From 0d8f704cd8038b7b4f16dd840a6db99c6b01ff21 Mon Sep 17 00:00:00 2001
From: dave <dave>
Date: Fri, 16 Nov 2007 22:19:58 +0000
Subject: [PATCH] - remember when a full load on a user is done - user
 mysql_escape_string on all fields before saving (oops!) :) - add a committee
 login function to set SESSION variables.

---
 user.inc.php | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/user.inc.php b/user.inc.php
index 643ece1..d2c5ac3 100644
--- a/user.inc.php
+++ b/user.inc.php
@@ -165,7 +165,11 @@ function user_load($user, $load_full=false, $force_type=false)
 			}
 			$ret = array_merge($ret, $r);
 		}
+		$ret['load_full'] = true;
+	} else {
+		$ret['load_full'] = false;
 	}
+
 	/* Do this assignment without recursion :) */
 	$orig = $ret;
 	$ret['orig'] = $orig;
@@ -190,7 +194,8 @@ function user_save($u)
 //		if($f == 'types') 
 //			$set .= "$f='".implode(',', $u[$f])."'";
 
-		$set .= "$f='{$u[$f]}'";
+		$data = mysql_escape_string(stripslashes($u[$f]));
+		$set .= "$f='$data'";
 	}
 	//echo "<pre>";
 	//print_r($u);
@@ -341,3 +346,17 @@ function user_update_complete(&$u, $status)
 		return;
 	}
 }
+
+function user_committee_login($u)
+{
+	/* Double check, make sure the user is of this type */
+	if(!in_array('committee', $u['types'])) return false;
+
+	$u = user_load($u, true);
+
+	$_SESSION['access_admin'] = ($u['access_admin'] == 'Y') ? true : false;
+	$_SESSION['access_config'] = ($u['access_config'] == 'Y') ? true : false;
+	$_SESSION['access_super'] = ($u['access_super'] == 'Y') ? true : false;
+}
+
+