claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- OO version of user class

Browse Source 
- no more duplicated functions
- improved performances (much less duplicated mysql queries)
- less code and better error handling
This commit is contained in:
Jonathan Ernst
2005-01-30 23:12:48 +00:00
committed by WineHQ
parent ec3f0bfe54
commit 2083bf521b
39 changed files with 399 additions and 466 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
TODO
View File

@@ -26,5 +26,3 @@ an email should be sent to everyone in that thread.
##################
# add distro table and administration screens for it. (Chris)
# improve user class and functions (object oriented, etc) (Jonathan).

17
account.php
View File

@@ -101,23 +101,16 @@ function cmd_do_new()
$user = new User();
if($user->exists($_POST['ext_email']))
{
$_POST['ext_email'] = "";
retry("new", "An account with this e-mail is already in use");
return;
}
$result = $user->create($_POST['ext_email'], $_POST['ext_password'], $_POST['ext_realname'], $_POST['CVSrelease'] );
if($result == null)
if($result == true)
{
$user->login($_POST['ext_email'], $_POST['ext_password']);
addmsg("Account created! (".$_POST['ext_email'].")", "green");
redirect(apidb_fullurl());
}
else
retry("new", "Failed to create account: $result");
retry("new", "Failed to create account");
}
@@ -173,14 +166,14 @@ function cmd_do_login()
$user = new User();
$result = $user->login($_POST['ext_email'], $_POST['ext_password']);
if($result == null)
if($result == true)
{
$_SESSION['current'] = $user;
addmsg("You are successfully logged in as '$user->realname'.", "green");
addmsg("You are successfully logged in as '$user->sRealname'.", "green");
redirect(apidb_fullurl("index.php"));
} else
{
retry("login","Login failed ($result)");
retry("login","Login failed");
$_SESSION['current'] = "";
}
}

11
addcomment.php
View File

@@ -12,7 +12,7 @@ require(BASE."include/application.php");
require(BASE."include/mail.php");
// you must be logged in to submit comments
if(!loggedin())
if(!$_SESSION['current']->isLoggedIn())
{
apidb_header("Please login");
echo "To submit a comment for an application you must be logged in. Please <a href=\"account.php?cmd=login\">login now</a> or create a <a href=\"account.php?cmd=new\">new account</a>.","\n";
@@ -59,13 +59,14 @@ if(isset($_REQUEST['body']))
{
if (is_numeric($_REQUEST['originator']))
{
if (UserWantsEmail($_REQUEST['originator']))
$oOriginator = new User($_REQUEST['originator']);
if ($oOriginator->getPref("send_email"))
{
$sEmail = lookupEmail($_REQUEST['originator']);
$sEmail = $oOriginator->sEmail;
$sFullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);
$sMsg = APPDB_ROOT."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId'].".\n";
$sMsg .= "\r\n";
$sMsg .= ($_SESSION['current']->realname ? $_SESSION['current']->realname : "Anonymous")." added comment to ".$sFullAppName."\r\n";
$sMsg .= $_SESSION['current']->realname." added comment to ".$sFullAppName."\r\n";
$sMsg .= "\r\n";
$sMsg .= "Subject: ".$subject."\r\n";
$sMsg .= "\r\n";
@@ -76,7 +77,7 @@ if(isset($_REQUEST['body']))
addmsg("Comment message sent to original poster", "green");
}
}
$sEmail = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']);
$sEmail = get_notify_email_address_list($_REQUEST['appId'], $_REQUEST['versionId']);
if($sEmail)
{
$sFullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);

4
admin/addAppNote.php
View File

@@ -9,7 +9,7 @@ require(BASE."include/application.php");
require(BASE."include/mail.php");
//check for admin privs
if(!loggedin() || (!havepriv("admin") && !$_SESSION['current']->is_maintainer($_REQUEST['appId'],$_REQUEST['versionId'])) )
if(!$_SESSION['current']->isLoggedIn() || (!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintainer($_REQUEST['appId'],$_REQUEST['versionId'])) )
{
errorpage("Insufficient Privileges!");
exit;
@@ -40,7 +40,7 @@ if($_REQUEST['sub'] == "Submit")
if (query_appdb("INSERT INTO `appNotes` ({$aInsert['FIELDS']}) VALUES ({$aInsert['VALUES']})"))
{
// successful
$sEmail = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']);
$sEmail = get_notify_email_address_list($_REQUEST['appId'], $_REQUEST['versionId']);
if($sEmail)
{
$sFullAppName = "Application: ".lookupAppName($_REQUEST['appId']);

2
admin/addCategory.php
View File

@@ -4,7 +4,7 @@ include("path.php");
include(BASE."include/"."incl.php");
include(BASE."include/"."tableve.php");
if(!havepriv("admin"))
if(!$_SESSION['current']->hasPriv("admin"))
{
errorpage();
exit;

2
admin/addVendor.php
View File

@@ -4,7 +4,7 @@ include("path.php");
include(BASE."include/"."incl.php");
include(BASE."include/"."tableve.php");
if(!havepriv("admin"))
if(!$_SESSION['current']->hasPriv("admin"))
{
errorpage();
exit;

27
admin/adminAppDataQueue.php
View File

@@ -13,7 +13,7 @@ require(BASE."include/mail.php");
apidb_header("Admin Application Data Queue");
// deny access if not admin
if(!havepriv("admin"))
if(!$_SESSION['current']->hasPriv("admin"))
{
errorpage("Insufficient privileges.");
exit;
@@ -59,16 +59,19 @@ if (!$_REQUEST['queueId'])
$c = 1;
while($ob = mysql_fetch_object($hResult))
{
if($_SESSION['current']->is_maintainer($ob->queueappId,
if($_SESSION['current']->isMaintainer($ob->queueappId,
$ob->queueversionId)
|| havepriv("admin"))
|| $_SESSION['current']->hasPriv("admin"))
{
if ($c % 2 == 1) { $bgcolor = 'color0'; } else { $bgcolor = 'color1'; }
echo "<tr class=$bgcolor>\n";
echo " <td>".date("Y-n-t h:i:sa", $ob->submitTime)." &nbsp;</td>\n";
echo " <td><a href='adminAppDataQueue.php?queueId=$ob->queueId'>".$ob->queueId."</a></td>\n";
if($ob->userId)
echo " <td>".lookupRealname($ob->userId)." (".lookupEmail($ob->userId).")</td>\n";
{
$oUser = new User($ob->userId);
echo " <td>".$oUser->sRealname." (".$oUser->sEmail.")</td>\n";
}
else
echo " <td>Anonymous</td>\n";
echo "<td>".appIdToName($ob->appId)."</td>\n";
@@ -84,8 +87,8 @@ if (!$_REQUEST['queueId'])
} else // shows a particular appdata
{
if(!(havepriv("admin") ||
$_SESSION['current']->is_maintainer($obj_row->queueAppId,
if(!($_SESSION['current']->hasPriv("admin") ||
$_SESSION['current']->isMaintainer($obj_row->queueAppId,
$obj_row->queueVersionId)))
{
errorpage("You don't have sufficient privileges to use this page.");
@@ -133,7 +136,7 @@ if (!$_REQUEST['queueId'])
$randName = generate_passwd(5);
// set image link based on user pref
$img = '<a href="javascript:openWin(\'../appimage.php?queued=true&id='.$obj_row->queueId.'\',\''.$randName.'\','.$oScreenshot->oScreenshotImage->width.','.($oScreenshot->oScreenshotImage->height+4).');">'.$imgSRC.'</a>';
if (loggedin())
if ($_SESSION['current']->isLoggedIn())
{
if ($_SESSION['current']->getpref("window:screenshot") == "no")
{
@@ -200,14 +203,15 @@ if (!$_REQUEST['queueId'])
query_appdb("DELETE from appDataQueue where queueId = ".$obj_row->queueId.";");
//Send Status Email
if (lookupEmail($obj_row->userId))
$oUser = new User($obj_row->userId);
if ($oUser->sEmail)
{
$sSubject = "Application Data Request Report";
$sMsg = "Your submission of an application data for ".appIdToName($obj_row->appId).versionIdToName($obj_row->versionId)." has been accepted. ";
$sMsg .= $_REQUEST['replyText'];
$sMsg .= "We appreciate your help in making the Application Database better for all users.\r\n";
mail_appdb(lookupEmail($obj_row->userId), $sSubject ,$sMsg);
mail_appdb($oUser->sEmail, $sSubject ,$sMsg);
}
//done
@@ -216,13 +220,14 @@ if (!$_REQUEST['queueId'])
}
} elseif ($_REQUEST['reject'])
{
if (lookupEmail($obj_row->userId))
$oUser = new User($obj_row->userId);
if ($oUser->sEmail)
{
$sSubject = "Application Data Request Report";
$sMsg = "Your submission of an application data for ".appIdToName($obj_row->appId).versionIdToName($obj_row->versionId)." was rejected. ";
$sMsg .= $_REQUEST['replyText'];
mail_appdb(lookupEmail($obj_row->userId), $sSubject ,$sMsg);
mail_appdb($oUser->sEmail, $sSubject ,$sMsg);
}
//delete main item

