diff --git a/TODO b/TODO index 5590c41..7cc171c 100644 --- a/TODO +++ b/TODO @@ -26,5 +26,3 @@ an email should be sent to everyone in that thread. ################## # add distro table and administration screens for it. (Chris) - -# improve user class and functions (object oriented, etc) (Jonathan). diff --git a/account.php b/account.php index e51cd89..412f790 100644 --- a/account.php +++ b/account.php @@ -101,23 +101,16 @@ function cmd_do_new() $user = new User(); - if($user->exists($_POST['ext_email'])) - { - $_POST['ext_email'] = ""; - retry("new", "An account with this e-mail is already in use"); - return; - } - $result = $user->create($_POST['ext_email'], $_POST['ext_password'], $_POST['ext_realname'], $_POST['CVSrelease'] ); - if($result == null) + if($result == true) { $user->login($_POST['ext_email'], $_POST['ext_password']); addmsg("Account created! (".$_POST['ext_email'].")", "green"); redirect(apidb_fullurl()); } else - retry("new", "Failed to create account: $result"); + retry("new", "Failed to create account"); } @@ -173,14 +166,14 @@ function cmd_do_login() $user = new User(); $result = $user->login($_POST['ext_email'], $_POST['ext_password']); - if($result == null) + if($result == true) { $_SESSION['current'] = $user; - addmsg("You are successfully logged in as '$user->realname'.", "green"); + addmsg("You are successfully logged in as '$user->sRealname'.", "green"); redirect(apidb_fullurl("index.php")); } else { - retry("login","Login failed ($result)"); + retry("login","Login failed"); $_SESSION['current'] = ""; } } diff --git a/addcomment.php b/addcomment.php index 5cc5541..9ba1b53 100644 --- a/addcomment.php +++ b/addcomment.php @@ -12,7 +12,7 @@ require(BASE."include/application.php"); require(BASE."include/mail.php"); // you must be logged in to submit comments -if(!loggedin()) +if(!$_SESSION['current']->isLoggedIn()) { apidb_header("Please login"); echo "To submit a comment for an application you must be logged in. Please login now or create a new account.","\n"; @@ -59,13 +59,14 @@ if(isset($_REQUEST['body'])) { if (is_numeric($_REQUEST['originator'])) { - if (UserWantsEmail($_REQUEST['originator'])) + $oOriginator = new User($_REQUEST['originator']); + if ($oOriginator->getPref("send_email")) { - $sEmail = lookupEmail($_REQUEST['originator']); + $sEmail = $oOriginator->sEmail; $sFullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']); $sMsg = APPDB_ROOT."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId'].".\n"; $sMsg .= "\r\n"; - $sMsg .= ($_SESSION['current']->realname ? $_SESSION['current']->realname : "Anonymous")." added comment to ".$sFullAppName."\r\n"; + $sMsg .= $_SESSION['current']->realname." added comment to ".$sFullAppName."\r\n"; $sMsg .= "\r\n"; $sMsg .= "Subject: ".$subject."\r\n"; $sMsg .= "\r\n"; @@ -76,7 +77,7 @@ if(isset($_REQUEST['body'])) addmsg("Comment message sent to original poster", "green"); } } - $sEmail = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']); + $sEmail = get_notify_email_address_list($_REQUEST['appId'], $_REQUEST['versionId']); if($sEmail) { $sFullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']); diff --git a/admin/addAppNote.php b/admin/addAppNote.php index 80def82..6492c85 100644 --- a/admin/addAppNote.php +++ b/admin/addAppNote.php @@ -9,7 +9,7 @@ require(BASE."include/application.php"); require(BASE."include/mail.php"); //check for admin privs -if(!loggedin() || (!havepriv("admin") && !$_SESSION['current']->is_maintainer($_REQUEST['appId'],$_REQUEST['versionId'])) ) +if(!$_SESSION['current']->isLoggedIn() || (!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintainer($_REQUEST['appId'],$_REQUEST['versionId'])) ) { errorpage("Insufficient Privileges!"); exit; @@ -40,7 +40,7 @@ if($_REQUEST['sub'] == "Submit") if (query_appdb("INSERT INTO `appNotes` ({$aInsert['FIELDS']}) VALUES ({$aInsert['VALUES']})")) { // successful - $sEmail = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']); + $sEmail = get_notify_email_address_list($_REQUEST['appId'], $_REQUEST['versionId']); if($sEmail) { $sFullAppName = "Application: ".lookupAppName($_REQUEST['appId']); diff --git a/admin/addCategory.php b/admin/addCategory.php index 6cc2adc..bbb9bcc 100644 --- a/admin/addCategory.php +++ b/admin/addCategory.php @@ -4,7 +4,7 @@ include("path.php"); include(BASE."include/"."incl.php"); include(BASE."include/"."tableve.php"); -if(!havepriv("admin")) +if(!$_SESSION['current']->hasPriv("admin")) { errorpage(); exit; diff --git a/admin/addVendor.php b/admin/addVendor.php index 27573f6..5ff43a1 100644 --- a/admin/addVendor.php +++ b/admin/addVendor.php @@ -4,7 +4,7 @@ include("path.php"); include(BASE."include/"."incl.php"); include(BASE."include/"."tableve.php"); -if(!havepriv("admin")) +if(!$_SESSION['current']->hasPriv("admin")) { errorpage(); exit; diff --git a/admin/adminAppDataQueue.php b/admin/adminAppDataQueue.php index 95d264b..fcd2f9b 100644 --- a/admin/adminAppDataQueue.php +++ b/admin/adminAppDataQueue.php @@ -13,7 +13,7 @@ require(BASE."include/mail.php"); apidb_header("Admin Application Data Queue"); // deny access if not admin -if(!havepriv("admin")) +if(!$_SESSION['current']->hasPriv("admin")) { errorpage("Insufficient privileges."); exit; @@ -59,16 +59,19 @@ if (!$_REQUEST['queueId']) $c = 1; while($ob = mysql_fetch_object($hResult)) { - if($_SESSION['current']->is_maintainer($ob->queueappId, + if($_SESSION['current']->isMaintainer($ob->queueappId, $ob->queueversionId) - || havepriv("admin")) + || $_SESSION['current']->hasPriv("admin")) { if ($c % 2 == 1) { $bgcolor = 'color0'; } else { $bgcolor = 'color1'; } echo "\n"; echo " ".date("Y-n-t h:i:sa", $ob->submitTime)."  \n"; echo " ".$ob->queueId."\n"; if($ob->userId) - echo " ".lookupRealname($ob->userId)." (".lookupEmail($ob->userId).")\n"; + { + $oUser = new User($ob->userId); + echo " ".$oUser->sRealname." (".$oUser->sEmail.")\n"; + } else echo " Anonymous\n"; echo "".appIdToName($ob->appId)."\n"; @@ -84,8 +87,8 @@ if (!$_REQUEST['queueId']) } else // shows a particular appdata { - if(!(havepriv("admin") || - $_SESSION['current']->is_maintainer($obj_row->queueAppId, + if(!($_SESSION['current']->hasPriv("admin") || + $_SESSION['current']->isMaintainer($obj_row->queueAppId, $obj_row->queueVersionId))) { errorpage("You don't have sufficient privileges to use this page."); @@ -133,7 +136,7 @@ if (!$_REQUEST['queueId']) $randName = generate_passwd(5); // set image link based on user pref $img = ''.$imgSRC.''; - if (loggedin()) + if ($_SESSION['current']->isLoggedIn()) { if ($_SESSION['current']->getpref("window:screenshot") == "no") { @@ -200,14 +203,15 @@ if (!$_REQUEST['queueId']) query_appdb("DELETE from appDataQueue where queueId = ".$obj_row->queueId.";"); //Send Status Email - if (lookupEmail($obj_row->userId)) + $oUser = new User($obj_row->userId); + if ($oUser->sEmail) { $sSubject = "Application Data Request Report"; $sMsg = "Your submission of an application data for ".appIdToName($obj_row->appId).versionIdToName($obj_row->versionId)." has been accepted. "; $sMsg .