<?php
/**
- * GFUser class
+ * FusionForge user management
*
- * Sets up database results and preferences for a user and abstracts this info
+ * Copyright 1999-2001, VA Linux Systems, Inc.
+ * Copyright 2009, Roland Mas
*
- * You can now optionally pass in a db result
- * handle. If you do, it re-uses that query
- * to instantiate the objects
+ * This file is part of FusionForge.
*
- * IMPORTANT! That db result must contain all fields
- * from users table or you will have problems
- *
- * GENERALLY YOU SHOULD NEVER INSTANTIATE THIS OBJECT DIRECTLY
- * USE user_get_object() to instantiate properly - this will pool the objects
- * and increase efficiency
- *
- * Copyright 1999-2001 (c) VA Linux Systems
- *
- * @version $Id$
- * @author Tim Perdue tperdue@valinux.com
- * @date 2000-10-11
- *
- * This file is part of GForge.
- *
- * GForge is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * GForge is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
+ * FusionForge is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published
+ * by the Free Software Foundation; either version 2 of the License,
+ * or (at your option) any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
*
* You should have received a copy of the GNU General Public License
- * along with GForge; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * along with FusionForge; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ * USA
*/
-require_once('www/include/vote_function.php');
+require_once $gfwww.'include/vote_function.php';
$USER_OBJ=array();
/**
function &user_get_object_by_name($user_name,$res=false) {
$user_name = strtolower($user_name);
if (!$res) {
- $res=db_query("SELECT * FROM users WHERE user_name='$user_name'");
+ $res = db_query_params ('SELECT * FROM users WHERE user_name=$1',
+ array ($user_name)) ;
+ }
+ return user_get_object(db_result($res,0,'user_id'),$res);
+}
+
+/**
+ * user_get_object_by_email() - Get User object by email address
+ * Only works if sys_require_unique_email is true
+ *
+ * @param string The unix username - required
+ * @param int The result set handle ("SELECT * FROM USERS WHERE user_id=xx")
+ * @return a user object or false on failure
+ *
+ */
+function user_get_object_by_email($email,$res=false) {
+ if (!validate_email($email)
+ || !$GLOBALS['sys_require_unique_email']) {
+ return false ;
+ }
+ if (!$res) {
+ $res=db_query_params('SELECT * FROM users WHERE email=$1',
+ array ($email));
}
return user_get_object(db_result($res,0,'user_id'),$res);
}
if ($res) {
//the db result handle was passed in
} else {
- $res=db_query("SELECT * FROM users WHERE user_id='$user_id'");
+ $res = db_query_params ('SELECT * FROM users WHERE user_id=$1',
+ array ($user_id)) ;
}
if (!$res || db_numrows($res) < 1) {
$USER_OBJ["_".$user_id."_"]=false;
}
}
if (count($fetch) > 0) {
- $sql="SELECT * FROM users WHERE user_id IN ('".implode($fetch,'\',\'') ."')";
- $res=db_query($sql);
+ $res = db_query_params ('SELECT * FROM users WHERE user_id = ANY ($1)',
+ array (db_int_array_to_any_clause ($fetch))) ;
while ($arr =& db_fetch_array($res)) {
$USER_OBJ["_".$arr['user_id']."_"] = new GFUser($arr['user_id'],$arr);
$return[] =& $USER_OBJ["_".$arr['user_id']."_"];
