diff --git a/includes/config.php b/includes/config.php index 97b898f..c697150 100644 --- a/includes/config.php +++ b/includes/config.php @@ -1,144 +1,142 @@ diff --git a/includes/core.php b/includes/core.php index 54248ad..2fc07c2 100644 --- a/includes/core.php +++ b/includes/core.php @@ -1,310 +1,342 @@ sql_escape($user_id); + global $db; + + $user_id = $db->sql_escape($user_id); $sql = 'SELECT username FROM '. TABLE_USERS . " WHERE user_id = '$userid'"; - return $db->sql_query_express($sql, "Can't get username from specified user id"); + + return $db->sql_query_express($sql, "Can't get username from specified user id"); } -/* +/** * Gets the user id matching specified username - * @param string $username the username + * + * @param string $username the username * @return string the user ID */ function get_userid ($username) { - global $db; - - $username = $db->sql_escape($username); - $sql = 'SELECT user_id FROM '. TABLE_USERS . " WHERE username LIKE '$username'"; + global $db; + + $username = $db->sql_escape($username); + $sql = 'SELECT user_id FROM '. TABLE_USERS . " WHERE username LIKE '$username'"; + return $db->sql_query_express($sql, "Can't get user id from specified username"); } //////////////////////////////////////////////////////////////////////////////// /// /// /// Misc helper functions /// /// /// //////////////////////////////////////////////////////////////////////////////// -//Plural management +// Plural management -/* +/** * Gets a "s" if the specified amount requests the plural + * * @param mixed $amount the quantity (should be numeric) * @return string 's' if the amount is greater or equal than 2 ; otherwise, '' */ function s ($amount) { - if ($amount >= 2 || $amount <= -2 ) return 's'; + if ($amount >= 2 || $amount <= -2 ) return 's'; } -/* +/** * Prints human-readable information about a variable, wrapped in a 
 block
+ *
  * @param mixed $mixed the variable to dump
  */
 function dprint_r ($mixed) {
-	echo '
';
+    echo '
';
     print_r($mixed);
     echo '
';
 }
 
-/*
+/**
  * Generates a new GUID
+ *
  * @return string a guid (without {})
  */
-function new_guid () {  
-	//The guid chars
+function new_guid () {
+    //The guid chars
     $chars = explode(',', 'a,b,c,d,e,f,0,1,2,3,4,5,6,7,8,9');
-    
+
     //Let's build our 36 characters string
     //e.g. 68ed40c6-f5bb-4a4a-8659-3adf23536b75
-	$guid = "";
-	for ($i = 0 ; $i < 36 ; $i++) {
+    $guid = "";
+    for ($i = 0 ; $i < 36 ; $i++) {
         if ($i == 8 || $i == 13 || $i == 18 || $i == 23) {
             //Dashes at position 9, 14, 19 and 24
             $guid .= "-";
-		} else {
+        } else {
             //0-f hex digit elsewhere
-			$guid .= $chars[mt_rand() % sizeof($characters)];
-		}
-	}
-	return $guid;
+            $guid .= $chars[mt_rand() % sizeof($characters)];
+        }
+    }
+    return $guid;
 }
 
-/*
+/**
  * Determines if the expression is a valid guid (in uuid notation, without {})
+ *
  * @param string $expression the guid to check
  * @return true if the expression is a valid guid ; otherwise, false
  */
 function is_guid ($expression) {
     //We avoid regexp to speed up the check
     //A guid is a 36 characters string
-    if (strlen($expression) != 36) return false;
-    
+    if (strlen($expression) != 36) {
+        return false;
+    }
+
     $expression = strtolower($expression);
-	for ($i = 0 ; $i < 36 ; $i++) {
-		if ($i == 8 || $i == 13 || $i == 18 || $i == 23) {
-			//with dashes
-			if ($expression[$i] != '-') return false;
-		} else {
-		    //and hex numbers
-			if (!is_numeric($expression[$i]) && $expression[$i] != 'a' && $expression[$i] != 'b' && $expression[$i] != 'c' && $expression[$i] != 'd' && $expression[$i] != 'e' && $expression[$i] != 'f' ) return false;
-		}
-	}
+    for ($i = 0 ; $i < 36 ; $i++) {
+        if ($i == 8 || $i == 13 || $i == 18 || $i == 23) {
+            //with dashes
+            if ($expression[$i] != '-') {
+                return false;
+            }
+        } else {
+            //and hex numbers
+            if (!is_numeric($expression[$i])
+                && $expression[$i] != 'a' && $expression[$i] != 'b'
+                && $expression[$i] != 'c' && $expression[$i] != 'd'
+                && $expression[$i] != 'e' && $expression[$i] != 'f') {
+                return false;
+            }
+        }
+    }
+
     return true;
 }
 
