Changeset 1424 for trunk/rss/util.php

Show
Ignore:
Timestamp:
04/09/06 23:29:35 (3 years ago)
Author:
mbonetti
Message:

Handle all user business in a new (early loaded) User class. Also fixes #382

Files:
1 modified

Legend:

Unmodified
Added
Removed

  • trunk/rss/util.php

    r1421 r1424  
    868868} 
    869869 
    870 function rss_getUser() { 
    871     static $user; 
    872     if ($user == null) { 
    873  
    874         $user = array( 
    875                     'uid' => 0, 
    876                     'uname' => null, 
    877                     'ulevel' => RSS_USER_LEVEL_NOLEVEL, 
    878                     'realname' => null, 
    879                     'lastip' => null, 
    880                     'userips' => null, 
    881                     'lastlogin' => null 
    882                 ); 
    883         $cuname =  $chash = null; 
    884         if (isset($_COOKIE[RSS_USER_COOKIE])) { 
    885             list($cuname,$chash) = explode('|',$_COOKIE[RSS_USER_COOKIE]); 
    886         }  elseif(isset($_SESSION['mobile'])) { 
    887             list($cuname,$chash) = explode('|',$_SESSION['mobile']); 
    888         } 
    889         if ($cuname && $chash) { 
    890             $sql = "select * from " . getTable('users') . " where uname='" 
    891                    .rss_real_escape_string($cuname) ."' and password='" 
    892                    .preg_replace('#[^a-zA-Z0-9]#','',md5($chash)) ."'"; 
    893             $rs = rss_query($sql); 
    894             if (rss_num_rows($rs) == 1) { 
    895                 $tmp = rss_fetch_assoc($rs); 
    896                 if (isset($tmp['userips'])) { 
    897                     $tmp['userips'] = explode(' ',$tmp['userips']); 
    898                 } else { 
    899                     $tmp['userips'] = array(); 
    900                 } 
    901  
    902                 unset($tmp['password']); 
    903                 $subnet = preg_replace('#^([0-9]+\.[0-9]+\.[0-9]+)\.[0-9]+$#','\1',$_SERVER['REMOTE_ADDR']); 
    904                 if (array_search($subnet, $tmp['userips']) !== FALSE) { 
    905                     // success: password hash was checked and the user's IP 
    906                     // address subnet is registered 
    907                     $user = $tmp; 
    908                 } 
    909             } 
    910         } 
    911     } 
    912     return $user; 
    913 } 
    914  
    915 function setUserCookie($user,$hash) { 
    916     if (getConfig('rss.config.autologout')) { 
    917         $t = 0; 
    918     } else { 
    919         $t =time()+COOKIE_LIFESPAN; 
    920     } 
    921     setcookie(RSS_USER_COOKIE, "$user|$hash", $t, getPath()); 
    922 } 
    923  
    924 function logoutUserCookie() { 
    925     if (array_key_exists(RSS_USER_COOKIE, $_COOKIE)) { 
    926  
    927         // remove the user's IP subnet from the list of valid addresses 
    928         $user = rss_getUser(); 
    929         $subnet = preg_replace('#^([0-9]+\.[0-9]+\.[0-9]+)\.[0-9]+$#','\1',$_SERVER['REMOTE_ADDR']); 
    930  
    931         if (($idx = array_search($subnet, $user['userips'])) !== FALSE) { 
    932             $cnt = count($user['userips']); 
    933             unset($user['userips'][$idx]); 
    934             $uname = trim($user['uname']); 
    935             if ($uname && ($cnt > count($user['userips']))) { 
    936                 $sql = "update " .getTable('users') 
    937                        . " set userips = '" . implode(' ',$user['userips']) ."'" 
    938                        ." where uname = '$uname' "; 
    939                 rss_query($sql); 
    940             } 
    941         } 
    942  
    943         // get rid of the cookie 
    944         unset($_COOKIE[RSS_USER_COOKIE]); 
    945         setcookie(RSS_USER_COOKIE, "", -1, getPath()); 
    946         rss_invalidate_cache(); 
    947  
    948     } 
    949 } 
    950  
    951 function hidePrivate() { 
    952     static $ret; 
    953     if ($ret === null) { 
    954         $ret = !rss_check_user_level(RSS_USER_LEVEL_PRIVATE); 
    955     } 
    956  
    957     return $ret; 
    958 } 
    959  
    960 function rss_check_user_level($level) { 
    961     $user = rss_getUser(); 
    962     return $user['ulevel'] >= $level; 
    963 } 
    964  
    965 function __exp_login($uname,$pass) { 
    966     $sql ="select uname,ulevel,userips from " .getTable('users') . "where uname='" 
    967           .rss_real_escape_string($uname)."' and password='".md5($pass)."'"; 
    968     list($uname,$ulevel,$userips) = rss_fetch_row(rss_query($sql)); 
    969     if ($ulevel == '') { 
    970         $ulevel = RSS_USER_LEVEL_NOLEVEL; 
    971     } else { 
    972         // "push" the user IP into the list of logged-in IP subnets 
    973         $subnet = preg_replace('#^([0-9]+\.[0-9]+\.[0-9]+)\.[0-9]+$#','\1',$_SERVER['REMOTE_ADDR']); 
    974         $useripsArray = explode(' ',$userips); 
    975         $useripsArray[] = $subnet; 
    976         $sql = "update " .getTable('users') 
    977                . " set userips = '" . implode(' ',$useripsArray) ."'" 
    978                ." where uname = '$uname' "; 
    979         rss_query($sql); 
    980         setUserCookie($uname,$pass); 
    981         rss_invalidate_cache(); 
    982     } 
    983     return "$ulevel|$uname|$pass"; 
    984 } 
     870 
    985871 
    986872function getUnreadCount($cid, $fid) {