1 <?php
  2 /**
  3  * @package     Joomla.Platform
  4  * @subpackage  Table
  5  *
  6  * @copyright   Copyright (C) 2005 - 2017 Open Source Matters, Inc. All rights reserved.
  7  * @license     GNU General Public License version 2 or later; see LICENSE
  8  */
  9 
 10 defined('JPATH_PLATFORM') or die;
 11 
 12 use Joomla\Registry\Registry;
 13 use Joomla\Utilities\ArrayHelper;
 14 
 15 /**
 16  * Users table
 17  *
 18  * @since  11.1
 19  */
 20 class JTableUser extends JTable
 21 {
 22     /**
 23      * Associative array of group ids => group ids for the user
 24      *
 25      * @var    array
 26      * @since  11.1
 27      */
 28     public $groups;
 29 
 30     /**
 31      * Constructor
 32      *
 33      * @param   JDatabaseDriver  $db  Database driver object.
 34      *
 35      * @since  11.1
 36      */
 37     public function __construct($db)
 38     {
 39         parent::__construct('#__users', 'id', $db);
 40 
 41         // Initialise.
 42         $this->id = 0;
 43         $this->sendEmail = 0;
 44     }
 45 
 46     /**
 47      * Method to load a user, user groups, and any other necessary data
 48      * from the database so that it can be bound to the user object.
 49      *
 50      * @param   integer  $userId  An optional user id.
 51      * @param   boolean  $reset   False if row not found or on error
 52      *                           (internal error state set in that case).
 53      *
 54      * @return  boolean  True on success, false on failure.
 55      *
 56      * @since   11.1
 57      */
 58     public function load($userId = null, $reset = true)
 59     {
 60         // Get the id to load.
 61         if ($userId !== null)
 62         {
 63             $this->id = $userId;
 64         }
 65         else
 66         {
 67             $userId = $this->id;
 68         }
 69 
 70         // Check for a valid id to load.
 71         if ($userId === null)
 72         {
 73             return false;
 74         }
 75 
 76         // Reset the table.
 77         $this->reset();
 78 
 79         // Load the user data.
 80         $query = $this->_db->getQuery(true)
 81             ->select('*')
 82             ->from($this->_db->quoteName('#__users'))
 83             ->where($this->_db->quoteName('id') . ' = ' . (int) $userId);
 84         $this->_db->setQuery($query);
 85         $data = (array) $this->_db->loadAssoc();
 86 
 87         if (!count($data))
 88         {
 89             return false;
 90         }
 91 
 92         // Convert email from punycode
 93         $data['email'] = JStringPunycode::emailToUTF8($data['email']);
 94 
 95         // Bind the data to the table.
 96         $return = $this->bind($data);
 97 
 98         if ($return !== false)
 99         {
100             // Load the user groups.
101             $query->clear()
102                 ->select($this->_db->quoteName('g.id'))
103                 ->select($this->_db->quoteName('g.title'))
104                 ->from($this->_db->quoteName('#__usergroups') . ' AS g')
105                 ->join('INNER', $this->_db->quoteName('#__user_usergroup_map') . ' AS m ON m.group_id = g.id')
106                 ->where($this->_db->quoteName('m.user_id') . ' = ' . (int) $userId);
107             $this->_db->setQuery($query);
108 
109             // Add the groups to the user data.
110             $this->groups = $this->_db->loadAssocList('id', 'id');
111         }
112 
113         return $return;
114     }
115 
116     /**
117      * Method to bind the user, user groups, and any other necessary data.
118      *
119      * @param   array  $array   The data to bind.
120      * @param   mixed  $ignore  An array or space separated list of fields to ignore.
121      *
122      * @return  boolean  True on success, false on failure.
123      *
124      * @since   11.1
125      */
126     public function bind($array, $ignore = '')
127     {
128         if (array_key_exists('params', $array) && is_array($array['params']))
129         {
130             $registry = new Registry($array['params']);
131             $array['params'] = (string) $registry;
132         }
133 
134         // Attempt to bind the data.
135         $return = parent::bind($array, $ignore);
136 
137         // Load the real group data based on the bound ids.
138         if ($return && !empty($this->groups))
139         {
140             // Set the group ids.
141             $this->groups = ArrayHelper::toInteger($this->groups);
142 
143             // Get the titles for the user groups.
144             $query = $this->_db->getQuery(true)
145                 ->select($this->_db->quoteName('id'))
146                 ->select($this->_db->quoteName('title'))
147                 ->from($this->_db->quoteName('#__usergroups'))
148                 ->where($this->_db->quoteName('id') . ' = ' . implode(' OR ' . $this->_db->quoteName('id') . ' = ', $this->groups));
149             $this->_db->setQuery($query);
150 
151             // Set the titles for the user groups.
152             $this->groups = $this->_db->loadAssocList('id', 'id');
153         }
154 
155         return $return;
156     }
157 
158     /**
159      * Validation and filtering
160      *
161      * @return  boolean  True if satisfactory
162      *
163      * @since   11.1
164      */
165     public function check()
166     {
167         // Set user id to null istead of 0, if needed
168         if ($this->id === 0)
169         {
170             $this->id = null;
171         }
172 
173         $filterInput = JFilterInput::getInstance();
174 
175         // Validate user information
176         if ($filterInput->clean($this->name, 'TRIM') == '')
177         {
178             $this->setError(JText::_('JLIB_DATABASE_ERROR_PLEASE_ENTER_YOUR_NAME'));
179 
180             return false;
181         }
182 
183         if ($filterInput->clean($this->username, 'TRIM') == '')
184         {
185             $this->setError(JText::_('JLIB_DATABASE_ERROR_PLEASE_ENTER_A_USER_NAME'));
186 
187             return false;
188         }
189 
190         if (preg_match('#[<>"\'%;()&\\\\]|\\.\\./#', $this->username) || strlen(utf8_decode($this->username)) < 2
191             || $filterInput->clean($this->username, 'TRIM') !== $this->username)
192         {
193             $this->setError(JText::sprintf('JLIB_DATABASE_ERROR_VALID_AZ09', 2));
194 
195             return false;
196         }
197 
198         if (($filterInput->clean($this->email, 'TRIM') == '') || !JMailHelper::isEmailAddress($this->email))
199         {
200             $this->setError(JText::_('JLIB_DATABASE_ERROR_VALID_MAIL'));
201 
202             return false;
203         }
204 
205         // Convert email to punycode for storage
206         $this->email = JStringPunycode::emailToPunycode($this->email);
207 
208         // Set the registration timestamp
209         if (empty($this->registerDate) || $this->registerDate == $this->_db->getNullDate())
210         {
211             $this->registerDate = JFactory::getDate()->toSql();
212         }
213 
214         // Set the lastvisitDate timestamp
215         if (empty($this->lastvisitDate))
216         {
217             $this->lastvisitDate = $this->_db->getNullDate();
218         }
219 
220         // Set the lastResetTime timestamp
221         if (empty($this->lastResetTime))
222         {
223             $this->lastResetTime = $this->_db->getNullDate();
224         }
225 
226         // Check for existing username
227         $query = $this->_db->getQuery(true)
228             ->select($this->_db->quoteName('id'))
229             ->from($this->_db->quoteName('#__users'))
230             ->where($this->_db->quoteName('username') . ' = ' . $this->_db->quote($this->username))
231             ->where($this->_db->quoteName('id') . ' != ' . (int) $this->id);
232         $this->_db->setQuery($query);
233 
234         $xid = (int) $this->_db->loadResult();
235 
236         if ($xid && $xid != (int) $this->id)
237         {
238             $this->setError(JText::_('JLIB_DATABASE_ERROR_USERNAME_INUSE'));
239 
240             return false;
241         }
242 
243         // Check for existing email
244         $query->clear()
245             ->select($this->_db->quoteName('id'))
246             ->from($this->_db->quoteName('#__users'))
247             ->where($this->_db->quoteName('email') . ' = ' . $this->_db->quote($this->email))
248             ->where($this->_db->quoteName('id') . ' != ' . (int) $this->id);
249         $this->_db->setQuery($query);
250         $xid = (int) $this->_db->loadResult();
251 
252         if ($xid && $xid != (int) $this->id)
253         {
254             $this->setError(JText::_('JLIB_DATABASE_ERROR_EMAIL_INUSE'));
255 
256             return false;
257         }
258 
259         // Check for root_user != username
260         $config = JFactory::getConfig();
261         $rootUser = $config->get('root_user');
262 
263         if (!is_numeric($rootUser))
264         {
265             $query->clear()
266                 ->select($this->_db->quoteName('id'))
267                 ->from($this->_db->quoteName('#__users'))
268                 ->where($this->_db->quoteName('username') . ' = ' . $this->_db->quote($rootUser));
269             $this->_db->setQuery($query);
270             $xid = (int) $this->_db->loadResult();
271 
272             if ($rootUser == $this->username && (!$xid || $xid && $xid != (int) $this->id)
273                 || $xid && $xid == (int) $this->id && $rootUser != $this->username)
274             {
275                 $this->setError(JText::_('JLIB_DATABASE_ERROR_USERNAME_CANNOT_CHANGE'));
276 
277                 return false;
278             }
279         }
280 
281         return true;
282     }
283 
284     /**
285      * Method to store a row in the database from the JTable instance properties.
286      *
287      * If a primary key value is set the row with that primary key value will be updated with the instance property values.
288      * If no primary key value is set a new row will be inserted into the database with the properties from the JTable instance.
289      *
290      * @param   boolean  $updateNulls  True to update fields even if they are null.
291      *
292      * @return  boolean  True on success.
293      *
294      * @since   11.1
295      */
296     public function store($updateNulls = false)
297     {
298         // Get the table key and key value.
299         $k = $this->_tbl_key;
300         $key = $this->$k;
301 
302         // TODO: This is a dumb way to handle the groups.
303         // Store groups locally so as to not update directly.
304         $groups = $this->groups;
305         unset($this->groups);
306 
307         // Insert or update the object based on presence of a key value.
308         if ($key)
309         {
310             // Already have a table key, update the row.
311             $this->_db->updateObject($this->_tbl, $this, $this->_tbl_key, $updateNulls);
312         }
313         else
314         {
315             // Don't have a table key, insert the row.
316             $this->_db->insertObject($this->_tbl, $this, $this->_tbl_key);
317         }
318 
319         // Reset groups to the local object.
320         $this->groups = $groups;
321 
322         $query = $this->_db->getQuery(true);
323 
324         // Store the group data if the user data was saved.
325         if (is_array($this->groups) && count($this->groups))
326         {
327             // Grab all usergroup entries for the user
328             $query -> clear()
329                 -> select($this->_db->quoteName('group_id'))
330                 -> from($this->_db->quoteName('#__user_usergroup_map'))
331                 -> where($this->_db->quoteName('user_id') . ' = ' . (int) $this->id);
332 
333             $this->_db->setQuery($query);
334             $result = $this->_db->loadObjectList();
335 
336             // Loop through them and check if database contains something $this->groups does not
337             if (count($result))
338             {
339                 foreach ($result as $map)
340                 {
341                     if (array_key_exists($map->group_id, $this->groups))
342                     {
343                         // It already exists, no action required
344                         unset($groups[$map->group_id]);
345                     }
346                     else
347                     {
348                         // It should be removed
349                         $query -> clear()
350                             -> delete($this->_db->quoteName('#__user_usergroup_map'))
351                             -> where($this->_db->quoteName('user_id') . ' = ' . (int) $this->id)
352                             -> where($this->_db->quoteName('group_id') . ' = ' . (int) $map->group_id);
353 
354                         $this->_db->setQuery($query);
355                         $this->_db->execute();
356                     }
357                 }
358             }
359 
360             // If there is anything left in this->groups it needs to be inserted
361             if (count($groups))
362             {
363                 // Set the new user group maps.
364                 $query->clear()
365                     ->insert($this->_db->quoteName('#__user_usergroup_map'))
366                     ->columns(array($this->_db->quoteName('user_id'), $this->_db->quoteName('group_id')));
367 
368                 // Have to break this up into individual queries for cross-database support.
369                 foreach ($groups as $group)
370                 {
371                     $query->clear('values')
372                         ->values($this->id . ', ' . $group);
373                     $this->_db->setQuery($query);
374                     $this->_db->execute();
375                 }
376             }
377 
378             unset($groups);
379         }
380 
381         // If a user is blocked, delete the cookie login rows
382         if ($this->block == (int) 1)
383         {
384             $query->clear()
385                 ->delete($this->_db->quoteName('#__user_keys'))
386                 ->where($this->_db->quoteName('user_id') . ' = ' . $this->_db->quote($this->username));
387             $this->_db->setQuery($query);
388             $this->_db->execute();
389         }
390 
391         return true;
392     }
393 
394     /**
395      * Method to delete a user, user groups, and any other necessary data from the database.
396      *
397      * @param   integer  $userId  An optional user id.
398      *
399      * @return  boolean  True on success, false on failure.
400      *
401      * @since   11.1
402      */
403     public function delete($userId = null)
404     {
405         // Set the primary key to delete.
406         $k = $this->_tbl_key;
407 
408         if ($userId)
409         {
410             $this->$k = (int) $userId;
411         }
412 
413         // Delete the user.
414         $query = $this->_db->getQuery(true)
415             ->delete($this->_db->quoteName($this->_tbl))
416             ->where($this->_db->quoteName($this->_tbl_key) . ' = ' . (int) $this->$k);
417         $this->_db->setQuery($query);
418         $this->_db->execute();
419 
420         // Delete the user group maps.
421         $query->clear()
422             ->delete($this->_db->quoteName('#__user_usergroup_map'))
423             ->where($this->_db->quoteName('user_id') . ' = ' . (int) $this->$k);
424         $this->_db->setQuery($query);
425         $this->_db->execute();
426 
427         /*
428          * Clean Up Related Data.
429          */
430 
431         $query->clear()
432             ->delete($this->_db->quoteName('#__messages_cfg'))
433             ->where($this->_db->quoteName('user_id') . ' = ' . (int) $this->$k);
434         $this->_db->setQuery($query);
435         $this->_db->execute();
436 
437         $query->clear()
438             ->delete($this->_db->quoteName('#__messages'))
439             ->where($this->_db->quoteName('user_id_to') . ' = ' . (int) $this->$k);
440         $this->_db->setQuery($query);
441         $this->_db->execute();
442 
443         $query->clear()
444             ->delete($this->_db->quoteName('#__user_keys'))
445             ->where($this->_db->quoteName('user_id') . ' = ' . $this->_db->quote($this->username));
446         $this->_db->setQuery($query);
447         $this->_db->execute();
448 
449         return true;
450     }
451 
452     /**
453      * Updates last visit time of user
454      *
455      * @param   integer  $timeStamp  The timestamp, defaults to 'now'.
456      * @param   integer  $userId     The user id (optional).
457      *
458      * @return  boolean  False if an error occurs
459      *
460      * @since   11.1
461      */
462     public function setLastVisit($timeStamp = null, $userId = null)
463     {
464         // Check for User ID
465         if (is_null($userId))
466         {
467             if (isset($this))
468             {
469                 $userId = $this->id;
470             }
471             else
472             {
473                 jexit('No userid in setLastVisit');
474             }
475         }
476 
477         // If no timestamp value is passed to function, than current time is used.
478         $date = JFactory::getDate($timeStamp);
479 
480         // Update the database row for the user.
481         $db = $this->_db;
482         $query = $db->getQuery(true)
483             ->update($db->quoteName($this->_tbl))
484             ->set($db->quoteName('lastvisitDate') . '=' . $db->quote($date->toSql()))
485             ->where($db->quoteName('id') . '=' . (int) $userId);
486         $db->setQuery($query);
487         $db->execute();
488 
489         return true;
490     }
491 }
492 

Joomla! Framework TM API documentation generated by ApiGen 2.8.0
Joomla!® and Joomla! Framework™ are trademarks of Open Source Matters, Inc. in the United States and other countries.