diff -Naur raduser-2.11-downloaded/admin/functions.php raduser/admin/functions.php
--- raduser-2.11-downloaded/admin/functions.php 2004-12-10 12:45:27.000000000 +0600
+++ raduser/admin/functions.php 2005-01-28 13:34:46.468322000 +0600
@@ -58,7 +58,7 @@
function show_user_list()
{
$query = "SELECT * FROM users limit $this->strt,$this->lim";
- $result = mysql_query($query);
+ $result = db_query($query);
echo mysql_error();
diff -Naur raduser-2.11-downloaded/admin/newuser.php raduser/admin/newuser.php
--- raduser-2.11-downloaded/admin/newuser.php 2004-12-10 12:45:27.000000000 +0600
+++ raduser/admin/newuser.php 2005-01-28 13:34:46.468322000 +0600
@@ -47,17 +47,15 @@
}
else
{
-
/*
* check the referer otherwise this script can be used for mail spoofing.
* todo: a more vigourous check.
*/
if(is_valid_referer())
{
- error_log('1');
/*
- * everything has worked out let's create that account.
- */
+ * everything has worked out let's create that account.
+ */
require ("../inc/config.php");
$username = sanitize_variable($_REQUEST['username']);
@@ -69,7 +67,7 @@
userPassword = password('$password'),
userStatus =1"; // switch back to 0
- mysql_query($query,$con);
+ db_query($query,$con);
if(mysql_errno() == 0)
@@ -81,7 +79,7 @@
$query = "INSERT INTO userProfile SET
userEmail = '$email', userId = $userid";
- mysql_query($query);
+ db_query($query);
if(mysql_errno() == 0)
diff -Naur raduser-2.11-downloaded/admin/useradmin.php raduser/admin/useradmin.php
--- raduser-2.11-downloaded/admin/useradmin.php 2004-12-10 12:45:27.000000000 +0600
+++ raduser/admin/useradmin.php 2005-01-28 13:34:46.468322000 +0600
@@ -48,11 +48,11 @@
$ids = join(",",$_REQUEST['userId']);
$query = "DELETE FROM users where userId in ($ids)";
- mysql_query($query);
+ db_query($query);
error_log(mysql_error());
$query = "DELETE FROM userProfile where userId in ($ids)";
- mysql_query($query);
+ db_query($query);
/*
* he wants to delete something, implement it
diff -Naur raduser-2.11-downloaded/database.pg.sql raduser/database.pg.sql
--- raduser-2.11-downloaded/database.pg.sql 2004-12-10 12:45:27.000000000 +0600
+++ raduser/database.pg.sql 2005-01-28 13:34:46.468322000 +0600
@@ -1,84 +1,86 @@
-DROP TABLE users;
-CREATE TABLE users (
- userId SERIAL,
- userStatus int NOT NULL default '0',
- userName char(40) NOT NULL default '0',
- userPassword char(32) NOT NULL default '0',
- PRIMARY KEY (userId)
-);
-CREATE UNIQUE INDEX users_idx on users(userName);
-
-
-DROP TABLE loggedUsers;
-CREATE TABLE loggedUsers (
- userId int NOT NULL default '0' REFERENCES users(userId) ON DELETE CASCADE,
- sessionId char(32) NOT NULL default '',
- loginTime timestamp NOT NULL default '1970-01-01 00:00:00+00',
- lastAccess timestamp default NULL,
- PRIMARY KEY (userId,sessionId)
-);
-CREATE INDEX loggedUsers_idx on loggedUsers(lastAccess);
+--
+-- Database : user_manager
+-- --------------------------------------------------------
+
+--
+-- Table structure for table userProfile
+--
+DROP TABLE userProfile;
-DROP TABLE userProfile;
CREATE TABLE userProfile (
- userId int NOT NULL default '0' REFERENCES users(userId) ON DELETE CASCADE,
- userFirstName varchar(64) default '',
- userEmail varchar(64) default '',
- userLastName varchar(64) default '',
- userCompany varchar(15) NOT NULL default '',
- userAddr1 varchar(64) default '',
- userAddr2 varchar(64) default '',
- userCity varchar(64) default '',
- userState varchar(64) default '',
- userCountry varchar(64) default '',
- userTel varchar(15) default '',
