No OneTemporary
Actions

Size

84 KB

Subscribers

None

View Options

	diff --git a/Models/Content/Location.php b/Models/Content/Location.php
	index 06030de..d3f4bbc 100644
	--- a/Models/Content/Location.php
	+++ b/Models/Content/Location.php
	@@ -1,244 +1,244 @@
	<?php

	/**
	* Content location class
	*
	* Zed. The immensity of stars. The HyperShip. The people.
	*
	* (c) 2010, Dereckson, some rights reserved.
	* Released under BSD license.
	*
	* 0.1 2010-12-03 2:58 Forked from Content class
	*
	* @package Zed
	* @subpackage Content
	* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
	* @copyright 2010 Sébastien Santoro aka Dereckson
	* @license http://www.opensource.org/licenses/bsd-license.php BSD
	* @version 0.1
	* @link http://scherzo.dereckson.be/doc/zed
	* @link http://zed.dereckson.be/
	* @filesource
	*/

	namespace Zed\Models\Content;

	use Keruald\Database\DatabaseEngine;

	use Zed\Models\Base\Entity;

	/**
	* Content location class
	*
	* This class maps the content_locations table.
	*
	* A content location is defined by 3 parameters:
	* - location_global
	* - location_local
	* - location_k, an index for the content at the specified location
	*
	* This class allows to get or set the content_id at this
	* (global, local, k) location.
	*
	* This class also provides a static helper method to
	* get local content from a specific location.
	*/
	class Location extends Entity {

	/* -------------------------------------------------------------
	Properties
	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */

	public $location_global = null;
	public $location_local = null;
	public $location_k = null;

	public $content_id;

	/* -------------------------------------------------------------
	Constructor, __toString
	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */

	/**
	* Initializes a new Location instance
	*
	* @param string $location_global the global location
	* @param string $location_local the local location
	* @param int $location_k the item indice for the specified location
	*/
	function __construct (DatabaseEngine $db, $location_global = null, $location_local = null, $location_k = null) {
	$this->setDatabase($db);

	$this->location_global = $location_global;
	$this->location_local = $location_local;

	if ($location_k) {
	$this->location_k = $location_k;
	$this->load_from_database();
	} else {
	$this->location_k = self::get_free_location_k($location_global, $location_local);
	}
	}

	/**
	* Returns a string representation of current Location instance
	*
	* @return string the content title or path if title is blank.
	*/
	function __toString () {
	$location_global = $this->location_global ?: '?';
	$location_local = $this->location_local ?: '?';
	$location_k = $this->location_k ?: '?';
	return "($location_global, $location_local, $location_k)";
	}

	/* -------------------------------------------------------------
	Load/save class
	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */

	/**
	* Loads the object Location (ie fill the properties) from the database
	*/
	function load_from_database () : bool {
	$db = $this->getDatabase();

	$location_global = "'" . $db->escape($this->location_global) . "'";
	$location_local = "'" . $db->escape($this->location_local) . "'";
	$location_k = "'" . $db->escape($this->location_k) . "'";
	$sql = "SELECT * FROM content_locations WHERE location_global = '$location_global' AND location_local = '$location_local' AND location_k = '$location_k'";
	if ( !($result = $db->query($sql)) ) {
	message_die(SQL_ERROR, "Unable to query content", '', __LINE__, __FILE__, $sql);
	}
	if (!$row = $db->fetchRow($result)) {
	$this->lastError = "Content location unknown: " . $this->content_id;
	return false;
	}
	$this->load_from_row($row);
	return true;
	}

	/**
	* Loads the object from row
	*/
	function load_from_row ($row) {
	$this->content_id = $row['content_id'];
	$this->location_global = $row['location_global'];
	$this->location_local = $row['location_local'];
	$this->location_k = $row['location_k'];
	}

	/**
	* Saves to database
	*/
	function save_to_database () : void {
	$db = $this->getDatabase();

	$location_global = "'" . $db->escape($this->location_global) . "'";
	$location_local = "'" . $db->escape($this->location_local) . "'";
	$location_k = "'" . $db->escape($this->location_k) . "'";
	$content_id = $this->content_id ? "'" . $db->escape($this->content_id) . "'" : 'NULL';

	$sql = "REPLACE INTO content_locations (location_global, location_local, location_k, content_id) VALUES ($location_global, $location_local, $location_k, $content_id)";
	if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Can't save content location", '', __LINE__, __FILE__, $sql);
	}
	}

	/* -------------------------------------------------------------
	Helper methods
	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */

	/**
	* Gets the next k free value for the specified location
	*
	* @param string $location_global the global location
	* @param string $location_local the local location
	*
	* @param int $location_k the next free local content indice
	*/
	function get_free_location_k ($location_global, $location_local) {
	$db = $this->getDatabase();

	$location_global = "'" . $db->escape($location_global) . "'";
	$location_local = "'" . $db->escape($location_local) . "'";
	- $sql = "SELECT MAX(location_k) + 1 FROM content_locations WHERE location_global = '$location_global' AND location_local = '$location_local'";
	+ $sql = "SELECT MAX(location_k) + 1 as next_k FROM content_locations WHERE location_global = '$location_global' AND location_local = '$location_local'";
	if (!$result = $db->query($sql)) {
	message_die(SQL_ERROR, "Can't get content location k", '', __LINE__, __FILE__, $sql);
	}
	$row = $db->fetchRow($result);
	- return $row[0];
	+ return $row["next_k"];
	}

	/**
	* Deletes this content location from the database
	*/
	function delete() {
	$db = $this->getDatabase();

	$location_global = "'" . $db->escape($this->location_global) . "'";
	$location_local = "'" . $db->escape($this->location_local) . "'";
	$location_k = "'" . $db->escape($this->location_k) . "'";
	$sql = "DELETE FROM content_locations WHERE location_global = '$location_global' AND location_local = '$location_local' AND location_k = '$location_k' LIMIT 1";
	if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Can't delete current content location", '', __LINE__, __FILE__, $sql);
	}
	}

	/**
	* Moves the content into new location
	*
	* @param string $location_global the target global location
	* @param string $location_local the target local location
	* @param int $location_k the target local content indice [facultative]
	*/
	function move ($location_global, $location_local, $location_k = null) {
	if ($this->content_id) {
	$this->delete();
	}

	if ($location_k) {
	$this->location_k = $location_k;
	} else {
	$this->location_k = self::get_free_location_k($location_global, $location_local);
	}

	if ($this->content_id) {
	$this->save_to_database();
	}
	}

	/* -------------------------------------------------------------
	Gets content
	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */

	/**
	* Gets content at specified location
	*
	* @param string $location_global global content location
	* @param string $location_local local content location
	* @return File[]
	*
	* The returned array indices are the local_k.
	*/
	static function get_local_content (DatabaseEngine $db, string $location_global, string $location_local) : array {
	//Get contents at this location
	$location_global = $db->escape($location_global);
	$location_local = $db->escape($location_local);

	$sql = "SELECT c.* FROM content c WHERE c.location_global = '$location_global' AND c.location_local = '$location_local' ORDER BY location_k ASC";
	if (!$result = $db->query($sql)) {
	message_die(SQL_ERROR, "Can't get content", '', __LINE__, __FILE__, $sql);
	}

	//Fills content array
	$contents = [];
	while ($row = $db->fetchRow($result)) {
	$k = $row['location_k'];
	$contents[$k] = new File($db);
	$contents[$k]->load_from_row($row);
	}

	return $contents;
	}

	}
	diff --git a/Models/Geo/Galaxy.php b/Models/Geo/Galaxy.php
	index 0630472..1dd7d18 100644
	--- a/Models/Geo/Galaxy.php
	+++ b/Models/Geo/Galaxy.php
	@@ -1,62 +1,64 @@
	<?php

	/**
	* Geo galaxy class.
	*
	* Zed. The immensity of stars. The HyperShip. The people.
	*
	* (c) 2010, Dereckson, some rights reserved.
	* Released under BSD license.
	*
	* A 3D grid of objects
	*
	* 0.1 2010-02-08 14:02 Initial version [DcK]
	* 0.2 2010-07-25 9:20 Spherical conversion, get objects
	*
	* @package Zed
	* @subpackage Geo
	* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
	* @copyright 2010 Sébastien Santoro aka Dereckson
	* @license http://www.opensource.org/licenses/bsd-license.php BSD
	* @version 0.1
	* @link http://scherzo.dereckson.be/doc/zed
	* @link http://zed.dereckson.be/
	* @filesource
	*/

	namespace Zed\Models\Geo;

	use Hypership\Geo\Point3D;
	use Keruald\Database\DatabaseEngine;

	/**
	* Geo galaxy class
	*/
	class Galaxy {
	/*
	* ----------------------------------------------------------------------- *
	* Objects fetchers
	* ----------------------------------------------------------------------- *
	*/

	/**
	* Gets all the coordinates of the objects in the galaxy.
	*
	* @return array An array of array. Each item is [string object_name, string object_type, Point3D coordinates]
	*/
	static function getCoordinates (DatabaseEngine $db) {
	- $sql = "SELECT * FROM geo_coordinates";
	+
	+ $sql = "SELECT object_name as `name`, object_type as `type`, object_location as location FROM geo_coordinates";
	if (!$result = $db->query($sql)) {
	message_die(SQL_ERROR, "Can't query geo_coordinates view.", '', __LINE__, __FILE__, $sql);
	}

	$objects = [];
	while ($row = $db->fetchRow($result)) {
	//Demios ship xyz: [-50, 30, 40]
	//Kaos asteroid xyz: [150, -129, 10]
	- $objects[] = [$row[0], $row[1], Point3D::fromString($row[2])];
	+ $row["location"] = Point3D::fromString($row["location"]);
	+ $objects[] = $row;
	}
	return $objects;
	}

	}
	diff --git a/Models/Messages/Message.php b/Models/Messages/Message.php
	index b36a4f6..8f21af8 100644
	--- a/Models/Messages/Message.php
	+++ b/Models/Messages/Message.php
	@@ -1,221 +1,221 @@
	<?php

