[Astrospaces-commits] SF.net SVN: astrospaces: [82] trunk/functions
Brought to you by:
p3net
Menu
▾
▴
[Astrospaces-commits] SF.net SVN: astrospaces: [82] trunk/functions
|
From: <p3...@us...> - 2007-08-01 15:11:10
|
Revision: 82
http://astrospaces.svn.sourceforge.net/astrospaces/?rev=82&view=rev
Author: p3net
Date: 2007-08-01 08:11:05 -0700 (Wed, 01 Aug 2007)
Log Message:
-----------
Rename session.php to user.php and change the class call to . I think I got all of the calls, if not, please fix them as you find the problems.
Added Paths:
-----------
trunk/functions/user.php
Removed Paths:
-------------
trunk/functions/session.php
Deleted: trunk/functions/session.php
===================================================================
--- trunk/functions/session.php 2007-08-01 00:15:01 UTC (rev 81)
+++ trunk/functions/session.php 2007-08-01 15:11:05 UTC (rev 82)
@@ -1,434 +0,0 @@
-<?php
-/*******************************************************
- * Copyright (C) 2007 http://p3net.net
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along
- with this program; if not, write to the Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-
- @id: $Id$
-*********************************************************/
-/********************************************************
-The name here is a bit of a misnomer. The session class
-handles all user-interaction related processes -- both
-interaction between user and server and interaction
-between user and user
-**********************************************************/
-class session
-{
- /*
- Function Name: create
- Arguments: none
- Purpose: create session
- */
- function create()
- {
- /* We don't have a session and aren't logged in. Let's create it */
- $id = md5(time() . rand(1,1000));
- /* Check to make sure it's unique */
- $_query = 'INSERT INTO '.AS_TBL_SESSION.' (id, user_id, ip, last_update) VALUES(' . $id . ','.$db->qstr('-1').',' . $db->qstr($_SERVER['REMOTE_ADDR']) . ',' . time() . ')';
- if ($db->Execute($_query) === false)
- {
- $error->general('<b>DB Error!</b>', 'session.php - create(): '.$db->ErrorMsg());
- return false;
- }
- $_COOKIE['session_id'] = $id;
- }
- /*
- Function Name: check
- Arguments: none
- Purpose: Check if a session exists
- */
- function check()
- {
- /* We need to check if a session exists by looking for the session cookie. If that's not there,
- then we return false (since the user isn't logged in). We also match the IP */
- $ip = $_SERVER['REMOTE_ADDR'];
- $_query = 'SELECT * FROM '.AS_TBL_SESSION.' WHERE ip = ' . $db->qstr($ip);
- $res = $db->Execute($_query);
- $count = $res->RecordCount();
- if($count == 0)
- {
- $session->create();
- }
- else
- {
- /* Get an array of our session info */
- $res = $res->GetArray();
- if($res[0]['id'] != $_COOKIE['session_id'])
- {
- $session->create();
- }
- else
- {
- $array = $res->GetArray();
- foreach($array[0] as $key => $value)
- {
- if (!is_numeric($key))
- {
- $user->data[$key] = $value;
- }
- }
- /* Update our updated time */
- $_query = 'UPDATE '.AS_TBL_SESSION.' SET last_update = ' . time() . ' WHERE id = ' . $user->data['id'] . ' LIMIT 1';
- if ($db->Execute($_query) === false)
- {
- $error->general('<b>DB Error!</b>', 'session.php - check(): '.$db->ErrorMsg());
- return false;
- }
- }
- }
- /* We also need to get rid of users who haven't done anything in the last half-hour */
- $_query = 'DELETE FROM '.AS_TBL_SESSION.' WHERE last_update < ' . (time() - (60*30));
- if ($db->Execute($_query) === false)
- {
- $error->general('<b>DB Error!</b>', 'session.php - check(): '.$db->ErrorMsg());
- return false;
- }
- }
- /*
- Function Name: logged_in
- Arguments: none
- Purpose: check if user is logged in
- */
- function logged_in()
- {
- if($user->data['id'] != "-1")
- {
- return true;
- }
- else
- {
- return false;
- }
- }
- /*
- Function Name: login
- Arguments: (int) user_id -- ID of user to login
- Purpose: Updates session table to reflect that a user is logged in
- */
- function login($user_id)
- {
- if (!is_numeric($user_id) and $user_id != null)
- {
- $error->general('Invalid userID', "Invalid userID = Possible hack! Input value: \"".$user_id."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
- return false;
- }
- $session->check();
- if($session->logged_in())
- {
- /* Wait - what? */
- $error->general("Already logged in", "Session already populated");
- }
- else
- {
- $_query = 'UPDATE '.AS_TBL_SESSION.' SET user_id = ' . $user_id . ' WHERE id = ' . $db->qstr($_COOKIE["session_id"]) . ' LIMIT 1';
- if ($db->Execute($_query) === false)
- {
- $error->general('<b>DB Error!</b>', 'session.php - login(): '.$db->ErrorMsg());
- return false;
- }
- /* Run the session check again. It'll make the row and populate $user->data */
- $session->check();
- }
- }
- /*
- Function Name: logout
- Arguments: none
- Purpose: Edit session table to reflect that user is logged out
- */
- function logout()
- {
- if($session->logged_in())
- {
- $_query = 'UPDATE '.AS_TBL_SESSION.' SET user_id = '.$db->qstr('-1').' WHERE id = ' . $user->data['id'] . ' AND ip = ' . $db->qstr($user->data['ip']) . ' LIMIT 1';
- $db->query($_query);
- $user->data = null;
- }
- else
- {
- $error->general('Not logged in', 'User ID = -1');
- }
- }
- /*
- Function Name: is_friend
- Arguments: (int) id -- ID of our suspected friend
- Purpose: Check if user is your friend
- */
- function is_friend($id)
- {
- if (!is_numeric($id))
- {
- $error->general('Invalid userID', "Invalid userID = Possible hack! Input value: \"".$id."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
- return false;
- }
- if(!$user->logged_in())
- {
- return false;
- }
- else
- {
- $_query = 'SELECT count(*) FROM '.AS_TBL_FRIEND.' WHERE party_1 = ' . $user->data['user_id'] . ' AND party_2 = ' . $id . ' AND accepted = 1';
- $_query = $db->Execute($_query);
- if($_query->fields[0] > 0)
- {
- return true;
- }
- else
- {
- $_query = 'SELECT count(*) FROM '.AS_TBL_FRIEND.' WHERE party_2 = ' . $user->data['user_id'] . ' AND party_1 = ' . $id . ' AND accepted = 1';
- $_query = $db->Execute($_query);
- if($_query->fields[0] > 0)
- {
- return true;
- }
- else
- {
- return false;
- }
- }
- }
- }
- /*
- Function Name: action
- Arguments: (int) action -- Add action to action table; (int) who -- ID of friend action is made towards. If unspecified, applies to all
- Purpose:
- */
- function action($action, $who = null)
- {
- if (!is_numeric($action) and $action != null)
- {
- $error->general('Invalid actionID', "Invalid actionID = Possible hack! Input value: \"".$action."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
- return false;
- }
-
- if (!is_numeric($who) and $who != null)
- {
- $error->general('Invalid whoID', "Invalid whoID = Possible hack! Input value: \"".$who."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
- return false;
- }
- /*List of actions:
- 1. Updated Space
- 2. Left you a comment
- 3. Left a comment on one of your pictures
- 4. Uploaded a picture
- 5. Added you as a friend
- 6. New blog post
- 7. Left you a comment on a blog post
- 8. Joined a group
- 9. Created a group */
- $_query = 'INSERT INTO '.AS_TBL_ACTION.' (time, who, action, for) VALUES(' . time() . ',' . $user->data['user_id'] . ', ' . $action . ', ' . $who . ')';
- $db->query($_query);
- return true;
- }
- /*
- Function Name: add_friend