- userMobiTel varchar(15) NOT NULL default '',
- userHomeTel varchar(15) NOT NULL default '',
- userFax varchar(15) default '',
- userZip varchar(10) default '',
- userWeb varchar(128) NOT NULL default '',
- userValidationKey varchar(32) default '',
- userIP varchar(32) default '',
- userSignUp timestamp NOT NULL default '1970-01-01 00:00:00+00',
- userValidated int NOT NULL default '0',
- userNewsLetter int NOT NULL default '1',
- PRIMARY KEY (userId)
-);
+userId int NOT NULL default '0',
+userFirstName varchar(64) NOT NULL default '',
+userEmail varchar(64) NOT NULL default '',
+userLastName varchar(64) NOT NULL default '',
+userCompany varchar(15) NOT NULL default '',
+userAddr1 varchar(64) NOT NULL default '',
+userAddr2 varchar(64) NOT NULL default '',
+userCity varchar(64) NOT NULL default '',
+userState varchar(64) NOT NULL default '',
+userCountry varchar(64) NOT NULL default '',
+userTel varchar(15) NOT NULL default '',
+userMobiTel varchar(15) NOT NULL default '',
+userHomeTel varchar(15) NOT NULL default '',
+userFax varchar(15) NOT NULL default '',
+userZip varchar(10) NOT NULL default '',
+userWeb varchar(128) NOT NULL default '',
+userValidationKey varchar(32) NOT NULL default '',
+userIP varchar(32) NOT NULL default '',
+userSignUp timestamp NOT NULL default '1970-01-01 00:00:00+00',
+userValidated int NOT NULL default '0',
+userNewsLetter int NOT NULL default '0',
+PRIMARY KEY (userId)
+) ;
+
+
+--
+-- Table structure for table users
+--
+CREATE TABLE users (
+userId SERIAL,
+userStatus int NOT NULL default '0',
+userName char(40) NOT NULL default '0',
+userPassword char(48) NOT NULL default '0',
+PRIMARY KEY (userId),
+UNIQUE (userName)
+) ;
+
+
+--
+-- Dumping data for table users
+--
+INSERT INTO users VALUES (1, 2, 'admin', md5('radmin'));
-DROP TABLE loggedUsers;
-CREATE TABLE loggedUsers (
- userId int NOT NULL default '0' REFERENCES users(userId) ON DELETE CASCADE,
- sessionId char(32) NOT NULL default '',
- loginTime timestamp NOT NULL default '1970-01-01 00:00:00+00',
- lastAccess timestamp default NULL,
- PRIMARY KEY (userId,sessionId)
-);
-CREATE INDEX loggedUsers_idx on loggedUsers(lastAccess);
-
-DROP TABLE sessions
-CREATE TABLE sessions (
- sessionId char(32) NOT NULL default '',
- sessionData bytea NOT NULL,
- sessionExpiration timestamp NOT NULL,
- PRIMARY KEY (`session_id`)
-) TYPE=InnoDb;
-
+INSERT INTO users VALUES (2, 1, 'user', md5('radmin'));
-INSERT INTO users VALUES (1, 2, 'admin', '6dd460ff63e915db');
-INSERT INTO users VALUES (2, 1, 'user', '773359240eb9a1d9');
INSERT INTO userProfile VALUES (1, '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '915d1af3f1bdc574af6a2b3dda376d59', '127.0.0.1', '2003-11-08 11:22:45', 1, 1);
+
INSERT INTO userProfile VALUES (2, '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '605ea14eb5caa8b6a0be77eb43f38c18', '127.0.0.1', '2003-11-08 13:34:49', 1, 1);
-CREATE FUNCTION add_user(char,char,integer) RETURNS BIGINT AS '
- INSERT INTO users(userName,userPassword,userStatus)
- VALUES($1,$2,$3);
- SELECT CURRVAL(''users_userid_seq'');
-' LANGUAGE SQL;
+--
+-- Table structure for table loggedUsers
+--
+CREATE TABLE loggedUsers (
+userId int NOT NULL default '0',
+sessionId char(32) NOT NULL default '',
+loginTime timestamp NOT NULL default '1970-01-01 00:00:00+00',
+lastAccess timestamp default NULL,
+PRIMARY KEY (userId,sessionId)
+) ;
+CREATE INDEX loggedUsers_lastAccess_idx ON loggedUsers (lastAccess);
+
+
+CREATE TABLE sessions (
+session_id varchar(32) NOT NULL default '',
