X-Git-Url: http://git.dj3c1t.com/?a=blobdiff_plain;f=web%2Fapp%2Fdata%2Fmodules%2Fsql%2Fmw_data_users.php;h=3377c151419e4e19245146f2e02b6bbaf3e79aad;hb=7cf7609a7e236347374c1b21777a9698bcd1726c;hp=b144ad6a1b164d95d0966ed1c9ab6b6710e274c0;hpb=19b8f3b9263210d9154e7556446e903f84175519;p=mtweb diff --git a/web/app/data/modules/sql/mw_data_users.php b/web/app/data/modules/sql/mw_data_users.php index b144ad6..3377c15 100644 --- a/web/app/data/modules/sql/mw_data_users.php +++ b/web/app/data/modules/sql/mw_data_users.php @@ -1,7 +1,6 @@ sgbd(); + function users($start = 0, $alpha = null, $status = null){ + $sgbd = $this->sgbd(); $env = $this->env(); $users = array("list" => array(), "total" => 0); - $SELECT = "SELECT *"; - $FROM = " FROM #--users"; - $WHERE = ""; - $WHERE .= (isset($alpha) ? ($WHERE ? " AND" : " WHERE")." LEFT(login, 1)=".$this->eq($alpha) : ""); - $WHERE .= (isset($status) ? ($WHERE ? " AND" : " WHERE")." status=".$this->eq($status) : ""); - $LIMIT = ($env->config("max_list") ? " LIMIT ".$env->config("max_list")." OFFSET ".$start : ""); - $sql = "SELECT count(*) as n FROM(".$SELECT.$FROM.$WHERE.") res"; - $rst = $sgbd->query($sql); - if(!isset($rst)) return false; - if($v_rst = $sgbd->fetch_assoc($rst)) $users["total"] = $v_rst["n"]; - $sgbd->free_result($rst); - if($users["total"] > 0) - { $sql = "SELECT * FROM(".$SELECT.$FROM.$WHERE.$LIMIT.") res"; + try{ + $SELECT = "SELECT *"; + $FROM = " FROM #--users"; + $WHERE = ""; + $WHERE .= (isset($alpha) ? ($WHERE ? " AND" : " WHERE")." LEFT(login, 1)=".$this->eq($alpha) : ""); + $WHERE .= (isset($status) ? ($WHERE ? " AND" : " WHERE")." status=".$this->eq($status) : ""); + $LIMIT = ($env->config("max_list") ? " LIMIT ".$env->config("max_list")." OFFSET ".$start : ""); + $sql = "SELECT count(*) as n FROM(".$SELECT.$FROM.$WHERE.") res"; $rst = $sgbd->query($sql); - if(!isset($rst)) return false; - while($v_rst = $sgbd->fetch_assoc($rst)) $users["list"][$v_rst["id"]] = $v_rst; + if($v_rst = $sgbd->fetch_assoc($rst)) $users["total"] = $v_rst["n"]; $sgbd->free_result($rst); + if($users["total"] > 0){ + $sql = "SELECT * FROM(".$SELECT.$FROM.$WHERE.$LIMIT.") res"; + $rst = $sgbd->query($sql); + while($v_rst = $sgbd->fetch_assoc($rst)) $users["list"][$v_rst["id"]] = $v_rst; + $sgbd->free_result($rst); + } } + catch(Exception $e) { $users = false; } return $users; } - function user_by_id($id) - { $sgbd = $this->sgbd(); + function user_by_id($id){ + $sgbd = $this->sgbd(); $user = array(); - $sql = "SELECT * from #--users WHERE id=".$this->eq($id); - $rst = $sgbd->query($sql); - if(!isset($rst)) return false; - if($v_rst = $sgbd->fetch_assoc($rst)) $user = $v_rst; - $sgbd->free_result($rst); + try{ + $sql = "SELECT * from #--users WHERE id=".$this->eq($id); + $rst = $sgbd->query($sql); + if($v_rst = $sgbd->fetch_assoc($rst)) $user = $v_rst; + $sgbd->free_result($rst); + } + catch(Exception $e) { $user = false; } return $user; } - function user($login) - { $sgbd = $this->sgbd(); + function user($login){ + $sgbd = $this->sgbd(); $user = array(); - $sql = "SELECT * from #--users WHERE login=".$this->eq($login); - $rst = $sgbd->query($sql); - if(!isset($rst)) return false; - if($v_rst = $sgbd->fetch_assoc($rst)) $user = $v_rst; - $sgbd->free_result($rst); + try{ + $sql = "SELECT * from #--users WHERE login=".$this->eq($login); + $rst = $sgbd->query($sql); + if($v_rst = $sgbd->fetch_assoc($rst)) $user = $v_rst; + $sgbd->free_result($rst); + } + catch(Exception $e) { $user = false; } return $user; } - function user_exists($login) - { $sgbd = $this->sgbd(); + function user_exists($login){ + $sgbd = $this->sgbd(); $EXISTS = 0; - $sql = "SELECT count(*) as n from #--users WHERE login=".$this->eq($login); - $rst = $sgbd->query($sql); - if(!isset($rst)) return false; - if($v_rst = $sgbd->fetch_assoc($rst)) $EXISTS = $v_rst["n"]; - $sgbd->free_result($rst); + try{ + $sql = "SELECT count(*) as n from #--users WHERE login=".$this->eq($login); + $rst = $sgbd->query($sql); + if($v_rst = $sgbd->fetch_assoc($rst)) $EXISTS = $v_rst["n"]; + $sgbd->free_result($rst); + } + catch(Exception $e) { $EXISTS = false; } return $EXISTS; } - function add_user($login, $password, $email, $status) - { $sgbd = $this->sgbd(); - $sql = - "INSERT INTO #--users(login, password, email, status) VALUES" - ."