4
admin/adminAppQueue.php
View File

@@ -10,7 +10,7 @@ require(BASE."include/application.php");
require(BASE."include/mail.php");
//deny access if not logged in
if(!havepriv("admin"))
if(!$_SESSION['current']->hasPriv("admin"))
{
errorpage("Insufficient privileges.");
exit;
@@ -318,7 +318,7 @@ if ($_REQUEST['sub'])
}
if ($goodtogo)
{
$sEmail = getNotifyEmailAddressList($_REQUEST['appParent'], $_REQUEST['appVersion']);
$sEmail = get_notify_email_address_list($_REQUEST['appParent'], $_REQUEST['appVersion']);
if($sEmail)
{
$sFullAppName = "Application: ".lookupAppName($_REQUEST['appParent']).

32
admin/adminMaintainerQueue.php
View File

@@ -10,7 +10,7 @@ require(BASE."include/category.php");
require(BASE."include/maintainer.php");
require(BASE."include/mail.php");
if(!havepriv("admin"))
if(!$_SESSION['current']->hasPriv("admin"))
{
errorpage("Insufficient privileges.");
exit;
@@ -27,6 +27,7 @@ if ($_REQUEST['sub'])
"FROM appMaintainerQueue WHERE queueId = ".$_REQUEST['queueId'].";";
$result = query_appdb($query);
$ob = mysql_fetch_object($result);
$oUser = new User($ob->userId);
mysql_free_result($result);
}
else
@@ -66,13 +67,14 @@ if ($_REQUEST['sub'])
$foundMaintainers = true;
while(list($index, list($userIdValue)) = each($other_users))
{
$oUser = new User($userIdValue);
if($firstDisplay)
{
echo "<td>".lookupRealname($userIdValue)."</td></tr>\n";
echo "<td>".$oUser->sRealname."</td></tr>\n";
$firstDisplay = false;
} else
{
echo "<tr><td class=color0></td><td>".lookupRealname($userIdValue)."</td></tr>\n";
echo "<tr><td class=\"color0\"></td><td>".$oUser->sRealname."</td></tr>\n";
}
}
}
@@ -83,13 +85,14 @@ if ($_REQUEST['sub'])
$foundMaintainers = true;
while(list($index, list($userIdValue)) = each($other_users))
{
$oUser = new User($userIdValue);
if($firstDisplay)
{
echo "<td>".lookupRealname($userIdValue)."*</td></tr>\n";
echo "<td>".$oUser->sRealname."*</td></tr>\n";
$firstDisplay = false;
} else
{
echo "<tr><td class=color0></td><td>".lookupRealname($userIdValue)."*</td></tr>\n";
echo "<tr><td class=\"color0\"></td><td>".$oUser->sRealname."*</td></tr>\n";
}
}
}
@@ -100,7 +103,7 @@ if ($_REQUEST['sub'])
}
// Show which other apps the user maintains
echo '<tr valign=top><td class=color0><b>This user also maintains these apps:</b></td>',"\n";
echo '<tr valign="top"><td class="color0"><b>This user also maintains these apps:</b></td>',"\n";
$firstDisplay = true;
$other_apps = getAppsFromUserId($ob->userId);
@@ -144,9 +147,6 @@ if ($_REQUEST['sub'])
echo '<tr valign=top><td class=color0><b>Email reply</b></td>',"\n";
echo "<td><textarea name='replyText' rows=10 cols=35>Enter a personalized reason for acceptance or rejection of the users maintainer request here</textarea></td></tr>\n";
//echo '<tr valign=top><td bgcolor=class=color0><b>Email</b></td>,"\n";
//echo '<td><input type=text name="queueEmail" value="'.$ob->queueEmail.'" size=20></td></tr>',"\n";
/* Add button */
echo '<tr valign=top><td class=color3 align=center colspan=2>' ,"\n";
echo '<input type=submit name=add value=" Add maintainer to this application " class=button /> </td></tr>',"\n";
@@ -184,7 +184,7 @@ if ($_REQUEST['sub'])
query_appdb("DELETE from appMaintainerQueue where queueId = ".$_REQUEST['queueId'].";");
//Send Status Email
$sEmail = lookupEmail($ob->userId);
$sEmail = $oUser->sEmail;
if ($sEmail)
{
$sSubject = "Application Maintainer Request Report";
@@ -201,7 +201,7 @@ if ($_REQUEST['sub'])
}
else if (($_REQUEST['reject'] || ($_REQUEST['sub'] == 'reject')) && $_REQUEST['queueId'])
{
$sEmail = lookupEmail($ob->userId);
$sEmail = $oUser->sEmail;
if ($sEmail)
{
$sSubject = "Application Maintainer Request Report";
@@ -278,11 +278,12 @@ if ($_REQUEST['sub'])
$c = 1;
while($ob = mysql_fetch_object($result))
{
$oUser = new User($ob->userId);
if ($c % 2 == 1) { $bgcolor = 'color0'; } else { $bgcolor = 'color1'; }
echo "<tr class=$bgcolor>\n";
echo " <td>".date("Y-n-t h:i:sa", $ob->submitTime)." &nbsp;</td>\n";
echo " <td><a href='adminMaintainerQueue.php?sub=view&queueId=$ob->queueId'>$ob->queueId</a></td>\n";
echo " <td>".lookupRealname($ob->userId)."</td>\n";
echo " <td>".$oUser->sRealName."</td>\n";
echo " <td>".appIdToName($ob->appId)."</td>\n";
if($ob->superMaintainer)
@@ -291,11 +292,11 @@ if ($_REQUEST['sub'])
echo "<td>Yes</td>\n";
} else
{
echo "<td>".versionIdToName($ob->versionId)." &nbsp;</td>\n";
echo "<td>".versionIdToName($ob->versionId)." &nbsp;</td>\n";
echo "<td>No</td>\n";
}
echo " <td>".lookupEmail($ob->userId)." &nbsp;</td>\n";
echo " <td>".$oUser->sEmail." &nbsp;</td>\n";
echo " <td>[<a href='adminMaintainerQueue.php?sub=reject&queueId=$ob->queueId'>reject</a>]</td>\n";
echo "</tr>\n\n";
$c++;
@@ -308,7 +309,4 @@ if ($_REQUEST['sub'])
}
}
?>

8
admin/adminMaintainers.php
View File

@@ -10,7 +10,7 @@ include("path.php");
require(BASE."include/incl.php");
// deny access if not logged in
if(!havepriv("admin"))
if(!$_SESSION['current']->hasPriv("admin"))
{
errorpage("Insufficient privileges.");
exit;
@@ -68,10 +68,11 @@ if ($_REQUEST['sub'])
$c = 1;
while($ob = mysql_fetch_object($hResult))
{
$oUser = new User($ob->userId);
if ($c % 2 == 1) { $bgcolor = 'color0'; } else { $bgcolor = 'color1'; }
echo "<tr class=$bgcolor>\n";
echo " <td>".date("Y-n-t h:i:sa", $ob->submitTime)." &nbsp;</td>\n";
echo " <td>".lookupRealname($ob->userId)."</td>\n";
echo " <td>".$oUser->sRealname."</td>\n";
if($ob->superMaintainer)
{
@@ -84,8 +85,7 @@ if ($_REQUEST['sub'])
echo " <td><a href='".BASE."appview.php?appId=$ob->appId&versionId=$ob->versionId'>".versionIdToName($ob->versionId)."</a>&nbsp;</td>\n";
echo " <td>No</td>\n";
}
echo " <td>".lookupEmail($ob->userId)." &nbsp;</td>\n";
echo " <td>".$oUser->sEmail." &nbsp;</td>\n";
echo " <td>[<a href='adminMaintainers.php?sub=delete&maintainerId=$ob->maintainerId'>delete</a>]</td>\n";
echo "</tr>\n\n";
$c++;

