public function isGroupMember($id) { global $db, $db_table_prefix; $sql = "SELECT " . $db_table_prefix . "users.group_id, \n\t\t\t\t" . $db_table_prefix . "groups.* FROM " . $db_table_prefix . "users \n\t\t\t\tINNER JOIN " . $db_table_prefix . "groups ON " . $db_table_prefix . "users.group_id = " . $db_table_prefix . "groups.group_id\n\t\t\t\tWHERE user_id = '" . $db->sql_escape($this->user_id) . "'\n\t\t\t\tAND\n\t\t\t\t" . $db_table_prefix . "users.group_id = '" . $db->sql_escape($db->sql_escape($id)) . "'\n\t\t\t\tLIMIT 1\n\t\t\t\t"; if (returns_result($sql)) { return true; } else { return false; } }
public function isGroupMember($id) { global $db; $sql = "SELECT {$db->users}.group_id,{$db->groups}.* FROM {$db->users} INNER JOIN {$db->groups} ON {$db->users}.group_id = {$db->groups}.group_id WHERE user_id = '" . $db->sql_escape($this->user_id) . "' AND {$db->users}.group_id = '" . $db->sql_escape($db->sql_escape($id)) . "' LIMIT 1"; if (returns_result($sql)) { return true; } else { return false; } }
public function isGroupMember($id) { global $db, $db_table_prefix; $sql = "SELECT " . $db_table_prefix . "Users.Group_ID, " . $db_table_prefix . "Groups.* FROM " . $db_table_prefix . "Users INNER JOIN " . $db_table_prefix . "Groups ON " . $db_table_prefix . "Users.Group_ID = " . $db_table_prefix . "Groups.Group_ID WHERE User_ID = '" . (int) $this->user_id . "' AND " . $db_table_prefix . "Users.Group_ID = '" . (int) $db->sql_escape($id) . "'"; if (returns_result($sql)) { return true; } else { return false; } }
/* UserPie Version: 1.0 http://userpie.com */ // Primitive installer require_once "../models/settings.php"; //Dbal Support - Thanks phpBB ; ) require_once "../models/db/" . $dbtype . ".php"; require_once "../models/funcs.user.php"; //Construct a db instance $db = new $sql_db(); if (is_array($db->sql_connect($db_host, $db_user, $db_pass, $db_name, $db_port, false, false))) { echo "<strong>Unable to connect to the database, check your settings.</strong>"; echo "<p><a href=\"?install=true\">Try again</a></p>"; } else { if (returns_result("SELECT * FROM " . $db_table_prefix . "groups LIMIT 1") > 0) { echo "<strong>UserPie has already been installed.<br /> Please remove / rename the install directory.</strong> <p>Continue...</p>"; } else { if (isset($_GET["install"])) { $db_issue = false; $groups_sql = "\n\t\t\t\t\tCREATE TABLE IF NOT EXISTS `" . $db_table_prefix . "groups` (\n\t\t\t\t\t`group_id` int(11) NOT NULL auto_increment,\n\t\t\t\t\t`group_name` varchar(225) NOT NULL,\n\t\t\t\t\t PRIMARY KEY (`group_id`)\n\t\t\t\t\t) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;\n\t\t\t\t"; $group_entry = "\n\t\t\t\t\tINSERT INTO `" . $db_table_prefix . "groups` (`group_id`, `group_name`) VALUES\n\t\t\t\t\t(1, 'Standard User');\n\t\t\t\t"; $users_sql = "\n\t\t\t\t\t CREATE TABLE IF NOT EXISTS `" . $db_table_prefix . "users` (\n\t\t\t\t\t`user_id` int(11) NOT NULL auto_increment,\n\t\t\t\t\t`username` varchar(150) NOT NULL,\n\t\t\t\t\t`username_clean` varchar(150) NOT NULL,\n\t\t\t\t\t`password` varchar(225) NOT NULL,\n\t\t\t\t\t`email` varchar(150) NOT NULL,\n\t\t\t\t\t`activationtoken` varchar(225) NOT NULL,\n\t\t\t\t\t`last_activation_request` int(11) NOT NULL,\n\t\t\t\t\t`LostpasswordRequest` int(1) NOT NULL default '0',\n\t\t\t\t\t`active` int(1) NOT