diff --git a/includes/config.php b/includes/config.php --- a/includes/config.php +++ b/includes/config.php @@ -1,144 +1,144 @@ - \ No newline at end of file + diff --git a/includes/core.php b/includes/core.php --- a/includes/core.php +++ b/includes/core.php @@ -1,310 +1,310 @@ -sql_escape($user_id); - $sql = 'SELECT username FROM '. TABLE_USERS . " WHERE user_id = '$userid'"; - return $db->sql_query_express($sql, "Can't get username from specified user id"); -} - -/* - * Gets the user id matching specified username - * @param string $username the username - * @return string the user ID - */ -function get_userid ($username) { - global $db; - - $username = $db->sql_escape($username); - $sql = 'SELECT user_id FROM '. TABLE_USERS . " WHERE username LIKE '$username'"; - return $db->sql_query_express($sql, "Can't get user id from specified username"); -} - -//////////////////////////////////////////////////////////////////////////////// -/// /// -/// Misc helper functions /// -/// /// -//////////////////////////////////////////////////////////////////////////////// - -//Plural management - -/* - * Gets a "s" if the specified amount requests the plural - * @param mixed $amount the quantity (should be numeric) - * @return string 's' if the amount is greater or equal than 2 ; otherwise, '' - */ -function s ($amount) { - if ($amount >= 2 || $amount <= -2 ) return 's'; -} - -/* - * Prints human-readable information about a variable, wrapped in a 
 block
- * @param mixed $mixed the variable to dump
- */
-function dprint_r ($mixed) {
-	echo '
';
-    print_r($mixed);
-    echo '
';
-}
-
-/*
- * Generates a new GUID
- * @return string a guid (without {})
- */
-function new_guid () {  
-	//The guid chars
-    $chars = explode(',', 'a,b,c,d,e,f,0,1,2,3,4,5,6,7,8,9');
-    
-    //Let's build our 36 characters string
-    //e.g. 68ed40c6-f5bb-4a4a-8659-3adf23536b75
-	$guid = "";
-	for ($i = 0 ; $i < 36 ; $i++) {
-        if ($i == 8 || $i == 13 || $i == 18 || $i == 23) {
-            //Dashes at position 9, 14, 19 and 24
-            $guid .= "-";
-		} else {
-            //0-f hex digit elsewhere
-			$guid .= $chars[mt_rand() % sizeof($characters)];
-		}
-	}
-	return $guid;
-}
-
-/*
- * Determines if the expression is a valid guid (in uuid notation, without {})
- * @param string $expression the guid to check
- * @return true if the expression is a valid guid ; otherwise, false
- */
-function is_guid ($expression) {
-    //We avoid regexp to speed up the check
-    //A guid is a 36 characters string
-    if (strlen($expression) != 36) return false;
-    
-    $expression = strtolower($expression);
-	for ($i = 0 ; $i < 36 ; $i++) {
-		if ($i == 8 || $i == 13 || $i == 18 || $i == 23) {
-			//with dashes
-			if ($expression[$i] != '-') return false;
-		} else {
-		    //and hex numbers
-			if (!is_numeric($expression[$i]) && $expression[$i] != 'a' && $expression[$i] != 'b' && $expression[$i] != 'c' && $expression[$i] != 'd' && $expression[$i] != 'e' && $expression[$i] != 'f' ) return false;
-		}
-	}
-    return true;
-}
-
-/*
- * Gets file extension
- * @param string $file the file to get the extension
- */
-function get_extension ($file) {
-    $dotPosition = strrpos($file, ".");
-    return substr($file, $dotPosition + 1);
-}
-
-/*
- * Determines if a string starts with specified substring
- * @param string $haystack the string to check
- * @param string $needle the substring to determines if it's the start
- * @param boolean $case_sensitive determines if the search must be case sensitive
- * @return boolean true if $haystack starts with $needle ; otherwise, false.
- */
-function string_starts_with ($haystack, $needle, $case_sensitive = true) {
-    if (!$case_sensitive) {
-        $haystack = strtoupper($haystack);
-        $needle = strtoupper($needle);
-    }
-    if ($haystack == $needle) return true;
-    return strpos($haystack, $needle) === 0;
-}
-
-////////////////////////////////////////////////////////////////////////////////
-///                                                                          ///
-/// URL helpers functions                                                    ///
-///                                                                          ///
-////////////////////////////////////////////////////////////////////////////////
-
-/*
- * Gets URL
- * @return string URL
- */
-function get_url () {
-    global $Config;
-    if (func_num_args() > 0) {
-        $pieces = func_get_args();
-        return $Config['BaseURL'] . '/' . implode('/', $pieces);
-    } elseif ($Config['BaseURL'] == "" || $Config['BaseURL'] == "/index.php") {
-        return "/";
-    } else {
-        return $Config['BaseURL'];
-    }
-}
-
-/*
- * Gets page URL
- * @return string URL
- */
-function get_page_url () {
-    $url = $_SERVER['SCRIPT_NAME'] . $_SERVER['PATH_INFO'];
-    if (substr($url, -10) == "/index.php") {
-        return substr($url, 0, -9);
-    }
-    return $url;
-}
-
-/*
- * Gets server URL
- * @todo find a way to detect https:// on non standard port
- * @return string the server URL
- */
-function get_server_url () {
-	switch ($port = $_SERVER['SERVER_PORT']) {
-		case '80':
-            return "http://$_SERVER[SERVER_NAME]";
-        
-        case '443':
-            return "https://$_SERVER[SERVER_NAME]";
-        
-        default:
-            return "http://$_SERVER[SERVER_NAME]:$_SERVER[SERVER_PORT]";
-	}
-}
-
-/*
- * Gets $_SERVER['PATH_INFO'] or computes the equivalent if not defined.
- * @return string the relevant URL part
- */
-function get_current_url () {
-    global $Config;
-            
-    //Gets relevant URL part from relevant $_SERVER variables
-    if (array_key_exists('PATH_INFO', $_SERVER)) {
-        //Without mod_rewrite, and url like /index.php/controller
-        //we use PATH_INFO. It's the easiest case.
