time = time();
$this->startSession();
}
/**
* startSession - Performs all the actions necessary to
* initialize this session object. Tries to determine if the
* the user has logged in already, and sets the variables
* accordingly. Also takes advantage of this page load to
* update the active visitors tables.
*/
function startSession(){
global $database, $domain; //The database connection
session_start(); //Tell PHP to start the session
/* Determine if user is logged in */
$this->logged_in = $this->checkLogin();
/**
* Set guest value to users not logged in, and update
* active guests table accordingly.
*/
if(!$this->logged_in){
if($_SESSION['chat_username']){
$guest_name = $_SESSION['chat_username'];
}else{
$guest_name = GUEST_NAME;
}
$this->username = $_SESSION['username'] = $guest_name;
$this->user_level = GUEST_LEVEL;
$database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
}
/* Update users last active timestamp */
else{
$database->addActiveUser($this->username, $this->time);
}
/* Remove inactive visitors from database */
$database->removeInactiveUsers();
$database->removeInactiveGuests();
/* Set referrer page */
if(isset($_SESSION['url'])){
$this->referrer = $_SESSION['url'];
}else{
$this->referrer = "/";
}
/* Set current url */
$this->url = $_SESSION['url'] = $_SERVER['PHP_SELF'];
/* Set referer */
$this->referer = $_SERVER['HTTP_REFERER'];//windows server
/* Set environment */
$s = array(DIRECTORY,'/','.php');
$r = array('','','',);
$this->env = str_replace($s, $r, $this->url);
}
/**
* checkLogin - Checks if the user has already previously
* logged in, and a session with the user has already been
* established. Also checks to see if user has been remembered.
* If so, the database is queried to make sure of the user's
* authenticity. Returns true if the user has logged in.
*/
function checkLogin(){
global $database; //The database connection
/* Check if user has been remembered */
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
$this->username = $_SESSION['username'] = $_COOKIE['cookname'];
$this->user_id = $_SESSION['user_id'] = $_COOKIE['cookid'];
}
/* Username and user_id have been set and not guest */
if(isset($_SESSION['username']) && isset($_SESSION['user_id']) &&
$_SESSION['username'] != GUEST_NAME){
/* Confirm that user name and user_id are valid */
if($database->confirmUserID($_SESSION['username'], $_SESSION['user_id']) != 0){
/* Variables are incorrect, user not logged in */
unset($_SESSION['username']);
unset($_SESSION['user_id']);
return false;
}
/* User is logged in, set class variables */
$this->userinfo = $database->getUserInfo($_SESSION['username']);
$this->username = $this->userinfo['username'];
$this->user_email = $this->userinfo['user_email'];
$this->user_timestamp = $this->userinfo['user_timestamp'];
$this->user_timestamp_registered = $this->userinfo['user_timestamp_registered'];
$this->user_banned = $this->userinfo['user_banned'];
$this->user_valid = $this->userinfo['user_valid'];
$this->user_cont_main_cat_id = $this->userinfo['user_cont_main_cat_id'];
$this->user_id = $this->userinfo['user_id'];
$this->user_level = $this->userinfo['user_level'];
/* Personalia */
$this->user_gender = $this->userinfo['user_gender'];
$this->user_firstname = $this->userinfo['user_firstname'];
$this->user_insertion = $this->userinfo['user_insertion'];
$this->user_lastname = $this->userinfo['user_lastname'];
$this->user_fullname = $this->userinfo['user_fullname'];
$this->user_birthdate = $this->userinfo['user_birthdate'];
$this->user_birthcity = $this->userinfo['user_birthcity'];
$this->user_birthcountry = $this->userinfo['user_birthcountry'];
$this->user_salutation = $this->userinfo['user_gender'];
$this->user_image = $this->userinfo['user_image'];
/* Work */
$this->user_company = $this->userinfo['user_company'];
$this->user_function = $this->userinfo['user_function'];
/* Address */
$this->user_address = $this->userinfo['user_address'];
$this->user_zip = $this->userinfo['user_zip'];
$this->user_city = $this->userinfo['user_city'];
$this->user_state = $this->userinfo['user_state'];
$this->user_country = $this->userinfo['user_country'];
$this->user_latitude = $this->userinfo['user_latitude'];
$this->user_longitude = $this->userinfo['user_longitude'];
$this->user_phone = $this->userinfo['user_phone'];
$this->user_mobile = $this->userinfo['user_mobile'];
$this->user_fax = $this->userinfo['user_fax'];
/* links */
$this->user_website = $this->userinfo['user_website'];
$this->user_portfolio = $this->userinfo['user_portfolio'];
$this->user_rssfeed = $this->userinfo['user_rssfeed'];
$this->user_linkedin = $this->userinfo['user_linkedin'];
$this->user_facebook = $this->userinfo['user_facebook'];
$this->user_twitter = $this->userinfo['user_twitter'];
$this->user_youtube = $this->userinfo['user_youtube'];
$this->user_vimeo = $this->userinfo['user_vimeo'];
/* 20 variables */
foreach(range(1,20) as $n){
$this->user_var_.$n = $this->userinfo['user_var_'.$n];
}
$this->user_desc_l0 = $this->userinfo['user_desc_l0'];
$this->user_desc_l1 = $this->userinfo['user_desc_l1'];
$this->user_desc_l2 = $this->userinfo['user_desc_l2'];
$this->user_desc_l3 = $this->userinfo['user_desc_l3'];
$this->user_desc = $this->userinfo['user_desc_l'.$functions->lang_nr];
$this->user_cv_l0 = $this->userinfo['user_cv_l0'];
$this->user_cv_l1 = $this->userinfo['user_cv_l1'];
$this->user_cv_l2 = $this->userinfo['user_cv_l2'];
$this->user_cv_l3 = $this->userinfo['user_cv_l3'];
$this->user_cv = $this->userinfo['user_cv_l'.$functions->lang_nr];
return true;
}
/* User not logged in */
else{
return false;
}
}
/**
* login - The user has submitted his user name and password
* through the login form, this function checks the authenticity
* of that information in the database and creates the session.