- Arguments: (int) id -- ID of user to add as our friend
- Purpose: Add user as (unapproved) friend
- */
- function add_friend($id)
- {
- if (!is_numeric($id) and $id != null)
- {
- $error->general('Invalid friendID', "Invalid friendID = Possible hack! Input value: \"".$id."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
- return false;
- }
-
- if(!$user->logged_in())
- {
- $error->general("Not logged in", "Add as friend");
- }
- else
- {
- if($user->is_friend($id))
- {
- $error->general("Already friend", "Add as friend");
- }
- else
- {
- $_query = 'SELECT count(*) FROM '.AS_TBL_FRIEND.' WHERE (party_1 = ' . $user->data['user_id'] . ' AND party_2 = ' . $id;
- $_query = $db->query($_query);
- if ($_query->fields[0] > 0)
- {
- $error->general("Already added as friend, awaiting acception", "Add as friend");
- }
- else
- {
- $_query = 'SELECT count(*) FROM '.AS_TBL_FRIEND.' WHERE party_2 = ' . $user->data['user_id'] . ' AND party_1 = ' . $id;
- $_query = $db->Execute($_query);
- if ($_query->fields[0] > 0)
- {
- $error->general("User has already added you as a friend. Accept them in your friend control panel.", "Add as friend");
- }
- else
- {
- $_query='INSERT INTO '.AS_TBL_FRIEND.' VALUES(' . $user->data['user_id'] . ',' . $id . ',0)';
- if ($db->Execute($_query) === false)
- {
- $error->general('<b>DB Error!</b>', 'session.php - add_friend(): '.$db->ErrorMsg());
- return false;
- }
- $message->thank("adding this user as your friend. You will be alerted when they accept you as a friend.", "to go back", "javascript:history.go(-1)");
- }
- }
- }
- }
- }
- /*
- Function Name: accept_friend
- Arguments: (int) id -- ID of user to accept as friend
- Purpose: Accept friend
- */
- function accept_friend($id)
- {
- if (!is_numeric($id) and $id != null)
- {
- $error->general('Invalid friendID', "Invalid friendID = Possible hack! Input value: \"".$id."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
- return false;
- }
- $_query= 'UPDATE '.AS_TBL_FRIEND.' SET accepted = 1 WHERE party_2 = '.$data->user['user_id'].' AND party_1 = '.$id.' LIMIT 1';
- $db->query($_query);
- $user->action(5, $id);
- }
- /*
- Function Name: can_view
- Arguments: (int) id -- ID of user who permissions are being checked for
- Purpose: Check if we have permissions to view this users space
- */
- function can_view($id)
- {
- if (!is_numeric($id) and $id != null)
- {
- $error->general('Invalid friendID', "Invalid friendID = Possible hack! Input value: \"".$id."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
- return false;
- }
- /*We're simply checking whether or not we have the permissions to view this space */
- /*First we need to figure out what the space privacy setting is*/
- $_query = 'SELECT privacy FROM '.AS_TBL_USER.' WHERE id = ' . $id . ' LIMIT 1';
- $_query = $db->Execute($_query);
- $_query = $db->GetArray($_query);
- $res = $_query[0]['privacy'];
- if($res == '0')
- {
- /* All users can view this space */
- return true;
- }
- else
- {
- /* We need to check if we're they're friend */
- if($session->is_friend($id))
- {
- return true;
- }
- else
- {
- return false;
- }
- }
- }
- /*
- Function Name: add_coment
- Arguments: (int) id -- ID of user who comment is directed to
- Purpose: Add comment
- */
- function add_comment($id)
- {
- if (!is_numeric($id) and $id != null)
- {
- $error->general('Invalid userID', "Invalid userD = Possible hack! Input value: \"".$id."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
- return false;
- }
- if($session->is_friend($id))
- {
- /* Okay, we have permission to leave this comment */
- $_query = 'INSERT INTO '.AS_TBL_CMT.' (comment_timestamp, poster_id, recipient_id, comment) VALUES(' .