2
admin/adminScreenshots.php
View File

@@ -11,7 +11,7 @@ require(BASE."include/"."screenshot.php");
apidb_header("Screenshots");
// deny access if not admin
if(!havepriv("admin"))
if(!$_SESSION['current']->hasPriv("admin"))
{
errorpage("Insufficient privileges.");
exit;

22
admin/adminUsers.php
View File

@@ -8,7 +8,7 @@ include(BASE."include/"."incl.php");
apidb_header("Admin Users Management");
if(!havepriv("admin"))
if(!$_SESSION['current']->hasPriv("admin"))
{
errorpage("Insufficient privileges.");
exit;
@@ -17,10 +17,11 @@ if(!havepriv("admin"))
// we want to delete a user
if($_REQUEST['action'] == "delete" && is_numeric($_REQUEST['userId']))
{
$sEmail = lookupEmail($_REQUEST['userId']);
$oUser = new User($_REQUEST['userId']);
$sEmail = $oUser->sEmail;
if($sEmail)
{
$_SESSION['current']->remove($sEmail);
$oUser->delete();
}
}
@@ -85,15 +86,16 @@ if($_REQUEST['sSubmit'])
$i=0;
while($hResult && $oRow = mysql_fetch_object($hResult))
{
$sAreYouSure = "Are you sure that you want to delete user ".addslashes($oRow->realname)." ?";
$oUser = new User($oRow->userid);
$sAreYouSure = "Are you sure that you want to delete user ".addslashes($oUser->sRealname)." ?";
echo "<tr class=\"color".(($i++)%2)."\">\n";
echo " <td>".$oRow->realname."</td>\n";
echo " <td>".$oRow->email."</td>\n";
echo " <td>".$oRow->created."</td>\n";
echo " <td>".$oRow->stamp."</td>\n";
echo " <td>".$oUser->sRealname."</td>\n";
echo " <td>".$oUser->sEmail."</td>\n";
echo " <td>".$oUser->sDateCreated."</td>\n";
echo " <td>".$oUser->sStamp."</td>\n";
echo " <td>";
if(isAdministrator($oRow->userid)) echo "A";
if(isMaintainer($oRow->userid)) echo "M";
if($oUser->hasPriv("admin")) echo "A";
if($oUser->isMaintainer()) echo "M";
echo " </td>\n";
echo " <td>[<a onclick=\"if(!confirm('".$sAreYouSure."'))return false;\" \"href=\"".$_SERVER['PHP_SELF']."?action=delete&userId=".$oRow->userid."&sSearch=".$sSearch."&iLimit=".$_REQUEST['iLimit']."&sOrderBy=".$_REQUEST['sOrderBy']."&sSubmit=true\">delete</a>]&nbsp;[<a href=\"../preferences.php?userId=".$oRow->userid."&sSearch=".$sSearch."&iLimit=".$_REQUEST['iLimit']."&sOrderBy=".$_REQUEST['sOrderBy']."\">edit</a>]</td>\n";
echo "</tr>\n\n";

2
admin/adminVendors.php
View File

@@ -9,7 +9,7 @@
include("path.php");
require(BASE."include/incl.php");
if(!havepriv("admin"))
if(!$_SESSION['current']->hasPriv("admin"))
{
errorpage("Insufficient privileges.");
exit;

2
admin/deleteAny.php
View File

@@ -11,7 +11,7 @@ include(BASE."include/incl.php");
include(BASE."include/category.php");
include(BASE."include/application.php");
if(!havepriv("admin"))
if(!$_SESSION['current']->hasPriv("admin"))
{
errorpage();
exit;

4
admin/editAppFamily.php
View File

@@ -16,7 +16,7 @@ if(!is_numeric($_REQUEST['appId']))
exit;
}
if(!(havepriv("admin") || $_SESSION['current']->is_super_maintainer($_REQUEST['appId'])))
if(!($_SESSION['current']->hasPriv("admin") || $_SESSION['current']->isSuperMaintainer($_REQUEST['appId'])))
{
errorpage("Insufficient Privileges!");
exit;
@@ -180,7 +180,7 @@ if(isset($_REQUEST['submit']))
}
if ($bAppChanged)
{
$sEmail = getNotifyEmailAddressList($_REQUEST['appId']);
$sEmail = get_notify_email_address_list($_REQUEST['appId']);
if($sEmail)
{
$sFullAppName = "Application: ".lookupAppName($_REQUEST['appId']);

4
admin/editAppNote.php
View File

@@ -20,7 +20,7 @@ $hResult = query_appdb($sQuery);
$ob = mysql_fetch_object($hResult);
/* Check for privs */
if(!loggedin() || (!havepriv("admin") && !$_SESSION['current']->is_maintainer($ob->appId,$ob->versionId)) )
if(!$_SESSION['current']->isLoggedIn() || (!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintainer($ob->appId,$ob->versionId)) )
{
errorpage("Insufficient Privileges!");
exit;
@@ -37,7 +37,7 @@ if(isset($_REQUEST['sub']))
$sMsg = APPDB_ROOT."appview.php?appId={$ob->appId}&versionId={$ob->versionId}\r\n";
$sMsg .= "\r\n";
$sEmail = getNotifyEmailAddressList($ob->appId, $ob->versionId);
$sEmail = get_notify_email_address_list($ob->appId, $ob->versionId);
if ($_REQUEST['sub'] == 'Delete')
{

4
admin/editAppVersion.php
View File

@@ -11,8 +11,8 @@ if(!is_numeric($_REQUEST['appId']) OR !is_numeric($_REQUEST['versionId']))
exit;
}
//check for admin privs
if(!(havepriv("admin") || $_SESSION['current']->is_maintainer($_REQUEST['appId'],$_REQUEST['versionId'])))
/* Check for admin privs */
if(!($_SESSION['current']->hasPriv("admin") || $_SESSION['current']->isMaintainer($_REQUEST['appId'],$_REQUEST['versionId'])))
{
errorpage("Insufficient Privileges!");
exit;

2
admin/editBundle.php
View File

@@ -3,7 +3,7 @@
include("path.php");
include(BASE."include/"."incl.php");
if(!havepriv("admin"))
if(!$_SESSION['current']->hasPriv("admin"))
{
errorpage();
exit;

2
admin/editCategory.php
View File

@@ -4,7 +4,7 @@ include("path.php");
include(BASE."include/"."incl.php");
include(BASE."include/"."tableve.php");
if(!havepriv("admin"))
if(!$_SESSION['current']->hasPriv("admin"))
{
errorpage();
exit;

2
admin/editVendor.php
View File

@@ -4,7 +4,7 @@ include("path.php");
include(BASE."include/"."incl.php");
include(BASE."include/"."tableve.php");
if(!havepriv("admin"))
if(!$_SESSION['current']->hasPriv("admin"))
{
errorpage();
exit;

2
appbrowse.php
View File

@@ -37,7 +37,7 @@ $catFullPath = make_cat_path($cat->getCategoryPath());
$subs = $cat->getCategoryList();
//display admin box
if(havepriv("admin") && $catId != 0)
if($_SESSION['current']->hasPriv("admin") && $catId != 0)
apidb_sidebar_add("admin_menu");
//output header

2
appimage.php
View File

@@ -6,7 +6,7 @@
include("path.php");
require(BASE."include/"."incl.php");
require(BASE."include/"."screenshot.php");
if(!havepriv("admin") && $_REQUEST['queued'])
if(!$_SESSION['current']->hasPriv("admin") && $_REQUEST['queued'])
{
errorpage("Insufficient privileges.");
exit;

6
appsubmit.php
View File

@@ -10,7 +10,7 @@ require(BASE."include/"."tableve.php");
// Send user to the correct branch of code even if they try to bypass
// the first page (appsubmit.php without parameters)
if(!loggedin())
if(!$_SESSION['current']->isLoggedIn())
{
unset($_REQUEST['queueName']);
unset($_REQUEST['apptype']);
@@ -106,7 +106,7 @@ if (isset($_REQUEST['queueName']))
else if (isset($_REQUEST['apptype']))
{
// set email field if logged in
if (loggedin())
if ($_SESSION['current']->isLoggedIn())
$email = $_SESSION['current']->lookup_email($_SESSION['current']->userid);
// header
@@ -213,7 +213,7 @@ else if (isset($_REQUEST['apptype']))
##########################
else
{
if(!loggedin())
if(!$_SESSION['current']->isLoggedIn())
{
// you must be logged in to submit app
apidb_header("Please login");