* Effectively logging in the user if all goes well.
*/
function login($subuser, $subpass, $subremember){
global $database, $form, $functions; //The database and form object
/* Username error checking */
$field = "user_login"; //Use field name for user name
if(!$subuser || strlen($subuser = trim($subuser)) == 0){
$form->setError($field, $functions->TR_("username not entered", 2));
}
else{
/* Check if user name is not alphanumeric */
if(!preg_match("/^([0-9a-z])*$/i", $subuser)){
$form->setError($field, $functions->TR_("username not alphanumeric", 2));
}
}
/* Password error checking */
$field = "pass_login"; //Use field name for password
if(!$subpass){
$form->setError($field, $functions->TR_("password not entered", 2));
}
/* Return if form errors exist */
if($form->num_errors > 0){
return false;
}
/* Checks that user name is in database and password is correct */
$subuser = stripslashes($subuser);
$result = $database->confirmUserPass($subuser, md5($subpass));
/* Check error codes */
if($result == 1){
$field = "user_login";
$form->setError($field, $functions->TR_("username not found", 2));
}
else if($result == 2){
$field = "pass_login";
$form->setError($field, $functions->TR_("invalid password", 2));
}
/* Return if form errors exist */
if($form->num_errors > 0){
return false;
}
/* Username and password correct, register session variables */
$this->userinfo = $database->getUserInfo($subuser);
$this->username = $_SESSION['username'] = $this->userinfo['username'];
$this->user_id = $_SESSION['user_id'] = $this->generateRandID();
$this->user_level = $this->userinfo['user_level'];
/* Insert user_id into database and update active users table */
$database->updateUserField($this->username, "user_id", $this->user_id);
$database->addActiveUser($this->username, $this->time);
$database->removeActiveGuest($_SERVER['REMOTE_ADDR']);
/**
* This is the cool part: the user has requested that we remember that
* he's logged in, so we set two cookies. One to hold his user name,
* and one to hold his random value user_id. It expires by the time
* specified in constants.php. Now, next time he comes to our site, we will
* log him in automatically, but only if he didn't log out before he left.
*/
if($subremember){
setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH);
setcookie("cookid", $this->user_id, time()+COOKIE_EXPIRE, COOKIE_PATH);
}else{
setcookie('cookname','',time()-3600,COOKIE_PATH);
setcookie('cookid','',time()-3600,COOKIE_PATH);
}
/* Login completed successfully */
return true;
}
/**
* logout - Gets called when the user wants to be logged out of the
* website. It deletes any cookies that were stored on the users
* computer as a result of him wanting to be remembered, and also
* unsets session variables and demotes his user level to guest.
*/
function logout(){
global $database; //The database connection
/**
* Delete cookies - the time must be in the past,
* so just negate what you added when creating the
* cookie.
*/
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
setcookie("cookname", "", time()-COOKIE_EXPIRE, COOKIE_PATH);
setcookie("cookid", "", time()-COOKIE_EXPIRE, COOKIE_PATH);
}
/* Unset PHP session variables */
unset($_SESSION['username']);
unset($_SESSION['user_id']);
/* Reflect fact that user has logged out */
$this->logged_in = false;
/**
* Remove from active users table and add to
* active guests tables.
*/
$database->removeActiveUser($this->username);
$database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
/* Set user level to guest */
$this->username = GUEST_NAME;
$this->user_level = GUEST_LEVEL;
}
function user($uname, $uvalid, $ulevel, $uban, $ubirth){
global $session, $form, $database;
$field = "user_valid";
if(!$uvalid){
$form->setError($field,'user has to be validated to make any changes');
}
$cur_level = $database->getUserLevel($uname);
if($cur_level == ADMIN_LEVEL && $ulevel == 1 && $uname == $session->username){
$field = "user_level";
$form->setError($field,"You can not lower your own level");
}
if($uname == $session->username && $uban == 1){
$field = "user_banned";
$form->setError($field,"You can not ban yourself");
}
if($ubirth){
$field = "user_birthdate";
$regex='/[0-9]{2}\-[0-9]{2}\-[0-9]{4}/';
if(!preg_match($regex,$ubirth)){
$form->setError($field,"date of birth not valid");
}
}
/* Errors exist, have user correct them */
if($form->num_errors > 0){
return 1; //Errors with form
}else{
return 0; // No errors with form
}
}
function userDelete($uname){
global $session, $form, $database;
if($uname==$session->username){
$field = "row[".$session->username."]";
$form->setError($field,"You can not delete yourself");
}
else if($database->getUserLevel($uname)==9){
$field = "row[".$uname."]";
$form->setError($field,"You can not delete administrators");
}else
/* get user info */
$result = $database->getUserInfoByUsername($uname);
/* count content */
$content_amount = count($result);
if($content_amount>0){
$field = "row[".$uname."]";
$form->setError($field,"This user posted content. Delete this users content first");
}
/* Errors exist, have user correct them */
if($form->num_errors > 0){
return 1; //Errors with form
}else{
return 0; // No errors with form
}
}
/**
* register - Gets called when the user has just submitted the
* registration form. Determines if there were any errors with
* the entry fields, if so, it records the errors and returns
* 1. If no errors were found, it registers the new user and
* returns 0. Returns 2 if registration failed.
