base-user.inc.php

Go to the documentation of this file.

<?
abstract class BaseUser extends MyObject
{
    public $their;
    
    public $pronoun;

    public $profileImage = null;

    public static $authCacheLife = 86400;
    
    public function __construct($data = null, $table = 'users')
    {
        $this->hasAuthor = false;
        $this->profileImage = new Image();
        
        parent::__construct($data, $table);
        
        //setup some pronouns and shite.
        $this->pronoun = 'them';
        $this->their = 'their';
        if ($this->gender == 'female')
        {
            $this->pronoun = 'her';
            $this->their = 'her';
        }
        else if ($this->gender == 'male')
        {
            $this->pronoun = 'him';
            $this->their = 'his';
        }

        //is our auth_secret not defined?
        if (!Config::get('auth_secret'))
            throw new Exception('You must Config::set(\'auth_secret\').');

        //add in fulltext fields
        $this->fullTextFields[] = 'first_name';
        $this->fullTextFields[] = 'last_name';
    }
    
    public function isAdmin()
    {
        return (bool)$this->is_admin;
    }

    public function initLoginPage()
    {
        global $me;
        
        $this->pageTitle = 'Login';
        
        if ($this->params('status'))
            $this->addStatus($this->params('status'));

        if ($me->id)
            throw new PageError('You cannot login if you are already logged in.  Please log our first.');
    }

    public function initViewPage()
    {
        global $me;
        
        //are we viewing our own profile?
        if (!$this->params('id'))
        {
            if ($me->id)
                $this->setParam('id', $me->id);
            //ya gotta log in fool
            else
                $this->assertLogin();
        }
        
        //call our parent
        parent::initViewPage();
    }

    public function drawLoginPage()
    { 
        //create and process our login form.
        $form = $this->createLoginForm($this->redir);
        $this->processLoginForm($form);
        $email = $form->getData('username');
        
        //draw our form!!!
        $form->drawIfNeeded();

        //draw our links
        echo "<br/>\n";
        echo $this->getLink(".register?email=$email", 'Register') . " | ";
        echo $this->getLink(".lostpass?email=$email", 'Lost Password');
    }

    public function processLoginForm($form)
    {
        if ($form->isSubmittedAndValid())
        {
            if ($this->authenticate($form->getData('username'), $form->getData('password'), $form->getData('remember_me')))
            {
                if ($form->getData('redirect'))
                    Util::redirect(base64_decode($form->getData('redirect')));
                else
                    Util::redirect($this->getUrl('main'));
            }
            else
            {
                $email = $form->getData('username');
                $userId = $this->accountExists($email);
                if ($userId)
                {
                    $this->id = $userId;
                    if (Config::get("users_must_activate") && $this->activation_key != '')
                        $form->setError('username', "
                            Login failed.<br/>
                            You must " . 
                            $this->getLink(".activatehelp?email=$email", 'activate') . 
                            ' your account first.'
                        );
                    else
                        $form->setError('password', "
                        Login failed, please try again.
                        Remember: passwords are case sensitive.
                    ");
                }
                else
                    $form->setError('username', "
                        Account does not exist<br>
                        You may " . $this->getLink(".register?email=$email", 'register') . ' it.'
                    );
            }
        }
    } 

    public function createLoginForm($redirect = null)
    {
        $form = new Form(new OneColumnTableLayout());
        $form->action = $this->getUrl(".login");
        $form->name = 'loginForm';
        
        $form->add('HiddenField', 'redirect', array(
            'value' => $redirect
        ));
    
        //add username field
        $this->loginFormAddUsernameField($form);
        
        $form->add('PasswordField', 'password', array(
            'required' => true,
            'width' => '100%',
            'maxlength' => 255,
            'title' => 'Password'
        ));
        
        $form->add('CheckboxField', 'remember_me', array(
            'label' => 'Remember Me',
            'value' => 1
        ));
        
        $form->addSubmit('Login');

        return $form;
    }

    protected function loginFormAddUsernameField($form)
    {
        $form->add('TextField', 'username', array(
            'required' => true,
            'width' => '100%',
            'maxlength' => 255,
            'title' => 'Email'
        ));
    }
    
    static public function makePassword($len = 8)
    {
        //our vowel/consonant arrays
        $letter = array(
           array("b","c","d","f","g","h","j","k","l","m","n","p","q","r","s","t","v","w","x","y","z"),
           array("a","e","i","o","u")
        );
        
        //blank pass
        $pass = "";
        
        //vowels or consonants?
        $set = round(rand(0,1));
        for ($i=0; $i<$len; $i++)
        {
            //alternate
            $set = !$set;

            //get a random key...
            $idx = floor(rand(0, count($letter[$set])-1));

            //add it to the pass
            $pass .= $letter[$set][$idx];
        }

        return $pass;
    }

    function initLogoutPage()
    {
        global $me;

        if ($me->id)
            $me->logoutProcess();

