<?php
////
// Author: Sean Colombo
// Date: 20061010
// ModD: 20080221 - Modified from Pedlr version to work with the new doItLater.com
//
// This class represents a user of the system.  To get the user object
// of the person browsing the site from anywhere in the code, just call
// "$user = getUser();" and the user will be returned.
// Any modifications to that user will automatically effect the global user
// since PHP uses references.
////

include_once 'includes/global.php';
include_once 'profiler.php';

class User{
	private $username;
	private $user_id;
	private $emailAddr;
	private $isLoggedIn;
	private $isAdmin;
	private $isVerified;
	private $isFriend;
	private $dateOfBirth;
	private $age;
	private $createdOn;
	private $updatedAt;
	private $lastLogin;
	private $GRACE_PERIOD = "INTERVAL 1 YEAR";	// this is a constant (read-only... don't make a mutator)
	private $REQUIRE_VERIFICATION = false;			// Requiring a verification 
	private $prefs;
	private $imageVer;

	public function User($username="[guest]", $userId=-1, $emailAddr="", $isLoggedIn=false, $isAdmin=false, $isVerified=false, $createdOn="", $lastLogin=""){
		profiler_beginSection(__METHOD__);
		$this->username = $username;
		$this->user_id = $userId;
		$this->emailAddr = $emailAddr;
		$this->isLoggedIn = $isLoggedIn;
		$this->isAdmin = $isAdmin;
		$this->isVerified = $isVerified;
		$this->isFriend = ""; // will load then cache the value as to whether this user is a friend of the currently logged in user
		$this->dateOfBirth = $this->age = "";
		$this->createdOn = $createdOn;
		$this->updatedAt = "";
		$this->lastLogin = $lastLogin;
		$this->prefs = ""; // will automatically load (then cache) if needed... these are the user preferences.
		$this->imageVer = "";
		profiler_endSection(__METHOD__);
	} // end User()
	// Accessors/mutators
	public function exists(){return ($this->user_id != -1);} // any time the user is found, the id will be set.  ie: this returns whether the user is a registered (not-a-guest) user.
	public function setUsername($name){$this->username = $name;}
	public function getUsername(){return $this->username;}
	public function getEmail(){return $this->emailAddr;}
	public function getId(){return $this->user_id;}
	public function getCreatedOn(){return $this->createdOn;}
	public function getUpdatedAt(){return $this->updatedAt;}
	public function isLoggedIn(){return $this->isLoggedIn;}
	public function isAdmin(){return ($this->isLoggedIn() && $this->isAdmin);}
	public function isSelf(){return ($this->user_id == getUser()->getId());}
	public function getGracePeriod(){return $this->GRACE_PERIOD;}
	public function getPrefs(){$this->loadPrefs();return $this->prefs;}
	public function getPref($prefName){$this->loadPrefs();return getVal($this->prefs, $prefName);}
	public function setPref($prefName, $val){
		profiler_beginSection(__METHOD__);
		$prefName = stripslashes($prefName); // prevents mysql-piggybacking
		$val = stripslashes($val);
		$this->loadPrefs();
		$this->prefs[$prefName] = $val;
		sendQuery("UPDATE userPreferences SET $prefName='$val' WHERE user_id='$this->user_id'");
		profiler_endSection(__METHOD__);
	}
	public function isVerified(){return $this->isVerified;}
	public function requiresVerification(){return $this->REQUIRE_VERIFICATION;}
	public function isFriend(){
		profiler_beginSection(__METHOD__);
		if($this->isFriend == ""){
			if($this->isLoggedIn()){
				$this->isFriend = true; // for now, you are considered a friend of yourself (no specific neccessity for this).
			} else {
				$tempUser = getUser();
				$loggedId = $tempUser->getId();
				$myId = $this->getId();
				$this->isFriend = (0<simpleQuery("SELECT COUNT(*) FROM friends WHERE friend_id_one='".min($myId,$loggedId)."' AND friend_id_two='".max($myId,$loggedId)."'"));
			}
		}
		profiler_endSection(__METHOD__);
		return $this->isFriend;
	} // end isFriend()
	public function getDateOfBirth(){
		if($this->dateOfBirth == ""){$this->loadAge();}
		return $this->dateOfBirth;
	}
	public function getAge(){
		if($this->age == ""){$this->loadAge();}
		return $this->age;
	}
	public function isAdult(){return ($this->getAge() >= MIN_AGE_ADULT);}
	public function setImageVer($imageVer){$this->imageVer = $imageVer;}
	public function getImageVer(){return ($this->imageVer==""?rand(100,200):$this->imageVer);} // gives it a random number if it fails miserably (this number is only to help browser caches).

