array(), "total" => 0); try { $SELECT = "SELECT #--pun_users.id" .", #--pun_users.username" .", #--artistes.id as id_artiste"; $FROM = " FROM #--pun_users" ." LEFT JOIN #--artistes" ." ON #--pun_users.id=#--artistes.pun_user"; $WHERE = " WHERE #--pun_users.id!=1"; $WHERE .= (isset($alpha) ? ($WHERE ? " AND" : " WHERE")." LEFT(username, 1)=".$this->eq($alpha) : ""); $WHERE .= (isset($is_artiste) ? ($WHERE ? " AND" : " WHERE")." #--artistes.id IS".($is_artiste ? " NOT" : "")." NULL" : ""); $GROUP_BY = " GROUP BY #--pun_users.id"; $LIMIT = ($this->env->config("max_list") ? " LIMIT ".$this->env->config("max_list")." OFFSET ".$start : ""); $sql = "SELECT count(*) as n FROM(".$SELECT.$FROM.$WHERE.$GROUP_BY.") res"; $rst = $this->sql->query($sql); if($v_rst = $this->sql->fetch_assoc($rst)) $users["total"] = $v_rst["n"]; $this->sql->free_result($rst); if($users["total"] > 0) { $sql = "SELECT * FROM(".$SELECT.$FROM.$WHERE.$GROUP_BY.$LIMIT.") res"; $rst = $this->sql->query($sql); while($v_rst = $this->sql->fetch_assoc($rst)) $users["list"][$v_rst["id"]] = $v_rst; $this->sql->free_result($rst); } } catch(Exception $_e) { $users = false; } return $users; } function user($id) { $user = array(); try { $sql = "SELECT * from #--pun_users WHERE id=".$id; $rst = $this->sql->query($sql); if($v_rst = $this->sql->fetch_assoc($rst)) $user = $v_rst; $this->sql->free_result($rst); } catch(Exception $_e) { $user = false; } return $user; } # ---------------------------------------------------------------------------------------- # admin # function is_admin($user_id) { $OK = false; try { $sql = "SELECT group_id FROM #--pun_users WHERE id=".$user_id; $rst = $this->sql->query($sql); if($v_rst = $this->sql->fetch_assoc($rst)) $OK = $v_rst["group_id"] == 1; $this->sql->free_result($rst); } catch(Exception $_e) { $OK = false; } return $OK; } function is_super_admin($user_id) { $is_super_admin = false; try { $sql = "SELECT * FROM #--super_admins WHERE id_pun_user=".$user_id; $rst = $this->sql->query($sql); if($v_rst = $this->sql->fetch_assoc($rst)) $is_super_admin = true; $this->sql->free_result($rst); } catch(Exception $_e) { $is_super_admin = false; } return $is_super_admin; } function is_artiste_admin($id_artise, $pun_user) { $is_artiste_admin = false; try { $sql = "SELECT count(*) as n FROM #--artistes_admins WHERE id_artiste=".$id_artise." AND pun_user=".$pun_user; $rst = $this->sql->query($sql); if($v_rst = $this->sql->fetch_assoc($rst)) $is_artiste_admin = $v_rst["n"] > 0; $this->sql->free_result($rst); } catch(Exception $_e) { $is_artiste_admin = false; } return $is_artiste_admin; } # ---------------------------------------------------------------------------------------- # log in / out # function pun_login_ok($form_username, $form_password, $db) { $username_sql = ($db_type == 'mysql' || $db_type == 'mysqli') ? 'username=\''.$db->escape($form_username).'\'' :'LOWER(username)=LOWER(\''.$db->escape($form_username).'\')'; $_sql = 'SELECT id, group_id, password' .' FROM '.$db->prefix.'users' .' WHERE '.$username_sql; $result = $db->query ( $_sql ) or error('Impossible de retrouver les informations utilisateur', __FILE__, __LINE__, $db->error()); list($user_id, $group_id, $db_password_hash) = $db->fetch_row($result); $save_pass = 1; $authorized = false; if(!empty($db_password_hash)) { $sha1_in_db = (strlen($db_password_hash) == 40) ? true : false; $sha1_available = (function_exists('sha1') || function_exists('mhash')) ? true : false; $form_password_hash = pun_hash($form_password); // This could result in either an SHA-1 or an MD5 hash (depends on $sha1_available) if($sha1_in_db && $sha1_available && $db_password_hash == $form_password_hash) $authorized = true; else if(!$sha1_in_db && $db_password_hash == md5($form_password)) { $authorized = true; if($sha1_available) // There's an MD5 hash in the database, but SHA1 hashing is available, so we update the DB $db->query ( 'UPDATE '.$db->prefix.'users' .' SET password=\''.$form_password_hash.'\'' .' WHERE id='.$user_id ) or error('Impossible de modifier le mot de passe', __FILE__, __LINE__, $db->error()); } } // Update the status if this is the first time the user logged in if($group_id == PUN_UNVERIFIED) $db->query ( 'UPDATE '.$db->prefix.'users' .' SET group_id='.$pun_config['o_default_user_group'] .' WHERE id='.$user_id ) or error('Uimpossible de modifier le statut utilisateur', __FILE__, __LINE__, $db->error()); // Remove this users guest entry from the online list $db->query ( 'DELETE FROM '.$db->prefix.'online' .' WHERE ident=\''.$db->escape(get_remote_address()).'\'' ) or error('Impossible de supprimer de la liste des utilisateur en ligne', __FILE__, __LINE__, $db->error()); $expire = ($save_pass == '1') ? time() + 31536000 : 0; pun_setcookie($user_id, $form_password_hash, $expire); return $authorized; } function pun_logout($pun_user, $db) { if($pun_user["is_guest"] || !isset($_GET["id"]) || $_GET["id"] != $pun_user["id"]) return false; // Remove user from "users online" list. $db->query ( 'DELETE FROM '.$db->prefix.'online' .' WHERE user_id='.$pun_user['id'] ) or error('Impossible de supprimer de la liste des utilisateur en ligne', __FILE__, __LINE__, $db->error()); // Update last_visit (make sure there's something to update it with) if(isset($pun_user['logged'])) $db->query ( 'UPDATE '.$db->prefix.'users' .' SET last_visit='.$pun_user['logged'] .' WHERE id='.$pun_user['id'] ) or error('Impossible de modifier les données de visite de l\'utilisateur', __FILE__, __LINE__, $db->error()); pun_setcookie(1, random_pass(8), time() + 31536000); return true; } } ?>