-        return $_SERVER["PATH_INFO"];
-    }
-    
-    //In other cases, we'll need to get the relevant part of the URL
-    $current_url = get_server_url() . $_SERVER['REQUEST_URI'];
-    
-    //Relevant URL part starts after the site URL
-    $len = strlen($Config['SiteURL']);
-    
-    //We need to assert it's the correct site
-    if (substr($current_url, 0, $len) != $Config['SiteURL']) {
-        dieprint_r(GENERAL_ERROR, "Edit includes/config.php and specify the correct site URL
Current value: $Config[SiteURL]
Expected value: a string starting by " . get_server_url(), "Setup");
-    }
-    
-    if (array_key_exists('REDIRECT_URL', $_SERVER)) {
-        //With mod_rewrite, we can use REDIRECT_URL
-        //We takes the end of the URL, ie *FROM* $len position
-        return substr(get_server_url() . $_SERVER["REDIRECT_URL"], $len);
-    }
-    
-    //Last possibility: use REQUEST_URI, but remove QUERY_STRING
-    //If you need to edit here, use $_SERVER['REQUEST_URI']
-    //but you need to discard $_SERVER['QUERY_STRING']
-       
-    //We takes the end of the URL, ie *FROM* $len position
-    $url = substr(get_server_url() . $_SERVER["REQUEST_URI"], $len);
-    
-    //But if there are a query string (?action=... we need to discard it)	
-    if ($_SERVER['QUERY_STRING']) {
-        return substr($url, 0, strlen($url) - strlen($_SERVER['QUERY_STRING']) - 1);
-    }
-    
-    return $url;
-}
-
-/*
- * Gets an array of url fragments to be processed by controller
- * @return array an array containing URL fragments
- */
-function get_current_url_fragments () {
-    $url_source = get_current_url();
-    if ($url_source == '/index.php') return array();
-    return explode('/', substr($url_source, 1));
-}
-
-////////////////////////////////////////////////////////////////////////////////
-///                                                                          ///
-/// URL xmlHttpRequest helpers functions                                     ///
-///                                                                          ///
-////////////////////////////////////////////////////////////////////////////////
-
-/*
- * Gets an hash value to check the integrity of URLs in /do.php calls
- * @param Array $args the args to compute the hash
- * @return the hash paramater for your xmlHttpRequest url
- */
-function get_xhr_hash ($args) {
-    global $Config;
-    
-    array_shift($args);
-    return md5($_SESSION['ID'] . $Config['SecretKey'] . implode('', $args));
-}
-
-/*
- * Gets the URL to call do.php, the xmlHttpRequest controller
- * @return string the xmlHttpRequest url, with an integrity hash
- */
-function get_xhr_hashed_url () {   
-    global $Config;
-    
-    $args = func_get_args();
-    $args[] = get_xhr_hash($args);
-    return $Config['DoURL'] . '/' . implode('/', $args);
-}
-
-/*
- * Gets the URL to call do.php, the xmlHttpRequest controller
- * @return string the xmlHttpRequest url
- */
-function get_xhr_url () {
-    global $Config;
-    
-    $args = func_get_args();
-    return $Config['DoURL'] . '/' .implode('/', $args);
-}
-
-?>
\ No newline at end of file
+sql_escape($user_id);
+    $sql = 'SELECT username FROM '. TABLE_USERS . " WHERE user_id = '$userid'";
+	return $db->sql_query_express($sql, "Can't get username from specified user id");
+}
+
+/*
+ * Gets the user id matching specified username
+ * @param string $username the username 
+ * @return string the user ID
+ */
+function get_userid ($username) {
+	global $db;
+    
+	$username = $db->sql_escape($username);
+	$sql = 'SELECT user_id FROM '. TABLE_USERS . " WHERE username LIKE '$username'";
+    return $db->sql_query_express($sql, "Can't get user id from specified username");
+}
+
+////////////////////////////////////////////////////////////////////////////////
+///                                                                          ///
+/// Misc helper functions                                                    ///
+///                                                                          ///
+////////////////////////////////////////////////////////////////////////////////
+
+//Plural management
+
+/*
+ * Gets a "s" if the specified amount requests the plural
+ * @param mixed $amount the quantity (should be numeric)
+ * @return string 's' if the amount is greater or equal than 2 ; otherwise, ''
+ */
+function s ($amount) {
+	if ($amount >= 2 || $amount <= -2 ) return 's';
+}
+
+/*
+ * Prints human-readable information about a variable, wrapped in a 
 block
+ * @param mixed $mixed the variable to dump
+ */
+function dprint_r ($mixed) {
+	echo '
';
+    print_r($mixed);
+    echo '
';
+}
+
+/*
+ * Generates a new GUID
+ * @return string a guid (without {})
+ */
+function new_guid () {  
+	//The guid chars
+    $chars = explode(',', 'a,b,c,d,e,f,0,1,2,3,4,5,6,7,8,9');
+    
+    //Let's build our 36 characters string
+    //e.g. 68ed40c6-f5bb-4a4a-8659-3adf23536b75
+	$guid = "";
+	for ($i = 0 ; $i < 36 ; $i++) {
+        if ($i == 8 || $i == 13 || $i == 18 || $i == 23) {
+            //Dashes at position 9, 14, 19 and 24
+            $guid .= "-";
+		} else {
+            //0-f hex digit elsewhere
+			$guid .= $chars[mt_rand() % sizeof($characters)];
+		}
+	}
+	return $guid;
+}
+
+/*
+ * Determines if the expression is a valid guid (in uuid notation, without {})
+ * @param string $expression the guid to check
+ * @return true if the expression is a valid guid ; otherwise, false
+ */
+function is_guid ($expression) {
+    //We avoid regexp to speed up the check
+    //A guid is a 36 characters string
+    if (strlen($expression) != 36) return false;
+    
+    $expression = strtolower($expression);
+	for ($i = 0 ; $i < 36 ; $i++) {
+		if ($i == 8 || $i == 13 || $i == 18 || $i == 23) {
+			//with dashes
+			if ($expression[$i] != '-') return false;
+		} else {
+		    //and hex numbers
+			if (!is_numeric($expression[$i]) && $expression[$i] != 'a' && $expression[$i] != 'b' && $expression[$i] != 'c' && $expression[$i] != 'd' && $expression[$i] != 'e' && $expression[$i] != 'f' ) return false;
+		}
+	}
+    return true;
+}
+
+/*
+ * Gets file extension
+ * @param string $file the file to get the extension
+ */
+function get_extension ($file) {
+    $dotPosition = strrpos($file, ".");
+    return substr($file, $dotPosition + 1);
+}
+
+/*
+ * Determines if a string starts with specified substring
+ * @param string $haystack the string to check
+ * @param string $needle the substring to determines if it's the start
+ * @param boolean $case_sensitive determines if the search must be case sensitive
+ * @return boolean true if $haystack starts with $needle ; otherwise, false.
+ */
+function string_starts_with ($haystack, $needle, $case_sensitive = true) {
+    if (!$case_sensitive) {
+        $haystack = strtoupper($haystack);
+        $needle = strtoupper($needle);
+    }
+    if ($haystack == $needle) return true;
+    return strpos($haystack, $needle) === 0;
+}
+
+////////////////////////////////////////////////////////////////////////////////
+///                                                                          ///
+/// URL helpers functions                                                    ///
+///                                                                          ///
+////////////////////////////////////////////////////////////////////////////////
+
+/*
+ * Gets URL
+ * @return string URL
+ */
+function get_url () {
+    global $Config;
+    if (func_num_args() > 0) {
+        $pieces = func_get_args();
+        return $Config['BaseURL'] . '/' . implode('/', $pieces);
+    } elseif ($Config['BaseURL'] == "" || $Config['BaseURL'] == "/index.php") {
+        return "/";
+    } else {
+        return $Config['BaseURL'];
+    }
+}
+
+/*
+ * Gets page URL
+ * @return string URL
+ */
+function get_page_url () {
+    $url = $_SERVER['SCRIPT_NAME'] . $_SERVER['PATH_INFO'];
+    if (substr($url, -10) == "/index.php") {
+        return substr($url, 0, -9);
+    }
+    return $url;
+}
+
+/*
+ * Gets server URL
+ * @todo find a way to detect https:// on non standard port
+ * @return string the server URL
+ */
+function get_server_url () {
+	switch ($port = $_SERVER['SERVER_PORT']) {
+		case '80':
+            return "http://$_SERVER[SERVER_NAME]";
+        
+        case '443':
+            return "https://$_SERVER[SERVER_NAME]";
+        
+        default:
+            return "http://$_SERVER[SERVER_NAME]:$_SERVER[SERVER_PORT]";
+	}
+}
+
+/*
+ * Gets $_SERVER['PATH_INFO'] or computes the equivalent if not defined.
