3 // ----------------------------------------------------------------------
4 // POST-NUKE Content Management System
5 // Copyright (C) 2001 by the Post-Nuke Development Team.
6 // http://www.postnuke.com/
7 // ----------------------------------------------------------------------
9 // PHP-NUKE Web Portal System - http://phpnuke.org/
10 // Thatware - http://thatware.org/
11 // ----------------------------------------------------------------------
14 // This program is free software; you can redistribute it and/or
15 // modify it under the terms of the GNU General Public License (GPL)
16 // as published by the Free Software Foundation; either version 2
17 // of the License, or (at your option) any later version.
19 // This program is distributed in the hope that it will be useful,
20 // but WITHOUT ANY WARRANTY; without even the implied warranty of
21 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 // GNU General Public License for more details.
24 // To read the license please visit http://www.gnu.org/copyleft/gpl.html
25 // ----------------------------------------------------------------------
26 // Original Author of file: Jim McDonald
27 // Purpose of file: User functions
28 // ----------------------------------------------------------------------
37 * Data types for User Properties
39 define('_UDCONST_MANDATORY', -1); // indicates a cord field that can't be removed'
40 define('_UDCONST_CORE', 0); // indicates a core field (HACK, to be removed?)
41 define('_UDCONST_STRING', 1);
42 define('_UDCONST_TEXT', 2);
43 define('_UDCONST_FLOAT', 3);
44 define('_UDCONST_INTEGER', 4);
48 * @param uname the name of the user logging in
49 * @param pass the password of the user logging in
50 * @param whether or not to remember this login
52 * @return true if the user successfully logged in, false otherwise
54 function pnUserLogIn($uname, $pass, $rememberme)
56 list($dbconn) = pnDBGetConn();
57 $pntable = pnDBGetTables();
59 if (!pnUserLoggedIn()) {
60 // Get user information
61 $userscolumn = &$pntable['users_column'];
62 $userstable = $pntable['users'];
64 $query = "SELECT $userscolumn[uid],
67 WHERE $userscolumn[uname] = '" . pnVarPrepForStore($uname) ."'";
68 $result = $dbconn->Execute($query);
74 list($uid, $realpass) = $result->fields
;
77 // Confirm that passwords match
78 if (!comparePasswords($pass, $realpass, $uname, substr($realpass, 0, 2))) {
82 // Set user session information (new table)
83 $sessioninfocolumn = &$pntable['session_info_column'];
84 $sessioninfotable = $pntable['session_info'];
85 $query = "UPDATE $sessioninfotable
86 SET $sessioninfocolumn[uid] = " . pnVarPrepForStore($uid) . "
87 WHERE $sessioninfocolumn[sessid] = '" . pnVarPrepForStore(session_id()) . "'";
88 $dbconn->Execute($query);
90 // Set session variables
91 pnSessionSetVar('uid', (int)$uid);
93 if (!empty($rememberme)) {
94 pnSessionSetVar('rememberme', 1);
104 function comparePasswords($givenpass, $realpass, $username, $cryptSalt = '')
106 $compare2crypt = true;
107 $compare2text = true;
109 $system = pnConfigGetVar('system');
111 $md5pass = md5($givenpass);
112 if (strcmp($md5pass, $realpass) == 0) {
114 } elseif ($compare2crypt && $system != "1") {
116 if ($cryptSalt != '') {
117 if (strcmp(crypt($givenpass, $cryptSalt), $realpass) == 0) {
121 if (strcmp(crypt($givenpass, $cryptSalt), $realpass) == 0) {
127 updateUserPass($username, $md5pass);
130 } elseif ($compare2text && strcmp($givenpass, $realpass) == 0) {
131 updateUserPass($username, $md5pass);
142 * @return true if the user successfully logged out, false otherwise
144 function pnUserLogOut()
146 list($dbconn) = pnDBGetConn();
147 $pntable = pnDBGetTables();
149 if (pnUserLoggedIn()) {
150 // Reset user session information (new table)
151 $sessioninfocolumn = &$pntable['session_info_column'];
152 $sessioninfotable = $pntable['session_info'];
153 $query = "UPDATE $sessioninfotable
154 SET $sessioninfocolumn[uid] = 0
155 WHERE $sessioninfocolumn[sessid] = '" . pnVarPrepForStore(session_id()) . "'";
156 $dbconn->Execute($query);
158 pnSessionDelVar('rememberme');
159 pnSessionDelVar('uid');
164 * is the user logged in?