( ".$this->eq($login) - .", ".$this->eq($password) - .", ".$this->eq($email) - .", ".$status - .")"; - return $sgbd->query($sql); + function add_user($login, $password, $email, $status){ + $sgbd = $this->sgbd(); + $user_id = false; + try{ + $sql = + "INSERT INTO #--users(login, password, email, status) VALUES" + ."( ".$this->eq($login) + .", ".$this->eq($password) + .", ".$this->eq($email) + .", ".$status + .")"; + $sgbd->query($sql); + $user_id = $sgbd->insert_id(); + } + catch(Exception $e) { $user_id = false; } + return $user_id; } - function set_user($id, $login, $password, $email, $status) - { $sgbd = $this->sgbd(); - $sql = - "UPDATE #--users SET" - ." login=".$this->eq($login) - .", password=".$this->eq($password) - .", email=".$this->eq($email) - .", status=".$status - ." WHERE id=".$id; - return $sgbd->query($sql); + function set_user($id, $login, $password, $email, $status){ + $sgbd = $this->sgbd(); + try{ + $sql = + "UPDATE #--users SET" + ." login=".$this->eq($login) + .", password=".$this->eq($password) + .", email=".$this->eq($email) + .", status=".$status + ." WHERE id=".$id; + $sgbd->query($sql); + } + catch(Exception $e) { return false; } + return true; } - function del_user($login) - { $sgbd = $this->sgbd(); - $sql = "DELETE FROM #--users WHERE login=".$this->eq($login); - return $sgbd->query($sql); + function del_user($login){ + $sgbd = $this->sgbd(); + try{ + $sql = "DELETE FROM #--users WHERE login=".$this->eq($login); + $sgbd->query($sql); + } + catch(Exception $e) { return false; } + return true; } # ---------------------------------------------------------------------------------------- # status # - function status() - { if(!isset($this->user_status)) return false; + function status(){ + if(!isset($this->user_status)) return false; return $this->user_status; } - function init_user_status($status = array()) - { $sgbd = $this->sgbd(); + function init_user_status($status = array()){ + $sgbd = $this->sgbd(); $this->user_status = array(); - $sql = "SELECT * FROM #--user_status"; - $rst = $sgbd->query($sql); - if(!isset($rst)) return false; - while($v_rst = $sgbd->fetch_assoc($rst)) $this->user_status[$v_rst["id"]] = $v_rst; - $sgbd->free_result($rst); + try{ + $sql = "SELECT * FROM #--user_status"; + $rst = $sgbd->query($sql); + while($v_rst = $sgbd->fetch_assoc($rst)) $this->user_status[$v_rst["id"]] = $v_rst; + $sgbd->free_result($rst); + } + catch(Exception $e) { $this->user_status = false; } return $this->user_status; } - function init_action_status($status = array()) - { if(!isset($this->user_status)) return false; + function init_action_status($status = array()){ + if(!isset($this->user_status)) return false; $sgbd = $this->sgbd(); $this->action_status = array(); - $sql = "SELECT * FROM #--action_status"; - $rst = $sgbd->query($sql); - if(!isset($rst)) return false; - while($v_rst = $sgbd->fetch_assoc($rst)) $this->action_status[$v_rst["id"]] = $v_rst; - $sgbd->free_result($rst); + try{ + $sql = "SELECT * FROM #--action_status"; + $rst = $sgbd->query($sql); + while($v_rst = $sgbd->fetch_assoc($rst)) $this->action_status[$v_rst["id"]] = $v_rst; + $sgbd->free_result($rst); + } + catch(Exception $e) { $this->action_status = false; } return $this->action_status; } - function get_user_status() - { $user = $this->get_session_user(); + function get_user_status(){ + $user = $this->get_session_user(); if($user && isset($user["status"])) return $user["status"]; return 0; } - function get_action_status($mod, $controller = "index", $action = "index", $set_status = array()) - { $sgbd = $this->sgbd(); + function get_action_status($mod, $controller = "index", $action = "index", $set_status = array()){ + $sgbd = $this->sgbd(); $status = array(); - $sql = - "SELECT action, id_status" - ." FROM #--action_status" - ." WHERE action=".$this->eq($mod) - ." OR action=".$this->eq($mod."/".$controller) - ." OR action=".$this->eq($mod."/".$controller."/".