aboutsummaryrefslogblamecommitdiffstats
path: root/toj/php/user.inc.php
blob: 46205d737cd48ac1bff840d63b3207554897d310 (plain) (tree)






























































































































































                                                                                                                                                       
                                





















                                                                                                            
                                             



                         






                                                   


















































                                                                                                                                                                                
















                                                 
<?php

require_once('common.inc.php');
require_once('/srv/http/phpmailer/class.phpmailer.php');

const USERNAME_LEN_MIN = 5;
const USERNAME_LEN_MAX = 20;
const PASSWORD_LEN_MIN = 5;
const PASSWORD_LEN_MAX = 32;
const NICKNAME_LEN_MIN = 1;
const NICKNAME_LEN_MAX = 32;
const EMAIL_LEN_MAX = 100;

const USER_PER_USER             = 0x00000001;
const USER_PER_PROCREATOR       = 0x00000002;
const USER_PER_PROADMIN         = 0x00000004;

const USER_LEVEL_USER           = 0x00000001;
const USER_LEVEL_PROCREATOR     = 0x00000003;
const USER_LEVEL_PROADMIN       = 0x00000007;
const USER_LEVEL_ADMIN          = 0x0000ffff;
const USER_LEVEL_SUPERADMIN     = 0xffffffff;

class user
{
    public $uid;
    public $username;
    public $password;
    public $nickname;
    public $aboutme;
    public $avatar;
    public $level;
    public $email;
      
    public static function get_from_uid($sqlc, $uid)
    {
        //return user object of specified uid. False if user doesn't exists.

        $result = pg_query_params($sqlc, 'SELECT * FROM "user" WHERE "uid"=$1 LIMIT 1;', array(intval($uid))) or die ("Eerror_get_user");
        $ret =  pg_fetch_object($result, null, 'user');
        pg_free_result($result);
        if(!$ret)
            return false;
        $ret->uid = intval($ret->uid);
        $ret->level = intval($ret->level);
        return $ret;
    }

    public static function get_from_username($sqlc, $username)
    {
        //return user object of specified username. False if user doesn't exists.

        $result = pg_query_params($sqlc, 'SELECT * FROM "user" WHERE "username"=$1 LIMIT 1;', array($username));
        $ret = pg_fetch_object($result, null, 'user');
        pg_free_result($result);
        if(!$ret)
            return false;
        $ret->uid = intval($ret->uid);
        $ret->level = intval($ret->level);

        return $ret;
    }

    public static function add($sqlc, $user)
    {
        //add user to database , with $user the user data object
        //return inserted user object. False if failed.
        //Assume the insertion is valid!!
        //requires member: string username, string nickname, string password, stirng aboutme, string avatar, string email

        $sqlstr = 'INSERT INTO "user" ("username", "nickname", "password", "aboutme", "avatar", "email") VALUES ($1, $2, $3, $4, $5, $6) RETURNING *;';
        $sqlarr = array($user->username, $user->nickname, $user->password, '', '', $user->email);
        $sqlr = pg_query_params($sqlc, $sqlstr, $sqlarr);
        if(!$sqlr)return false;
        //$sqlr = pg_query($sqlc, 'SELECT SCOPE_IDENTITY();');
        $obj = pg_fetch_object($sqlr, null, 'user');
        pg_free_result($sqlr);
        if($obj)$obj->uid = intval($obj->uid);
        return $obj;
    }

    public static function update($sqlc, $user)
    {
        //update user data into database, with $user the user data object
        //return updated object. False if failed.
        //Assume the update is valid!!
        //requires member: string nickname, string password, string aboutme, string avatar, string email, int uid
        
        $sqlstr = 'UPDATE "user" SET "nickname"=$1, "password"=$2, "aboutme"=$3, "avatar"=$4, "email"=$5 WHERE "uid"=$6 RETURNING *;';
        $sqlarr = array($user->nickname, $user->password, $user->aboutme, $user->avatar, $user->email, intval($user->uid));
        $sqlr = pg_query_params($sqlc, $sqlstr, $sqlarr);
        if(!$sqlr)return false;
        $obj = pg_fetch_object($sqlr, null, 'user');
        pg_free_result($sqlr);
        if($obj)$obj->uid = intval($obj->uid);
        return $obj;    
    }

    /*public static function update_property($sqlc, $user)
    {
        //update property of given user.
        //return updated object. False if failed.
        //Assume the update is valid!!
        //requires member: int[] property, int uid;

        $sqlstr = 'UPDATE "user" SET "property"=$1 WHERE "uid"=$2 RETURNING *;';
        $sqlarr = array($user->property, intval($user->uid));
        $sqlr = pg_query_params($sqlc, $sqlstr, $sqlarr);
        if(!$sqlr)return false;
        $obj = pg_fetch_object($sqlr, null, 'user');
        pg_free_result($sqlr);
        if($obj)$obj->uid = intval($obj->uid);
        return $obj;
    }*/

    public static function get_username($sqlc, $uid)
    {
        //return username of given uid. False if not found.

        $sqlstr = 'SELECT "username" FROM "user" WHERE "uid"=$1 LIMIT 1;';
        $sqlarr = array(intval($uid));
        $sqlr = pg_query_params($sqlc, $sqlstr, $sqlarr);
        $ret = pg_fetch_result($sqlr, 0);
        pg_free_result($sqlr);
        return $ret;
    }

    public static function get_nickname($sqlc, $uid)
    {
        //return nickname of given uid. False if not found.

        $sqlstr = 'SELECT "nickname" FROM "user" WHERE "uid"=$1 LIMIT 1;';
        $sqlarr = array(intval($uid));
        $sqlr = pg_query_params($sqlc, $sqlstr, $sqlarr);
        $ret = pg_fetch_result($sqlr, 0);
        pg_free_result($sqlr);
        return $ret;
    }

    public static function reset_password($sqlc, $uid)
    {
        //reset password for given uid. False if not found.

        $user = user::get_from_uid($sqlc, $uid);
        if(!$user)return false;
        $email = $user->email;
        if(!$email)return false;
        
        $passlen = 8;
        $newpass = '';
        for($i = 0; $i < $passlen; $i++)
        {
            $v = rand()%62;
            $c = null;
            if($v<10)$c = chr(48 + $v);
            else if($v<36)$c = chr(65 + $v - 10);
            else $c = chr(97 + $v - 36);
            $newpass = $newpass.$c;
        }
        //echo($newpass.'<br>');

        //email

        $cmail = new PHPMailer();
        $cmail->IsSMTP();

        $cmail->SMTPAuth = true;
        $cmail->SMTPSecure = 'SSL';
        $cmail->Host = 'ssl://'.SMTP_HOST;
        $cmail->Port = 465;
        $cmail->Username = SMTP_USER;
        $cmail->Password = SMTP_PASS;
        $cmail->From = 'sprout@csie.ntu.edu.tw';
        $cmail->FromName = 'Taiwan Online Judge';

        $cmail->AddAddress($email, $user->nickname);
        $cmail->WordWrap = 70;
        $cmail->Subject = 'TOJ Password Reset Notice';
        $cmail->IsHTML = true;
        $cmail->Body = 'Hi '.$user->nickname.' ('.$user->username.') , your new password is '.$newpass.' .';
        if(!$cmail->Send())
        {
            //echo($cmail->ErrorInfo.'<br>');
            return false;
        }



        $user->password = hash('sha512', $newpass);
        $nuser = user::update($sqlc, $user);
        if(!$nuser)return false;

        return true;    
    }

    public static function statistic($sqlc, $uid){
        $sqlstr = 'SELECT "proid",MIN("result") AS "result" FROM "submit" WHERE "uid"=$1 GROUP BY "proid" ORDER BY "proid" ASC;';
        $sqlarr = array(intval($uid));
        $sqlr = pg_query_params($sqlc, $sqlstr, $sqlarr);
        $trylist = array();
        while($obj = pg_fetch_object($sqlr)){
            $obj->proid = intval($obj->proid); 
            $obj->result = intval($obj->result); 
            array_push($trylist, $obj);
        }
        pg_free_result($sqlr);
    
        $sqlstr = 'SELECT "result",COUNT("result") AS "count" FROM "submit" WHERE "uid"=$1 GROUP BY "result" ORDER BY "result";';
        $sqlarr = array(intval($uid));
        $sqlr = pg_query_params($sqlc, $sqlstr, $sqlarr);
        $substatis = array();
        while($obj = pg_fetch_object($sqlr)){
            $obj->result = intval($obj->result);
            $obj->count = intval($obj->count);
            array_push($substatis, $obj);
        }
        pg_free_result($sqlr);

        $sqlstr = 'SELECT "result",COUNT("result") AS "count" FROM "submit" WHERE "uid"=$1 GROUP BY "result" ORDER BY "result";';
        $sqlarr = array(intval($uid));
        $sqlr = pg_query_params($sqlc, $sqlstr, $sqlarr);
        $substatis = array();
        while($obj = pg_fetch_object($sqlr)){
            $obj->result = intval($obj->result);
            $obj->count = intval($obj->count);
            array_push($substatis, $obj);
        }
        pg_free_result($sqlr);

        $sqlstr = 'SELECT TO_CHAR("submit_time",\'YYYY-MM\') AS "time",COUNT("submit_time") AS "count" FROM "submit" WHERE uid=$1 GROUP BY TO_CHAR("submit_time",\'YYYY-MM\');';
        $sqlarr = array(intval($uid));
        $sqlr = pg_query_params($sqlc, $sqlstr, $sqlarr);
        $timesub = array();
        while($obj = pg_fetch_object($sqlr)){
            $obj->count = intval($obj->count);
            array_push($timesub, $obj);
        }
        pg_free_result($sqlr);

        return array(
            'trylist' => $trylist,
            'substatis' => $substatis,
            'timesub' => $timesub
        );
    }
}

function sec_check_level($sqlc, $lv, $uid = null)
{
    $uidnull = false;
    if($uid == null)
    {
        $uid = intval($_COOKIE['uid']);
        $uidnull = true;
    }
    if($uidnull && !sec_is_login())
        return false;
    $user = user::get_from_uid($sqlc, $uid);
    return (($user->level & $lv) == $lv);
}

?>