From 4e3c253f3764ba9b4e7ec8a07f3098c3f2cc9642 Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Tue, 16 Sep 2008 13:16:52 -0400 Subject: [PATCH] Update api_user.php --- includes/api_user.php | 255 ++++++++++++++++++------------------------ 1 file changed, 106 insertions(+), 149 deletions(-) diff --git a/includes/api_user.php b/includes/api_user.php index a784f91..ac9569d 100644 --- a/includes/api_user.php +++ b/includes/api_user.php @@ -24,27 +24,26 @@ require_once('./includes/functions_datastore.php'); require_once('./includes/class_sort.php'); /** -* API: User -* -* @author Blue Static -* @copyright Copyright ©2002 - 2007, Blue Static -* @version $Revision$ -* @package Bugdar -* -*/ + * API: User + * + * @author Blue Static + * @copyright Copyright ©2002 - 2007, Blue Static + * @version $Revision$ + * @package Bugdar + * + */ class UserAPI extends BSApi { /** - * Database fields - * @var array - * @access private - */ - var $fields = array( - 'userid' => array(TYPE_UINT, REQ_AUTO, 'verify_nozero'), - 'email' => array(TYPE_STR, REQ_YES, ':self'), - 'displayname' => array(TYPE_STR, REQ_YES, ':self'), - 'usergroupid' => array(TYPE_UINT, REQ_YES, ':self'), - 'groupids' => array(TYPE_STR, REQ_NO, ':self'), + * Database fields + * @var array + */ + protected $fields = array( + 'userid' => array(TYPE_UINT, REQ_AUTO), + 'email' => array(TYPE_STR, REQ_YES), + 'displayname' => array(TYPE_STR, REQ_YES), + 'usergroupid' => array(TYPE_UINT, REQ_YES), + 'groupids' => array(TYPE_STR, REQ_NO), 'password' => array(TYPE_STR, REQ_YES), 'salt' => array(TYPE_STR, REQ_SET), 'authkey' => array(TYPE_STR, REQ_SET), @@ -53,67 +52,53 @@ class UserAPI extends BSApi 'languageid' => array(TYPE_UINT, REQ_NO), 'timezone' => array(TYPE_FLOAT,REQ_NO), 'usedst' => array(TYPE_BOOL, REQ_NO), - 'hidestatuses' => array(TYPE_STR, REQ_NO, ':self'), - 'defaultsortkey' => array(TYPE_STR, REQ_NO, ':self'), - 'defaultsortas' => array(TYPE_STR, REQ_NO, ':self'), - 'columnoptions' => array(TYPE_STR, REQ_NO, ':self'), + 'hidestatuses' => array(TYPE_STR, REQ_NO), + 'defaultsortkey' => array(TYPE_STR, REQ_NO), + 'defaultsortas' => array(TYPE_STR, REQ_NO), + 'columnoptions' => array(TYPE_STR, REQ_NO), 'authid' => array(TYPE_STR, REQ_NO) ); /** - * Database table - * @var string - * @access private - */ - var $table = 'user'; + * Database table + * @var string + */ + protected $table = 'user'; /** - * Table prefix - * @var string - * @access private - */ - var $prefix = TABLE_PREFIX; + * Table prefix + * @var string + */ + protected $prefix = TABLE_PREFIX; - // ################################################################### /** - * Set field: salt - * - * @access private - */ - function set_salt() + * Set field: salt + */ + protected function set_salt() { $this->set('salt', BSFunctions::random(rand(3, 15))); } - // ################################################################### /** - * Set field: authkey - * - * @access private - */ - function set_authkey() + * Set field: authkey + */ + protected function set_authkey() { $this->set('authkey', BSFunctions::random()); } - // ################################################################### /** - * Pre-insert - * - * @access private - */ - function pre_insert() + * Pre-insert + */ + protected function pre_insert() { $this->set('password', md5(md5($this->values['password']) . md5($this->values['salt']))); } - // ################################################################### /** - * Post-insert - * - * @access protected - */ - function post_insert() + * Post-insert + */ + protected function post_insert() { BSApp::$db->query(" INSERT INTO " . TABLE_PREFIX . "useremail @@ -130,72 +115,64 @@ class UserAPI extends BSApi build_assignedto(); } - // ################################################################### /** - * Verify: email - * - * @access private - */ - function verify_email() + * Validate: email + */ + protected function validate_email($field) { - if (!is_bool($ne = $this->verify_noempty('email'))) + if (!