+ * @return string the relevant URL part
+ */
+function get_current_url () {
+    global $Config;
+            
+    //Gets relevant URL part from relevant $_SERVER variables
+    if (array_key_exists('PATH_INFO', $_SERVER)) {
+        //Without mod_rewrite, and url like /index.php/controller
+        //we use PATH_INFO. It's the easiest case.
+        return $_SERVER["PATH_INFO"];
+    }
+    
+    //In other cases, we'll need to get the relevant part of the URL
+    $current_url = get_server_url() . $_SERVER['REQUEST_URI'];
+    
+    //Relevant URL part starts after the site URL
+    $len = strlen($Config['SiteURL']);
+    
+    //We need to assert it's the correct site
+    if (substr($current_url, 0, $len) != $Config['SiteURL']) {
+        dieprint_r(GENERAL_ERROR, "Edit includes/config.php and specify the correct site URL
Current value: $Config[SiteURL]
Expected value: a string starting by " . get_server_url(), "Setup");
+    }
+    
+    if (array_key_exists('REDIRECT_URL', $_SERVER)) {
+        //With mod_rewrite, we can use REDIRECT_URL
+        //We takes the end of the URL, ie *FROM* $len position
+        return substr(get_server_url() . $_SERVER["REDIRECT_URL"], $len);
+    }
+    
+    //Last possibility: use REQUEST_URI, but remove QUERY_STRING
+    //If you need to edit here, use $_SERVER['REQUEST_URI']
+    //but you need to discard $_SERVER['QUERY_STRING']
+       
+    //We takes the end of the URL, ie *FROM* $len position
+    $url = substr(get_server_url() . $_SERVER["REQUEST_URI"], $len);
+    
+    //But if there are a query string (?action=... we need to discard it)	
+    if ($_SERVER['QUERY_STRING']) {
+        return substr($url, 0, strlen($url) - strlen($_SERVER['QUERY_STRING']) - 1);
+    }
+    
+    return $url;
+}
+
+/*
+ * Gets an array of url fragments to be processed by controller
+ * @return array an array containing URL fragments
+ */
+function get_current_url_fragments () {
+    $url_source = get_current_url();
+    if ($url_source == '/index.php') return array();
+    return explode('/', substr($url_source, 1));
+}
+
+////////////////////////////////////////////////////////////////////////////////
+///                                                                          ///
+/// URL xmlHttpRequest helpers functions                                     ///
+///                                                                          ///
+////////////////////////////////////////////////////////////////////////////////
+
+/*
+ * Gets an hash value to check the integrity of URLs in /do.php calls
+ * @param Array $args the args to compute the hash
+ * @return the hash paramater for your xmlHttpRequest url
+ */
+function get_xhr_hash ($args) {
+    global $Config;
+    
+    array_shift($args);
+    return md5($_SESSION['ID'] . $Config['SecretKey'] . implode('', $args));
+}
+
+/*
+ * Gets the URL to call do.php, the xmlHttpRequest controller
+ * @return string the xmlHttpRequest url, with an integrity hash
+ */
+function get_xhr_hashed_url () {   
+    global $Config;
+    
+    $args = func_get_args();
+    $args[] = get_xhr_hash($args);
+    return $Config['DoURL'] . '/' . implode('/', $args);
+}
+
+/*
+ * Gets the URL to call do.php, the xmlHttpRequest controller
+ * @return string the xmlHttpRequest url
+ */
+function get_xhr_url () {
+    global $Config;
+    
+    $args = func_get_args();
+    return $Config['DoURL'] . '/' .implode('/', $args);
+}
+
+?>
diff --git a/includes/error.php b/includes/error.php
--- a/includes/error.php
+++ b/includes/error.php
@@ -1,4 +1,4 @@
-
\ No newline at end of file
+?>
diff --git a/includes/login.php b/includes/login.php
--- a/includes/login.php
+++ b/includes/login.php
@@ -1,36 +1,36 @@
-sql_escape($_POST['username']);
-    $sql = "SELECT user_password, user_id FROM " . TABLE_USERS . " WHERE username = '$username'";
-    if ( !($result = $db->sql_query($sql)) ) message_die(SQL_ERROR, "Can't get user information", '', __LINE__, __FILE__, $sql);
-        if ($row = $db->sql_fetchrow($result)) {
-            if (!$row['user_password']) {
-                //No password set
-                $LoginError = "This account exists but haven't a password defined. Contact the site administrator.";
-            } elseif ($row['user_password'] != md5($_POST['password'])) {
-                //The password doesn't match
-                $LoginError = "Incorrect password.";
-            } else {
-                //Login successful
-                Session::load()->user_login($row['user_id']);
-                $LoginSuccessful = true;
-            }
-    }
-} elseif ($_POST['LogOut'] || $_GET['action'] == "user.logout") {
-    //User have submitted logout form or clicked a logout link
-    Session::load()->user_logout();
-}
-?>
\ No newline at end of file
+sql_escape($_POST['username']);
+    $sql = "SELECT user_password, user_id FROM " . TABLE_USERS . " WHERE username = '$username'";
+    if ( !($result = $db->sql_query($sql)) ) message_die(SQL_ERROR, "Can't get user information", '', __LINE__, __FILE__, $sql);
+        if ($row = $db->sql_fetchrow($result)) {
+            if (!$row['user_password']) {
+                //No password set
+                $LoginError = "This account exists but haven't a password defined. Contact the site administrator.";
+            } elseif ($row['user_password'] != md5($_POST['password'])) {
+                //The password doesn't match
+                $LoginError = "Incorrect password.";
+            } else {
+                //Login successful
+                Session::load()->user_login($row['user_id']);
+                $LoginSuccessful = true;
+            }
+    }
+} elseif ($_POST['LogOut'] || $_GET['action'] == "user.logout") {
+    //User have submitted logout form or clicked a logout link
+    Session::load()->user_logout();
+}
+?>
diff --git a/includes/mysql.php b/includes/mysql.php
--- a/includes/mysql.php
+++ b/includes/mysql.php
@@ -1,152 +1,152 @@
-id = @mysql_connect($host, $username, $password) or $this->sql_die();
-            
-            //Selects database
-            if ($database != '') {
-                mysql_select_db($database, $this->id);
-            }
-        }
-        
-        /*
-         * Outputs a can't connect to the SQL server message and exits.