}
function &user_get_objects_by_name($username_arr) {
- $res=db_query("SELECT user_id FROM users WHERE user_name IN ('".implode($username_arr,'\',\'')."')");
+ $res = db_query_params ('SELECT user_id FROM users WHERE user_name = ANY ($1)',
+ array (db_string_array_to_any_clause ($username_arr))) ;
$arr =& util_result_column_to_array($res,0);
return user_get_objects($arr);
}
function create($unix_name,$firstname,$lastname,$password1,$password2,$email,
$mail_site,$mail_va,$language_id,$timezone,$jabber_address,$jabber_only,$theme_id,
$unix_box='shell',$address='',$address2='',$phone='',$fax='',$title='',$ccode='US',$send_mail=true) {
+ global $SYS;
if (!$theme_id) {
$this->setError(_('You must supply a theme'));
return false;
}
- if (!$unix_name) {
- $this->setError(_('You must supply a username'));
- return false;
+ if (! $GLOBALS['sys_require_unique_email']) {
+ if (!$unix_name) {
+ $this->setError(_('You must supply a username'));
+ return false;
+ }
}
if (!$firstname) {
$this->setError(_('You must supply a first name'));
$this->setError(_('Invalid Unix Name.'));
return false;
}
+ if (!$SYS->sysUseUnixName($unix_name)) {
+ $this->setError(_('Unix name already taken'));
+ return false;
+ }
if (!validate_email($email)) {
$this->setError(_('Invalid Email Address'));
return false;
} else {
$jabber_only=1;
}
- if (db_numrows(db_query("SELECT user_id FROM users WHERE user_name LIKE '$unix_name'")) > 0) {
+ if ($unix_name && db_numrows(db_query_params('SELECT user_id FROM users WHERE user_name LIKE $1',
+ array ($unix_name))) > 0) {
$this->setError(_('That username already exists.'));
return false;
}
if ($GLOBALS['sys_require_unique_email']) {
- if (db_numrows(db_query("SELECT user_id FROM users WHERE email='$email'")) > 0) {
+ if (user_get_object_by_email ('$email')) {
$this->setError(_('User with this email already exists - use people search to recover your login.'));
return false;
}
}
+ if ($GLOBALS['sys_require_unique_email'] && !$unix_name) {
+ // Let's generate a loginname for the user
+ // ...based on the email address:
+ $email_array = explode ('@', $email, 2) ;
+ $email_u = $email_array [0] ;
+ $l = ereg_replace ('[^a-z0-9]', '', $email_u) ;
+ $l = substr ($l, 0, 15) ;
+ // Is the user part of the email address okay?
+ if (account_namevalid($l)
+ && db_numrows(db_query_params('SELECT user_id FROM users WHERE user_name = $1',
+ array ($l))) == 0) {
+ $unix_name = $l ;
+ } else {
+ // No? What if we add a number at the end?
+ $i = 0 ;
+ while ($i < 1000) {
+ $c = substr ($l, 0, 15-strlen ("$i")) . "$i" ;
+ if (account_namevalid($c)
+ && db_numrows(db_query_params('SELECT user_id FROM users WHERE user_name = $1',
+ array ($c))) == 0) {
+ $unix_name = $c ;
+ break;
+ }
+ $i++ ;
+ }
+ }
+ // If we're really unlucky, then let's go brute-force
+ while (!$unix_name) {
+ $c = substr (md5($email . rand()), 0, 15) ;
+ if (account_namevalid($c)
+ && db_numrows(db_query_params('SELECT user_id FROM users WHERE user_name = $1',
+ array ($c))) == 0) {
+ $unix_name = $c ;
+ }
+ }
+ }
+ $unix_name=strtolower($unix_name);
+ if (!account_namevalid($unix_name)) {
+ $this->setError(_('Invalid Unix Name.'));
+ return false;
+ }
// if we got this far, it must be good