-/*
+/**
  * Gets file extension
+ *
  * @param string $file the file to get the extension
  */
 function get_extension ($file) {
     $dotPosition = strrpos($file, ".");
+
     return substr($file, $dotPosition + 1);
 }
 
-/*
+/**
  * Determines if a string starts with specified substring
+ *
  * @param string $haystack the string to check
  * @param string $needle the substring to determines if it's the start
  * @param boolean $case_sensitive determines if the search must be case sensitive
  * @return boolean true if $haystack starts with $needle ; otherwise, false.
  */
 function string_starts_with ($haystack, $needle, $case_sensitive = true) {
     if (!$case_sensitive) {
         $haystack = strtoupper($haystack);
         $needle = strtoupper($needle);
     }
-    if ($haystack == $needle) return true;
+    if ($haystack == $needle) {
+        return true;
+    }
+
     return strpos($haystack, $needle) === 0;
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 ///                                                                          ///
 /// URL helpers functions                                                    ///
 ///                                                                          ///
 ////////////////////////////////////////////////////////////////////////////////
 
-/*
+/**
  * Gets URL
+ *
  * @return string URL
  */
 function get_url () {
     global $Config;
     if (func_num_args() > 0) {
         $pieces = func_get_args();
         return $Config['BaseURL'] . '/' . implode('/', $pieces);
     } elseif ($Config['BaseURL'] == "" || $Config['BaseURL'] == "/index.php") {
         return "/";
     } else {
         return $Config['BaseURL'];
     }
 }
 
-/*
+/**
  * Gets page URL
+ *
  * @return string URL
  */
 function get_page_url () {
     $url = $_SERVER['SCRIPT_NAME'] . $_SERVER['PATH_INFO'];
     if (substr($url, -10) == "/index.php") {
         return substr($url, 0, -9);
     }
     return $url;
 }
 
-/*
+/**
  * Gets server URL
+ *
  * @todo find a way to detect https:// on non standard port
  * @return string the server URL
  */
 function get_server_url () {
-	switch ($port = $_SERVER['SERVER_PORT']) {
-		case '80':
+    switch ($port = $_SERVER['SERVER_PORT']) {
+        case '80':
             return "http://$_SERVER[SERVER_NAME]";
-        
+
         case '443':
             return "https://$_SERVER[SERVER_NAME]";
-        
+
         default:
             return "http://$_SERVER[SERVER_NAME]:$_SERVER[SERVER_PORT]";
-	}
+    }
 }
 
-/*
+/**
  * Gets $_SERVER['PATH_INFO'] or computes the equivalent if not defined.
  * @return string the relevant URL part
  */
 function get_current_url () {
     global $Config;
-            
+
     //Gets relevant URL part from relevant $_SERVER variables
     if (array_key_exists('PATH_INFO', $_SERVER)) {
         //Without mod_rewrite, and url like /index.php/controller
         //we use PATH_INFO. It's the easiest case.
         return $_SERVER["PATH_INFO"];
     }
-    
+
     //In other cases, we'll need to get the relevant part of the URL
     $current_url = get_server_url() . $_SERVER['REQUEST_URI'];
-    
+
     //Relevant URL part starts after the site URL
     $len = strlen($Config['SiteURL']);
-    
+
     //We need to assert it's the correct site
     if (substr($current_url, 0, $len) != $Config['SiteURL']) {
         dieprint_r(GENERAL_ERROR, "Edit includes/config.php and specify the correct site URL
Current value: $Config[SiteURL]
Expected value: a string starting by " . get_server_url(), "Setup");
     }
-    
+
     if (array_key_exists('REDIRECT_URL', $_SERVER)) {
         //With mod_rewrite, we can use REDIRECT_URL
         //We takes the end of the URL, ie *FROM* $len position
         return substr(get_server_url() . $_SERVER["REDIRECT_URL"], $len);
     }
-    
+
     //Last possibility: use REQUEST_URI, but remove QUERY_STRING
     //If you need to edit here, use $_SERVER['REQUEST_URI']
     //but you need to discard $_SERVER['QUERY_STRING']
-       
+
     //We takes the end of the URL, ie *FROM* $len position
     $url = substr(get_server_url() . $_SERVER["REQUEST_URI"], $len);
-    
-    //But if there are a query string (?action=... we need to discard it)	
+
+    //But if there are a query string (?action=... we need to discard it)
     if ($_SERVER['QUERY_STRING']) {
         return substr($url, 0, strlen($url) - strlen($_SERVER['QUERY_STRING']) - 1);
     }
-    
+
     return $url;
 }
 
-/*
+/**
  * Gets an array of url fragments to be processed by controller
+ *
  * @return array an array containing URL fragments
  */
 function get_current_url_fragments () {
     $url_source = get_current_url();
-    if ($url_source == '/index.php') return array();
+    if ($url_source == '/index.php') {
+        return array();
+    }
+
     return explode('/', substr($url_source, 1));
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 ///                                                                          ///
 /// URL xmlHttpRequest helpers functions                                     ///
 ///                                                                          ///
 ////////////////////////////////////////////////////////////////////////////////
 
-/*
+/**
  * Gets an hash value to check the integrity of URLs in /do.php calls
+ *
  * @param Array $args the args to compute the hash
  * @return the hash paramater for your xmlHttpRequest url
  */
 function get_xhr_hash ($args) {
     global $Config;
-    
+
     array_shift($args);
     return md5($_SESSION['ID'] . $Config['SecretKey'] . implode('', $args));
 }
 
-/*
+/**
  * Gets the URL to call do.php, the xmlHttpRequest controller
+ *
  * @return string the xmlHttpRequest url, with an integrity hash
  */
-function get_xhr_hashed_url () {   
+function get_xhr_hashed_url () {
     global $Config;
-    
+
     $args = func_get_args();
     $args[] = get_xhr_hash($args);
     return $Config['DoURL'] . '/' . implode('/', $args);
 }
 
-/*
+/**
  * Gets the URL to call do.php, the xmlHttpRequest controller
+ *
  * @return string the xmlHttpRequest url
  */
 function get_xhr_url () {
     global $Config;
-    
+
     $args = func_get_args();
     return $Config['DoURL'] . '/' .implode('/', $args);
 }
-
-?>
diff --git a/includes/error.php b/includes/error.php
index 4d97615..7b72fd8 100644
--- a/includes/error.php
+++ b/includes/error.php
@@ -1,110 +1,113 @@
 ' . print_r($var, true) .'
', $title);
 }
 
-/*
+/**
  * Prints an error message and dies
+ *
  * @param int $code A constant identifying the type of error (SQL_ERROR, HACK_ERROR or GENERAL_ERROR)
  * @param string $text the error description
  * @param string $text the error title
  * @param int $line the file line the error have occured (typically __LINE__)
  * @param string $file  the  file the error have occured (typically __FILE__)
  * @param string $sql the sql query which caused the error
  */
 function message_die ($code, $text = '', $title = '', $line = '', $file = '', $sql = '') {
     //Ensures we've an error text
     $text = $text ? $text : "An error have occured";
 
     //Adds file and line information to error text
     if ($file) {
         $text .= " — $file";
         if ($line) {
             $text .= ", line $line";
         }
     }
-    
+
     //Ensures we've an error title and adds relevant extra information
     switch ($code) {
         case HACK_ERROR:
             $title = $title ? $title : "Access non authorized";
             break;
-        
+
         case SQL_ERROR:
             global $db;
             $title = $title ? $title : "SQL error";
-            
+
             //Gets SQL error information
             $sqlError = $db->sql_error();
             if ($sqlError['message'] != '') {
                 $text .= "
Error n° $sqlError[code]: $sqlError[message]";
             }
             $text .= '
 
