4 files changed, 58 insertions, 55 deletions

diff --git a/lib/class/access.class.php b/lib/class/access.class.php
index fc01adfb..dae463de 100644
--- a/lib/class/access.class.php
+++ b/lib/class/access.class.php
@@ -144,26 +144,50 @@ class Access {
 		$db_results = mysql_query($sql, dbh());
 
 	} // delete
+	
+	/**
+	 * check_function
+	 * This checks if a specific functionality is enabled
+	 * it takes a type only
+	 */
+	public static function check_function($type) { 
+
+		switch ($type) { 
+			case 'batch_download':
+                                if (!function_exists('gzcompress')) {
+                                        debug_event('gzcompress','ZLIB Extensions not loaded, batch download disabled','3');
+                                        return false;
+                                }
+                                if (Config::get('allow_zip_download') AND $GLOBALS['user']->has_access(25)) {
+                                        return $GLOBALS['user']->prefs['download'];
+                                }
+                        break;
+			default:
+				return false; 
+			break;
+		} // end switch			
+
+	} // check_function
 
 	/**
-	 * check
+	 * check_network
 	 * This takes a type, ip, user, level and key 
 	 * and then returns true or false if they have access to this
 	 * the IP is passed as a dotted quad
 	 */
-	public static function check($type,$ip,$user,$level,$key='') { 
+	public static function check_network($type,$ip,$user,$level,$key='') { 
 
 		// They aren't using access control 
 		// lets just keep on trucking
-		if (!conf('access_control')) { 
+		if (!Config::get('access_control')) { 
 			return true;
 		} 
 
 		// Clean incomming variables
 		$ip 	= ip2int($ip);
-		$user 	= sql_escape($user);
-		$key 	= sql_escape($key);
-		$level	= sql_escape($level);
+		$user 	= Dba::escape($user);
+		$key 	= Dba::escape($key);
+		$level	= Dba::escape($level);
 
 		switch ($type) { 
 			/* This is here because we want to at least check IP before even creating the xml-rpc server
@@ -190,10 +214,10 @@ class Access {
 			break;
 		} // end switch on type
 		
-		$db_results = mysql_query($sql, dbh());
+		$db_results = Dba::query($sql);
 
 		// Yah they have access they can use the mojo
-		if (mysql_fetch_row($db_results)) { 
+		if (Dba::fetch_row($db_results)) { 
 			return true;
 		}
 
@@ -202,7 +226,7 @@ class Access {
 			return false;
 		}
 
-	} // check
+	} // check_network
 
 	/**
 	 * validate_type
diff --git a/lib/class/album.class.php b/lib/class/album.class.php
index 5e44af8b..72abfab4 100644
--- a/lib/class/album.class.php
+++ b/lib/class/album.class.php
@@ -97,11 +97,15 @@ class Album {
 	 * get_songs
 	 * gets the songs for this album
 	 */
-	public function get_songs($limit = 0) { 
+	public function get_songs($limit = 0,$artist='') { 
 
 		$results = array();
+	
+		if ($artist) { 
+			$artist_sql = "AND `artist`='" . Dba::escape($artist) . "'";
+		} 
 
-		$sql = "SELECT `id` FROM `song` WHERE `album`='$this->id' ORDER BY `track`, `title`";
+		$sql = "SELECT `id` FROM `song` WHERE `album`='$this->id' $artist_sql ORDER BY `track`, `title`";
 		if ($limit) { $sql .= " LIMIT $limit"; }
 		$db_results = Dba::query($sql);
 
@@ -114,31 +118,6 @@ class Album {
 	} // get_songs
 
 	/**
-	 * get_song_ids
-	 * This returns an array of the song id's that are on this album. This is used by the
-	 * show_songs function and can be pased and artist if you so desire to limit it to that
-	 */
-	function get_song_ids($artist='') { 
-
-		/* If they pass an artist then constrain it based on the artist as well */
-		if ($artist) { 
-			$artist_sql = " AND artist='" . sql_escape($artist) . "'";
-		}
-		
-		$sql = "SELECT id FROM song WHERE album='" . sql_escape($this->id) . "' $artist_sql ORDER BY track";
-		$db_results = mysql_query($sql, dbh());
-
-		$results = array();
-
-		while ($r = mysql_fetch_assoc($db_results)) { 
-			$results[] = $r['id'];
-		}
-
-		return $results;
-
-	} // get_song_ids
-
-	/**
 	 * format
 	 * This is the format function for this object. It sets cleaned up
 	 * album information with the base required
diff --git a/lib/class/rating.class.php b/lib/class/rating.class.php
index 32a85253..43200f90 100644
--- a/lib/class/rating.class.php
+++ b/lib/class/rating.class.php
@@ -41,7 +41,7 @@ class Rating {
 	function Rating($id,$type) { 
 
