<?php
/*

 Copyright (c) 2001 - 2005 Ampache.org
 All rights reserved.

 This program is free software; you can redistribute it and/or
 modify it under the terms of the GNU General Public License
 as published by the Free Software Foundation; either version 2
 of the License, or (at your option) any later version.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.

 You should have received a copy of the GNU General Public License
 along with this program; if not, write to the Free Software
 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
*/

/*!
	@header User Object
	View object that is thrown into their session

*/


class User {

	//Basic Componets
	var $username;
	var $id=0;
	var $fullname;
	var $access;
	var $offset_limit=25;
	var $email;
	var $last_seen;
	
	function User($username=0,$uid=0) {

		if (!$username && !$uid) { 
			return true;
		}

		$this->username 	= $username;
		$this->id		= $uid;
		$info 			= $this->get_info();
		$this->username 	= $info->username;
		$this->id		= $info->id;
		$this->id 		= $info->id;
		$this->fullname 	= $info->fullname;
		$this->access 		= $info->access;
		$this->offset_limit 	= $info->offset_limit;
		$this->email		= $info->email;
		$this->last_seen	= $info->last_seen;
		$this->set_preferences();

		// Make sure the Full name is always filled
		if (strlen($this->fullname) < 1) { $this->fullname = $this->username; }

	} // User


	/*! 
		@function get_info
		@dicussion gets the info!
	*/
	function get_info() {

		if ($this->username) { 
			$sql = "SELECT * FROM user WHERE username='$this->username'";
		}
		else { 
			$sql = "SELECT * FROM user WHERE id='$this->id'";
		}
		$db_results = mysql_query($sql, dbh());

		return mysql_fetch_object($db_results);

	} // get_info

	/*!
		@function get_preferences
		@discussion gets the prefs for this specific
			user and returns them as an array
	*/
	function get_preferences() { 
		
		$sql = "SELECT preferences.name, preferences.description, preferences.type, user_preference.value FROM preferences,user_preference WHERE user_preference.user='$this->id' AND user_preference.preference=preferences.id AND preferences.type='user'";
		$db_results = mysql_query($sql, dbh());

		while ($r = mysql_fetch_object($db_results)) { 
			$results[] = $r;
		}

		return $results;
	
	} // get_preferences

	/*!
		@function set_preferences
		@discussion sets the prefs for this specific 
			user
	*/
	function set_preferences() {

		$sql = "SELECT preferences.name,user_preference.value FROM preferences,user_preference WHERE user_preference.user='$this->id' " .
			"AND user_preference.preference=preferences.id AND preferences.type='user'";
		$db_results = mysql_query($sql, dbh());

		while ($r = mysql_fetch_object($db_results)) {
			$this->prefs[$r->name] = $r->value;
		} 
	} // get_preferences

	/*!
		@function get_favorites
		@discussion returns an array of your $type
			favorites
	*/
	function get_favorites($type) { 

	        $sql = "SELECT * FROM object_count" .
	                " WHERE count > 0" .
	                " AND object_type = '$type'" .
	                " AND userid = '" . $this->id . "'" .
	                " ORDER BY count DESC LIMIT " . conf('popular_threshold');
	        $db_result = mysql_query($sql, dbh());

		$items = array();
	        $web_path = conf('web_path');

        	while ($r = @mysql_fetch_object($db_result) ) {
			/* If its a song */
			if ($type == 'song') { 
				$data = new Song($r->object_id);
				$data->count = $r->count;
				$data->format_song();
				$data->f_name = $data->f_link;
				$items[] = $data;
			}
			/* If its an album */
			elseif ($type == 'album') { 
				$data = new Album($r->object_id);
				$data->count = $r->count;
				$data->format_album();
				$items[] = $data;
			} 
			/* If its an artist */
			elseif ($type == 'artist') { 
				$data = new Artist($r->object_id);
				$data->count = $r->count;
				$data->format_artist();
				$data->f_name = $data->link;
				$items[] = $data;
			} 		 

		} // end while
		
		return $items;

	} // get_favorites

	/*!
		@function is_xmlrpc
		@discussion checks to see if this is a valid
			xmlrpc user
	*/
	function is_xmlrpc() { 