= $_REQUEST['replyText']; $sMsg .= "We appreciate your help in making the Application Database better for all users.\r\n"; - mail_appdb(lookupEmail($obj_row->userId), $sSubject ,$sMsg); + mail_appdb($oUser->sEmail, $sSubject ,$sMsg); } //done @@ -216,13 +220,14 @@ if (!$_REQUEST['queueId']) } } elseif ($_REQUEST['reject']) { - if (lookupEmail($obj_row->userId)) + $oUser = new User($obj_row->userId); + if ($oUser->sEmail) { $sSubject = "Application Data Request Report"; $sMsg = "Your submission of an application data for ".appIdToName($obj_row->appId).versionIdToName($obj_row->versionId)." was rejected. "; $sMsg .= $_REQUEST['replyText']; - mail_appdb(lookupEmail($obj_row->userId), $sSubject ,$sMsg); + mail_appdb($oUser->sEmail, $sSubject ,$sMsg); } //delete main item diff --git a/admin/adminAppQueue.php b/admin/adminAppQueue.php index eabf14e..7a25df7 100644 --- a/admin/adminAppQueue.php +++ b/admin/adminAppQueue.php @@ -10,7 +10,7 @@ require(BASE."include/application.php"); require(BASE."include/mail.php"); //deny access if not logged in -if(!havepriv("admin")) +if(!$_SESSION['current']->hasPriv("admin")) { errorpage("Insufficient privileges."); exit; @@ -318,7 +318,7 @@ if ($_REQUEST['sub']) } if ($goodtogo) { - $sEmail = getNotifyEmailAddressList($_REQUEST['appParent'], $_REQUEST['appVersion']); + $sEmail = get_notify_email_address_list($_REQUEST['appParent'], $_REQUEST['appVersion']); if($sEmail) { $sFullAppName = "Application: ".lookupAppName($_REQUEST['appParent']). diff --git a/admin/adminMaintainerQueue.php b/admin/adminMaintainerQueue.php index 8dd7f10..3ab3629 100644 --- a/admin/adminMaintainerQueue.php +++ b/admin/adminMaintainerQueue.php @@ -10,7 +10,7 @@ require(BASE."include/category.php"); require(BASE."include/maintainer.php"); require(BASE."include/mail.php"); -if(!havepriv("admin")) +if(!$_SESSION['current']->hasPriv("admin")) { errorpage("Insufficient privileges."); exit; @@ -27,6 +27,7 @@ if ($_REQUEST['sub']) "FROM appMaintainerQueue WHERE queueId = ".$_REQUEST['queueId'].";"; $result = query_appdb($query); $ob = mysql_fetch_object($result); + $oUser = new User($ob->userId); mysql_free_result($result); } else @@ -66,13 +67,14 @@ if ($_REQUEST['sub']) $foundMaintainers = true; while(list($index, list($userIdValue)) = each($other_users)) { + $oUser = new User($userIdValue); if($firstDisplay) { - echo "".lookupRealname($userIdValue)."\n"; + echo "".$oUser->sRealname."\n"; $firstDisplay = false; } else { - echo "".lookupRealname($userIdValue)."\n"; + echo "".$oUser->sRealname."\n"; } } } @@ -83,13 +85,14 @@ if ($_REQUEST['sub']) $foundMaintainers = true; while(list($index, list($userIdValue)) = each($other_users)) { + $oUser = new User($userIdValue); if($firstDisplay) { - echo "".lookupRealname($userIdValue)."*\n"; + echo "".$oUser->sRealname."*\n"; $firstDisplay = false; } else { - echo "".lookupRealname($userIdValue)."*\n"; + echo "".$oUser->sRealname."*\n"; } } } @@ -100,7 +103,7 @@ if ($_REQUEST['sub']) } // Show which other apps the user maintains - echo 'This user also maintains these apps:',"\n"; + echo 'This user also maintains these apps:',"\n"; $firstDisplay = true; $other_apps = getAppsFromUserId($ob->userId); @@ -144,9 +147,6 @@ if ($_REQUEST['sub']) echo 'Email reply',"\n"; echo "\n"; - //echo 'Email,"\n"; - //echo '',"\n"; - /* Add button */ echo '' ,"\n"; echo ' ',"\n"; @@ -184,7 +184,7 @@ if ($_REQUEST['sub']) query_appdb("DELETE from appMaintainerQueue where queueId = ".$_REQUEST['queueId'].";"); //Send Status Email - $sEmail = lookupEmail($ob->userId); + $sEmail = $oUser->sEmail; if ($sEmail) { $sSubject = "Application Maintainer Request Report"; @@ -201,7 +201,7 @@ if ($_REQUEST['sub']) } else if (($_REQUEST['reject'] || ($_REQUEST['sub'] == 'reject')) && $_REQUEST['queueId']) { - $sEmail = lookupEmail($ob->userId); + $sEmail = $oUser->sEmail; if ($sEmail) { $sSubject = "Application Maintainer Request Report"; @@ -278,11 +278,12 @@ if ($_REQUEST['sub']) $c = 1; while($ob = mysql_fetch_object($result)) { + $oUser = new User($ob->userId); if ($c % 2 == 1) { $bgcolor = 'color0'; } else { $bgcolor = 'color1'; } echo "\n"; echo " ".date("Y-n-t h:i:sa", $ob->submitTime)."  \n"; echo " $ob->queueId\n"; - echo " ".lookupRealname($ob->userId)."\n"; + echo " ".$oUser->sRealName."\n"; echo " ".appIdToName($ob->appId)."\n"; if($ob->superMaintainer) @@ -291,11 +292,11 @@ if ($_REQUEST['sub']) echo "Yes\n"; } else { - echo "".versionIdToName($ob->versionId)."  \n"; + echo "".versionIdToName($ob->versionId)."  \n"; echo "No\n"; } - echo " ".lookupEmail($ob->userId)."  \n"; + echo " ".$oUser->sEmail."  \n"; echo " [reject]\n"; echo "\n\n"; $c++; @@ -308,7 +309,4 @@ if ($_REQUEST['sub']) } } - - - ?> diff --git a/admin/adminMaintainers.php b/admin/adminMaintainers.php index 4506ea9..60a13d1 100644 --- a/admin/adminMaintainers.php +++ b/admin/adminMaintainers.php @@ -10,7 +10,7 @@ include("path.php"); require(BASE."include/incl.php"); // deny access if not logged in -if(!havepriv("admin")) +if(!$_SESSION['current']->hasPriv("admin")) { errorpage("Insufficient privileges."); exit; @@ -68,10 +68,11 @@ if ($_REQUEST['sub']) $c = 1; while($ob = mysql_fetch_object($hResult)) { + $oUser = new User($ob->userId); if ($c % 2 == 1) { $bgcolor = 'color0'; } else { $bgcolor = 'color1'; } echo "\n"; echo " ".date("Y-n-t h:i:sa", $ob->submitTime)."  \n"; - echo " ".lookupRealname($ob->userId)."\n"; + echo " ".$oUser->sRealname."\n"; if($ob->superMaintainer) { @@ -84,8 +85,7 @@ if ($_REQUEST['sub']) echo " ".versionIdToName($ob->versionId)." \n"; echo " No\n"; } - - echo " ".lookupEmail($ob->userId)."  \n"; + echo " ".$oUser->sEmail."  \n"; echo " [delete]\n"; echo "\n\n"; $c++; diff --git a/admin/adminScreenshots.php b/admin/adminScreenshots.php index fadde19..f7d7ee8 100644 --- a/admin/adminScreenshots.php +++ b/admin/adminScreenshots.php @@ -11,7 +11,7 @@ require(BASE."include/"."screenshot.php"); apidb_header("Screenshots"); // deny access if not admin -if(!havepriv("admin")) +if(!$_SESSION['current']->hasPriv("admin")) { errorpage("Insufficient privileges."); exit; diff --git a/admin/adminUsers.php b/admin/adminUsers.php index 70e424c..1b94634 100644 --- a/admin/adminUsers.php +++ b/admin/adminUsers.php @@ -8,7 +8,7 @@ include(BASE."include/"."incl.php"); apidb_header("Admin Users Management"); -if(!havepriv("admin")) +if(!$_SESSION['current']->hasPriv("admin")) { errorpage("Insufficient privileges."); exit; @@ -17,10 +17,11 @@ if(!havepriv("admin")) // we want to delete a user if($_REQUEST['action'] == "delete" && is_numeric($_REQUEST['userId'])) { - $sEmail = lookupEmail($_REQUEST['userId']); + $oUser = new User($_REQUEST['userId']); + $sEmail = $oUser->sEmail; if($sEmail) { - $_SESSION['current']->remove($sEmail); + $oUser->delete(); } } @@ -85,15 +86,16 @@ if($_REQUEST['sSubmit']) $i=0; while($hResult && $oRow = mysql_fetch_object($hResult)) { - $sAreYouSure = "Are you sure that you want to delete user ".addslashes($oRow->realname)." ?"; + $oUser = new User($oRow->userid); + $sAreYouSure = "Are you sure that you want to delete user ".addslashes($oUser->sRealname)." ?"; echo "\n"; - echo " ".