| [ Index ] |
PHP Cross Reference of Nucleus CMS 3.32 |
[Summary view] [Print] [Text view]
1 <?php 2 3 /* 4 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) 5 * Copyright (C) 2002-2007 The Nucleus Group 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License 9 * as published by the Free Software Foundation; either version 2 10 * of the License, or (at your option) any later version. 11 * (see nucleus/documentation/index.html#license for more info) 12 */ 13 /** 14 * A class representing site members 15 * 16 * @license http://nucleuscms.org/license.txt GNU General Public License 17 * @copyright Copyright (C) 2002-2007 The Nucleus Group 18 * @version $Id: MEMBER.php 1116 2007-02-03 08:24:29Z kimitake $ 19 */ 20 class MEMBER { 21 22 // 1 when authenticated, 0 when not 23 var $loggedin = 0; 24 var $password; // not the actual password, but rather a MD5 hash 25 26 var $cookiekey; // value that should also be in the client cookie to allow authentication 27 28 // member info 29 var $id = -1; 30 var $realname; 31 var $displayname; 32 var $email; 33 var $url; 34 var $language = ''; // name of the language file to use (e.g. 'english' -> english.php) 35 var $admin = 0; // (either 0 or 1) 36 var $canlogin = 0; // (either 0 or 1) 37 var $notes; 38 39 // (private) 40 function MEMBER() { 41 42 } 43 44 // (static) 45 function &createFromName($displayname) { 46 $mem =& new MEMBER(); 47 $mem->readFromName($displayname); 48 return $mem; 49 } 50 51 // (static) 52 function &createFromID($id) { 53 $mem =& new MEMBER(); 54 $mem->readFromID($id); 55 return $mem; 56 } 57 58 function readFromName($displayname) { 59 return $this->read("mname='".addslashes($displayname)."'"); 60 } 61 62 function readFromID($id) { 63 return $this->read("mnumber=" . intval($id)); 64 } 65 66 /** 67 * Tries to login as a given user. Returns true when succeeded, 68 * returns false when failed 69 */ 70 function login($login, $password) { 71 $this->loggedin = 0; 72 if (!$this->readFromName($login)) 73 return 0; 74 if (!$this->checkPassword($password)) 75 return 0; 76 $this->loggedin = 1; 77 return $this->isLoggedIn(); 78 } 79 80 // login using cookie key 81 function cookielogin($login, $cookiekey) { 82 $this->loggedin = 0; 83 if (!$this->readFromName($login)) 84 return 0; 85 if (!$this->checkCookieKey($cookiekey)) 86 return 0; 87 $this->loggedin = 1; 88 return $this->isLoggedIn(); 89 } 90 91 function logout() { 92 $this->loggedin=0; 93 } 94 95 function isLoggedIn() { 96 return $this->loggedin; 97 } 98 99 function read($where) { 100 // read info 101 $query = 'SELECT * FROM '.sql_table('member') . ' WHERE ' . $where; 102 103 $res = sql_query($query); 104 $obj = mysql_fetch_object($res); 105 106 $this->setRealName($obj->mrealname); 107 $this->setEmail($obj->memail); 108 $this->password = $obj->mpassword; 109 $this->setCookieKey($obj->mcookiekey); 110 $this->setURL($obj->murl); 111 $this->setDisplayName($obj->mname); 112 $this->setAdmin($obj->madmin); 113 $this->id = $obj->mnumber; 114 $this->setCanLogin($obj->mcanlogin); 115 $this->setNotes($obj->mnotes); 116 $this->setLanguage($obj->deflang); 117 118 return mysql_num_rows($res); 119 } 120 121 122 /** 123 * Returns true if member is an admin for the given blog 124 * (returns false if not a team member) 125 */ 126 function isBlogAdmin($blogid) { 127 $query = 'SELECT tadmin FROM '.sql_table('team').' WHERE' 128 . ' tblog=' . intval($blogid) 129 . ' and tmember='. $this->getID(); 130 $res = sql_query($query); 131 if (mysql_num_rows($res) == 