        Util::redirect($this->baseUrl);
    }
    
    function drawLogoutPage()
    {
        echo 'You have been logged out.';
    }

    function initRegisterPage()
    {
        global $me;
        
        $this->pageTitle = 'Register New Account';

        if ($me->id)
            throw new PageError('You are logged in, you don\'t need another account. Please log out first.');
    }

    function createRegisterForm()
    {
        $form = new Form();
        $form->action = $this->getUrl(".register");
    
        //add oru fields in
        $this->registerFormAddFields($form);

        return $form;
    }

    protected function registerFormAddFields($form)
    {
        $form->add('EmailField', 'email', array(
            'required' => true,
        ));
        $form->add('TextField', 'username', array(
            'required' => true,
            'size' => 50
        ));
        $form->add('PasswordField', 'password1', array(
            'required' => true,
            'title' => 'Password',
        ));
        $form->add('PasswordField', 'password2', array(
            'required' => true,
            'title' => 'Password Again',
        ));

        if ($this->hasField('birthday'))
            $form->add('DateField', 'birthday', array(
                'required' => true,
                'beginYear' => 1900,
                'endYear' => date('Y')
            ));
        
        $form->add('CheckboxField', 'read_tos', array(
            'title' => '',
            'label' => 'I have read the <a href=\'' . $this->getUrl(array('module' => 'main', 'page' => 'tos')) .
                '\' target=\'_blank\'>Terms of Service</a>.'
        ));
        $form->add('CheckboxField', 'am_of_age', array(
            'title' => '',
            'label' => 'I am at least <b>' . Config::get('minimum_age') . ' years</b> of age.'
        ));

        $form->addSubmit("Register");

        return $form;
    }

    function drawRegisterPage()
    {
        $form = $this->createRegisterForm();
        
        if ($form->isSubmitted())
        {
            $this->validateRegistration($form);
            
            if (!$form->hasError())
                $this->registrationPostSuccess($form);
        }
        else
        {
            $email = $this->params('email');
            if ($email)
                $form->setData(array('email' => $email));
        }
        
        //finally draw the form if needed
        if ($form->needsDrawn())
            $form->drawAll();
    }

    protected function validateRegistration($form)
    {
        //validate oru form.
        $form->validate();
        
        //make them agree to the TOS
        if (!$form->getData('read_tos'))
            $form->setError('read_tos', 'You must read and agree to the Terms of Service');

        //check our passwords
        if ($form->getData('password1') != $form->getData('password2'))
            $form->setError('password2', 'Your passwords must match.');

        //handle age stuff...
        $parentPerm = $form->getData('am_of_age');
        if (!$parentPerm)
            $form->setError('am_of_age', 'By law, we cannot allow
            people under ' . Config::get('minimum_age') . '  to access the site. You must
            agree that you are able to access this site.');

        //setup the minimum age date.
        $year = date("Y") - Config::get('minimum_age');
        $month = date("m");
        $day = date("d");
        $time = strtotime("$year-$month-$day");
        
        //get their birthday
        $bday = $form->getData('birthday');
        $bdayTime = strtotime($bday);

        //do our error...
        if ($bdayTime > $time)
            $form->setError('birthday', 'You are not old enough to access this site.');

        //check for duplicates
        if ($this->accountExists($form->getData('email')))
            $form->setError('email',
                'That email has already been registered.  If it is yours, <br/>you may <a href="' .
                $this->getUrl(".login") . '">login</a> or if you forgot it, <a href="' . 
                $this->getUrl(".lostpass?email=" . $form->getData("email")) . '">reset your password.</a>');

        //want to make sure we can check on username.
        if ($form->hasField('username'))
            if ($this->usernameExists($form->getData('username')))
                $form->setError('username', 'That username already exists.');
    }

    protected function usernameExists($username)
    {
        return (bool)dbGetNumRows(dbQuery("
            SELECT id
            FROM users
            WHERE username = '$username'
        "));
    }

    protected function registrationPostSuccess($form)
    {
        global $me;
        
        //hash our pass
        $pass = $form->getData('password1');
        $encPass = sha1($pass);
        $this->password = $encPass;

        //save our stuff.
        $this->editPagePostSaveSync($form);

        //send our activation email
        if (Config::get('users_must_activate'))
            $this->sendActivationEmail();
        //or just log them in...
        else
        {
            $this->doLogin();
            Util::redirect($this->getUrl('.main'));
        }
    }
    
    function accountExists($email)
    {
        if ($ar = dbFetchAssoc(dbQuery("
            SELECT id
            FROM $this->tableName
            WHERE email = '$email'
        ")))
            return $ar['id'];
        else
            return false;
    }

    function initEditPage()
    {
        global $me;
        
        //must be logged in.
        $this->assertLogin();
    
        //get our id...
        $this->id = $this->params('id');
    
        //no id?... no problem.
        if (!$this->id)
            $this->id = $me->id;
        
        //can we edit?
        if (!$this->canEdit())
            throw new PageError('You do not have permission to edit this profile.');
        else
            $this->pageTitle = 'Edit Profile';
    }

    function editFormValidate($form)
    {
        parent::editFormValidate($form);
        
        $email = trim($form->getData('email'));
        if (strlen($email) && $email != $this->email)
        {
            if ($this->accountExists($email))
                $form->setError('email', 'That email is already in use.');
        }
    }

    function editFormAddFields($form)
    {
        global $me;

        if ($me->isAdmin() && $this->hasField('is_admin'))
            $form->add('CheckboxField', 'is_admin');
    
        if ($this->hasField('first_name') && $this->hasField('last_name'))
            $form->add('NameField', 'name', array(
                'required' => true
            ));
            
        if ($this->hasField('email'))
            $form->add('EmailField', 'email', array(
                'required' => true,
                'size' => 45,
                'maxlength' => 255
            ));
        
        if ($this->hasField('birthday'))
        {
            $form->add('DateField', 'birthday', array(
                'beginYear' => 1900,
                'endYear' => date('Y')
            ));
        }

        if ($this->hasField('gender'))
            $form->add('GenderField', 'gender', array());

        if ($this->hasField('website'))
            $form->add('TextField', 'website', array(
                'size' => 45,
                'maxlength' => 255
            ));
        
        if ($this->hasField('phone_number'))
            $form->add('PhoneField', 'phone_number', array(
            ));
    
        if ($this->hasField('cell_number'))
            $form->add('PhoneField', 'cell_number', array(
                'title' => 'Cellphone Number'
            ));
    
        if ($this->hasField('street'))
            $form->add('TextField', 'street', array(
                'size' => 45,
                'maxlength' => 255,
                'title' => 'Street Address'
            ));
    
        if ($this->hasField('city') && $this->hasField('state') && $this->hasField('zip'))
            $form->add('CityStateZipField', 'citystzip', array(
                'title' => 'City / State / Zip'
            ));
    
        if ($this->hasField('about_me'))
            $form->add('EditorField', 'about_me', array(
                "width" => '100%',
                "height" => '300px',
                "title" => 'About Me'
            ));
    }

    function editPagePostSaveSync($form)
    {
        global $me;
        
        //save the first name?
        if ($form->hasField('name') && $this->hasField('first_name') && $this->hasField('last_name'))
        {
            $name = $form->getData('name');
            $this->first_name = $name['first_name'];
            $this->last_name = $name['last_name'];
        }
        
        //save it!!
        parent::editPagePostSaveSync($form);
        
        //create our session?
        if ($this->id == $me->id)
            $me->createSession();
    }

    function canEdit()
    {
        global $me;

        if ($me->isAdmin() || $this->isMe())
            return true;
        return false;
    }
    
    function initLostPassPage()
    {
        global $me;

        $this->pageTitle = 'Lost Password Retrieval';
    
        if ($me->id)
            throw new PageError("You're already logged in, if you want to change your password, you can do so via your profile.");
    }

    function createLostPassForm()
    {
        $form = new Form();
        $form->action = $this->getUrl('.lostpass');

        $form->add('EmailField', 'email', array(
            'title' => 'Email Address',
            'required' => true,
            'size' => 50,
            'maxlength' => 255
        ));
        $form->addSubmit("Request Password Reset");

        return $form;
    }
    
    function drawLostpassPage()
    {
        if (!$this->id)
        {
            $form = $this->createLostPassForm();

            if ($form->isSubmitted())
            {
                $form->validate();

                if (!$form->hasError())
                {
                    $email = $form->getData('email');
                    if ($this->requestPassReset($email))
                        echo "<p>We have emailed your password request to $email.</p>";
                    else
                        $form->setError('email', 'We did not find that email, you may ' .
                        $this->getLink(".register?email=$email", 'register') . ' it if you like.');
                }
            }
            else
                $form->setData($this->params());

            //finally draw the form if needed
            if ($form->needsDrawn())
                $form->drawAll();
        }
        else
            echo 'If you are already logged in, you do not need to request a new password.';
    }
    
    function createEditPassForm()
    {
        $form = new Form();
        $form->action = $this->getUrl('.editpass');

        $form->add('PasswordField', 'password1', array(
            'required' => true,
            'title' => 'Password',
        ));
        $form->add('PasswordField', 'password2', array(
            'required' => true,
            'title' => 'Password Again',
        ));
        $form->addSubmit("Edit Password");
        
        return $form;
    }

    function initEditPassPage()
    {
        $this->pageTitle = 'Edit Password';
    
        $this->id = $this->assertLogin();
    }

    function drawEditPassPage()
    {
        $form = $this->createEditPassForm();
        
        if ($form->isSubmitted())
        {
            $form->validate();

            if (!$form->hasError())
            {
                $this->password = sha1($form->getData('password1'));

                //mark the pass set if we can.
                if ($this->hasField('pass_changed'))
                    $this->pass_changed = 1;
                    
                $this->save();

                //update our session
                $this->doLogin(true, false);

