Changeset 18 for user.php

Timestamp:

Oct 21, 2008, 4:15:52 PM (16 years ago)

Author:

george

Message:

• Upraveno: Prozatím jednoduché oprávnění pro čtení a zápis k jednotlivým seznamům.
• Přidáno: Typ GPS souřadnice.
• Opraveno: Převod přes hašovací funkci SHA1 u typu Password.
• Upraveno: Možnost vybrat variantu Žádný u odkazů.
• Opraveno: Součinost modulu User s časovou databázovou strukturou.

File:

• user.php (modified) (5 diffs)

user.php

@@ -41 +41 @@
     $SID = session_id();
     // Lookup user record
-    $Query = $this->Database->select($this->TableUserOnline, '*', 'SessionId="'.$SID.'"');
+    $Query = $this->Database->select($this->TableUserOnline, '*', '`SessionId`="'.$SID.'"');
     if($Query->num_rows > 0)
     {
       // Refresh time of last access
-      $this->Database->update($this->TableUserOnline, 'SessionId="'.$SID.'"', array('ActivityTime' => 'NOW()'));
+      $this->Database->update($this->TableUserOnline, '`SessionId`="'.$SID.'"', array('ActivityTime' => 'NOW()'));
     } else $this->Database->insert($this->TableUserOnline, array('SessionId' => $SID, 'User' => 0, 'LoginTime' => 'NOW()', 'ActivityTime' => 'NOW()', 'IpAddress' => GetRemoteAddress(), 'HostName' => gethostbyaddr(GetRemoteAddress())));
     //echo($this->Database->LastQuery);
@@ -54 +54 @@
     if($Row['User'] != 0)
     {
-      $Query = $this->Database->select($this->TableUser, '*', "Id=".$Row['User']."");
-      $this->User = $Query->fetch_array();
+      $Query = $this->Database->query('SELECT * FROM `'.$this->TableUser.'` WHERE `ItemId`='.$Row['User'].' ORDER BY `Id` DESC LIMIT 1');
+      $this->User = $Query->fetch_assoc();
+      //print_r($this->User);
       $Result = USER_LOGGED;
-    } else 
-    {
-      $Query = $this->Database->select($this->TableUser, '*', "Id=0");
-      $this->User = $Query->fetch_array();
+    } else
+    {
+      $Query = $this->Database->select($this->TableUser, '*', "`ItemId`=0");
+      $this->User = $Query->fetch_assoc();
       $Result = USER_NOT_LOGGED;
     }
 
     // Odeber neaktivní uživatele
-    $DbResult = $this->Database->select($this->TableUserOnline, 'User', 'ActivityTime < DATE_SUB(NOW(), INTERVAL '.USER_TIMEOUT.' SECOND)');
-    while($DbRow = $DbResult->fetch_array())
-    {
-      $this->Database->delete($this->TableUserOnline, 'User='.$DbRow['User']);
+    $DbResult = $this->Database->select($this->TableUserOnline, 'User', '`ActivityTime` < DATE_SUB(NOW(), INTERVAL '.USER_TIMEOUT.' SECOND)');
+    while($DbRow = $DbResult->fetch_assoc())
+    {
+      $this->Database->delete($this->TableUserOnline, '`User`='.$DbRow['User']);
       //$this->System->Modules['Log']->Add('User', 'Logout');
     }
@@ -94 +95 @@
         else
         {
-          $this->Database->insert($this->TableUser, array('Name' => $Nick, 'FirstName' => $FirstName, 'SecondName' => $SecondName, 'Password' => sha1($Password), 'Email' => $Email, 'RegistrationTime' => 'NOW()', 'Locked' => 1));
+          $this->Database->insert($this->TableUser, array('Name' => $Nick, 'FirstName' => $FirstName, 'SecondName' => $SecondName, 'Password' => $Password, 'Email' => $Email, 'RegistrationTime' => 'NOW()', 'Locked' => 1));
           $UserId = $this->Database->insert_id;
 
           $Subject = FromUTF8('Registrace nového účtu', 'iso2');
-          $Message = 'Provedli jste registraci nového účtu na serveru <a href="http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'">http://'.$Config['Web']['Host'].$Config['Web']['RootFolder']."</a>.<br>\nPokud jste tak neučinili, měli by jste tento email ignorovat.<br><br>\n\nVáš účet je: ".$Nick."\n<br>Pro dokončení registrace klikněte na ".'<a href="http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'/?Action=UserRegisterConfirm&amp;User='.$UserId.'&amp;H='.sha1($Password).'">tento odkaz</a>.'."\n<br> \n\n<br><br>Na tento email neodpovídejte.";
+          $Message = 'Provedli jste registraci nového účtu na serveru <a href="http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'">http://'.$Config['Web']['Host'].$Config['Web']['RootFolder']."</a>.<br>\nPokud jste tak neučinili, měli by jste tento email ignorovat.<br><br>\n\nVáš účet je: ".$Nick."\n<br>Pro dokončení registrace klikněte na ".'<a href="http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'/?Action=UserRegisterConfirm&amp;User='.$UserId.'&amp;H='.$Password.'">tento odkaz</a>.'."\n<br> \n\n<br><br>Na tento email neodpovídejte.";
           $AdditionalHeaders = "To: ".$Nick." <".$Email.">\n"."From: ".FromUTF8($Config['Web']['Title'], 'iso2')." <noreplay@zdechov.net>\n"."MIME-Version: 1.0\n"."Content-type: text/html; charset=utf-8";
           mail($Email, $Subject, $Message, $AdditionalHeaders);
@@ -133 +134 @@
     {
       $Row = $Query->fetch_array();
-      if($Row['Password'] != sha1($Password)) $Result = BAD_PASSWORD;
+      if($Row['Password'] != $Password) $Result = BAD_PASSWORD;
       else if($Row['Locked'] == 1) $Result = ACCOUNT_LOCKED;
-      else 
+      else
       {
         $this->Database->update($this->TableUser, 'Id='.$Row['Id'], array('LastLoginTime' => 'NOW()'));
-        $this->Database->update($this->TableUserOnline, 'SessionId="'.$SID.'"', array('User' => $Row['Id']));
+        $this->Database->update($this->TableUserOnline, 'SessionId="'.$SID.'"', array('User' => $Row['ItemId'], 'ItemId' => $Row['ItemId']));
         // načtení stavu stromu
         $Result = USER_LOGGED_IN;
@@ -188 +189 @@
       if(($NewPassword == $NewPassword2) and ($Hash == $Row['Password']))
       {
-        $this->Database->update($this->TableUser, 'Id='.$Row['Id'], array('Password' => sha1($NewPassword), 'Locked' => 0));
+        $this->Database->update($this->TableUser, 'Id='.$Row['Id'], array('Password' => $NewPassword, 'Locked' => 0));
         $Output = USER_PASSWORD_RECOVERY_CONFIRMED;
         //$this->System->Modules['Log']->NewRecord('User', 'PasswordRecoveryConfirm', 'UserName='.$Row['Name']);