-         * It's called on connect failure
-         */
-        private function sql_die () {
-            //You can custom here code when you can't connect to SQL server
-            //e.g. in a demo or appliance context, include('start.html'); exit;
-            die ("Can't connect to SQL server.");
-        }
-        
-        /*
-         * Sends a unique query to the database
-         * @return mixed if the query is successful, a result identifier ; otherwise, false
-         */
-        function sql_query ($query) {
-            return mysql_query($query, $this->id);
-        }
-
-        /*
-         * Fetches a row of result into an associative array
-         * @return array an associative array with columns names as keys and row values as values
-         */
-        function sql_fetchrow ($result) {
-            return mysql_fetch_array($result);
-        }
-        
-        /*
-         * Gets last SQL error information
-         * @return array an array with two keys, code and message, containing error information
-         */
-        function sql_error () {
-            $error['code'] = mysql_errno($this->id);
-            $error['message'] = mysql_error($this->id);
-            return $error;
-        }
-        
-        /*
-         * Gets the number of rows affected or returned by a query
-         * @return int the number of rows affected (delete/insert/update) or the number of rows in query result
-         */
-        function sql_numrows ($result) {
-            return mysql_num_rows($result);
-        }
-        
-        /*
-         * Gets the primary key value of the last query (works only in INSERT context)
-         * @return int  the primary key value
-         */
-        function sql_nextid () {
-            return mysql_insert_id($this->id);
-        }
-        
-        /*
-         * Express query method, returns an immediate and unique result
-         *
-         * @param string $query the query to execute
-         * @param string $error_message the error message
-         * @param boolean $return_as_string return result as string, and not as an array
-         * @return mixed the row or the scalar result
-         */
-        function sql_query_express ($query = '', $error_message = "Impossible d'exécuter cette requête.", $return_as_string = true) {
-            if ($query === '' || $query === false || $query === null) {
-                //No query, no value
-                return '';
-            } elseif (!$result = $this->sql_query($query)) {
-                //An error have occured
-                message_die(SQL_ERROR, $error_message, '', '', '', $query);
-            } else {
-                //Fetches row
-                $row = $this->sql_fetchrow($result);
-                
-                //If $return_as_string is true, returns first query item (scalar mode) ; otherwise, returns row
-                return $return_as_string ? $row[0] : $row;
-            }
-        }
-        
-        /*
-         * Escapes a SQL expression
-         * @param string expression The expression to escape
-         * @return string The escaped expression
-         */
-        function sql_escape ($expression) {
-            return mysql_real_escape_string($expression);
-        }
-        
-        /*
-         * Set charset
-         */
-        function set_charset ($encoding) {
-            if (function_exists('mysql_set_charset')) {
-                //>PHP 5.2.3
-                mysql_set_charset($encoding, $this->id);
-            } else {
-                //TODO: set connection variables to utf8
-            }
-        }
-    }
-    
-    //Creates an instance of this database class with configuration values
-    $db = new sql_db($Config['sql']['host'], $Config['sql']['username'], $Config['sql']['password'], $Config['sql']['database']);
-    
-    //To improve security, we unset sql parameters
-    unset($Config['sql']);
-    
-    //Sets SQL connexion in UTF8. PHP 5.2.3+
-    $db->set_charset('utf8');
-}
-?>
\ No newline at end of file
+id = @mysql_connect($host, $username, $password) or $this->sql_die();
+            
+            //Selects database
+            if ($database != '') {
+                mysql_select_db($database, $this->id);
+            }
+        }
+        
+        /*
+         * Outputs a can't connect to the SQL server message and exits.
+         * It's called on connect failure
+         */
+        private function sql_die () {
+            //You can custom here code when you can't connect to SQL server
+            //e.g. in a demo or appliance context, include('start.html'); exit;
+            die ("Can't connect to SQL server.");
+        }
+        
+        /*
+         * Sends a unique query to the database
+         * @return mixed if the query is successful, a result identifier ; otherwise, false
+         */
+        function sql_query ($query) {
+            return mysql_query($query, $this->id);
+        }
+
+        /*
+         * Fetches a row of result into an associative array
+         * @return array an associative array with columns names as keys and row values as values
+         */
+        function sql_fetchrow ($result) {
+            return mysql_fetch_array($result);
+        }
+        
+        /*
+         * Gets last SQL error information
+         * @return array an array with two keys, code and message, containing error information
+         */
+        function sql_error () {
+            $error['code'] = mysql_errno($this->id);
+            $error['message'] = mysql_error($this->id);
+            return $error;
+        }
+        
+        /*
+         * Gets the number of rows affected or returned by a query
+         * @return int the number of rows affected (delete/insert/update) or the number of rows in query result
+         */
+        function sql_numrows ($result) {
+            return mysql_num_rows($result);
+        }
+        
+        /*
+         * Gets the primary key value of the last query (works only in INSERT context)
+         * @return int  the primary key value
+         */
+        function sql_nextid () {
+            return mysql_insert_id($this->id);
+        }
+        
+        /*
+         * Express query method, returns an immediate and unique result
+         *
+         * @param string $query the query to execute
+         * @param string $error_message the error message
+         * @param boolean $return_as_string return result as string, and not as an array
+         * @return mixed the row or the scalar result
+         */
+        function sql_query_express ($query = '', $error_message = "Impossible d'exécuter cette requête.", $return_as_string = true) {
+            if ($query === '' || $query === false || $query === null) {
+                //No query, no value
+                return '';
+            } elseif (!$result = $this->sql_query($query)) {
+                //An error have occured
+                message_die(SQL_ERROR, $error_message, '', '', '', $query);
+            } else {
+                //Fetches row
+                $row = $this->sql_fetchrow($result);
+                
+                //If $return_as_string is true, returns first query item (scalar mode) ; otherwise, returns row
+                return $return_as_string ? $row[0] : $row;
+            }
+        }
+        
+        /*
+         * Escapes a SQL expression
+         * @param string expression The expression to escape
+         * @return string The escaped expression
+         */
+        function sql_escape ($expression) {
+            return mysql_real_escape_string($expression);
+        }
+        
+        /*
+         * Set charset
+         */
+        function set_charset ($encoding) {
+            if (function_exists('mysql_set_charset')) {
+                //>PHP 5.2.3
+                mysql_set_charset($encoding, $this->id);
+            } else {
+                //TODO: set connection variables to utf8
+            }
+        }
+    }
+    
+    //Creates an instance of this database class with configuration values
+    $db = new sql_db($Config['sql']['host'], $Config['sql']['username'], $Config['sql']['password'], $Config['sql']['database']);
+    
+    //To improve security, we unset sql parameters
+    unset($Config['sql']);
+    
+    //Sets SQL connexion in UTF8. PHP 5.2.3+
+    $db->set_charset('utf8');
+}
+?>
diff --git a/includes/objects/README b/includes/objects/README
--- a/includes/objects/README
+++ b/includes/objects/README
@@ -1,3 +1,3 @@
-This folder contains models you use in your applications.
-
-Some models ready to use in production are available on http://keruald.sf.net
\ No newline at end of file
+This folder contains models you use in your applications.
