diff options
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/comment.inc | 13 | ||||
| -rw-r--r-- | includes/common.inc | 10 | ||||
| -rw-r--r-- | includes/function.inc | 2 | ||||
| -rw-r--r-- | includes/locale.inc | 2 | ||||
| -rw-r--r-- | includes/story.inc | 2 | ||||
| -rw-r--r-- | includes/theme.inc | 8 | ||||
| -rw-r--r-- | includes/user.inc | 72 | ||||
| -rw-r--r-- | includes/watchdog.inc | 6 |
8 files changed, 51 insertions, 64 deletions
diff --git a/includes/comment.inc b/includes/comment.inc index c64a3e4dd..44909ac65 100644 --- a/includes/comment.inc +++ b/includes/comment.inc @@ -32,12 +32,12 @@ function comment_moderate($moderate) { $none = $comment_votes[key($comment_votes)]; foreach ($moderate as $id=>$vote) { - if ($vote != $comment_votes[$none] && !user_get_history($user->history, "c$id")) { + if ($vote != $comment_votes[$none] && !user_get($user, "history", "c$id")) { // Update the comment's score: $result = db_query("UPDATE comments SET score = score $vote, votes = votes + 1 WHERE cid = $id"); // Update the user's history: - user_set_history("c$id", $vote); + $user = user_set($user, "history", "c$id", $vote); } } } @@ -45,12 +45,7 @@ function comment_moderate($moderate) { function comment_settings($mode, $order, $threshold) { global $user; - if ($user->id) { - $data[mode] = $mode; - $data[sort] = $order; - $data[threshold] = $threshold; - user_save($data, $user->id); - } + if ($user->id) $user = user_save($user, array("mode" => $mode, "sort" => $order, "threshold" => $threshold)); } function comment_reply($pid, $id) { @@ -180,7 +175,7 @@ function comment_moderation($comment) { if ($op == "reply") { $output .= " "; } - else if ($user->id && $user->userid != $comment->userid && !user_get_history($user->history, "c$comment->cid")) { + else if ($user->id && $user->userid != $comment->userid && !user_get($user, "history", "c$comment->cid")) { $output .= "<SELECT NAME=\"moderate[$comment->cid]\">\n"; foreach ($comment_votes as $key=>$value) $output .= " <OPTION VALUE=\"$value\">$key</OPTION>\n"; $output .= "</SELECT>\n"; diff --git a/includes/common.inc b/includes/common.inc index 7ee1034c6..046f6a1cf 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -1,6 +1,6 @@ <? -function conf_load() { +function conf_init() { global $HTTP_HOST, $REQUEST_URI; $file = strtr($HTTP_HOST ."". substr($REQUEST_URI, 0, strrpos($REQUEST_URI, "/")), "/:", ".."); while ($file && !file_exists("includes/$file.conf")) { @@ -9,7 +9,7 @@ function conf_load() { return $file; } -$conf = conf_load(); +$conf = conf_init(); include_once "includes/$conf.conf"; include_once "includes/database.inc"; @@ -21,8 +21,8 @@ include_once "includes/search.inc"; include_once "includes/theme.inc"; include_once "includes/user.inc"; -user_load(); -$locale = locale_load(); -$theme = theme_load(); +user_init(); +$locale = locale_init(); +$theme = theme_init(); ?>
\ No newline at end of file diff --git a/includes/function.inc b/includes/function.inc index 04402f5a7..44ec40baa 100644 --- a/includes/function.inc +++ b/includes/function.inc @@ -76,7 +76,7 @@ function format_date($timestamp, $type = "medium") { function format_username($username) { global $user; - if ($username) return (user_permission($user) ? "<A HREF=\"admin.php?mod=account&op=view&name=$username\">$username</A>" : "<A HREF=\"account.php?op=view&name=$username\">$username</A>"); + if ($username) return (user_access($user, "account") ? "<A HREF=\"admin.php?mod=account&op=view&name=$username\">$username</A>" : "<A HREF=\"account.php?op=view&name=$username\">$username</A>"); else { global $anonymous; return $anonymous; } } diff --git a/includes/locale.inc b/includes/locale.inc index 50d07a7dd..8b717b3ef 100644 --- a/includes/locale.inc +++ b/includes/locale.inc @@ -1,6 +1,6 @@ <? -function locale_load() { +function locale_init() { global $languages, $user; return ($user->id && $user->language) ? $user->language : key($languages); } diff --git a/includes/story.inc b/includes/story.inc index 04e93661a..5d99505d6 100644 --- a/includes/story.inc +++ b/includes/story.inc @@ -13,7 +13,7 @@ class Story { function story_visible($story) { global $user; - return ($story->status == 2) || ($story->status == 1 && $user->id) || user_permission($user); + return ($story->status == 2) || ($story->status == 1 && $user->id) || user_access($user, "story"); } ?>
