From 8c5e02e7379d49895242a76b05c4a3c09961af3b Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Sat, 20 May 2006 20:38:39 +0000
Subject: [PATCH] r836: Implementing user API in userctrl.php

---
 userctrl.php | 44 ++++++++++++++++----------------------------
 1 file changed, 16 insertions(+), 28 deletions(-)

diff --git a/userctrl.php b/userctrl.php
index 0c70d0a..4f50dca 100644
--- a/userctrl.php
+++ b/userctrl.php
@@ -28,12 +28,17 @@ define('SVN', '$Id$');
 $focus['user'] = 'focus';
 
 require_once('./global.php');
+require_once('./includes/api_user.php');
 
 if (!$bugsys->userinfo['userid'])
 {
 	$message->error_permission();
 }
 
+$userapi = new UserAPI($bugsys);
+$userapi->set('userid',		$bugsys->userinfo['userid']);
+$userapi->set_condition();
+
 $userinfo = $bugsys->userinfo;
 
 // ###################################################################
@@ -46,15 +51,7 @@ if (empty($_REQUEST['do']))
 // ###################################################################
 
 if ($_POST['do'] == 'update')
-{
-	// -------------------------------------------------------------------
-	// display name validation
-	$count = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE displayname = '" . $bugsys->in['displayname'] . "' AND userid <> " . $bugsys->userinfo['userid']);
-	if ($count)
-	{
-		$message->items[] = $lang->string('That display name is already in use by another user');
-	}
-	
+{	
 	// -------------------------------------------------------------------
 	// authentication
 	if (!empty($bugsys->in['password']) OR !empty($bugsys->in['email']))
@@ -86,14 +83,7 @@ if ($_POST['do'] == 'update')
 			$message->items[] = $lang->string('Your email and confirm email addresses do not match');
 		}
 		
-		if ($bugsys->in['email'])
-		{
-			$count = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE email = '" . $bugsys->in['email'] . "' AND userid <> " . $bugsys->userinfo['userid']);
-			if ($count)
-			{
-				$message->items[] = $lang->string('That email address is already in use');
-			}
-		}
+		$userapi->set('email',	$bugsys->in['email']);
 		
 		$email = true;
 	}
@@ -114,9 +104,17 @@ if ($_POST['do'] == 'update')
 			}
 		}
 		
+		$userapi->set('password',	$bugsys->in['password']);
+		
 		$password = true;
 	}
 	
+	$userapi->set('displayname',	$bugsys->in['displayname']);
+	$userapi->set('showemail',		$bugsys->in['showemail']);
+	$userapi->set('showcolours',	$bugsys->in['showcolours']);
+	$userapi->set('languageid',		$bugsys->in['languageid']);
+	$userapi->set('timezone',		$bugsys->in['timezone']);
+	
 	// -------------------------------------------------------------------
 	// copy fields
 	$userinfo['displayname'] = $bugsys->in['displayname'];
@@ -139,17 +137,7 @@ if ($_POST['do'] == 'update')
 	}
 	else
 	{
-		$db->query("
-			UPDATE " . TABLE_PREFIX . "user
-			SET displayname = '" . $bugsys->in['displayname'] . "',
-				showemail = " . intval($bugsys->in['showemail']) . ",
-				showcolours = " . intval($bugsys->in['showcolours']) . ",
-				languageid = " . intval($bugsys->in['languageid']) . ",
-				timezone = " . intval($bugsys->in['timezone']) . ($email ? ",
-				email = '" . $bugsys->in['email'] . "'" : '') . ($password ? ",
-				password = '" . md5(md5($bugsys->in['password']) . md5($bugsys->userinfo['salt'])) . "'" : '') . "
-			WHERE userid = " . $bugsys->userinfo['userid']
-		);
+		$userapi->update();
 		
 		if (can_perform('canbeassignedto'))
 		{
-- 
2.22.5