interface/main/calendar/includes/pnUser.php

   1 <?php
   2 // File: $Id$
   3 // ----------------------------------------------------------------------
   4 // POST-NUKE Content Management System
   5 // Copyright (C) 2001 by the Post-Nuke Development Team.
   6 // http://www.postnuke.com/
   7 // ----------------------------------------------------------------------
   8 // Based on:
   9 // PHP-NUKE Web Portal System - http://phpnuke.org/
  10 // Thatware - http://thatware.org/
  11 // ----------------------------------------------------------------------
  12 // LICENSE
  13 //
  14 // This program is free software; you can redistribute it and/or
  15 // modify it under the terms of the GNU General Public License (GPL)
  16 // as published by the Free Software Foundation; either version 2
  17 // of the License, or (at your option) any later version.
  18 //
  19 // This program is distributed in the hope that it will be useful,
  20 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  21 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  22 // GNU General Public License for more details.
  23 //
  24 // To read the license please visit http://www.gnu.org/copyleft/gpl.html
  25 // ----------------------------------------------------------------------
  26 // Original Author of file: Jim McDonald
  27 // Purpose of file: User functions
  28 // ----------------------------------------------------------------------
  29
  30 /*
  31  *
  32  * Defines
  33  *
  34  */
  35
  36 /*
  37  * Data types for User Properties
  38  */
  39 define('_UDCONST_MANDATORY', -1); // indicates a cord field that can't be removed'
  40 define('_UDCONST_CORE', 0); // indicates a core field (HACK, to be removed?)
  41 define('_UDCONST_STRING', 1);
  42 define('_UDCONST_TEXT', 2);
  43 define('_UDCONST_FLOAT', 3);
  44 define('_UDCONST_INTEGER', 4);
  45
  46 /**
  47  * Log the user in
  48  * @param uname the name of the user logging in
  49  * @param pass the password of the user logging in
  50  * @param whether or not to remember this login
  51  * @returns bool
  52  * @return true if the user successfully logged in, false otherwise
  53  */
  54 function pnUserLogIn($uname, $pass, $rememberme)
  55 {
  56     list($dbconn) = pnDBGetConn();
  57     $pntable = pnDBGetTables();
  58
  59     if (!pnUserLoggedIn()) {
  60         // Get user information
  61         $userscolumn = &$pntable['users_column'];
  62         $userstable = $pntable['users'];
  63
  64         $query = "SELECT $userscolumn[uid],
  65                          $userscolumn[pass]
  66                   FROM $userstable
  67                   WHERE $userscolumn[uname] = '" . pnVarPrepForStore($uname) ."'";
  68         $result = $dbconn->Execute($query);
  69
  70         if ($result->EOF) {
  71             return false;
  72         }
  73
  74         list($uid, $realpass) = $result->fields;
  75         $result->Close();
  76
  77         // Confirm that passwords match
  78         if (!comparePasswords($pass, $realpass, $uname, substr($realpass, 0, 2))) {
  79             return false;
  80         }
  81
  82         // Set user session information (new table)
  83         $sessioninfocolumn = &$pntable['session_info_column'];
  84         $sessioninfotable = $pntable['session_info'];
  85         $query = "UPDATE $sessioninfotable
  86                   SET $sessioninfocolumn[uid] = " . pnVarPrepForStore($uid) . "
  87                   WHERE $sessioninfocolumn[sessid] = '" . pnVarPrepForStore(session_id()) . "'";
  88         $dbconn->Execute($query);
  89
  90         // Set session variables
  91         pnSessionSetVar('uid', (int)$uid);
  92
  93         if (!empty($rememberme)) {
  94             pnSessionSetVar('rememberme', 1);
  95         }
  96     }
  97
  98      return true;
  99 }
 100
 101 /**
 102  * Compare Passwords
 103   */
 104 function comparePasswords($givenpass, $realpass, $username, $cryptSalt = '')