- $confirm_hash = substr(md5($session_hash . $password1 . time()),0,16);
+ $confirm_hash = substr(md5($password1 . rand() . microtime()),0,16);
db_begin();
- $sql="INSERT INTO users (user_name,user_pw,unix_pw,realname,firstname,lastname,email,add_date,
- status,confirm_hash,mail_siteupdates,mail_va,language,timezone,jabber_address,jabber_only,
- unix_box,address,address2,phone,fax,title,ccode,theme_id)
- VALUES ('$unix_name',
- '". md5($password1) . "',
- '". account_genunixpw($password1) . "',
- '". htmlspecialchars($firstname.' '.$lastname). "',
- '". htmlspecialchars($firstname). "',
- '". htmlspecialchars($lastname). "',
- '$email',
- '" . time() . "',
- 'P',
- '$confirm_hash',
- '". (($mail_site)?"1":"0") . "',
- '". (($mail_va)?"1":"0") . "',
- '$language_id',
- '$timezone',
- '$jabber_address',
- '$jabber_only',
- '$unix_box',
- '". htmlspecialchars($address) ."',
- '". htmlspecialchars($address2) ."',
- '". htmlspecialchars($phone) ."',
- '". htmlspecialchars($fax) ."',
- '". htmlspecialchars($title) ."',
- '$ccode',
- '$theme_id')";
-
-
- $result=db_query($sql);
-
+ $result = db_query_params ('INSERT INTO users (user_name,user_pw,unix_pw,realname,firstname,lastname,email,add_date,status,confirm_hash,mail_siteupdates,mail_va,language,timezone,jabber_address,jabber_only,unix_box,address,address2,phone,fax,title,ccode,theme_id) VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16,$17,$18,$19,$20,$21,$22,$23,$24)',
+ array ($unix_name,
+ md5($password1),
+ account_genunixpw($password1),
+ htmlspecialchars($firstname.' '.$lastname),
+ htmlspecialchars($firstname),
+ htmlspecialchars($lastname),
+ $email,
+ time(),
+ 'P',
+ $confirm_hash,
+ (($mail_site)?"1":"0"),
+ (($mail_va)?"1":"0"),
+ $language_id,
+ $timezone,
+ $jabber_address,
+ $jabber_only,
+ $unix_box,
+ htmlspecialchars($address),
+ htmlspecialchars($address2),
+ htmlspecialchars($phone),
+ htmlspecialchars($fax),
+ htmlspecialchars($title),
+ $ccode,
+ $theme_id)) ;
if (!$result) {
- $this->setError(_('Insert Failed') .db_error().$sql);
+ $this->setError(_('Insert Failed') . db_error());
db_rollback();
return false;
} else {
return false;
}
+ $hook_params = array ();
+ $hook_params['user'] = $this;
+ $hook_params['user_id'] = $this->getID();
+ $hook_params['user_name'] = $unix_name;
+ $hook_params['user_password'] = $password1;
+ plugin_hook ("user_create", $hook_params);
+
if ($send_mail) {
setup_gettext_from_lang_id($language_id);
$this->sendRegistrationEmail();
- setup_gettext_from_browser() ;
+ setup_gettext_from_context();
}
db_commit();
* @return true or false
*/
function sendRegistrationEmail() {
- $message=stripcslashes(sprintf(_('Thank you for registering on the %4$s web site. You have
+ $message=stripcslashes(sprintf(_('Thank you for registering on the %3$s web site. You have
account with username %1$s created for you. In order
to complete your registration, visit the following url:
-<http://%2$s/account/verify.php?confirm_hash=_%3$s>
+<%2$s>
(If you don\'t see any URL above, it is likely due to a bug in your mail client.
Use one below, but make sure it is entered as the single line.)
-http://%2$s/account/verify.php?confirm_hash=_%3$s
+%2$s
Enjoy the site.
