/*
* Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
- * Copyright (C) 2002-2006 The Nucleus Group
+ * Copyright (C) 2002-2010 The Nucleus Group
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* A class representing site members
*
* @license http://nucleuscms.org/license.txt GNU General Public License
- * @copyright Copyright (C) 2002-2006 The Nucleus Group
- * @version $Id: MEMBER.php,v 1.6 2006-07-17 20:03:44 kimitake Exp $
- * $NucleusJP: MEMBER.php,v 1.5 2005/08/13 07:33:02 kimitake Exp $
+ * @copyright Copyright (C) 2002-2010 The Nucleus Group
+ * @version $Id$
+ * $NucleusJP: MEMBER.php,v 1.6 2006/07/17 20:03:44 kimitake Exp $
*/
class MEMBER {
var $admin = 0; // (either 0 or 1)
var $canlogin = 0; // (either 0 or 1)
var $notes;
+ var $autosave = 1; // if the member use the autosave draft function
- // (private)
+ /**
+ * Constructor for a member object
+ */
function MEMBER() {
-
+ // do nothing
}
- // (static)
+ /**
+ * Create a member object for a given displayname
+ *
+ * @static
+ */
function &createFromName($displayname) {
$mem =& new MEMBER();
$mem->readFromName($displayname);
return $mem;
}
- // (static)
+ /**
+ * Create a member object for a given ID
+ *
+ * @static
+ */
function &createFromID($id) {
$mem =& new MEMBER();
$mem->readFromID($id);
}
/**
- * Tries to login as a given user. Returns true when succeeded,
- * returns false when failed
+ * Tries to login as a given user.
+ * Returns true when succeeded, returns false when failed
+ * 3.40 adds CustomLogin event
*/
function login($login, $password) {
+ global $manager;
$this->loggedin = 0;
- if (!$this->readFromName($login))
- return 0;
- if (!$this->checkPassword($password))
+ $success = 0;
+ $allowlocal = 1;
+ $manager->notify('CustomLogin', array('login' => &$login, 'password'=>&$password, 'success'=>&$success, 'allowlocal'=>&$allowlocal) );
+ if ($success && $this->readFromName($login)) {
+ $this->loggedin = 1;
+ return $this->isLoggedIn();
+ } elseif (!$success && $allowlocal) {
+ if (!$this->readFromName($login))
+ return 0;
+ if (!$this->checkPassword($password))
+ return 0;
+ $this->loggedin = 1;
+ return $this->isLoggedIn();
+ } else {
return 0;
- $this->loggedin = 1;
- return $this->isLoggedIn();
+ }
}
- // login using cookie key
+ /**
+ * Login using cookie key
+ */
function cookielogin($login, $cookiekey) {
$this->loggedin = 0;
if (!$this->readFromName($login))
return $this->loggedin;
}
+ /**
+ * Read member information from the database
+ */
function read($where) {
// read info
$query = 'SELECT * FROM '.sql_table('member') . ' WHERE ' . $where;
$res = sql_query($query);
- $obj = mysql_fetch_object($res);
+ $obj = sql_fetch_object($res);
$this->setRealName($obj->mrealname);
$this->setEmail($obj->memail);
$this->setCanLogin($obj->mcanlogin);
$this->setNotes($obj->mnotes);
$this->setLanguage($obj->deflang);
+ $this->setAutosave($obj->mautosave);
- return mysql_num_rows($res);
+ return sql_num_rows($res);
}
. ' tblog=' . intval($blogid)
. ' and tmember='. $this->getID();
$res = sql_query($query);
- if (mysql_num_rows($res) == 0)
+ if (sql_num_rows($res) == 0)
return 0;
else
- return (mysql_result($res,0,0) == 1) ;
+ return (sql_result($res,0,0) == 1) ;
}
function blogAdminRights($blogid) {
. ' tblog=' . intval($blogid)
. ' and tmember='. $this->getID();
$res = sql_query($query);
- return (mysql_num_rows($res) != 0);
+ return (sql_num_rows($res) != 0);
+ }
+
+ function canAddItem($catid) {
+ global $manager;
+
+ // if this is a 'newcat' style newcat
+ // no blog admin of destination blog -> NOK
+ // blog admin of destination blog -> OK
+ if (strstr($catid,'newcat')) {
+ // get blogid
+ list($blogid) = sscanf($catid,"newcat-%d");
+ return $this->blogAdminRights($blogid);
+ }
+
+ // category does not exist -> NOK
+ if (!$manager->existsCategory($catid)) return 0;
+
+ $blogid = getBlogIDFromCatID($catid);
+
+ // no team rights for blog -> NOK
+ if (!$this->teamRights($blogid)) return 0;
+
+ // all other cases: OK
+ return 1;
}
/**
. ' FROM '.sql_table('comment') .', '.sql_table('item').', '.sql_table('blog')
. ' WHERE citem=inumber and iblog=bnumber and cnumber=' . intval($commentid);
$res = sql_query($query);
- $obj = mysql_fetch_object($res);
+ $obj = sql_fetch_object($res);
return ($obj->cauthor == $this->getID()) or $this->isBlogAdmin($obj->blogid) or ($obj->iauthor == $this->getID());
}
$query = 'SELECT iblog, iauthor FROM '.sql_table('item').' WHERE inumber=' . intval($itemid);
$res = sql_query($query);
- $obj = mysql_fetch_object($res);
+ $obj = sql_fetch_object($res);
return ($obj->iauthor == $this->getID()) or $this->isBlogAdmin($obj->iblog);
}
/**
+ * Return true if member can be deleted. This means that there are no items
+ * posted by the member left
+ */
+ function canBeDeleted() {
+ $res = sql_query('SELECT * FROM '.sql_table('item').' WHERE iauthor=' . $this->getID());
+ return (sql_num_rows($res) == 0);
+ }
+
+ /**
* returns true if this member can move/update an item to a given category,
* false if not (see comments fot the tests that are executed)
*
}
- function canAddItem($catid) {
- global $manager;
-
- // if this is a 'newcat' style newcat
- // no blog admin of destination blog -> NOK
- // blog admin of destination blog -> OK
- if (strstr($catid,'newcat')) {
- // get blogid
- list($blogid) = sscanf($catid,"newcat-%d");
- return $this->blogAdminRights($blogid);
- }
-
- // category does not exist -> NOK
- if (!$manager->existsCategory($catid)) return 0;
-
- $blogid = getBlogIDFromCatID($catid);
-
- // no team rights for blog -> NOK
- if (!$this->teamRights($blogid)) return 0;
-
- // all other cases: OK
- return 1;
- }
-
- /**
- * Return true if member can be deleted. This means that there are no items
- * posted by the member left
- */
- function canBeDeleted() {
- $res = sql_query('SELECT * FROM '.sql_table('item').' WHERE iauthor=' . $this->getID());
- return (mysql_num_rows($res) == 0);
- }
-
/**
* Sets the cookies for the member
*
$query = 'SELECT tblog as blogid from '.sql_table('team').' where tadmin=1 and tmember=' . $this->getID();
$res = sql_query($query);
- if (mysql_num_rows($res) > 0) {
- while ($obj = mysql_fetch_object($res)) {
+ if (sql_num_rows($res) > 0) {
+ while ($obj = sql_fetch_object($res)) {
+ array_push($blogs, $obj->blogid);
+ }
+ }
+
+ return $blogs;
+ }
+
+ /**
+ * Returns an array of all blogids for which member has team rights
+ */
+ function getTeamBlogs($incAdmin = 1) {
+ $incAdmin = intval($incAdmin);
+ $blogs = array();
+
+ if ($this->isAdmin() && $incAdmin)
+ $query = 'SELECT bnumber as blogid from '.sql_table('blog');
+ else
+ $query = 'SELECT tblog as blogid from '.sql_table('team').' where tmember=' . $this->getID();
+
+ $res = sql_query($query);
+ if (sql_num_rows($res) > 0) {
+ while ($obj = sql_fetch_object($res)) {
array_push($blogs, $obj->blogid);
}
}
. " madmin=" . $this->isAdmin() . ","
. " mnotes='" . addslashes($this->getNotes()) . "',"
. " mcanlogin=" . $this->canLogin() . ","
- . " deflang='" . addslashes($this->getLanguage()) . "'"
+ . " deflang='" . addslashes($this->getLanguage()) . "',"
+ . " mautosave=" . intval($this->getAutosave()) . ""
. " WHERE mnumber=" . $this->getID();
sql_query($query);
}
- function checkPassword($pw) {
- return (md5($pw) == $this->getPassword());
- }
-
function checkCookieKey($key) {
return (($key != '') && ($key == $this->getCookieKey()));
}
+ function checkPassword($pw) {
+ return (md5($pw) == $this->getPassword());
+ }
+
function getRealName() {
return $this->realname;
}
$this->notes = $val;
}
+ function getAutosave() {
+ return $this->autosave;
+ }
+
+ function setAutosave($val) {
+ $this->autosave = $val;
+ }
+
function getID() {
return $this->id;
}
- // returns true if there is a member with the given login name (static)
+ /**
+ * Returns true if there is a member with the given login name
+ *
+ * @static
+ */
function exists($name) {
$r = sql_query('select * FROM '.sql_table('member')." WHERE mname='".addslashes($name)."'");
- return (mysql_num_rows($r) != 0);
+ return (sql_num_rows($r) != 0);
}
- // returns true if there is a member with the given ID (static)
+ /**
+ * Returns true if there is a member with the given ID
+ *
+ * @static
+ */
function existsID($id) {
$r = sql_query('select * FROM '.sql_table('member')." WHERE mnumber='".intval($id)."'");
- return (mysql_num_rows($r) != 0);
+ return (sql_num_rows($r) != 0);
}
- // checks if a username is protected. If so, it can not be used on anonymous comments
+ /**
+ * Checks if a username is protected.
+ * If so, it can not be used on anonymous comments
+ */
function isNameProtected($name) {
// extract name
return MEMBER::exists($name);
}
- // adds a new member (static)
+ /**
+ * Adds a new member
+ *
+ * @static
+ */
function create($name, $realname, $password, $email, $url, $admin, $canlogin, $notes) {
if (!isValidMailAddress($email))
return _ERROR_BADMAILADDRESS;
$canlogin = intval($canlogin);
$notes = addslashes($notes);
+ if (($admin) && !($canlogin)) {return _ERROR;}
+
$query = 'INSERT INTO '.sql_table('member')." (MNAME,MREALNAME,MPASSWORD,MEMAIL,MURL, MADMIN, MCANLOGIN, MNOTES) "
. "VALUES ('$name','$realname','$password','$email','$url',$admin, $canlogin, '$notes')";
sql_query($query);
$query = 'SELECT * FROM ' . sql_table('activation') . ' WHERE vkey=\'' . addslashes($key). '\'';
$res = sql_query($query);
- if (!$res || (mysql_num_rows($res) == 0))
+ if (!$res || (sql_num_rows($res) == 0))
return 0;
else
- return mysql_fetch_object($res);
+ return sql_fetch_object($res);
}
/**
*/
function cleanupActivationTable()
{
- $boundary = time() - (60 * 60 * 24 * 2);
+ $actdays = 2;
+ if (isset($CONF['ActivationDays']) && intval($CONF['ActivationDays']) > 0) {
+ $actdays = intval($CONF['ActivationDays']);
+ }
+ $boundary = time() - (60 * 60 * 24 * $actdays);
// 1. walk over all entries, and see if special actions need to be performed
$res = sql_query('SELECT * FROM ' . sql_table('activation') . ' WHERE vtime < \'' . date('Y-m-d H:i:s',$boundary) . '\'');
- while ($o = mysql_fetch_object($res))
+ while ($o = sql_fetch_object($res))
{
switch ($o->vtype)
{
}
-?>
+?>
\ No newline at end of file