<?php
/*******************************************************************************
* DataBase User Managment Class based on PEAR DB
*
* dbum_class.inc
* --------------------
* Begin: 17. July 2003
*
* Author: Steffen Stollfuß <bestmischmaker@web.de>
*
* status: "search 4 a job"
*
* $ Id: - dbum_class.inc - v.0.9.8.2 - 03-07-2004 10:47:14 $
*******************************************************************************
*
* - Change Log - begin v.0.8.4
*
*
* Date: 02.08.2003
* !!! v.0.8.4 beta coming public !!!
* - documentaion v.0.5.3
*
* Date: 03.08.2003
* - fix a bug in load_session() with cookie_params !!!
*
* Date: 21.08.2003
* - the function "change email" did not set new activ_id in database,
* so the activation goes failed
*
* Date: 27.08.2003
* - constructor changes ( now only 2 parameters needed )
* ( $dbum = new DBUM($db , $debug); )
* - doc v.0.9.2
*
*
* Date: 28.08.2003
* !!! Experimental !!! - now max_len constans variable, have a look at doc how you use it !!! Experimental !!!
* - max_failed_logins = 98 // that the maximum or "0" for deactivted (default = "5")
* have a look at the documentation
*
* - new function (install_tables( $options ))
*
* Date: 29.08.2003
* - v.0.9.6 public comming out !!!
* - doc v.0.9.5 public comming out !!!
* Date: 31.08.2003
* - v.0.9.7 public out
* - fixed a bug in is_numeric_array(), it will not work in v.0.9.6
* - if you use the class please update, thx
* Date 23.06.2004
* - v.0.9.6.1 while using some new bugs occured, this i have fixed now
*
*
* Date: 03.07.2004
* - v.0.9.8.2 new function added "forgot_password($email)"
* - and some bugs fixed
*/
// SQL Tables
if( !defined("DBUM_USERS_TABLE") ) define("DBUM_USERS_TABLE" , "dbum_users");
if( !defined("DBUM_SESSION_TABLE") ) define("DBUM_SESSION_TABLE" , "dbum_sessions" );
if( !defined("DBUM_GROUPS_TABLE") ) define("DBUM_GROUPS_TABLE" , "dbum_groups" );
// Error Constans
define("DBUM_HACKER_ATTEMPT" , 1000 );
define("DBUM_INPUT_ERROR" , 1001 );
define("DBUM_SQL_ERROR" , 1002 );
define("DBUM_LOGIN_FAILED" , 1003 );
define("DBUM_USER_NOT_ACTIVATED" , 1004 );
define("DBUM_USER_EXISTS" , 1005 );
define("DBUM_CREATE_USER_FAILED" , 1006 );
define("DBUM_SESSION_START_FAILED" , 1007 );
define("DBUM_USER_LOCKED" , 1008 );
define("DBUM_INSERT_SESSION_FAILED" , 1009 );
define("DBUM_UPDATE_SESSION_FAILED" , 1010 );
define("DBUM_MAX_FAILED_LOGINS_REACHED" , 1011 );
define("DBUM_GROUP_NOT_ACTIVATED" , 1012 );
define("DBUM_GROUP_NOT_EXISTS" , 1013 );
define("DBUM_NOT_LOGGED" , 1014 );
define("DBUM_LOGIN_TIMEOUT_REACHED" , 1015 );
define("DBUM_UNLOCK_USER_FAILED" , 1016 );
define("DBUM_ACTIVATED_USER_FAILED" , 1017 );
define("DBUM_USER_NOT_EXISTS" , 1018 );
define("DBUM_CHANGE_PASSWORD_FAILED", 1019 );
define("DBUM_CHANGE_EMAIL_FAILED" , 1020 );
define("DBUM_ACCESS_DENIED" , 1021 );
define("DBUM_GROUP_EXISTS" , 1022 );
define("DBUM_USER_DELETE_FAILED" , 1023 );
define("DBUM_GROUP_DELETE_FAILED" , 1024 );
define("DBUM_GROUP_ACTIVATE_FAILED" , 1025 );
define("DBUM_GROUP_DEACTIVATE_FAILED" , 1026 );
define("DBUM_EDIT_USER_FAILED" , 1027 );
define("DBUM_GROUP_EDIT_FAILED" , 1028 );
define("DBUM_ACTION_FAILED" , 1029 );
define("DBUM_EMAIL_EXISTS" , 1030 );
define("DBUM_FORGOT_PASSWORD_FAILED" , 1031);
define("DBUM_INSTALL_ERROR" , 1032 );
if(!defined("DBUM_MAX_FAILED_LOGINS") ) define("DBUM_MAX_FAILED_LOGINS" , 5 ); // !!! max 98 !!!
// this will use if no timeout set when user will created
define("DBUM_DEFAULT_USER_TIMEOUT" , 60); // mins
// Input Constans
if(!defined("DBUM_MAX_USERNAME_LEN") ) define("DBUM_MAX_USERNAME_LEN" , 20 );
if(!defined("DBUM_MAX_PASSWORD_LEN") ) define("DBUM_MAX_PASSWORD_LEN" , 35 );
if(!defined("DBUM_FIRST_NAME_MAX_LEN") ) define("DBUM_FIRST_NAME_MAX_LEN" , 50 );
if(!defined("DBUM_LAST_NAME_MAX_LEN") ) define("DBUM_LAST_NAME_MAX_LEN" , 75 );
if(!defined("DBUM_STREET_MAX_LEN") ) define("DBUM_STREET_MAX_LEN" , 255 );
if(!defined("DBUM_HOMETOWN_MAX_LEN") ) define("DBUM_HOMETOWN_MAX_LEN" , 100 );
if(!defined("DBUM_POSTCODE_MAX_LEN") ) define("DBUM_POSTCODE_MAX_LEN" , 10 );
if(!defined("DBUM_EMAIL_MAX_LEN") ) define("DBUM_EMAIL_MAX_LEN" , 200 );
if(!defined("DBUM_TELEPHONE_MAX_LEN") ) define("DBUM_TELEPHONE_MAX_LEN" , 50 );
if(!defined("DBUM_FAX_MAX_LEN") ) define("DBUM_FAX_MAX_LEN" , 50 );
if(!defined("DBUM_MOBIL_MAX_LEN") ) define("DBUM_MOBIL_MAX_LEN" , 25 );
if(!defined("DBUM_SIGNATURE_MAX_LEN") ) define("DBUM_SIGNATURE_MAX_LEN" , 65535 );
if(!defined("DBUM_ICQ_MAX_LEN") ) define("DBUM_ICQ_MAX_LEN" , 20 );
if(!defined("DBUM_MSN_MAX_LEN") ) define("DBUM_MSN_MAX_LEN" , 255 );
if(!defined("DBUM_AIM_MAX_LEN") ) define("DBUM_AIM_MAX_LEN" , 255 );
define("DBUM_TIMEOUT_MAX_LEN" , 4 );
if(!defined("DBUM_GROUP_NAME_MAX_LEN") ) define("DBUM_GROUP_NAME_MAX_LEN" , 100 );
if(!defined("DBUM_GROUP_DESC_MAX_LEN") ) define("DBUM_GROUP_DESC_MAX_LEN" , 255 );
if(!defined("DBUM_GROUP_LEVEL_MAX_LEN") ) define("DBUM_GROUP_LEVEL_MAX_LEN" , 3 );
// Class DataBase User Managment !!!!
class dbum
{
// Error Vars
var $err_code;
var $err_title;
var $err_msg;
var $err_line;
var $err_file;
var $query;
var $debug;
var $result;
var $db;
var $unlock = array();
/*
// Some Tests
var $query_num = 0;
var $queries = array();
*/
// Constructor
function dbum( &$db , $debug = FALSE )
{
$this->debug = $debug;
$this->db = $db;
}
function login( $username , $password )
{
////////////////////////////////////////////////////////////////////////
// Check are Input data correct !
if( !$this->_valid_data( array( "username" => $username , "password" => $password ) ) )
{
return FALSE;
}
////////////////////////////////////////////////////////////////////////
// Select "user_id , group_id , activated , locked , failed_logins , created , password , first_name , last_name , email"
$this->query = '';
$this->query = 'SELECT user_id , group_id , activated , locked , failed_logins , created , password , first_name , last_name , email
FROM '. DBUM_USERS_TABLE .'
WHERE
LOWER(username) = \''. strtolower($username) .'\'';
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
$this->query = '';
////////////////////////////////////////////////////////////////////////
// Check is a Dataset founded !
if( !$row = $this->result->fetchRow( DB_FETCHMODE_ASSOC ) )
{
$this->result->free();
return $this->message_return( DBUM_LOGIN_FAILED , "Login" , "Login goes failed", __LINE__ , __FILE__ );
}
$this->result->free();
////////////////////////////////////////////////////////////////////////
// Check are failed_logins != DBUM_MAX_FAILED_LOGINS
if( DBUM_MAX_FAILED_LOGINS != 0 )
{
if( $row["failed_logins"] == DBUM_MAX_FAILED_LOGINS )
{
if( !$this->lock_user( $username ) )
{
return FALSE;
}
return $this->message_return( DBUM_MAX_FAILED_LOGINS_REACHED , "Login" , "Your account was locked now, because too many failed logins", __LINE__ , __FILE__ );
}
}
////////////////////////////////////////////////////////////////////////
// Check is User locked !!!
if( $row["locked"] != 0)
{
return $this->message_return( DBUM_USER_LOCKED , "Login" , "Your account is locked", __LINE__ , __FILE__ );
}
////////////////////////////////////////////////////////////////////////
// Check is Password valid, else set failed_login + 1 and return DBUM_LOGIN_FAILED
if( $row["password"] != sha1( $password ) )
{
$this->query = "UPDATE ". DBUM_USERS_TABLE ."
SET
failed_logins = '". ($row["failed_logins"] + 1) ."'
WHERE
LOWER(username) = '". strtolower($username) ."'
LIMIT 1";
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "", __LINE__ , __FILE__ );
}
$this->query = '';
return $this->message_return( DBUM_LOGIN_FAILED , "Login" , "Login goes failed", __LINE__ , __FILE__ );
}
////////////////////////////////////////////////////////////////////////
// Check is User activated !
if( $row["activated"] != 1)
{
return $this->message_return( DBUM_USER_NOT_ACTIVATED , "Login" , "Your account is not activated", __LINE__ , __FILE__ );
}
////////////////////////////////////////////////////////////////////////
// set output user vars
$output = array( "username" => $username ,
"password" => $password ,
"user_id" => $row["user_id"] ,
"group_id" => $row["group_id"] ,
"first_name" => $row["first_name"] ,
"last_name" => $row["last_name"] ,
"email" => $row["email"] ,
"created" => $row["created"]
);
if( $row["failed_logins"] > DBUM_MAX_FAILED_LOGINS )
{
$output["failed_logins"] = $row["failed_logins"] - 1;
}
else
{
$output["failed_logins"] = $row["failed_logins"];
}
unset( $row );
////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////
// Check Group Setting
$this->query = 'SELECT group_name , group_desc , activated
FROM '. DBUM_GROUPS_TABLE .'
WHERE group_id = \''. $output["group_id"] .'\'';
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
$this->query = '';
if( !$row = $this->result->fetchRow( DB_FETCHMODE_ASSOC ) )
{
$this->result->free();
return $this->message_return( DBUM_GROUP_NOT_EXISTS , "Login" , "Given group_id does not exists", __LINE__ , __FILE__);
}
$this->result->free();
////////////////////////////////////////////////////////////////////////
// Check is Group activated
if( $row["activated"] != 1 )
{
return $this->message_return( DBUM_GROUP_NOT_ACTIVATED , "Login" , "Your group is not activated", __LINE__ , __FILE__);
}
////////////////////////////////////////////////////////////////////////
// Set output group vars
$output["group_name"] = $row["group_name"];
$output["group_desc"] = $row["group_desc"];
////////////////////////////////////////////////////////////////////////
// Set Users last action timestamp
$output["last_action"] = $this->_timestamp();
unset( $row );
////////////////////////////////////////////////////////////////////////
// Update Session Data Section
$this->query = "UPDATE ". DBUM_SESSION_TABLE ." SET
user_id = '". $output["user_id"] ."',
last_action = '". $output["last_action"] ."'
WHERE
session_id = '". session_id() ."'
LIMIT 1";
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
$this->query = "";
if( $this->db->affectedRows( $this->result ) != 1 )
{
return $this->message_return( DBUM_UPDATE_SESSION_FAILED , "DB_Handling" , "Something goes wrong, while updating session data" , __LINE__ , __FILE__ );
}
////////////////////////////////////////////////////////////////////////
// Updating USERS Table !!!
$this->query = "UPDATE ". DBUM_USERS_TABLE ." SET
session_id = '". session_id() ."',
failed_logins = '0'
WHERE
user_id = '". $output["user_id"] ."'
LIMIT 1";
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
$this->query = '';
if( $this->db->affectedRows( $this->result ) != 1 )
{
return $this->message_return( DBUM_UPDATE_SESSION_FAILED , "DB_Handling" , "Something goes wrong, while updating user data" , __LINE__ , __FILE__ );
}
////////////////////////////////////////////////////////////////////////
// Return
return $output;
}
/***************************************************************************
* - check is given session_id logged for a user
* - if timeout set the function will return DBUM_LOGIN_TIMEOUT_REACHED, when reached
* - if timeout reached function will logout user/session and destroy session !!!
**************************************************************************/
function is_login( $session_id = NULL )
{
if( is_null($session_id) )
{
$session_id = session_id();
}
$this->query = "";
$this->query = "SELECT s.last_action , u.timeout
FROM ". DBUM_USERS_TABLE ." u, ". DBUM_SESSION_TABLE ." s
WHERE
u.session_id = '". $session_id ."'
AND
s.session_id = '". $session_id ."'
AND
s.user_id = u.user_id";
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
$this->query = '';
if( !$row = $this->result->fetchRow( DB_FETCHMODE_ASSOC ) )
{
$this->result->free();
return $this->message_return( DBUM_NOT_LOGGED , "Login" , "You are not logged" );
}
$this->result->free();
// Timeout min -> sec
if( $row["timeout"] > "0" )
{
$timeout_sec = $row["timeout"] * 60;
$timeout_diff = $this->_timestamp() - $row["last_action"];
if( $timeout_diff > $timeout_sec )
{
if( !$this->logout( $session_id ) )
{
return FALSE;
}
$this->destroy_session( $session_id );
return $this->message_return( DBUM_LOGIN_TIMEOUT_REACHED , "Login" , "Login timeout reached" , __LINE__ , __FILE__ );
}
}
return TRUE;
}
/***************************************************************************
* - set "session_stop" , "last_action" and "user_id" = ''
**************************************************************************/
function logout( $session_id = NULL )
{
if( is_null( $session_id ) )
{
$session_id = session_id();
}
$this->query = "";
$this->query = "UPDATE ". DBUM_SESSION_TABLE ." SET
session_stop = '". $this->_datetime() ."',
last_action = '". $this->_timestamp() ."',
user_id = ''
WHERE
session_id = '". $session_id ."'
LIMIT 1";
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
$this->query = '';
if( $this->db->affectedRows( $this->result ) != 1 )
{
return $this->message_return( DBUM_UPDATE_SESSION_FAILED , "DB_Handling" , "Something goes wrong, could not updating session data", __LINE__ , __FILE__ );
}
return TRUE;
}
/***************************************************************************
* - user must be logged , befor you can use this function !!!
* -
**************************************************************************/
function is_authorized( $need_level )
{
$this->query = "";
$this->query = "SELECT g.level FROM ". DBUM_USERS_TABLE ." u, ". DBUM_GROUPS_TABLE ." g
WHERE
u.session_id = '". @session_id() ."'
AND
g.group_id = u.group_id";
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
$this->query = '';
if( !$row = $this->result->fetchRow( DB_FETCHMODE_ASSOC ) )
{
$this->result->free();
return $this->message_return( DBUM_ACCESS_DENIED , "Access Denied" , "You cannot access to this site" );
}
$this->result->free();
if( $row["level"] > $need_level )
{
return $this->message_return( DBUM_ACCESS_DENIED , "Access Denied" , "You cannot access to this site" );
}
return TRUE;
}
/***************************************************************************
* - set last_action field in dbum session table
* -
**************************************************************************/
function action( $session_id = NULL )
{
if( is_null( $session_id ) )
{
$session_id = @session_id();
}
else
{
if( !$this->_valid_data( array("session_id" => $session_id) ) )
{
return FALSE;
}
}
$this->query = "";
$this->query = "UPDATE ". DBUM_SESSION_TABLE ." SET
last_action = '". $this->_timestamp() ."'
WHERE
session_id = '". $session_id ."'";
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" ,"" ,__LINE__ , __FILE__ );
}
$this->query = '';
if( $this->db->affectedRows( $this->result ) != 1 )
{
return $this->message_return( DBUM_ACTION_FAILED , "Action" , "Something goes wrong, while do action" , __LINE__ , __FILE__ );
}
return TRUE;
}
/*
* check is given email address valid
* try to get an username for this email
* changed the pass to a new one
* return the new password
*/
function forgot_password( $email )
{
if( !$this->_valid_data( array("email"=>$email) ) ) return FALSE;
// Check is user already exists !!!
$this->query = "";
$this->query = "SELECT username FROM ". DBUM_USERS_TABLE ." WHERE email = '".$email."'";
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
$this->query = "";
if( !$row = $this->result->fetchRow( DB_FETCHMODE_ASSOC ) )
{
$this->result->free();
return $this->message_return( DBUM_FORGOT_PASSWORD_FAILED , "No Username found" , "Cant find any username for this email address ".$email , __LINE__ , __FILE__ );
}
$this->result->free();
// Genereate a new password
$new_pass = substr($this->_generate_id($row["username"]),0,rand(6,12));
// Set this new password in USERS Table
$this->query = "UPDATE ". DBUM_USERS_TABLE ." SET
password = '". sha1( $new_pass ) ."'
WHERE email = '".$email."'";
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
$this->query = "";
if( $this->db->affectedRows( $this->result ) != 1 )
{
return $this->message_return( DBUM_FORGOT_PASSWORD_FAILED , "Forgot Password" , "Something goes wrong, while changing your password" , __LINE__ , __FILE__ );
}
return $new_pass;
}
/***************************************************************************
* - check if all input data are valid !!!
* - check is User already exists !!!
* - generate a activation id that will return if all right
* - create user
**************************************************************************/
function create_user( $user )
{
// Check are all input data valid !!!
if( !$this->_valid_data( $user ) )
{
return FALSE;
}
// Check is Username already exists !!!
if( !$this->_user_not_exists( $user["username"] ) )
{
return FALSE;
}
// check is email address already store !!!
if( !$this->_email_not_exists( $user["email"] ) )
{
return FALSE;
}
// Generate Activation ID !!!
$user["session_id"] = $this->_generate_id( $user["username"] );
////////////////////////////////////////////////////////////////////////
// DB Handling
$this->query = '';
$this->query = 'INSERT INTO '. DBUM_USERS_TABLE .' VALUES (
\'\' ,
\''. $user["group_id"].'\' ,
\''. $user["session_id"] .'\' ,
\'0\',
\'0\',
\''. (( !isset($user["activated"]) ) ? FALSE : $user["activated"]) .'\',
\''. (( !isset($user["timeout"]) || empty($user["timeout"]) ) ? DBUM_DEFAULT_USER_TIMEOUT : $user["timeout"]) .'\',
\''. $this->_datetime() .'\',
\''. $user["username"] .'\' ,
\''. sha1($user["password"]) .'\' ,
\''. (( !isset($user["first_name"]) || empty($user["first_name"]) ) ? NULL : $user["first_name"]) .'\' ,
\''. (( !isset($user["last_name"]) || empty($user["last_name"]) ) ? NULL : $user["last_name"]) .'\' ,
\''. (( !isset($user["street"]) || empty($user["street"]) ) ? NULL : $user["street"]) .'\' ,
\''. (( !isset($user["postcode"]) || empty($user["postcode"]) ) ? NULL : $user["postcode"]) .'\' ,
\''. (( !isset($user["hometown"]) || empty($user["hometown"]) ) ? NULL : $user["hometown"]) .'\' ,
\''. $user["email"] .'\' ,
\''. (( !isset($user["website"]) || empty($user["website"]) ) ? NULL : $user["website"]) .'\' ,
\''. (( !isset($user["telephone"]) || empty($user["telephone"]) ) ? NULL : $user["telephone"]) .'\' ,
\''. (( !isset($user["fax"]) || empty($user["fax"]) ) ? NULL : $user["fax"]) .'\' ,
\''. (( !isset($user["mobil"]) || empty($user["mobil"]) ) ? NULL : $user["mobil"]) .'\' ,
\''. (( !isset($user["signature"]) || empty($user["signature"]) ) ? NULL : $user["signature"]) .'\' ,
\''. (( !isset($user["icq"]) || empty($user["icq"]) ) ? NULL : $user["icq"]) .'\' ,
\''. (( !isset($user["msn"]) || empty($user["msn"]) ) ? NULL : $user["msn"]) .'\' ,
\''. (( !isset($user["aim"]) || empty($user["aim"]) ) ? NULL : $user["aim"]) .'\' )';
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
$this->query = '';
if( $this->db->affectedRows( $this->result ) != 1 )
{
return $this->message_return( DBUM_CREATE_USER_FAILED , "DB_Handling" , "Something goes wrong, while create user" , __LINE__ , __FILE__ );
}
////////////////////////////////////////////////////////////////////////
// Return
return $user["session_id"];
}
/***************************************************************************
* - check input data
* - activate user
**************************************************************************/
function activated_user( $username , $activ_id )
{
if( !$this->_valid_data( array("username" => $username , "unlock_id" => $activ_id) ) )
{
return FALSE;
}
$this->query = "";
$this->query = "UPDATE ". DBUM_USERS_TABLE ." SET
activated = '1'
WHERE
username = '". $username ."'
AND
session_id = '". $activ_id ."'
LIMIT 1";
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
if( $this->db->affectedRows( $this->result ) != 1 )
{
return $this->message_return( DBUM_ACTIVATED_USER_FAILED , "DB Handling" , "Something goes wrong, while activate your user account" , __LINE__ , __FILE__ );
}
return TRUE;
}
/***************************************************************************
* set the unlock array
* set in table users
**************************************************************************/
function lock_user( $username )
{
if( !$this->_valid_data( array("username" => $username) ) )
{
return FALSE;
}
$this->query = "";
$this->query = "SELECT email FROM ". DBUM_USERS_TABLE ." WHERE username = '". $username ."'";
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
$this->query = "";
if( !$row = $this->result->fetchRow( DB_FETCHMODE_ASSOC ) )
{
return $this->message_return( DBUM_USER_NOT_EXISTS , "Lock User" , "User you try to lock does not exists" );
}
$this->result->free();
// Created unlock_id and set it in session_id field
$this->unlock["id"] = $this->_generate_id( $username );
$this->unlock["username"] = $username;
// $this->unlock["password"] = substr( $this->unlock["id"] , 9 , 18 );
$this->unlock["email"] = $row["email"];
unset( $row );
$this->query = "UPDATE ". DBUM_USERS_TABLE ." SET
locked = '1' ,
failed_logins = '". (DBUM_MAX_FAILED_LOGINS + 1) ."' ,
session_id = '". $this->unlock["id"] ."' ".
// password = '". sha1( $this->unlock["password"] ) ."'
"WHERE
LOWER(username) = '". strtolower($username) ."'
LIMIT 1";
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
$this->query = '';
return TRUE;
}
/***************************************************************************
* - set locked in DB "0" false !!!
**************************************************************************/
function unlock_user( $username , $unlock_id )
{
if( !$this->_valid_data( array( "username" => $username , "unlock_id" => $unlock_id ) ) )
{
return FALSE;
}
$this->query = "";
$this->query = "UPDATE ". DBUM_USERS_TABLE ." SET
locked= '0'
WHERE
session_id = '". $unlock_id ."'
AND
LOWER(username) = '". strtolower($username) ."'
LIMIT 1";
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
$this->query= '';
if( $this->db->affectedRows( $this->result ) != 1 )
{
return $this->message_return( DBUM_UNLOCK_USER_FAILED , "Unlock_User" , "Something goes wrong, while unlock user" , __LINE__ , __FILE__ );
}
return TRUE;
}
/***************************************************************************
* - check are all given string valid
* - check is
* - change password when old pwd is correct
**************************************************************************/
function change_password( $username , $old_pwd , $new_pwd , $re_new_pwd )
{
if( !$this->_valid_data( array( "username" => $username , "password" => array($old_pwd , $new_pwd , $re_new_pwd) ) ) )
{
return FALSE;
}
if( empty($new_pwd) || ($new_pwd != $re_new_pwd) )
{
return $this->message_return( DBUM_CHANGE_PASSWORD_FAILED , "Change Password" , "Your new 2 password strings are not the same or empty" , __LINE__ , __FILE__ );
}
$this->query = "";
$this->query = "UPDATE ". DBUM_USERS_TABLE ." SET
password = '". sha1( $new_pwd ) ."'
WHERE
LOWER(username) = '". strtolower($username) ."'
AND
password = '". sha1( $old_pwd ) ."'
LIMIT 1";
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
$this->query = '';
if( $this->db->affectedRows( $this->result ) != 1 )
{
return $this->message_return( DBUM_CHANGE_PASSWORD_FAILED , "Change Password" , "Your old password was not correct" , __LINE__ , __FILE__ );
}
return TRUE;
}
/***************************************************************************
* - check is new email format valid
* - generate new activation_id and set it in db
* - change email , if not exists because email field is "unique_id"
* and set activated = FALSE
* - return activ_id
**************************************************************************/
function change_email( $username , $new_email )
{
if( !$this->_valid_data( array( "username" => $username , "email" => $new_email ) ) )
{
return FALSE;
}
$activ_id = $this->_generate_id( $username );
$this->query = "";
$this->query = "UPDATE ". DBUM_USERS_TABLE ." SET
email = '". $new_email ."' ,
session_id = '". $activ_id ."' ,
activated = '0'
WHERE
LOWER(username) = '". strtolower($username) ."'
LIMIT 1";
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
$this->query = '';
if( $this->db->affectedRows( $this->result ) != 1 )
{
return $this->message_return( DBUM_CHANGE_EMAIL_FAILED , "DB Handling" , "Something goes wrong, while changing your email" , __LINE__ , __FILE__ );
}
return $activ_id;
}
/***************************************************************************
* - check all data !!!
* - update User data in Database
**************************************************************************/
function edit_user( $user )
{
if( !$this->_valid_data($user) )
{
return FALSE;
}
$this->query = "";
$this->query = "UPDATE ". DBUM_USERS_TABLE ." SET
timeout = '". ( (!isset($user["timeout"]) || empty($user["timeout"])) ? DBUM_DEFAULT_USER_TIMEOUT : $user["timeout"] ) ."',
first_name = '". ( (!isset($user["first_name"]) || empty($user["first_name"])) ? NULL : $user["first_name"] ) ."',
last_name = '". ( (!isset($user["last_name"]) || empty($user["last_name"])) ? NULL : $user["last_name"] ) ."',
street = '". ( (!isset($user["street"]) || empty($user["street"])) ? NULL : $user["street"] ) ."',
postcode = '". ( (!isset($user["postcode"]) || empty($user["postcode"])) ? NULL : $user["postcode"] ) ."',
hometown = '". ( (!isset($user["hometown"]) || empty($user["hometown"])) ? NULL : $user["hometown"] ) ."',
website = '". ( (!isset($user["website"]) || empty($user["website"])) ? NULL : $user["website"] ) ."',
telephone = '". ( (!isset($user["telephone"]) || empty($user["telephone"])) ? NULL : $user["telephone"] ) ."',
fax = '". ( (!isset($user["fax"]) || empty($user["fax"])) ? NULL : $user["fax"] ) ."',
mobil = '". ( (!isset($user["mobil"]) || empty($user["mobil"])) ? NULL : $user["mobil"] ) ."',
signature = '". ( (!isset($user["signature"]) || empty($user["signature"])) ? NULL : $user["signature"] ) ."',
icq = '". ( (!isset($user["icq"]) || empty($user["icq"])) ? NULL : $user["icq"] ) ."',
msn = '". ( (!isset($user["msn"]) || empty($user["msn"])) ? NULL : $user["msn"] ) ."',
aim = '". ( (!isset($user["aim"]) || empty($user["aim"])) ? NULL : $user["aim"] ) ."'
WHERE
LOWER(username) = '". strtolower($user["username"]) ."'
LIMIT 1";
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
$this->query = '';
if( $this->db->affectedRows( $this->result ) != 1 )
{
return $this->message_return( DBUM_EDIT_USER_FAILED , "DB Handling" , "Something goes wrong, while edit your user data" );
}
return TRUE;
}
/***************************************************************************
* - check is user_id valid
* - return all found able user data
**************************************************************************/
function return_user( $user_id )
{
if( !$this->_valid_data( array("icq" => $user_id) ) )
{
return FALSE;
}
$this->query = '';
$this->query = 'SELECT * FROM '. DBUM_USERS_TABLE .' WHERE user_id = \''. $user_id .'\' LIMIT 1';
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
$this->query = '';
if( !$row = $this->result->fetchRow( DB_FETCHMODE_ASSOC ) )
{
return $this->message_return( DBUM_USER_NOT_EXISTS , "User" , "User doesnot exists" );
}
$this->result->free();
// Remove the password field
unset($row["password"]);
return $row;
}
/***************************************************************************
* - check are given username valid
* - delete all data for given username
**************************************************************************/
function delete_user( $username )
{
if( !$this->_valid_data( array("username" => $username) ) )
{
return FALSE;
}
$this->query = '';
$this->query = 'DELETE FROM '. DBUM_USERS_TABLE .' WHERE LOWER(username) = \''. strtolower($username) .'\' LIMIT 1';
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
$this->query = '';
if( $this->db->affectedRows( $this->result ) )
{
return $this->message_return( DBUM_USER_DELETE_FAILED , "DB Handling" , "Something goes wrong, while delete user" , __LINE__ , __FILE__ );
}
return TRUE;
}
/***************************************************************************
* - check are given datas correct
* - check is group already exists
* - create group
**************************************************************************/
function create_group( $group )
{
if( !$this->_valid_data( $group ) )
{
return FALSE;
}
// Check is group already exists
if( !$this->_group_not_exists( $group["group_name"] ) )
{
return FALSE;
}
if( !isset($group["level"]) || $group["level"] == '' )
{
$group["level"] = 999;
}
$this->query = '';
$this->query = 'INSERT INTO '. DBUM_GROUPS_TABLE .' VALUES (
\'\',
\''. $group["group_name"] .'\',
\''. $group_desc["group_desc"] .'\',
\''. $group["activated"] .'\',
\''. $group["level"] .'\' )';
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
$this->query = '';
if( $this->db->affectedRows( $this->result ) != 1 )
{
return $this->message_return( DBUM_CREATE_GROUP_FAILED , "DB Handling" , "Something goes wrong, while created group" , __LINE__ , __FILE__ );
}
return TRUE;
}
/***************************************************************************
* - check is given group name valid
* - activate group if exists
**************************************************************************/
function activate_group( $group_name )
{
if( !$this->_valid_data( array( "group_name" => $group_name ) ) )
{
return FALSE;
}
$this->query = "";
$this->query = "UPDATE ". DBUM_GROUPS_TABLE ." SET
activated = '1',
WHERE
LOWER(group_name) = '". strtolower($group_name) ."'
LIMIT 1";
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
$this->query = '';
if( $this->db->affectedRows( $this->result ) != 1 )
{
return $this->message_return( DBUM_GROUP_ACTIVATE_FAILED , "Activate Group" , "Something goes wrong, while activate group" , __LINE__ , __FILE__ );
}
return TRUE;
}
/***************************************************************************
* - check is group_name valid
* - deactivate group if exists
**************************************************************************/
function deactivate_group( $group_name )
{
if( !$this->_valid_data( array( "group_name" => $group_name ) ) )
{
return FALSE;
}
$this->query = "";
$this->query = "UPDATE ". DBUM_GROUPS_TABLE ." SET
activated = '0',
WHERE
LOWER(group_name) = '". strtolower($group_name) ."'
LIMIT 1";
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
$this->query = '';
if( $this->db->affectedRows( $this->result ) != 1 )
{
return $this->message_return( DBUM_GROUP_DEACTIVATE_FAILED , "Deactivate Group" , "Something goes wrong, while deactivate group" , __LINE__ , __FILE__ );
}
return TRUE;
}
/***************************************************************************
* - if you not set level it will set to default "999"
**************************************************************************/
function edit_group( $group )
{
if( !$this->_valid_data( $group ) )
{
return FALSE;
}
if( !isset($group["level"]) || $group["level"] == '' )
{
$group["level"] = 999;
}
$this->query = "";
$this->query = "UPDATE ". DBUM_GROUPS_TABLE ." SET
group_name = '". $group["group_name"] ."',
group_desc = '". $group["group_desc"] ."',
activated = '". $group["activated"] ."',
level = '". $group["level"] ."'
WHERE
LOWER(group_name) = '". strtolower($group["group_name"]) ."' LIMIT 1";
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
$this->query = '';
if( $this->db->affectedRows( $this->result ) != 1 )
{
return $this->message_return( DBUM_GROUP_EDIT_FAILED , "Edit Group" , "Something goes wrong, while edit group" , __LINE__ , __FILE__ );
}
// Return if all right
return TRUE;
}
/***************************************************************************
* - check is given group_name valid
* - delete all groupdata
**************************************************************************/
function delete_group( $group_name )
{
if( !$this->_valid_data( array( "group_name" => $group_name ) ) )
{
return FALSE;
}
$this->query = '';
$this->query = 'DELETE FROM '. DBUM_GROUPS_TABLE .' WHERE LOWER(group_name) = \''. strtolower($group_name) .'\' LIMIT 1';
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
$this->query = '';
if( $this->db->affectedRows( $this->result ) != 1 )
{
return $this->message_return( DBUM_GROUP_DELETE_FAILED , "DB Handling" , "Something goes wrong, while delete group" , __LINE__ , __FILE__ );
}
return TRUE;
}
// Will load the session is given by sess_id , else it will start a new one and put this data to sessions table !!!
//
function load_session( $sess_id = NULL , $sess_name = "DBUM_SID" , $sess_cache_limiter = "private_no_expire" , $sess_cache_expire = "0" , $cookie_params = array() )
{
if( !is_null($sess_id) )
{
session_id($sess_id);
}
// Set session name
session_name( $sess_name );
// "private" , "public" , "nocache" , "private_no_expire"
// http://de2.php.net/manual/en/function.session-cache-limiter.php
session_cache_limiter( $sess_cache_limiter );
// Browser Cache Time
// 0 = Browser restarted
session_cache_expire( $sess_cache_expire );
// Cookie Parameters
// http://de2.php.net/manual/en/function.session-set-cookie-params.php
( !isset( $cookie_params["ttl"] ) ) ? $ttl = 0 : $ttl = $cookie_params["ttl"];
( !isset( $cookie_params["path"] ) || $cookie_params["path"] == "" ) ? $path = "/" : $path = $cookie_params["path"];
( !isset( $cookie_params["domain"] ) || empty($cookie_params["domain"]) ) ? $domain = $_SERVER["HTTP_HOST"]. dirname($_SERVER['PHP_SELF']) : $domain = $cookie_params["domain"];
( !isset( $cookie_params["secure"] ) ) ? $secure = FALSE : $secure = $cookie_params["secure"];
session_set_cookie_params( $ttl , $path , $domain , $secure );
// start session
if( !session_start() )
{
return $this->message_return( DBUM_SESSION_START_FAILED , "Session" , "Cannot start session" );
}
header("Cache-control: ".$sess_cache_limiter); //IE 6 Fix
////////////////////////////////////////////////////////////////////////
// Updating Session Table
if( $sess_id != session_id() )
{
$this->query= "";
$this->query = "INSERT INTO ". DBUM_SESSION_TABLE ." VALUES (
'' ,
'". session_id() ."',
'". $this->_datetime() ."' ,
'' ,
'' ,
'". $this->_timestamp() ."' ,
'". $this->_get_clientip() ."' ,
'". $this->_get_browser() ."' ,
'". $this->_get_referer() ."'