Query: ';
             $text .= $sql;
-            
+
             break;
-        
+
         default:
             //TODO: here can be added code to handle error error ;-)
             //Falls to GENERAL_ERROR
-        
+
         case GENERAL_ERROR:
             $title = $title ? $title : "General error";
             break;
     }
-    
+
     //HTML output of $title and $text variables
     echo '
', $title,
          '
', $text, '
';
-    
+
     exit;
 }
-?>
diff --git a/includes/login.php b/includes/login.php
index 8a64e08..2c9c4d2 100644
--- a/includes/login.php
+++ b/includes/login.php
@@ -1,36 +1,37 @@
 sql_escape($_POST['username']);
     $sql = "SELECT user_password, user_id FROM " . TABLE_USERS . " WHERE username = '$username'";
-    if ( !($result = $db->sql_query($sql)) ) message_die(SQL_ERROR, "Can't get user information", '', __LINE__, __FILE__, $sql);
-        if ($row = $db->sql_fetchrow($result)) {
-            if (!$row['user_password']) {
-                //No password set
-                $LoginError = "This account exists but haven't a password defined. Contact the site administrator.";
-            } elseif ($row['user_password'] != md5($_POST['password'])) {
-                //The password doesn't match
-                $LoginError = "Incorrect password.";
-            } else {
-                //Login successful
-                Session::load()->user_login($row['user_id']);
-                $LoginSuccessful = true;
-            }
+    if ( !($result = $db->sql_query($sql)) ) {
+        message_die(SQL_ERROR, "Can't get user information", '', __LINE__, __FILE__, $sql);
+    }
+    if ($row = $db->sql_fetchrow($result)) {
+        if (!$row['user_password']) {
+            // No password set
+            $LoginError = "This account exists but haven't a password defined. Contact the site administrator.";
+        } elseif ($row['user_password'] != md5($_POST['password'])) {
+            // The password doesn't match
+            $LoginError = "Incorrect password.";
+        } else {
+            // Login successful
+            Session::load()->user_login($row['user_id']);
+            $LoginSuccessful = true;
+        }
     }
 } elseif ($_POST['LogOut'] || $_GET['action'] == "user.logout") {
-    //User have submitted logout form or clicked a logout link
+    // User have submitted logout form or clicked a logout link
     Session::load()->user_logout();
 }
-?>
diff --git a/includes/mysql.php b/includes/mysql.php
index 6d0cb52..b420a25 100644
--- a/includes/mysql.php
+++ b/includes/mysql.php
@@ -1,152 +1,157 @@
 id = @mysql_connect($host, $username, $password) or $this->sql_die();
-            
+
             //Selects database
             if ($database != '') {
                 mysql_select_db($database, $this->id);
             }
         }
-        
-        /*
+
+        /**
          * Outputs a can't connect to the SQL server message and exits.
          * It's called on connect failure
          */
         private function sql_die () {
             //You can custom here code when you can't connect to SQL server
             //e.g. in a demo or appliance context, include('start.html'); exit;
             die ("Can't connect to SQL server.");
         }
-        
-        /*
+
+        /**
          * Sends a unique query to the database
+         *
          * @return mixed if the query is successful, a result identifier ; otherwise, false
          */
         function sql_query ($query) {
             return mysql_query($query, $this->id);
         }
 