25
appview.php
View File

@@ -107,7 +107,7 @@ function show_note($sType,$oData){
$s .= add_br(stripslashes($oData->noteDesc));
$s .= "</td></tr>\n";
if (loggedin() && (havepriv("admin") || $_SESSION['current']->is_maintainer($_REQUEST['appId'], $_REQUEST['versionId'])))
if ($_SESSION['current']->isLoggedIn() && ($_SESSION['current']->hasPriv("admin") || $_SESSION['current']->isMaintainer($_REQUEST['appId'], $_REQUEST['versionId'])))
{
$s .= "<tr width='100%' class=color1 align=center valign=top><td>";
$s .= "<form method=post name=message action='admin/editAppNote.php?noteId={$oData->noteId}'>";
@@ -203,7 +203,7 @@ if($appId && !$versionId)
}
// show Vote Menu
if(loggedin())
if($_SESSION['current']->isLoggedIn())
apidb_sidebar_add("vote_menu");
// header
@@ -268,8 +268,9 @@ if($appId && !$versionId)
{
while(list($index, list($userIdValue)) = each($other_maintainers))
{
$oUser = new User($userIdValue);
echo " <tr><td align=left>\n";
echo " <li>".lookupRealname($userIdValue)."</td></tr>\n";
echo " <li>".$oUser->sRealname."</td></tr>\n";
}
} else
{
@@ -278,10 +279,10 @@ if($appId && !$versionId)
// Display the app maintainer button
echo " <tr><td><center>\n";
if(loggedin())
if($_SESSION['current']->isLoggedIn())
{
/* are we already a maintainer? */
if($_SESSION['current']->is_super_maintainer($appId)) /* yep */
if($_SESSION['current']->isSuperMaintainer($appId)) /* yep */
{
echo ' <form method=post name=message action="maintainerdelete.php"><input type=submit value="Remove yourself as a super maintainer" class=button>';
} else /* nope */
@@ -294,14 +295,14 @@ if($appId && !$versionId)
echo " <input type=hidden name='superMaintainer' value=1>"; /* set superMaintainer to 1 because we are at the appFamily level */
echo " </form>";
if($_SESSION['current']->is_super_maintainer($appId) || havepriv("admin"))
if($_SESSION['current']->isSuperMaintainer($appId) || $_SESSION['current']->hasPriv("admin"))
{
echo ' <form method="post" name="edit" action="admin/editAppFamily.php"><input type="hidden" name="appId" value="'.$appId.'"><input type="submit" value="Edit App" class="button"></form>';
echo '<form method="post" name="message" action="appsubmit.php?appId='.$_REQUEST['appId'].'&apptype=2">';
echo '<input type=submit value="Add Version" class="button">';
echo '</form>';
}
if(havepriv("admin"))
if($_SESSION['current']->hasPriv("admin"))
{
$url = BASE."admin/deleteAny.php?what=appFamily&appId=".$_REQUEST['appId']."&confirmed=yes";
echo " <form method=\"post\" name=\"edit\" action=\"javascript:deleteURL(\"Are you sure?\", \"".$url."\")\"><input type=\"submit\" value=\"Delete App\" class=\"button\"></form>";
@@ -396,7 +397,7 @@ else if($appId && $versionId)
while(list($index, list($userIdValue)) = each($other_maintainers))
{
echo "<tr class=color0><td align=left colspan=2>";
echo "<li>".lookupRealname($userIdValue)."</td></tr>\n";
echo "<li>".$oUser->sRealname."</td></tr>\n";
}
} else
{
@@ -407,18 +408,18 @@ else if($appId && $versionId)
// display the app maintainer button
echo "<tr><td colspan = 2><center>";
if(loggedin())
if($_SESSION['current']->isLoggedIn())
{
/* is this user a maintainer of this version by virtue of being a super maintainer */
/* of this app family? */
if($_SESSION['current']->is_super_maintainer($appId))
if($_SESSION['current']->isSuperMaintainer($appId))
{
echo '<form method=post name=message action="maintainerdelete.php"><input type=submit value="Remove yourself as a supermaintainer" class=button>';
echo "<input type=hidden name='superMaintainer' value=1>";
} else
{
/* are we already a maintainer? */
if($_SESSION['current']->is_maintainer($appId, $versionId)) /* yep */
if($_SESSION['current']->isMaintainer($appId, $versionId)) /* yep */
{
echo '<form method=post name=message action="maintainerdelete.php"><input type=submit value="Remove yourself as a maintainer" class=button>';
echo "<input type=hidden name='superMaintainer' value=0>";
@@ -440,7 +441,7 @@ else if($appId && $versionId)
echo "</center></td></tr>";
if (loggedin() && (havepriv("admin") || $_SESSION['current']->is_maintainer($appId, $versionId)))
if ($_SESSION['current']->isLoggedIn() && ($_SESSION['current']->hasPriv("admin") || $_SESSION['current']->isMaintainer($appId, $versionId)))
{
echo "<tr><td colspan = 2><center>";
echo '<form method=post name=message action=admin/editAppVersion.php?appId='.$appId.'&versionId='.$versionId.'>';

22
cron/cleanup.php
View File

@@ -30,16 +30,18 @@ include(BASE."include/mail.php");
$hSixMonth = inactiveSince(6);
while($oRow = mysql_fetch_object($hSixMonth))
{
if(isMaintainer($oRow->userid))
warnMaintainer(lookupEmail($oRow->userid));
$oUser = new User($oRow->userid);
if($oUser->isMaintainer())
warnMaintainer($oUser->sEmail);
elseif(!hasDataAssociated($oRow->userid))
warnUser(lookupEmail($oRow->userid));
warnUser($oUser->sEmail);
}
$hSevenMonth = inactiveSince(7);
while($oRow = mysql_fetch_object($hSevenMonth))
{
if(isMaintainer($oRow->userid))
$oUser = new User($oRow->userid);
if($oUser->isMaintainer())
deleteMaintainer($oRow->userid);
elseif(!hasDataAssociated($oRow->userid))
deleteUser($oRow->userid);
@@ -77,20 +79,22 @@ function hasDataAssociated($iUserId)
function deleteUser($iUserId)
{
warnUserDeleted(lookupEmail($iUserId));
echo "user ".lookupEmail($iUserId)." deleted.\n";
$oUser = new User($iUserId);
warnUserDeleted($oUser->sEmail);
echo "user ".$oUser->sEmail." deleted.\n";
$sQuery = "DELETE FROM user_list WHERE userid = $iUserId";
$hResult = query_appdb($sQuery);
$sQuery = "DELETE FROM user_prefs WHERE userid = $iUserId";
$hResult = query_appdb($sQuery);
}
function deleteMaintainer()
function deleteMaintainer($iUserId)
{
$oUser = new User($iUserId);
$sQuery = "DELETE FROM appMaintainers WHERE userId = $iUserId";
$hResult = query_appdb($sQuery);
warnMaintainerDeleted(lookupEmail($iUserId));
echo "user ".lookupEmail($iUserId)." is not a maintainer anymore.\n";
warnMaintainerDeleted($oUser->sEmail);
echo "user ".$oUser->sEmail." is not a maintainer anymore.\n";
}
function warnUser($sEmail)

13
deletecomment.php
View File

@@ -17,7 +17,7 @@ $_REQUEST['versionId'] = strip_tags($_REQUEST['versionId']);
$_REQUEST['commentId'] = strip_tags($_REQUEST['commentId']);
$_REQUEST['commentId'] = mysql_escape_string($_REQUEST['commentId']);
if(!loggedin())
if(!$_SESSION['current']->isLoggedIn())
{
errorpage("You need to be logged in to delete a comment.");
exit;
@@ -25,8 +25,8 @@ if(!loggedin())
/* if we aren't an admin or the maintainer of this app we shouldn't be */
/* allowed to delete any comments */
if(!havepriv("admin") &&
!$_SESSION['current']->is_maintainer($_REQUEST['appId'],
if(!$_SESSION['current']->hasPriv("admin") &&
!$_SESSION['current']->isMaintainer($_REQUEST['appId'],
$_REQUEST['versionId']))
{
errorpage('You don\'t have admin privileges');
@@ -96,9 +96,10 @@ if($_SESSION['current']->getpref("confirm_comment_deletion") != "no" &&
exit;
} else
{
$sEmail = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']);
$notify_user_email=lookupEmail($ob->userId);
$notify_user_realname=lookupRealname($ob->userId);
$sEmail = get_notify_email_address_list($_REQUEST['appId'], $_REQUEST['versionId']);
$oUser = new User($ob->userId);
$notify_user_email=$oUser->sEmail;
$notify_user_realname=$oUser->sRealname;
$sEmail .= $notify_user_email;
if($sEmail)
{

6
include/comments.php
View File

@@ -55,7 +55,7 @@ function view_app_comment($ob)
echo "</td></tr>\n";
// delete message button, for admins
if (loggedin() && (havepriv("admin") || $_SESSION['current']->is_maintainer($ob->appId,$ob->versionId) ))
if ($_SESSION['current']->isLoggedIn() && ($_SESSION['current']->hasPriv("admin") || $_SESSION['current']->isMaintainer($ob->appId,$ob->versionId) ))
{
echo "<tr>";
echo "<td><form method=\"post\" name=\"message\" action=\"".BASE."deletecomment.php\"><input type=submit value='Delete' class=button>\n";
@@ -202,7 +202,7 @@ function view_app_comments($appId, $versionId, $threadId = 0)
echo '<tr><td bgcolor=#C0C0C0 align=center><table border=0 cellpadding=0 cellspacing=0><tr bgcolor=#C0C0C0>',"\n";
// message display mode changer
if (loggedin())
if ($_SESSION['current']->isLoggedIn())
{
// FIXME we need to change this so not logged in users can change current view as well
if (isset($_REQUEST['cmode']))
@@ -241,7 +241,7 @@ function view_app_comments($appId, $versionId, $threadId = 0)
echo '<table width="100%" border=0 cellpadding=2 cellspacing=1"><tr><td>',"\n";
//hide or display depending on pref
if (loggedin())
if ($_SESSION['current']->isLoggedIn())
$mode = $_SESSION['current']->getpref("comments:mode");
else
$mode = "flat";

2
include/form_edit.php
View File

@@ -23,7 +23,7 @@
</tr>
<?php
// if we manage another user we can give him administrator rights
if($iUserId == $_REQUEST['userId'])
if($oUser->iUserId == $_REQUEST['userId'])
{
?>
<tr>

10
include/incl.php
View File

@@ -47,7 +47,7 @@ function apidb_fullpath($path)
*/
function apidb_header($title = 0)
{
$realname = isset($_SESSION['current'])?$_SESSION['current']->realname:"";
$realname = $_SESSION['current']->sRealname;
// Set Page Title
$page_title = $title;
@@ -99,7 +99,7 @@ function apidb_sidebar()
global $sidebar_func_list;
//TURN on GLOBAL ADMIN MENU
if (havepriv("admin"))
if ($_SESSION['current']->hasPriv("admin"))
{
include(BASE."include/"."sidebar_admin.php");
apidb_sidebar_add("global_admin_menu");
@@ -218,11 +218,13 @@ function dumpmsgbuffer()
}
/**
* Init Session (stores user info and cart info in session)
* Init Session (stores user info in session)
*/
$session = new session("whq_appdb");
$session->register("current");
if(!isset($_SESSION['current'])) $_SESSION['current'] = new User();
// if we are debugging we need to see all errors
if(debugging()) error_reporting(E_ALL ^ E_NOTICE);
if($_SESSION['current']->showDebuggingInfos()) error_reporting(E_ALL ^ E_NOTICE);
?>

2
include/sidebar_login.php
View File

@@ -11,7 +11,7 @@ function global_sidebar_login() {
$g = new htmlmenu("User Menu");
if(loggedin())
if($_SESSION['current']->isLoggedIn())
{
$g->add("Logout", BASE."account.php?cmd=logout");