	/**
	* Message class
	*
	* Zed. The immensity of stars. The HyperShip. The people.
	*
	* (c) 2010, Dereckson, some rights reserved.
	* Released under BSD license.
	*
	* 0.1 2010-01-28 01:47 Autogenerated by Pluton Scaffolding
	*
	* @package Zed
	* @subpackage Model
	* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
	* @copyright 2010 Sébastien Santoro aka Dereckson
	* @license http://www.opensource.org/licenses/bsd-license.php BSD
	* @version 0.1
	* @link http://scherzo.dereckson.be/doc/zed
	* @link http://zed.dereckson.be/
	* @filesource
	*/

	namespace Zed\Models\Messages;

	use Keruald\Database\DatabaseEngine;
	use Zed\Models\Base\Entity;
	use Zed\Models\Objects\Perso;

	/**
	* Message class
	*
	* This class maps the messages table.
	*
	* It also provides a static method to get perso's messages.
	*/
	class Message extends Entity {

	public $id;
	public $date;
	private $from;
	public $to;
	public $text;
	public $flag;

	public MessageSource $source;
	public ?Perso $perso;

	public string $lastError = "";

	/**
	* Initializes a new instance
	*
	* @param int $id the primary key
	*/
	function __construct (DatabaseEngine $db, $id = null) {
	$this->setDatabase($db);

	if ($id) {
	$this->id = $id;
	$this->load_from_database();
	} else {
	$this->date = time();
	$this->flag = 0; //unread
	}
	}

	/**
	* Loads the object Message (ie fill the properties) from the $_POST array
	*/
	function load_from_form () {
	if (array_key_exists('date', $_POST)) {
	$this->date = $_POST['date'];
	}
	if (array_key_exists('from', $_POST)) {
	$this->from = $_POST['from'];
	}
	if (array_key_exists('to', $_POST)) {
	$this->to = $_POST['to'];
	}
	if (array_key_exists('text', $_POST)) {
	$this->text = $_POST['text'];
	}
	if (array_key_exists('flag', $_POST)) {
	$this->flag = $_POST['flag'];
	}
	}

	/**
	* Loads the object Message (ie fill the properties) from the database
	*/
	function load_from_database (): bool {
	$db = $this->getDatabase();

	$sql = "SELECT * FROM messages WHERE message_id = '" . $this->id . "'";
	if (!($result = $db->query($sql))) {
	message_die(SQL_ERROR, "Unable to query messages", '', __LINE__, __FILE__, $sql);
	}
	if (!$row = $db->fetchRow($result)) {
	$this->lastError = "Message unknown: " . $this->id;
	return false;
	}
	$this->date = $row['message_date'];
	$this->from = (int)$row['message_from'];
	$this->to = $row['message_to'];
	$this->text = $row['message_text'];
	$this->flag = $row['message_flag'];

	$this->computeSource();

	return true;
	}

	/**
	* Saves to database
	*/
	function save_to_database (): void {
	$db = $this->getDatabase();

	$id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
	$date = $db->escape($this->date);
	$from = match ($this->source) {
	MessageSource::System => 0,
	MessageSource::Perso => $this->perso->id,
	};
	$to = $db->escape($this->to);
	$text = $db->escape($this->text);
	$flag = $db->escape($this->flag);

	//Updates or inserts
	$sql = "REPLACE INTO messages (`message_id`, `message_date`, `message_from`, `message_to`, `message_text`, `message_flag`) VALUES ($id, '$date', '$from', '$to', '$text', '$flag')";
	if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
	}

	if (!$id) {
	//Gets new record id value
	$this->id = $db->nextId();
	}
	}

	public function setAsSystem () {
	$this->source = MessageSource::System;
	$this->perso = null;
	}

	public function setFrom (Perso $perso) {
	$this->source = MessageSource::Perso;
	$this->perso = $perso;
	}

	private function computeSource () {
	$db = $this->getDatabase();

	$this->source = match ($this->from) {
	0 => MessageSource::System,
	default => MessageSource::Perso,
	};

	$this->perso = match ($this->from) {
	0 => null,
	default => Perso::get($db, $this->from),
	};
	}

	/**
	* Sends the message
	*/
	function send (): void {
	$this->save_to_database();
	//TODO: triggers new message notifier
	}

	/**
	* Deletes the message
	*/
	function delete (): void {
	//A message is deleted if its flag value is 2
	if ($this->flag != 2) {
	$this->flag = 2;
	$this->save_to_database();
	}
	}

	/**
	* Gets messages from the specified perso
	*/
	static function get_messages (DatabaseEngine $db, Perso $perso, bool $mark_as_read = true, int &$countNewMessages = 0) {
	$ids = [];

	$sql = "SELECT message_id FROM " . TABLE_MESSAGES . " WHERE message_to = " . $db->escape($perso->id) . " AND message_flag < 2 ORDER BY message_id DESC";
	if (!$result = $db->query($sql)) {
	message_die(SQL_ERROR, "Unable to get messages", '', __LINE__, __FILE__, $sql);
	}

	$messages = [];
	while ($row = $db->fetchRow($result)) {
	- $message = new Message($db, $row[0]);
	+ $message = new Message($db, $row["message_id"]);
	$messages[] = $message;
	$ids[] = $message->id;
	if ($message->flag == 0) {
	//New message
	$countNewMessages++;
	}
	}
	if ($mark_as_read && count($ids)) {
	$ids = join(', ', $ids);
	$sql = "UPDATE " . TABLE_MESSAGES . " SET message_flag = '1' WHERE message_id IN ($ids)";
	$db->query($sql);
	}
	return $messages;
	}

	public function isSelf (): bool {
	return match ($this->source) {
	MessageSource::System => false,
	MessageSource::Perso => $this->perso->id == $this->to,
	};
	}

	}
	diff --git a/Models/Objects/Invite.php b/Models/Objects/Invite.php
	index bedc270..13da37c 100644
	--- a/Models/Objects/Invite.php
	+++ b/Models/Objects/Invite.php
	@@ -1,200 +1,200 @@
	<?php

	/**
	* User invite class
	*
	* Zed. The immensity of stars. The HyperShip. The people.
	*
	* (c) 2010, Dereckson, some rights reserved.
	* Released under BSD license.
	*
	* 0.1 2010-06-29 02:13 Initial version [DcK]
	*
	* @package Zed
	* @subpackage Model
	* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
	* @copyright 2010 Sébastien Santoro aka Dereckson
	* @license http://www.opensource.org/licenses/bsd-license.php BSD
	* @version 0.1
	* @link http://scherzo.dereckson.be/doc/zed
	* @link http://zed.dereckson.be/
	* @filesource
	*/

	namespace Zed\Models\Objects;

	use Keruald\Database\DatabaseEngine;
	use Keruald\OmniTools\Identifiers\Random;
	use Zed\Models\Base\Entity;

	/**
	* User invite class
	*
	* This class maps the users_invites table.
	*/
	class Invite extends Entity {

	public $code;
	public $date;
	public $from_user_id;
	public $from_perso_id;

	public string $lastError = "";

	/**
	* The user_id who have been claimed the invite
	* Will be NULL as long as the invite haven't been claimed
	*
	* @var int
	*/
	public $to_user_id = null;

	/**
	* Initializes a new instance
	*/
	function __construct (DatabaseEngine $db, $code = null) {
	$this->setDatabase($db);

	if ($code) {
	$this->code = $code;
	$this->load_from_database();
	} else {
	//New invite code
	$this->generate_code();
	$this->date = time();
	}
	}

	/**
	* Generates a unique invite code and sets it in the code property.
	*/
	function generate_code () {
	$db = $this->getDatabase();

	do {
	$this->code = Random::generateString("AAA111");
	- $sql = "SELECT COUNT(*) FROM " . TABLE_USERS_INVITES . " WHERE invite_code = '$this->code' LOCK IN SHARE MODE;";
	+ $sql = "SELECT COUNT(*) as count FROM " . TABLE_USERS_INVITES . " WHERE invite_code = '$this->code' LOCK IN SHARE MODE;";
	if (!$result = $db->query($sql)) {
	message_die(SQL_ERROR, "Can't access invite users table", '', __LINE__, __FILE__, $sql);
	}
	$row = $db->fetchRow($result);
	- } while ($row[0]);
	+ } while ($row["count"]);
	}

	/**
	* Loads the object Invite (ie fill the properties) from the database
	*/
	function load_from_database (): bool {
	$db = $this->getDatabase();

	$code = $db->escape($this->code);
	$sql = "SELECT * FROM " . TABLE_USERS_INVITES . " WHERE invite_code = '" . $code . "'";
	if (!($result = $db->query($sql))) {
	message_die(SQL_ERROR, "Unable to query invite codes", '', __LINE__, __FILE__, $sql);
	}
	if (!$row = $db->fetchRow($result)) {
	$this->lastError = "Invite code unknown: " . $this->code;
	return false;
	}
	$this->code = $row['invite_code'];
	$this->date = $row['invite_date'];
	$this->from_user_id = $row['invite_from_user_id'];
	$this->from_perso_id = $row['invite_from_perso_id'];
	$this->to_user_id = $row['invite_to_user_id'];

	return true;
	}

	/**
	* Determines whether the current invite code have been claimed by an user.
	*
	* @return true if the code have been claimed ; otherwise, false.
	*/
	function is_claimed (): bool {
	return (bool)$this->to_user_id;
	}

	/**
	* Saves to database
	*/
	function save_to_database (): void {
	$db = $this->getDatabase();

	$code = $db->escape($this->code);
	$date = $db->escape($this->date);
	$from_user_id = $db->escape($this->from_user_id);
	$from_perso_id = $db->escape($this->from_perso_id);
	$to_user_id = $this->to_user_id ? "'" . $db->escape($this->to_user_id) . "'" : 'NULL';

	//Updates or inserts
	$sql = "REPLACE INTO " . TABLE_USERS_INVITES . " (`invite_code`, `invite_date`, `invite_from_user_id`, `invite_from_perso_id`, `invite_to_user_id`) VALUES ('$code', '$date', '$from_user_id', '$from_perso_id', $to_user_id)";
	if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Unable to save invite code", '', __LINE__, __FILE__, $sql);
	}
	}

