engelsystem/includes/model/User_model.php

<?php

/**
 * Returns User id array
 */
function mUserList() {
  $user_source = sql_select("SELECT `UID` FROM `User`");
  if ($user_source === false)
    return false;
  if (count($user_source) > 0)
    return $user_source;
  return null;
}

/**
 * Strip unwanted characters from a users nick.
 * @param string $nick
 */
function User_validate_Nick($nick) {
  return preg_replace("/([^a-z0-9üöäß. _+*-]{1,})/ui", '', $nick);
}

/**
 * Returns user by id.
 *
 * @param $id UID
 */
function User($id) {
  $user_source = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
  if ($user_source === false)
    return false;
  if (count($user_source) > 0)
    return $user_source[0];
  return null;
}

/**
 * Returns user by id (limit informations.
 *
 * @param $id UID
 */
function mUser_Limit($id) {
  $user_source = sql_select("SELECT `UID`, `Nick`, `Name`, `Vorname`, `Telefon`, `DECT`, `Handy`, `email`, `ICQ`, `jabber`, `Avatar` FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
  if ($user_source === false)
    return false;
  if (count($user_source) > 0)
    return $user_source[0];
  return null;
}

/**
 * Returns User by api_key.
 *
 * @param string $api_key
 *          User api key
 * @return Matching user, null or false on error
 */
function User_by_api_key($api_key) {
  $user = sql_select("SELECT * FROM `User` WHERE `api_key`='" . sql_escape($api_key) . "' LIMIT 1");
  if ($user === false)
    return false;
  if (count($user) == 0)
    return null;
  return $user[0];
}

/**
 * Returns User by email.
 *
 * @param string $email          
 * @return Matching user, null or false on error
 */
function User_by_email($email) {
  $user = sql_select("SELECT * FROM `User` WHERE `email`='" . sql_escape($email) . "' LIMIT 1");
  if ($user === false)
    return false;
  if (count($user) == 0)
    return null;
  return $user[0];
}

/**
 * Returns User by password token.
 *
 * @param string $token          
 * @return Matching user, null or false on error
 */
function User_by_password_recovery_token($token) {
  $user = sql_select("SELECT * FROM `User` WHERE `password_recovery_token`='" . sql_escape($token) . "' LIMIT 1");
  if ($user === false)
    return false;
  if (count($user) == 0)
    return null;
  return $user[0];
}

/**
 * Generates a new api key for given user.
 *
 * @param User $user          
 */
function User_reset_api_key(&$user) {
  $user['api_key'] = md5($user['Nick'] . time() . rand());
  $result = sql_query("UPDATE `User` SET `api_key`='" . sql_escape($user['api_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1");
  if ($result === false)
    return false;
  engelsystem_log("API key resetted.");
}

/**
 * Generates a new password recovery token for given user.
 *
 * @param User $user          
 */
function User_generate_password_recovery_token(&$user) {
  $user['password_recovery_token'] = md5($user['Nick'] . time() . rand());
  $result = sql_query("UPDATE `User` SET `password_recovery_token`='" . sql_escape($user['password_recovery_token']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1");
  if ($result === false)
    return false;
  engelsystem_log("Password recovery for " . $user['Nick'] . " started.");
  return $user['password_recovery_token'];
}

?>
#28 begin log 2012-12-26 14:02:27 +01:00			`<?php`
30c3 theme 2013-10-13 00:52:44 +02:00
first api 2013-12-29 15:08:21 +01:00			`/**`
			`* Returns User id array`
			`*/`
			`function mUserList() {`
			$user_source = sql_select("SELECT `UID` FROM `User`");
			`if ($user_source === false)`
			`return false;`
			`if (count($user_source) > 0)`
			`return $user_source;`
			`return null;`
			`}`

#137 fixed xss on login 2013-12-27 19:45:50 +01:00			`/**`
			`* Strip unwanted characters from a users nick.`
			`* @param string $nick`
			`*/`
			`function User_validate_Nick($nick) {`
			`return preg_replace("/([^a-z0-9üöäß. _+*-]{1,})/ui", '', $nick);`
			`}`

