engelsystem/includes/sys_user.php

<?php
function UID2Nick($UID) {
	if ($UID > 0)
		$SQL = "SELECT Nick FROM `User` WHERE UID='" . sql_escape($UID) . "'";
	else
		$SQL = "SELECT Name FROM `Groups` WHERE UID='" . sql_escape($UID) . "'";

	$Erg = sql_select($SQL);

	if (count($Erg) > 0) {
		if ($UID > 0)
			return $Erg[0]['Nick'];
		else
			return "Group-" . $Erg[0]['Name'];
	} else {
		if ($UID == -1)
			return "Guest";
		else
			return "UserID $UID not found";
	}
}

function TID2Type($TID) {
	global $con;

	$SQL = "SELECT Name FROM `EngelType` WHERE TID='" . sql_escape($TID) . "'";
	$Erg = mysql_query($SQL, $con);

	if (mysql_num_rows($Erg))
		return mysql_result($Erg, 0);
	else
		return "";
}

function ReplaceSmilies($neueckig) {
	$neueckig = str_replace(";o))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig);
	$neueckig = str_replace(":-))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig);
	$neueckig = str_replace(";o)", "<img src=\"pic/smiles/icon_wind.gif\">", $neueckig);
	$neueckig = str_replace(":)", "<img src=\"pic/smiles/icon_smile.gif\">", $neueckig);
	$neueckig = str_replace(":-)", "<img src=\"pic/smiles/icon_smile.gif\">", $neueckig);
	$neueckig = str_replace(":(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig);
	$neueckig = str_replace(":-(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig);
	$neueckig = str_replace(":o(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig);
	$neueckig = str_replace(":o)", "<img src=\"pic/smiles/icon_lol.gif\">", $neueckig);
	$neueckig = str_replace(";o(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig);
	$neueckig = str_replace(";(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig);
	$neueckig = str_replace(";-(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig);
	$neueckig = str_replace("8)", "<img src=\"pic/smiles/icon_rolleyes.gif\">", $neueckig);
	$neueckig = str_replace("8o)", "<img src=\"pic/smiles/icon_rolleyes.gif\">", $neueckig);
	$neueckig = str_replace(":P", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig);
	$neueckig = str_replace(":-P", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig);
	$neueckig = str_replace(":oP", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig);
	$neueckig = str_replace(";P", "<img src=\"pic/smiles/icon_mad.gif\">", $neueckig);
	$neueckig = str_replace(";oP", "<img src=\"pic/smiles/icon_mad.gif\">", $neueckig);
	$neueckig = str_replace("?)", "<img src=\"pic/smiles/icon_question.gif\">", $neueckig);

	return $neueckig;
}

function GetPictureShow($UID) {
	global $con;

	$SQL = "SELECT `show` FROM `UserPicture` WHERE `UID`='" . sql_escape($UID) . "'";
	$res = mysql_query($SQL, $con);

	if (mysql_num_rows($res) == 1)
		return mysql_result($res, 0, 0);
	else
		return "";
}

function displayPicture($UID, $height = "30") {
	global $url, $ENGEL_ROOT;

	if ($height > 0)
		return ("<div class=\"avatar\"><img src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" height=\"$height\" alt=\"picture of USER$UID\" class=\"photo\"></div>");
	else
		return ("<div class=\"avatar\"><img class=\"avatar\" src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" alt=\"picture of USER$UID\"></div>");
}

function displayavatar($UID, $height = "30") {
	global $con, $url, $ENGEL_ROOT;

	if (GetPictureShow($UID) == 'Y')
		return "&nbsp;" . displayPicture($UID, $height);

	$user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($UID) . " LIMIT 1");
	if (count($user) > 0)
		if ($user[0]['Avatar'] > 0)
			return '<div class="avatar">' . ("&nbsp;<img src=\"pic/avatar/avatar" . $user[0]['Avatar'] . ".gif\">") . '</div>';
}

function UIDgekommen($UID) {
	global $con;

	$SQL = "SELECT `Gekommen` FROM `User` WHERE UID='" . sql_escape($UID) . "'";
	$Erg = mysql_query($SQL, $con);

	if (mysql_num_rows($Erg))
		return mysql_result($Erg, 0);
	else
		return "0";
}
?>
news 2011-06-02 01:45:46 +02:00			`<?php`
			`function UID2Nick($UID) {`
			`if ($UID > 0)`
More sql escapes 2011-06-10 10:30:51 +02:00			$SQL = "SELECT Nick FROM `User` WHERE UID='" . sql_escape($UID) . "'";
news 2011-06-02 01:45:46 +02:00			`else`
More sql escapes 2011-06-10 10:30:51 +02:00			$SQL = "SELECT Name FROM `Groups` WHERE UID='" . sql_escape($UID) . "'";
news 2011-06-02 01:45:46 +02:00
			`$Erg = sql_select($SQL);`

			`if (count($Erg) > 0) {`
			`if ($UID > 0)`
			`return $Erg[0]['Nick'];`
			`else`
			`return "Group-" . $Erg[0]['Name'];`
			`} else {`
			`if ($UID == -1)`
			`return "Guest";`
			`else`
			`return "UserID $UID not found";`
			`}`
			`}`

