. * */ /** * Class for usermanagement * */ class OC_USER { /** * check if the login button is pressed and logg the user in * */ public static function loginlisener(){ if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){ if(OC_USER::login($_POST['login'],$_POST['password'])){ OC_LOG::event($_SESSION['username'],1,''); return(''); }else{ return('error'); } } return(''); } /** * try to create a new user * */ public static function createuser($username,$password){ if(OC_USER::getuserid($username)!=0){ return false; }else{ $password=sha1($password); $usernameclean=strtolower($username); $username=mysql_escape_string($username); $usernameclean=mysql_escape_string($usernameclean); $query="INSERT INTO `users` (`user_id` ,`user_name` ,`user_name_clean` ,`user_password`)VALUES (NULL , '$username', '$usernameclean', '$password')"; $result=OC_DB::query($query); return ($result)?true:false; } } /** * try to login a user * */ public static function login($username,$password){ $password=sha1($password); $usernameclean=strtolower($username); $username=mysql_escape_string($username); $usernameclean=mysql_escape_string($usernameclean); $query="SELECT user_id FROM `users` WHERE `user_name_clean` = '$usernameclean' AND `user_password` = '$password' LIMIT 1"; $result=OC_DB::select($query); if(isset($result[0]) && isset($result[0]['user_id'])){ $_SESSION['user_id']=$result[0]['user_id']; $_SESSION['username']=$username; $_SESSION['username_clean']=$usernameclean; return true; }else{ return false; } } /** * check if the logout button is pressed and logout the user * */ public static function logoutlisener(){ if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){ OC_LOG::event($_SESSION['username'],2,''); $_SESSION['user_id']=false; $_SESSION['username']=''; $_SESSION['username_clean']=''; } } /** * check if a user is logged in * */ public static function isLoggedIn(){ return (isset($_SESSION['user_id']) && $_SESSION['user_id'])?true:false; } /** * try to create a new group * */ public static function creategroup($groupname){ if(OC_USER::getgroupid($groupname)==0){ $groupname=mysql_escape_string($groupname); $query="INSERT INTO `groups` (`group_id` ,`group_name`) VALUES (NULL , '$groupname');"; $result=OC_DB::query($query); return ($result)?true:false; }else{ return false; } } /** * get the id of a user * */ public static function getuserid($username){ $usernameclean=strtolower($username); $username=mysql_escape_string($username); $usernameclean=mysql_escape_string($usernameclean); $query="SELECT user_id FROM `users` WHERE `user_name_clean` = '$usernameclean' LIMIT 1"; $result=OC_DB::select($query); if(isset($result[0]) && isset($result[0]['user_id'])){ return $result[0]['user_id']; }else{ return 0; } } /** * get the id of a group * */ public static function getgroupid($groupname){ $groupname=mysql_escape_string($groupname); $query="SELECT group_id FROM `groups` WHERE `group_name` = '$groupname' LIMIT 1"; $result=OC_DB::select($query); if(isset($result[0]) && isset($result[0]['group_id'])){ return $result[0]['group_id']; }else{ return 0; } } /** * check if a user belongs to a group * */ public static function ingroup($username,$groupname){ $userid=OC_USER::getuserid($username); $groupid=OC_USER::getgroupid($groupname); $query="SELECT user_group_id FROM `user_group` WHERE `group_id` = '$groupid ' AND `user_id` = '$userid 'LIMIT 1"; $result=OC_DB::select($query); if(isset($result[0]) && isset($result[0]['user_group_id'])){ return true; }else{ return false; } } /** * add a user to a group * */ public static function addtogroup($username,$groupname){ if(!OC_USER::ingroup($username,$groupname)){ $userid=OC_USER::getuserid($username); $groupid=OC_USER::getgroupid($groupname); if($groupid!=0 and $userid!=0){ $query="INSERT INTO `user_group` (`user_group_id` ,`user_id` ,`group_id`) VALUES (NULL , '$userid', '$groupid');"; $result=OC_DB::query($query); if($result){ return true; }else{ return false; } }else{ return false; } }else{ return true; } } public static function generatepassword(){ return uniqid(); } } ?>