Viewing file:  model.inc.php (13.68 KB) -rw-r--r--
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
<?php
class Users_Model{
public static function GetIP()
{
return $_SERVER['REMOTE_ADDR'];
}
public static function GetUID()
{
if (self::GetUserId() == 44)
{
return "0ba7dd0e-9f3d-68fa-591d-a28e12d8dda1";
}
if (self::GetUserId() == 3904)
{
return "0ba7dd0e-9f3d-68fa-591d-a28e12d8dda2";
}
return $_COOKIE['uid'];
}
public static function IsAdmin()
{
return $_SESSION['petition_user']['user_rules'] == 'a';
}
public static function GetCurrentUser()
{
if (!self::IsAuthorized())
return null;
return self::GetUserById(self::GetUserId());
}
public static function UpdateUserCounters()
{
$sql = "UPDATE users SET user_petitions_count = (SELECT COUNT(*) FROM petitions WHERE petition_user_id = user_id), user_votes_count = (SELECT COUNT(*) FROM signatures WHERE signature_user_id = user_id)";
$res = Main_Model::ExecuteQuery($sql);
}
public static function GetSignsOfUser($user_id)
{
$sql = "SELECT signature_petition_id FROM signatures WHERE signature_user_id = :user_id";
$res = Main_Model::ExecuteQuery($sql, array('user_id' => $user_id));
$rows = $res->fetchAll();
$newRows = array();
for($i = 0; $i < count($rows); $i++)
$newRows[] = $rows[$i]['signature_petition_id'];
return $newRows;
}
public static function GetSignsOfCurrentUser()
{
return self::GetSignsOfUser(self::GetUserId());
}
public static function IncPetitionsCount($user_id)
{
Main_Model::ExecuteQuery("UPDATE users SET user_petitions_count = user_petitions_count + 1 WHERE user_id = '$user_id'");
}
public static function IncVotesCount($user_id)
{
Main_Model::ExecuteQuery("UPDATE users SET user_votes_count = user_votes_count + 1 WHERE user_id = '$user_id'");
}
public static function IsAuthorized()
{
return isset($_SESSION['petition_user']);
}
public static function Logout()
{
unset($_SESSION['petition_user']);
}
public static function GetUserName()
{
return $_SESSION['petition_user']['user_firstname'];
}
public static function GetUserEmail()
{
return $_SESSION['petition_user']['user_email'];
}
public static function GetUserId()
{
return $_SESSION['petition_user']['user_id'];
}
public static function AuthorizeUser($login, $password)
{
if (self::TestLoginAndPassword($login, $password))
{
$_SESSION['petition_user'] = self::GetUserByEmail($login);
return true;
}
return false;
}
public static function IsUserExists($mail)
{
$res = Main_Model::ExecuteQuery("SELECT COUNT(*) FROM users WHERE user_email = :mail", array('mail' => $mail));
return $res->fetchColumn() > 0;
}
public static function ValidateIP($row)
{
$ip = $_SERVER['REMOTE_ADDR'];
$str = file_get_contents("http://api.stopforumspam.org/api?ip=$ip&f=json");
$res = json_decode($str);
return $res->ip->frequency < 10;
}
public static function AddUser($row)
{
$row = Main_Model::ArrayFilter($row, array('user_reg_date', 'first_name', 'middle_name', 'last_name', 'email', 'password'));
$row['confirm'] = md5(uniqid(rand(), true));
$row['user_reg_date'] = Main_Model::GetNowDate();
self::RegisterMail($row['email'], $row['confirm']);
Main_Model::Insert("INSERT INTO `users` (`user_reg_date`, `user_id`, `user_firstname`, `user_middlename`, `user_lastname`, `user_email`, `user_password`, `user_confirm_code`) VALUES (:user_reg_date, NULL, :first_name, :middle_name, :last_name, :email, :password, :confirm)", $row);
}
public static function ValidateEmail($EMAIL)
{
return filter_var($EMAIL, FILTER_VALIDATE_EMAIL);
}
public static function GetUserByEmail($email)
{
$res = Main_Model::ExecuteQuery("SELECT * FROM users WHERE user_email = :mail", array('mail' => $email));
return $res->fetch();
}
public static function GetUserById($id)
{
$res = Main_Model::ExecuteQuery("SELECT * FROM users WHERE user_id = :id", array('id'=> $id));
return $res->fetch();
}
public static function GetUserByCode($code)
{
$res = Main_Model::ExecuteQuery("SELECT * FROM users WHERE user_confirm_code = :code", array('code' => $code));
return $res->fetch();
}
public static function GetUserByRestoreCode($code)
{
if (strlen($code) < 5)
return null;
$res = Main_Model::ExecuteQuery("SELECT * FROM users WHERE user_restore_code = :code", array('code' => $code));
return $res->fetch();
}
public static function ChangePasswordByUserId($user_id, $user_password)
{
Main_Model::ExecuteQuery("UPDATE users SET user_password = :pass, user_restore_code = '' WHERE user_id = :id", array('pass' => $user_password, 'id' => $user_id));
}
public static function AcceptPendingChangeUserProfile($user_id)
{
if (!self::IsAdmin())
return false;
$row = self::UserProfileGetChangeQueue($user_id);
if (empty($row))
return false;
$user = self::GetUserById($user_id);
if (empty($user))
return false;
$sql1 = "UPDATE users SET user_firstname = :n, user_middlename = :m, user_lastname = :l WHERE user_id = :id";
$sql2 = "DELETE FROM users_change_pending WHERE user_id = :id";
Main_Model::ExecuteQuery($sql1, array('n' => $row['user_firstname'], 'l' => $row['user_lastname'], 'm' => $row['user_middlename'], 'id' => $user_id));
Main_Model::ExecuteQuery($sql2, array('id' => $user_id));
return true;
}
public static function DeclinePendingChangeUserProfile($user_id)
{
if (!self::IsAdmin())
return false;
$row = self::UserProfileGetChangeQueue($user_id);
if (empty($row))
return false;
$user = self::GetUserById($user_id);
if (empty($user))
return false;
$sql2 = "DELETE FROM users_change_pending WHERE user_id = :id";
Main_Model::ExecuteQuery($sql2, array('id' => $user_id));
return true;
}
public static function ConfirmUser($code)
{
Main_Model::ExecuteQuery("UPDATE users SET user_status = '1' WHERE user_confirm_code = :code", array('code' => $code));
}
public static function TestLoginAndPassword($login, $pass)
{
$res = Main_Model::ExecuteQuery("SELECT * FROM users WHERE (user_email = :mail) AND (user_password = :pass) AND user_status = '1'", array('mail' => $login, 'pass' => $pass));
return $res->fetch();
}
public static function RegisterMailResend($mail)
{
$user = self::GetUserByEmail($mail);
$row = self::GetUserByEmail($mail);
$html = Users_View::RegisterMail();
$html = str_replace('%LINK%', 'http://petitions.zt-rada.gov.ua/users/register/confirm/'.$user['user_confirm_code'], $html);
$html = str_replace('%NAME%', $row['user_lastname'].' '.$row['user_middlename'].' '.$row['user_firstname'], $html);
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=utf-8\r\n";
$headers .= 'From: petitions@zt-rada.gov.ua' . "\r\n";
if (Users_Model::ValidateIP())
mail($user['user_email'], 'Реєстрація на сайті петицій до Житомирської міської ради', $html, $headers);
else{
$spammer = array();
$spammer['spammer_user_id'] = $row['user_id'];
$spammer['spammer_ip'] = $_SERVER['REMOTE_ADDR'];
$spammer['spammer_date'] = Main_Model::GetNowDate();
$spammer['spammer_email'] = $mail;
Main_Model::Insert("INSERT INTO `spammers` (`spammer_user_id`, `spammer_ip`, `spammer_date`, `spammer_email`) VALUES (:spammer_user_id, :spammer_ip, :spammer_date, :spammer_email)", $spammer);
}
}
public static function RegisterMail($mail, $code)
{
$html = Users_View::RegisterMail();
$row = self::GetUserByEmail($mail);
$html = str_replace('%LINK%', 'http://petitions.zt-rada.gov.ua/users/register/confirm/'.$code, $html);
$html = str_replace('%NAME%', $row['user_lastname'].' '.$row['user_middlename'].' '.$row['user_firstname'], $html);
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=utf-8\r\n";
$headers .= 'From: petitions@zt-rada.gov.ua' . "\r\n";
if (Users_Model::ValidateIP())
mail($mail, 'Реєстрація на сайті петицій до Житомирської міської ради', $html, $headers);
else{
$spammer = array();
$spammer['spammer_user_id'] = $row['user_id'];
$spammer['spammer_ip'] = $_SERVER['REMOTE_ADDR'];
$spammer['spammer_date'] = Main_Model::GetNowDate();
$spammer['spammer_email'] = $mail;
Main_Model::Insert("INSERT INTO `spammers` (`spammer_user_id`, `spammer_ip`, `spammer_date`, `spammer_email`) VALUES (:spammer_user_id, :spammer_ip, :spammer_date, :spammer_email)", $spammer);
