<?php
+/*
+ (c) 2005 Joe Presbrey
+*/
require_once('mitsql.lib.php');
class Login {
- var $id, $u, $p;
- var $info;
+ private $id, $u, $p;
+ private $info;
function Login($u, $p=null) {
if (empty($u)) return;
$this->u = $u;
$this->p = $p;
- if (is_numeric($u)) {
+ if ((string)intval($u)===(string)$u) {
$this->id = $u;
- $opt = sprintf(" UserId = '%s'", mysql_escape_string($u));
+ $opt = sprintf(" Username = '%s' OR UserId = '%s'", mysql_escape_string($u), mysql_escape_string($u));
} else {
$opt = sprintf(" Username = '%s'", mysql_escape_string($u));
$opt .= (is_null($p)?'':sprintf(" AND Password='%s'", mysql_escape_string(base64_encode($p))));
is_null($name) || $arr['Name'] = $name;
is_null($email) || $arr['Email'] = $email;
$upd = buildSQLSet($arr);
- $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
+ $sql = sprintf("UPDATE User SET %s WHERE UserId = '%s'",
$upd, mysql_escape_string($this->getUserId()));
if (!empty($upd) && $upd != 'SET')
DBUpdate($sql);
}
class User {
- var $userId;
- var $info;
- var $dblist;
+ private $userId;
+ private $info;
+ private $dblist;
function User($userId) {
$this->userId = $userId;
- $sql = sprintf("SELECT User.UserId, Username, Password, Name, Email, UL, bEnabled, nBytesSoft, nBytesHard, nBytes, nDatabases, nDatabasesHard, IF(nBytes>nBytesHard,1,0) AS bOverQuota
+ $sql = sprintf("SELECT User.UserId, Username, Name, Email, UL, bEnabled, nBytesSoft, nBytesHard, nBytes, nDatabases, nDatabasesHard, IF(nBytes>nBytesHard,1,0) AS bOverQuota
FROM User
INNER JOIN UserQuota ON User.UserId = UserQuota.UserId
INNER JOIN UserStat ON User.UserId = UserStat.UserId
$r = fetchRows(DBSelect($sql),'UserId');
$this->info = count($r)?array_shift($r):$r;
$this->dblist = $this->getDBList();
-// $this->pass = base64_decode($this->info['Password']);
}
function refresh() {
unset($this->dblist);
$this->User($this->userId);
/*
- $sql = sprintf("SELECT UserId, Username, Password, Name, Email, UL, bEnabled
+ $sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled
FROM User
WHERE UserId = '%s'",
mysql_escape_string($this->userId));
function isOverQuota() {
return $this->exists()?($this->info['bOverQuota']>0?true:false):'';
}
+ function getDBQuotaHard() {
+ return $this->exists()?$this->info['nDatabasesHard']:0;
+ }
function getBytes() {
if($this->exists()) {
$arr['nBytes'] = $this->info['nBytes'];
}
function setPassword($pwd) {
$arr['Password'] = base64_encode($pwd);
- $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
+ $sql = sprintf("UPDATE User SET %s WHERE UserId = '%s'",
buildSQLSet($arr), mysql_escape_string($this->getUserId()));
DBUpdate($sql);
$sql = sprintf('SET PASSWORD FOR \'%s\'@\'%%\'=PASSWORD(\'%s\')',
$arr['Password'] = base64_encode($pwd);
$arr['bEnabled'] = 1;
$arr['dSignup'] = 'NOW()';
- $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
+ $sql = sprintf("UPDATE User SET %s WHERE UserId = '%s'",
buildSQLSet($arr), mysql_escape_string($this->getUserId()));
DBUpdate($sql);
global $Login;
$aLogin = $Login;
}
- return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->canLogin();
+ return !empty($aLogin) && ($aLogin instanceof Login) && $aLogin->canLogin();
}
function isAdmin($aLogin=null) {