167 * @returns true if the user is logged in, false if they are not
169 function pnUserLoggedIn()
171 if (pnSessionGetVar('uid') ||
$_SESSION['authUser']) {
179 * get all user variables
181 * @author Gregor J. Rothfuss
182 * @since 1.33 - 2002/02/07
183 * @param uid the user id of the user
185 * @return an associative array with all variables for a user
187 function pnUserGetVars($uid)
189 list($dbconn) = pnDBGetConn();
190 $pntable = pnDBGetTables();
193 // TODO: review this code for performance.
195 $propertiestable = $pntable['user_property'];
196 $userstable = $pntable['users'];
197 $datatable = $pntable['user_data'];
198 $userscolumn = &$pntable['users_column'];
199 $datacolumn = &$pntable['user_data_column'];
200 $propcolumn = &$pntable['user_property_column'];
202 $query = "SELECT $propcolumn[prop_label] as label, $datacolumn[uda_value] as value
203 FROM $datatable, $propertiestable
204 WHERE $datacolumn[uda_uid] = '" . pnVarPrepForStore($uid) ."' "
205 ."AND $datacolumn[uda_propid] = $propcolumn[prop_id]";
207 $result = $dbconn->Execute($query);
209 while (!$result->EOF
) {
210 $uservars = $result->GetRowAssoc(false);
211 $vars[$uservars['label']] = $uservars['value'];
219 WHERE $userscolumn[uid] = " . pnVarPrepForStore($uid);
220 $result = $dbconn->Execute($query);
226 $corevars = $result->GetRowAssoc(false);
229 $vars = array_merge($vars, $corevars);
231 // Aliasing if required
232 if (empty($vars['uid'])) {
233 $vars['uid'] = $vars['pn_uid'];
234 $vars['email'] = $vars['pn_email'];
235 $vars['femail'] = $vars['pn_femail'];
236 $vars['name'] = $vars['pn_name'];
237 $vars['theme'] = $vars['pn_theme'];
238 $vars['timezone_offset'] = $vars['pn_timezone_offset'];
239 $vars['uname'] = $vars['pn_uname'];
240 $vars['ublock'] = $vars['pn_ublock'];
241 $vars['ublockon'] = $vars['pn_ublockon'];
242 $vars['user_avatar'] = $vars['pn_user_avatar'];
243 $vars['user_icq'] = $vars['pn_user_icq'];
244 $vars['user_aim'] = $vars['pn_user_aim'];
245 $vars['user_yim'] = $vars['pn_user_yim'];
246 $vars['user_msnm'] = $vars['pn_user_msnm'];
247 $vars['user_from'] = $vars['pn_user_from'];
248 $vars['user_occ'] = $vars['pn_user_occ'];
249 $vars['user_intrest'] = $vars['pn_user_intrest'];
250 $vars['user_sig'] = $vars['pn_user_sig'];
251 $vars['bio'] = $vars['pn_bio'];
252 $vars['url'] = $vars['pn_url'];
253 $vars['storynum'] = $vars['pn_storynum'];
254 $vars['umode'] = $vars['pn_umode'];
255 $vars['uorder'] = $vars['pn_uorder'];
256 $vars['thold'] = $vars['pn_thold'];
257 $vars['noscore'] = $vars['pn_noscore'];
258 $vars['commentmax'] = $vars['pn_commentmax'];
265 * get a user variable
267 * @author Jim McDonald
268 * @param name the name of the variable
269 * @param uid the user to get the variable for
271 * @return the value of the user variable if successful, false otherwise
273 function pnUserGetVar($name, $uid = -1)
275 static $vars = array();
282 $uid = pnSessionGetVar('uid');
289 // Get this user's variables if not already obtained
290 if (!isset($vars[$uid])) {
291 $vars[$uid] = pnUserGetVars($uid);
294 // Return the variable
