-<?php\r
-\r
-/*\r
- * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)\r
- * Copyright (C) 2002-2005 The Nucleus Group\r
- *\r
- * This program is free software; you can redistribute it and/or\r
- * modify it under the terms of the GNU General Public License\r
- * as published by the Free Software Foundation; either version 2\r
- * of the License, or (at your option) any later version.\r
- * (see nucleus/documentation/index.html#license for more info)\r
- */\r
-/**\r
- * A class representing site members\r
- *\r
- * @license http://nucleuscms.org/license.txt GNU General Public License\r
- * @copyright Copyright (C) 2002-2005 The Nucleus Group\r
- * @version $Id: MEMBER.php,v 1.5 2005-08-13 07:33:02 kimitake Exp $\r
- * $NucleusJP: MEMBER.php,v 1.4 2005/03/12 06:19:05 kimitake Exp $\r
- */\r
-class MEMBER {\r
-\r
- // 1 when authenticated, 0 when not\r
- var $loggedin;\r
- var $password; // not the actual password, but rather a MD5 hash \r
-\r
- var $cookiekey; // value that should also be in the client cookie to allow authentication\r
- \r
- // member info\r
- var $id;\r
- var $realname;\r
- var $displayname;\r
- var $email;\r
- var $url;\r
- var $language; // name of the language file to use (e.g. 'english' -> english.php)\r
- var $admin; // (either 0 or 1)\r
- var $canlogin; // (either 0 or 1)\r
- var $notes;\r
-\r
- // (private)\r
- function MEMBER() {\r
-\r
- }\r
- \r
- // (static)\r
- function createFromName($displayname) {\r
- $mem =& new MEMBER();\r
- $mem->readFromName($displayname);\r
- return $mem;\r
- }\r
- \r
- // (static)\r
- function createFromID($id) {\r
- $mem =& new MEMBER();\r
- $mem->readFromID($id);\r
- return $mem;\r
- }\r
- \r
- function readFromName($displayname) {\r
- return $this->read("mname='".addslashes($displayname)."'");\r
- }\r
- \r
- function readFromID($id) {\r
- return $this->read("mnumber=" . intval($id));\r
- }\r
- \r
- /**\r
- * Tries to login as a given user. Returns true when succeeded, \r
- * returns false when failed\r
- */\r
- function login($login, $password) {\r
- $this->loggedin = 0;\r
- if (!$this->readFromName($login))\r
- return 0;\r
- if (!$this->checkPassword($password)) \r
- return 0;\r
- $this->loggedin = 1;\r
- return $this->isLoggedIn();\r
- }\r
- \r
- // login using cookie key\r
- function cookielogin($login, $cookiekey) {\r
- $this->loggedin = 0;\r
- if (!$this->readFromName($login))\r
- return 0;\r
- if (!$this->checkCookieKey($cookiekey))\r
- return 0;\r
- $this->loggedin = 1;\r
- return $this->isLoggedIn();\r
- }\r
- \r
- function logout() {\r
- $this->loggedin=0;\r
- }\r
- \r
- function isLoggedIn() {\r
- return $this->loggedin;\r
- }\r
- \r
- function read($where) {\r
- // read info\r
- $query = 'SELECT * FROM '.sql_table('member') . ' WHERE ' . $where;\r
- \r
- $res = sql_query($query);\r
- $obj = mysql_fetch_object($res);\r
- \r
- $this->setRealName($obj->mrealname);\r
- $this->setEmail($obj->memail);\r
- $this->password = $obj->mpassword;\r
- $this->setCookieKey($obj->mcookiekey); \r
- $this->setURL($obj->murl);\r
- $this->setDisplayName($obj->mname);\r
- $this->setAdmin($obj->madmin);\r
- $this->id = $obj->mnumber;\r
- $this->setCanLogin($obj->mcanlogin);\r
- $this->setNotes($obj->mnotes);\r
- $this->setLanguage($obj->deflang); \r
- \r
- return mysql_num_rows($res);\r
- }\r
- \r
- \r
- /**\r
- * Returns true if member is an admin for the given blog\r
- * (returns false if not a team member)\r
- */\r
- function isBlogAdmin($blogid) {\r
- $query = 'SELECT tadmin FROM '.sql_table('team').' WHERE'\r
- . ' tblog=' . intval($blogid)\r
- . ' and tmember='. $this->getID();\r
- $res = sql_query($query);\r
- if (mysql_num_rows($res) == 0)\r
- return 0;\r
- else\r
- return (mysql_result($res,0,0) == 1) ; \r
- }\r
- \r
- function blogAdminRights($blogid) {\r
- return ($this->isAdmin() || $this->isBlogAdmin($blogid));\r
- }\r
-\r
- \r
- function teamRights($blogid) {\r
- return ($this->isAdmin() || $this->isTeamMember($blogid));\r
- }\r
- \r
- /**\r
- * Returns true if this member is a team member of the given blog\r
- */\r
- function isTeamMember($blogid) {\r
- $query = 'SELECT * FROM '.sql_table('team').' WHERE'\r
- . ' tblog=' . intval($blogid)\r
- . ' and tmember='. $this->getID();\r
- return (mysql_num_rows(sql_query($query)) != 0);\r
- }\r
- \r
- /**\r
- * Returns true if this member can edit/delete a commentitem. This can be in the\r
- * following cases:\r
- * - member is a super-admin\r
- * - member is the author of the comment\r
- * - member is admin of the blog associated with the comment\r
- * - member is author of the item associated with the comment\r
- */\r
- function canAlterComment($commentid) {\r
- if ($this->isAdmin()) return 1;\r
- \r
- $query = 'SELECT citem as itemid, iblog as blogid, cmember as cauthor, iauthor'\r
- . ' FROM '.sql_table('comment') .', '.sql_table('item').', '.sql_table('blog')\r
- . ' WHERE citem=inumber and iblog=bnumber and cnumber=' . intval($commentid);\r
- $obj = mysql_fetch_object(sql_query($query));\r
- \r
- return ($obj->cauthor == $this->getID()) or $this->isBlogAdmin($obj->blogid) or ($obj->iauthor == $this->getID());\r
- } \r
- \r
- /**\r
- * Returns true if this member can edit/delete an item. This is true in the following\r
- * cases: - member is a super-admin\r
- * - member is the author of the item\r
- * - member is admin of the the associated blog\r
- */\r
- function canAlterItem($itemid) {\r
- if ($this->isAdmin()) return 1;\r
- \r
- $query = 'SELECT iblog, iauthor FROM '.sql_table('item').' WHERE inumber=' . intval($itemid);\r
- $obj = mysql_fetch_object(sql_query($query));\r
- return ($obj->iauthor == $this->getID()) or $this->isBlogAdmin($obj->iblog);\r
- }\r
- \r
- /**\r
- * returns true if this member can move/update an item to a given category, \r
- * false if not (see comments fot the tests that are executed)\r
- *\r
- * @param itemid\r
- * @param newcat (can also be of form 'newcat-x' with x=blogid)\r
- */\r
- function canUpdateItem($itemid, $newcat) {\r
- global $manager;\r
- \r
- // item does not exists -> NOK\r
- if (!$manager->existsItem($itemid,1,1)) return 0;\r
- \r
- // cannot alter item -> NOK\r
- if (!$this->canAlterItem($itemid)) return 0;\r
- \r
- // if this is a 'newcat' style newcat\r
- // no blog admin of destination blog -> NOK\r
- // blog admin of destination blog -> OK\r
- if (strstr($newcat,'newcat')) {\r
- // get blogid \r
- list($blogid) = sscanf($newcat,'newcat-%d');\r
- return $this->blogAdminRights($blogid);\r
- } \r
-\r
- // category does not exist -> NOK\r
- if (!$manager->existsCategory($newcat)) return 0;\r
-\r
- \r
- // get item\r
- $item =& $manager->getItem($itemid,1,1);\r
- \r
- // old catid = new catid -> OK\r
- if ($item['catid'] == $newcat) return 1;\r
-\r
- // not a valid category -> NOK\r
- $validCat = quickQuery('SELECT COUNT(*) AS result FROM '.sql_table('category').' WHERE catid='.intval($newcat));\r
- if (!$validCat) return 0;\r
- \r
- // get destination blog\r
- $source_blogid = getBlogIDFromItemID($itemid);\r
- $dest_blogid = getBlogIDFromCatID($newcat);\r
- \r
- // not a team member of destination blog -> NOK\r
- if (!$this->teamRights($dest_blogid)) return 0;\r
-\r
- // if member is author of item -> OK\r
- if ($item['authorid'] == $this->getID()) return 1;\r
- \r
- // if member has admin rights on both blogs: OK\r
- if (($this->blogAdminRights($dest_blogid)) && ($this->blogAdminRights($source_blogid))) return 1;\r
- \r
- // all other cases: NOK\r
- return 0;\r
- \r
- }\r
- \r
- function canAddItem($catid) {\r
- global $manager;\r
- \r
- // if this is a 'newcat' style newcat\r
- // no blog admin of destination blog -> NOK\r
- // blog admin of destination blog -> OK\r
- if (strstr($catid,'newcat')) {\r
- // get blogid \r
- list($blogid) = sscanf($catid,"newcat-%d");\r
- return $this->blogAdminRights($blogid);\r
- } \r
- \r
- // category does not exist -> NOK\r
- if (!$manager->existsCategory($catid)) return 0;\r
-\r
- $blogid = getBlogIDFromCatID($catid);\r
-\r
- // no team rights for blog -> NOK\r
- if (!$this->teamRights($blogid)) return 0;\r
-\r
- // all other cases: OK\r
- return 1;\r
- }\r
- \r
- /** \r
- * Return true if member can be deleted. This means that there are no items or comments\r
- * posted by the member\r
- */\r
- function canBeDeleted() {\r
- $res = sql_query('SELECT * FROM '.sql_table('item').' WHERE iauthor=' . $this->getID());\r
- $res2 = sql_query('SELECT * FROM '.sql_table('comment').' WHERE cmember=' . $this->getID());\r
- return ((mysql_num_rows($res) == 0) and (mysql_num_rows($res2)==0));\r
- }\r
-\r
- /** \r
- * Sets the cookies for the member\r
- *\r
- * @param shared\r
- * set this to 1 when using a shared computer. Cookies will expire\r
- * at the end of the session in this case.\r
- */\r
- function setCookies($shared = 0) {\r
- global $CONF;\r
- \r
- if ($CONF['SessionCookie'] || $shared)\r
- $lifetime = 0;\r
- else\r
- $lifetime = (time()+2592000);\r
- \r
- setcookie($CONF['CookiePrefix'] .'user',$this->getDisplayName(),$lifetime,$CONF['CookiePath'],$CONF['CookieDomain'],$CONF['CookieSecure']);\r
- setcookie($CONF['CookiePrefix'] .'loginkey', $this->getCookieKey(),$lifetime,$CONF['CookiePath'],$CONF['CookieDomain'],$CONF['CookieSecure']);\r
-\r
- // make sure cookies on shared pcs don't get renewed\r
- if ($shared)\r
- setcookie($CONF['CookiePrefix'] .'sharedpc', '1',$lifetime,$CONF['CookiePath'],$CONF['CookieDomain'],$CONF['CookieSecure']);\r
- }\r
- \r
- function sendActivationLink($type, $extra='') \r
- {\r
- global $CONF;\r
- \r
- // generate key and URL\r
- $key = $this->generateActivationEntry($type, $extra);\r
- $url = $CONF['AdminURL'] . 'index.php?action=activate&key=' . $key;\r
- \r
- // choose text to use in mail\r
- switch ($type)\r
- {\r
- case 'register':\r
- $message = _ACTIVATE_REGISTER_MAIL; \r
- $title = _ACTIVATE_REGISTER_MAILTITLE;\r
- break;\r
- case 'forgot':\r
- $message = _ACTIVATE_FORGOT_MAIL; \r
- $title = _ACTIVATE_FORGOT_MAILTITLE;\r
- break;\r
- case 'addresschange':\r
- $message = _ACTIVATE_CHANGE_MAIL;\r
- $title = _ACTIVATE_CHANGE_MAILTITLE; \r
- break;\r
- default;\r
- }\r
-\r
- // fill out variables in text\r
- \r
- $aVars = array(\r
- 'siteName' => $CONF['SiteName'],\r
- 'siteUrl' => $CONF['IndexURL'],\r
- 'memberName' => $this->getDisplayName(),\r
- 'activationUrl' => $url\r
- );\r
-\r
- $message = TEMPLATE::fill($message, $aVars); \r
- $title = TEMPLATE::fill($title, $aVars); \r
- \r
- // send mail\r
- \r
- mb_language('ja');\r
- mb_internal_encoding(_CHARSET);\r
- @mb_send_mail($this->getEmail(), $title ,$message,'From: ' . $CONF['AdminEmail']);\r
- \r
- ACTIONLOG::add(INFO, _ACTIONLOG_ACTIVATIONLINK . ' (' . $this->getDisplayName() . ' / type: ' . $type . ')'); \r
- \r
-\r
- }\r
- \r
- /** \r
- * Returns an array of all blogids for which member has admin rights\r
- */\r
- function getAdminBlogs() {\r
- $blogs = array();\r
- \r
- if ($this->isAdmin())\r
- $query = 'SELECT bnumber as blogid from '.sql_table('blog');\r
- else\r
- $query = 'SELECT tblog as blogid from '.sql_table('team').' where tadmin=1 and tmember=' . $this->getID();\r
- \r
- $res = sql_query($query);\r
- if (mysql_num_rows($res) > 0) {\r
- while ($obj = mysql_fetch_object($res)) {\r
- array_push($blogs, $obj->blogid);\r
- }\r
- }\r
- \r
- return $blogs;\r
- }\r
- \r
- /**\r
- * Returns an email address from which notification of commenting/karma voting can\r
- * be sent. A suggestion can be given for when the member is not logged in\r
- */\r
- function getNotifyFromMailAddress($suggest = "") {\r
- global $CONF;\r
- if ($this->isLoggedIn()) {\r