global $Login;
$aLogin = $Login;
}
- return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->getUL()>=100;
+ return !empty($aLogin) && ($aLogin instanceof Login) && $aLogin->getUL()>=100;
}
function isImpersonating() {
return isSess('_UserId') && isSess('UserId');
}
+function isOffline() {
+ return (defined('OFFLINE') && OFFLINE);
+}
+
+function isOnline() {
+ return !isOffline();
+}
+
function impersonate($userId=null) {
$wasImpersonating = isImpersonating();
if ($wasImpersonating) {
}
function isSSL() {
- return $_SERVER['SERVER_PORT'] == 443;
+ return isset($_SERVER['SERVER_PORT'])?($_SERVER['SERVER_PORT'] == 443):false;
}
function getSSLCert() {
## 302 REDIRECTS
function redirect($target=null,$secure=null) {
- $base = (is_null($target)||substr($target,0,1)=='?')?$_SERVER['REDIRECT_URL']:(dirname($_SERVER['REDIRECT_URL']).'/');
+ $base = (is_null($target)||substr($target,0,1)=='?')?URI:((strlen(dirname(URI))>1?dirname(URI).'/':'/'));
redirectFull(is_null($target)?$base:($base.$target),$secure);
}
function redirectStart() {
redirectFull(BASE_URL,null);
}
function redirectFull($target,$secure) {
- redirect2((((isSSL()&&is_null($secure))||$secure==true)?'https://':'http://').$_SERVER['SERVER_NAME'].$target);
+ redirect2((((isSSL()&&is_null($secure))||$secure==true)?BASE_HTTPS:BASE_HTTP).$target);
}
function redirect2($target) {
header('Location: '.$target);
exit;
}
function flipSSL() {
- return (isSSL()?'http://':'https://').$_SERVER['SERVER_NAME'].$_SERVER['REDIRECT_URL'];
+ return (isSSL()?BASE_HTTP:BASE_HTTPS).URI;
}
## USER SCRIPTS
global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER;
DBCreate(sprintf('CREATE DATABASE `%s`', mysql_escape_string($dbname)));
+ if (mysql_error()) return false;
$newdb['Name'] = $dbname;
$arr = array_merge($newdb, $_NEW_DB);
} else {
return false;
}
- $sql = sprintf("UPDATE DB %s WHERE DB.DatabaseId = '%s'",
+ $sql = sprintf("UPDATE DB SET %s WHERE DB.DatabaseId = '%s'",
buildSQLSet($arr),
$DBId);
DBUpdate($sql);
- return $DBId;
- } else {
- $arr = $_NEW_DBQUOTA;
- $arr['DatabaseId'] = $DBId;
- $sql = sprintf("INSERT IGNORE INTO DBQuota %s",
- buildSQLInsert($arr));
- DBInsert($sql);
-
- $arr = $_NEW_DBOWNER;
- $arr['DatabaseId'] = $DBId;
- $arr['UserId'] = $userid;
- $sql = sprintf("INSERT IGNORE INTO DBOwner %s",
- buildSQLInsert($arr));
- DBInsert($sql);
-
- return $DBId;
}
+
+ DBDelete(sprintf("DELETE FROM DBOwner WHERE DatabaseId = '%s'", mysql_escape_string($DBId)));
+ DBDelete(sprintf("DELETE FROM DBQuota WHERE DatabaseId = '%s'", mysql_escape_string($DBId)));
+
+ $arr = $_NEW_DBQUOTA;
+ $arr['DatabaseId'] = $DBId;
+ $sql = sprintf("INSERT IGNORE INTO DBQuota %s",
+ buildSQLInsert($arr));
+ DBInsert($sql);
+
+ $arr = $_NEW_DBOWNER;
+ $arr['DatabaseId'] = $DBId;
+ $arr['UserId'] = $userid;
+ $sql = sprintf("INSERT IGNORE INTO DBOwner %s",
+ buildSQLInsert($arr));
+ DBInsert($sql);
+
+ return $DBId;
}
function delDB($dbname) {
DBCreate(sprintf('DROP DATABASE `%s`', mysql_escape_string($dbname)));
$arr['bEnabled'] = 0;
- $sql = sprintf("UPDATE DB %s WHERE DB.Name = '%s'",
+ $sql = sprintf("UPDATE DB SET %s WHERE DB.Name = '%s'",
buildSQLSet($arr),
$dbname);
DBUpdate($sql);