Viên ngọc phương Đông

ruạṛ

<?PHP
/**
 * User object 
 * backport from WEP 3.0
 */
class user {
	/**
	 * define variables matched to to database fields
	 * may not have identical names, see $this->load_from_data for conversions
	 */
	var $user_id
		, $name
		, $email
		, $phone
		, $address
		, $shipping_location
		, $discount
		, $wholesale
		, $newsletter
		, $notes
		, $date_added
		, $date_active
		, $suspended
		, $cart //serialized object data
		, $wishlist //serialized object data
		;
	
	/**
	 * hardcoded list of interests to be associated with newsletter
	 * [form/js/php variable name] => [html string]
	 */ 
	var $interest_list = array (
		/*
		 * eg
		'Motorhomes_Caravans' =>'Motorhomes &amp; Caravans' //eg
		, 'Boating' => 'Boating'
		 */
		'Motorhomes_Caravans' =>'Motorhomes &amp; Caravans' //eg
		, 'Boating' => 'Boating'
		, 'interest3' => 'Int 3'
		, 'interest4' => 'Int &copy;'
	);
	var $interests = array();
	
	/**
	 * whitelist available carts
	 */
	protected $carts = array('cart','wishlist');
	
	/**
	 * @var bool $logged_id
	 */
	var $logged_in = false;
	
	/**
	 * collections
	 * @var array $orders
	 */
	var $orders = array();
	
	/**
	 * object construction function
	 * @param int $id unique database record id
	 * @global $db database connection
	 */
	function __construct($id=0)
	{
		/*
		 * set minimum visibility
		 */
		$this->user_id = 0;
		$this->suspended = 1;
		$this->logged_in = false;
		
		/**
		 * if no id supplied simply prepare product to be populated from dataset
		 */
		if(!$id)
		{
			return;
		}
		
		/**
		 * else get user data 
		 * assumes database connection already established at global level
		 * @var object $user mysql dataset
		 */
		//global $db;
		$query = "select * from users where user_id = '$id'";
		$user = mysql_query($query);
		
		if($user && mysql_num_rows($user)==1)
		{
			$this->load_from_data(mysql_fetch_assoc($user));
			mysql_free_result($user); // clean up
		}
		
		return;
	}
	
	/**
	 * populate object - can be done on init or manually
	 * @param array $d data;
	 */
	function load_from_data($d)
	{
		if(!empty($d))
		{
			$this->user_id = $d['user_id'];
			$this->name = $d['full_name'];
			$this->email = $d['email'];
			$this->phone = $d['phone'];
			$this->address = $d['address'];
			$this->notes = $d['notes'];
			$this->shipping_location = $d['shipping_location'];
			$this->discount = $d['personal_discount'];
			$this->wholesale = $d['wholesale'];
			$this->newsletter = $d['newsletter'];
			$this->date_added = $d['date_added'];
			$this->date_active = $d['date_active'];
			$this->suspended = $d['suspended'];
			$this->cart = $d['cart'];
			$this->wishlist = $d['wishlist'];
			$this->interests = ($d['interests']=='') ? array() : json_decode($d['interests'],true);
		}
		
		return;
	}
	
	/**
	 * validate login credentials
	 * @todo expiry
	 * @param string $email
	 * @param string $password
	 * return bool
	 */
	function log_in($email='',$password='')
	{
		if($email && $password)
		{
			/**
			 * test for email and get salt for encryption password
			 * @var string $stored 
			 */
			$stored = select_one('users','password','email',$email);
			if($stored)
			{	
				//echo $stored.' | '.$password;
				$hash = substr($stored,0,29);
				$password = crypt($password, $hash);
				$query = "select * from users where email = '$email' and password = '".$password."' and suspended='0'";
				$result = mysql_query($query);
				if($result && mysql_num_rows($result) > 0)
				{
					$this->load_from_data(mysql_fetch_assoc($result));
					$this->logged_in = true;
					$this->update_activity();
					mysql_free_result($result);
				}
				else
				{
					//die(" | $email | $password | $hash");
				}
				
			}
			else
			{
				//die("$email | $password");
			}
		}
		else
		{
			//die("$email | $password");
		}
		return $this->logged_in;
	}
	
	/**
	 * add user record to the database
	 * @param string $password (not stored in object so must be passed by process script)
	 * @return bool
	 */
	function create($password='')
	{
		//global $db;
		
		/**
		 * validate required fields
		 * @var string $email
		 * @var string $password
		 */
		$email = $this->email;
		(string) $password = $password; //force legal format

if(!is_email($email) || !$password)
		{
			//set_message('Invalid user data');
			//die('Invalid user data');
			return false;
		}
		elseif(select_one('users','user_id','email',$email))
		{
			//set_message('User already exists');
			//die('User already exists');
			return false;
		}
		
		//echo $password;
		/*
		 * encrypt password
		 */
		$password = $this->salt_password($password);
		
		//echo " | $password";
		
		/**
		 * @var int $date_added timestamp
		 * @var string $interests json_encoded data
		 * @var string $query insert query
		 */
		$date_added = time();
		$interests = json_encode($this->interests);
		$query = "insert into users (
						full_name
						, email
						, password
						, phone
						, address
						, notes
						, shipping_location
						, personal_discount
						, wholesale
						, newsletter
						, interests
						, wishlist
						, date_added
						, date_active
					) values (
						'".$this->name ."'
						, '$email'
						, '$password'
						, '".$this->phone ."'
						, '".$this->address ."'
						, '".$this->notes ."'
						, '".$this->shipping_location ."'
						, '".$this->discount ."'
						, '".$this->wholesale ."'
						, '".$this->newsletter ."'
						, '$interests'
						, '".$this->wishlist ."'
						, '$date_added'
						, '$date_added'
					)";
		if(!mysql_query($query))
		{
			//set_message(mysql_error());
			die(mysql_error());
			return false;
		}
		
		$this->user_id = mysql_insert_id();
		//set_message('User added successfully');
		return true;
	}
	
	/**
	 * update user record in the database
	 * @param string $password (not stored in object so must be passed by process script)
	 * @global $db database connection
	 * return bool 
	 */
	function update($password='')
	{
		//global $db;
		
		/**
		 * validate required fields
		 * @var int $id
		 * @var string $email
		 * @var string $password
		 */
		$id = $this->user_id;
		$email = $this->email;
		(string) $password = $password; //force legal format

if(!$id || !$email)
		{
			//set_message('Invalid user details');
			return false;
		}
		
		if($password === '')
		{
			/*
			 * get password 
			 */
			$password = select_one('users','password','user_id',$id);
			if(!$password)
			{
				//set_message('Invalid user');
				return false;
			}
		}
		else
		{
			/*
			 * encrypt password
			 */
			$password = $this->salt_password($password);
		}
		
		$interests = json_encode($this->interests);
		/**
		 * @var string $query update query
		 */
		$query = "update users set
					full_name = '".$this->name ."'
					, email = '$email'
					, password = '$password'
					, phone = '".$this->phone ."'
					, address = '".$this->address ."'
					, shipping_location = '".$this->shipping_location ."'
					, personal_discount = '".$this->discount ."'
					, wholesale = '".$this->wholesale ."'
					, newsletter = '".$this->newsletter ."'
					, interests = '$interests'
					, suspended = '".$this->suspended ."'
					, notes = '".$this->notes ."'
					where user_id = '$id'
					";
		$update = mysql_query($query);			
		if(!$update)
		{
			//set_message(mysql_error());
			return false;
		}
		
		//set_message('Record successfully updated');
		return true;			
	}
	
	/**
	 * load cart
	 * @param string $cart
	 * @return object
	 */
	function load_cart($target='cart')
	{
		if(!in_array($target, $this->carts))
		{
			return false;
		}
		//else
		if(!$this->$target)
		{
			return new cart;
		}
		else
		{
			//var_dump($this->$target); //debugging
			return unserialize($this->$target);
		}
	}
	/**
	 * update cart
	 * @param object $cart cart object
	 */
	 function update_cart($cart, $target='cart')
	 {
		if(!in_array($target, $this->carts))
		{
			return false;
		}
		//else
		$this->$target = ($cart->num_products) ? serialize($cart) : '';
		mysql_query("update users set $target = '".$this->$target ."' where user_id = '".$this->user_id ."'");
		return;
	 }
	 	 
	 /**
	 * update activity (to now)
	 */
	 function update_activity()
	 {
		mysql_query("update users set date_active = '".time()."' where user_id = '".$this->user_id ."'");
		return;
	 }
	
	/**
	 * remove user record from the database
	 * return bool
	 */
	function delete()
	{
		//global $db;
		
		if(!$this->user_id)
		{
			//set_message('Invalid user details');
			return false;
		}
		
		/**
		 * @var string $query delete query
		 */
		$query = "delete from users where user_id = '".$this->user_id ."'";
		$result = mysql_query($query);
		if(!$result || mysql_affected_rows() != 1)
		{
			//set_message('There was an error '.mysql_error().'<br />Affected rows: '.mysql_affected_rows());
			return false;
		}
		//set_message('User successfully deleted');
		return true;
	}
	
	/**
	 * get order_ids
	 */
	function load_orders()
	{
		$this->orders = array(); // empty list
		$orders = mysql_query("select order_id from orders where customer_id = '".$this->user_id ."'");
		while($o = mysql_fetch_row($orders))
		{
			$this->orders[] = $o[0];
		}
		return;
	}
	
	/**
	 * salt and encrypt password
	 * @param string $password 
	 */
	function salt_password($password)
	{
		/*
		 * @var string $salt
		 *	- 2a => tells crypt() to use blowfish encryption
		 *  - 07 => use 2^7 iterations
		 */
		$salt = '$2a$07$'.mmm_salt().'$';
		
		$password = crypt($password,$salt);
		//die("$salt $password");
		return $password;
	}
	
	/**
	 * name concatenation 
	 * @param bool $reverse
	 */
	function split_name($reverse=true)
	{
		if(strpos($this->full_name,' ')===false)
		{
			return $this->full_name;
		}
		//else
		/**
		 * @var string $first_name
		 * @var string $last_name
		 */
		list($first_name,$last_name) = explode(' ',$this->full_name,2);
		
		if($reverse)
		{
			return "$last_name, $first_name";
		}
		//else
		
		return "$first_name $last_name";
	}
}
?>