From 54c1264e2477a722ba8293a369a4dafe7755b65d Mon Sep 17 00:00:00 2001 From: "Aldo \"xoen\" Giambelluca" Date: Sat, 3 Jul 2010 19:38:31 +0200 Subject: [PATCH] Using table prefix preference in 'inc/lib_user.php' --- inc/lib_user.php | 55 ++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 44 insertions(+), 11 deletions(-) diff --git a/inc/lib_user.php b/inc/lib_user.php index e5d994dd02..d3b38bc2ea 100755 --- a/inc/lib_user.php +++ b/inc/lib_user.php @@ -55,6 +55,8 @@ class OC_USER { * */ public static function createuser($username,$password){ + global $CONFIG_DBTABLEPREFIX; + if(OC_USER::getuserid($username)!=0){ return false; }else{ @@ -62,7 +64,8 @@ class OC_USER { $usernameclean=strtolower($username); $username=OC_DB::escape($username); $usernameclean=OC_DB::escape($usernameclean); - $query="INSERT INTO `users` (`user_id` ,`user_name` ,`user_name_clean` ,`user_password`) VALUES (NULL , '$username', '$usernameclean', '$password')"; + $dbTableUsers = $CONFIG_DBTABLEPREFIX . 'users'; + $query = "INSERT INTO `$dbTableUsers` (`user_id` ,`user_name` ,`user_name_clean` ,`user_password`) VALUES (NULL , '$username', '$usernameclean', '$password')"; $result=OC_DB::query($query); return ($result)?true:false; } @@ -74,11 +77,14 @@ class OC_USER { * */ public static function login($username,$password){ + global $CONFIG_DBTABLEPREFIX; + $password=sha1($password); $usernameclean=strtolower($username); $username=OC_DB::escape($username); $usernameclean=OC_DB::escape($usernameclean); - $query="SELECT user_id FROM users WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1"; + $dbTableUsers = $CONFIG_DBTABLEPREFIX . 'users'; + $query = "SELECT user_id FROM $dbTableUsers WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1"; $result=OC_DB::select($query); if(isset($result[0]) && isset($result[0]['user_id'])){ $_SESSION['user_id']=$result[0]['user_id']; @@ -116,9 +122,12 @@ class OC_USER { * */ public static function creategroup($groupname){ + global $CONFIG_DBTABLEPREFIX; + if(OC_USER::getgroupid($groupname)==0){ $groupname=OC_DB::escape($groupname); - $query="INSERT INTO `groups` (`group_id` ,`group_name`) VALUES (NULL , '$groupname')"; + $dbTableGroups = $CONFIG_DBTABLEPREFIX . 'groups'; + $query="INSERT INTO `$dbTableGroups` (`group_id` ,`group_name`) VALUES (NULL , '$groupname')"; $result=OC_DB::query($query); return ($result)?true:false; }else{ @@ -131,10 +140,13 @@ class OC_USER { * */ public static function getuserid($username){ + global $CONFIG_DBTABLEPREFIX; + $usernameclean=strtolower($username); $username=OC_DB::escape($username); $usernameclean=OC_DB::escape($usernameclean); - $query="SELECT user_id FROM users WHERE user_name_clean = '$usernameclean'"; + $dbTableUsers = $CONFIG_DBTABLEPREFIX . 'users'; + $query="SELECT user_id FROM $dbTableUsers WHERE user_name_clean = '$usernameclean'"; $result=OC_DB::select($query); if(!is_array($result)){ return 0; @@ -151,8 +163,11 @@ class OC_USER { * */ public static function getgroupid($groupname){ + global $CONFIG_DBTABLEPREFIX; + $groupname=OC_DB::escape($groupname); - $query="SELECT group_id FROM groups WHERE group_name = '$groupname'"; + $dbTableGroups = $CONFIG_DBTABLEPREFIX . 