User management for the world wide web
Main Page | Class Hierarchy | Alphabetical List | Class List | File List | Class Members

UserAccount.php

00001 <?php
00006 class GenieGate_UserAccount {
00010   var $DBH;
00011 
00012 
00013   var $LISTENERS = array();
00014   
00020   function GenieGate_UserAccount(&$dbh){
00021     $this->DBH = $dbh;
00022   }
00030   function addListener(&$listener){
00031     array_push($this->LISTENERS,$listener);
00032   }
00033 
00042   function createUserAccount(&$fields,&$mview){
00043     $errors = $this->checkNewUserFields($fields);
00044     $this->fireCheckUserAccount($fields,$errors);
00045     if(count($errors) > 0){
00046       return($errors);
00047     }
00048     // Flag tells us that it has been confirmed.
00049     $c = "Y";
00050     if($mview){
00051       $c = "U";
00052     }
00053     $id = rand(1,5000); // Used for confirm.
00054     $sql = sprintf("INSERT into ua_users (id,created,uid,email,name,password,confirm) VALUES('$id',CURRENT_DATE,'%s','%s','%s','%s','$c')",        
00055            mysql_escape_string($fields[uid]),
00056            mysql_escape_string($fields[email]),
00057            mysql_escape_string($fields[name]),
00058            mysql_escape_string($fields[password])
00059            );
00060     mysql_query($sql,$this->DBH) or die("Database error: " . mysql_error($this->DBH));
00061     // Send an email asking them to confirm.
00062     if($mview){
00063       $mview->param("ACCOUNT",$fields);
00064       $mview->param("CONF_NO",$id);
00065     }
00066     // No mailview object. This means the account is confirmed and
00067     // needs to be set up.
00068     if(! $mview){
00069         $this->fireSetupUserAccount($fields,$id);
00070     }
00071     return($errors);
00072   }
00073 
00081     function createConfirmedUserAccount(&$fields){
00082 
00083         # First we check it.
00084         $errors = $this->checkNewUserFields($fields);
00085         $this->fireCheckUserAccount($fields,$errors);
00086         if(count($errors)){
00087             return($errors);
00088         }
00089         $sql = sprintf("INSERT into ua_users (id,created,uid,email,name,password,confirm) VALUES('$id',CURRENT_DATE,'%s','%s','%s','%s','Y')",         
00090                         mysql_escape_string($fields[uid]),
00091                         mysql_escape_string($fields[email]),
00092                         mysql_escape_string($fields[name]),
00093                         mysql_escape_string($fields[password])
00094                     );
00095         mysql_query($sql,$this->DBH) or die("Database error: " . mysql_error($this->DBH));
00096         $this->fireSetupUserAccount($fields,$id);
00097         return($errors);
00098     }
00099 
00100 
00107   function updateUserAccount($uid,&$fields){
00108     // We might need this for the plugin.
00109     $user = $this->lookupUid($uid);
00110     if(! $user){
00111       return(FALSE);
00112     }    
00113     $sql = sprintf("UPDATE ua_users SET email='%s',password='%s',name='%s' WHERE uid='%s'",
00114            mysql_escape_string($fields[email]),
00115            mysql_escape_string($fields[password]),
00116            mysql_escape_string($fields[name]),
00117            mysql_escape_string($uid));
00118     mysql_query($sql,$this->DBH) or die("Database error: " . mysql_error($this->DBH));    
00119     $this->fireUserAccountChange($uid,$user,$fields);
00120   }
00128   function getUserStats(){
00129     $stats = array();
00130     $sql = "SELECT MAX(created), MIN(created), COUNT(id) FROM ua_users";
00131     $result = mysql_query($sql,$this->DBH) or die(mysql_error($this->DBH));
00132     $row =  mysql_fetch_row($result);
00133     $stats[signup_newest]= $row[0];
00134     $stats[signup_oldest]= $row[1];
00135     $stats[total_users]= $row[2];
00136     mysql_free_result($result);
00137     $sql = "SELECT COUNT(id) FROM ua_users WHERE confirm='Y'";
00138     $result = mysql_query($sql,$this->DBH) or die(mysql_error($this->DBH));
00139     $row =  mysql_fetch_row($result);
00140     $stats[registered_users]= $row[0];
00141     return($stats);
00142   }
00143 
00151   function scanUsers($keyword){
00152     $users = array();    
00153     $string = mysql_escape_string(str_replace("*","%",strtolower($keyword)));
00154     $sql = "SELECT id,uid,created,confirm,email,name,password FROM ua_users ";
00155     $sql .= "WHERE LCASE(CONCAT(uid,name,email,created,password)) LIKE '%$string%'";
00156     $result = mysql_query($sql,$this->DBH) or die(mysql_error($this->DBH));
00157     if($result) {
00158       while($row = mysql_fetch_assoc($result)){
00159     array_push($users,$row);
00160       }
00161     }
00162     mysql_free_result($result);
00163     return($users);
00164   }
00165 
00179   function searchUsers($email,$name,$from,$to){
00180     $name = mysql_escape_string(str_replace("*","%",strtolower($name)));
00181     $email = mysql_escape_string(str_replace("*","%",strtolower($email)));
00182     $to = mysql_escape_string($to);
00183     $from = mysql_escape_string($from);
00184     $sql = "SELECT id,uid,created,confirm,email,name,password FROM ua_users ";
00185     $sql .= sprintf("WHERE created <= '%s' AND created >= '%s' AND name LIKE('%s') AND email LIKE('%s')",
00186             $to, $from,$name,$email);   
00187     $users = array();
00188     $result = mysql_query($sql,$this->DBH) or die(mysql_error($this->DBH));
00189     if($result) {
00190       while($row = mysql_fetch_assoc($result)){
00191     array_push($users,$row);
00192       }
00193     }
00194     mysql_free_result($result);
00195     return($users);
00196   }
00197 
00207     function removeUser($uid,$password = "", $confirm = TRUE){
00208         $fields = $this->lookupUid($uid);
00209         if($fields){      
00210             if($confirm){
00211                 if($fields[password] != $password){
00212                     error_log("Password for [$uid] not [$fields[password]]");
00213                     return(FALSE);
00214                 }
00215             }
00216             $sql = sprintf("DELETE FROM ua_users WHERE uid='%s'",mysql_escape_string($uid));
00217             mysql_query($sql,$this->DBH);
00218             $this->fireRemoveUser($uid,$fields);     
00219         }
00220         return(TRUE);
00221     }
00222    
00231   function confirmUserAccount($uid,$conf_no){
00232     $errors = array();
00233     $fields = $this->lookupUid($uid);
00234     if(! $fields){
00235       array_push($errors,"Invalid User");
00236     }
00237     if($fields[id] != $conf_no){
00238       if($fields){
00239           array_push($errors,"Invalid Account.");     
00240       }
00241     }
00242     $this->firePreConfirmUserAccount($fields,$conf_no,$errors);
00243     if(count($errors) > 0){
00244       return($errors);
00245     }
00246     $sql = sprintf("UPDATE ua_users SET confirm='Y' WHERE uid='%s' AND id='%s'",
00247            mysql_escape_string($uid),
00248            mysql_escape_string($conf_no));    
00249     mysql_query($sql,$this->DBH) or die(mysql_error());    
00250 
00251     $this->fireSetupUserAccount($fields,$conf_id);
00252     return($errors);
00253   }
00254 
00266   function expungeNonConfirmed($all = FALSE){
00267       if($all){
00268           $sql = "DELETE FROM ua_users WHERE confirm='U'";
00269       }else{
00270           $sql = "DELETE FROM ua_users WHERE confirm='U' AND created < CURRENT_DATE";
00271       }
00272       mysql_query($sql,$this->DBH) or die("Database error: " . mysql_error($this->DBH));
00273   }
00274 
00275   function fireUserAccountChange($uid,&$old_values, &$new_values){
00276     foreach($this->LISTENERS as $l){
00277       $l->userInfoChanged($this,$uid,$old_values,$new_values);
00278     }
00279   }
00280 
00282   function fireSetupUserAccount(&$fields,$conf_id){ 
00283     foreach($this->LISTENERS as $l){
00284       $l->setupUser($this,$fields,$conf_id);
00285     }
00286   }
00287 
00288 
00290   function fireRemoveUser($uid,&$fields){
00291     foreach($this->LISTENERS as $l){
00292       $l->removeUser($this,$uid,$fields);
00293     }
00294   }
00295 
00296 
00298   function firePreConfirmUserAccount(&$fields,$conf_id,&$errors){
00299     foreach($this->LISTENERS as $l){
00300       $l->preConfirm($this,$fields,$conf_id,$errors);
00301     }
00302     return;
00303   }
00307   function fireCheckUserAccount(&$fields,&$errors){ 
00308     foreach($this->LISTENERS as $l){
00309       $l->preCheck($this,$fields,$errors);        
00310     }
00311   }
00312 
00320   function checkNewUserFields(&$fields,$is_new = TRUE){
00321     $errors = array();
00322     $email = $fields[email];
00323     if(! ereg('.+@.+\..+',$email)){
00324       array_push($errors,"Invalid Email address");    
00325     }else{
00326       if($is_new){
00327           if($this->lookupEmail($email)){
00328               array_push($errors,"Email address already exists");
00329           }
00330       }
00331     }  
00332     if(preg_match("/\W/",$gid)){
00333         array_push($errors,"User ID may contain only letters and numbers.");
00334     }
00335     if(strlen($fields[uid]) > 1){
00336         if($is_new){
00337             if($this->lookupUid($fields[uid])){
00338                 array_push($errors,"User ID already taken.");
00339             }
00340         }
00341     }else{
00342         array_push($errors,"Invalid user ID.");
00343     }
00344     if(strlen($fields[password]) < 6){
00345         array_push($errors,"Invalid password, (must be longer)");
00346     }   
00347     return($errors);    
00348   }
00349   
00356     function lookupUid($uid){
00357         $sql = sprintf("SELECT id,uid,created,confirm,email,name,password FROM ua_users WHERE uid='%s'",
00358             mysql_escape_string($uid));
00359         $rs = mysql_query($sql,$this->DBH);
00360         if($rs){
00361             $user =  mysql_fetch_assoc($rs);
00362             mysql_free_result($rs);
00363             if($user[uid]){
00364                 return($user);
00365             }
00366         }
00367         return(FALSE);
00368   }
00369 
00376   function lookupEmail($email){
00377     $sql = sprintf("SELECT id,uid,created,confirm,email,name,password FROM ua_users WHERE email='%s'",
00378            mysql_escape_string($email));
00379     
00380     $rs = mysql_query($sql,$this->DBH);
00381     if($rs){
00382       $user =  mysql_fetch_assoc($rs);
00383       mysql_free_result($rs);
00384       if($user[uid]){
00385     return($user);
00386       }      
00387     }
00388     return(FALSE);
00389   }
00390 } 
00391 ?>
DoxyGen Documentation generated by DoxyGen