//////////////////////////////////////////////////////////////////////////////////////// // Class : user.class.php // Purpose : Creates a user object containing informtion about current user // Author : Gavin Taylor // Copyright : gavtaylor.co.uk // Version : 1.0 // // Version History // 1.0 - 29/03/09 - process_login_state(), load_user_details(), added sessioncheck() // /////////////////////////////////////////////////////////////////////////////////////// class user { public $error; public $session_id; public $login_state; public $ip_address; public $useragent; public $access_level; public $id; public $username; public $password; public $email; public $firstname; public $lastname; public $address_street; public $address_district; public $address_city; public $address_county; public $address_postcode; public $address_country; public $address_phone; public $address_mobile; public $active; public $registered; public $last_login; /* class constructor ------------------------------------------------- */ function __construct($user_id = 0) { //start the session if needed if(!isset($_SESSION)) { session_start(); } //populate default variables $this->session_id = session_id(); $this->login_state = FALSE; $this->ip_address = $_SERVER['REMOTE_ADDR']; $this->useragent = $_SERVER['HTTP_USER_AGENT']; $this->access_level = "public"; //determine login state $this->process_login_state(); if($user_id>0) { $this->id = $user_id; $this->load(); } return TRUE; } /* public functions -------------------------------------------------- */ //load user object public function load() { $result = mysql_query("SELECT * FROM user WHERE user_active = 'yes' and user_id = '".mysql_real_escape_string($this->id)."' LIMIT 1"); if(mysql_numrows($result)>0) { $row = mysql_fetch_assoc($result); foreach($row as $key => $value) { $this->{str_replace('user_','',$key)} = $value; } } } //checks if user is logged in or not public function sessioncheck() { //check if session is empty, if it is check for auto login cookie if(empty($_SESSION['user_username']) or empty($_SESSION['user_password'])) { if(isset($HTTP_COOKIE_VARS["user_username"]) and isset($HTTP_COOKIE_VARS["user_password"])) { $_SESSION['user_username'] = $HTTP_COOKIE_VARS["user_username"]; $_SESSION['user_password'] = $HTTP_COOKIE_VARS["user_password"]; return TRUE; } else { // session is empty and cookie does not exist so user is not logged in return FALSE; } } else { // user session vaiables are present so user is logged in return TRUE; } } //check the database to be sure user is valid public function is_valid_user() { //check required variables if(empty($this->username)) { $this->error[] = "You have not entered your username"; return FALSE; } if(empty($this->password)) { $this->error[] = "You have not entered your password"; return FALSE; } $result = mysql_query("SELECT user_id FROM user WHERE user_username = '".mysql_real_escape_string($this->username)."' AND user_password = '".mysql_real_escape_string($this->password)."'", DB_LINK); if($result and mysql_numrows($result)>0) { if(empty($this->user_id)) { $this->user_id = mysql_result($result, 0); } return TRUE; } $this->error[] = "Your login details were not found in our system"; return FALSE; } //populate class vaiables with user data public function load_user_details() { //check databse for valid user if($this->is_valid_user()) { //load user details $result = mysql_query("SELECT * FROM user WHERE user_username = '".mysql_real_escape_string($this->username)."' AND user_password = '".mysql_real_escape_string($this->password)."'", DB_LINK); if($result and mysql_numrows($result)>0) { $row = mysql_fetch_assoc($result); if($row['user_active'] == 'yes') { $this->login_state = TRUE; $this->access_level = $row['user_access']; $this->id = $row['user_id']; $this->email = $row['user_email']; $this->firstname = $row['user_firstname']; $this->lastname = $row['user_lastname']; $this->address_street = $row['']; $this->address_district = $row['']; $this->address_city = $row['']; $this->address_county = $row['']; $this->address_postcode = $row['']; $this->address_country = $row['']; $this->address_phone = $row['']; $this->address_mobile = $row['']; $this->active = $row['user_active']; $this->registered = $row['user_registered']; $this->last_login = $row['user_last_login']; return TRUE; } else { $this->error[] = "Your account is not currently active, please contact us to activate it"; } } else { $this->error[] = "Unable to load user data"; } } return FALSE; } //destroy session data and any cookies to logout the user -- move to login class ************** public function logout() { //set cookies to 1 hour ago to trigger browser to auto delete setcookie("user_username",$_SESSION['user_username'], time()-604800, '/'); setcookie("user_password",$_SESSION['user_password'], time()-604800, '/'); //destroy the current session session_destroy(); return TRUE; } /* public static functions ------------------------------------------------- */ //update a users password with new hash public static function update_password($user_id, $password) { $result = mysql_query("UPDATE user SET user_password = '".mysql_real_escape_string(user::hash_password($password))."' WHERE user_id = '".mysql_real_escape_string($user_id)."'", DB_LINK); if($result) { return TRUE; } else { return FALSE; } } //get user id from email address public static function id_from_email($email_address) { $result = mysql_query("SELECT user_id FROM user WHERE user_email = '".mysql_real_escape_string($email_address)."' AND user_active = 'yes'", DB_LINK); if($result and mysql_numrows($result)>0) { return mysql_result($result, 0); } else { return FALSE; } } //returns a string encrypted via the currently set hash public static function hash_password($password) { return md5($password); } /* private functions ------------------------------------------------- */ //determine users login state and populate appropriate fields private function process_login_state() { if($this->sessioncheck()) { //load user details $this->username = $_SESSION['user_username']; $this->password = $_SESSION['user_password']; if($this->load_user_details()) { //user is logged in so update status flag $this->login_state = TRUE; } } else { //user is logged out } return TRUE; } }