                //let them know their password changed.
                $this->emailPassChanged();

                echo 'You password has been changed.';
            }
        }

        //finally draw the form if needed
        if ($form->needsDrawn())
            $form->drawAll();
    }

    function emailPassChanged()
    {
        $subject = 'Password Change Notice';
        
        $body = 'Dear ' . $this->getName() . "\n\n";
        $body .= "This is just a notification that you (or someone using your account) has changed your password on " . Config::get('site_name') . ". ";
        $body .= "No action is required on  your part, unless you did not do this, in which case contact " . Config::get('site_admin') . ".\n\n";
        $body .= "Thank you,\nHappy " . Config::get('site_name') . " Password Protection Robot";

        //send her off!
        $this->mail($subject, $body);
    }

    public function authenticate($username = null, $password = null, $rememberMe = null)
    {
        //if we got a username and pass... log them in.
        if ($username !== null && $password !== null)
        {
            //give it a try.
            if ($this->loginProcess($username, $password, $rememberMe))
                return true;
        }
        
        //okay this is the 'remember me stuff'
        if (isset($_COOKIE['auth']))
        {
            //try our auth code
            if ($this->tryAuthCode($_COOKIE['auth']))
                return true;
        }
        
        //nope, we failed!
        return false;
    }

    public function tryAuthCode($code, $checkCache = true)
    {
        global $me;
        
        //get our stuff...
        $authAr = explode("-", $code);
        
        //get our vars...
        $userId = $authAr[0];
    
        //if the id they are attempting is us... let them in.
        if ($me->id != $userId)
        {
            //passwords gotta match
            $user = new User($userId);
            $goodHash = $user->generateHash();
            
            //does it match with our secret hash?
            if ($code == $goodHash)
            {
                //try and get our user from the cache.
                if ($checkCache)
                    if ($this->checkAuthCache($code))
                        return true;
        
                //log us in!
                $user->doLogin(true, false);
                return true;
            }
        }
        //its us... but we're already legit.
        else
            return true;
        
        return false;
    }
        
    protected function checkAuthCache($code)
    {
        global $me;
        
        //find our user.
        if ($code)
        {
            $user = CacheBot::get("BaseJumper:auth:$code", self::$authCacheLife);
            
            //did we get a user?
            if ($user instanceOf User)
            {
                //yup, save them!
                $me = $user;
                return true;
            }
            return false;
        }
        else
            throw new Exception("Authcode was blank.");
    }

    public function generateHash()
    {
        $hash = '';

        //should we make one?
        if ($this->id)
            $hash = $this->id . "-" . sha1($this->id . "-" . $this->password . "-" . Config::get('auth_secret'));
        
        return $hash;
    }

    function loginProcess($user, $pass, $rememberMe = true)
    {
        //get our auth sql.
        $where = $this->getAuthWhereSql($user, $pass);
        $userRs = dbQuery("
            SELECT id
            FROM $this->tableName
            $where
        ");

        //did we get 1 and only 1 user?
        if ($userAr = dbFetchAssoc($userRs))
        {
            $user = new User($userAr['id']);
            $user->doLogin($rememberMe);
            
            return true;
        }
        else
            return false;
    }

    public function doLogin($rememberMe = true, $login = true)
    {
        //create our session!
        $this->createSession($login);
        
        //do we want to let them get remembered?
        if ($rememberMe)
            $time = 31556926;  // one year
        else
            $time = 86400; // one day
            
        //create our hash..
        $hash = $this->generateHash();

        //cookie set for 1 year
        setcookie('auth', $hash, time() + $time, '/', Config::get('site_hostname'));
        $_COOKIE['auth'] = $hash;
    }

    protected function getAuthWhereSql($user, $pass)
    {
        $pass = sha1($pass);

        $sql = "WHERE email = '$user' AND password = '$pass' ";

        if (Config::get('users_must_activate'))
            $sql .= " AND activation_key = '' ";
        
        return $sql;
    }

    function createSession($login = false)
    {
        if ($this->id)
        {
            //lookup our data
            $this->lookupData(false);

            //do we update the login stuff
            if ($login)
            {
                //argh... relying on get and set... fuckers.  we cant do ++
                if ($this->hasField('login_count'))
                    $this->login_count = $this->login_count + 1;

                //save our previous login tithis...
                if ($this->hasField('previous_login'))
                    $this->previous_login = $this->last_login;

                //save our newest login tithis
                if ($this->hasField('last_login'))
                    $this->last_login = date('Y-m-d H:i:s');
             }

            //call our update stub.
            $this->updateSession();
            
            //save our dater.
            $this->save();

            //save our user session.
            $this->saveSession();
            
            return $this;
        }
        else
            throw new Exception('You cannot create a session for a non user.');
    }

    protected function updateSession()
    {
    }

    protected function saveSession()
    {
        //save it with cachebot.
        if ($this->id)
            CacheBot::set("BaseJumper:auth:" . $this->generateHash(), $this, self::$authCacheLife);
        else
            throw new Exception('You cannot save a session for a non user.');
    }

    public function logoutProcess()
    {
        //delete our cache.
        CacheBot::delete("BaseJumper:auth:" . $this->generateHash());
        
