1 | <?php |
---|
2 | |
---|
3 | class data_users extends data |
---|
4 | { |
---|
5 | |
---|
6 | # ---------------------------------------------------------------------------------------- |
---|
7 | # users |
---|
8 | # |
---|
9 | |
---|
10 | function users($start = 0, $is_artiste = null, $alpha = null) |
---|
11 | { $users = array("list" => array(), "total" => 0); |
---|
12 | try |
---|
13 | { $SELECT = |
---|
14 | "SELECT #--pun_users.id" |
---|
15 | .", #--pun_users.username" |
---|
16 | .", #--artistes.id as id_artiste"; |
---|
17 | $FROM = |
---|
18 | " FROM #--pun_users" |
---|
19 | ." LEFT JOIN #--artistes" |
---|
20 | ." ON #--pun_users.id=#--artistes.pun_user"; |
---|
21 | $WHERE = " WHERE #--pun_users.id!=1"; |
---|
22 | $WHERE .= (isset($alpha) ? ($WHERE ? " AND" : " WHERE")." LEFT(username, 1)=".$this->eq($alpha) : ""); |
---|
23 | $WHERE .= (isset($is_artiste) ? ($WHERE ? " AND" : " WHERE")." #--artistes.id IS".($is_artiste ? " NOT" : "")." NULL" : ""); |
---|
24 | $GROUP_BY = " GROUP BY #--pun_users.id"; |
---|
25 | $LIMIT = ($this->env->config("max_list") ? " LIMIT ".$this->env->config("max_list")." OFFSET ".$start : ""); |
---|
26 | $sql = "SELECT count(*) as n FROM(".$SELECT.$FROM.$WHERE.$GROUP_BY.") res"; |
---|
27 | $rst = $this->sql->query($sql); |
---|
28 | if($v_rst = $this->sql->fetch_assoc($rst)) $users["total"] = $v_rst["n"]; |
---|
29 | $this->sql->free_result($rst); |
---|
30 | if($users["total"] > 0) |
---|
31 | { $sql = "SELECT * FROM(".$SELECT.$FROM.$WHERE.$GROUP_BY.$LIMIT.") res"; |
---|
32 | $rst = $this->sql->query($sql); |
---|
33 | while($v_rst = $this->sql->fetch_assoc($rst)) $users["list"][$v_rst["id"]] = $v_rst; |
---|
34 | $this->sql->free_result($rst); |
---|
35 | } |
---|
36 | } |
---|
37 | catch(Exception $_e) { $users = false; } |
---|
38 | return $users; |
---|
39 | } |
---|
40 | |
---|
41 | function user($id) |
---|
42 | { $user = array(); |
---|
43 | try |
---|
44 | { $sql = "SELECT * from #--pun_users WHERE id=".$id; |
---|
45 | $rst = $this->sql->query($sql); |
---|
46 | if($v_rst = $this->sql->fetch_assoc($rst)) $user = $v_rst; |
---|
47 | $this->sql->free_result($rst); |
---|
48 | } |
---|
49 | catch(Exception $_e) { $user = false; } |
---|
50 | return $user; |
---|
51 | } |
---|
52 | |
---|
53 | # ---------------------------------------------------------------------------------------- |
---|
54 | # admin |
---|
55 | # |
---|
56 | |
---|
57 | function is_admin($user_id) |
---|
58 | { $OK = false; |
---|
59 | try |
---|
60 | { $sql = "SELECT group_id FROM #--pun_users WHERE id=".$user_id; |
---|
61 | $rst = $this->sql->query($sql); |
---|
62 | if($v_rst = $this->sql->fetch_assoc($rst)) $OK = $v_rst["group_id"] == 1; |
---|
63 | $this->sql->free_result($rst); |
---|
64 | } |
---|
65 | catch(Exception $_e) { $OK = false; } |
---|
66 | return $OK; |
---|
67 | } |
---|
68 | |
---|
69 | function is_super_admin($user_id) |
---|
70 | { $is_super_admin = false; |
---|
71 | try |
---|
72 | { $sql = "SELECT * FROM #--super_admins WHERE id_pun_user=".$user_id; |
---|
73 | $rst = $this->sql->query($sql); |
---|
74 | if($v_rst = $this->sql->fetch_assoc($rst)) $is_super_admin = true; |
---|
75 | $this->sql->free_result($rst); |
---|
76 | } |
---|
77 | catch(Exception $_e) { $is_super_admin = false; } |
---|
78 | return $is_super_admin; |
---|
79 | } |
---|
80 | |
---|
81 | function is_artiste_admin($id_artise, $pun_user) |
---|
82 | { $is_artiste_admin = false; |
---|
83 | try |
---|
84 | { $sql = "SELECT count(*) as n FROM #--artistes_admins WHERE id_artiste=".$id_artise." AND pun_user=".$pun_user; |
---|
85 | $rst = $this->sql->query($sql); |
---|
86 | if($v_rst = $this->sql->fetch_assoc($rst)) $is_artiste_admin = $v_rst["n"] > 0; |
---|
87 | $this->sql->free_result($rst); |
---|
88 | } |
---|
89 | catch(Exception $_e) { $is_artiste_admin = false; } |
---|
