diff options
author | canyonknight <canyonknight@gmail.com> | 2012-05-23 15:32:52 -0400 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2012-07-06 11:27:03 +0200 |
commit | 8a59cd620804909400ea526602bffa1e2f3d389c (patch) | |
tree | c97350d220f0c306d325541668e54b6c8fdd5586 /web/lib | |
parent | 763cbf8373e3373254ad18f5b69fd16efdc6fd5c (diff) | |
download | aurweb-8a59cd620804909400ea526602bffa1e2f3d389c.tar.xz |
account.php: Pull out DB code
* Move DB code in account.php to new functions in acctfuncs.inc.php
* Centralization of DB code important in a future transition to PDO interface
* Consolidate redudant SQL statements from DisplayAccount and AccountInfo
* Consolidation also adds ability to edit accounts based on username
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/lib')
-rw-r--r-- | web/lib/acctfuncs.inc.php | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index 31c43db..7ea423e 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -740,3 +740,42 @@ function clear_expired_sessions($dbh=NULL) { return; } +function account_details($uid, $username, $dbh=NULL) { + if(!$dbh) { + $dbh = db_connect(); + } + $q = "SELECT Users.*, AccountTypes.AccountType "; + $q.= "FROM Users, AccountTypes "; + $q.= "WHERE AccountTypes.ID = Users.AccountTypeID "; + if (!empty($uid)) { + $q.= "AND Users.ID = ".intval($uid); + } else { + $q.= "AND Users.Username = '".db_escape_string($username) . "'"; + } + $result = db_query($q, $dbh); + + if ($result) { + $row = mysql_fetch_assoc($result); + } + + return $row; +} + +function own_account_details($sid, $dbh=NULL) { + if(!$dbh) { + $dbh = db_connect(); + } + $q = "SELECT Users.*, AccountTypes.AccountType "; + $q.= "FROM Users, AccountTypes, Sessions "; + $q.= "WHERE AccountTypes.ID = Users.AccountTypeID "; + $q.= "AND Users.ID = Sessions.UsersID "; + $q.= "AND Sessions.SessionID = '"; + $q.= db_escape_string($sid)."'"; + $result = db_query($q, $dbh); + + if ($result) { + $row = mysql_fetch_assoc($result); + } + + return $row; +} |