*/
function proc_handle_account(
$subjoin, $subedit,
$subuser, $subpass, $subconfirmpass, $subemail,
$subvalid, $sublevel,
$subcurpass, $subnewpass, $subconfnewpass,
$subuser_fname, $subuser_insertion, $subuser_lname,
$subuser_company, $subuser_function,
$subuser_address, $subuser_zip, $subuser_city, $subuser_state, $subuser_country,
$subuser_latitude, $subuser_longitude,
$subuser_phone, $subuser_mobile, $subuser_fax,
$subuser_bdate, $subuser_bcity, $subuser_bcountry,
$subuser_gender, $subuser_mail,
$website, $portfolio, $rssfeed , $linkedin,
$facebook, $twitter, $youtube, $vimeo,
$var_1, $var_2, $var_3, $var_4, $var_5,
$var_6, $var_7, $var_8, $var_9, $var_10,
$var_11, $var_12, $var_13, $var_14, $var_15,
$var_16, $var_17, $var_18, $var_19, $var_20,
$sub_desc_l0, $sub_desc_l1, $sub_desc_l2, $sub_desc_l3,
$sub_cv_l0, $sub_cv_l1, $sub_cv_l2, $sub_cv_l3
){
global $database, $form, $user_mailer, $functions, $control, $lang_arr; //The database, form and mailer object
/* Register new account */
if($subjoin){
/* Username error checking */
$field = "user"; //Use field name for user name
if(!$subuser || strlen($subuser = trim($subuser)) == 0){
$form->setError($field, $functions->TR_("username not entered",2));
}
else{
/* Spruce up user name, check length */
$subuser = stripslashes($subuser);
if(strlen($subuser) < 8){
$form->setError($field, $functions->TR_("username below 8 characters",2));
}
else if(strlen($subuser) > 30){
$form->setError($field, $functions->TR_("username above 30 characters",2));
}
/* Check if user name is not alphanumeric */
else if(!preg_match("/^([0-9a-z])+$/i", $subuser)){
$form->setError($field, $functions->TR_("username not alfanumeric",2));
}
/* Check if user name is reserved */
else if(strcasecmp($subuser, GUEST_NAME) == 0){
$form->setError($field, $functions->TR_("username reserved word",2));
}
/* Check if user name is already in use */
else if($database->usernameTaken($subuser)){
$form->setError($field, $functions->TR_("username already in use",2));
}
/* Check if user name is banned */
else if($database->usernameBanned($subuser)){
$form->setError($field, $functions->TR_("username banned",2));
}
}
/* Password error checking */
$field = "pass"; //Use field name for password
if(!$subpass){
$form->setError($field, $functions->TR_("password not entered",2));
}
else{
/* Spruce up password and check length */
$subpass = stripslashes($subpass);
if(strlen($subpass) < 8){
$form->setError($field, $functions->TR_("password below 8 characters",2));
}
/* Check if password is not alphanumeric */
else if(!preg_match("/^([0-9a-z])+$/i", ($subpass = trim($subpass)))){
$form->setError($field, $functions->TR_("password not alphanumeric",2));
}
/**
* Note: I trimmed the password only after I checked the length
* because if you fill the password field up with spaces
* it looks like a lot more characters than 4, so it looks
* kind of stupid to report "password too short".
*/
}
/* confirm pass */
$field = "confirm_pass"; //Use field name for password confirmation
if($_POST[$field] && !$subconfirmpass){
$form->setError($field, $functions->TR_("confirmation not entered",2));
}
/* confirm pass */
else if($_POST[$field] && $subpass!=$subconfirmpass){
$form->setError($field, $functions->TR_("wrong password confirmation",2));
}
/* Email error checking */
$field = "email"; //Use field name for email
if(!$subemail || strlen($subemail = trim($subemail)) == 0){
//$form->setError($field, $functions->TR_("email not entered",2));
}
else{
/* Check if valid email address */
$regex = "/^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
."\.([a-z]{2,}){1}$/i";
if(!preg_match($regex,$subemail)){
$form->setError($field, $functions->TR_("email invalid",2));
}
$subemail = stripslashes($subemail);
}
}
/* Edit Account */
if($subedit){
if($subnewpass){
/* Current Password error checking */
$field = "acc_curpass"; //Use field name for current password
if(!$subcurpass){
$form->setError($field, $functions->TR_("current password not entered", 2));
}
else{
/* Check if password too short or is not alphanumeric */
$subcurpass = stripslashes($subcurpass);
if(strlen($subcurpass) < 5 ||
!preg_match("/^([0-9a-z])+$/i", ($subcurpass = trim($subcurpass)))){
$form->setError($field, $functions->TR_("current password incorrect", 2));
}
/* Password entered is incorrect */
if($database->confirmUserPass($this->username,md5($subcurpass)) != 0){
$form->setError($field, $functions->TR_("current password incorrect", 2));
}
}
/* New Password error checking */
$field = "acc_newpass"; //Use field name for new password
/* Spruce up password and check length*/
$subpass = stripslashes($subnewpass);
if(strlen($subnewpass) < 8){
$form->setError($field, $functions->TR_("new password too short", 2));
}
/* Check if password is not alphanumeric */
else if(!preg_match("/^([0-9a-z])+$/i", ($subnewpass = trim($subnewpass)))){
$form->setError($field, $functions->TR_("new password not alphanumeric", 2));
}
$field = "acc_confnewpass";
if($_POST[$field] && $subnewpass != $subconfnewpass){