 105 {
 106     $compare2crypt = true;
 107     $compare2text = true;
 108
 109     $system = pnConfigGetVar('system');
 110
 111     $md5pass = md5($givenpass);
 112     if (strcmp($md5pass, $realpass) == 0) {
 113         return $md5pass;
 114     } elseif ($compare2crypt && $system != "1") {
 115         $crypted = false;
 116         if ($cryptSalt != '') {
 117             if (strcmp(crypt($givenpass, $cryptSalt), $realpass) == 0) {
 118                 $crypted = true;
 119             }
 120         } else {
 121             if (strcmp(crypt($givenpass, $cryptSalt), $realpass) == 0) {
 122                 $crypted = true;
 123             }
 124         }
 125
 126         if ($crypted) {
 127             updateUserPass($username, $md5pass);
 128             return $md5pass;
 129         }
 130     } elseif ($compare2text && strcmp($givenpass, $realpass) == 0) {
 131              updateUserPass($username, $md5pass);
 132              return $md5pass;
 133     }
 134
 135     return false;
 136 }
 137
 138 /**
 139  * Log the user out
 140  * @public
 141  * @returns bool
 142  * @return true if the user successfully logged out, false otherwise
 143  */
 144 function pnUserLogOut()
 145 {
 146     list($dbconn) = pnDBGetConn();
 147     $pntable = pnDBGetTables();
 148
 149     if (pnUserLoggedIn()) {
 150         // Reset user session information (new table)
 151         $sessioninfocolumn = &$pntable['session_info_column'];
 152         $sessioninfotable = $pntable['session_info'];
 153         $query = "UPDATE $sessioninfotable
 154                   SET $sessioninfocolumn[uid] = 0
 155                   WHERE $sessioninfocolumn[sessid] = '" . pnVarPrepForStore(session_id()) . "'";
 156         $dbconn->Execute($query);
 157
 158         pnSessionDelVar('rememberme');
 159         pnSessionDelVar('uid');
 160     }
 161 }
 162
 163 /**
 164  * is the user logged in?
 165  * @public
 166  * @returns bool
 167  * @returns true if the user is logged in, false if they are not
 168  */
 169 function pnUserLoggedIn()
 170 {
 171     if (pnSessionGetVar('uid') || $_SESSION['authUser']) {
 172         return true;
 173     } else {
 174         return false;
 175     }
 176 }
 177
 178 /**
 179  * get all user variables
 180  * @access public
 181  * @author Gregor J. Rothfuss
 182  * @since 1.33 - 2002/02/07
 183  * @param uid the user id of the user
 184  * @returns array
 185  * @return an associative array with all variables for a user
 186  */
 187 function pnUserGetVars($uid)
 188 {
 189     list($dbconn) = pnDBGetConn();
 190     $pntable = pnDBGetTables();
 191     $vars = array();
 192
 193     // TODO: review this code for performance.
 194
 195     $propertiestable = $pntable['user_property'];
 196     $userstable = $pntable['users'];
 197     $datatable = $pntable['user_data'];
 198     $userscolumn = &$pntable['users_column'];
 199     $datacolumn = &$pntable['user_data_column'];
 200     $propcolumn = &$pntable['user_property_column'];
 201
 202     $query = "SELECT $propcolumn[prop_label] as label, $datacolumn[uda_value] as value
 203               FROM $datatable, $propertiestable
 204               WHERE $datacolumn[uda_uid] = '" . pnVarPrepForStore($uid) ."' "
 205               ."AND $datacolumn[uda_propid] = $propcolumn[prop_id]";
 206
 207     $result = $dbconn->Execute($query);
 208
 209     while (!$result->EOF) {
 210         $uservars = $result->GetRowAssoc(false);
 211         $vars[$uservars['label']] = $uservars['value'];
 212         $result->MoveNext();
 213     }
 214
 215     $result->Close();
 216
 217     $query = "SELECT *
 218               FROM $userstable
 219               WHERE $userscolumn[uid] = " . pnVarPrepForStore($uid);
 220     $result = $dbconn->Execute($query);
 221
 222     if ($result->EOF) {
 223         return false;
 224     }
 225
 226     $corevars = $result->GetRowAssoc(false);