#28 begin log 2012-12-26 14:02:27 +01:00			`/**`
			`* Returns user by id.`
30c3 theme 2013-10-13 00:52:44 +02:00			`*`
#28 begin log 2012-12-26 14:02:27 +01:00			`* @param $id UID`
			`*/`
			`function User($id) {`
			$user_source = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
30c3 theme 2013-10-13 00:52:44 +02:00			`if ($user_source === false)`
mysql to mysqli and a lot of cleanup and mvc 2013-09-18 01:38:36 +02:00			`return false;`
30c3 theme 2013-10-13 00:52:44 +02:00			`if (count($user_source) > 0)`
#28 begin log 2012-12-26 14:02:27 +01:00			`return $user_source[0];`
			`return null;`
			`}`

first api 2013-12-29 15:08:21 +01:00			`/**`
			`* Returns user by id (limit informations.`
			`*`
			`* @param $id UID`
			`*/`
			`function mUser_Limit($id) {`
			$user_source = sql_select("SELECT `UID`, `Nick`, `Name`, `Vorname`, `Telefon`, `DECT`, `Handy`, `email`, `ICQ`, `jabber`, `Avatar` FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
			`if ($user_source === false)`
			`return false;`
			`if (count($user_source) > 0)`
			`return $user_source[0];`
			`return null;`
			`}`

#119 added basic shift json export support using same pattern like ical export 2013-09-10 14:27:31 +02:00			`/**`
			`* Returns User by api_key.`
30c3 theme 2013-10-13 00:52:44 +02:00			`*`
			`* @param string $api_key`
			`* User api key`
#119 added basic shift json export support using same pattern like ical export 2013-09-10 14:27:31 +02:00			`* @return Matching user, null or false on error`
			`*/`
			`function User_by_api_key($api_key) {`
			$user = sql_select("SELECT * FROM `User` WHERE `api_key`='" . sql_escape($api_key) . "' LIMIT 1");
30c3 theme 2013-10-13 00:52:44 +02:00			`if ($user === false)`
#119 added basic shift json export support using same pattern like ical export 2013-09-10 14:27:31 +02:00			`return false;`
			`if (count($user) == 0)`
			`return null;`
			`return $user[0];`
			`}`

user password recovery 2013-12-26 13:34:48 +01:00			`/**`
			`* Returns User by email.`
			`*`
			`* @param string $email`
			`* @return Matching user, null or false on error`
			`*/`
			`function User_by_email($email) {`
			$user = sql_select("SELECT * FROM `User` WHERE `email`='" . sql_escape($email) . "' LIMIT 1");
			`if ($user === false)`
			`return false;`
			`if (count($user) == 0)`
			`return null;`
			`return $user[0];`
			`}`

			`/**`
			`* Returns User by password token.`
			`*`
			`* @param string $token`
			`* @return Matching user, null or false on error`
			`*/`
			`function User_by_password_recovery_token($token) {`
			$user = sql_select("SELECT * FROM `User` WHERE `password_recovery_token`='" . sql_escape($token) . "' LIMIT 1");
			`if ($user === false)`
			`return false;`
			`if (count($user) == 0)`
			`return null;`
			`return $user[0];`
			`}`

#119 added basic shift json export support using same pattern like ical export 2013-09-10 14:27:31 +02:00			`/**`
			`* Generates a new api key for given user.`
30c3 theme 2013-10-13 00:52:44 +02:00			`*`
user password recovery 2013-12-26 13:34:48 +01:00			`* @param User $user`
#119 added basic shift json export support using same pattern like ical export 2013-09-10 14:27:31 +02:00			`*/`
#119 added links to json export 2013-09-10 14:45:41 +02:00			`function User_reset_api_key(&$user) {`
#119 added basic shift json export support using same pattern like ical export 2013-09-10 14:27:31 +02:00			`$user['api_key'] = md5($user['Nick'] . time() . rand());`
mysql to mysqli and a lot of cleanup and mvc 2013-09-18 01:38:36 +02:00			$result = sql_query("UPDATE `User` SET `api_key`='" . sql_escape($user['api_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1");
30c3 theme 2013-10-13 00:52:44 +02:00			`if ($result === false)`
mysql to mysqli and a lot of cleanup and mvc 2013-09-18 01:38:36 +02:00			`return false;`
#119 added basic shift json export support using same pattern like ical export 2013-09-10 14:27:31 +02:00			`engelsystem_log("API key resetted.");`
			`}`

user password recovery 2013-12-26 13:34:48 +01:00			`/**`
			`* Generates a new password recovery token for given user.`
			`*`
			`* @param User $user`
			`*/`
			`function User_generate_password_recovery_token(&$user) {`
			`$user['password_recovery_token'] = md5($user['Nick'] . time() . rand());`
			$result = sql_query("UPDATE `User` SET `password_recovery_token`='" . sql_escape($user['password_recovery_token']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1");
			`if ($result === false)`
			`return false;`
			`engelsystem_log("Password recovery for " . $user['Nick'] . " started.");`
			`return $user['password_recovery_token'];`
			`}`

first api 2013-12-29 15:08:21 +01:00			`?>`