$oRow->realname."\n"; - echo " ".$oRow->email."\n"; - echo " ".$oRow->created."\n"; - echo " ".$oRow->stamp."\n"; + echo " ".$oUser->sRealname."\n"; + echo " ".$oUser->sEmail."\n"; + echo " ".$oUser->sDateCreated."\n"; + echo " ".$oUser->sStamp."\n"; echo " "; - if(isAdministrator($oRow->userid)) echo "A"; - if(isMaintainer($oRow->userid)) echo "M"; + if($oUser->hasPriv("admin")) echo "A"; + if($oUser->isMaintainer()) echo "M"; echo " \n"; echo " [userid."&sSearch=".$sSearch."&iLimit=".$_REQUEST['iLimit']."&sOrderBy=".$_REQUEST['sOrderBy']."&sSubmit=true\">delete] [userid."&sSearch=".$sSearch."&iLimit=".$_REQUEST['iLimit']."&sOrderBy=".$_REQUEST['sOrderBy']."\">edit]\n"; echo "\n\n"; diff --git a/admin/adminVendors.php b/admin/adminVendors.php index 6594cb4..80dbd35 100644 --- a/admin/adminVendors.php +++ b/admin/adminVendors.php @@ -9,7 +9,7 @@ include("path.php"); require(BASE."include/incl.php"); -if(!havepriv("admin")) +if(!$_SESSION['current']->hasPriv("admin")) { errorpage("Insufficient privileges."); exit; diff --git a/admin/deleteAny.php b/admin/deleteAny.php index e64aa30..ddb5848 100644 --- a/admin/deleteAny.php +++ b/admin/deleteAny.php @@ -11,7 +11,7 @@ include(BASE."include/incl.php"); include(BASE."include/category.php"); include(BASE."include/application.php"); -if(!havepriv("admin")) +if(!$_SESSION['current']->hasPriv("admin")) { errorpage(); exit; diff --git a/admin/editAppFamily.php b/admin/editAppFamily.php index 791cd92..8783467 100644 --- a/admin/editAppFamily.php +++ b/admin/editAppFamily.php @@ -16,7 +16,7 @@ if(!is_numeric($_REQUEST['appId'])) exit; } -if(!(havepriv("admin") || $_SESSION['current']->is_super_maintainer($_REQUEST['appId']))) +if(!($_SESSION['current']->hasPriv("admin") || $_SESSION['current']->isSuperMaintainer($_REQUEST['appId']))) { errorpage("Insufficient Privileges!"); exit; @@ -180,7 +180,7 @@ if(isset($_REQUEST['submit'])) } if ($bAppChanged) { - $sEmail = getNotifyEmailAddressList($_REQUEST['appId']); + $sEmail = get_notify_email_address_list($_REQUEST['appId']); if($sEmail) { $sFullAppName = "Application: ".lookupAppName($_REQUEST['appId']); diff --git a/admin/editAppNote.php b/admin/editAppNote.php index 8737abc..7a59b0c 100644 --- a/admin/editAppNote.php +++ b/admin/editAppNote.php @@ -20,7 +20,7 @@ $hResult = query_appdb($sQuery); $ob = mysql_fetch_object($hResult); /* Check for privs */ -if(!loggedin() || (!havepriv("admin") && !$_SESSION['current']->is_maintainer($ob->appId,$ob->versionId)) ) +if(!$_SESSION['current']->isLoggedIn() || (!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintainer($ob->appId,$ob->versionId)) ) { errorpage("Insufficient Privileges!"); exit; @@ -37,7 +37,7 @@ if(isset($_REQUEST['sub'])) $sMsg = APPDB_ROOT."appview.php?appId={$ob->appId}&versionId={$ob->versionId}\r\n"; $sMsg .= "\r\n"; - $sEmail = getNotifyEmailAddressList($ob->appId, $ob->versionId); + $sEmail = get_notify_email_address_list($ob->appId, $ob->versionId); if ($_REQUEST['sub'] == 'Delete') { diff --git a/admin/editAppVersion.php b/admin/editAppVersion.php index 7cd4a47..3412668 100644 --- a/admin/editAppVersion.php +++ b/admin/editAppVersion.php @@ -11,8 +11,8 @@ if(!is_numeric($_REQUEST['appId']) OR !is_numeric($_REQUEST['versionId'])) exit; } -//check for admin privs -if(!(havepriv("admin") || $_SESSION['current']->is_maintainer($_REQUEST['appId'],$_REQUEST['versionId']))) +/* Check for admin privs */ +if(!($_SESSION['current']->hasPriv("admin") || $_SESSION['current']->isMaintainer($_REQUEST['appId'],$_REQUEST['versionId']))) { errorpage("Insufficient Privileges!"); exit; diff --git a/admin/editBundle.php b/admin/editBundle.php index 4253abe..a3b2a39 100644 --- a/admin/editBundle.php +++ b/admin/editBundle.php @@ -3,7 +3,7 @@ include("path.php"); include(BASE."include/"."incl.php"); -if(!havepriv("admin")) +if(!$_SESSION['current']->hasPriv("admin")) { errorpage(); exit; diff --git a/admin/editCategory.php b/admin/editCategory.php index c50fafd..758e1a2 100644 --- a/admin/editCategory.php +++ b/admin/editCategory.php @@ -4,7 +4,7 @@ include("path.php"); include(BASE."include/"."incl.php"); include(BASE."include/"."tableve.php"); -if(!havepriv("admin")) +if(!$_SESSION['current']->hasPriv("admin")) { errorpage(); exit; diff --git a/admin/editVendor.php b/admin/editVendor.php index 79c665d..6144a66 100644 --- a/admin/editVendor.php +++ b/admin/editVendor.php @@ -4,7 +4,7 @@ include("path.php"); include(BASE."include/"."incl.php"); include(BASE."include/"."tableve.php"); -if(!havepriv("admin")) +if(!$_SESSION['current']->hasPriv("admin")) { errorpage(); exit; diff --git a/appbrowse.php b/appbrowse.php index 22b6617..78f5eab 100644 --- a/appbrowse.php +++ b/appbrowse.php @@ -37,7 +37,7 @@ $catFullPath = make_cat_path($cat->getCategoryPath()); $subs = $cat->getCategoryList(); //display admin box -if(havepriv("admin") && $catId != 0) +if($_SESSION['current']->hasPriv("admin") && $catId != 0) apidb_sidebar_add("admin_menu"); //output header diff --git a/appimage.php b/appimage.php index 4d85c57..4962836 100644 --- a/appimage.php +++ b/appimage.php @@ -6,7 +6,7 @@ include("path.php"); require(BASE."include/"."incl.php"); require(BASE."include/"."screenshot.php"); -if(!havepriv("admin") && $_REQUEST['queued']) +if(!$_SESSION['current']->hasPriv("admin") && $_REQUEST['queued']) { errorpage("Insufficient privileges."); exit; diff --git a/appsubmit.php b/appsubmit.php index c3de882..758a0d6 100644 --- a/appsubmit.php +++ b/appsubmit.php @@ -10,7 +10,7 @@ require(BASE."include/"."tableve.php"); // Send user to the correct branch of code even if they try to bypass // the first page (appsubmit.php without parameters) -if(!loggedin()) +if(!$_SESSION['current']->isLoggedIn()) { unset($_REQUEST['queueName']); unset($_REQUEST['apptype']); @@ -106,7 +106,7 @@ if (isset($_REQUEST['queueName'])) else if (isset($_REQUEST['apptype'])) { // set email field if logged in - if (loggedin()) + if ($_SESSION['current']->isLoggedIn()) $email = $_SESSION['current']->lookup_email($_SESSION['current']->userid); // header @@ -213,7 +213,7 @@ else if (isset($_REQUEST['apptype'])) ########################## else { - if(!loggedin()) + if(!$_SESSION['current']->isLoggedIn()) { // you must be logged in to submit app apidb_header("Please login"); diff --git a/appview.php b/appview.php index 5a59fd8..530f574 100644 --- a/appview.php +++ b/appview.php @@ -107,7 +107,7 @@ function show_note($sType,$oData){ $s .= add_br(stripslashes($oData->noteDesc)); $s .= "\n"; - if (loggedin() && (havepriv("admin") || $_SESSION['current']->is_maintainer($_REQUEST['appId'], $_REQUEST['versionId']))) + if ($_SESSION['current']->isLoggedIn() && ($_SESSION['current']->hasPriv("admin") || $_SESSION['current']->isMaintainer($_REQUEST['appId'], $_REQUEST['versionId']))) { $s .= ""; $s .= "
