include_once("db_loader.php5");
include_once("db_connection.php5");
include_once("query_object.php5");
include_once("mysql_to_xml.php5");
/**
* Account Manager manages user accounts which are stored in the user_user table.
*
* Account manager provides functionality for new user account creation, user login verification, user account deletion
* and user account maintenance. The MySQL table is called in user_user as it is part of the project, 'user'. I store
* the name of this stable in the variable $user_table.
*
* @author Jonathan Dick
*
*/
class account_manager {
/**#@+
* @access public
* @var integer
*/
public $INVALID_PASSWORD = 0;
public $INVALID_USERNAME = 1;
public $VALID_LOGIN = 2;
public $VALID_ADMIN = 3;
public $USERNAME_TAKEN = 4;
public $CREATED_NEW_ACCOUNT = 5;
public $CREATE_ADMIN = 6;
public $INVALID_ADMIN = 7;
/**
* The name of the table in the MySQL database in which the user account information is stored.
*
*/
public $user_table = "user_user";
/**#@-*/
/**
* Verifies that a username exists in the user database and that the associated password matches that
* supplied by the webuser.
*
* This function queries the mysql table user_user for the password of the user with username 'username'.
* Note that the query uses the 'field_0' column name.
*
* @param string $username The username being verified.
* @param string $password The password associated with the supplied username.
* @return int the relevant result code.
*/
function verify_password($username, $password) {
$query = "SELECT password_0 FROM user_user WHERE username_0='$username'";
$query_result = mysql_query($query);
$num_rows = mysql_num_rows($query_result);
$result = -1;
if($num_rows == 1) {
$row = mysql_fetch_assoc($query_result);
$db_password = $row["password_0"];
if($db_password != $password) {
$result = $this->INVALID_PASSWORD;
}
else {
if($this->is_admin($username) == $this->VALID_ADMIN) {
$result = $this->VALID_ADMIN;
}
else {
$result = $this->VALID_LOGIN;
}
}
}
else {
$result = $this->INVALID_USERNAME;
}
return $result;
}
/**
* Creates a new entry in the user_user table from the variables in the array $form_vars.
*
* This function expects a set of variables most likely originating from an html form in order to
* to create a new entry in the user_user table. The expected variables are:
*
*
first name
*
last name
*
email address
*
username
*
password
*
category : this is generally a drop down menu result
*
* The username must not already exist in the user_user table. Otherwise the relevant error code is returned.
*
* @param array $form_vars The values to be input into the new user_user row.
* @param array $access_codes The access codes associated with different user levels. The array is associative
* where index = access code. For example access_codes['admin'] = "admin_password". In the current setup, there
* are two user levels, standard and admin. The access codes are stored in a file with the JLex/php directory
* entitled access_codes.txt.
* @return string An xml string containing the values to be entered into user_user.
*
*/
function create_account($form_vars,$access_codes) {
$username = $form_vars["username"];
$form_var_names = array("fname","lname","email","username","password","category");
$query = "SELECT count(*) FROM user_user WHERE username_0='$username'";
$query_result = mysql_query($query);
$row = mysql_fetch_assoc($query_result);
$num = $row["count(*)"];
$result = -1;
if($num != 0) {
$result = $this->USERNAME_TAKEN;
}
else {
$date = date("Y-m-d (g:i a)");
$xml = "\n";
$dl = new db_loader();
$dl->xml_to_db_bulk("user","../user/schema.xml",$xml,$dl->UPDATE_DATABASE);
$xml = "";
$dl = new db_loader();
$dl->xml_to_db_bulk("mydict","../mydict/schema.xml",$xml,$dl->UPDATE_DATABASE);
}
return $result;
}
/**
* list_accounts prints a list of all user account information.
*
* list_accounts queries the user_user table in the MySQL database. As you will notice below, the query is
* done via the mysql_to_xml object rather than querying the database directly. This is ideal when
* the information to be retrieved is desired in the xml form.
*
* @param string $stylesheet The location of the stylesheet to be used to transform the xml rseults.
* @return void The query result is printed to the webuser.
*/
function list_accounts($stylesheet) {
$query_object = new query_object();
$query_object->set_project("user");
$query_object->set_max_conditions("3");
$query_object->set_max_results("50");
$query_object->add_condition_set("username","field regexp '~'",".");
$query_object->set_stylesheet($stylesheet);
$query_object->set_sort_order("lname,fname");
$converter = new mysql_to_xml();
$query_object = $converter->query_database($query_object);
$query_object = $converter->convert_resultset_to_xml($query_object);
$xml = $query_object->get_xml();
//$query_object->print_values();
$xml_dom = new DOMDocument;
$xml_dom->loadXML($xml);
$xsl_dom = new DOMDocument;
$xsl_dom->load($stylesheet);
$proc = new XSLTProcessor;
$proc->importStyleSheet($xsl_dom);
echo $proc->transformToXML($xml_dom);
}
/**
* delete_accounts deletes the set of users associated with the usernames provided in the array $usernames.
*
* delete_accounts queries the MySQL database directly rather that going through the mysql_to_xml object.
* This is because no information is being returned by the query. After a user is deleted from the user_user
* table, all rows in the mydictionary tables, mydict_user_refs and mydict_refset, associated with the given
* user are also deleted. Recall that mydict_user_refs contains the user name and each row in mydict_refset
* contains a ref and id associating it with user identified in mydict_user_refs.
*
* @param array $usernames An array containing the usernames which correspond to the user accounts to be deleted.
* @todo The part of this function deleting the rows from the mydictionary tables should be moved into the
* mydictionary object which should provide a function to delete rows based for a given username.
* @return void
*
*/
function delete_accounts($usernames) {
foreach($usernames as $username) {
$query = "DELETE FROM user_user WHERE username_0='$username'";
mysql_query($query);
if(mysql_error()) {
echo "account_manager.delete_accounts() : ".mysql_error." ";
}
$query = "SELECT user_refs_id FROM mydict_user_refs WHERE username_0='$username'";
$query_result = mysql_query($query);
$num_rows = mysql_num_rows($query_result);
if($num_rows != 0) {
$row = mysql_fetch_assoc($query_result);
$user_refs_id = $row["user_refs_id"];
$query = "DELETE FROM mydict_user_refs WHERE username_0='$username'";
mysql_query($query);
$query = "DELETE FROM mydict_refset WHERE user_refs_id=$user_refs_id";
mysql_query($query);
}
}
}
/**
* is_admin determines whether a given username has admin status. The relevant result code is returned.
*
* @param string $username The username whose status is to be determined.
* @return integer The associated result code.
*/
function is_admin($username) {
$query = "SELECT admin_0 FROM user_user WHERE username_0='$username'";
$query_result = mysql_query($query);
$num_rows = mysql_num_rows($query_result);
if($num_rows == 1) {
$row = mysql_fetch_assoc($query_result);
$status = $row["admin_0"];
if($status == "true") {
$result = $this->VALID_ADMIN;
}
else {
$result = $this->INVALID_ADMIN;
}
}
else {
$result = $this->INVALID_ADMIN;
}
return $result;
}
/**
* update_login_info updates the login_count and last_login columns of the user_user table.
*
* The purpose of this function is to provide an estimate of the usage of a particular account.
* The number of times the user logged in and the last login date are the metrics used to assess usage.
*
* @param sting $username The username of the account for which usage statistics will be updated.
* @return void
*/
function update_login_info($username) {
$date = date("Y-m-d (g:i a)");
$query = "UPDATE user_user SET login_count_0=login_count_0+1,last_login_0='$date' WHERE username_0='$username'";
mysql_query($query);
echo mysql_error();
}
}
?>