@ -63,6 +63,7 @@ class OC_USER {
*
*/
public static function createuser($username,$password){
global $CONFIG_DBTABLEPREFIX;
if(OC_USER::getuserid($username,true)!=0){
return false;
}else{
@ -70,7 +71,7 @@ class OC_USER {
$password=sha1($password);
$username=OC_DB::escape($username);
$usernameclean=OC_DB::escape($usernameclean);
$query="INSERT INTO `users` (`user_name` ,`user_name_clean` ,`user_password`) VALUES ('$username', '$usernameclean', '$password')";
$query="INSERT INTO `{$CONFIG_DBTABLEPREFIX} users` (`user_name` ,`user_name_clean` ,`user_password`) VALUES ('$username', '$usernameclean', '$password')";
$result=OC_DB::query($query);
return ($result)?true:false;
}
@ -82,11 +83,13 @@ class OC_USER {
*
*/
public static function login($username,$password){
global $CONFIG_DBTABLEPREFIX;
$password=sha1($password);
$usernameclean=strtolower($username);
$username=OC_DB::escape($username);
$usernameclean=OC_DB::escape($usernameclean);
$query="SELECT user_id FROM users WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1";
$query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1";
$result=OC_DB::select($query);
if(isset($result[0]) & & isset($result[0]['user_id'])){
$_SESSION['user_id']=$result[0]['user_id'];
@ -124,9 +127,10 @@ class OC_USER {
*
*/
public static function creategroup($groupname){
global $CONFIG_DBTABLEPREFIX;
if(OC_USER::getgroupid($groupname,true)==0){
$groupname=OC_DB::escape($groupname);
$query="INSERT INTO `groups` (`group_name`) VALUES ('$groupname')";
$query="INSERT INTO `{$CONFIG_DBTABLEPREFIX} groups` (`group_name`) VALUES ('$groupname')";
$result=OC_DB::query($query);
return ($result)?true:false;
}else{
@ -139,12 +143,13 @@ class OC_USER {
*
*/
public static function getuserid($username,$nocache=false){
global $CONFIG_DBTABLEPREFIX;
$usernameclean=strtolower($username);
if(!$nocache and isset($_SESSION['user_id_cache'][$usernameclean])){//try to use cached value to save an sql query
return $_SESSION['user_id_cache'][$usernameclean];
}
$usernameclean=OC_DB::escape($usernameclean);
$query="SELECT user_id FROM users WHERE user_name_clean = '$usernameclean'";
$query="SELECT user_id FROM {$CONFIG_DBTABLEPREFIX} users WHERE user_name_clean = '$usernameclean'";
$result=OC_DB::select($query);
if(!is_array($result)){
return 0;
@ -162,11 +167,12 @@ class OC_USER {
*
*/
public static function getgroupid($groupname,$nocache=false){
global $CONFIG_DBTABLEPREFIX;
if(!$nocache and isset($_SESSION['group_id_cache'][$groupname])){//try to use cached value to save an sql query
return $_SESSION['group_id_cache'][$groupname];
}
$groupname=OC_DB::escape($groupname);
$query="SELECT group_id FROM groups WHERE group_name = '$groupname'";
$query="SELECT group_id FROM {$CONFIG_DBTABLEPREFIX} groups WHERE group_name = '$groupname'";
$result=OC_DB::select($query);
if(!is_array($result)){
return 0;
@ -184,11 +190,12 @@ class OC_USER {
*
*/
public static function getgroupname($groupid,$nocache=false){
global $CONFIG_DBTABLEPREFIX;
if($nocache and $name=array_search($groupid,$_SESSION['group_id_cache'])){//try to use cached value to save an sql query
return $name;
}
$groupid=(integer)$groupid;
$query="SELECT group_name FROM groups WHERE group_id = '$groupid' LIMIT 1";
$query="SELECT group_name FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_id = '$groupid' LIMIT 1";
$result=OC_DB::select($query);
if(isset($result[0]) & & isset($result[0]['group_name'])){
return $result[0]['group_name'];
@ -202,10 +209,12 @@ class OC_USER {
*
*/
public static function ingroup($username,$groupname){
global $CONFIG_DBTABLEPREFIX;
$userid=OC_USER::getuserid($username);
$groupid=OC_USER::getgroupid($groupname);
if($groupid>0 and $userid>0){
$query="SELECT * FROM user_group WHERE group_id = '$groupid' AND user_id = '$userid';";
$query="SELECT * FROM {$CONFIG_DBTABLEPREFIX} user_group WHERE group_id = '$groupid' AND user_id = '$userid';";
$result=OC_DB::select($query);
if(isset($result[0]) & & isset($result[0]['user_group_id'])){
return true;
@ -222,11 +231,13 @@ class OC_USER {
*
*/
public static function addtogroup($username,$groupname){
global $CONFIG_DBTABLEPREFIX;
if(!OC_USER::ingroup($username,$groupname)){
$userid=OC_USER::getuserid($username);
$groupid=OC_USER::getgroupid($groupname);
if($groupid!=0 and $userid!=0){
$query="INSERT INTO `user_group` (`user_id` ,`group_id`) VALUES ('$userid', '$groupid');";
$query="INSERT INTO `{$CONFIG_DBTABLEPREFIX} user_group` (`user_id` ,`group_id`) VALUES ('$userid', '$groupid');";
$result=OC_DB::query($query);
if($result){
return true;
@ -250,8 +261,10 @@ class OC_USER {
*
*/
public static function getusergroups($username){
global $CONFIG_DBTABLEPREFIX;
$userid=OC_USER::getuserid($username);
$query="SELECT group_id FROM user_group WHERE user_id = '$userid'";
$query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE user_id = '$userid'";
$result=OC_DB::select($query);
$groups=array();
if(is_array($result)){
@ -268,9 +281,11 @@ class OC_USER {
*
*/
public static function setpassword($username,$password){
global $CONFIG_DBTABLEPREFIX;
$password=sha1($password);
$userid=OC_USER::getuserid($username);
$query="UPDATE users SET user_password = '$password' WHERE user_id ='$userid'";
$query = "UPDATE {$CONFIG_DBTABLEPREFIX}users SET user_password = '$password' WHERE user_id ='$userid'";
$result=OC_DB::query($query);
if($result){
return true;
@ -284,11 +299,13 @@ class OC_USER {
*
*/
public static function checkpassword($username,$password){
global $CONFIG_DBTABLEPREFIX;
$password=sha1($password);
$usernameclean=strtolower($username);
$username=OC_DB::escape($username);
$usernameclean=OC_DB::escape($usernameclean);
$query="SELECT user_id FROM 'users' WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1";
$query = "SELECT user_id FROM '{$CONFIG_DBTABLEPREFIX} users' WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1";
$result=OC_DB::select($query);
if(isset($result[0]) & & isset($result[0]['user_id']) & & $result[0]['user_id']>0){
return true;