+
+Some models ready to use in production are available on http://keruald.sf.net
diff --git a/includes/objects/user.php b/includes/objects/user.php
--- a/includes/objects/user.php
+++ b/includes/objects/user.php
@@ -1,194 +1,194 @@
-id = $id;
-            $this->load_from_database();
-        }
-    }
-    
-    /*
-     * Loads the object User (ie fill the properties) from the $_POST array
-     */
-    function load_from_form () {
-        if (array_key_exists('name', $_POST)) $this->name = $_POST['name'];
-        if (array_key_exists('password', $_POST)) $this->password = $_POST['password'];
-        if (array_key_exists('active', $_POST)) $this->active = $_POST['active'];
-        if (array_key_exists('actkey', $_POST)) $this->actkey = $_POST['actkey'];
-        if (array_key_exists('email', $_POST)) $this->email = $_POST['email'];
-        if (array_key_exists('regdate', $_POST)) $this->regdate = $_POST['regdate'];
-    }
-    
-    /*
-     * Loads the object User (ie fill the properties) from the database
-     */
-    function load_from_database () {
-        global $db;
-        $sql = "SELECT * FROM " . TABLE_USERS . " WHERE user_id = '" . $this->id . "'";
-        if ( !($result = $db->sql_query($sql)) ) message_die(SQL_ERROR, "Unable to query users", '', __LINE__, __FILE__, $sql);
-        if (!$row = $db->sql_fetchrow($result)) {
-            $this->lastError = "User unkwown: " . $this->id;
-            return false;
-        }
-        
-        $this->load_from_row($row);
-        
-        return true;
-    }
-    
-    /*
-     * Loads the object User (ie fill the properties) from the database row
-     */
-    function load_from_row ($row) {
-        $this->id       = $row['user_id'];
-        $this->name     = $row['username'];
-        $this->password = $row['user_password'];
-        $this->active   = $row['user_active'] ? true : false;
-        $this->email    = $row['user_email'];
-        $this->regdate  = $row['user_regdate'];
-    }
-    
-    /*
-     * Saves to database
-     */
-    function save_to_database () {
-        global $db;
-        
-        $id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL';
-        $name = $db->sql_escape($this->name);
-        $password = $db->sql_escape($this->password);
-        $active = $this->active ? 1 : 0;
-        $email = $db->sql_escape($this->email);
-        $regdate = $this->regdate ? "'" . $db->sql_escape($this->regdate) . "'" : 'NULL';
-
-        //Updates or inserts
-        $sql = "REPLACE INTO " . TABLE_USERS . " (`user_id`, `username`, `user_password`, `user_active`, `user_email`, `user_regdate`) VALUES ($id, '$name', '$password', $active, '$email', $regdate)";
-        if (!$db->sql_query($sql)) {
-            message_die(SQL_ERROR, "Unable to save user", '', __LINE__, __FILE__, $sql);
-        }
-        
-        if (!$this->id) {
-            //Gets new record id value
-            $this->id = $db->sql_nextid();
-        }
-    }
-    
-    /*
-     * Updates the specified field in the database record
-     */
-    function save_field ($field) {
-        global $db;
-        if (!$this->id) {
-            message_die(GENERAL_ERROR, "You're trying to update a record not yet saved in the database");
-        }
-        $id = $db->sql_escape($this->id);
-        $value = $db->sql_escape($this->$field);
-        $sql = "UPDATE " . TABLE_USERS . " SET `$field` = '$value' WHERE user_id = '$id'";
-        if (!$db->sql_query($sql)) {
-            message_die(SQL_ERROR, "Unable to save $field field", '', __LINE__, __FILE__, $sql);
-        }
-    }
-    
-    /*
-     * Generates a unique user id
-     */
-    function generate_id () {
-        global $db;
-    
-        do {
-            $this->id = mt_rand(2001, 9999);
-            $sql = "SELECT COUNT(*) FROM " . TABLE_USERS . " WHERE user_id = $this->id";
-            if (!$result = $db->sql_query($sql)) {
-                message_die(SQL_ERROR, "Can't check if a user id is free", '', __LINE__, __FILE__, $sql);
-            }
-            $row = $db->sql_fetchrow($result);
-        } while ($row[0]);		
-    }
-    
-    /*
-     * Fills password field with encrypted version
-     * of the specified clear password
-     */
-    public function set_password ($newpassword) {
-        $this->password = md5($newpassword);
-    }
-
-    /*
-     * Checks if a login is available
-     * @param string $login the login to check
-     * @return boolean true if the login is avaiable ; otherwise, false.
-     */
-    public static function is_available_login ($login) {
-        global $db;
-        $sql = "SELECT COUNT(*) FROM " . TABLE_USERS . " WHERE username = '$login'";
-        if (!$result = $db->sql_query($sql)) {
-            message_die(SQL_ERROR, "Can't check if the specified login is available", '', __LINE__, __FILE__, $sql);
-        }
-        $row = $db->sql_fetchrow($result);
-        return ($row[0] == 0);
-    }
-    
-    /*
-     * Initializes a new User instance ready to have its property filled
-     * @return User the new user instance 
-     */
-    public static function create () {
-        $user = new User();
-        $user->generate_id();
-        $user->active = true;
-        return $user;
-    }
-    
-    /*
-     * Gets user from specified e-mail
-     * @return User the user matching the specified e-mail ; null, if the mail were not found.
-     */
-    public static function get_user_from_email ($mail) {
-        global $db;
-        $sql = "SELECT username FROM " . TABLE_USERS . " WHERE user_email = '$mail'";
-        if (!$result = $db->sql_query($sql)) {
-            message_die(SQL_ERROR, "Can't get user", '', __LINE__, __FILE__, $sql);
-        }
-        
-        if ($row = $db->sql_fetchrow($result)) {
-            //E-mail found.
-            $user = new User();
-            $user->load_from_row($row);
-            return $user;
-        }
-        
-        //E-mail not found.
