aboutsummaryrefslogtreecommitdiffstats
path: root/web/php/user.inc.php
diff options
context:
space:
mode:
Diffstat (limited to 'web/php/user.inc.php')
-rw-r--r--web/php/user.inc.php262
1 files changed, 262 insertions, 0 deletions
diff --git a/web/php/user.inc.php b/web/php/user.inc.php
new file mode 100644
index 0000000..46205d7
--- /dev/null
+++ b/web/php/user.inc.php
@@ -0,0 +1,262 @@
+<?php
+
+require_once('common.inc.php');
+require_once('/srv/http/phpmailer/class.phpmailer.php');
+
+const USERNAME_LEN_MIN = 5;
+const USERNAME_LEN_MAX = 20;
+const PASSWORD_LEN_MIN = 5;
+const PASSWORD_LEN_MAX = 32;
+const NICKNAME_LEN_MIN = 1;
+const NICKNAME_LEN_MAX = 32;
+const EMAIL_LEN_MAX = 100;
+
+const USER_PER_USER = 0x00000001;
+const USER_PER_PROCREATOR = 0x00000002;
+const USER_PER_PROADMIN = 0x00000004;
+
+const USER_LEVEL_USER = 0x00000001;
+const USER_LEVEL_PROCREATOR = 0x00000003;
+const USER_LEVEL_PROADMIN = 0x00000007;
+const USER_LEVEL_ADMIN = 0x0000ffff;
+const USER_LEVEL_SUPERADMIN = 0xffffffff;
+
+class user
+{
+ public $uid;
+ public $username;
+ public $password;
+ public $nickname;
+ public $aboutme;
+ public $avatar;
+ public $level;
+ public $email;
+
+ public static function get_from_uid($sqlc, $uid)
+ {
+ //return user object of specified uid. False if user doesn't exists.
+
+ $result = pg_query_params($sqlc, 'SELECT * FROM "user" WHERE "uid"=$1 LIMIT 1;', array(intval($uid))) or die ("Eerror_get_user");
+ $ret = pg_fetch_object($result, null, 'user');
+ pg_free_result($result);
+ if(!$ret)
+ return false;
+ $ret->uid = intval($ret->uid);
+ $ret->level = intval($ret->level);
+ return $ret;
+ }
+
+ public static function get_from_username($sqlc, $username)
+ {
+ //return user object of specified username. False if user doesn't exists.
+
+ $result = pg_query_params($sqlc, 'SELECT * FROM "user" WHERE "username"=$1 LIMIT 1;', array($username));
+ $ret = pg_fetch_object($result, null, 'user');
+ pg_free_result($result);
+ if(!$ret)
+ return false;
+ $ret->uid = intval($ret->uid);
+ $ret->level = intval($ret->level);
+
+ return $ret;
+ }
+
+ public static function add($sqlc, $user)
+ {
+ //add user to database , with $user the user data object
+ //return inserted user object. False if failed.
+ //Assume the insertion is valid!!
+ //requires member: string username, string nickname, string password, stirng aboutme, string avatar, string email
+
+ $sqlstr = 'INSERT INTO "user" ("username", "nickname", "password", "aboutme", "avatar", "email") VALUES ($1, $2, $3, $4, $5, $6) RETURNING *;';
+ $sqlarr = array($user->username, $user->nickname, $user->password, '', '', $user->email);
+ $sqlr = pg_query_params($sqlc, $sqlstr, $sqlarr);
+ if(!$sqlr)return false;
+ //$sqlr = pg_query($sqlc, 'SELECT SCOPE_IDENTITY();');
+ $obj = pg_fetch_object($sqlr, null, 'user');
+ pg_free_result($sqlr);
+ if($obj)$obj->uid = intval($obj->uid);
+ return $obj;
+ }
+
+ public static function update($sqlc, $user)
+ {
+ //update user data into database, with $user the user data object
+ //return updated object. False if failed.
+ //Assume the update is valid!!
+ //requires member: string nickname, string password, string aboutme, string avatar, string email, int uid
+
+ $sqlstr = 'UPDATE "user" SET "nickname"=$1, "password"=$2, "aboutme"=$3, "avatar"=$4, "email"=$5 WHERE "uid"=$6 RETURNING *;';
+ $sqlarr = array($user->nickname, $user->password, $user->aboutme, $user->avatar, $user->email, intval($user->uid));
+ $sqlr = pg_query_params($sqlc, $sqlstr, $sqlarr);
+ if(!$sqlr)return false;
+ $obj = pg_fetch_object($sqlr, null, 'user');
+ pg_free_result($sqlr);
+ if($obj)$obj->uid = intval($obj->uid);
+ return $obj;
+ }
+
+ /*public static function update_property($sqlc, $user)
+ {
+ //update property of given user.
+ //return updated object. False if failed.
+ //Assume the update is valid!!
+ //requires member: int[] property, int uid;
+
+ $sqlstr = 'UPDATE "user" SET "property"=$1 WHERE "uid"=$2 RETURNING *;';
+ $sqlarr = array($user->property, intval($user->uid));
+ $sqlr = pg_query_params($sqlc, $sqlstr, $sqlarr);
+ if(!$sqlr)return false;
+ $obj = pg_fetch_object($sqlr, null, 'user');
+ pg_free_result($sqlr);
+ if($obj)$obj->uid = intval($obj->uid);
+ return $obj;
+ }*/
+
+ public static function get_username($sqlc, $uid)
+ {
+ //return username of given uid. False if not found.
+
+ $sqlstr = 'SELECT "username" FROM "user" WHERE "uid"=$1 LIMIT 1;';
+ $sqlarr = array(intval($uid));
+ $sqlr = pg_query_params($sqlc, $sqlstr, $sqlarr);
+ $ret = pg_fetch_result($sqlr, 0);
+ pg_free_result($sqlr);
+ return $ret;
+ }
+
+ public static function get_nickname($sqlc, $uid)
+ {
+ //return nickname of given uid. False if not found.
+
+ $sqlstr = 'SELECT "nickname" FROM "user" WHERE "uid"=$1 LIMIT 1;';
+ $sqlarr = array(intval($uid));
+ $sqlr = pg_query_params($sqlc, $sqlstr, $sqlarr);
+ $ret = pg_fetch_result($sqlr, 0);
+ pg_free_result($sqlr);
+ return $ret;
+ }
+
+ public static function reset_password($sqlc, $uid)
+ {
+ //reset password for given uid. False if not found.
+
+ $user = user::get_from_uid($sqlc, $uid);
+ if(!$user)return false;
+ $email = $user->email;
+ if(!$email)return false;
+
+ $passlen = 8;
+ $newpass = '';
+ for($i = 0; $i < $passlen; $i++)
+ {
+ $v = rand()%62;
+ $c = null;
+ if($v<10)$c = chr(48 + $v);
+ else if($v<36)$c = chr(65 + $v - 10);
+ else $c = chr(97 + $v - 36);
+ $newpass = $newpass.$c;
+ }
+ //echo($newpass.'<br>');
+
+ //email
+
+ $cmail = new PHPMailer();
+ $cmail->IsSMTP();
+
+ $cmail->SMTPAuth = true;
+ $cmail->SMTPSecure = 'SSL';
+ $cmail->Host = 'ssl://'.SMTP_HOST;
+ $cmail->Port = 465;
+ $cmail->Username = SMTP_USER;
+ $cmail->Password = SMTP_PASS;
+ $cmail->From = 'sprout@csie.ntu.edu.tw';
+ $cmail->FromName = 'Taiwan Online Judge';
+
+ $cmail->AddAddress($email, $user->nickname);
+ $cmail->WordWrap = 70;
+ $cmail->Subject = 'TOJ Password Reset Notice';
+ $cmail->IsHTML = true;
+ $cmail->Body = 'Hi '.$user->nickname.' ('.$user->username.') , your new password is '.$newpass.' .';
+ if(!$cmail->Send())
+ {
+ //echo($cmail->ErrorInfo.'<br>');
+ return false;
+ }
+
+
+
+ $user->password = hash('sha512', $newpass);
+ $nuser = user::update($sqlc, $user);
+ if(!$nuser)return false;
+
+ return true;
+ }
+
+ public static function statistic($sqlc, $uid){
+ $sqlstr = 'SELECT "proid",MIN("result") AS "result" FROM "submit" WHERE "uid"=$1 GROUP BY "proid" ORDER BY "proid" ASC;';
+ $sqlarr = array(intval($uid));
+ $sqlr = pg_query_params($sqlc, $sqlstr, $sqlarr);
+ $trylist = array();
+ while($obj = pg_fetch_object($sqlr)){
+ $obj->proid = intval($obj->proid);
+ $obj->result = intval($obj->result);
+ array_push($trylist, $obj);
+ }
+ pg_free_result($sqlr);
+
+ $sqlstr = 'SELECT "result",COUNT("result") AS "count" FROM "submit" WHERE "uid"=$1 GROUP BY "result" ORDER BY "result";';
+ $sqlarr = array(intval($uid));
+ $sqlr = pg_query_params($sqlc, $sqlstr, $sqlarr);
+ $substatis = array();
+ while($obj = pg_fetch_object($sqlr)){
+ $obj->result = intval($obj->result);
+ $obj->count = intval($obj->count);
+ array_push($substatis, $obj);
+ }
+ pg_free_result($sqlr);
+
+ $sqlstr = 'SELECT "result",COUNT("result") AS "count" FROM "submit" WHERE "uid"=$1 GROUP BY "result" ORDER BY "result";';
+ $sqlarr = array(intval($uid));
+ $sqlr = pg_query_params($sqlc, $sqlstr, $sqlarr);
+ $substatis = array();
+ while($obj = pg_fetch_object($sqlr)){
+ $obj->result = intval($obj->result);
+ $obj->count = intval($obj->count);
+ array_push($substatis, $obj);
+ }
+ pg_free_result($sqlr);
+
+ $sqlstr = 'SELECT TO_CHAR("submit_time",\'YYYY-MM\') AS "time",COUNT("submit_time") AS "count" FROM "submit" WHERE uid=$1 GROUP BY TO_CHAR("submit_time",\'YYYY-MM\');';
+ $sqlarr = array(intval($uid));
+ $sqlr = pg_query_params($sqlc, $sqlstr, $sqlarr);
+ $timesub = array();
+ while($obj = pg_fetch_object($sqlr)){
+ $obj->count = intval($obj->count);
+ array_push($timesub, $obj);
+ }
+ pg_free_result($sqlr);
+
+ return array(
+ 'trylist' => $trylist,
+ 'substatis' => $substatis,
+ 'timesub' => $timesub
+ );
+ }
+}
+
+function sec_check_level($sqlc, $lv, $uid = null)
+{
+ $uidnull = false;
+ if($uid == null)
+ {
+ $uid = intval($_COOKIE['uid']);
+ $uidnull = true;
+ }
+ if($uidnull && !sec_is_login())
+ return false;
+ $user = user::get_from_uid($sqlc, $uid);
+ return (($user->level & $lv) == $lv);
+}
+
+?>
generated by cgit (git 2.34.1) at 2025-05-24 00:34:45 +0800