	// A single string packed with info.  Mainly used for logging.
	public function getUserString(){
		$retVal = "{{ID_STRING|";
		$retVal.= (($this->isLoggedIn())?"USERNAME:".$this->getUsername()."|USERID:".$this->getId():"[not logged in]");
		$retVal.= "|IP:".$_SERVER['REMOTE_ADDR']."}}";
		return $retVal;
	}

	////
	// Loads and caches the user preferences.
	// Safe to call multiple times since it will not reload (unless 'forceReload' is passed as true)
	// after the initial caching.
	////
	public function loadPrefs($forceReload=false){
		profiler_beginSection(__METHOD__);
		if((!is_array($this->prefs)) || $forceReload){
			$db = connect();
			$queryString = "SELECT * FROM userPreferences WHERE user_id='$this->user_id'";
			if($result = mysql_query($queryString,$db)){
				if(($numRows = mysql_num_rows($result)) && ($numRows > 0)){
					$this->prefs = mysql_fetch_assoc($result);
					unset($this->prefs['user_id']); // unneeded duplicate... waste of space
				}
			} else {
				logQueryError("Error loading preferences for user $this->user_id", $queryString);
			}
		}
		profiler_endSection(__METHOD__);
	}
	
	////
	// Calculates the age.  Assumed to be somewhat processor-intensive, so this value is cached.
	////
	private function loadAge(){
		profiler_beginSection(__METHOD__);
		if($this->dateOfBirth == ""){
			// Don't use loadByQuery() here since this function is called from loadByQuery().
			$dob = simpleQuery("SELECT dateOfBirth FROM users WHERE id='$this->user_id'");
		} else {
			$dob = $this->dateOfBirth;
		}
		if($dob != ""){
			$this->dateOfBirth = $dob;
			//$daysInYear = 365.242199; // Takes into account leap-years, etc.
			//$secondsInYear = (60*60*24*$daysInYear); // seconds*minutes*hours*days
			//$this->age = ((strtotime('now')-strtotime($dob)) / $secondsInYear);
			$this->age = getAgeFromDob($dob);
		}
		profiler_endSection(__METHOD__);
	}

	////
	// Returns true iff the user was found.
	////
	public function loadById( $id ){
		return $this->loadByQuery("SELECT * FROM users WHERE id='$id'");
	}
	
	// Reload's this user's info from the database.
	public function reload(){$this->loadById($this->getId());}
	
	////
	// Returns true iff the user was found.
	////
	public function loadByUsername( $username ){
		return $this->loadByQuery("SELECT * FROM users WHERE username='$username'");
	}
	
	////
	// Returns true iff a user was found that matches the query.
	////
	private function loadByQuery($queryString){
		profiler_beginSection(__METHOD__);
		$retVal = false;
		$db = dil_connect();
		if($result = mysql_query($queryString,$db)){
			if(($numRows = mysql_num_rows($result)) && ($numRows > 0)){
				$retVal = true;
				$cnt = 0;
				$this->username = mysql_result($result, $cnt, "username");
				$this->user_id = mysql_result($result, $cnt, "id");
				$this->emailAddr = mysql_result($result, $cnt, "emailAddr");
				$this->isAdmin = (0 != mysql_result($result, $cnt, "isAdmin"));
				$this->isVerified = (0 != mysql_result($result, $cnt, "isVerified"));
				$this->createdOn = mysql_result($result, $cnt, "createdOn");
				$this->updatedAt = mysql_result($result, $cnt, "updatedAt");
				$this->lastLogin = mysql_result($result, $cnt, "lastLogin");
				$this->dateOfBirth = mysql_result($result, $cnt, "dateOfBirth");
				$this->imageVer = mysql_result($result, $cnt, "imageVer");
                
				$this->loadAge();
				$this->prefs = ""; // clear this out so it knows it has to re-load.
				$user = getUser();
				$this->isLoggedIn = ($this->user_id == $user->getId());
			}
		}
		profiler_endSection(__METHOD__);
		return $retVal;
	}

