2 /************************************************************************/
4 /************************************************************************/
5 /* Copyright (c) 2010 */
6 /* Inclusive Design Institute */
8 /* This program is free software. You can redistribute it and/or */
9 /* modify it under the terms of the GNU General Public License */
10 /* as published by the Free Software Foundation. */
11 /************************************************************************/
14 * DAO for "users" table
20 if (!defined('TR_INCLUDE_PATH')) exit;
22 require_once(TR_INCLUDE_PATH. 'classes/DAO/DAO.class.php');
23 require_once(TR_INCLUDE_PATH. 'classes/Utility.class.php');
25 class UsersDAO extends DAO {
28 * Validate if the given login/pwd is valid
30 * @param login: login id or email
32 * @return user id, if login/pwd is valid
33 * false, if login/pwd is invalid
36 public function Validate($login, $pwd)
38 $sql = "SELECT user_id FROM ".TABLE_PREFIX."users
39 WHERE (login='".$login."' OR email='".$login."')
40 AND SHA1(CONCAT(password, '".$_SESSION[token]."'))='".$pwd."'";
42 $rows = $this->execute($sql);
45 return $rows[0]['user_id'];
56 * @param user_group_id: user group ID (1 [admin] or 2 [user])
60 * first_name: first name
61 * last_name: last name
62 * @return user id, if successful
63 * false and add error into global var $msg, if unsuccessful
66 public function Create($user_group_id, $login, $pwd, $email, $first_name, $last_name,
67 $is_author, $organization, $phone, $address, $city,
68 $province, $country, $postal_code, $status)
73 $login = $addslashes(strtolower(trim($login)));
74 $email = $addslashes(trim($email));
75 $first_name = $addslashes(str_replace('<', '', trim($first_name)));
76 $last_name = $addslashes(str_replace('<', '', trim($last_name)));
77 $organization = $addslashes(trim($organization));
78 $phone = $addslashes(trim($phone));
79 $address = $addslashes(trim($address));
80 $city = $addslashes(trim($city));
81 $province = $addslashes(trim($province));
82 $country = $addslashes(trim($country));
83 $postal_code = $addslashes(trim($postal_code));
85 if ($this->isFieldsValid('new', $user_group_id, $login, $email,$first_name, $last_name,
86 $is_author, $organization, $phone, $address, $city,
87 $province, $country, $postal_code))
91 if (defined('TR_EMAIL_CONFIRMATION') && TR_EMAIL_CONFIRMATION)
93 $status = TR_STATUS_UNCONFIRMED;
96 $status = TR_STATUS_ENABLED;
100 /* insert into the db */
101 $sql = "INSERT INTO ".TABLE_PREFIX."users
120 VALUES ('".$login."',
134 '".Utility::getRandomStr(32)."',
138 if (!$this->execute($sql))
140 $msg->addError('DB_NOT_UPDATED');
145 return mysql_insert_id();
155 * Update an existing user record
157 * @param userID: user ID (1 [admin] or 2 [user])
161 * first_name: first name
162 * last_name: last name
164 * @return user id, if successful
165 * false and add error into global var $msg, if unsuccessful
166 * @author Cindy Qi Li
168 public function Update($userID, $user_group_id, $login, $email, $first_name, $last_name,
169 $is_author, $organization, $phone, $address, $city,
170 $province, $country, $postal_code, $status)
175 $login = $addslashes(strtolower(trim($login)));
176 $email = $addslashes(trim($email));
177 $first_name = $addslashes(str_replace('<', '', trim($first_name)));
178 $last_name = $addslashes(str_replace('<', '', trim($last_name)));
179 $organization = $addslashes(trim($organization));
180 $phone = $addslashes(trim($phone));
181 $address = $addslashes(trim($address));
182 $city = $addslashes(trim($city));
183 $province = $addslashes(trim($province));
184 $country = $addslashes(trim($country));
185 $postal_code = $addslashes(trim($postal_code));
187 if ($this->isFieldsValid('update', $user_group_id,$login, $email,$first_name, $last_name,
188 $is_author, $organization, $phone, $address, $city,
189 $province, $country, $postal_code))
191 /* insert into the db */
192 $sql = "UPDATE ".TABLE_PREFIX."users
193 SET login = '".$login."',
194 user_group_id = '".$user_group_id."',
195 first_name = '".$first_name."',
196 last_name = '".$last_name."',
197 email = '".$email."',
198 is_author = ".$is_author.",
199 organization = '".$organization."',
200 phone = '".$phone."',
201 address = '".$address."',
203 province = '".$province."',
204 country = '".$country."',
205 postal_code = '".$postal_code."',
206 status = '".$status."'
