Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php /* +-----------------------------------------------------------------------+ | Th..
Decoded Output download
<?php
/*
+-----------------------------------------------------------------------+
| This file is part of the Roundcube Webmail client |
| |
| Copyright (C) The Roundcube Dev Team |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
| See the README file for a full license statement. |
| |
| PURPOSE: |
| This class represents a user and provides access to the related |
| database records. |
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <[email protected]> |
| Author: Aleksander Machniak <[email protected]> |
+-----------------------------------------------------------------------+
*/
/**
* Class representing a user
*/
class rcube_user
{
/** @var ?int User identifier */
public $ID;
/** @var ?array User properties */
public $data;
/** @var ?string User language code */
public $language;
/** @var ?array User preferences */
public $prefs;
/** @var rcube_db Holds database connection */
private $db;
/** @var rcube Framework object */
private $rc;
/** @var array Internal identities cache */
private $identities = [];
/** @var ?array Internal emails cache */
private $emails;
public const SEARCH_ADDRESSBOOK = 1;
public const SEARCH_MAIL = 2;
/**
* Object constructor
*
* @param int $id User id
* @param array $sql_arr SQL result set
*/
public function __construct($id = null, $sql_arr = null)
{
$this->rc = rcube::get_instance();
$this->db = $this->rc->get_dbh();
if ($id && !$sql_arr) {
$sql_result = $this->db->query(
'SELECT * FROM ' . $this->db->table_name('users', true)
. ' WHERE `user_id` = ?', $id
);
$sql_arr = $this->db->fetch_assoc($sql_result);
}
if (!empty($sql_arr)) {
$this->ID = (int) $sql_arr['user_id'];
$this->data = $sql_arr;
$this->language = $sql_arr['language'];
}
}
/**
* Build a user name string (as e-mail address)
*
* @param string $part Username part (empty or 'local' or 'domain', 'mail')
*
* @return ?string Full user name or its part
*/
public function get_username($part = null)
{
if (!empty($this->data['username'])) {
// return real name
if (!$part) {
return $this->data['username'];
}
[$local, $domain] = rcube_utils::explode('@', $this->data['username']);
// at least we should always have the local part
if ($part == 'local') {
return $local;
}
// if no domain was provided...
if (empty($domain)) {
$domain = $this->rc->config->mail_domain($this->data['mail_host']);
}
if ($part == 'domain') {
return $domain;
}
if (!empty($domain)) {
return $local . '@' . $domain;
}
return $local;
}
return null;
}
/**
* Get the preferences saved for this user
*
* @return array Hash array with prefs
*/
public function get_prefs()
{
if (isset($this->prefs)) {
return $this->prefs;
}
$this->prefs = [];
if (!empty($this->language)) {
$this->prefs['language'] = $this->language;
}
if ($this->ID) {
// Preferences from session (write-master is unavailable)
if (!empty($_SESSION['preferences'])) {
// Check last write attempt time, try to write again (every 5 minutes)
if ($_SESSION['preferences_time'] < time() - 5 * 60) {
$saved_prefs = unserialize($_SESSION['preferences']);
$this->rc->session->remove('preferences');
$this->rc->session->remove('preferences_time');
$this->save_prefs($saved_prefs);
} else {
$this->data['preferences'] = $_SESSION['preferences'];
}
}
if ($this->data['preferences']) {
$this->prefs += (array) unserialize($this->data['preferences']);
}
}
return $this->prefs;
}
/**
* Write the given user prefs to the user's record
*
* @param array $a_user_prefs User prefs to save
* @param bool $no_session Simplified language/preferences handling
*
* @return bool True on success, False on failure
*/
public function save_prefs($a_user_prefs, $no_session = false)
{
if (!$this->ID) {
return false;
}
$config = $this->rc->config;
$transient = $config->transient_options();
$a_user_prefs = array_diff_key($a_user_prefs, array_flip($transient));
if (empty($a_user_prefs)) {
return true;
}
$plugin = $this->rc->plugins->exec_hook('preferences_update', [
'userid' => $this->ID,
'prefs' => $a_user_prefs,
'old' => (array) $this->get_prefs(),
]);
if (!empty($plugin['abort'])) {
return false;
}
$a_user_prefs = $plugin['prefs'];
$old_prefs = $plugin['old'];
$defaults = $config->all();
// merge (partial) prefs array with existing settings
$this->prefs = $save_prefs = $a_user_prefs + $old_prefs;
unset($save_prefs['language']);
// don't save prefs with default values if they haven't been changed yet
// Warning: we use result of rcube_config::all() here instead of just get() (#5782)
foreach ($a_user_prefs as $key => $value) {
if ($value === null || (!isset($old_prefs[$key]) && isset($defaults[$key]) && $value === $defaults[$key])) {
unset($save_prefs[$key]);
}
}
$save_prefs = serialize($save_prefs);
if (!$no_session) {
$this->language = $_SESSION['language'] ?? 'en_US';
}
$result = $this->db->query(
'UPDATE ' . $this->db->table_name('users', true) .
' SET `preferences` = ?, `language` = ?' .
' WHERE `user_id` = ?',
$save_prefs,
$this->language,
$this->ID
);
// Update success
if ($result) {
$this->data['preferences'] = $save_prefs;
if (!$no_session) {
$config->set_user_prefs($this->prefs);
if (isset($_SESSION['preferences'])) {
$this->rc->session->remove('preferences');
$this->rc->session->remove('preferences_time');
}
}
return true;
}
// Update error, but we are using replication (we have read-only DB connection)
// and we are storing session not in the SQL database
// we can store preferences in session and try to write later (see get_prefs())
if (!$no_session && $this->db->is_replicated()
&& $config->get('session_storage', 'db') != 'db'
) {
$_SESSION['preferences'] = $save_prefs;
$_SESSION['preferences_time'] = time();
$config->set_user_prefs($this->prefs);
$this->data['preferences'] = $save_prefs;
}
return false;
}
/**
* Generate a unique hash to identify this user with
*/
public function get_hash()
{
$prefs = $this->get_prefs();
// generate a random hash and store it in user prefs
if (empty($prefs['client_hash'])) {
$prefs['client_hash'] = rcube_utils::random_bytes(16);
$this->save_prefs(['client_hash' => $prefs['client_hash']]);
}
return $prefs['client_hash'];
}
/**
* Return a list of all user emails (from identities)
*
* @param bool $default Return only default identity
*
* @return array List of emails (identity_id, name, email) or single email-data
*/
public function list_emails($default = false)
{
if ($this->emails === null) {
$this->emails = [];
$sql_result = $this->db->query(
'SELECT `identity_id`, `name`, `email`'
. ' FROM ' . $this->db->table_name('identities', true)
. ' WHERE `user_id` = ? AND `del` <> 1'
. ' ORDER BY `standard` DESC, `name` ASC, `email` ASC, `identity_id` ASC',
$this->ID
);
while ($sql_arr = $this->db->fetch_assoc($sql_result)) {
$this->emails[] = $sql_arr;
}
}
return $default ? $this->emails[0] : $this->emails;
}
/**
* Get default identity of this user
*
* @param int $id Identity ID. If empty, the default identity is returned
*
* @return array|null Hash array with all cols of the identity record
*/
public function get_identity($id = null)
{
$id = (int) $id;
// cache identities for better performance
if (!array_key_exists($id, $this->identities)) {
$result = $this->list_identities($id ? "AND `identity_id` = {$id}" : '');
if (!empty($result)) {
$this->identities[$id] = $result[0];
}
}
return $this->identities[$id] ?? null;
}
/**
* Return a list of all identities linked with this user
*
* @param string $sql_add Optional WHERE clauses
* @param bool $formatted Format identity email and name
*
* @return array List of identities
*/
public function list_identities($sql_add = '', $formatted = false)
{
$result = [];
$sql_result = $this->db->query(
'SELECT * FROM ' . $this->db->table_name('identities', true)
. ' WHERE `del` <> 1 AND `user_id` = ?' . ($sql_add ? " {$sql_add}" : '')
. ' ORDER BY `standard` DESC, `name` ASC, `email` ASC, `identity_id` ASC',
$this->ID
);
while ($sql_arr = $this->db->fetch_assoc($sql_result)) {
if ($formatted) {
$ascii_email = format_email($sql_arr['email']);
$utf8_email = format_email(rcube_utils::idn_to_utf8($ascii_email));
$sql_arr['email_ascii'] = $ascii_email;
$sql_arr['email'] = $utf8_email;
$sql_arr['ident'] = format_email_recipient($ascii_email, $sql_arr['name']);
}
$result[] = $sql_arr;
}
return $result;
}
/**
* Update a specific identity record
*
* @param int $iid Identity ID
* @param array $data Hash array with col->value pairs to save
*
* @return bool True if saved successfully, false if nothing changed
*/
public function update_identity($iid, $data)
{
if (!$this->ID) {
return false;
}
$query_cols = $query_params = [];
foreach ((array) $data as $col => $value) {
$query_cols[] = $this->db->quote_identifier($col) . ' = ?';
$query_params[] = $value;
}
$query_params[] = $iid;
$query_params[] = $this->ID;
$sql = 'UPDATE ' . $this->db->table_name('identities', true) .
' SET `changed` = ' . $this->db->now() . ', ' . implode(', ', $query_cols)
. ' WHERE `identity_id` = ?'
. ' AND `user_id` = ?'
. ' AND `del` <> 1';
$this->db->query($sql, $query_params);
// clear the cache
$this->identities = [];
$this->emails = null;
return $this->db->affected_rows() > 0;
}
/**
* Create a new identity record linked with this user
*
* @param array $data Hash array with col->value pairs to save
*
* @return int|false The inserted identity ID or false on error
*/
public function insert_identity($data)
{
if (!$this->ID) {
return false;
}
unset($data['user_id']);
$insert_cols = [];
$insert_values = [];
foreach ((array) $data as $col => $value) {
$insert_cols[] = $this->db->quote_identifier($col);
$insert_values[] = $value;
}
$insert_cols[] = $this->db->quote_identifier('user_id');
$insert_values[] = $this->ID;
$sql = 'INSERT INTO ' . $this->db->table_name('identities', true)
. ' (`changed`, ' . implode(', ', $insert_cols) . ')'
. ' VALUES (' . $this->db->now() . str_repeat(', ?', count($insert_values)) . ')';
$insert = $this->db->query($sql, $insert_values);
// clear the cache
$this->identities = [];
$this->emails = null;
return $this->db->affected_rows($insert) ? $this->db->insert_id('identities') : false;
}
/**
* Mark the given identity as deleted
*
* @param int $iid Identity ID
*
* @return int|bool True if deleted successfully, false if nothing changed,
* -1 if attempted to delete the last identity (or there's no identities)
*/
public function delete_identity($iid)
{
if (!$this->ID) {
return false;
}
$sql_result = $this->db->query(
'SELECT count(*) AS ident_count FROM ' . $this->db->table_name('identities', true)
. ' WHERE `user_id` = ? AND `del` <> 1',
$this->ID
);
$sql_arr = $this->db->fetch_assoc($sql_result);
// we'll not delete last identity
if ($sql_arr['ident_count'] <= 1) {
return -1;
}
$this->db->query(
'UPDATE ' . $this->db->table_name('identities', true)
. ' SET `del` = 1, `changed` = ' . $this->db->now()
. ' WHERE `user_id` = ? AND `identity_id` = ?',
$this->ID,
$iid
);
// clear the cache
$this->identities = [];
$this->emails = null;
return $this->db->affected_rows() > 0;
}
/**
* Make this identity the default one for this user
*
* @param int $iid The identity ID
*/
public function set_default($iid)
{
if ($this->ID && $iid) {
$this->db->query(
'UPDATE ' . $this->db->table_name('identities', true)
. " SET `standard` = '0'"
. ' WHERE `user_id` = ? AND `identity_id` <> ?',
$this->ID,
$iid
);
$this->db->query(
'UPDATE ' . $this->db->table_name('identities', true)
. " SET `standard` = '1'"
. ' WHERE `user_id` = ? AND `identity_id` = ?',
$this->ID,
$iid
);
$this->identities = [];
}
}
/**
* Update user's last_login timestamp
*/
public function touch()
{
if ($this->ID) {
$this->db->query(
'UPDATE ' . $this->db->table_name('users', true)
. ' SET `last_login` = ' . $this->db->now()
. ' WHERE `user_id` = ?',
$this->ID
);
}
}
/**
* Update user's failed_login timestamp and counter
*/
public function failed_login()
{
if ($this->ID && $this->rc->config->get('login_rate_limit', 3)) {
$counter = 0;
if (empty($this->data['failed_login'])) {
$failed_login = new DateTime('now');
$counter = 1;
} else {
$failed_login = new DateTime($this->data['failed_login']);
$threshold = new DateTime('- 60 seconds');
if ($failed_login < $threshold) {
$failed_login = new DateTime('now');
$counter = 1;
}
}
$this->db->query(
'UPDATE ' . $this->db->table_name('users', true)
. ' SET `failed_login` = ?'