- return $this->getDisplayName() . " <" . $this->getEmail() . ">"; \r
- } else if (isValidMailAddress($suggest)) {\r
- return $suggest;\r
- } else {\r
- return $CONF['AdminEmail'];\r
- }\r
- }\r
-\r
- /**\r
- * Write data to database\r
- */\r
- function write() {\r
-\r
- $query = 'UPDATE '.sql_table('member')\r
- . " SET mname='" . addslashes($this->getDisplayName()) . "',"\r
- . " mrealname='". addslashes($this->getRealName()) . "',"\r
- . " mpassword='". addslashes($this->getPassword()) . "',"\r
- . " mcookiekey='". addslashes($this->getCookieKey()) . "'," \r
- . " murl='" . addslashes($this->getURL()) . "',"\r
- . " memail='" . addslashes($this->getEmail()) . "',"\r
- . " madmin=" . $this->isAdmin() . ","\r
- . " mnotes='" . addslashes($this->getNotes()) . "',"\r
- . " mcanlogin=" . $this->canLogin() . ","\r
- . " deflang='" . addslashes($this->getLanguage()) . "'"\r
- . " WHERE mnumber=" . $this->getID();\r
- sql_query($query);\r
- }\r
- \r
- function checkPassword($pw) {\r
- return (md5($pw) == $this->getPassword());\r
- }\r
- \r
- function checkCookieKey($key) {\r
- return (($key != '') && ($key == $this->getCookieKey()));\r
- }\r
- \r
- function getRealName() {\r
- return $this->realname;\r
- }\r
- \r
- function setRealName($name) {\r
- $this->realname = $name;\r
- }\r
- \r
- function getEmail() {\r
- return $this->email;\r
- }\r
- \r
- function setEmail($email) {\r
- $this->email = $email;\r
- }\r
- \r
- function getPassword() {\r
- return $this->password;\r
- }\r
- \r
- function setPassword($pwd) {\r
- $this->password = md5($pwd);\r
- }\r
- \r
- function getCookieKey() {\r
- return $this->cookiekey;\r
- }\r
- \r
- /**\r
- * Generate new cookiekey, save it, and return it\r
- */\r
- function newCookieKey() {\r
- mt_srand( (double) microtime() * 1000000);\r
- $this->cookiekey = md5(uniqid(mt_rand()));\r
- $this->write();\r
- return $this->cookiekey;\r
- }\r
- \r
- function setCookieKey($val) {\r
- $this->cookiekey = $val;\r
- }\r
-\r
- function getURL() {\r
- return $this->url;\r
- }\r
- \r
- function setURL($site) {\r
- $this->url = $site;\r
- }\r
- \r
- function getLanguage() {\r
- return $this->language;\r
- }\r
- \r
- function setLanguage($lang) {\r
- $this->language = $lang;\r
- }\r
- \r
- function setDisplayName($nick) {\r
- $this->displayname = $nick;\r
- }\r
- \r
- function getDisplayName() {\r
- return $this->displayname;\r
- }\r
- \r
- function isAdmin() {\r
- return $this->admin;\r
- }\r
- \r
- function setAdmin($val) {\r
- $this->admin = $val;\r
- }\r
- \r
- function canLogin() {\r
- return $this->canlogin;\r
- }\r
- \r
- function setCanLogin($val) {\r
- $this->canlogin = $val;\r
- }\r
-\r
- function getNotes() {\r
- return $this->notes;\r
- }\r
- \r
- function setNotes($val) {\r
- $this->notes = $val;\r
- }\r
- \r
- function getID() {\r
- return $this->id;\r
- }\r
-\r
- // returns true if there is a member with the given login name (static)\r
- function exists($name) {\r
- $r = sql_query('select * FROM '.sql_table('member')." WHERE mname='".addslashes($name)."'");\r
- return (mysql_num_rows($r) != 0);\r
- }\r
-\r
- // returns true if there is a member with the given ID (static)\r
- function existsID($id) {\r
- $r = sql_query('select * FROM '.sql_table('member')." WHERE mnumber='".intval($id)."'");\r
- return (mysql_num_rows($r) != 0);\r
- }\r
- \r
- // checks if a username is protected. If so, it can not be used on anonymous comments\r
- function isNameProtected($name) {\r
- \r
- // extract name\r
- $name = strip_tags($name); \r
- $name = trim($name); \r
- \r
- return MEMBER::exists($name);\r
- }\r
- \r
- // adds a new member (static)\r
- function create($name, $realname, $password, $email, $url, $admin, $canlogin, $notes) {\r
- if (!isValidMailAddress($email))\r
- return _ERROR_BADMAILADDRESS;\r
-\r
- if (!isValidDisplayName($name))\r
- return _ERROR_BADNAME;\r
-\r
- if (MEMBER::exists($name))\r
- return _ERROR_NICKNAMEINUSE; \r
-\r
- if (!$realname)\r
- return _ERROR_REALNAMEMISSING;\r
-\r
- if (!$password)\r
- return _ERROR_PASSWORDMISSING; \r
-\r
- // Sometimes user didn't prefix the URL with http://, this cause a malformed URL. Let's fix it.\r
- if (!eregi("^https?://", $url))\r
- $url = "http://".$url;\r
-\r
- $name = addslashes($name);\r
- $realname = addslashes($realname);\r
- $password = addslashes(md5($password));\r
- $email = addslashes($email);\r
- $url = addslashes($url);\r
- $admin = intval($admin);\r
- $canlogin = intval($canlogin);\r
- $notes = addslashes($notes);\r
-\r
- $query = 'INSERT INTO '.sql_table('member')." (MNAME,MREALNAME,MPASSWORD,MEMAIL,MURL, MADMIN, MCANLOGIN, MNOTES) "\r
- . "VALUES ('$name','$realname','$password','$email','$url',$admin, $canlogin, '$notes')";\r
- sql_query($query);\r
- \r
- ACTIONLOG::add(INFO, _ACTIONLOG_NEWMEMBER . ' ' . $name); \r
-\r
- return 1;\r
- } \r
- \r
- /**\r
- * Returns activation info for a certain key (an object with properties vkey, vmember, ...)\r
- * (static)\r
- *\r
- * @author karma\r
- */\r
- function getActivationInfo($key)\r
- {\r
- $query = 'SELECT * FROM ' . sql_table('activation') . ' WHERE vkey=\'' . addslashes($key). '\'';\r
- $res = sql_query($query);\r
-\r
- if (!$res || (mysql_num_rows($res) == 0))\r
- return 0;\r
- else\r
- return mysql_fetch_object($res);\r
- }\r
- \r
- /**\r
- * Creates an account activation key\r
- *\r
- * @param $type one of the following values (determines what to do when activation expires)\r
- * 'register' (new member registration)\r
- * 'forgot' (forgotton password)\r
- * 'addresschange' (member address has changed)\r
- * @param $extra extra info (needed when validation link expires)\r
- * addresschange -> old email address\r
- * @author dekarma\r
- */\r
- function generateActivationEntry($type, $extra = '') \r
- {\r
- // clean up old entries\r
