viewgit/inc/functions.php:22 Function utf8_encode() is deprecated [8192]
<?php /** * SeekQuarry/Yioop -- * Open Source Pure PHP Search Engine, Crawler, and Indexer * * Copyright (C) 2009 - 2015 Chris Pollett chris@pollett.org * * LICENSE: * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. * * END LICENSE * * @author Chris Pollett chris@pollett.org * @license http://www.gnu.org/licenses/ GPL3 * @link http://www.seekquarry.com/ * @copyright 2009 - 2015 * @filesource */ if (!defined('BASE_DIR')) {echo "BAD REQUEST"; exit();} /** Loads the base class */ require_once BASE_DIR."/models/model.php"; /** Used for the crawlHash function */ require_once BASE_DIR."/lib/utility.php"; /** For createThumb used in manage account */ require_once BASE_DIR."/lib/processors/image_processor.php"; /** * This class is used to handle * database statements related to User Administration * * @author Chris Pollett * @package seek_quarry\model */ class UserModel extends Model { /** * Associations of the form * name of field for web forms => database column names/abbreviations * In this case, things will in general map to the USERS table in the * Yioop data base * var array */ var $search_table_column_map = array("first"=>"FIRST_NAME", "last" => "LAST_NAME", "user" => "USER_NAME", "email"=>"EMAIL", "status"=>"STATUS", "accounttype" => "IS_ADVERTISER"); /** * These fields if present in $search_array (used by @see getRows() ), * but with value "-1", will be skipped as part of the where clause * but will be used for order by clause * @var array */ var $any_fields = array("status"); /** * {@inheritDoc} * * @param mixed $args any additional arguments which should be used to * determine these tables (in this case none) */ function selectCallback($args = null) { return "USER_ID, USER_NAME, FIRST_NAME, LAST_NAME, EMAIL, STATUS"; } /** * {@inheritDoc} * * @param mixed $args any additional arguments which should be used to * determine these tables (in this case none) */ function fromCallback($args = null) { return "USERS"; } /** * {@inheritDoc} * * @param mixed $args any additional arguments which should be used to * determine these tables (in this case none) */ function whereCallback($args = null) { return "USER_ID != '".PUBLIC_USER_ID."'"; } /** * Get a list of admin activities that a user is allowed to perform. * This includes their name and their associated method. * * @param string $user_id id of user to get activities fors */ function getUserActivities($user_id) { $db = $this->db; $activities = array(); $status = $this->getUserStatus($user_id); if (!$status || in_array($status, array(BANNED_STATUS, INACTIVE_STATUS))) { return array(); } $locale_tag = getLocaleTag(); $limit_offset = $db->limitOffset(1); $sql = "SELECT LOCALE_ID FROM LOCALE ". "WHERE LOCALE_TAG = ? $limit_offset"; $result = $db->execute($sql, array($locale_tag)); $row = $db->fetchArray($result); $locale_id = $row['LOCALE_ID']; $sql = "SELECT DISTINCT A.ACTIVITY_ID AS ACTIVITY_ID, ". "T.TRANSLATION_ID AS TRANSLATION_ID, A.METHOD_NAME AS METHOD_NAME,". " T.IDENTIFIER_STRING AS IDENTIFIER_STRING FROM ACTIVITY A, ". " USER_ROLE UR, ROLE_ACTIVITY RA, TRANSLATION T ". "WHERE UR.USER_ID = ? ". "AND UR.ROLE_ID=RA.ROLE_ID AND T.TRANSLATION_ID=A.TRANSLATION_ID ". "AND RA.ACTIVITY_ID = A.ACTIVITY_ID ORDER BY A.ACTIVITY_ID ASC"; $result = $db->execute($sql, array($user_id)); $i = 0; $sub_sql = "SELECT TRANSLATION AS ACTIVITY_NAME ". "FROM TRANSLATION_LOCALE ". "WHERE TRANSLATION_ID=? AND LOCALE_ID=? $limit_offset"; // maybe do left join at some point while($activities[$i] = $this->db->fetchArray($result)) { $id = $activities[$i]['TRANSLATION_ID']; $result_sub = $db->execute($sub_sql, array($id, $locale_id)); $translate = $db->fetchArray($result_sub); if ($translate) { $activities[$i]['ACTIVITY_NAME'] = $translate['ACTIVITY_NAME']; } if (!isset($activities[$i]['ACTIVITY_NAME']) || $activities[$i]['ACTIVITY_NAME'] == "") { $activities[$i]['ACTIVITY_NAME'] = $this->translateDb( $activities[$i]['IDENTIFIER_STRING'], DEFAULT_LOCALE); } $i++; } unset($activities[$i]); //last one will be null return $activities; } /** * Checks if a user is allowed to perform the activity given by * method name * * @param string $user_id id of user to check * @param string $method_name to see if user allowed to do * @return bool whether or not the user is allowed */ function isAllowedUserActivity($user_id, $method_name) { $db = $this->db; $sql = "SELECT COUNT(*) AS ALLOWED FROM ACTIVITY A, ". "USER_ROLE UR, ROLE_ACTIVITY RA WHERE UR.USER_ID = ? ". "AND UR.ROLE_ID=RA.ROLE_ID AND A.METHOD_NAME = ? ". "AND RA.ACTIVITY_ID = A.ACTIVITY_ID"; $result = $db->execute($sql, array($user_id, $method_name)); if ($result) { $row = $db->fetchArray($result); if (isset($row["ALLOWED"]) && $row["ALLOWED"] > 0) { return true; } } return false; } /** * Returns $_SESSION variable of given user from the last time * logged in. * * @param int $user_id id of user to get session for * @return array user's session data */ function getUserSession($user_id) { $db = $this->db; $sql = "SELECT SESSION FROM USER_SESSION ". "WHERE USER_ID = ? " . $db->limitOffset(1); $result = $db->execute($sql, array($user_id)); $row = $db->fetchArray($result); if (isset($row["SESSION"])) { return unserialize($row["SESSION"]); } return null; } /** * Stores into DB the $session associative array of given user * * @param int $user_id id of user to store session for * @param array $session session data for the given user */ function setUserSession($user_id, $session) { $sql = "DELETE FROM USER_SESSION ". "WHERE USER_ID = ?"; $this->db->execute($sql, array($user_id)); $session_string = serialize($session); $sql = "INSERT INTO USER_SESSION ". "VALUES (?, ?)"; $this->db->execute($sql, array($user_id, $session_string)); } /** * Get a username by user_id * * @param string $user_id id of the user * @return string */ function getUsername($user_id) { $db = $this->db; $sql = "SELECT USER_NAME FROM USERS WHERE USER_ID=?"; $result = $db->execute($sql, array($user_id)); $row = $db->fetchArray($result); return $row['USER_NAME']; } /** * Get the status of user by user_id * * @param string $user_id id of the user * @return array */ function getUserStatus($user_id) { $db = $this->db; $sql = "SELECT STATUS FROM USERS WHERE USER_ID=?"; $result = $db->execute($sql, array($user_id)); $row = $db->fetchArray($result); return $row['STATUS']; } /** * Returns a row from the USERS table based on a username (case-insensitive) * * @param string $username user login to be used for look up * @return array corresponds to the row of that user in the USERS table */ function getUser($username) { $db = $this->db; $sql = "SELECT * FROM USERS WHERE UPPER(USER_NAME) = UPPER(?) " . $db->limitOffset(1); $result = $db->execute($sql, array($username)); if (!$result) { return false; } $row = $db->fetchArray($result); if (isset($row['USER_ID'])) { $row['USER_ICON'] = $this->getUserIconUrl($row['USER_ID']); } return $row; } /** * Looks up a USERS row based on their $email (potentially not unique) * and the time at which their account was create in microseconds * @param string $email of user to lookup * @param string $creation_time when the user's account was created in * the current epoch * @return array row from USERS table */ function getUserByEmailTime($email, $creation_time) { $db = $this->db; $sql = "SELECT * FROM USERS WHERE UPPER(EMAIL) = UPPER(?) AND CREATION_TIME=? " . $db->limitOffset(1); $result = $db->execute($sql, array($email, $creation_time)); if (!$result) { return false; } $row = $db->fetchArray($result); if (isset($row['USER_ID'])) { $row['USER_ICON'] = $this->getUserIconUrl($row['USER_ID']); } return $row; } /** * Returns the relative url needed to request the given users avatar icon * * @param int $user_id user to look up path for * @return string path to icon */ function getUserIconUrl($user_id) { $user_icon = "./resources/anonymous.png"; $user_folder = crawlHash("user" . $user_id . AUTH_KEY); $user_prefix = substr($user_folder, 0, 3); if (file_exists(APP_DIR . "/resources/$user_prefix/$user_folder/user_icon.jpg")) { $user_icon = "./?c=resource&a=get&f=resources&". "s=$user_folder&n=user_icon.jpg"; } return $user_icon; } /** * Returns the path to a user's resource folder (where uploaded files * will be stored). It creates the folder if it does not exist * * @param int $user_id user id of user to get path for */ function getUserIconFolder($user_id) { $user_folder = crawlHash("user" . $user_id . AUTH_KEY); $user_prefix = substr($user_folder, 0, 3); $resource_path = APP_DIR . "/resources"; $prefix_path = $resource_path."