<?php
if (!defined('entry') || !entry) {
    die('Not a valid page');
}
/* ===========================

  gelato CMS - A PHP based tumblelog CMS
  development version
  http://www.gelatocms.com/

  gelato CMS is a free software licensed under the GPL 2.0
  Copyright (C) 2007 by Pedro Santana <pecesama at gmail dot com>

  =========================== */
?>
<?php
class user
{
    public $conf;
    public $db;
    public $cookieString;
    public $cookieTime;
    public $persist = false;

    public function __construct()
    {
        global $db;
        global $conf;

        $this->db = $db;
        $this->conf = $conf;
        $this->cookie_life = 60*24*3600;
        $this->cookieTime = time();
    }

    public function isAdmin()
    {
        if ((!empty($_SESSION["user_id"]) && !empty($_SESSION["user_login"]))  && (isset($_SESSION['authenticated'])  && $_SESSION['authenticated']==true)) {
            return true;
        }

        if (isset($_COOKIE["PHPSESSID"]) && $_COOKIE["PHPSESSID"]!="") {
            if ((!empty($_SESSION["user_id"]) && !empty($_SESSION["user_login"]))  && (isset($_SESSION['authenticated'])  && $_SESSION['authenticated']==true)) {
                return true;
            }
        }

        return false;
    }

    public function validateUser($username="", $password="")
    {
        if ($this->db->ejecutarConsulta("SELECT id_user, login, password FROM ".$this->conf->tablePrefix."users WHERE login=".$this->db->sql_escape($username)." AND password='".$password."'")) {
            if ($this->db->contarRegistros()>0) {
                $register = $this->db->obtenerRegistro();
                $_SESSION['user_id']=$register["id_user"];
                $_SESSION['user_login']=$register["login"];
                $_SESSION['authenticated'] = true;
                if (isset($_POST["save_pass"])) {
                    $this->persist = true;
                    setcookie("PHPSESSID", session_id(), $this->cookieTime+$this->cookie_life);
                }
                return true;
            } else {
                return false;
            }
        } else {
            return false;
        }
    }

    public function closeSession()
    {
        if (!$this->persist) {
            session_destroy();
        }
        return true;
    }

    public function userExist($user="")
    {
        if ($this->db->ejecutarConsulta("SELECT * FROM ".$this->conf->tablePrefix."users WHERE login='".$user."'")) {
            if ($this->db->contarRegistros()>0) {
                return true;
            } else {
                return false;
            }
        }
    }

    public function isAuthenticated()
    {
        return $this->isAdmin();
    }

    public function addUser($fieldsArray)
    {
        if ($this->db->ejecutarConsulta("SELECT id_user FROM ".$this->conf->tablePrefix."users WHERE login='".$fieldsArray['login']."'")) {
            if ($this->db->contarRegistros()==0) {
                $realPassword = ($fieldsArray["password"]);
                $fieldsArray["password"] = md5($fieldsArray["password"]);
                if ($this->db->insertarDeFormulario($this->conf->tablePrefix."users", $fieldsArray)) {
                    $this->confirmationEmail($fieldsArray['email'], $fieldsArray['login'], $realPassword);
                    header("Location: ".$this->conf->urlGelato."/admin/admin.php?added=true");
                    die();
                } else {
                    header("Location: ".$this->conf->urlGelato."/admin/admin.php?error=2&des=".$this->merror);
                    die();
                }
            } else {
                header("Location: ".$this->conf->urlGelato."/admin/admin.php?error=1");
                die();
            }
        }
    }

    public function modifyUser($fieldsArray, $id_user)
    {
        $fieldsArray["password"] = md5($fieldsArray["password"]);
        if ($this->db->modificarDeFormulario($this->conf->tablePrefix."users", $fieldsArray, "id_user=$id_user")) {
            header("Location: ".$this->conf->urlGelato."/admin/admin.php?modified=true");
            die();
        } else {
            header("Location: ".$this->conf->urlGelato."/admin/admin.php?error=2&des=".$this->merror);
            die();
        }
    }

    public function deleteUser($idUser)
    {
        $this->db->ejecutarConsulta("DELETE FROM ".$this->conf->tablePrefix."users WHERE id_user=".$idUser);
    }

    public function getUsers($show="10", $from="0")
    {
        $sqlStr = "select * from ".$this->conf->tablePrefix."users ORDER BY id_user DESC LIMIT $from,$show";
        $this->db->ejecutarConsulta($sqlStr);
        return $this->db->mid_consulta;
    }

    public function getUserByID($idUser)
    {
        if ($this->db->ejecutarConsulta("select * from ".$this->conf->tablePrefix."users where id_user=".$idUser)) {
            if ($this->db->contarRegistros()>0) {
                return $registro=$this->db->obtenerRegistro();
            } else {
                return false;
            }
        }
    }

    public function confirmationEmail($email="", $user="", $password="")
    {
        $msg =  "<font face=verdana><em><font size=2>Account information on <strong>gelato CMS</strong></font></em><br/><br/>";
        $msg .=    "Visit the <a href=\"".$this->conf->urlGelato."/admin/\">tumblelog panel</a> <br/><br/>";
        $msg .=    "<font size=1>Username: <strong>".$user."</strong><br/><br/>";
        $msg .=    "Password: <strong>".$password."</strong><br/><br/>";
        $msg .=    "<em>Don't tell your password to anybody!!</em><br/><br/></font>";

        sendMail($email, "Register confirmation on gelato CMS", $msg, "no-reply@gelatocms.com");
    }
}
?>