Location: PHPKode > projects > EverQuest Roster/Gallery > html/includes/write_user.php
<?
        /**********************************************************************************
        *                                                                                 *
        *                               write_user.php                                    *
        *                             ------------------                                  *
        *                                                                                 *
        * Program           : EverQuest Roster/Gallery v1.7b1                             *
        * Copyright         : (C) 2001 - 2002 BladeTek Internet Services &                *
        *                                                     The EQRG Developement Team  *
        * Website           : http://eqcode.roleplayersinteraction.com                    *
        * Support Website   : http://www.sourceforge.net/projects/eqrostergallery         *
        * Email             : hide@address.com                                        *
        *                                                                                 *
        * For license information, please read the documents directory which              *
        * came with this edition                                                          *
        *                                                                                 *
        **********************************************************************************/

        session_start();

        function user_login($login, $passwd) {
                global $SESSION;

                if (!$login) {
                        $err = "The login name field cannot be blank.";
                } elseif (!$passwd) {
                        $err = "The password field cannot be blank.";
                } else {
                        $query  = "select id, passwd, update_time, email, level, sort1, sort2, sort3";
                        $query .= "  from users";
                        $query .= " where login = '$login'";

                        query_db($query, $user);

                        if (!$user["id"]) {
                                $err = "That username does not exist in the database.";
                        } elseif (strcmp($passwd, $user["passwd"])) {
                                $err = "The password is incorrect.";
                        } elseif ($user["level"] < 1) {
                                $err = "You have been banned from the site.";
                        } else {
                                $SESSION["uid"]         = $user["id"];
                                $SESSION["email"]       = $user["email"];
                                $SESSION["update_time"] = $user["update_time"];
                                $SESSION["level"]       = $user["level"];
                                $SESSION["sort1"]       = $user["sort1"];
                                $SESSION["sort2"]       = $user["sort2"];
                                $SESSION["sort3"]       = $user["sort3"];

                                session_register("SESSION");
                        }
                }

                return $err;
        }

        function add_user($vars) {
                global $SESSION;

                if ($SESSION["uid"]) {
                        $err = ERR_ALREADY_LOGGED_IN;
                } elseif (!trim($vars["login"])) {
                        $err = ERR_ADD_USER_LOGIN_BLANK;
                } elseif (eregi("[^[:alnum:]]", $vars["login"])) {
                        $err = ERR_ADD_USER_LOGIN_INVALID;
                } elseif (!trim($vars["email"])) {
                        $err = ERR_ADD_USER_EMAIL_BLANK;
                } elseif (validate_email(trim($vars["email"]))) {
                        $err = ERR_ADD_USER_EMAIL_INVALID;
                } elseif (!trim($vars["passwd"])) {
                        $err = ERR_ADD_USER_PASSWORD_BLANK;
                } elseif (!trim($vars["vpasswd"])) {
                        $err = ERR_ADD_USER_VPASSWORD_BLANK;
                } elseif (strcmp($vars["passwd"], $vars["vpasswd"])) {
                        $err = ERR_ADD_USER_PASSWORDS_NOT_MATCH;
                } elseif (!trim($vars["guild_passwd"])) {
                        $err = ERR_ADD_USER_GUILD_PASSWORD_BLANK;
                } elseif (strcmp($vars["guild_passwd"], GUILD_PASSWORD)) {
                        $err = ERR_ADD_USER_GUILD_PASSWORD_WRONG;
                } else {
                        $query  = "select id";
                        $query .= "  from users";
                        $query .= " where login = '" . trim($vars["login"]) . "'";

                        query_db($query, $check);

                        if ($check["id"]) {
                                $err = ERR_ADD_USER_ALREADY_EXISTS;
                        } else {
                                $query  = "select id";
                                $query .= "  from users";
                                $query .= " where email = '" . trim($vars["email"]) . "'";

                                query_db($query, $check);

                                if ($check["id"]) {
                                        $err = ERR_ADD_USER_EMAIL_ALREADY_EXISTS;
                                } else {
                                        $query  = "insert into users (id, level, timezone, login, passwd, email, realname, websiteurl, icquni, yahooid, msnuid, aimuid, location, occupation, skills, intrests, biography)";
                                        $query .= "values (0, 1, 0, '" . trim($vars["login"]) . "', '" . trim($vars["passwd"]) . "', '" . trim($vars["email"]) . "', '" . $vars["realname"] . "', '" . $vars["websiteurl"] . "', '" . $vars["icquni"] . "', '" . $vars["yahooid"] . "', '" . $vars["msnuid"] . "', '" . $vars["aimuid"] . "', '" . $vars["location"] . "', '" . $vars["occupation"] . "', '" . $vars["skills"] . "', '" . $vars["intrests"] . "', '" . $vars["biography"] . "')";

                                        update_db($query);
                                }
                        }
                }

                return $err;
        }

        function validate_email($email) {
                if (eregi("(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)", $email) || !eregi ("^.+\@(\[?)[-_a-zA-Z0-9\.]+\.([a-zA-Z]{2,3}|[0-9]{1,3})(\]?)$", $email)) {
                        return 1;
                } else {
                        list($user, $domain) = explode("@", $email);

                        if ((!eregi("^[_a-zA-Z0-9\.\-]+$", $user)) || (!eregi("^[_a-zA-Z0-9\.\-]+$", $domain))) {
                                return 1;
                        } else {
                                return 0;
                        }
                }
        }

        function edit_user_sort($sort1, $sort2, $sort3) {
                global $SESSION;

                if ($SESSION["uid"]) {
                        if (
                            (!strcmp($sort1, "status") || !strcmp($sort1, "class") || !strcmp($sort1, "name") || !strcmp($sort1, "level")) &&
                            (!strcmp($sort2, "status") || !strcmp($sort2, "class") || !strcmp($sort2, "name") || !strcmp($sort2, "level")) &&
                            (!strcmp($sort3, "status") || !strcmp($sort3, "class") || !strcmp($sort3, "name") || !strcmp($sort3, "level"))
                           ) {
                                $query  = "update users";
                                $query .= "   set sort1 = '" . $sort1 . "', sort2 = '" . $sort2 . "', sort3 = '" . $sort3 . "'";
                                $query .= " where id = " . $SESSION["uid"];

                                update_db($query);
                        }
                }
        }

        function read_users(&$users) {
                global $SESSION;

                if ($SESSION["level"] != ADMIN) {
                        $err = ERR_NOT_ENOUGH_ACCESS;
                } else {
                        $query  = "select id, login, level, timezone";
                        $query .= "  from users";
                        $query .= " order by login";

                        $users["count"] = query_db($query, $users, true);
                }

                return $err;
        }

        function del_user($id) {
                global $SESSION;

                if ($SESSION["level"] != ADMIN) {
                        $err = ERR_NOT_ENOUGH_ACCESS;
                } elseif (!$id) {
                        $err = ERR_ID_BLANK;
                } elseif (eregi("[^[:digit:]]", $id)) {
                        $err = ERR_ID_INVALID;
                } elseif ($id == $SESSION["uid"]) {
                        $err = ERR_DEL_USER_DEL_SELF;
                } else {
                        $query  = "select id";
                        $query .= "  from users";
                        $query .= " where id = $id";

                        query_db($query, $check);

                        if (!$check["id"]) {
                                $err = ERR_ID_NOT_EXIST;
                        } else {
                                $query  = "delete";
                                $query .= "  from users";
                                $query .= " where id = $id";

                                update_db($query);
                        }
                }

                return $err;
        }

        function update_users($vars) {
                global $SESSION;

                if ($SESSION["level"] != ADMIN) {
                        $err = ERR_NOT_ENOUGH_ACCESS;
                } else {
                        $temp = array_keys($vars);

                        for ($i = 0; $i < count($temp); $i++) {
                                if (substr($temp[$i], 0, 6) == "level_") {
                                        if ($vars[$temp[$i]] == "") {
                                                $err = ERR_UPDATE_USERS_LEVEL_BLANK;
                                                break;
                                        } elseif ($vars[$temp[$i]] < BANNED || $vars[$temp[$i]] > ADMIN) {
                                                $err = ERR_UPDATE_USERS_ACCESS_OOR;
                                                break;
                                        } else {
                                                if ($vars[$temp[$i]] == BANNED) {
                                                        $ul_query["banned"] .= substr($temp[$i], 6) . ", ";
                                                } elseif ($vars[$temp[$i]] == NORMAL) {
                                                        $ul_query["normal"] .= substr($temp[$i], 6) . ", ";
                                                } elseif ($vars[$temp[$i]] == ADMIN) {
                                                        $ul_query["admin"] .= substr($temp[$i], 6) . ", ";
                                                } else {
                                                        $err = ERR_UPPDATE_USERS_ACCESS_OOR;
                                                        break;
                                                }
                                        }
                                }
                        }
                }

                if (!$err) {
                        if ($ul_query["banned"]) {
                                $level_query  = "update users";
                                $level_query .= "   set level = " . BANNED;
                                $level_query .= " where id in (" . substr($ul_query["banned"], 0, -2) . ")";

                                update_db($level_query);
                        }

                        if ($ul_query["normal"]) {
                                $level_query  = "update users";
                                $level_query .= "   set level = " . NORMAL;
                                $level_query .= " where id in (" . substr($ul_query["normal"], 0, -2) . ")";

                                update_db($level_query);
                        }

                        if ($ul_query["admin"]) {
                                $level_query  = "update users";
                                $level_query .= "   set level = " . ADMIN;
                                $level_query .= " where id in (" . substr($ul_query["admin"], 0, -2) . ")";

                                update_db($level_query);
                        }

                        $query  = "update users";
                        $query .= "   set update_time = unix_timestamp()";

                        update_db($query);
                }

                return $err;
        }

        function check_user_update() {
                global $SESSION;

                if ($SESSION["uid"]) {
                        $query  = "select update_time";
                        $query .= "  from users";
                        $query .= " where id = " . $SESSION["uid"];

                        query_db($query, $time);

                        if ($time["update_time"] > $SESSION["update_time"]) {
                                return true;
                        }
                }

                return false;
        }

        function email_password($email) {
                if (!trim($email)) {
                        $err = ERR_PASSWD_EMAIL_BLANK;
                } elseif (validate_email(trim($email))) {
                        $err = ERR_PASSWD_EMAIL_INVALID;
                } else {
                        $query  = "select login, passwd";
                        $query .= "  from users";
                        $query .= " where email = '" . trim($email) . "'";

                        query_db($query, $row);

                        if (!$row["login"]) {
                                $err = ERR_PASSWD_USER_NOT_EXIST;
                        } else {
                                $body  = "You have requested that your login and password for the Roster\n";
                                $body .= "be sent to you.  Keep this information for your records:\n\n";
                                $body .= "Login: " . $row["login"] . "\n";
                                $body .= "Password: " . $row["passwd"] . "\n\n";

                                $mail_err = mail($email, "Login Information", $body, "From: " . $options["email"] . "\nReply-To: " . $options["email"] . "");

                                if (!$mail_err) {
                                        $err = ERR_PASSWD_MAIL_NOT_SENT;
                                }
                        }
                }

                return $err;
        }

?>
Return current item: EverQuest Roster/Gallery