$form->setError($field, $functions->TR_("confirmation not matching", 2));
}
}
/* Change Password attempted */
else if($subcurpass){
/* New Password error reporting */
$field = "acc_newpass"; //Use field name for new password
$form->setError($field, $functions->TR_("new password not entered", 2));
}
/* Email error checking */
$field = "email"; //Use field name for email
if(isset($_POST['email'])){
if(!$subemail || strlen($subemail = trim($subemail)) == 0){
$form->setError($field, $functions->TR_("email not entered",2));
}
else{
/* Check if valid email address */
$regex = "/^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
."\.([a-z]{2,}){1}$/i";
if(!preg_match($regex,$subemail)){
$form->setError($field, $functions->TR_("email invalid",2));
}
$subuser_email = stripslashes($subemail);
}
}
}
/* */
$field = 'fname';
if(isset($_POST[$field]) && $_POST[$field.'_required']){
if(!$subuser_fname){
$form->setError($field, $functions->TR_("first name not entered",2));
}
}
/* */
$field = 'lname';
if(isset($_POST[$field]) && $_POST[$field.'_required']){
if(!$subuser_lname){
$form->setError($field, $functions->TR_("last name not entered",2));
}
}
/* */
$field = 'company';
if(isset($_POST[$field]) && $_POST[$field.'_required']){
if(!$subuser_company){
$form->setError($field, $functions->TR_("company name not entered",2));
}
}
/* */
$field = 'function';
if(isset($_POST[$field]) && $_POST[$field.'_required']){
if(!$subuser_function){
$form->setError($field, $functions->TR_("function not entered",2));
}
}
/* */
$field = 'address';
if(isset($_POST[$field]) && $_POST[$field.'_required']){
if(!$subuser_address){
$form->setError($field, $functions->TR_("address not entered",2));
}
}
/* */
$field = 'zip';
if(isset($_POST[$field]) && $_POST[$field.'_required']){
if(!$subuser_zip){
$form->setError($field, $functions->TR_("zip not entered",2));
}
}
/* */
$field = 'city';
if(isset($_POST[$field]) && $_POST[$field.'_required']){
if(!$subuser_city){
$form->setError($field, $functions->TR_("city not entered",2));
}
}
/* */
$field = 'state';
if(isset($_POST[$field]) && $_POST[$field.'_required']){
if(!$subuser_state){
$form->setError($field, $functions->TR_("state not entered",2));
}
}
/* */
$field = 'country';
if(isset($_POST[$field]) && $_POST[$field.'_required']){
if(!$subuser_country){
$form->setError($field, $functions->TR_("country not selected",2));
}
}
/* */
$field = 'latitude';
if(isset($_POST[$field]) && $_POST[$field.'_required']){
if(!trim($subuser_latitude)){
$form->setError($field, $functions->TR_("latitude not entered",2));
}
}
//
if($_POST[$field] && !is_numeric($_POST[$field])){
$form->setError($field, $functions->TR_("wrong format",2));
}
/* */
$field = 'longitude';
if(isset($_POST[$field]) && $_POST[$field.'_required']){
if(!trim($subuser_longitude)){
$form->setError($field, $functions->TR_("longitude not entered",2));
}
}
//
if($_POST[$field] && !is_numeric($_POST[$field])){
$form->setError($field, $functions->TR_("wrong format",2));
}
/* */
$field = 'phone';
if(isset($_POST[$field]) && $_POST[$field.'_required']){
if(!$subuser_phone){
$form->setError($field, $functions->TR_("phone number not entered",2));
}else if(strlen($subuser_phone) < 8 || !preg_match("/^([0-9+() ])+$/i", $subuser_phone)){
$form->setError($field, $functions->TR_("phone number not valid",2));
}
}
/* */
$field = 'mobile';
if(isset($_POST[$field]) && $_POST[$field.'_required']){
if(!$subuser_mobile){
$form->setError($field, $functions->TR_("phone number not entered",2));
}else if(strlen($subuser_mobile) < 8 || !preg_match("/^([0-9+() ])+$/i", $subuser_mobile)){
$form->setError($field, $functions->TR_("mobile number not valid",2));
}
}
/* */
$field = 'fax';
if(isset($_POST[$field]) && $_POST[$field.'_required']){
if(!$subuser_fax){
$form->setError($field, $functions->TR_("phone number not entered",2));
}else if(strlen($subuser_fax) < 8 || !preg_match("/^([0-9+() ])+$/i", $subuser_fax)){
$form->setError($field, $functions->TR_("mobile number not valid",2));
}
}
/* */
$field = "bdate"; //Use field date
if(isset($_POST[$field]) && $_POST[$field.'_required']){
if(!$subuser_bdate || strlen($subuser_bdate = trim($subuser_bdate)) == 0 ){
$form->setError($field,$functions->TR_("date of birth not entered", 2));
}else{
$regex='/[0-9]{2}\/[0-9]{2}\/[0-9]{4}/';
if(!preg_match($regex,$subuser_bdate)){
$form->setError($field,$functions->TR_("date of birth not valid",2));
}
}
}
/* */
$field = 'gender';
if($_POST[$field.'_required']){
if(!$subuser_gender){
$form->setError($field, $functions->TR_("salutation not selected",2));
}
}
/* */
$field = 'mail';
if($_POST[$field.'_required']){
if(!$subuser_mail){
$form->setError($field, $functions->TR_("mail not selected",2));
}
}
/* Website */
$field = 'website';
if($_POST[$field.'_required']){
if(!$_POST[$field]){
$form->setError($field, $functions->TR_("url not entered",2));
}
}
if(isset($_POST[$field]) && $_POST[$field]){
$regex = "/^(https?:\/\/)?([\da-z\.-]+)\.([a-z\.]{2,6})([\/\w \.-]*)*\/?$/";
if(!preg_match($regex, $website)){
