https://src.bluestatic.org / bugdar.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fix DB_MySQL_PDO::escape_binary().
[bugdar.git] / includes / api_user.php
1 <?php
2 /*=====================================================================*\
3 || ###################################################################
4 || # Bugdar
5 || # Copyright (c)2002-2007 Blue Static
6 || #
7 || # This program is free software; you can redistribute it and/or modify
8 || # it under the terms of the GNU General Public License as published by
9 || # the Free Software Foundation; version 2 of the License.
10 || #
11 || # This program is distributed in the hope that it will be useful, but
12 || # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 || # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 || # more details.
15 || #
16 || # You should have received a copy of the GNU General Public License along
17 || # with this program; if not, write to the Free Software Foundation, Inc.,
18 || # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
19 || ###################################################################
20 \*=====================================================================*/
21
22 $GLOBALS['isso:callback']->load('api', null);
23
24 require_once('./includes/functions_datastore.php');
25 require_once('./includes/class_sort.php');
26
27 /**
28 * API: User
29 *
30 * @author Blue Static
31 * @copyright Copyright (c)2002 - 2007, Blue Static
32 * @version $Revision$
33 * @package Bugdar
34 *
35 */
36 class UserAPI extends API
37 {
38 /**
39 * Database fields
40 * @var array
41 * @access private
42 */
43 var $fields = array(
44 'userid' => array(TYPE_UINT, REQ_AUTO, 'verify_nozero'),
45 'email' => array(TYPE_STR, REQ_YES, ':self'),
46 'displayname' => array(TYPE_STR, REQ_YES, ':self'),
47 'usergroupid' => array(TYPE_UINT, REQ_YES, ':self'),
48 'groupids' => array(TYPE_STR, REQ_NO, ':self'),
49 'password' => array(TYPE_STR, REQ_YES),
50 'salt' => array(TYPE_STR, REQ_SET),
51 'authkey' => array(TYPE_STR, REQ_SET),
52 'showemail' => array(TYPE_BOOL, REQ_NO),
53 'showcolors' => array(TYPE_BOOL, REQ_NO),
54 'languageid' => array(TYPE_UINT, REQ_NO),
55 'timezone' => array(TYPE_FLOAT,REQ_NO),
56 'usedst' => array(TYPE_BOOL, REQ_NO),
57 'hidestatuses' => array(TYPE_STR, REQ_NO, ':self'),
58 'defaultsortkey' => array(TYPE_STR, REQ_NO, ':self'),
59 'defaultsortas' => array(TYPE_STR, REQ_NO, ':self'),
60 'columnoptions' => array(TYPE_STR, REQ_NO, ':self'),
61 'authid' => array(TYPE_STR, REQ_NO)
62 );
63
64 /**
65 * Database table
66 * @var string
67 * @access private
68 */
69 var $table = 'user';
70
71 /**
72 * Table prefix
73 * @var string
74 * @access private
75 */
76 var $prefix = TABLE_PREFIX;
77
78 // ###################################################################
79 /**
80 * Set field: salt
81 *
82 * @access private
83 */
84 function set_salt()
85 {
86 $this->set('salt', $this->registry->funct->rand(array(1, 15)));
87 }
88
89 // ###################################################################
90 /**
91 * Set field: authkey
92 *
93 * @access private
94 */
95 function set_authkey()
96 {
97 $this->set('authkey', $this->registry->funct->rand());
98 }
99
100 // ###################################################################
101 /**
102 * Pre-insert
103 *
104 * @access private
105 */
106 function pre_insert()
107 {
108 $this->set('password', md5(md5($this->values['password']) . md5($this->values['salt'])));
109 }
110
111 // ###################################################################
112 /**
113 * Post-insert
114 *
115 * @access protected
116 */
117 function post_insert()
118 {
119 $this->registry->db->query("
120 INSERT INTO " . TABLE_PREFIX . "useremail
121 (userid, mask, relation)
122 VALUES
123 (" . $this->insertid . ", 32, 0),
124 (" . $this->insertid . ", 320, 1),
125 (" . $this->insertid . ", 1984, 2),
126 (" . $this->insertid . ", 64, 4),
127 (" . $this->insertid . ", 64, 8),
128 (" . $this->insertid . ", 256, 16
129 )
130 ");
131 build_assignedto();
132 }
133
134 // ###################################################################
135 /**
136 * Verify: email
137 *
138 * @access private
139 */
140 function verify_email()
141 {
142 if (!is_bool($ne = $this->verify_noempty('email')))
143 {
144 return $ne;
145 }
146
147 if (!$this->registry->funct->is_valid_email($this->values['email']))
148 {
149 return T('The specified email is invalid.');
150 }
151 if ($this->registry->db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE email = '" . $this->registry->db->escape_string($this->values['email']) . "' AND userid <> " . $this->registry->clean($this->values['userid'], TYPE_UINT)))
152 {
153 return T('The specified email is already in use.');
154 }
155 return true;
156 }
157
158 // ###################################################################
159 /**
160 * Verify: displayname
161 *
162 * @access private
163 */
164 function verify_displayname()
165 {
166 if (!is_bool($ne = $this->verify_noempty('displayname')))
167 {
168 return $ne;
169 }
170
171 if ($this->registry->db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE displayname = '" . $this->registry->db->escape_string($this->values['displayname']) . "' AND userid <> " . $this->registry->clean($this->values['userid'], TYPE_UINT)))
172 {
173 return T('That display name is already in use by another user.');
