userid must be a string (internal software error)."; $rvidx++; return($rv); } //Must not be zero length. $len = strlen($arg); if ($len == 0) { $rv[$rvidx] = "The userid must be at least one character long."; $rvidx++; return($rv); } //Must not be too long. if ($len > 20) { $rv[$rvidx] = "The userid may not be longer than 20 characters."; $rvidx++; return($rv); } //Split the string for further analysis. $first_char = SubStr($arg, 0, 1); $remainder = SubStr($arg, 1, $len-1); //First character must be lower-case letter. if (strpos("abcdefghijklmnopqrstuvwxyz", $first_char) === FALSE) { $rv[$rvidx] = "The first character of the userid must be a letter."; $rvidx++; return($rv); } //Remaining characters must be lower-case letters or digits. for ($i=0; $i < ($len-1); $i++) { $c = SubStr($remainder, $i, 1); if (strpos("abcdefghijklmnopqrstuvwxyz0123456789", $c) === FALSE) { $rv[$rvidx] = "All characters of the userid must be letters or digits."; $rvidx++; return($rv); } } //Seems OK. return(TRUE); } // //-------------------------------------------------------------------------------------------------------------- //Returns the index of the entry from the usrs table where the userid matches, or //FALSE if the entry does not exist. // function USRS_userid_idx_map($arg) { global $GLOBAL_dbhandle; //Form the query string. $query_string = "SELECT idx FROM usrs WHERE userid=\"" . mysql_real_escape_string($arg, $GLOBAL_dbhandle) . "\""; //Execute the query. $result = mysql_query($query_string, $GLOBAL_dbhandle); if ($result === FALSE) { //Unknown query failure. Return FALSE to the caller. No need to free, //as this is not a result. return(FALSE); } else { //Get the integer result. $row = mysql_fetch_array($result, MYSQL_NUM); $rv = $row[0]; //Free the result. mysql_free_result($result); //Return the appropriate. if($rv > 0) return($rv); else return(FALSE); } } // //-------------------------------------------------------------------------------------------------------------- //Retrieves a two dimensional associative array corresponding to the USRS record //with the passed USERID, or FALSE if the record does not exist. // function USRS_retrieve_by_userid($userid) { global $GLOBAL_dbhandle; //Form the query string. $query_string = "SELECT * FROM usrs WHERE userid=\"" . mysql_real_escape_string($userid, $GLOBAL_dbhandle) . "\""; //Execute the query. $result = mysql_query($query_string, $GLOBAL_dbhandle); if ($result === FALSE) { //Unknown query failure. Return FALSE to the caller. No need to free, //as this is not a result. $rv = FALSE; } else { //Figure out how many rows in the result. $nrows = mysql_num_rows($result); if ($nrows == 0) { //No rows in the result. The query failed to give us a record, but still //we need to free the result set. //Free the result. mysql_free_result($result); //The caller gets FALSE. No record with that SID. $rv = FALSE; } else { //We have at least one record. Assume just one, because the USERID is supposed //to be unique. $rv = mysql_fetch_assoc($result); //Get the associative record. //Free the result. mysql_free_result($result); } //Return the value to the caller. return($rv); } } // //-------------------------------------------------------------------------------------------------------------- //Retrieves a two dimensional associative array corresponding to the USRS record //with the passed IDX, or FALSE if the record does not exist. // function USRS_retrieve_by_idx($idx) { global $GLOBAL_dbhandle; //Form the query string. $query_string = "SELECT * FROM usrs WHERE idx=\"" . mysql_real_escape_string($idx, $GLOBAL_dbhandle) . "\""; //Execute the query. $result = mysql_query($query_string, $GLOBAL_dbhandle); if ($result === FALSE) { //Unknown query failure. Return FALSE to the caller. No need to free, //as this is not a result. $rv = FALSE; } else { //Figure out how many rows in the result. $nrows = mysql_num_rows($result); if ($nrows == 0) { //No rows in the result. The query failed to give us a record, but still //we need to free the result set. //Free the result. mysql_free_result($result); //The caller gets FALSE. No record with that SID. $rv = FALSE; } else { //We have at least one record. Assume just one, because the IDX is supposed //to be unique. $rv = mysql_fetch_assoc($result); //Get the associative record. //Free the result. mysql_free_result($result); } //Return the value to the caller. return($rv); } } // //-------------------------------------------------------------------------------------------------------------- //Given an associative array containing information about a user, returns: // a)The userid. // b)The name to be displayed. The database rules may be lax, so need to protect for the possibility that // the last name, first name, or both are missing. // function USRS_form_display_strings_a($uinfo, &$userid, &$dname) { if ($uinfo === FALSE) { $userid = "invaliduser"; $dname = "Invalid User"; } else if ((strlen($uinfo["lname"]) > 0) && (strlen($uinfo["fname"]) > 0)) { //This is the very normal case where we have a first and last name. $userid = $uinfo["userid"]; $dname = $uinfo["fname"] . " " . $uinfo["lname"]; } else if ((strlen($uinfo["lname"]) > 0) && (strlen($uinfo["fname"]) == 0)) { //First name seems to be absent. if ($uinfo["sex"] == USRS_SEX_UNSPECIFIED) { $title = "Mr. or Ms."; } else if ($uinfo["sex"] == USRS_SEX_FEMALE) { $title = "Ms."; } else { $title = "Mr."; } $userid = $uinfo["userid"]; $dname = $title . " " . $uinfo["lname"]; } else { //We want to refer to this user by number rather than name. The name seems to be //critically absent. $userid = $uinfo["userid"]; $dname = sprintf("User #%d", $uinfo["idx"]); } } // //-------------------------------------------------------------------------------------------------------------- //Updates the "mostrecentlogin" string of a user's database record. Input parameter is minimally //checked to be sure no surprises. // //The crmodsguid of the record isn't updated or checked. Reason is that this is an independent //matter (the most recent login time) and not something that can ever be changed directly by //a user. // function USRS_set_mostrecentlogin($userinfo, $mrl_in) { global $GLOBAL_dbhandle; //echo "
\n";
   //print_r($sid_in);
   //print_r($sddt_in);
   //print_r($sdtim_in);
   //echo "
\n"; //Force this to be a string. $mrl_in = (string)$mrl_in; //Force this to be all numeric. $mrl_in = STRFUNC_force_into_subset($mrl_in, "0123456789"); //If it is longer than 8 characters, whack it down. if (strlen($mrl_in) > 8) $mrl_in = SubStr($mrl_in, 0, 8); //Do the query. Nothing should go wrong. $query_string = "UPDATE usrs set mostrecentlogin=\"" . mysql_real_escape_string ($mrl_in, $GLOBAL_dbhandle) . "\" WHERE idx=\"" . $userinfo["idx"] . "\""; //Run the query. We don't much care whether it fails or succeeds (nothing to be done, anyway). mysql_query($query_string, $GLOBAL_dbhandle); } // //-------------------------------------------------------------------------------------------------------------- //End of $RCSfile: usrs.inc,v $. //-------------------------------------------------------------------------------------------------------------- ?>