	/**
	* Deletes the invite
	*/
	function delete () {
	$db = $this->getDatabase();

	$code = $db->escape($this->code);
	$sql = "DELETE FROM " . TABLE_USERS_INVITES . " WHERE invite_code = '$code'";
	if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Unable to save delete code", '', __LINE__, __FILE__, $sql);
	}
	}

	/**
	* Creates an invite code
	*/
	static function create (DatabaseEngine $db, Perso $perso): string {
	$invite = new Invite($db);
	$invite->from_perso_id = $perso->id;
	$invite->from_user_id = $perso->user_id;
	$invite->save_to_database();

	return $invite->code;
	}

	/**
	* Gets invites generated by the specified perso ID
	*
	* @return string[]
	*/
	static function get_invites_from (DatabaseEngine $db, Perso $perso): array {
	$perso_id = $perso->id;
	$sql = "SELECT invite_code FROM " . TABLE_USERS_INVITES
	. " WHERE invite_from_perso_id = $perso_id AND invite_to_user_id IS NULL ORDER BY invite_date ASC";
	if (!$result = $db->query($sql)) {
	message_die(SQL_ERROR, "Can't access invite users table", '', __LINE__, __FILE__, $sql);
	}

	$codes = [];
	while ($row = $db->fetchRow($result)) {
	$codes[] = $row['invite_code'];
	}
	return $codes;
	}

	/**
	* Gets the perso ID who invited the specified perso
	*
	* @return int\|null the perso whom to get the invites ; or null, if nobody have invited him
	*/
	static function who_invited (DatabaseEngine $db, Perso $perso): ?int {
	$user_id = $perso->user_id;

	$sql = "SELECT invite_from_perso_id FROM " . TABLE_USERS_INVITES . " WHERE invite_to_user_id = '$user_id'";
	if (!$result = $db->query($sql)) {
	message_die(SQL_ERROR, "Can't access invite users table", '', __LINE__, __FILE__, $sql);
	}
	if ($row = $db->fetchRow($result)) {
	- return $row[0];
	+ return (int)$row["invite_from_perso_id"];
	}

	return null;
	}

	}
	diff --git a/Models/Objects/Perso.php b/Models/Objects/Perso.php
	index 376b616..6dd1412 100644
	--- a/Models/Objects/Perso.php
	+++ b/Models/Objects/Perso.php
	@@ -1,615 +1,615 @@
	<?php

	/**
	* Perso class
	*
	* Zed. The immensity of stars. The HyperShip. The people.
	*
	* (c) 2010, Dereckson, some rights reserved.
	* Released under BSD license.
	*
	* 0.1 2010-01-27 00:39 Autogenerated by Pluton Scaffolding
	* 0.2 2010-01-29 14:39 Adding flags support
	* 0.3 2010-02-06 17:50 Adding static perso hashtable
	* 0.4 2012-07-04 11:37 Refactoring: moving code from index.php
	*
	* @package Zed
	* @subpackage Model
	* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
	* @copyright 2010, 2012 Sébastien Santoro aka Dereckson
	* @license http://www.opensource.org/licenses/bsd-license.php BSD
	* @version 0.1
	* @link http://scherzo.dereckson.be/doc/zed
	* @link http://zed.dereckson.be/
	* @filesource
	*/

	namespace Zed\Models\Objects;

	use Keruald\Database\DatabaseEngine;
	use Zed\Models\Base\Entity;
	use Zed\Models\Geo\Location;
	use Zed\Models\Messages\Message;

	/**
	* Perso class
	*
	* This class maps the persos table.
	*
	* The class also provides methods
	* to move or locate a perso,
	* to gets and sets perso's flags and notes (tables persos_flags and persos_notes),
	* to gets user's perso or check if a perso is online,
	* to handle on select and logout events.
	*
	*/
	class Perso extends Entity {

	public $id;
	public $user_id;
	public $name;
	public $nickname;
	public $race;
	public $sex;
	public string $avatar = "";

	public $location;
	public $location_global;
	public $location_local;

	public $flags;

	public string $lastError = "";

	public static $hashtable_id = [];
	public static $hashtable_name = [];

	/**
	* Initializes a new instance
	*/
	function __construct (DatabaseEngine $db, mixed $data = null) {
	$this->setDatabase($db);

	if ($data) {
	if (is_numeric($data)) {
	$this->id = $data;
	} else {
	$this->nickname = $data;
	}

	if (!$this->load_from_database()) {
	message_die(GENERAL_ERROR, $this->lastError, "Can't authenticate perso");
	}
	} else {
	$this->generate_id();
	}
	}

	/**
	* Initializes a new Perso instance if needed or get already available one.
	*
	* @deprecated Move to an entities repository
	*/
	static function get (DatabaseEngine $db, mixed $data = null): Perso {
	if ($data) {
	//Checks in the hashtables if we already have loaded this instance
	if (is_numeric($data)) {
	if (array_key_exists($data, Perso::$hashtable_id)) {
	return Perso::$hashtable_id[$data];
	}
	} else {
	if (array_key_exists($data, Perso::$hashtable_name)) {
	return Perso::$hashtable_name[$data];
	}
	}
	}

	return new Perso($db, $data);
	}

	/**
	* Loads the object Perso (ie fill the properties) from the $_POST array
	*/
	function load_from_form () {
	if (array_key_exists('user_id', $_POST)) {
	$this->user_id = $_POST['user_id'];
	}
	if (array_key_exists('name', $_POST)) {
	$this->name = $_POST['name'];
	}
	if (array_key_exists('nickname', $_POST)) {
	$this->nickname = $_POST['nickname'];
	}
	if (array_key_exists('race', $_POST)) {
	$this->race = $_POST['race'];
	}
	if (array_key_exists('sex', $_POST)) {
	$this->sex = $_POST['sex'];
	}
	if (array_key_exists('avatar', $_POST)) {
	$this->avatar = $_POST['avatar'];
	}
	if (array_key_exists('location_global', $_POST)) {
	$this->location_global = $_POST['location_global'];
	}
	if (array_key_exists('location_local', $_POST)) {
	$this->location_local = $_POST['location_local'];
	}
	}

	/**
	* Loads the object Perso (ie fill the properties) from the database
	*/
	function load_from_database (): bool {
	$db = $this->getDatabase();

	//Gets perso
	$sql = "SELECT * FROM " . TABLE_PERSOS;
	if ($this->id) {
	$id = $db->escape($this->id);
	$sql .= " WHERE perso_id = '" . $id . "'";
	} else {
	$nickname = $db->escape($this->nickname);
	$sql .= " WHERE perso_nickname = '" . $nickname . "'";
	}
	if (!($result = $db->query($sql))) {
	message_die(SQL_ERROR, "Unable to query persos", '', __LINE__, __FILE__, $sql);
	}
	if (!$row = $db->fetchRow($result)) {
	$this->lastError = "Perso unknown: " . $this->id;
	return false;
	}

	$this->id = $row['perso_id'];
	$this->user_id = $row['user_id'];
	$this->name = $row['perso_name'];
	$this->nickname = $row['perso_nickname'];
	$this->race = $row['perso_race'];
	$this->sex = $row['perso_sex'];
	$this->avatar = $row['perso_avatar'];
	$this->location_global = $row['location_global'];
	$this->location_local = $row['location_local'];

	//Gets flags
	$sql = "SELECT flag_key, flag_value FROM " . TABLE_PERSOS_FLAGS .
	" WHERE perso_id = $this->id";
	if (!$result = $db->query($sql)) {
	message_die(SQL_ERROR, "Can't get flags", '', __LINE__, __FILE__, $sql);
	}
	while ($row = $db->fetchRow($result)) {
	$this->flags[$row["flag_key"]] = $row["flag_value"];
	}

	//Gets location
	$this->location = new Location(
	$db,
	$this->location_global,
	$this->location_local
	);

	//Puts object in hashtables
	Perso::$hashtable_id[$this->id] = $this;
	Perso::$hashtable_name[$this->nickname] = $this;

	return true;
	}

	/**
	* Saves to database
	*/
	function save_to_database (): void {
	$db = $this->getDatabase();

	$id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
	$user_id = $db->escape($this->user_id);
	$name = $db->escape($this->name);
	$nickname = $db->escape($this->nickname);
	$race = $db->escape($this->race);
	$sex = $db->escape($this->sex);
	$avatar = $db->escape($this->avatar);
	$location_global = $this->location_global ? "'" . $db->escape($this->location_global) . "'" : 'NULL';
	$location_local = $this->location_local ? "'" . $db->escape($this->location_local) . "'" : 'NULL';

	//Updates or inserts
	$sql = "REPLACE INTO " . TABLE_PERSOS . " (`perso_id`, `user_id`, `perso_name`, `perso_nickname`, `perso_race`, `perso_sex`, `perso_avatar`, `location_global`, `location_local`) VALUES ($id, '$user_id', '$name', '$nickname', '$race', '$sex', '$avatar', $location_global, $location_local)";
	if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
	}

	if (!$id) {
	//Gets new record id value
	$this->id = $db->nextId();
	}
	}

	/**
	* Updates the specified field in the database record
	*/
	function save_field (string $field): void {
	$db = $this->getDatabase();

	if (!$this->id) {
	message_die(GENERAL_ERROR, "You're trying to update a perso record not yet saved in the database: $field");
	}
	$id = $db->escape($this->id);
	$value = $db->escape($this->$field);
	$sql = "UPDATE " . TABLE_PERSOS . " SET `$field` = '$value' WHERE perso_id = '$id'";
	if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Unable to save $field field", '', __LINE__, __FILE__, $sql);
	}
	}

	/**
	* Gets perso location
	*
	* @return string The location names
	*/
	public function where (): string {
	return $this->location->__toString();
	}

	/**
	* Moves the perso to a new location
	*
	* @param string\|null $global the global target location
	* @param string\|null $local the local target location
	*/
	public function move_to (string $global = null, string $local = null): void {

	//Sets global location
	if ($global !== null) {
	$this->location_global = $global;
	}

	//Sets local location
	if ($local !== null) {
	$this->location_local = $local;
	}

	//Updates database record
	if ($global !== null && $local !== null) {
	$db = $this->getDatabase();

	$perso_id = $db->escape($this->id);
	$g = $db->escape($this->location_global);
	$l = $db->escape($this->location_local);
	$sql = "UPDATE " . TABLE_PERSOS .
	" SET location_global = '$g', location_local = '$l'" .
	" WHERE perso_id = '$perso_id'";
	if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Can't save new $global $local location.", '', __LINE__, __FILE__, $sql);
	}
	} elseif ($global != null) {
	$this->save_field('location_global');
	} elseif ($local != null) {
	$this->save_field('location_local');
	}

	//Updates location member
	$this->location = new Location(
	$this->getDatabase(),
	$this->location_global,
	$this->location_local
	);
	}

	/**
	* Gets the specified flag value
	*
	* @param string $key flag key
	* @param mixed $defaultValue default value if the flag doesn't exist
	* @return mixed the flag value (string) or null if not existing
	*/
	public function get_flag ($key, $defaultValue = null) {
	return $this->flag_exists($key) ? $this->flags[$key] : $defaultValue;
	}

	/**
	* Determines if the specified flag exists
	*
	* @param string $key the flag key to check
	* @return boolean true if the specified flag exists ; otherwise, false.
	*/
	public function flag_exists ($key) {
	return array_key_exists($key, $this->flags);
	}

	/**
	* Sets the specified flag
	*
	* @param string $key flag key
	* @param string $value flag value (optional, default value: 1)
	*/
	public function set_flag ($key, $value = 1) {
	//Checks if flag isn't already set at this value
	if ($this->flags != null && array_key_exists($key, $this->flags) && $this->flags[$key] === $value) {
	return;
	}

	//Saves flag to database
	global $db;
	$id = $db->escape($this->id);
	$key = $db->escape($key);
	$value = $db->escape($value);
	$sql = "REPLACE " . TABLE_PERSOS_FLAGS . " SET perso_id = '$id', flag_key = '$key', flag_value = '$value'";
	if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Can't save flag", '', __LINE__, __FILE__, $sql);
	}

	//Sets flag in this perso instance
	$this->flags[$key] = $value;
	}

	/**
	* Deletes the specified flag
	*
	* @param string $key flag key
	*/
	public function delete_flag ($key) {
	global $db;
	if (!array_key_exists($key, $this->flags)) {
	return;
	}

	$id = $db->escape($this->id);
	$key = $db->escape($key);
	$sql = "DELETE FROM " . TABLE_PERSOS_FLAGS .
	" WHERE flag_key = '$key' AND perso_id = '$id' LIMIT 1";
	if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Can't delete flag", '', __LINE__, __FILE__, $sql);
	}
	}

	/**
	* Ensures the current perso have the specified flag or exits.
	*
	*
	* @param string $flag the flag to assert
	* @param int $threshold value the flags must strictly be greater than (optional, the default value is 0)
	*
	* Example:
	* <code>
	* $perso->set_flag('quux.foo', 1);
	* //The perso wants to read quux, which we allow with the flag quux.foo
	* $perso->request_flag('quux.foo'); //will be okay
	*
	* //The perso wants also to write quux, which we all allow if quux.foo = 2
	* //The threshold will so be 1, as 2 > 1
	* $perso->request_flag('quux.foo', 1); //Will exits, with a "You don't have quux.foo permission" message
	* </code>
	*/
	public function request_flag ($flag, $threshold = 0) {
	if (!array_key_exists($flag, $this->flags) \|\| $this->flags[$flag] <= $threshold) {
	message_die(HACK_ERROR, "You don't have $flag permission.", "Permissions");
	}
	}

	/**
	* Gets the specified note
	*
	* @param string $code the note code
	* @return string the note content
	*/
	public function get_note ($code) {
	global $db;
	$id = $db->escape($this->id);
	$code = $db->escape($code);
	$sql = "SELECT note_text FROM " . TABLE_PERSOS_NOTES . " WHERE perso_id = '$id' AND note_code LIKE '$code'";
	return $db->queryScalar($sql);
	}

	/**
	* Sets the specified note
	*
	* @param string $code the note code
	* @param string $text the note content
	*/
	public function set_note ($code, $text) {
	global $db;
	$id = $db->escape($this->id);
	$code = $db->escape($code);
	$text = $db->escape($text);
	$sql = "REPLACE INTO " . TABLE_PERSOS_NOTES . " (perso_id, note_code, note_text) VALUES ('$id', '$code', '$text')";
	if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Can't save note", '', __LINE__, __FILE__, $sql);
	}
	}

	/**
	* Counts the amount of notes the perso have saved
	*
	* @return int the amount of notes assigned to the perso
	*/
	public function count_notes () {
	global $db;
	$id = $db->escape($this->id);
	$sql = "SELECT COUNT(*) FROM " . TABLE_PERSOS_NOTES . " WHERE perso_id = '$id'";
	return $db->queryScalar($sql);
	}

	/*
	* Determines if the specified ID is available
	*
	* @param integer $id The perso ID to check
	* @return boolean true if the specified ID is available ; otherwise, false
	*/
	public static function is_available_id ($id) {
	global $db;

	- $sql = "SELECT COUNT(*) FROM " . TABLE_PERSOS . " WHERE perso_id = $id LOCK IN SHARE MODE";
	+ $sql = "SELECT COUNT(*) as count FROM " . TABLE_PERSOS . " WHERE perso_id = $id LOCK IN SHARE MODE";
	if (!$result = $db->query($sql)) {
	message_die(SQL_ERROR, "Can't access users table", '', __LINE__, __FILE__, $sql);
	}
	$row = $db->fetchRow($result);
	- return ($row[0] == 0);
	+ return ($row["count"] == 0);
	}

	/**
	* Generates a unique ID for the current object
	*/
	private function generate_id () {
	do {
	$this->id = rand(2001, 5999);
	} while (!Perso::is_available_id($this->id));
	}

	/**
	* Checks if the nickname is available
	*
	* @param string $nickname the nickname to check
	*/
	public static function is_available_nickname ($nickname) {
	global $db;
	$nickname = $db->escape($nickname);
	- $sql = "SELECT COUNT(*) FROM " . TABLE_PERSOS . " WHERE perso_nickname LIKE '$nickname' LOCK IN SHARE MODE;";
	+ $sql = "SELECT COUNT(*) as count FROM " . TABLE_PERSOS . " WHERE perso_nickname LIKE '$nickname' LOCK IN SHARE MODE;";
	if (!$result = $db->query($sql)) {
	message_die(SQL_ERROR, "Utilisateurs non parsable", '', __LINE__, __FILE__, $sql);
	}
	$row = $db->fetchRow($result);
	- return ($row[0] == 0);
	+ return ($row["count"] == 0);
	}

	/**
	* Counts the perso a user have
	*
	* @param int user_id the user ID
	* @return int the user's perso count
	*/
	public static function get_persos_count ($user_id): int {
	global $db;
	$sql = "SELECT COUNT(*) FROM " . TABLE_PERSOS . " WHERE user_id = $user_id";
	return (int)$db->queryScalar($sql);

	}

	/**
	* Gets an array with all the perso of the specified user
	*/
	public static function get_persos (DatabaseEngine $db, User $user): array {
	$user_id = $db->escape($user->id);
	$sql = "SELECT perso_id FROM " . TABLE_PERSOS . " WHERE user_id = $user_id";
	if (!$result = $db->query($sql)) {
	message_die(SQL_ERROR, "Can't get persos", '', __LINE__, __FILE__, $sql);
	}

	$persos = [];
	while ($row = $db->fetchRow($result)) {
	$persos[] = Perso::get($db, $row['perso_id']);
	}
	return $persos;
	}

	/**
	* Gets the first perso a user have
	* (typically to be used when get_persos_count returns 1 to autoselect)
	*
	* @deprecated This case is now handled by the TryAutoSelect class.
	*/
	public static function get_first_perso (DatabaseEngine $db, int $user_id) {
	$sql = "SELECT perso_id FROM " . TABLE_PERSOS . " WHERE user_id = $user_id LIMIT 1";
	if ($perso_id = $db->queryScalar($sql)) {
	return new Perso($db, $perso_id);
	}
	}

	/**
	* Determines whether the perso is online
	*
	* @return bool true if the perso is online ; otherwise, false.
	*/
	public function is_online () {
	global $db;
	$id = $db->escape($this->id);
	- $sql = "SELECT MAX(online) FROM " . TABLE_SESSIONS . " WHERE perso_id = $id";
	+ $sql = "SELECT MAX(online) as is_online FROM " . TABLE_SESSIONS . " WHERE perso_id = $id";
	if (!$result = $db->query($sql)) {
	message_die(SQL_ERROR, "Unable to query the table", '', __LINE__, __FILE__, $sql);
	}
	$row = $db->fetchRow($result);
	- return ($row[0] == 1);
	+ return ($row["is_online"] == 1);
	}

	/**
	* This event method is called when the user selects a new perso
	*/
	public function on_select () {
	//Session
	set_info('perso_id', $this->id);
	$this->set_flag("site.lastlogin", $_SERVER['REQUEST_TIME']);
	define("PersoSelected", true);
	}

	/**
	* This event method is called when the user logs off its account or perso
	*/
	public function on_logout () {
	//Clears perso information in $_SESSION and session table
	set_info('perso_id', null);
	clean_session();
	}

	/**
	* This event method is called when the perso is created
	*/
	public function on_create () {
	//Notifies host
	$this->notify_inviter();
	}

	/**
	* Creates a new perso, from a parameter form
	*
	* @param DatabaseEngine $db
	* @param User $user The user to attach the perso to
	* @param Perso $perso A reference to the created perso (don't initialize it, give it a null value)
	* @param array $errors A reference to the arrays containing errors (should be an empty array, or the method will always return false)
	* @return boolean true if the perso has ben created ; otherwise, false
	*/
	public static function create_perso_from_form (DatabaseEngine $db, User $user, &$perso, &$errors): bool {
	$perso = new Perso($db);
	$perso->load_from_form();
	$perso->user_id = $user->id;