 		$this->id 	= intval($id);
-		$this->type 	= sql_escape($type);
+		$this->type 	= Dba::escape($type);
 
 		// Check for the users rating
 		if ($rating = $this->get_user($GLOBALS['user']->id)) { 
@@ -62,12 +62,12 @@ class Rating {
 	 */
 	function get_user($user_id) { 
 
-		$user_id	= sql_escape($user_id); 
+		$user_id	= Dba::escape($user_id); 
 
 		$sql = "SELECT rating FROM ratings WHERE user='$user_id' AND object_id='$this->id' AND object_type='$this->type'";
-		$db_results = mysql_query($sql, dbh());
+		$db_results = Dba::query($sql);
 		
-		$results = mysql_fetch_assoc($db_results);
+		$results = Dba::fetch_assoc($db_results);
 
 		return $results['rating'];
 
@@ -83,11 +83,11 @@ class Rating {
 	function get_average() { 
 
 		$sql = "SELECT user_rating as rating FROM ratings WHERE object_id='$this->id' AND object_type='$this->type'";
-		$db_results = mysql_query($sql, dbh());
+		$db_results = Dba::query($sql);
 
 		$i = 0;
 
-		while ($r = mysql_fetch_assoc($db_results)) { 
+		while ($r = Dba::fetch_assoc($db_results)) { 
 			$i++;
 			$total += $r['rating'];
 		} // while we're pulling results
diff --git a/lib/class/user.class.php b/lib/class/user.class.php
index e50b6bb8..d678ad1c 100644
--- a/lib/class/user.class.php
+++ b/lib/class/user.class.php
@@ -111,36 +111,36 @@ class User {
 	 * []['admin'] = t/f value if this is an admin only section
 	 */
 	function get_preferences($user_id=0,$type=0) { 
-		
-		if (!$user_id) { 
-			$user_id = $this->id;
-		}
+	
+		// Fill out the user id
+		$user_id = $user_id ? Dba::escape($user_id) : Dba::escape($this->id); 
 
-		if (!conf('use_auth')) { $user_id = '-1'; }
+		if (!Config::get('use_auth')) { $user_id = '-1'; }
 
 		if ($user_id != '-1') { 
 			$user_limit = "AND preferences.catagory != 'system'";
 		}
-		
+			
 		if ($type != '0') { 
-			$user_limit = "AND preferences.catagory = '" . sql_escape($type) . "'";
+			$user_limit = "AND preferences.catagory = '" . Dba::escape($type) . "'";
 		}
 
 	
-		$sql = "SELECT preferences.name, preferences.description, preferences.catagory, user_preference.value FROM preferences,user_preference " .
-			"WHERE user_preference.user='$user_id' AND user_preference.preference=preferences.id $user_limit ORDER BY id";
-		$db_results = mysql_query($sql, dbh());
+		$sql = "SELECT preferences.name, preferences.description, preferences.catagory, user_preference.value " . 
+			"FROM preferences RIGHT JOIN user_preference ON user_preference.preference=preferences.id " .
+			"WHERE user_preference.user='$user_id' $user_limit";
+		$db_results = Dba::query($sql);
 
 		/* Ok this is crapy, need to clean this up or improve the code FIXME */
-		while ($r = mysql_fetch_assoc($db_results)) { 
+		while ($r = Dba::fetch_assoc($db_results)) { 
 			$type = $r['catagory'];
 			$admin = false;
 			if ($type == 'system') { $admin = true; }
-			$type_array[$type][] = array('name'=>$r['name'],'description'=>$r['description'],'value'=>$r['value']);
+			$type_array[$type][$r['name']] = array('name'=>$r['name'],'description'=>$r['description'],'value'=>$r['value']);
+			ksort($type_array[$type]); 
 			$results[$type] = array ('title'=>ucwords($type),'admin'=>$admin,'prefs'=>$type_array[$type]);
 		} // end while
 
-
 		return $results;
 	
 	} // get_preferences