-        /*
+        /**
          * Fetches a row of result into an associative array
+         *
          * @return array an associative array with columns names as keys and row values as values
          */
         function sql_fetchrow ($result) {
             return mysql_fetch_array($result);
         }
-        
+
         /*
          * Gets last SQL error information
          * @return array an array with two keys, code and message, containing error information
          */
         function sql_error () {
             $error['code'] = mysql_errno($this->id);
             $error['message'] = mysql_error($this->id);
+
             return $error;
         }
-        
-        /*
+
+        /**
          * Gets the number of rows affected or returned by a query
+         *
          * @return int the number of rows affected (delete/insert/update) or the number of rows in query result
          */
         function sql_numrows ($result) {
             return mysql_num_rows($result);
         }
-        
+
         /*
          * Gets the primary key value of the last query (works only in INSERT context)
+         *
          * @return int  the primary key value
          */
         function sql_nextid () {
             return mysql_insert_id($this->id);
         }
-        
-        /*
+
+        /**
          * Express query method, returns an immediate and unique result
          *
          * @param string $query the query to execute
          * @param string $error_message the error message
          * @param boolean $return_as_string return result as string, and not as an array
          * @return mixed the row or the scalar result
          */
         function sql_query_express ($query = '', $error_message = "Impossible d'exécuter cette requête.", $return_as_string = true) {
             if ($query === '' || $query === false || $query === null) {
                 //No query, no value
                 return '';
             } elseif (!$result = $this->sql_query($query)) {
                 //An error have occured
                 message_die(SQL_ERROR, $error_message, '', '', '', $query);
             } else {
                 //Fetches row
                 $row = $this->sql_fetchrow($result);
-                
+
                 //If $return_as_string is true, returns first query item (scalar mode) ; otherwise, returns row
                 return $return_as_string ? $row[0] : $row;
             }
         }
-        
-        /*
+
+        /**
          * Escapes a SQL expression
+         *
          * @param string expression The expression to escape
          * @return string The escaped expression
          */
         function sql_escape ($expression) {
             return mysql_real_escape_string($expression);
         }
-        
-        /*
-         * Set charset
+
+        /**
+         * Sets charset
          */
         function set_charset ($encoding) {
             if (function_exists('mysql_set_charset')) {
                 //>PHP 5.2.3
                 mysql_set_charset($encoding, $this->id);
             } else {
                 //TODO: set connection variables to utf8
             }
         }
     }
-    
-    //Creates an instance of this database class with configuration values
+
+    // Creates an instance of this database class with configuration values
     $db = new sql_db($Config['sql']['host'], $Config['sql']['username'], $Config['sql']['password'], $Config['sql']['database']);
-    
-    //To improve security, we unset sql parameters
+
+    // To improve security, we unset sql parameters
     unset($Config['sql']);
-    
-    //Sets SQL connexion in UTF8. PHP 5.2.3+
+
+    // Sets SQL connexion in UTF8. PHP 5.2.3+
     $db->set_charset('utf8');
 }
-?>
diff --git a/includes/objects/user.php b/includes/objects/user.php
index f3f463c..0e4ff07 100644
--- a/includes/objects/user.php
+++ b/includes/objects/user.php
@@ -1,194 +1,196 @@
 id = $id;
             $this->load_from_database();
         }
     }
-    
-    /*
+
+    /**
      * Loads the object User (ie fill the properties) from the $_POST array
      */
     function load_from_form () {
         if (array_key_exists('name', $_POST)) $this->name = $_POST['name'];
         if (array_key_exists('password', $_POST)) $this->password = $_POST['password'];
         if (array_key_exists('active', $_POST)) $this->active = $_POST['active'];
         if (array_key_exists('actkey', $_POST)) $this->actkey = $_POST['actkey'];
         if (array_key_exists('email', $_POST)) $this->email = $_POST['email'];
         if (array_key_exists('regdate', $_POST)) $this->regdate = $_POST['regdate'];
     }
-    
-    /*
+
+    /**
      * Loads the object User (ie fill the properties) from the database
      */
     function load_from_database () {
         global $db;
         $sql = "SELECT * FROM " . TABLE_USERS . " WHERE user_id = '" . $this->id . "'";
         if ( !($result = $db->sql_query($sql)) ) message_die(SQL_ERROR, "Unable to query users", '', __LINE__, __FILE__, $sql);
         if (!$row = $db->sql_fetchrow($result)) {
             $this->lastError = "User unkwown: " . $this->id;
             return false;
         }
-        
+
         $this->load_from_row($row);
-        
+
         return true;
     }
-    
-    /*
+
+    /**
      * Loads the object User (ie fill the properties) from the database row
      */
     function load_from_row ($row) {
         $this->id       = $row['user_id'];
         $this->name     = $row['username'];
         $this->password = $row['user_password'];
         $this->active   = $row['user_active'] ? true : false;
         $this->email    = $row['user_email'];
         $this->regdate  = $row['user_regdate'];
     }
-    
-    /*
+
+    /**
      * Saves to database
      */
     function save_to_database () {
         global $db;
-        
+
         $id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL';
         $name = $db->sql_escape($this->name);
         $password = $db->sql_escape($this->password);
         $active = $this->active ? 1 : 0;
         $email = $db->sql_escape($this->email);
         $regdate = $this->regdate ? "'" . $db->sql_escape($this->regdate) . "'" : 'NULL';
 