90 | return $is_artiste_admin; |
---|
91 | } |
---|
92 | |
---|
93 | # ---------------------------------------------------------------------------------------- |
---|
94 | # log in / out |
---|
95 | # |
---|
96 | |
---|
97 | function pun_login_ok($form_username, $form_password, $db) |
---|
98 | { $username_sql = ($db_type == 'mysql' || $db_type == 'mysqli') ? |
---|
99 | 'username=\''.$db->escape($form_username).'\'' |
---|
100 | :'LOWER(username)=LOWER(\''.$db->escape($form_username).'\')'; |
---|
101 | $result = $db->query |
---|
102 | ( 'SELECT id, group_id, password, save_pass' |
---|
103 | .' FROM '.$db->prefix.'users' |
---|
104 | .' WHERE '.$username_sql |
---|
105 | ) or error('Impossible de retrouver les informations utilisateur', __FILE__, __LINE__, $db->error()); |
---|
106 | list($user_id, $group_id, $db_password_hash, $save_pass) = $db->fetch_row($result); |
---|
107 | $authorized = false; |
---|
108 | if(!empty($db_password_hash)) |
---|
109 | { $sha1_in_db = (strlen($db_password_hash) == 40) ? true : false; |
---|
110 | $sha1_available = (function_exists('sha1') || function_exists('mhash')) ? true : false; |
---|
111 | $form_password_hash = pun_hash($form_password); // This could result in either an SHA-1 or an MD5 hash (depends on $sha1_available) |
---|
112 | if($sha1_in_db && $sha1_available && $db_password_hash == $form_password_hash) $authorized = true; |
---|
113 | else if(!$sha1_in_db && $db_password_hash == md5($form_password)) |
---|
114 | { $authorized = true; |
---|
115 | if($sha1_available) // There's an MD5 hash in the database, but SHA1 hashing is available, so we update the DB |
---|
116 | $db->query |
---|
117 | ( 'UPDATE '.$db->prefix.'users' |
---|
118 | .' SET password=\''.$form_password_hash.'\'' |
---|
119 | .' WHERE id='.$user_id |
---|
120 | ) or error('Impossible de modifier le mot de passe', __FILE__, __LINE__, $db->error()); |
---|
121 | } |
---|
122 | } |
---|
123 | // Update the status if this is the first time the user logged in |
---|
124 | if($group_id == PUN_UNVERIFIED) $db->query |
---|
125 | ( 'UPDATE '.$db->prefix.'users' |
---|
126 | .' SET group_id='.$pun_config['o_default_user_group'] |
---|
127 | .' WHERE id='.$user_id |
---|
128 | ) or error('Uimpossible de modifier le statut utilisateur', __FILE__, __LINE__, $db->error()); |
---|
129 | // Remove this users guest entry from the online list |
---|
130 | $db->query |
---|
131 | ( 'DELETE FROM '.$db->prefix.'online' |
---|
132 | .' WHERE ident=\''.$db->escape(get_remote_address()).'\'' |
---|
133 | ) or error('Impossible de supprimer de la liste des utilisateur en ligne', __FILE__, __LINE__, $db->error()); |
---|
134 | $expire = ($save_pass == '1') ? time() + 31536000 : 0; |
---|
135 | pun_setcookie($user_id, $form_password_hash, $expire); |
---|
136 | return $authorized; |
---|
137 | } |
---|
138 | |
---|
139 | function pun_logout($pun_user, $db) |
---|
140 | { if($pun_user["is_guest"] || !isset($_GET["id"]) || $_GET["id"] != $pun_user["id"]) return false; |
---|
141 | // Remove user from "users online" list. |
---|
142 | $db->query |
---|
143 | ( 'DELETE FROM '.$db->prefix.'online' |
---|
144 | .' WHERE user_id='.$pun_user['id'] |
---|
145 | ) or error('Impossible de supprimer de la liste des utilisateur en ligne', __FILE__, __LINE__, $db->error()); |
---|
146 | // Update last_visit (make sure there's something to update it with) |
---|
147 | if(isset($pun_user['logged'])) $db->query |
---|
148 | ( 'UPDATE '.$db->prefix.'users' |
---|
149 | .' SET last_visit='.$pun_user['logged'] |
---|
150 | .' WHERE id='.$pun_user['id'] |
---|
151 | ) or error('Impossible de modifier les données de visite de l\'utilisateur', __FILE__, __LINE__, $db->error()); |
---|
152 | pun_setcookie(1, random_pass(8), time() + 31536000); |
---|
153 | return true; |
---|
154 | } |
---|
155 | |
---|
156 | } |
---|
157 | |
---|
158 | ?> |
---|