328 lines
10 KiB
PHP
Executable File
328 lines
10 KiB
PHP
Executable File
<?php
|
|
|
|
/**
|
|
* @class user
|
|
* @brief Manage, display user
|
|
*
|
|
* @author Benjamin Mercier
|
|
* @date 08/03/2009
|
|
* @version 0.1
|
|
*/
|
|
class user {
|
|
|
|
/**
|
|
* @brief Array with information from current hosting for all API.
|
|
* @brief Null when user is not initialized
|
|
*/
|
|
public $information_user = null;
|
|
|
|
// obsolete, a virer
|
|
//public $user_not_logued = true;
|
|
|
|
/**
|
|
* @brief Result test for userInitialize.
|
|
* @brief Get the result code before be used by userCheckAccess
|
|
*/
|
|
public $result_test = null;
|
|
|
|
|
|
/**
|
|
* @brief Check autorisation to access for the page
|
|
* @return True ONLY : Do not use, for test !
|
|
*/
|
|
public function userCheckAccess($access_min, $access_max = null)
|
|
{
|
|
$user_statut = $this->result_test;
|
|
if ( $user_statut == 1 ) {
|
|
throw new myException('SECURITY WARNING : The password of user is not the same in DB and session');
|
|
} elseif ( $user_statut == 2 ) {
|
|
redirect('error-3.xhtml');
|
|
} elseif ( $user_statut == 3 ) {
|
|
redirect('error-4.xhtml');
|
|
}
|
|
|
|
if ( is_null($this->information_user) and $access_min == 0 ) {
|
|
return TRUE;
|
|
} elseif ( is_null($this->information_user) ) {
|
|
redirect('connection.xhtml');
|
|
}
|
|
|
|
$user_lvl = $this->information_user->lvl;
|
|
if ( $user_lvl < $access_min ) {
|
|
redirect('error-1.xhtml');
|
|
} elseif ( !is_null($access_max) and $user_lvl > $access_max ) {
|
|
redirect('error-2.xhtml');
|
|
} else {
|
|
return TRUE;
|
|
}
|
|
} // End of checkaccess
|
|
|
|
|
|
|
|
/**
|
|
* @brief Initialize information_user with all informations from the current user
|
|
* @return 0 : User not found
|
|
* @return 1 : Username & password is wrong
|
|
* @return 2 : User is not active
|
|
* @return 3 : Group is not active
|
|
* @return 4 : Evrythinks is okay :-)
|
|
* @returb 5 : User is not logued
|
|
*/
|
|
public function userInitialize()
|
|
{
|
|
|
|
// The user informations is initialized ?
|
|
if ( !is_null($this->information_user) ) {
|
|
throw new myException('The var information_user is already initialized');
|
|
}
|
|
// The sessions is existing ? No : User is not logged
|
|
if ( !isset($_SESSION['user_infos']) ) {
|
|
$this->result_test = 5;
|
|
return 5;
|
|
}
|
|
// Convert session in array
|
|
$informations = unserialize($_SESSION['user_infos']);
|
|
if ( !is_array($informations) ) {
|
|
throw new myException('the user_infos is not an array');
|
|
}
|
|
// Check the information where user_id in session database
|
|
$user_info = $this->selectInformationsFromDB($informations['user_id']);
|
|
if ( !$user_info ) throw new myException("Not user found with id '$userid'");
|
|
// User is found
|
|
|
|
// Get user, password, userid from session
|
|
$password = $informations['hash'];
|
|
$userid = $informations['user_id'];
|
|
$user_info = $user_info[0];
|
|
|
|
// The password of session and DB are differents
|
|
if ( $user_info->password != $password ) {
|
|
$this->result_test = 1;
|
|
return 1;
|
|
}
|
|
// The user is not active
|
|
elseif ( $user_info->user_active == 'false' ) {
|
|
$this->result_test = 2;
|
|
return 2;
|
|
}
|
|
// The group is not active
|
|
elseif ( $user_info->group_active == 'false' ) {
|
|
$this->result_test = 3;
|
|
return 3;
|
|
}
|
|
// All tests are passed, the user is logged
|
|
else {
|
|
$this->information_user = $user_info;
|
|
$this->result_test = 4;
|
|
return 4;
|
|
}
|
|
} // End of initializeUser
|
|
|
|
/**
|
|
* @brief Return the name of the user template
|
|
* @return Name/False : If name is empty, return false
|
|
*/
|
|