+session_data text NOT NULL,
+session_expiration timestamp NOT NULL,
+PRIMARY KEY (session_id)
+) ;
\ No newline at end of file
diff -Naur raduser-2.11-downloaded/database.sql raduser/database.sql
--- raduser-2.11-downloaded/database.sql 2004-12-10 12:45:27.000000000 +0600
+++ raduser/database.sql 2005-01-28 13:34:46.468322000 +0600
@@ -49,8 +49,8 @@
# Dumping data for table `users`
#
-INSERT INTO users VALUES (1, 2, 'admin', password('radmin'));
-INSERT INTO users VALUES (2, 1, 'user', password('radmin'));
+INSERT INTO users VALUES (1, 2, 'admin', md5('radmin'));
+INSERT INTO users VALUES (2, 1, 'user', md5('radmin'));
INSERT INTO userProfile VALUES (1, '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '915d1af3f1bdc574af6a2b3dda376d59', '127.0.0.1', '2003-11-08 11:22:45', 1, 1);
INSERT INTO userProfile VALUES (2, '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '605ea14eb5caa8b6a0be77eb43f38c18', '127.0.0.1', '2003-11-08 13:34:49', 1, 1);
diff -Naur raduser-2.11-downloaded/images/blank.gif raduser/images/blank.gif
--- raduser-2.11-downloaded/images/blank.gif 2004-12-10 12:45:27.000000000 +0600
+++ raduser/images/blank.gif 1970-01-01 05:30:00.000000000 +0530
@@ -1,2 +0,0 @@
-GIF89a����€��������!þ�Created with The GIMP�!ù��
-���,�����������L��;
\ No newline at end of file
diff -Naur raduser-2.11-downloaded/inc/config.php raduser/inc/config.php
--- raduser-2.11-downloaded/inc/config.php 2004-12-10 12:55:26.000000000 +0600
+++ raduser/inc/config.php 2005-01-28 13:34:46.468322000 +0600
@@ -5,11 +5,12 @@
*/
$db_server = "localhost";
+$db_type = "pgsql";
/**
* set to the mysql account name.
*/
-$db_user = "root";
+$db_user = "pguser";
/**
* set the password for the mysql account given in $db_user
@@ -25,12 +26,6 @@
/**
- * don't change the next two lines
- */
-$con = mysql_connect($db_server, $db_user, $db_pass);
-mysql_select_db($db_name,$con);
-
-/**
* When validate_email is set to one, users are sent an email with a
* special 'account validation link'. Their account get's activated
* only if they click on that link.
@@ -39,7 +34,7 @@
* at sign up.
*/
-$validate_email = 0;
+$validate_email = 1;
/**
* Set to 1, if the system should send out a welcome email. If
@@ -67,6 +62,28 @@
* The following email address will be used in the from field for
* password reminder and user validation emails.
*/
+
+
+ /**
+ * don't change the next few lines
+ */
+if($db_type == "mysql")
+{
+ $con = mysql_connect($db_server, $db_user, $db_pass);
+ mysql_select_db($db_name,$con);
+}
+else
+{
+ $pgString = "host=$db_server dbname=$db_name user=$db_user";
+ if($db_pass != '')
+ {
+ $pgString .= " password=$db_pass";
+ }
+ $con = pg_connect($pgString);
+ error_log('connecting to db with ' . $pgString);
+
+}
+
$member_service_email = "members@yoursite.com";
/**
diff -Naur raduser-2.11-downloaded/inc/header.php raduser/inc/header.php
--- raduser-2.11-downloaded/inc/header.php 2004-12-10 12:45:27.000000000 +0600
+++ raduser/inc/header.php 2004-12-03 13:02:03.750210000 +0600
@@ -29,9 +29,7 @@
function create_header($pgH1="") {
global $title;
- echo '$title';
-
-
+ echo "$title";
if($pgH1 != "")
{
echo "$pgH1
";
diff -Naur raduser-2.11-downloaded/members/common.php raduser/members/common.php
--- raduser-2.11-downloaded/members/common.php 2004-12-10 12:45:27.000000000 +0600
+++ raduser/members/common.php 2005-01-28 13:34:46.468322000 +0600
@@ -51,6 +51,24 @@
}
+function db_query($query)
+{
+ global $db_type;
+ error_log("\n\n $query");
+
+ if($db_type == 'mysql')
+ {
