Sponsorenverwaltung - Team StarCraft e.V.
 All Data Structures Files Functions Variables
class.newuser.php
Go to the documentation of this file.
1 <?php
2  /**
3  * @file class.newuser.php
4  *
5  * @brief Home of the class User
6  *
7  * @details
8  * This file provides the class User for creating new users. Therefore this
9  * class does another basic input validation and some other important tasks
10  * during the registration process
11  *
12  * This file depends on inc/common.php.
13  *
14  * @copyright (c) 2013, Team StarCraft e.V.
15  * @version 1.0.0
16  * @author UserCake (http://usercake.com)
17  * @author Alexander Vorndran
18  * @date 02.07.2013
19  */
20 
21  /**
22  * @brief This class handles some of the main tasks of creating a new user.
23  *
24  * @details
25  *
26  * This class is based on the class User from UserCake Version 2.0.2.
27  *
28  *
29  * This class depends on inc/common.php.
30  *
31  * @copyright 2013, Team StarCraft e.V.
32  * @version 1.0.0
33  * @author UserCake (http://usercake.com)
34  * @author Alexander Vorndran
35  * @date 02.07.2013
36  */
37  class User {
38  //! 0 means the user has to be activated by an administrator
39  public $user_active = 0;
40  //! Holds the value of the sanitized e-email-address
41  private $clean_email;
42  //! Is TRUE if no errors occurred
43  public $status = false;
44  //! holds the sanitized password value
45  private $clean_password;
46  //! Holds the username
47  private $username;
48  //! TRUE if an SQL-error occurred FALSE if not
49  public $sql_failure = false;
50  //! TRUE if an error occured during sending the mail FALSE if not
51  public $mail_failure = false;
52  //! TRUE if the e-mail is already used by another user
53  public $email_taken = false;
54  //! TRUE if there is an user with the same username
55  public $username_taken = false;
56  //! TRUE if there is an user with the same mobile number
57  public $mobile_taken = false;
58  //! Holds the value of the activation token
59  public $activation_token = NULL;
60  //! Holds success messages
61  public $success = NULL;
62  //! Holds the mobile number of the user
63  private $mobile = "";
64  //! Holds the firstname of the user
65  private $firstname = "";
66  //! Holds the lastname of the user
67  private $lastname = "";
68 
69  /**
70  * Constructs a new user
71  * @param string $user the username
72  * @param string $first the firstname
73  * @param string $last the lastname
74  * @param string $pass the passwort
75  * @param string $email the email
76  * @param string $mobile the mobile number
77  * @author Usercake http://www.usercake.com
78  */
79  function __construct($user, $first, $last, $pass, $email, $mobile) {
80  //Sanitize
81  $this->clean_email = sanitize($email);
82  $this->clean_password = trim($pass);
83  $this->username = sanitize($user);
84  $this->mobile = trim($mobile);
85 
86  //assign firstname and lastname
87  $this->firstname = $first;
88  $this->lastname = $last;
89 
90  // try to form a unique username
91  if (usernameExists($this->username)) {
92  $i = 0;
93  while(true) {
94  $i++;
95  $new_username = $this->username.rand(1000,9999);
96  if(!usernameExists($new_username)) {
97  $this->username = $new_username;
98  break;
99  } else {
100  if($i < 50) {
101  continue;
102  } else {
103  $this->username_taken = true;
104  break;
105  }
106  }
107  }
108 
109  }
110  if (emailExists($this->clean_email)) {
111  $this->email_taken = true;
112  } else if (mobileExists($this->mobile)) {
113  $this->mobile_taken = true;
114  } else {
115  //No problems have been found.
