search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
* Minor TOS change
[specialops2.git] / lib / class.User_Authenticated.php
blobf4cf76e54056f0667454bae165ba30eb183ba97c
1 <?php
2 /**
3 * Class for the current logged in user.
4 *
5 * @author Anthony Parsons (xmpp:ant@specialops.ath.cx)
6 * @license file://../COPYING
7 * @version $Id$
8 */
9 class User_Authenticated extends User_Registered
10 {
11 function __construct($prefetch)
12 {
13 global $DB;
14
15 $fields = array('`userid`', '`points`', '`alias`', '`timezone`', '`theme`', '`date_format`', '`options`');
16 if ( $prefetch ) {
17 $fields = array_merge($fields, $prefetch);
18 }
19 $this->attrcache = $DB->query('SELECT '.implode(', ', $fields).' FROM `users` WHERE `userid` = @userid')->fetch_assoc();
20 $this->namecache[$this->attrcache['userid']] = $this->attrcache['alias'];
21
22 /* Update last active thing */
23 if ( !isset($_GET['xml']) && strpos($this->options, 'translucent') === false || 'POST' === $_SERVER['REQUEST_METHOD'] ) {
24 $DB->query('UPDATE LOW_PRIORITY `users` SET
25 `useragent` = '.$DB->string(substr($_SERVER['HTTP_USER_AGENT'], 0, 130)).',
26 `last_active_date` = UNIX_TIMESTAMP(),
27 `last_ip` = INET_ATON("'.$_SERVER['REMOTE_ADDR'].'")
28 WHERE `userid` = @userid');
29 }
30
31 /* User navigation menu at top of page */
32 $this->userlinks = array(
33 sprintf('<strong>%s (%d&#164;)</strong>', $this->attrcache['alias'], $this->attrcache['points'])
34 => 'user',
35 vsprintf('Online Users: %d', $DB->query('SELECT COUNT(*) AS `c` FROM `users`
36 WHERE `last_active_date` > UNIX_TIMESTAMP() - 600', MYSQLI_USE_RESULT)->fetch_row())
37 => 'userlist?online'
38 );
39 }
40
41 function __get($varname)
42 {
43 global $DB;
44
45 if ( !array_key_exists($varname, $this->attrcache) ) {
46 switch ( $varname ) {
47 case 'reg_ip':
48 case 'last_ip':
49 case 'last_login_ip':
50 list($this->attrcache[$varname]) =
51 $DB->query('SELECT INET_NTOA(`'.$varname.'`) FROM `users` WHERE `userid` = @userid')->fetch_row();
52 return $this->attrcache[$varname];
53 case 'password':
54 list($this->attrcache['password']) =
55 $DB->query('SELECT AES_DECRYPT(`password`, `reg_ip`) FROM `users` WHERE `userid` = @userid')->fetch_row();
56 return $this->attrcache['password'];
57 case 'posts':
58 list($this->attrcache['posts']) =
59 $DB->query('SELECT COUNT(*) FROM `messages` WHERE `userid` = @userid')->fetch_row();
60 return $this->attrcache['posts'];
61 case 'admin':
62 list($this->attrcache['admin']) =
63 $DB->query('SELECT COUNT(*) FROM `things` WHERE `what` = "admin" AND `userid` = @userid')->fetch_row();
64 return $this->attrcache['admin'];
65 default:
66 $fieldname = "`$varname`"; // No need to escape this since it will (should) always come from hardcoded variable names
67 }
68
69 $tmp = $DB->query('SELECT '.$fieldname.' FROM `users` WHERE `userid` = @userid');
70
71 if ( $DB->error ) {
72 throw new OutOfBoundsException('MySQL error in authuser::__get('.$varname.'): '.$DB->error);
73 } else {
74 list($this->attrcache[$varname]) = $tmp->fetch_row();
75 }
76 }
77
78 if ( array_key_exists($varname, $this->attrcache) ) {
79 return $this->attrcache[$varname];
80 } else {
81 throw new OutOfBoundsException('Invalid attribute name '.$varname);
82 }
83 }
84
85 // This is identical to the reguser function except it uses @userid instead of $this->userid
86 function __set($varname, $value)
87 {
88 global $DB;
89
90 $this->attrcache[$varname] = $value;
91
92 switch ( $varname ) {
93 case 'userid':
94 case 'alias':
95 case 'admin':
96 throw new Exception('Attempted to do a <var>authuser::__set('.$varname.')</var>.');
97 case 'reg_ip':
98 case 'last_ip':
99 case 'last_login_ip':
100 if ( strpos($value, ':') !== false ) { // IPv6
101 $value = 'NULL';
102 break;
103 }
104 $value = 'INET_ATON('.$DB->string($value).')';
105 break;
106 case 'password':
107 $value = 'AES_ENCRYPT('.$DB->string($value).', `reg_ip`)';
108 break;
109 case 'points':
110 $tmp = sqrt($value);
111 if ( floor($tmp) == $tmp && $tmp > $this->attrcache['invites'] &&
112 $DB->query('SELECT COUNT(*) AS `c` FROM `things`
113 WHERE `what` = "invite"
114 AND `userid` = @userid')->fetch_object()->c < 5 ) {
115 $DB->query('INSERT INTO `things` VALUES (NULL, @userid, "invite", UUID())');
116 $DB->query('UPDATE `users` SET `invites` = (`invites` + 1) WHERE `userid` = @userid');
117 }
118 break;
119 case 'options':
120 if ( is_array($value) ) {
121 $value = implode(',', $value);
122 $this->attrcache[$varname] = $value;
123 }
124 $value = $DB->string($value);
125 break;
126 default:
127 if ( is_string($value) ) {
128 $value = $DB->string($value);
129 }
130 }
131
132 $DB->query('UPDATE `users` SET `'.$varname.'` = '.$value.' WHERE `userid` = @userid');
133 if ( $DB->error ) {
134 throw new UnexpectedValueException('MySQL error in authuser::__set('.$varname.' = '.$value.'): '.$DB->error);
135 }
136 }
137
138 /**
139 * Print out a username given the ID.