- time() . ',' . $user->data['user_id'] . ',' . $id . ',' . $db->qstr($_POST['body']).')';
- if ($db->Execute($_query) === false)
- {
- $error->general('<b>DB Error!</b>', 'session.php - add_comment(): '.$db->ErrorMsg());
- return false;
- }
- $session->action('2', $id);
- }
- }
- /*
- Function Name: get_username
- Arguments: (int) id -- User ID
- Purpose: Fetch username of user based on their unique ID
- */
- function get_username($id)
- {
- if (!is_numeric($id) and $id != null)
- {
- $error->general('Invalid userID', "Invalid userID = Possible hack! Input value: \"".$id."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
- return false;
- }
- $_query = 'SELECT display_name FROM '.AS_TBL_USER.' WHERE id = ' . $id;
- $_query = $db->Execute($_query);
- $res = $db->GetArray($_query);
- return $res[0]['display_name'];
- }
- /*
- Function Name: add_image_comment
- Arguments: (int) id -- Image ID
- Purpose: Add comment to image
- */
- function add_image_comment($id)
- {
- if (!is_numeric($id) and $id != null)
- {
- $error->general('Invalid imageID', "Invalid imageID = Possible hack! Input value: \"".$id."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
- return false;
- }
-
- $owner = 'SELECT owner_id FROM '.AS_TBL_IMG.' WHERE id = ' . $id;
- $owner = $db->query($owner);
- $owner = $db->fetch_array($owner);
- $owner = $owner['owner'];
- if ($session->is_friend($owner))
- {
- $_query = 'INSERT INTO '.AS_TBL_IMG_CMT.' (image_id, post_timestamp, author, comment) VALUES('. $id . ',' . time() . ',' . $user->data['user_id'] . ',' . $db->qstr($_POST['comment'],get_magic_quotes_gpc()) . ')';
- if ($db->Execute($_query) === false)
- {
- $error->general('<b>DB Error!</b>', 'session.php - add_img_comment(): '.$db->ErrorMsg());
- return false;
- }
- }
- }
- /*
- Function Name: generate_timestamp
- Arguments: (int) time -- time to parse
- Purpose: Generate datestamp of time passed, taking user's time offset into consideration
- */
- function generate_timestamp($time)
- {
- if (!is_numeric($time) and $time != null)
- {
- $error->general('Invalid timestamp', "Invalid timestamp = Possible hack! Input value: \"".$time."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
- return false;
- }
-
- if($session->logged_in())
- {
- $_query = 'SELECT time_offset FROM '.AS_TBL_USER.' WHERE id = ' . $user->data['user_id'];
- $_query = $db->Execute($_query);
- $_query = $query->GetArray($_query);
- $offset = $_query[0]['time_offset'];
-
- $diff = $offset * 60 * 60;
- }
- $time = $time + $diff;
- return date('m/d/Y G:i:s', $time);
- }
-}
-?>
\ No newline at end of file
Copied: trunk/functions/user.php (from rev 78, trunk/functions/session.php)
===================================================================
--- trunk/functions/user.php (rev 0)
+++ trunk/functions/user.php 2007-08-01 15:11:05 UTC (rev 82)
@@ -0,0 +1,428 @@
+<?php
+/*******************************************************
+ * Copyright (C) 2007 http://p3net.net
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ @id: $Id$
+*********************************************************/
+class user
+{
+ /*
+ Function Name: create
+ Arguments: none
+ Purpose: create session
+ */
+ function create()
+ {
+ /* We don't have a session and aren't logged in. Let's create it */
+ $id = md5(time() . rand(1,1000));
+ /* Check to make sure it's unique */
+ $_query = 'INSERT INTO '.AS_TBL_SESSION.' (id, user_id, ip, last_update) VALUES(' . $id . ','.$db->qstr('-1').',' . $db->qstr($_SERVER['REMOTE_ADDR']) . ',' . time() . ')';
+ if ($db->Execute($_query) === false)
+ {
+ $error->general('<b>DB Error!</b>', 'session.php - create(): '.$db->ErrorMsg());
+ return false;
+ }
+ $_COOKIE['session_id'] = $id;
+ }
+ /*
+ Function Name: check
+ Arguments: none
+ Purpose: Check if a session exists
+ */
+ function check()
+ {
+ /* We need to check if a session exists by looking for the session cookie. If that's not there,
+ then we return false (since the user isn't logged in). We also match the IP */
+ $ip = $_SERVER['REMOTE_ADDR'];
+ $_query = 'SELECT * FROM '.AS_TBL_SESSION.' WHERE ip = ' . $db->qstr($ip);
+ $res = $db->Execute($_query);
+ $count = $res->RecordCount();
+ if($count == 0)
+ {
+ $session->create();
+ }
+ else
+ {
+ /* Get an array of our session info */
+ $res = $res->GetArray();
+ if($res[0]['id'] != $_COOKIE['session_id'])
+ {
+ $session->create();
+ }
+ else
+ {
+ $array = $res->GetArray();
+ foreach($array[0] as $key => $value)
+ {
+ if (!is_numeric($key))
+ {
+ $user->data[$key] = $value;
+ }
+ }
+ /* Update our updated time */
+ $_query = 'UPDATE '.AS_TBL_SESSION.' SET last_update = ' . time() . ' WHERE id = ' . $user->data['id'] . ' LIMIT 1';
+ if ($db->Execute($_query) === false)
+ {
+ $error->general('<b>DB Error!</b>', 'session.php - check(): '.$db->ErrorMsg());
+ return false;
+ }
+ }
+ }
+ /* We also need to get rid of users who haven't done anything in the last half-hour */
+ $_query = 'DELETE FROM '.AS_TBL_SESSION.' WHERE last_update < ' . (time() - (60*30));
+ if ($db->Execute($_query) === false)
+ {
+ $error->general('<b>DB Error!</b>', 'session.php - check(): '.$db->ErrorMsg());
+ return false;
+ }
+ }
+ /*
+ Function Name: logged_in
+ Arguments: none
+ Purpose: check if user is logged in
+ */
+ function logged_in()
+ {
+ if($user->data['id'] != "-1")
+ {
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
+ /*
+ Function Name: login
+ Arguments: (int) user_id -- ID of user to login
+ Purpose: Updates session table to reflect that a user is logged in
+ */
+ function login($user_id)
+ {
+ if (!is_numeric($user_id) and $user_id != null)
+ {
+ $error->general('Invalid userID', "Invalid userID = Possible hack! Input value: \"".$user_id."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
+ return false;
+ }
+ $session->check();
+ if($session->logged_in())
+ {
+ /* Wait - what? */
+ $error->general("Already logged in", "Session already populated");
+ }
+ else
+ {
+ $_query = 'UPDATE '.AS_TBL_SESSION.' SET user_id = ' . $user_id . ' WHERE id = ' . $db->qstr($_COOKIE["session_id"]) . ' LIMIT 1';
+ if ($db->Execute($_query) === false)
+ {
+ $error->general('<b>DB Error!</b>', 'session.php - login(): '.$db->ErrorMsg());
+ return false;
+ }
+ /* Run the session check again. It'll make the row and populate $user->data */
+ $session->check();
+ }
+ }
+ /*
+ Function Name: logout
+ Arguments: none
+ Purpose: Edit session table to reflect that user is logged out
+ */
+ function logout()
+ {
+ if($session->logged_in())
+ {
+ $_query = 'UPDATE '.AS_TBL_SESSION.' SET user_id = '.$db->qstr('-1').' WHERE id = ' . $user->data['id'] . ' AND ip = ' . $db->qstr($user->data['ip']) . ' LIMIT 1';
+ $db->query($_query);
+ $user->data = null;
+ }
+ else
+ {
+ $error->general('Not logged in', 'User ID = -1');
+ }
+ }
+ /*
+ Function Name: is_friend
+ Arguments: (int) id -- ID of our suspected friend
+ Purpose: Check if user is your friend
+ */
+ function is_friend($id)
+ {
+ if (!is_numeric($id))
+ {
+ $error->general('Invalid userID', "Invalid userID = Possible hack! Input value: \"".$id."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
+ return false;
+ }
+ if(!$user->logged_in())
+ {
+ return false;
+ }
+ else
+ {
+ $_query = 'SELECT count(*) FROM '.AS_TBL_FRIEND.' WHERE party_1 = ' . $user->data['user_id'] . ' AND party_2 = ' . $id . ' AND accepted = 1';
+ $_query = $db->Execute($_query);
+ if($_query->fields[0] > 0)
+ {
+ return true;
+ }
+ else
+ {
+ $_query = 'SELECT count(*) FROM '.AS_TBL_FRIEND.' WHERE party_2 = ' . $user->data['user_id'] . ' AND party_1 = ' . $id . ' AND accepted = 1';
+ $_query = $db->Execute($_query);
+ if($_query->fields[0] > 0)
+ {
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
+ }
+ }
+ /*
+ Function Name: action
+ Arguments: (int) action -- Add action to action table; (int) who -- ID of friend action is made towards. If unspecified, applies to all
+ Purpose:
+ */
+ function action($action, $who = null)
+ {
+ if (!is_numeric($action) and $action != null)
+ {
+ $error->general('Invalid actionID', "Invalid actionID = Possible hack! Input value: \"".$action."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
+ return false;
+ }
+
+ if (!is_numeric($who) and $who != null)
+ {
+ $error->general('Invalid whoID', "Invalid whoID = Possible hack! Input value: \"".$who."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
+ return false;