--- the %4$s staff
-'), $this->getUnixName(), $GLOBALS['sys_default_domain'], $this->getConfirmHash(), $GLOBALS['sys_name']));
+-- the %3$s staff
+'),
+ $this->getUnixName(),
+ util_make_url ('/account/verify.php?confirm_hash=_'.$this->getConfirmHash()),
+ forge_get_config ('forge_name')));
util_send_message(
$this->getEmail(),
- sprintf(_('%1$s Account Registration'), $GLOBALS['sys_name']),
+ sprintf(_('%1$s Account Registration'), forge_get_config ('forge_name')),
$message
);
}
}
db_begin();
- $res = db_query("DELETE FROM artifact_monitor WHERE user_id='".$this->getID()."' ");
+ $res = db_query_params ('DELETE FROM artifact_monitor WHERE user_id=$1',
+ array ($this->getID())) ;
if (!$res) {
$this->setError('ERROR - Could Not Delete From artifact_monitor: '.db_error());
db_rollback();
return false;
}
- $res = db_query("DELETE FROM artifact_type_monitor WHERE user_id='".$this->getID()."' ");
+ $res = db_query_params ('DELETE FROM artifact_type_monitor WHERE user_id=$1',
+ array ($this->getID())) ;
if (!$res) {
$this->setError('ERROR - Could Not Delete From artifact_type_monitor: '.db_error());
db_rollback();
return false;
}
- $res = db_query("DELETE FROM forum_monitored_forums WHERE user_id='".$this->getID()."' ");
+ $res = db_query_params ('DELETE FROM forum_monitored_forums WHERE user_id=$1',
+ array ($this->getID())) ;
if (!$res) {
$this->setError('ERROR - Could Not Delete From forum_monitored_forums: '.db_error());
db_rollback();
return false;
}
- $res = db_query("DELETE FROM filemodule_monitor WHERE user_id='".$this->getID()."' ");
+ $res = db_query_params ('DELETE FROM filemodule_monitor WHERE user_id=$1',
+ array ($this->getID())) ;
if (!$res) {
$this->setError('ERROR - Could Not Delete From filemodule_monitor: '.db_error());
db_rollback();
return false;
}
+
+ $hook_params = array ();
+ $hook_params['user'] = $this;
+ $hook_params['user_id'] = $this->getID();
+ plugin_hook ("user_delete", $hook_params);
+
$this->setStatus('D');
db_commit();
}
db_begin();
- $res = db_query("
+ $res = db_query_params ('
UPDATE users
SET
- realname='".htmlspecialchars($firstname . ' ' .$lastname)."',
- firstname='".htmlspecialchars($firstname)."',
- lastname='".htmlspecialchars($lastname)."',
- language='$language_id',
- timezone='$timezone',
- mail_siteupdates=$mail_site,
- mail_va=$mail_va,
- block_ratings='$block_ratings',
- jabber_address='$jabber_address',
- jabber_only='$jabber_only',
- address='". htmlspecialchars($address) ."',
- address2='". htmlspecialchars($address2) ."',
- phone='". htmlspecialchars($phone) ."',
- fax='". htmlspecialchars($fax) ."',
- title='". htmlspecialchars($title) ."',
- ccode='$ccode',
- theme_id='$theme_id'
- WHERE user_id='".$this->getID()."'
- ");
+ realname=$1,
+ firstname=$2,
+ lastname=$3,
+ language=$4,
+ timezone=$5,
+ mail_siteupdates=$6,
+ mail_va=$7,
+ block_ratings=$8,
+ jabber_address=$9,
+ jabber_only=$10,
+ address=$11,
+ address2=$12,
+ phone=$13,
+ fax=$14,
+ title=$15,
+ ccode=$16,
+ theme_id=$17
+ WHERE user_id=$18',
+ array (
+ htmlspecialchars($firstname . ' ' .$lastname),
+ htmlspecialchars($firstname),
+ htmlspecialchars($lastname),
+ $language_id,
+ $timezone,
+ $mail_site,
+ $mail_va,
+ $block_ratings,
+ $jabber_address,
+ $jabber_only,
+ htmlspecialchars($address) ,
+ htmlspecialchars($address2) ,
+ htmlspecialchars($phone) ,
+ htmlspecialchars($fax) ,
+ htmlspecialchars($title) ,
+ $ccode,
+ $theme_id,
+ $this->getID())) ;
if (!$res) {
$this->setError('ERROR - Could Not Update User Object: '.db_error());
db_rollback();
return false;
}
+
+ $hook_params = array ();
+ $hook_params['user'] = $this;
+ $hook_params['user_id'] = $this->getID();
+ plugin_hook ("user_update", $hook_params);