public function userGetTemplate()
|
|
{
|
|
if ( is_null($this->information_user) ) throw new myException('The user is not logued');
|
|
$template_name = $this->information_user->template;
|
|
if ( empty($template_name) ) return false;
|
|
else return $template_name;
|
|
} // End of getUserTemplate
|
|
|
|
/**
|
|
* @brief Return the lang of the user
|
|
* @return Lang/False : If lang is empty, return false
|
|
*/
|
|
public function userGetLang()
|
|
{
|
|
if ( is_null($this->information_user) ) throw new myException('The user is not logued');
|
|
$lang = $this->information_user->lang;
|
|
if ( empty($lang) ) return false;
|
|
else return $lang;
|
|
} // End of getUserLang
|
|
|
|
/**
|
|
* @brief Select informations from user in database
|
|
* @param user_id -> Id of a user, optionnaly
|
|
* @return Array with informations from user or FALSE is user is not found
|
|
*/
|
|
private function selectInformationsFromDB($user_id = NULL)
|
|
{
|
|
if ( is_null($user_id) ) {
|
|
$informations = unserialize($_SESSION['user_infos']);
|
|
if ( !is_array($informations) ) throw new myException('Need to get a user_id but informations session is not initialized');
|
|
$user_id = $informations['user_id'];
|
|
}
|
|
|
|
$req = "SELECT
|
|
u.username AS user,
|
|
u.password AS password,
|
|
u.id AS userid,
|
|
u.email AS email,
|
|
u.first_name AS first_name,
|
|
u.last_name AS last_name,
|
|
u.company AS company,
|
|
u.address AS address,
|
|
u.city AS city,
|
|
u.zipcode AS zipcode,
|
|
c.flag AS countrie,
|
|
u.template AS template,
|
|
u.is_active AS user_active,
|
|
g.is_active AS group_active,
|
|
g.name AS group_name,
|
|
g.id AS groupid,
|
|
g.lvl AS lvl,
|
|
l.flag AS lang,
|
|
l.is_lang AS lang_active
|
|
FROM users AS u
|
|
LEFT JOIN groups AS g
|
|
ON u.groups_id = g.id
|
|
LEFT JOIN countries AS c
|
|
ON u.countries_id = c.id
|
|
LEFT JOIN countries AS l
|
|
ON u.lang_id = l.id
|
|
WHERE
|
|
u.id = '$user_id'";
|
|
$user_selected = $_SESSION['database']->fetchObject($req);
|
|
if ( is_array($user_selected) ) {
|
|
if ( is_null($user_selected[0]->countrie) ) throw new myException('The user selected has no countrie flag');
|
|
elseif ( is_null($user_selected[0]->groupid) ) throw new myException('The user selected has no groupid');
|
|
elseif ( is_null($user_selected[0]->lvl) ) throw new myException('The group has not a int right '.$user_selected[0]->lvl);
|
|
else {
|
|
if ( $user_selected[0]->lang_active == 'false' ) $user_selected[0]->lang = null;
|
|
return $user_selected;
|
|
}
|
|
} else {
|
|
return FALSE;
|
|
}
|
|
} // End of selectInformationsFromDB
|
|
|
|
/**
|
|
* @brief Edit an user
|
|
* @param user_id -> ID of the user
|
|
* @param first_name -> First name of the user
|
|
* @param last_name -> Last name of the user
|
|
* @param company -> Name of the company
|
|
* @param address -> Address of the user
|
|
* @param city -> City of the user
|
|
* @param zipcode -> Zipcode of the user
|
|
* @param email -> Email of the user
|
|
* @param pseudo -> Pseudo of the user
|
|
* @param countrie_id -> Countrie of the user
|
|
* @param lang_id -> Lang of the user
|
|
* @param template -> Template of the user
|
|
* @return True : Member edited
|
|
*/
|
|
private function editMember($user_id, $first_name, $last_name, $company, $address, $city, $zipcode, $email, $pseudo, $countrie_id, $lang_id, $template)
|
|
{
|
|
$user_id = $_SESSION['database']->clearString($user_id);
|
|
$first_name = $_SESSION['database']->clearString($first_name);
|
|
$last_name = $_SESSION['database']->clearString($last_name);
|
|
$company = $_SESSION['database']->clearString($company);
|
|
$address = $_SESSION['database']->clearString($address);
|
|
$city = $_SESSION['database']->clearString($city);
|
|
$zipcode = $_SESSION['database']->clearString($zipcode);
|
|
$email = $_SESSION['database']->clearString($email);
|
|
$pseudo = $_SESSION['database']->clearString($pseudo);
|
|
$countrie_id = $_SESSION['database']->clearString($countrie_id);
|
|
$lang_id = $_SESSION['database']->clearString($lang_id);
|
|
$template = $_SESSION['database']->clearString($template);
|
|
|
|
$req = "UPDATE users
|
|
SET
|
|
username = '$pseudo',
|
|
email = '$email',
|
|
template = '$template',
|
|
lang_id = '$lang_id',
|
|
first_name = '$first_name',
|
|
last_name = '$last_name',
|
|
company = '$company',
|
|
address = '$address',
|
|
city = '$city',
|
|
zipcode = '$zipcode',
|
|
countries_id = '$countrie_id',
|
|
template = '$template'
|
|
WHERE id = '$user_id'";
|
|
$_SESSION['database']->execRequest($req);
|
|
|
|
// save action to history
|
|
history::add("history_action_profile",$user_id);
|
|
|
|
return true;
|
|
} // End of editMember
|
|
|
|
/**
|
|
* @brief Edit user
|
|
* @see Description from editMember
|
|
*/
|
|
public function userEdit($first_name, $last_name, $company, $address, $city, $zipcode, $email, $pseudo, $countrie_id, $lang_id, $template)
|
|
{
|
|
if ( $this->editMember($this->information_user->userid, $first_name, $last_name, $company, $address, $city, $zipcode, $email, $pseudo, $countrie_id, $lang_id, $template) ) {
|
|
return true;
|
|
} else {
|
|
return false;
|
|
}
|
|
} // End of userEdit
|
|
|
|
/**
|
|
* @brief Check existence of an username
|
|
* @param username -> Name of username
|
|
* @return True/False
|
|
*/
|
|
public function checkUsernameExistence ($username)
|
|
{
|
|
$username = $_SESSION['database']->clearString($username);
|
|
$req = "SELECT COUNT(id) AS total FROM users WHERE username='$username'";
|
|
$number = $_SESSION['database']->fetchObject($req);
|
|
if ( $number[0]->total >= 1) {
|
|
return false;
|
|
} else return true;
|
|
} // End of checkUsernameExistence
|
|
|
|
/**
|
|
* @brief Check Countrie existence and activation
|
|
* @param ID -> ID of the countrie
|
|
* @param clause -> Optionnal clause for the where
|
|
* @return True/False
|
|
*/
|
|
public function checkCountrieExistence ($countrie_id)
|
|
{
|
|
$countrie_id = $_SESSION['database']->clearString($countrie_id);
|
|
$req = "SELECT COUNT(id) AS total FROM countries WHERE id = '$countrie_id'";
|
|
$result = $_SESSION['database']->fetchObject($req);
|
|
if ( $result[0]->total == 0 ) return false;
|
|
else return true;
|
|
} // End of checkCountrieExistence
|
|
|
|
/**
|
|
* @brief Check Lang existence and activation
|
|
* @param lang_id -> ID of the lang
|
|
* @return True/False
|
|
*/
|
|
public function checkLangExistence($lang_id)
|
|
{
|
|
$land_id = $_SESSION['database']->clearString($lang_id);
|
|
$req = "SELECT COUNT(id) AS total FROM countries WHERE id = '$lang_id' AND is_lang = 'true'";
|
|
$result = $_SESSION['database']->fetchObject($req);
|
|
if ( $result[0]->total == 0 ) return false;
|
|
else return true;
|
|
} // End of checkLangActivation
|
|
|
|
/**
|
|
* @biref Get information about countrie
|
|
* @param countrie_id -> ID of the countrie
|
|
* @return False/Array with informations
|
|
*/
|
|
public function getCountrieInformations( $countrie_id, $clause = NULL )
|
|
{
|
|
if ( !is_null($clause) ) $clause = " $clause";
|
|
$countrie_id = $_SESSION['database']->clearString($countrie_id);
|
|
$req = "SELECT id,flag,countrie,date_format,time_format,is_lang FROM countries WHERE id = '$countrie_id'$clause";
|
|
$result = $_SESSION['database']->fetchObject($req);
|
|
if ( count($result) == 0 ) return false;
|
|
else return $result[0];
|
|
}
|
|
|
|
} // End of class
|