        //delete our cookie.
        setcookie('auth', '', time()-42000, '/', Config::get('site_hostname'));
    }

    function confirmUser()
    {
        global $me;
        
        //get our data
        $code = $_REQUEST['code'];
        $userId = $_REQUEST['id'];

        //find the unapproved user that matches
        $userRs = dbQuery("
            SELECT *
            FROM users
            WHERE id = '$userId'
                AND code = '$code'
                AND approved = 0
        ");
        //did we get them?
        if (dbGetNumRows($userRs))
        {
            //create the object
            $me = new User(dbFetchAssoc($userRs));

            //mark them as approved
            $me->code = md5(mt_rand());
            $me->approved = 1;
            $me->save();
            
            //log them in...
            $_SESSION['user'] = $me;
            
            return true;
        }
        //return an error here eventually
        else
            return false;
    }

    function mail($subject, $body, $html = null)
    {
        Mail::send($this->email, $subject, $body, $html);
    }
    
    public function addAlert($url, $text)
    {
        //do we have it?
        if (!class_exists(Alert))
            throw new Exception('You need to add the Alert class or define User::addAlert and make it blank.');

        //add alert!
        $alert = new Alert();
        $alert->user_id = $this->id;
        $alert->url = $url;
        $alert->text = $text;
        $alert->save();
    }

    function requestPassReset($email)
    {
        $this->id = $this->accountExists($email);
        if ($this->id)
        {
            //update our code
            $this->reset_pass_code = substr(md5(mt_rand()), 1, 6);
            $this->save();

            //get our email to the forgetter.
            $subject = "Lost Password Request";
            $body .= "You have recently asked to have your " . Config::get('site_name') . " password reset.\n\n";
            $body .= "You may now do this at:\n";
            $body .= $this->getTicket(array(
                'page' => 'editpass',
            )) . "\n\n";
            $body .= "Thank you,\nHappy " . Config::get('site_name') . " Password Reset Robot";
            $body .= "\n\nPS. For your convenience, this link will automatically log you in too!";

            //our html email!
            $html .= "You have recently asked to have your " . Config::get('site_name') . " password reset.<br/><br/>";
            $html .= "You may now do this " . $this->getTicket(array(
                'page' => 'editpass',
            ), 'here') . ".<br/><br/>";
            $html .= "Thank you,<br/>Happy " . Config::get('site_name') . " Password Reset Robot";
            $html .= "<br/><br/>PS. For your convenience, this link will automatically log you in too!";

            //mail the user the url to update.
            $this->mail($subject, $body, $html);

            return true;
        }
        else
            return false;
    }

    function tryPassReset()
    {
        if ($this->id)
        {
            $code = $_REQUEST['code'];
            $pass = $_REQUEST['pass'];

            if (dbGetNumRows(dbQuery("
                SELECT *
                FROM $this->tableName
                WHERE code = '$code'
                    AND id = '$this-id'
            ")))
            {
                $this->password = md5($pass);
                $this->code = md5(mt_rand());

                //return a true
            }
            //else return an erro
        }
        //else return an erro
    }

    function isMe()
    {
        global $me;
        if ($this->id == $me->id)
            return true;
        else
            return false;
    }

    function getPagesXml()
    {
        $xml = parent::getPagesXml();
        $xml .= <<<XML
<page name="register" desc="register a new user">       
    <param name="email" desc="your email"/>
    <param name="password" desc="plaintext password"/>
    <param name="first_name" desc="your name" />
    <param name="last_name" desc="your name" />
</page>
<page name="activate" desc="activate your user account">
    <param name="id" value="id of the user" required="true"/>
    <param name="code" value="code to activate" required="true"/>
</page>
<page name="activatehelp">
    <param name="email" value="email of account"/>
</page>
<page name="lostpass" desc="request a pass change via email">
    <param name="email" desc="email of forgotten account"/>
</page>
<page name="editpass" desc="edit your password">
    <param name="password1" />
    <param name="password2" />
</page>
<page name="login" desc="the login process page" type="xml">
    <param name="redirect" value="url to redirect to" />
    <param name="status" value="status message." />
</page>
<page name="logout" desc="the logout process page"/>
<page name="prefs" desc="manage your site preferences"/>
<page name="emailprefs" desc="edit your email preferences" />
<page name="deleteme">
    <param name="id" value="your id" required="1" type="int"/>
</page>
XML;
        return $xml;
    }

    function initPrefsPage()
    {
        $this->assertLogin();