0) 132 return 0; 133 else 134 return (mysql_result($res,0,0) == 1) ; 135 } 136 137 function blogAdminRights($blogid) { 138 return ($this->isAdmin() || $this->isBlogAdmin($blogid)); 139 } 140 141 142 function teamRights($blogid) { 143 return ($this->isAdmin() || $this->isTeamMember($blogid)); 144 } 145 146 /** 147 * Returns true if this member is a team member of the given blog 148 */ 149 function isTeamMember($blogid) { 150 $query = 'SELECT * FROM '.sql_table('team').' WHERE' 151 . ' tblog=' . intval($blogid) 152 . ' and tmember='. $this->getID(); 153 $res = sql_query($query); 154 return (mysql_num_rows($res) != 0); 155 } 156 157 /** 158 * Returns true if this member can edit/delete a commentitem. This can be in the 159 * following cases: 160 * - member is a super-admin 161 * - member is the author of the comment 162 * - member is admin of the blog associated with the comment 163 * - member is author of the item associated with the comment 164 */ 165 function canAlterComment($commentid) { 166 if ($this->isAdmin()) return 1; 167 168 $query = 'SELECT citem as itemid, iblog as blogid, cmember as cauthor, iauthor' 169 . ' FROM '.sql_table('comment') .', '.sql_table('item').', '.sql_table('blog') 170 . ' WHERE citem=inumber and iblog=bnumber and cnumber=' . intval($commentid); 171 $res = sql_query($query); 172 $obj = mysql_fetch_object($res); 173 174 return ($obj->cauthor == $this->getID()) or $this->isBlogAdmin($obj->blogid) or ($obj->iauthor == $this->getID()); 175 } 176 177 /** 178 * Returns true if this member can edit/delete an item. This is true in the following 179 * cases: - member is a super-admin 180 * - member is the author of the item 181 * - member is admin of the the associated blog 182 */ 183 function canAlterItem($itemid) { 184 if ($this->isAdmin()) return 1; 185 186 $query = 'SELECT iblog, iauthor FROM '.sql_table('item').' WHERE inumber=' . intval($itemid); 187 $res = sql_query($query); 188 $obj = mysql_fetch_object($res); 189 return ($obj->iauthor == $this->getID()) or $this->isBlogAdmin($obj->iblog); 190 } 191 192 /** 193 * returns true if this member can move/update an item to a given category, 194 * false if not (see comments fot the tests that are executed) 195 * 196 * @param itemid 197 * @param newcat (can also be of form 'newcat-x' with x=blogid) 198 */ 199 function canUpdateItem($itemid, $newcat) { 200 global $manager; 201 202 // item does not exists -> NOK 203 if (!$manager->existsItem($itemid,1,1)) return 0; 204 205 // cannot alter item -> NOK 206 if (!$this->canAlterItem($itemid)) return 0; 207 208 // if this is a 'newcat' style newcat 209 // no blog admin of destination blog -> NOK 210 // blog admin of destination blog -> OK 211 if (strstr($newcat,'newcat')) { 212 // get blogid 213 list($blogid) = sscanf($newcat,'newcat-%d'); 214 return $this->blogAdminRights($blogid); 215 } 216 217 // category does not exist -> NOK 218 if (!$manager->existsCategory($newcat)) return 0; 219 220 221 // get item 222 $item =& $manager->getItem($itemid,1,1); 223 224 // old catid = new catid -> OK 225 if ($item['catid'] == $newcat) return 1; 226 227 // not a valid category -> NOK 228 $validCat = quickQuery('SELECT COUNT(*) AS result FROM '.sql_table('category').' WHERE catid='.intval($newcat)); 229 if (!$validCat) return 0; 230 231 // get destination blog 232 $source_blogid = getBlogIDFromItemID($itemid); 233 $dest_blogid = getBlogIDFromCatID($newcat); 234 235 // not a team member of destination blog -> NOK 236 if (!