500
include/user.php
View File

@@ -1,323 +1,293 @@
<?php
/******************************************/
/* This class represents a logged in user */
/******************************************/
/************************************/
/* user class and related functions */
/************************************/
/**
* User class for handling users
*/
class User {
var $stamp;
var $userid;
var $realname;
var $created;
var $status;
var $perm;
var $CVSrelease;
var $iUserId;
var $sEmail;
var $sRealname;
var $sStamp;
var $sDateCreated;
var $sWineRelease;
/**
* constructor
* opens a connection to the user database
* Constructor.
* If $iUserId is provided, logs in user.
*/
function User()
function User($iUserId="")
{
if($iUserId)
{
$sQuery = "SELECT *
FROM user_list
WHERE userId = '".$iUserId."'";
$hResult = query_appdb($sQuery);
$oRow = mysql_fetch_object($hResult);
$this->iUserId = $oRow->userid;
$this->sEmail = $oRow->email;
$this->sRealname = $oRow->realname;
$this->sStamp = $oRow->stamp;
$this->sDateCreated = $oRow->created;
$this->sWineRelease = $oRow->CVSrelease;
}
return $this->isLoggedIn();
}
/**
* check if a user exists
* returns TRUE if the user exists
* Logs in an user using e-mail and password.
*/
function exists($sEmail)
{
$result = query_appdb("SELECT * FROM user_list WHERE email = '$sEmail'");
if(!$result || mysql_num_rows($result) != 1)
return 0;
return 1;
}
function lookup_userid($sEmail)
{
$result = query_appdb("SELECT userid FROM user_list WHERE email = '$sEmail'");
if(!$result || mysql_num_rows($result) != 1)
return null;
$ob = mysql_fetch_object($result);
return $ob->userid;
}
function lookup_realname($userid)
{
$result = query_appdb("SELECT realname FROM user_list WHERE userid = $userid");
if(!$result || mysql_num_rows($result) != 1)
return null;
$ob = mysql_fetch_object($result);
return $ob->realname;
}
function lookup_email($userid)
{
return lookupEmail($userid);
}
function lookup_CVSrelease($userId)
{
$result = query_appdb("SELECT CVSrelease FROM user_list WHERE userId = '$userId'");
if(!$result || mysql_num_rows($result) != 1)
return null;
$ob = mysql_fetch_object($result);
return $ob->CVSrelease;
}
/**
* restore a user from the database
* returns 0 on success and an error msg on failure
*/
function restore($sEmail, $sPassword)
{
$result = query_appdb("SELECT stamp, userid, realname, ".
"created, status, perm FROM user_list WHERE ".
"email = '$sEmail' AND ".
"password = password('$sPassword')");
if(!$result)
return "A database error occurred";
if(mysql_num_rows($result) == 0)
return "Invalid e-mail or password";
list($this->stamp, $this->userid, $this->realname,
$this->created, $status, $perm) = mysql_fetch_row($result);
return 0;
}
function login($sEmail, $sPassword)
{
$result = $this->restore($sEmail, $sPassword);
/* if our result is non-null then we must have had an error */
if($result != null)
return $result;
/* update the 'stamp' field in the users account to reflect the last time */
/* they logged in */
$myUserId = $this->lookup_userid($sEmail);
$result = query_appdb("UPDATE user_list SET stamp=null WHERE userid=$myUserId;");
return 0;
$sQuery = "SELECT *
FROM user_list
WHERE email = '".$sEmail."'
AND password = password('".$sPassword."')";
$hResult = query_appdb($sQuery);
$oRow = mysql_fetch_object($hResult);
$this->iUserId = $oRow->userid;
$this->sEmail = $oRow->email;
$this->sRealname = $oRow->realname;
$this->sStamp = $oRow->stamp;
$this->sDateCreated = $oRow->created;
$this->sWineRelease = $oRow->CVSrelease;
if($this->isLoggedIn())
{
// Update timestamp
query_appdb("UPDATE user_list SET stamp=null WHERE userid=".$this->iUserId);
return true;
}
return false;
}
/*
* create a new user
* returns 0 on success and an error msg on failure
* Creates a new user.
* returns true on success, false on failure
*/
function create($sEmail, $sPassword, $sRealname, $sCVSrelease)
function create($sEmail, $sPassword, $sRealname, $sWineRelease)
{
if(user_exists($sEmail))
{
addMsg("An account with this e-mail exists already.","red");
return false;
} else
{
$aInsert = compile_insert_string(array( 'realname' => $sRealname,
'email' => $sEmail,
'status' => 0,
'perm' => 0,
'CVSrelease' => $sCVSrelease ));
'CVSrelease' => $sWineRelease ));
$sFields = "({$aInsert['FIELDS']}, `password`, `stamp`, `created`)";
$sValues = "({$aInsert['VALUES']}, password('".$sPassword."'), NOW(), NOW() )";
query_appdb("INSERT INTO user_list $sFields VALUES $sValues", "Error while creating a new user.");
$this->restore($sEmail, $sPassword);
return $this->login($sEmail, $sPassword);
}
}
/**
* Update User Account;
*/
function update($userid = 0, $password = null, $realname = null, $email = null, $CVSrelease = null)
function update($sEmail = null, $sPassword = null, $sRealname = null, $sWineRelease = null)
{
if (!$userid)
return 0;
if ($password)
if(!$this->isLoggedIn()) return false;
if ($sEmail)
{
if (!query_appdb("UPDATE user_list SET password = password('$password') WHERE userid = $userid"))
return 0;
if(user_exists($sEmail) && $sEmail != $this->sEmail)
{
addMsg("An account with this e-mail exists already.","red");
return false;
}
if (!query_appdb("UPDATE user_list SET email = '".addslashes($sEmail)."' WHERE userid = ".$this->iUserId))
return false;
$this->sEmail = $sEmail;
}
if ($realname)
if ($sPassword)
{
if (!query_appdb("UPDATE user_list SET realname = '".addslashes($realname)."' WHERE userid = $userid"))
return 0;
if (!query_appdb("UPDATE user_list SET password = password('$sPassword') WHERE userid = ".$this->iUserId))
return false;
}
if ($email)
if ($sRealname)
{
if (!query_appdb("UPDATE user_list SET email = '".addslashes($email)."' WHERE userid = $userid"))
return 0;
if (!query_appdb("UPDATE user_list SET realname = '".addslashes($sRealname)."' WHERE userid = ".$this->iUserId))
return false;
$this->sRealname = $sRealname;
}
if ($CVSrelease)
if ($sWineRelease)
{
if (!query_appdb("UPDATE user_list SET CVSrelease = '".addslashes($CVSrelease)."' WHERE userid = $userid"))
return 0;
if (!query_appdb("UPDATE user_list SET CVSrelease = '".addslashes($sWineRelease)."' WHERE userid = ".$this->iUserId))
return false;
$this->sWineRelease = $sWineRelease;
}
return 1;
return true;
}
/**
* remove the current, or specified user from the database
* returns 0 on success and an error msg on failure
* Removes the current, or specified user and preferences from the database.
* returns true on success and false on failure.
*/
function remove($sEmail = "")
function delete()
{
if(!$sEmail)
$sEmail = $this->email;
$result = query_appdb("DELETE FROM user_list WHERE email = '".$sEmail."'");
if(!$result)
return "A database error occurred";
return 0;
if(!$this->isLoggedIn()) return false;
$hResult2 = query_appdb("DELETE FROM user_privs WHERE id = '".$this->iUserId."'");
$hResult3 = query_appdb("DELETE FROM user_prefs WHERE id = '".$this->iUserId."'");
return($hResult = query_appdb("DELETE FROM user_list WHERE id = '".$this->iUserId."'"));
}
function done()
/**
* Get a preference for the current user.
*/
function getPref($sKey, $sDef = null)
{
}
if(!$this->isLoggedIn() || !$sKey)
return $sDef;
function getpref($key, $def = null)
{
if(!$this->userid || !$key)
return $def;
$result = query_appdb("SELECT * FROM user_prefs WHERE userid = $this->userid AND name = '$key'");
if(!$result || mysql_num_rows($result) == 0)
return $def;
$ob = mysql_fetch_object($result);
$hResult = query_appdb("SELECT * FROM user_prefs WHERE userid = ".$this->iUserId." AND name = '$sKey'");
if(!$hResult || mysql_num_rows($hResult) == 0)
return $sDef;
$ob = mysql_fetch_object($hResult);
return $ob->value;
}
function setpref($key, $value)
{
if(!$this->userid || !$key || !$value)
return null;
$result = query_appdb("DELETE FROM user_prefs WHERE userid = $this->userid AND name = '$key'");
$result = query_appdb("INSERT INTO user_prefs VALUES($this->userid, '$key', '$value')");
return $result ? true : false;
}
/**
* check if this user has $priv
* Set a preference for the current user.
*/
function checkpriv($priv)
function setPref($sKey, $sValue)
{
if(!$this->userid || !$priv)
return 0;
$result = query_appdb("SELECT * FROM user_privs WHERE userid = $this->userid AND priv = '$priv'");
if(!$result)
return 0;
return mysql_num_rows($result);
}
/**
* check if this user is a maintainer of a given appId/versionId
*/
function is_maintainer($appId, $versionId)
{
if(!$this->userid)
if(!$this->isLoggedIn() || !$sKey || !$sValue)
return false;
$hResult = query_appdb("DELETE FROM user_prefs WHERE userid = ".$this->iUserId." AND name = '$sKey'");
$hResult = query_appdb("INSERT INTO user_prefs VALUES(".$this->iUserId.", '$sKey', '$sValue')");
return $hResult;
}
/**
* Check if this user has $priv.
*/
function hasPriv($sPriv)
{
if(!$this->isLoggedIn() || !$sPriv)
return false;
$hResult = query_appdb("SELECT * FROM user_privs WHERE userid = ".$this->iUserId." AND priv = '".$sPriv."'");
if(!$hResult)
return false;
return mysql_num_rows($hResult);
}
/**
* Check if this user is a maintainer of a given appId/versionId.
*/
function isMaintainer($iAppId=null, $iVersionId=null)
{
if(!$this->isLoggedIn()) return false;
/* if this user is a super maintainer of this appid then they */
/* are a maintainer of all of the versionId's of it as well */
if($this->is_super_maintainer($appId))
if($this->isSuperMaintainer($iAppId))
{
return true;
}
$query = "SELECT * FROM appMaintainers WHERE userid = '$this->userid' AND appId = '$appId' AND versionId = '$versionId'";
$result = query_appdb($query);
if(!$result)
return 0;
return mysql_num_rows($result);
if($iAppId && $iVersionId)
{
$sQuery = "SELECT * FROM appMaintainers WHERE userid = '".$this->iUserId."' AND appId = '".$iAppId."' AND versionId = '$iVersionId'";
} else
{
$sQuery = "SELECT * FROM appMaintainers WHERE userid = '".$this->iUserId."'";
}
$hResult = query_appdb($sQuery);
if(!$hResult)
return false;
return mysql_num_rows($hResult);
}
/*
* check if this user is a maintainer of a given appId/versionId
* Check if this user is a maintainer of a given appId/versionId.
*/
function is_super_maintainer($appId)
function isSuperMaintainer($iAppId=null)
{
if(!$this->userid)
if(!$this->isLoggedIn()) return false;
if($iAppId)
{
$sQuery = "SELECT * FROM appMaintainers WHERE userid = '$this->iUserId' AND appId = '$iAppId' AND superMaintainer = '1'";
} else
{
$sQuery = "SELECT * FROM appMaintainers WHERE userid = '$this->iUserId' AND superMaintainer = '1'";
}
$hResult = query_appdb($sQuery);
if(!$hResult)
return false;
return mysql_num_rows($hResult);
}
function addPriv($sPriv)
{
if(!$this->isLoggedIn() || !$sPriv)
return false;
$query = "SELECT * FROM appMaintainers WHERE userid = '$this->userid' AND appId = '$appId' AND superMaintainer = '1'";
$result = query_appdb($query);
if(!$result)
return 0;
return mysql_num_rows($result);
if($this->hasPriv($sPriv))
return true;
$hResult = query_appdb("INSERT INTO user_privs VALUES ($this->iUserId, '$sPriv')");
return $hResult;
}
function addpriv($priv)
function delPriv($sPriv)
{
if(!$this->userid || !$priv)
return 0;
if(!$this->isLoggedIn() || !$sPriv)
return false;
if($this->checkpriv($priv))
return 1;
$result = query_appdb("INSERT INTO user_privs VALUES ($this->userid, '$priv')");
return $result;
$hRresult = query_appdb("DELETE FROM user_privs WHERE userid = $this->iUserId AND priv = '$sPriv'");
return $hRresult;
}
function delpriv($priv)
/**
* Checks if the current user is valid.
*/
function isLoggedIn()
{
if(!$this->userid || !$priv)
return 0;
$result = query_appdb("DELETE FROM user_privs WHERE userid = $this->userid AND priv = '$priv'");
return $result;
return $this->iUserId;
}
/**
* Checks if user should see debugging infos.
*
*/
function showDebuggingInfos()
{
return (($this->isLoggedIn() && $this->getPref("debug") == "yes") || APPDB_DEBUG == 1);
}
}
function loggedin()
{
if(isset($_SESSION['current']) && $_SESSION['current']->userid)
return true;
return false;
}
function havepriv($priv)
{
if(!loggedin())
return false;
return $_SESSION['current']->checkpriv($priv);
}
function debugging()
{
return ((loggedin() && $_SESSION['current']->getpref("debug") == "yes") || APPDB_DEBUG == 1);
}
function makeurl($text, $url, $pref = null)
{
if(loggedin())
{
if($_SESSION['current']->getpref($pref) == "yes")
$extra = "window='new'";
}
return "<a href='$url' $extra> $text </a>\n";
}
/*
* User functions that are not part of the class
*/
/**
* create a new random password
* Creates a new random password.
*/
function generate_passwd($pass_len = 10)
{
@@ -332,55 +302,10 @@ function generate_passwd($pass_len = 10)
}
function lookupEmail($userid)
{
$result = query_appdb("SELECT email FROM user_list WHERE userid = $userid");
if(!$result || mysql_num_rows($result) != 1)
return null;
$ob = mysql_fetch_object($result);
return $ob->email;
}
function lookupRealname($userid)
{
$result = query_appdb("SELECT realname FROM user_list WHERE userid = $userid");
if(!$result || mysql_num_rows($result) != 1)
return null;
$ob = mysql_fetch_object($result);
return $ob->realname;
}
function UserWantsEmail($userid)
{
$result = query_appdb("SELECT * FROM user_prefs WHERE userid = $userid AND name = 'send_email'");
if(!$result || mysql_num_rows($result) == 0)
{
return true;
}
$ob = mysql_fetch_object($result);
return ($ob->value == 'no' ? false : true);
}
function isAdministrator($iUserId)
{
$hResult = query_appdb("SELECT * FROM user_privs WHERE userid = ".$iUserId." AND priv = 'admin'");
if(!$hResult)
return 0;
return mysql_num_rows($hResult);
}
function isMaintainer($iUserId)
{
$hResult = query_appdb("SELECT * FROM appMaintainers WHERE userId = ".$iUserId);
if(!$hResult)
return 0;
return mysql_num_rows($hResult);
}
/**
* get the email address of people to notify for this appId and versionId
* Get the email address of people to notify for this appId and versionId.
*/
function getNotifyEmailAddressList($appId, $versionId = 0)
function get_notify_email_address_list($appId, $versionId = 0)
{
$aUserId = array();
$c = 0;
@@ -418,8 +343,9 @@ function getNotifyEmailAddressList($appId, $versionId = 0)
{
while(list($index, list($userIdValue)) = each($aUserId))
{
if (UserWantsEmail($userIdValue))
$retval .= lookupEmail($userIdValue)." ";
$oUser = new User($userIdValue);
if ($oUser->getPref("send_email"))
$retval .= $oUser->sEmail." ";
}
}
return $retval;
@@ -429,7 +355,7 @@ function getNotifyEmailAddressList($appId, $versionId = 0)
/**
* Get the number of users in the database
*/
function getNumberOfUsers()
function get_number_of_users()
{
$result = query_appdb("SELECT count(*) as num_users FROM user_list;");
$row = mysql_fetch_object($result);
@@ -440,11 +366,23 @@ function getNumberOfUsers()
/**
* Get the number of active users within $days of the current day
*/
function getActiveUsersWithinDays($days)
function get_active_users_within_days($days)
{
$result = query_appdb("SELECT count(*) as num_users FROM user_list WHERE stamp >= DATE_SUB(CURDATE(), interval $days day);");
$row = mysql_fetch_object($result);
return $row->num_users;
}
/**
* Check if a user exists.
* returns TRUE if the user exists
*/
function user_exists($sEmail)
{
$result = query_appdb("SELECT * FROM user_list WHERE email = '$sEmail'");
if(!$result || mysql_num_rows($result) != 1)
return 0;
return 1;
}
?>