"; @@ -203,7 +203,7 @@ if($appId && !$versionId) } // show Vote Menu - if(loggedin()) + if($_SESSION['current']->isLoggedIn()) apidb_sidebar_add("vote_menu"); // header @@ -268,8 +268,9 @@ if($appId && !$versionId) { while(list($index, list($userIdValue)) = each($other_maintainers)) { + $oUser = new User($userIdValue); echo " \n"; - echo "
  • ".lookupRealname($userIdValue)."\n"; + echo "
  • ".$oUser->sRealname."\n"; } } else { @@ -278,10 +279,10 @@ if($appId && !$versionId) // Display the app maintainer button echo "
    \n"; - if(loggedin()) + if($_SESSION['current']->isLoggedIn()) { /* are we already a maintainer? */ - if($_SESSION['current']->is_super_maintainer($appId)) /* yep */ + if($_SESSION['current']->isSuperMaintainer($appId)) /* yep */ { echo ' '; } else /* nope */ @@ -294,14 +295,14 @@ if($appId && !$versionId) echo " "; /* set superMaintainer to 1 because we are at the appFamily level */ echo " "; - if($_SESSION['current']->is_super_maintainer($appId) || havepriv("admin")) + if($_SESSION['current']->isSuperMaintainer($appId) || $_SESSION['current']->hasPriv("admin")) { echo '
    '; echo '
    '; echo ''; echo '
    '; } - if(havepriv("admin")) + if($_SESSION['current']->hasPriv("admin")) { $url = BASE."admin/deleteAny.php?what=appFamily&appId=".$_REQUEST['appId']."&confirmed=yes"; echo "
    "; @@ -396,7 +397,7 @@ else if($appId && $versionId) while(list($index, list($userIdValue)) = each($other_maintainers)) { echo ""; - echo "
  • ".lookupRealname($userIdValue)."\n"; + echo "
  • ".$oUser->sRealname."\n"; } } else { @@ -407,18 +408,18 @@ else if($appId && $versionId) // display the app maintainer button echo "
    "; - if(loggedin()) + if($_SESSION['current']->isLoggedIn()) { /* is this user a maintainer of this version by virtue of being a super maintainer */ /* of this app family? */ - if($_SESSION['current']->is_super_maintainer($appId)) + if($_SESSION['current']->isSuperMaintainer($appId)) { echo '
    '; echo ""; } else { /* are we already a maintainer? */ - if($_SESSION['current']->is_maintainer($appId, $versionId)) /* yep */ + if($_SESSION['current']->isMaintainer($appId, $versionId)) /* yep */ { echo ''; echo ""; @@ -440,7 +441,7 @@ else if($appId && $versionId) echo "
    "; - if (loggedin() && (havepriv("admin") || $_SESSION['current']->is_maintainer($appId, $versionId))) + if ($_SESSION['current']->isLoggedIn() && ($_SESSION['current']->hasPriv("admin") || $_SESSION['current']->isMaintainer($appId, $versionId))) { echo "
    "; echo ''; diff --git a/cron/cleanup.php b/cron/cleanup.php index 5ddbee6..6764e74 100644 --- a/cron/cleanup.php +++ b/cron/cleanup.php @@ -30,16 +30,18 @@ include(BASE."include/mail.php"); $hSixMonth = inactiveSince(6); while($oRow = mysql_fetch_object($hSixMonth)) { - if(isMaintainer($oRow->userid)) - warnMaintainer(lookupEmail($oRow->userid)); + $oUser = new User($oRow->userid); + if($oUser->isMaintainer()) + warnMaintainer($oUser->sEmail); elseif(!hasDataAssociated($oRow->userid)) - warnUser(lookupEmail($oRow->userid)); + warnUser($oUser->sEmail); } $hSevenMonth = inactiveSince(7); while($oRow = mysql_fetch_object($hSevenMonth)) { - if(isMaintainer($oRow->userid)) + $oUser = new User($oRow->userid); + if($oUser->isMaintainer()) deleteMaintainer($oRow->userid); elseif(!hasDataAssociated($oRow->userid)) deleteUser($oRow->userid); @@ -77,20 +79,22 @@ function hasDataAssociated($iUserId) function deleteUser($iUserId) { - warnUserDeleted(lookupEmail($iUserId)); - echo "user ".lookupEmail($iUserId)." deleted.\n"; + $oUser = new User($iUserId); + warnUserDeleted($oUser->sEmail); + echo "user ".$oUser->sEmail." deleted.\n"; $sQuery = "DELETE FROM user_list WHERE userid = $iUserId"; $hResult = query_appdb($sQuery); $sQuery = "DELETE FROM user_prefs WHERE userid = $iUserId"; $hResult = query_appdb($sQuery); } -function deleteMaintainer() +function deleteMaintainer($iUserId) { + $oUser = new User($iUserId); $sQuery = "DELETE FROM appMaintainers WHERE userId = $iUserId"; $hResult = query_appdb($sQuery); - warnMaintainerDeleted(lookupEmail($iUserId)); - echo "user ".lookupEmail($iUserId)." is not a maintainer anymore.\n"; + warnMaintainerDeleted($oUser->sEmail); + echo "user ".$oUser->sEmail." is not a maintainer anymore.\n"; } function warnUser($sEmail) diff --git a/deletecomment.php b/deletecomment.php index 1a137cb..94c1441 100644 --- a/deletecomment.php +++ b/deletecomment.php @@ -17,7 +17,7 @@ $_REQUEST['versionId'] = strip_tags($_REQUEST['versionId']); $_REQUEST['commentId'] = strip_tags($_REQUEST['commentId']); $_REQUEST['commentId'] = mysql_escape_string($_REQUEST['commentId']); -if(!loggedin()) +if(!$_SESSION['current']->isLoggedIn()) { errorpage("You need to be logged in to delete a comment."); exit; @@ -25,8 +25,8 @@ if(!loggedin()) /* if we aren't an admin or the maintainer of this app we shouldn't be */ /* allowed to delete any comments */ -if(!havepriv("admin") && - !$_SESSION['current']->is_maintainer($_REQUEST['appId'], +if(!$_SESSION['current']->hasPriv("admin") && + !$_SESSION['current']->isMaintainer($_REQUEST['appId'], $_REQUEST['versionId'])) { errorpage('You don\'t have admin privileges'); @@ -96,9 +96,10 @@ if($_SESSION['current']->getpref("confirm_comment_deletion") != "no" && exit; } else { - $sEmail = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']); - $notify_user_email=lookupEmail($ob->userId); - $notify_user_realname=lookupRealname($ob->userId); + $sEmail = get_notify_email_address_list($_REQUEST['appId'], $_REQUEST['versionId']); + $oUser = new User($ob->userId); + $notify_user_email=$oUser->sEmail; + $notify_user_realname=$oUser->sRealname; $sEmail .= $notify_user_email; if($sEmail) { diff --git a/include/comments.php b/include/comments.php index 42ada92..e373a2c 100644 --- a/include/comments.php +++ b/include/comments.php @@ -55,7 +55,7 @@ function view_app_comment($ob) echo "\n"; // delete message button, for admins - if (loggedin() && (havepriv("admin") || $_SESSION['current']->is_maintainer($ob->appId,$ob->versionId) )) + if ($_SESSION['current']->isLoggedIn() && ($_SESSION['current']->hasPriv("admin") || $_SESSION['current']->isMaintainer($ob->appId,$ob->versionId) )) { echo ""; echo "\n"; @@ -202,7 +202,7 @@ function view_app_comments($appId, $versionId, $threadId = 0) echo '',"\n"; // message display mode changer - if (loggedin()) + if ($_SESSION['current']->isLoggedIn()) { // FIXME we need to change this so not logged in users can change current view as well if (isset($_REQUEST['cmode'])) @@ -241,7 +241,7 @@ function view_app_comments($appId, $versionId, $threadId = 0) echo '