        $this->pageTitle = 'Account Preferences';
    }

    function drawPrefsPage()
    {
        global $me;

        echo "\t<h3>" . $me->getLink(array('page' => 'edit'), 'Edit My Profile') . "</h3>\n";
        echo "<p>This is where you can change various things like your
        name, birthday, zipcode, biography, and so forth. Most of the
        information is shared on your profile.  Don't put anything in here
        you would like to keep private.</p>";
        
        echo "\t<h3>" . $me->getLink(array('page' => 'editpass'), 'Change My Password') . "</h3>\n";
        echo "<p>Here you can change your password.</p>";
        
        echo "\t<h3>" . $me->getLink(array('page' => 'emailprefs'), 'Email Preferences') . "</h3>\n";
        echo "<p>On this page, you can modify your email preferences.  By
        default we notify you via email whenever something cool
        happens.</p>";
    }

    function initEmailPrefsPage()
    {
        $this->pageTitle = 'Email me whenever:';
        $this->id = $this->assertLogin();
    }
    
    function drawEmailPrefsPage()
    {
        $form = $this->createEmailPrefsForm();
        
        if ($form->isSubmitted())
        {
            $form->validate();

            if (!$form->hasError())
            {
                $this->saveEmailPrefs($form);
                echo 'You email preferences have been saved.';
            }
        }

        $form->setData($this->data);

        //finally draw the form if needed
        if ($form->needsDrawn())
            $form->drawAll();
    }
    
    function createEmailPrefsForm()
    {
        //set it up..
        $form = new Form();
        $form->action = $this->getUrl('.emailprefs');

        //add our fields.
        $form = $this->emailPrefsFormAddFields($form);
    
        //our submit button
        $form->addSubmit('Save Preferences');

        //preload!
        $form->setData($this->getData(false));

        return $form;
    }

    function emailPrefsFormAddFields($form)
    {
        if ($this->hasField('email_comments'))
            $form->add('CheckboxField', 'email_comments', array(
                'title' => '',
                'label' => 'Someone posts a comment on something I\'ve posted.',
                'value' => 1
            ));

        if ($this->hasField('email_comment_replies'))
            $form->add('CheckboxField', 'email_comment_replies', array(
                'title' => '',
                'label' => 'Someone replies to one of my comments.',
                'value' => 1
            ));
        
        if ($this->hasField('birthday'))
            $form->add('CheckboxField', 'email_happy_birthday', array(
                'title' => '',
                'label' => 'It\'s my birthday.',
                'value' => 1
            ));

        return $form;
    }
    
    function saveEmailPrefs($form)
    {
        $this->email_happy_birthday = (int)$form->getData('email_happy_birthday');
        $this->email_comment_replies = (int)$form->getData('email_comment_replies');
        $this->email_comments = (int)$form->getData('email_comments');

        $this->save();
    }

    function getLastLogin()
    {
        global $me;

        return $me->formatDateTime($this->last_login);
    }
    
    function getMemberSince()
    {
        global $me;

        return $me->formatDateTime($this->member_since);
    }

    function drawActivatePage()
    {
        global $me;
        
        //create our first session!
        $me = new User($this->params('id'));
        $me->doLogin();

        //make it so we dont have to log in again.
        $me->activation_key = '';
        $me->save();

        //take me to your leader!
        Util::redirect($this->getUrl('.main')); 
    }

    function initActivateHelpPage()
    {
        $this->pageTitle = 'Account Activation Help';
    }

    function drawActivateHelpPage()
    {
        $form = $this->createActivateHelpForm();

        if ($form->isSubmitted())
        {
            //finally, validate
            $form->validate();
            
            //get our info
            $user = new User();
            $email = $form->getData('email');
            $userId = $user->accountExists($email);

            //did we get a user?
            if ($userId)
            {
                $user->id = $userId;

                //what if they already activated?
                if (!$user->activation_key)
                    $form->setError('email', 'That account has already been activated, please log in normally.');
            }
            //nope, let them reg.
            else if ($email)
                $form->setError('email', 'That username does not exist, you may ' . 
                $user->getLink(".register?email=$email", 'register') . " it.");

            //okay send the email.
            if (!$form->hasError())
            {
                $user->sendActivationEmail();
                echo "<p>This new activation code overrides the old one, so
                make sure you have the right email. (It's the newest
                one.)</p>";
            }
        }
        else
            $form->setData($this->params());

        if ($form->needsDrawn())
        {
?>
<p>When you register a new account, before you can log in you must first
activate your account.  This can be done by following the link contained in
an email titled 'New User Confirmation' that is sent when you register.</p>

<p>If for some reason, you lost the activation email, you can have the
email re-sent to you via the form below.  Simply enter your email and click
the button.</p>
<?
            $form->drawAll();
        }
    }

    function createActivateHelpForm()
    {
        $form = new Form();
        $form->action = $this->getUrl('.activatehelp');

        $form->add('EmailField', 'email', array(
            'required' => true,
            'size' => 45
        ));
        $form->addSubmit('Resend Activation Email');

        return $form;
    }

    function sendActivationEmail()
    {
        //our activation code...
        $this->activation_key = substr(sha1(time()), 0, 8);
        $this->save();
        
        //create and send our registration email.
        $subject = "New Account Confirmation";
        $body .= "You recently registered an account at " . Config::get('site_name') . ".  Before you can start using this account, you must activate your account by visiting the following url:\n\n";
        $body .= $this->getUrl(array('page' => 'activate', 'id' => $this->id, 'code' => $this->activation_key), null, true) . "\n\n";
        $body .= "The entire url must be entered.  If your mail client breaks the url into two lines, be sure to copy and paste both of them into your web browser.\n\n";
        $body .= "Once you have activated your account, you are free to start using the site.\n\n";
        $body .= "Thank you,\nThe " . Config::get('site_name') . " Happy Account Activation Robot\n\n";
        $body .= "PS. We really hope you like our website and if there is anything we can do, please contact us.";
        
        //html email
        $html .= "You recently registered an account at " . Config::get('site_name') . ".  Before you can start using this account, you must activate your account by ";
        $html .= $this->getLink(".activate?id=$this->id&code=$this->activation_key", 'clicking here', null, true) . "<br/><br/>";
        $html .= "Once you have activated your account, you are free to start using the site.<br/><br/>";
        $html .= "Thank you,<br/>The " . Config::get('site_name') . " Happy Account Activation Robot<br/><br/>";
        $html .= "PS. We really hope you like our website and if there is anything we can do, please contact us.";

        //actually mail it now...
        $this->mail($subject, $body, $html);

        //let them know we're done.
        echo "<p>Thank you, " . $this->getName() . ", we have emailed <b>$this->email</b> a confirmation email.</p>\n";
        echo "<p>Follow the instructions it contains to activate your account.</p>";

        echo "<p>If it doesn't show up within a few minutes, email " . Linkify::email(Config::get('site_admin')) . " and he'll help you.</p>";

        
        if (preg_match('/(@hotmail|@msn|@aol)/', $this->email))
            echo "<p><b>Hotmail, AOL, or MSN may be blocking our emails.  Check
            your Junk E-Mail folder.<br/><br/>If the email is in there, mark it
            as 'Not Junk Mail'.</b>";
    }

    function drawDeletePage()
    {
        global $me;

        $form = $this->createDeleteForm();

        if ($form->isSubmitted())
        {
            $form->validate();

            if (!$form->getData('acknowledge'))
                $form->setError('acknowledge', 'Since this is dangerous, you have to acknowledge that you really want to delete your account.');

            if (!$form->hasError())
                $this->deletePost();
        }

        if ($form->needsDrawn())
            $form->drawAll();
    }
    
    protected function deletePost()
    {
        if ($this->isMe())
        {
            $this->emailDeleteConfirmation();
            echo "<p>In order to protect the safety of your account, we have
            emailed a delete confirmation email to you.</p><p>Follow the link inside
            and your account will be permanently deleted.</p>";
        }
        else
        {
            $this->delete();
            echo '<p>' . $this->getName() . ' has been deleted.</p>';
        }
    }
    
    public function createDeleteForm()
    {
        $form = new Form();
        $form->action = $this->getUrl(".delete?id=$this->id");
        
        $form->add('StaticField', 'warning', array(
            'text' => '<b>Warning:</b> Deleting your account is permanent.  We
            cannot recover your account after we delete it.  That means you
            should carefully consider whether you really want to delete
            your account or not.'
        ));
        $form->add('CheckboxField', 'acknowledge', array(
            'title' => '',
            'label' => 'I really do want to delete this account.'
        ));
        $form->addSubmit('Delete Account');

        return $form;
    }

    public function initDeleteMePage()
    {
        $this->assertLogin();

        $this->initDeletePage();

        $this->pageTitle = 'Account Deleted';

        if (!$this->isMe())
            throw new PageError('You cannot delete other people with this page.');
    }

    public function drawDeleteMePage()
    {
        global $me;
        
        $me->delete();
        $me->logoutProcess();
    
        echo '<p>Your account has been deleted.We\'re sorry to see you
        go.</p><p>If there\'s anything we can do to get you to come back,
        please email ' . Linkify::email(Config::get('site_admin')) . '</p>';
    }

    protected function emailDeleteConfirmation()
    {
        $subject = 'Delete Account Confirmation';

        $body = "Dear $this->first_name,\n\n";
        $body .= "Recently, someone using this account (probably you) requested that it be deleted.\n\n";
        $body .= "In order to protect your account and confirm that you really wanted to do this you must follow the link below.\n\n";
        $body .= "*** If this is not what you want, delete this email and nothing will happen. ***\n\n";
        $body .= "Follow this link to delete your account:\n";
        $body .= $this->getUrl(".deleteme?id=$this->id", null, true) . "\n\n";
        $body .= "Thank you,\nThe Sad " . Config::get('site_name') . " Account Deletion Robot\n\n";
        $body .= "PS. Please dont go!  If you have problems with our site, email " . Config::get('site_admin') . " and we will try to fix them.";
        