         //Updates or inserts
         $sql = "REPLACE INTO " . TABLE_USERS . " (`user_id`, `username`, `user_password`, `user_active`, `user_email`, `user_regdate`) VALUES ($id, '$name', '$password', $active, '$email', $regdate)";
         if (!$db->sql_query($sql)) {
             message_die(SQL_ERROR, "Unable to save user", '', __LINE__, __FILE__, $sql);
         }
-        
+
         if (!$this->id) {
             //Gets new record id value
             $this->id = $db->sql_nextid();
         }
     }
-    
-    /*
+
+    /**
      * Updates the specified field in the database record
      */
     function save_field ($field) {
         global $db;
         if (!$this->id) {
             message_die(GENERAL_ERROR, "You're trying to update a record not yet saved in the database");
         }
         $id = $db->sql_escape($this->id);
         $value = $db->sql_escape($this->$field);
         $sql = "UPDATE " . TABLE_USERS . " SET `$field` = '$value' WHERE user_id = '$id'";
         if (!$db->sql_query($sql)) {
             message_die(SQL_ERROR, "Unable to save $field field", '', __LINE__, __FILE__, $sql);
         }
     }
-    
-    /*
+
+    /**
      * Generates a unique user id
      */
     function generate_id () {
         global $db;
-    
+
         do {
             $this->id = mt_rand(2001, 9999);
             $sql = "SELECT COUNT(*) FROM " . TABLE_USERS . " WHERE user_id = $this->id";
             if (!$result = $db->sql_query($sql)) {
                 message_die(SQL_ERROR, "Can't check if a user id is free", '', __LINE__, __FILE__, $sql);
             }
             $row = $db->sql_fetchrow($result);
-        } while ($row[0]);		
+        } while ($row[0]);
     }
-    
-    /*
+
+    /**
      * Fills password field with encrypted version
      * of the specified clear password
      */
     public function set_password ($newpassword) {
         $this->password = md5($newpassword);
     }
 
-    /*
+    /**
      * Checks if a login is available
+     *
      * @param string $login the login to check
      * @return boolean true if the login is avaiable ; otherwise, false.
      */
     public static function is_available_login ($login) {
         global $db;
         $sql = "SELECT COUNT(*) FROM " . TABLE_USERS . " WHERE username = '$login'";
         if (!$result = $db->sql_query($sql)) {
             message_die(SQL_ERROR, "Can't check if the specified login is available", '', __LINE__, __FILE__, $sql);
         }
         $row = $db->sql_fetchrow($result);
         return ($row[0] == 0);
     }
-    
-    /*
+
+    /**
      * Initializes a new User instance ready to have its property filled
-     * @return User the new user instance 
+     *
+     * @return User the new user instance
      */
     public static function create () {
         $user = new User();
         $user->generate_id();
         $user->active = true;
         return $user;
     }
-    
-    /*
+
+    /**
      * Gets user from specified e-mail
+     *
      * @return User the user matching the specified e-mail ; null, if the mail were not found.
      */
     public static function get_user_from_email ($mail) {
         global $db;
         $sql = "SELECT username FROM " . TABLE_USERS . " WHERE user_email = '$mail'";
         if (!$result = $db->sql_query($sql)) {
             message_die(SQL_ERROR, "Can't get user", '', __LINE__, __FILE__, $sql);
         }
-        
+
         if ($row = $db->sql_fetchrow($result)) {
             //E-mail found.
             $user = new User();
             $user->load_from_row($row);
             return $user;
         }
-        
+
         //E-mail not found.
         return null;
     }
 }
-    
-?>
diff --git a/includes/session.php b/includes/session.php
index 249a670..8ca0661 100644
--- a/includes/session.php
+++ b/includes/session.php
@@ -1,250 +1,266 @@
 id = $_SESSION['ID'];
-        
+
         //Gets remote client IP
         $this->ip = self::get_ip();
-        
+
         //Updates or creates the session in database
         $this->update();
     }
-    
-    /*
+
+    /**
      * Gets remote client IP address
+     *
      * @return string IP
      */
     public static function get_ip () {
         //mod_proxy + mod_rewrite (old pluton url scheme) will define 127.0.0.1
         //in REMOTE_ADDR, and will store ip in HTTP_X_FORWARDED_FOR variable.
         //Some ISP/orgz proxies also use this setting.
         if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) {
             return $_SERVER['HTTP_X_FORWARDED_FOR'];
         }
 
