Commit 14b12b3a authored by Dries's avatar Dries
Browse files

* Added more and better error checking which should fix 'potential'
  bugs or weird behavior in case something goes wrong.  We aim for
  something that is rock-solid, right? :-)
parent 4b4d8c6c
......@@ -117,8 +117,8 @@ function account_makePassword($min_length=6) {
switch ($op) {
case "Login":
session_start();
$user = new User($userid,$passwd);
if ($user && $user->valid()) { session_register("user"); }
$user = new User($userid, $passwd);
if ($user && $user->valid()) session_register("user");
showUser($user->userid);
break;
case "new":
......@@ -202,6 +202,7 @@ function account_makePassword($min_length=6) {
}
break;
case "editpage":
if ($user && $user->valid()) {
### Generate output/content:
$output .= "<FORM ACTION=\"account.php\" METHOD=post>\n";
$output .= "<B>Theme:</B><BR>\n";
......@@ -247,7 +248,13 @@ function account_makePassword($min_length=6) {
$theme->header();
$theme->box("Customize page", $output);
$theme->footer();
}
else {
include "theme.inc";
$theme->header();
$theme->box("Login", showLogin($userid));
$theme->footer();
}
break;
case "Save user information":
if ($user && $user->valid()) {
......@@ -280,4 +287,5 @@ function account_makePassword($min_length=6) {
default:
showUser($user->userid);
}
?>
\ No newline at end of file
<?
$access = array("Administrator" => 0x00000001,
"User manager" => 0x00000002,
"News manager" => 0x00000004);
......@@ -10,6 +11,7 @@ function User($userid, $passwd="") {
foreach (db_fetch_row($result) as $key=>$value) { $field = mysql_field_name($result, $key); $this->$field = stripslashes($value); $this->field[] = $field; }
}
}
function save() {
### Compose query to update user record:
$query .= "UPDATE users SET ";
......@@ -18,25 +20,29 @@ function save() {
### Perform query:
db_query($query);
}
function rehash() {
$result = db_query("SELECT * FROM users WHERE id=$this->id");
if (db_num_rows($result) == 1) {
foreach (db_fetch_array($result) as $key=>$value) { $this->$key = stripslashes($value); }
}
}
function valid($access=0) {
if (!empty($this->userid)) {
function valid($access = 0) {
if ($this->userid) {
$this->rehash(); // synchronisation purpose
$this->last_access = time();
$this->last_host = (!empty($GLOBALS[REMOTE_HOST]) ? $GLOBALS[REMOTE_HOST] : $GLOBALS[REMOTE_ADDR] );
db_query("UPDATE users SET last_access='$this->last_access',last_host='$this->last_host' WHERE id=$this->id");
$this->last_host = (!empty($GLOBALS[REMOTE_HOST]) ? $GLOBALS[REMOTE_HOST] : $GLOBALS[REMOTE_ADDR]);
db_query("UPDATE users SET last_access = '$this->last_access', last_host = '$this->last_host' WHERE id = $this->id");
if ($this->access & $access || $access == 0) return 1;
}
return 0;
}
function getHistory($field) {
return getHistory($this->history, $field);
}
function setHistory($field, $value) {
$this->history = setHistory($this->history, $field, $value);
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment