[2] | 1 | <?php |
---|
| 2 | /*************************************************************************** |
---|
[9] | 3 | * user.inc.php * |
---|
| 4 | * ------------------ * |
---|
| 5 | * application : PhpWebGallery 1.3 * |
---|
| 6 | * author : Pierrick LE GALL <pierrick@z0rglub.com> * |
---|
[2] | 7 | * * |
---|
| 8 | *************************************************************************** |
---|
| 9 | |
---|
| 10 | *************************************************************************** |
---|
| 11 | * * |
---|
| 12 | * This program is free software; you can redistribute it and/or modify * |
---|
| 13 | * it under the terms of the GNU General Public License as published by * |
---|
| 14 | * the Free Software Foundation; * |
---|
| 15 | * * |
---|
| 16 | ***************************************************************************/ |
---|
| 17 | // retrieving user informations |
---|
| 18 | // $infos array is used to know the fields to retrieve in the table "users" |
---|
| 19 | // Each field becomes an information of the array $user. |
---|
| 20 | // Example : |
---|
| 21 | // status --> $user['status'] |
---|
[9] | 22 | $infos = array( 'id', 'username', 'mail_address', 'nb_image_line', |
---|
[2] | 23 | 'nb_line_page', 'status', 'theme', 'language', 'maxwidth', |
---|
| 24 | 'maxheight', 'expand', 'show_nb_comments', 'short_period', |
---|
| 25 | 'long_period', 'template' ); |
---|
| 26 | |
---|
| 27 | $query_user = 'select'; |
---|
| 28 | for ( $i = 0; $i < sizeof( $infos ); $i++ ) |
---|
| 29 | { |
---|
| 30 | if ( $i > 0 ) |
---|
| 31 | { |
---|
| 32 | $query_user.= ','; |
---|
| 33 | } |
---|
| 34 | else |
---|
| 35 | { |
---|
| 36 | $query_user.= ' '; |
---|
| 37 | } |
---|
| 38 | $query_user.= $infos[$i]; |
---|
| 39 | } |
---|
[13] | 40 | $query_user.= ' from '.PREFIX_TABLE.'users'; |
---|
[2] | 41 | $query_done = false; |
---|
| 42 | $user['is_the_guest'] = false; |
---|
| 43 | if ( isset( $_GET['id'] ) |
---|
| 44 | && ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $_GET['id'] ) ) |
---|
| 45 | { |
---|
| 46 | $page['session_id'] = $_GET['id']; |
---|
[13] | 47 | $query = 'select user_id,expiration,ip'; |
---|
| 48 | $query.= ' from '.PREFIX_TABLE.'sessions'; |
---|
| 49 | $query.= " where id = '".$_GET['id']."'"; |
---|
| 50 | $query.= ';'; |
---|
[2] | 51 | $result = mysql_query( $query ); |
---|
| 52 | if ( mysql_num_rows( $result ) > 0 ) |
---|
| 53 | { |
---|
| 54 | $row = mysql_fetch_array( $result ); |
---|
| 55 | if ( $row['expiration'] < time() ) |
---|
| 56 | { |
---|
| 57 | // deletion of the session from the database, |
---|
| 58 | // because it is out-of-date |
---|
[13] | 59 | $delete_query = 'delete from '.PREFIX_TABLE.'sessions'; |
---|
| 60 | $delete_query.= " where id = '".$page['session_id']."'"; |
---|
| 61 | $delete_query.= ';'; |
---|
[2] | 62 | mysql_query( $delete_query ); |
---|
| 63 | } |
---|
| 64 | else |
---|
| 65 | { |
---|
[13] | 66 | if ( $_SERVER['REMOTE_ADDR'] == $row['ip'] ) |
---|
[2] | 67 | { |
---|
| 68 | $query_user .= ' where id = '.$row['user_id']; |
---|
| 69 | $query_done = true; |
---|
| 70 | } |
---|
| 71 | } |
---|
| 72 | } |
---|
| 73 | } |
---|
| 74 | if ( !$query_done ) |
---|
| 75 | { |
---|
[9] | 76 | $query_user .= ' where id = 2'; |
---|
[2] | 77 | $user['is_the_guest'] = true; |
---|
| 78 | } |
---|
| 79 | $query_user .= ';'; |
---|
| 80 | |
---|
| 81 | $row = mysql_fetch_array( mysql_query( $query_user ) ); |
---|
| 82 | |
---|
| 83 | // affectation of each value retrieved in the users table into a variable |
---|
| 84 | // of the array $user. |
---|
| 85 | for ( $i = 0; $i < sizeof( $infos ); $i++ ) |
---|
| 86 | { |
---|
| 87 | $user[$infos[$i]] = $row[$infos[$i]]; |
---|
[13] | 88 | // If the field is true or false, the variable is transformed into a |
---|
| 89 | // boolean value. |
---|
[2] | 90 | if ( $row[$infos[$i]] == 'true' || $row[$infos[$i]] == 'false' ) |
---|
| 91 | { |
---|
| 92 | $user[$infos[$i]] = get_boolean( $row[$infos[$i]] ); |
---|
| 93 | } |
---|
| 94 | } |
---|
| 95 | ?> |
---|