NULL,\n\t\t\t\t\t`group_id` int(11) NOT NULL,\n\t\t\t\t\t`sign_up_date` int(11) NOT NULL,\n\t\t\t\t\t `last_sign_in` int(11) NOT NULL,\n\t\t\t\t\t PRIMARY KEY (`user_id`)\n\t\t\t\t\t) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;\n\t\t\t\t"; $sessions_sql = "\n\t\t\t \t\t CREATE TABLE IF NOT EXISTS `" . $db_table_prefix . "sessions` (\n\t\t\t\t\t`session_start` int(11) NOT NULL,\n\t\t\t\t\t`session_data` text NOT NULL,\n\t\t\t\t\t`session_id` varchar(255) NOT NULL,\n\t\t\t\t\tPRIMARY KEY (`session_id`)\n\t\t\t\t\t) ENGINE=MyISAM DEFAULT CHARSET=latin1;\n\t\t\t\t"; if ($db->sql_query($groups_sql)) { echo "<p>" . $db_table_prefix . "groups table created.....</p>"; } else { echo "<p>Error constructing " . $db_table_prefix . "groups table.</p><br /><br /> DBMS said: "; echo print_r($db->_sql_error()); $db_issue = true; }
function isUserLoggedIn() { global $loggedInUser, $db, $db_table_prefix; if ($loggedInUser == NULL) { return false; } else { $sql = "SELECT id,\n\t\t\t\tpassword\n\t\t\t\tFROM " . $db_table_prefix . "profiles\n\t\t\t\tWHERE\n\t\t\t\tid = '" . $db->sql_escape($loggedInUser->id) . "'\n\t\t\t\tAND \n\t\t\t\tpassword = '******' \n\t\t\t\tAND\n\t\t\t\tactive = 1\n\t\t\t\tLIMIT 1"; //Query the database to ensure they haven't been removed or possibly banned? if (returns_result($sql) > 0) { return true; } else { //No result returned kill the user session, user banned or deleted $loggedInUser->userLogOut(); return false; } } }
function isUserLoggedIn() { global $loggedInUser, $db, $db_table_prefix; if ($loggedInUser == NULL) { return false; } else { $sql = "SELECT User_ID,\n\t\t\t\tPassword\n\t\t\t\tFROM " . $db_table_prefix . "Users\n\t\t\t\tWHERE\n\t\t\t\tUser_ID = '" . $db->sql_escape($loggedInUser->user_id) . "'\n\t\t\t\tAND \n\t\t\t\tPassword = '******' \n\t\t\t\tAND\n\t\t\t\tActive = 1\n\t\t\t\tLIMIT 1"; // TODO: For f**k's sake, can't this be made more efficient??? //Query the database to ensure they haven't been removed or possibly banned? if (returns_result($sql) > 0) { return true; } else { //No result returned kill the user session, user banned or deleted $loggedInUser->userLogOut(); return false; } } }
function isUserLoggedIn() { global $loggedInUser, $db, $db_table_prefix; if ($loggedInUser == NULL) { return false; } else { //Query the database to ensure they haven't been removed or possibly banned? if (returns_result("SELECT User_ID,Password FROM " . $db_table_prefix . "Users WHERE User_ID = '" . (int) $db->sql_escape($loggedInUser->user_id) . "' AND Password = '******' AND Active = 1 LIMIT 1") > 0) { return true; } else { //No result returned kill the user session, user banned or deleted $loggedInUser->userLogOut(); return false; } } }
function isUserLoggedIn() { global $loggedInUser, $db; if (!isset($loggedInUser) || $loggedInUser == NULL) { return false; } if ($loggedInUser == NULL) { return false; } else { $sql = "SELECT user_id,password FROM {$db->users} WHERE user_id = '" . $db->sql_escape($loggedInUser->user_id) . "' AND password = '******' AND active = 1 LIMIT 1"; //Query the database to ensure they haven't been removed or possibly banned? if (returns_result($sql) > 0) { return true; } else { //No result returned kill the user session, user banned or deleted $loggedInUser->userLogOut(); return false; } } }