users.php 4.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168
  1. <?php
  2. require_once(dirname(dirname(__FILE__))."/header.php");
  3. function add_email($id,$email){
  4. if(!in_array($email,get_emails($id))){
  5. $res=query("INSERT INTO emails (user_id,email) VALUES (%d,'%s')",array($id,$email));
  6. if(!$res){
  7. return false;
  8. }
  9. }
  10. return true;
  11. }
  12. function remove_email($user_id,$email,$is_id=false){
  13. if($is_id){
  14. if($res = query("DELETE FROM emails WHERE user_id = %d AND id = %d",array($user_id,$email))){
  15. return true;
  16. }
  17. }else{
  18. if($res = query("DELETE FROM emails WHERE user_id = %d AND email = '%s'",array($user_id,$email))){
  19. return true;
  20. }
  21. }
  22. return false;
  23. }
  24. function get_emails($id,$include_ids=false){
  25. $emails = array();
  26. if($res = query("SELECT e.email,e.id FROM emails e WHERE e.user_id = %d",array($id))){
  27. while($email = $res->fetch_assoc()){
  28. if($include_ids){
  29. array_push($emails,$email);
  30. }else{
  31. array_push($emails,$email['email']);
  32. }
  33. }
  34. }
  35. return $emails;
  36. }
  37. function get_user_types($id){
  38. $types = array();
  39. if($res = query("SELECT t.name FROM user_roles r JOIN user_role_types t ON t.id = r.user_role_id WHERE r.user_id = %d GROUP BY r.user_role_id",array($id))){
  40. while($type = $res->fetch_assoc()){
  41. array_push($types,$type['name']);
  42. }
  43. }
  44. array_push($types,'user');
  45. return $types;
  46. }
  47. function get_user_for_email($email){
  48. if($res = query("SELECT u.id FROM users u JOIN emails e ON e.user_id = u.id WHERE lower(e.email) = '%s'",Array($email))){
  49. if($res->num_rows == 1){
  50. $res = $res->fetch_assoc();
  51. return get_user_from_id_obj($res['id']);
  52. }
  53. }
  54. return false;
  55. }
  56. function get_current_user_obj($type){
  57. $user = get_user_obj($_GET['user'],$type);
  58. if($user && $user['api_key'] == $_GET['key']){
  59. return $user;
  60. }
  61. return false;
  62. }
  63. function get_user_obj($nick,$type){
  64. if($type == 'user' && isset($_SESSION['key']) && isset($_SESSION['password'])){
  65. $user = Array(
  66. 'api_key'=>$_SESSION['key'],
  67. 'nick'=>$nick,
  68. 'password'=>$_SESSION['password'],
  69. 'flags'=>'u',
  70. 'id'=>'0',
  71. 'email'=>$_SESSION['email'],
  72. 'real_name'=>$_SESSION['real_name']
  73. );
  74. if($res = query("SELECT u.api_key,u.id,u.nick,u.real_name,u.email,u.password FROM users u WHERE lower(u.nick) = lower('%s')",Array($nick))){
  75. if($res->num_rows == 1){
  76. $res = $res->fetch_assoc();
  77. foreach($res as $k => $attr){
  78. if($k !== 'flags'){
  79. $user[$k] = $attr;
  80. }
  81. }
  82. $user['salt'] = substr($user['password'],1,strpos($user['password'],'$',1)-1);
  83. }
  84. }
  85. return $user;
  86. }else{
  87. $user = query("SELECT u.api_key,u.id,u.nick,u.real_name,u.email,u.password,t.name AS type,t.flags AS flags,u.secret_key FROM ircd.users u JOIN ircd.user_roles r ON u.id = r.user_id JOIN ircd.user_role_types t ON r.user_role_id = t.id WHERE u.nick = '%s' AND t.name = '%s';",Array($nick,$type));
  88. if($user && $user->num_rows == 1){
  89. $user = $user->fetch_assoc();
  90. $user['salt'] = substr($user['password'],1,strpos($user['password'],'$',1)-1);
  91. return $user;
  92. }
  93. }
  94. return false;
  95. }
  96. function get_user_nick($id){
  97. $user = get_user_from_id_obj($id);
  98. return $user['nick'];
  99. }
  100. function get_user_from_id_obj($id){
  101. if($id === 0 && isset($_SESSION['key']) && isset($_SESSION['password'])){
  102. $user = Array(
  103. 'api_key'=>$_SESSION['key'],
  104. 'nick'=>$_COOKIE['username'],
  105. 'password'=>$_SESSION['password'],
  106. 'flags'=>'u',
  107. 'id'=>'0',
  108. 'email'=>$_SESSION['email'],
  109. 'real_name'=>$_SESSION['real_name']
  110. );
  111. if($res = query("SELECT u.api_key,u.id,u.nick,u.real_name,u.email,u.password FROM users u WHERE lower(u.nick) = lower('%s')",Array($nick))){
  112. if($res->num_rows == 1){
  113. $res = $res->fetch_assoc();
  114. foreach($res as $k => $attr){
  115. if($k !== 'flags'){
  116. $user[$k] = $attr;
  117. }
  118. }
  119. $user['salt'] = substr($user['password'],1,strpos($user['password'],'$',1)-1);
  120. }
  121. }
  122. return $user;
  123. }else{
  124. $user = query("SELECT u.api_key,u.id,u.nick,u.real_name,u.email,u.password,u.secret_key FROM ircd.users u where id = %d;",Array($id));
  125. if($user && $user->num_rows == 1){
  126. $user = $user->fetch_assoc();
  127. $user['salt'] = substr($user['password'],1,strpos($user['password'],'$',1)-1);
  128. return $user;
  129. }
  130. }
  131. return false;
  132. }
  133. function get_user_html($user){
  134. return get_form_html('user-form-'.$user['id'],Array(
  135. Array(
  136. 'name'=>'real_name',
  137. 'label'=>'Real Name',
  138. 'type'=>'text',
  139. 'value'=>$user['real_name']
  140. ),
  141. Array(
  142. 'name'=>'nick',
  143. 'label'=>'Nick',
  144. 'type'=>'text',
  145. 'value'=>$user['nick']
  146. ),
  147. Array(
  148. 'name'=>'email',
  149. 'label'=>'Email',
  150. 'type'=>'text',
  151. 'value'=>$user['email']
  152. ),
  153. Array(
  154. 'name'=>'id',
  155. 'type'=>'hidden',
  156. 'value'=>$user['id']
  157. ),
  158. Array(
  159. 'name'=>'action',
  160. 'type'=>'hidden',
  161. 'value'=>'user'
  162. )
  163. ),'Save');
  164. }
  165. function has_flag($user,$flag){
  166. return strpos($user['flags'],$flag)!==false;
  167. }
  168. ?>