	//Validates forms
	if (!$perso->name) {
	$errors[] = lang_get("NoFullnameSpecified");
	}
	if (!$perso->race) {
	$errors[] = lang_get("NoRaceSpecified");
	$perso->race = "being";
	}
	if (!$perso->sex) {
	$errors[] = lang_get("NoSexSpecified");
	}
	if (!$perso->nickname) {
	$errors[] = lang_get("NoNicknameSpecified");
	} elseif (!Perso::is_available_nickname($perso->nickname)) {
	$errors[] = lang_get("UnavailableNickname");
	}

	if (count($errors)) {
	return false;
	}

	//Creates perso
	$perso->save_to_database();
	$perso->on_create();
	return true;
	}

	/**
	* Notifies the person having invited this perso
	*/
	public function notify_inviter () {
	$db = $this->getDatabase();

	$message = new Message($db);
	$message->setAsSystem();
	$message->to = Invite::who_invited($db, $this);
	$message->text = sprintf(
	lang_get('InvitePersoCreated'),
	$this->name,
	get_server_url() . get_url('who', $this->nickname)
	);
	$message->send();
	}
	}
	diff --git a/Models/Objects/User.php b/Models/Objects/User.php
	index e517e19..f6f6f45 100644
	--- a/Models/Objects/User.php
	+++ b/Models/Objects/User.php
	@@ -1,288 +1,288 @@
	<?php

	/**
	* User class
	*
	* Zed. The immensity of stars. The HyperShip. The people.
	*
	* (c) 2010, Dereckson, some rights reserved.
	* Released under BSD license.
	*
	* [DESIGN BY CONTRACT NOTE] No more than one OpenID per user
	*
	* @package Zed
	* @subpackage Model
	* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
	* @copyright 2010 Sébastien Santoro aka Dereckson
	* @license http://www.opensource.org/licenses/bsd-license.php BSD
	* @version 0.1
	* @link http://scherzo.dereckson.be/doc/zed
	* @link http://zed.dereckson.be/
	* @filesource
	*/

	namespace Zed\Models\Objects;

	use Keruald\Database\DatabaseEngine;
	use Zed\Models\Base\Entity;
	use Zed\Models\Base\WithDatabase;

	/**
	* User class
	*
	* This class maps the users and users_openid tables.
	*
	* It also provides helper methods to check if a login is available,
	* or to retrieve a username from e-mail address.
	*/
	class User extends Entity {

	use WithDatabase;

	///
	/// Properties
	///

	public $id;
	public $name;
	public $password;
	public $active = 0;
	public string $actkey = "";
	public $email;
	public $regdate;

	public string $lastError = "";

	public static $hashtable_id = [];
	public static $hashtable_name = [];

	public array $session = [];

	///
	/// Constructors
	///

	/**
	* Initializes a new instance
	*
	* @param int $id the primary key
	*/
	function __construct (DatabaseEngine $db, $id = null) {
	$this->setDatabase($db);

	if ($id) {
	$this->id = $id;
	$this->load_from_database();
	}
	}

	/**
	* Initializes a new User instance if needed or get already available one.
	*
	* @param mixed $data user ID or name
	* @return User the user instance
	*/
	static function get (DatabaseEngine $db, $data = null) {
	if ($data) {
	//Checks in the hashtables if we already have loaded this instance
	if (is_numeric($data)) {
	if (array_key_exists($data, User::$hashtable_id)) {
	return User::$hashtable_id[$data];
	}
	} else {
	if (array_key_exists($data, User::$hashtable_name)) {
	return User::$hashtable_name[$data];
	}
	}
	}

	return new User($db, $data);
	}

	///
	/// Helper methods
	///

	/**
	* Loads the object User (ie fill the properties) from the $_POST array
	*/
	function load_from_form () {
	if (array_key_exists('name', $_POST)) {
	$this->name = $_POST['name'];
	}
	if (array_key_exists('password', $_POST)) {
	$this->password = $_POST['password'];
	}
	if (array_key_exists('active', $_POST)) {
	$this->active = $_POST['active'];
	}
	if (array_key_exists('actkey', $_POST)) {
	$this->actkey = $_POST['actkey'];
	}
	if (array_key_exists('email', $_POST)) {
	$this->email = $_POST['email'];
	}
	if (array_key_exists('regdate', $_POST)) {
	$this->regdate = $_POST['regdate'];
	}
	}

	/**
	* Loads the object User (ie fill the properties) from the database
	*/
	function load_from_database (): bool {
	$db = $this->getDatabase();

	$sql = "SELECT * FROM " . TABLE_USERS . " WHERE user_id = '" . $this->id . "'";
	if (!($result = $db->query($sql))) {
	message_die(SQL_ERROR, "Unable to query users", '', __LINE__, __FILE__, $sql);
	}
	if (!$row = $db->fetchRow($result)) {
	$this->lastError = "User unknown: " . $this->id;
	return false;
	}
	$this->name = $row['username'];
	$this->password = $row['user_password'];
	$this->active = $row['user_active'];
	$this->actkey = $row['user_actkey'];
	$this->email = $row['user_email'];
	$this->regdate = $row['user_regdate'];

	//Puts object in hashtables
	User::$hashtable_id[$this->id] = $this;
	User::$hashtable_name[$this->name] = $this;

	return true;
	}

	/**
	* Saves to database
	*/
	function save_to_database (): void {
	$db = $this->getDatabase();

	$id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
	$name = $db->escape($this->name);
	$password = $db->escape($this->password);
	$active = $db->escape($this->active);
	$actkey = $db->escape($this->actkey);
	$email = $db->escape($this->email);
	$regdate = $this->regdate ? "'" . $db->escape($this->regdate) . "'" : 'NULL';

	//Updates or inserts
	$sql = "REPLACE INTO " . TABLE_USERS . " (`user_id`, `username`, `user_password`, `user_active`, `user_actkey`, `user_email`, `user_regdate`) VALUES ($id, '$name', '$password', '$active', '$actkey', '$email', $regdate)";
	if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
	}

	if (!$id) {
	//Gets new record id value
	$this->id = $db->nextId();
	}
	}

	/**
	* Updates the specified field in the database record
	*/
	function save_field ($field) {
	$db = $this->getDatabase();

	if (!$this->id) {
	message_die(GENERAL_ERROR, "You're trying to update a record not yet saved in the database");
	}
	$id = $db->escape($this->id);
	$value = $db->escape($this->$field);
	$sql = "UPDATE " . TABLE_USERS . " SET `$field` = '$value' WHERE user_id = '$id'";
	if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Unable to save $field field", '', __LINE__, __FILE__, $sql);
	}
	}

	/**
	* Generates a unique user id
	*/
	function generate_id () {
	$db = $this->getDatabase();

	do {
	$this->id = rand(2001, 5999);
	- $sql = "SELECT COUNT(*) FROM " . TABLE_USERS . " WHERE user_id = $this->id LOCK IN SHARE MODE;";
	+ $sql = "SELECT COUNT(*) as is_already_used FROM " . TABLE_USERS . " WHERE user_id = $this->id LOCK IN SHARE MODE;";
	if (!$result = $db->query($sql)) {
	message_die(SQL_ERROR, "Can't access users table", '', __LINE__, __FILE__, $sql);
	}
	$row = $db->fetchRow($result);
	- } while ($row[0]);
	+ } while ($row["is_already_used"]);
	}

	/**
	* Fills password field with encrypted version of the specified clear password
	*
	* @param string $newpassword The user's new password
	*/
	public function set_password ($newpassword) {
	$this->password = md5($newpassword);
	}

	/**
	* Deletes OpenID for this user
	*/
	public function delete_OpenID () {
	$this->set_OpenID('');
	}

	/**
	* Sets OpenID for this user
	*
	* @param string $url OpenID endpoint URL
	*/
	public function set_OpenID ($url) {
	$db = $this->getDatabase();

	if (!$this->id) {
	$this->save_to_database();
	}
	$url = $db->escape($url);
	$sql = "DELETE FROM " . TABLE_USERS_AUTH . " WHERE auth_type = 'OpenID' AND user_id = $this->id";
	if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Can't delete old OpenID", '', __LINE__, __FILE__, $sql);
	}
	if ($url != '') {
	$sql = "INSERT INTO " . TABLE_USERS_AUTH . " (auth_type, auth_identity, user_id) VALUES ('OpenID', '$url', $this->id)";
	if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Can't add new OpenID", '', __LINE__, __FILE__, $sql);
	}
	}
	}

	/**
	* Checks if a login is available
	*
	* @param string $login the login to check
	* @return bool true if the specified login is available ; otherwise, false.
	*/
	public static function is_available_login (DatabaseEngine $db, $login): bool {
	- $sql = "SELECT COUNT(*) FROM " . TABLE_USERS . " WHERE username LIKE '$login' LOCK IN SHARE MODE;";
	+ $sql = "SELECT COUNT(*) as is_used FROM " . TABLE_USERS . " WHERE username LIKE '$login' LOCK IN SHARE MODE;";
	if (!$result = $db->query($sql)) {
	message_die(SQL_ERROR, "Utilisateurs non parsable", '', __LINE__, __FILE__, $sql);
	}
	$row = $db->fetchRow($result);
	- return !$row[0];
	+ return !$row["is_used"];
	}

	/**
	* Gets username from specified e-mail
	*
	* @param string $mail the mail to search
	* @return string\|bool the username matching the mail if found ; otherwise, false.
	*/
	public static function get_username_from_email (DatabaseEngine $db, $mail) {
	$sql = "SELECT username FROM " . TABLE_USERS . " WHERE user_email LIKE '$mail' LOCK IN SHARE MODE;";
	if (!$result = $db->query($sql)) {
	message_die(SQL_ERROR, "Utilisateurs non parsable", '', __LINE__, __FILE__, $sql);
	}
	if ($row = $db->fetchRow($result)) {
	return $row['username'];
	}
	return false;
	}
	}
	diff --git a/Models/Profile/ProfileComment.php b/Models/Profile/ProfileComment.php
	index 40e7804..075e565 100644
	--- a/Models/Profile/ProfileComment.php
	+++ b/Models/Profile/ProfileComment.php
	@@ -1,156 +1,156 @@
	<?php