140 * This function will make the username into a link to that user's info page if either:
141 * - This is the first instance of that name being displayed or
142 * - The "Always Link" option is enabled in this authuser's settings
143 *
144 * @param int $id User ID of username to look up
145 * @param string $name Use this as the username instead of issuing a DB query for it
146 */
147 function namelink($id, $name = null)
148 {
149 global $DB;
150 if ( empty($this->namecache[$id]) ) {
151 if ( null === $name ) {
152 list($name) = $DB->query('SELECT `alias` FROM `users` WHERE `userid` = '.$id.' LIMIT 1', MYSQLI_USE_RESULT)->fetch_row();
153 }
154
155 $this->namecache[$id] = $name;
156
157 return sprintf('<a href="user?%d">%s</a>', $id, $name);
158 } else {
159 return strpos($this->options, 'namelinks') !== false ?
160 sprintf('<a href="user?%d">%s</a>', $id, $this->namecache[$id]) :
161 $this->namecache[$id];
162 }
163 }
164
165 /**
166 * Takes a list of usernames and IDs from the DB and returns it as an array.
167 * This also adds the ID:name pairs to the authuser object's namecache, so namelink() can reuse them.
168 * Creates hyperlinks under the same conditions as namelink().
169 *
170 * @param mysqli_result $rows A result set of 1 or more rows containing user ID and name, in that order.
171 */
172 function fillnamecache(mysqli_result $rows)
173 {
174 $names = array();
175
176 while ( list($id, $n) = $rows->fetch_row() ) {
177 if ( empty($this->namecache[$id]) ) {
178 ($this->namecache[$id] = $n) && $names[$id] = sprintf('<a id="u%d" href="user?%1$d">%2$s</a>', $id, $n);
179 } else {
180 $names[$id] = strpos($this->options, 'namelinks') !== false ?
181 sprintf('<a href="user?%d">%s</a>', $id, $this->namecache[$id]) :
182 $this->namecache[$id];
183 }
184 }
185 return $names;
186 }
187
188 // (23:34:54) Timrod: MY HAND WAS BLEEDING FOR DAYS.
189 function fdate($timestamp)
190 {
191 if ( 0 == $timestamp )
192 return 'N/A';
193 if ( time() - 3600 < $timestamp || time() == $timestamp )
194 return '<strong>'.gmdate($this->attrcache['date_format'], $timestamp + $this->timezone*3600).'</strong>';
195
196 return gmdate($this->attrcache['date_format'], $timestamp + $this->timezone*3600);
197 }
198
199 /**
200 * Check whether the user's password in the DB is Null. BORING
201 */
202 public function check_nullpass()
203 {
204 return $GLOBALS['DB']->query('SELECT `userid` FROM `users` WHERE `userid` = @userid AND `password` IS NULL')->num_rows;
205 }
206
207 /**
208 * Userlevels? WELCOME TO 1999
209 */
210 public function has_priv($name)
211 {
212 switch ( $name ) {
213 case 'html':
214 return ($this->admin || $this->points >= 10000);
215 case 'moderate':
216 return ($this->points >= 1);
217 case 'admin':
218 return $this->admin;
219 case 'viewboard':
220 case 'postmessage':
221 return ((func_get_arg(1) == 'admin' && $this->admin) ||
222 (func_get_arg(1) == 'authuser' && $this->points > 0) ||
223 func_get_arg(1) == 'none');
224 case 'posttopic':
225 return ($this->admin || func_get_arg(1) == 'none');
226 default:
227 throw new UnexpectedValueException($name);
228 }
229 }
230 }
231 ?>
Special Ops source code from the bad old days, 2nd generation