$this->teamRights($dest_blogid)) return 0; 237 238 // if member is author of item -> OK 239 if ($item['authorid'] == $this->getID()) return 1; 240 241 // if member has admin rights on both blogs: OK 242 if (($this->blogAdminRights($dest_blogid)) && ($this->blogAdminRights($source_blogid))) return 1; 243 244 // all other cases: NOK 245 return 0; 246 247 } 248 249 function canAddItem($catid) { 250 global $manager; 251 252 // if this is a 'newcat' style newcat 253 // no blog admin of destination blog -> NOK 254 // blog admin of destination blog -> OK 255 if (strstr($catid,'newcat')) { 256 // get blogid 257 list($blogid) = sscanf($catid,"newcat-%d"); 258 return $this->blogAdminRights($blogid); 259 } 260 261 // category does not exist -> NOK 262 if (!$manager->existsCategory($catid)) return 0; 263 264 $blogid = getBlogIDFromCatID($catid); 265 266 // no team rights for blog -> NOK 267 if (!$this->teamRights($blogid)) return 0; 268 269 // all other cases: OK 270 return 1; 271 } 272 273 /** 274 * Return true if member can be deleted. This means that there are no items 275 * posted by the member left 276 */ 277 function canBeDeleted() { 278 $res = sql_query('SELECT * FROM '.sql_table('item').' WHERE iauthor=' . $this->getID()); 279 return (mysql_num_rows($res) == 0); 280 } 281 282 /** 283 * Sets the cookies for the member 284 * 285 * @param shared 286 * set this to 1 when using a shared computer. Cookies will expire 287 * at the end of the session in this case. 288 */ 289 function setCookies($shared = 0) { 290 global $CONF; 291 292 if ($CONF['SessionCookie'] || $shared) 293 $lifetime = 0; 294 else 295 $lifetime = (time()+2592000); 296 297 setcookie($CONF['CookiePrefix'] .'user',$this->getDisplayName(),$lifetime,$CONF['CookiePath'],$CONF['CookieDomain'],$CONF['CookieSecure']); 298 setcookie($CONF['CookiePrefix'] .'loginkey', $this->getCookieKey(),$lifetime,$CONF['CookiePath'],$CONF['CookieDomain'],$CONF['CookieSecure']); 299 300 // make sure cookies on shared pcs don't get renewed 301 if ($shared) 302 setcookie($CONF['CookiePrefix'] .'sharedpc', '1',$lifetime,$CONF['CookiePath'],$CONF['CookieDomain'],$CONF['CookieSecure']); 303 } 304 305 function sendActivationLink($type, $extra='') 306 { 307 global $CONF; 308 309 // generate key and URL 310 $key = $this->generateActivationEntry($type, $extra); 311 $url = $CONF['AdminURL'] . 'index.php?action=activate&key=' . $key; 312 313 // choose text to use in mail 314 switch ($type) 315 { 316 case 'register': 317 $message = _ACTIVATE_REGISTER_MAIL; 318 $title = _ACTIVATE_REGISTER_MAILTITLE; 319 break; 320 case 'forgot': 321 $message = _ACTIVATE_FORGOT_MAIL; 322 $title = _ACTIVATE_FORGOT_MAILTITLE; 323 break; 324 case 'addresschange': 325 $message = _ACTIVATE_CHANGE_MAIL; 326 $title = _ACTIVATE_CHANGE_MAILTITLE; 327 break; 328 default; 329 } 330 331 // fill out variables in text 332 333 $aVars = array( 334 'siteName' => $CONF['SiteName'], 335 'siteUrl' => $CONF['IndexURL'], 336 'memberName' => $this->getDisplayName(), 337 'activationUrl' => $url 338 ); 339 340 $message = TEMPLATE::fill($message, $aVars); 341 $title = TEMPLATE::fill($title, $aVars); 342 343 // send mail 344 345 @mail($this->getEmail(), $title ,$message,'From: ' . $CONF['AdminEmail']); 346 347 ACTIONLOG::add(INFO, _ACTIONLOG_ACTIVATIONLINK . ' (' . $this->getDisplayName() . ' / type: ' . $type . ')'); 348 349 350 } 351 352 /** 353 * Returns an array of all blogids for which member has admin rights 354 */ 355 function getAdminBlogs() { 356 $blogs = array(); 357 358 if ($this->isAdmin()) 359 $query = 'SELECT bnumber as blogid from '.sql_table('blog'); 360 else 361 $query = 'SELECT tblog as blogid from '.sql_table('team').' where tadmin=1 and tmember=' . $this->getID(); 362 363 $res = sql_query($query); 364 if (mysql_num_rows($res) > 0) { 365 while ($obj = mysql_fetch_object($res)) { 366 array_push($blogs, $obj->blogid); 367 } 368 } 369 370 return $blogs; 371 } 372 373 /** 374 * Returns an email address from which notification of commenting/karma voting can 375 * be sent. A suggestion can be given for when the member is not logged in 376 */ 377 function getNotifyFromMailAddress($suggest = "") { 378 global $CONF; 379 if ($this->isLoggedIn()) { 380 return $this->getDisplayName() . " <" . $this->getEmail() . ">"; 381 } else if (isValidMailAddress($suggest)) { 382 return $suggest; 383 } else { 384 return $CONF['AdminEmail']; 385 } 386 } 387 388 /** 389 * Write data to database 390 */ 391 function write() { 392 393 $query = 'UPDATE '.sql_table('member') 394 . " SET mname='" . addslashes($this->getDisplayName()) . "'," 395 . " mrealname='". addslashes($this->getRealName()) . "'," 396 . " mpassword='". addslashes($this->getPassword()) . "'," 397 . " mcookiekey='". addslashes($this->getCookieKey()) . "'," 398 . " murl='" . addslashes($this->getURL()) . "'," 399 . " memail='" . addslashes($this->getEmail()) . "'," 400 . " madmin=" . $this->isAdmin() . "," 401 . " mnotes='" . addslashes($this->getNotes()) . "'," 402 . " mcanlogin=" . $this->canLogin() . "," 403 . " deflang='" . addslashes($this->getLanguage()) . "'" 404 . " WHERE mnumber=" . $this->getID(); 405 sql_query($query); 406 } 407 408 function checkPassword($pw) { 409 return (md5($pw) == $this->getPassword()); 410 } 411 412 function checkCookieKey($key) { 413 return (($key != '') && ($key == $this->getCookieKey())); 414 } 415 416 function getRealName() { 417 return $this->realname; 418 } 419 420 function setRealName($name) { 421 $this->realname = $name; 422 } 423 424 function getEmail() { 425 return $this->email; 426 } 427 428 function setEmail($email) { 429 $this->email = $email; 430 } 431 432 function getPassword() { 433 return $this->password; 434 } 435 436 function setPassword($pwd) { 437 $this->password = md5($pwd); 438 } 439 440 function getCookieKey() { 441 return $this->cookiekey; 442 } 443 444 /** 445 * Generate new cookiekey, save it, and return it 446 */ 447 function newCookieKey() { 448 mt_srand( (double) microtime() * 1000000); 449 $this->cookiekey = md5(uniqid(mt_rand())); 450 $this->write(); 451 return $this->cookiekey; 452 } 453 454 function setCookieKey($val) { 455 $this->cookiekey = $val; 456 } 457 458 function getURL() { 459 return $this->url; 460 } 461 462 function setURL($site) { 463 $this->url = $site; 464 } 465 466 function getLanguage() { 467 return $this->language; 468 } 469 470 function setLanguage($lang) { 471 $this->language = $lang; 472 } 473 474 function setDisplayName($nick) { 475 $this->displayname = $nick; 476 } 477 478 function getDisplayName() { 479 return $this->displayname; 480 } 481 482 function isAdmin() { 483 return $this->admin; 484 } 485 486 function setAdmin($val) { 487 $this->admin = $val; 488 } 489 490 function canLogin() { 491 return $this->canlogin; 492 } 493 494 function setCanLogin($val) { 495 $this->canlogin = $val; 496 } 497 498 function getNotes() { 499 return $this->notes; 500 } 501 502 function setNotes($val) { 503 $this->notes = $val; 504 } 505 506 function getID() { 507 return