| 1 | <?php |
|---|
| 2 | /*************************************************************************** |
|---|
| 3 | * user.inc.php * |
|---|
| 4 | * ------------------ * |
|---|
| 5 | * application : PhpWebGallery 1.3 * |
|---|
| 6 | * author : Pierrick LE GALL <pierrick@z0rglub.com> * |
|---|
| 7 | * * |
|---|
| 8 | *************************************************************************** |
|---|
| 9 | |
|---|
| 10 | *************************************************************************** |
|---|
| 11 | * * |
|---|
| 12 | * This program is free software; you can redistribute it and/or modify * |
|---|
| 13 | * it under the terms of the GNU General Public License as published by * |
|---|
| 14 | * the Free Software Foundation; * |
|---|
| 15 | * * |
|---|
| 16 | ***************************************************************************/ |
|---|
| 17 | // retrieving user informations |
|---|
| 18 | // $infos array is used to know the fields to retrieve in the table "users" |
|---|
| 19 | // Each field becomes an information of the array $user. |
|---|
| 20 | // Example : |
|---|
| 21 | // status --> $user['status'] |
|---|
| 22 | $infos = array( 'id', 'username', 'mail_address', 'nb_image_line', |
|---|
| 23 | 'nb_line_page', 'status', 'language', 'maxwidth', |
|---|
| 24 | 'maxheight', 'expand', 'show_nb_comments', 'short_period', |
|---|
| 25 | 'long_period', 'template' ); |
|---|
| 26 | |
|---|
| 27 | $query_user = 'SELECT '; |
|---|
| 28 | foreach ( $infos as $i => $info ) { |
|---|
| 29 | if ( $i > 0 ) $query_user.= ','; |
|---|
| 30 | $query_user.= $info; |
|---|
| 31 | } |
|---|
| 32 | $query_user.= ' FROM '.PREFIX_TABLE.'users'; |
|---|
| 33 | $query_done = false; |
|---|
| 34 | $user['is_the_guest'] = false; |
|---|
| 35 | if ( isset( $_GET['id'] ) |
|---|
| 36 | && ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $_GET['id'] ) ) |
|---|
| 37 | { |
|---|
| 38 | $page['session_id'] = $_GET['id']; |
|---|
| 39 | $query = 'SELECT user_id,expiration,ip'; |
|---|
| 40 | $query.= ' FROM '.PREFIX_TABLE.'sessions'; |
|---|
| 41 | $query.= " WHERE id = '".$_GET['id']."'"; |
|---|
| 42 | $query.= ';'; |
|---|
| 43 | $result = mysql_query( $query ); |
|---|
| 44 | if ( mysql_num_rows( $result ) > 0 ) |
|---|
| 45 | { |
|---|
| 46 | $row = mysql_fetch_array( $result ); |
|---|
| 47 | if ( $row['expiration'] < time() ) |
|---|
| 48 | { |
|---|
| 49 | // deletion of the session from the database, |
|---|
| 50 | // because it is out-of-date |
|---|
| 51 | $delete_query = 'DELETE FROM '.PREFIX_TABLE.'sessions'; |
|---|
| 52 | $delete_query.= " WHERE id = '".$page['session_id']."'"; |
|---|
| 53 | $delete_query.= ';'; |
|---|
| 54 | mysql_query( $delete_query ); |
|---|
| 55 | } |
|---|
| 56 | else |
|---|
| 57 | { |
|---|
| 58 | if ( $_SERVER['REMOTE_ADDR'] == $row['ip'] ) |
|---|
| 59 | { |
|---|
| 60 | $query_user .= ' WHERE id = '.$row['user_id']; |
|---|
| 61 | $query_done = true; |
|---|
| 62 | } |
|---|
| 63 | } |
|---|
| 64 | } |
|---|
| 65 | } |
|---|
| 66 | if ( !$query_done ) |
|---|
| 67 | { |
|---|
| 68 | $query_user .= ' WHERE id = 2'; |
|---|
| 69 | $user['is_the_guest'] = true; |
|---|
| 70 | } |
|---|
| 71 | $query_user .= ';'; |
|---|
| 72 | |
|---|
| 73 | $row = mysql_fetch_array( mysql_query( $query_user ) ); |
|---|
| 74 | |
|---|
| 75 | // affectation of each value retrieved in the users table into a variable |
|---|
| 76 | // of the array $user. |
|---|
| 77 | foreach ( $infos as $info ) { |
|---|
| 78 | $user[$info] = $row[$info]; |
|---|
| 79 | // If the field is true or false, the variable is transformed into a |
|---|
| 80 | // boolean value. |
|---|
| 81 | if ( $row[$info] == 'true' or $row[$info] == 'false' ) |
|---|
| 82 | { |
|---|
| 83 | $user[$info] = get_boolean( $row[$info] ); |
|---|
| 84 | } |
|---|
| 85 | } |
|---|
| 86 | ?> |
|---|
