include_once("db_loader.php5");
include_once("db_connection.php5");
include_once("query_object.php5");
include_once("mysql_to_xml.php5");
class account_manager {
public $INVALID_PASSWORD = 0;
public $INVALID_USERNAME = 1;
public $VALID_LOGIN = 2;
public $VALID_ADMIN = 3;
public $USERNAME_TAKEN = 4;
public $CREATED_NEW_ACCOUNT = 5;
public $CREATE_ADMIN = 6;
public $INVALID_ADMIN = 7;
function verify_password($username, $password) {
$query = "SELECT password_0 FROM user_user WHERE username_0='$username'";
$query_result = mysql_query($query);
$num_rows = mysql_num_rows($query_result);
$result = -1;
if($num_rows == 1) {
$row = mysql_fetch_assoc($query_result);
$db_password = $row["password_0"];
if($db_password != $password) {
$result = $this->INVALID_PASSWORD;
}
else {
if($this->is_admin($username) == $this->VALID_ADMIN) {
$result = $this->VALID_ADMIN;
}
else {
$result = $this->VALID_LOGIN;
}
}
}
else {
$result = $this->INVALID_USERNAME;
}
return $result;
}
function create_account($form_vars,$access_codes) {
$username = $form_vars["username"];
$form_var_names = array("fname","lname","email","username","password");
$query = "SELECT count(*) FROM user_user WHERE username_0='$username'";
$query_result = mysql_query($query);
$row = mysql_fetch_assoc($query_result);
$num = $row["count(*)"];
$result = -1;
if($num != 0) {
$result = $this->USERNAME_TAKEN;
}
else {
$date = date("Y-m-d (g:i a)");
$xml = "\n";
$dl = new db_loader();
$dl->xml_to_db_bulk("user","../user/schema.xml",$xml,$dl->UPDATE_DATABASE);
$xml = "";
$dl = new db_loader();
$dl->xml_to_db_bulk("mydict","../mydict/schema.xml",$xml,$dl->UPDATE_DATABASE);
}
return $result;
}
function list_accounts($stylesheet) {
$query_object = new query_object();
$query_object->set_project("user");
$query_object->set_max_conditions("3");
$query_object->set_max_results("50");
$query_object->add_condition_set("username","field regexp '~'",".");
$query_object->set_stylesheet($stylesheet);
$query_object->set_sort_order("lname,fname");
$converter = new mysql_to_xml();
$query_object = $converter->query_database($query_object);
$query_object = $converter->convert_resultset_to_xml($query_object);
$xml = $query_object->get_xml();
//$query_object->print_values();
header("Content-Type: application/xml");
echo $xml;
}
function delete_accounts($usernames) {
foreach($usernames as $username) {
$query = "DELETE FROM user_user WHERE username_0='$username'";
mysql_query($query);
if(mysql_error()) {
echo "account_manager.delete_accounts() : ".mysql_error."
";
}
$query = "SELECT user_refs_id FROM mydict_user_refs WHERE username_0='$username'";
$query_result = mysql_query($query);
$num_rows = mysql_num_rows($query_result);
if($num_rows != 0) {
$row = mysql_fetch_assoc($query_result);
$user_refs_id = $row["user_refs_id"];
$query = "DELETE FROM mydict_user_refs WHERE username_0='$username'";
mysql_query($query);
$query = "DELETE FROM mydict_refset WHERE user_refs_id=$user_refs_id";
mysql_query($query);
}
}
}
function is_admin($username) {
$query = "SELECT admin_0 FROM user_user WHERE username_0='$username'";
$query_result = mysql_query($query);
$num_rows = mysql_num_rows($query_result);
if($num_rows == 1) {
$row = mysql_fetch_assoc($query_result);
$status = $row["admin_0"];
if($status == "true") {
$result = $this->VALID_ADMIN;
}
else {
$result = $this->INVALID_ADMIN;
}
}
else {
$result = $this->INVALID_ADMIN;
}
return $result;
}
function update_login_info($username) {
$date = date("Y-m-d (g:i a)");
$query = "UPDATE user_user SET login_count_0=login_count_0+1,last_login_0='$date' WHERE username_0='$username'";
mysql_query($query);
echo mysql_error();
}
}
?>