar);
102.  
103. $rate = (float) $rate;
104. $id = (int) $id;
105.  
106. if ($avatar != "")
107. {
108. $upd = mysql_query("UPDATE user SET name='$name',email='$email',tel1='$tel1', tel2='$tel2',company='$company',zip='$zip',gender='$gender',url='$url',adress='$address1',adress2='$address2',state='$state',country='$country',tags='$tags',locale='$locale',avatar='$avatar',rate='$rate' WHERE ID = $id");
109. /* $db = new mysqli("localhost", "root", "seedubuntu", "sql_collabtive_db");
110. $stmt = $db->prepare("UPDATE user SET name=?, email=?, tel1=?, tel2=?, zip=?, gender=?, url=?, address1=?, address2=?, state=?, country=?, tags=?, locale=?, avatar=?, rate=?, id=? WHERE = ?");
111. $stmt->bind_param("ssssssssssssssdi", $name, $email, $tel1, $tel2, $zip, $gender, $url, $address1, $address2, $state, $country, $tags, $locale, $avatar, $rate, $id);
112. $upd = $stmt->execute(); */
113. }
114. else
115. {
116. $upd = mysql_query("UPDATE user SET name='$name',email='$email', tel1='$tel1', tel2='$tel2', company='$company',zip='$zip',gender='$gender',url='$url',adress='$address1',adress2='$address2',state='$state',country='$country',tags='$tags',locale='$locale',rate='$rate' WHERE ID = $id");
117. /* $db = new mysqli("localhost", "root", "seedubuntu", "sql_collabtive_db");
118. $stmt = $db->prepare("UPDATE user SET name=?,email=?, tel1=?, tel2=?, zip=?, gender=?, url=?, address1=?, address2=?, state=?, country=?, tags=?, locale=?, rate=?, id=? WHERE = ?");
119. $stmt->bind_param("sssssssssssssdi", $name, $email, $tel1, $tel2, $zip, $gender, $url, $address1, $address2, $state, $country, $tags, $locale, $rate, $id);
120. $upd = $stmt->execute(); */
121. }
122. if ($upd)
123. {
124. $this->mylog->add($name, 'user', 2, 0);
125. return true;
126. }
127. else
128. {
129. return false;
130. }
131. }
132.  
133. /**
134. * Generate a new password and send it to the user's e-mail address
135. *
136. * @param string $email E-mail address entered by the user
137. * @return string
138. */
139. function resetPassword($email)
140. {
141. $email = mysql_real_escape_string($email);
142.  
143. $sel = mysql_query("SELECT ID, email FROM user");
144. while ($user = mysql_fetch_array($sel))
145. {
146. if ($user["email"] == $email)
147. {
148. $id = $user["ID"];
149. }
150. }
151.  
152. if (isset($id))
153. {
154. $dummy = array_merge(range('0', '9'), range('a', 'z'), range('A', 'Z'),range('0','9'));
155. shuffle($dummy);
156. mt_srand((double)microtime()*1000000);
157. $newpass = "";
158. for ($i = 1; $i <= 10; $i++)
159. {
160. $swap = mt_rand(0,count($dummy)-1);
161. $tmp = $dummy[$swap];
162. $newpass .= $tmp;
163. }
164.  
165. $sha1pass = sha1($newpass);
166.  
167. $upd = mysql_query("UPDATE user SET `pass` = '$sha1pass' WHERE ID = $id");
168. if ($upd)
169. {
170. return $newpass;
171. }
172. else
173. {
174. return false;
175. }
176. }
177. else
178. {
179. return false;
180. }
181. }
182.  
183. /**
184. * Change password
185. *
186. * @param int $id Member ID
187. * @param string $oldpass Old password
188. * @param string $newpass New password
189. * @param string $repeatpass Repetition of the new password
190. * @return bool
191. */
192. function editpass($id, $oldpass, $newpass, $repeatpass)
193. {
194. $oldpass = mysql_real_escape_string($oldpass);
195. $newpass = mysql_real_escape_string($newpass);
196. $repeatpass = mysql_real_escape_string($repeatpass);
197. $id = (int) $id;
198.  
199. if ($newpass != $repeatpass)
200. {
201. return false;
202. }
203. $id = mysql_real_escape_string($id);
204. $newpass = sha1($newpass);
205.  
206. $oldpass = sha1($oldpass);
207. $chk = mysql_query("SELECT ID, name FROM user WHERE ID = $id AND pass = '$oldpass'");
208. $chk = mysql_fetch_row($chk);
209. $chk = $chk[0];
210. $name = $chk[1];
211. if (!$chk)
212. {
213. return false;
214. }
215.  
216. $upd = mysql_query("UPDATE user SET pass='$newpass' WHERE ID = $id");
217. if ($upd)
218. {
219. return true;
220. }
221. else
222. {
223. return false;
224. }
225. }
226.  