-        //Standard cases        
+        //Standard cases
         return $_SERVER['REMOTE_ADDR'];
     }
-    
-    /*
+
+    /**
      * Cleans up session
      * i.  deletes expired session
      * ii. sets offline relevant sessions
      */
     public static function clean_old_sessions () {
         global $db, $Config;
 
         //Gets session and online status lifetime (in seconds)
-        //If not specified in config, sets default 5 and 120 minutes values 
+        //If not specified in config, sets default 5 and 120 minutes values
         $onlineDuration  = array_key_exists('OnlineDuration', $Config)  ? $Config['OnlineDuration']  :  300;
         $sessionDuration = array_key_exists('SessionDuration', $Config) ? $Config['SessionDuration'] : 7200;
-        
+
         $resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->sql_escape($Config['ResourceID']) . '\'' : 'default';
-        
+
         //Deletes expired sessions
         $sql = "DELETE FROM " . TABLE_SESSIONS . " WHERE session_resource = $resource AND TIMESTAMPDIFF(SECOND, session_updated, NOW()) > $sessionDuration";
-        if (!$db->sql_query($sql)) message_die(SQL_ERROR, "Can't delete expired sessions", '', __LINE__, __FILE__, $sql);
+        if (!$db->sql_query($sql)) {
+            message_die(SQL_ERROR, "Can't delete expired sessions", '', __LINE__, __FILE__, $sql);
+        }
 
         //Online -> offline
         $sql = "UPDATE " . TABLE_SESSIONS . " SET session_online = 0 WHERE session_resource = $resource AND TIMESTAMPDIFF(SECOND, session_updated, NOW()) > $onlineDuration";
-        if (!$db->sql_query($sql)) message_die(SQL_ERROR, 'Can\'t update sessions online statuses', '', __LINE__, __FILE__, $sql);
+        if (!$db->sql_query($sql)) {
+            message_die(SQL_ERROR, 'Can\'t update sessions online statuses', '', __LINE__, __FILE__, $sql);
+        }
     }
-    
-    
+
+
     /*
      * Updates or creates a session in the database
      */
     public function update () {
         global $db, $Config;
-    
+
         //Cleans up session
         //To boost SQL performances, try a random trigger
         //     e.g. if (rand(1, 100) < 3) self::clean_old_sessions();
         //or comment this line and execute a cron script you launch each minute.
         self::clean_old_sessions();
-        
+
         //Saves session in database.
         //If the session already exists, it updates the field online and updated.
         $id = $db->sql_escape($this->id);
         $resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->sql_escape($Config['ResourceID']) . '\'' : 'default';
         $user_id = $db->sql_escape(ANONYMOUS_USER);
         $sql = "INSERT INTO " . TABLE_SESSIONS . " (session_id, session_ip, session_resource, user_id) VALUES ('$id', '$this->ip', $resource, '$user_id') ON DUPLICATE KEY UPDATE session_online = 1";
-        if (!$db->sql_query($sql)) message_die(SQL_ERROR, 'Can\'t save current session', '', __LINE__, __FILE__, $sql);
+        if (!$db->sql_query($sql)) {
+            message_die(SQL_ERROR, 'Can\'t save current session', '', __LINE__, __FILE__, $sql);
+        }
     }
-    
+
     /*
      * Gets the number of online users
      * @return int the online users count
      */
-    public function count_online () {        
+    public function count_online () {
         //Keeps result for later method call
         static $count = -1;
-        
+
         if ($count == -1) {
             //Queries sessions table
             global $db, $Config;
 