-        return null;
-    }
-}
-    
-?>
\ No newline at end of file
+id = $id;
+            $this->load_from_database();
+        }
+    }
+    
+    /*
+     * Loads the object User (ie fill the properties) from the $_POST array
+     */
+    function load_from_form () {
+        if (array_key_exists('name', $_POST)) $this->name = $_POST['name'];
+        if (array_key_exists('password', $_POST)) $this->password = $_POST['password'];
+        if (array_key_exists('active', $_POST)) $this->active = $_POST['active'];
+        if (array_key_exists('actkey', $_POST)) $this->actkey = $_POST['actkey'];
+        if (array_key_exists('email', $_POST)) $this->email = $_POST['email'];
+        if (array_key_exists('regdate', $_POST)) $this->regdate = $_POST['regdate'];
+    }
+    
+    /*
+     * Loads the object User (ie fill the properties) from the database
+     */
+    function load_from_database () {
+        global $db;
+        $sql = "SELECT * FROM " . TABLE_USERS . " WHERE user_id = '" . $this->id . "'";
+        if ( !($result = $db->sql_query($sql)) ) message_die(SQL_ERROR, "Unable to query users", '', __LINE__, __FILE__, $sql);
+        if (!$row = $db->sql_fetchrow($result)) {
+            $this->lastError = "User unkwown: " . $this->id;
+            return false;
+        }
+        
+        $this->load_from_row($row);
+        
+        return true;
+    }
+    
+    /*
+     * Loads the object User (ie fill the properties) from the database row
+     */
+    function load_from_row ($row) {
+        $this->id       = $row['user_id'];
+        $this->name     = $row['username'];
+        $this->password = $row['user_password'];
+        $this->active   = $row['user_active'] ? true : false;
+        $this->email    = $row['user_email'];
+        $this->regdate  = $row['user_regdate'];
+    }
+    
+    /*
+     * Saves to database
+     */
+    function save_to_database () {
+        global $db;
+        
+        $id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL';
+        $name = $db->sql_escape($this->name);
+        $password = $db->sql_escape($this->password);
+        $active = $this->active ? 1 : 0;
+        $email = $db->sql_escape($this->email);
+        $regdate = $this->regdate ? "'" . $db->sql_escape($this->regdate) . "'" : 'NULL';
+
+        //Updates or inserts
+        $sql = "REPLACE INTO " . TABLE_USERS . " (`user_id`, `username`, `user_password`, `user_active`, `user_email`, `user_regdate`) VALUES ($id, '$name', '$password', $active, '$email', $regdate)";
+        if (!$db->sql_query($sql)) {
+            message_die(SQL_ERROR, "Unable to save user", '', __LINE__, __FILE__, $sql);
+        }
+        
+        if (!$this->id) {
+            //Gets new record id value
+            $this->id = $db->sql_nextid();
+        }
+    }
+    
+    /*
+     * Updates the specified field in the database record
+     */
+    function save_field ($field) {
+        global $db;
+        if (!$this->id) {
+            message_die(GENERAL_ERROR, "You're trying to update a record not yet saved in the database");
+        }
+        $id = $db->sql_escape($this->id);
+        $value = $db->sql_escape($this->$field);
+        $sql = "UPDATE " . TABLE_USERS . " SET `$field` = '$value' WHERE user_id = '$id'";
+        if (!$db->sql_query($sql)) {
+            message_die(SQL_ERROR, "Unable to save $field field", '', __LINE__, __FILE__, $sql);
+        }
+    }
+    
+    /*
+     * Generates a unique user id
+     */
+    function generate_id () {
+        global $db;
+    
+        do {
+            $this->id = mt_rand(2001, 9999);
+            $sql = "SELECT COUNT(*) FROM " . TABLE_USERS . " WHERE user_id = $this->id";
+            if (!$result = $db->sql_query($sql)) {
+                message_die(SQL_ERROR, "Can't check if a user id is free", '', __LINE__, __FILE__, $sql);
+            }
+            $row = $db->sql_fetchrow($result);
+        } while ($row[0]);		
+    }
+    
+    /*
+     * Fills password field with encrypted version
+     * of the specified clear password
+     */
+    public function set_password ($newpassword) {
+        $this->password = md5($newpassword);
+    }
+
+    /*
+     * Checks if a login is available
+     * @param string $login the login to check
+     * @return boolean true if the login is avaiable ; otherwise, false.
+     */
+    public static function is_available_login ($login) {
+        global $db;
+        $sql = "SELECT COUNT(*) FROM " . TABLE_USERS . " WHERE username = '$login'";
+        if (!$result = $db->sql_query($sql)) {
+            message_die(SQL_ERROR, "Can't check if the specified login is available", '', __LINE__, __FILE__, $sql);
+        }
+        $row = $db->sql_fetchrow($result);
+        return ($row[0] == 0);
+    }
+    
+    /*
+     * Initializes a new User instance ready to have its property filled
+     * @return User the new user instance 
+     */
+    public static function create () {
+        $user = new User();
+        $user->generate_id();
+        $user->active = true;
+        return $user;
+    }
+    
+    /*
+     * Gets user from specified e-mail
+     * @return User the user matching the specified e-mail ; null, if the mail were not found.
+     */
+    public static function get_user_from_email ($mail) {
+        global $db;
+        $sql = "SELECT username FROM " . TABLE_USERS . " WHERE user_email = '$mail'";
+        if (!$result = $db->sql_query($sql)) {
+            message_die(SQL_ERROR, "Can't get user", '', __LINE__, __FILE__, $sql);
+        }
+        
+        if ($row = $db->sql_fetchrow($result)) {
+            //E-mail found.
+            $user = new User();
+            $user->load_from_row($row);
+            return $user;
+        }
+        
+        //E-mail not found.
+        return null;
+    }
+}
+    
+?>
diff --git a/includes/session.php b/includes/session.php
--- a/includes/session.php
+++ b/includes/session.php
@@ -1,250 +1,250 @@
-id = $_SESSION['ID'];
-        
-        //Gets remote client IP
-        $this->ip = self::get_ip();
-        
-        //Updates or creates the session in database
-        $this->update();
-    }
-    
-    /*
-     * Gets remote client IP address
-     * @return string IP
-     */
-    public static function get_ip () {
-        //mod_proxy + mod_rewrite (old pluton url scheme) will define 127.0.0.1
-        //in REMOTE_ADDR, and will store ip in HTTP_X_FORWARDED_FOR variable.
-        //Some ISP/orgz proxies also use this setting.
-        if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) {
-            return $_SERVER['HTTP_X_FORWARDED_FOR'];
-        }
-
-        //Standard cases        
-        return $_SERVER['REMOTE_ADDR'];
-    }
-    
-    /*
-     * Cleans up session
-     * i.  deletes expired session
-     * ii. sets offline relevant sessions
-     */
-    public static function clean_old_sessions () {
-        global $db, $Config;
-
-        //Gets session and online status lifetime (in seconds)
-        //If not specified in config, sets default 5 and 120 minutes values 
-        $onlineDuration  = array_key_exists('OnlineDuration', $Config)  ? $Config['OnlineDuration']  :  300;
-        $sessionDuration = array_key_exists('SessionDuration', $Config) ? $Config['SessionDuration'] : 7200;
-        
-        $resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->sql_escape($Config['ResourceID']) . '\'' : 'default';
-        
-        //Deletes expired sessions
-        $sql = "DELETE FROM " . TABLE_SESSIONS . " WHERE session_resource = $resource AND TIMESTAMPDIFF(SECOND, session_updated, NOW()) > $sessionDuration";
-        if (!$db->sql_query($sql)) message_die(SQL_ERROR, "Can't delete expired sessions", '', __LINE__, __FILE__, $sql);
-
-        //Online -> offline
-        $sql = "UPDATE " . TABLE_SESSIONS . " SET session_online = 0 WHERE session_resource = $resource AND TIMESTAMPDIFF(SECOND, session_updated, NOW()) > $onlineDuration";
-        if (!$db->sql_query($sql)) message_die(SQL_ERROR, 'Can\'t update sessions online statuses', '', __LINE__, __FILE__, $sql);
-    }
-    
-    
-    /*
-     * Updates or creates a session in the database
-     */
-    public function update () {
-        global $db, $Config;
-    
-        //Cleans up session
-        //To boost SQL performances, try a random trigger
-        //     e.g. if (rand(1, 100) < 3) self::clean_old_sessions();
-        //or comment this line and execute a cron script you launch each minute.
-        self::clean_old_sessions();
-        
-        //Saves session in database.
-        //If the session already exists, it updates the field online and updated.
-        $id = $db->sql_escape($this->id);
-        $resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->sql_escape($Config['ResourceID']) . '\'' : 'default';
-        $user_id = $db->sql_escape(ANONYMOUS_USER);
-        $sql = "INSERT INTO " . TABLE_SESSIONS . " (session_id, session_ip, session_resource, user_id) VALUES ('$id', '$this->ip', $resource, '$user_id') ON DUPLICATE KEY UPDATE session_online = 1";
-        if (!$db->sql_query($sql)) message_die(SQL_ERROR, 'Can\'t save current session', '', __LINE__, __FILE__, $sql);
-    }
-    
-    /*
-     * Gets the number of online users
-     * @return int the online users count
-     */
-    public function count_online () {        
-        //Keeps result for later method call
-        static $count = -1;
-        
-        if ($count == -1) {
-            //Queries sessions table
-            global $db, $Config;
-
-            $resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->sql_escape($Config['ResourceID']) . '\'' : 'default';
-            $sql = "SELECT count(*) FROM " . TABLE_SESSIONS . " WHERE session_resource = $resource AND session_online = 1";
-            $count = (int)$db->sql_query_express($sql, "Can't count online users");
-        }
-        
-        //Returns number of users online
-        return $count;
-    }
-    
-    /*
-     * Gets the value of a custom session table field
-     * @param string $info the field to get
-     * @return string the session specified field's value
-     */
-    public function get_info ($info) {
-        global $db;
-        
-        $id = $db->sql_escape($this->id);
-        $sql = "SELECT `$info` FROM " . TABLE_SESSIONS . " WHERE session_id = '$id'";
-        return $db->sql_query_express($sql, "Can't get session $info info");
-    }
-    
-    /*
-     * Sets the value of a custom session table field to the specified value
-     * @param string $info the field to update
-     * @param string $value the value to set
-     */
-    public function set_info ($info, $value) {
-        global $db;
-        
-        $value = ($value === null) ? 'NULL' : "'" . $db->sql_escape($value) . "'";
-        $id = $db->sql_escape($this->id);
-    	$sql = "UPDATE " . TABLE_SESSIONS . " SET `$info` = $value WHERE session_id = '$id'";
-        if (!$db->sql_query($sql))
-            message_die(SQL_ERROR, "Can't set session $info info", '', __LINE__, __FILE__, $sql);
-    }
-    
-    /*
-     * Gets logged user information
-     * @return User the logged user information
-     */
-    public function get_logged_user () {
-        global $db;
-        
-        //Gets session information
-        $id = $db->sql_escape($this->id);
-        $sql = "SELECT * FROM " . TABLE_SESSIONS . " WHERE session_id = '$id'";
-        if (!$result = $db->sql_query($sql))
-            message_die(SQL_ERROR, "Can't query session information", '', __LINE__, __FILE__, $sql);
-        $row = $db->sql_fetchrow($result);
-
-        //Gets user instance
-        require_once('includes/objects/user.php');
-        $user = new User($row['user_id']);
-
-        //Adds session property to this user instance
-        $user->session = $row;
-
-        //Returns user instance
-        return $user;
-    }
-
-    /*
-     * Cleans session
-     * This method is to be called when an event implies a session destroy
-     */
-    public function clean () {
-        //Destroies $_SESSION array values, help ID
-        foreach ($_SESSION as $key => $value) {
-            if ($key != 'ID') unset($_SESSION[$key]);
-        }
-    }
-
-    /*
-     * Updates the session in an user login context
-     * @param string $user_id the user ID
-     */
-    public function user_login ($user_id) {
-        global $db;
-
-        //Sets specified user ID in sessions table
-        $user_id = $db->sql_escape($user_id);
-        $id  = $db->sql_escape($this->id);
-        $sql = "UPDATE " . TABLE_SESSIONS . " SET user_id = '$user_id' WHERE session_id = '$id'";
-        if (!$db->sql_query($sql))
-            message_die(SQL_ERROR, "Can't set logged in status", '', __LINE__, __FILE__, $sql);
-    }
-    
-    /*
-     * Updates the session in an user logout context
-     */
-    public function user_logout () {
-        global $db;
-        
-        //Sets anonymous user in sessions table
-        $user_id = $db->sql_escape(ANONYMOUS_USER);
-        $id  = $db->sql_escape($this->id);
-        $sql = "UPDATE " . TABLE_SESSIONS . " SET user_id = '$user_id' WHERE session_id = '$id'";
-        if (!$db->sql_query($sql))
-            message_die(SQL_ERROR, "Can't set logged out status", '', __LINE__, __FILE__, $sql);
-        
-        //Cleans session
-        $this->clean();
-    }
-}
-
-//The user_id matching anonymous user
-if (!defined('ANONYMOUS_USER')) define('ANONYMOUS_USER', -1);
-
+id = $_SESSION['ID'];
+        
+        //Gets remote client IP
+        $this->ip = self::get_ip();
+        
+        //Updates or creates the session in database
+        $this->update();
+    }
+    
+    /*
+     * Gets remote client IP address
+     * @return string IP
+     */
+    public static function get_ip () {
+        //mod_proxy + mod_rewrite (old pluton url scheme) will define 127.0.0.1
+        //in REMOTE_ADDR, and will store ip in HTTP_X_FORWARDED_FOR variable.
+        //Some ISP/orgz proxies also use this setting.
+        if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) {
+            return $_SERVER['HTTP_X_FORWARDED_FOR'];
+        }
+
+        //Standard cases        
+        return $_SERVER['REMOTE_ADDR'];
+    }
+    
+    /*
+     * Cleans up session
+     * i.  deletes expired session
+     * ii. sets offline relevant sessions
+     */
+    public static function clean_old_sessions () {
+        global $db, $Config;
+
+        //Gets session and online status lifetime (in seconds)
+        //If not specified in config, sets default 5 and 120 minutes values 
+        $onlineDuration  = array_key_exists('OnlineDuration', $Config)  ? $Config['OnlineDuration']  :  300;
+        $sessionDuration = array_key_exists('SessionDuration', $Config) ? $Config['SessionDuration'] : 7200;
+        
+        $resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->sql_escape($Config['ResourceID']) . '\'' : 'default';
+        
+        //Deletes expired sessions
+        $sql = "DELETE FROM " . TABLE_SESSIONS . " WHERE session_resource = $resource AND TIMESTAMPDIFF(SECOND, session_updated, NOW()) > $sessionDuration";
+        if (!$db->sql_query($sql)) message_die(SQL_ERROR, "Can't delete expired sessions", '', __LINE__, __FILE__, $sql);
+
+        //Online -> offline
+        $sql = "UPDATE " . TABLE_SESSIONS . " SET session_online = 0 WHERE session_resource = $resource AND TIMESTAMPDIFF(SECOND, session_updated, NOW()) > $onlineDuration";
+        if (!$db->sql_query($sql)) message_die(SQL_ERROR, 'Can\'t update sessions online statuses', '', __LINE__, __FILE__, $sql);
+    }
+    
+    
+    /*
+     * Updates or creates a session in the database
+     */
+    public function update () {
+        global $db, $Config;
+    
+        //Cleans up session
+        //To boost SQL performances, try a random trigger
+        //     e.g. if (rand(1, 100) < 3) self::clean_old_sessions();
+        //or comment this line and execute a cron script you launch each minute.
+        self::clean_old_sessions();
+        
+        //Saves session in database.
+        //If the session already exists, it updates the field online and updated.