	/**
	* Profile comments class
	*
	* Zed. The immensity of stars. The HyperShip. The people.
	*
	* (c) 2010, Dereckson, some rights reserved.
	* Released under BSD license.
	*
	* 0.1 2010-01-03 01:02 Autogenerated by Pluton Scaffolding
	*
	* @package Zed
	* @subpackage Model
	* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
	* @copyright 2010 Sébastien Santoro aka Dereckson
	* @license http://www.opensource.org/licenses/bsd-license.php BSD
	* @version 0.1
	* @link http://scherzo.dereckson.be/doc/zed
	* @link http://zed.dereckson.be/
	* @filesource
	*/

	namespace Zed\Models\Profile;

	use Keruald\Database\DatabaseEngine;
	use Zed\Models\Base\Entity;
	use Zed\Models\Base\WithDatabase;

	/**
	* Profile comments class
	*
	* This class maps the profiles_comments table.
	*/
	class ProfileComment extends Entity {

	use WithDatabase;

	///
	/// Properties
	///

	public $id;
	public $perso_id;
	public $author;
	public $authorname; //should be read-only
	public $date;
	public $text;

	public string $lastError = "";

	/**
	* Initializes a new instance of the ProfileComment class
	*
	* @param int $id the comment ID
	*/
	function __construct (DatabaseEngine $db, $id = '') {
	$this->setDatabase($db);

	if ($id) {
	$this->id = $id;
	$this->load_from_database();
	} else {
	$this->date = time();
	}
	}

	/**
	* Loads the object comment (ie fill the properties) from the $_POST array
	*/
	function load_from_form () {
	if (array_key_exists('perso_id', $_POST)) {
	$this->perso_id = $_POST['perso_id'];
	}
	if (array_key_exists('author', $_POST)) {
	$this->author = $_POST['author'];
	}
	if (array_key_exists('date', $_POST)) {
	$this->date = $_POST['date'];
	}
	if (array_key_exists('text', $_POST)) {
	$this->text = $_POST['text'];
	}
	}

	/**
	* Loads the object comment (ie fill the properties) from the database
	*/
	function load_from_database (): bool {
	$db = $this->getDatabase();

	$id = $db->escape($this->id);
	$sql = "SELECT c.*, p.perso_name as author FROM " . TABLE_PROFILES_COMMENTS . " c, " . TABLE_PERSOS . " p WHERE c.comment_id = '$id' AND p.perso_id = c.comment_author";
	if (!($result = $db->query($sql))) {
	message_die(SQL_ERROR, "Unable to query azhar_profiles_comments", '', __LINE__, __FILE__, $sql);
	}
	if (!$row = $db->fetchRow($result)) {
	$this->lastError = "comment unknown: " . $this->id;
	return false;
	}
	$this->perso_id = $row['perso_id'];
	$this->author = $row['comment_author'];
	$this->authorname = $row['author'];
	$this->date = $row['comment_date'];
	$this->text = $row['comment_text'];
	return true;
	}

	/**
	* Saves the object to the database
	*/
	function save_to_database (): void {
	$db = $this->getDatabase();

	$id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
	$perso_id = $db->escape($this->perso_id);
	$author = $db->escape($this->author);
	$date = $db->escape($this->date);
	$text = $db->escape($this->text);

	$sql = "REPLACE INTO " . TABLE_PROFILES_COMMENTS . " (`comment_id`, `perso_id`, `comment_author`, `comment_date`, `comment_text`) VALUES ($id, '$perso_id', '$author', '$date', '$text')";
	if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
	}
	if (!$id) {
	//Gets new record id value
	$this->id = $db->nextId();
	}
	}

	/**
	* Publishes the comment
	* @todo Add events on publish
	*/
	function publish () {
	$this->save_to_database();
	}

	/**
	* Gets comments
	*
	* @param int $perso_id The Perso ID
	*/
	static function get_comments (DatabaseEngine $db, $perso_id) {
	$sql = "SELECT comment_id FROM " . TABLE_PROFILES_COMMENTS . " WHERE perso_id = " . $db->escape($perso_id);
	if (!$result = $db->query($sql)) {
	message_die(SQL_ERROR, "Unable to get comments", '', __LINE__, __FILE__, $sql);
	}

	$comments = [];
	while ($row = $db->fetchRow($result)) {
	- $comments[] = new ProfileComment($db, $row[0]);
	+ $comments[] = new ProfileComment($db, $row["comment_id"]);
	}
	return $comments;
	}
	}
	diff --git a/Models/Profile/ProfilePhoto.php b/Models/Profile/ProfilePhoto.php
	index ae25f33..d13f2e0 100644
	--- a/Models/Profile/ProfilePhoto.php
	+++ b/Models/Profile/ProfilePhoto.php
	@@ -1,225 +1,225 @@
	<?php

	/**
	* Profile photo class
	*
	* Zed. The immensity of stars. The HyperShip. The people.
	*
	* (c) 2010, Dereckson, some rights reserved.
	* Released under BSD license.
	*
	* 0.1 2010-01-03 21:00 Autogenerated by Pluton Scaffolding
	* 0.2 2010-02-02 00:52 Thumbnail ImageMagick generation code
	*
	* @package Zed
	* @subpackage Model
	* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
	* @copyright 2010 Sébastien Santoro aka Dereckson
	* @license http://www.opensource.org/licenses/bsd-license.php BSD
	* @version 0.1
	* @link http://scherzo.dereckson.be/doc/zed
	* @link http://zed.dereckson.be/
	* @filesource
	*/

	namespace Zed\Models\Profile;

	use Keruald\Database\DatabaseEngine;
	use Zed\Models\Base\Entity;
	use Zed\Models\Objects\Perso;

	/**
	* Profile photo class
	*
	* This class maps the profile_photos table.
	*
	* It also provides helper methods to handle avatars or get all the photos
	* from a specified perso.
	*/
	class ProfilePhoto extends Entity {

	public $id;
	public $perso_id;
	public $name;
	public $description;
	public $avatar;

	public string $lastError = "";

	/**
	* Initializes a new instance of the ProfilePhoto class
	*/
	function __construct (DatabaseEngine $db, $id = '') {
	$this->setDatabase($db);

	if ($id) {
	$this->id = $id;
	$this->load_from_database();
	}
	}

	/**
	* Loads the object photo (ie fill the properties) from the $_POST array
	*
	* @param bool $readBoolean if false, don't read the bool avatar field to avoid to set by error false if the field weren't in the form.
	*/
	function load_from_form ($readBoolean = true) {
	if (array_key_exists('perso_id', $_POST)) {
	$this->perso_id = $_POST['perso_id'];
	}
	if (array_key_exists('name', $_POST)) {
	$this->name = $_POST['name'];
	}
	if (array_key_exists('description', $_POST)) {
	$this->description = $_POST['description'];
	}
	if ($readBoolean) {
	$this->avatar = (bool)$_POST['avatar'];
	}
	}

	/**
	* Loads the object photo (ie fill the properties) from the database
	*/
	function load_from_database () : bool {
	$db = $this->getDatabase();

	$id = $db->escape($this->id);
	$sql = "SELECT * FROM " . TABLE_PROFILES_PHOTOS . " WHERE photo_id = '" . $id . "'";
	if (!($result = $db->query($sql))) {
	message_die(SQL_ERROR, "Unable to query azhar_profiles_photos", '', __LINE__, __FILE__, $sql);
	}
	if (!$row = $db->fetchRow($result)) {
	$this->lastError = "photo unknown: " . $this->id;
	return false;
	}
	$this->perso_id = $row['perso_id'];
	$this->name = $row['photo_name'];
	$this->description = $row['photo_description'];
	$this->avatar = $row['photo_avatar'];
	return true;
	}

	/**
	* Promotes the photo to avatar
	*/
	function promote_to_avatar () {
	$db = $this->getDatabase();

	//1 - locally
	$sql = "UPDATE " . TABLE_PROFILES_PHOTOS . " SET photo_avatar = 0 WHERE perso_id = " . $this->perso_id;
	$db->queryScalar($sql);
	$this->avatar = true;

	//2 - in perso table
	$perso = Perso::get($db, $this->perso_id);
	$perso->avatar = $this->name;
	$perso->save_to_database();
	}

	/**
	* Saves the object to the database
	*/
	function save_to_database () : void {
	$db = $this->getDatabase();

	//Escapes fields
	$id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
	$perso_id = $db->escape($this->perso_id);
	$name = $db->escape($this->name);
	$description = $db->escape($this->description);
	$avatar = $this->avatar ? 1 : 0;

	//Saves
	$sql = "REPLACE INTO " . TABLE_PROFILES_PHOTOS . " (`photo_id`, `perso_id`, `photo_name`, `photo_description`, `photo_avatar`) VALUES ($id, '$perso_id', '$name', '$description', $avatar)";
	if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
	}
	if (!$id) {
	//Gets new record id value
	$this->id = $db->nextId();
	}
	}

	/**
	* Deletes the photo
	*/
	function delete () {
	$db = $this->getDatabase();

	//Deletes from disk
	$pic_tn = PHOTOS_DIR . '/' . $this->name;
	$pic_genuine = PHOTOS_DIR . '/tn/' . $this->name;
	unlink($pic_tn);
	unlink($pic_genuine);

	//Deletes from database
	$id = $db->escape($this->id);
	$sql = "DELETE FROM " . TABLE_PROFILES_PHOTOS . " WHERE photo_id = '$id' LIMIT 1";
	if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Can't delete photo", '', __LINE__, __FILE__, $sql);
	}
	}

	/**
	* Generates a thumbnail using ImageMagick binary
	*
	* @return boolean true if the thumbnail command returns 0 as program exit code ; otherwise, false
	*/
	function generate_thumbnail () {
	global $Config;
	$sourceFile = PHOTOS_DIR . DIRECTORY_SEPARATOR . $this->name;
	$thumbnailFile = PHOTOS_DIR . DIRECTORY_SEPARATOR . 'tn' . DIRECTORY_SEPARATOR . $this->name;
	$command = $Config['ImageMagick']['convert'] . " $sourceFile -resize 1000x80 $thumbnailFile";
	@system($command, $code);
	return ($code == 0);
	}

