* Integrated the database abstraction layer into the account pages. One

reason for doing so is because the database abstraction layer provides
  build-in error checking and a debug mode for easy development.

account.php

@@ -96,9 +96,8 @@ function validateUser($user) {
   if ($ban = ban_match($user[email], $type[addresses])) $rval = "the specified e-mail address is banned for the following reason: <I>$ban->reason</I>.";
 
   ### Verify whether username and e-mail address are unique:
-  dbconnect();
+  if (db_num_rows(db_query("SELECT userid FROM users WHERE LOWER(userid)=LOWER('$user[userid]')")) > 0) $rval = "the specified username is already taken.";
-  if (mysql_num_rows(mysql_query("SELECT userid FROM users WHERE LOWER(userid)=LOWER('$user[userid]')")) > 0) $rval = "the specified username is already taken.";
+  if (db_num_rows(db_query("SELECT email FROM users WHERE LOWER(email)=LOWER('$user[email]')")) > 0) $rval = "the specified e-mail address is already registered.";
-  if (mysql_num_rows(mysql_query("SELECT email FROM users WHERE LOWER(email)=LOWER('$user[email]')")) > 0) $rval = "the specified e-mail address is already registered.";
   return($rval);
 }
 

database.inc

@@ -35,6 +35,18 @@ function db_fetch_object($qid) {
   if ($qid) return mysql_fetch_object($qid);
 }
 
+function db_num_rows($qid) {
+  if ($qid) return mysql_num_rows($qid);
+}
+
+function db_fetch_row($qid) {
+  if ($qid) return mysql_fetch_row($qid);
+}
+
+function db_fetch_array($qid) {
+  if ($qid) return mysql_fetch_array($qid);
+}
+
 #
 # Automatically connect to database:
 #

user.class.php

@@ -5,10 +5,9 @@ $access = array("Administrator"	=> 0x00000001,
 
 class User {
   function User($userid, $passwd="") {
-    dbconnect();
+    $result = db_query("SELECT * FROM users WHERE LOWER(userid)=LOWER('$userid') && passwd=PASSWORD('$passwd') && STATUS=0");
-    $result = mysql_query("SELECT * FROM users WHERE LOWER(userid)=LOWER('$userid') && passwd=PASSWORD('$passwd') && STATUS=0") or die(sprintf("Critical error at line %d in %s: %s", __LINE__, __FILE__, mysql_error()));
+    if (db_num_rows($result) == 1) {
-    if (mysql_num_rows($result) == 1) {
+      foreach (db_fetch_row($result) as $key=>$value) { $field = mysql_field_name($result, $key); $this->$field = stripslashes($value); $this->field[] = $field; }
-      foreach (mysql_fetch_row($result) as $key=>$value) { $field = mysql_field_name($result, $key); $this->$field = stripslashes($value); $this->field[] = $field; }
     }
   }
   function save() {
@@ -17,13 +16,12 @@ class User {
     foreach ($this->field as $key=>$field) { $value = $this->$field; $query .= "$field = '". addslashes($value) ."', "; }
     $query .= " id = $this->id WHERE id = $this->id";
     ### Perform query:
-    mysql_query($query);
+    db_query($query);
   }
   function rehash() {
-    dbconnect();
+    $result = db_query("SELECT * FROM users WHERE id=$this->id");
-    $result = mysql_query("SELECT * FROM users WHERE id=$this->id") or die(sprintf("Critical error at line %d in %s: %s", __LINE__, __FILE__, mysql_error()));
+    if (db_num_rows($result) == 1) {
-    if (mysql_num_rows($result) == 1) {
+      foreach (db_fetch_array($result) as $key=>$value) { $this->$key = stripslashes($value); }
-      foreach (mysql_fetch_array($result) as $key=>$value) { $this->$key = stripslashes($value); }
     }
   }
   function valid($access=0) {
@@ -31,8 +29,7 @@ class User {
       $this->rehash();  // synchronisation purpose
       $this->last_access = time();
       $this->last_host = (!empty($GLOBALS[REMOTE_HOST]) ? $GLOBALS[REMOTE_HOST] : $GLOBALS[REMOTE_ADDR] );
-      dbconnect();
+      db_query("UPDATE users SET last_access='$this->last_access',last_host='$this->last_host' WHERE id=$this->id");
-      mysql_query("UPDATE users SET last_access='$this->last_access',last_host='$this->last_host' WHERE id=$this->id") or die(sprintf("Critical error at line %d in %s: %s", __LINE__, __FILE__, mysql_error()));
       if ($this->access & $access || $access == 0) return 1;
     }
     return 0;