$aUser['month'] = (int) (empty($aUser['month']) ? date('m') : $aUser['month']);
$aUser['year'] = (int) (empty($aUser['year']) ? date('Y') : $aUser['year']);
if ($aUser['day'] === 0 || $aUser['day'] > 31) {
$aUser['day'] = 1;
}
if ($aUser['month'] === 0 || $aUser['month'] > 12) {
$aUser['month'] = 1;
}
if ($aUser['year'] < 1900) {
$aUser['year'] = 1982;
}
$aUser['user_name'] = $aUser['user'];
$aUser['user_name'] = str_replace(' ', '_', $aUser['user_name']);
Phpfox::getService('user.validate')->user($aUser['user_name']);
if (!Phpfox_Error::isPassed()) {
Phpfox_Error::reset();
$aUser['user_name'] = $aUser['user_name'] . '_' . uniqid();
}
$aInsert = array('user_group_id' => $aUser['type'] == '0' ? '1' : '2', 'user_name' => $oParseInput->clean($aUser['user_name'], 255), 'full_name' => $oParseInput->clean($aUser['user'], 255), 'status' => $oParseInput->clean($aUser['headline'], 255), 'password' => md5($aUser['password'] . md5($sSalt)), 'password_salt' => $sSalt, 'email' => $aUser['email'], 'joined' => $aUser['signup'], 'gender' => isset($aCacheGender[$aUser['gender']]) ? $aCacheGender[$aUser['gender']] : 0, 'birthday' => Phpfox::getService('user')->buildAge($aUser['day'], $aUser['month'], $aUser['year']), 'birthday_search' => Phpfox::getLib('date')->mktime(0, 0, 0, $aUser['month'], $aUser['day'], $aUser['year']), 'country_iso' => isset($aCacheCountry[$aUser['location']]) ? $aCacheCountry[$aUser['location']] : null, 'language_id' => 'en', 'time_zone' => null, 'last_login' => $aUser['login'], 'upgrade_user_id' => $aUser['id'], 'user_image' => '{file/pic/user/' . $aUser['user'] . '%s.jpg}');
$iId = $this->_db()->insert(Phpfox::getT('user'), $aInsert);
// check if user profile was private
if ($aUser['friends_only'] == 1) {
$aPrivacy = array('user_id' => $iId, 'user_privacy' => 'profile.view_profile', 'user_value' => 2);
$this->_db()->insert(Phpfox::getT('user_privacy'), $aPrivacy);
}
// check if only friends could add comments
if ($aUser['friends_comment'] == 1) {
$aPrivacy = array('user_id' => $iId, 'user_privacy' => 'comment.add_comment', 'user_value' => 2);
$this->_db()->insert(Phpfox::getT('user_privacy'), $aPrivacy);
}
// Notifications
public function login($sLogin, $sPassword, $bRemember = false, $sType = 'email', $bNoPasswordCheck = false)
{
$sSelect = 'user_id, email, user_name, password, password_salt, status_id';
/* Used to control the return in case we detect a brute force attack */
$bReturn = false;
$sLogin = $this->database()->escape($sLogin);
if ($sPlugin = Phpfox_Plugin::get('user.service_auth_login__start')) {
eval($sPlugin);
if (isset($mReturn)) {
return $mReturn;
}
}
$aRow = $this->database()->select($sSelect)->from($this->_sTable)->where($sType == 'both' ? "email = '" . $sLogin . "' OR user_name = '" . $sLogin . "'" : ($sType == 'email' ? "email" : "user_name") . " = '" . $sLogin . "'")->execute('getRow');
if ($sPlugin = Phpfox_Plugin::get('user.service_auth_login_skip_email_verification')) {
eval($sPlugin);
}
if (!defined('PHPFOX_INSTALLER') && isset($aRow['status_id']) && $aRow['status_id'] == 1 && !isset($bEmailVerification)) {
Phpfox::getLib('session')->set('cache_user_id', $aRow['user_id']);
if (defined('PHPFOX_MUST_PAY_FIRST')) {
Phpfox::getLib('url')->send('subscribe.register', array('id' => PHPFOX_MUST_PAY_FIRST, 'login' => '1'));
}
Phpfox::getLib('url')->send('user.verify', null, Phpfox::getPhrase('user.you_need_to_verify_your_email_address_before_logging_in', array('email' => $aRow['email'])));
}
if (!isset($aRow['user_name'])) {
switch (Phpfox::getParam('user.login_type')) {
case 'user_name':
$sMessage = Phpfox::getPhrase('user.invalid_user_name');
break;
case 'email':
$sMessage = Phpfox::getPhrase('user.invalid_email');
break;
default:
$sMessage = Phpfox::getPhrase('user.invalid_login_id');
}
Phpfox_Error::set($sMessage);
if ($sPlugin = Phpfox_Plugin::get('user.service_auth_login__no_user_name')) {
eval($sPlugin);
}
//return array(false, $aRow);
$bReturn = true;
} else {
$bDoPhpfoxLoginCheck = true;
if ($sPlugin = Phpfox_Plugin::get('user.service_auth_login__password')) {
eval($sPlugin);
}
if (!$bNoPasswordCheck && $bDoPhpfoxLoginCheck && Phpfox::getLib('hash')->setHash($sPassword, $aRow['password_salt']) != $aRow['password']) {
Phpfox_Error::set(Phpfox::getPhrase('user.invalid_password'));
//return array(false, $aRow);
$bReturn = true;
}
}
/* Add the check for the brute force here */
if (!empty($aRow) && !defined('PHPFOX_INSTALLER') && Phpfox::getParam('user.brute_force_time_check') > 0) {
/* Check if the account is already locked */
$iLocked = $this->database()->select('brute_force_locked_at')->from(Phpfox::getT('user_field'))->where('user_id = ' . $aRow['user_id'])->execute('getSlaveField');
$iUnlockTimeOut = $iLocked + Phpfox::getParam('user.brute_force_cool_down') * 60;
$iRemaining = $iUnlockTimeOut - PHPFOX_TIME;
$iTimeFrom = PHPFOX_TIME - 60 * Phpfox::getParam('user.brute_force_time_check');
$iAttempts = $this->database()->select('COUNT(*)')->from(Phpfox::getT('user_ip'))->where('user_id = ' . $aRow['user_id'] . ' AND type_id = "login_failed" AND time_stamp > ' . $iTimeFrom)->execute('getSlaveField');
$aReplace = array('iCoolDown' => Phpfox::getParam('user.brute_force_cool_down'), 'sForgotLink' => Phpfox::getLib('url')->makeUrl('user.password.request'), 'iUnlockTimeOut' => ceil($iRemaining / 60));
if ($iRemaining > 0) {
Phpfox_Error::reset();
Phpfox_Error::set(Phpfox::getPhrase('user.brute_force_account_locked', $aReplace));
return array(false, $aRow);
}
if ($iAttempts >= Phpfox::getParam('user.brute_force_attempts_count')) {
$this->database()->update(Phpfox::getT('user_field'), array('brute_force_locked_at' => PHPFOX_TIME), 'user_id = ' . $aRow['user_id']);
Phpfox_Error::reset();
/* adjust new remaining time*/
$aReplace['iUnlockTimeOut'] = Phpfox::getParam('user.brute_force_cool_down');
Phpfox_Error::set(Phpfox::getPhrase('user.brute_force_account_locked', $aReplace));
$bReturn = true;
}
}
if ($bReturn == true) {
/* Log the attempt */
$this->database()->insert(Phpfox::getT('user_ip'), array('user_id' => isset($aRow['user_id']) ? $aRow['user_id'] : '0', 'type_id' => 'login_failed', 'ip_address' => Phpfox::getIp(), 'time_stamp' => PHPFOX_TIME));
return array(false, $aRow);
}
// ban check
$oBan = Phpfox::getService('ban');
if (!$oBan->check('email', $aRow['email'])) {
Phpfox_Error::set(Phpfox::getPhrase('ban.global_ban_message'));
}
if (!$oBan->check('ip', Phpfox::getLib('request')->getIp())) {
// this is a new phrase, text: "Your IP address is not allowed"
Phpfox_Error::set(Phpfox::getPhrase('ban.not_allowed_ip_address'));
}
$aBanned = Phpfox::getService('ban')->isUserBanned($aRow);
if ($aBanned['is_banned']) {
if (isset($aBanned['reason']) && !empty($aBanned['reason'])) {
$aBanned['reason'] = str_replace(''', "'", Phpfox::getLib('parse.output')->parse($aBanned['reason']));
$sReason = preg_replace('/\\{phrase var=\'(.*)\'\\}/ise', "'' . Phpfox::getPhrase('\\1',array(), false, null, '" . Phpfox::getUserBy('language_id') . "') . ''", $aBanned['reason']);
Phpfox_Error::set($sReason);
} else {
Phpfox_Error::set(Phpfox::getPhrase('ban.global_ban_message'));
}
}
if (Phpfox_Error::isPassed()) {
if ($sPlugin = Phpfox_Plugin::get('user.service_auth_login__cookie_start')) {
eval($sPlugin);
}
$sPasswordHash = Phpfox::getLib('hash')->setRandomHash(Phpfox::getLib('hash')->setHash($aRow['password'], $aRow['password_salt']));
// Set cookie (yummy)
$iTime = $bRemember ? PHPFOX_TIME + 3600 * 24 * 365 : 0;
Phpfox::setCookie($this->_sNameCookieUserId, $aRow['user_id'], $iTime, Phpfox::getParam('core.force_secure_site') ? true : false);
Phpfox::setCookie($this->_sNameCookieHash, $sPasswordHash, $iTime, Phpfox::getParam('core.force_secure_site') ? true : false);
if (!defined('PHPFOX_INSTALLER')) {
Phpfox::getLib('session')->remove(Phpfox::getParam('core.theme_session_prefix') . 'theme');
}
$this->database()->update($this->_sTable, array('last_login' => PHPFOX_TIME), 'user_id = ' . $aRow['user_id']);
$this->database()->insert(Phpfox::getT('user_ip'), array('user_id' => $aRow['user_id'], 'type_id' => 'login', 'ip_address' => Phpfox::getIp(), 'time_stamp' => PHPFOX_TIME));
if (Phpfox::getParam('core.auth_user_via_session')) {
$this->database()->delete(Phpfox::getT('session'), 'user_id = ' . (int) $aRow['user_id']);
$this->database()->insert(Phpfox::getT('session'), array('user_id' => $aRow['user_id'], 'last_activity' => PHPFOX_TIME, 'id_hash' => Phpfox::getLib('request')->getIdHash()));
}
if ($sPlugin = Phpfox_Plugin::get('user.service_auth_login__cookie_end')) {
eval($sPlugin);
}
return array(true, $aRow);
}
if ($sPlugin = Phpfox_Plugin::get('user.service_auth_login__end')) {
eval($sPlugin);
}
return array(false, $aRow);
}
/**
* Adds a user.
* Required fields:
* - full_name - string(255) - Used as the site wide display name
* - email - string(255) - Users unique email
*
* Option fields:
* - user_name - string(100) - Used to create vanity URL, if not passed we will create one from the "full_name"
* - birth_year - int - Users birth year
* - birth_month - int - Users birth month
* - birth_day - int - Users birth day
* - gender - string - Users gender (Must be "male" or "female")
* - country - string - Users location (eg. United States, Sweden etc...)
* - city - string - Users city (eg. Miami, Stockholm etc...)
* - state - string - Users state/province (eg. Florida, Skane etc...)
* - joined - int - Time stamp of when the user joined (Must be a UNIX time stamp)
*
* @param array $aVals Holds an array of all the required/option fields
*/
public function addUser($aVals)
{
static $aCacheData = null;
if ($aCacheData === null) {
$aRows = $this->database()->select('country_iso, name')->from(Phpfox::getT('country'))->execute('getRows');
foreach ($aRows as $aRow) {
$aCacheData['country'][strtolower($aRow['name'])] = $aRow['country_iso'];
$aCacheData['country_iso'][$aRow['country_iso']] = $aRow['country_iso'];
}
$aRows = $this->database()->select('child_id, name')->from(Phpfox::getT('country_child'))->execute('getRows');
foreach ($aRows as $aRow) {
$aCacheData['country_child'][strtolower($aRow['name'])] = $aRow['child_id'];
}
}
if (empty($aVals['full_name']) || empty($aVals['email'])) {
return false;
}
$aUser = array('user_group_id' => '2', 'full_name' => $aVals['full_name'], 'email' => $aVals['email']);
$iEmailCheck = $this->database()->select('COUNT(*)')->from(Phpfox::getT('user'))->where('email = \'' . $this->database()->escape($aVals['email']) . '\'')->execute('getField');
if ($iEmailCheck) {
return false;
}
if (empty($aVals['password'])) {
$sSalt = '';
for ($i = 0; $i < 3; $i++) {
$sSalt .= chr(rand(33, 91));
}
}
if (!empty($aVals['birth_year'])) {
$aVals['day'] = (int) (empty($aVals['day']) ? date('d') : $aVals['birth_day']);
$aVals['month'] = (int) (empty($aVals['month']) ? date('m') : $aVals['birth_month']);
$aVals['year'] = (int) (empty($aVals['year']) ? date('Y') : $aVals['birth_year']);
if ($aVals['day'] === 0 || $aVals['day'] > 31) {
$aVals['day'] = 1;
}
if ($aVals['month'] === 0 || $aVals['month'] > 12) {
$aVals['month'] = 1;
}
if ($aVals['year'] < 1900) {
$aVals['year'] = 1982;
}
$aUser['birthday'] = Phpfox::getService('user')->buildAge($aVals['day'], $aVals['month'], $aVals['year']);
$aUser['birthday_search'] = Phpfox::getLib('date')->mktime(0, 0, 0, $aVals['month'], $aVals['day'], $aVals['year']);