. ', `failed_login_counter` = ' . ($counter ?: '`failed_login_counter` + 1')
. ' WHERE `user_id` = ?',
$failed_login, $this->ID
);
}
}
/**
* Checks if the account is locked, e.g. as a result of brute-force prevention
*/
public function is_locked()
{
if (empty($this->data['failed_login'])) {
return false;
}
if ($rate = (int) $this->rc->config->get('login_rate_limit', 3)) {
$last_failed = new DateTime($this->data['failed_login']);
$threshold = new DateTime('- 60 seconds');
if ($last_failed > $threshold && $this->data['failed_login_counter'] >= $rate) {
return true;
}
}
return false;
}
/**
* Clear the saved object state
*/
public function reset()
{
$this->ID = null;
$this->data = null;
}
/**
* Find a user record matching the given name and host
*
* @param string $user IMAP user name
* @param string $host IMAP host name
*
* @return ?rcube_user New user instance, NULL if not found
*/
public static function query($user, $host)
{
$dbh = rcube::get_instance()->get_dbh();
$config = rcube::get_instance()->config;
// query for matching user name
$sql_result = $dbh->query('SELECT * FROM ' . $dbh->table_name('users', true)
. ' WHERE `mail_host` = ? AND `username` = ?', $host, $user);
$sql_arr = $dbh->fetch_assoc($sql_result);
// username not found, try aliases from identities
if (empty($sql_arr) && $config->get('user_aliases') && strpos($user, '@')) {
$sql_result = $dbh->limitquery('SELECT u.*'
. ' FROM ' . $dbh->table_name('users', true) . ' u'
. ' JOIN ' . $dbh->table_name('identities', true) . ' i ON (i.`user_id` = u.`user_id`)'
. ' WHERE `email` = ? AND `del` <> 1',
0, 1, $user
);
$sql_arr = $dbh->fetch_assoc($sql_result);
}
// user already registered -> overwrite username
if ($sql_arr) {
return new self($sql_arr['user_id'], $sql_arr);
}
return null;
}
/**
* Create a new user record and return a rcube_user instance
*
* @param string $user IMAP user name
* @param string $host IMAP host
*
* @return rcube_user|null New user instance on success, Null on error/abort
*/
public static function create($user, $host)
{
$user_name = '';
$user_email = '';
$rcube = rcube::get_instance();
$dbh = $rcube->get_dbh();
// try to resolve user in virtuser table and file
if ($email_list = self::user2email($user, false, true)) {
$user_email = is_array($email_list[0]) ? $email_list[0]['email'] : $email_list[0];
}
$data = $rcube->plugins->exec_hook('user_create', [
'host' => $host,
'user' => $user,
'user_name' => $user_name,
'user_email' => $user_email,
'email_list' => $email_list,
'language' => $_SESSION['language'] ?? null,
'preferences' => [],
]);
// plugin aborted this operation
if ($data['abort']) {
return null;
}
$insert = $dbh->query(
'INSERT INTO ' . $dbh->table_name('users', true)
. ' (`created`, `last_login`, `username`, `mail_host`, `language`, `preferences`)'
. ' VALUES (' . $dbh->now() . ', ' . $dbh->now() . ', ?, ?, ?, ?)',
$data['user'],
$data['host'],
$data['language'],
serialize($data['preferences'])
);
if ($dbh->affected_rows($insert) && ($user_id = $dbh->insert_id('users'))) {
// create rcube_user instance to make plugin hooks work
$user_instance = new self($user_id, [
'user_id' => $user_id,
'username' => $data['user'],
'mail_host' => $data['host'],
'language' => $data['language'],
'preferences' => serialize($data['preferences']),
]);
$rcube->user = $user_instance;
$mail_domain = $rcube->config->mail_domain($data['host']);
$user_name = $data['user_name'];
$user_email = $data['user_email'];
$email_list = $data['email_list'];
if (empty($email_list)) {
if (empty($user_email)) {
$user_email = strpos($data['user'], '@') ? $user : sprintf('%s@%s', $data['user'], $mail_domain);
}
$email_list[] = $user_email;
}
// identities_level check
elseif (count($email_list) > 1 && $rcube->config->get('identities_level', 0) > 1) {
$email_list = [$email_list[0]];
}
if (empty($user_name)) {
$user_name = $data['user'];
}
// create new identities records
$standard = 1;
foreach ($email_list as $row) {
$record = [];
if (is_array($row)) {
if (empty($row['email'])) {
continue;
}
$record = $row;
} else {
$record['email'] = $row;
}
if (empty($record['name'])) {
$record['name'] = $user_name != $record['email'] ? $user_name : '';
}
$record['user_id'] = $user_id;
$record['standard'] = $standard;
$plugin = $rcube->plugins->exec_hook('identity_create',
['login' => true, 'record' => $record]);
if (!$plugin['abort'] && $plugin['record']['email']) {
$rcube->user->insert_identity($plugin['record']);
}
$standard = 0;
}
} else {
rcube::raise_error([
'code' => 500,
'message' => 'Failed to create new user',
], true, false);
}
return !empty($user_instance) ? $user_instance : null;
}
/**
* Resolve username using a virtuser plugins
*
* @param string $email E-mail address to resolve
*
* @return string Resolved IMAP username
*/
public static function email2user($email)
{
$rcube = rcube::get_instance();
$plugin = $rcube->plugins->exec_hook('email2user', ['email' => $email, 'user' => null]);
return $plugin['user'];
}
/**
* Resolve e-mail address from virtuser plugins
*
* @param string $user User name
* @param bool $first If true returns first found entry
* @param bool $extended If true returns email as array (email and name for identity)
*
* @return mixed Resolved e-mail address string or array of strings
*/
public static function user2email($user, $first = true, $extended = false)
{
$rcube = rcube::get_instance();
$plugin = $rcube->plugins->exec_hook('user2email', [
'email' => null,
'user' => $user,
'first' => $first,
'extended' => $extended,
]);
return empty($plugin['email']) ? null : $plugin['email'];
}
/**
* Return a list of saved searches linked with this user
*
* @param int $type Search type
*
* @return array List of saved searches indexed by search ID
*/
public function list_searches($type)
{
$plugin = $this->rc->plugins->exec_hook('saved_search_list', ['type' => $type]);
if ($plugin['abort']) {
return (array) $plugin['result'];
}
$result = [];
$sql_result = $this->db->query(
'SELECT `search_id` AS id, `name`'
. ' FROM ' . $this->db->table_name('searches', true)
. ' WHERE `user_id` = ? AND `type` = ?'
. ' ORDER BY `name`',
(int) $this->ID, (int) $type
);
while ($sql_arr = $this->db->fetch_assoc($sql_result)) {
$result[$sql_arr['id']] = $sql_arr;
}
return $result;
}
/**
* Return saved search data.
*
* @param int $id Row identifier
*
* @return array Data
*/
public function get_search($id)
{
$plugin = $this->rc->plugins->exec_hook('saved_search_get', ['id' => $id]);
if ($plugin['abort']) {
return (array) $plugin['result'];
}
$sql_result = $this->db->query(
'SELECT `name`, `data`, `type`'
. ' FROM ' . $this->db->table_name('searches', true)
. ' WHERE `user_id` = ? AND `search_id` = ?',
(int) $this->ID, (int) $id
);
while ($sql_arr = $this->db->fetch_assoc($sql_result)) {
return [
'id' => $id,
'name' => $sql_arr['name'],
'type' => $sql_arr['type'],
'data' => unserialize($sql_arr['data']),
];
}
return [];
}
/**
* Deletes given saved search record
*
* @param int $sid Search ID
*
* @return bool True if deleted successfully, false if nothing changed
*/
public function delete_search($sid)
{
if (!$this->ID) {
return false;
}
$this->db->query(
'DELETE FROM ' . $this->db->table_name('searches', true)
. ' WHERE `user_id` = ? AND `search_id` = ?',
(int) $this->ID, $sid
);
return $this->db->affected_rows() > 0;
}
/**
* Create a new saved search record linked with this user
*
* @param array $data Hash array with col->value pairs to save
*
* @return int|false The inserted search ID or false on error
*/
public function insert_search($data)
{
if (!$this->ID) {
return false;
}
$insert_cols = ['user_id'];
$insert_values = [(int) $this->ID];
$insert_cols[] = $this->db->quote_identifier('type');
$insert_values[] = (int) $data['type'];
$insert_cols[] = $this->db->quote_identifier('name');
$insert_values[] = $data['name'];
$insert_cols[] = $this->db->quote_identifier('data');
$insert_values[] = serialize($data['data']);
$sql = 'INSERT INTO ' . $this->db->table_name('searches', true)
. ' (' . implode(', ', $insert_cols) . ')'
. ' VALUES (?' . str_repeat(', ?', count($insert_values) - 1) . ')';
$insert = $this->db->query($sql, $insert_values);
return $this->db->affected_rows($insert) ? $this->db->insert_id('searches') : false;
}
/**
* Get a saved response of this user.
*
* @param int $id Response ID
*
* @return array|null Hash array with all cols of the response record, NULL if not found
*/
public function get_response($id)
{
$sql_result = $this->db->query(
'SELECT * FROM ' . $this->db->table_name('responses', true)
. ' WHERE `user_id` = ? AND `response_id` = ? AND `del` = 0',
$this->ID, $id
);
if ($sql_arr = $this->db->fetch_assoc($sql_result)) {
$sql_arr['id'] = $sql_arr['response_id'];
$sql_arr['is_html'] = !empty($sql_arr['is_html']);
unset($sql_arr['response_id']);
return $sql_arr;
}
return null;
}
/**
* Return a list of all responses of this user.
*
* @return array List of responses (id, name)
*/
public function list_responses()
{
// Migrate the old responses existing in user preferences
if (!empty($this->prefs['compose_responses'])) {
foreach ($this->prefs['compose_responses'] as $response) {
$this->insert_response([
'name' => $response['name'],
'data' => $response['text'],
]);
}
$this->save_prefs(['compose_responses' => null]);
}
$sql_result = $this->db->query(
'SELECT `response_id`, `name` FROM ' . $this->db->table_name('responses', true)
. ' WHERE `user_id` = ? AND `del` = 0'
. ' ORDER BY `name`',
$this->ID
);
$result = [];
while ($sql_arr = $this->db->fetch_assoc($sql_result)) {
$result[] = [
'id' => $sql_arr['response_id'],
'name' => $sql_arr['name'],
];
}
return $result;
}
/**
* Update a specific response record.
*
* @param int $id Response ID
* @param array $data Hash array with col->value pairs to save
*
* @return bool True if saved successfully, false if nothing changed
*/
public function update_response($id, $data)
{
if (!$this->ID) {
return false;
}
$query_cols = $query_params = [];
foreach (['name', 'data', 'is_html'] as $col) {
if (isset($data[$col])) {
$query_cols[] = $this->db->quote_identifier($col) . ' = ?';
$query_params[] = $col == 'is_html' ? intval($data[$col]) : $data[$col];
}
}
$query_params[] = $id;
$query_params[] = $this->ID;
$sql = 'UPDATE ' . $this->db->table_name('responses', true)
. ' SET `changed` = ' . $this->db->now() . ', ' . implode(', ', $query_cols)
. ' WHERE `response_id` = ? AND `user_id` = ? AND `del` = 0';
$this->db->query($sql, $query_params);
return $this->db->affected_rows() > 0;
}
/**
* Create a new response record for the user.
*
* @param array $data Hash array with col->value pairs to save
*
* @return int|false The inserted response ID or false on error
*/
public function insert_response($data)
{
if (!$this->ID) {
return false;
}
$query_cols = [$this->db->quote_identifier('user_id')];
$query_params = [$this->ID];
foreach (['name', 'data', 'is_html'] as $col) {
if (isset($data[$col])) {
$query_cols[] = $this->db->quote_identifier($col);
$query_params[] = $col == 'is_html' ? intval($data[$col]) : $data[$col];
}
}
$sql = 'INSERT INTO ' . $this->db->table_name('responses', true)
. ' (`changed`, ' . implode(', ', $query_cols) . ')'
. ' VALUES (' . $this->db->now() . ', ' . trim(str_repeat('?, ', count($query_cols)), ', ') . ')';
$insert = $this->db->query($sql, $query_params);
return $this->db->affected_rows($insert) ? $this->db->insert_id('responses') : false;
}
/**
* Delete the given response record
*
* @param int $id Response ID
*
* @return bool True if deleted successfully, false otherwise
*/
public function delete_response($id)
{
if (!$this->ID) {
return false;
}
$this->db->query(
'UPDATE ' . $this->db->table_name('responses', true)
. ' SET `del` = 1 WHERE `user_id` = ? AND `response_id` = ?',
$this->ID,
$id
);
return $this->db->affected_rows() > 0;
}
}
?>
Did this file decode correctly?
Original Code
<?php
/*
+-----------------------------------------------------------------------+
| This file is part of the Roundcube Webmail client |
| |
| Copyright (C) The Roundcube Dev Team |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
| See the README file for a full license statement. |
| |
| PURPOSE: |
| This class represents a user and provides access to the related |
| database records. |
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <[email protected]> |
| Author: Aleksander Machniak <[email protected]> |
+-----------------------------------------------------------------------+
*/
/**
* Class representing a user
*/
class rcube_user
{
/** @var ?int User identifier */
public $ID;
/** @var ?array User properties */
public $data;
/** @var ?string User language code */
public $language;
/** @var ?array User preferences */
public $prefs;
/** @var rcube_db Holds database connection */
private $db;
/** @var rcube Framework object */
private $rc;
/** @var array Internal identities cache */
private $identities = [];
/** @var ?array Internal emails cache */
private $emails;
public const SEARCH_ADDRESSBOOK = 1;
public const SEARCH_MAIL = 2;
/**
* Object constructor
*
* @param int $id User id
* @param array $sql_arr SQL result set
*/
public function __construct($id = null, $sql_arr = null)
{
$this->rc = rcube::get_instance();
$this->db = $this->rc->get_dbh();
if ($id && !$sql_arr) {
$sql_result = $this->db->query(
'SELECT * FROM ' . $this->db->table_name('users', true)
. ' WHERE `user_id` = ?', $id
);
$sql_arr = $this->db->fetch_assoc($sql_result);
}
if (!empty($sql_arr)) {
$this->ID = (int) $sql_arr['user_id'];
$this->data = $sql_arr;
$this->language = $sql_arr['language'];
}
}
/**
* Build a user name string (as e-mail address)
*
* @param string $part Username part (empty or 'local' or 'domain', 'mail')
*
* @return ?string Full user name or its part
*/
public function get_username($part = null)
{
if (!empty($this->data['username'])) {
// return real name
if (!$part) {
return $this->data['username'];
}
[$local, $domain] = rcube_utils::explode('@', $this->data['username']);
// at least we should always have the local part
if ($part == 'local') {
return $local;
}
// if no domain was provided...
if (empty($domain)) {
$domain = $this->rc->config->mail_domain($this->data['mail_host']);
}
if ($part == 'domain') {
return $domain;
}
if (!empty($domain)) {
return $local . '@' . $domain;
}
return $local;
}
return null;
}
/**
* Get the preferences saved for this user
*
* @return array Hash array with prefs
*/
public function get_prefs()
{
if (isset($this->prefs)) {
return $this->prefs;
}
$this->prefs = [];
if (!empty($this->language)) {
$this->prefs['language'] = $this->language;
}
if ($this->ID) {
// Preferences from session (write-master is unavailable)
if (!empty($_SESSION['preferences'])) {
// Check last write attempt time, try to write again (every 5 minutes)
if ($_SESSION['preferences_time'] < time() - 5 * 60) {
$saved_prefs = unserialize($_SESSION['preferences']);
$this->rc->session->remove('preferences');
$this->rc->session->remove('preferences_time');
$this->save_prefs($saved_prefs);
} else {
$this->data['preferences'] = $_SESSION['preferences'];
}
}
if ($this->data['preferences']) {
$this->prefs += (array) unserialize($this->data['preferences']);
}
}
return $this->prefs;
}
/**
* Write the given user prefs to the user's record
*
* @param array $a_user_prefs User prefs to save
* @param bool $no_session Simplified language/preferences handling
*
* @return bool True on success, False on failure
*/
public function save_prefs($a_user_prefs, $no_session = false)
{
if (!$this->ID) {
return false;
}
$config = $this->rc->config;
$transient = $config->transient_options();
$a_user_prefs = array_diff_key($a_user_prefs, array_flip($transient));
if (empty($a_user_prefs)) {
return true;
}
$plugin = $this->rc->plugins->exec_hook('preferences_update', [
'userid' => $this->ID,
'prefs' => $a_user_prefs,
'old' => (array) $this->get_prefs(),
]);
if (!empty($plugin['abort'])) {
return false;
}
$a_user_prefs = $plugin['prefs'];
$old_prefs = $plugin['old'];
$defaults = $config->all();
// merge (partial) prefs array with existing settings
$this->prefs = $save_prefs = $a_user_prefs + $old_prefs;
unset($save_prefs['language']);
// don't save prefs with default values if they haven't been changed yet
// Warning: we use result of rcube_config::all() here instead of just get() (#5782)
foreach ($a_user_prefs as $key => $value) {
if ($value === null || (!isset($old_prefs[$key]) && isset($defaults[$key]) && $value === $defaults[$key])) {
unset($save_prefs[$key]);
}
}
$save_prefs = serialize($save_prefs);
if (!$no_session) {
$this->language = $_SESSION['language'] ?? 'en_US';
}
$result = $this->db->query(
'UPDATE ' . $this->db->table_name('users', true) .
' SET `preferences` = ?, `language` = ?' .