 227     $result->Close();
 228
 229     $vars = array_merge($vars, $corevars);
 230
 231     // Aliasing if required
 232     if (empty($vars['uid'])) {
 233         $vars['uid'] = $vars['pn_uid'];
 234         $vars['email'] = $vars['pn_email'];
 235         $vars['femail'] = $vars['pn_femail'];
 236         $vars['name'] = $vars['pn_name'];
 237         $vars['theme'] = $vars['pn_theme'];
 238         $vars['timezone_offset'] = $vars['pn_timezone_offset'];
 239         $vars['uname'] = $vars['pn_uname'];
 240         $vars['ublock'] = $vars['pn_ublock'];
 241         $vars['ublockon'] = $vars['pn_ublockon'];
 242         $vars['user_avatar'] = $vars['pn_user_avatar'];
 243         $vars['user_icq'] = $vars['pn_user_icq'];
 244         $vars['user_aim'] = $vars['pn_user_aim'];
 245         $vars['user_yim'] = $vars['pn_user_yim'];
 246         $vars['user_msnm'] = $vars['pn_user_msnm'];
 247         $vars['user_from'] = $vars['pn_user_from'];
 248         $vars['user_occ'] = $vars['pn_user_occ'];
 249         $vars['user_intrest'] = $vars['pn_user_intrest'];
 250         $vars['user_sig'] = $vars['pn_user_sig'];
 251         $vars['bio'] = $vars['pn_bio'];
 252         $vars['url'] = $vars['pn_url'];
 253         $vars['storynum'] = $vars['pn_storynum'];
 254         $vars['umode'] = $vars['pn_umode'];
 255         $vars['uorder'] = $vars['pn_uorder'];
 256         $vars['thold'] = $vars['pn_thold'];
 257         $vars['noscore'] = $vars['pn_noscore'];
 258         $vars['commentmax'] = $vars['pn_commentmax'];
 259     }
 260
 261     return($vars);
 262 }
 263
 264 /**
 265  * get a user variable
 266  * @public
 267  * @author Jim McDonald
 268  * @param name the name of the variable
 269  * @param uid the user to get the variable for
 270  * @returns string
 271  * @return the value of the user variable if successful, false otherwise
 272  */
 273 function pnUserGetVar($name, $uid = -1)
 274 {
 275     static $vars = array();
 276
 277     if (empty($name)) {
 278         return;
 279     }
 280
 281     if ($uid == -1) {
 282         $uid = pnSessionGetVar('uid');
 283     }
 284
 285     if (empty($uid)) {
 286         return;
 287     }
 288
 289     // Get this user's variables if not already obtained
 290     if (!isset($vars[$uid])) {
 291         $vars[$uid] = pnUserGetVars($uid);
 292     }
 293
 294     // Return the variable
 295     if (isset($vars[$uid][$name])) {
 296         return $vars[$uid][$name];
 297     } else {
 298         return;
 299     }
 300 }
 301
 302 /**
 303  * set a user variable
 304  * @access public
 305  * @author Gregor J. Rothfuss
 306  * @since 1.23 - 2002/02/01
 307  * @param name the name of the variable
 308  * @param value the value of the variable
 309  * @returns bool
 310  * @return true if the set was successful, false otherwise
 311  */
 312 function pnUserSetVar($name, $value)
 313 {
 314     list($dbconn) = pnDBGetConn();
 315     $pntable = pnDBGetTables();
 316
 317     if (empty($name)) {
 318         return false;
 319     }
 320
 321     $uid = pnSessionGetVar('uid');
 322     if (empty($uid)) {
 323         return false;
 324     }
 325
 326     $propertiestable = $pntable['user_property'];
 327     $datatable = $pntable['user_data'];
 328     $propcolumns = &$pntable['user_property_column'];
 329     $datacolumns = &$pntable['user_data_column'];
 330
 331     // Confirm that this is a known value
 332     $query = "SELECT $propcolumns[prop_id],
 333                      $propcolumns[prop_dtype]
 334               FROM $propertiestable
 335               WHERE $propcolumns[prop_label] = '" . pnVarPrepForStore($name) ."'";
 336     $result = $dbconn->Execute($query);
 337
 338     if ($result->EOF) {
 339         return false;
 340     }
 341
 342     list ($id, $type) = $result->fields;
 343     // check for existence of the variable in user data
 344     $query = "SELECT $datacolumns[uda_id]