\ No newline at end of file diff --git a/includes/theme.inc b/includes/theme.inc index 1bdff7b41..d5ea7dc87 100644 --- a/includes/theme.inc +++ b/includes/theme.inc @@ -1,6 +1,6 @@ <? -function theme_load() { +function theme_init() { global $user, $themes; if ($user->theme && file_exists($themes[$user->theme][0])) { @@ -39,7 +39,7 @@ function theme_account($theme) { $content .= "<LI><A HREF=\"account.php?op=edit&topic=content\">". t("edit your content") ."</A></LI>\n"; $content .= "<P>\n"; - if (user_permission($user)) { + if (user_access($user)) { $content .= "<LI><A HREF=\"admin.php\">administer ". $site_name ."</A></LI>\n"; $content .= "<P>\n"; } @@ -95,10 +95,10 @@ function theme_morelink($theme, $story) { function theme_moderation_results($theme, $story) { global $user; - if ($user->id && $story->id && ($user->id == $story->author || user_get_history($user->history, "s$story->id"))) { + if ($user->id && $story->id && ($user->id == $story->author || user_get($user, "history", "s$story->id"))) { $result = db_query("SELECT * FROM users WHERE history LIKE '%s$story->id%'"); while ($account = db_fetch_object($result)) { - $output .= format_username($account->userid) ." voted `". user_get_history($account->history, "s$story->id") ."'.<BR>"; + $output .= format_username($account->userid) ." voted `". user_get($account, "history", "s$story->id") ."'.<BR>"; } $theme->box("Moderation results", ($output ? $output : "This story has not been moderated yet.")); diff --git a/includes/user.inc b/includes/user.inc index 9c4f38f66..0bb12d0ec 100644 --- a/includes/user.inc +++ b/includes/user.inc @@ -6,46 +6,46 @@ class User { $result = db_query("SELECT * FROM users WHERE LOWER(userid) = LOWER('$userid') && passwd = PASSWORD('$passwd') && STATUS = 2"); if (db_num_rows($result) == 1) { foreach (db_fetch_row($result) as $key=>$value) { $field = mysql_field_name($result, $key); $this->$field = stripslashes($value); $this->field[] = $field; } - db_query("UPDATE users SET last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_HOST]' WHERE id = $this->id"); + db_query("UPDATE users SET last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_ADDR]' WHERE id = $this->id"); } } else { $result = db_query("SELECT * FROM users WHERE userid = '$userid' && STATUS = 2"); if (db_num_rows($result) == 1) { foreach (db_fetch_row($result) as $key=>$value) { $field = mysql_field_name($result, $key); $this->$field = stripslashes($value); $this->field[] = $field; } - db_query("UPDATE users SET last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_HOST]' WHERE id = $this->id"); + db_query("UPDATE users SET last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_ADDR]' WHERE id = $this->id"); } } } } -function user_load() { +function user_init() { global $db_name; session_name($db_name); session_start(); } -function user_save($data, $id = 0) { - global $user; +function user_load($username) { + return new User($username); +} - foreach ($data as $key=>$value) { +function user_save($account, $array) { + // dynamically compose query: + foreach ($array as $key=>$value) { if ($key == "passwd") $query .= "$key = PASSWORD('". addslashes($value) ."'), "; else $query .