		/* If we aren't using XML-RPC return true */
		if (!conf('xml_rpc')) { 
			return false;
		}

		//FIXME: Ok really what we will do is check the MD5 of the HTTP_REFERER 
		//FIXME: combined with the song title to make sure that the REFERER
		//FIXME: is in the access list with full rights
		return true;

	} // is_xmlrpc

	/*!
		@function is_logged_in
		@discussion checks to see if $this user is logged in
	*/
	function is_logged_in() { 

		$sql = "SELECT id FROM session WHERE username='$this->id'" .
			" AND expire > ". time();
		$db_results = mysql_query($sql,dbh());

		if (mysql_num_rows($db_results)) { 
			return true;
		}

		return false;

	} // is_logged_in

	/*!
		@function has_access
		@discussion this function checkes to see if this user has access
			to the passed action (pass a level requirement)
	*/
	function has_access($needed_level) { 

		if ($this->access == "admin") { $level = 100; }
		elseif ($this->access == "user") { $level = 25; }
		else { $level = $this->access; }

		if (!conf('use_auth') || conf('demo_mode')) { return true; }

		if ($level >= $needed_level) { return true; }

		return false;

	} // has_access

	/*!
		@function update_preference
		@discussion updates a single preference if the query fails
			it attempts to insert the preference instead
	*/
	function update_preference($preference_id, $value, $id=0) {

		if (!$id) { 
			$id = $this->id;
		} 

		$value = sql_escape($value);
		//FIXME: 
		// Do a has_access check here...

		$sql = "UPDATE user_preference SET value='$value' WHERE user='$id' AND preference='$preference_id'";
		$db_results = @mysql_query($sql, dbh());

	} // update_preference

	/*!
		@function add_preference
		@discussion adds a new preference
		@param $key	preference name
		@param $value	preference value
		@param $id	user is
	*/
	function add_preference($preference_id, $value, $id=0) { 
	
		if (!$id) { 
			$id = $this->id;
		}

		$value = sql_escape($value);

		if (!is_numeric($preference_id)) { 
			$sql = "SELECT id FROM preferences WHERE `name`='$preference_id'";
			$db_results = mysql_query($sql, dbh());
			$r = mysql_fetch_array($db_results);
			$preference_id = $r[0];
		} // end if it's not numeric

		$sql = "INSERT user_preference SET `user`='$id' , `value`='$value' , `preference`='$preference_id'";
		$db_results = mysql_query($sql, dbh());

	} // add_preference

	/*!
		@function update_username
		@discussion updates their username
	*/
	function update_username($new_username) {

		$new_username = sql_escape($new_username);
		$sql = "UPDATE user SET username='$new_username' WHERE id='$this->id'";
		$db_results = mysql_query($sql, dbh());

	} // update_username

	/*!
		@function update_fullname
		@discussion updates their fullname
	*/
	function update_fullname($new_fullname) {
		
		$new_fullname = sql_escape($new_fullname);
		$sql = "UPDATE user SET fullname='$new_fullname' WHERE id='$this->id'";
		$db_results = mysql_query($sql, dbh());

	} // update_username

	/*!
		@function update_email
		@discussion updates their email address
	*/
	function update_email($new_email) {

		$new_email = sql_escape($new_email);
		$sql = "UPDATE user SET email='$new_email' WHERE id='$this->id'";
		$db_results = mysql_query($sql, dbh());

	} // update_email

	/*!
		@function update_offset
		@discussion this updates the users offset_limit
	*/
	function update_offset($new_offset) { 

		$new_offset = sql_escape($new_offset);
		$sql = "UPDATE user SET offset_limit='$new_offset' WHERE id='$this->id'";
		$db_results = mysql_query($sql, dbh());

	} // update_offset

	/*!
		@function update_access
		@discussion updates their access level
	*/
	function update_access($new_access) { 

		/* Check for all disable */
		if ($new_access == 'disabled') { 
			$sql = "SELECT id FROM user WHERE access != 'disabled' AND id != '$this->id'";
			$db_results = mysql_query($sql,dbh());
			if (!mysql_num_rows($db_results)) { return false; }
		}
		