207 WHERE user_id = ".$userID;
209 return $this->execute($sql);
214 * Update an existing user record
216 * @param userID: user ID
217 * fieldName: the name of the table field to update
218 * fieldValue: the value to update
219 * @return true if successful
220 * error message array if failed; false if update db failed
221 * @author Cindy Qi Li
223 public function UpdateField($userID, $fieldName, $fieldValue)
227 // check if the required fields are filled
228 if ($fieldValue == '') return array(_AT('TR_ERROR_EMPTY_FIELD'));
230 if ($fieldName == 'login')
232 if (!$this->isLoginValid($fieldValue))
234 return array(_AT('TR_ERROR_LOGIN_CHARS'));
236 else if ($this->isLoginExists($fieldValue))
238 return array(_AT('TR_ERROR_LOGIN_EXISTS'));
242 if ($fieldName == 'email')
244 if (!$this->isEmailValid($fieldValue))
246 return array(_AT('TR_ERROR_EMAIL_INVALID'));
248 else if ($this->isEmailExists($fieldValue))
250 return array(_AT('TR_ERROR_EMAIL_EXISTS'));
254 $sql = "UPDATE ".TABLE_PREFIX."users
255 SET ".$fieldName."='".$addslashes($fieldValue)."'
256 WHERE user_id = ".$userID;
258 return $this->execute($sql);
265 * @return true, if successful
266 * false and add error into global var $msg, if unsuccessful
267 * @author Cindy Qi Li
269 public function Delete($userID)
271 $sql = "DELETE FROM ".TABLE_PREFIX."users
272 WHERE user_id = ".$userID;
274 return $this->execute($sql);
278 * Return all users' information
282 * @author Cindy Qi Li
284 public function getAll()
286 $sql = 'SELECT * FROM '.TABLE_PREFIX.'users ORDER BY user_id';
287 return $this->execute($sql);
291 * Return user information by given user id
295 * @author Cindy Qi Li
297 public function getUserByID($userID)
299 $sql = 'SELECT * FROM '.TABLE_PREFIX.'users WHERE user_id='.$userID;
300 if ($rows = $this->execute($sql))
308 * Return user information by given web service ID
310 * @param web service ID
312 * @author Cindy Qi Li
314 public function getUserByWebServiceID($webServiceID)
316 $sql = "SELECT * FROM ".TABLE_PREFIX."users WHERE web_service_id='".$webServiceID."'";
317 if ($rows = $this->execute($sql))
325 * Return user information by given email
328 * @return user row : if successful
329 * false : if unsuccessful
330 * @author Cindy Qi Li
332 public function getUserByEmail($email)
334 $sql = "SELECT * FROM ".TABLE_PREFIX."users WHERE email='".$email."'";
336 $rows = $this->execute($sql);
346 * Return user information by given first, last name
348 * @param $firstName : first name
349 * $lastName : last name
350 * @return user row : if successful
351 * false if unsuccessful
352 * @author Cindy Qi Li
354 public function getUserByName($firstName, $lastName)
356 $sql = "SELECT user_id FROM ".TABLE_PREFIX."users
357 WHERE first_name='".$firstName."'
358 AND last_name='".$lastName."'";
360 $rows = $this->execute($sql);
370 * Based on this->userID, return (first name, last name), if first name, last name not exists, return login name
373 * @return first name, last name. if not exists, return login name
374 * @author Cindy Qi Li
376 public function getUserName($userID)
378 $row = $this->getUserByID($userID);
380 if (!$row) return false;
382 if ($row['first_name'] <> '' && $row['last_name'] <> '')
384 return $row['first_name']. ' '.$row['last_name'];
386 else if ($row['first_name'] <> '')
388 return $row['first_name'];
390 else if ($row['last_name'] <> '')
392 return $row['last_name'];
396 return $row['login'];
401 * Return given user's status
404 * @return user's status
405 * @author Cindy Qi Li
407 public function getStatus($userID)
409 $sql = "SELECT status FROM ".TABLE_PREFIX."users WHERE user_id='".$userID."'";
410 $rows = $this->execute($sql);
413 return $rows[0]['status'];
423 * @return true if status is set successfully
424 * false if unsuccessful
425 * @author Cindy Qi Li
427 public function setStatus($userID, $status)
429 $sql = "Update ".TABLE_PREFIX."users SET status='".$status."' WHERE user_id='".$userID."'";
430 return $this->execute($sql);
434 * Update user's last login time to now()
437 * @return true if update successfully
438 * false if update unsuccessful
439 * @author Cindy Qi Li
441 public function setLastLogin($userID)
