Changes up to 2.3.7 merged into unstable branch.

[fa-stable.git] / admin / db / users_db.inc

diff --git a/admin/db/users_db.inc b/admin/db/users_db.inc
index d9e3dae33251e749bcac37a92d7e040c73e755be..3711066e778fa060bb1e85f2f26fd31d6d2eb9c5 100644 (file)
--- a/admin/db/users_db.inc
+++ b/admin/db/users_db.inc
@@ -21,7 +21,7 @@ function add_user($user_id, $real_name, $password, $phone, $email, $role_id,
                .", ".db_escape($pos).",".db_escape($profile).",".db_escape($rep_popup)
                ." )";
 
-       db_query($sql, "could not add user for $user_id");
+       return db_query($sql, "could not add user for $user_id");
 }
 
 //-----------------------------------------------------------------------------------------------
@@ -31,7 +31,7 @@ function update_user_password($id, $user_id, $password)
        $sql = "UPDATE ".TB_PREF."users SET password=".db_escape($password) . ",
                user_id = ".db_escape($user_id). " WHERE id=".db_escape($id);
 
-       db_query($sql, "could not update user password for $user_id");
+       return db_query($sql, "could not update user password for $user_id");
 }
 
 //-----------------------------------------------------------------------------------------------
@@ -49,40 +49,20 @@ function update_user($id, $user_id, $real_name, $phone, $email, $role_id,
                pos=".db_escape($pos).",
                user_id = " . db_escape($user_id)
                . " WHERE id=" . db_escape($id);
-       db_query($sql, "could not update user for $user_id");
+       return db_query($sql, "could not update user for $user_id");
 }
 
 //-----------------------------------------------------------------------------------------------
 
-function update_user_display_prefs($id, $price_dec, $qty_dec, $exrate_dec, 
-       $percent_dec, $showgl, $showcodes, $date_format, $date_sep, $tho_sep, 
-       $dec_sep, $theme, $pagesize, $show_hints, $profile, $rep_popup, $query_size, 
-       $graphic_links, $lang, $stickydate, $startup_tab)
+function update_user_prefs($id, $prefs)
 {
-       $sql = "UPDATE ".TB_PREF."users SET
-               prices_dec=".db_escape($price_dec).",
-               qty_dec=".db_escape($qty_dec).",
-               rates_dec=".db_escape($exrate_dec).",
-               percent_dec=".db_escape($percent_dec).",
-               show_gl=".db_escape($showgl).",
-               show_codes=".db_escape($showcodes).",
-               date_format=".db_escape($date_format).",
-               date_sep=".db_escape($date_sep).",
-               tho_sep=".db_escape($tho_sep).",
-               dec_sep=".db_escape($dec_sep).",
-               theme=".db_escape($theme).",
-               page_size=".db_escape($pagesize).",
-               show_hints=".db_escape($show_hints).",
-               print_profile=".db_escape($profile).",
-               rep_popup=".db_escape($rep_popup).",
-               query_size=".db_escape($query_size).",
-               graphic_links=".db_escape($graphic_links).",
-               language=".db_escape($lang).",
-               sticky_doc_date=".db_escape($stickydate).",
-               startup_tab=".db_escape($startup_tab)."
-               WHERE id = ".db_escape($id);
-
-       db_query($sql, "could not update user display prefs for $id");
+       $sql = "UPDATE ".TB_PREF."users SET ";
+       foreach($prefs as $name => $value) {
+               $prefs[$name] = $name.'='. db_escape($value);
+       }
+       $sql .= implode(',', $prefs) . " WHERE id=".db_escape($id);
+
+       return db_query($sql, "could not update user display prefs for $id");
 }
 
 //-----------------------------------------------------------------------------------------------
@@ -130,7 +110,10 @@ function delete_user($id)
 }
 
 //-----------------------------------------------------------------------------------------------
-
+//
+//     Obsolete, to be removed in 2.4. This function as been spleet into get_user_auth/get_user_by_login
+//     in FA 2.3.6
+//
 function get_user_for_login($user_id, $password)
 {
        set_global_connection();
@@ -145,6 +128,18 @@ function get_user_for_login($user_id, $password)
 
 //-----------------------------------------------------------------------------------------------
 
+function get_user_auth($user_id, $password)
+{
+       set_global_connection();
+
+       $sql = "SELECT * FROM ".TB_PREF."users WHERE user_id = ".db_escape($user_id)." AND"
+               ." password=".db_escape($password);
+
+       return db_num_rows(db_query($sql, "could not get validate user login for $user_id")) != 0;
+}
+
+//-----------------------------------------------------------------------------------------------
+
 function update_user_visitdate($user_id)
 {
        $sql = "UPDATE ".TB_PREF."users SET last_visit_date='". date("Y-m-d H:i:s") ."'
@@ -167,11 +162,13 @@ function check_user_activity($id)
 //-----------------------------------------------------------------------------------------------
 function show_users_online()
 {
-       global $show_users_online;
+       global $show_users_online, $db;
        
-       if (!isset($show_users_online) || $show_users_online == 0)
+       if (!isset($show_users_online) || $show_users_online == 0 || !defined('TB_PREF') || 
+               !isset($_SESSION['get_text']) || !isset($db))
                return "";
-       if (db_num_rows(db_query("SHOW TABLES LIKE '".TB_PREF."useronline'")) == 1)
+       $result = db_query("SHOW TABLES LIKE '".TB_PREF."useronline'"); 
+       if (db_num_rows($result) == 1)
        {
                $timeoutseconds = 120;