)";
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
$this->query = '';
if( $this->db->affectedRows( $this->result ) != 1 )
{
return $this->message_return( DBUM_INSERT_SESSION_FAILED , "DB_Handling" , "Something goes wrong, while insert session data" , __LINE__ , __FILE__ );
}
// $this->result->free();
}
////////////////////////////////////////////////////////////////////////
return TRUE;
}
/***************************************************************************
* - unset all session vars
* - destroy session and go secure is session file delete
**************************************************************************/
function destroy_session()
{
$session_id = session_id();
// Unset all Session Vars
session_unset();
// Destroy Session
session_destroy();
// Get session file and delete it !!!
if (strtolower('files' == session_module_name()))
{
$os = substr(PHP_OS, 0, 3);
if( $os == 'WIN' )
{
$tz = "//";
$path = str_replace( chr(92) , $tz , session_save_path() );
}
else
{
$tz = "/";
$path = session_save_path();
}
@unlink($path . $tz .'sess_'. $session_id );
}
return TRUE;
}
/***************************************************************************
* $options = array( "groups_table" => array( "name" => "100",
* "desc" => "255",
* "level" => "3" ),
* "users_table" => array( "username" => "45",
* "password" => "35", ) ,
* "groups" => array( array( "group_name" => "admin",
* "group_desc" => "Administrators Group",
* "level" => "100",
* "activated" => "1" ),
* array( "group_name" => "user",
* "group_desc" => "Users Group",
* "level" => "500",
* "activated" => "1" ),
* array( "group_name" => "public",
* "group_desc" => "Public Group",
* "level" => "900",
* "activated" => "1" ) ),
* "users" => array( array( "username" => "admin"
* )
*
**************************************************************************/
function install_tables( $options = array() )
{
while( $k = key( $options ) )
{
// check is a numeric array()
if( is_array( $options[$k] ) )
{
if( !$this->_is_numeric_array( $options[$k] ) )
{
return $this->message_return( DBUM_INSTALL_ERROR , "Parameters" , "Options->". $k ." is not a numeric array.") ;
}
}
else
{
return $this->message_return( DBUM_INSTALL_ERROR , "Parameters" , "Options->". $k ." is not an array.");
}
/*
// Check are given data valid
for( $i=0; $i < count($options[$k]); $i++ )
{
if( !$this->_valid_data( $options[$k][$i] ) )
{
return FALSE;
}
}
*/
}
$this->query = '';
$this->query = 'CREATE TABLE '. DBUM_SESSION_TABLE .' (
id bigint(20) unsigned NOT NULL auto_increment,
session_id varchar(32) NOT NULL default \'\',
session_start datetime NOT NULL default \'NOW()\',
session_stop datetime default NULL,
user_id int(10) unsigned NOT NULL default \'0\',
last_action int(10) UNSIGNED NOT NULL default \'0\',
remoteip varchar(15) NOT NULL default \'\',
browser varchar(255) default NULL,
referer varchar(255) default NULL,
PRIMARY KEY ( id ),
UNIQUE KEY session_id ( session_id )
) TYPE=MyISAM COMMENT=\'DBUM Session Data\' AUTO_INCREMENT=1
';
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
$this->query= '';
$this->query = 'CREATE TABLE '. DBUM_GROUPS_TABLE .' (
group_id int(10) unsigned NOT NULL auto_increment,
group_name varchar(100) NOT NULL default \'\',
group_desc varchar(255) default NULL,
activated tinyint(1) unsigned NOT NULL default \'1\',
level smallint(3) unsigned NOT NULL default \'999\',
PRIMARY KEY ( group_id ),
UNIQUE KEY group_name ( group_name )
) TYPE=MyISAM COMMENT=\'DBUM Groups Table\' AUTO_INCREMENT=1
';
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
$this->query = '';
for( $i = 0; $i < count($options["groups"]); $i++ )
{
if( !$this->create_group( $options["groups"][$i] ) )
{
return FALSE;
}
}
$this->query = 'CREATE TABLE '. DBUM_USERS_TABLE .' (
user_id int(10) unsigned NOT NULL auto_increment,
group_id int(10) unsigned NOT NULL default \'0\',
session_id varchar(32) NOT NULL ,
failed_logins smallint(2) unsigned NOT NULL default \'0\',
locked tinyint(1) unsigned NOT NULL default \'0\',
activated tinyint(1) unsigned NOT NULL default \'0\',
created datetime NOT NULL default \'0000-00-00 00:00:00\',
username varchar(50) NOT NULL ,
password varchar(40) NOT NULL ,
first_name varchar(100) default NULL,
last_name varchar(100) default NULL,
street varchar(255) default NULL,
postcode varchar(20) default NULL,
hometown varchar(150) default NULL,
email varchar(150) NOT NULL,
website varchar(255) NULL,
telephone varchar(50) default NULL,
fax varchar(50) default NULL,
mobil varchar(50) default NULL,
signature text default NULL,
icq bigint(20) default NULL,
msn varchar(255) default NULL,
aim varchar(255) default NULL,
PRIMARY KEY (user_id),
UNIQUE KEY session_id (session_id),
UNIQUE KEY username (username),
UNIQUE KEY email (email)
) TYPE=MyISAM COMMENT=\'DBUM Users Data Table\' AUTO_INCREMENT=1
';
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
$this->query = '';
unset( $this->result );
for( $i = 0; $i< count( $options["users"] ); $i++ )
{
if( !$this->create_user( $options["users"][$i] ) )
{
return FALSE;
}
}
return TRUE;
}
function message_return( $msg_code , $msg_title = "" , $msg_text = "" , $line = "" , $file = "" )
{
if( $msg_code == DBUM_SQL_ERROR )
{
$this->err_code = $msg_code;
if( !$this->debug )
{
$this->err_title = "SQL_Error";
$this->err_msg = $this->result->getMessage();
}
else
{
$this->err_title = $this->result->getMessage();
$this->err_msg = $this->result->getUserInfo();
$this->err_line = $line;
$this->err_file = $file;
}
}
if( $msg_code == DBUM_INSERT_SESSION_FAILED || $msg_code == DBUM_CREATE_USER_FAILED || $msg_code == DBUM_UPDATE_SESSION_FAILED || $msg_code == DBUM_UNLOCK_USER_FAILED || $msg_code == DBUM_ACTIVATED_USER_FAILED || $msg_code == DBUM_CHANGE_EMAIL_FAILED || $msg_code == DBUM_GROUP_DELETE_FAILED || $msg_code == DBUM_GROUP_ACTIVATE_FAILED || $msg_code == DBUM_GROUP_DEACTIVATE_FAILED || $msg_code == DBUM_GROUP_EDIT_FAILED || $msg_code == DBUM_ACTION_FAILED )