116  $this->status = !$this->username_taken;
117  }
118  }
119 
120  /**
121  * Adds the UserCake user to the database, gives initial permissions, sends mail and so on
122  * @author Usercake http://www.usercake.com
123  * @author Alexander Vorndran
124  */
125  public function userCakeAddUser() {
126  //Global constants mostly from config.php
127  global $mysqli, $websiteUrl, $db, $successes;
128 
129  //Prevent this function being called if there were construction errors
130  if ($this->status) {
131  //Construct a secure hash for the plain text password
132  $secure_pass = generateImprovedHash($this->clean_password);
133 
134  //Administrator has to activate the account
135  $this->user_active = 0;
136 
137  // Create new email-instance
138  $mail = new UserCakeMail();
139 
140  //Construct a unique activation token
141  $this->activation_token = generateActivationToken();
142 
143  //Build the activation message
144  $activation_message = lang("ACCOUNT_ACTIVATION_MESSAGE", array($websiteUrl, $this->activation_token));
145 
146  //Define more if you want to build larger structures
147  $hooks = array(
148  "searchStrs" => array("#ACTIVATION-MESSAGE#", "#ACTIVATION-KEY", "#USERNAME#"),
149  "subjectStrs" => array($activation_message, $this->activation_token, $this->username)
150  );
151 
152  /* Build the template - Optional, you can just use the sendMail function
153  Instead to pass a message. */
154  if (!$mail->newTemplateMsg("new-registration.txt", $hooks)) {
155  $this->mail_failure = true;
156  } else {
157  //Send the mail. Specify users email here and subject.
158  //SendMail can have a third parementer for message if you do not wish to build a template.
159  if (!$mail->sendMail($this->clean_email, 'Neues Benutzerkonto')) {
160  $this->mail_failure = true;
161  }
162  }
163 
164  if (!$this->mail_failure) {
165  $mailValid = 0;
166  //Insert the user into the database providing no errors have been found.
167  $stmt = $mysqli->prepare("INSERT INTO " . $db['users'] . " (
168  user_name,
169  first_name,
170  last_name,
171  password,
172  email,
173  mobile,
174  activation_token,
175  last_activation_request,
176  lost_password_request,
177  active,
178  title,
179  sign_up_stamp,
180  last_sign_in_stamp,
181  valid_email
182  ) VALUES (
183  ?,
184  ?,
185  ?,
186  ?,
187  ?,
188  ?,
189  ?,
190  '" . time() . "',
191  '0',
192  ?,
193  '" . NEW_USER_TITLE . "',
194  '" . time() . "',
195  '0',
196  ?
197  )");
198 
199  $stmt->bind_param("sssssssii", $this->username, $this->firstname, $this->lastname, $secure_pass, $this->clean_email, $this->mobile, $this->activation_token, $this->user_active, $mailValid);
200  $stmt->execute();
201  $inserted_id = $mysqli->insert_id;
202  $stmt->close();
203 
204  // the user has to validate his email-address before he can loggin
205  resetValidMail($this->activation_token);
206 
207  if ($inserted_id <> DEFAULT_ADMIN_ACCOUNT) {
208  $default_permission = STANDARD_PERMISSION;
209  //Insert default permission into matches table
210  $stmt = $mysqli->prepare("INSERT INTO " . $db['user_permission'] . " (
211  user_id,
212  permission_id
213  ) VALUES (
214  ?,
215  ?
216  )");
217  $stmt->bind_param("ss", $inserted_id, $default_permission);
218  $stmt->execute();
219  $stmt->close();
220  } else {
221  $default_permission = ADMIN_PERMISSION;
222  $stmt = $mysqli->prepare("UPDATE " . $db['users'] . " SET active = '1', title = 'Administrator'
223  WHERE id = '1'");
224  $stmt->execute();
225  $stmt->close();
226  addPermission(ADMIN_PERMISSION, DEFAULT_ADMIN_ACCOUNT);
227  // after this one all users will have an user-id >= 1000
229  }
230 
231  // inform the user about his successful registration
232  $this->success = lang("ACCOUNT_REGISTRATION_COMPLETE_TYPE3", array($this->username));
233  }
234  }
235  }
236 
237  }
238 
239 ?>