2 /************************************************************************/
4 /************************************************************************/
5 /* Copyright (c) 2010 */
6 /* Inclusive Design Institute */
8 /* This program is free software. You can redistribute it and/or */
9 /* modify it under the terms of the GNU General Public License */
10 /* as published by the Free Software Foundation. */
11 /************************************************************************/
14 * DAO for "users" table
20 if (!defined('TR_INCLUDE_PATH')) exit;
22 require_once(TR_INCLUDE_PATH. 'classes/DAO/DAO.class.php');
23 require_once(TR_INCLUDE_PATH. 'classes/Utility.class.php');
25 class UsersDAO extends DAO {
28 * Validate if the given login/pwd is valid
30 * @param login: login id or email
32 * @return user id, if login/pwd is valid
33 * false, if login/pwd is invalid
36 public function Validate($login, $pwd)
38 $sql = "SELECT user_id FROM ".TABLE_PREFIX."users
39 WHERE (login='".$login."' OR email='".$login."')
40 AND SHA1(CONCAT(password, '".$_SESSION[token]."'))='".$pwd."'";
42 $rows = $this->execute($sql);
45 return $rows[0]['user_id'];
56 * @param user_group_id: user group ID (1 [admin] or 2 [user])
60 * first_name: first name
61 * last_name: last name
62 * @return user id, if successful
63 * false and add error into global var $msg, if unsuccessful
66 public function Create($user_group_id, $login, $pwd, $email, $first_name, $last_name,
67 $is_author, $organization, $phone, $address, $city,
68 $province, $country, $postal_code, $status)
73 $login = $addslashes(strtolower(trim($login)));
74 $email = $addslashes(trim($email));
75 $first_name = $addslashes(str_replace('<', '', trim($first_name)));
76 $last_name = $addslashes(str_replace('<', '', trim($last_name)));
77 $organization = $addslashes(trim($organization));
78 $phone = $addslashes(trim($phone));
79 $address = $addslashes(trim($address));
80 $city = $addslashes(trim($city));
81 $province = $addslashes(trim($province));
82 $country = $addslashes(trim($country));
83 $postal_code = $addslashes(trim($postal_code));
85 if ($this->isFieldsValid('new', $user_group_id, $login, $email,$first_name, $last_name,
86 $is_author, $organization, $phone, $address, $city,
87 $province, $country, $postal_code))
91 if (defined('TR_EMAIL_CONFIRMATION') && TR_EMAIL_CONFIRMATION)
93 $status = TR_STATUS_UNCONFIRMED;
96 $status = TR_STATUS_ENABLED;
100 /* insert into the db */
101 $sql = "INSERT INTO ".TABLE_PREFIX."users
120 VALUES ('".$login."',
134 '".Utility::getRandomStr(32)."',
138 if (!$this->execute($sql))
140 $msg->addError('DB_NOT_UPDATED');
145 return mysql_insert_id();
155 * Update an existing user record
157 * @param userID: user ID (1 [admin] or 2 [user])
161 * first_name: first name
162 * last_name: last name
164 * @return user id, if successful
165 * false and add error into global var $msg, if unsuccessful
166 * @author Cindy Qi Li
168 public function Update($userID, $user_group_id, $login, $email, $first_name, $last_name,
169 $is_author, $organization, $phone, $address, $city,
170 $province, $country, $postal_code, $status)
175 $login = $addslashes(strtolower(trim($login)));
176 $email = $addslashes(trim($email));
177 $first_name = $addslashes(str_replace('<', '', trim($first_name)));
178 $last_name = $addslashes(str_replace('<', '', trim($last_name)));
179 $organization = $addslashes(trim($organization));
180 $phone = $addslashes(trim($phone));
181 $address = $addslashes(trim($address));
182 $city = $addslashes(trim($city));
183 $province = $addslashes(trim($province));
184 $country = $addslashes(trim($country));
185 $postal_code = $addslashes(trim($postal_code));
187 if ($this->isFieldsValid('update', $user_group_id,$login, $email,$first_name, $last_name,
188 $is_author, $organization, $phone, $address, $city,
189 $province, $country, $postal_code))
191 /* insert into the db */
192 $sql = "UPDATE ".TABLE_PREFIX."users
193 SET login = '".$login."',
194 user_group_id = '".$user_group_id."',
195 first_name = '".$first_name."',
196 last_name = '".$last_name."',
197 email = '".$email."',
198 is_author = ".$is_author.",
199 organization = '".$organization."',
200 phone = '".$phone."',
201 address = '".$address."',
203 province = '".$province."',
204 country = '".$country."',
205 postal_code = '".$postal_code."',
206 status = '".$status."'
