diff options
| author | Dries Buytaert <dries@buytaert.net> | 2000-10-19 13:31:23 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2000-10-19 13:31:23 +0000 |
| commit | 11ee95dadc408e16e9832af9fd0b41495e78b0a6 (patch) | |
| tree | a8f5ca3387e360b37d0eafc4edfdc5fdc52d3b87 /includes/user.inc | |
| parent | 43af5a7389265891770e4a283e4748678754797f (diff) | |
| download | brdo-11ee95dadc408e16e9832af9fd0b41495e78b0a6.tar.gz brdo-11ee95dadc408e16e9832af9fd0b41495e78b0a6.tar.bz2 | |
A big, fat commit with a shitload of internal changes. Not that much
visual changes:
- removed redundant files user.class.php, calendar.class.php
and backend.class.php.
- converted *all* mysql queries to queries supported by the
database abstraction layer.
- expanded the watchdog to record more information on what
actually happened.
- bugfix: anonymous readers where not able to view comments.
- bugfix: anonymous readers could gain read-only access to
the submission queue.
- bugfix: invalid includes in backend.php
- bugfix: invalid use of '$user->block'
and last but not least:
- redid 50% of the user account system
Diffstat (limited to 'includes/user.inc')
| -rw-r--r-- | includes/user.inc | 41 |
1 files changed, 18 insertions, 23 deletions
diff --git a/includes/user.inc b/includes/user.inc index 115c940c0..62e5547be 100644 --- a/includes/user.inc +++ b/includes/user.inc @@ -1,41 +1,36 @@ <? -$access = array("Administrator" => 0x00000001, +$permissions = array("Administrator" => 0x00000001, "User manager" => 0x00000002, "News manager" => 0x00000004); class User { - function User($userid, $passwd="") { - $result = db_query("SELECT * FROM users WHERE LOWER(userid) = LOWER('$userid') && passwd = PASSWORD('$passwd') && STATUS = 0"); + function User($userid, $passwd = "") { + $result = db_query("SELECT * FROM users WHERE LOWER(userid) = LOWER('$userid') && passwd = PASSWORD('$passwd') && STATUS = 2"); if (db_num_rows($result) == 1) { foreach (db_fetch_row($result) as $key=>$value) { $field = mysql_field_name($result, $key); $this->$field = stripslashes($value); $this->field[] = $field; } + db_query("UPDATE users SET last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_HOST]' WHERE id = $this->id"); } } } -function user_save() { +function user_save($data, $id = 0) { global $user; - ### Compose query to update user record: -} - -function user_rehash() { - global $user; - $result = db_query("SELECT * FROM users WHERE id=$user->id"); - if (db_num_rows($result) == 1) { - foreach (db_fetch_array($result) as $key=>$value) { $user->$key = stripslashes($value); } + + foreach ($data as $key=>$value) { + if ($key == "passwd") $query .= "$key = PASSWORD('". addslashes($value) ."'), "; + else $query .= "$key='". addslashes($value) ."', "; } -} - -function user_valid($access = 0) { - global $user; - if ($user->userid) { - user_rehash(); // synchronisation purpose - $user->last_access = time(); - $user->last_host = ($GLOBALS[REMOTE_HOST]) ? $GLOBALS[REMOTE_HOST] : $GLOBALS[REMOTE_ADDR]; - db_query("UPDATE users SET last_access = '$user->last_access', last_host = '$user->last_host' WHERE id = $user->id"); - if ($user->access & $access || $access == 0) return 1; + + if (empty($id)) { + db_query("INSERT INTO users SET $query last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_HOST]'"); + } + else { + db_query("UPDATE users SET $query last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_HOST]' WHERE id = $id"); + $result = db_query("SELECT * FROM users WHERE id = $id AND status = 2"); + if (db_num_rows($result) == 1) foreach (db_fetch_array($result) as $key=>$value) { $user->$key = stripslashes($value); } + else $user = 0; } - return 0; } function user_getHistory($history, $field) { |