Bytes PHP Framework Code

<?php
/**
* Controller class used for handing login access and authentication.
*
* @author 		Dana Murad
* @file  		LogInCT.php 
*
* @todo			
*/
require_once("../config/main.php");

class LogInCT extends CT 
{
	//__________________________________ M E M B E R S _____________________________________  

	/**
	* @desc Constants for session name of logged-in flag. 
	* @const
	*/
	const LOGGED_IN_FLAG = "logged_in"; 
	
	//__________________________________ C O N S T R U C T O R ____________________________ 
	
	/**
	* @desc Constructor
	*/
	function __construct
	(	
	)
	{

		parent::__construct();
					
	}
	
	//__________________________________ M A I N  __________________________________________

	/**
	* @desc Logs a user in and forwards to a page, mybooks page by default. 
	* @param string $gotoPage
	*/	
	public function loginUser($gotoPage = "mylistings.php")
	{
		$_SESSION[LogInCT::LOGGED_IN_FLAG] = TRUE; 
		header("location: " . BASE_URL . $gotoPage);
		exit();
	}
		
	/**
	* @desc Registers a user and sends validation email. 
	* @param string $firstName
	* @param string $lastName
	* @param string $eduEmail
	* @param string $phone
	* @param string $username
	* @param string $password
	* @param string $state
	* @param string $city
	* @param string $secretQuestion
	* @param string $secretAnswer
	* @return array
	*/
	public function registerUser
	(
		$firstName,
		$lastName,
		$eduEmail,
		$phone,
		$username,
		$password,
		$state,
		$city,
		$secretQuestion,
		$secretAnswer
	)
	{
		try
		{		
			$verStr = getRandomString(15); 
			$password = SHA1($password); 
			$userVO = new UserVO(INVALID,0,$username,$password,$firstName,$lastName,$city,$state,$eduEmail,$phone,$verStr,$secretQuestion,$secretAnswer,0,0,0,date("Y-m-d"));
			$userDAO = new DAO($userVO); 
			$userDAO->begin(); 
			
			if(!$userDAO->insert())
			{
				throw new Exception("Could not insert new user into database.");
			}		
			
			$mailer = new Mailer();
			$actURL = BASE_URL . "login.php?pageAction=activate&verStr=$verStr&username=$username"; 
			$subject = SITE_NAME . "Registration: Activation Required";
			$body = "Hi $firstName,\n\nThanks for signing up to " . SITE_NAME . ". To complete your registration, you must go to the following link within 10 days and activate your account." . 
			" You can click or copy and paste it into your internet browser. <br/><br/> <a href='$actURL'>$actURL</a> <br/><br/> Regards, <br/><br/><br/><br/><b> Administrator </b>"; 
			
			if(!$mailer->send($subject,$body,$eduEmail,NOREPLY_EMAIL,SITE_NAME))
			{
				$userDAO->rollback();
				throw new Exception("Could not send registration activation email."); 
			} 
			
			$userDAO->commit();
			
		}
		catch(Exception $e)
		{
			Error::report($e); 
		}
	}
		
	/**
	* @desc Activates a user via activation string and the username. If one user is found, the varStr is cleared, status set to on. 
	* @param string $verStr
	* @param string $username
	* @return array
	*/
	public function activateUser
	(
		$verStr,
		$username
	)
	{
		try
		{					
			$userVO = new UserVO();
			$userDAO = new DAO($userVO); 
			
			$username = mysql_real_escape_string($username); 
			
			$voList = $userDAO->findWhere($userVO,"`username` = '$username'");
			
			
			if(count($voList) == 1)
			{
				if($voList[0]->status == 1) // already active
				{
					return true; 
				}
				if($voList[0]->verStr == $verStr) //verStr matches
				{					
					$voList[0]->verStr = ""; 
					$voList[0]->status = 1; 
					$voList[0]->dateRegistered = Date::getCurrentMySQLDate();
					$userDAO->update($voList[0]); 
					return true;
				}
			}

			return false;
			
		}
		catch(Exception $e)
		{
			Error::report($e); 
		}
	}
	
	/**
	* @desc Authenticate user
	* @param $userid
	* @param $password
	* @return bool
	*/
	public function resetUserPassword
	(
		$email
	)
	{
		if(checkEmailAddress($email))
		{
			$userVO = new CustomerVO();
			$customerDAO = new DAO($userVO); 
			
			$voList = $customerDAO->findWhere("email = '$email'");
			
			if(isset($voList[0]))
			{
				$vo = $voList[0];
				$mailer = new Mailer();
				$newPass = getRandomString(7);
				
				
							
				$vo->passwd = MD5($newPass);
				$vo->status = CustomerVO::INACTIVE;
				
				$customerDAO = new DAO($vo);
								
				$customerDAO->update();
				
				
				# Send Message
				$msg = "Dear " . $vo->firstName . "<br /><br />You recently requested to reset your password at myforeclosuresearch.com. Your username is still " . $vo->username . 
				" and your temporary password is <b>" . $newPass . "</b>. <u>You must login and reactivate your account within 48 hours</u>.<br/><br/>Login is located at <a href='" . BASE_URL . "' >" . BASE_URL . "</a>. If you have any questions, please don't hesitate to contact us.
				<br /><br /><br /><br />Management";
				
				if ($mailer->send("Your Password Has Been Reset",$msg,$email))
				{
					return true;
				}
				else
				{
					header("Location: /confirmation.php?sec=6"); // Error occured page.
				}
				
			}
			else
			{
				$this->addMessage("E-mail address is incorrect and does not exist. Please confirm it is correct or try another."); 
			}
		
		}
		else
		{
			$this->addMessage("Invalid or empty email address. Must be in the form example@host.com."); 
		}
		
		return false;
	}
	
	/**
	* @desc Update the password a user
	* 
	*/
	public function resetPassword
	(
		$newPassword
	)
	{
		$userVO = new CustomerVO();
		$customerDAO = new DAO($userVO);
		
		$voList = $customerDAO->findWhere("username = ''");
		$voList[0]->passwd = $newPassword;
		
		$customerDAO = new DAO($voList[0]);
		$customerDAO->update();
	
	}

	//__________________________________ V A L I D A T I O N S  ____________________________ 
		
	/**
	* @desc Authenticate user, sets userID and userName session. 
	* @param string $userid
	* @param string $password
	* @return bool
	*/
	public function isValidUser
	(	
		$username, 
		$password
	)
	{

		
		$userVO = new UserVO();
		$userDAO = new DAO($userVO); 
		
		$username = mysql_real_escape_string($username); 
		$password = encryptPassword($password);
		
		$voList = $userDAO->findWhere($userVO, "username = '$username' AND password = '$password' AND status = 1");
		
		
		if(isset($voList[0]))
		{
			$userVO = $voList[0];
			
			$userVO->failedLoginCount = 0; 
			$userDAO->update($userVO);
			
			$_SESSION['userID'] = $voList[0]->id; 
			$_SESSION['username'] = $voList[0]->username; 
			$_SESSION['displayName'] = $voList[0]->firstName; 
			
			return TRUE; 
		}
				
		$voList = $userDAO->findWhere($userVO, "username = '$username'");		
		
		if(isset($voList[0]))
		{
			$userVO = $voList[0];
			
			if($userVO->failedLoginCount >= FAILED_LOGIN_COUNT)
			{
				$this->addMessage("You have reached the maximum number of times you can attempt to login. Your account has been locked and you must attempt recovery.");
				$userVO->status = UserVO::INACTIVE; 
				$userDAO->update($userVO); 
				return FALSE; 
			}
			else
			{
				$userVO->failedLoginCount++; 
				$userDAO->update($userVO); 
				return FALSE; 
			}
		}		
		
		return FALSE;
	}
	
	/**
	* @desc checks fields of the registration process. 
	* @param string $firstName
	* @param string $lastName
	* @param string $eduEmail
	* @param string $phone
	* @param string $username
	* @param string $password
	* @param string $confirmPassword
	* @param string $state
	* @param string $city
	* @param string $secretQuestion
	* @param string $secretAnswer
	* @param string $agreeTerms
	* @return array
	*/
	public function isValidRegistration
	(
		$firstName,
		$lastName,
		$eduEmail,
		$phone,
		$username,
		$password,
		$confirmPassword,
		$state,
		$city,
		$secretQuestion,
		$secretAnswer,
		$agreeTerms
	)
	{
		
		$noError = TRUE; 
		if(empty($firstName) || empty($lastName))
		{
			$this->addMessage("Both first name and last name fields are required.");
			$noError = FALSE; 
		}
		if(empty($eduEmail))
		{
			$this->addMessage("Your college or educational email address is required. (Must end in .edu extension). ");
			$noError = FALSE; 
		}
		else
		{			
			$pattern = '#^[A-Za-z0-9._%-]+@[a-zA-Z0-9.-]+\.edu$#';
			
			if(DEBUG) 
			{	
				$pattern = '#^[A-Za-z0-9._%-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}#'; 
			}	
			
			if (preg_match($pattern,$eduEmail) == 0)
			{			
				$this->addMessage("You must provide an email address that ends in .edu such as \"student@university.edu\". Please read our FAQ if any questions.");
				$noError = FALSE; 
			}
		}
		
		if(empty($username))
		{
			$this->addMessage("Please type a desired username that you'll use for logging in.");
			$noError = FALSE; 
		}
		else if (preg_match("/\s+/",$username))
		{			
			$this->addMessage("Usernames cannot contain spaces. You can use letters, numbers and the common printable special characters on your keyboard");
			$noError = FALSE; 
		}
		else
		{
			$userVO = new UserVO(); 
			$userDAO = new DAO($userVO); 
			$voList = $userDAO->findWhere("","`username` = '$username'","","","","LIMIT 1");
			if(!empty($voList))
			{
				$this->addMessage("We're sorry, the username $username has already been taken, please try another.");
				$noError = FALSE; 
			}
		}
		
		if(empty($password))
		{
			$this->addMessage("You must provide a password to authenticate you when you log in. Choose a password that is atleast 6 characters and contains letters and numbers.");
			$noError = FALSE; 
		}
		elseif($password != $confirmPassword)
		{
			$this->addMessage("Passwords do not match. Please type your password exactly the same twice to ensure correct capture.");
			$noError = FALSE; 
		}
		if(empty($state) || empty($city))
		{
			$this->addMessage("Please choose a state then a city closest to you.");
			$noError = FALSE; 
		}
		if(empty($secretQuestion) || empty($secretAnswer))
		{
			$this->addMessage("Please provide a question to be asked of you when you lose your password. Then provide the answer that only you would know.");
			$noError = FALSE; 
		}
		if(empty($agreeTerms))
		{		
			$this->addMessage("Please read and agree to our terms and conditions before registering. You are legally bound by it.");
			$noError = FALSE; 
		}
		return $noError; 	
		
	}
	
	//__________________________________ U T I L I T Y  ____________________________________
	


	       
	
}