A tumblelog CMS built on AJAX, PHP and MySQL.

user.class.php 4.7KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151
  1. <?php
  2. if(!defined('entry') || !entry) die('Not a valid page');
  3. /* ===========================
  4. gelato CMS - A PHP based tumblelog CMS
  5. development version
  6. http://www.gelatocms.com/
  7. gelato CMS is a free software licensed under the GPL 2.0
  8. Copyright (C) 2007 by Pedro Santana <pecesama at gmail dot com>
  9. =========================== */
  10. ?>
  11. <?php
  12. class user {
  13. var $conf;
  14. var $db;
  15. var $cookieString;
  16. var $cookieTime;
  17. var $persist = false;
  18. function user() {
  19. global $db;
  20. global $conf;
  21. $this->db = $db;
  22. $this->conf = $conf;
  23. $this->cookie_life = 60*24*3600;
  24. $this->cookieTime = time();
  25. }
  26. function isAdmin() {
  27. if ((!empty($_SESSION["user_id"]) && !empty($_SESSION["user_login"])) && (isset($_SESSION['authenticated']) && $_SESSION['authenticated']==true)) {
  28. return true;
  29. }
  30. if(isset($_COOKIE["PHPSESSID"]) && $_COOKIE["PHPSESSID"]!="") {
  31. if ((!empty($_SESSION["user_id"]) && !empty($_SESSION["user_login"])) && (isset($_SESSION['authenticated']) && $_SESSION['authenticated']==true)) {
  32. return true;
  33. }
  34. }
  35. return false;
  36. }
  37. function validateUser($username="", $password="") {
  38. if ($this->db->ejecutarConsulta("SELECT id_user, login, password FROM ".$this->conf->tablePrefix."users WHERE login='".$this->db->sql_escape($username)."' AND password='".$password."'")) {
  39. if ($this->db->contarRegistros()>0) {
  40. $register = $this->db->obtenerRegistro();
  41. $_SESSION['user_id']=$register["id_user"];
  42. $_SESSION['user_login']=$register["login"];
  43. $_SESSION['authenticated'] = true;
  44. if (isset($_POST["save_pass"])) {
  45. $this->persist = true;
  46. setcookie("PHPSESSID",session_id(),$this->cookieTime+$this->cookie_life);
  47. }
  48. return true;
  49. } else {
  50. return false;
  51. }
  52. } else {
  53. return false;
  54. }
  55. }
  56. function closeSession() {
  57. if (!$this->persist) session_destroy();
  58. return true;
  59. }
  60. function userExist($user="") {
  61. if ($this->db->ejecutarConsulta("SELECT * FROM ".$this->conf->tablePrefix."users WHERE login='".$user."'")) {
  62. if ($this->db->contarRegistros()>0) {
  63. return true;
  64. } else {
  65. return false;
  66. }
  67. }
  68. }
  69. function isAuthenticated() {
  70. return $this->isAdmin();
  71. }
  72. function addUser($fieldsArray) {
  73. if ($this->db->ejecutarConsulta("SELECT id_user FROM ".$this->conf->tablePrefix."users WHERE login='".$fieldsArray['login']."'")) {
  74. if ($this->db->contarRegistros()==0) {
  75. $realPassword = ($fieldsArray["password"]);
  76. $fieldsArray["password"] = md5($fieldsArray["password"]);
  77. if ($this->db->insertarDeFormulario($this->conf->tablePrefix."users", $fieldsArray)) {
  78. $this->confirmationEmail($fieldsArray['email'], $fieldsArray['login'], $realPassword);
  79. header("Location: ".$this->conf->urlGelato."/admin/admin.php?added=true");
  80. die();
  81. } else {
  82. header("Location: ".$this->conf->urlGelato."/admin/admin.php?error=2&des=".$this->merror);
  83. die();
  84. }
  85. } else {
  86. header("Location: ".$this->conf->urlGelato."/admin/admin.php?error=1");
  87. die();
  88. }
  89. }
  90. }
  91. function modifyUser($fieldsArray, $id_user) {
  92. $fieldsArray["password"] = md5($fieldsArray["password"]);
  93. if ($this->db->modificarDeFormulario($this->conf->tablePrefix."users", $fieldsArray, "id_user=$id_user")) {
  94. header("Location: ".$this->conf->urlGelato."/admin/admin.php?modified=true");
  95. die();
  96. } else {
  97. header("Location: ".$this->conf->urlGelato."/admin/admin.php?error=2&des=".$this->merror);
  98. die();
  99. }
  100. }
  101. function deleteUser($idUser) {
  102. $this->db->ejecutarConsulta("DELETE FROM ".$this->conf->tablePrefix."users WHERE id_user=".$idUser);
  103. }
  104. function getUsers($show="10", $from="0") {
  105. $sqlStr = "select * from ".$this->conf->tablePrefix."users ORDER BY id_user DESC LIMIT $from,$show";
  106. $this->db->ejecutarConsulta($sqlStr);
  107. return $this->db->mid_consulta;
  108. }
  109. function getUserByID($idUser) {
  110. if ($this->db->ejecutarConsulta("select * from ".$this->conf->tablePrefix."users where id_user=".$idUser)) {
  111. if ($this->db->contarRegistros()>0) {
  112. return $registro=$this->db->obtenerRegistro();
  113. } else {
  114. return false;
  115. }
  116. }
  117. }
  118. function confirmationEmail($email="", $user="", $password="") {
  119. $msg = "<font face=verdana><em><font size=2>Account information on <strong>gelato CMS</strong></font></em><br/><br/>";
  120. $msg .= "Visit the <a href=\"".$this->conf->urlGelato."/admin/\">tumblelog panel</a> <br/><br/>";
  121. $msg .= "<font size=1>Username: <strong>".$user."</strong><br/><br/>";
  122. $msg .= "Password: <strong>".$password."</strong><br/><br/>";
  123. $msg .= "<em>Don't tell your password to anybody!!</em><br/><br/></font>";
  124. sendMail($email, "Register confirmation on gelato CMS", $msg, "no-reply@gelatocms.com");
  125. }
  126. }
  127. ?>