    iUserId == $_REQUEST['userId']) { ?> diff --git a/include/incl.php b/include/incl.php index fc3698d..e5784e8 100644 --- a/include/incl.php +++ b/include/incl.php @@ -47,7 +47,7 @@ function apidb_fullpath($path) */ function apidb_header($title = 0) { - $realname = isset($_SESSION['current'])?$_SESSION['current']->realname:""; + $realname = $_SESSION['current']->sRealname; // Set Page Title $page_title = $title; @@ -99,7 +99,7 @@ function apidb_sidebar() global $sidebar_func_list; //TURN on GLOBAL ADMIN MENU - if (havepriv("admin")) + if ($_SESSION['current']->hasPriv("admin")) { include(BASE."include/"."sidebar_admin.php"); apidb_sidebar_add("global_admin_menu"); @@ -218,11 +218,13 @@ function dumpmsgbuffer() } /** - * Init Session (stores user info and cart info in session) + * Init Session (stores user info in session) */ $session = new session("whq_appdb"); $session->register("current"); +if(!isset($_SESSION['current'])) $_SESSION['current'] = new User(); + // if we are debugging we need to see all errors -if(debugging()) error_reporting(E_ALL ^ E_NOTICE); +if($_SESSION['current']->showDebuggingInfos()) error_reporting(E_ALL ^ E_NOTICE); ?> diff --git a/include/sidebar_login.php b/include/sidebar_login.php index 635fd86..318956a 100644 --- a/include/sidebar_login.php +++ b/include/sidebar_login.php @@ -11,7 +11,7 @@ function global_sidebar_login() { $g = new htmlmenu("User Menu"); - if(loggedin()) + if($_SESSION['current']->isLoggedIn()) { $g->add("Logout", BASE."account.php?cmd=logout"); diff --git a/include/user.php b/include/user.php index 63d2cd7..8e4e33e 100644 --- a/include/user.php +++ b/include/user.php @@ -1,323 +1,293 @@ iUserId = $oRow->userid; + $this->sEmail = $oRow->email; + $this->sRealname = $oRow->realname; + $this->sStamp = $oRow->stamp; + $this->sDateCreated = $oRow->created; + $this->sWineRelease = $oRow->CVSrelease; + } + return $this->isLoggedIn(); } + /** - * check if a user exists - * returns TRUE if the user exists + * Logs in an user using e-mail and password. */ - function exists($sEmail) - { - $result = query_appdb("SELECT * FROM user_list WHERE email = '$sEmail'"); - if(!$result || mysql_num_rows($result) != 1) - return 0; - return 1; - } - - function lookup_userid($sEmail) - { - $result = query_appdb("SELECT userid FROM user_list WHERE email = '$sEmail'"); - if(!$result || mysql_num_rows($result) != 1) - return null; - $ob = mysql_fetch_object($result); - return $ob->userid; - } - - - function lookup_realname($userid) - { - $result = query_appdb("SELECT realname FROM user_list WHERE userid = $userid"); - if(!$result || mysql_num_rows($result) != 1) - return null; - $ob = mysql_fetch_object($result); - return $ob->realname; - } - - - function lookup_email($userid) - { - return lookupEmail($userid); - } - - function lookup_CVSrelease($userId) - { - $result = query_appdb("SELECT CVSrelease FROM user_list WHERE userId = '$userId'"); - if(!$result || mysql_num_rows($result) != 1) - return null; - $ob = mysql_fetch_object($result); - return $ob->CVSrelease; - } - - /** - * restore a user from the database - * returns 0 on success and an error msg on failure - */ - function restore($sEmail, $sPassword) - { - $result = query_appdb("SELECT stamp, userid, realname, ". - "created, status, perm FROM user_list WHERE ". - "email = '$sEmail' AND ". - "password = password('$sPassword')"); - if(!$result) - return "A database error occurred"; - - if(mysql_num_rows($result) == 0) - return "Invalid e-mail or password"; - - list($this->stamp, $this->userid, $this->realname, - $this->created, $status, $perm) = mysql_fetch_row($result); - - return 0; - } - - function login($sEmail, $sPassword) { - $result = $this->restore($sEmail, $sPassword); - - /* if our result is non-null then we must have had an error */ - if($result != null) - return $result; - - /* update the 'stamp' field in the users account to reflect the last time */ - /* they logged in */ - $myUserId = $this->lookup_userid($sEmail); - $result = query_appdb("UPDATE user_list SET stamp=null WHERE userid=$myUserId;"); - return 0; + $sQuery = "SELECT * + FROM user_list + WHERE email = '".$sEmail."' + AND password = password('".$sPassword."')"; + $hResult = query_appdb($sQuery); + $oRow = mysql_fetch_object($hResult); + $this->iUserId = $oRow->userid; + $this->sEmail = $oRow->email; + $this->sRealname = $oRow->realname; + $this->sStamp = $oRow->stamp; + $this->sDateCreated = $oRow->created; + $this->sWineRelease = $oRow->CVSrelease; + if($this->isLoggedIn()) + { + // Update timestamp + query_appdb("UPDATE user_list SET stamp=null WHERE userid=".$this->iUserId); + return true; + } + return false; } /* - * create a new user - * returns 0 on success and an error msg on failure + * Creates a new user. + * returns true on success, false on failure */ - function create($sEmail, $sPassword, $sRealname, $sCVSrelease) + function create($sEmail, $sPassword, $sRealname, $sWineRelease) { + if(user_exists($sEmail)) + { + addMsg("An account with this e-mail exists already.","red"); + return false; + } else + { $aInsert = compile_insert_string(array( 'realname' => $sRealname, 'email' => $sEmail, - 'status' => 0, - 'perm' => 0, - 'CVSrelease' => $sCVSrelease )); + 'CVSrelease' => $sWineRelease )); $sFields = "({$aInsert['FIELDS']}, `password`, `stamp`, `created`)"; $sValues = "({$aInsert['VALUES']}, password('".$sPassword."'), NOW(), NOW() )"; query_appdb("INSERT INTO user_list $sFields VALUES $sValues", "Error while creating a new user."); - $this->restore($sEmail, $sPassword); + return $this->login($sEmail, $sPassword); + } } /** * Update User Account; */ - function update($userid = 0, $password = null, $realname = null, $email = null, $CVSrelease = null) + function update($sEmail = null, $sPassword = null, $sRealname = null, $sWineRelease = null) { - if (!$userid) - return 0; - if ($password) + if(!$this->isLoggedIn()) return false; + + if ($sEmail) { - if (!query_appdb("UPDATE user_list SET password = password('$password') WHERE userid = $userid")) - return 0; + if(user_exists($sEmail) && $sEmail != $this->sEmail) + { + addMsg("An account with this e-mail exists already.","red"); + return false; + } + if (!query_appdb("UPDATE user_list SET email = '".addslashes($sEmail)."' WHERE userid = ".$this->iUserId)) + return false; + $this->sEmail = $sEmail; } - if ($realname) + if ($sPassword) { - if (!query_appdb("UPDATE user_list SET realname = '".addslashes($realname)."' WHERE userid = $userid")) - return 0; + if (!query_appdb("UPDATE user_list SET password = password('$sPassword') WHERE userid = ".$this->iUserId)) + return false; } - if ($email) + if ($sRealname) { - if (!query_appdb("UPDATE user_list SET email = '".addslashes($email)."' WHERE userid = $userid")) - return 0; + if (!query_appdb("UPDATE user_list SET realname = '".addslashes($sRealname)."' WHERE userid = ".$this->iUserId)) + return false; + $this->sRealname = $sRealname; } - if ($CVSrelease) + if ($sWineRelease) { - if (!query_appdb("UPDATE user_list SET CVSrelease = '".addslashes($CVSrelease)."' WHERE userid = $userid")) - return 0; + if (!query_appdb("UPDATE user_list SET CVSrelease = '".addslashes($sWineRelease)."' WHERE userid = ".$this->iUserId)) + return false; + $this->sWineRelease = $sWineRelease; } - - return 1; + return true; } + /** - * remove the current, or specified user from the database - * returns 0 on success and an error msg on failure + * Removes the current, or specified user and preferences from the database. + * returns true on success and false on failure. */ - function remove($sEmail = "") + function delete() { - if(!$sEmail) - $sEmail = $this->email; - $result = query_appdb("DELETE FROM user_list WHERE email = '".$sEmail."'"); - if(!$result) - return "A database error occurred"; - return 0; + if(!$this->isLoggedIn()) return false; + $hResult2 = query_appdb("DELETE FROM user_privs WHERE id = '".$this->iUserId."'"); + $hResult3 = query_appdb("DELETE FROM user_prefs WHERE id = '".$this->iUserId."'"); + return($hResult = query_appdb("DELETE FROM user_list WHERE id = '".$this->iUserId."'")); } - function done() + /** + * Get a preference for the current user. + */ + function getPref($sKey, $sDef = null) { - - } + if(!$this->isLoggedIn() || !$sKey) + return $sDef; - - function getpref($key, $def = null) - { - if(!$this->userid || !$key) - return $def; - - $result = query_appdb("SELECT * FROM user_prefs WHERE userid = $this->userid AND name = '$key'"); - if(!$result || mysql_num_rows($result) == 0) - return $def; - $ob = mysql_fetch_object($result); + $hResult = query_appdb("SELECT * FROM user_prefs WHERE userid = ".$this->iUserId." AND name = '$sKey'"); + if(!$hResult || mysql_num_rows($hResult) == 0) + return $sDef; + $ob = mysql_fetch_object($hResult); return $ob->value; } - function setpref($key, $value) - { - if(!$this->userid || !$key || !$value) - return null; - - $result = query_appdb("DELETE FROM user_prefs WHERE userid = $this->userid AND name = '$key'"); - $result = query_appdb("INSERT INTO user_prefs VALUES($this->userid, '$key', '$value')"); - return $result ? true : false; - } - - /** - * check if this user has $priv + * Set a preference for the current user. */ - function checkpriv($priv) + function setPref($sKey, $sValue) { - if(!$this->userid || !$priv) - return 0; - - $result = query_appdb("SELECT * FROM user_privs WHERE userid = $this->userid AND priv = '$priv'"); - if(!$result) - return 0; - return mysql_num_rows($result); - } - - - /** - * check if this user is a maintainer of a given appId/versionId - */ - function is_maintainer($appId, $versionId) - { - if(!$this->userid) + if(!$this->isLoggedIn() || !$sKey || !$sValue) return false; + $hResult = query_appdb("DELETE FROM user_prefs WHERE userid = ".$this->iUserId." AND name = '$sKey'"); + $hResult = query_appdb("INSERT INTO user_prefs VALUES(".$this->iUserId.", '$sKey', '$sValue')"); + return $hResult; + } + + + /** + * Check if this user has $priv. + */ + function hasPriv($sPriv) + { + if(!$this->isLoggedIn() || !$sPriv) + return false; + + $hResult = query_appdb("SELECT * FROM user_privs WHERE userid = ".$this->iUserId." AND priv = '".$sPriv."'"); + if(!$hResult) + return false; + return mysql_num_rows($hResult); + } + + + /** + * Check if this user is a maintainer of a given appId/versionId. + */ + function isMaintainer($iAppId=null, $iVersionId=null) + { + if(!$this->isLoggedIn()) return false; + /* if this user is a super maintainer of this appid then they */ /* are a maintainer of all of the versionId's of it as well */ - if($this->is_super_maintainer($appId)) + if($this->isSuperMaintainer($iAppId)) { return true; } - - $query = "SELECT * FROM appMaintainers WHERE userid = '$this->userid' AND appId = '$appId' AND versionId = '$versionId'"; - $result = query_appdb($query); - if(!$result) - return 0; - return mysql_num_rows($result); + + if($iAppId && $iVersionId) + { + $sQuery = "SELECT * FROM appMaintainers WHERE userid = '".$this->iUserId."' AND appId = '".$iAppId."' AND versionId = '$iVersionId'"; + } else + { + $sQuery = "SELECT * FROM appMaintainers WHERE userid = '".$this->iUserId."'"; + } + $hResult = query_appdb($sQuery); + if(!$hResult) + return false; + return mysql_num_rows($hResult); } /* - * check if this user is a maintainer of a given appId/versionId + * Check if this user is a maintainer of a given appId/versionId. */ - function is_super_maintainer($appId) + function isSuperMaintainer($iAppId=null) { - if(!$this->userid) + if(!$this->isLoggedIn()) return false; + + if($iAppId) + { + $sQuery = "SELECT * FROM appMaintainers WHERE userid = '$this->iUserId' AND appId = '$iAppId' AND superMaintainer = '1'"; + } else + { + $sQuery = "SELECT * FROM appMaintainers WHERE userid = '$this->iUserId' AND superMaintainer = '1'"; + } + $hResult = query_appdb($sQuery); + if(!$hResult) + return false; + return mysql_num_rows($hResult); + } + + + function addPriv($sPriv) + { + if(!$this->isLoggedIn() || !$sPriv) return false; - $query = "SELECT * FROM appMaintainers WHERE userid = '$this->userid' AND appId = '$appId' AND superMaintainer = '1'"; - $result = query_appdb($query); - if(!$result) - return 0; - return mysql_num_rows($result); + if($this->hasPriv($sPriv)) + return true; + + $hResult = query_appdb("INSERT INTO user_privs VALUES ($this->iUserId, '$sPriv')"); + return $hResult; } - function addpriv($priv) + function delPriv($sPriv) { - if(!$this->userid || !$priv) - return 0; + if(!$this->isLoggedIn() || !$sPriv) + return false; - if($this->checkpriv($priv)) - return 1; - - $result = query_appdb("INSERT INTO user_privs VALUES ($this->userid, '$priv')"); - return $result; + $hRresult = query_appdb("DELETE FROM user_privs WHERE userid = $this->iUserId AND priv = '$sPriv'"); + return $hRresult; } - - function delpriv($priv) + /** + * Checks if the current user is valid. + */ + function isLoggedIn() { - if(!$this->userid || !$priv) - return 0; - - $result = query_appdb("DELETE FROM user_privs WHERE userid = $this->userid AND priv = '$priv'"); - return $result; + return $this->iUserId; } + + + /** + * Checks if user should see debugging infos. + * + */ + function showDebuggingInfos() + { + return (($this->isLoggedIn() && $this->getPref("debug") == "yes") || APPDB_DEBUG == 1); + } } -function loggedin() -{ - if(isset($_SESSION['current']) && $_SESSION['current']->userid) - return true; - return false; -} - - -function havepriv($priv) -{ - if(!loggedin()) - return false; - return $_SESSION['current']->checkpriv($priv); -} - -function debugging() -{ - return ((loggedin() && $_SESSION['current']->getpref("debug") == "yes") || APPDB_DEBUG == 1); -} - - -function makeurl($text, $url, $pref = null) -{ - if(loggedin()) - { - if($_SESSION['current']->getpref($pref) == "yes") - $extra = "window='new'"; - } - return " $text \n"; -} - +/* + * User functions that are not part of the class + */ /** - * create a new random password + * Creates a new random password. */ function generate_passwd($pass_len = 10) { @@ -332,55 +302,10 @@ function generate_passwd($pass_len = 10) } -function lookupEmail($userid) -{ - $result = query_appdb("SELECT email FROM user_list WHERE userid = $userid"); - if(!$result || mysql_num_rows($result) != 1) - return null; - $ob = mysql_fetch_object($result); - return $ob->email; -} - -function lookupRealname($userid) -{ - $result = query_appdb("SELECT realname FROM user_list WHERE userid = $userid"); - if(!