INVALID_PASSWORD; } else { if($this->is_admin($username) == $this->VALID_ADMIN) { $result = $this->VALID_ADMIN; } else { $result = $this->VALID_LOGIN; } } } else { $result = $this->INVALID_USERNAME; } return $result; } /** * Creates a new entry in the user_user table from the variables in the array $form_vars. * * This function expects a set of variables most likely originating from an html form in order to * to create a new entry in the user_user table. The expected variables are: * * The username must not already exist in the user_user table. Otherwise the relevant error code is returned. * * @param array $form_vars The values to be input into the new user_user row. * @param array $access_codes The access codes associated with different user levels. The array is associative * where index = access code. For example access_codes['admin'] = "admin_password". In the current setup, there * are two user levels, standard and admin. The access codes are stored in a file with the JLex/php directory * entitled access_codes.txt. * @return string An xml string containing the values to be entered into user_user. * */ function create_account($form_vars,$access_codes) { $username = $form_vars["username"]; $form_var_names = array("fname","lname","email","username","password","category"); $query = "SELECT count(*) FROM user_user WHERE username_0='$username'"; $query_result = mysql_query($query); $row = mysql_fetch_assoc($query_result); $num = $row["count(*)"]; $result = -1; if($num != 0) { $result = $this->USERNAME_TAKEN; } else { $date = date("Y-m-d (g:i a)"); $xml = "\n"; $xml .= "$date\n"; foreach($form_var_names as $var_name) { $xml .= "<$var_name>".$form_vars[$var_name]."\n"; } $access_code = $form_vars["access_code"]; if(array_search($access_code,$access_codes) == "admin") { $xml .= "true\n"; $result = $this->CREATED_ADMIN; } else { $result = $this->CREATED_NEW_ACCOUNT; } $xml .= "1\n"; $xml .= "$date\n"; $xml .= "\n"; $xml .= "\n"; $dl = new db_loader(); $dl->xml_to_db_bulk("user","../user/schema.xml",$xml,$dl->UPDATE_DATABASE); $xml = "$username"; $dl = new db_loader(); $dl->xml_to_db_bulk("mydict","../mydict/schema.xml",$xml,$dl->UPDATE_DATABASE); } return $result; } /** * list_accounts prints a list of all user account information. * * list_accounts queries the user_user table in the MySQL database. As you will notice below, the query is * done via the mysql_to_xml object rather than querying the database directly. This is ideal when * the information to be retrieved is desired in the xml form. * * @param string $stylesheet The location of the stylesheet to be used to transform the xml rseults. * @return void The query result is printed to the webuser. */ function list_accounts($stylesheet) { $query_object = new query_object(); $query_object->set_project("user"); $query_object->set_max_conditions("3"); $query_object->set_max_results("50"); $query_object->add_condition_set("username","field regexp '~'","."); $query_object->set_stylesheet($stylesheet); $query_object->set_sort_order("lname,fname"); $converter = new mysql_to_xml(); $query_object = $converter->query_database($query_object); $query_object = $converter->convert_resultset_to_xml($query_object); $xml = $query_object->get_xml(); //$query_object->print_values(); $xml_dom = new DOMDocument; $xml_dom->loadXML($xml); $xsl_dom = new DOMDocument; $xsl_dom->load($stylesheet); $proc = new XSLTProcessor; $proc->importStyleSheet($xsl_dom); echo $proc->transformToXML($xml_dom); } /** * delete_accounts deletes the set of users associated with the usernames provided in the array $usernames. * * delete_accounts queries the MySQL database directly rather that going through the mysql_to_xml object. * This is because no information is being returned by the query. After a user is deleted from the user_user * table, all rows in the mydictionary tables, mydict_user_refs and mydict_refset, associated with the given * user are also deleted. Recall that mydict_user_refs contains the user name and each row in mydict_refset * contains a ref and id associating it with user identified in mydict_user_refs. * * @param array $usernames An array containing the usernames which correspond to the user accounts to be deleted. * @todo The part of this function deleting the rows from the mydictionary tables should be moved into the * mydictionary object which should provide a function to delete rows based for a given username. * @return void * */ function delete_accounts($usernames) { foreach($usernames as $username) { $query = "DELETE FROM user_user WHERE username_0='$username'"; mysql_query($query); if(mysql_error()) { echo "account_manager.delete_accounts() : ".mysql_error."
"; } $query = "SELECT user_refs_id FROM mydict_user_refs WHERE username_0='$username'"; $query_result = mysql_query($query); $num_rows = mysql_num_rows($query_result); if($num_rows != 0) { $row = mysql_fetch_assoc($query_result); $user_refs_id = $row["user_refs_id"]; $query = "DELETE FROM mydict_user_refs WHERE username_0='$username'"; mysql_query($query); $query = "DELETE FROM mydict_refset WHERE user_refs_id=$user_refs_id"; mysql_query($query); } } } /** * is_admin determines whether a given username has admin status. The relevant result code is returned. * * @param string $username The username whose status is to be determined. * @return integer The associated result code. */ function is_admin($username) { $query = "SELECT admin_0 FROM user_user WHERE username_0='$username'"; $query_result = mysql_query($query); $num_rows = mysql_num_rows($query_result); if($num_rows == 1) { $row = mysql_fetch_assoc($query_result); $status = $row["admin_0"]; if($status == "true") { $result = $this->VALID_ADMIN; } else { $result = $this->INVALID_ADMIN; } } else { $result = $this->INVALID_ADMIN; } return $result; } /** * update_login_info updates the login_count and last_login columns of the user_user table. * * The purpose of this function is to provide an estimate of the usage of a particular account. * The number of times the user logged in and the last login date are the metrics used to assess usage. * * @param sting $username The username of the account for which usage statistics will be updated. * @return void */ function update_login_info($username) { $date = date("Y-m-d (g:i a)"); $query = "UPDATE user_user SET login_count_0=login_count_0+1,last_login_0='$date' WHERE username_0='$username'"; mysql_query($query); echo mysql_error(); } } ?>