- $this->cleanupActivationTable();\r
- \r
- // kill any existing entries for the current member (delete is ok)\r
- // (only one outstanding activation key can be present for a member)\r
- sql_query('DELETE FROM ' . sql_table('activation') . ' WHERE vmember=' . intval($this->getID()));\r
-\r
- $canLoginWhileActive = false; // indicates if the member can log in while the link is active \r
- switch ($type)\r
- {\r
- case 'forgot':\r
- $canLoginWhileActive = true;\r
- break;\r
- case 'register':\r
- break;\r
- case 'addresschange':\r
- $extra = $extra . '/' . ($this->canLogin() ? '1' : '0');\r
- break;\r
- }\r
- \r
- $ok = false;\r
- while (!$ok)\r
- {\r
- // generate a random key\r
- srand((double)microtime()*1000000);\r
- $key = md5(uniqid(rand(), true));\r
- \r
- // attempt to add entry in database\r
- // add in database as non-active\r
- $query = 'INSERT INTO ' . sql_table('activation'). ' (vkey, vtime, vmember, vtype, vextra) ';\r
- $query .= 'VALUES (\'' . addslashes($key). '\', \'' . date('Y-m-d H:i:s',time()) . '\', \'' . intval($this->getID()). '\', \'' . addslashes($type). '\', \'' . addslashes($extra). '\')';\r
- if (sql_query($query))\r
- $ok = true;\r
- }\r
- \r
- // mark member as not allowed to log in\r
- if (!$canLoginWhileActive)\r
- {\r
- $this->setCanLogin(0);\r
- $this->write(); \r
- }\r
- \r
- // return the key\r
- return $key;\r
- }\r
- \r
- /**\r
- * Inidicates that an activation link has been clicked and any forms displayed\r
- * there have been successfully filled out.\r
- * @author dekarma\r
- */\r
- function activate($key) \r
- {\r
- // get activate info\r
- $info = MEMBER::getActivationInfo($key);\r
- \r
- // no active key\r
- if (!$info)\r
- return false;\r
- \r
- switch ($info->vtype) \r
- {\r
- case 'forgot':\r
- // nothing to do\r
- break;\r
- case 'register':\r
- // set canlogin value\r
- global $CONF;\r
- sql_query('UPDATE ' . sql_table('member') . ' SET mcanlogin=' . intval($CONF['NewMemberCanLogon']). ' WHERE mnumber=' . intval($info->vmember));\r
- break;\r
- case 'addresschange':\r
- // reset old 'canlogin' value\r
- list($oldEmail, $oldCanLogin) = explode('/', $info->vextra);\r
- sql_query('UPDATE ' . sql_table('member') . ' SET mcanlogin=' . intval($oldCanLogin). ' WHERE mnumber=' . intval($info->vmember));\r
- break;\r
- }\r
- \r
- // delete from activation table\r
- sql_query('DELETE FROM ' . sql_table('activation') . ' WHERE vkey=\'' . addslashes($key) . '\'');\r
- \r
- // success!\r
- return true;\r
- }\r
- \r
- /**\r
- * Cleans up entries in the activation table. All entries older than 2 days are removed.\r
- * (static)\r
- *\r
- * @author dekarma\r
- */\r
- function cleanupActivationTable() \r
- {\r
- $boundary = time() - (60 * 60 * 24 * 2);\r
- \r
- // 1. walk over all entries, and see if special actions need to be performed\r
- $res = sql_query('SELECT * FROM ' . sql_table('activation') . ' WHERE vtime < \'' . date('Y-m-d H:i:s',$boundary) . '\'');\r
- \r
- while ($o = mysql_fetch_object($res))\r
- {\r
- switch ($o->vtype)\r
- {\r
- case 'register':\r
- // delete all information about this site member. registration is undone because there was\r
- // no timely activation\r
- include_once($DIR_LIBS . 'ADMIN.php');\r
- ADMIN::deleteOneMember(intval($o->vmember));\r
- break;\r
- case 'addresschange':\r
- // revert the e-mail address of the member back to old address\r
- list($oldEmail, $oldCanLogin) = explode('/', $o->vextra);\r
- sql_query('UPDATE ' . sql_table('member') . ' SET mcanlogin=' . intval($oldCanLogin). ', memail=\'' . addslashes($oldEmail). '\' WHERE mnumber=' . intval($o->vmember));\r
- break; \r
- case 'forgot':\r
- // delete the activation link and ignore. member can request a new password using the \r
- // forgot password link\r
- break;\r
- }\r
- }\r
- \r
- // 2. delete activation entries for real\r
- sql_query('DELETE FROM ' . sql_table('activation') . ' WHERE vtime < \'' . date('Y-m-d H:i:s',$boundary) . '\'');\r
- }\r
-\r
-}\r
-\r
-?>\r
+<?php
+
+/*
+ * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
+ * Copyright (C) 2002-2010 The Nucleus Group
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * (see nucleus/documentation/index.html#license for more info)
+ */
+/**
+ * A class representing site members
+ *
+ * @license http://nucleuscms.org/license.txt GNU General Public License
+ * @copyright Copyright (C) 2002-2010 The Nucleus Group
+ * @version $Id$
+ * $NucleusJP: MEMBER.php,v 1.6 2006/07/17 20:03:44 kimitake Exp $
+ */
+class MEMBER {
+
+ // 1 when authenticated, 0 when not
+ var $loggedin = 0;
+ var $password; // not the actual password, but rather a MD5 hash
+
+ var $cookiekey; // value that should also be in the client cookie to allow authentication
+
+ // member info
+ var $id = -1;
+ var $realname;
+ var $displayname;
+ var $email;
+ var $url;
+ var $language = ''; // name of the language file to use (e.g. 'english' -> english.php)
+ var $admin = 0; // (either 0 or 1)
+ var $canlogin = 0; // (either 0 or 1)
+ var $notes;
+ var $autosave = 1; // if the member use the autosave draft function
+
+ /**
+ * Constructor for a member object
+ */
+ function MEMBER() {
+ // do nothing
+ }
+
+ /**
+ * Create a member object for a given displayname
+ *
+ * @static
+ */
+ function &createFromName($displayname) {
+ $mem =& new MEMBER();
+ $mem->readFromName($displayname);
+ return $mem;
+ }
+
+ /**
+ * Create a member object for a given ID
+ *
+ * @static
+ */
+ function &createFromID($id) {
+ $mem =& new MEMBER();
+ $mem->readFromID($id);
+ return $mem;
+ }
+
+ function readFromName($displayname) {
+ return $this->read("mname='".sql_real_escape_string($displayname)."'");
+ }
+
+ function readFromID($id) {
+ return $this->read("mnumber=" . intval($id));
+ }
+
+ /**
+ * Tries to login as a given user.
+ * Returns true when succeeded, returns false when failed
+ * 3.40 adds CustomLogin event
+ */
+ function login($login, $password) {
+ global $manager;
+ $this->loggedin = 0;
+ $success = 0;
+ $allowlocal = 1;
+ $manager->notify('CustomLogin', array('login' => &$login, 'password'=>&$password, 'success'=>&$success, 'allowlocal'=>&$allowlocal) );
+ if ($success && $this->readFromName($login)) {
+ $this->loggedin = 1;
+ return $this->isLoggedIn();
+ } elseif (!$success && $allowlocal) {
+ if (!$this->readFromName($login))
+ return 0;
+ if (!$this->checkPassword($password))
+ return 0;
+ $this->loggedin = 1;
+ return $this->isLoggedIn();
+ } else {
+ return 0;
+ }
+ }
+
+ /**
+ * Login using cookie key
+ */
+ function cookielogin($login, $cookiekey) {
+ $this->loggedin = 0;
+ if (!$this->readFromName($login))
+ return 0;
+ if (!$this->checkCookieKey($cookiekey))
+ return 0;
+ $this->loggedin = 1;
+ return $this->isLoggedIn();
+ }
+
+ function logout() {
+ $this->loggedin=0;
+ }
+
+ function isLoggedIn() {
+ return $this->loggedin;
+ }
+
+ /**
+ * Read member information from the database
+ */
+ function read($where) {
+ // read info
+ $query = 'SELECT * FROM '.sql_table('member') . ' WHERE ' . $where;
+
+ $res = sql_query($query);
+ $obj = sql_fetch_object($res);
+
+ $this->setRealName($obj->mrealname);
+ $this->setEmail($obj->memail);
+ $this->password = $obj->mpassword;
+ $this->setCookieKey($obj->mcookiekey);
+ $this->setURL($obj->murl);
+ $this->setDisplayName($obj->mname);
+ $this->setAdmin($obj->madmin);
+ $this->id = $obj->mnumber;
+ $this->setCanLogin($obj->mcanlogin);
+ $this->setNotes($obj->mnotes);
+ $this->setLanguage($obj->deflang);
+ $this->setAutosave($obj->mautosave);
+
+ return sql_num_rows($res);
+ }
+
+
+ /**
+ * Returns true if member is an admin for the given blog
+ * (returns false if not a team member)
+ */
+ function isBlogAdmin($blogid) {
+ $query = 'SELECT tadmin FROM '.sql_table('team').' WHERE'
+ . ' tblog=' . intval($blogid)
+ . ' and tmember='. $this->getID();
+ $res = sql_query($query);
+ if (sql_num_rows($res) == 0)
+ return 0;
+ else
+ return (sql_result($res,0,0) == 1) ;
+ }
+
+ function blogAdminRights($blogid) {
+ return ($this->isAdmin() || $this->isBlogAdmin($blogid));
+ }
+
+
+ function teamRights($blogid) {
+ return ($this->isAdmin() || $this->isTeamMember($blogid));
+ }
+
+ /**
+ * Returns true if this member is a team member of the given blog
+ */
+ function isTeamMember($blogid) {
+ $query = 'SELECT * FROM '.sql_table('team').' WHERE'
+ . ' tblog=' . intval($blogid)
+ . ' and tmember='. $this->getID();
+ $res = sql_query($query);
+ return (sql_num_rows($res) != 0);
+ }
+
+ function canAddItem($catid) {
+ global $manager;
+
+ // if this is a 'newcat' style newcat
+ // no blog admin of destination blog -> NOK
+ // blog admin of destination blog -> OK
+ if (strstr($catid,'newcat')) {
+ // get blogid
+ list($blogid) = sscanf($catid,"newcat-%d");
+ return $this->blogAdminRights($blogid);
+ }
+
+ // category does not exist -> NOK
+ if (!$manager->existsCategory($catid)) return 0;
+
+ $blogid = getBlogIDFromCatID($catid);
+
+ // no team rights for blog -> NOK
+ if (!$this->teamRights($blogid)) return 0;
+
+ // all other cases: OK
+ return 1;
+ }
+
+ /**
+ * Returns true if this member can edit/delete a commentitem. This can be in the
+ * following cases:
+ * - member is a super-admin
+ * - member is the author of the comment
+ * - member is admin of the blog associated with the comment
+ * - member is author of the item associated with the comment
+ */
+ function canAlterComment($commentid) {
+ if ($this->isAdmin()) return 1;
+
+ $query = 'SELECT citem as itemid, iblog as blogid, cmember as cauthor, iauthor'
+ . ' FROM '.sql_table('comment') .', '.sql_table('item').', '.sql_table('blog')
+ . ' WHERE citem=inumber and iblog=bnumber and cnumber=' . intval($commentid);
+ $res = sql_query($query);
+ $obj = sql_fetch_object($res);
+
+ return ($obj->cauthor == $this->getID()) or $this->isBlogAdmin($obj->blogid) or ($obj->iauthor == $this->getID());
+ }
+
+ /**
+ * Returns true if this member can edit/delete an item. This is true in the following
+ * cases: - member is a super-admin
+ * - member is the author of the item
+ * - member is admin of the the associated blog
+ */
+ function canAlterItem($itemid) {
+ if ($this->isAdmin()) return 1;
+
+ $query = 'SELECT iblog, iauthor FROM '.sql_table('item').' WHERE inumber=' . intval($itemid);
+ $res = sql_query($query);
+ $obj = sql_fetch_object($res);
+ return ($obj->iauthor == $this->getID()) or $this->isBlogAdmin($obj->iblog);
+ }
+
+ /**
+ * Return true if member can be deleted. This means that there are no items
+ * posted by the member left
+ */
+ function canBeDeleted() {
+ $res = sql_query('SELECT * FROM '.sql_table('item').' WHERE iauthor=' . $this->getID());
+ return (sql_num_rows($res) == 0);
+ }
+
+ /**
+ * returns true if this member can move/update an item to a given category,
+ * false if not (see comments fot the tests that are executed)
+ *
+ * @param itemid
+ * @param newcat (can also be of form 'newcat-x' with x=blogid)
+ */
+ function canUpdateItem($itemid, $newcat) {
+ global $manager;
+
+ // item does not exists -> NOK
+ if (!$manager->existsItem($itemid,1,1)) return 0;
+
+ // cannot alter item -> NOK
+ if (!$this->canAlterItem($itemid)) return 0;
+
+ // if this is a 'newcat' style newcat
+ // no blog admin of destination blog -> NOK
+ // blog admin of destination blog -> OK
+ if (strstr($newcat,'newcat')) {
+ // get blogid
+ list($blogid) = sscanf($newcat,'newcat-%d');
+ return $this->blogAdminRights($blogid);
+ }
+
+ // category does not exist -> NOK
+ if (!$manager->existsCategory($newcat)) return 0;
+
+
+ // get item
+ $item =& $manager->getItem($itemid,1,1);
+
+ // old catid = new catid -> OK
+ if ($item['catid'] == $newcat) return 1;
+
+ // not a valid category -> NOK
+ $validCat = quickQuery('SELECT COUNT(*) AS result FROM '.sql_table('category').' WHERE catid='.intval($newcat));
+ if (!$validCat) return 0;
+
+ // get destination blog
+ $source_blogid = getBlogIDFromItemID($itemid);
+ $dest_blogid = getBlogIDFromCatID($newcat);
+
+ // not a team member of destination blog -> NOK
+ if (!$this->teamRights($dest_blogid)) return 0;
+
+ // if member is author of item -> OK
+ if ($item['authorid'] == $this->getID()) return 1;
+
+ // if member has admin rights on both blogs: OK
+ if (($this->blogAdminRights($dest_blogid)) && ($this->blogAdminRights($source_blogid))) return 1;
+
+ // all other cases: NOK
+ return 0;
+
+ }
+
+ /**
+ * Sets the cookies for the member
+ *
+ * @param shared
+ * set this to 1 when using a shared computer. Cookies will expire
+ * at the end of the session in this case.
+ */
+ function setCookies($shared = 0) {
+ global $CONF;
+
+ if ($CONF['SessionCookie'] || $shared)
+ $lifetime = 0;
+ else
+ $lifetime = (time()+2592000);
+
+ setcookie($CONF['CookiePrefix'] .'user',$this->getDisplayName(),$lifetime,$CONF['CookiePath'],$CONF['CookieDomain'],$CONF['CookieSecure']);
+ setcookie($CONF['CookiePrefix'] .'loginkey', $this->getCookieKey(),$lifetime,$CONF['CookiePath'],$CONF['CookieDomain'],$CONF['CookieSecure']);
+
+ // make sure cookies on shared pcs don't get renewed
+ if ($shared)
+ setcookie($CONF['CookiePrefix'] .'sharedpc', '1',$lifetime,$CONF['CookiePath'],$CONF['CookieDomain'],$CONF['CookieSecure']);
+ }
+
+ function sendActivationLink($type, $extra='')
+ {
+ global $CONF;
+
+ if (!isset($CONF['ActivationDays'])) $CONF['ActivationDays'] = 2;
+
+ // generate key and URL
+ $key = $this->generateActivationEntry($type, $extra);
+ $url = $CONF['AdminURL'] . 'index.php?action=activate&key=' . $key;
+
+ // choose text to use in mail
+ switch ($type)
+ {
+ case 'register':
+ $message = _ACTIVATE_REGISTER_MAIL;
+ $title = _ACTIVATE_REGISTER_MAILTITLE;
+ break;
+ case 'forgot':
+ $message = _ACTIVATE_FORGOT_MAIL;
+ $title = _ACTIVATE_FORGOT_MAILTITLE;
+ break;
+ case 'addresschange':
+ $message = _ACTIVATE_CHANGE_MAIL;
+ $title = _ACTIVATE_CHANGE_MAILTITLE;
+ break;
+ default;
+ }
+
+ // fill out variables in text
+
+ $aVars = array(
+ 'siteName' => $CONF['SiteName'],
+ 'siteUrl' => $CONF['IndexURL'],
+ 'memberName' => $this->getDisplayName(),
+ 'activationUrl' => $url,
+ 'activationDays' => $CONF['ActivationDays']
+ );
+
+ $message = TEMPLATE::fill($message, $aVars);
+ $title = TEMPLATE::fill($title, $aVars);
+
+ // send mail
+
+ mb_language('ja');
+ mb_internal_encoding(_CHARSET);
+ @mb_send_mail($this->getEmail(), $title ,$message,'From: ' . $CONF['AdminEmail']);
+
+ ACTIONLOG::add(INFO, _ACTIONLOG_ACTIVATIONLINK . ' (' . $this->getDisplayName() . ' / type: ' . $type . ')');
+
+
+ }
+
+ /**
+ * Returns an array of all blogids for which member has admin rights
+ */
+ function getAdminBlogs() {
+ $blogs = array();
+
+ if ($this->isAdmin())
+ $query = 'SELECT bnumber as blogid from '.sql_table('blog');
+ else
+ $query = 'SELECT tblog as blogid from '.sql_table('team').' where tadmin=1 and tmember=' . $this->getID();
+
+ $res = sql_query($query);
+ if (sql_num_rows($res) > 0) {
+ while ($obj = sql_fetch_object($res)) {
+ array_push($blogs, $obj->blogid);
+ }
+ }
+
+ return $blogs;
+ }
+
+ /**
+ * Returns an array of all blogids for which member has team rights
+ */
+ function getTeamBlogs($incAdmin = 1) {
+ $incAdmin = intval($incAdmin);
+ $blogs = array();
+
+ if ($this->isAdmin() && $incAdmin)
+ $query = 'SELECT bnumber as blogid from '.sql_table('blog');
+ else
+ $query = 'SELECT tblog as blogid from '.sql_table('team').' where tmember=' . $this->getID();
+
+ $res = sql_query($query);
+ if (sql_num_rows($res) > 0) {
+ while ($obj = sql_fetch_object($res)) {
+ array_push($blogs, $obj->blogid);
+ }
+ }
+
+ return $blogs;
+ }
+
+ /**
+ * Returns an email address from which notification of commenting/karma voting can
+ * be sent. A suggestion can be given for when the member is not logged in
+ */
+ function getNotifyFromMailAddress($suggest = "") {
+ global $CONF;
+ if ($this->isLoggedIn()) {
+ return $this->getDisplayName() . " <" . $this->getEmail() . ">";
+ } else if (isValidMailAddress($suggest)) {
+ return $suggest;
+ } else {
+ return $CONF['AdminEmail'];
+ }
+ }
+
+ /**
+ * Write data to database
+ */
+ function write() {
+
+ $query = 'UPDATE '.sql_table('member')
+ . " SET mname='" . sql_real_escape_string($this->getDisplayName()) . "',"
+ . " mrealname='". sql_real_escape_string($this->getRealName()) . "',"
+ . " mpassword='". sql_real_escape_string($this->getPassword()) . "',"
+ . " mcookiekey='". sql_real_escape_string($this->getCookieKey()) . "',"
+ . " murl='" . sql_real_escape_string($this->getURL()) . "',"
+ . " memail='" . sql_real_escape_string($this->getEmail()) . "',"
+ . " madmin=" . $this->isAdmin() . ","
+ . " mnotes='" . sql_real_escape_string($this->getNotes()) . "',"
+ . " mcanlogin=" . $this->canLogin() . ","
+ . " deflang='" . sql_real_escape_string($this->getLanguage()) . "',"
+ . " mautosave=" . intval($this->getAutosave()) . ""
+ . " WHERE mnumber=" . $this->getID();
+ sql_query($query);
+ }
+
+ function checkCookieKey($key) {
+ return (($key != '') && ($key == $this->getCookieKey()));
+ }
+
+ function checkPassword($pw) {
+ return (md5($pw) == $this->getPassword());
+ }
+
+ function getRealName() {
+ return $this->realname;
+ }
+
+ function setRealName($name) {
+ $this->realname = $name;
+ }
+
+ function getEmail() {
+ return $this->email;
+ }
+
+ function setEmail($email) {
+ $this->email = $email;
+ }
+
+ function getPassword() {
+ return $this->password;
+ }
+
+ function setPassword($pwd) {
+ $this->password = md5($pwd);
+ }
+
+ function getCookieKey() {
+ return $this->cookiekey;
+ }
+
+ /**
+ * Generate new cookiekey, save it, and return it
+ */
+ function newCookieKey() {
+ mt_srand( (double) microtime() * 1000000);
+ $this->cookiekey = md5(uniqid(mt_rand()));
+ $this->write();
+ return $this->cookiekey;
+ }
+
+ function setCookieKey($val) {
+ $this->cookiekey = $val;
+ }
+
+ function getURL() {
+ return $this->url;
+ }
+
+ function setURL($site) {
+ $this->url = $site;
+ }
+
+ function getLanguage() {
+ return $this->language;
+ }
+
+ function setLanguage($lang) {
+ $this->language = $lang;
+ }
+
+ function setDisplayName($nick) {
+ $this->displayname = $nick;
+ }
+
+ function getDisplayName() {
+ return $this->displayname;
+ }
+
+ function isAdmin() {
+ return $this->admin;
+ }
+
+ function setAdmin($val) {
+ $this->admin = $val;
+ }
+
+ function canLogin() {
+ return $this->canlogin;
+ }
+
+ function setCanLogin($val) {
+ $this->canlogin = $val;
+ }
+
+ function getNotes() {
+ return $this->notes;
+ }
+
+ function setNotes($val) {
+ $this->notes = $val;
+ }
+
+ function getAutosave() {
+ return $this->autosave;
+ }
+
+ function setAutosave($val) {
+ $this->autosave = $val;
+ }
+
+ function getID() {
+ return $this->id;
+ }
+
+ /**
+ * Returns true if there is a member with the given login name
+ *
+ * @static
+ */
+ function exists($name) {
+ $r = sql_query('select * FROM '.sql_table('member')." WHERE mname='".sql_real_escape_string($name)."'");
+ return (sql_num_rows($r) != 0);
+ }
+
+ /**
+ * Returns true if there is a member with the given ID
+ *
+ * @static
+ */
+ function existsID($id) {
+ $r = sql_query('select * FROM '.sql_table('member')." WHERE mnumber='".intval($id)."'");
+ return (sql_num_rows($r) != 0);
+ }
+
+ /**
+ * Checks if a username is protected.
+ * If so, it can not be used on anonymous comments
+ */
+ function isNameProtected($name) {
+
+ // extract name
+ $name = strip_tags($name);
+ $name = trim($name);
+
+ return MEMBER::exists($name);
+ }
+
+ /**
+ * Adds a new member
+ *
+ * @static
+ */
+ function create($name, $realname, $password, $email, $url, $admin, $canlogin, $notes) {
+ if (!isValidMailAddress($email))
+ {
+ return _ERROR_BADMAILADDRESS;
+ }
+ if (!isValidDisplayName($name))
+ {
+ return _ERROR_BADNAME;
+ }
+ if (MEMBER::exists($name))
+ {
+ return _ERROR_NICKNAMEINUSE;
+ }
+ if (!$realname)
+ {
+ return _ERROR_REALNAMEMISSING;
+ }
+ if (!$password)
+ {
+ return _ERROR_PASSWORDMISSING;
+ }
+
+ # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0
+ # original eregi: !eregi("^https?://", $url)
+ // begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it.
+ if (!preg_match('#^https?://#', $url) )
+ {
+ $url = 'http://' . $url;
+ } // end if
+
+ $name = sql_real_escape_string($name);
+ $realname = sql_real_escape_string($realname);
+ $password = sql_real_escape_string(md5($password));
+ $email = sql_real_escape_string($email);
+ $url = sql_real_escape_string($url);
+ $admin = intval($admin);
+ $canlogin = intval($canlogin);
+ $notes = sql_real_escape_string($notes);
+
+ if (($admin) && !($canlogin)) {
+ return _ERROR;
+ }
+
+ $query = 'INSERT INTO '.sql_table('member')." (MNAME,MREALNAME,MPASSWORD,MEMAIL,MURL, MADMIN, MCANLOGIN, MNOTES) "
+ . "VALUES ('$name','$realname','$password','$email','$url',$admin, $canlogin, '$notes')";
+ sql_query($query);
+
+ ACTIONLOG::add(INFO, _ACTIONLOG_NEWMEMBER . ' ' . $name);
+
+ return 1;
+ }
+
+ /**
+ * Returns activation info for a certain key (an object with properties vkey, vmember, ...)
+ * (static)
+ *
+ * @author karma
+ */
+ function getActivationInfo($key)
+ {
+ $query = 'SELECT * FROM ' . sql_table('activation') . ' WHERE vkey=\'' . sql_real_escape_string($key). '\'';
+ $res = sql_query($query);
+
+ if (!$res || (sql_num_rows($res) == 0))
+ return 0;
+ else
+ return sql_fetch_object($res);
+ }
+
+ /**
+ * Creates an account activation key
+ *
+ * @param $type one of the following values (determines what to do when activation expires)
+ * 'register' (new member registration)
+ * 'forgot' (forgotton password)
+ * 'addresschange' (member address has changed)
+ * @param $extra extra info (needed when validation link expires)
+ * addresschange -> old email address
+ * @author dekarma
+ */
+ function generateActivationEntry($type, $extra = '')
+ {
+ // clean up old entries
+ $this->cleanupActivationTable();
+
+ // kill any existing entries for the current member (delete is ok)
+ // (only one outstanding activation key can be present for a member)
+ sql_query('DELETE FROM ' . sql_table('activation') . ' WHERE vmember=' . intval($this->getID()));
+
+ $canLoginWhileActive = false; // indicates if the member can log in while the link is active
+ switch ($type)
+ {
+ case 'forgot':
+ $canLoginWhileActive = true;
+ break;
+ case 'register':
+ break;
+ case 'addresschange':
+ $extra = $extra . '/' . ($this->canLogin() ? '1' : '0');
+ break;
+ }
+
+ $ok = false;
+ while (!$ok)
+ {
+ // generate a random key
+ srand((double)microtime()*1000000);
+ $key = md5(uniqid(rand(), true));
+
+ // attempt to add entry in database
+ // add in database as non-active
+ $query = 'INSERT INTO ' . sql_table('activation'). ' (vkey, vtime, vmember, vtype, vextra) ';
+ $query .= 'VALUES (\'' . sql_real_escape_string($key). '\', \'' . date('Y-m-d H:i:s',time()) . '\', \'' . intval($this->getID()). '\', \'' . sql_real_escape_string($type). '\', \'' . sql_real_escape_string($extra). '\')';
+ if (sql_query($query))
+ $ok = true;
+ }
+
+ // mark member as not allowed to log in
+ if (!$canLoginWhileActive)
+ {
+ $this->setCanLogin(0);
+ $this->write();
+ }
+
+ // return the key
+ return $key;
+ }
+
+ /**
+ * Inidicates that an activation link has been clicked and any forms displayed
+ * there have been successfully filled out.
+ * @author dekarma
+ */
+ function activate($key)
+ {
+ // get activate info
+ $info = MEMBER::getActivationInfo($key);
+
+ // no active key
+ if (!$info)
+ return false;
+
+ switch ($info->vtype)
+ {
+ case 'forgot':
+ // nothing to do
+ break;
+ case 'register':
+ // set canlogin value
+ global $CONF;
+ sql_query('UPDATE ' . sql_table('member') . ' SET mcanlogin=' . intval($CONF['NewMemberCanLogon']). ' WHERE mnumber=' . intval($info->vmember));
+ break;
+ case 'addresschange':
+ // reset old 'canlogin' value
+ list($oldEmail, $oldCanLogin) = explode('/', $info->vextra);
+ sql_query('UPDATE ' . sql_table('member') . ' SET mcanlogin=' . intval($oldCanLogin). ' WHERE mnumber=' . intval($info->vmember));
+ break;
+ }
+
+ // delete from activation table
+ sql_query('DELETE FROM ' . sql_table('activation') . ' WHERE vkey=\'' . sql_real_escape_string($key) . '\'');
+
+ // success!
+ return true;
+ }
+
+ /**
+ * Cleans up entries in the activation table. All entries older than 2 days are removed.
+ * (static)
+ *
+ * @author dekarma
+ */
+ function cleanupActivationTable()
+ {
+ $actdays = 2;
+ if (isset($CONF['ActivationDays']) && intval($CONF['ActivationDays']) > 0) {
+ $actdays = intval($CONF['ActivationDays']);
+ }
+ else {
+ $CONF['ActivationDays'] = 2;
+ }
+ $boundary = time() - (60 * 60 * 24 * $actdays);
+
+ // 1. walk over all entries, and see if special actions need to be performed
+ $res = sql_query('SELECT * FROM ' . sql_table('activation') . ' WHERE vtime < \'' . date('Y-m-d H:i:s',$boundary) . '\'');
+
+ while ($o = sql_fetch_object($res))
+ {
+ switch ($o->vtype)
+ {
+ case 'register':
+ // delete all information about this site member. registration is undone because there was
+ // no timely activation
+ include_once($DIR_LIBS . 'ADMIN.php');
+ ADMIN::deleteOneMember(intval($o->vmember));
+ break;
+ case 'addresschange':
+ // revert the e-mail address of the member back to old address
+ list($oldEmail, $oldCanLogin) = explode('/', $o->vextra);
+ sql_query('UPDATE ' . sql_table('member') . ' SET mcanlogin=' . intval($oldCanLogin). ', memail=\'' . sql_real_escape_string($oldEmail). '\' WHERE mnumber=' . intval($o->vmember));
+ break;
+ case 'forgot':
+ // delete the activation link and ignore. member can request a new password using the
+ // forgot password link
+ break;
+ }
+ }
+
+ // 2. delete activation entries for real
+ sql_query('DELETE FROM ' . sql_table('activation') . ' WHERE vtime < \'' . date('Y-m-d H:i:s',$boundary) . '\'');
+ }
+
+}
+
+?>
\ No newline at end of file