25
include/vote.php
View File

@@ -12,8 +12,8 @@ function vote_count($appId, $userId = null)
if(!$userId)
{
if(loggedin())
$userId = $_SESSION['current']->userid;
if($_SESSION['current']->isLoggedIn())
$userId = $_SESSION['current']->iUserId;
else
return 0;
}
@@ -29,8 +29,8 @@ function vote_count_user_total($userId = null)
{
if(!$userId)
{
if(loggedin())
$userId = $_SESSION['current']->userid;
if($_SESSION['current']->isLoggedIn())
$userId = $_SESSION['current']->iUserId;
else
return 0;
}
@@ -56,8 +56,8 @@ function vote_add($appId, $slot, $userId = null)
{
if(!$userId)
{
if(loggedin())
$userId = $_SESSION['current']->userid;
if($_SESSION['current']->isLoggedIn())
$userId = $_SESSION['current']->iUserId;
else
return;
}
@@ -78,8 +78,8 @@ function vote_remove($slot, $userId = null)
if(!$userId)
{
if(loggedin())
$userId = $_SESSION['current']->userid;
if($_SESSION['current']->isLoggedIn())
$userId = $_SESSION['current']->iUserId;
else
return;
}
@@ -91,8 +91,8 @@ function vote_get_user_votes($userId = null)
{
if(!$userId)
{
if(loggedin())
$userId = $_SESSION['current']->userid;
if($_SESSION['current']->isLoggedIn())
$userId = $_SESSION['current']->iUserId;
if(!$userId)
return array();
}
@@ -150,10 +150,9 @@ function dump($arr)
function vote_update($vars)
{
//FIXME this doesn't work since msgs only work when logged in
if(!loggedin())
if(!$_SESSION['current']->isLoggedIn())
{
addmsg("You must be logged in to vote", "red");
errorpage("You must be logged in to vote");
return;
}

2
index.php
View File

@@ -33,7 +33,7 @@ $str_benefits="
<li>Submit new applications and versions.</li>
</ul>
";
if(!loggedin())
if(!$_SESSION['current']->isLoggedIn())
{
echo "
<p>Most of the features of the Application database require that you have a user account and

2
maintainerdelete.php
View File

@@ -11,7 +11,7 @@ require(BASE."include/"."incl.php");
require(BASE."include/"."tableve.php");
require(BASE."include/"."category.php");
if(!loggedin())
if(!$_SESSION['current']->isLoggedIn())
{
errorpage("You need to be logged in to apply to be a maintainer.");
exit;

6
maintainersubmit.php
View File

@@ -35,7 +35,7 @@ function checkAppMaintainerInput( $fields )
}
if(!loggedin())
if(!$_SESSION['current']->isLoggedIn())
{
errorpage("You need to be logged in to apply to be a maintainer.");
exit;
@@ -46,14 +46,14 @@ $versionId = strip_tags($_POST['versionId']);
$superMaintainer = strip_tags($_POST['superMaintainer']);
/* if the user is already a maintainer don't add them again */
if($_SESSION['current']->is_maintainer($appId, $versionId))
if($_SESSION['current']->isMaintainer($appId, $versionId))
{
echo "You are already a maintainer of this app!";
exit;
}
/* if this user is a super maintainer they maintain all of the versionIds of this appId */
if($_SESSION['current']->is_super_maintainer($appId))
if($_SESSION['current']->isSuperMaintainer($appId))
{
echo "You are already a supermaintainer of the whole application family!";
exit;

