diff -r 2cd8c1649ba9 -r 58094faf794d inc/users.inc.php --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/inc/users.inc.php Tue Apr 10 22:40:43 2007 +0000 @@ -0,0 +1,369 @@ + trancer nl> | +// | Sjeemz sjeemz nl> | +// +--------------------------------------------------------------------+ + +// Filename: users.inc.php +// Startdate: 26-10-2002 +// Description: all user modifications etc. are done here +// +// $Id: users.inc.php,v 1.8 2003/01/01 22:33:47 azurazu Exp $ +// + + + +/* + * Retrieve all users. + * Its to show_users therefore the odd name. Has to be changed. + * return values: an array with all users in it. + */ +function show_users($id='',$rowstart=0,$rowamount=9999999) +{ + global $db; + if(is_numeric($id)) + { + //When a user id is given, it is excluded from the userlist returned. + $add = " WHERE users.id!=$id"; + } + + // Make a huge query. + $sqlq = "SELECT users.id AS id, + users.username AS username, + users.fullname AS fullname, + users.email AS email, + users.description AS description, + users.level AS level, + users.active AS active, + count(zones.owner) AS aantal FROM users + LEFT JOIN zones ON users.id=zones.owner$add + GROUP BY + users.id, + users.username, + users.fullname, + users.email, + users.description, + users.level, + users.active + ORDER BY + users.fullname + LIMIT $rowstart,$rowamount"; + + // Execute the huge query. + $result = $db->query($sqlq); + $ret = array(); + $retcount = 0; + while ($r = $result->fetchRow()) + { + $ret[] = array( + "id" => $r["id"], + "username" => $r["username"], + "fullname" => $r["fullname"], + "email" => $r["email"], + "description" => $r["description"], + "level" => $r["level"], + "active" => $r["active"], + "numdomains" => $r["aantal"] + ); + } + return $ret; +} + + +/* + * Check if the given $userid is connected to a valid user. + * return values: true if user exists, false if users doesnt exist. + */ + function is_valid_user($id) +{ + global $db; + if(is_numeric($id)) + { + $result = $db->query("SELECT id FROM users WHERE id=$id"); + if ($result->numRows() == 1) + { + return true; + } + else + { + return false; + } + } +} + + +/* + * Gives a textdescribed value of the given levelid + * return values: the text associated with the level + */ +function leveldescription($id) +{ + // Fixed descriptions for each user level (feel free to edit, anyway..) + // Will get moved to the config file soon. + switch($id) + { + case 1: + global $NAME_LEVEL_1; + return $NAME_LEVEL_1; + break; + case 5: + global $NAME_LEVEL_5; + return $NAME_LEVEL_5; + break; + case 10: + global $NAME_LEVEL_10; + return $NAME_LEVEL_10; + break; + default: + return "Unknown"; + break; + } +} + + +/* + * Checks if a given username exists in the database. + * return values: true if exists, false if not. + */ +function user_exists($user) +{ + global $db; + $result = $db->query("SELECT id FROM users WHERE username='$user'"); + if ($result->numRows() == 0) + { + return false; + } + elseif($result->numRows() == 1) + { + return true; + } + else + { + error(ERR_UNKOWN); + } +} + + +/* + * Get all user info for the given user in an array. + * return values: the database style array with the information about the user. + */ +function get_user_info($id) +{ + global $db; + if (is_numeric($id)) + { + $result = $db->query("SELECT id, username, fullname, email, description, level, active from users where id=$id"); + $r = $result->fetchRow(); + return $r; + } + else + { + error(sprintf(ERR_INV_ARGC,"get_user_info", "you gave illegal arguments: $id")); + } +} + + +/* + * Delete a user from the system + * return values: true if user doesnt exist. + */ +function delete_user($id) +{ + global $db; + if (!level(10)) + { + error(ERR_LEVEL_10); + } + if (is_numeric($id)) + { + $db->query("DELETE FROM users WHERE id=$id"); + $db->query("DELETE FROM zones WHERE owner=$id"); + return true; + // No need to check the affected rows. If the affected rows would be 0, + // the user isnt in the dbase, just