include/sesion.php

   1 <?
   2 require_once("database.php");
   3 require_once("mailer.php");
   4 require_once("form.php");
   5 require_once("depurar.php");
   6 class Session
   7 {
   8    var $codigo;       //codigo given on sign-up
   9    var $userid;       //Random value generated on current login
  10    var $userlevel;    //The level to which the user pertains
  11    var $time;         //Time user was last active (page loaded)
  12    var $logged_in;    //True if user is logged in, false otherwise
  13    var $userinfo = array();  //The array holding all user info
  14    var $url;          //The page url current being viewed
  15    var $referrer;     //Last recorded site page viewed
  16
  17    /* Class constructor */
  18    function Session(){
  19       $this->time = time();
  20       $this->startSession();
  21    }
  22
  23    /**
  24     * startSession - Performs all the actions necessary to
  25     * initialize this session object. Tries to determine if the
  26     * the user has logged in already, and sets the variables
  27     * accordingly. Also takes advantage of this page load to
  28     * update the active visitors tables.
  29     */
  30    function startSession(){
  31       global $database;  //The database connection
  32       session_start();   //Tell PHP to start the session
  33       /* Determine if user is logged in */
  34       $this->logged_in = $this->checkLogin();
  35
  36       /**
  37        * Set guest value to users not logged in, and update
  38        * active guests table accordingly.
  39        */
  40       if(!$this->logged_in){
  41          $this->codigo = $_SESSION['codigo'] = GUEST_NAME;
  42          $this->userlevel = GUEST_LEVEL;
  43          $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
  44       }
  45       /* Update users last active timestamp */
  46       else{
  47          $database->addActiveUser($this->codigo, $this->time);
  48       }
  49
  50       /* Remove inactive visitors from database */
  51       $database->removeInactiveUsers();
  52       $database->removeInactiveGuests();
  53    }
  54
  55    /**
  56     * checkLogin - Checks if the user has already previously
  57     * logged in, and a session with the user has already been
  58     * established. Also checks to see if user has been remembered.
  59     * If so, the database is queried to make sure of the user's
  60     * authenticity. Returns true if the user has logged in.
  61     */
  62    function checkLogin(){
  63       global $database;  //The database connection
  64       /* Check if user has been remembered */
  65       if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
  66          $this->codigo = $_SESSION['codigo'] = $_COOKIE['cookname'];
  67          $this->userid   = $_SESSION['userid']   = $_COOKIE['cookid'];
  68          DEPURAR ("Check Login: " . $this->codigo);
  69       }
  70
  71         DEPURAR ("Check Login GUEST_NAME: " . GUEST_NAME);
  72       /* codigo and userid have been set and not guest */
  73       if(isset($_SESSION['codigo']) && isset($_SESSION['userid']) &&
  74          $_SESSION['codigo'] != GUEST_NAME){
  75          DEPURAR ("Check Login: codigo and userid have been set and not guest");
  76          /* Confirm that codigo and userid are valid */
  77          if($database->confirmUserID($_SESSION['codigo'], $_SESSION['userid']) != 0){
  78          DEPURAR("Check Login: Variables are incorrect, user not logged in");
  79             /* Variables are incorrect, user not logged in */
  80             unset($_SESSION['codigo']);
  81             unset($_SESSION['userid']);
  82             return false;
  83          }
  84         DEPURAR ("Check Login SESSION[codigo]: " . $_SESSION['codigo']);
  85          /* User is logged in, set class variables */
  86          $this->userinfo = $database->getUserInfo($_SESSION['codigo']);
  87          $this->codigo = $this->userinfo['codigo'];
  88          $this->userid = $this->userinfo['userid'];
  89          $this->userlevel = $this->userinfo['userlevel'];
  90          DEPURAR ("Check Login IN!");
  91          return true;
  92       }
  93       /* User not logged in */
  94       else{
  95       DEPURAR("Check Login NOT IN!");
  96          return false;
  97       }
  98    }
  99
 100    /**
 101     * login - The user has submitted his codigo and clave
 102     * through the login form, this function checks the authenticity
 103     * of that information in the database and creates the session.
 104     * Effectively logging in the user if all goes well.
 105     */
 106    function login($subuser, $subpass, $subremember){
 107       global $database, $form;  //The database and form object
 108       DEPURAR ("Login:".$subuser);
 109       /* codigo error checking */
 110       $field = "codigo";  //Use field name for codigo
 111       if(!$subuser || strlen($subuser = trim($subuser)) == 0){
 112          $form->setError($field, "* No se ingreso Código o Carné del Instructor");
 113       }
 114       else{
 115          /* Check if codigo is not alphanumeric */
 116          if(!eregi("^([0-9a-z])*$", $subuser)){
 117             $form->setError($field, "* codigo not alphanumeric");
 118          }
 119       }
 120
 121       /* clave error checking */
 122       $field = "clave";  //Use field name for clave
 123       if(!$subpass){
 124          $form->setError($field, "* Olvidó ingresar la clave");
 125       }
 126
 127       /* Return if form errors exist */
 128       if($form->num_errors > 0){
 129          return false;
 130       }
 131         DEPURAR ("Login: Checks 1 passed");
 132       /* Checks that codigo is in database and clave is correct */
 133       $subuser = stripslashes($subuser);
 134       $result = $database->confirmUserPass($subuser, md5($subpass));
 135
 136       /* Check error codes */
 137       if($result == 1){
 138          $field = "codigo";
 139          $form->setError($field, "* Código o Carné de Instructor no encontrado");
 140          DEPURAR ("Login: Not user");
 141       }
 142       else if($result == 2){
 143          $field = "clave";
 144          $form->setError($field, "* Clave inválida");
 145          DEPURAR ("Login: Not clave");
 146       }
 147
 148       /* Return if form errors exist */
 149       if($form->num_errors > 0){
 150          return false;
 151       }
 152         DEPURAR ("Login: Checks  2 passed");
 153       /* codigo and clave correct, register session variables */
 154       $this->userinfo  = $database->getUserInfo($subuser);
 155       $this->codigo  = $_SESSION['codigo'] = $this->userinfo['codigo'];
 156       $this->userid    = $_SESSION['userid']   = $this->generateRandID();
 157       $this->userlevel = $this->userinfo['userlevel'];
 158
 159       /* Insert userid into database and update active users table */
 160       $database->updateUserField($this->codigo, "userid", $this->userid);
 161       $database->addActiveUser($this->codigo, $this->time);
 162       $database->removeActiveGuest($_SERVER['REMOTE_ADDR']);
 163
 164       /**
 165        * This is the cool part: the user has requested that we remember that
 166        * he's logged in, so we set two cookies. One to hold his codigo,
 167        * and one to hold his random value userid. It expires by the time
 168        * specified in constants.php. Now, next time he comes to our site, we will
 169        * log him in automatically, but only if he didn't log out before he left.
 170        */
 171       if($subremember){
 172          setcookie("cookname", $this->codigo, time()+COOKIE_EXPIRE, COOKIE_PATH);
 173          setcookie("cookid",   $this->userid,   time()+COOKIE_EXPIRE, COOKIE_PATH);
 174       }
 175         DEPURAR ("Login: IN");
 176       /* Login completed successfully */
 177       return true;
 178    }
 179
 180    /**
 181     * logout - Gets called when the user wants to be logged out of the
 182     * website. It deletes any cookies that were stored on the users
 183     * computer as a result of him wanting to be remembered, and also
 184     * unsets session variables and demotes his user level to guest.
 185     */
 186    function logout(){
 187       global $database;  //The database connection
 188       /**
 189        * Delete cookies - the time must be in the past,
 190        * so just negate what you added when creating the
 191        * cookie.
 192        */
 193       if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
 194          setcookie("cookname", "", time()-COOKIE_EXPIRE, COOKIE_PATH);
 195          setcookie("cookid",   "", time()-COOKIE_EXPIRE, COOKIE_PATH);
 196       }
 197
 198       /* Unset PHP session variables */
 199       unset($_SESSION['codigo']);
 200       unset($_SESSION['userid']);
 201
 202       /* Reflect fact that user has logged out */
 203       $this->logged_in = false;
 204
 205       /**
 206        * Remove from active users table and add to
 207        * active guests tables.