59
preferences.php
View File

@@ -9,34 +9,35 @@
include("path.php");
include(BASE."include/"."incl.php");
if(!loggedin())
if(!$_SESSION['current']->isLoggedIn())
{
errorpage("You must be logged in to edit preferences");
exit;
}
// we come from the administration to edit an user
if(havepriv("admin") &&
if($_SESSION['current']->hasPriv("admin") &&
is_numeric($_REQUEST['userId']) &&
is_numeric($_REQUEST['iLimit']) &&
in_array($_REQUEST['sOrderBy'],array("email","realname","created"))
)
{
$iUserId = $_REQUEST['userId'];
$oUser = new User($_REQUEST['userId']);
} else
{
$iUserId = $_SESSION['current']->userid;
$oUser = &$_SESSION['current'];
}
function build_prefs_list()
{
global $oUser;
$result = query_appdb("SELECT * FROM prefs_list ORDER BY id");
while($result && $r = mysql_fetch_object($result))
{
//skip admin options
//TODO: add a field to prefs_list to flag the user level for the pref
if(!havepriv("admin"))
if(!$_SESSION['current']->hasPriv("admin"))
{
if($r->name == "query:mode")
continue;
@@ -53,28 +54,24 @@ function build_prefs_list()
}
$input = html_select("pref_$r->name", explode('|', $r->value_list),
$_SESSION['current']->getpref($r->name, $r->def_value));
$oUser->getpref($r->name, $r->def_value));
echo html_tr(array("&nbsp; $r->description", $input));
}
}
function show_user_fields()
{
global $iUserId;
$user = new User();
global $oUser;
$ext_realname = $user->lookup_realname($iUserId);
$ext_email = $user->lookup_email($iUserId);
$CVSrelease = $user->lookup_CVSrelease($iUserId);
// if we are managing anothe user
if($iUserId == $_REQUEST['userId'])
{
if(isAdministrator($iUserId))
$ext_hasadmin = 'checked="true"';
else
$ext_hasadmin = "";
}
include(BASE."include/"."form_edit.php");
$ext_realname = $oUser->sRealname;
$ext_email = $oUser->sEmail;
$CVSrelease = $oUser->sWineRelease;
if($oUser->hasPriv("admin"))
$ext_hasadmin = 'checked="true"';
else
$ext_hasadmin = "";
include(BASE."include/form_edit.php");
echo "<tr><td>&nbsp; Wine version </td><td>";
make_bugzilla_version_list("CVSrelease", $CVSrelease);
@@ -83,13 +80,11 @@ function show_user_fields()
if($_POST)
{
$user = new User();
while(list($key, $value) = each($_REQUEST))
{
if(!ereg("^pref_(.+)$", $key, $arr))
continue;
$_SESSION['current']->setpref($arr[1], $value);
$oUser->setPref($arr[1], $value);
}
if ($_REQUEST['ext_password'] == $_REQUEST['ext_password2'])
@@ -100,18 +95,17 @@ if($_POST)
{
addmsg("The Passwords you entered did not match.", "red");
}
if ($user->update($iUserId, $str_passwd, $_REQUEST['ext_realname'], $_REQUEST['ext_email'], $_REQUEST['CVSrelease']))
if ($oUser->update($_REQUEST['ext_email'], $str_passwd, $_REQUEST['ext_realname'], $_REQUEST['CVSrelease']))
{
addmsg("Preferences Updated", "green");
// we were managing an user, let's go back to the admin after updating tha admin status
if($iUserId == $_REQUEST['userId'] && havepriv("admin"))
if($oUser->iUserId == $_REQUEST['userId'] && $_SESSION['current']->hasPriv("admin"))
{
$user->userid = $iUserId;
if($_POST['ext_hasadmin']=="on")
$user->addpriv("admin");
$oUser->addPriv("admin");
else
$user->delpriv("admin");
redirect(BASE."admin/adminUsers.php?userId=".$iUserId."&sSearch=".$_REQUEST['sSearch']."&iLimit=".$_REQUEST['iLimit']."&sOrderBy=".$_REQUEST['sOrderBy']."&sSubmit=true");
$oUser->delPriv("admin");
redirect(BASE."admin/adminUsers.php?userId=".$oUser->iUserId."&sSearch=".$_REQUEST['sSearch']."&iLimit=".$_REQUEST['iLimit']."&sOrderBy=".$_REQUEST['sOrderBy']."&sSubmit=true");
}
}
else
@@ -125,7 +119,7 @@ apidb_header("User Preferences");
echo "<form method=\"post\" action=\"preferences.php\">\n";
// if we manage another user we give the parameters to go back to the admin
if($iUserId == $_REQUEST['userId'])
if($oUser->iUserId == $_REQUEST['userId'])
{
echo "<input type=\"hidden\" name=\"iLimit\" value=\"".$_REQUEST['iLimit']."\">\n";
echo "<input type=\"hidden\" name=\"sOrderBy\" value=\"".$_REQUEST['sOrderBy']."\">\n";
@@ -133,19 +127,18 @@ if($iUserId == $_REQUEST['userId'])
echo "<input type=\"hidden\" name=\"userId\" value=\"".$_REQUEST['userId']."\">\n";
}
echo html_frame_start("Preferences for ".lookupRealName($iUserId), "80%");
echo html_frame_start("Preferences for ".$oUser->sRealname, "80%");
echo html_table_begin("width='100%' border=0 align=left cellspacing=0 class='box-body'");
show_user_fields();
// if we don't manage another user
if($iUserId != $_REQUEST['userId']) build_prefs_list();
if($oUser->iUserId != $_REQUEST['userId']) build_prefs_list();
echo html_table_end();
echo html_frame_end();
echo "<br /> <div align=center> <input type=\"submit\" value=\"Update\" /> </div> <br />\n";
echo "</form>\n";
apidb_footer();
?>

22
screenshots.php
View File

@@ -20,15 +20,15 @@ if($_REQUEST['cmd'])
//process screenshot upload
if($_REQUEST['cmd'] == "screenshot_upload")
{
if(havepriv("admin") ||
(loggedin() && $_SESSION['current']->is_maintainer($_REQUEST['appId'],
if($_SESSION['current']->hasPriv("admin") ||
($_SESSION['current']->isLoggedIn() && $_SESSION['current']->isMaintainer($_REQUEST['appId'],
$_REQUEST['versionId'])))
{
$oScreenshot = new Screenshot(null,false,$_SESSION['current']->userid,$_REQUEST['appId'],$_REQUEST['versionId'],$_REQUEST['screenshot_desc'],$_FILES['imagefile']);
$oScreenshot = new Screenshot(null,false,$_SESSION['current']->iUserId,$_REQUEST['appId'],$_REQUEST['versionId'],$_REQUEST['screenshot_desc'],$_FILES['imagefile']);
if($oScreenshot)
{
//success
$sEmail = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']);
$sEmail = get_notify_email_address_list($_REQUEST['appId'], $_REQUEST['versionId']);
if($sEmail)
{
$sFullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);
@@ -47,7 +47,7 @@ if($_REQUEST['cmd'])
if($oScreenshot)
{
//success
$sEmail = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']);
$sEmail = get_notify_email_address_list($_REQUEST['appId'], $_REQUEST['versionId']);
if($sEmail)
{
$sFullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);
@@ -64,14 +64,14 @@ if($_REQUEST['cmd'])
$oScreenshot->free();
} elseif($_REQUEST['cmd'] == "delete" && is_numeric($_REQUEST['imageId']))
{
if(havepriv("admin") ||
$_SESSION['current']->is_maintainer($_REQUEST['appId'],
if($_SESSION['current']->hasPriv("admin") ||
$_SESSION['current']->isMaintainer($_REQUEST['appId'],
$_REQUEST['versionId']))
{
$oScreenshot = new Screenshot($_REQUEST['imageId']);
if($oScreenshot && $oScreenshot->delete())
{
$sEmail = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']);
$sEmail = get_notify_email_address_list($_REQUEST['appId'], $_REQUEST['versionId']);
if($sEmail)
{
$sFullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);
@@ -130,7 +130,7 @@ if($result && mysql_num_rows($result))
// set image link based on user pref
$img = '<a href="javascript:openWin(\'appimage.php?id='.$ob->id.'\',\''.$randName.'\','.$oScreenshot->oScreenshotImage->width.','.($oScreenshot->oScreenshotImage->height+4).');">'.$imgSRC.'</a>';
if (loggedin())
if ($_SESSION['current']->isLoggedIn())
{
if ($_SESSION['current']->getpref("window:screenshot") == "no")
{
@@ -144,8 +144,8 @@ if($result && mysql_num_rows($result))
echo "<div align=center>". substr(stripslashes($ob->description),0,20). "\n";
//show admin delete link
if(loggedin() && (havepriv("admin") ||
$_SESSION['current']->is_maintainer($_REQUEST['appId'],
if($_SESSION['current']->isLoggedIn() && ($_SESSION['current']->hasPriv("admin") ||
$_SESSION['current']->isMaintainer($_REQUEST['appId'],
$_REQUEST['versionId'])))
{
echo "<br />[<a href='screenshots.php?cmd=delete&imageId=$ob->id&appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']."'>Delete Image</a>]";

2
tables/user_list.sql
View File

@@ -9,8 +9,6 @@ create table user_list (
realname text not null,
email text not null,
created datetime not null,
status int(4),
perm int(4),
CVSrelease text,
unique key(userid),
unique(email)

2
vendorview.php
View File

@@ -27,7 +27,7 @@ if(!$result || mysql_num_rows($result) != 1) {
}
//show admin sidebar if user is admin
if(havepriv("admin")) {
if($_SESSION['current']->hasPriv("admin")) {
apidb_sidebar_add("admin_menu");
}