= "$key = '". addslashes($value) ."', "; } - if (empty($id)) { - db_query("INSERT INTO users SET $query last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_HOST]'"); - } - else { - db_query("UPDATE users SET $query last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_HOST]' WHERE id = $id"); - $result = db_query("SELECT * FROM users WHERE id = $id AND status = 2"); - if (db_num_rows($result) == 1) foreach (db_fetch_array($result) as $key=>$value) { $user->$key = stripslashes($value); } - else $user = 0; - } + // update or instert account: + if ($account->id) db_query("UPDATE users SET $query last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_ADDR]' WHERE id = '$account->id'"); + else db_query("INSERT INTO users SET $query last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_ADDR]'"); + + // return account: + return user_load(($account->userid ? $account->userid : $array["userid"])); } -function user_get_history($history, $field) { - $data = explode(";", $history); +function user_get($account, $column, $field) { + $data = explode(";", $account->$column); for (reset($data); current($data); next($data)) { $entry = explode(":", current($data)); if (reset($entry) == $field) $rval = end($entry); @@ -53,46 +53,38 @@ function user_get_history($history, $field) { return $rval; } -function user_set_history($field, $value) { - global $user; - $history = $user->history; +function user_set($account, $column, $name, $value) { + $field = $account->$column; + if (!$value) { // remove entry: - $data = explode(";", $history); + $data = explode(";", $field); for (reset($data); current($data); next($data)) { $entry = explode(":", current($data)); - if ($entry[0] != $field) $rval .= "$entry[0]:$entry[1];"; + if ($entry[0] != $name) $rval .= "$entry[0]:$entry[1];"; } } - else if (strstr($history, "$field:")) { + else if (strstr($field, "$name:")) { // found: update exsisting entry: - $data = explode(";", $history); + $data = explode(";", $field); for (reset($data); current($data); next($data)) { $entry = explode(":", current($data)); - if ($entry[0] == $field) $entry[1] = $value; + if ($entry[0] == $name) $entry[1] = $value; $rval .= "$entry[0]:$entry[1];"; } } else { - // not found: add new entry: - $rval = "$history$field:$value;"; + // not found: + $rval = "$field$name:$value;"; } - $user->history = $rval; - - // save new history: - $query .= "UPDATE users SET "; - foreach ($user->field as $key=>$field) { $value = $user->$field; $query .= "$field = '". addslashes($value) ."', "; } - $query .= " id = $user->id WHERE id = $user->id"; - db_query($query); -} -function user_rehash() { - global $user; - if ($user->id) $user = new User($user->userid); + return user_save($account, array($column => $rval)); } -function user_permission($account) { - return ($account->permissions == 1 || $account->id == 1); +function user_access($account, $section = 0) { +// print $account->userid ." ". $account->access ."<P>"; + if ($section) return (user_get($account, "access", $section) || $account->id == 1); + else return ($account->access || $account->id == 1); } ?>
\ No newline at end of file diff --git a/includes/watchdog.inc b/includes/watchdog.inc index 2eb0baf2c..da24d79d8 100644 --- a/includes/watchdog.inc +++ b/includes/watchdog.inc @@ -9,8 +9,8 @@ $watchdog = array("comment" => array("0", $submission_rate["comment"]), function watchdog($id, $message) { global $user, $watchdog, $watchdog_history; -/* - if ($watchdog[$id][1] && !user_permission($user)) { + + if ($watchdog[$id][1] && !user_access($user, "watchdog")) { if ($log = db_fetch_object(db_query("SELECT * FROM watchdog WHERE hostname = '". getenv("REMOTE_ADDR") ."' AND level = '". $watchdog[$id][0] ."'"))) { if (time() - $log->timestamp < $watchdog[$id][1]) { watchdog("warning", "'". getenv("REMOTE_ADDR") ."' exceeded '$id' submission rate"); @@ -19,7 +19,7 @@ function watchdog($id, $message) { } } } -*/ + // Perform query to add new watchdog entry: db_query("INSERT INTO watchdog (level, timestamp, user, message, location, hostname) VALUES ('". $watchdog[$id][0] ."', '". time() ."', '". check_input($user->id) ."', '". check_input($message) ."', '". check_input(getenv("REQUEST_URI")) ."', '". check_input(getenv("REMOTE_ADDR")) ."')"); } |