/$user_prefix"; $user_path = "$prefix_path/$user_folder"; if (file_exists($user_path)) { return $user_path; } if (!file_exists(APP_DIR) && !mkdir(APP_DIR)) { return false; } if (!file_exists($resource_path) && !mkdir($resource_path)) { return false; } if (!file_exists($prefix_path) && !mkdir($prefix_path)) { return false; } if (mkdir($user_path)) { return $user_path; } return false; } /** * Set status of user by user_id * * @param string $user_id id of the user * @param int $status one of ACTIVE_STATUS, INACTIVE_STATUS, or * BANNED_STATUS */ function updateUserStatus($user_id, $status) { $db = $this->db; if (!in_array($status, array(ACTIVE_STATUS, INACTIVE_STATUS, BANNED_STATUS))) { return; } $sql = "UPDATE USERS SET STATUS=? WHERE USER_ID=?"; $db->execute($sql, array($status, $user_id)); } /** * Does the insert into Users table portion of the creation of a new * user * * @param string $username the username of the user to be added * @param string $password the password of the user to be added * @param string $firstname the firstname of the user to be added * @param string $lastname the lastname of the user to be added * @param string $email the email of the user to be added * @param int $status one of ACTIVE_STATUS, INACTIVE_STATUS, or * BANNED_STATUS * @param string $zkp_password the password parameters need to * verify a Fiat-Shamir password */ function addUserToUsersTable($username, $password, $firstname='', $lastname='', $email='', $status = ACTIVE_STATUS, $zkp_password='') { $db = $this->db; $sql = "INSERT INTO USERS(FIRST_NAME, LAST_NAME, USER_NAME, EMAIL, PASSWORD, STATUS, HASH, CREATION_TIME, ZKP_PASSWORD) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?,?)"; $result = $db->execute($sql, array($firstname, $lastname, $username, $email, crawlCrypt($password), $status, crawlCrypt($username.AUTH_KEY.$creation_time), $creation_time, $zkp_password)); } /** * Add a user with a given username and password to the list of users * that can login to the admin panel * * @param string $username the username of the user to be added * @param string $password the password in plaintext * of the user to be added, and ZKP auth not being used (else * this can be the empty string) * @param string $firstname the firstname of the user to be added * @param string $lastname the lastname of the user to be added * @param string $email the email of the user to be added * @param int $status one of ACTIVE_STATUS, INACTIVE_STATUS, or * BANNED_STATUS * @param string $zkp_password the password parameters needed to * verify a Fiat-Shamir password * @return mixed false if operation not successful, user_id otherwise */ function addUser($username, $password, $firstname='', $lastname='', $email='', $status = ACTIVE_STATUS, $zkp_password='') { $creation_time = microTimestamp(); $db = $this->db; $sql = "INSERT INTO USERS(FIRST_NAME, LAST_NAME, USER_NAME, EMAIL, PASSWORD, STATUS, HASH, CREATION_TIME, ZKP_PASSWORD) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?,?)"; $result = $db->execute($sql, array($firstname, $lastname, $username, $email, crawlCrypt($password), $status, crawlCrypt($username.AUTH_KEY.$creation_time), $creation_time, $zkp_password)); if (!$user_id = $this->getUserId($username)) { return false; } $now = time(); $user_id = $db->escapeString($user_id); $sql = "INSERT INTO USER_GROUP (USER_ID, GROUP_ID, STATUS, JOIN_DATE) VALUES(?, ?, ?, ?)"; $result = $db->execute($sql, array($user_id, PUBLIC_GROUP_ID, ACTIVE_STATUS, $now)); $sql = "INSERT INTO USER_ROLE VALUES (?, ?) "; $result_id = $db->execute($sql, array($user_id, USER_ROLE)); return $user_id; } /** * Deletes a user by username from the list of users that can login to * the admin panel * * @param string $user_name the login name of the user to delete */ function deleteUser($user_name) { $db = $this->db; $user_id = $this->getUserId($user_name); if ($user_id) { $sql = "DELETE FROM USER_ROLE WHERE USER_ID=?"; $result = $db->execute($sql, array($user_id)); $sql = "DELETE FROM USER_GROUP WHERE USER_ID=?"; $result = $db->execute($sql, array($user_id)); $sql = "DELETE FROM USER_SESSION WHERE USER_ID=?"; $result = $db->execute($sql, array($user_id)); } $sql = "DELETE FROM USERS WHERE USER_ID=?"; $result = $db->execute($sql, array($user_id)); } /** * Used to update the fields stored in a USERS row according to * an array holding new values * * @param array $user updated values for a USERS row */ function updateUser($user) { $user_id = $user['USER_ID']; if (isset($user['IMAGE_STRING'])) { $folder = $this->getUserIconFolder($user_id); $image = @imagecreatefromstring($user['IMAGE_STRING']); $thumb_string = ImageProcessor::createThumb($image); file_put_contents($folder."/user_icon.jpg", $thumb_string); clearstatcache($folder."/user_icon.jpg"); } unset($user['USER_ID']); unset($user['USER_NAME']); unset($user['IMAGE_STRING']); unset($user['USER_ICON']); $sql = "UPDATE USERS SET "; $comma =""; $params = array(); if ($user == array()) {return; } foreach ($user as $field => $value) { $sql .= "$comma $field=? "; $comma = ","; if ($field == "PASSWORD") { $params[] = crawlCrypt($value); } else { $params[] = $value; } } $sql .= " WHERE USER_ID=?"; $params[] = $user_id; $this->db->execute($sql, $params); } }