+ }
+ /*List of actions:
+ 1. Updated Space
+ 2. Left you a comment
+ 3. Left a comment on one of your pictures
+ 4. Uploaded a picture
+ 5. Added you as a friend
+ 6. New blog post
+ 7. Left you a comment on a blog post
+ 8. Joined a group
+ 9. Created a group */
+ $_query = 'INSERT INTO '.AS_TBL_ACTION.' (time, who, action, for) VALUES(' . time() . ',' . $user->data['user_id'] . ', ' . $action . ', ' . $who . ')';
+ $db->query($_query);
+ return true;
+ }
+ /*
+ Function Name: add_friend
+ Arguments: (int) id -- ID of user to add as our friend
+ Purpose: Add user as (unapproved) friend
+ */
+ function add_friend($id)
+ {
+ if (!is_numeric($id) and $id != null)
+ {
+ $error->general('Invalid friendID', "Invalid friendID = Possible hack! Input value: \"".$id."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
+ return false;
+ }
+
+ if(!$user->logged_in())
+ {
+ $error->general("Not logged in", "Add as friend");
+ }
+ else
+ {
+ if($user->is_friend($id))
+ {
+ $error->general("Already friend", "Add as friend");
+ }
+ else
+ {
+ $_query = 'SELECT count(*) FROM '.AS_TBL_FRIEND.' WHERE (party_1 = ' . $user->data['user_id'] . ' AND party_2 = ' . $id;
+ $_query = $db->query($_query);
+ if ($_query->fields[0] > 0)
+ {
+ $error->general("Already added as friend, awaiting acception", "Add as friend");
+ }
+ else
+ {
+ $_query = 'SELECT count(*) FROM '.AS_TBL_FRIEND.' WHERE party_2 = ' . $user->data['user_id'] . ' AND party_1 = ' . $id;
+ $_query = $db->Execute($_query);
+ if ($_query->fields[0] > 0)
+ {
+ $error->general("User has already added you as a friend. Accept them in your friend control panel.", "Add as friend");
+ }
+ else
+ {
+ $_query='INSERT INTO '.AS_TBL_FRIEND.' VALUES(' . $user->data['user_id'] . ',' . $id . ',0)';
+ if ($db->Execute($_query) === false)
+ {
+ $error->general('<b>DB Error!</b>', 'session.php - add_friend(): '.$db->ErrorMsg());
+ return false;
+ }
+ $message->thank("adding this user as your friend. You will be alerted when they accept you as a friend.", "to go back", "javascript:history.go(-1)");
+ }
+ }
+ }
+ }
+ }
+ /*
+ Function Name: accept_friend
+ Arguments: (int) id -- ID of user to accept as friend
+ Purpose: Accept friend
+ */
+ function accept_friend($id)
+ {
+ if (!is_numeric($id) and $id != null)
+ {
+ $error->general('Invalid friendID', "Invalid friendID = Possible hack! Input value: \"".$id."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
+ return false;
+ }
+ $_query= 'UPDATE '.AS_TBL_FRIEND.' SET accepted = 1 WHERE party_2 = '.$data->user['user_id'].' AND party_1 = '.$id.' LIMIT 1';
+ $db->query($_query);
+ $user->action(5, $id);
+ }
+ /*
+ Function Name: can_view
+ Arguments: (int) id -- ID of user who permissions are being checked for
+ Purpose: Check if we have permissions to view this users space
+ */
+ function can_view($id)
+ {
+ if (!is_numeric($id) and $id != null)
+ {
+ $error->general('Invalid friendID', "Invalid friendID = Possible hack! Input value: \"".$id."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
+ return false;
+ }
+ /*We're simply checking whether or not we have the permissions to view this space */
+ /*First we need to figure out what the space privacy setting is*/
+ $_query = 'SELECT privacy FROM '.AS_TBL_USER.' WHERE id = ' . $id . ' LIMIT 1';
+ $_query = $db->Execute($_query);
+ $_query = $db->GetArray($_query);
+ $res = $_query[0]['privacy'];
+ if($res == '0')
+ {
+ /* All users can view this space */
+ return true;
+ }
+ else
+ {
+ /* We need to check if we're they're friend */
+ if($session->is_friend($id))
+ {
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
+ }
+ /*
+ Function Name: add_coment
+ Arguments: (int) id -- ID of user who comment is directed to
+ Purpose: Add comment
+ */
+ function add_comment($id)
+ {
+ if (!is_numeric($id) and $id != null)
+ {
+ $error->general('Invalid userID', "Invalid userD = Possible hack! Input value: \"".$id."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
+ return false;
+ }
+ if($session->is_friend($id))
+ {
+ /* Okay, we have permission to leave this comment */
+ $_query = 'INSERT INTO '.AS_TBL_CMT.' (comment_timestamp, poster_id, recipient_id, comment) VALUES(' .
