<?php
require_once('common.inc.php');
require_once('/srv/http/phpmailer/class.phpmailer.php');
const USERNAME_LEN_MIN = 5;
const USERNAME_LEN_MAX = 20;
const PASSWORD_LEN_MIN = 5;
const PASSWORD_LEN_MAX = 32;
const NICKNAME_LEN_MIN = 1;
const NICKNAME_LEN_MAX = 32;
const EMAIL_LEN_MAX = 100;
const USER_PER_USER = 0x00000001;
const USER_PER_PROCREATOR = 0x00000002;
const USER_PER_PROADMIN = 0x00000004;
const USER_LEVEL_USER = 0x00000001;
const USER_LEVEL_PROCREATOR = 0x00000003;
const USER_LEVEL_PROADMIN = 0x00000007;
const USER_LEVEL_ADMIN = 0x0000ffff;
const USER_LEVEL_SUPERADMIN = 0xffffffff;
class user
{
public $uid;
public $username;
public $password;
public $nickname;
public $aboutme;
public $avatar;
public $level;
public $email;
public static function get_from_uid($sqlc, $uid)
{
//return user object of specified uid. False if user doesn't exists.
$result = pg_query_params($sqlc, 'SELECT * FROM "user" WHERE "uid"=$1 LIMIT 1;', array(intval($uid))) or die ("Eerror_get_user");
$ret = pg_fetch_object($result, null, 'user');
pg_free_result($result);
if(!$ret)
return false;
$ret->uid = intval($ret->uid);
$ret->level = intval($ret->level);
return $ret;
}
public static function get_from_username($sqlc, $username)
{
//return user object of specified username. False if user doesn't exists.
$result = pg_query_params($sqlc, 'SELECT * FROM "user" WHERE "username"=$1 LIMIT 1;', array($username));
$ret = pg_fetch_object($result, null, 'user');
pg_free_result($result);
if(!$ret)
return false;
$ret->uid = intval($ret->uid);
$ret->level = intval($ret->level);
return $ret;
}
public static function add($sqlc, $user)
{
//add user to database , with $user the user data object
//return inserted user object. False if failed.
//Assume the insertion is valid!!
//requires member: string username, string nickname, string password, stirng aboutme, string avatar, string email
$sqlstr = 'INSERT INTO "user" ("username", "nickname", "password", "aboutme", "avatar", "email") VALUES ($1, $2, $3, $4, $5, $6) RETURNING *;';
$sqlarr = array($user->username, $user->nickname, $user->password, '', '', $user->email);
$sqlr = pg_query_params($sqlc, $sqlstr, $sqlarr);
if(!$sqlr)return false;
//$sqlr = pg_query($sqlc, 'SELECT SCOPE_IDENTITY();');
$obj = pg_fetch_object($sqlr, null, 'user');
pg_free_result($sqlr);
if($obj)$obj->uid = intval($obj->uid);
return $obj;
}
public static function update($sqlc, $user)
{
//update user data into database, with $user the user data object
//return updated object. False if failed.
//Assume the update is valid!!
//requires member: string nickname, string password, string aboutme, string avatar, string email, int uid
$sqlstr = 'UPDATE "user" SET "nickname"=$1, "password"=$2, "aboutme"=$3, "avatar"=$4, "email"=$5 WHERE "uid"=$6 RETURNING *;';
$sqlarr = array($user->nickname, $user->password, $user->aboutme, $user->avatar, $user->email, intval($user->uid));
$sqlr = pg_query_params($sqlc, $sqlstr, $sqlarr);
if(!$sqlr)return false;
$obj = pg_fetch_object($sqlr, null, 'user');
pg_free_result($sqlr);
if($obj)$obj->uid = intval($obj->uid);
return $obj;
}
/*public static function update_property($sqlc, $user)
{
//update property of given user.
//return updated object. False if failed.
//Assume the update is valid!!
//requires member: int[] property, int uid;
$sqlstr = 'UPDATE "user" SET "property"=$1 WHERE "uid"=$2 RETURNING *;';
$sqlarr = array($user->property, intval($user->uid));
$sqlr = pg_query_params($sqlc, $sqlstr, $sqlarr);
if(!$sqlr)return false;
$obj = pg_fetch_object($sqlr, null, 'user');
pg_free_result($sqlr);
if($obj)$obj->uid = intval($obj->uid);
return $obj;
}*/
public static function get_username($sqlc, $uid)
{
//return username of given uid. False if not found.
$sqlstr = 'SELECT "username" FROM "user" WHERE "uid"=$1 LIMIT 1;';
$sqlarr = array(intval($uid));
$sqlr = pg_query_params($sqlc, $sqlstr, $sqlarr);
$ret = pg_fetch_result($sqlr, 0);
pg_free_result($sqlr);
return $ret;
}
public static function get_nickname($sqlc, $uid)
{
//return nickname of given uid. False if not found.
$sqlstr = 'SELECT "nickname" FROM "user" WHERE "uid"=$1 LIMIT 1;';
$sqlarr = array(intval($uid));
$sqlr = pg_query_params($sqlc, $sqlstr, $sqlarr);
$ret = pg_fetch_result($sqlr, 0);
pg_free_result($sqlr);
return $ret;
}
public static function reset_password($sqlc, $uid)
{
//reset password for given uid. False if not found.
$user = user::get_from_uid($sqlc, $uid);
if(!$user)return false;
$email = $user->email;
if(!$email)return false;
$passlen = 8;
$newpass = '';
for($i = 0; $i < $passlen; $i++)
{
$v = rand()%62;
$c = null;
if($v<10)$c = chr(48 + $v);
else if($v<36)$c = chr(65 + $v - 10);
else $c = chr(97 + $v - 36);
$newpass = $newpass.$c;
}
echo($newpass.'<br>');
//email
$cmail = new PHPMailer();
$cmail->IsSMTP();
$cmail->SMTPAuth = true;
$cmail->SMTPSecure = 'SSL';
$cmail->Host = 'ssl://'.SMTP_HOST;
$cmail->Port = 465;
$cmail->Username = SMTP_USER;
$cmail->Password = SMTP_PASS;
$cmail->From = 'sprout@csie.ntu.edu.tw';
$cmail->FromName = 'Taiwan Online Judge';
$cmail->AddAddress($email, $user->nickname);
$cmail->WordWrap = 70;
$cmail->Subject = 'TOJ Password Reset Notice';
$cmail->IsHTML = true;
$cmail->Body = 'Hi '.$user->nickname.' ('.$user->username.') , your new password is '.$newpass.' .';
if(!$cmail->Send())
{
echo($cmail->ErrorInfo.'<br>');
return false;
}
return true;
$user->password = hash('sha512', $newpass);
$nuser = user::update($sqlc, $user);
if(!$nuser)return false;
return true;
}
}
function sec_check_level($sqlc, $lv, $uid = null)
{
$uidnull = false;
if($uid == null)
{
$uid = intval($_COOKIE['uid']);
$uidnull = true;
}
if($uidnull && !sec_is_login())
return false;
$user = user::get_from_uid($sqlc, $uid);
return (($user->level & $lv) == $lv);
}
?>