	////
	// Given a username and password, attempts to log in.
	// Returns true if a login was successful, false otherwise.
	//
	// If a code is passed in, that is compared against the stored emailed hash
	// to verify the email address.
	////
	public function login($username, $password, $emailCode="", $forceLogin=false){
		profiler_beginSection(__METHOD__);	
		$password = md5($password);
		if($emailCode != ''){
			$isMatch = simpleQuery("SELECT COUNT(*) FROM users WHERE username='$username' AND password='$password' AND isVerified=0 AND emailHash='$emailCode'");
			if($isMatch){
				sendQuery("UPDATE users SET isVerified=1 WHERE username='$username' AND password='$password' AND emailHash='$emailCode'");
			}
		}
		$gracePeriodStr = ($this->REQUIRE_VERIFICATION?" AND (isVerified=1 OR createdOn>NOW()-$this->GRACE_PERIOD)":"");
		if($forceLogin && getUser()->isAdmin()){
			$isMatch = simpleQuery("SELECT COUNT(*) FROM users WHERE username='$username'$gracePeriodStr");
		} else {
			$isMatch = simpleQuery("SELECT COUNT(*) FROM users WHERE username='$username' AND password='$password'$gracePeriod");
		}
		if(($isMatch != 0) && ($isMatch !== '')){
			// Log the user in.
			$this->isLoggedIn = true;
			$this->username = $username;
			$db = dil_connect();
			$queryString = "SELECT * FROM users WHERE username='$username'";
			if($this->loadByQuery($queryString)){
				sendQuery("UPDATE users SET lastLogin=NOW(), numLogins=numLogins+1, updatedAt=updatedAt WHERE id=$this->user_id");
			}

			saveUser();
		}
		profiler_endSection(__METHOD__);
		return $this->isLoggedIn;
	} // end login()

	////
	// Logs the current user out (is responsible for removing all traces for security reasons).
	////
	public function logout(){
		profiler_beginSection(__METHOD__);
		$this->isLoggedIn = false;
		$this->isAdmin = false;
		$this->username = $this->user_id = $this->emailAddr = "";
		foreach($_SESSION as $sKey=>$sVal){
			unset($_SESSION[$sKey]);
			session_unregister($sKey); // ignore the documentation.  this is a user-known bug that this and _unset() and _destroy() need to be called.
		}

		// These are needed so that the session values don't reappear on the next pageload (PHP ... 'feature'/bug).
		session_unset();
		session_destroy();
		clearUser(); // removes the user from the global variable for this page load.
		profiler_endSection(__METHOD__);
	} // end logout()

	////
	// Returns true if the email verification is required and user has not verified their email address and they are past the GRACE_PERIOD.
	////
	public function needsToVerify(){
		return ($this->REQUIRE_VERIFICATION && ("1" == simpleQuery("SELECT ((isVerified=0) AND (createdOn<NOW()-$this->GRACE_PERIOD)) AS needsToVerfiy FROM users WHERE username='$this->username'")));
	}

	public function toString(){
		return $this->username." (".$this->user_id.")";
	}

} // end class User

////
// Returns the current user of the site.
////
function getUser(){
	include_once "user.php";
	GLOBAL $dil_main_user;
	if(!isset($dil_main_user)){
		if(isset($_SESSION['dil_user'])){
			if(strtolower(get_class($_SESSION['dil_user'])) == "user"){
				$dil_main_user = $_SESSION['dil_user'];
			} else {
				$dil_main_user = new User();
				logEvent("Error: user in session is of type ".get_class($_SESSION['dil_user'])."<br/>");
			}
		} else {
			$dil_main_user = new User();
		}
	}
	return $dil_main_user;
} // end getUser()

////
// Saves the main user for the session.  Call this after making change to the main, logged-in user.
////
function saveUser(){
	GLOBAL $dil_main_user;
	$_SESSION['dil_user'] = $dil_main_user;
}

////
// Delets the user from the global variable tracking the user.
// NOTE: This is NOT the same as logging out.  Please use User::logout() to actually log out because
// there is a lot more that needs to be done (this is just one part that is called from User::logout().
////
function clearUser(){
	GLOBAL $dil_main_user;
	$dil_main_user = new User();
	unset($dil_main_user);
	if(isset($_SESSION['dil_user'])){
		unset($_SESSION['dil_user']);
	}
}

?>