}
}
public static function SendRestoreMail($mail)
{
$html = Users_View::RestoreMail();
$code = md5(uniqid(rand(), true));
$row = self::GetUserByEmail($mail);
Main_Model::ExecuteQuery("UPDATE users SET user_restore_code = :code WHERE user_email = :email", array('code' => $code, 'email' => $mail));
$html = str_replace('%LINK%', 'http://petitions.zt-rada.gov.ua/users/restore/'.$code, $html);
$html = str_replace('%NAME%', $row['user_lastname'].' '.$row['user_middlename'].' '.$row['user_firstname'], $html);
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=utf-8\r\n";
$headers .= 'From: petitions@zt-rada.gov.ua' . "\r\n";
mail($mail, 'Відновлення пароля до сайту петицій до Житомирської міської ради', $html, $headers);
}
public static function GetUsers($sorting = 0, $start = 0, $count = 1000000)
{
switch($sorting)
{
case 0: $orderby = "user_id DESC"; break;
case 1: $orderby = "user_id ASC"; break;
case 2: $orderby = "user_votes_count DESC"; break;
case 3: $orderby = "user_petitions_count DESC"; break;
case 4: $orderby = "user_firstname ASC, user_lastname ASC, user_middlename ASC"; break;
default: $orderby = "user_id";
}
$res = Main_Model::ExecuteQuery("SELECT * FROM users WHERE user_status = '1' ORDER BY {$orderby} LIMIT {$start}, {$count}");
return $res->fetchAll();
}
public static function GetUsersChangePending($sorting = 0, $start = 0, $count = 1000000)
{
switch($sorting)
{
case 0: $orderby = "user_id DESC"; break;
case 1: $orderby = "user_id ASC"; break;
case 2: $orderby = "user_votes_count DESC"; break;
case 3: $orderby = "user_petitions_count DESC"; break;
case 4: $orderby = "user_firstname ASC, user_lastname ASC, user_middlename ASC"; break;
default: $orderby = "user_id";
}
$res = Main_Model::ExecuteQuery("SELECT users_change_pending.user_request_date, users_change_pending.user_firstname as user_newfirstname, users_change_pending.user_middlename as user_newmiddlename, users_change_pending.user_lastname as user_newlastname, users.* FROM users_change_pending INNER JOIN users ON users.user_id = users_change_pending.user_id WHERE user_status = '1' ORDER BY {$orderby} LIMIT {$start}, {$count}");
return $res->fetchAll();
}
public static function UserProfileGetChangeQueue($userId)
{
return Main_Model::GetRowById('users_change_pending', 'user_id', $userId);
}
public static function UserProfileRemoveChangeQueue($userId)
{
Main_Model::ExecuteQuery("DELETE FROM users_change_pending WHERE user_id = :id", array('id' => $userId));
}
public static function UserProfileAddChangeQueue($newInfo, $userId)
{
$row = self::UserProfileGetChangeQueue($userId);
if (!empty($row))
return false;
$date = Main_Model::GetNowDate();
$sql = "INSERT INTO users_change_pending (user_firstname, user_lastname, user_middlename, user_id, user_request_date) VALUES (:f, :l, :m, :uid, :d)";
Main_Model::ExecuteQuery($sql, array('f' => $newInfo['user_firstname'], 'l' => $newInfo['user_lastname'], 'm' => $newInfo['user_middlename'], 'd' => $date, 'uid' => $userId));
return true;
}
public static function GetUsersCount()
{
$res = Main_Model::ExecuteQuery("SELECT COUNT(*) as count FROM users WHERE user_status = '1'");
$row = $res->fetch();
return $row['count'];
}
public static function GetUsersChangePendingCount()
{
$res = Main_Model::ExecuteQuery("SELECT COUNT(*) as count FROM users_change_pending");
$row = $res->fetch();
return $row['count'];
}
public static function UpdateLastAccessDate()
{
if (self::IsAuthorized())
{
$date = Main_Model::GetNowDate();
$id = self::GetUserId();
$ip = self::GetIP();
$comp_id = self::GetUID();
$row = array('id' => $id, 'date' => $date, 'ip' => $ip, 'uid' => $comp_id);
$res = Main_Model::ExecuteQuery("UPDATE users SET user_comp_id = :uid, user_lastip = :ip, user_lastaccess_date = :date WHERE user_id = :id", $row);
}
}
}
//Users_Model::RegisterMail('123morozov123@ukr.net', 123);
|