'groups'; + $query="SELECT group_id FROM $dbTableGroups WHERE group_name = '$groupname'"; $result=OC_DB::select($query); if(!is_array($result)){ return 0; @@ -169,8 +184,11 @@ class OC_USER { * */ public static function getgroupname($groupid){ + global $CONFIG_DBTABLEPREFIX; + $groupid=(integer)$groupid; - $query="SELECT group_name FROM groups WHERE group_id = '$groupid' LIMIT 1"; + $dbTableGroups = $CONFIG_DBTABLEPREFIX . 'groups'; + $query="SELECT group_name FROM $dbTableGroups WHERE group_id = '$groupid' LIMIT 1"; $result=OC_DB::select($query); if(isset($result[0]) && isset($result[0]['group_name'])){ return $result[0]['group_name']; @@ -184,10 +202,13 @@ class OC_USER { * */ public static function ingroup($username,$groupname){ + global $CONFIG_DBTABLEPREFIX; + $userid=OC_USER::getuserid($username); $groupid=OC_USER::getgroupid($groupname); if($groupid>0 and $userid>0){ - $query="SELECT user_group_id FROM user_group WHERE group_id = $groupid AND user_id = $userid LIMIT 1"; + $dbTableUserGroup = $CONFIG_DBTABLEPREFIX . 'user_group'; + $query="SELECT user_group_id FROM $dbTableUserGroup WHERE group_id = $groupid AND user_id = $userid LIMIT 1"; $result=OC_DB::select($query); if(isset($result[0]) && isset($result[0]['user_group_id'])){ return true; @@ -204,11 +225,14 @@ class OC_USER { * */ public static function addtogroup($username,$groupname){ + global $CONFIG_DBTABLEPREFIX; + if(!OC_USER::ingroup($username,$groupname)){ $userid=OC_USER::getuserid($username); $groupid=OC_USER::getgroupid($groupname); if($groupid!=0 and $userid!=0){ - $query="INSERT INTO `user_group` (`user_group_id` ,`user_id` ,`group_id`) VALUES (NULL , '$userid', '$groupid');"; + $dbTableUserGroup = $CONFIG_DBTABLEPREFIX . 'user_group'; + $query="INSERT INTO `$dbTableUserGroup` (`user_group_id` ,`user_id` ,`group_id`) VALUES (NULL , '$userid', '$groupid');"; $result=OC_DB::query($query); if($result){ return true; @@ -232,8 +256,11 @@ class OC_USER { * */ public static function getusergroups($username){ + global $CONFIG_DBTABLEPREFIX; + $userid=OC_USER::getuserid($username); - $query="SELECT group_id FROM user_group WHERE user_id = '$userid'"; + $dbTableUserGroup = $CONFIG_DBTABLEPREFIX . 'user_group'; + $query = "SELECT group_id FROM $dbTableUserGroup WHERE user_id = '$userid'"; $result=OC_DB::select($query); $groups=array(); if(is_array($result)){ @@ -250,9 +277,12 @@ class OC_USER { * */ public static function setpassword($username,$password){ + global $CONFIG_DBTABLEPREFIX; + $password=sha1($password); $userid=OC_USER::getuserid($username); - $query="UPDATE users SET user_password = '$password' WHERE user_id ='$userid'"; + $dbTableUsers = $CONFIG_DBTABLEPREFIX . 'users'; + $query = "UPDATE $dbTableUsers SET user_password = '$password' WHERE user_id ='$userid'"; $result=OC_DB::query($query); if($result){ return true; @@ -266,11 +296,14 @@ class OC_USER { * */ public static function checkpassword($username,$password){ + global $CONFIG_DBTABLEPREFIX; + $password=sha1($password); $usernameclean=strtolower($username); $username=OC_DB::escape($username); $usernameclean=OC_DB::escape($usernameclean); - $query="SELECT user_id FROM 'users' WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1"; + $dbTableUsers = $CONFIG_DBTABLEPREFIX . 'users'; + $query = "SELECT user_id FROM '$dbTableUsers' WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1"; $result=OC_DB::select($query); if(isset($result[0]) && isset($result[0]['user_id']) && $result[0]['user_id']>0){ return true;