$result || mysql_num_rows($result) != 1) - return null; - $ob = mysql_fetch_object($result); - return $ob->realname; -} - -function UserWantsEmail($userid) -{ - $result = query_appdb("SELECT * FROM user_prefs WHERE userid = $userid AND name = 'send_email'"); - if(!$result || mysql_num_rows($result) == 0) - { - return true; - } - $ob = mysql_fetch_object($result); - return ($ob->value == 'no' ? false : true); -} - -function isAdministrator($iUserId) -{ - $hResult = query_appdb("SELECT * FROM user_privs WHERE userid = ".$iUserId." AND priv = 'admin'"); - if(!$hResult) - return 0; - return mysql_num_rows($hResult); -} - -function isMaintainer($iUserId) -{ - $hResult = query_appdb("SELECT * FROM appMaintainers WHERE userId = ".$iUserId); - if(!$hResult) - return 0; - return mysql_num_rows($hResult); -} - /** - * get the email address of people to notify for this appId and versionId + * Get the email address of people to notify for this appId and versionId. */ -function getNotifyEmailAddressList($appId, $versionId = 0) +function get_notify_email_address_list($appId, $versionId = 0) { $aUserId = array(); $c = 0; @@ -418,8 +343,9 @@ function getNotifyEmailAddressList($appId, $versionId = 0) { while(list($index, list($userIdValue)) = each($aUserId)) { - if (UserWantsEmail($userIdValue)) - $retval .= lookupEmail($userIdValue)." "; + $oUser = new User($userIdValue); + if ($oUser->getPref("send_email")) + $retval .= $oUser->sEmail." "; } } return $retval; @@ -429,7 +355,7 @@ function getNotifyEmailAddressList($appId, $versionId = 0) /** * Get the number of users in the database */ -function getNumberOfUsers() +function get_number_of_users() { $result = query_appdb("SELECT count(*) as num_users FROM user_list;"); $row = mysql_fetch_object($result); @@ -440,11 +366,23 @@ function getNumberOfUsers() /** * Get the number of active users within $days of the current day */ -function getActiveUsersWithinDays($days) +function get_active_users_within_days($days) { $result = query_appdb("SELECT count(*) as num_users FROM user_list WHERE stamp >= DATE_SUB(CURDATE(), interval $days day);"); $row = mysql_fetch_object($result); return $row->num_users; } + +/** + * Check if a user exists. + * returns TRUE if the user exists + */ +function user_exists($sEmail) +{ + $result = query_appdb("SELECT * FROM user_list WHERE email = '$sEmail'"); + if(!$result || mysql_num_rows($result) != 1) + return 0; + return 1; +} ?> diff --git a/include/vote.php b/include/vote.php index 4d79204..2463622 100644 --- a/include/vote.php +++ b/include/vote.php @@ -12,8 +12,8 @@ function vote_count($appId, $userId = null) if(!$userId) { - if(loggedin()) - $userId = $_SESSION['current']->userid; + if($_SESSION['current']->isLoggedIn()) + $userId = $_SESSION['current']->iUserId; else return 0; } @@ -29,8 +29,8 @@ function vote_count_user_total($userId = null) { if(!$userId) { - if(loggedin()) - $userId = $_SESSION['current']->userid; + if($_SESSION['current']->isLoggedIn()) + $userId = $_SESSION['current']->iUserId; else return 0; } @@ -56,8 +56,8 @@ function vote_add($appId, $slot, $userId = null) { if(!$userId) { - if(loggedin()) - $userId = $_SESSION['current']->userid; + if($_SESSION['current']->isLoggedIn()) + $userId = $_SESSION['current']->iUserId; else return; } @@ -78,8 +78,8 @@ function vote_remove($slot, $userId = null) if(!$userId) { - if(loggedin()) - $userId = $_SESSION['current']->userid; + if($_SESSION['current']->isLoggedIn()) + $userId = $_SESSION['current']->iUserId; else return; } @@ -91,8 +91,8 @@ function vote_get_user_votes($userId = null) { if(!$userId) { - if(loggedin()) - $userId = $_SESSION['current']->userid; + if($_SESSION['current']->isLoggedIn()) + $userId = $_SESSION['current']->iUserId; if(!$userId) return array(); } @@ -150,10 +150,9 @@ function dump($arr) function vote_update($vars) { - //FIXME this doesn't work since msgs only work when logged in - if(!loggedin()) + if(!$_SESSION['current']->isLoggedIn()) { - addmsg("You must be logged in to vote", "red"); + errorpage("You must be logged in to vote"); return; } diff --git a/index.php b/index.php index 3726573..aa9ab57 100644 --- a/index.php +++ b/index.php @@ -33,7 +33,7 @@ $str_benefits="
  • Submit new applications and versions.
    • "; -if(!loggedin()) +if(!$_SESSION['current']->isLoggedIn()) { echo "

    Most of the features of the Application database require that you have a user account and diff --git a/maintainerdelete.php b/maintainerdelete.php index c22f1ed..2d44db1 100644 --- a/maintainerdelete.php +++ b/maintainerdelete.php @@ -11,7 +11,7 @@ require(BASE."include/"."incl.php"); require(BASE."include/"."tableve.php"); require(BASE."include/"."category.php"); -if(!loggedin()) +if(!$_SESSION['current']->isLoggedIn()) { errorpage("You need to be logged in to apply to be a maintainer."); exit; diff --git a/maintainersubmit.php b/maintainersubmit.php index 0d96b78..b5309f6 100644 --- a/maintainersubmit.php +++ b/maintainersubmit.php @@ -35,7 +35,7 @@ function checkAppMaintainerInput( $fields ) } -if(!loggedin()) +if(!$_SESSION['current']->isLoggedIn()) { errorpage("You need to be logged in to apply to be a maintainer."); exit; @@ -46,14 +46,14 @@ $versionId = strip_tags($_POST['versionId']); $superMaintainer = strip_tags($_POST['superMaintainer']); /* if the user is already a maintainer don't add them again */ -if($_SESSION['current']->is_maintainer($appId, $versionId)) +if($_SESSION['current']->isMaintainer($appId, $versionId)) { echo "You are already a maintainer of this app!"; exit; } /* if this user is a super maintainer they maintain all of the versionIds of this appId */ -if($_SESSION['current']->is_super_maintainer($appId)) +if($_SESSION['current']->isSuperMaintainer($appId)) { echo "You are already a supermaintainer of the whole application family!"; exit; diff --git a/preferences.php b/preferences.php index 7ae1289..44035e8 100644 --- a/preferences.php +++ b/preferences.php @@ -9,34 +9,35 @@ include("path.php"); include(BASE."include/"."incl.php"); -if(!loggedin()) +if(!$_SESSION['current']->isLoggedIn()) { errorpage("You must be logged in to edit preferences"); exit; } // we come from the administration to edit an user -if(havepriv("admin") && +if($_SESSION['current']->hasPriv("admin") && is_numeric($_REQUEST['userId']) && is_numeric($_REQUEST['iLimit']) && in_array($_REQUEST['sOrderBy'],array("email","realname","created")) ) { - $iUserId = $_REQUEST['userId']; + $oUser = new User($_REQUEST['userId']); } else { - $iUserId = $_SESSION['current']->userid; + $oUser = &$_SESSION['current']; } function build_prefs_list() { + global $oUser; $result = query_appdb("SELECT * FROM prefs_list ORDER BY id"); while($result && $r = mysql_fetch_object($result)) { //skip admin options //TODO: add a field to prefs_list to flag the user level for the pref - if(!havepriv("admin")) + if(!$_SESSION['current']->hasPriv("admin")) { if($r->name == "query:mode") continue; @@ -53,28 +54,24 @@ function build_prefs_list() } $input = html_select("pref_$r->name", explode('|', $r->value_list), - $_SESSION['current']->getpref($r->name, $r->def_value)); + $oUser->getpref($r->name, $r->def_value)); echo html_tr(array("  $r->description", $input)); } } function show_user_fields() { - global $iUserId; - $user = new User(); + global $oUser; - $ext_realname = $user->lookup_realname($iUserId); - $ext_email = $user->lookup_email($iUserId); - $CVSrelease = $user->lookup_CVSrelease($iUserId); - // if we are managing anothe user - if($iUserId == $_REQUEST['userId']) - { - if(isAdministrator($iUserId)) - $ext_hasadmin = 'checked="true"'; - else - $ext_hasadmin = ""; - } - include(BASE."include/"."form_edit.php"); + $ext_realname = $oUser->sRealname; + $ext_email = $oUser->sEmail; + $CVSrelease = $oUser->sWineRelease; + if($oUser->hasPriv("admin")) + $ext_hasadmin = 'checked="true"'; + else + $ext_hasadmin = ""; + + include(BASE."include/form_edit.php"); echo "