295 if (isset($vars[$uid][$name])) {
296 return $vars[$uid][$name];
303 * set a user variable
305 * @author Gregor J. Rothfuss
306 * @since 1.23 - 2002/02/01
307 * @param name the name of the variable
308 * @param value the value of the variable
310 * @return true if the set was successful, false otherwise
312 function pnUserSetVar($name, $value)
314 list($dbconn) = pnDBGetConn();
315 $pntable = pnDBGetTables();
321 $uid = pnSessionGetVar('uid');
326 $propertiestable = $pntable['user_property'];
327 $datatable = $pntable['user_data'];
328 $propcolumns = &$pntable['user_property_column'];
329 $datacolumns = &$pntable['user_data_column'];
331 // Confirm that this is a known value
332 $query = "SELECT $propcolumns[prop_id],
333 $propcolumns[prop_dtype]
334 FROM $propertiestable
335 WHERE $propcolumns[prop_label] = '" . pnVarPrepForStore($name) ."'";
336 $result = $dbconn->Execute($query);
342 list ($id, $type) = $result->fields
;
343 // check for existence of the variable in user data
344 $query = "SELECT $datacolumns[uda_id]
346 WHERE $datacolumns[uda_propid] = '" . pnVarPrepForStore($id) ."'
347 AND $datacolumns[uda_uid] = '" . pnVarPrepForStore($uid) ."'";
348 $result = $dbconn->Execute($query);
350 // jgm - this won't work in databases that care about typing
351 // but this should get fixed when we move to the dynamic user
353 // TODO: do some checking with $type to maybe do conditional sql
356 // record does not exist
358 $query = "INSERT INTO $datatable
359 ($datacolumns[uda_propid],
360 $datacolumns[uda_uid],
361 $datacolumns[uda_value])
362 VALUES ('".pnVarPrepForStore($id)."',
363 '".pnVarPrepForStore($uid)."',
364 '".pnVarPrepForStore($value)."')";
365 $dbconn->Execute($query);
367 if ($dbconn->ErrorNo() != 0) {
373 $query = "UPDATE $datatable
374 SET $datacolumns[uda_value] = '" . pnVarPrepForStore($value) . "'
375 WHERE $datacolumns[uda_propid] = '" . pnVarPrepForStore($id) ."' AND
376 $datacolumns[uda_uid] = '" . pnVarPrepForStore($uid) ."'";
377 $dbconn->Execute($query);
379 if ($dbconn->ErrorNo() != 0) {
389 * delete the contents of a user variable
391 * @author Gregor J. Rothfuss
392 * @since 1.23 - 2002/02/01
393 * @param name the name of the variable
395 * @return true on success, false on failure
397 function pnUserDelVar($name)
399 list($dbconn) = pnDBGetConn();
400 $pntable = pnDBGetTables();
402 $propertiestable = $pntable['user_property'];
403 $datatable = $pntable['user_data'];
404 $propcolumns = &$pntable['user_property_column'];
405 $datacolumns = &$pntable['user_data_column'];
407 // Prevent deletion of core fields (duh)
408 if (empty($name) ||
($name == 'uid') ||
($name == 'email') ||
409 ($name == 'password') ||
($name == 'uname')) {
413 $uid = pnSessionGetVar('uid');
418 // get property id for cascading delete later
419 $query = "SELECT $propcolumns[prop_id] from $propertiestable
420 WHERE $propcolumns[prop_label] = '" . pnVarPrepForStore($name) ."'";
421 $result = $dbconn->Execute($query);
427 list ($id) = $result->fields
;
429 $query = "DELETE from $propertiestable
