Commit: bcc5cb88417976f39f066e93706a8e2cb98e1de2 Author: Hannes Magnusson <[email protected]> Sun, 29 Dec 2013 00:27:11 -0800 Parents: d271d4a5891ab19946f86ab990dd0f0ad38e20de Branches: master
Link: http://git.php.net/?p=web/master.git;a=commitdiff;h=bcc5cb88417976f39f066e93706a8e2cb98e1de2 Log: Move functions from users.php to functions.inc Changed paths: M include/functions.inc M manage/users.php Diff: diff --git a/include/functions.inc b/include/functions.inc index d956d6c..57a5beb 100644 --- a/include/functions.inc +++ b/include/functions.inc @@ -417,3 +417,77 @@ function user_remove($id) { } } +function is_admin($user) { + $admins = array( + "jimw", + "rasmus", + "andrei", + "zeev", + "andi", + "sas", + "thies", + "rubys", + "ssb", + "wez", + "philip", + "davidc", + "helly", + "derick", + "bjori", + "pajoye", + "danbrown", + "felipe", + "johannes", + "tyrael", + ); + return in_array($user, $admins); +} + +# returns false if $user is not allowed to modify $userid +function can_modify($user,$userid) { + if (is_admin($user)) return true; + + $userid = (int)$userid; + + $quser = addslashes($user); + $query = "SELECT userid FROM users" + . " WHERE userid=$userid" + . " AND (email='$quser' OR username='$quser')"; + + $res = db_query($query); + return $res ? mysql_num_rows($res) : false; +} + +function fetch_user($user) { + $query = "SELECT * FROM users LEFT JOIN users_note USING (userid)"; + if ((int)$user) { + $query .= " WHERE users.userid=$user"; + } + else { + $quser = addslashes($user); + $query .= " WHERE username='$quser' OR email='$quser'"; + } + + if ($res = db_query($query)) { + return mysql_fetch_array($res); + } + + return false; +} +function invalid_input($in) { + if (!empty($in['email']) && strlen($in['email']) && !is_emailable_address($in['email'])) { + return "'".clean($in['email'])."' does not look like a valid email address"; + } + if (!empty($in['username']) && !preg_match("/^[-\w]+\$/",$in['username'])) { + return "'".clean($in['username'])."' is not a valid username"; + } + if (!empty($in['rawpasswd']) && $in['rawpasswd'] != $in['rawpasswd2']) { + return "the passwords you specified did not match!"; + } + if (!empty($in['sshkey']) && !verify_ssh_keys($in['sshkey'])) { + return "the ssh key doesn't seem to have the necessary format"; + } + + return false; +} + diff --git a/manage/users.php b/manage/users.php index 812ae4b..75b2a4e 100644 --- a/manage/users.php +++ b/manage/users.php @@ -367,56 +367,3 @@ while ($row = mysql_fetch_array($res)) { <?php foot(); -function invalid_input($in) { - if (!empty($in['email']) && strlen($in['email']) && !is_emailable_address($in['email'])) { - return "'".clean($in['email'])."' does not look like a valid email address"; - } - if (!empty($in['username']) && !preg_match("/^[-\w]+\$/",$in['username'])) { - return "'".clean($in['username'])."' is not a valid username"; - } - if (!empty($in['rawpasswd']) && $in['rawpasswd'] != $in['rawpasswd2']) { - return "the passwords you specified did not match!"; - } - if (!empty($in['sshkey']) && !verify_ssh_keys($in['sshkey'])) { - return "the ssh key doesn't seem to have the necessary format"; - } - - return false; -} - -function is_admin($user) { - #TODO: use acls, once implemented. - if (in_array($user,array("jimw","rasmus","andrei","zeev","andi","sas","thies","rubys","ssb", "wez", "philip", "davidc", "helly","derick","bjori", "pajoye", "danbrown", "felipe", "johannes", "tyrael" ))) return true; -} - -# returns false if $user is not allowed to modify $userid -function can_modify($user,$userid) { - if (is_admin($user)) return true; - - $userid = (int)$userid; - - $quser = addslashes($user); - $query = "SELECT userid FROM users" - . " WHERE userid=$userid" - . " AND (email='$quser' OR username='$quser')"; - - $res = db_query($query); - return $res ? mysql_num_rows($res) : false; -} - -function fetch_user($user) { - $query = "SELECT * FROM users LEFT JOIN users_note USING (userid)"; - if ((int)$user) { - $query .= " WHERE users.userid=$user"; - } - else { - $quser = addslashes($user); - $query .= " WHERE username='$quser' OR email='$quser'"; - } - - if ($res = db_query($query)) { - return mysql_fetch_array($res); - } - - return false; -} -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
