Commit b32b897a authored by Dries's avatar Dries
Browse files

* Integrated the database abstraction layer into the account pages.  One
  reason for doing so is because the database abstraction layer provides
  build-in error checking and a debug mode for easy development.
parent 8720cbf6
......@@ -96,9 +96,8 @@ function validateUser($user) {
if ($ban = ban_match($user[email], $type[addresses])) $rval = "the specified e-mail address is banned for the following reason: <I>$ban->reason</I>.";
### Verify whether username and e-mail address are unique:
dbconnect();
if (mysql_num_rows(mysql_query("SELECT userid FROM users WHERE LOWER(userid)=LOWER('$user[userid]')")) > 0) $rval = "the specified username is already taken.";
if (mysql_num_rows(mysql_query("SELECT email FROM users WHERE LOWER(email)=LOWER('$user[email]')")) > 0) $rval = "the specified e-mail address is already registered.";
if (db_num_rows(db_query("SELECT userid FROM users WHERE LOWER(userid)=LOWER('$user[userid]')")) > 0) $rval = "the specified username is already taken.";
if (db_num_rows(db_query("SELECT email FROM users WHERE LOWER(email)=LOWER('$user[email]')")) > 0) $rval = "the specified e-mail address is already registered.";
return($rval);
}
......
......@@ -35,6 +35,18 @@ function db_fetch_object($qid) {
if ($qid) return mysql_fetch_object($qid);
}
function db_num_rows($qid) {
if ($qid) return mysql_num_rows($qid);
}
function db_fetch_row($qid) {
if ($qid) return mysql_fetch_row($qid);
}
function db_fetch_array($qid) {
if ($qid) return mysql_fetch_array($qid);
}
#
# Automatically connect to database:
#
......
......@@ -5,10 +5,9 @@
class User {
function User($userid, $passwd="") {
dbconnect();
$result = mysql_query("SELECT * FROM users WHERE LOWER(userid)=LOWER('$userid') && passwd=PASSWORD('$passwd') && STATUS=0") or die(sprintf("Critical error at line %d in %s: %s", __LINE__, __FILE__, mysql_error()));
if (mysql_num_rows($result) == 1) {
foreach (mysql_fetch_row($result) as $key=>$value) { $field = mysql_field_name($result, $key); $this->$field = stripslashes($value); $this->field[] = $field; }
$result = db_query("SELECT * FROM users WHERE LOWER(userid)=LOWER('$userid') && passwd=PASSWORD('$passwd') && STATUS=0");
if (db_num_rows($result) == 1) {
foreach (db_fetch_row($result) as $key=>$value) { $field = mysql_field_name($result, $key); $this->$field = stripslashes($value); $this->field[] = $field; }
}
}
function save() {
......@@ -17,13 +16,12 @@ function save() {
foreach ($this->field as $key=>$field) { $value = $this->$field; $query .= "$field = '". addslashes($value) ."', "; }
$query .= " id = $this->id WHERE id = $this->id";
### Perform query:
mysql_query($query);
db_query($query);
}
function rehash() {
dbconnect();
$result = mysql_query("SELECT * FROM users WHERE id=$this->id") or die(sprintf("Critical error at line %d in %s: %s", __LINE__, __FILE__, mysql_error()));
if (mysql_num_rows($result) == 1) {
foreach (mysql_fetch_array($result) as $key=>$value) { $this->$key = stripslashes($value); }
$result = db_query("SELECT * FROM users WHERE id=$this->id");
if (db_num_rows($result) == 1) {
foreach (db_fetch_array($result) as $key=>$value) { $this->$key = stripslashes($value); }
}
}
function valid($access=0) {
......@@ -31,8 +29,7 @@ function valid($access=0) {
$this->rehash(); // synchronisation purpose
$this->last_access = time();
$this->last_host = (!empty($GLOBALS[REMOTE_HOST]) ? $GLOBALS[REMOTE_HOST] : $GLOBALS[REMOTE_ADDR] );
dbconnect();
mysql_query("UPDATE users SET last_access='$this->last_access',last_host='$this->last_host' WHERE id=$this->id") or die(sprintf("Critical error at line %d in %s: %s", __LINE__, __FILE__, mysql_error()));
db_query("UPDATE users SET last_access='$this->last_access',last_host='$this->last_host' WHERE id=$this->id");
if ($this->access & $access || $access == 0) return 1;
}
return 0;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment