3 * Class for the current logged in user.
5 * @author Anthony Parsons (xmpp:ant@specialops.ath.cx)
6 * @license file://../COPYING
9 class User_Authenticated
extends User_Registered
11 function __construct($prefetch)
15 $fields = array('`userid`', '`points`', '`alias`', '`timezone`', '`theme`', '`date_format`', '`options`');
17 $fields = array_merge($fields, $prefetch);
19 $this->attrcache
= $DB->query('SELECT '.implode(', ', $fields).' FROM `users` WHERE `userid` = @userid')->fetch_assoc();
20 $this->namecache
[$this->attrcache
['userid']] = $this->attrcache
['alias'];
22 /* Update last active thing */
23 if ( !isset($_GET['xml']) && strpos($this->options
, 'translucent') === false ||
'POST' === $_SERVER['REQUEST_METHOD'] ) {
24 $DB->query('UPDATE LOW_PRIORITY `users` SET
25 `useragent` = '.$DB->string(substr($_SERVER['HTTP_USER_AGENT'], 0, 130)).',
26 `last_active_date` = UNIX_TIMESTAMP(),
27 `last_ip` = INET_ATON("'.$_SERVER['REMOTE_ADDR'].'")
28 WHERE `userid` = @userid');
31 /* User navigation menu at top of page */
32 $this->userlinks
= array(
33 sprintf('<strong>%s (%d¤)</strong>', $this->attrcache
['alias'], $this->attrcache
['points'])
35 vsprintf('Online Users: %d', $DB->query('SELECT COUNT(*) AS `c` FROM `users`
36 WHERE `last_active_date` > UNIX_TIMESTAMP() - 600', MYSQLI_USE_RESULT
)->fetch_row())
41 function __get($varname)
45 if ( !array_key_exists($varname, $this->attrcache
) ) {
50 list($this->attrcache
[$varname]) =
51 $DB->query('SELECT INET_NTOA(`'.$varname.'`) FROM `users` WHERE `userid` = @userid')->fetch_row();
52 return $this->attrcache
[$varname];
54 list($this->attrcache
['password']) =
55 $DB->query('SELECT AES_DECRYPT(`password`, `reg_ip`) FROM `users` WHERE `userid` = @userid')->fetch_row();
56 return $this->attrcache
['password'];
58 list($this->attrcache
['posts']) =
59 $DB->query('SELECT COUNT(*) FROM `messages` WHERE `userid` = @userid')->fetch_row();
60 return $this->attrcache
['posts'];
62 list($this->attrcache
['admin']) =
63 $DB->query('SELECT COUNT(*) FROM `things` WHERE `what` = "admin" AND `userid` = @userid')->fetch_row();
64 return $this->attrcache
['admin'];
66 $fieldname = "`$varname`"; // No need to escape this since it will (should) always come from hardcoded variable names
69 $tmp = $DB->query('SELECT '.$fieldname.' FROM `users` WHERE `userid` = @userid');
72 throw new OutOfBoundsException('MySQL error in authuser::__get('.$varname.'): '.$DB->error
);
74 list($this->attrcache
[$varname]) = $tmp->fetch_row();
78 if ( array_key_exists($varname, $this->attrcache
) ) {
79 return $this->attrcache
[$varname];
81 throw new OutOfBoundsException('Invalid attribute name '.$varname);
85 // This is identical to the reguser function except it uses @userid instead of $this->userid
86 function __set($varname, $value)
90 $this->attrcache
[$varname] = $value;
96 throw new Exception('Attempted to do a <var>authuser::__set('.$varname.')</var>.');
100 if ( strpos($value, ':') !== false ) { // IPv6
104 $value = 'INET_ATON('.$DB->string($value).')';
107 $value = 'AES_ENCRYPT('.$DB->string($value).', `reg_ip`)';
111 if ( floor($tmp) == $tmp && $tmp > $this->attrcache
['invites'] &&
112 $DB->query('SELECT COUNT(*) AS `c` FROM `things`
113 WHERE `what` = "invite"
114 AND `userid` = @userid')->fetch_object()->c
< 5 ) {
115 $DB->query('INSERT INTO `things` VALUES (NULL, @userid, "invite", UUID())');
116 $DB->query('UPDATE `users` SET `invites` = (`invites` + 1) WHERE `userid` = @userid');
120 if ( is_array($value) ) {
121 $value = implode(',', $value);
122 $this->attrcache
[$varname] = $value;
124 $value = $DB->string($value);
127 if ( is_string($value) ) {
128 $value = $DB->string($value);
132 $DB->query('UPDATE `users` SET `'.$varname.'` = '.$value.' WHERE `userid` = @userid');
134 throw new UnexpectedValueException('MySQL error in authuser::__set('.$varname.' = '.$value.'): '.$DB->error
);
139 * Print out a username given the ID.
140 * This function will make the username into a link to that user's info page if either:
141 * - This is the first instance of that name being displayed or
142 * - The "Always Link" option is enabled in this authuser's settings
144 * @param int $id User ID of username to look up
145 * @param string $name Use this as the username instead of issuing a DB query for it
147 function namelink($id, $name = null)
150 if ( empty($this->namecache
[$id]) ) {
151 if ( null === $name ) {
152 list($name) = $DB->query('SELECT `alias` FROM `users` WHERE `userid` = '.$id.' LIMIT 1', MYSQLI_USE_RESULT
)->fetch_row();
155 $this->namecache
[$id] = $name;
157 return sprintf('<a href="user?%d">%s</a>', $id, $name);
159 return strpos($this->options
, 'namelinks') !== false ?
160 sprintf('<a href="user?%d">%s</a>', $id, $this->namecache
[$id]) :
161 $this->namecache
[$id];
166 * Takes a list of usernames and IDs from the DB and returns it as an array.
167 * This also adds the ID:name pairs to the authuser object's namecache, so namelink() can reuse them.
168 * Creates hyperlinks under the same conditions as namelink().
170 * @param mysqli_result $rows A result set of 1 or more rows containing user ID and name, in that order.
172 function fillnamecache(mysqli_result
$rows)
176 while ( list($id, $n) = $rows->fetch_row() ) {
177 if ( empty($this->namecache
[$id]) ) {
178 ($this->namecache
[$id] = $n) && $names[$id] = sprintf('<a id="u%d" href="user?%1$d">%2$s</a>', $id, $n);
180 $names[$id] = strpos($this->options
, 'namelinks') !== false ?
181 sprintf('<a href="user?%d">%s</a>', $id, $this->namecache
[$id]) :
182 $this->namecache
[$id];
188 // (23:34:54) Timrod: MY HAND WAS BLEEDING FOR DAYS.
189 function fdate($timestamp)
191 if ( 0 == $timestamp )
193 if ( time() - 3600 < $timestamp ||
time() == $timestamp )
194 return '<strong>'.gmdate($this->attrcache
['date_format'], $timestamp +
$this->timezone
*3600).'</strong>';
196 return gmdate($this->attrcache
['date_format'], $timestamp +
$this->timezone
*3600);
200 * Check whether the user's password in the DB is Null. BORING
202 public function check_nullpass()
204 return $GLOBALS['DB']->query('SELECT `userid` FROM `users` WHERE `userid` = @userid AND `password` IS NULL')->num_rows
;
208 * Userlevels? WELCOME TO 1999
210 public function has_priv($name)
214 return ($this->admin ||
$this->points
>= 10000);
216 return ($this->points
>= 1);
221 return ((func_get_arg(1) == 'admin' && $this->admin
) ||
222 (func_get_arg(1) == 'authuser' && $this->points
> 0) ||
223 func_get_arg(1) == 'none');
225 return ($this->admin ||
func_get_arg(1) == 'none');
227 throw new UnexpectedValueException($name);