<?phprequire_once( "ESLogger.class.php" );require_once( "User.class.php" );

1. <?php
2. require_once( "ESLogger.class.php" );
3. require_once( "User.class.php" );
4. class Users {
5.     // Database information
6.     private $_link;
7.     private $_database_host;
8.     private $_database_name;
9.     private $_database_password;
10.     private $_database_user;
11.    
12.     private $_logger;
13.  
14.     public function __construct() {
15.         $this->_logger = new ESLogger( PATH_TO_LOG_FILE );
16.         $this->_database_host = DATABASE_HOST;
17.         $this->_database_name = DATABASE_NAME;
18.         $this->_database_user = DATABASE_USER;
19.         $this->_database_password = DATABASE_PASSWORD;
20.         $this->_logger->log( "Created Users instance.", LOG_LEVELS::VERBOSE );
21.         $this->_logger->log( "Stored database info.", LOG_LEVELS::WARNING );
22.     }
23.    
24.     public function addUser( $email, $password, $first_name, $last_name,
25.             $addr="NULL", $city="NULL", $zip_code="NULL", $phone_number="NULL" ) {
26.         //$error = NULL;
27.         // Check if email exists
28.         $mysql_result = $this->_queryDatabase( "SELECT email FROM users WHERE email = '$email'" );
29.         $matched_emails = mysql_fetch_assoc($mysql_result);
30.         if ( $matched_emails )
31.         {
32.             $matches = count($matched_emails);
33.             if ( $matches > 0 )
34.             {
35.                 // No matches expected, this means trouble
36.                 $log_message = "Found " . $matches . " emails matching " . $email;
37.                 $this->_logger->log($log_message);
38.                 return FALSE;
39.             }
40.         }
41.         $this->_logger->log("Adding user to database.", LOG_LEVELS::WARNING );
42.         $sql = "INSERT INTO users ( email, password, first_name, last_name, address, city, zip_code,
43.                 phone_number ) values ( '$email', '$password', '$first_name', '$last_name',
44.                 '$addr', '$city', '$zip_code', '$phone_number' );";
45.         $this->_logger->log("SQL Statement used: " . $sql, LOG_LEVELS::VERBOSE );
46.         if ( !$this->_queryDatabase( $sql ) ) {
47.             return FALSE;
48.         }
49.         $this->_logger->log("Creating user object.", LOG_LEVELS::WARNING );
50.         $new_user = new User();
51.         $new_user->first_name = $first_name;
52.         $new_user->last_name = $last_name;
53.         $new_user->email = $email;
54.         $new_user->password = $password;
55.        
56.         return $new_user;
57.     }
58.    
59.     public function validateUser( $email, $password ) {
60.         $this->_logger->log("Searching for matching credentials.", LOG_LEVELS::WARNING);
61.         $sql = "SELECT * FROM users WHERE email='$email' AND password='$password'";
62.         $this->_logger->log("SQL Statement used: " . $sql, LOG_LEVELS::VERBOSE );
63.         $mysql_result = $this->_queryDatabase( $sql );
64.         $count = 0;
65.         if ( $mysql_result ) {
66.             while ( $results[] = mysql_fetch_array($mysql_result) ) {
67.                 $count = $count + 1;
68.             }
69.             $this->_logger->log("Found " . $count . " row(s).");
70.             if ( 1 != $count ) {
71.                 $this->_logger->log("Did not find an exact match for user, assuming invalid credentials.");
72.                 return false;
73.             } else {
74.                 $iter = 0;
75.                 $args = "";
76.                 $this->_logger->log("Found single result, calling it a match.");
77.                 $numCol = count($results[0])/2;
78.                 $this->_logger->log("Count returned: " . $numCol, LOG_LEVELS::BROWSER);
79.                 while ( $iter <= $numCol ) {
80.                     $args .= $results[0][$iter];
81.                     // This whole if statement is to check if the value is the last to be used and prevent it
82.                     // from being followed by a space and comma.
83.                     $iter += 1;
84.                     if (!($iter == ($numCol - 1)) || !($iter == $numCol)) {
85.                         if ($iter == $numCol) {
86.                             pass;
87.                         } else {
88.                             $args .= ", ";
89.                         }
90.                     }
91.                 }
92.             }
93.             $this->_logger->log("Creating a user with these arguments: " . $args);
94.             $user = new User( $args );
95.             return $user;
96.         }
97.     }
98.    
99.     private function _queryDatabase($sql) {
100.         if ( !$this->_link ) {
101.             // !!WARNING: REMOVE THIS FROM PRODUCTION CODE!!
102.             if ( LOG_LEVELS::BROWSER == LOG_LEVEL ) {
103.                 $message = "host - " . $this->_database_host . " | user - " . $this->_database_user . " | password - " . $this->_database_password;
104.                 $this->_logger->log($message);
105.             }
106.             if ( $this->_link = mysql_connect($this->_database_host, $this->_database_user,
107.                     $this->_database_password) ) {
108.                 mysql_select_db($this->_database_name, $this->_link);
109.                 $this->_logger->log( "Connected to database." );
110.             } else {
111.                 $this->_logger->log( "Failed to connect to databse." );
112.             }
113.         }
114.         $this->_results = mysql_query($sql, $this->_link);
115.         if ( $this->_results ) {
116.             $this->_logger->log( "Got results." );
117.             return $this->_results;
118.         }
119.         $message = "SQL query failed: " . mysql_error();
120.         $this->_logger->log( $message );
121.         return false;
122.     }
123. }