 208        */
 209       $database->removeActiveUser($this->codigo);
 210       $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
 211
 212       /* Set user level to guest */
 213       $this->codigo  = GUEST_NAME;
 214       $this->userlevel = GUEST_LEVEL;
 215    }
 216
 217    /**
 218     * register - Gets called when the user has just submitted the
 219     * registration form. Determines if there were any errors with
 220     * the entry fields, if so, it records the errors and returns
 221     * 1. If no errors were found, it registers the new user and
 222     * returns 0. Returns 2 if registration failed.
 223     */
 224    function register($codigo, $clave, $nombre, $razon, $email, $telefono1, $telefono2, $telefono3, $logotipo, $notas){
 225       global $database, $form, $mailer;  //The database, form and mailer object
 226       $codigo = trim($codigo);
 227       $form->setValue("codigo", $codigo);
 228       $form->setValue("clave", $clave);
 229       $form->setValue("nombre", $nombre);
 230       $form->setValue("razon", $razon);
 231       $form->setValue("email", $email);
 232       $form->setValue("telefono1", $telefono1);
 233       $form->setValue("telefono2", $telefono2);
 234       $form->setValue("telefono3", $telefono3);
 235       $form->setValue("notas", $notas);
 236
 237       //print_r (array($codigo, $clave, $nombre, $razon, $email, $telefono1, $telefono2, $telefono3, $logotipo, $notas));
 238       /* codigo error checking */
 239       $field = "codigo";
 240       if(!$codigo){
 241          $form->setError($field, "* Nombre de usuario no ingresado");
 242       }
 243       else{
 244          /* Spruce up codigo, check length */
 245          $codigo = stripslashes($codigo);
 246          if(strlen($codigo) < 5){
 247             $form->setError($field, "* Código fiscal o nombre de usuario debe ser mayor a 5 caracteres");
 248          }
 249          else if(strlen($codigo) > 100){
 250             $form->setError($field, "* Código fiscal o nombre de usuario debe ser menor de 100 caracteres");
 251          }
 252          /* Check if codigo is not alphanumeric */
 253          else if(!eregi("^([0-9a-z])+$", $codigo)){
 254             $form->setError($field, "* Código fiscal o nombre de usuario debe ser Alfanumerico");
 255          }
 256          /* Check if codigo is reserved */
 257          else if(strcasecmp($codigo, GUEST_NAME) == 0){
 258             $form->setError($field, "* Código fiscal o nombre de usuario introducido es una palabra reservada");
 259          }
 260          /* Check if codigo is already in use */
 261          else if($database->codigoTaken($codigo)){
 262             $form->setError($field, "* Código fiscal o nombre de usuario ya esta en uso");
 263          }
 264       }
 265
 266       $field = "clave";
 267       if(!$clave){
 268          $form->setError($field, "* Clave no ingresada");
 269       }
 270       else{
 271          // Spruce up clave and check length
 272          $clave = stripslashes($clave);
 273          if(strlen($clave) < 4){
 274             $form->setError($field, "* Clave debe ser mayor a 4 caracteres");
 275          }
 276          // Check if clave is not alphanumeric
 277          else if(!eregi("^([0-9a-z])+$", ($clave = trim($clave)))){
 278             $form->setError($field, "* Clave no es Alfanumerica");
 279          }
 280       }
 281
 282
 283       /* Email error checking */
 284       $field = "email";  //Use field name for email
 285
 286       if(!$email){
 287          $form->setError($field, "* Email no ingresado");
 288
 289       }
 290       else{
 291
 292          /* Check if valid email address */
 293          $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
 294                  ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
 295                  ."\.([a-z]{2,}){1}$";
 296          if(!eregi($regex,$email)){
 297             $form->setError($field, "* Email inválido");
 298          }
 299          $email = stripslashes($email);
 300       }
 301
 302       /* Errors exist, have user correct them */
 303       if($form->num_errors > 0){
 304          return 1;  //Errors with form
 305       } else {
 306                   $idImg = CargarImagenEnBD("logotipo","LOGOTIPOS");
 307          if($database->addNewUser($codigo, md5($clave), $nombre, $razon, $email, $telefono1, $telefono2, $telefono3, $idImg, $notas)){
 308             if(EMAIL_WELCOME){
 309                $mailer->sendWelcome($codigo,$email,$clave);
 310             }
 311             return 0;  //New user added succesfully
 312          }else{
 313             return 2;  //Registration attempt failed
 314          }
 315       }
 316    }
 317
 318    /**
 319     * editAccount - Attempts to edit the user's account information
 320     * including the clave, which it first makes sure is correct
 321     * if entered, if so and the new clave is in the right
 322     * format, the change is made. All other fields are changed
 323     * automatically.