as we want. + } + else + { + error(ERR_INV_ARG); + } +} + + +/* + * Adds a user to the system. + * return values: true if succesfully added. + */ +function add_user($user, $password, $fullname, $email, $level, $description, $active) +{ + global $db; + if (!level(10)) + { + error(ERR_LEVEL_10); + } + if (!user_exists($user)) + { + // Might have to be changed. + // TODO probably. + $description = mysql_escape_string($description); + + // Clean up the fullname + $fullname = mysql_escape_string($fullname); + is_valid_email($email); + + // Get id and insert information. + $idusers= $db->nextID('users'); + $db->query("INSERT INTO users (id, username, password, fullname, email, description, level, active) VALUES ($idusers, '$user', '" . md5($password) . "', '$fullname', '$email', '$description', '$level', '$active')"); + return true; + } + else + { + error(ERR_USER_EXISTS); + } +} + + +/* + * Edit the information of an user.. sloppy implementation with too many queries.. (2) :) + * return values: true if succesful + */ +function edit_user($id, $user, $fullname, $email, $level, $description, $active, $password) +{ + global $db; + if(!level(10)) { + error(ERR_LEVEL_10); + } + + // Might have to be changed. + // TODO + $description = mysql_escape_string($description); + $fullname = mysql_escape_string($fullname); + is_valid_email($email); + + $sqlquery = "UPDATE users set username='$user', fullname='$fullname', email='$email', level=$level, description='$description', active=$active "; + + if($password != "") + { + $sqlquery .= ", password= '" . md5($password) . "' "; + } + + $sqlquery .= "where id=$id" ; + + // Search the username that right now goes with this ID. + $result = $db->query("SELECT username from users where id=$id"); + $r = array(); + $r = $result->fetchRow(); + + // If the found username with this ID is the given username with the command.. execute. + + if($r["username"] == $user) + { + $db->query($sqlquery); + return true; + } + + // Its not.. so the user wants to change. + // Find if there is an id that has the wished username. + $otheruser = $db->query("SELECT id from users where username='$user'"); + if($otheruser->numRows() > 0) + { + error(ERR_USER_EXIST); + } + + // Its fine it seems.. :) + // Lets execute it. + else + { + $db->query($sqlquery); + return true; + } +} + +/* + * Change the pass of the user. + * The user is automatically logged out after the pass change. + * return values: none. + */ +function change_user_pass($currentpass, $newpass, $newpass2) +{ + global $db; + + // Check if the passwords are equal. + if($newpass != $newpass2) + { + error(ERR_USER_MATCH_NEW_PASS); + } + + // Retrieve the users password. + $result = $db->query("SELECT password, id FROM users WHERE username='". $_SESSION["userlogin"] ."'"); + $rinfo = $result->fetchRow(); + + // Check the current password versus the database password and execute the update. + if(md5($currentpass) == $rinfo["password"]) + { + $sqlquery = "update users set password='" . md5($newpass) . "' where id='" . $rinfo["id"] . "'"; + $db->query($sqlquery); + + // Logout the user. + logout("Pass changed please re-login"); + } + else + { + error(ERR_USER_WRONG_CURRENT_PASS); + } +} + + +/* + * Get a fullname when you have a userid. + * return values: gives the fullname from a userid. + */ +function get_fullname_from_userid($id) +{ + global $db; + if (is_numeric($id)) + { + $result = $db->query("SELECT fullname FROM users WHERE id=$id"); + $r = $result->fetchRow(); + return $r["fullname"]; + } + else + { + error(ERR_INV_ARG); + } +} + + +/* + * Get a fullname when you have a userid. + * return values: gives the fullname from a userid. + */ +function get_owner_from_id($id) +{ + global $db; + if (is_numeric($id)) + { + $result = $db->query("SELECT fullname FROM users WHERE id=$id"); + if ($result->numRows() == 1) + { + $r = $result->fetchRow(); + return $r["fullname"]; + } + else + { + error(ERR_USER_NOT_EXIST); + } + } + error(ERR_INV_ARG); +} +?>