+ $res = mysql_query($query);
+ }
+ else
+ {
+
+ $res = pg_query($query);
+ error_log(pg_last_error());
+ }
+ return $res;
+}
+
/**
* shows a formatted error message
*/
@@ -71,7 +89,7 @@
$query = "SELECT a.userFirstName FROM userProfile a, loggedUsers b
WHERE b.sessionId = '$sid' and b.userId = a.userId";
- $result = mysql_query($query);
+ $result = db_query($query);
if($result)
{
@@ -98,7 +116,7 @@
sessionId = '$sessionId', loginTime = now(),
lastAccess = now()";
- $result = mysql_query($query,$con);
+ $result = db_query($query,$con);
if(mysql_errno() != 0)
{
@@ -123,7 +141,7 @@
{
$query = "delete from loggedUsers where
unix_timestamp(date_add(lastAccess, interval 1 hour)) < unix_timestamp(now())";
- $result = mysql_query($query);
+ $result = db_query($query);
}
/**
@@ -148,7 +166,8 @@
$query = "SELECT userId from loggedUsers where sessionId = '$sid' and
unix_timestamp(date_add(lastAccess, interval 1 hour)) > unix_timestamp(now())";
- $result = mysql_query($query);
+ error_log('in is_logged()' . $query);
+ $result = db_query($query);
if($result)
{
@@ -157,7 +176,8 @@
{
$query = "UPDATE loggedUsers set lastAccess=now() where userId = $row[0]";
- mysql_query($query);
+ db_query($query);
+ echo mysql_error();
}
return $row[0];
@@ -187,19 +207,16 @@
unix_timestamp(date_add(lastAccess, interval 1 hour)) > unix_timestamp(now())";
- $result = mysql_query($query);
+ $result = db_query($query);
-
if($result)
{
$row = mysql_fetch_row($result);
-
-
if($row && $row[1]>1)
{
$query = "UPDATE loggedUsers set lastAccess=now() where userId = $row[0]";
- mysql_query($query);
+ db_query($query);
}
return $row[0];
}
@@ -221,7 +238,7 @@
function get_user_status($userId)
{
$query = "SELECT userStatus from users where userId = $userId";
- $result = mysql_query($query);
+ $result = db_query($query);
if($result)
{
$row = mysql_fetch_row($result);
@@ -230,7 +247,6 @@
return 0;
}
-
/**
* retrieves the email address given the username, used mainly by the
* password reminder service.
@@ -248,7 +264,7 @@
userId = $userId";
}
error_log($query);
- $result = mysql_query($query);
+ $result = db_query($query);
if(mysql_errno() == 0)
@@ -267,8 +283,7 @@
}
else
{
- error_log(mysql_error());
-
+
return 0;
}
}
@@ -282,7 +297,7 @@
global $con;
$query = "SELECT * from userProfile where userId = $userId";
- $result = mysql_query($query);
+ $result = db_query($query);
if($result)
{
$row = mysql_fetch_array($result);
@@ -312,7 +327,7 @@
* this can be optimized so kill me
*/
$query = "SELECT userName FROM users WHERE userId = $userId";
- $result = mysql_query($query);
+ $result = db_query($query);
$row = mysql_fetch_row($result);
$profile->userName=$row[0];
@@ -353,7 +368,7 @@
$profile->zip,$profile->country,
$profile->state,$profile->city,$profile->id);
- $result = mysql_query($query);
+ $result = db_query($query);
return mysql_errno();
@@ -373,7 +388,7 @@
$query = "UPDATE userProfile set userNewsLetter=$val where userId=$userId";
- mysql_query($query);
+ db_query($query);
return mysql_errno();
}
@@ -386,7 +401,7 @@
global $con;
$password = addslashes($password);
$query = "UPDATE users set userPassword= password('$password') WHERE userId=$userId";
- $result = mysql_query($query);
+ $result = db_query($query);
return mysql_errno();
}
@@ -416,7 +431,7 @@
function set_user_status($userId, $status)
{
$query = "UPDATE users set userStatus = $status WHERE userId = $userId";
- return mysql_query($query);
+ return db_query($query);
}
@@ -452,7 +467,7 @@
$query = "SELECT userId FROM users WHERE