+
db_commit();
return true;
}
* @return boolean success;
*/
function fetchData($user_id) {
- $res=db_query("SELECT * FROM users WHERE user_id='$user_id'");
+ $res = db_query_params ('SELECT * FROM users WHERE user_id=$1',
+ array ($user_id)) ;
if (!$res || db_numrows($res) < 1) {
$this->setError('GFUser::fetchData()::'.db_error());
return false;
}
db_begin();
- $res=db_query("UPDATE users
- SET status='$status'
- WHERE user_id='". $this->getID()."'");
+ $res = db_query_params ('UPDATE users SET status=$1 WHERE user_id=$2',
+ array ($status,
+ $this->getID())) ;
if (!$res) {
$this->setError('ERROR - Could Not Update User Status: '.db_error());
$this->data_array['status']=$status;
if ($status == 'D') {
// Remove this user from all groups
- $res = db_query(" DELETE FROM user_group WHERE user_id='".$this->getID()."' ");
+ $res = db_query_params ('DELETE FROM user_group WHERE user_id=$1',
+ array ($this->getID())) ;
if (!$res) {
$this->setError('ERROR - Could Not Propogate Deleted Status: '.db_error());
db_rollback();
return false;
}
}
+ $hook_params = array ();
+ $hook_params['user'] = $this;
+ $hook_params['user_id'] = $this->getID();
+ $hook_params['status'] = $status;
+ plugin_hook ("user_setstatus", $hook_params);
+
db_commit();
//plugin webcalendar, create cal_user
function setUnixStatus($status) {
global $SYS;
db_begin();
- $res=db_query("
- UPDATE users
- SET unix_status='$status'
- WHERE user_id='". $this->getID()."'
- ");
+ $res = db_query_params ('UPDATE users SET unix_status=$1 WHERE user_id=$2',
+ array ($status,
+ $this->getID())) ;
if (!$res) {
$this->setError('ERROR - Could Not Update User Unix Status: '.db_error());
function getMD5Passwd() {
return $this->data_array['user_pw'];
}
+
+ //Added to be compatible with codendi getUserPw function
+ function getUserPw() {
+ return $this->data_array['user_pw'];
+ }
/**
* getConfirmHash - the confirm hash in the db.
function getEmail() {
return $this->data_array['email'];
}
+
+ /**
+ * getSha1Email - a SHA1 encoded hash of the email URI (including mailto: prefix)
+ *
+ * @return string The SHA1 encoded value for the email
+ */
+ function getSha1Email() {
+ return sha1('mailto:'.$this->getEmail());
+ }
/**
* getNewEmail - while changing an email address, it is stored here until confirmation.
* @return boolean success.
*/
function setEmail($email) {
+
+ if (!strcasecmp($this->getEmail(), stripslashes($email))) {
+ return true;
+ }
+
if (!$email || !validate_email($email)) {
$this->setError('ERROR: Invalid Email');
return false;
}
- $res=db_query("
- UPDATE users
- SET email='$email'
- WHERE user_id='". $this->getID()."'
- ");
+
+ if ($GLOBALS['sys_require_unique_email']) {
+ if (db_numrows(db_query_params('SELECT user_id FROM users WHERE user_id!=$1 AND (lower(email) LIKE $2 OR lower(email_new) LIKE $2)',
+ array ($this->getID(),
+ strtolower($email)))) > 0) {
+ $this->setError(_('User with this email already exists.'));
+ return false;
+ }
+ }
+
+ db_begin();
+ $res = db_query_params ('UPDATE users SET email=$1 WHERE user_id=$2',
+ array ($email,
+ $this->getID())) ;
if (!$res) {
$this->setError('ERROR - Could Not Update User Email: '.db_error());
+ db_rollback();
return false;
} else {
- $this->data_array['email'] = $email;
+ $hook_params = array ();
+ $hook_params['user'] = $this;
+ $hook_params['user_id'] = $this->getID();
+ $hook_params['user_email'] = $email;
+ plugin_hook ("user_setemail", $hook_params);
+
+ if (!$this->fetchData($this->getId())) {
+ db_rollback();
+ return false;
+ }
+
+ db_commit();
return true;
}
}
return false;
}
- $res=db_query("
- UPDATE users
- SET confirm_hash='$hash',
- email_new='$email'
- WHERE user_id='".$this->getID()."'