' WHERE `user_id` = ?',
$save_prefs,
$this->language,
$this->ID
);
// Update success
if ($result) {
$this->data['preferences'] = $save_prefs;
if (!$no_session) {
$config->set_user_prefs($this->prefs);
if (isset($_SESSION['preferences'])) {
$this->rc->session->remove('preferences');
$this->rc->session->remove('preferences_time');
}
}
return true;
}
// Update error, but we are using replication (we have read-only DB connection)
// and we are storing session not in the SQL database
// we can store preferences in session and try to write later (see get_prefs())
if (!$no_session && $this->db->is_replicated()
&& $config->get('session_storage', 'db') != 'db'
) {
$_SESSION['preferences'] = $save_prefs;
$_SESSION['preferences_time'] = time();
$config->set_user_prefs($this->prefs);
$this->data['preferences'] = $save_prefs;
}
return false;
}
/**
* Generate a unique hash to identify this user with
*/
public function get_hash()
{
$prefs = $this->get_prefs();
// generate a random hash and store it in user prefs
if (empty($prefs['client_hash'])) {
$prefs['client_hash'] = rcube_utils::random_bytes(16);
$this->save_prefs(['client_hash' => $prefs['client_hash']]);
}
return $prefs['client_hash'];
}
/**
* Return a list of all user emails (from identities)
*
* @param bool $default Return only default identity
*
* @return array List of emails (identity_id, name, email) or single email-data
*/
public function list_emails($default = false)
{
if ($this->emails === null) {
$this->emails = [];
$sql_result = $this->db->query(
'SELECT `identity_id`, `name`, `email`'
. ' FROM ' . $this->db->table_name('identities', true)
. ' WHERE `user_id` = ? AND `del` <> 1'
. ' ORDER BY `standard` DESC, `name` ASC, `email` ASC, `identity_id` ASC',
$this->ID
);
while ($sql_arr = $this->db->fetch_assoc($sql_result)) {
$this->emails[] = $sql_arr;
}
}
return $default ? $this->emails[0] : $this->emails;
}
/**
* Get default identity of this user
*
* @param int $id Identity ID. If empty, the default identity is returned
*
* @return array|null Hash array with all cols of the identity record
*/
public function get_identity($id = null)
{
$id = (int) $id;
// cache identities for better performance
if (!array_key_exists($id, $this->identities)) {
$result = $this->list_identities($id ? "AND `identity_id` = {$id}" : '');
if (!empty($result)) {
$this->identities[$id] = $result[0];
}
}
return $this->identities[$id] ?? null;
}
/**
* Return a list of all identities linked with this user
*
* @param string $sql_add Optional WHERE clauses
* @param bool $formatted Format identity email and name
*
* @return array List of identities
*/
public function list_identities($sql_add = '', $formatted = false)
{
$result = [];
$sql_result = $this->db->query(
'SELECT * FROM ' . $this->db->table_name('identities', true)
. ' WHERE `del` <> 1 AND `user_id` = ?' . ($sql_add ? " {$sql_add}" : '')
. ' ORDER BY `standard` DESC, `name` ASC, `email` ASC, `identity_id` ASC',
$this->ID
);
while ($sql_arr = $this->db->fetch_assoc($sql_result)) {
if ($formatted) {
$ascii_email = format_email($sql_arr['email']);
$utf8_email = format_email(rcube_utils::idn_to_utf8($ascii_email));
$sql_arr['email_ascii'] = $ascii_email;
$sql_arr['email'] = $utf8_email;
$sql_arr['ident'] = format_email_recipient($ascii_email, $sql_arr['name']);
}
$result[] = $sql_arr;
}
return $result;
}
/**
* Update a specific identity record
*
* @param int $iid Identity ID
* @param array $data Hash array with col->value pairs to save
*
* @return bool True if saved successfully, false if nothing changed
*/
public function update_identity($iid, $data)
{
if (!$this->ID) {
return false;
}
$query_cols = $query_params = [];
foreach ((array) $data as $col => $value) {
$query_cols[] = $this->db->quote_identifier($col) . ' = ?';
$query_params[] = $value;
}
$query_params[] = $iid;
$query_params[] = $this->ID;
$sql = 'UPDATE ' . $this->db->table_name('identities', true) .
' SET `changed` = ' . $this->db->now() . ', ' . implode(', ', $query_cols)
. ' WHERE `identity_id` = ?'
. ' AND `user_id` = ?'
. ' AND `del` <> 1';
$this->db->query($sql, $query_params);
// clear the cache
$this->identities = [];
$this->emails = null;
return $this->db->affected_rows() > 0;
}
/**
* Create a new identity record linked with this user
*
* @param array $data Hash array with col->value pairs to save
*
* @return int|false The inserted identity ID or false on error
*/
public function insert_identity($data)
{
if (!$this->ID) {
return false;
}
unset($data['user_id']);
$insert_cols = [];
$insert_values = [];
foreach ((array) $data as $col => $value) {
$insert_cols[] = $this->db->quote_identifier($col);
$insert_values[] = $value;
}
$insert_cols[] = $this->db->quote_identifier('user_id');
$insert_values[] = $this->ID;
$sql = 'INSERT INTO ' . $this->db->table_name('identities', true)
. ' (`changed`, ' . implode(', ', $insert_cols) . ')'
. ' VALUES (' . $this->db->now() . str_repeat(', ?', count($insert_values)) . ')';
$insert = $this->db->query($sql, $insert_values);
// clear the cache
$this->identities = [];
$this->emails = null;
return $this->db->affected_rows($insert) ? $this->db->insert_id('identities') : false;
}
/**
* Mark the given identity as deleted
*
* @param int $iid Identity ID
*
* @return int|bool True if deleted successfully, false if nothing changed,
* -1 if attempted to delete the last identity (or there's no identities)
*/
public function delete_identity($iid)
{
if (!$this->ID) {
return false;
}
$sql_result = $this->db->query(
'SELECT count(*) AS ident_count FROM ' . $this->db->table_name('identities', true)
. ' WHERE `user_id` = ? AND `del` <> 1',
$this->ID
);
$sql_arr = $this->db->fetch_assoc($sql_result);
// we'll not delete last identity
if ($sql_arr['ident_count'] <= 1) {
return -1;
}
$this->db->query(
'UPDATE ' . $this->db->table_name('identities', true)
. ' SET `del` = 1, `changed` = ' . $this->db->now()
. ' WHERE `user_id` = ? AND `identity_id` = ?',
$this->ID,
$iid
);
// clear the cache
$this->identities = [];
$this->emails = null;
return $this->db->affected_rows() > 0;
}
/**
* Make this identity the default one for this user
*
* @param int $iid The identity ID
*/
public function set_default($iid)
{
if ($this->ID && $iid) {
$this->db->query(
'UPDATE ' . $this->db->table_name('identities', true)
. " SET `standard` = '0'"
. ' WHERE `user_id` = ? AND `identity_id` <> ?',
$this->ID,
$iid
);
$this->db->query(
'UPDATE ' . $this->db->table_name('identities', true)
. " SET `standard` = '1'"
. ' WHERE `user_id` = ? AND `identity_id` = ?',
$this->ID,
$iid
);
$this->identities = [];
}
}
/**
* Update user's last_login timestamp
*/
public function touch()
{
if ($this->ID) {
$this->db->query(
'UPDATE ' . $this->db->table_name('users', true)
. ' SET `last_login` = ' . $this->db->now()
. ' WHERE `user_id` = ?',
$this->ID
);
}
}
/**
* Update user's failed_login timestamp and counter
*/
public function failed_login()
{
if ($this->ID && $this->rc->config->get('login_rate_limit', 3)) {
$counter = 0;
if (empty($this->data['failed_login'])) {
$failed_login = new DateTime('now');
$counter = 1;
} else {
$failed_login = new DateTime($this->data['failed_login']);
$threshold = new DateTime('- 60 seconds');
if ($failed_login < $threshold) {
$failed_login = new DateTime('now');
$counter = 1;
}
}
$this->db->query(
'UPDATE ' . $this->db->table_name('users', true)
. ' SET `failed_login` = ?'
. ', `failed_login_counter` = ' . ($counter ?: '`failed_login_counter` + 1')
. ' WHERE `user_id` = ?',
$failed_login, $this->ID
);
}
}
/**
* Checks if the account is locked, e.g. as a result of brute-force prevention
*/
public function is_locked()
{
if (empty($this->data['failed_login'])) {
return false;
}
if ($rate = (int) $this->rc->config->get('login_rate_limit', 3)) {
$last_failed = new DateTime($this->data['failed_login']);
$threshold = new DateTime('- 60 seconds');
if ($last_failed > $threshold && $this->data['failed_login_counter'] >= $rate) {
return true;
}
}
return false;
}
/**
* Clear the saved object state
*/
public function reset()
{
$this->ID = null;
$this->data = null;
}
/**
* Find a user record matching the given name and host
*
* @param string $user IMAP user name
* @param string $host IMAP host name
*
* @return ?rcube_user New user instance, NULL if not found
*/
public static function query($user, $host)
{
$dbh = rcube::get_instance()->get_dbh();
$config = rcube::get_instance()->config;
// query for matching user name
$sql_result = $dbh->query('SELECT * FROM ' . $dbh->table_name('users', true)
. ' WHERE `mail_host` = ? AND `username` = ?', $host, $user);
$sql_arr = $dbh->fetch_assoc($sql_result);
// username not found, try aliases from identities
if (empty($sql_arr) && $config->get('user_aliases') && strpos($user, '@')) {
$sql_result = $dbh->limitquery('SELECT u.*'
. ' FROM ' . $dbh->table_name('users', true) . ' u'
. ' JOIN ' . $dbh->table_name('identities', true) . ' i ON (i.`user_id` = u.`user_id`)'
. ' WHERE `email` = ? AND `del` <> 1',
0, 1, $user
);
$sql_arr = $dbh->fetch_assoc($sql_result);
}
// user already registered -> overwrite username
if ($sql_arr) {
return new self($sql_arr['user_id'], $sql_arr);
}
return null;
}
/**
* Create a new user record and return a rcube_user instance
*
* @param string $user IMAP user name
* @param string $host IMAP host
*
* @return rcube_user|null New user instance on success, Null on error/abort
*/
public static function create($user, $host)
{
$user_name = '';
$user_email = '';
$rcube = rcube::get_instance();
$dbh = $rcube->get_dbh();
// try to resolve user in virtuser table and file
if ($email_list = self::user2email($user, false, true)) {
$user_email = is_array($email_list[0]) ? $email_list[0]['email'] : $email_list[0];
}
$data = $rcube->plugins->exec_hook('user_create', [
'host' => $host,
'user' => $user,
'user_name' => $user_name,
'user_email' => $user_email,
'email_list' => $email_list,
'language' => $_SESSION['language'] ?? null,
'preferences' => [],
]);
// plugin aborted this operation
if ($data['abort']) {
return null;
}
$insert = $dbh->query(
'INSERT INTO ' . $dbh->table_name('users', true)
. ' (`created`, `last_login`, `username`, `mail_host`, `language`, `preferences`)'
. ' VALUES (' . $dbh->now() . ', ' . $dbh->now() . ', ?, ?, ?, ?)',
$data['user'],
$data['host'],
$data['language'],
serialize($data['preferences'])
);
if ($dbh->affected_rows($insert) && ($user_id = $dbh->insert_id('users'))) {
// create rcube_user instance to make plugin hooks work
$user_instance = new self($user_id, [
'user_id' => $user_id,
'username' => $data['user'],
'mail_host' => $data['host'],
'language' => $data['language'],
'preferences' => serialize($data['preferences']),
]);
$rcube->user = $user_instance;
$mail_domain = $rcube->config->mail_domain($data['host']);
$user_name = $data['user_name'];
$user_email = $data['user_email'];
$email_list = $data['email_list'];
if (empty($email_list)) {
if (empty($user_email)) {
$user_email = strpos($data['user'], '@') ? $user : sprintf('%s@%s', $data['user'], $mail_domain);
}
$email_list[] = $user_email;
}
// identities_level check
elseif (count($email_list) > 1 && $rcube->config->get('identities_level', 0) > 1) {
$email_list = [$email_list[0]];
}
if (empty($user_name)) {
$user_name = $data['user'];
}
// create new identities records
$standard = 1;
foreach ($email_list as $row) {
$record = [];
if (is_array($row)) {
if (empty($row['email'])) {
continue;
}
$record = $row;
} else {
$record['email'] = $row;
}
if (empty($record['name'])) {
$record['name'] = $user_name != $record['email'] ? $user_name : '';
}
$record['user_id'] = $user_id;
$record['standard'] = $standard;
$plugin = $rcube->plugins->exec_hook('identity_create',
['login' => true, 'record' => $record]);
if (!$plugin['abort'] && $plugin['record']['email']) {
$rcube->user->insert_identity($plugin['record']);
}
$standard = 0;
}
} else {
rcube::raise_error([
'code' => 500,
'message' => 'Failed to create new user',
], true, false);
}
return !empty($user_instance) ? $user_instance : null;
}
/**
* Resolve username using a virtuser plugins
*
* @param string $email E-mail address to resolve
*
* @return string Resolved IMAP username
*/
public static function email2user($email)
{
$rcube = rcube::get_instance();
$plugin = $rcube->plugins->exec_hook('email2user', ['email' => $email, 'user' => null]);
return $plugin['user'];
}
/**
* Resolve e-mail address from virtuser plugins
*
* @param string $user User name
* @param bool $first If true returns first found entry
* @param bool $extended If true returns email as array (email and name for identity)
*
* @return mixed Resolved e-mail address string or array of strings
*/
public static function user2email($user, $first = true, $extended = false)
{
$rcube = rcube::get_instance();
$plugin = $rcube->plugins->exec_hook('user2email', [
'email' => null,
'user' => $user,
'first' => $first,
'extended' => $extended,
]);
return empty($plugin['email']) ? null : $plugin['email'];
}
/**
* Return a list of saved searches linked with this user
*
* @param int $type Search type
*
* @return array List of saved searches indexed by search ID
*/
public function list_searches($type)
{
$plugin = $this->rc->plugins->exec_hook('saved_search_list', ['type' => $type]);
if ($plugin['abort']) {
return (array) $plugin['result'];
}
$result = [];
$sql_result = $this->db->query(
'SELECT `search_id` AS id, `name`'
. ' FROM ' . $this->db->table_name('searches', true)
. ' WHERE `user_id` = ? AND `type` = ?'