 324     */
 325    function editAccount($subnewpass, $codigo, $nombre, $razon, $email, $telefono1, $telefono2, $telefono3, $logotipo, $notas){
 326       global $database, $form;  //The database and form object
 327       $form->setValue("clave", $clave);
 328       $form->setValue("nombre", $nombre);
 329       $form->setValue("razon", $razon);
 330       $form->setValue("email", $email);
 331       $form->setValue("telefono1", $telefono1);
 332       $form->setValue("telefono2", $telefono2);
 333       $form->setValue("telefono3", $telefono3);
 334       $form->setValue("notas", $notas);
 335       /* Email error checking */
 336       $field = "email";  //Use field name for email
 337       if($email && strlen($email = trim($email)) > 0){
 338          /* Check if valid email address */
 339          $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
 340                  ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
 341                  ."\.([a-z]{2,}){1}$";
 342          if(!eregi($regex,$email)){
 343             $form->setError($field, "* Email inválido");
 344          }
 345          $email = stripslashes($email);
 346       }
 347
 348       /* Errors exist, have user correct them */
 349       if($form->num_errors > 0){
 350          return false;  //Errors with form
 351       }
 352
 353         if ( !isset($_POST['ConservarLogotipo']) ) {
 354                 /*
 355                         Corroborar si ya tenia una imagen antes, para reutilizar la fila y a la vez
 356                         que la imagen anterior no quede huerfana.
 357                 */
 358                 $Pre_Id = isset($_POST['ConservarLogotipo2']) ? $_POST['ConservarLogotipo2'] : 0;
 359                 $idImg = CargarImagenEnBD("logotipo","PEDIDOS", $Pre_Id);
 360         } else {
 361                 $idImg = $_POST['ConservarLogotipo'];
 362         }
 363         $database->updateUserField($codigo,"clave",md5($subnewpass));
 364         $database->updateUserField($codigo,"nombre",$nombre);
 365         $database->updateUserField($codigo,"razon",$razon);
 366         $database->updateUserField($codigo,"email",$email);
 367         $database->updateUserField($codigo,"telefono1",$telefono1);
 368         $database->updateUserField($codigo,"telefono2",$telefono2);
 369         $database->updateUserField($codigo,"telefono3",$telefono3);
 370         $database->updateUserField($codigo,"logotipo",$idImg);
 371         $database->updateUserField($codigo,"notas",$notas);
 372
 373
 374       /* Success! */
 375       return true;
 376    }
 377
 378    /**
 379     * isAdmin - Returns true if currently logged in user is
 380     * an administrator, false otherwise.
 381     */
 382    function isAdmin(){
 383       return ($this->userlevel == ADMIN_LEVEL ||
 384               $this->codigo  == ADMIN_NAME);
 385    }
 386
 387    /**
 388     * generateRandID - Generates a string made up of randomized
 389     * letters (lower and upper case) and digits and returns
 390     * the md5 hash of it to be used as a userid.
 391     */
 392    function generateRandID(){
 393       return md5($this->generateRandStr(16));
 394    }
 395
 396    /**
 397     * generateRandStr - Generates a string made up of randomized
 398     * letters (lower and upper case) and digits, the length
 399     * is a specified parameter.
 400     */
 401    function generateRandStr($length){
 402       $randstr = "";
 403       for($i=0; $i<$length; $i++){
 404          $randnum = mt_rand(0,61);
 405          if($randnum < 10){
 406             $randstr .= chr($randnum+48);
 407          }else if($randnum < 36){
 408             $randstr .= chr($randnum+55);
 409          }else{
 410             $randstr .= chr($randnum+61);
 411          }
 412       }
 413       return $randstr;
 414    }
 415 };
 416
 417
 418 /**
 419  * Initialize session object - This must be initialized before
 420  * the form object because the form uses session variables,
 421  * which cannot be accessed unless the session has started.
 422  */
 423 $session = new Session;
 424 /* Initialize form object */
 425 $form = new Form;
 426
 427 ?>