207 WHERE user_id = ".$userID;
209 return $this->execute($sql);
214 * Update an existing user record
216 * @param userID: user ID
217 * fieldName: the name of the table field to update
218 * fieldValue: the value to update
219 * @return true if successful
220 * error message array if failed; false if update db failed
221 * @author Cindy Qi Li
223 public function UpdateField($userID, $fieldName, $fieldValue)
227 // check if the required fields are filled
228 if ($fieldValue == '') return array(_AT('TR_ERROR_EMPTY_FIELD'));
230 if ($fieldName == 'login')
232 if (!$this->isLoginValid($fieldValue))
234 return array(_AT('TR_ERROR_LOGIN_CHARS'));
236 else if ($this->isLoginExists($fieldValue))
238 return array(_AT('TR_ERROR_LOGIN_EXISTS'));
242 if ($fieldName == 'email')
244 if (!$this->isEmailValid($fieldValue))
246 return array(_AT('TR_ERROR_EMAIL_INVALID'));
248 else if ($this->isEmailExists($fieldValue))
250 return array(_AT('TR_ERROR_EMAIL_EXISTS'));
254 $sql = "UPDATE ".TABLE_PREFIX."users
255 SET ".$fieldName."='".$addslashes($fieldValue)."'
256 WHERE user_id = ".$userID;
258 return $this->execute($sql);
265 * @return true, if successful
266 * false and add error into global var $msg, if unsuccessful
267 * @author Cindy Qi Li
269 public function Delete($userID)
271 $sql = "DELETE FROM ".TABLE_PREFIX."users
272 WHERE user_id = ".$userID;
274 return $this->execute($sql);
278 * Return all users' information
282 * @author Cindy Qi Li
284 public function getAll()
286 $sql = 'SELECT * FROM '.TABLE_PREFIX.'users ORDER BY user_id';
287 return $this->execute($sql);
291 * Return user information by given user id
295 * @author Cindy Qi Li
297 public function getUserByID($userID)
299 $userID = intval($userID);
300 $sql = 'SELECT * FROM '.TABLE_PREFIX.'users WHERE user_id='.$userID;
301 if ($rows = $this->execute($sql))
309 * Return user information by given web service ID
311 * @param web service ID
313 * @author Cindy Qi Li
315 public function getUserByWebServiceID($webServiceID)
317 $webServiceID = intval($webServiceID);
318 $sql = "SELECT * FROM ".TABLE_PREFIX."users WHERE web_service_id='".$webServiceID."'";
319 if ($rows = $this->execute($sql))
327 * Return user information by given email
330 * @return user row : if successful
331 * false : if unsuccessful
332 * @author Cindy Qi Li
334 public function getUserByEmail($email)
336 $sql = "SELECT * FROM ".TABLE_PREFIX."users WHERE email='".$email."'";
338 $rows = $this->execute($sql);
348 * Return user information by given first, last name
350 * @param $firstName : first name
351 * $lastName : last name
352 * @return user row : if successful
353 * false if unsuccessful
354 * @author Cindy Qi Li
356 public function getUserByName($firstName, $lastName)
358 $sql = "SELECT user_id FROM ".TABLE_PREFIX."users
359 WHERE first_name='".$firstName."'
360 AND last_name='".$lastName."'";
362 $rows = $this->execute($sql);
372 * Based on this->userID, return (first name, last name), if first name, last name not exists, return login name
375 * @return first name, last name. if not exists, return login name
376 * @author Cindy Qi Li
378 public function getUserName($userID)
380 $row = $this->getUserByID($userID);
382 if (!$row) return false;
384 if ($row['first_name'] <> '' && $row['last_name'] <> '')
386 return $row['first_name']. ' '.$row['last_name'];
388 else if ($row['first_name'] <> '')
390 return $row['first_name'];
392 else if ($row['last_name'] <> '')
394 return $row['last_name'];
398 return $row['login'];
403 * Return given user's status
406 * @return user's status
407 * @author Cindy Qi Li
409 public function getStatus($userID)
411 $sql = "SELECT status FROM ".TABLE_PREFIX."users WHERE user_id='".$userID."'";
412 $rows = $this->execute($sql);
415 return $rows[0]['status'];
425 * @return true if status is set successfully
426 * false if unsuccessful
427 * @author Cindy Qi Li
429 public function setStatus($userID, $status)
431 $sql = "Update ".TABLE_PREFIX."users SET status='".$status."' WHERE user_id='".$userID."'";
432 return $this->execute($sql);
436 * Update user's last login time to now()
439 * @return true if update successfully
440 * false if update unsuccessful
441 * @author Cindy Qi Li
443 public function setLastLogin($userID)
445 $sql = "Update ".TABLE_PREFIX."users SET last_login=now() WHERE user_id='".$userID."'";
446 return $this->execute($sql);
450 * Update user's first, last name
452 * @param $userID : user ID
453 * $firstName : first name
454 * $lastName : last name
455 * @return true if update successfully
456 * false if update unsuccessful
457 * @author Cindy Qi Li
459 public function setName($userID, $firstName, $lastName)
461 $sql = "Update ".TABLE_PREFIX."users SET first_name='".$firstName."', last_name='".$lastName."' WHERE user_id='".$userID."'";
462 return $this->execute($sql);
466 * Update user's password
468 * @param $userID : user ID
469 * $password : password
470 * @return true if update successfully
471 * false if update unsuccessful
472 * @author Cindy Qi Li
474 public function setPassword($userID, $password)
476 $sql = "Update ".TABLE_PREFIX."users SET password='".$password."' WHERE user_id='".$userID."'";
477 return $this->execute($sql);
481 * Update user's email
483 * @param $userID : user ID
485 * @return true if update successfully
486 * false if update unsuccessful
487 * @author Cindy Qi Li
489 public function setEmail($userID, $email)
491 $sql = "Update ".TABLE_PREFIX."users SET email='".$email."' WHERE user_id='".$userID."'";
492 return $this->execute($sql);
496 * Validates fields preparing for insert and update
498 * @param $validate_type : new/update. When validating for update, don't check if the login, email, name are unique
499 * $user_group_id : user ID
504 * @return true if update successfully
505 * false if update unsuccessful
506 * @author Cindy Qi Li
508 private function isFieldsValid($validate_type, $user_group_id, $login, $email, $first_name, $last_name,
509 $is_author, $organization, $phone, $address, $city,
510 $province, $country, $postal_code)
514 $missing_fields = array();
515 /* login name check */
518 $missing_fields[] = _AT('login_name');
522 /* check for special characters */
523 if (!$this->isLoginValid($login))
525 $msg->addError('LOGIN_CHARS');
527 else if ($validate_type == 'new' && $this->isLoginExists($login))
529 $msg->addError('LOGIN_EXISTS');
533 if ($user_group_id == '' || $user_group_id <= 0)
535 $missing_fields[] = _AT('user_group');
539 $missing_fields[] = _AT('email');
541 else if (!$this->isEmailValid($email))
543 $msg->addError('EMAIL_INVALID');
546 if ($validate_type == 'new' && $this->isEmailExists($email))
548 $msg->addError('EMAIL_EXISTS');
552 $missing_fields[] = _AT('first_name');
556 $missing_fields[] = _AT('last_name');
559 // when user requests to be an author, author information is necessary
560 if ($is_author <> 0 && $is_author <> 1)
562 $msg->addError('INVALID_CHECKBOX_STATUS');
567 if (!$organization) $missing_fields[] = _AT('organization');
568 if (!$phone) $missing_fields[] = _AT('phone');
569 if (!$address) $missing_fields[] = _AT('address');
570 if (!$city) $missing_fields[] = _AT('city');
571 if (!$province) $missing_fields[] = _AT('province');
572 if (!$country) $missing_fields[] = _AT('country');
573 if (!$postal_code) $missing_fields[] = _AT('postal_code');
578 $missing_fields = implode(', ', $missing_fields);
579 $msg->addError(array('EMPTY_FIELDS', $missing_fields));
582 if (!$msg->containsErrors())
589 * Validate if the login name is valid
592 * @return true if valid
594 * @author Cindy Qi Li
596 private function isLoginValid($login)
598 return preg_match("/^[a-zA-Z0-9_.-]([a-zA-Z0-9_.-])*$/i", $login);
602 * Validate if the login name already exists
605 * @return true if login already exists
606 * false if login not exists
607 * @author Cindy Qi Li
609 private function isLoginExists($login)
611 $sql = "SELECT * FROM ".TABLE_PREFIX."users WHERE login='".$login."'";
613 return is_array($this->execute($sql));
617 * Validate if the email is valid
620 * @return true if valid
622 * @author Cindy Qi Li
624 private function isEmailValid($email)
626 return preg_match("/^[a-z0-9\._-]+@+[a-z0-9\._-]+\.+[a-z]{2,6}$/i", $email);
630 * Validate if the email already exists
633 * @return true if email already exists
634 * false if email not exists
635 * @author Cindy Qi Li
637 private function isEmailExists($email)
639 $sql = "SELECT * FROM ".TABLE_PREFIX."users WHERE email='".$email."'";
641 return is_array($this->execute($sql));