	/**
	* Gets photos from the specified perso
	*
	* @param int $perso_id the perso ID
	* @param bool $allowUnsafe if false, don't include not safe for work photos
	* @return ProfilePhoto[]
	*/
	static function get_photos (DatabaseEngine $db, $perso_id, $allowUnsafe = true): array {
	$sql = "SELECT photo_id FROM " . TABLE_PROFILES_PHOTOS . " WHERE perso_id = " . $db->escape($perso_id);
	if (!$allowUnsafe) {
	$sql .= " AND photo_safe = 0";
	}
	if (!$result = $db->query($sql)) {
	message_die(SQL_ERROR, "Unable to get photos", '', __LINE__, __FILE__, $sql);
	}

	$photos = [];
	while ($row = $db->fetchRow($result)) {
	- $photos[] = new ProfilePhoto($row[0]);
	+ $photos[] = new ProfilePhoto($db, $row["photo_id"]);
	}
	return $photos;
	}

	/**
	* Gets perso avatar
	*
	* @param integer $perso_id the perso to get the avatar ID
	* @param string $username the username to put in title tag
	*/
	static function get_avatar (DatabaseEngine $db, $perso_id, $username = '') {
	$perso_id = $db->escape($perso_id);

	$sql = "SELECT photo_description, photo_name FROM " . TABLE_PROFILES_PHOTOS . " WHERE perso_id = '$perso_id' and photo_avatar = 1";
	if (!$result = $db->query($sql)) {
	message_die(SQL_ERROR, "Unable to get avatar", '', __LINE__, __FILE__, $sql);
	}
	if ($row = $db->fetchRow($result)) {
	if (!$username) {
	$username = get_name($perso_id);
	}
	$description = $row['photo_description'] ? "$row[photo_description] ($username's avatar)" : "$username's avatar";
	$url = PHOTOS_URL . '/tn/' . $row['photo_name'];
	return "<img src=\"$url\" title=\"$username\" alt=\"$description\" />";
	} else {
	return null;
	}
	}
	}
	diff --git a/controllers/page.php b/controllers/page.php
	index a6deb55..dfa8f31 100644
	--- a/controllers/page.php
	+++ b/controllers/page.php
	@@ -1,137 +1,137 @@
	<?php

	/**
	* Page

	* Zed. The immensity of stars. The HyperShip. The people.
	*
	* (c) 2010, Dereckson, some rights reserved.
	* Released under BSD license.
	*
	* This controller handle the /page URL.
	*
	* It allows to prints a content page.
	*
	* The code of the content page to print must be included in the URL:
	* /page/quux will print the quux page.
	*
	* To edit a page, append ?mode=edit to the URL.
	*
	* It uses the page_edit.tpl view to edit and the raw.tpl view to print pages.
	*
	* Versions of the edited pages are saved in a separate table
	* but it's not a wiki, it's for backup purposes.
	*
	* @package Zed
	* @subpackage Controllers
	* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
	* @copyright 2010 Sébastien Santoro aka Dereckson
	* @license http://www.opensource.org/licenses/bsd-license.php BSD
	* @version 0.1
	* @link http://scherzo.dereckson.be/doc/zed
	* @link http://zed.dereckson.be/
	* @filesource
	*
	* @todo move "handle editor form" and some of the "gets page" code to a includes/objects/page.php file (rationale: cleaner model/controller separation)
	*/

	if (!$code = $db->escape($url[1])) {
	message_die(HACK_ERROR, "/page/ must be followed by page code");
	}

	//
	// Handles editor form
	//

	if ($_POST['code']) {
	//Ask flag admin.pages.editor
	$CurrentPerso->request_flag('admin.pages.editor');

	//Gets version
	- $sql = "SELECT MAX(page_version) + 1 FROM " . TABLE_PAGES_EDITS .
	+ $sql = "SELECT MAX(page_version) + 1 as new_version FROM " . TABLE_PAGES_EDITS .
	" WHERE page_code = '$code'";
	if (!$result = $db->query($sql)) {
	message_die(SQL_ERROR, "Can't fetch pages", '', __LINE__, __FILE__, $sql);
	}
	$row = $db->fetchRow($result);
	- $page_version = ($row[0] == "") ? 0 : $row[0];
	+ $page_version = ($row["new_version"] == "") ? 0 : $row["new_version"];

	//Gets other fields
	$page_code = $db->escape($code);
	$page_title = $db->escape($_POST['title']);
	$page_content = $db->escape($_POST['content']);
	$page_edit_reason = $db->escape($_POST['edit_reason']);
	$page_edit_user_id = $CurrentPerso->user_id;
	$page_edit_time = time();

	//Saves archive version
	$sql = "INSERT INTO " . TABLE_PAGES_EDITS . " (`page_code`, `page_version`, `page_title`, `page_content`, `page_edit_reason`, `page_edit_user_id`, `page_edit_time`) VALUES ('$page_code', '$page_version', '$page_title', '$page_content', '$page_edit_reason', '$page_edit_user_id', '$page_edit_time')";
	if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Can't save page", '', __LINE__, __FILE__, $sql);
	}

	//Saves prod version
	$sql = "REPLACE INTO " . TABLE_PAGES . " (`page_code`, `page_title`, `page_content`) VALUES ('$page_code', '$page_title', '$page_content')";
	if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Can't save page", '', __LINE__, __FILE__, $sql);
	}

	$smarty->assign('NOTIFY', "Page $page_code saved, version $page_version.");
	}

	//
	// Gets page
	//

	$sql = "SELECT page_title, page_content, page_code FROM " . TABLE_PAGES . " WHERE page_code LIKE '$code'";
	if ( !($result = $db->query($sql)) ) {
	message_die(SQL_ERROR, "Can't get pages", '', __LINE__, __FILE__, $sql);
	}
	$row = $db->fetchRow($result);

	switch ($_GET['mode']) {
	case 'edit':
	$CurrentPerso->request_flag('admin.pages.editor');
	$template = 'page_edit.tpl';
	if ($row) {
	$smarty->assign('PAGE_TITLE', $row['page_title']);
	$smarty->assign('page', $row);
	} else {
	$smarty->assign('PAGE_TITLE', $code);
	$page['page_code'] = $code;
	$smarty->assign('page', $page);
	unset($page);
	}
	$smarty->assign('PAGE_JS', 'FCKeditor/fckeditor.js');
	break;

	default:
	if ($row) {
	$smarty->assign('PAGE_TITLE', $row['page_title']);
	$content = $row['page_content'];
	} else {
	$smarty->assign('PAGE_TITLE', lang_get('PageNotFound'));
	$content = lang_get('PageNotFound');
	}

	//Adds edit link
	if ($CurrentPerso->flags['admin.pages.editor']) {
	$content .= '<p class="info" style="text-align: right">[ <a href="?mode=edit">Edit page</a> ]</p>';
	}
	$template = 'raw.tpl';
	$smarty->assign('CONTENT', $content);
	break;
	}

	//
	// HTML output
	//

	//Serves header
	include('header.php');

	//Serves content
	$smarty->display($template);

	//Serves footer
	include('footer.php');
	diff --git a/dev/quux.php b/dev/quux.php
	index 29fcf22..9533f72 100644
	--- a/dev/quux.php
	+++ b/dev/quux.php
	@@ -1,163 +1,163 @@
	<?php

	use Hypership\Geo\PointPolarZ;
	use Zed\Models\Geo\Galaxy;
	use Zed\Models\Geo\Port;
	use Zed\Models\Geo\SceneIndex;
	use Zed\Models\Objects\Application;
	use Zed\Models\Objects\Content;
	use Zed\Models\Objects\Invite;
	use Zed\Models\Messages\Message;
	use Zed\Models\Objects\Perso;

	require_once('includes/cache/cache.php');

	$case = 'YubiCloud';

	$smarty->assign('PAGE_TITLE', "Quux [$case]");
	include('controllers/header.php');

	switch ($case) {
	case 'YubiCloud':
	require_once('Auth/Yubico.php');
	echo '<h2>YubiKey</h2>';
	if (!array_key_exists('YubiCloud', $Config)) {
	message_die(GENERAL_ERROR, "YubiCloud authentication not configured. Add \$Config['YubiCloud']['ClientID'] and \$Config['YubiCloud']['SecretKey'] to your config.");
	}
	if (!$key = $_GET['OTP']) {
	message_die(GENERAL_ERROR, "Please add in URL ?OTP=, then put your cursor at right of the = and press your YubiKey button");
	}
	$yubi = new Auth_Yubico($Config['YubiCloud']['ClientID'], $Config['YubiCloud']['SecretKey']);
	if (!$data = $yubi->parsePasswordOTP($key)) {
	message_die(GENERAL_ERROR, "This is not an YubiKey OTP.");
	}
	$prefix = $data['prefix'];
	$auth = $yubi->verify($key);
	if (@PEAR::isError($auth)) {
	if ($auth->getMessage() == 'REPLAYED_OTP') {
	message_die("This OTP has already been used.");
	}
	message_die(HACK_ERROR, "<p>Authentication failed: " . $auth->getMessage() . "</p><p>Debug: " . $yubi->getLastResponse() . "</p>");
	} else {
	print "<p>You are authenticated!</p>";
	}
	break;

	case 'PointPolarZ':
	echo "<H2>PointPolarZ</H2>";
	$point = PointPolarZ::fromString("(48, 30°, 3)");
	printf("Secteur T%dC%d", $point->getSection(), $point->z);
	dprint_r($point);
	break;

	case 'index_scenes':
	$time[] = microtime();
	$cache = Cache::load();
	if ($index = $cache->get('SceneIndex')) {
	$index = unserialize($index);
	} else {
	$index = SceneIndex::Load(SCENE_DIR);
	$cache->set('SceneIndex', serialize($index));
	}
	$time[] = microtime();
	echo '<H2>SceneIndex</H2>';
	dprint_r($index);
	echo '<H2>Time (ms)</H2>';
	dprint_r(1000 * ($time[1] - $time[0]));
	dprint_r($time);
	break;

	case 'travel':
	require_once('includes/travel/travel.php');
	$travel = Travel::load();
	dieprint_r($travel);
	break;

	case 'spherical':
	echo '<H2>Spherical coordinates test</H2>';
	echo '<table cellpadding=8>';
	echo "<tr><th>Name</th><th>Type</th><th>Cartesian coords</th><th>Spherical I</th><th>Spherical II</th><th>Pencil coordinates</th></tr>";
	$objects = Galaxy::getCoordinates($db);
	foreach ($objects as $row) {
	- echo "<tr><th style='text-align: left'>$row[0]</th><td>$row[1]</td><td>$row[2]</td>";
	- $pt = $row[2];
	+ echo "<tr><th style='text-align: left'>$row[object_name]</th><td>$row[object_type]</td><td>$row[object_location]</td>";
	+ $pt = $row["object_location"];
	echo '<td>(', implode(', ', $pt->toSpherical()), ')</td>';
	echo '<td>(', implode(', ', $pt->toSphericalAlternative()), ')</td>';
	$pt->translate(500, 300, 200, 2);
	echo '<td>', $pt, '</td>';
	echo '</tr>';
	}
	echo '</table>';
	break;

	case 'travel':
	require_once('includes/travel/travel.php');
	require_once('includes/travel/place.php');