 345               FROM $datatable
 346               WHERE $datacolumns[uda_propid] = '" . pnVarPrepForStore($id) ."'
 347               AND $datacolumns[uda_uid] = '" . pnVarPrepForStore($uid) ."'";
 348     $result = $dbconn->Execute($query);
 349
 350     // jgm - this won't work in databases that care about typing
 351     // but this should get fixed when we move to the dynamic user
 352     // variables setup
 353     // TODO: do some checking with $type to maybe do conditional sql
 354
 355     if ($result->EOF) {
 356            // record does not exist
 357
 358            $query = "INSERT INTO $datatable
 359                   ($datacolumns[uda_propid],
 360                    $datacolumns[uda_uid],
 361                    $datacolumns[uda_value])
 362                    VALUES ('".pnVarPrepForStore($id)."',
 363                           '".pnVarPrepForStore($uid)."',
 364                           '".pnVarPrepForStore($value)."')";
 365            $dbconn->Execute($query);
 366
 367         if ($dbconn->ErrorNo() != 0) {
 368             return false;
 369         }
 370     } else {
 371            // existing record
 372
 373            $query = "UPDATE $datatable
 374                      SET $datacolumns[uda_value] = '" . pnVarPrepForStore($value) . "'
 375                      WHERE $datacolumns[uda_propid] = '" . pnVarPrepForStore($id) ."' AND
 376                      $datacolumns[uda_uid] = '" . pnVarPrepForStore($uid) ."'";
 377            $dbconn->Execute($query);
 378
 379         if ($dbconn->ErrorNo() != 0) {
 380             return false;
 381         }
 382     }
 383
 384     return true;
 385 }
 386
 387
 388 /**
 389  * delete the contents of a user variable
 390  * @access public
 391  * @author Gregor J. Rothfuss
 392  * @since 1.23 - 2002/02/01
 393  * @param name the name of the variable
 394  * @returns bool
 395  * @return true on success, false on failure
 396  */
 397 function pnUserDelVar($name)
 398 {
 399     list($dbconn) = pnDBGetConn();
 400     $pntable = pnDBGetTables();
 401
 402     $propertiestable = $pntable['user_property'];
 403     $datatable = $pntable['user_data'];
 404     $propcolumns = &$pntable['user_property_column'];
 405     $datacolumns = &$pntable['user_data_column'];
 406
 407     // Prevent deletion of core fields (duh)
 408     if (empty($name) || ($name == 'uid') || ($name == 'email') ||
 409     ($name == 'password') || ($name == 'uname')) {
 410         return false;
 411     }
 412
 413     $uid = pnSessionGetVar('uid');
 414     if (empty($uid)) {
 415         return false;
 416     }
 417
 418     // get property id for cascading delete later
 419     $query = "SELECT $propcolumns[prop_id] from $propertiestable
 420               WHERE $propcolumns[prop_label] = '" . pnVarPrepForStore($name) ."'";
 421     $result = $dbconn->Execute($query);
 422
 423     if ($result->EOF) {
 424         return false;
 425     }
 426
 427     list ($id) = $result->fields;
 428
 429     $query = "DELETE from $propertiestable
 430               WHERE $propcolumns[prop_id] = '" . pnVarPrepForStore($id) ."'";
 431     $result = $dbconn->Execute($query);
 432
 433     if ($dbconn->ErrorNo() != 0) {
 434         return false;
 435     }
 436
 437     // delete variable from user data for all users
 438     $query = "DELETE from $datatable
 439               WHERE $datacolumns[uda_propid] = '" . pnVarPrepForStore($id) ."'";
 440     $dbconn->Execute($query);
 441
 442     if ($dbconn->ErrorNo() != 0) {
 443         return false;
 444     }
 445
 446     return true;
 447 }
 448
 449 /**
 450  * get the user's theme
 451  * @public
 452  * @returns string
 453  * @return the name of the user's theme
 454  */
 455 function pnUserGetTheme()
 456 {
 457     // Order of theme priority:
 458     // - page-specific
 459     // - user
 460     // - system
 461     // - PostNuke
 462
 463     // Page-specific theme
 464     $pagetheme = pnVarCleanFromInput('theme');
 465     if (!empty($pagetheme)) {
 466         if (@opendir("themes/" . pnVarPrepForOS($pagetheme))) {
 467             return $pagetheme;
 468         }
 469     }
 470
 471     if ((pnUserLoggedIn()) && (!pnConfigGetVar('theme_change'))) {
 472         $usertheme = pnUserGetVar('theme');
 473         // modification mouzaia .71
 474         if (!empty($usertheme)) {
 475             if (@opendir(WHERE_IS_PERSO."themes/".pnVarPrepForOS($usertheme))) {
 476                 return $usertheme;
 477             }
 478
 479             if (@opendir("themes/" . pnVarPrepForOS($usertheme))) {
 480                 return $usertheme;
 481             }
 482         }
 483     }
 484
 485     $systemtheme = pnConfigGetVar('Default_Theme');
 486     if (!empty($systemtheme)) {
 487         if (@opendir(WHERE_IS_PERSO."themes/" . pnVarPrepForOS($systemtheme))) {
 488             return $systemtheme;
 489         }
 490
 491         if (@opendir("themes/" . pnVarPrepForOS($systemtheme))) {
 492             return $systemtheme;
 493         }
 494     }
 495
 496 //      why is this hard coded ??????
