A tumblelog CMS built on AJAX, PHP and MySQL.

user.class.php 5.5KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161
  1. <?php
  2. if (!defined('entry') || !entry) {
  3. die('Not a valid page');
  4. }
  5. /* ===========================
  6. Sorbet CMS - A PHP based tumblelog CMS forked from Gelato CMS
  7. Sorbet CMS is a free software licensed under the GPL 3.0
  8. =========================== */
  9. ?>
  10. <?php
  11. class user
  12. {
  13. public $conf;
  14. public $db;
  15. public $cookieString;
  16. public $cookieTime;
  17. public $persist = false;
  18. public function __construct()
  19. {
  20. global $db;
  21. global $conf;
  22. $this->db = $db;
  23. $this->conf = $conf;
  24. $this->cookie_life = 60*24*3600;
  25. $this->cookieTime = time();
  26. }
  27. public function isAdmin()
  28. {
  29. if ((!empty($_SESSION["user_id"]) && !empty($_SESSION["user_login"])) && (isset($_SESSION['authenticated']) && $_SESSION['authenticated']==true)) {
  30. return true;
  31. }
  32. if (isset($_COOKIE["PHPSESSID"]) && $_COOKIE["PHPSESSID"]!="") {
  33. if ((!empty($_SESSION["user_id"]) && !empty($_SESSION["user_login"])) && (isset($_SESSION['authenticated']) && $_SESSION['authenticated']==true)) {
  34. return true;
  35. }
  36. }
  37. return false;
  38. }
  39. public function validateUser($username="", $password="")
  40. {
  41. if ($this->db->ejecutarConsulta("SELECT id_user, login, password FROM ".$this->conf->tablePrefix."users WHERE login=".$this->db->sql_escape($username)." AND password='".$password."'")) {
  42. if ($this->db->contarRegistros()>0) {
  43. $register = $this->db->obtenerRegistro();
  44. $_SESSION['user_id']=$register["id_user"];
  45. $_SESSION['user_login']=$register["login"];
  46. $_SESSION['authenticated'] = true;
  47. if (isset($_POST["save_pass"])) {
  48. $this->persist = true;
  49. setcookie("PHPSESSID", session_id(), $this->cookieTime+$this->cookie_life);
  50. }
  51. return true;
  52. } else {
  53. return false;
  54. }
  55. } else {
  56. return false;
  57. }
  58. }
  59. public function closeSession()
  60. {
  61. if (!$this->persist) {
  62. session_destroy();
  63. }
  64. return true;
  65. }
  66. public function userExist($user="")
  67. {
  68. if ($this->db->ejecutarConsulta("SELECT * FROM ".$this->conf->tablePrefix."users WHERE login='".$user."'")) {
  69. if ($this->db->contarRegistros()>0) {
  70. return true;
  71. } else {
  72. return false;
  73. }
  74. }
  75. }
  76. public function isAuthenticated()
  77. {
  78. return $this->isAdmin();
  79. }
  80. public function addUser($fieldsArray)
  81. {
  82. if ($this->db->ejecutarConsulta("SELECT id_user FROM ".$this->conf->tablePrefix."users WHERE login='".$fieldsArray['login']."'")) {
  83. if ($this->db->contarRegistros()==0) {
  84. $realPassword = ($fieldsArray["password"]);
  85. $fieldsArray["password"] = md5($fieldsArray["password"]);
  86. if ($this->db->insertarDeFormulario($this->conf->tablePrefix."users", $fieldsArray)) {
  87. $this->confirmationEmail($fieldsArray['email'], $fieldsArray['login'], $realPassword);
  88. header("Location: ".$this->conf->urlSorbet."/admin/admin.php?added=true");
  89. die();
  90. } else {
  91. header("Location: ".$this->conf->urlSorbet."/admin/admin.php?error=2&des=".$this->merror);
  92. die();
  93. }
  94. } else {
  95. header("Location: ".$this->conf->urlSorbet."/admin/admin.php?error=1");
  96. die();
  97. }
  98. }
  99. }
  100. public function modifyUser($fieldsArray, $id_user)
  101. {
  102. $fieldsArray["password"] = md5($fieldsArray["password"]);
  103. if ($this->db->modificarDeFormulario($this->conf->tablePrefix."users", $fieldsArray, "id_user=$id_user")) {
  104. header("Location: ".$this->conf->urlSorbet."/admin/admin.php?modified=true");
  105. die();
  106. } else {
  107. header("Location: ".$this->conf->urlSorbet."/admin/admin.php?error=2&des=".$this->merror);
  108. die();
  109. }
  110. }
  111. public function deleteUser($idUser)
  112. {
  113. $this->db->ejecutarConsulta("DELETE FROM ".$this->conf->tablePrefix."users WHERE id_user=".$idUser);
  114. }
  115. public function getUsers($show="10", $from="0")
  116. {
  117. $sqlStr = "select * from ".$this->conf->tablePrefix."users ORDER BY id_user DESC LIMIT $from,$show";
  118. $this->db->ejecutarConsulta($sqlStr);
  119. return $this->db->mid_consulta;
  120. }
  121. public function getUserByID($idUser)
  122. {
  123. if ($this->db->ejecutarConsulta("select * from ".$this->conf->tablePrefix."users where id_user=".$idUser)) {
  124. if ($this->db->contarRegistros()>0) {
  125. return $registro=$this->db->obtenerRegistro();
  126. } else {
  127. return false;
  128. }
  129. }
  130. }
  131. public function confirmationEmail($email="", $user="", $password="")
  132. {
  133. $msg = "<font face=verdana><em><font size=2>Account information on <strong>Sorbet CMS</strong></font></em><br/><br/>";
  134. $msg .= "Visit the <a href=\"".$this->conf->urlSorbet."/admin/\">tumblelog panel</a> <br/><br/>";
  135. $msg .= "<font size=1>Username: <strong>".$user."</strong><br/><br/>";
  136. $msg .= "Password: <strong>".$password."</strong><br/><br/>";
  137. $msg .= "<em>Don't tell your password to anybody!!</em><br/><br/></font>";
  138. sendMail($email, "Register confirmation on Sorbet CMS", $msg, "no-reply@sorbetcms.net");
  139. }
  140. }
  141. ?>