$form->setError($field, $functions->TR_("url not valid ",2));
}
$parse = parse_url($website);
if($parse['scheme'] != 'http'){
//$form->setError($field, $functions->TR_("url has to start with http",2));
}
}
/*
* Description
*/
$desc_min_length = 10;
$desc_max_length = 500;
if($_POST['user_desc_l_required']){
foreach($lang_arr as $key => $user_desc){
if(!$_POST['user_desc_l'.$key]){
$form->setError('user_desc_l'.$key, $functions->TR_("description not entered", 2));
}else
if(strlen($_POST["user_desc_l".$key]) < $desc_min_length){
$form->setError(
'user_desc_l'.$key,
$functions->TR_("description too short", 2).'. min. '.$desc_min_length
);
}else
if(strlen($_POST["user_desc_l".$key])>$desc_max_length){
$form->setError(
'user_desc_l'.$key,
$functions->TR_("description too long", 2).'. max. '. $desc_max_length
);
}
}
}
/*
* Vars
*/
$var_arr = range(1,20);
//echo $_POST['user_var_7'];
foreach($var_arr as $nr){
if($_POST['user_var_'.$nr.'_required']){
if(!$_POST['user_var_'.$nr] || strlen(strip_tags($_POST['user_var_'.$nr])) == ''){
$form->setError('user_var_'.$nr,
$functions->TR_('',2).' '.$functions->TR_("required",2)
);
}
}
}
if($subedit){
/*
echo '';
print_r($_POST);
echo '
';
*/
/* Update level anyway */
if(isset($_POST['valid']))
$database->updateUserField($this->username, 'user_valid', $subvalid);
if(isset($_POST['level']))
$database->updateUserField($this->username, 'user_level', $sublevel);
/* Update vars anyway */
if(isset($_POST['user_var_1']) || isset($_POST['check_present_user_var_1']))
$database->updateUserField($this->username, 'user_var_1', $var_1);
if(isset($_POST['user_var_2']) || isset($_POST['check_present_user_var_2']))
$database->updateUserField($this->username, 'user_var_2', $var_2);
if(isset($_POST['user_var_3']) || isset($_POST['check_present_user_var_3']))
$database->updateUserField($this->username, 'user_var_3', $var_3);
if(isset($_POST['user_var_4']) || isset($_POST['check_present_user_var_4']))
$database->updateUserField($this->username, 'user_var_4', $var_4);
if(isset($_POST['user_var_5']) || isset($_POST['check_present_user_var_5']))
$database->updateUserField($this->username, 'user_var_5', $var_5);
if(isset($_POST['user_var_6']) || isset($_POST['check_present_user_var_6']))
$database->updateUserField($this->username, 'user_var_6', $var_6);
if(isset($_POST['user_var_7']) || isset($_POST['check_present_user_var_7']))
$database->updateUserField($this->username, 'user_var_7', $var_7);
if(isset($_POST['user_var_8']) || isset($_POST['check_present_user_var_8']))
$database->updateUserField($this->username, 'user_var_8', $var_8);
if(isset($_POST['user_var_9']) || isset($_POST['check_present_user_var_9']))
$database->updateUserField($this->username, 'user_var_9', $var_9);
if(isset($_POST['user_var_10']) || isset($_POST['check_present_user_var_10']))
$database->updateUserField($this->username, 'user_var_10', $var_10);
if(isset($_POST['user_var_11']) || isset($_POST['check_present_user_var_11']))
$database->updateUserField($this->username, 'user_var_11', $var_11);
if(isset($_POST['user_var_12']) || isset($_POST['check_present_user_var_12']))
$database->updateUserField($this->username, 'user_var_12', $var_12);
if(isset($_POST['user_var_13']) || isset($_POST['check_present_user_var_13']))
$database->updateUserField($this->username, 'user_var_13', $var_13);
if(isset($_POST['user_var_14']) || isset($_POST['check_present_user_var_14']))
$database->updateUserField($this->username, 'user_var_14', $var_14);
if(isset($_POST['user_var_15']) || isset($_POST['check_present_user_var_15']))
$database->updateUserField($this->username, 'user_var_15', $var_15);
if(isset($_POST['user_var_16']) || isset($_POST['check_present_user_var_16']))
$database->updateUserField($this->username, 'user_var_16', $var_16);
if(isset($_POST['user_var_17']) || isset($_POST['check_present_user_var_17']))
$database->updateUserField($this->username, 'user_var_17', $var_17);
if(isset($_POST['user_var_18']) || isset($_POST['check_present_user_var_18']))
$database->updateUserField($this->username, 'user_var_18', $var_18);
if(isset($_POST['user_var_19']) || isset($_POST['check_present_user_var_19']))
$database->updateUserField($this->username, 'user_var_19', $var_19);
if(isset($_POST['user_var_20']) || isset($_POST['check_present_user_var_20']))
$database->updateUserField($this->username, 'user_var_20', $var_20);
}
/* Errors exist, have user correct them */
if($form->num_errors > 0){
return 1; //Errors with form
}
/* No errors, continue */
else{
if($subjoin){
/* This returns 1 if ok */
if($database->addNewUser($subuser, md5($subpass), $subemail)){
$_SESSION['new_user'] = $subuser;
if(EMAIL_WELCOME){
$user_mailer->sendWelcome($subuser,$subemail,$subpass);
}
/* Update other fields */
$database->updateUserField($subuser, 'user_firstname', $subuser_fname);
$database->updateUserField($subuser, 'user_insertion', $subuser_insertion);
$database->updateUserField($subuser, 'user_lastname', $subuser_lname);
$database->updateUserField($subuser, 'user_company', $subuser_company);
$database->updateUserField($subuser, 'user_function', $subuser_function);
$database->updateUserField($subuser, 'user_address', $subuser_address);
$database->updateUserField($subuser, 'user_zip', $subuser_zip);
$database->updateUserField($subuser, 'user_city', $subuser_city);
$database->updateUserField($subuser, 'user_state', $subuser_state);
$database->updateUserField($subuser, 'user_country', $subuser_country);
$database->updateUserField($subuser, 'user_latitude', $subuser_latitude);
$database->updateUserField($subuser, 'user_longitude', $subuser_longitude);
$database->updateUserField($subuser, 'user_phone', $subuser_phone);
$database->updateUserField($subuser, 'user_mobile', $subuser_mobile);
$database->updateUserField($subuser, 'user_fax', $subuser_fax);
$database->updateUserField($subuser, 'user_birthdate', $subuser_bdate);
$database->updateUserField($subuser, 'user_birthcity', $subuser_bcity);
$database->updateUserField($subuser, 'user_birthcountry', $subuser_bcountry);
$database->updateUserField($subuser, 'user_gender', $subuser_gender);
$database->updateUserField($subuser, 'user_mail', $subuser_mail);
$database->updateUserField($subuser, 'user_website', $website);
$database->updateUserField($subuser, 'user_portfolio', $portfolio);
$database->updateUserField($subuser, 'user_rssfeed', $rssfeed);
$database->updateUserField($subuser, 'user_linkedin', $linkedin);
$database->updateUserField($subuser, 'user_facebook', $facebook);
$database->updateUserField($subuser, 'user_twitter', $twitter);
$database->updateUserField($subuser, 'user_youtube', $youtube);
$database->updateUserField($subuser, 'user_vimeo', $vimeo);
$database->updateUserField($subuser, 'user_var_1', $var_1);
$database->updateUserField($subuser, 'user_var_2', $var_2);
$database->updateUserField($subuser, 'user_var_3', $var_3);
$database->updateUserField($subuser, 'user_var_4', $var_4);
$database->updateUserField($subuser, 'user_var_5', $var_5);
$database->updateUserField($subuser, 'user_var_6', $var_6);
$database->updateUserField($subuser, 'user_var_7', $var_7);
$database->updateUserField($subuser, 'user_var_8', $var_8);
$database->updateUserField($subuser, 'user_var_9', $var_9);
$database->updateUserField($subuser, 'user_var_10', $var_10);
$database->updateUserField($subuser, 'user_var_11', $var_11);
$database->updateUserField($subuser, 'user_var_12', $var_12);
$database->updateUserField($subuser, 'user_var_13', $var_13);
$database->updateUserField($subuser, 'user_var_14', $var_14);
$database->updateUserField($subuser, 'user_var_15', $var_15);
$database->updateUserField($subuser, 'user_var_16', $var_16);
$database->updateUserField($subuser, 'user_var_17', $var_17);
$database->updateUserField($subuser, 'user_var_18', $var_18);
$database->updateUserField($subuser, 'user_var_19', $var_19);
$database->updateUserField($subuser, 'user_var_20', $var_20);
$database->updateUserField($subuser, 'user_desc_l0', $sub_desc_l0);
$database->updateUserField($subuser, 'user_desc_l1', $sub_desc_l1);
$database->updateUserField($subuser, 'user_desc_l2', $sub_desc_l2);
$database->updateUserField($subuser, 'user_desc_l3', $sub_desc_l3);
$database->updateUserField($subuser, 'user_cv_l0', $sub_cv_l0);
$database->updateUserField($subuser, 'user_cv_l1', $sub_cv_l1);
$database->updateUserField($subuser, 'user_cv_l2', $sub_cv_l2);
$database->updateUserField($subuser, 'user_cv_l3', $sub_cv_l3);
$database->updateUserField(
$subuser,
'user_fullname',
$subuser_fname.' '.$subuser_insertion.' '.$subuser_lname
);
/* Username and password correct, register session variables */
$this->userinfo = $database->getUserInfo($subuser);
$this->username = $_SESSION['username'] = $this->userinfo['username'];
$this->user_id = $_SESSION['user_id'] = $this->generateRandID();
$this->user_level = $this->userinfo['user_level'];
/* Insert user_id into database and update active users table */
$database->updateUserField($this->username, "user_id", $this->user_id);
$database->addActiveUser($this->username, $this->time);
$database->removeActiveGuest($_SERVER['REMOTE_ADDR']);
return 0; //New user added succesfully
}
else{
return 2; //Registration or edit attempt failed
}
}
if($subedit){
/*
echo '';
print_r($_POST);
echo '
';
*/
/* Update Password since there were no errors */
if($subcurpass && $subnewpass){
$database->updateUserField($this->username,"user_password",md5($subnewpass));
}
if(isset($_POST['email']))
$database->updateUserField($this->username, 'user_email', $subuser_email);
/* Update other fields */
if(isset($_POST['fname']))
$database->updateUserField($this->username, 'user_firstname', $subuser_fname);
if(isset($_POST['insertion']))
$database->updateUserField($this->username, 'user_insertion', $subuser_insertion);
if(isset($_POST['lname']))
$database->updateUserField($this->username, 'user_lastname', $subuser_lname);
if(isset($_POST['company'])){
$database->updateUserField($this->username, 'user_company', $subuser_company);
$database->manage_user_categorie($this->username);
}
if(isset($_POST['function']))