$action); - $rst = $sgbd->query($sql); - if(!isset($rst)) return false; - while($v_rst = $sgbd->fetch_assoc($rst)) - { if(!isset($status[$v_rst["action"]])) $status[$v_rst["action"]] = array(); - $status[$v_rst["action"]][$v_rst["id_status"]] = true; + try{ + $sql = + "SELECT action, id_status" + ." FROM #--action_status" + ." WHERE action=".$this->eq($mod) + ." OR action=".$this->eq($mod."/".$controller) + ." OR action=".$this->eq($mod."/".$controller."/".$action); + $rst = $sgbd->query($sql); + while($v_rst = $sgbd->fetch_assoc($rst)){ + if(!isset($status[$v_rst["action"]])) $status[$v_rst["action"]] = array(); + $status[$v_rst["action"]][$v_rst["id_status"]] = true; + } + $sgbd->free_result($rst); } - $sgbd->free_result($rst); + catch(Exception $e) { $status = false; } return $status; } - function creation_default_status() - { $sgbd = $this->sgbd(); + function creation_default_status(){ + $sgbd = $this->sgbd(); $default_status = 0; - $sql = "SELECT id FROM #--user_status WHERE creation_default=1 LIMIT 0,1"; - $rst = $sgbd->query($sql); - if(!isset($rst)) return false; - if($v_rst = $sgbd->fetch_assoc($rst)) $default_status = $v_rst["id"]; - $sgbd->free_result($rst); + try{ + $sql = "SELECT id FROM #--user_status WHERE creation_default=1 LIMIT 0,1"; + $rst = $sgbd->query($sql); + if($v_rst = $sgbd->fetch_assoc($rst)) $default_status = $v_rst["id"]; + $sgbd->free_result($rst); + } + catch(Exception $e) { $default_status = false; } return $default_status; } @@ -172,31 +200,31 @@ # log in / out # - function login($login, $password) - { if(($user = $this->user($login)) !== false) - { if($this->password_ok($user, $password)) - { if(!$this->set_session($user)) $user = false; + function login($login, $password){ + if(($user = $this->user($login)) !== false){ + if($this->password_ok($user, $password)){ + if(!$this->set_session($user)) $user = false; } - else - { $this->clear_session(); + else{ + $this->clear_session(); $user = array(); } } return $user; } - function logout() - { return $this->clear_session(); + function logout(){ + return $this->clear_session(); } - function user_ok($user) - { return + function user_ok($user){ + return strcmp(md5($user["password"].$_SESSION["id"]), $_SESSION["pass"]) == 0 && $_SESSION["ip"] == $_SERVER["REMOTE_ADDR"]; } - function password_ok($user, $password) - { return + function password_ok($user, $password){ + return strcmp(md5($user["password"].$_SESSION["id"]), $password) == 0 && $_SESSION["ip"] == $_SERVER["REMOTE_ADDR"]; } @@ -205,19 +233,19 @@ # session # - function load_session() - { session_start(); + function load_session(){ + session_start(); if(!isset($_SESSION["id"])) $this->clear_session(); - if - ( $user = - ( isset($_COOKIE["user"]) || isset($_SESSION["user"]) ? + if( + $user = ( + isset($_COOKIE["user"]) || isset($_SESSION["user"]) ? $this->user(isset($_COOKIE["user"]) ? $_COOKIE["user"] : $_SESSION["user"]) : array() ) - ) - { if(isset($_COOKIE["user"])) $this->set_session($user); - if(!$this->user_ok($user)) - { $this->clear_session(); + ){ + if(isset($_COOKIE["user"])) $this->set_session($user); + if(!$this->user_ok($user)){ + $this->clear_session(); $user = array(); } } @@ -225,15 +253,15 @@ return $user; } - function set_session($user) - { $_SESSION["user"] = $user["login"]; + function set_session($user){ + $_SESSION["user"] = $user["login"]; $_SESSION["pass"] = md5($user["password"].$_SESSION["id"]); $env = $this->env(); return setcookie("user", $user["login"], time() + (60 * 60 * 24 * 7), $env->path("web")); } - function clear_session() - { unset($_SESSION["user"]); + function clear_session(){ + unset($_SESSION["user"]); unset($_SESSION["pass"]); $_SESSION["ip"] = $_SERVER["REMOTE_ADDR"]; $_SESSION["id"] = md5(rand()); @@ -241,14 +269,16 @@ return setcookie("user", "", 0, $env->path("web")); } - function get_session_user() { return $this->_user; } + function get_session_user(){ + return $this->_user; + } # ---------------------------------------------------------------------------------------- # uploads # - function check_user_uploads_dir($user = null) - { $env = $this->env(); + function check_user_uploads_dir($user = null){ + $env = $this->env(); $user_dir = $env->path("content")."uploads/".(isset($user) ? $user : $this->_user["id"]); if(!file_exists($user_dir)) @mkdir($user_dir); return file_exists($user_dir);