+        $id = $db->sql_escape($this->id);
+        $resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->sql_escape($Config['ResourceID']) . '\'' : 'default';
+        $user_id = $db->sql_escape(ANONYMOUS_USER);
+        $sql = "INSERT INTO " . TABLE_SESSIONS . " (session_id, session_ip, session_resource, user_id) VALUES ('$id', '$this->ip', $resource, '$user_id') ON DUPLICATE KEY UPDATE session_online = 1";
+        if (!$db->sql_query($sql)) message_die(SQL_ERROR, 'Can\'t save current session', '', __LINE__, __FILE__, $sql);
+    }
+    
+    /*
+     * Gets the number of online users
+     * @return int the online users count
+     */
+    public function count_online () {        
+        //Keeps result for later method call
+        static $count = -1;
+        
+        if ($count == -1) {
+            //Queries sessions table
+            global $db, $Config;
+
+            $resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->sql_escape($Config['ResourceID']) . '\'' : 'default';
+            $sql = "SELECT count(*) FROM " . TABLE_SESSIONS . " WHERE session_resource = $resource AND session_online = 1";
+            $count = (int)$db->sql_query_express($sql, "Can't count online users");
+        }
+        
+        //Returns number of users online
+        return $count;
+    }
+    
+    /*
+     * Gets the value of a custom session table field
+     * @param string $info the field to get
+     * @return string the session specified field's value
+     */
+    public function get_info ($info) {
+        global $db;
+        
+        $id = $db->sql_escape($this->id);
+        $sql = "SELECT `$info` FROM " . TABLE_SESSIONS . " WHERE session_id = '$id'";
+        return $db->sql_query_express($sql, "Can't get session $info info");
+    }
+    
+    /*
+     * Sets the value of a custom session table field to the specified value
+     * @param string $info the field to update
+     * @param string $value the value to set
+     */
+    public function set_info ($info, $value) {
+        global $db;
+        
+        $value = ($value === null) ? 'NULL' : "'" . $db->sql_escape($value) . "'";
+        $id = $db->sql_escape($this->id);
+    	$sql = "UPDATE " . TABLE_SESSIONS . " SET `$info` = $value WHERE session_id = '$id'";
+        if (!$db->sql_query($sql))
+            message_die(SQL_ERROR, "Can't set session $info info", '', __LINE__, __FILE__, $sql);
+    }
+    
+    /*
+     * Gets logged user information
+     * @return User the logged user information
+     */
+    public function get_logged_user () {
+        global $db;
+        
+        //Gets session information
+        $id = $db->sql_escape($this->id);
+        $sql = "SELECT * FROM " . TABLE_SESSIONS . " WHERE session_id = '$id'";
+        if (!$result = $db->sql_query($sql))
+            message_die(SQL_ERROR, "Can't query session information", '', __LINE__, __FILE__, $sql);
+        $row = $db->sql_fetchrow($result);
+
+        //Gets user instance
+        require_once('includes/objects/user.php');
+        $user = new User($row['user_id']);
+
+        //Adds session property to this user instance
+        $user->session = $row;
+
+        //Returns user instance
+        return $user;
+    }
+
+    /*
+     * Cleans session
+     * This method is to be called when an event implies a session destroy
+     */
+    public function clean () {
+        //Destroies $_SESSION array values, help ID
+        foreach ($_SESSION as $key => $value) {
+            if ($key != 'ID') unset($_SESSION[$key]);
+        }
+    }
+
+    /*
+     * Updates the session in an user login context
+     * @param string $user_id the user ID
+     */
+    public function user_login ($user_id) {
+        global $db;
+
+        //Sets specified user ID in sessions table
+        $user_id = $db->sql_escape($user_id);
+        $id  = $db->sql_escape($this->id);
+        $sql = "UPDATE " . TABLE_SESSIONS . " SET user_id = '$user_id' WHERE session_id = '$id'";
+        if (!$db->sql_query($sql))
+            message_die(SQL_ERROR, "Can't set logged in status", '', __LINE__, __FILE__, $sql);
+    }
+    
+    /*
+     * Updates the session in an user logout context
+     */
+    public function user_logout () {
+        global $db;
+        
+        //Sets anonymous user in sessions table
+        $user_id = $db->sql_escape(ANONYMOUS_USER);
+        $id  = $db->sql_escape($this->id);
+        $sql = "UPDATE " . TABLE_SESSIONS . " SET user_id = '$user_id' WHERE session_id = '$id'";
+        if (!$db->sql_query($sql))
+            message_die(SQL_ERROR, "Can't set logged out status", '', __LINE__, __FILE__, $sql);
+        
+        //Cleans session
+        $this->clean();
+    }
+}
+
+//The user_id matching anonymous user
+if (!defined('ANONYMOUS_USER')) define('ANONYMOUS_USER', -1);
+
 ?>
diff --git a/index.php b/index.php
--- a/index.php
+++ b/index.php
@@ -1,84 +1,84 @@
-get_logged_user();
-
-////////////////////////////////////////////////////////////////////////////////
-///
-/// Your application initialization logic
-///
-
-//[TODO] Loads your template engine or prepares the document to print
-//[TODO] Loads languages file if you're into L10n
-
-////////////////////////////////////////////////////////////////////////////////
-///
-/// Serves the requested page
-///
-
-//[TODO] Understand the URL if not done yet and calls relevant script
-//[TODO] As a MVC sample, here a Xen-like approach.
-//       For a content-or iented, see the Pluton index.php
-//
-//Tip: to understand the url, get_current_url_fragments will output an array:
-//www.yourdomain.tld/planet/mars/sat?name=demios -> {'planet', 'mars', 'sat'}
-
-/*
-$url = get_current_url_fragments();
-switch ($controller = $url[0]) {
-    case '':
-        //Calls homepage controller
-        include("controllers/home.php");
-        break;
-    
-    case 'planet':
-    case 'user':
-    case 'anotherstuff':
-        //Calls requested controller
-        include("controllers/$controller.php");
-        break;
-    
-    default:
-        header("HTTP/1.0 404 Not Found");
-        dieprint_r($url, 'Unknown URL');
-}
-*/
-
-?>
\ No newline at end of file
+get_logged_user();
+
+////////////////////////////////////////////////////////////////////////////////
+///
+/// Your application initialization logic
+///
+
+//[TODO] Loads your template engine or prepares the document to print
+//[TODO] Loads languages file if you're into L10n
+
+////////////////////////////////////////////////////////////////////////////////
+///
+/// Serves the requested page
+///
+
+//[TODO] Understand the URL if not done yet and calls relevant script
+//[TODO] As a MVC sample, here a Xen-like approach.
+//       For a content-or iented, see the Pluton index.php
+//
+//Tip: to understand the url, get_current_url_fragments will output an array:
+//www.yourdomain.tld/planet/mars/sat?name=demios -> {'planet', 'mars', 'sat'}
+
+/*
+$url = get_current_url_fragments();
+switch ($controller = $url[0]) {
+    case '':
+        //Calls homepage controller
+        include("controllers/home.php");
+        break;
+    
+    case 'planet':
+    case 'user':
+    case 'anotherstuff':
+        //Calls requested controller
+        include("controllers/$controller.php");
+        break;
+    
+    default:
+        header("HTTP/1.0 404 Not Found");
+        dieprint_r($url, 'Unknown URL');
+}
+*/
+
+?>