174 }
175 return true;
176 }
177
178 // ###################################################################
179 /**
180 * Verify: usergroupid
181 *
182 * @access private
183 */
184 function verify_usergroupid()
185 {
186 if (!isset(bugdar::$datastore['usergroup'][ $this->values['usergroupid'] ]))
187 {
188 return false;
189 }
190 return true;
191 }
192
193 // ###################################################################
194 /**
195 * Verify: groupids
196 *
197 * @access private
198 */
199 function verify_groupids()
200 {
201 $groups = $this->values['groupids'];
202 if (!is_array($groups))
203 {
204 $groups = explode(',', $this->values['groupids']);
205 }
206 $groups = $this->registry->funct->array_strip_empty($groups);
207
208 foreach ($groups AS $group)
209 {
210 if (!isset(bugdar::$datastore['usergroup']["$group"]))
211 {
212 return false;
213 }
214 }
215
216 $this->values['groupids'] = implode(',', $groups);
217
218 return true;
219 }
220
221 // ###################################################################
222 /**
223 * Pre-update
224 *
225 * @access private
226 */
227 function pre_update()
228 {
229 $this->set_condition();
230 $this->fetch();
231
232 if ($this->values['password'] == '')
233 {
234 $this->set('password', $this->objdata['password']);
235 }
236 else
237 {
238 $this->registry->debug("updating password = true");
239 $this->set('password', md5(md5($this->values['password']) . md5($this->objdata['salt'])));
240 }
241 }
242
243 // ###################################################################
244 /**
245 * Post-update
246 *
247 * @access protected
248 */
249 function post_update()
250 {
251 if (isset($this->values['displayname']))
252 {
253 $username = $this->registry->escape($this->values['displayname']);
254 $id = $this->values['userid'];
255
256 $this->registry->db->query("UPDATE " . TABLE_PREFIX . "bug SET username = '$username' WHERE userid = $id");
257 $this->registry->db->query("UPDATE " . TABLE_PREFIX . "bug SET lastpostbyname = '$username' WHERE lastpostby = $id");
258 $this->registry->db->query("UPDATE " . TABLE_PREFIX . "bug SET hiddenlastpostbyname = '$username' WHERE hiddenlastpostby = $id");
259 }
260
261 if (isset($this->values['displayname']) OR isset($this->values['email']))
262 {
263 build_assignedto();
264 }
265 }
266
267 // ###################################################################
268 /**
269 * Pre-delete
270 *
271 * @access protected
272 */
273 function pre_delete()
274 {
275 if ($this->values['userid'] == $this->registry->userinfo['userid'])
276 {
277 $this->error(T('You cannot delete your own account!'));
278 }
279
280 if ($this->values['usergroupid'] == 6)
281 {
282 $count = $this->registry->db->query_first("SELECT COUNT(*) AS count FROM " . TABLE_PREFIX . "user WHERE usergroupid = 6 AND userid <> " . $this->values['userid']);
283 if ($count['count'] < 1)
284 {
285 $this->error(T('At least one other administrator needs to be present before you can delete this user'));
286 }
287 }
288 }
289
290 // ###################################################################
291 /**
292 * Post-delete
293 *
294 * @access protected
295 */
296 function post_delete()
297 {
298 $this->registry->db->query("DELETE FROM " . TABLE_PREFIX . "user WHERE userid = " . $this->values['userid']);
299 $this->registry->db->query("DELETE FROM " . TABLE_PREFIX . "favorite WHERE userid = " . $this->values['userid']);
300 $this->registry->db->query("DELETE FROM " . TABLE_PREFIX . "useractivation WHERE userid = " . $this->values['userid']);
301 $this->registry->db->query("DELETE FROM " . TABLE_PREFIX . "useremail WHERE userid = " . $this->values['userid']);
302 $this->registry->db->query("DELETE FROM " . TABLE_PREFIX . "search WHERE userid = " . $this->values['userid']);
303
304 build_assignedto();
305 }
306
307 // ###################################################################
308 /**
309 * Verify: hidestatuses
310 *
311 * @access private
312 */
313 function verify_hidestatuses()
314 {
315 if (is_array($this->values['hidestatuses']))
316 {
317 $this->set('hidestatuses', implode(',', $this->values['hidestatuses']));
318 }
319
320 return true;
321 }
322
323 // ###################################################################
324 /**
325 * Verify: defaultsortkey
326 *
327 * @access private
328 */
329 function verify_defaultsortkey()
330 {
331 if (!ListSorter::fetch_by_text($this->values['defaultsortkey']))
332 {
333 return false;
334 }
335
336 return true;
337 }
338
339 // ###################################################################
340 /**
341 * Verify: defaultsortas
342 *
343 * @access private
344 */
345 function verify_defaultsortas()
346 {
347 if (!ListSorter::fetch_as_text($this->values['defaultsortas']))
348 {
349 return false;
350 }
351
352 return true;
353 }
354
355 // ###################################################################
356 /**
357 * Verify: columnoptions
358 *
359 * @access private
360 */
361 function verify_columnoptions()
362 {
363 if (is_array($this->values['columnoptions']))
364 {
365 $this->set('columnoptions', serialize($this->values['columnoptions']));
366 }
367 return true;
368 }
369 }
370
Open-source PHP-MySQL bug tracking system that has customizable CSS/XHTML templates, email notifications, Atom syndication, internationalization support, and a very simple setup.