}
if (!empty($aVals['gender'])) {
$aUser['gender'] = strtolower($aVals['gender']) == 'male' ? '1' : '2';
}
if (empty($aVals['user_name'])) {
$aVals['user_name'] = $aVals['full_name'];
}
$aUser['user_name'] = Phpfox::getLib('parse.input')->cleanTitle($aVals['user_name']);
Phpfox::getService('user.validate')->user($aUser['user_name']);
// $aErrors = Phpfox_Error::get();
if (!Phpfox_Error::isPassed()) {
Phpfox_Error::reset();
$aUser['user_name'] = $aUser['user_name'] . '_' . uniqid();
}
if (!empty($aVals['country']) && isset($aCacheData['country']) && isset($aCacheData['country'][strtolower($aVals['country'])])) {
$aUser['country_iso'] = $aCacheData['country'][strtolower($aVals['country'])];
}
if (!empty($aVals['country_iso']) && isset($aCacheData['country_iso']) && isset($aCacheData['country_iso'][$aVals['country_iso']])) {
$aUser['country_iso'] = $aCacheData['country_iso'][$aVals['country_iso']];
}
$sPassword = '';
if (empty($aVals['password'])) {
for ($i = 1; $i <= 10; $i++) {
$sPassword .= substr('0123456789aBcDeF/()$#!', rand(0, 21), 1);
}
$aUser['password'] = md5(md5($sPassword) . md5($sSalt));
$aUser['password_salt'] = $sSalt;
}
if (!empty($aVals['joined'])) {
$aUser['joined'] = $aVals['joined'];
}
if (!empty($aVals['last_login'])) {
$aUser['last_login'] = $aVals['last_login'];
}
if (!empty($aVals['last_activity'])) {
$aUser['last_activity'] = $aVals['last_activity'];
}
$iId = $this->database()->insert(Phpfox::getT('user'), $aUser);
$aUserField = array('user_id' => $iId);
if (!empty($aVals['city'])) {
$aUserField['city_location'] = $this->parseInput()->clean($aVals['city']);
}
if (!empty($aVals['state']) && isset($aCacheData['country_child']) && isset($aCacheData['country_child'][strtolower($aVals['state'])])) {
$aUserField['country_child_id'] = $aCacheData['country_child'][strtolower($aVals['state'])];
}
if (!empty($aVals['zip'])) {
$aUserField['postal_code'] = $this->parseInput()->clean($aVals['zip']);
}
if (!empty($aVals['birth_year'])) {
$aUserField['birthday_range'] = Phpfox::getService('user')->buildAge($aVals['day'], $aVals['month']);
}
if (!empty($aVals['total_view'])) {
$aUserField['total_view'] = (int) $aVals['total_view'];
}
$this->database()->insert(Phpfox::getT('user_field'), $aUserField);
$aExtra = array('user_id' => $iId);
$this->database()->insert(Phpfox::getT('user_activity'), $aExtra);
$this->database()->insert(Phpfox::getT('user_space'), $aExtra);
$this->database()->insert(Phpfox::getT('user_count'), $aExtra);
/*
if (isset($aVals['import_user_id']))
{
$this->database()->insert(Phpfox::getT('user_import'), array(
'import_user_id' => (int) $aVals['import_user_id'],
'user_id' => $iId
)
);
}
*/
$oFile = Phpfox::getLib('file');
$oImage = Phpfox::getLib('image');
if (!empty($aVals['profile_image']) && file_exists($aVals['profile_image'])) {
$sPath = $aVals['profile_image'];
$sFileName = $iId . '%s.' . substr($sPath, -3);
$sTo = Phpfox::getParam('core.dir_user') . sprintf($sFileName, '');
if (file_exists($sTo)) {
$oFile->unlink($sTo);
}
$oFile->copy($sPath, $sTo);
foreach (Phpfox::getParam('user.user_pic_sizes') as $iSize) {
$oImage->createThumbnail(Phpfox::getParam('core.dir_user') . sprintf($sFileName, ''), Phpfox::getParam('core.dir_user') . sprintf($sFileName, '_' . $iSize), $iSize, $iSize);
$oImage->createThumbnail(Phpfox::getParam('core.dir_user') . sprintf($sFileName, ''), Phpfox::getParam('core.dir_user') . sprintf($sFileName, '_' . $iSize . '_square'), $iSize, $iSize, false);
}
$this->database()->update(Phpfox::getT('user'), array('user_image' => $sFileName, 'server_id' => '0'), 'user_id = ' . (int) $iId);
}
return array('user_id' => $iId, 'password' => $sPassword, 'user_name' => $aUser['user_name']);
}