. ' ORDER BY `name`',
(int) $this->ID, (int) $type
);
while ($sql_arr = $this->db->fetch_assoc($sql_result)) {
$result[$sql_arr['id']] = $sql_arr;
}
return $result;
}
/**
* Return saved search data.
*
* @param int $id Row identifier
*
* @return array Data
*/
public function get_search($id)
{
$plugin = $this->rc->plugins->exec_hook('saved_search_get', ['id' => $id]);
if ($plugin['abort']) {
return (array) $plugin['result'];
}
$sql_result = $this->db->query(
'SELECT `name`, `data`, `type`'
. ' FROM ' . $this->db->table_name('searches', true)
. ' WHERE `user_id` = ? AND `search_id` = ?',
(int) $this->ID, (int) $id
);
while ($sql_arr = $this->db->fetch_assoc($sql_result)) {
return [
'id' => $id,
'name' => $sql_arr['name'],
'type' => $sql_arr['type'],
'data' => unserialize($sql_arr['data']),
];
}
return [];
}
/**
* Deletes given saved search record
*
* @param int $sid Search ID
*
* @return bool True if deleted successfully, false if nothing changed
*/
public function delete_search($sid)
{
if (!$this->ID) {
return false;
}
$this->db->query(
'DELETE FROM ' . $this->db->table_name('searches', true)
. ' WHERE `user_id` = ? AND `search_id` = ?',
(int) $this->ID, $sid
);
return $this->db->affected_rows() > 0;
}
/**
* Create a new saved search record linked with this user
*
* @param array $data Hash array with col->value pairs to save
*
* @return int|false The inserted search ID or false on error
*/
public function insert_search($data)
{
if (!$this->ID) {
return false;
}
$insert_cols = ['user_id'];
$insert_values = [(int) $this->ID];
$insert_cols[] = $this->db->quote_identifier('type');
$insert_values[] = (int) $data['type'];
$insert_cols[] = $this->db->quote_identifier('name');
$insert_values[] = $data['name'];
$insert_cols[] = $this->db->quote_identifier('data');
$insert_values[] = serialize($data['data']);
$sql = 'INSERT INTO ' . $this->db->table_name('searches', true)
. ' (' . implode(', ', $insert_cols) . ')'
. ' VALUES (?' . str_repeat(', ?', count($insert_values) - 1) . ')';
$insert = $this->db->query($sql, $insert_values);
return $this->db->affected_rows($insert) ? $this->db->insert_id('searches') : false;
}
/**
* Get a saved response of this user.
*
* @param int $id Response ID
*
* @return array|null Hash array with all cols of the response record, NULL if not found
*/
public function get_response($id)
{
$sql_result = $this->db->query(
'SELECT * FROM ' . $this->db->table_name('responses', true)
. ' WHERE `user_id` = ? AND `response_id` = ? AND `del` = 0',
$this->ID, $id
);
if ($sql_arr = $this->db->fetch_assoc($sql_result)) {
$sql_arr['id'] = $sql_arr['response_id'];
$sql_arr['is_html'] = !empty($sql_arr['is_html']);
unset($sql_arr['response_id']);
return $sql_arr;
}
return null;
}
/**
* Return a list of all responses of this user.
*
* @return array List of responses (id, name)
*/
public function list_responses()
{
// Migrate the old responses existing in user preferences
if (!empty($this->prefs['compose_responses'])) {
foreach ($this->prefs['compose_responses'] as $response) {
$this->insert_response([
'name' => $response['name'],
'data' => $response['text'],
]);
}
$this->save_prefs(['compose_responses' => null]);
}
$sql_result = $this->db->query(
'SELECT `response_id`, `name` FROM ' . $this->db->table_name('responses', true)
. ' WHERE `user_id` = ? AND `del` = 0'
. ' ORDER BY `name`',
$this->ID
);
$result = [];
while ($sql_arr = $this->db->fetch_assoc($sql_result)) {
$result[] = [
'id' => $sql_arr['response_id'],
'name' => $sql_arr['name'],
];
}
return $result;
}
/**
* Update a specific response record.
*
* @param int $id Response ID
* @param array $data Hash array with col->value pairs to save
*
* @return bool True if saved successfully, false if nothing changed
*/
public function update_response($id, $data)
{
if (!$this->ID) {
return false;
}
$query_cols = $query_params = [];
foreach (['name', 'data', 'is_html'] as $col) {
if (isset($data[$col])) {
$query_cols[] = $this->db->quote_identifier($col) . ' = ?';
$query_params[] = $col == 'is_html' ? intval($data[$col]) : $data[$col];
}
}
$query_params[] = $id;
$query_params[] = $this->ID;
$sql = 'UPDATE ' . $this->db->table_name('responses', true)
. ' SET `changed` = ' . $this->db->now() . ', ' . implode(', ', $query_cols)
. ' WHERE `response_id` = ? AND `user_id` = ? AND `del` = 0';
$this->db->query($sql, $query_params);
return $this->db->affected_rows() > 0;
}
/**
* Create a new response record for the user.
*
* @param array $data Hash array with col->value pairs to save
*
* @return int|false The inserted response ID or false on error
*/
public function insert_response($data)
{
if (!$this->ID) {
return false;
}
$query_cols = [$this->db->quote_identifier('user_id')];
$query_params = [$this->ID];
foreach (['name', 'data', 'is_html'] as $col) {
if (isset($data[$col])) {
$query_cols[] = $this->db->quote_identifier($col);
$query_params[] = $col == 'is_html' ? intval($data[$col]) : $data[$col];
}
}
$sql = 'INSERT INTO ' . $this->db->table_name('responses', true)
. ' (`changed`, ' . implode(', ', $query_cols) . ')'
. ' VALUES (' . $this->db->now() . ', ' . trim(str_repeat('?, ', count($query_cols)), ', ') . ')';
$insert = $this->db->query($sql, $query_params);
return $this->db->affected_rows($insert) ? $this->db->insert_id('responses') : false;
}
/**
* Delete the given response record
*
* @param int $id Response ID
*
* @return bool True if deleted successfully, false otherwise
*/
public function delete_response($id)
{
if (!$this->ID) {
return false;
}
$this->db->query(
'UPDATE ' . $this->db->table_name('responses', true)
. ' SET `del` = 1 WHERE `user_id` = ? AND `response_id` = ?',
$this->ID,
$id
);
return $this->db->affected_rows() > 0;
}
}
Function Calls
None |
Stats
MD5 | 045eea8a27489a5cb86dbc921458bf93 |
Eval Count | 0 |
Decode Time | 97 ms |