        $html = "Dear $this->first_name,<br/><br/>";
        $html .= "Recently, someone using this account (probably you) requested that it be deleted.<br/><br/>";
        $html .= "In order to protect your account and confirm that you really wanted to do this you must follow the link below.<br/><br/>";
        $html .= "*** <b>If this is not what you want, delete this email and nothing will happen.</b> ***<br/><br/>";
        $html .= $this->getLink(".deleteme?id=$this->id", "Follow this link to delete your account.", null, true) . "<br/><br/>";
        $html .= "Thank you,<br/>The Sad " . Config::get('site_name') . " Account Deletion Robot<br/><br/>";
        $html .= "PS. Please dont go!  If you have problems with our site, email " . Config::get('site_admin') . " and we will try to fix them.";

        $this->mail($subject, $body, $html);
    }

    function canDelete()
    {
        global $me;

        if (($me->id == $this->id || $me->isAdmin()) && $this->id)
            return true;
        return false;
    }

    function getTicket($url, $html = null)
    {
        $redirUrl = $this->getUrl($url);
    
        if ($this->id)
        {
            //create our ticket...
            $ticket = new Ticket();
            $ticket->generate($redirUrl, $this);
            
            //return our ticket.
            $redirUrl = $ticket->url();
        }

        //what kind of links?
        if ($html !== null)
            return "<a href=\"$redirUrl\">$html</a>";
        else
            return $redirUrl;
    }

    function formatDate($date)
    {
        if (!$this->date_format)
            $date_format = 'F d, Y';
        else
            $date_format = $this->date_format;

        if (!$date)
            $date = 0;
        $time = strtotime($date);
    
        return date($date_format, $time);
    }
    
    function formatDateTime($date)
    {
        if (!$this->datetime_format)
            $datetime_format = 'F d, Y g:ia';
        else
            $datetime_format = $this->datetime_format;
        
        if (!$date)
            $date = 0;
    
        $time = strtotime($date);
        
        if ($time)
            return date($datetime_format, $time);
        else
            return '???';
    }

    function getPublicData()
    {
        global $me;
        
        $data = parent::getPublicData();

        $data['last_login'] = $me->formatDateTime($this->last_login);
        $data['login_count'] = $this->login_count;

        return $data;
    }

    function getName($link = false, $icon = null)
    {
        global $me;
        
        $rval = "";

        if ($this->hasField('image_id') && $icon != null)
                $rval = $this->getIcon($icon) . " ";

        //name?
        $rval .= $this->getTextName(); 

        return parent::getName($link, $rval);
    }

    function getTextName()
    {
        return $this->first_name . ' ' . $this->last_name;
    }

    function getIcon($type = 'tiny')
    {
        return $this->profileImage->getImage($type, false, false);
    }

    public function lookupData($deep = true)
    {
        parent::lookupData($deep);
        
        $this->profileImage = new Image();
        $this->profileImage->load($this->image_id, false);
    } 
    
    public function getDataToCache($deep = true)
    {
        $data = parent::getDataToCache($deep);

        $data['profileimage'] = $this->profileImage->getDataToCache(false);

        return $data;
    }

    public function setDataFromCache($data, $deep = true)
    {
        parent::setDataFromCache($data, $deep);

        //load our image back in.
        $this->profileImage = new Image();
        $this->profileImage->load($data['profileimage'], false);
    }

    function setProfileImage($imageId)
    {
        global $me;
        
        //can we do it?
        $this->profileImage = new Image($imageId);
        if ($this->profileImage->canView())
        {
            $this->image_id = $imageId;
            $this->save();

            return true;
        }
        else
            return false;
    }

    function initSetImagePage()
    {
        $this->assertLogin();

        $this->pageTitle = 'Set Profile Image';
    }

    function drawSetImagePage()
    {
        global $me;
        
        if ($me->setProfileImage($this->params('image_id')))
        {
            $me->createSession();
            echo "<p>Your profile image has been updated.  You may " . $this->getLink(".view?id=$me->id", "continue to your profile") . ".</p>";
        }
        else
            echo "<p>You must be able to view an image to set it as your profile image.</p>";
    }

    public function getCreateFieldsArray()
    {
        $fields = parent::getCreateFieldsArray();

        $fields['email'] = "email varchar(255) default '' not null";
        $fields['first_name'] = "first_name varchar(255) default '' not null";
        $fields['last_name'] = "last_name varchar(255) default '' not null";
        $fields['password'] = "password char(40) default '' not null";
        $fields['birthday'] = "birthday date not null";
        $fields['last_login'] = "last_login datetime not null";
        $fields['previous_login'] = "previous_login datetime not null";
        $fields['login_count'] = "login_count int(11) default 0 not null";
        $fields['activation_key'] = "activation_key char(8) default '' not null";
        $fields['is_admin'] = "is_admin tinyint(1) default 0 not null";
    
        return $fields;
    }

    public function getCreateIndexesArray()
    {
        $fields = parent::getCreateIndexesArray();

        $fields['email'] = 'key (email)';
        $fields['password'] = 'key (password)';

        return $fields;
    }
}
?>

---