{
$this->err_code = $msg_code;
$this->err_title = $msg_title;
$this->err_msg = $msg_text;
$this->err_line = $line;
$this->err_file = $file;
}
if( $msg_code == DBUM_INPUT_ERROR )
{
$this->err_code = $msg_code;
if( $msg_title == "" )
{
$this->err_title = "Input Error";
}
else
{
$this->err_title = $msg_title;
}
$this->err_msg = $msg_text;
}
if( $msg_code == DBUM_LOGIN_FAILED || $msg_code == DBUM_USER_NOT_ACTIVATED || $msg_code == DBUM_USER_EXISTS || $msg_code == DBUM_SESSION_START_FAILED || $msg_code == DBUM_USER_LOCKED || $msg_code == DBUM_GROUP_NOT_EXISTS || $msg_code == DBUM_GROUP_NOT_ACTIVATED || $msg_code == DBUM_NOT_LOGGED || $msg_code == DBUM_LOGIN_TIMEOUT_REACHED || $msg_code == DBUM_USER_NOT_EXISTS || $msg_code == DBUM_CHANGE_PASSWORD_FAILED || $msg_code == DBUM_ACCESS_DENIED || $msg_code == DBUM_GROUP_EXISTS || $msg_code == DBUM_EDIT_USER_FAILED || $msg_code == DBUM_FORGOT_PASSWORD_FAILED)
{
$this->err_code = $msg_code;
$this->err_title = $msg_title;
$this->err_msg = $msg_text;
if( $this->debug )
{
$this->err_line = $line;
$this->err_file = $file;
}
}
if( $msg_code == DBUM_HACKER_ATTEMPT )
{
$this->err_code = $msg_code;
$this->err_title = "Hacker attempt";
$this->err_msg = "You try to hack this site, an email with your data was send to admin";
}
if( isset($this->result) )
{
// $this->result->free();
}
return FALSE;
}
function _valid_data( $user )
{
while(list($key , $value ) = each( $user ))
{
if( !is_array($value) ) $value = strip_tags( $value );
// Check is Username String valid
if( preg_match("/username/i" , $key ) )
{
if( strlen( $value ) > DBUM_MAX_USERNAME_LEN )
{
return $this->message_return( DBUM_HACKER_ATTEMPT );
}
if( !preg_match("/^[A-Za-z0-9_-]+$/" , $value ) )
{
return $this->message_return( DBUM_INPUT_ERROR , "Username" , "Invalid chars in your username" );
}
}
// Check is Password String valid
if( preg_match("/password/i" , $key ) )
{
if( is_array($value) )
{
foreach( $value as $v )
{
if( strlen( $v ) > DBUM_MAX_PASSWORD_LEN )
{
return $this->message_return( DBUM_HACKER_ATTEMPT );
}
}
}
else
{
if( strlen( $value ) > DBUM_MAX_PASSWORD_LEN )
{
return $this->message_return( DBUM_HACKER_ATTEMPT );
}
}
}
// Check is first_name String valid
if( preg_match("/first_name/i" , $key) )
{
if( !empty( $value ) )
{
if( strlen( $value ) > DBUM_FIRST_NAME_MAX_LEN )
{
return $this->message_return( DBUM_HACKER_ATTEMPT );
}
if( !preg_match("/^[A-Za-z0-9_-]+$/" , $value ) )
{
return $this->message_return( DBUM_INPUT_ERROR , "First_Name" , "Invalid chars in your first_name" );
}
}
}
// Check is last_name String valid
if( preg_match("/last_name/i" , $key) )
{
if( strlen( $value ) > DBUM_LAST_NAME_MAX_LEN )
{
return $this->message_return( DBUM_HACKER_ATTEMPT );
}
if( !empty($value) && !preg_match("/^[A-Za-z0-9_-]+$/" , $value ) )
{
return $this->message_return( DBUM_INPUT_ERROR , "Last_Name" , "Invalid chars in your last_name" );
}
}
// Check is street String valid
if( preg_match("/street/i" , $key) )
{
if( !empty($value) )
{
if( strlen( $value ) > DBUM_STREET_MAX_LEN )
{
return $this->message_return( DBUM_HACKER_ATTEMPT );
}
if( !preg_match("/^[A-Za-z0-9.-]+$/" , $value ) )
{
return $this->message_return( DBUM_INPUT_ERROR , "Street" , "Invalid chars in your street string" );
}
}
}
// Check is hometown String valid
if( preg_match("/hometown/i" , $key) )
{
if( !empty($value) )
{
if( strlen( $value ) > DBUM_HOMETOWN_MAX_LEN )
{
return $this->message_return( DBUM_HACKER_ATTEMPT );
}
if( !preg_match("/^[A-Za-z0-9-_]+$/" , $value ) )
{
return $this->message_return( DBUM_INPUT_ERROR , "HomeTown" , "Invalid chars in your hometown" );
}
}
}
// Check is postcode String valid
if( preg_match("/postcode/i" , $key) )
{
if( !empty($value) )
{
if( strlen( $value ) > DBUM_POSTCODE_MAX_LEN )
{
return $this->message_return( DBUM_HACKER_ATTEMPT );
}
if( !preg_match("/^[0-9]+$/" , $value ) )
{
return $this->message_return( DBUM_INPUT_ERROR , "Postcode" , "Invalid chars in your postcode" );
}
}
}
// Check is E-Mail String valid
if( preg_match("/email/i" , $key) )
{
if( strlen( $value ) > DBUM_EMAIL_MAX_LEN )
{
return $this->message_return( DBUM_HACKER_ATTEMPT );
}
if( !preg_match("/[a-z0-9_-]+(\.[a-z0-9_-]+)*@([0-9a-z][0-9a-z-]*[0-9a-z]\.)+([a-z]{2,4}|museum)/i" , $value ) )
{
return $this->message_return( DBUM_INPUT_ERROR , "E-Mail" , "Invalid email address" );
}
}
// Check is telephone valid
if( preg_match("/telephone/i" , $key) )
{
if( strlen( $value ) > DBUM_TELEPHONE_MAX_LEN )
{
return $this->message_return( DBUM_HACKER_ATTEMPT );
}
}
// Check is FAX valid
if( preg_match("/fax/i" , $key) )
{
if( strlen( $value ) > DBUM_FAX_MAX_LEN )
{
return $this->message_return( DBUM_HACKER_ATTEMPT );
}
}
// Check is Mobil valid
if( preg_match("/mobil/i" , $key) )
{
if( strlen( $value ) > DBUM_MOBIL_MAX_LEN )
{
return $this->message_return( DBUM_HACKER_ATTEMPT );
}
}
// Check is ICQ Number valid
if( preg_match("/icq/i" , $key) )
{
if( !empty($value) )
{
if( strlen( $value ) > DBUM_ICQ_MAX_LEN )
{
return $this->message_return( DBUM_HACKER_ATTEMPT );
}
if( !preg_match("/^[0-9]+$/" , $value ) )
{
return $this->message_return( DBUM_INPUT_ERROR , "ICQ_Number" , "Invalid chars in your icq number" );
}
}
}
// Check is MSN valid
if( preg_match("/msn/i" , $key) )
{
if( strlen( $value ) > DBUM_MSN_MAX_LEN )
{
return $this->message_return( DBUM_HACKER_ATTEMPT );
}
}
// Check is AIM valid
if( preg_match("/aim/i" , $key) )
{
if( strlen( $value ) > DBUM_AIM_MAX_LEN )
{
return $this->message_return( DBUM_HACKER_ATTEMPT );
}
}
// Check is Website valid