443 $sql = "Update ".TABLE_PREFIX."users SET last_login=now() WHERE user_id='".$userID."'";
444 return $this->execute($sql);
448 * Update user's first, last name
450 * @param $userID : user ID
451 * $firstName : first name
452 * $lastName : last name
453 * @return true if update successfully
454 * false if update unsuccessful
455 * @author Cindy Qi Li
457 public function setName($userID, $firstName, $lastName)
459 $sql = "Update ".TABLE_PREFIX."users SET first_name='".$firstName."', last_name='".$lastName."' WHERE user_id='".$userID."'";
460 return $this->execute($sql);
464 * Update user's password
466 * @param $userID : user ID
467 * $password : password
468 * @return true if update successfully
469 * false if update unsuccessful
470 * @author Cindy Qi Li
472 public function setPassword($userID, $password)
474 $sql = "Update ".TABLE_PREFIX."users SET password='".$password."' WHERE user_id='".$userID."'";
475 return $this->execute($sql);
479 * Update user's email
481 * @param $userID : user ID
483 * @return true if update successfully
484 * false if update unsuccessful
485 * @author Cindy Qi Li
487 public function setEmail($userID, $email)
489 $sql = "Update ".TABLE_PREFIX."users SET email='".$email."' WHERE user_id='".$userID."'";
490 return $this->execute($sql);
494 * Validates fields preparing for insert and update
496 * @param $validate_type : new/update. When validating for update, don't check if the login, email, name are unique
497 * $user_group_id : user ID
502 * @return true if update successfully
503 * false if update unsuccessful
504 * @author Cindy Qi Li
506 private function isFieldsValid($validate_type, $user_group_id, $login, $email, $first_name, $last_name,
507 $is_author, $organization, $phone, $address, $city,
508 $province, $country, $postal_code)
512 $missing_fields = array();
513 /* login name check */
516 $missing_fields[] = _AT('login_name');
520 /* check for special characters */
521 if (!$this->isLoginValid($login))
523 $msg->addError('LOGIN_CHARS');
525 else if ($validate_type == 'new' && $this->isLoginExists($login))
527 $msg->addError('LOGIN_EXISTS');
531 if ($user_group_id == '' || $user_group_id <= 0)
533 $missing_fields[] = _AT('user_group');
537 $missing_fields[] = _AT('email');
539 else if (!$this->isEmailValid($email))
541 $msg->addError('EMAIL_INVALID');
544 if ($validate_type == 'new' && $this->isEmailExists($email))
546 $msg->addError('EMAIL_EXISTS');
550 $missing_fields[] = _AT('first_name');
554 $missing_fields[] = _AT('last_name');
557 // when user requests to be an author, author information is necessary
558 if ($is_author <> 0 && $is_author <> 1)
560 $msg->addError('INVALID_CHECKBOX_STATUS');
565 if (!$organization) $missing_fields[] = _AT('organization');
566 if (!$phone) $missing_fields[] = _AT('phone');
567 if (!$address) $missing_fields[] = _AT('address');
568 if (!$city) $missing_fields[] = _AT('city');
569 if (!$province) $missing_fields[] = _AT('province');
570 if (!$country) $missing_fields[] = _AT('country');
571 if (!$postal_code) $missing_fields[] = _AT('postal_code');
576 $missing_fields = implode(', ', $missing_fields);
577 $msg->addError(array('EMPTY_FIELDS', $missing_fields));
580 if (!$msg->containsErrors())
587 * Validate if the login name is valid
590 * @return true if valid
592 * @author Cindy Qi Li
594 private function isLoginValid($login)
596 return preg_match("/^[a-zA-Z0-9_.-]([a-zA-Z0-9_.-])*$/i", $login);
600 * Validate if the login name already exists
603 * @return true if login already exists
604 * false if login not exists
605 * @author Cindy Qi Li
607 private function isLoginExists($login)
609 $sql = "SELECT * FROM ".TABLE_PREFIX."users WHERE login='".$login."'";
611 return is_array($this->execute($sql));
615 * Validate if the email is valid
618 * @return true if valid
620 * @author Cindy Qi Li
622 private function isEmailValid($email)
624 return preg_match("/^[a-z0-9\._-]+@+[a-z0-9\._-]+\.+[a-z]{2,6}$/i", $email);
628 * Validate if the email already exists
631 * @return true if email already exists
632 * false if email not exists
633 * @author Cindy Qi Li
635 private function isEmailExists($email)
637 $sql = "SELECT * FROM ".TABLE_PREFIX."users WHERE email='".$email."'";
639 return is_array($this->execute($sql));