diff options
Diffstat (limited to 'inc/lib_user.php')
| -rwxr-xr-x | inc/lib_user.php | 39 |
1 files changed, 28 insertions, 11 deletions
diff --git a/inc/lib_user.php b/inc/lib_user.php index 5a7b92d4781..a9d284cfd49 100755 --- a/inc/lib_user.php +++ b/inc/lib_user.php @@ -63,6 +63,7 @@ class OC_USER { * */ public static function createuser($username,$password){ + global $CONFIG_DBTABLEPREFIX; if(OC_USER::getuserid($username,true)!=0){ return false; }else{ @@ -70,7 +71,7 @@ class OC_USER { $password=sha1($password); $username=OC_DB::escape($username); $usernameclean=OC_DB::escape($usernameclean); - $query="INSERT INTO `users` (`user_name` ,`user_name_clean` ,`user_password`) VALUES ('$username', '$usernameclean', '$password')"; + $query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}users` (`user_name` ,`user_name_clean` ,`user_password`) VALUES ('$username', '$usernameclean', '$password')"; $result=OC_DB::query($query); return ($result)?true:false; } @@ -82,11 +83,13 @@ class OC_USER { * */ public static function login($username,$password){ + global $CONFIG_DBTABLEPREFIX; + $password=sha1($password); $usernameclean=strtolower($username); $username=OC_DB::escape($username); $usernameclean=OC_DB::escape($usernameclean); - $query="SELECT user_id FROM users WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1"; + $query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1"; $result=OC_DB::select($query); if(isset($result[0]) && isset($result[0]['user_id'])){ $_SESSION['user_id']=$result[0]['user_id']; @@ -124,9 +127,10 @@ class OC_USER { * */ public static function creategroup($groupname){ + global $CONFIG_DBTABLEPREFIX; if(OC_USER::getgroupid($groupname,true)==0){ $groupname=OC_DB::escape($groupname); - $query="INSERT INTO `groups` (`group_name`) VALUES ('$groupname')"; + $query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}groups` (`group_name`) VALUES ('$groupname')"; $result=OC_DB::query($query); return ($result)?true:false; }else{ @@ -139,12 +143,13 @@ class OC_USER { * */ public static function getuserid($username,$nocache=false){ + global $CONFIG_DBTABLEPREFIX; $usernameclean=strtolower($username); if(!$nocache and isset($_SESSION['user_id_cache'][$usernameclean])){//try to use cached value to save an sql query return $_SESSION['user_id_cache'][$usernameclean]; } $usernameclean=OC_DB::escape($usernameclean); - $query="SELECT user_id FROM users WHERE user_name_clean = '$usernameclean'"; + $query="SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameclean'"; $result=OC_DB::select($query); if(!is_array($result)){ return 0; @@ -162,11 +167,12 @@ class OC_USER { * */ public static function getgroupid($groupname,$nocache=false){ + global $CONFIG_DBTABLEPREFIX; if(!$nocache and isset($_SESSION['group_id_cache'][$groupname])){//try to use cached value to save an sql query return $_SESSION['group_id_cache'][$groupname]; } $groupname=OC_DB::escape($groupname); - $query="SELECT group_id FROM groups WHERE group_name = '$groupname'"; + $query="SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_name = '$groupname'"; $result=OC_DB::select($query); if(!is_array($result)){ return 0; @@ -184,11 +190,12 @@ class OC_USER { * */ public static function getgroupname($groupid,$nocache=false){ + global $CONFIG_DBTABLEPREFIX; if($nocache and $name=array_search($groupid,$_SESSION['group_id_cache'])){//try to use cached value to save an sql query return $name; } $groupid=(integer)$groupid; - $query="SELECT group_name FROM groups WHERE group_id = '$groupid' LIMIT 1"; + $query="SELECT group_name FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_id = '$groupid' LIMIT 1"; $result=OC_DB::select($query); if(isset($result[0]) && isset($result[0]['group_name'])){ return $result[0]['group_name']; @@ -202,10 +209,12 @@ class OC_USER { * */ public static function ingroup($username,$groupname){ + global $CONFIG_DBTABLEPREFIX; + $userid=OC_USER::getuserid($username); $groupid=OC_USER::getgroupid($groupname); if($groupid>0 and $userid>0){ - $query="SELECT * FROM user_group WHERE group_id = '$groupid' AND user_id = '$userid';"; + $query="SELECT * FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE group_id = '$groupid' AND user_id = '$userid';"; $result=OC_DB::select($query); if(isset($result[0]) && isset($result[0]['user_group_id'])){ return true; @@ -222,11 +231,13 @@ class OC_USER { * */ public static function addtogroup($username,$groupname){ + global $CONFIG_DBTABLEPREFIX; + if(!OC_USER::ingroup($username,$groupname)){ $userid=OC_USER::getuserid($username); $groupid=OC_USER::getgroupid($groupname); if($groupid!=0 and $userid!=0){ - $query="INSERT INTO `user_group` (`user_id` ,`group_id`) VALUES ('$userid', '$groupid');"; + $query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}user_group` (`user_id` ,`group_id`) VALUES ('$userid', '$groupid');"; $result=OC_DB::query($query); if($result){ return true; @@ -250,8 +261,10 @@ class OC_USER { * */ public static function getusergroups($username){ + global $CONFIG_DBTABLEPREFIX; + $userid=OC_USER::getuserid($username); - $query="SELECT group_id FROM user_group WHERE user_id = '$userid'"; + $query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE user_id = '$userid'"; $result=OC_DB::select($query); $groups=array(); if(is_array($result)){ @@ -268,9 +281,11 @@ class OC_USER { * */ public static function setpassword($username,$password){ + global $CONFIG_DBTABLEPREFIX; + $password=sha1($password); $userid=OC_USER::getuserid($username); - $query="UPDATE users SET user_password = '$password' WHERE user_id ='$userid'"; + $query = "UPDATE {$CONFIG_DBTABLEPREFIX}users SET user_password = '$password' WHERE user_id ='$userid'"; $result=OC_DB::query($query); if($result){ return true; @@ -284,11 +299,13 @@ class OC_USER { * */ public static function checkpassword($username,$password){ + global $CONFIG_DBTABLEPREFIX; + $password=sha1($password); $usernameclean=strtolower($username); $username=OC_DB::escape($username); $usernameclean=OC_DB::escape($usernameclean); - $query="SELECT user_id FROM 'users' WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1"; + $query = "SELECT user_id FROM '{$CONFIG_DBTABLEPREFIX}users' WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1"; $result=OC_DB::select($query); if(isset($result[0]) && isset($result[0]['user_id']) && $result[0]['user_id']>0){ return true; |