claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- OO version of user class

Browse Source 
- no more duplicated functions
- improved performances (much less duplicated mysql queries)
- less code and better error handling
This commit is contained in:
Jonathan Ernst
2005-01-30 23:12:48 +00:00
committed by WineHQ
parent ec3f0bfe54
commit 2083bf521b
39 changed files with 399 additions and 466 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
TODO
View File

@@ -26,5 +26,3 @@ an email should be sent to everyone in that thread.
################## ##################
# add distro table and administration screens for it. (Chris) # add distro table and administration screens for it. (Chris)
# improve user class and functions (object oriented, etc) (Jonathan).

17
account.php
View File

@@ -101,23 +101,16 @@ function cmd_do_new()
$user = new User(); $user = new User();
if($user->exists($_POST['ext_email']))
{
$_POST['ext_email'] = "";
retry("new", "An account with this e-mail is already in use");
return;
}
$result = $user->create($_POST['ext_email'], $_POST['ext_password'], $_POST['ext_realname'], $_POST['CVSrelease'] ); $result = $user->create($_POST['ext_email'], $_POST['ext_password'], $_POST['ext_realname'], $_POST['CVSrelease'] );
if($result == null) if($result == true)
{ {
$user->login($_POST['ext_email'], $_POST['ext_password']); $user->login($_POST['ext_email'], $_POST['ext_password']);
addmsg("Account created! (".$_POST['ext_email'].")", "green"); addmsg("Account created! (".$_POST['ext_email'].")", "green");
redirect(apidb_fullurl()); redirect(apidb_fullurl());
} }
else else
retry("new", "Failed to create account: $result"); retry("new", "Failed to create account");
} }
@@ -173,14 +166,14 @@ function cmd_do_login()
$user = new User(); $user = new User();
$result = $user->login($_POST['ext_email'], $_POST['ext_password']); $result = $user->login($_POST['ext_email'], $_POST['ext_password']);
if($result == null) if($result == true)
{ {
$_SESSION['current'] = $user; $_SESSION['current'] = $user;
addmsg("You are successfully logged in as '$user->realname'.", "green"); addmsg("You are successfully logged in as '$user->sRealname'.", "green");
redirect(apidb_fullurl("index.php")); redirect(apidb_fullurl("index.php"));
} else } else
{ {
retry("login","Login failed ($result)"); retry("login","Login failed");
$_SESSION['current'] = ""; $_SESSION['current'] = "";
} }
} }

11
addcomment.php
View File

@@ -12,7 +12,7 @@ require(BASE."include/application.php");
require(BASE."include/mail.php"); require(BASE."include/mail.php");
// you must be logged in to submit comments // you must be logged in to submit comments
if(!loggedin()) if(!$_SESSION['current']->isLoggedIn())
{ {
apidb_header("Please login"); apidb_header("Please login");
echo "To submit a comment for an application you must be logged in. Please <a href=\"account.php?cmd=login\">login now</a> or create a <a href=\"account.php?cmd=new\">new account</a>.","\n"; echo "To submit a comment for an application you must be logged in. Please <a href=\"account.php?cmd=login\">login now</a> or create a <a href=\"account.php?cmd=new\">new account</a>.","\n";
@@ -59,13 +59,14 @@ if(isset($_REQUEST['body']))
{ {
if (is_numeric($_REQUEST['originator'])) if (is_numeric($_REQUEST['originator']))
{ {
if (UserWantsEmail($_REQUEST['originator'])) $oOriginator = new User($_REQUEST['originator']);
if ($oOriginator->getPref("send_email"))
{ {
$sEmail = lookupEmail($_REQUEST['originator']); $sEmail = $oOriginator->sEmail;
$sFullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']); $sFullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);
$sMsg = APPDB_ROOT."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId'].".\n"; $sMsg = APPDB_ROOT."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId'].".\n";
$sMsg .= "\r\n"; $sMsg .= "\r\n";
$sMsg .= ($_SESSION['current']->realname ? $_SESSION['current']->realname : "Anonymous")." added comment to ".$sFullAppName."\r\n"; $sMsg .= $_SESSION['current']->realname." added comment to ".$sFullAppName."\r\n";
$sMsg .= "\r\n"; $sMsg .= "\r\n";
$sMsg .= "Subject: ".$subject."\r\n"; $sMsg .= "Subject: ".$subject."\r\n";
$sMsg .= "\r\n"; $sMsg .= "\r\n";
@@ -76,7 +77,7 @@ if(isset($_REQUEST['body']))
addmsg("Comment message sent to original poster", "green"); addmsg("Comment message sent to original poster", "green");
} }
} }
$sEmail = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']); $sEmail = get_notify_email_address_list($_REQUEST['appId'], $_REQUEST['versionId']);
if($sEmail) if($sEmail)
{ {
$sFullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']); $sFullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);

4
admin/addAppNote.php
View File

@@ -9,7 +9,7 @@ require(BASE."include/application.php");
require(BASE."include/mail.php"); require(BASE."include/mail.php");
//check for admin privs //check for admin privs
if(!loggedin() || (!havepriv("admin") && !$_SESSION['current']->is_maintainer($_REQUEST['appId'],$_REQUEST['versionId'])) ) if(!$_SESSION['current']->isLoggedIn() || (!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintainer($_REQUEST['appId'],$_REQUEST['versionId'])) )
{ {
errorpage("Insufficient Privileges!"); errorpage("Insufficient Privileges!");
exit; exit;
@@ -40,7 +40,7 @@ if($_REQUEST['sub'] == "Submit")
if (query_appdb("INSERT INTO `appNotes` ({$aInsert['FIELDS']}) VALUES ({$aInsert['VALUES']})")) if (query_appdb("INSERT INTO `appNotes` ({$aInsert['FIELDS']}) VALUES ({$aInsert['VALUES']})"))
{ {
// successful // successful
$sEmail = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']); $sEmail = get_notify_email_address_list($_REQUEST['appId'], $_REQUEST['versionId']);
if($sEmail) if($sEmail)
{ {
$sFullAppName = "Application: ".lookupAppName($_REQUEST['appId']); $sFullAppName = "Application: ".lookupAppName($_REQUEST['appId']);

2
admin/addCategory.php
View File

@@ -4,7 +4,7 @@ include("path.php");
include(BASE."include/"."incl.php"); include(BASE."include/"."incl.php");
include(BASE."include/"."tableve.php"); include(BASE."include/"."tableve.php");
if(!havepriv("admin")) if(!$_SESSION['current']->hasPriv("admin"))
{ {
errorpage(); errorpage();
exit; exit;

2
admin/addVendor.php
View File

@@ -4,7 +4,7 @@ include("path.php");
include(BASE."include/"."incl.php"); include(BASE."include/"."incl.php");
include(BASE."include/"."tableve.php"); include(BASE."include/"."tableve.php");
if(!havepriv("admin")) if(!$_SESSION['current']->hasPriv("admin"))
{ {
errorpage(); errorpage();
exit; exit;

27
admin/adminAppDataQueue.php
View File

@@ -13,7 +13,7 @@ require(BASE."include/mail.php");
apidb_header("Admin Application Data Queue"); apidb_header("Admin Application Data Queue");
// deny access if not admin // deny access if not admin
if(!havepriv("admin")) if(!$_SESSION['current']->hasPriv("admin"))
{ {
errorpage("Insufficient privileges."); errorpage("Insufficient privileges.");
exit; exit;
@@ -59,16 +59,19 @@ if (!$_REQUEST['queueId'])
$c = 1; $c = 1;
while($ob = mysql_fetch_object($hResult)) while($ob = mysql_fetch_object($hResult))
{ {
if($_SESSION['current']->is_maintainer($ob->queueappId, if($_SESSION['current']->isMaintainer($ob->queueappId,
$ob->queueversionId) $ob->queueversionId)
|| havepriv("admin")) || $_SESSION['current']->hasPriv("admin"))
{ {
if ($c % 2 == 1) { $bgcolor = 'color0'; } else { $bgcolor = 'color1'; } if ($c % 2 == 1) { $bgcolor = 'color0'; } else { $bgcolor = 'color1'; }
echo "<tr class=$bgcolor>\n"; echo "<tr class=$bgcolor>\n";
echo " <td>".date("Y-n-t h:i:sa", $ob->submitTime)." &nbsp;</td>\n"; echo " <td>".date("Y-n-t h:i:sa", $ob->submitTime)." &nbsp;</td>\n";
echo " <td><a href='adminAppDataQueue.php?queueId=$ob->queueId'>".$ob->queueId."</a></td>\n"; echo " <td><a href='adminAppDataQueue.php?queueId=$ob->queueId'>".$ob->queueId."</a></td>\n";
if($ob->userId) if($ob->userId)
echo " <td>".lookupRealname($ob->userId)." (".lookupEmail($ob->userId).")</td>\n"; {
$oUser = new User($ob->userId);
echo " <td>".$oUser->sRealname." (".$oUser->sEmail.")</td>\n";
}
else else
echo " <td>Anonymous</td>\n"; echo " <td>Anonymous</td>\n";
echo "<td>".appIdToName($ob->appId)."</td>\n"; echo "<td>".appIdToName($ob->appId)."</td>\n";
@@ -84,8 +87,8 @@ if (!$_REQUEST['queueId'])
} else // shows a particular appdata } else // shows a particular appdata
{ {
if(!(havepriv("admin") || if(!($_SESSION['current']->hasPriv("admin") ||
$_SESSION['current']->is_maintainer($obj_row->queueAppId, $_SESSION['current']->isMaintainer($obj_row->queueAppId,
$obj_row->queueVersionId))) $obj_row->queueVersionId)))
{ {
errorpage("You don't have sufficient privileges to use this page."); errorpage("You don't have sufficient privileges to use this page.");
@@ -133,7 +136,7 @@ if (!$_REQUEST['queueId'])
$randName = generate_passwd(5); $randName = generate_passwd(5);
// set image link based on user pref // set image link based on user pref
$img = '<a href="javascript:openWin(\'../appimage.php?queued=true&id='.$obj_row->queueId.'\',\''.$randName.'\','.$oScreenshot->oScreenshotImage->width.','.($oScreenshot->oScreenshotImage->height+4).');">'.$imgSRC.'</a>'; $img = '<a href="javascript:openWin(\'../appimage.php?queued=true&id='.$obj_row->queueId.'\',\''.$randName.'\','.$oScreenshot->oScreenshotImage->width.','.($oScreenshot->oScreenshotImage->height+4).');">'.$imgSRC.'</a>';
if (loggedin()) if ($_SESSION['current']->isLoggedIn())
{ {
if ($_SESSION['current']->getpref("window:screenshot") == "no") if ($_SESSION['current']->getpref("window:screenshot") == "no")
{ {
@@ -200,14 +203,15 @@ if (!$_REQUEST['queueId'])
query_appdb("DELETE from appDataQueue where queueId = ".$obj_row->queueId.";"); query_appdb("DELETE from appDataQueue where queueId = ".$obj_row->queueId.";");
//Send Status Email //Send Status Email
if (lookupEmail($obj_row->userId)) $oUser = new User($obj_row->userId);
if ($oUser->sEmail)
{ {
$sSubject = "Application Data Request Report"; $sSubject = "Application Data Request Report";
$sMsg = "Your submission of an application data for ".appIdToName($obj_row->appId).versionIdToName($obj_row->versionId)." has been accepted. "; $sMsg = "Your submission of an application data for ".appIdToName($obj_row->appId).versionIdToName($obj_row->versionId)." has been accepted. ";
$sMsg .= $_REQUEST['replyText']; $sMsg .= $_REQUEST['replyText'];
$sMsg .= "We appreciate your help in making the Application Database better for all users.\r\n"; $sMsg .= "We appreciate your help in making the Application Database better for all users.\r\n";
mail_appdb(lookupEmail($obj_row->userId), $sSubject ,$sMsg); mail_appdb($oUser->sEmail, $sSubject ,$sMsg);
} }
//done //done
@@ -216,13 +220,14 @@ if (!$_REQUEST['queueId'])
} }
} elseif ($_REQUEST['reject']) } elseif ($_REQUEST['reject'])
{ {
if (lookupEmail($obj_row->userId)) $oUser = new User($obj_row->userId);
if ($oUser->sEmail)
{ {
$sSubject = "Application Data Request Report"; $sSubject = "Application Data Request Report";
$sMsg = "Your submission of an application data for ".appIdToName($obj_row->appId).versionIdToName($obj_row->versionId)." was rejected. "; $sMsg = "Your submission of an application data for ".appIdToName($obj_row->appId).versionIdToName($obj_row->versionId)." was rejected. ";
$sMsg .= $_REQUEST['replyText']; $sMsg .= $_REQUEST['replyText'];
mail_appdb(lookupEmail($obj_row->userId), $sSubject ,$sMsg); mail_appdb($oUser->sEmail, $sSubject ,$sMsg);
} }
//delete main item //delete main item

4
admin/adminAppQueue.php
View File

@@ -10,7 +10,7 @@ require(BASE."include/application.php");
require(BASE."include/mail.php"); require(BASE."include/mail.php");
//deny access if not logged in //deny access if not logged in
if(!havepriv("admin")) if(!$_SESSION['current']->hasPriv("admin"))
{ {
errorpage("Insufficient privileges."); errorpage("Insufficient privileges.");
exit; exit;
@@ -318,7 +318,7 @@ if ($_REQUEST['sub'])
} }
if ($goodtogo) if ($goodtogo)
{ {
$sEmail = getNotifyEmailAddressList($_REQUEST['appParent'], $_REQUEST['appVersion']); $sEmail = get_notify_email_address_list($_REQUEST['appParent'], $_REQUEST['appVersion']);
if($sEmail) if($sEmail)
{ {
$sFullAppName = "Application: ".lookupAppName($_REQUEST['appParent']). $sFullAppName = "Application: ".lookupAppName($_REQUEST['appParent']).

32
admin/adminMaintainerQueue.php
View File

@@ -10,7 +10,7 @@ require(BASE."include/category.php");
require(BASE."include/maintainer.php"); require(BASE."include/maintainer.php");
require(BASE."include/mail.php"); require(BASE."include/mail.php");
if(!havepriv("admin")) if(!$_SESSION['current']->hasPriv("admin"))
{ {
errorpage("Insufficient privileges."); errorpage("Insufficient privileges.");
exit; exit;
@@ -27,6 +27,7 @@ if ($_REQUEST['sub'])
"FROM appMaintainerQueue WHERE queueId = ".$_REQUEST['queueId'].";"; "FROM appMaintainerQueue WHERE queueId = ".$_REQUEST['queueId'].";";
$result = query_appdb($query); $result = query_appdb($query);
$ob = mysql_fetch_object($result); $ob = mysql_fetch_object($result);
$oUser = new User($ob->userId);
mysql_free_result($result); mysql_free_result($result);
} }
else else
@@ -66,13 +67,14 @@ if ($_REQUEST['sub'])
$foundMaintainers = true; $foundMaintainers = true;
while(list($index, list($userIdValue)) = each($other_users)) while(list($index, list($userIdValue)) = each($other_users))
{ {
$oUser = new User($userIdValue);
if($firstDisplay) if($firstDisplay)
{ {
echo "<td>".lookupRealname($userIdValue)."</td></tr>\n"; echo "<td>".$oUser->sRealname."</td></tr>\n";
$firstDisplay = false; $firstDisplay = false;
} else } else
{ {
echo "<tr><td class=color0></td><td>".lookupRealname($userIdValue)."</td></tr>\n"; echo "<tr><td class=\"color0\"></td><td>".$oUser->sRealname."</td></tr>\n";
} }
} }
} }
@@ -83,13 +85,14 @@ if ($_REQUEST['sub'])
$foundMaintainers = true; $foundMaintainers = true;
while(list($index, list($userIdValue)) = each($other_users)) while(list($index, list($userIdValue)) = each($other_users))
{ {
$oUser = new User($userIdValue);
if($firstDisplay) if($firstDisplay)
{ {
echo "<td>".lookupRealname($userIdValue)."*</td></tr>\n"; echo "<td>".$oUser->sRealname."*</td></tr>\n";
$firstDisplay = false; $firstDisplay = false;
} else } else
{ {
echo "<tr><td class=color0></td><td>".lookupRealname($userIdValue)."*</td></tr>\n"; echo "<tr><td class=\"color0\"></td><td>".$oUser->sRealname."*</td></tr>\n";
} }
} }
} }
@@ -100,7 +103,7 @@ if ($_REQUEST['sub'])
} }
// Show which other apps the user maintains // Show which other apps the user maintains
echo '<tr valign=top><td class=color0><b>This user also maintains these apps:</b></td>',"\n"; echo '<tr valign="top"><td class="color0"><b>This user also maintains these apps:</b></td>',"\n";
$firstDisplay = true; $firstDisplay = true;
$other_apps = getAppsFromUserId($ob->userId); $other_apps = getAppsFromUserId($ob->userId);
@@ -144,9 +147,6 @@ if ($_REQUEST['sub'])
echo '<tr valign=top><td class=color0><b>Email reply</b></td>',"\n"; echo '<tr valign=top><td class=color0><b>Email reply</b></td>',"\n";
echo "<td><textarea name='replyText' rows=10 cols=35>Enter a personalized reason for acceptance or rejection of the users maintainer request here</textarea></td></tr>\n"; echo "<td><textarea name='replyText' rows=10 cols=35>Enter a personalized reason for acceptance or rejection of the users maintainer request here</textarea></td></tr>\n";
//echo '<tr valign=top><td bgcolor=class=color0><b>Email</b></td>,"\n";
//echo '<td><input type=text name="queueEmail" value="'.$ob->queueEmail.'" size=20></td></tr>',"\n";
/* Add button */ /* Add button */
echo '<tr valign=top><td class=color3 align=center colspan=2>' ,"\n"; echo '<tr valign=top><td class=color3 align=center colspan=2>' ,"\n";
echo '<input type=submit name=add value=" Add maintainer to this application " class=button /> </td></tr>',"\n"; echo '<input type=submit name=add value=" Add maintainer to this application " class=button /> </td></tr>',"\n";
@@ -184,7 +184,7 @@ if ($_REQUEST['sub'])
query_appdb("DELETE from appMaintainerQueue where queueId = ".$_REQUEST['queueId'].";"); query_appdb("DELETE from appMaintainerQueue where queueId = ".$_REQUEST['queueId'].";");
//Send Status Email //Send Status Email
$sEmail = lookupEmail($ob->userId); $sEmail = $oUser->sEmail;
if ($sEmail) if ($sEmail)
{ {
$sSubject = "Application Maintainer Request Report"; $sSubject = "Application Maintainer Request Report";
@@ -201,7 +201,7 @@ if ($_REQUEST['sub'])
} }
else if (($_REQUEST['reject'] || ($_REQUEST['sub'] == 'reject')) && $_REQUEST['queueId']) else if (($_REQUEST['reject'] || ($_REQUEST['sub'] == 'reject')) && $_REQUEST['queueId'])
{ {
$sEmail = lookupEmail($ob->userId); $sEmail = $oUser->sEmail;
if ($sEmail) if ($sEmail)
{ {
$sSubject = "Application Maintainer Request Report"; $sSubject = "Application Maintainer Request Report";
@@ -278,11 +278,12 @@ if ($_REQUEST['sub'])
$c = 1; $c = 1;
while($ob = mysql_fetch_object($result)) while($ob = mysql_fetch_object($result))
{ {
$oUser = new User($ob->userId);
if ($c % 2 == 1) { $bgcolor = 'color0'; } else { $bgcolor = 'color1'; } if ($c % 2 == 1) { $bgcolor = 'color0'; } else { $bgcolor = 'color1'; }
echo "<tr class=$bgcolor>\n"; echo "<tr class=$bgcolor>\n";
echo " <td>".date("Y-n-t h:i:sa", $ob->submitTime)." &nbsp;</td>\n"; echo " <td>".date("Y-n-t h:i:sa", $ob->submitTime)." &nbsp;</td>\n";
echo " <td><a href='adminMaintainerQueue.php?sub=view&queueId=$ob->queueId'>$ob->queueId</a></td>\n"; echo " <td><a href='adminMaintainerQueue.php?sub=view&queueId=$ob->queueId'>$ob->queueId</a></td>\n";
echo " <td>".lookupRealname($ob->userId)."</td>\n"; echo " <td>".$oUser->sRealName."</td>\n";
echo " <td>".appIdToName($ob->appId)."</td>\n"; echo " <td>".appIdToName($ob->appId)."</td>\n";
if($ob->superMaintainer) if($ob->superMaintainer)
@@ -291,11 +292,11 @@ if ($_REQUEST['sub'])
echo "<td>Yes</td>\n"; echo "<td>Yes</td>\n";
} else } else
{ {
echo "<td>".versionIdToName($ob->versionId)." &nbsp;</td>\n"; echo "<td>".versionIdToName($ob->versionId)." &nbsp;</td>\n";
echo "<td>No</td>\n"; echo "<td>No</td>\n";
} }
echo " <td>".lookupEmail($ob->userId)." &nbsp;</td>\n"; echo " <td>".$oUser->sEmail." &nbsp;</td>\n";
echo " <td>[<a href='adminMaintainerQueue.php?sub=reject&queueId=$ob->queueId'>reject</a>]</td>\n"; echo " <td>[<a href='adminMaintainerQueue.php?sub=reject&queueId=$ob->queueId'>reject</a>]</td>\n";
echo "</tr>\n\n"; echo "</tr>\n\n";
$c++; $c++;
@@ -308,7 +309,4 @@ if ($_REQUEST['sub'])
} }
} }
?> ?>

8
admin/adminMaintainers.php
View File

@@ -10,7 +10,7 @@ include("path.php");
require(BASE."include/incl.php"); require(BASE."include/incl.php");
// deny access if not logged in // deny access if not logged in
if(!havepriv("admin")) if(!$_SESSION['current']->hasPriv("admin"))
{ {
errorpage("Insufficient privileges."); errorpage("Insufficient privileges.");
exit; exit;
@@ -68,10 +68,11 @@ if ($_REQUEST['sub'])
$c = 1; $c = 1;
while($ob = mysql_fetch_object($hResult)) while($ob = mysql_fetch_object($hResult))
{ {
$oUser = new User($ob->userId);
if ($c % 2 == 1) { $bgcolor = 'color0'; } else { $bgcolor = 'color1'; } if ($c % 2 == 1) { $bgcolor = 'color0'; } else { $bgcolor = 'color1'; }
echo "<tr class=$bgcolor>\n"; echo "<tr class=$bgcolor>\n";
echo " <td>".date("Y-n-t h:i:sa", $ob->submitTime)." &nbsp;</td>\n"; echo " <td>".date("Y-n-t h:i:sa", $ob->submitTime)." &nbsp;</td>\n";
echo " <td>".lookupRealname($ob->userId)."</td>\n"; echo " <td>".$oUser->sRealname."</td>\n";
if($ob->superMaintainer) if($ob->superMaintainer)
{ {
@@ -84,8 +85,7 @@ if ($_REQUEST['sub'])
echo " <td><a href='".BASE."appview.php?appId=$ob->appId&versionId=$ob->versionId'>".versionIdToName($ob->versionId)."</a>&nbsp;</td>\n"; echo " <td><a href='".BASE."appview.php?appId=$ob->appId&versionId=$ob->versionId'>".versionIdToName($ob->versionId)."</a>&nbsp;</td>\n";
echo " <td>No</td>\n"; echo " <td>No</td>\n";
} }
echo " <td>".$oUser->sEmail." &nbsp;</td>\n";
echo " <td>".lookupEmail($ob->userId)." &nbsp;</td>\n";
echo " <td>[<a href='adminMaintainers.php?sub=delete&maintainerId=$ob->maintainerId'>delete</a>]</td>\n"; echo " <td>[<a href='adminMaintainers.php?sub=delete&maintainerId=$ob->maintainerId'>delete</a>]</td>\n";
echo "</tr>\n\n"; echo "</tr>\n\n";
$c++; $c++;

2
admin/adminScreenshots.php
View File

@@ -11,7 +11,7 @@ require(BASE."include/"."screenshot.php");
apidb_header("Screenshots"); apidb_header("Screenshots");
// deny access if not admin // deny access if not admin
if(!havepriv("admin")) if(!$_SESSION['current']->hasPriv("admin"))
{ {
errorpage("Insufficient privileges."); errorpage("Insufficient privileges.");
exit; exit;

22
admin/adminUsers.php
View File

@@ -8,7 +8,7 @@ include(BASE."include/"."incl.php");
apidb_header("Admin Users Management"); apidb_header("Admin Users Management");
if(!havepriv("admin")) if(!$_SESSION['current']->hasPriv("admin"))
{ {
errorpage("Insufficient privileges."); errorpage("Insufficient privileges.");
exit; exit;
@@ -17,10 +17,11 @@ if(!havepriv("admin"))
// we want to delete a user // we want to delete a user
if($_REQUEST['action'] == "delete" && is_numeric($_REQUEST['userId'])) if($_REQUEST['action'] == "delete" && is_numeric($_REQUEST['userId']))
{ {
$sEmail = lookupEmail($_REQUEST['userId']); $oUser = new User($_REQUEST['userId']);
$sEmail = $oUser->sEmail;
if($sEmail) if($sEmail)
{ {
$_SESSION['current']->remove($sEmail); $oUser->delete();
} }
} }
@@ -85,15 +86,16 @@ if($_REQUEST['sSubmit'])
$i=0; $i=0;
while($hResult && $oRow = mysql_fetch_object($hResult)) while($hResult && $oRow = mysql_fetch_object($hResult))
{ {
$sAreYouSure = "Are you sure that you want to delete user ".addslashes($oRow->realname)." ?"; $oUser = new User($oRow->userid);
$sAreYouSure = "Are you sure that you want to delete user ".addslashes($oUser->sRealname)." ?";
echo "<tr class=\"color".(($i++)%2)."\">\n"; echo "<tr class=\"color".(($i++)%2)."\">\n";
echo " <td>".$oRow->realname."</td>\n"; echo " <td>".$oUser->sRealname."</td>\n";
echo " <td>".$oRow->email."</td>\n"; echo " <td>".$oUser->sEmail."</td>\n";
echo " <td>".$oRow->created."</td>\n"; echo " <td>".$oUser->sDateCreated."</td>\n";
echo " <td>".$oRow->stamp."</td>\n"; echo " <td>".$oUser->sStamp."</td>\n";
echo " <td>"; echo " <td>";
if(isAdministrator($oRow->userid)) echo "A"; if($oUser->hasPriv("admin")) echo "A";
if(isMaintainer($oRow->userid)) echo "M"; if($oUser->isMaintainer()) echo "M";
echo " </td>\n"; echo " </td>\n";
echo " <td>[<a onclick=\"if(!confirm('".$sAreYouSure."'))return false;\" \"href=\"".$_SERVER['PHP_SELF']."?action=delete&userId=".$oRow->userid."&sSearch=".$sSearch."&iLimit=".$_REQUEST['iLimit']."&sOrderBy=".$_REQUEST['sOrderBy']."&sSubmit=true\">delete</a>]&nbsp;[<a href=\"../preferences.php?userId=".$oRow->userid."&sSearch=".$sSearch."&iLimit=".$_REQUEST['iLimit']."&sOrderBy=".$_REQUEST['sOrderBy']."\">edit</a>]</td>\n"; echo " <td>[<a onclick=\"if(!confirm('".$sAreYouSure."'))return false;\" \"href=\"".$_SERVER['PHP_SELF']."?action=delete&userId=".$oRow->userid."&sSearch=".$sSearch."&iLimit=".$_REQUEST['iLimit']."&sOrderBy=".$_REQUEST['sOrderBy']."&sSubmit=true\">delete</a>]&nbsp;[<a href=\"../preferences.php?userId=".$oRow->userid."&sSearch=".$sSearch."&iLimit=".$_REQUEST['iLimit']."&sOrderBy=".$_REQUEST['sOrderBy']."\">edit</a>]</td>\n";
echo "</tr>\n\n"; echo "</tr>\n\n";

2
admin/adminVendors.php
View File

@@ -9,7 +9,7 @@
include("path.php"); include("path.php");
require(BASE."include/incl.php"); require(BASE."include/incl.php");
if(!havepriv("admin")) if(!$_SESSION['current']->hasPriv("admin"))
{ {
errorpage("Insufficient privileges."); errorpage("Insufficient privileges.");
exit; exit;

2
admin/deleteAny.php
View File

@@ -11,7 +11,7 @@ include(BASE."include/incl.php");
include(BASE."include/category.php"); include(BASE."include/category.php");
include(BASE."include/application.php"); include(BASE."include/application.php");
if(!havepriv("admin")) if(!$_SESSION['current']->hasPriv("admin"))
{ {
errorpage(); errorpage();
exit; exit;

4
admin/editAppFamily.php
View File

@@ -16,7 +16,7 @@ if(!is_numeric($_REQUEST['appId']))
exit; exit;
} }
if(!(havepriv("admin") || $_SESSION['current']->is_super_maintainer($_REQUEST['appId']))) if(!($_SESSION['current']->hasPriv("admin") || $_SESSION['current']->isSuperMaintainer($_REQUEST['appId'])))
{ {
errorpage("Insufficient Privileges!"); errorpage("Insufficient Privileges!");
exit; exit;
@@ -180,7 +180,7 @@ if(isset($_REQUEST['submit']))
} }
if ($bAppChanged) if ($bAppChanged)
{ {
$sEmail = getNotifyEmailAddressList($_REQUEST['appId']); $sEmail = get_notify_email_address_list($_REQUEST['appId']);
if($sEmail) if($sEmail)
{ {
$sFullAppName = "Application: ".lookupAppName($_REQUEST['appId']); $sFullAppName = "Application: ".lookupAppName($_REQUEST['appId']);

4
admin/editAppNote.php
View File

@@ -20,7 +20,7 @@ $hResult = query_appdb($sQuery);
$ob = mysql_fetch_object($hResult); $ob = mysql_fetch_object($hResult);
/* Check for privs */ /* Check for privs */
if(!loggedin() || (!havepriv("admin") && !$_SESSION['current']->is_maintainer($ob->appId,$ob->versionId)) ) if(!$_SESSION['current']->isLoggedIn() || (!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintainer($ob->appId,$ob->versionId)) )
{ {
errorpage("Insufficient Privileges!"); errorpage("Insufficient Privileges!");
exit; exit;
@@ -37,7 +37,7 @@ if(isset($_REQUEST['sub']))
$sMsg = APPDB_ROOT."appview.php?appId={$ob->appId}&versionId={$ob->versionId}\r\n"; $sMsg = APPDB_ROOT."appview.php?appId={$ob->appId}&versionId={$ob->versionId}\r\n";
$sMsg .= "\r\n"; $sMsg .= "\r\n";
$sEmail = getNotifyEmailAddressList($ob->appId, $ob->versionId); $sEmail = get_notify_email_address_list($ob->appId, $ob->versionId);
if ($_REQUEST['sub'] == 'Delete') if ($_REQUEST['sub'] == 'Delete')
{ {

4
admin/editAppVersion.php
View File

@@ -11,8 +11,8 @@ if(!is_numeric($_REQUEST['appId']) OR !is_numeric($_REQUEST['versionId']))
exit; exit;
} }
//check for admin privs /* Check for admin privs */
if(!(havepriv("admin") || $_SESSION['current']->is_maintainer($_REQUEST['appId'],$_REQUEST['versionId']))) if(!($_SESSION['current']->hasPriv("admin") || $_SESSION['current']->isMaintainer($_REQUEST['appId'],$_REQUEST['versionId'])))
{ {
errorpage("Insufficient Privileges!"); errorpage("Insufficient Privileges!");
exit; exit;

2
admin/editBundle.php
View File

@@ -3,7 +3,7 @@
include("path.php"); include("path.php");
include(BASE."include/"."incl.php"); include(BASE."include/"."incl.php");
if(!havepriv("admin")) if(!$_SESSION['current']->hasPriv("admin"))
{ {
errorpage(); errorpage();
exit; exit;

2
admin/editCategory.php
View File

@@ -4,7 +4,7 @@ include("path.php");
include(BASE."include/"."incl.php"); include(BASE."include/"."incl.php");
include(BASE."include/"."tableve.php"); include(BASE."include/"."tableve.php");
if(!havepriv("admin")) if(!$_SESSION['current']->hasPriv("admin"))
{ {
errorpage(); errorpage();
exit; exit;

2
admin/editVendor.php
View File

@@ -4,7 +4,7 @@ include("path.php");
include(BASE."include/"."incl.php"); include(BASE."include/"."incl.php");
include(BASE."include/"."tableve.php"); include(BASE."include/"."tableve.php");
if(!havepriv("admin")) if(!$_SESSION['current']->hasPriv("admin"))
{ {
errorpage(); errorpage();
exit; exit;

2
appbrowse.php
View File

@@ -37,7 +37,7 @@ $catFullPath = make_cat_path($cat->getCategoryPath());
$subs = $cat->getCategoryList(); $subs = $cat->getCategoryList();
//display admin box //display admin box
if(havepriv("admin") && $catId != 0) if($_SESSION['current']->hasPriv("admin") && $catId != 0)
apidb_sidebar_add("admin_menu"); apidb_sidebar_add("admin_menu");
//output header //output header

2
appimage.php
View File

@@ -6,7 +6,7 @@
include("path.php"); include("path.php");
require(BASE."include/"."incl.php"); require(BASE."include/"."incl.php");
require(BASE."include/"."screenshot.php"); require(BASE."include/"."screenshot.php");
if(!havepriv("admin") && $_REQUEST['queued']) if(!$_SESSION['current']->hasPriv("admin") && $_REQUEST['queued'])
{ {
errorpage("Insufficient privileges."); errorpage("Insufficient privileges.");
exit; exit;

6
appsubmit.php
View File

@@ -10,7 +10,7 @@ require(BASE."include/"."tableve.php");
// Send user to the correct branch of code even if they try to bypass // Send user to the correct branch of code even if they try to bypass
// the first page (appsubmit.php without parameters) // the first page (appsubmit.php without parameters)
if(!loggedin()) if(!$_SESSION['current']->isLoggedIn())
{ {
unset($_REQUEST['queueName']); unset($_REQUEST['queueName']);
unset($_REQUEST['apptype']); unset($_REQUEST['apptype']);
@@ -106,7 +106,7 @@ if (isset($_REQUEST['queueName']))
else if (isset($_REQUEST['apptype'])) else if (isset($_REQUEST['apptype']))
{ {
// set email field if logged in // set email field if logged in
if (loggedin()) if ($_SESSION['current']->isLoggedIn())
$email = $_SESSION['current']->lookup_email($_SESSION['current']->userid); $email = $_SESSION['current']->lookup_email($_SESSION['current']->userid);
// header // header
@@ -213,7 +213,7 @@ else if (isset($_REQUEST['apptype']))
########################## ##########################
else else
{ {
if(!loggedin()) if(!$_SESSION['current']->isLoggedIn())
{ {
// you must be logged in to submit app // you must be logged in to submit app
apidb_header("Please login"); apidb_header("Please login");

25
appview.php
View File

@@ -107,7 +107,7 @@ function show_note($sType,$oData){
$s .= add_br(stripslashes($oData->noteDesc)); $s .= add_br(stripslashes($oData->noteDesc));
$s .= "</td></tr>\n"; $s .= "</td></tr>\n";
if (loggedin() && (havepriv("admin") || $_SESSION['current']->is_maintainer($_REQUEST['appId'], $_REQUEST['versionId']))) if ($_SESSION['current']->isLoggedIn() && ($_SESSION['current']->hasPriv("admin") || $_SESSION['current']->isMaintainer($_REQUEST['appId'], $_REQUEST['versionId'])))
{ {
$s .= "<tr width='100%' class=color1 align=center valign=top><td>"; $s .= "<tr width='100%' class=color1 align=center valign=top><td>";
$s .= "<form method=post name=message action='admin/editAppNote.php?noteId={$oData->noteId}'>"; $s .= "<form method=post name=message action='admin/editAppNote.php?noteId={$oData->noteId}'>";
@@ -203,7 +203,7 @@ if($appId && !$versionId)
} }
// show Vote Menu // show Vote Menu
if(loggedin()) if($_SESSION['current']->isLoggedIn())
apidb_sidebar_add("vote_menu"); apidb_sidebar_add("vote_menu");
// header // header
@@ -268,8 +268,9 @@ if($appId && !$versionId)
{ {
while(list($index, list($userIdValue)) = each($other_maintainers)) while(list($index, list($userIdValue)) = each($other_maintainers))
{ {
$oUser = new User($userIdValue);
echo " <tr><td align=left>\n"; echo " <tr><td align=left>\n";
echo " <li>".lookupRealname($userIdValue)."</td></tr>\n"; echo " <li>".$oUser->sRealname."</td></tr>\n";
} }
} else } else
{ {
@@ -278,10 +279,10 @@ if($appId && !$versionId)
// Display the app maintainer button // Display the app maintainer button
echo " <tr><td><center>\n"; echo " <tr><td><center>\n";
if(loggedin()) if($_SESSION['current']->isLoggedIn())
{ {
/* are we already a maintainer? */ /* are we already a maintainer? */
if($_SESSION['current']->is_super_maintainer($appId)) /* yep */ if($_SESSION['current']->isSuperMaintainer($appId)) /* yep */
{ {
echo ' <form method=post name=message action="maintainerdelete.php"><input type=submit value="Remove yourself as a super maintainer" class=button>'; echo ' <form method=post name=message action="maintainerdelete.php"><input type=submit value="Remove yourself as a super maintainer" class=button>';
} else /* nope */ } else /* nope */
@@ -294,14 +295,14 @@ if($appId && !$versionId)
echo " <input type=hidden name='superMaintainer' value=1>"; /* set superMaintainer to 1 because we are at the appFamily level */ echo " <input type=hidden name='superMaintainer' value=1>"; /* set superMaintainer to 1 because we are at the appFamily level */
echo " </form>"; echo " </form>";
if($_SESSION['current']->is_super_maintainer($appId) || havepriv("admin")) if($_SESSION['current']->isSuperMaintainer($appId) || $_SESSION['current']->hasPriv("admin"))
{ {
echo ' <form method="post" name="edit" action="admin/editAppFamily.php"><input type="hidden" name="appId" value="'.$appId.'"><input type="submit" value="Edit App" class="button"></form>'; echo ' <form method="post" name="edit" action="admin/editAppFamily.php"><input type="hidden" name="appId" value="'.$appId.'"><input type="submit" value="Edit App" class="button"></form>';
echo '<form method="post" name="message" action="appsubmit.php?appId='.$_REQUEST['appId'].'&apptype=2">'; echo '<form method="post" name="message" action="appsubmit.php?appId='.$_REQUEST['appId'].'&apptype=2">';
echo '<input type=submit value="Add Version" class="button">'; echo '<input type=submit value="Add Version" class="button">';
echo '</form>'; echo '</form>';
} }
if(havepriv("admin")) if($_SESSION['current']->hasPriv("admin"))
{ {
$url = BASE."admin/deleteAny.php?what=appFamily&appId=".$_REQUEST['appId']."&confirmed=yes"; $url = BASE."admin/deleteAny.php?what=appFamily&appId=".$_REQUEST['appId']."&confirmed=yes";
echo " <form method=\"post\" name=\"edit\" action=\"javascript:deleteURL(\"Are you sure?\", \"".$url."\")\"><input type=\"submit\" value=\"Delete App\" class=\"button\"></form>"; echo " <form method=\"post\" name=\"edit\" action=\"javascript:deleteURL(\"Are you sure?\", \"".$url."\")\"><input type=\"submit\" value=\"Delete App\" class=\"button\"></form>";
@@ -396,7 +397,7 @@ else if($appId && $versionId)
while(list($index, list($userIdValue)) = each($other_maintainers)) while(list($index, list($userIdValue)) = each($other_maintainers))
{ {
echo "<tr class=color0><td align=left colspan=2>"; echo "<tr class=color0><td align=left colspan=2>";
echo "<li>".lookupRealname($userIdValue)."</td></tr>\n"; echo "<li>".$oUser->sRealname."</td></tr>\n";
} }
} else } else
{ {
@@ -407,18 +408,18 @@ else if($appId && $versionId)
// display the app maintainer button // display the app maintainer button
echo "<tr><td colspan = 2><center>"; echo "<tr><td colspan = 2><center>";
if(loggedin()) if($_SESSION['current']->isLoggedIn())
{ {
/* is this user a maintainer of this version by virtue of being a super maintainer */ /* is this user a maintainer of this version by virtue of being a super maintainer */
/* of this app family? */ /* of this app family? */
if($_SESSION['current']->is_super_maintainer($appId)) if($_SESSION['current']->isSuperMaintainer($appId))
{ {
echo '<form method=post name=message action="maintainerdelete.php"><input type=submit value="Remove yourself as a supermaintainer" class=button>'; echo '<form method=post name=message action="maintainerdelete.php"><input type=submit value="Remove yourself as a supermaintainer" class=button>';
echo "<input type=hidden name='superMaintainer' value=1>"; echo "<input type=hidden name='superMaintainer' value=1>";
} else } else
{ {
/* are we already a maintainer? */ /* are we already a maintainer? */
if($_SESSION['current']->is_maintainer($appId, $versionId)) /* yep */ if($_SESSION['current']->isMaintainer($appId, $versionId)) /* yep */
{ {
echo '<form method=post name=message action="maintainerdelete.php"><input type=submit value="Remove yourself as a maintainer" class=button>'; echo '<form method=post name=message action="maintainerdelete.php"><input type=submit value="Remove yourself as a maintainer" class=button>';
echo "<input type=hidden name='superMaintainer' value=0>"; echo "<input type=hidden name='superMaintainer' value=0>";
@@ -440,7 +441,7 @@ else if($appId && $versionId)
echo "</center></td></tr>"; echo "</center></td></tr>";
if (loggedin() && (havepriv("admin") || $_SESSION['current']->is_maintainer($appId, $versionId))) if ($_SESSION['current']->isLoggedIn() && ($_SESSION['current']->hasPriv("admin") || $_SESSION['current']->isMaintainer($appId, $versionId)))
{ {
echo "<tr><td colspan = 2><center>"; echo "<tr><td colspan = 2><center>";
echo '<form method=post name=message action=admin/editAppVersion.php?appId='.$appId.'&versionId='.$versionId.'>'; echo '<form method=post name=message action=admin/editAppVersion.php?appId='.$appId.'&versionId='.$versionId.'>';

22
cron/cleanup.php
View File

@@ -30,16 +30,18 @@ include(BASE."include/mail.php");
$hSixMonth = inactiveSince(6); $hSixMonth = inactiveSince(6);
while($oRow = mysql_fetch_object($hSixMonth)) while($oRow = mysql_fetch_object($hSixMonth))
{ {
if(isMaintainer($oRow->userid)) $oUser = new User($oRow->userid);
warnMaintainer(lookupEmail($oRow->userid)); if($oUser->isMaintainer())
warnMaintainer($oUser->sEmail);
elseif(!hasDataAssociated($oRow->userid)) elseif(!hasDataAssociated($oRow->userid))
warnUser(lookupEmail($oRow->userid)); warnUser($oUser->sEmail);
} }
$hSevenMonth = inactiveSince(7); $hSevenMonth = inactiveSince(7);
while($oRow = mysql_fetch_object($hSevenMonth)) while($oRow = mysql_fetch_object($hSevenMonth))
{ {
if(isMaintainer($oRow->userid)) $oUser = new User($oRow->userid);
if($oUser->isMaintainer())
deleteMaintainer($oRow->userid); deleteMaintainer($oRow->userid);
elseif(!hasDataAssociated($oRow->userid)) elseif(!hasDataAssociated($oRow->userid))
deleteUser($oRow->userid); deleteUser($oRow->userid);
@@ -77,20 +79,22 @@ function hasDataAssociated($iUserId)
function deleteUser($iUserId) function deleteUser($iUserId)
{ {
warnUserDeleted(lookupEmail($iUserId)); $oUser = new User($iUserId);
echo "user ".lookupEmail($iUserId)." deleted.\n"; warnUserDeleted($oUser->sEmail);
echo "user ".$oUser->sEmail." deleted.\n";
$sQuery = "DELETE FROM user_list WHERE userid = $iUserId"; $sQuery = "DELETE FROM user_list WHERE userid = $iUserId";
$hResult = query_appdb($sQuery); $hResult = query_appdb($sQuery);
$sQuery = "DELETE FROM user_prefs WHERE userid = $iUserId"; $sQuery = "DELETE FROM user_prefs WHERE userid = $iUserId";
$hResult = query_appdb($sQuery); $hResult = query_appdb($sQuery);
} }
function deleteMaintainer() function deleteMaintainer($iUserId)
{ {
$oUser = new User($iUserId);
$sQuery = "DELETE FROM appMaintainers WHERE userId = $iUserId"; $sQuery = "DELETE FROM appMaintainers WHERE userId = $iUserId";
$hResult = query_appdb($sQuery); $hResult = query_appdb($sQuery);
warnMaintainerDeleted(lookupEmail($iUserId)); warnMaintainerDeleted($oUser->sEmail);
echo "user ".lookupEmail($iUserId)." is not a maintainer anymore.\n"; echo "user ".$oUser->sEmail." is not a maintainer anymore.\n";
} }
function warnUser($sEmail) function warnUser($sEmail)

13
deletecomment.php
View File

@@ -17,7 +17,7 @@ $_REQUEST['versionId'] = strip_tags($_REQUEST['versionId']);
$_REQUEST['commentId'] = strip_tags($_REQUEST['commentId']); $_REQUEST['commentId'] = strip_tags($_REQUEST['commentId']);
$_REQUEST['commentId'] = mysql_escape_string($_REQUEST['commentId']); $_REQUEST['commentId'] = mysql_escape_string($_REQUEST['commentId']);
if(!loggedin()) if(!$_SESSION['current']->isLoggedIn())
{ {
errorpage("You need to be logged in to delete a comment."); errorpage("You need to be logged in to delete a comment.");
exit; exit;
@@ -25,8 +25,8 @@ if(!loggedin())
/* if we aren't an admin or the maintainer of this app we shouldn't be */ /* if we aren't an admin or the maintainer of this app we shouldn't be */
/* allowed to delete any comments */ /* allowed to delete any comments */
if(!havepriv("admin") && if(!$_SESSION['current']->hasPriv("admin") &&
!$_SESSION['current']->is_maintainer($_REQUEST['appId'], !$_SESSION['current']->isMaintainer($_REQUEST['appId'],
$_REQUEST['versionId'])) $_REQUEST['versionId']))
{ {
errorpage('You don\'t have admin privileges'); errorpage('You don\'t have admin privileges');
@@ -96,9 +96,10 @@ if($_SESSION['current']->getpref("confirm_comment_deletion") != "no" &&
exit; exit;
} else } else
{ {
$sEmail = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']); $sEmail = get_notify_email_address_list($_REQUEST['appId'], $_REQUEST['versionId']);
$notify_user_email=lookupEmail($ob->userId); $oUser = new User($ob->userId);
$notify_user_realname=lookupRealname($ob->userId); $notify_user_email=$oUser->sEmail;
$notify_user_realname=$oUser->sRealname;
$sEmail .= $notify_user_email; $sEmail .= $notify_user_email;
if($sEmail) if($sEmail)
{ {

6
include/comments.php
View File

@@ -55,7 +55,7 @@ function view_app_comment($ob)
echo "</td></tr>\n"; echo "</td></tr>\n";
// delete message button, for admins // delete message button, for admins
if (loggedin() && (havepriv("admin") || $_SESSION['current']->is_maintainer($ob->appId,$ob->versionId) )) if ($_SESSION['current']->isLoggedIn() && ($_SESSION['current']->hasPriv("admin") || $_SESSION['current']->isMaintainer($ob->appId,$ob->versionId) ))
{ {
echo "<tr>"; echo "<tr>";
echo "<td><form method=\"post\" name=\"message\" action=\"".BASE."deletecomment.php\"><input type=submit value='Delete' class=button>\n"; echo "<td><form method=\"post\" name=\"message\" action=\"".BASE."deletecomment.php\"><input type=submit value='Delete' class=button>\n";
@@ -202,7 +202,7 @@ function view_app_comments($appId, $versionId, $threadId = 0)
echo '<tr><td bgcolor=#C0C0C0 align=center><table border=0 cellpadding=0 cellspacing=0><tr bgcolor=#C0C0C0>',"\n"; echo '<tr><td bgcolor=#C0C0C0 align=center><table border=0 cellpadding=0 cellspacing=0><tr bgcolor=#C0C0C0>',"\n";
// message display mode changer // message display mode changer
if (loggedin()) if ($_SESSION['current']->isLoggedIn())
{ {
// FIXME we need to change this so not logged in users can change current view as well // FIXME we need to change this so not logged in users can change current view as well
if (isset($_REQUEST['cmode'])) if (isset($_REQUEST['cmode']))
@@ -241,7 +241,7 @@ function view_app_comments($appId, $versionId, $threadId = 0)
echo '<table width="100%" border=0 cellpadding=2 cellspacing=1"><tr><td>',"\n"; echo '<table width="100%" border=0 cellpadding=2 cellspacing=1"><tr><td>',"\n";
//hide or display depending on pref //hide or display depending on pref
if (loggedin()) if ($_SESSION['current']->isLoggedIn())
$mode = $_SESSION['current']->getpref("comments:mode"); $mode = $_SESSION['current']->getpref("comments:mode");
else else
$mode = "flat"; $mode = "flat";

2
include/form_edit.php
View File

@@ -23,7 +23,7 @@
</tr> </tr>
<?php <?php
// if we manage another user we can give him administrator rights // if we manage another user we can give him administrator rights
if($iUserId == $_REQUEST['userId']) if($oUser->iUserId == $_REQUEST['userId'])
{ {
?> ?>
<tr> <tr>

10
include/incl.php
View File

@@ -47,7 +47,7 @@ function apidb_fullpath($path)
*/ */
function apidb_header($title = 0) function apidb_header($title = 0)
{ {
$realname = isset($_SESSION['current'])?$_SESSION['current']->realname:""; $realname = $_SESSION['current']->sRealname;
// Set Page Title // Set Page Title
$page_title = $title; $page_title = $title;
@@ -99,7 +99,7 @@ function apidb_sidebar()
global $sidebar_func_list; global $sidebar_func_list;
//TURN on GLOBAL ADMIN MENU //TURN on GLOBAL ADMIN MENU
if (havepriv("admin")) if ($_SESSION['current']->hasPriv("admin"))
{ {
include(BASE."include/"."sidebar_admin.php"); include(BASE."include/"."sidebar_admin.php");
apidb_sidebar_add("global_admin_menu"); apidb_sidebar_add("global_admin_menu");
@@ -218,11 +218,13 @@ function dumpmsgbuffer()
} }
/** /**
* Init Session (stores user info and cart info in session) * Init Session (stores user info in session)
*/ */
$session = new session("whq_appdb"); $session = new session("whq_appdb");
$session->register("current"); $session->register("current");
if(!isset($_SESSION['current'])) $_SESSION['current'] = new User();
// if we are debugging we need to see all errors // if we are debugging we need to see all errors
if(debugging()) error_reporting(E_ALL ^ E_NOTICE); if($_SESSION['current']->showDebuggingInfos()) error_reporting(E_ALL ^ E_NOTICE);
?> ?>

2
include/sidebar_login.php
View File

@@ -11,7 +11,7 @@ function global_sidebar_login() {
$g = new htmlmenu("User Menu"); $g = new htmlmenu("User Menu");
if(loggedin()) if($_SESSION['current']->isLoggedIn())
{ {
$g->add("Logout", BASE."account.php?cmd=logout"); $g->add("Logout", BASE."account.php?cmd=logout");

498
include/user.php
View File

@@ -1,323 +1,293 @@
<?php <?php
/******************************************/ /************************************/
/* This class represents a logged in user */ /* user class and related functions */
/******************************************/ /************************************/
/**
* User class for handling users
*/
class User { class User {
var $iUserId;
var $stamp; var $sEmail;
var $userid; var $sRealname;
var $realname; var $sStamp;
var $created; var $sDateCreated;
var $status; var $sWineRelease;
var $perm;
var $CVSrelease;
/** /**
* constructor * Constructor.
* opens a connection to the user database * If $iUserId is provided, logs in user.
*/ */
function User() function User($iUserId="")
{ {
if($iUserId)
{
$sQuery = "SELECT *
FROM user_list
WHERE userId = '".$iUserId."'";
$hResult = query_appdb($sQuery);
$oRow = mysql_fetch_object($hResult);
$this->iUserId = $oRow->userid;
$this->sEmail = $oRow->email;
$this->sRealname = $oRow->realname;
$this->sStamp = $oRow->stamp;
$this->sDateCreated = $oRow->created;
$this->sWineRelease = $oRow->CVSrelease;
}
return $this->isLoggedIn();
} }
/** /**
* check if a user exists * Logs in an user using e-mail and password.
* returns TRUE if the user exists
*/ */
function exists($sEmail)
{
$result = query_appdb("SELECT * FROM user_list WHERE email = '$sEmail'");
if(!$result || mysql_num_rows($result) != 1)
return 0;
return 1;
}
function lookup_userid($sEmail)
{
$result = query_appdb("SELECT userid FROM user_list WHERE email = '$sEmail'");
if(!$result || mysql_num_rows($result) != 1)
return null;
$ob = mysql_fetch_object($result);
return $ob->userid;
}
function lookup_realname($userid)
{
$result = query_appdb("SELECT realname FROM user_list WHERE userid = $userid");
if(!$result || mysql_num_rows($result) != 1)
return null;
$ob = mysql_fetch_object($result);
return $ob->realname;
}
function lookup_email($userid)
{
return lookupEmail($userid);
}
function lookup_CVSrelease($userId)
{
$result = query_appdb("SELECT CVSrelease FROM user_list WHERE userId = '$userId'");
if(!$result || mysql_num_rows($result) != 1)
return null;
$ob = mysql_fetch_object($result);
return $ob->CVSrelease;
}
/**
* restore a user from the database
* returns 0 on success and an error msg on failure
*/
function restore($sEmail, $sPassword)
{
$result = query_appdb("SELECT stamp, userid, realname, ".
"created, status, perm FROM user_list WHERE ".
"email = '$sEmail' AND ".
"password = password('$sPassword')");
if(!$result)
return "A database error occurred";
if(mysql_num_rows($result) == 0)
return "Invalid e-mail or password";
list($this->stamp, $this->userid, $this->realname,
$this->created, $status, $perm) = mysql_fetch_row($result);
return 0;
}
function login($sEmail, $sPassword) function login($sEmail, $sPassword)
{ {
$result = $this->restore($sEmail, $sPassword); $sQuery = "SELECT *
FROM user_list
/* if our result is non-null then we must have had an error */ WHERE email = '".$sEmail."'
if($result != null) AND password = password('".$sPassword."')";
return $result; $hResult = query_appdb($sQuery);
$oRow = mysql_fetch_object($hResult);
/* update the 'stamp' field in the users account to reflect the last time */ $this->iUserId = $oRow->userid;
/* they logged in */ $this->sEmail = $oRow->email;
$myUserId = $this->lookup_userid($sEmail); $this->sRealname = $oRow->realname;
$result = query_appdb("UPDATE user_list SET stamp=null WHERE userid=$myUserId;"); $this->sStamp = $oRow->stamp;
return 0; $this->sDateCreated = $oRow->created;
$this->sWineRelease = $oRow->CVSrelease;
if($this->isLoggedIn())
{
// Update timestamp
query_appdb("UPDATE user_list SET stamp=null WHERE userid=".$this->iUserId);
return true;
}
return false;
} }
/* /*
* create a new user * Creates a new user.
* returns 0 on success and an error msg on failure * returns true on success, false on failure
*/ */
function create($sEmail, $sPassword, $sRealname, $sCVSrelease) function create($sEmail, $sPassword, $sRealname, $sWineRelease)
{ {
if(user_exists($sEmail))
{
addMsg("An account with this e-mail exists already.","red");
return false;
} else
{
$aInsert = compile_insert_string(array( 'realname' => $sRealname, $aInsert = compile_insert_string(array( 'realname' => $sRealname,
'email' => $sEmail, 'email' => $sEmail,
'status' => 0, 'CVSrelease' => $sWineRelease ));
'perm' => 0,
'CVSrelease' => $sCVSrelease ));
$sFields = "({$aInsert['FIELDS']}, `password`, `stamp`, `created`)"; $sFields = "({$aInsert['FIELDS']}, `password`, `stamp`, `created`)";
$sValues = "({$aInsert['VALUES']}, password('".$sPassword."'), NOW(), NOW() )"; $sValues = "({$aInsert['VALUES']}, password('".$sPassword."'), NOW(), NOW() )";
query_appdb("INSERT INTO user_list $sFields VALUES $sValues", "Error while creating a new user."); query_appdb("INSERT INTO user_list $sFields VALUES $sValues", "Error while creating a new user.");
$this->restore($sEmail, $sPassword); return $this->login($sEmail, $sPassword);
}
} }
/** /**
* Update User Account; * Update User Account;
*/ */
function update($userid = 0, $password = null, $realname = null, $email = null, $CVSrelease = null) function update($sEmail = null, $sPassword = null, $sRealname = null, $sWineRelease = null)
{ {
if (!$userid) if(!$this->isLoggedIn()) return false;
return 0;
if ($password) if ($sEmail)
{ {
if (!query_appdb("UPDATE user_list SET password = password('$password') WHERE userid = $userid")) if(user_exists($sEmail) && $sEmail != $this->sEmail)
return 0; {
addMsg("An account with this e-mail exists already.","red");
return false;
}
if (!query_appdb("UPDATE user_list SET email = '".addslashes($sEmail)."' WHERE userid = ".$this->iUserId))
return false;
$this->sEmail = $sEmail;
} }
if ($realname) if ($sPassword)
{ {
if (!query_appdb("UPDATE user_list SET realname = '".addslashes($realname)."' WHERE userid = $userid")) if (!query_appdb("UPDATE user_list SET password = password('$sPassword') WHERE userid = ".$this->iUserId))
return 0; return false;
} }
if ($email) if ($sRealname)
{ {
if (!query_appdb("UPDATE user_list SET email = '".addslashes($email)."' WHERE userid = $userid")) if (!query_appdb("UPDATE user_list SET realname = '".addslashes($sRealname)."' WHERE userid = ".$this->iUserId))
return 0; return false;
$this->sRealname = $sRealname;
} }
if ($CVSrelease) if ($sWineRelease)
{ {
if (!query_appdb("UPDATE user_list SET CVSrelease = '".addslashes($CVSrelease)."' WHERE userid = $userid")) if (!query_appdb("UPDATE user_list SET CVSrelease = '".addslashes($sWineRelease)."' WHERE userid = ".$this->iUserId))
return 0; return false;
$this->sWineRelease = $sWineRelease;
} }
return true;
return 1;
} }
/** /**
* remove the current, or specified user from the database * Removes the current, or specified user and preferences from the database.
* returns 0 on success and an error msg on failure * returns true on success and false on failure.
*/ */
function remove($sEmail = "") function delete()
{ {
if(!$sEmail) if(!$this->isLoggedIn()) return false;
$sEmail = $this->email; $hResult2 = query_appdb("DELETE FROM user_privs WHERE id = '".$this->iUserId."'");
$result = query_appdb("DELETE FROM user_list WHERE email = '".$sEmail."'"); $hResult3 = query_appdb("DELETE FROM user_prefs WHERE id = '".$this->iUserId."'");
if(!$result) return($hResult = query_appdb("DELETE FROM user_list WHERE id = '".$this->iUserId."'"));
return "A database error occurred";
return 0;
} }
function done() /**
* Get a preference for the current user.
*/
function getPref($sKey, $sDef = null)
{ {
if(!$this->isLoggedIn() || !$sKey)
return $sDef;
} $hResult = query_appdb("SELECT * FROM user_prefs WHERE userid = ".$this->iUserId." AND name = '$sKey'");
if(!$hResult || mysql_num_rows($hResult) == 0)
return $sDef;
function getpref($key, $def = null) $ob = mysql_fetch_object($hResult);
{
if(!$this->userid || !$key)
return $def;
$result = query_appdb("SELECT * FROM user_prefs WHERE userid = $this->userid AND name = '$key'");
if(!$result || mysql_num_rows($result) == 0)
return $def;
$ob = mysql_fetch_object($result);
return $ob->value; return $ob->value;
} }
function setpref($key, $value)
{
if(!$this->userid || !$key || !$value)
return null;
$result = query_appdb("DELETE FROM user_prefs WHERE userid = $this->userid AND name = '$key'");
$result = query_appdb("INSERT INTO user_prefs VALUES($this->userid, '$key', '$value')");
return $result ? true : false;
}
/** /**
* check if this user has $priv * Set a preference for the current user.
*/ */
function checkpriv($priv) function setPref($sKey, $sValue)
{ {
if(!$this->userid || !$priv) if(!$this->isLoggedIn() || !$sKey || !$sValue)
return 0;
$result = query_appdb("SELECT * FROM user_privs WHERE userid = $this->userid AND priv = '$priv'");
if(!$result)
return 0;
return mysql_num_rows($result);
}
/**
* check if this user is a maintainer of a given appId/versionId
*/
function is_maintainer($appId, $versionId)
{
if(!$this->userid)
return false; return false;
$hResult = query_appdb("DELETE FROM user_prefs WHERE userid = ".$this->iUserId." AND name = '$sKey'");
$hResult = query_appdb("INSERT INTO user_prefs VALUES(".$this->iUserId.", '$sKey', '$sValue')");
return $hResult;
}
/**
* Check if this user has $priv.
*/
function hasPriv($sPriv)
{
if(!$this->isLoggedIn() || !$sPriv)
return false;
$hResult = query_appdb("SELECT * FROM user_privs WHERE userid = ".$this->iUserId." AND priv = '".$sPriv."'");
if(!$hResult)
return false;
return mysql_num_rows($hResult);
}
/**
* Check if this user is a maintainer of a given appId/versionId.
*/
function isMaintainer($iAppId=null, $iVersionId=null)
{
if(!$this->isLoggedIn()) return false;
/* if this user is a super maintainer of this appid then they */ /* if this user is a super maintainer of this appid then they */
/* are a maintainer of all of the versionId's of it as well */ /* are a maintainer of all of the versionId's of it as well */
if($this->is_super_maintainer($appId)) if($this->isSuperMaintainer($iAppId))
{ {
return true; return true;
} }
$query = "SELECT * FROM appMaintainers WHERE userid = '$this->userid' AND appId = '$appId' AND versionId = '$versionId'"; if($iAppId && $iVersionId)
$result = query_appdb($query); {
if(!$result) $sQuery = "SELECT * FROM appMaintainers WHERE userid = '".$this->iUserId."' AND appId = '".$iAppId."' AND versionId = '$iVersionId'";
return 0; } else
return mysql_num_rows($result); {
$sQuery = "SELECT * FROM appMaintainers WHERE userid = '".$this->iUserId."'";
}
$hResult = query_appdb($sQuery);
if(!$hResult)
return false;
return mysql_num_rows($hResult);
} }
/* /*
* check if this user is a maintainer of a given appId/versionId * Check if this user is a maintainer of a given appId/versionId.
*/ */
function is_super_maintainer($appId) function isSuperMaintainer($iAppId=null)
{ {
if(!$this->userid) if(!$this->isLoggedIn()) return false;
if($iAppId)
{
$sQuery = "SELECT * FROM appMaintainers WHERE userid = '$this->iUserId' AND appId = '$iAppId' AND superMaintainer = '1'";
} else
{
$sQuery = "SELECT * FROM appMaintainers WHERE userid = '$this->iUserId' AND superMaintainer = '1'";
}
$hResult = query_appdb($sQuery);
if(!$hResult)
return false;
return mysql_num_rows($hResult);
}
function addPriv($sPriv)
{
if(!$this->isLoggedIn() || !$sPriv)
return false; return false;
$query = "SELECT * FROM appMaintainers WHERE userid = '$this->userid' AND appId = '$appId' AND superMaintainer = '1'"; if($this->hasPriv($sPriv))
$result = query_appdb($query); return true;
if(!$result)
return 0; $hResult = query_appdb("INSERT INTO user_privs VALUES ($this->iUserId, '$sPriv')");
return mysql_num_rows($result); return $hResult;
} }
function addpriv($priv) function delPriv($sPriv)
{ {
if(!$this->userid || !$priv) if(!$this->isLoggedIn() || !$sPriv)
return 0; return false;
if($this->checkpriv($priv)) $hRresult = query_appdb("DELETE FROM user_privs WHERE userid = $this->iUserId AND priv = '$sPriv'");
return 1; return $hRresult;
$result = query_appdb("INSERT INTO user_privs VALUES ($this->userid, '$priv')");
return $result;
} }
/**
function delpriv($priv) * Checks if the current user is valid.
*/
function isLoggedIn()
{ {
if(!$this->userid || !$priv) return $this->iUserId;
return 0;
$result = query_appdb("DELETE FROM user_privs WHERE userid = $this->userid AND priv = '$priv'");
return $result;
} }
/**
* Checks if user should see debugging infos.
*
*/
function showDebuggingInfos()
{
return (($this->isLoggedIn() && $this->getPref("debug") == "yes") || APPDB_DEBUG == 1);
}
} }
function loggedin() /*
{ * User functions that are not part of the class
if(isset($_SESSION['current']) && $_SESSION['current']->userid) */
return true;
return false;
}
function havepriv($priv)
{
if(!loggedin())
return false;
return $_SESSION['current']->checkpriv($priv);
}
function debugging()
{
return ((loggedin() && $_SESSION['current']->getpref("debug") == "yes") || APPDB_DEBUG == 1);
}
function makeurl($text, $url, $pref = null)
{
if(loggedin())
{
if($_SESSION['current']->getpref($pref) == "yes")
$extra = "window='new'";
}
return "<a href='$url' $extra> $text </a>\n";
}
/** /**
* create a new random password * Creates a new random password.
*/ */
function generate_passwd($pass_len = 10) function generate_passwd($pass_len = 10)
{ {
@@ -332,55 +302,10 @@ function generate_passwd($pass_len = 10)
} }
function lookupEmail($userid)
{
$result = query_appdb("SELECT email FROM user_list WHERE userid = $userid");
if(!$result || mysql_num_rows($result) != 1)
return null;
$ob = mysql_fetch_object($result);
return $ob->email;
}
function lookupRealname($userid)
{
$result = query_appdb("SELECT realname FROM user_list WHERE userid = $userid");
if(!$result || mysql_num_rows($result) != 1)
return null;
$ob = mysql_fetch_object($result);
return $ob->realname;
}
function UserWantsEmail($userid)
{
$result = query_appdb("SELECT * FROM user_prefs WHERE userid = $userid AND name = 'send_email'");
if(!$result || mysql_num_rows($result) == 0)
{
return true;
}
$ob = mysql_fetch_object($result);
return ($ob->value == 'no' ? false : true);
}
function isAdministrator($iUserId)
{
$hResult = query_appdb("SELECT * FROM user_privs WHERE userid = ".$iUserId." AND priv = 'admin'");
if(!$hResult)
return 0;
return mysql_num_rows($hResult);
}
function isMaintainer($iUserId)
{
$hResult = query_appdb("SELECT * FROM appMaintainers WHERE userId = ".$iUserId);
if(!$hResult)
return 0;
return mysql_num_rows($hResult);
}
/** /**
* get the email address of people to notify for this appId and versionId * Get the email address of people to notify for this appId and versionId.
*/ */
function getNotifyEmailAddressList($appId, $versionId = 0) function get_notify_email_address_list($appId, $versionId = 0)
{ {
$aUserId = array(); $aUserId = array();
$c = 0; $c = 0;
@@ -418,8 +343,9 @@ function getNotifyEmailAddressList($appId, $versionId = 0)
{ {
while(list($index, list($userIdValue)) = each($aUserId)) while(list($index, list($userIdValue)) = each($aUserId))
{ {
if (UserWantsEmail($userIdValue)) $oUser = new User($userIdValue);
$retval .= lookupEmail($userIdValue)." "; if ($oUser->getPref("send_email"))
$retval .= $oUser->sEmail." ";
} }
} }
return $retval; return $retval;
@@ -429,7 +355,7 @@ function getNotifyEmailAddressList($appId, $versionId = 0)
/** /**
* Get the number of users in the database * Get the number of users in the database
*/ */
function getNumberOfUsers() function get_number_of_users()
{ {
$result = query_appdb("SELECT count(*) as num_users FROM user_list;"); $result = query_appdb("SELECT count(*) as num_users FROM user_list;");
$row = mysql_fetch_object($result); $row = mysql_fetch_object($result);
@@ -440,11 +366,23 @@ function getNumberOfUsers()
/** /**
* Get the number of active users within $days of the current day * Get the number of active users within $days of the current day
*/ */
function getActiveUsersWithinDays($days) function get_active_users_within_days($days)
{ {
$result = query_appdb("SELECT count(*) as num_users FROM user_list WHERE stamp >= DATE_SUB(CURDATE(), interval $days day);"); $result = query_appdb("SELECT count(*) as num_users FROM user_list WHERE stamp >= DATE_SUB(CURDATE(), interval $days day);");
$row = mysql_fetch_object($result); $row = mysql_fetch_object($result);
return $row->num_users; return $row->num_users;
} }
/**
* Check if a user exists.
* returns TRUE if the user exists
*/
function user_exists($sEmail)
{
$result = query_appdb("SELECT * FROM user_list WHERE email = '$sEmail'");
if(!$result || mysql_num_rows($result) != 1)
return 0;
return 1;
}
?> ?>

25
include/vote.php
View File

@@ -12,8 +12,8 @@ function vote_count($appId, $userId = null)
if(!$userId) if(!$userId)
{ {
if(loggedin()) if($_SESSION['current']->isLoggedIn())
$userId = $_SESSION['current']->userid; $userId = $_SESSION['current']->iUserId;
else else
return 0; return 0;
} }
@@ -29,8 +29,8 @@ function vote_count_user_total($userId = null)
{ {
if(!$userId) if(!$userId)
{ {
if(loggedin()) if($_SESSION['current']->isLoggedIn())
$userId = $_SESSION['current']->userid; $userId = $_SESSION['current']->iUserId;
else else
return 0; return 0;
} }
@@ -56,8 +56,8 @@ function vote_add($appId, $slot, $userId = null)
{ {
if(!$userId) if(!$userId)
{ {
if(loggedin()) if($_SESSION['current']->isLoggedIn())
$userId = $_SESSION['current']->userid; $userId = $_SESSION['current']->iUserId;
else else
return; return;
} }
@@ -78,8 +78,8 @@ function vote_remove($slot, $userId = null)
if(!$userId) if(!$userId)
{ {
if(loggedin()) if($_SESSION['current']->isLoggedIn())
$userId = $_SESSION['current']->userid; $userId = $_SESSION['current']->iUserId;
else else
return; return;
} }
@@ -91,8 +91,8 @@ function vote_get_user_votes($userId = null)
{ {
if(!$userId) if(!$userId)
{ {
if(loggedin()) if($_SESSION['current']->isLoggedIn())
$userId = $_SESSION['current']->userid; $userId = $_SESSION['current']->iUserId;
if(!$userId) if(!$userId)
return array(); return array();
} }
@@ -150,10 +150,9 @@ function dump($arr)
function vote_update($vars) function vote_update($vars)
{ {
//FIXME this doesn't work since msgs only work when logged in if(!$_SESSION['current']->isLoggedIn())
if(!loggedin())
{ {
addmsg("You must be logged in to vote", "red"); errorpage("You must be logged in to vote");
return; return;
} }

2
index.php
View File

@@ -33,7 +33,7 @@ $str_benefits="
<li>Submit new applications and versions.</li> <li>Submit new applications and versions.</li>
</ul> </ul>
"; ";
if(!loggedin()) if(!$_SESSION['current']->isLoggedIn())
{ {
echo " echo "
<p>Most of the features of the Application database require that you have a user account and <p>Most of the features of the Application database require that you have a user account and

2
maintainerdelete.php
View File

@@ -11,7 +11,7 @@ require(BASE."include/"."incl.php");
require(BASE."include/"."tableve.php"); require(BASE."include/"."tableve.php");
require(BASE."include/"."category.php"); require(BASE."include/"."category.php");
if(!loggedin()) if(!$_SESSION['current']->isLoggedIn())
{ {
errorpage("You need to be logged in to apply to be a maintainer."); errorpage("You need to be logged in to apply to be a maintainer.");
exit; exit;

6
maintainersubmit.php
View File

@@ -35,7 +35,7 @@ function checkAppMaintainerInput( $fields )
} }
if(!loggedin()) if(!$_SESSION['current']->isLoggedIn())
{ {
errorpage("You need to be logged in to apply to be a maintainer."); errorpage("You need to be logged in to apply to be a maintainer.");
exit; exit;
@@ -46,14 +46,14 @@ $versionId = strip_tags($_POST['versionId']);
$superMaintainer = strip_tags($_POST['superMaintainer']); $superMaintainer = strip_tags($_POST['superMaintainer']);
/* if the user is already a maintainer don't add them again */ /* if the user is already a maintainer don't add them again */
if($_SESSION['current']->is_maintainer($appId, $versionId)) if($_SESSION['current']->isMaintainer($appId, $versionId))
{ {
echo "You are already a maintainer of this app!"; echo "You are already a maintainer of this app!";
exit; exit;
} }
/* if this user is a super maintainer they maintain all of the versionIds of this appId */ /* if this user is a super maintainer they maintain all of the versionIds of this appId */
if($_SESSION['current']->is_super_maintainer($appId)) if($_SESSION['current']->isSuperMaintainer($appId))
{ {
echo "You are already a supermaintainer of the whole application family!"; echo "You are already a supermaintainer of the whole application family!";
exit; exit;