- ");
-
+ if ($GLOBALS['sys_require_unique_email']) {
+ if (db_numrows(db_query_params('SELECT user_id FROM users WHERE user_id!=$1 AND (lower(email) LIKE $2 OR lower(email_new) LIKE $2)',
+ array ($this->getID(),
+ strtolower($email)))) > 0) {
+ $this->setError(_('User with this email already exists.'));
+ return false;
+ }
+ }
+ $res = db_query_params ('UPDATE users SET confirm_hash=$1, email_new=$2 WHERE user_id=$3',
+ array ($hash,
+ $email,
+ $this->getID())) ;
if (!$res) {
$this->setError('ERROR - Could Not Update User Email And Hash: '.db_error());
return false;
* @return string This user's real name.
*/
function getRealName() {
- return $this->getFirstName(). ' ' .$this->getLastName();
+ $last_name = $this->getLastName();
+ return $this->getFirstName(). ($last_name ? ' ' .$last_name:'');
}
/**
}
db_begin();
- $res=db_query("
- UPDATE users
- SET shell='$shell'
- WHERE user_id='". $this->getID()."'
- ");
-
+ $res = db_query_params ('UPDATE users SET shell=$1 WHERE user_id=$2',
+ array ($shell,
+ $this->getID())) ;
if (!$res) {
$this->setError('ERROR - Could Not Update User Unix Shell: '.db_error());
db_rollback();
* @return array Array of groups.
*/
function &getGroups() {
- $sql="SELECT group_id
- FROM user_group
- WHERE user_id='". $this->getID() ."'";
- $res=db_query($sql);
+ $res = db_query_params ('SELECT group_id FROM user_group WHERE user_id=$1',
+ array ($this->getID())) ;
$arr =& util_result_column_to_array($res,0);
return group_get_objects($arr);
}
$keys = ereg_replace("\n+", "\n", $keys); // Remove empty lines
$keys = ereg_replace("\n", "###", $keys); // Convert EOL to marker
- $res=db_query("
- UPDATE users
- SET authorized_keys='$keys'
- WHERE user_id='".$this->getID()."'
- ");
-
+ $res = db_query_params ('UPDATE users SET authorized_keys=$1 WHERE user_id=$2',
+ array ($keys,
+ $this->getID())) ;
if (!$res) {
$this->setError('ERROR - Could Not Update User SSH Keys');
return false;
$this->is_logged_in=$val;
if ($val) {
//if this is the logged in user, see if they are a super user
- $sql="SELECT count(*) AS count FROM user_group WHERE user_id='". $this->getID() ."' AND group_id='1' AND admin_flags='A'";
- $result=db_query($sql);
+ $result = db_query_params ('SELECT count(*) AS count FROM user_group WHERE user_id=$1 AND group_id=1 AND admin_flags=$2',
+ array ($this->getID(),
+ 'A')) ;
if (!$result) {
$this->is_super_user=false;
return;
function deletePreference($preference_name) {
$preference_name=strtolower(trim($preference_name));
unset($this->user_pref["$preference_name"]);
- $res= db_query("DELETE FROM user_preferences
- WHERE user_id='". $this->getID() ."'
- AND preference_name='$preference_name'");
+ $res = db_query_params ('DELETE FROM user_preferences WHERE user_id=$1 AND preference_name=$2',
+ array ($this->getID(),
+ $preference_name)) ;
return $res;
}
//delete pref if not value passed in
unset($this->user_pref);
if (!isset($value)) {
- $result=db_query("DELETE FROM user_preferences WHERE
- user_id='". $this->getID() ."' AND preference_name='$preference_name'");
+ $result = db_query_params ('DELETE FROM user_preferences WHERE user_id=$1 AND preference_name=$2',
+ array ($this->getID(),
+ $preference_name)) ;
} else {
- $result=db_query("UPDATE user_preferences SET preference_value='$value',set_date='". time() ."' ".
- "WHERE user_id='". $this->getID() ."' ".
- "AND preference_name='$preference_name'");
+ $result = db_query_params ('UPDATE user_preferences SET preference_value=$1,set_date=$2 WHERE user_id=$3 AND preference_name=$4',
+ array ($value,
+ time(),
+ $this->getID(),
+ $preference_name)) ;
if (db_affected_rows($result) < 1) {
//echo db_error();
- $result=db_query("INSERT INTO user_preferences (user_id,preference_name,preference_value,set_date) ".
