Merge branch 'extended-cookie'

[scuttle] / services / userservice.php

diff --git a/services/userservice.php b/services/userservice.php
index 1e7ed46981a39e46b0a4370d2b8735246ffd65d5..b55a7df44ec63f8f0bf75f70400f8bee3f81597f 100644 (file)
--- a/services/userservice.php
+++ b/services/userservice.php
@@ -1,24 +1,25 @@
 <?php
 class UserService {
-    var $db;
+  var $db;
 
-    function &getInstance(&$db) {
-        static $instance;
-        if (!isset($instance))
-            $instance =& new UserService($db);
-        return $instance;
+  function &getInstance(&$db) {
+    static $instance;
+    if (!isset($instance)) {
+      $instance = new UserService($db);
     }
-
-    var $fields = array(
-        'primary'   =>  'uId',
-        'username'  =>  'username',
-        'password'  =>  'password'
-    );
-    var $profileurl;
-    var $tablename;
-    var $sessionkey;
-    var $cookiekey;
-    var $cookietime = 1209600; // 2 weeks
+    return $instance;
+  }
+
+  var $fields = array(
+    'primary'   => 'uId',
+    'username'  => 'username',
+    'password'  => 'password'
+  );
+  var $profileurl;
+  var $tablename;
+  var $sessionkey;
+  var $cookiekey;
+  var $cookietime = 63072000; // 2 years
 
     function UserService(&$db) {
         $this->db =& $db;
@@ -40,7 +41,7 @@ class UserService {
         if(!empty($host)) {
             @exec("nslookup -type=$type $host", $output);
             while(list($k, $line) = each($output)) {
-                if(eregi("^$host", $line)) {
+                if(preg_match("/^$host/i", $line)) {   //eregi("^$host", $line)
                     return true;
                 }
             }
@@ -62,9 +63,16 @@ class UserService {
             return false;
     }
 
+    function _in_regex_array($value, $array) {
+      foreach ($array as $key => $pattern) {
+        if (preg_match($pattern, $value)) {
+          return TRUE;
+        }
+      }
+      return FALSE;
+    }
+
     function _randompassword() {
-        $seed = (integer) md5(microtime());
-        mt_srand($seed);
         $password = mt_rand(1, 99999999);
         $password = substr(md5($password), mt_rand(0, 19), mt_rand(6, 12));
         return $password;
@@ -124,7 +132,7 @@ class UserService {
         if (isset($_SESSION[$this->getSessionKey()])) {
             return $_SESSION[$this->getSessionKey()];
         } else if (isset($_COOKIE[$this->getCookieKey()])) {
-            $cook = split(':', $_COOKIE[$this->getCookieKey()]);
+            $cook = explode(':', $_COOKIE[$this->getCookieKey()]); //split(':', $_COOKIE[$this->getCookieKey()]);
             //cookie looks like this: 'id:md5(username+password)'
             $query = 'SELECT * FROM '. $this->getTableName() .
                      ' WHERE MD5(CONCAT('.$this->getFieldName('username') .
@@ -145,7 +153,7 @@ class UserService {
         return false;
     }
 
-    function login($username, $password, $remember = FALSE) {
+    function login($username, $password, $remember = FALSE, $path = '/') {
         $password = $this->sanitisePassword($password);
         $query = 'SELECT '. $this->getFieldName('primary') .' FROM '. $this->getTableName() .' WHERE '. $this->getFieldName('username') .' = "'. $this->db->sql_escape($username) .'" AND '. $this->getFieldName('password') .' = "'. $this->db->sql_escape($password) .'"';
 
@@ -158,7 +166,7 @@ class UserService {
             $id = $_SESSION[$this->getSessionKey()] = $row[$this->getFieldName('primary')];
             if ($remember) {
                 $cookie = $id .':'. md5($username.$password);
-                setcookie($this->cookiekey, $cookie, time() + $this->cookietime);
+                setcookie($this->cookiekey, $cookie, time() + $this->cookietime, $path);
             }
             return true;
         } else {
@@ -166,8 +174,8 @@ class UserService {
         }
     }
 
-    function logout() {
-        @setcookie($this->cookiekey, NULL, time() - 1);
+    function logout($path = '/') {
+        @setcookie($this->cookiekey, NULL, time() - 1, $path);
         unset($_COOKIE[$this->cookiekey]);
         session_unset();
         $this->getCurrentUser(TRUE, false);
@@ -326,6 +334,29 @@ class UserService {
             return false;
     }
 
+    function isBlockedEmail($email) {
+      // Check whitelist
+      $whitelist = $GLOBALS['email_whitelist'];
+      if (!is_null($whitelist) && is_array($whitelist)) {
+        if (!$this->_in_regex_array($email, $whitelist)) {
+          // Not in whitelist -> blocked
+          return TRUE;
+        }
+      }
+
+      // Check blacklist
+      $blacklist = $GLOBALS['email_blacklist'];
+      if (!is_null($blacklist) && is_array($blacklist)) {
+        if ($this->_in_regex_array($email, $blacklist)) {
+          // In blacklist -> blocked
+          return TRUE;
+        }
+      }
+
+      // Not blocked
+      return FALSE;
+    }
+
     function isReserved($username) {
         if (in_array($username, $GLOBALS['reservedusers'])) {
             return true;
@@ -335,8 +366,8 @@ class UserService {
     }
 
     function isValidEmail($email) {
-        if (eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$", $email)) {
-            list($emailUser, $emailDomain) = split("@", $email);
+        if (preg_match("/^((?:(?:(?:\w[\.\-\+_]?)*)\w)+)\@((?:(?:(?:\w[\.\-_]?){0,62})\w)+)\.(\w{2,6})$/i", $email) > 0) {
+            list($emailUser, $emailDomain) = explode("@", $email);
 
             // Check if the email domain has a DNS record
             if ($this->_checkdns($emailDomain)) {
@@ -359,4 +390,3 @@ class UserService {
     function getCookieKey()       { return $this->cookiekey; }
     function setCookieKey($value) { $this->cookiekey = $value; }
 }
-?>