userName = '$user' and userPassword = password('$password') and userStatus > 0";
- $result = mysql_query($query);
+ $result = db_query($query);
error_log(mysql_error());
if($result && mysql_num_rows($result) ==1)
@@ -493,7 +508,7 @@
$stmt = "select session_data from sessions ";
$stmt .= "where session_id ='$key' ";
$stmt .= "and unix_timestamp(session_expiration) > unix_timestamp(date_add(now(),interval 1 hour))";
- $sth = mysql_query($stmt);
+ $sth = db_query($stmt);
if($sth)
{
@@ -534,24 +549,24 @@
// session is already in the table and we try to update
- mysql_query($insert_stmt);
+ db_query($insert_stmt);
$err = mysql_error();
if ($err != 0)
{
error_log( mysql_error());
- mysql_query($update_stmt);
+ db_query($update_stmt);
}
}
function on_session_destroy($key) {
- mysql_query("delete from sessions where session_id = '$key'");
+ db_query("delete from sessions where session_id = '$key'");
}
function on_session_gc($max_lifetime)
{
- mysql_query("delete from sessions where unix_timestamp(session_expiration) < unix_timestamp(now())");
+ db_query("delete from sessions where unix_timestamp(session_expiration) < unix_timestamp(now())");
}
diff -Naur raduser-2.11-downloaded/members/logout.php raduser/members/logout.php
--- raduser-2.11-downloaded/members/logout.php 2004-12-10 12:45:27.000000000 +0600
+++ raduser/members/logout.php 2005-01-28 13:34:46.468322000 +0600
@@ -33,7 +33,7 @@
global $con;
$sid = session_id();
$query = "DELETE from loggedUsers where sessionId = '$sid'";
- mysql_query($query);
+ db_query($query);
echo mysql_error();
}
diff -Naur raduser-2.11-downloaded/members/reminder.php raduser/members/reminder.php
--- raduser-2.11-downloaded/members/reminder.php 2004-12-10 12:45:27.000000000 +0600
+++ raduser/members/reminder.php 2005-01-28 13:34:46.468322000 +0600
@@ -28,7 +28,7 @@
function reset_password($newPass, $userName)
{
$query = "update users set userPassword = password('$newPass') where username='$userName'";
- $result = mysql_query($query);
+ $result = db_query($query);
return mysql_errno();
}
diff -Naur raduser-2.11-downloaded/members/signup.php raduser/members/signup.php
--- raduser-2.11-downloaded/members/signup.php 2004-12-10 12:45:27.000000000 +0600
+++ raduser/members/signup.php 2005-01-28 13:34:46.468322000 +0600
@@ -81,7 +81,7 @@
userPassword = password('$password'),
userStatus =$userStatus";
- mysql_query($query,$con);
+ db_query($query,$con);
if(mysql_errno() == 0)
{
@@ -103,7 +103,7 @@
userIP = '$IP',
userSignUp = now()";
- mysql_query($query,$con);
+ db_query($query,$con);
//echo mysql_error();
if(mysql_errno() == 0)
diff -Naur raduser-2.11-downloaded/members/validate.php raduser/members/validate.php
--- raduser-2.11-downloaded/members/validate.php 2004-12-10 12:45:27.000000000 +0600
+++ raduser/members/validate.php 2005-01-28 13:34:46.468322000 +0600
@@ -44,7 +44,7 @@
function is_valid_key($key,$con)
{
$query = "select userId from userProfile where userValidationKey = '$key' and userValidated = 0";
- $result = mysql_query($query,$con);
+ $result = db_query($query,$con);
if($result && mysql_num_rows($result) ==1)
{
@@ -63,7 +63,7 @@
{
$query = "update userProfile set userValidated=1 where userId = $userId";
- $result = mysql_query($query,$con);
+ $result = db_query($query,$con);
return (mysql_errno() == 0);
}
@@ -74,7 +74,7 @@
function enable_account($userId,$con)
{
$query = "update users set userStatus=1 where userId = $userId";
- $result = mysql_query($query,$con);
+ $result = db_query($query,$con);
return (mysql_errno() == 0);
}