+ time() . ',' . $user->data['user_id'] . ',' . $id . ',' . $db->qstr($_POST['body']).')';
+ if ($db->Execute($_query) === false)
+ {
+ $error->general('<b>DB Error!</b>', 'session.php - add_comment(): '.$db->ErrorMsg());
+ return false;
+ }
+ $session->action('2', $id);
+ }
+ }
+ /*
+ Function Name: get_username
+ Arguments: (int) id -- User ID
+ Purpose: Fetch username of user based on their unique ID
+ */
+ function get_username($id)
+ {
+ if (!is_numeric($id) and $id != null)
+ {
+ $error->general('Invalid userID', "Invalid userID = Possible hack! Input value: \"".$id."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
+ return false;
+ }
+ $_query = 'SELECT display_name FROM '.AS_TBL_USER.' WHERE id = ' . $id;
+ $_query = $db->Execute($_query);
+ $res = $db->GetArray($_query);
+ return $res[0]['display_name'];
+ }
+ /*
+ Function Name: add_image_comment
+ Arguments: (int) id -- Image ID
+ Purpose: Add comment to image
+ */
+ function add_image_comment($id)
+ {
+ if (!is_numeric($id) and $id != null)
+ {
+ $error->general('Invalid imageID', "Invalid imageID = Possible hack! Input value: \"".$id."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
+ return false;
+ }
+
+ $owner = 'SELECT owner_id FROM '.AS_TBL_IMG.' WHERE id = ' . $id;
+ $owner = $db->query($owner);
+ $owner = $db->fetch_array($owner);
+ $owner = $owner['owner'];
+ if ($session->is_friend($owner))
+ {
+ $_query = 'INSERT INTO '.AS_TBL_IMG_CMT.' (image_id, post_timestamp, author, comment) VALUES('. $id . ',' . time() . ',' . $user->data['user_id'] . ',' . $db->qstr($_POST['comment'],get_magic_quotes_gpc()) . ')';
+ if ($db->Execute($_query) === false)
+ {
+ $error->general('<b>DB Error!</b>', 'session.php - add_img_comment(): '.$db->ErrorMsg());
+ return false;
+ }
+ }
+ }
+ /*
+ Function Name: generate_timestamp
+ Arguments: (int) time -- time to parse
+ Purpose: Generate datestamp of time passed, taking user's time offset into consideration
+ */
+ function generate_timestamp($time)
+ {
+ if (!is_numeric($time) and $time != null)
+ {
+ $error->general('Invalid timestamp', "Invalid timestamp = Possible hack! Input value: \"".$time."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
+ return false;
+ }
+
+ if($session->logged_in())
+ {
+ $_query = 'SELECT time_offset FROM '.AS_TBL_USER.' WHERE id = ' . $user->data['user_id'];
+ $_query = $db->Execute($_query);
+ $_query = $query->GetArray($_query);
+ $offset = $_query[0]['time_offset'];
+
+ $diff = $offset * 60 * 60;
+ }
+ $time = $time + $diff;
+ return date('m/d/Y G:i:s', $time);
+ }
+}
+?>
\ No newline at end of file
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