227. /**
228. * Change password as admin
229. *
230. * @param int $id User ID
231. * @param string $newpass New password
232. * @param string $repeatpass Repetition of the new password
233. * @return bool
234. */
235. function admin_editpass($id, $newpass, $repeatpass)
236. {
237. $newpass = mysql_real_escape_string($newpass);
238. $repeatpass = mysql_real_escape_string($repeatpass);
239. $id = (int) $id;
240.  
241. if ($newpass != $repeatpass)
242. {
243. return false;
244. }
245. $id = mysql_real_escape_string($id);
246. $newpass = sha1($newpass);
247.  
248. $upd = mysql_query("UPDATE user SET pass='$newpass' WHERE ID = $id");
249. if ($upd)
250. {
251. return true;
252. }
253. else
254. {
255. return false;
256. }
257. }
258.  
259. /**
260. * Delete a user
261. *
262. * @param int $id User ID
263. * @return bool
264. */
265. function del($id)
266. {
267. $id = (int) $id;
268.  
269. $chk = mysql_query("SELECT name FROM user WHERE ID = $id");
270. $chk = mysql_fetch_row($chk);
271. $name = $chk[0];
272.  
273. $del = mysql_query("DELETE FROM user WHERE ID = $id");
274. $del2 = mysql_query("DELETE FROM projekte_assigned WHERE user = $id");
275. $del3 = mysql_query("DELETE FROM milestones_assigned WHERE user = $id");
276. $del4 = mysql_query("DELETE FROM tasks_assigned WHERE user = $id");
277. $del5 = mysql_query("DELETE FROM log WHERE user = $id");
278. $del6 = mysql_query("DELETE FROM timetracker WHERE user = $id");
279. $del7 = mysql_query("DELETE FROM roles_assigned WHERE user = $id");
280. if ($del)
281. {
282. $this->mylog->add($name, 'user', 3, 0);
283. return true;
284. }
285. else
286. {
287. return false;
288. }
289. }
290.  
291. /**
292. * Get a user profile
293. *
294. * @param int $id User ID
295. * @return array $profile Profile
296. */
297. function getProfile($id)
298. {
299. $id = (int) $id;
300.  
301. $sel = mysql_query("SELECT * FROM user WHERE ID = $id");
302. $profile = mysql_fetch_array($sel);
303. if (!empty($profile))
304. {
305. $profile["name"] = stripslashes($profile["name"]);
306. if (isset($profile["company"]))
307. {
308. $profile["company"] = stripslashes($profile["company"]);
309. }
310. if (isset($profile["adress"]))
311. {
312. $profile["adress"] = stripslashes($profile["adress"]);
313. }
314. if (isset($profile["adress2"]))
315. {
316. $profile["adress2"] = stripslashes($profile["adress2"]);
317. }
318. if (isset($profile["state"]))
319. {
320. $profile["state"] = stripslashes($profile["state"]);
321. }
322. if (isset($profile["country"]))
323. {
324. $profile["country"] = stripslashes($profile["country"]);
325. }
326. $tagsobj = new tags();
327. $profile["tagsarr"] = $tagsobj->splitTagStr($profile["tags"]);
328.  
329. $rolesobj = (object) new roles();
330. $profile["role"] = $rolesobj->getUserRole($profile["ID"]);
331.  
332. return $profile;
333. }
334. else
335. {
336. return false;
337. }
338. }
339.  
340. /**
341. * Get the avatar of a user
342. *
343. * @param int $id User ID
344. * @return array $profile Avatar
345. */
346. function getAvatar($id)
347. {
348. $id = (int) $id;
349.  
350. $sel = mysql_query("SELECT avatar FROM user WHERE ID = $id");
351. $profile = mysql_fetch_row($sel);
352. $profile = $profile[0];
353.  
354. if (!empty($profile))
355. {
356. return $profile;
357. }
358. else
359. {
360. return false;
361. }
362. }
363.  
364. /**
365. * Log a user in
366. *
367. * @param string $user User name
368. * @param string $pass Password
369. * @return bool
370. */
371. function login($user, $pass)
372. {
373. if (!$user)
374. {
375. return false;
376. }
377.  
378. $db = new mysqli("localhost", "root", "seedubuntu", "sql_collabtive_db");
379. $stmt = $db->prepare("SELECT ID, name, locale, lastlogin FROM user WHERE name=? AND pass =?");
380. $stmt->bind_param("ss", $user, sha1($pass));
381. $stmt->execute();
382.  
383. $stmt->bind_result($bind_ID, $bind_name, $bind_locale, $bind_lastlogin);
384. $chk=$stmt->fetch();
385.  
386. //modified for SQL Lab
387. // $user = mysql_real_escape_string($user);
388. // $pass = mysql_real_escape_string($pass);
389. $pass = sha1($pass);
390.  
391. $sel1 = mysql_query("SELECT ID,name,locale,lastlogin,gender FROM user WHERE (name = '$user' OR email = '$user') AND pass = '$pass'");
392. $chk = mysql_fetch_array($sel1);
393. if ($chk["ID"] != "")
394. {
395. $rolesobj = new roles();
396. $now = time();
397. $_SESSION['userid'] = $chk['ID'];
398. $_SESSION['username'] = stripslashes($chk['name']);
399. $_SESSION['lastlogin'] = $now;
400. $_SESSION['userlocale'] = $chk['locale'];
401. $_SESSION['usergender'] = $chk['gender'];
402. $_SESSION["userpermissions"] = $rolesobj->getUserRole($chk["ID"]);
403.  
404. $userid = $_SESSION['userid'];
405. $seid = session_id();
406. $staylogged = getArrayVal($_POST, 'staylogged');
407.  
408. if ($staylogged == 1)
409. {
410. setcookie("PHPSESSID", "$seid", time() + 14 * 24 * 3600);
411. }
412. $upd1 = mysql_query("UPDATE user SET lastlogin = '$now' WHERE ID = $userid");
413. return true;
414. }
415. else
416. {
417. return false;
418. }
419. }
420.  
421. /**
422. * Logout
423. *
424. * @return bool
425. */
426. function logout()
427. {
428. session_start();
429. session_destroy();
430. session_unset();
431. setcookie("PHPSESSID", "");
432. return true;
433. }
434.  
435. /**
436. * Returns all users
437. *
438. * @param int $lim Limit
439. * @return array $users Registrierte Mitglieder
440. */
441. function getAllUsers($lim = 10)
442. {
443. $lim = (int) $lim;
444.  
445. $sel = mysql_query("SELECT COUNT(*) FROM `user`");
446. $num = mysql_fetch_row($sel);
447. $num = $num[0];
448. SmartyPaginate::connect();
449. // set items per page
450. SmartyPaginate::setLimit($lim);
451. SmartyPaginate::setTotal($num);
452.  
453. $start = SmartyPaginate::getCurrentIndex();
454. $lim = SmartyPaginate::getLimit();
455.  
456. $sel2 = mysql_query("SELECT * FROM `user` ORDER BY ID DESC LIMIT $start,$lim");
457.  
458. $users = array();
459. while ($user = mysql_fetch_array($sel2))
460. {
461. $user["name"] = stripslashes($user["name"]);
462. $user["company"] = stripslashes($user["company"]);
463. $user["adress"] = stripslashes($user["adress"]);
464. $user["adress2"] = stripslashes($user["adress2"]);
465. $user["state"] = stripslashes($user["state"]);
466. $user["country"] = stripslashes($user["country"]);
467. array_push($users, $user);
468. }
469.  
470. if (!empty($users))
471. {
472. return $users;
473. }
474. else
475. {
476. return false;
477. }
478. }
479.  
480. /**
481. * Get all users who are logged in
482. *
483. * @param int $offset Allowed time from last login
484. * @return array $users
485. */
486. function getOnlinelist($offset = 30)
487. {
488. $offset = (int) $offset;
489. $time = time();
490. $now = $time - $offset;
491.  
492. $sel = mysql_query("SELECT * FROM user WHERE lastlogin >= $now");
493.  
494. $users = array();
495.  
496. while ($user = mysql_fetch_array($sel))
497. {
498. $user["name"] = stripslashes($user["name"]);
499. $user["company"] = stripslashes($user["company"]);
500. $user["adress"] = stripslashes($user["adress"]);
501. $user["adress2"] = stripslashes($user["adress2"]);
502. $user["state"] = stripslashes($user["state"]);
503. $user["country"] = stripslashes($user["country"]);
504. array_push($users, $user);
505. }
506.  
507. if (!empty($users))
508. {
509. return $users;
510. }
511. else
512. {
513. return false;
514. }
515. }
516.  
517. /**
518. * Is the given user logged in?
519. *
520. * @param int $user Member ID
521. * @param int $offset Allowed time from last login
522. * @return bool
523. */
524. function isOnline($user, $offset = 30)
525. {
526. $user = (int) $user;
527. $offset = (int) $offset;
528.  
529. $time = time();
530. $now = $time - $offset;
531.  
532. $sel = mysql_query("SELECT ID FROM user WHERE lastlogin >= $now AND ID = $user");
533. $user = mysql_fetch_row($sel);
534.  
535. if (!empty($user))
536. {
537. return true;
538. }
539. else
540. {
541. return false;
542. }
543. }
544.  
545. /**
546. * Get a user's ID
547. *
548. * @param string $user Username
549. * @return int $theid
550. */
551. function getId($user){
552. $user = mysql_real_escape_string($user);
553.  
554. $sel = mysql_query("SELECT ID FROM user WHERE name = '$user'");
555. $id = mysql_fetch_row($sel);
556. $id = $id[0];
557.  
558. $theid = array();
559.  
560. $theid["ID"] = $id;
561.  
562. if($id > 0)
563. {
564. return $theid;
565. }
566. else
567. {
568. return array();
569. }
570. }
571. }