- "VALUES ('". $this->getID() ."','$preference_name','$value','". time() ."')");
+ $result = db_query_params ('INSERT INTO user_preferences (user_id,preference_name,preference_value,set_date) VALUES ($1,$2,$3,$4)',
+ array ($this->getID(),
+ $preference_name,
+ $value,
+ time())) ;
return $result;
}
}
/*
First check to see if we have already fetched the preferences
*/
- if ($this->user_pref) {
+ if (isset($this->user_pref)) {
//echo "\n\nPrefs were fetched already";
- if ($this->user_pref["$preference_name"]) {
+ if (isset($this->user_pref["$preference_name"])) {
//we have fetched prefs - return part of array
return $this->user_pref["$preference_name"];
} else {
}
} else {
//we haven't returned prefs - go to the db
- $result=db_query("SELECT preference_name,preference_value FROM user_preferences ".
- "WHERE user_id='". $this->getID() ."'");
+ $result = db_query_params ('SELECT preference_name,preference_value FROM user_preferences WHERE user_id=$1',
+ array ($this->getID())) ;
if (db_numrows($result) < 1) {
//echo "\n\nNo Prefs Found";
return false;
}
db_begin();
- $unix_pw = account_genunixpw($passwd);
+ $md5_pw = md5 ($passwd) ;
+ $unix_pw = account_genunixpw ($passwd) ;
- $res=db_query("
- UPDATE users
- SET user_pw='" . md5($passwd) . "',
- unix_pw='$unix_pw'
- WHERE user_id='".$this->getID()."'
- ");
+ $res = db_query_params ('UPDATE users SET user_pw=$1, unix_pw=$2 WHERE user_id=$3',
+ array ($md5_pw,
+ $unix_pw,
+ $this->getID())) ;
if (!$res || db_affected_rows($res) < 1) {
$this->setError('ERROR - Could Not Change User Password: '.db_error());
}
}
}
+ $hook_params = array ();
+ $hook_params['user'] = $this;
+ $hook_params['user_id'] = $this->getID();
+ $hook_params['user_password'] = $passwd;
+ plugin_hook ("user_setpasswd", $hook_params);
db_commit();
return true;
}
function getPlugins() {
if (!isset($this->plugins_data)) {
$this->plugins_data = array () ;
- $sql="SELECT user_plugin.plugin_id, plugins.plugin_name
- FROM user_plugin, plugins
- WHERE user_plugin.user_id=".$this->getID()."
- AND user_plugin.plugin_id = plugins.plugin_id" ;
- $res=db_query($sql);
+ $sql="" ;
+ $res = db_query_params ('SELECT user_plugin.plugin_id, plugins.plugin_name
+ FROM user_plugin, plugins
+ WHERE user_plugin.user_id=$1
+ AND user_plugin.plugin_id=plugins.plugin_id',
+ array ($this->getID())) ;
$rows = db_numrows($res);
for ($i=0; $i<$rows; $i++) {
// State is already good, returning
return true ;
}
- $sql="SELECT plugin_id
- FROM plugins
- WHERE plugin_name = '" . $pluginname . "'" ;
- $res=db_query($sql);
+ $res = db_query_params ('SELECT plugin_id FROM plugins WHERE plugin_name=$1',
+ array ($pluginname)) ;
$rows = db_numrows($res);
if ($rows == 0) {
// Error: no plugin by that name
// Invalidate cache
unset ($this->plugins_data) ;
if ($val) {
- $sql="INSERT INTO user_plugin (user_id, plugin_id)
- VALUES (". $this->getID() . ", ". $plugin_id .")" ;
- $res=db_query($sql);
- return $res ;
+ return db_query_params ('INSERT INTO user_plugin (user_id,plugin_id) VALUES ($1,$2)',
+ array ($this->getID(),
+ $plugin_id)) ;
} else {
- $sql="DELETE FROM user_plugin
- WHERE user_id = ". $this->getID() . "
- AND plugin_id = ". $plugin_id ;
- $res=db_query($sql);
- return $res ;
+ return db_query_params ('DELETE FROM user_plugin WHERE user_id=$1 AND plugin_id=$2',
+ array ($this->getID(),
+ $plugin_id)) ;
}
}
*/
function unsubscribeFromMailings($all=false) {
$res1 = $res2 = $res3 = true;
- $res1 = db_query("
- UPDATE users
- SET mail_siteupdates=0,
- mail_va=0
- WHERE user_id='".$this->getID()."'
- ");
+ $res1 = db_query_params ('UPDATE users SET mail_siteupdates=0, mail_va=0 WHERE user_id=$1',
+ array ($this->getID())) ;
if ($all) {
- $res2 = db_query("
- DELETE FROM forum_monitored_forums
- WHERE user_id='".$this->getID()."'
- ");
- $res3 = db_query("
- DELETE FROM filemodule_monitor
- WHERE user_id='".$this->getID()."'
- ");
+ $res2 = db_query_params ('DELETE FROM forum_monitored_forums WHERE user_id=$1',
+ array ($this->getID())) ;
+ $res3 = db_query_params ('DELETE FROM filemodule_monitor WHERE user_id=$1',
+ array ($this->getID())) ;
}
return $res1 && $res2 && $res3;
//
// An optimization in session_getdata lets us pre-fetch this in most cases.....
//
- if (!$this->data_array['dirname']) {
- $res=db_query("SELECT dirname FROM themes WHERE theme_id='".$this->getThemeID()."'");
+ if (!isset($this->data_array['dirname']) || !$this->data_array['dirname']) {
+ $res = db_query_params ('SELECT dirname FROM themes WHERE theme_id=$1',
+ array ($this->getThemeID())) ;
$this->theme=db_result($res,0,'dirname');
} else {
$this->theme=$this->data_array['dirname'];
}
return $this->theme;
}
+
+ /**
+ * getRole() - Get user Role object.
+ *
+ * @param object group object
+ * @return object Role object
+ */
+ function getRole(&$group) {
+ if (!$group || !is_object($group)) {
+ $this->setError('User::getRole : Unable to get group object');
+ return false;
+ }
+ $res = db_query_params ('SELECT role_id FROM user_group WHERE user_id=$1 AND group_id=$2',
+ array ($this->getID(),
+ $group->getID())) ;
+ if (!$res) {
+ $this->setError('User::getRole::DB - Could Not get role_id '.db_error());
+ return false;
+ }
+ $role_id = db_result($res,0,'role_id');
+ //
+ // Role setup
+ //
+ $role = new Role($group,$role_id);
+ if (!$role || !is_object($role)) {
+ $this->setError('Error Getting Role Object');
+ return false;
+ } elseif ($role->isError()) {
+ $this->setError('User::getRole::roleget::'.$role->getErrorMessage());
+ return false;
+ }
+ return $role;
+ }
+
+ function isMember($group_id, $type=0) {
+ if (!session_loggedin()) {
+ return false;
+ }
+
+ $project =& group_get_object($group_id);
+
+ if (!$project || !is_object($project)) {
+ exit_no_group();
+ }
+
+ $perm =& $project->getPermission( $this );
+ if (!$perm || !is_object($perm) || !$perm->isMember()) {
+ return false;
+ }
+
+ $type=strtoupper($type);
+
+ switch ($type) {
+ case 'P2' : {
+ //pm admin
+ return $perm->isPMAdmin();
+ break;
+ }
+ case 'F2' : {
+ //forum admin
+ return $perm->isForumAdmin();
+ break;
+ }
+ case '0' : {
+ //just in this group
+ return $perm->isMember();
+ break;
+ }
+ case 'A' : {
+ //admin for this group
+ return $perm->isAdmin();
+ break;
+ }
+ case 'D1' : {
+ //document editor
+ return $perm->isDocEditor();
+ break;
+ }
+ default : {
+ //fubar request
+ return false;
+ }
+ }
+ return false;
+
+ }
}
/*