			`function TID2Type($TID) {`
			`global $con;`

More sql escapes 2011-06-10 10:30:51 +02:00			$SQL = "SELECT Name FROM `EngelType` WHERE TID='" . sql_escape($TID) . "'";
news 2011-06-02 01:45:46 +02:00			`$Erg = mysql_query($SQL, $con);`

			`if (mysql_num_rows($Erg))`
			`return mysql_result($Erg, 0);`
			`else`
			`return "";`
			`}`

			`function ReplaceSmilies($neueckig) {`
			`$neueckig = str_replace(";o))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig);`
			`$neueckig = str_replace(":-))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig);`
			`$neueckig = str_replace(";o)", "<img src=\"pic/smiles/icon_wind.gif\">", $neueckig);`
			`$neueckig = str_replace(":)", "<img src=\"pic/smiles/icon_smile.gif\">", $neueckig);`
			`$neueckig = str_replace(":-)", "<img src=\"pic/smiles/icon_smile.gif\">", $neueckig);`
			`$neueckig = str_replace(":(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig);`
			`$neueckig = str_replace(":-(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig);`
			`$neueckig = str_replace(":o(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig);`
			`$neueckig = str_replace(":o)", "<img src=\"pic/smiles/icon_lol.gif\">", $neueckig);`
			`$neueckig = str_replace(";o(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig);`
			`$neueckig = str_replace(";(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig);`
			`$neueckig = str_replace(";-(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig);`
			`$neueckig = str_replace("8)", "<img src=\"pic/smiles/icon_rolleyes.gif\">", $neueckig);`
			`$neueckig = str_replace("8o)", "<img src=\"pic/smiles/icon_rolleyes.gif\">", $neueckig);`
			`$neueckig = str_replace(":P", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig);`
			`$neueckig = str_replace(":-P", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig);`
			`$neueckig = str_replace(":oP", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig);`
			`$neueckig = str_replace(";P", "<img src=\"pic/smiles/icon_mad.gif\">", $neueckig);`
			`$neueckig = str_replace(";oP", "<img src=\"pic/smiles/icon_mad.gif\">", $neueckig);`
			`$neueckig = str_replace("?)", "<img src=\"pic/smiles/icon_question.gif\">", $neueckig);`

			`return $neueckig;`
			`}`

fix typo and remove some globals 2011-09-14 22:53:27 +02:00			`function GetPictureShow($UID) {`
news 2011-06-02 01:45:46 +02:00			`global $con;`

More sql escapes 2011-06-10 10:30:51 +02:00			$SQL = "SELECT `show` FROM `UserPicture` WHERE `UID`='" . sql_escape($UID) . "'";
news 2011-06-02 01:45:46 +02:00			`$res = mysql_query($SQL, $con);`

			`if (mysql_num_rows($res) == 1)`
			`return mysql_result($res, 0, 0);`
			`else`
			`return "";`
			`}`

fix typo and remove some globals 2011-09-14 22:53:27 +02:00			`function displayPicture($UID, $height = "30") {`
news 2011-06-02 01:45:46 +02:00			`global $url, $ENGEL_ROOT;`

			`if ($height > 0)`
news refined 2011-06-03 05:12:50 +02:00			`return ("<div class=\"avatar\"><img src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" height=\"$height\" alt=\"picture of USER$UID\" class=\"photo\"></div>");`
news 2011-06-02 01:45:46 +02:00			`else`
news refined 2011-06-03 05:12:50 +02:00			`return ("<div class=\"avatar\"><img class=\"avatar\" src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" alt=\"picture of USER$UID\"></div>");`
news 2011-06-02 01:45:46 +02:00			`}`

			`function displayavatar($UID, $height = "30") {`
			`global $con, $url, $ENGEL_ROOT;`

fix typo and remove some globals 2011-09-14 22:53:27 +02:00			`if (GetPictureShow($UID) == 'Y')`
			`return " " . displayPicture($UID, $height);`
news 2011-06-02 01:45:46 +02:00
user management 2011-06-03 07:44:50 +02:00			$user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($UID) . " LIMIT 1");
			`if (count($user) > 0)`
			`if ($user[0]['Avatar'] > 0)`
			`return '<div class="avatar">' . (" <img src=\"pic/avatar/avatar" . $user[0]['Avatar'] . ".gif\">") . '</div>';`
news 2011-06-02 01:45:46 +02:00			`}`

			`function UIDgekommen($UID) {`
			`global $con;`

More sql escapes 2011-06-10 10:30:51 +02:00			$SQL = "SELECT `Gekommen` FROM `User` WHERE UID='" . sql_escape($UID) . "'";
news 2011-06-02 01:45:46 +02:00			`$Erg = mysql_query($SQL, $con);`

			`if (mysql_num_rows($Erg))`
			`return mysql_result($Erg, 0);`
			`else`
			`return "0";`
			`}`
			`?>`