A tumblelog CMS built on AJAX, PHP and MySQL.

user.class.php 5.6KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164
  1. <?php
  2. if (!defined('entry') || !entry) {
  3. die('Not a valid page');
  4. }
  5. /* ===========================
  6. gelato CMS - A PHP based tumblelog CMS
  7. development version
  8. http://www.gelatocms.com/
  9. gelato CMS is a free software licensed under the GPL 2.0
  10. Copyright (C) 2007 by Pedro Santana <pecesama at gmail dot com>
  11. =========================== */
  12. ?>
  13. <?php
  14. class user
  15. {
  16. public $conf;
  17. public $db;
  18. public $cookieString;
  19. public $cookieTime;
  20. public $persist = false;
  21. public function __construct()
  22. {
  23. global $db;
  24. global $conf;
  25. $this->db = $db;
  26. $this->conf = $conf;
  27. $this->cookie_life = 60*24*3600;
  28. $this->cookieTime = time();
  29. }
  30. public function isAdmin()
  31. {
  32. if ((!empty($_SESSION["user_id"]) && !empty($_SESSION["user_login"])) && (isset($_SESSION['authenticated']) && $_SESSION['authenticated']==true)) {
  33. return true;
  34. }
  35. if (isset($_COOKIE["PHPSESSID"]) && $_COOKIE["PHPSESSID"]!="") {
  36. if ((!empty($_SESSION["user_id"]) && !empty($_SESSION["user_login"])) && (isset($_SESSION['authenticated']) && $_SESSION['authenticated']==true)) {
  37. return true;
  38. }
  39. }
  40. return false;
  41. }
  42. public function validateUser($username="", $password="")
  43. {
  44. if ($this->db->ejecutarConsulta("SELECT id_user, login, password FROM ".$this->conf->tablePrefix."users WHERE login=".$this->db->sql_escape($username)." AND password='".$password."'")) {
  45. if ($this->db->contarRegistros()>0) {
  46. $register = $this->db->obtenerRegistro();
  47. $_SESSION['user_id']=$register["id_user"];
  48. $_SESSION['user_login']=$register["login"];
  49. $_SESSION['authenticated'] = true;
  50. if (isset($_POST["save_pass"])) {
  51. $this->persist = true;
  52. setcookie("PHPSESSID", session_id(), $this->cookieTime+$this->cookie_life);
  53. }
  54. return true;
  55. } else {
  56. return false;
  57. }
  58. } else {
  59. return false;
  60. }
  61. }
  62. public function closeSession()
  63. {
  64. if (!$this->persist) {
  65. session_destroy();
  66. }
  67. return true;
  68. }
  69. public function userExist($user="")
  70. {
  71. if ($this->db->ejecutarConsulta("SELECT * FROM ".$this->conf->tablePrefix."users WHERE login='".$user."'")) {
  72. if ($this->db->contarRegistros()>0) {
  73. return true;
  74. } else {
  75. return false;
  76. }
  77. }
  78. }
  79. public function isAuthenticated()
  80. {
  81. return $this->isAdmin();
  82. }
  83. public function addUser($fieldsArray)
  84. {
  85. if ($this->db->ejecutarConsulta("SELECT id_user FROM ".$this->conf->tablePrefix."users WHERE login='".$fieldsArray['login']."'")) {
  86. if ($this->db->contarRegistros()==0) {
  87. $realPassword = ($fieldsArray["password"]);
  88. $fieldsArray["password"] = md5($fieldsArray["password"]);
  89. if ($this->db->insertarDeFormulario($this->conf->tablePrefix."users", $fieldsArray)) {
  90. $this->confirmationEmail($fieldsArray['email'], $fieldsArray['login'], $realPassword);
  91. header("Location: ".$this->conf->urlGelato."/admin/admin.php?added=true");
  92. die();
  93. } else {
  94. header("Location: ".$this->conf->urlGelato."/admin/admin.php?error=2&des=".$this->merror);
  95. die();
  96. }
  97. } else {
  98. header("Location: ".$this->conf->urlGelato."/admin/admin.php?error=1");
  99. die();
  100. }
  101. }
  102. }
  103. public function modifyUser($fieldsArray, $id_user)
  104. {
  105. $fieldsArray["password"] = md5($fieldsArray["password"]);
  106. if ($this->db->modificarDeFormulario($this->conf->tablePrefix."users", $fieldsArray, "id_user=$id_user")) {
  107. header("Location: ".$this->conf->urlGelato."/admin/admin.php?modified=true");
  108. die();
  109. } else {
  110. header("Location: ".$this->conf->urlGelato."/admin/admin.php?error=2&des=".$this->merror);
  111. die();
  112. }
  113. }
  114. public function deleteUser($idUser)
  115. {
  116. $this->db->ejecutarConsulta("DELETE FROM ".$this->conf->tablePrefix."users WHERE id_user=".$idUser);
  117. }
  118. public function getUsers($show="10", $from="0")
  119. {
  120. $sqlStr = "select * from ".$this->conf->tablePrefix."users ORDER BY id_user DESC LIMIT $from,$show";
  121. $this->db->ejecutarConsulta($sqlStr);
  122. return $this->db->mid_consulta;
  123. }
  124. public function getUserByID($idUser)
  125. {
  126. if ($this->db->ejecutarConsulta("select * from ".$this->conf->tablePrefix."users where id_user=".$idUser)) {
  127. if ($this->db->contarRegistros()>0) {
  128. return $registro=$this->db->obtenerRegistro();
  129. } else {
  130. return false;
  131. }
  132. }
  133. }
  134. public function confirmationEmail($email="", $user="", $password="")
  135. {
  136. $msg = "<font face=verdana><em><font size=2>Account information on <strong>gelato CMS</strong></font></em><br/><br/>";
  137. $msg .= "Visit the <a href=\"".$this->conf->urlGelato."/admin/\">tumblelog panel</a> <br/><br/>";
  138. $msg .= "<font size=1>Username: <strong>".$user."</strong><br/><br/>";
  139. $msg .= "Password: <strong>".$password."</strong><br/><br/>";
  140. $msg .= "<em>Don't tell your password to anybody!!</em><br/><br/></font>";
  141. sendMail($email, "Register confirmation on gelato CMS", $msg, "no-reply@gelatocms.com");
  142. }
  143. }
  144. ?>