59
preferences.php
View File

@@ -9,34 +9,35 @@
include("path.php"); include("path.php");
include(BASE."include/"."incl.php"); include(BASE."include/"."incl.php");
if(!loggedin()) if(!$_SESSION['current']->isLoggedIn())
{ {
errorpage("You must be logged in to edit preferences"); errorpage("You must be logged in to edit preferences");
exit; exit;
} }
// we come from the administration to edit an user // we come from the administration to edit an user
if(havepriv("admin") && if($_SESSION['current']->hasPriv("admin") &&
is_numeric($_REQUEST['userId']) && is_numeric($_REQUEST['userId']) &&
is_numeric($_REQUEST['iLimit']) && is_numeric($_REQUEST['iLimit']) &&
in_array($_REQUEST['sOrderBy'],array("email","realname","created")) in_array($_REQUEST['sOrderBy'],array("email","realname","created"))
) )
{ {
$iUserId = $_REQUEST['userId']; $oUser = new User($_REQUEST['userId']);
} else } else
{ {
$iUserId = $_SESSION['current']->userid; $oUser = &$_SESSION['current'];
} }
function build_prefs_list() function build_prefs_list()
{ {
global $oUser;
$result = query_appdb("SELECT * FROM prefs_list ORDER BY id"); $result = query_appdb("SELECT * FROM prefs_list ORDER BY id");
while($result && $r = mysql_fetch_object($result)) while($result && $r = mysql_fetch_object($result))
{ {
//skip admin options //skip admin options
//TODO: add a field to prefs_list to flag the user level for the pref //TODO: add a field to prefs_list to flag the user level for the pref
if(!havepriv("admin")) if(!$_SESSION['current']->hasPriv("admin"))
{ {
if($r->name == "query:mode") if($r->name == "query:mode")
continue; continue;
@@ -53,28 +54,24 @@ function build_prefs_list()
} }
$input = html_select("pref_$r->name", explode('|', $r->value_list), $input = html_select("pref_$r->name", explode('|', $r->value_list),
$_SESSION['current']->getpref($r->name, $r->def_value)); $oUser->getpref($r->name, $r->def_value));
echo html_tr(array("&nbsp; $r->description", $input)); echo html_tr(array("&nbsp; $r->description", $input));
} }
} }
function show_user_fields() function show_user_fields()
{ {
global $iUserId; global $oUser;
$user = new User();
$ext_realname = $user->lookup_realname($iUserId); $ext_realname = $oUser->sRealname;
$ext_email = $user->lookup_email($iUserId); $ext_email = $oUser->sEmail;
$CVSrelease = $user->lookup_CVSrelease($iUserId); $CVSrelease = $oUser->sWineRelease;
// if we are managing anothe user if($oUser->hasPriv("admin"))
if($iUserId == $_REQUEST['userId']) $ext_hasadmin = 'checked="true"';
{ else
if(isAdministrator($iUserId)) $ext_hasadmin = "";
$ext_hasadmin = 'checked="true"';
else include(BASE."include/form_edit.php");
$ext_hasadmin = "";
}
include(BASE."include/"."form_edit.php");
echo "<tr><td>&nbsp; Wine version </td><td>"; echo "<tr><td>&nbsp; Wine version </td><td>";
make_bugzilla_version_list("CVSrelease", $CVSrelease); make_bugzilla_version_list("CVSrelease", $CVSrelease);
@@ -83,13 +80,11 @@ function show_user_fields()
if($_POST) if($_POST)
{ {
$user = new User();
while(list($key, $value) = each($_REQUEST)) while(list($key, $value) = each($_REQUEST))
{ {
if(!ereg("^pref_(.+)$", $key, $arr)) if(!ereg("^pref_(.+)$", $key, $arr))
continue; continue;
$_SESSION['current']->setpref($arr[1], $value); $oUser->setPref($arr[1], $value);
} }
if ($_REQUEST['ext_password'] == $_REQUEST['ext_password2']) if ($_REQUEST['ext_password'] == $_REQUEST['ext_password2'])
@@ -100,18 +95,17 @@ if($_POST)
{ {
addmsg("The Passwords you entered did not match.", "red"); addmsg("The Passwords you entered did not match.", "red");
} }
if ($user->update($iUserId, $str_passwd, $_REQUEST['ext_realname'], $_REQUEST['ext_email'], $_REQUEST['CVSrelease'])) if ($oUser->update($_REQUEST['ext_email'], $str_passwd, $_REQUEST['ext_realname'], $_REQUEST['CVSrelease']))
{ {
addmsg("Preferences Updated", "green"); addmsg("Preferences Updated", "green");
// we were managing an user, let's go back to the admin after updating tha admin status // we were managing an user, let's go back to the admin after updating tha admin status
if($iUserId == $_REQUEST['userId'] && havepriv("admin")) if($oUser->iUserId == $_REQUEST['userId'] && $_SESSION['current']->hasPriv("admin"))
{ {
$user->userid = $iUserId;
if($_POST['ext_hasadmin']=="on") if($_POST['ext_hasadmin']=="on")
$user->addpriv("admin"); $oUser->addPriv("admin");
else else
$user->delpriv("admin"); $oUser->delPriv("admin");
redirect(BASE."admin/adminUsers.php?userId=".$iUserId."&sSearch=".$_REQUEST['sSearch']."&iLimit=".$_REQUEST['iLimit']."&sOrderBy=".$_REQUEST['sOrderBy']."&sSubmit=true"); redirect(BASE."admin/adminUsers.php?userId=".$oUser->iUserId."&sSearch=".$_REQUEST['sSearch']."&iLimit=".$_REQUEST['iLimit']."&sOrderBy=".$_REQUEST['sOrderBy']."&sSubmit=true");
} }
} }
else else
@@ -125,7 +119,7 @@ apidb_header("User Preferences");
echo "<form method=\"post\" action=\"preferences.php\">\n"; echo "<form method=\"post\" action=\"preferences.php\">\n";
// if we manage another user we give the parameters to go back to the admin // if we manage another user we give the parameters to go back to the admin
if($iUserId == $_REQUEST['userId']) if($oUser->iUserId == $_REQUEST['userId'])
{ {
echo "<input type=\"hidden\" name=\"iLimit\" value=\"".$_REQUEST['iLimit']."\">\n"; echo "<input type=\"hidden\" name=\"iLimit\" value=\"".$_REQUEST['iLimit']."\">\n";
echo "<input type=\"hidden\" name=\"sOrderBy\" value=\"".$_REQUEST['sOrderBy']."\">\n"; echo "<input type=\"hidden\" name=\"sOrderBy\" value=\"".$_REQUEST['sOrderBy']."\">\n";
@@ -133,19 +127,18 @@ if($iUserId == $_REQUEST['userId'])
echo "<input type=\"hidden\" name=\"userId\" value=\"".$_REQUEST['userId']."\">\n"; echo "<input type=\"hidden\" name=\"userId\" value=\"".$_REQUEST['userId']."\">\n";
} }
echo html_frame_start("Preferences for ".lookupRealName($iUserId), "80%"); echo html_frame_start("Preferences for ".$oUser->sRealname, "80%");
echo html_table_begin("width='100%' border=0 align=left cellspacing=0 class='box-body'"); echo html_table_begin("width='100%' border=0 align=left cellspacing=0 class='box-body'");
show_user_fields(); show_user_fields();
// if we don't manage another user // if we don't manage another user
if($iUserId != $_REQUEST['userId']) build_prefs_list(); if($oUser->iUserId != $_REQUEST['userId']) build_prefs_list();
echo html_table_end(); echo html_table_end();
echo html_frame_end(); echo html_frame_end();
echo "<br /> <div align=center> <input type=\"submit\" value=\"Update\" /> </div> <br />\n"; echo "<br /> <div align=center> <input type=\"submit\" value=\"Update\" /> </div> <br />\n";
echo "</form>\n"; echo "</form>\n";
apidb_footer(); apidb_footer();
?> ?>

22
screenshots.php
View File

@@ -20,15 +20,15 @@ if($_REQUEST['cmd'])
//process screenshot upload //process screenshot upload
if($_REQUEST['cmd'] == "screenshot_upload") if($_REQUEST['cmd'] == "screenshot_upload")
{ {
if(havepriv("admin") || if($_SESSION['current']->hasPriv("admin") ||
(loggedin() && $_SESSION['current']->is_maintainer($_REQUEST['appId'], ($_SESSION['current']->isLoggedIn() && $_SESSION['current']->isMaintainer($_REQUEST['appId'],
$_REQUEST['versionId']))) $_REQUEST['versionId'])))
{ {
$oScreenshot = new Screenshot(null,false,$_SESSION['current']->userid,$_REQUEST['appId'],$_REQUEST['versionId'],$_REQUEST['screenshot_desc'],$_FILES['imagefile']); $oScreenshot = new Screenshot(null,false,$_SESSION['current']->iUserId,$_REQUEST['appId'],$_REQUEST['versionId'],$_REQUEST['screenshot_desc'],$_FILES['imagefile']);
if($oScreenshot) if($oScreenshot)
{ {
//success //success
$sEmail = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']); $sEmail = get_notify_email_address_list($_REQUEST['appId'], $_REQUEST['versionId']);
if($sEmail) if($sEmail)
{ {
$sFullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']); $sFullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);
@@ -47,7 +47,7 @@ if($_REQUEST['cmd'])
if($oScreenshot) if($oScreenshot)
{ {
//success //success
$sEmail = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']); $sEmail = get_notify_email_address_list($_REQUEST['appId'], $_REQUEST['versionId']);
if($sEmail) if($sEmail)
{ {
$sFullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']); $sFullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);
@@ -64,14 +64,14 @@ if($_REQUEST['cmd'])
$oScreenshot->free(); $oScreenshot->free();
} elseif($_REQUEST['cmd'] == "delete" && is_numeric($_REQUEST['imageId'])) } elseif($_REQUEST['cmd'] == "delete" && is_numeric($_REQUEST['imageId']))
{ {
if(havepriv("admin") || if($_SESSION['current']->hasPriv("admin") ||
$_SESSION['current']->is_maintainer($_REQUEST['appId'], $_SESSION['current']->isMaintainer($_REQUEST['appId'],
$_REQUEST['versionId'])) $_REQUEST['versionId']))
{ {
$oScreenshot = new Screenshot($_REQUEST['imageId']); $oScreenshot = new Screenshot($_REQUEST['imageId']);
if($oScreenshot && $oScreenshot->delete()) if($oScreenshot && $oScreenshot->delete())
{ {
$sEmail = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']); $sEmail = get_notify_email_address_list($_REQUEST['appId'], $_REQUEST['versionId']);
if($sEmail) if($sEmail)
{ {
$sFullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']); $sFullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);
@@ -130,7 +130,7 @@ if($result && mysql_num_rows($result))
// set image link based on user pref // set image link based on user pref
$img = '<a href="javascript:openWin(\'appimage.php?id='.$ob->id.'\',\''.$randName.'\','.$oScreenshot->oScreenshotImage->width.','.($oScreenshot->oScreenshotImage->height+4).');">'.$imgSRC.'</a>'; $img = '<a href="javascript:openWin(\'appimage.php?id='.$ob->id.'\',\''.$randName.'\','.$oScreenshot->oScreenshotImage->width.','.($oScreenshot->oScreenshotImage->height+4).');">'.$imgSRC.'</a>';
if (loggedin()) if ($_SESSION['current']->isLoggedIn())
{ {
if ($_SESSION['current']->getpref("window:screenshot") == "no") if ($_SESSION['current']->getpref("window:screenshot") == "no")
{ {
@@ -144,8 +144,8 @@ if($result && mysql_num_rows($result))
echo "<div align=center>". substr(stripslashes($ob->description),0,20). "\n"; echo "<div align=center>". substr(stripslashes($ob->description),0,20). "\n";
//show admin delete link //show admin delete link
if(loggedin() && (havepriv("admin") || if($_SESSION['current']->isLoggedIn() && ($_SESSION['current']->hasPriv("admin") ||
$_SESSION['current']->is_maintainer($_REQUEST['appId'], $_SESSION['current']->isMaintainer($_REQUEST['appId'],
$_REQUEST['versionId']))) $_REQUEST['versionId'])))
{ {
echo "<br />[<a href='screenshots.php?cmd=delete&imageId=$ob->id&appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']."'>Delete Image</a>]"; echo "<br />[<a href='screenshots.php?cmd=delete&imageId=$ob->id&appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']."'>Delete Image</a>]";

2
tables/user_list.sql
View File

@@ -9,8 +9,6 @@ create table user_list (
realname text not null, realname text not null,
email text not null, email text not null,
created datetime not null, created datetime not null,
status int(4),
perm int(4),
CVSrelease text, CVSrelease text,
unique key(userid), unique key(userid),
unique(email) unique(email)

2
vendorview.php
View File

@@ -27,7 +27,7 @@ if(!$result || mysql_num_rows($result) != 1) {
} }
//show admin sidebar if user is admin //show admin sidebar if user is admin
if(havepriv("admin")) { if($_SESSION['current']->hasPriv("admin")) {
apidb_sidebar_add("admin_menu"); apidb_sidebar_add("admin_menu");
} }