	$cache = Cache::load();
	$travel = $cache->get('zed_travel');
	if ($travel == '') {
	$travel_nocached = new Travel();
	$travel_nocached->load_xml("content/travel.xml");
	$cache->set('zed_travel', serialize($travel_nocached));
	} else {
	$travel = unserialize($travel);
	}
	dieprint_r($travel);
	break;

	case 'perso.create.notify':
	$testperso = Perso::get($db, 4733);
	$message = new Message($db);
	$message->setAsSystem();
	$message->to = invite::who_invited($db, $testperso);
	$url = get_server_url() . get_url('who', $testperso->nickname);
	$message->text = sprintf(lang_get('InvitePersoCreated'), $testperso->name, $url);
	$message->send();
	dieprint_r($message);
	break;

	case 'pushdata';
	echo '
	<h2>/api.php/app/pushdata</h2>
	<form method="post" action="/api.php/app/pushdata?mode=file&key=37d839ba-f9fc-42ca-a3e8-28053e979b90" enctype="multipart/form-data">
	<input type="file" name="datafile" /><br />
	<input type="submit" value="Send file" />
	</form>
	';
	break;

	case 'thumbnail':
	$content = new Content($db, 1);
	dprint_r($content);
	$content->generate_thumbnail();
	break;

	case 'port':
	echo '<h2>Port::from_location test</h2>';
	$locations = array("B00002", "B00002123", "B00001001", "xyz: [800, 42, 220]");
	foreach ($locations as $location) {
	dprint_r(Port::from_location($db, $location));
	}
	break;

	case 'ext':
	$file = 'dev/foo.tar';
	echo "<h2>$file</h2>";
	echo "<h3>.tar.bz2</h3>";
	echo preg_match('/\.tar\.bz2$/', $file);
	echo "<h3>.tar</h3>";
	echo preg_match('/\.tar$/', $file);
	break;

	case 'app':
	echo Application::from_api_key($db, "37d839ba-f9fc-42ca-a3e8-28053e979b90")
	->generate_userkey($CurrentPerso);
	break;

	case '':
	dieprint_r("No case currently selected.");
	break;
	}

	include('controllers/footer.php');
	diff --git a/includes/sessions.php b/includes/sessions.php
	index 14bbcaf..7291127 100644
	--- a/includes/sessions.php
	+++ b/includes/sessions.php
	@@ -1,162 +1,162 @@
	<?php

	/**
	* Sessions
	*
	* Zed. The immensity of stars. The HyperShip. The people.
	*
	* (c) 2010, Dereckson, some rights reserved.
	* Released under BSD license.
	*
	* This file provides functions to manage sessions. It's not currently properly
	* documented, as it's a temporary old session file, which will be updated soon.
	*
	* @package Zed
	* @subpackage Keruald
	* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
	* @copyright 2010 Sébastien Santoro aka Dereckson
	* @license http://www.opensource.org/licenses/bsd-license.php BSD
	* @version 0.1
	* @link http://scherzo.dereckson.be/doc/zed
	* @link http://zed.dereckson.be/
	* @filesource
	*
	* @todo Replaces this code by the unified Keruald session class.
	*/

	use Keruald\OmniTools\Identifiers\Random;
	use Zed\Models\Objects\User;

	function session_update () {
	global $db, $IP, $Config;
	//Nettoyage de la session
	/* Initialisation */
	$time_online = 5 * 60; // Temps après lequel l'utilisateur n'est plus considéré comme online
	$time_session = 2 * 60 * 60; // Durée de vie de la session

	$heureActuelle = time(); //Timestamp UNIX et non MySQL

	/* On fait le ménage */
	$sql = "UPDATE " . TABLE_SESSIONS . " SET online=0 WHERE HeureLimite < $heureActuelle";
	if (!$db->query($sql)) {
	message_die(SQL_ERROR, 'Impossible de mettre à jour les sessions (utilisateurs offline)', '', __LINE__, __FILE__, $sql);
	}

	$sql = "DELETE FROM " . TABLE_SESSIONS . " WHERE SessionLimite < $heureActuelle";
	if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Impossible d'effacer les sessions expirées", '', __LINE__, __FILE__, $sql);
	}

	/* Création / mise à jour de la session utilisateur */
	if (!$_SESSION['ID']) {
	$_SESSION['ID'] = Random::generateHexHash();
	}

	$sql = "SELECT * FROM " . TABLE_SESSIONS . " WHERE session_id LIKE '$_SESSION[ID]'";
	if ( !($result = $db->query($sql)) ) {
	message_die(SQL_ERROR, "Problème critique avec les sessions.", '', __LINE__, __FILE__, $sql);
	}

	if ($result->numRows() === 0) {
	$sql = "INSERT INTO " . TABLE_SESSIONS . " (IP, session_id, `Where`, HeureLimite, SessionLimite) VALUES ('$IP', '$_SESSION[ID]', $Config[ResourceID], $heureActuelle + $time_online, $heureActuelle + $time_session)";
	if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Impossible de créer une nouvelle session", '', __LINE__, __FILE__, $sql);
	}
	} else {
	$sql = "UPDATE " . TABLE_SESSIONS . " SET online=1, HeureLimite = $heureActuelle + $time_online, SessionLimite= $heureActuelle + $time_session WHERE session_id = '$_SESSION[ID]'";
	if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Impossible de mettre à jour la session", '', __LINE__, __FILE__, $sql);
	}
	}
	}

	function nbc () {
	//Renvoi du nombre d'usagers connectés
	global $db, $Config;
	- $sql = "SELECT count(*) FROM " . TABLE_SESSIONS . " WHERE online=1 AND `Where` = $Config[ResourceID]";
	+ $sql = "SELECT count(*) as count FROM " . TABLE_SESSIONS . " WHERE online=1 AND `Where` = $Config[ResourceID]";
	if ( !($result = $db->query($sql)) ) {
	message_die(SQL_ERROR, "Impossible d'obtenir le nombre d'utilisateurs connectés sur le site web", '', __LINE__, __FILE__, $sql);
	}
	$row = $db->fetchRow($result);
	- return $row[0];
	+ return $row["count"];
	}

	function get_info ($info) {
	//Renvoie une variable de la session
	global $db;
	$sql = "SELECT $info FROM " . TABLE_SESSIONS . " WHERE session_id LIKE '$_SESSION[ID]'";
	if ( !($result = $db->query($sql)) ) {
	message_die(SQL_ERROR, "Impossible d'obtenir $info", '', __LINE__, __FILE__, $sql);
	}
	$row = $db->fetchRow($result);
	return $row[$info];
	}

	function get_logged_user () {
	//Renvoie toutes les informations d'un utilisateur
	global $db;
	$sql = "SELECT * FROM " . TABLE_SESSIONS . " WHERE session_id LIKE '$_SESSION[ID]'";
	if ( !($result = $db->query($sql)) ) {
	message_die(SQL_ERROR, "Impossible d'obtenir les informations de l'utilisateur", '', __LINE__, __FILE__, $sql);
	}
	$row = $db->fetchRow($result);

	$user = User::get($db, $row['user_id']);

	$user->session = $row;

	return $user;
	}

	function set_info ($info, $value) {
	//Définit une variable session
	global $db;
	$value = ($value === null) ? 'NULL' : "'" . $db->escape($value) . "'";
	$sql = "UPDATE " . TABLE_SESSIONS . " SET $info = $value WHERE session_id LIKE '$_SESSION[ID]'";
	if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Impossible de définir $info", '', __LINE__, __FILE__, $sql);
	}
	}

	/**
	* Destroys $_SESSION array values, help ID
	*/
	function clean_session () {
	foreach ($_SESSION as $key => $value) {
	if ($key != 'ID') {
	unset($_SESSION[$key]);
	}
	}
	}


	/**
	* Logs in user
	*/

	function login ($user_id, $username) {
	global $db;
	$sql = "UPDATE " . TABLE_SESSIONS . " SET user_id = '$user_id' WHERE session_id LIKE '$_SESSION[ID]'";
	if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Impossible de procéder à la connexion", '', __LINE__, __FILE__, $sql);
	}

	//We send a cookie to print automatically the last username on the login
	//page during 30 days.
	if ($username) {
	setcookie("LastUsername", $username, time() + 2592000);
	}
	}

	/**
	* Logs out user
	*/
	function logout () {
	//Anonymous user in session table
	global $db;
	$sql = "UPDATE " . TABLE_SESSIONS . " SET user_id = '-1', perso_id = NULL WHERE session_id LIKE '$_SESSION[ID]'";
	if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Impossible de procéder à la déconnexion", '', __LINE__, __FILE__, $sql);
	}
	clean_session();
	}

File Metadata

Mime Type: text/x-diff
Expires: Sat, Nov 23, 09:47 (1 d, 6 h ago)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 20743
Default Alt Text: (84 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions