user.class

GForge 3.0 协作开发平台 支持CVS, mailing lists, bug tracking, message boards/forums, task management, perman

<?php
/**
 * User class
 *
 * Sets up database results and preferences for a user and abstracts this info
 *
 *  You can now optionally pass in a db result
 *  handle. If you do, it re-uses that query
 *  to instantiate the objects
 *
 *  IMPORTANT! That db result must contain all fields
 *  from users table or you will have problems
 *
 * GENERALLY YOU SHOULD NEVER INSTANTIATE THIS OBJECT DIRECTLY
 * USE user_get_object() to instantiate properly - this will pool the objects
 * and increase efficiency
 *
 * Copyright 1999-2001 (c) VA Linux Systems
 *
 * @version   $Id: User.class.patched,v 1.1.2.1 2002/11/30 09:57:57 cbayle Exp $
 * @author Tim Perdue tperdue@valinux.com
 * @date 2000-10-11
 *
 * This file is part of GForge.
 *
 * GForge is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * GForge is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with GForge; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */

require_once('www/include/vote_function.php');
$USER_OBJ=array();

/**
 * user_get_object_by_name() - Get User object by username.
 *  user_get_object is useful so you can pool user objects/save database queries
 *  You should always use this instead of instantiating the object directly 
 *
 *  @param		string	The unix username - required
 *  @param		int		The result set handle ("SELECT * FROM USERS WHERE user_id=xx")
 *  @return a user object or false on failure
 *
 */
function &user_get_object_by_name($user_name,$res=false) {
	$user_name = strtolower($user_name);
	if (!$res) {
		$res=db_query("SELECT * FROM users WHERE user_name='$user_name'");
	}
	return user_get_object(db_result($res,0,'user_id'),$res);
}

/**
 * user_get_object() - Get User object by user ID.
 *  user_get_object is useful so you can pool user objects/save database queries
 *  You should always use this instead of instantiating the object directly 
 *
 *  @param		int		The ID of the user - required
 *  @param		int		The result set handle ("SELECT * FROM USERS WHERE user_id=xx")
 *  @return a user object or false on failure
 *
 */
function &user_get_object($user_id,$res=false) {
	//create a common set of group objects
	//saves a little wear on the database
	
	//automatically checks group_type and 
	//returns appropriate object
	
	global $USER_OBJ;
	if (!isset($USER_OBJ["_".$user_id."_"])) {
		if ($res) {
			//the db result handle was passed in
		} else {
			$res=db_query("SELECT * FROM users WHERE user_id='$user_id'");
		}
		if (!$res || db_numrows($res) < 1) {
			$USER_OBJ["_".$user_id."_"]=false;
		} else {
			$USER_OBJ["_".$user_id."_"]= new User($user_id,$res);
		}
	}
	return $USER_OBJ["_".$user_id."_"];
}

class User extends Error {
	/** 
	 * Associative array of data from db.
	 *
	 * @var		array	$data_array.
	 */
	var $data_array;
	
	/**
	 * Is this person a site super-admin?
	 *
	 * @var		bool	$is_super_user
	 */
	var $is_super_user;

	/**
	 * Is this person the logged in user?
	 *
	 * @var		bool	$is_logged_in
	 */
	var $is_logged_in;

	/**
	 * Array of preferences
	 *
	 * @var		array	$user_pref
	 */
	var $user_pref;

	var $theme;
	var $theme_id;

	/**
	 *	User($id,$res) - CONSTRUCTOR - GENERALLY DON'T USE THIS
	 *
	 *	instead use the user_get_object() function call
	 *
	 *	@param	int		The user_id
	 *	@param	int		The database result set
	 */
	function User($id=false,$res=false) {
		$this->Error();
		if (!$id) {
			//setting up an empty object
			//probably going to call create()
			return true;
		}
		if (!$res) {
			$this->fetchData($id);
		} else {
			if (db_numrows($res) < 1) {
				//function in class we extended
				$this->setError('User Not Found');
				$this->data_array=array();
				return false;
			} else {
				//set up an associative array for use by other functions
				db_reset_result($res);
				$this->data_array =& db_fetch_array($res);
			}
		}
		$this->is_super_user=false;
		$this->is_logged_in=false;
		return true;
	}
	
	/**
	 * create() - Create a new user
	 *
	 * @param	string	The unix username 
	 * @param	string	The real username
	 * @param	string	The first password 
	 * @param	string	The confirmation password 
	 * @param	string	The users email address
	 * @param	string	The users preferred default language
	 * @param	string	The users preferred default timezone
	 * @param	string	The users preference for receiving site updates by email
	 * @param	string	The users preference for receiving community updates by email
	 * @param	int		The ID of the language preference
	 * @param	string	The users preferred timezone
	 * @param	string	The users Jabber address
	 * @param	int		The users Jabber preference
	 * @returns The newly created user ID
	 *
	 */
	function create($unix_name,$realname,$password1,$password2,$email,
		$mail_site,$mail_va,$language_id,$timezone,$jabber_address,$jabber_only) {
		global $Language;
		if (!$unix_name) {
			//$this->setError('You must supply a username');
			$this->setError($Language->getText('account_register','err_username'));
			return false;
		}
		if (!$realname) {
			//$this->setError('You must supply a real name');
			$this->setError($Language->getText('account_register','err_realname'));
			return false;
		}
		if (!$password1) {
			//$this->setError('You must supply a password');
			$this->setError($Language->getText('account_register','err_passwd'));
			return false;
		}
		if ($password1 != $password2) {
			//$this->setError('Passwords do not match');
			$this->setError($Language->getText('account_register','err_passwd2'));
			return false;
		}
		if (!account_pwvalid($password1)) {
			//$this->setError('Password must be at least 6 characters');
			$this->setError($Language->getText('account_register','err_passwd3'));
			return false;
		}
		$unix_name=strtolower($unix_name);
		if (!account_namevalid($unix_name)) {
			//$this->setError('Invalid Unix Name. ');
			$this->setError($Language->getText('account_register','err_unixname'));
			return false;
		}
		if (!validate_email($email)) {
			//$this->setError('Invalid Email Address');
			$this->setError($Language->getText('account_register','err_email'));
			return false;
		}
		if ($jabber_address && !validate_email($jabber_address)) {
			$this->setError($Language->getText('account_register','err_jabber'));
			return false;
		}
		if (!$jabber_only) {
			$jabber_only=0;
		} else {
			$jabber_only=1;
		}
		if (db_numrows(db_query("SELECT user_id FROM users WHERE user_name LIKE '$unix_name'")) > 0) {
			//$this->setError('That username already exists.');
			$this->setError($Language->getText('account_register','err_userexist'));
			return false;
		}
		if ($GLOBALS['sys_require_unique_email']) {
			if (db_numrows(db_query("SELECT user_id FROM users WHERE email='$email'")) > 0) {
				//$this->setError('User with this email already exists - use people search to recover your login.');
				$this->setError($Language->getText('account_register','err_mailexist'));
				return false;
			}
		}
		// if we got this far, it must be good
		$confirm_hash = substr(md5($session_hash . $password1 . time()),0,16);
		db_begin();
		$result=db_query("INSERT INTO users (user_name,user_pw,unix_pw,realname,email,add_date,
			status,confirm_hash,mail_siteupdates,mail_va,language,timezone,jabber_address,jabber_only) 
			VALUES ('$unix_name',
			'". md5($password1) . "',
			'". account_genunixpw($password1) . "',
			'". htmlspecialchars($realname). "',
			'$email',
			'" . time() . "',
			'P',
			'$confirm_hash',
			'". (($mail_site)?"1":"0") . "',
			'". (($mail_va)?"1":"0") . "',
			'$language_id',
			'$timezone',
			'$jabber_address',
			'$jabber_only')");
		$id = db_insertid($result,'users','user_id');
	
		if (!$result || !$id) {
			$this->setError($Language->getText('account_register','err_badinsert') .db_error());
			db_rollback();
			return false;
		} else {

			// send mail
			if (!$this->fetchData($id)) {
				db_rollback();
				return false;
			}

			$this->sendRegistrationEmail();

			db_commit();
			return $id;
		}
	}

	/**
	 *	sendRegistrationEmail() - Send email for registration verification
	 *
	 *	@return true or false
	 */
	function sendRegistrationEmail() {
		global $Language;
		$message=stripcslashes($Language->getText('account_register','message_body',array($this->getUnixName(),$GLOBALS['sys_default_domain'],$this->getConfirmHash(),$GLOBALS['sys_name'])));
		util_send_message(
			$this->getEmail(),
			$Language->getText('account_register','message_header',array($GLOBALS['sys_name'])),
			$message
		);
	}

	/**
	 *	update() - update *common* properties of User object
	 *
	 *	Use specific setter to change other properties
	 *
	 *  @param	string	The users real name
	 *  @param	int		The ID of the users language preference
	 *  @param	string	The useres timezone preference
	 *  @param	string	The users preference for receiving site updates by email
	 *  @param	string	The users preference for receiving community updates by email
	 *	@param	string	The users preference for being participating in "peer ratings"
	 *	@param	string	The users Jabber account address
	 *	@param	int		The users Jabber preference
	 */
	function update($realname,$language_id,$timezone,$mail_site,$mail_va,$use_ratings,
		$jabber_address,$jabber_only) {
		global $Language;
		$mail_site = $mail_site ? 1 : 0;
		$mail_va   = $mail_va   ? 1 : 0;
		$block_ratings = $use_ratings ? 0 : 1;

		if ($jabber_address && !validate_email($jabber_address)) {
			$this->setError($Language->getText('account_register','err_jabber'));
			return false;
		}
		if (!$jabber_only) {
			$jabber_only=0;
		} else {
			$jabber_only=1;
		}

		db_begin();

		$res = db_query("
			UPDATE users
			SET
			realname='".htmlspecialchars($realname)."',
			language='$language_id',
			timezone='$timezone',
			mail_siteupdates=$mail_site,
			mail_va=$mail_va,
			block_ratings='$block_ratings',
			jabber_address='$jabber_address',
			jabber_only='$jabber_only'
			WHERE user_id='".$this->getID()."'
		");

		if (!$res) {
			$this->setError('ERROR - Could Not Update User Object: '.db_error());
			db_rollback();
			return false;
		} else {
			// If there's a transaction from using to not
			// using ratings, remove all rating made by the
			// user (ratings by others should not be removed,
			// as it opens possibility to abuse rate system)
			if (!$use_ratings && $this->usesRatings()) {
				vote_remove_all_ratings_by($this->getID());
			}
			if (!$this->fetchData($this->getID())) {
				db_rollback();
				return false;
			}
			db_commit();
			return true;
		}
	}

	/**
	 *	fetchData - May need to refresh database fields.
	 *
	 *	If an update occurred and you need to access the updated info.
	 *
	 *	@return boolean success;
	 */
	function fetchData($user_id) {
		$res=db_query("SELECT * FROM users WHERE user_id='$user_id'");
		if (!$res || db_numrows($res) < 1) {
			$this->setError('User::fetchData()::'.db_error());
			return false;
		}
		$this->data_array =& db_fetch_array($res);
		return true;
	}
	
	/**
	 *	getID - Simply return the user_id for this object.
	 *
	 *	@return	int	This user's user_id number.
	 */
	function getID() {
		return $this->data_array['user_id'];
	}

	/**
	 *	getStatus - get the status of this user.
	 *
	 *	Statuses include (A)ctive, (P)ending, (S)uspended ,(D)eleted.
	 *
	 *	@return	char	This user's status flag.
	 */
	function getStatus() {
		return $this->data_array['status'];
	}

	/**
	 *	setStatus - set this user's status.
	 *
	 *	@param	string	Status - P, A, S, or D.
	 *	@return	boolean	success.
	 */
	function setStatus($status) {

		if ($status != 'P' && $status != 'A'
			&& $status != 'S' && $status != 'D') {
			$this->setError('ERROR: Invalid status value');
			return false;
		}

		db_begin();
		$res=db_query("
			UPDATE users 
			SET status='$status'