$this->_verifyIsNotEmpty($field)) { - return $ne; + return false; } if (!BSFunctions::is_valid_email($this->values['email'])) { - return T('The specified email is invalid.'); + $this->_error(new FieldException(T('The specified email is invalid.'), 'email')); + return false; } - if ($this->registry->db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE email = '" . $this->registry->db->escape_string($this->values['email']) . "' AND userid <> " . $this->registry->clean($this->values['userid'], TYPE_UINT))) + if (BSApp::$db->queryFirst("SELECT * FROM " . TABLE_PREFIX . "user WHERE email = '" . BSApp::$input->escape($this->values['email']) . "' AND userid <> " . BSApp::$input->clean($this->values['userid'], TYPE_UINT))) { - return T('The specified email is already in use.'); + $this->_error(new FieldException(T('The specified email is already in use.'), 'email')); + return false; } return true; } - // ################################################################### /** - * Verify: displayname - * - * @access private - */ - function verify_displayname() + * Validate: displayname + */ + protected function validate_displayname($field) { - if (!is_bool($ne = $this->verify_noempty('displayname'))) + if (!$this->_verifyIsNotEmpty($field)) { - return $ne; + return false; } - if ($this->registry->db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE displayname = '" . $this->registry->db->escape_string($this->values['displayname']) . "' AND userid <> " . $this->registry->clean($this->values['userid'], TYPE_UINT))) + if (BSApp::$db->queryFirst("SELECT * FROM " . TABLE_PREFIX . "user WHERE displayname = '" . BSApp::$input->escape($this->values['displayname']) . "' AND userid <> " . BSApp::$input->clean($this->values['userid'], TYPE_UINT))) { - return T('That display name is already in use by another user.'); + $this->_error(new FieldException(T('That display name is already in use by another user.'), 'displayname')); + return false; } return true; } - // ################################################################### /** - * Verify: usergroupid - * - * @access private - */ - function verify_usergroupid() + * Validate: usergroupid + */ + protected function validate_usergroupid($field) { if (!isset(bugdar::$datastore['usergroup'][ $this->values['usergroupid'] ])) { + $this->_error(new FieldException(L_INVALID_ID, $field)); return false; } return true; } - // ################################################################### /** - * Verify: groupids - * - * @access private - */ - function verify_groupids() + * Validate: groupids + */ + protected function validate_groupids($field) { $groups = $this->values['groupids']; if (!is_array($groups)) @@ -204,10 +181,11 @@ class UserAPI extends BSApi } $groups = BSFunctions::array_strip_empty($groups); - foreach ($groups AS $group) + foreach ($groups as $group) { if (!isset(bugdar::$datastore['usergroup']["$group"])) { + $this->_error(new FieldException(L_INVALID_ID, $field)); return false; } } @@ -217,13 +195,10 @@ class UserAPI extends BSApi return true; } - // ################################################################### /** - * Pre-update - * - * @access private - */ - function pre_update() + * Pre-update + */ + protected function pre_update() { $this->setCondition(); $this->fetch(); @@ -239,46 +214,41 @@ class UserAPI extends BSApi } } - // ################################################################### /** - * Post-update - * - * @access protected - */ - function post_update() + * Post-update + */ + protected function post_update() { if (isset($this->values['displayname'])) { - $username = $this->registry->escape($this->values['displayname']); + $username = BSApp::$input->escape($this->values['displayname']); $id = $this->values['userid']; - $this->registry->db->query("UPDATE " . TABLE_PREFIX . "bug SET username = '$username' WHERE userid = $id"); - $this->registry->db->query("UPDATE " . TABLE_PREFIX . "bug SET lastpostbyname = '$username' WHERE lastpostby = $id"); - $this->registry->db->query("UPDATE " . TABLE_PREFIX . "bug SET hiddenlastpostbyname = '$username' WHERE hiddenlastpostby = $id"); + BSApp::$db->query("UPDATE " . TABLE_PREFIX . "bug SET username = '$username' WHERE userid = $id"); + BSApp::$db->query("UPDATE " . TABLE_PREFIX . "bug SET lastpostbyname = '$username' WHERE lastpostby = $id"); + BSApp::$db->query("UPDATE " . TABLE_PREFIX . "bug SET hiddenlastpostbyname = '$username' WHERE hiddenlastpostby = $id"); } - if (isset($this->values['displayname']) OR isset($this->values['email'])) + if (isset($this->values['displayname']) || isset($this->values['email'])) { build_assignedto(); } } - // ################################################################### /** - * Pre-delete - * - * @access protected - */ - function pre_delete() + * Pre-delete + */ + protected function pre_delete() { if ($this->values['userid'] == bugdar::$userinfo['userid']) { + $this->error(T('You cannot delete your own account!')); } if ($this->values['usergroupid'] == 6) { - $count = $this->registry->db->query_first("SELECT COUNT(*) AS count FROM " . TABLE_PREFIX . "user WHERE usergroupid = 6 AND userid <> " . $this->values['userid']); + $count = BSApp::$db->queryFirst("SELECT COUNT(*) AS count FROM " . TABLE_PREFIX . "user WHERE usergroupid = 6 AND userid <> " . $this->values['userid']); if ($count['count'] < 1) { $this->error(T('At least one other administrator needs to be present before you can delete this user')); @@ -286,30 +256,24 @@ class UserAPI extends BSApi } } - // ################################################################### /** - * Post-delete - * - * @access protected - */ - function post_delete() + * Post-delete + */ + protected function post_delete() { - $this->registry->db->query("DELETE FROM " . TABLE_PREFIX . "user WHERE userid = " . $this->values['userid']); - $this->registry->db->query("DELETE FROM " . TABLE_PREFIX . "favorite WHERE userid = " . $this->values['userid']); - $this->registry->db->query("DELETE FROM " . TABLE_PREFIX . "useractivation WHERE userid = " . $this->values['userid']); - $this->registry->db->query("DELETE FROM " . TABLE_PREFIX . "useremail WHERE userid = " . $this->values['userid']); - $this->registry->db->query("DELETE FROM " . TABLE_PREFIX . "search WHERE userid = " . $this->values['userid']); + BSApp::db->query("DELETE FROM " . TABLE_PREFIX . "user WHERE userid = " . $this->values['userid']); + BSApp::db->query("DELETE FROM " . TABLE_PREFIX . "favorite WHERE userid = " . $this->values['userid']); + BSApp::db->query("DELETE FROM " . TABLE_PREFIX . "useractivation WHERE userid = " . $this->values['userid']); + BSApp::db->query("DELETE FROM " . TABLE_PREFIX . "useremail WHERE userid = " . $this->values['userid']); + BSApp::db->query("DELETE FROM " . TABLE_PREFIX . "search WHERE userid = " . $this->values['userid']); build_assignedto(); } - // ################################################################### /** - * Verify: hidestatuses - * - * @access private - */ - function verify_hidestatuses() + * Validate: hidestatuses + */ + protected function validate_hidestatuses($field) { if (is_array($this->values['hidestatuses'])) { @@ -319,45 +283,38 @@ class UserAPI extends BSApi return true; } - // ################################################################### /** - * Verify: defaultsortkey - * - * @access private - */ - function verify_defaultsortkey() + * Validate: defaultsortkey + */ + protected function validate_defaultsortkey($field) { if (!ListSorter::fetch_by_text($this->values['defaultsortkey'])) { + $this->_error(new FieldException(L_INVALID_ID, $field)); return false; } return true; } - // ################################################################### /** - * Verify: defaultsortas - * - * @access private - */ - function verify_defaultsortas() + * Validate: defaultsortas + */ + protected function validate_defaultsortas($field) { if (!ListSorter::fetch_as_text($this->values['defaultsortas'])) { + $this->_error(new FieldException(L_INVALID_ID, $field)); return false; } return true; } - // ################################################################### /** - * Verify: columnoptions - * - * @access private - */ - function verify_columnoptions() + * Validate: columnoptions + */ + protected function validate_columnoptions($field) { if (is_array($this->values['columnoptions'])) { -- 2.22.5