$database->updateUserField($this->username, 'user_function', $subuser_function);
if(isset($_POST['address']))
$database->updateUserField($this->username, 'user_address', $subuser_address);
if(isset($_POST['zip']))
$database->updateUserField($this->username, 'user_zip', $subuser_zip);
if(isset($_POST['city']))
$database->updateUserField($this->username, 'user_city', $subuser_city);
if(isset($_POST['state']))
$database->updateUserField($this->username, 'user_state', $subuser_state);
if(isset($_POST['country']))
$database->updateUserField($this->username, 'user_country', $subuser_country);
if(isset($_POST['latitude']))
$database->updateUserField($this->username, 'user_latitude', $subuser_latitude);
if(isset($_POST['longitude']))
$database->updateUserField($this->username, 'user_longitude', $subuser_longitude);
if(isset($_POST['phone']))
$database->updateUserField($this->username, 'user_phone', $subuser_phone);
if(isset($_POST['mobile']))
$database->updateUserField($this->username, 'user_mobile', $subuser_mobile);
if(isset($_POST['fax']))
$database->updateUserField($this->username, 'user_fax', $subuser_fax);
if(isset($_POST['birthdate']))
$database->updateUserField($this->username, 'user_birthdate', $subuser_bdate);
if(isset($_POST['birthcity']))
$database->updateUserField($this->username, 'user_birthcity', $subuser_bcity);
if(isset($_POST['birthcountry']))
$database->updateUserField($this->username, 'user_birthcountry', $subuser_bcountry);
if(isset($_POST['gender']))
$database->updateUserField($this->username, 'user_gender', $subuser_gender);
if(isset($_POST['mail']))
$database->updateUserField($this->username, 'user_mail', $subuser_mail);
if(isset($_POST['website']))
$database->updateUserField($this->username, 'user_website', $website);
if(isset($_POST['portfolio']))
$database->updateUserField($this->username, 'user_portfolio', $portfolio);
if(isset($_POST['rssfeed']))
$database->updateUserField($this->username, 'user_rssfeed', $rssfeed);
if(isset($_POST['linkedin']))
$database->updateUserField($this->username, 'user_linkedin', $linkedin);
if(isset($_POST['facebook']))
$database->updateUserField($this->username, 'user_facebook', $facebook);
if(isset($_POST['twitter']))
$database->updateUserField($this->username, 'user_twitter', $twitter);
if(isset($_POST['youtube']))
$database->updateUserField($this->username, 'user_youtube', $youtube);
if(isset($_POST['vimeo']))
$database->updateUserField($this->username, 'user_vimeo', $vimeo);
if(isset($_POST['user_var_1']) || isset($_POST['check_present_user_var_1']))
$database->updateUserField($this->username, 'user_var_1', $var_1);
if(isset($_POST['user_var_2']) || isset($_POST['check_present_user_var_2']))
$database->updateUserField($this->username, 'user_var_2', $var_2);
if(isset($_POST['user_var_3']) || isset($_POST['check_present_user_var_3']))
$database->updateUserField($this->username, 'user_var_3', $var_3);
if(isset($_POST['user_var_4']) || isset($_POST['check_present_user_var_4']))
$database->updateUserField($this->username, 'user_var_4', $var_4);
if(isset($_POST['user_var_5']) || isset($_POST['check_present_user_var_5']))
$database->updateUserField($this->username, 'user_var_5', $var_5);
if(isset($_POST['user_var_6']) || isset($_POST['check_present_user_var_6']))
$database->updateUserField($this->username, 'user_var_6', $var_6);
if(isset($_POST['user_var_7']) || isset($_POST['check_present_user_var_7']))
$database->updateUserField($this->username, 'user_var_7', $var_7);
if(isset($_POST['user_var_8']) || isset($_POST['check_present_user_var_8']))
$database->updateUserField($this->username, 'user_var_8', $var_8);
if(isset($_POST['user_var_9']) || isset($_POST['check_present_user_var_9']))
$database->updateUserField($this->username, 'user_var_9', $var_9);
if(isset($_POST['user_var_10']) || isset($_POST['check_present_user_var_10']))
$database->updateUserField($this->username, 'user_var_10', $var_10);
if(isset($_POST['user_var_11']) || isset($_POST['check_present_user_var_11']))
$database->updateUserField($this->username, 'user_var_11', $var_11);
if(isset($_POST['user_var_12']) || isset($_POST['check_present_user_var_12']))
$database->updateUserField($this->username, 'user_var_12', $var_12);
if(isset($_POST['user_var_13']) || isset($_POST['check_present_user_var_13']))
$database->updateUserField($this->username, 'user_var_13', $var_13);
if(isset($_POST['user_var_14']) || isset($_POST['check_present_user_var_14']))
$database->updateUserField($this->username, 'user_var_14', $var_14);
if(isset($_POST['user_var_15']) || isset($_POST['check_present_user_var_15']))
$database->updateUserField($this->username, 'user_var_15', $var_15);
if(isset($_POST['user_var_16']) || isset($_POST['check_present_user_var_16']))
$database->updateUserField($this->username, 'user_var_16', $var_16);
if(isset($_POST['user_var_17']) || isset($_POST['check_present_user_var_17']))
$database->updateUserField($this->username, 'user_var_17', $var_17);
if(isset($_POST['user_var_18']) || isset($_POST['check_present_user_var_18']))
$database->updateUserField($this->username, 'user_var_18', $var_18);
if(isset($_POST['user_var_19']) || isset($_POST['check_present_user_var_19']))
$database->updateUserField($this->username, 'user_var_19', $var_19);
if(isset($_POST['user_var_20']) || isset($_POST['check_present_user_var_20']))
$database->updateUserField($this->username, 'user_var_20', $var_20);
$database->updateUserField($this->username, 'user_desc_l0', $sub_desc_l0);
$database->updateUserField($this->username, 'user_desc_l1', $sub_desc_l1);
$database->updateUserField($this->username, 'user_desc_l2', $sub_desc_l2);
$database->updateUserField($this->username, 'user_desc_l3', $sub_desc_l3);
$database->updateUserField($this->username, 'user_cv_l0', $sub_cv_l0);
$database->updateUserField($this->username, 'user_cv_l1', $sub_cv_l1);
$database->updateUserField($this->username, 'user_cv_l2', $sub_cv_l2);
$database->updateUserField($this->username, 'user_cv_l3', $sub_cv_l3);
$subuser_fullname = $subuser_fname.' '.$subuser_insertion.' '.$subuser_lname;
$database->updateUserField($this->username, 'user_fullname', $subuser_fullname);
return 0; //New user added succesfully
}
}
}
/**
* editPass - Attempts to edit the user's password information
* which it first makes sure is correct
* if entered, if so and the new password is in the right
* format, the change is made. All other fields are changed
* automatically.
*/
function editPass($subcurpass, $subnewpass, $subconfnewpass){
global $database, $form, $control, $functions; //The database and form object
if($subnewpass){
/* Current Password error checking */
$field = "curpass"; //Use field name for current password
if(!$subcurpass){
$form->setError($field, $functions->TR_("current password not entered", 2));
}
else{
/* Check if password too short or is not alphanumeric */
$subcurpass = stripslashes($subcurpass);
if(strlen($subcurpass) < 8 ||
!preg_match("/^([0-9a-z])+$/i", ($subcurpass = trim($subcurpass)))){
$form->setError($field, $functions->TR_("current password incorrect", 2));
}
/* Password entered is incorrect */
if($database->confirmUserPass($this->username,md5($subcurpass)) != 0){
$form->setError($field, $functions->TR_("current password incorrect", 2));
}
}
/* New Password error checking */
$field = "newpass"; //Use field name for new password
/* Spruce up password and check length*/
$subpass = stripslashes($subnewpass);
if(strlen($subnewpass) < 8){
$form->setError($field, $functions->TR_("new password too short", 2));
}
/* Check if password is not alphanumeric */
else if(!preg_match("/^([0-9a-z])+$/i", ($subnewpass = trim($subnewpass)))){
$form->setError($field, $functions->TR_("new password not alphanumeric", 2));
}
$field = "confnewpass";
if($subnewpass != $subconfnewpass){
$form->setError($field, $functions->TR_("confirmation not matching", 2));
}
}
/* Change Password attempted */
else if($subcurpass){
/* New Password error reporting */
$field = "newpass"; //Use field name for new password
$form->setError($field, $functions->TR_("new password not entered", 2));
}
/* New password entered */
$field = "curpass";
if(!$subcurpass){
$form->setError($field, $functions->TR_("current password not entered", 2));
}
$field = "newpass";
if(!$subnewpass){
$form->setError($field, $functions->TR_("new password not entered", 2));
}
/* Errors exist, have user correct them */
if($form->num_errors > 0){
return false; //Errors with form
}
/* Update Password since there were no errors */
if($subcurpass && $subnewpass){
$database->updateUserField($this->username,"user_password",md5($subnewpass));
}
/* Success! */
return true;
}
/**
* isAdmin - Returns true if currently logged in user is
* an administrator, false otherwise.
*/
function isAdmin(){
return ($this->user_level == ADMIN_LEVEL ||
$this->username == ADMIN_NAME);
}
/**
* isAuthor - Returns true if currently logged in user is
* an administrator, false otherwise.
*/
function isAuthor(){
return ($this->user_level == AUTHOR_LEVEL ||
$this->username == AUTHOR_NAME);
}
/**
* generateRandID - Generates a string made up of randomized
* letters (lower and upper case) and digits and returns
* the md5 hash of it to be used as a user_id.
*/
function generateRandID(){
return md5($this->generateRandStr(16));
}
/**
* generateRandStr - Generates a string made up of randomized
* letters (lower and upper case) and digits, the length
* is a specified parameter.
*/
function generateRandStr($length){
$randstr = "";
for($i=0; $i<$length; $i++){
$randnum = mt_rand(0,61);
if($randnum < 10){
$randstr .= chr($randnum+48);
}else if($randnum < 36){
$randstr .= chr($randnum+55);
}else{
$randstr .= chr($randnum+61);
}
}
return $randstr;
}
};
/**
* Initialize session object - This must be initialized before
* the form object because the form uses session variables,
* which cannot be accessed unless the session has started.
*/
$session = new Session;
/* Initialize form object */
$form = new Form;
include_once(str_replace('//','/',dirname(__FILE__).'/') .SYSTEM_FOLDER.'/loader_basic.php');
?>