Tryag File Manager
Home
-
Turbo Force
Current Path :
/
home
/
cluster1
/
data
/
bu01
/
1121861
/
html
/
jlex
/
php4
/
Upload File :
New :
File
Dir
/home/cluster1/data/bu01/1121861/html/jlex/php4/account_manager.php4
<? include_once("db_loader.php4"); include_once("db_connection.php4"); include_once("query_object.php4"); include_once("mysql_to_xml.php4"); /** * Account Manager manages user accounts which are stored in the user_user table. * * Account manager provides functionality for new user account creation, user login verification, user account deletion * and user account maintenance. The MySQL table is called in user_user as it is part of the project, 'user'. I store * the name of this stable in the variable $user_table. * * @author Jonathan Dick * */ class account_manager { /**#@+ * @access public * @var integer */ var $INVALID_PASSWORD = 0; var $INVALID_USERNAME = 1; var $VALID_LOGIN = 2; var $VALID_ADMIN = 3; var $USERNAME_TAKEN = 4; var $CREATED_NEW_ACCOUNT = 5; var $CREATE_ADMIN = 6; var $INVALID_ADMIN = 7; /** * The name of the table in the MySQL database in which the user account information is stored. * */ var $user_table = "user_user"; /**#@-*/ /** * Verifies that a username exists in the user database and that the associated password matches that * supplied by the webuser. * * This function queries the mysql table user_user for the password of the user with username 'username'. * Note that the query uses the 'field_0' column name. * * @param string $username The username being verified. * @param string $password The password associated with the supplied username. * @return int the relevant result code. */ function verify_password($username, $password) { $query = "SELECT password_0 FROM $this->user_table WHERE username_0='$username'"; $query_result = mysql_query($query); $num_rows = mysql_num_rows($query_result); $result = -1; if($num_rows == 1) { $row = mysql_fetch_assoc($query_result); $db_password = $row["password_0"]; if($db_password != $password) { $result = $this->INVALID_PASSWORD; } else { if($this->is_admin($username) == $this->VALID_ADMIN) { $result = $this->VALID_ADMIN; } else { $result = $this->VALID_LOGIN; } } } else { $result = $this->INVALID_USERNAME; } return $result; } /** * Creates a new entry in the user_user table from the variables in the array $form_vars. * * This function expects a set of variables most likely originating from an html form in order to * to create a new entry in the user_user table. The expected variables are: * <ul> * <li>first name</li> * <li>last name</li> * <li>email address</li> * <li>username</li> * <li>password</li> * <li>category : this is generally a drop down menu result</li> * </ul> * The username must not already exist in the user_user table. Otherwise the relevant error code is returned. * * @param array $form_vars The values to be input into the new user_user row. * @param array $access_codes The access codes associated with different user levels. The array is associative * where index = access code. For example access_codes['admin'] = "admin_password". In the current setup, there * are two user levels, standard and admin. The access codes are stored in a file with the JLex/php directory * entitled access_codes.txt. * @return string An xml string containing the values to be entered into user_user. * */ function create_account($form_vars, $access_codes) { $username = $form_vars["username"]; $form_var_names = array("fname","lname","email","username","password","category"); $query = "SELECT count(*) FROM $this->user_table WHERE username_0='$username'"; $query_result = mysql_query($query); $row = mysql_fetch_assoc($query_result); $num = $row["count(*)"]; $result = -1; if($num != 0) { $result = $this->USERNAME_TAKEN; } else { $date = date("Y-m-d (g:i a)"); $xml = "<object><user>\n"; $xml .= "<date>$date</date>\n"; foreach($form_var_names as $var_name) { $xml .= "<$var_name>".$form_vars[$var_name]."</$var_name>\n"; } $access_code = $form_vars["access_code"]; if(array_search($access_code, $access_codes) == "admin") { $xml .= "<admin>true</admin>\n"; $result = $this->CREATED_ADMIN; } else { $result = $this->CREATED_NEW_ACCOUNT; } $xml .= "<login_count>1</login_count>\n"; $xml .= "<last_login>$date</last_login>\n"; $xml .= "</user>\n"; $xml .