430 WHERE $propcolumns[prop_id] = '" . pnVarPrepForStore($id) ."'";
431 $result = $dbconn->Execute($query);
433 if ($dbconn->ErrorNo() != 0) {
437 // delete variable from user data for all users
438 $query = "DELETE from $datatable
439 WHERE $datacolumns[uda_propid] = '" . pnVarPrepForStore($id) ."'";
440 $dbconn->Execute($query);
442 if ($dbconn->ErrorNo() != 0) {
450 * get the user's theme
453 * @return the name of the user's theme
455 function pnUserGetTheme()
457 // Order of theme priority:
463 // Page-specific theme
464 $pagetheme = pnVarCleanFromInput('theme');
465 if (!empty($pagetheme)) {
466 if (@opendir
("themes/" . pnVarPrepForOS($pagetheme))) {
471 if ((pnUserLoggedIn()) && (!pnConfigGetVar('theme_change'))) {
472 $usertheme = pnUserGetVar('theme');
473 // modification mouzaia .71
474 if (!empty($usertheme)) {
475 if (@opendir
(WHERE_IS_PERSO
."themes/".pnVarPrepForOS($usertheme))) {
479 if (@opendir
("themes/" . pnVarPrepForOS($usertheme))) {
485 $systemtheme = pnConfigGetVar('Default_Theme');
486 if (!empty($systemtheme)) {
487 if (@opendir
(WHERE_IS_PERSO
."themes/" . pnVarPrepForOS($systemtheme))) {
491 if (@opendir
("themes/" . pnVarPrepForOS($systemtheme))) {
496 // why is this hard coded ??????
497 // $defaulttheme = 'PostNuke';
498 $defaulttheme = pnConfigGetVar('Default_Theme');
499 if (@opendir
(WHERE_IS_PERSO
."themes/" . pnVarPrepForOS($defaulttheme))) {
500 return $defaulttheme;
503 if (@opendir
("themes/" . pnVarPrepForOS($defaulttheme))) {
504 return $defaulttheme;
511 * get the user's language
514 * jgm - the language parameter should be a user variable, not a
517 * @return the name of the user's language
519 function pnUserGetLang()
521 $lang = pnSessionGetVar('lang');
525 return pnConfigGetVar('language');
530 * get the options for commenting
532 * This function is deprecated, use <code>pnUserGetcommentArray()</code> in
533 * conjunction with <code>pnModURL()</code> to produce relevant URLs
537 * @return the comment options string
539 function pnUserGetCommentOptions()
541 if (pnUserLoggedIn()) {
542 $mode = pnUserGetVar('umode');
543 $order = pnUserGetVar('uorder');
544 $thold = pnUserGetVar('thold');
559 return("mode=$mode&order=$order&thold=$thold");
563 * get the options for commenting
566 * @return the comment options array
568 function pnUserGetCommentOptionsArray()
570 if (pnUserLoggedIn()) {
571 $mode = pnUserGetVar('umode');
572 $order = pnUserGetVar('uorder');
573 $thold = pnUserGetVar('thold');
588 return array('mode' => $mode,
594 * get a list of user information
597 * @return array of user arrays
599 function pnUserGetAll()
601 list($dbconn) = pnDBGetConn();
602 $pntable = pnDBGetTables();
604 $userstable = $pntable['users'];
605 $userscolumn = &$pntable['users_column'];
606 $sql = "SELECT $userscolumn[uname],
611 $userscolumn[user_avatar]
613 $result = $dbconn->Execute($sql);
615 if ($dbconn->ErrorNo() != 0) {
624 while (!$result->EOF
) {
625 list($uname, $uid, $name, $email, $url, $user_avatar) = $result->fields
;
627 $resarray[$uid] = array('uname' => $uname,
632 'avatar' => $user_avatar);