             $resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->sql_escape($Config['ResourceID']) . '\'' : 'default';
             $sql = "SELECT count(*) FROM " . TABLE_SESSIONS . " WHERE session_resource = $resource AND session_online = 1";
             $count = (int)$db->sql_query_express($sql, "Can't count online users");
         }
-        
+
         //Returns number of users online
         return $count;
     }
-    
-    /*
+
+    /**
      * Gets the value of a custom session table field
+     *
      * @param string $info the field to get
      * @return string the session specified field's value
      */
     public function get_info ($info) {
         global $db;
-        
+
         $id = $db->sql_escape($this->id);
         $sql = "SELECT `$info` FROM " . TABLE_SESSIONS . " WHERE session_id = '$id'";
         return $db->sql_query_express($sql, "Can't get session $info info");
     }
-    
-    /*
+
+    /**
      * Sets the value of a custom session table field to the specified value
+     *
      * @param string $info the field to update
      * @param string $value the value to set
      */
     public function set_info ($info, $value) {
         global $db;
-        
+
         $value = ($value === null) ? 'NULL' : "'" . $db->sql_escape($value) . "'";
         $id = $db->sql_escape($this->id);
     	$sql = "UPDATE " . TABLE_SESSIONS . " SET `$info` = $value WHERE session_id = '$id'";
-        if (!$db->sql_query($sql))
+        if (!$db->sql_query($sql)) {
             message_die(SQL_ERROR, "Can't set session $info info", '', __LINE__, __FILE__, $sql);
+        }
     }
-    
-    /*
+
+    /**
      * Gets logged user information
      * @return User the logged user information
      */
     public function get_logged_user () {
         global $db;
-        
+
         //Gets session information
         $id = $db->sql_escape($this->id);
         $sql = "SELECT * FROM " . TABLE_SESSIONS . " WHERE session_id = '$id'";
-        if (!$result = $db->sql_query($sql))
+        if (!$result = $db->sql_query($sql)) {
             message_die(SQL_ERROR, "Can't query session information", '', __LINE__, __FILE__, $sql);
+        }
         $row = $db->sql_fetchrow($result);
 
         //Gets user instance
         require_once('includes/objects/user.php');
         $user = new User($row['user_id']);
 
         //Adds session property to this user instance
         $user->session = $row;
 
         //Returns user instance
         return $user;
     }
 
-    /*
+    /**
      * Cleans session
      * This method is to be called when an event implies a session destroy
      */
     public function clean () {
         //Destroies $_SESSION array values, help ID
         foreach ($_SESSION as $key => $value) {
-            if ($key != 'ID') unset($_SESSION[$key]);
+            if ($key != 'ID') {
+                unset($_SESSION[$key]);
+            }
         }
     }
 
-    /*
+    /**
      * Updates the session in an user login context
      * @param string $user_id the user ID
      */
     public function user_login ($user_id) {
         global $db;
 
         //Sets specified user ID in sessions table
         $user_id = $db->sql_escape($user_id);
         $id  = $db->sql_escape($this->id);
         $sql = "UPDATE " . TABLE_SESSIONS . " SET user_id = '$user_id' WHERE session_id = '$id'";
-        if (!$db->sql_query($sql))
+        if (!$db->sql_query($sql)) {
             message_die(SQL_ERROR, "Can't set logged in status", '', __LINE__, __FILE__, $sql);
+        }
     }
-    
-    /*
+
+    /**
      * Updates the session in an user logout context
      */
     public function user_logout () {
         global $db;
-        
+
         //Sets anonymous user in sessions table
         $user_id = $db->sql_escape(ANONYMOUS_USER);
         $id  = $db->sql_escape($this->id);
         $sql = "UPDATE " . TABLE_SESSIONS . " SET user_id = '$user_id' WHERE session_id = '$id'";
-        if (!$db->sql_query($sql))
+        if (!$db->sql_query($sql)) {
             message_die(SQL_ERROR, "Can't set logged out status", '', __LINE__, __FILE__, $sql);
-        
+        }
+
         //Cleans session
         $this->clean();
     }
 }
 
 //The user_id matching anonymous user
-if (!defined('ANONYMOUS_USER')) define('ANONYMOUS_USER', -1);
-
-?>
+if (!defined('ANONYMOUS_USER')) {
+    define('ANONYMOUS_USER', -1);
+}