if( preg_match("/website/i" , $key) )
{
if( !empty($value) )
{
if( strlen( $value ) > DBUM_WEBSITE_MAX_LEN )
{
return $this->message_return( DBUM_HACKER_ATTEMPT );
}
if( !preg_match("/^http:+./i" , $value) )
{
return $this->message_return( DBUM_INPUT_ERROR , "Website" , "Invalid URL given" );
}
}
}
// Extra checks
if( preg_match("/unlock_id|session_id/i" , $key) )
{
if( strlen( $value ) > 32 )
{
return $this->message_return( DBUM_HACKER_ATTEMPT );
}
if( !preg_match("/^[a-z0-9]+$/" , $value) )
{
return $this->message_return( DBUM_INPUT_ERROR , "Id" , "Invalid ". $key ." given" );
}
}
if( preg_match("/group_name/i" , $key ) )
{
if( strlen( $value ) > DBUM_GROUP_NAME_MAX_LEN )
{
return $this->message_return( DBUM_HACKER_ATTEMPT );
}
if( !preg_match("/^[A-Za-z0-9_-]+$/" , $value) )
{
return $this->message_return( DBUM_INPUT_ERROR , "Group Name" , "Invalid group_name given" );
}
}
if( preg_match("/group_desc/i" , $key ) )
{
if( !empty($value) )
{
if( strlen( $value ) > DBUM_GROUP_DESC_MAX_LEN )
{
return $this->message_return( DBUM_HACKER_ATTEMPT );
}
if( !preg_match("/^[A-Za-z0-9_-]+$/" , $value) )
{
return $this->message_return( DBUM_INPUT_ERROR , "Group Description" , "Invalid group_desc given" );
}
}
}
if( preg_match("/level/i" , $key ) )
{
if( strlen( $value ) > DBUM_GROUP_LEVEL_MAX_LEN )
{
return $this->message_return( DBUM_HACKER_ATTEMPT );
}
if( !preg_match("/^[A-Za-z0-9_-]+$/" , $value) )
{
return $this->message_return( DBUM_INPUT_ERROR , "Group Description" , "Invalid group_desc given" );
}
}
if( preg_match("/timeout/i" , $key ) )
{
if( strlen( $value ) > DBUM_TIMEOUT_MAX_LEN )
{
return $this->message_return( DBUM_HACKER_ATTEMPT );
}
if( !preg_match("/^[0-9]+$/" , $value ) )
{
return $this->message_return( DBUM_INPUT_ERROR , "Timeout" , "Invalid timeout given" );
}
}
}
return TRUE;
}
function _user_not_exists( $username )
{
// DB Handling
$this->query = '';
$this->query = 'SELECT user_id FROM '. DBUM_USERS_TABLE .' WHERE LOWER(username) = \''. strtolower($username) .'\' LIMIT 1';
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR );
}
$this->query = '';
// check is a Dataset founded !
if( $row = $this->result->fetchRow() )
{
$this->result->free();
return $this->message_return( DBUM_USER_EXISTS , "Username" , "User alreadey exists" , __LINE__ , __FILE__ );
}
// Free Result
$this->result->free();
// Return
return TRUE;
}
/***************************************************************************
*
**************************************************************************/
function _group_not_exists( $group_name )
{
$this->query = '';
$this->query = 'SELECT group_id FROM '. DBUM_GROUPS_TABLE .' WHERE LOWER(group_name) = \''. strtolower($group_name) .'\' LIMIT 1';
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
if( $row = $this->result->fetchRow() )
{
$this->result->free();
return $this->message_return( DBUM_GROUP_EXISTS , "GroupName" , "Group does already exists" );
}
$this->result->free();
return TRUE;
}
/*
*
*
*/
function _email_not_exists( $email )
{
$this->query = '';
$this->query = 'SELECT username FROM '. DBUM_USERS_TABLE .' WHERE email = \''. $email .'\' LIMIT 1';
$this->result = $this->db->query( $this->query );
if( DB::isError( $this->result ) )
{
return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ );
}
if( $row = $this->result->fetchRow() )
{
$this->result->free();
return $this->message_return( DBUM_EMAIL_EXISTS , "Email address" , "Given email address already exists" );
}
$this->result->free();
return TRUE;
}
/***************************************************************************
* _generate_password
* - ONLY EXPERIMENTAL - not more -
**************************************************************************/
function _generate_password( $string )
{
$output = '';
for($i = 0; $i <= 2; $i++ )
{
$output .= substr( $string , substr(time(),-1) );
}
return substr( $output, -8 );
}
/***************************************************************************
* return a md5 id
*
**************************************************************************/
function _generate_id( $username )
{
return md5($this->_get_microtime().$username);
}
function _get_clientip()
{
if( getenv("HTTP_X_FORWARDED_FOR") != '' )
{
$client_ip = $_SERVER["REMOTE_ADDR"];
if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) )
{
$private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10.\.*/', '/^224.\.*/', '/^240.\.*/');
$client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
}
}
else
{
$client_ip = $_SERVER["REMOTE_ADDR"];
if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) )
{
$private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10.\.*/', '/^224.\.*/', '/^240.\.*/');
$client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
}
}
return $client_ip;
}
// Return if isset HTTP REFERER , else NULL
function _get_referer()
{
if( isset($_SERVER["HTTP_REFERER"]) && $_SERVER["HTTP_REFERER"] != '' )
{
return $_SERVER["HTTP_REFERER"];
}
else
{
return NULL;
}
}
// Return if isset $_SERVER["HTTP_USER_AGENT"] , else NULL
function _get_browser()
{
if( isset($_SERVER["HTTP_USER_AGENT"]) && $_SERVER["HTTP_USER_AGENT"] != '' )
{
return $_SERVER["HTTP_USER_AGENT"];
}
else
{
return NULL;
}
}
// Return TRUE if given array only with numeric keys, else FALSE
function _is_numeric_array( $a )
{
if( !is_array( $a ) ) return FALSE;
foreach( $a as $k ){ if( !is_numeric( $k ) ) return FALSE; }
return TRUE;
}
// Return Unix Timestamp
function _timestamp()
{
return date('U');
}
// Get Mircotime
function _get_microtime()
{
list( $usec , $sec ) = explode(" ", microtime());
return ((float)$usec + (float)$sec);
}
// Return Formatted datetime
function _datetime()
{
return date('Y-m-d H:i:s');
}
}
?>
|
Download