		/* Prevent Only User accounts */
		if ($new_access == 'user') { 
			$sql = "SELECT id FROM user WHERE (access='admin' OR access='100') AND id != '$this->id'";
			$db_results = mysql_query($sql, dbh());
			if (!mysql_num_rows($db_results)) { return false; }
		}

		$new_access = sql_escape($new_access);
		$sql = "UPDATE user SET access='$new_access' WHERE id='$this->id'";
		$db_results = mysql_query($sql, dbh());

	} // update_access

	/*!
		@function update_last_seen
		@discussion updates the last seen data for this user
	*/
	function update_last_seen() { 
		
		$sql = "UPDATE user SET last_seen='" . time() . "' WHERE id='$this->id'";
		$db_results = mysql_query($sql, dbh());
	
	} // update_last_seen

	/*!
		@function update_user_stats
		@discussion updates the playcount mojo for this 
			specific user
	*/
	function update_stats($song_id) {

		$song_info = new Song($song_id);
		$user = $this->id;
		$dbh = dbh();

		if (!$song_info->file) { return false; }

		$time = time();

                // Play count for this song
                $sql = "UPDATE object_count" .
                        " SET date = '$time', count=count+1" .
                        " WHERE object_type = 'song'" .
                        " AND object_id = '$song_id' AND userid = '$user'";
                $db_result = mysql_query($sql, $dbh);

                $rows = mysql_affected_rows();
                if (!$rows) {
                        $sql = "INSERT INTO object_count (object_type,object_id,date,count,userid)" .
                                " VALUES ('song','$song_id','$time','1','$user')";
                        $db_result = mysql_query($sql, $dbh);
                }

                // Play count for this artist
                $sql = "UPDATE object_count" .
                        " SET date = '$time', count=count+1" .
                        " WHERE object_type = 'artist'" .
                        " AND object_id = '" . $song_info->artist . "' AND userid = '$user'";
                $db_result = mysql_query($sql, $dbh);

                $rows = mysql_affected_rows();
                if (!$rows) {
                        $sql = "INSERT INTO object_count (object_type,object_id,date,count,userid)" .
                                " VALUES ('artist','".$song_info->artist."','$time','1','$user')";
                        $db_result = mysql_query($sql, $dbh);
                }

                // Play count for this album
                $sql = "UPDATE object_count" .
                        " SET date = '$time', count=count+1" .
                        " WHERE object_type = 'album'" .
                        " AND object_id = '".$song_info->album."' AND userid = '$user'";
                $db_result = mysql_query($sql, $dbh);

                $rows = mysql_affected_rows();
                if (!$rows) {
                        $sql = "INSERT INTO object_count (object_type,object_id,date,count,userid)" .
                                "VALUES ('album','".$song_info->album."','$time','1','$user')";
                        $db_result = mysql_query($sql, $dbh);
                }


	} // update_stats

	/*!
		@function create
		@discussion inserts a new user into ampache
	*/
	function create($username, $fullname, $email, $password, $access) { 

		/* Lets clean up the fields... */
		$username	= sql_escape($username);
		$fullname	= sql_escape($fullname);
		$email		= sql_escape($email);

		/* Now Insert this new user */
		$sql = "INSERT INTO user (username, fullname, email, password, access) VALUES" .
			" ('$username','$fullname','$email',PASSWORD('$password'),'$access')";
		$db_results = mysql_query($sql, dbh());
		if (!$db_results) { return false; }
		$user_id = mysql_insert_id(dbh());

		/* Populates any missing preferences, in this case all of them */
		$this->fix_preferences($user_id);

		return $user_id;

	} // new
	
	/*!
		@function update_password
		@discussion updates a users password
	*/
	function update_password($new_password) { 
		
		$sql = "UPDATE user SET password=PASSWORD('$new_password') WHERE id='$this->id'";
		$db_results = mysql_query($sql, dbh());

		return true;
	} // update_password 


	/*!
		@function format_favorites
		@discussion takes an array of objects and formats them corrrectly
			and returns a simply array with just <a href values
	*/
	function format_favorites($items) { 

		// The length of the longest item
		$maxlen = strlen($items[0]->count);

		// Go through the favs
		foreach ($items as $data) { 
			
			// Make all number lengths equal	
			$len = strlen($data->count);
			while ($len < $maxlen) { 
				$data->count = "0" . $data->count;
				$len++;
			}

			$results[] = "<li>[$data->count] - $data->f_name</li>\n";

		} // end foreach items

		return $results;	

	} // format_favorites

	/*!
		@function fix_preferences
		@discussion this makes sure that the specified user
			has all the correct preferences. This function 
			should be run whenever a system preference is run
			it's a cop out... FIXME!
	*/
	function fix_preferences($user_id = 0) { 

		if (!$user_id) { 
			$user_id = $this->id;
		}

		/* Get All Preferences */
		$sql = "SELECT * FROM user_preference WHERE user='$user_id'";
		$db_results = mysql_query($sql, dbh());

		while ($r = mysql_fetch_object($db_results)) {
			/* Check for duplicates */
			if (isset($results[$r->preference])) { 
				$r->value = sql_escape($r->value);
				$sql = "DELETE FROM user_preference WHERE user='$user_id' AND preference='$r->preference' AND value='$r->value'";
				$delete_results = mysql_query($sql, dbh());
			} // duplicate
			else { 
				$results[$r->preference] = $r;
			}
		} // while results

		/* 
		  If we aren't the 0 user before we continue then grab the 
		  0 user's values 
		*/
		if ($user_id != '0') { 
			$sql = "SELECT user_preference.preference,user_preference.value FROM user_preference,preferences " . 
				"WHERE user_preference.preference = preferences.id AND user_preference.user='0' AND preferences.type='user'";
			$db_results = mysql_query($sql, dbh());
			while ($r = mysql_fetch_object($db_results)) { 
				$zero_results[$r->preference] = $r->value;
			}
		} // if not user 0


		$sql = "SELECT * FROM preferences";
		if ($user_id != '0') { 
			$sql .= " WHERE type='user'";
		}
		$db_results = mysql_query($sql, dbh());


		while ($r = mysql_fetch_object($db_results)) { 
			
			/* Check if this preference is set */
			if (!isset($results[$r->id])) { 
				if (isset($zero_results[$r->id])) { 
					$r->value = $zero_results[$r->id];
				}
				$sql = "INSERT INTO user_preference (`user`,`preference`,`value`) VALUES ('$user_id','$r->id','$r->value')";
				$insert_db = mysql_query($sql, dbh());
			}
		} // while preferences

	} // fix_preferences


	/*!
		@function delete_stats
		@discussion deletes the stats for this user 
	*/
	function delete_stats() { 

		$sql = "DELETE FROM object_count WHERE userid='" . $this->id . "'";
		$db_results = mysql_query($sql, dbh());

	} // delete_stats

	/*!
		@function delete
		@discussion deletes this user and everything assoicated with it
	*/
	function delete() { 

		/* 
		  Before we do anything make sure that they aren't the last 
		  admin
		*/
		if ($this->has_access(100)) { 
			$sql = "SELECT * FROM user WHERE (level='admin' OR level='100') AND id!='" . $this->id . "'";
			$db_results = mysql_query($sql, dbh());
			if (!mysql_num_rows($db_results)) { 
				return false;
			}
		} // if this is an admin check for others 

		// Delete their playlists
		$sql = "DELETE FROM playlist WHERE owner='$this->id'";
		$db_results = mysql_query($sql, dbh());

		// Delete any stats they have
		$sql = "DELETE FROM object_count WHERE userid='$this->id'";
		$db_results = mysql_query($sql, dbh());

		// Delete their preferences
		$sql = "DELETE FROM preferences WHERE user='$this->id'";
		$db_results = mysql_query($sql, dbh());

		// Delete the user itself
		$sql = "DELETE FROM user WHERE id='$this->id'";
		$db_results = mysql_query($sql, dbh());

		return true;

	} // delete

	/*!
		@function is_online
		@parameter delay how long since last_seen in seconds default of 20 min
		@description  calcs difference between now and last_seen
			if less than delay, we consider them still online
	*/
	function is_online( $delay = 1200 ) {
		return time() - $this->last_seen <= $delay;
	}

} //end class
?>