 497 //  $defaulttheme = 'PostNuke';
 498     $defaulttheme = pnConfigGetVar('Default_Theme');
 499     if (@opendir(WHERE_IS_PERSO."themes/" . pnVarPrepForOS($defaulttheme))) {
 500         return $defaulttheme;
 501     }
 502
 503     if (@opendir("themes/" . pnVarPrepForOS($defaulttheme))) {
 504         return $defaulttheme;
 505     }
 506
 507     return false;
 508 }
 509
 510 /**
 511  * get the user's language
 512  * @public
 513  * <br>
 514  * jgm - the language parameter should be a user variable, not a
 515  *       session variable
 516  * @returns string
 517  * @return the name of the user's language
 518  */
 519 function pnUserGetLang()
 520 {
 521     $lang = pnSessionGetVar('lang');
 522     if (!empty($lang)) {
 523         return $lang;
 524     } else {
 525         return pnConfigGetVar('language');
 526     }
 527 }
 528
 529 /**
 530  * get the options for commenting
 531  * <br>
 532  * This function is deprecated, use <code>pnUserGetcommentArray()</code> in
 533  * conjunction with <code>pnModURL()</code> to produce relevant URLs
 534  * @deprecated
 535  * @public
 536  * @returns string
 537  * @return the comment options string
 538  */
 539 function pnUserGetCommentOptions()
 540 {
 541     if (pnUserLoggedIn()) {
 542         $mode = pnUserGetVar('umode');
 543         $order = pnUserGetVar('uorder');
 544         $thold = pnUserGetVar('thold');
 545     }
 546
 547     if (empty($mode)) {
 548         $mode = 'thread';
 549     }
 550
 551     if (empty($order)) {
 552         $order = 0;
 553     }
 554
 555     if (empty($thold)) {
 556         $thold = 0;
 557     }
 558
 559     return("mode=$mode&amp;order=$order&amp;thold=$thold");
 560 }
 561
 562 /**
 563  * get the options for commenting
 564  * @public
 565  * @returns array
 566  * @return the comment options array
 567  */
 568 function pnUserGetCommentOptionsArray()
 569 {
 570     if (pnUserLoggedIn()) {
 571         $mode = pnUserGetVar('umode');
 572         $order = pnUserGetVar('uorder');
 573         $thold = pnUserGetVar('thold');
 574     }
 575
 576     if (empty($mode)) {
 577         $mode = 'thread';
 578     }
 579
 580     if (empty($order)) {
 581         $order = 0;
 582     }
 583
 584     if (empty($thold)) {
 585         $thold = 0;
 586     }
 587
 588     return array('mode' => $mode,
 589                  'order' => $order,
 590                  'thold' => $thold);
 591 }
 592
 593 /**
 594  * get a list of user information
 595  * @public
 596  * @returns array
 597  * @return array of user arrays
 598  */
 599 function pnUserGetAll()
 600 {
 601     list($dbconn) = pnDBGetConn();
 602     $pntable = pnDBGetTables();
 603
 604     $userstable = $pntable['users'];
 605     $userscolumn = &$pntable['users_column'];
 606     $sql = "SELECT $userscolumn[uname],
 607                    $userscolumn[uid],
 608                    $userscolumn[name],
 609                    $userscolumn[email],
 610                    $userscolumn[url],
 611                    $userscolumn[user_avatar]
 612             FROM $userstable";
 613     $result = $dbconn->Execute($sql);
 614
 615     if ($dbconn->ErrorNo() != 0) {
 616         return;
 617     }
 618
 619     if ($result->EOF) {
 620         return false;
 621     }
 622
 623     $resarray = array();
 624     while (!$result->EOF) {
 625         list($uname, $uid, $name, $email, $url, $user_avatar) = $result->fields;
 626         $result->MoveNext();
 627         $resarray[$uid] = array('uname' => $uname,
 628                                 'uid' => $uid,
 629                                 'name' => $name,
 630                                 'email' => $email,
 631                                 'url' => $url,
 632                                 'avatar' => $user_avatar);
 633     }
 634
 635     $result->Close();
 636
 637     return $resarray;
 638 }