    ',"\n"; //hide or display depending on pref - if (loggedin()) + if ($_SESSION['current']->isLoggedIn()) $mode = $_SESSION['current']->getpref("comments:mode"); else $mode = "flat"; diff --git a/include/form_edit.php b/include/form_edit.php index 06303e5..f42c2cd 100644 --- a/include/form_edit.php +++ b/include/form_edit.php @@ -23,7 +23,7 @@
      Wine version "; make_bugzilla_version_list("CVSrelease", $CVSrelease); @@ -83,13 +80,11 @@ function show_user_fields() if($_POST) { - $user = new User(); - while(list($key, $value) = each($_REQUEST)) { if(!ereg("^pref_(.+)$", $key, $arr)) continue; - $_SESSION['current']->setpref($arr[1], $value); + $oUser->setPref($arr[1], $value); } if ($_REQUEST['ext_password'] == $_REQUEST['ext_password2']) @@ -100,18 +95,17 @@ if($_POST) { addmsg("The Passwords you entered did not match.", "red"); } - if ($user->update($iUserId, $str_passwd, $_REQUEST['ext_realname'], $_REQUEST['ext_email'], $_REQUEST['CVSrelease'])) + if ($oUser->update($_REQUEST['ext_email'], $str_passwd, $_REQUEST['ext_realname'], $_REQUEST['CVSrelease'])) { addmsg("Preferences Updated", "green"); // we were managing an user, let's go back to the admin after updating tha admin status - if($iUserId == $_REQUEST['userId'] && havepriv("admin")) + if($oUser->iUserId == $_REQUEST['userId'] && $_SESSION['current']->hasPriv("admin")) { - $user->userid = $iUserId; if($_POST['ext_hasadmin']=="on") - $user->addpriv("admin"); + $oUser->addPriv("admin"); else - $user->delpriv("admin"); - redirect(BASE."admin/adminUsers.php?userId=".$iUserId."&sSearch=".$_REQUEST['sSearch']."&iLimit=".$_REQUEST['iLimit']."&sOrderBy=".$_REQUEST['sOrderBy']."&sSubmit=true"); + $oUser->delPriv("admin"); + redirect(BASE."admin/adminUsers.php?userId=".$oUser->iUserId."&sSearch=".$_REQUEST['sSearch']."&iLimit=".$_REQUEST['iLimit']."&sOrderBy=".$_REQUEST['sOrderBy']."&sSubmit=true"); } } else @@ -125,7 +119,7 @@ apidb_header("User Preferences"); echo "\n"; // if we manage another user we give the parameters to go back to the admin -if($iUserId == $_REQUEST['userId']) +if($oUser->iUserId == $_REQUEST['userId']) { echo "\n"; echo "\n"; @@ -133,19 +127,18 @@ if($iUserId == $_REQUEST['userId']) echo "\n"; } -echo html_frame_start("Preferences for ".lookupRealName($iUserId), "80%"); +echo html_frame_start("Preferences for ".$oUser->sRealname, "80%"); echo html_table_begin("width='100%' border=0 align=left cellspacing=0 class='box-body'"); show_user_fields(); // if we don't manage another user -if($iUserId != $_REQUEST['userId']) build_prefs_list(); +if($oUser->iUserId != $_REQUEST['userId']) build_prefs_list(); echo html_table_end(); echo html_frame_end(); echo "

    \n"; echo "\n"; - apidb_footer(); ?> diff --git a/screenshots.php b/screenshots.php index 6455311..6d0fe0a 100644 --- a/screenshots.php +++ b/screenshots.php @@ -20,15 +20,15 @@ if($_REQUEST['cmd']) //process screenshot upload if($_REQUEST['cmd'] == "screenshot_upload") { - if(havepriv("admin") || - (loggedin() && $_SESSION['current']->is_maintainer($_REQUEST['appId'], + if($_SESSION['current']->hasPriv("admin") || + ($_SESSION['current']->isLoggedIn() && $_SESSION['current']->isMaintainer($_REQUEST['appId'], $_REQUEST['versionId']))) { - $oScreenshot = new Screenshot(null,false,$_SESSION['current']->userid,$_REQUEST['appId'],$_REQUEST['versionId'],$_REQUEST['screenshot_desc'],$_FILES['imagefile']); + $oScreenshot = new Screenshot(null,false,$_SESSION['current']->iUserId,$_REQUEST['appId'],$_REQUEST['versionId'],$_REQUEST['screenshot_desc'],$_FILES['imagefile']); if($oScreenshot) { //success - $sEmail = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']); + $sEmail = get_notify_email_address_list($_REQUEST['appId'], $_REQUEST['versionId']); if($sEmail) { $sFullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']); @@ -47,7 +47,7 @@ if($_REQUEST['cmd']) if($oScreenshot) { //success - $sEmail = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']); + $sEmail = get_notify_email_address_list($_REQUEST['appId'], $_REQUEST['versionId']); if($sEmail) { $sFullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']); @@ -64,14 +64,14 @@ if($_REQUEST['cmd']) $oScreenshot->free(); } elseif($_REQUEST['cmd'] == "delete" && is_numeric($_REQUEST['imageId'])) { - if(havepriv("admin") || - $_SESSION['current']->is_maintainer($_REQUEST['appId'], + if($_SESSION['current']->hasPriv("admin") || + $_SESSION['current']->isMaintainer($_REQUEST['appId'], $_REQUEST['versionId'])) { $oScreenshot = new Screenshot($_REQUEST['imageId']); if($oScreenshot && $oScreenshot->delete()) { - $sEmail = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']); + $sEmail = get_notify_email_address_list($_REQUEST['appId'], $_REQUEST['versionId']); if($sEmail) { $sFullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']); @@ -130,7 +130,7 @@ if($result && mysql_num_rows($result)) // set image link based on user pref $img = ''.$imgSRC.''; - if (loggedin()) + if ($_SESSION['current']->isLoggedIn()) { if ($_SESSION['current']->getpref("window:screenshot") == "no") { @@ -144,8 +144,8 @@ if($result && mysql_num_rows($result)) echo "
    ". substr(stripslashes($ob->description),0,20). "\n"; //show admin delete link - if(loggedin() && (havepriv("admin") || - $_SESSION['current']->is_maintainer($_REQUEST['appId'], + if($_SESSION['current']->isLoggedIn() && ($_SESSION['current']->hasPriv("admin") || + $_SESSION['current']->isMaintainer($_REQUEST['appId'], $_REQUEST['versionId']))) { echo "
    [Delete Image]"; diff --git a/tables/user_list.sql b/tables/user_list.sql index a820e15..283157e 100644 --- a/tables/user_list.sql +++ b/tables/user_list.sql @@ -9,8 +9,6 @@ create table user_list ( realname text not null, email text not null, created datetime not null, - status int(4), - perm int(4), CVSrelease text, unique key(userid), unique(email) diff --git a/vendorview.php b/vendorview.php index dae9148..123591d 100644 --- a/vendorview.php +++ b/vendorview.php @@ -27,7 +27,7 @@ if(!$result || mysql_num_rows($result) != 1) { } //show admin sidebar if user is admin -if(havepriv("admin")) { +if($_SESSION['current']->hasPriv("admin")) { apidb_sidebar_add("admin_menu"); }