= "</object>\n"; $dl = new db_loader(); $dl->xml_to_db_bulk("user","../user/schema.xml",$xml,$dl->UPDATE_DATABASE); $xml = "<object><user_refs><username>$username</username></user_refs></object>"; $dl = new db_loader(); $dl->xml_to_db_bulk("mydict","../mydict/schema.xml",$xml,$dl->UPDATE_DATABASE); } return $result; } /** * list_accounts prints a list of all user account information. * * list_accounts queries the user_user table in the MySQL database. As you will notice below, the query is * done via the mysql_to_xml object rather than querying the database directly. This is ideal when * the information to be retrieved is desired in the xml form. * * @param string $stylesheet The location of the stylesheet to be used to transform the xml rseults. * @return void The query result is printed to the webuser. */ function list_accounts($stylesheet) { $query_object = new query_object(); $query_object->set_project("user"); $query_object->set_max_conditions("3"); $query_object->set_max_results("50"); $query_object->add_condition_set("username","field regexp '~'","."); $query_object->set_stylesheet($stylesheet); $query_object->set_sort_order("lname,fname"); $converter = new mysql_to_xml(); $query_object = $converter->query_database($query_object); $query_object = $converter->convert_resultset_to_xml($query_object); $xml = $query_object->get_xml(); //$query_object->print_values(); header("Content-Type: application/xml"); echo $xml; } /** * delete_accounts deletes the set of users associated with the usernames provided in the array $usernames. * * delete_accounts queries the MySQL database directly rather that going through the mysql_to_xml object. * This is because no information is being returned by the query. After a user is deleted from the user_user * table, all rows in the mydictionary tables, mydict_user_refs and mydict_refset, associated with the given * user are also deleted. Recall that mydict_user_refs contains the user name and each row in mydict_refset * contains a ref and id associating it with user identified in mydict_user_refs. * * @param array $usernames An array containing the usernames which correspond to the user accounts to be deleted. * @todo The part of this function deleting the rows from the mydictionary tables should be moved into the * mydictionary object which should provide a function to delete rows based for a given username. * @return void * */ function delete_accounts($usernames) { foreach($usernames as $username) { $query = "DELETE FROM $this->user_table WHERE username_0='$username'"; mysql_query($query); if(mysql_error()) { echo "account_manager.delete_accounts() : ".mysql_error."<BR>"; } $query = "SELECT user_refs_id FROM mydict_user_refs WHERE username_0='$username'"; $query_result = mysql_query($query); $num_rows = mysql_num_rows($query_result); if($num_rows != 0) { $row = mysql_fetch_assoc($query_result); $user_refs_id = $row["user_refs_id"]; $query = "DELETE FROM mydict_user_refs WHERE username_0='$username'"; mysql_query($query); $query = "DELETE FROM mydict_refset WHERE user_refs_id=$user_refs_id"; mysql_query($query); } } } /** * is_admin determines whether a given username has admin status. The relevant result code is returned. * * @param string $username The username whose status is to be determined. * @return integer The associated result code. */ function is_admin($username) { $query = "SELECT admin_0 FROM $this->user_table WHERE username_0='$username'"; $query_result = mysql_query($query); $num_rows = mysql_num_rows($query_result); if($num_rows == 1) { $row = mysql_fetch_assoc($query_result); $status = $row["admin_0"]; if($status == "true") { $result = $this->VALID_ADMIN; } else { $result = $this->INVALID_ADMIN; } } else { $result = $this->INVALID_ADMIN; } return $result; } /** * update_login_info updates the login_count and last_login columns of the user_user table. * * The purpose of this function is to provide an estimate of the usage of a particular account. * The number of times the user logged in and the last login date are the metrics used to assess usage. * * @param sting $username The username of the account for which usage statistics will be updated. * @return void */ function update_login_info($username) { $date = date("Y-m-d (g:i a)"); $query = "UPDATE $this->user_table SET login_count_0=login_count_0+1,last_login_0='$date' WHERE username_0='$username'"; mysql_query($query); echo mysql_error(); } } ?>