* Initial Database Changes for 3.4, many things are now broken

2025-10-03 09:49:30 +02:00 · 2007-02-08 21:19:24 +00:00 · 2007-02-08 21:19:24 +00:00 · bbf79a5970
commit bbf79a5970
parent aa0c57afc4
20 changed files with 658 additions and 284 deletions
--- a/admin/system.php
+++ b/admin/system.php
@ -75,7 +75,7 @@ switch ($action) {
 				} // is array
 				/* Put in the current value */
-				elseif (isset($current[$key])) { 
+				elseif (isset($current[$key]) AND $key != 'config_version') { 
 					$line = $key . " = \"" . $current[$key] . "\"";
 					unset($current[$key]);
 				} // if set 
--- a/admin/users.php
+++ b/admin/users.php
@ -1,7 +1,7 @@
 <?php
 /*
- Copyright (c) 2001 - 2006 Ampache.org
+ Copyright (c) 2001 - 2007 Ampache.org
 All rights reserved.
 This program is free software; you can redistribute it and/or
@ -29,36 +29,31 @@ if (!$GLOBALS['user']->has_access(100)) {
 $action 	= scrub_in($_REQUEST['action']);
-
+$user_id	= scrub_in($_REQUEST['user_id']);
 show_template('header');
-$user_id = scrub_in($_REQUEST['user']);
+// Switch on the actions  
 $temp_user = new User($user_id);
 switch ($action) {
 	case 'edit':
        	if (conf('demo_mode')) { break; }
-		$username	= $temp_user->username;
+		$working_user	= new User($user_id); 
 		$fullname	= $temp_user->fullname;
 		$email		= $temp_user->email;
 		$access		= $temp_user->access;
 		$id		= $temp_user->id;
 		require_once(conf('prefix') . '/templates/show_edit_user.inc.php');
 	break;
 	case 'update_user':
 	        if (conf('demo_mode')) { break; }
 		/* Clean up the variables */
-		$username = scrub_in($_REQUEST['new_username']);
+		$user_id	= scrub_in($_REQUEST['user_id']);
-		$fullname = scrub_in($_REQUEST['new_fullname']);
+		$username 	= scrub_in($_REQUEST['username']);
-		$email = scrub_in($_REQUEST['new_email']);
+		$fullname 	= scrub_in($_REQUEST['fullname']);
-		$access = scrub_in($_REQUEST['user_access']);
+		$email 		= scrub_in($_REQUEST['email']);
-		$pass1 = scrub_in($_REQUEST['new_password_1']);
+		$access 	= scrub_in($_REQUEST['access']);
-		$pass2 = scrub_in($_REQUEST['new_password_2']);
+		$pass1 		= scrub_in($_REQUEST['password_1']);
 		$pass2 		= scrub_in($_REQUEST['password_2']);
 		/* Setup the temp user */	
-	    	$thisuser = new User($username);
+	    	$working_user = new User($user_id);
 		/* Verify Input */
 		if (empty($username)) { 
@ -70,40 +65,36 @@ switch ($action) {
 		/* If we've got an error then break! */
 		if ($GLOBALS['error']->error_state) { 
 			$username = $thisuser->username;
 			$fullname = $thisuser->fullname;
 			$email	  = $thisuser->email;
 			$access   = $thisuser->access;
 			$type = 'edit_user';
 			require_once(conf('prefix') . '/templates/show_edit_user.inc.php');
 			break;
 		} // if we've had an oops!
-		if ($access != $thisuser->access) { 
+		if ($access != $working_user->access) { 
-			$thisuser->update_access($access);
+			$working_user->update_access($access);
 		}
-		if ($email != $thisuser->email) { 
+		if ($email != $working_user->email) { 
-			$thisuser->update_email($email);
+			$working_user->update_email($email);
 		}
-		if ($username != $thisuser->username) { 
+		if ($username != $working_user->username) { 
-			$thisuser->update_username($username);
+			$working_user->update_username($username);
 		} 
-		if ($fullname != $user->fullname) {
+		if ($fullname != $working_user->fullname) {
-			$thisuser->update_fullname($fullname);
+			$working_user->update_fullname($fullname);
 		}
 		if ($pass1 == $pass2 && strlen($pass1)) { 
-			$thisuser->update_password($pass1);
+			$working_user->update_password($pass1);
 		} 
-		show_confirmation("User Updated", $thisuser->username . "'s information has been updated","admin/users.php");
+		
 		show_confirmation(_('User Updated'), $working_user->fullname . "(" . $working_user->username . ")" . _('updated'),'admin/users.php');
 	break;
 	case 'add_user':
        	if (conf('demo_mode')) { break; }
-		$username = scrub_in($_REQUEST['new_username']);
+		$username	= scrub_in($_REQUEST['username']);
-		$fullname = scrub_in($_REQUEST['new_fullname']);
+		$fullname	= scrub_in($_REQUEST['fullname']);
-		$email = scrub_in($_REQUEST['new_email']);
+		$email		= scrub_in($_REQUEST['email']);
-		$access = scrub_in($_REQUEST['user_access']);
+		$access		= scrub_in($_REQUEST['access']);
-		$pass1 = scrub_in($_REQUEST['new_password_1']);
+		$pass1		= scrub_in($_REQUEST['password_1']);
-		$pass2 = scrub_in($_REQUEST['new_password_2']);
+		$pass2		= scrub_in($_REQUEST['password_2']);
 		if (($pass1 !== $pass2)) { 
 			$GLOBALS['error']->add_error('password',_("Error Passwords don't match"));
 		}
@ -139,18 +130,19 @@ switch ($action) {
 	break;
 	case 'delete':
        	if (conf('demo_mode')) { break; }
 		$working_user = new User($user_id); 
 		show_confirmation(_('Deletion Request'),
-			_("Are you sure you want to permanently delete") . " $temp_user->fullname ($temp_user->username) ?",
+			_('Are you sure you want to permanently delete') . " $working_user->fullname ($working_user->username)?",
-			"admin/users.php?action=confirm_delete&amp;user=$temp_user->id");
+			"admin/users.php?action=confirm_delete&amp;user_id=$user_id",1);
 	break;
 	case 'confirm_delete':
 	        if (conf('demo_mode')) { break; }
-	    	if ($_REQUEST['confirm'] == _("No")) { show_manage_users(); break; }
+		$working_user = new User($_REQUEST['user_id']); 
-		if ($temp_user->delete()) { 
+		if ($working_user->delete()) { 
-			show_confirmation(_("User Deleted"), "$temp_user->username has been Deleted","admin/users.php");
+			show_confirmation(_('User Deleted'), "$working_user->username has been Deleted","admin/users.php");
 		}
 		else { 
-			show_confirmation(_("Delete Error"), _("Unable to delete last Admin User"),"admin/users.php");
+			show_confirmation(_('Delete Error'), _("Unable to delete last Admin User"),"admin/users.php");
 		}
 	break;
 	/* Show IP History for the Specified User */
@ -166,23 +158,42 @@ switch ($action) {
 	break;
 	case 'show_add_user':
 	        if (conf('demo_mode')) { break; }
-		$type = 'new_user';
+		require_once(conf('prefix') . '/templates/show_add_user.inc.php');
 		require_once(conf('prefix') . '/templates/show_edit_user.inc.php');
 	break;
-	case 'update':
+	case 'enable':
-	case 'disabled':
+		$working_user = new User($user_id); 
-	        if (conf('demo_mode')) { break; }
+		$working_user->enable(); 
-		$level = scrub_in($_REQUEST['level']);
+		show_confirmation(_('User Enabled'),'','admin/users.php'); 
-		$thisuser = new User($_REQUEST['user']);
+	break;
-		if ($GLOBALS['user']->has_access(100)) { 
+	case 'disable':
-			$thisuser->update_access($level);
+		$working_user = new User($user_id); 
 		if ($working_user->disable()) { 
 			show_confirmation(_('User Disabled'),'','admin/users.php'); 
 		} 
 		else { 
 			show_confirmation(_('Error'),_('Unable to Disabled last Administrator'),'admin/users.php'); 
 		} 
 		show_manage_users();
 	break;
 	default:
-		show_manage_users();
+		// Setup the View Object
-	break;
+		$view	= new View(); 
 		$view->import_session_view(); 
 		// If we are returning
 		if ($_REQUEST['keep_view']) { 
 			$view->initialize(); 
 		} 
 		else { 
 			$sql = "SELECT `id` FROM `user`"; 
 			$db_results = mysql_query($sql,dbh()); 
 			$total_items = mysql_num_rows($db_results); 
 			$view = new View($sql,'admin/users.php','fullname',$total_items,$_SESSION['userdata']['offset_limit']); 
 		}
 		$users = get_users($view->sql); 
 		require_once(conf('prefix') . '/templates/show_users.inc.php'); 
 	break;
 } // end switch on action
 /* Show the footer */
 show_footer();
--- a/albums.php
+++ b/albums.php
@ -31,7 +31,7 @@ if(isset($_REQUEST['match'])) $match = scrub_in($_REQUEST['match']);
 if(isset($_REQUEST['album'])) $album = scrub_in($_REQUEST['album']);
 if(isset($_REQUEST['artist'])) $artist = scrub_in($_REQUEST['artist']);
 $_REQUEST['artist_id'] = scrub_in($_REQUEST['artist_id']);
-$min_album_size = conf('min_album_size');
+$min_album_size = conf('min_object_count');
 if ($min_album_size == '') { 
 	$min_album_size = '0';
 }
--- a/config/ampache.cfg.php.dist
+++ b/config/ampache.cfg.php.dist
@ -7,7 +7,7 @@
 # if this config file is up to date 
 # this is compared against a value hardcoded
 # into the init script
-config_version = 1
+config_version = 2
 ####################
 # Path Vars        #
@ -82,6 +82,13 @@ auth_methods = "mysql"
 #  Program Settings  #
 ######################
 # File Pattern
 # This defines which file types Ampache will attempt to catalog
 # You can specify any file extension you want in here seperating them
 # with a |
 # DEFAULT: mp3|mpc|m4p|m4a|mp4|aac|ogg|rm|wma|asf|flac|spx|ra|ape|shn|wv
 catalog_file_pattern = "mp3|mpc|m4p|m4a|mp4|aac|ogg|rm|wma|asf|flac|spx|ra|ape|shn|wv"
 # Use Access List 
 # Toggle this on if you want ampache to pay attention to the access list
 # and only allow streaming/downloading/xml-rpc from known hosts by default
@ -143,13 +150,15 @@ require_session = "true"
 # ampache will default to the first tag format
 # that was found. 
 # POSSIBLE VALUES: id3v1 id3v2 file vorbiscomment 
-#                  quicktime ape
+#                  quicktime ape asf
-# DEFAULT: id3v2,id3v1
+# DEFAULT: id3v2,id3v1 vorbiscomment quicktime ape
 # 		asf
 tag_order	= id3v2
 tag_order	= id3v1
 tag_order	= vorbiscomment
 tag_order	= quicktime
 tag_order	= ape
 tag_order 	= asf
 #tag_order	= file
 # Un comment if don't want ampache to follow symlinks
--- a/docs/CHANGELOG
+++ b/docs/CHANGELOG
@ -2,6 +2,15 @@
 ---------                  Ampache -- CHANGELOG                  ---------   
 --------------------------------------------------------------------------
 --------------------------------------------------------------------------
  v.3.4-Alpha1
 	- Fixed a problem where config re-gen wouldn't update the current
 		version
 	- Changed database to fix some user tracking issues
 	- Added date to user_vote to allow for sorting by vote date on 
 		democratic play
 	- Added Label, Catalog # and Language to song extended data table
 --------------------------------------------------------------------------
  v.3.3.3 01/26/2007 
 	- Updated the SQL file for stable release
--- a/images/icon_add_user.png
+++ b/images/icon_add_user.png
--- a/images/icon_delete.png
+++ b/images/icon_delete.png
--- a/index.php
+++ b/index.php
@ -1,7 +1,7 @@
 <?php
 /*
- Copyright (c) 2001 - 2006 Ampache.org
+ Copyright (c) 2001 - 2007 Ampache.org
 All rights reserved.
 This program is free software; you can redistribute it and/or
@ -24,7 +24,6 @@
 	@discussion Do most of the dirty work of displaying the mp3 catalog
 */
 require_once('lib/init.php');
 show_template('header');
--- a/lib/class/song.class.php
+++ b/lib/class/song.class.php
@ -799,7 +799,7 @@ class Song {
 	function get_url($session_id='',$force_http='') { 
 		/* Define Variables we are going to need */
-		$username 	= scrub_out($GLOBALS['user']->username);
+		$user_id 	= scrub_out($GLOBALS['user']->id);
 		$song_id	= $this->id;
 		if (conf('require_session')) { 
@ -837,7 +837,7 @@ class Song {
 			} 
                }
-		$url = $web_path . "/play/index.php?song=$song_id&uid=$username$session_string$ds_string&name=/$song_name";
+		$url = $web_path . "/play/index.php?song=$song_id&uid=$user_id$session_string$ds_string&name=/$song_name";
 		return $url;
--- a/lib/class/update.class.php
+++ b/lib/class/update.class.php
@ -347,6 +347,14 @@ class Update {
 		$version[] = array('version' => '333004','description' => $update_string); 
 		$update_string = '- Moved back to ID for user tracking internally.<br />' . 
 				'- Added date to user_vote to allow sorting by vote time.<br />' . 
 				'- Added Random Method and Object Count Preferences.<br />' . 
 				'- Removed some unused tables/fields.<br />' . 
 				'- Added Label, Catalog # and Language to Extended Song Data Table<br />';
 		$version[] = array('version' => '340001','description' => $update_string);
 		return $version;
 	} // populate_version
@ -394,6 +402,9 @@ class Update {
 		$sql = "DELETE * FROM session";
 		$db_results = mysql_query($sql, dbh());
 		// Prevent the script from timing out, which could be bad
 		set_time_limit(0);
 		/* Verify that there are no plugins installed 
 		//FIXME: provide a link to remove all plugins, otherwise this could turn into a catch 22
 		if (!$this->plugins_installed()) { 
@ -1284,7 +1295,7 @@ class Update {
                $user = new User(0);
                while ($results = mysql_fetch_array($db_results)) {
-                        $user->fix_preferences($results[0]);
+                        $user->username_fix_preferences($results[0]);
                }
@ -1658,7 +1669,7 @@ class Update {
 		$user->fix_preferences('-1');
 		while ($r = mysql_fetch_assoc($db_results)) { 
-			$user->fix_preferences($r['username']);
+			$user->username_fix_preferences($r['username']);
 		} // while results
 		/* Last but not least revert play types to downsample or stream */
@ -1694,7 +1705,7 @@ class Update {
 		$user->fix_preferences('-1');
 		while ($r = mysql_fetch_assoc($db_results)) { 
-			$user->fix_preferences($r['username']);
+			$user->username_fix_preferences($r['username']);
 		} // while results
                $this->set_version('db_version','332011');
@ -1835,7 +1846,7 @@ class Update {
                $user->fix_preferences('-1');
                while ($r = mysql_fetch_assoc($db_results)) {
-                        $user->fix_preferences($r['username']);
+                        $user->username_fix_preferences($r['username']);
                } // while results
 		$this->set_version('db_version','332012');
@ -1975,7 +1986,7 @@ class Update {
                $user->fix_preferences('-1');
                while ($r = mysql_fetch_assoc($db_results)) {
-                        $user->fix_preferences($r['username']);
+                        $user->username_fix_preferences($r['username']);
                } // while results
 		/* Store all current Stats */
@ -2111,7 +2122,7 @@ class Update {
                $user->fix_preferences('-1');
                while ($r = mysql_fetch_assoc($db_results)) {
-                        $user->fix_preferences($r['username']);
+                        $user->username_fix_preferences($r['username']);
                } // while results
 		/* Drop the unused user_catalog table */
@ -2143,7 +2154,7 @@ class Update {
 		$user->fix_preferences('-1'); 
 		while ($r = mysql_fetch_assoc($db_results)) { 
-			$user->fix_preferences($r['username']); 
+			$user->username_fix_preferences($r['username']); 
 		} // while results
 		$this->set_version('db_version','333003');
@ -2174,12 +2185,236 @@ class Update {
 		$user->fix_preferences('-1'); 
 		while ($r = mysql_fetch_assoc($db_results)) { 
-			$user->fix_preferences($r['username']); 
+			$user->username_fix_preferences($r['username']); 
 		} // while results
 		$this->set_version('db_version','333004'); 
 	} // update_333004
 	/**
 	 * update_340001
 	 * This update moves back to the ID for user UID and 
 	 * adds date to the user_vote so that it can be sorted
 	 * correctly
 	 */
 	function update_340001() { 
 		// Build the User -> ID map using the username as the key
 		$sql = "SELECT `id`,`username` FROM `user`"; 
 		$db_results = mysql_query($sql,dbh());
 		$user_array = array(); 
 		while ($r = mysql_fetch_assoc($db_results)) { 
 			$username = $r['username'];
 			$user_array[$username] = sql_escape($r['id']); 
 		} // end while
 		// Alter the user table so that you can't have an ID beyond the 
 		// range of the other tables which have to allow for -1
 		$sql = "ALTER TABLE `user` CHANGE `id` `id` INT ( 11 ) NOT NULL AUTO_INCREMENT";
 		$db_results = mysql_query($sql,dbh()); 
 		// Now pull the access list users, alter table and then re-insert
 		$sql = "SELETE DISTINCT(`user`) FROM `access_list`"; 
 		$db_results = mysql_query($sql,dbh()); 
 		while ($r = mysql_fetch_assoc($db_results)) { 
 			// Build the new SQL
 			$username	= $r['user'];
 			$user_id	= $user_array[$username]; 
 			$username	= sql_escape($username); 
 			$sql = "UPDATE `access_list` SET `user`='$user_id' WERE `user`='$username'"; 
 			$update_results = mysql_query($sql,dbh()); 
 		} // end while access_list
 		// Alter the table
 		$sql = "ALTER TABLE `access_list` CHANGE `user` `user` INT ( 11 ) NOT NULL";
 		$db_results = mysql_query($sql,dbh());
 		// Now pull flagged users, update and alter
 		$sql = "SELECT DISTINCT(`user`) FROM `flagged`";
 		$db_results = mysql_query($sql,dbh()); 
 		while ($r = mysql_fetch_assoc($db_results)) { 
 			$username	= $r['user']; 
 			$user_id	= $user_array[$username];
 			$username	= sql_escape($username); 
 			$sql = "UPDATE `flagged` SET `user`='$user_id' WHERE `user`='$username'";
 			$update_results = mysql_query($sql,dbh()); 
 		} // end while 
 		// Alter the table
 		$sql = "ALTER TABLE `flagged` CHANGE `user` `user` INT ( 11 ) NOT NULL";
 		$db_results = mysql_query($sql,dbh()); 
 		// Now fix up the ip history
 		$sql = "SELECT DISTINCT(`user`) FROM `ip_history`";
 		$db_results = mysql_query($sql,dbh()); 
 		while ($r = mysql_fetch_assoc($db_results)) { 
 			$username 	= $r['user'];
 			$user_id	= $user_array[$username];
 			$username	= sql_escape($username); 
 			$sql = "UPDATE `ip_history` SET `user`='$user_id' WHERE `user`='$username'";
 			$update_results = mysql_query($sql,dbh()); 
 		} // end while
 		// Alter the table
 		$sql = "ALTER TABLE `ip_history` CHANGE `user` `user` INT ( 11 ) NOT NULL";
 		$db_results = mysql_query($sql,dbh()); 
 		// Now fix now playing
 		$sql = "SELECT DISTINCT(`user`) FROM `now_playing`";
 		$db_results = mysql_query($sql,dbh()); 
 		while ($r = mysql_fetch_assoc($db_results)) { 
 			$username	= $r['user'];
 			$user_id	= $user_array[$username];
 			$username	= sql_escape($username); 
 			$sql = "UPDATE `now_playing` SET `user`='$user_id' WHERE `user`='$username'";
 			$update_results = mysql_query($sql,dbh()); 
 		} // end while
 		// Alter the table
 		$sql = "ALTER TABLE `now_playing` CHANGE `user` `user` INT ( 11 ) NOT NULL";
 		$db_results = mysql_query($sql,dbh()); 
 		// Now fix the playlist table
 		$sql = "SELECT DISTINCT(`user`) FROM `playlist`";
 		$db_results = mysql_query($sql,dbh()); 
 		while ($r = mysql_fetch_assoc($db_results)) { 
 			$username	= $r['user'];
 			$user_id	= $user_array[$username];
 			$username	= sql_escape($username); 
 			$sql = "UPDATE `playlist` SET `user`='$user_id' WHERE `user`='$username'";
 			$update_results = mysql_query($sql,dbh()); 
 		} // end while
 		// Alter the table
 		$sql = "ALTER TABLE `playlist` CHANGE `user` `user` INT ( 11 ) NOT NULL";
 		$db_results = mysql_query($sql,dbh()); 
 		// Drop unused table
 		$sql = "DROP TABLE `playlist_permission`";
 		$db_results = mysql_query($sql,dbh()); 
 		// Now fix the ratings table
 		$sql = "SELECT DISTINCT(`user`) FROM `ratings`";
 		$db_results = mysql_query($sql,dbh()); 
 		while ($r = mysql_fetch_assoc($db_results)) { 
 			$username	= $r['user'];
 			$user_id	= $user_array[$username];
 			$username	= sql_escape($username); 
 			$sql = "UPDATE `ratings` SET `user`='$user_id' WHERE `user`='$username'";
 			$update_results = mysql_query($sql,dbh()); 
 		} // end while
 		$sql = "ALTER TABLE `ratings` CHANGE `user` `user` INT ( 11 ) NOT NULL";
 		$db_results = mysql_query($sql,dbh()); 
 		// Now work on the tag_map 
 		$sql = "ALTER TABLE `tag_map` CHANGE `user_id` `user` INT ( 11 ) NOT NULL"; 
 		$db_results = mysql_query($sql,dbh()); 
 		// Now fix user preferences
 		$sql = "SELECT DISTINCT(`user`) FROM `user_preference`";
 		$db_results = mysql_query($sql,dbh()); 
 		while ($r = mysql_fetch_assoc($db_results)) { 
 			$username	 = $r['user'];
 			$user_id	 = $user_array[$username];
 			$username	 = sql_escape($username); 
 			$sql = "UPDATE `user_preference` SET `user`='$user_id' WHERE `user`='$username'"; 
 			$update_results = mysql_query($sql,dbh()); 
 		} // end while
 		// Alter the table
 		$sql = "ALTER TABLE `user_preference` CHANGE `user` `user` INT ( 11 ) NOT NULL";
 		$db_results = mysql_query($sql,dbh()); 
 		// Add a date to the user_vote
 		$sql = "ALTER TABLE `user_vote` ADD `date` INT( 11 ) UNSIGNED NOT NULL";
 		$db_results = mysql_query($sql,dbh()); 
 		// Add the index for said field
 		$sql = "ALTER TABLE `user_vote` ADD INDEX(`date`)";
 		$db_results = mysql_query($sql,dbh()); 
 		// Add the thumb fields to album
 		$sql = "ALTER TABLE `album` ADD `thumb` TINYBLOB NULL ,ADD `thumb_mime` VARCHAR( 128 ) NULL";
 		$db_results = mysql_query($sql,dbh()); 
 		// Now add in the min_object_count preference and the random_method
 		$sql = "INSERT INTO `preferences` (`name`,`value`,`description`,`level`,`type`,`catagory`) " . 
 			"VALUES('min_object_count','0','Min Element Count','5','integer','interface')";
 		$db_results = mysql_query($sql,dbh()); 
 		$sql = "INSERT INTO `preferences` (`name`,`value`,`description`,`level`,`type`,`catagory`) " . 
 			"VALUES('random_method','default','Random Method','5','string','interface')"; 
 		$db_results = mysql_query($sql,dbh()); 
 		// Delete old preference
 		$sql = "DELETE FROM `preferences` WHERE `name`='min_album_size'"; 
 		$db_results = mysql_query($sql,dbh()); 
 		// Make Hash a non-required field and smaller
 		$sql = "ALTER TABLE `song` CHANGE `hash` `hash` VARCHAR ( 64 ) NULL";
 		$db_results = mysql_query($sql,dbh()); 
 		// Make user access an int, nothing else
 		$sql = "UPDATE `user` SET `access`='100' WHERE `access`='admin'";
 		$db_results = mysql_query($sql,dbh()); 
 		$sql = "UPDATE `user` SET `access`='25' WHERE `access`='user'";
 		$db_results = mysql_query($sql,dbh()); 
 		$sql = "UPDATE `user` SET `access`='5' WHERE `access`='guest'";
 		$db_results = mysql_query($sql,dbh()); 	
 		// Alter the table
 		$sql = "ALTER TABLE `user` CHANGE `access` `access` TINYINT ( 4 ) UNSIGNED NOT NULL";
 		$db_results = mysql_query($sql,dbh()); 
 		// Add in Label and Catalog # and language
 		$sql = "ALTER TABLE `song_ext_data` ADD `label` VARCHAR ( 128 ) NULL, ADD `catalog_number` VARCHAR ( 128 ) NULL, ADD `language` VARCHAR ( 128 ) NULL";
 		$db_results = mysql_query($sql,dbh()); 
                /* Fix every users preferences */
                $sql = "SELECT `id` FROM `user`";
                $db_results = mysql_query($sql,dbh()); 
                $user = new User();
                $user->fix_preferences('-1');
                while ($r = mysql_fetch_assoc($db_results)) {
                        $user->fix_preferences($r['id']);
                } // while results
 		$this->set_version('db_version','340001');
 		return true; 
 	} //update_340001
 } // end update class
 ?>
--- a/lib/class/user.class.php
+++ b/lib/class/user.class.php
@ -47,18 +47,17 @@ class User {
 	 * class, it currently takes a username
 	 * //FIXME take UID
 	 */	
-	function User($username=0) {
+	function User($id=0) {
-		if (!$username) { 
+		if (!$id) { 
 			return true;
 		}
-		$this->username 	= sql_escape($username);
+		$this->id		= $id;
 		$info 			= $this->_get_info();
 		if (!count($info)) { return false; } 
 		$this->id		= $this->username;
 		$this->uid		= $info->id;
 		$this->username 	= $info->username;
 		$this->fullname 	= $info->fullname;
@ -82,13 +81,9 @@ class User {
 	 */
 	function _get_info() {
-		/* Hack during transition back to UID for user creation */
+		$id = sql_escape($this->id);
-		if (is_numeric($this->username)) { 
+
-			$sql = "SELECT * FROM user WHERE id='" . $this->username . "'";
+		$sql = "SELECT * FROM `user` WHERE `id`='" . $id . "'";
 		}
 		else { 
 			$sql = "SELECT * FROM user WHERE username='$this->username'";
 		}
 		$db_results = mysql_query($sql, dbh());
@ -108,7 +103,7 @@ class User {
 	function get_preferences($user_id=0,$type=0) { 
 		if (!$user_id) { 
-			$user_id = $this->username;
+			$user_id = $this->id;
 		}
 		if (!conf('use_auth')) { $user_id = '-1'; }
@ -279,7 +274,7 @@ class User {
 	*/
 	function is_logged_in() { 
-		$sql = "SELECT id FROM session WHERE username='$this->username'" .
+		$sql = "SELECT id FROM session WHERE `id`='$this->id'" .
 			" AND expire > ". time();
 		$db_results = mysql_query($sql,dbh());
@ -298,13 +293,9 @@ class User {
 	*/
 	function has_access($needed_level) { 
 		if ($this->access == "admin") { $level = 100; }
 		elseif ($this->access == "user") { $level = 25; }
 		else { $level = $this->access; }
 		if (!conf('use_auth') || conf('demo_mode')) { return true; }
-		if ($level >= $needed_level) { return true; }
+		if ($this->access >= $needed_level) { return true; }
 		return false;
@ -377,7 +368,7 @@ class User {
 	function update_username($new_username) {
 		$new_username = sql_escape($new_username);
-		$sql = "UPDATE user SET username='$new_username' WHERE username='$this->username'";
+		$sql = "UPDATE `user` SET `username`='$new_username' WHERE `id`='$this->id'";
 		$this->username = $new_username;
 		$db_results = mysql_query($sql, dbh());
@ -392,7 +383,7 @@ class User {
 	function update_validation($new_validation) { 
 		$new_validation = sql_escape($new_validation);
-		$sql = "UPDATE user SET validation='$new_validation',disabled='1' WHERE username='$this->username'";
+		$sql = "UPDATE user SET validation='$new_validation',disabled='1' WHERE `id`='$this->id'";
 		$this->validation = $new_validation;
 		$db_results = mysql_query($sql, dbh());
@ -407,7 +398,7 @@ class User {
 	function update_fullname($new_fullname) {
 		$new_fullname = sql_escape($new_fullname);
-		$sql = "UPDATE user SET fullname='$new_fullname' WHERE username='$this->id'";
+		$sql = "UPDATE user SET fullname='$new_fullname' WHERE `id`='$this->id'";
 		$db_results = mysql_query($sql, dbh());
 	} // update_fullname
@ -419,7 +410,7 @@ class User {
 	function update_email($new_email) {
 		$new_email = sql_escape($new_email);
-		$sql = "UPDATE user SET email='$new_email' WHERE username='$this->id'";
+		$sql = "UPDATE user SET email='$new_email' WHERE `id`='$this->id'";
 		$db_results = mysql_query($sql, dbh());
 	} // update_email
@ -431,11 +422,47 @@ class User {
 	function update_offset($new_offset) { 
 		$new_offset = sql_escape($new_offset);
-		$sql = "UPDATE user SET offset_limit='$new_offset' WHERE username='$this->id'";
+		$sql = "UPDATE user SET offset_limit='$new_offset' WHERE `id`='$this->id'";
 		$db_results = mysql_query($sql, dbh());
 	} // update_offset
 	/** 
 	 * disable
 	 * This disables the current user
 	 */
 	function disable() { 
 		// Make sure we aren't disabling the last admin
 		$sql = "SELECT `id` FROM `user` WHERE `disabled` = '0' AND `id` != '" . $this->id . "' AND `access`='100'"; 
 		$db_results = mysql_query($sql,dbh()); 
 		if (!mysql_num_rows($db_results)) { return false; } 
 		$sql = "UPDATE `user` SET `disabled`='1' WHERE id='" . $this->id . "'";
 		$db_results = mysql_query($sql,dbh()); 
 		// Delete any sessions they may have
 		$sql = "DELETE FROM `session` WHERE `username`='" . sql_escape($this->username) . "'"; 
 		$db_results = mysql_query($sql,dbh()); 
 		return true; 
 	} // disable
 	/**
 	 * enable
 	 * this enables the current user
 	 */
 	function enable() { 
 		$sql = "UPDATE `user` SET `disabled`='0' WHERE id='" . $this->id . "'";
 		$db_results = mysql_query($sql,dbh()); 
 		return true; 
 	} // enable
 	/**
 	 * update_access
 	 * updates their access level
@ -443,38 +470,17 @@ class User {
 	 */
 	function update_access($new_access) { 
 		/* Check for all disable */
 		if ($new_access == 'disabled') { 
 			$sql = "SELECT username FROM user WHERE disabled != '1' AND username != '$this->username'";
 			$db_results = mysql_query($sql,dbh());
 			if (!mysql_num_rows($db_results)) { return false; }
 		}
 		/* Prevent Only User accounts */
-		if ($new_access == 'user') { 
+		if ($new_access == '25') { 
 			$sql = "SELECT username FROM user WHERE (access='admin' OR access='100') AND username != '$this->username'";
 			$db_results = mysql_query($sql, dbh());
 			if (!mysql_num_rows($db_results)) { return false; }
 		}
 		if ($new_access == 'enabled') {
 		$new_access = sql_escape($new_access);
-			$sql = "UPDATE user SET disabled='0' WHERE username='$this->username'";
+		$sql = "UPDATE `user` SET `access`='$new_access' WHERE `id`='$this->id'";
 		$db_results = mysql_query($sql, dbh());
 		} 
 		elseif ($new_access == 'disabled') {
 			$sql = "UPDATE user SET disabled='1' WHERE username='$this->username'";
 			$db_results = mysql_query($sql, dbh());
 			$sql = "DELETE FROM session WHERE username='" . sql_escape($this->username) . "'";
 			$db_results = mysql_query($sql, dbh());
 		} 
 		else {
 			$new_access = sql_escape($new_access);
 			$sql = "UPDATE user SET access='$new_access' WHERE username='$this->username'";
 			$db_results = mysql_query($sql, dbh());
 		}
 	} // update_access
 	/*!
@ -483,7 +489,7 @@ class User {
 	*/
 	function update_last_seen() { 
-		$sql = "UPDATE user SET last_seen='" . time() . "' WHERE username='$this->username'";
+		$sql = "UPDATE user SET last_seen='" . time() . "' WHERE `id`='$this->id'";
 		$db_results = mysql_query($sql, dbh());
 	} // update_last_seen
@ -583,10 +589,13 @@ class User {
 		if (!$db_results) { return false; }
-		/* Populates any missing preferences, in this case all of them */
+		// Get the insert_id
-		$this->fix_preferences($username);
+		$insert_id = mysql_insert_id(dbh()); 
-		return $username;
+		/* Populates any missing preferences, in this case all of them */
 		$this->fix_preferences($insert_id);
 		return $insert_id;
 	} // create
@ -715,16 +724,100 @@ class User {
 	/**
 	 * fix_preferences
-	 * this makes sure that the specified user
+	 * This is the new fix_preferences function, it does the following
-	 *		has all the correct preferences. This function 
+	 * Remove Duplicates from user, add in missing
-	 *		should be run whenever a system preference is run
+	 * If -1 is passed it also removes duplicates from the `preferences`
-	 *		it's a cop out... FIXME!
+	 * table. 
 	 * @todo Fix it so this isn't a hack
 	 * @package User
 	 * @catagory Class
 	 */
 	function fix_preferences($user_id=0) { 
 		if (!$user_id) { 
 			$user_id = $this->id; 
 		} 
 		$user_id = sql_escape($user_id); 
 		/* Get All Preferences for the current user */
 		$sql = "SELECT * FROM `user_preference` WHERE `user`='$user_id'"; 
 		$db_results = mysql_query($sql,dbh()); 
 		$results = array(); 
 		while ($r = mysql_fetch_assoc($db_results)) { 
 			$pref_id = $r['preference'];
 			/* Check for duplicates */
 			if (isset($results[$pref_id])) { 
 				$r['value'] = sql_escape($r['value']); 
 				$sql = "DELETE FROM `user_preference` WHERE `user`='$user_id' AND `preference`='" . $r['preference'] . "' AND" . 
 					" `value`='" . sql_escape($r['value']) . "'"; 
 				$delete_results = mysql_query($sql,dbh()); 
 			} // if its set
 			else { 
 				$results[$pref_id] = 1; 
 			} 
 		} // end while
 		/* If we aren't the -1 user before we continue grab the -1 users values */
 		if ($user_id != '-1') { 
                        $sql = "SELECT `user_preference.preference`,`user_preference.value` FROM `user_preference`,`preferences` " .
                                "WHERE `user_preference.preference` = `preferences.id` AND `user_preference.user`='-1' AND `preferences.catagory` !='system'";
                        $db_results = mysql_query($sql, dbh());
 			/* While through our base stuff */
                        while ($r = mysql_fetch_object($db_results)) {
                                $zero_results[$r->preference] = $r->value;
                        }
                } // if not user -1
 		// get me _EVERYTHING_ 
                $sql = "SELECT * FROM `preferences`";
 		// If not system, exclude system... *gasp*
                if ($user_id != '-1') {
                        $sql .= " WHERE catagory !='system'";
                }
                $db_results = mysql_query($sql, dbh());
                while ($r = mysql_fetch_object($db_results)) {
                        /* Check if this preference is set */
                        if (!isset($results[$r->id])) {
                                if (isset($zero_results[$r->id])) {
                                        $r->value = $zero_results[$r->id];
                                }
 				$value = sql_escape($r->value); 
                                $sql = "INSERT INTO user_preference (`user`,`preference`,`value`) VALUES ('$user_id','$r->id','$value')";
                                $insert_db = mysql_query($sql, dbh());
                        }
                } // while preferences
                /* Let's also clean out any preferences garbage left over */
                $sql = "SELECT DISTINCT(user_preference.user) FROM user_preference " .
                        "LEFT JOIN user ON user_preference.user = user.id " .
                        "WHERE user_preference.user!='-1' AND user.id IS NULL";
                $db_results = mysql_query($sql, dbh());
                $results = array();
                while ($r = mysql_fetch_assoc($db_results)) {
                        $results[] = $r['user'];
                }
                foreach ($results as $data) {
                        $sql = "DELETE FROM user_preference WHERE user='$data'";
                        $db_results = mysql_query($sql, dbh());
                }
 	} // fix_preferences
 	/**
 	 * username_fix_preferences
 	 * this is an old function that takes a username
 	 * and fixes the preferences based on that it is no longer
 	 * used by has to be maintained due to the update class
 	 */
 	function username_fix_preferences($user_id=0) { 
 		if (!$user_id) { 
 			$user_id = $this->username;
 		}
--- a/lib/general.lib.php
+++ b/lib/general.lib.php
@ -996,7 +996,7 @@ function invert_boolean($value) {
 */
 function get_user_from_username($username) { 
-	$sql = "SELECT id FROM user WHERE username='" . sql_escape($username) . "'";
+	$sql = "SELECT `id` FROM `user` WHERE `username`='" . sql_escape($username) . "'";
 	$db_results = mysql_query($sql, dbh());
 	$results = mysql_fetch_assoc($db_results); 
--- a/lib/init.php
+++ b/lib/init.php
@ -1,7 +1,7 @@
 <?php
 /*
- Copyright (c) 2001 - 2006 Ampache.org
+ Copyright (c) 2001 - 2007 Ampache.org
 All rights reserved.
 This program is free software; you can redistribute it and/or
@ -67,33 +67,19 @@ if (!$results = read_config($configfile,0)) {
 } 
 /** This is the version.... fluf nothing more... **/
-$results['version']		= '3.3.3';
+$results['version']		= '3.4-Alpha1 (Build 001)';
-$results['int_config_version']	= '1'; 
+$results['int_config_version']	= '2'; 
 $results['raw_web_path']	= $results['web_path'];
 $results['web_path']		= $http_type . $_SERVER['HTTP_HOST'] . $results['web_path'];
 $results['catalog_file_pattern']= 'mp3|mpc|m4p|m4a|mp4|aac|ogg|rm|wma|asf|flac|spx|ra|ape|shn|wv';
 $results['http_port']		= $_SERVER['SERVER_PORT'];
 if (!$results['prefix']) { 
 $results['prefix'] = $prefix;
 }
 if (!$results['stop_auth']) {
 $results['stop_auth'] = $results['prefix'] . "/modules/vauth/gone.fishing";
 }
 if (!$results['http_port']) { 
 	$results['http_port']	= '80';
 } 
 if (!$results['site_charset']) { 
-	$results['site_charset'] = "iso-8859-1";
+	$results['site_charset'] = "UTF-8";
 }
 if (!$results['ellipse_threshold_album']) { 
 	$results['ellipse_threshold_album'] = 27;
 }
 if (!$results['ellipse_threshold_artist']) { 
 	$results['ellipse_threshold_artist'] = 27;
 }
 if (!$results['ellipse_threshold_title']) { 
 	$results['ellipse_threshold_title'] = 27;
 }
 if (!$results['raw_web_path']) { 
 	$results['raw_web_path'] = '/';
@ -113,11 +99,6 @@ if (!$results['user_ip_cardinality']) {
 if (!$results['local_length']) { 
 	$results['local_length'] = '9000';
 }
 /* Default it for now until I can get the auto-config updater working */
 if (!$results['tag_order']) { 
 	$results['tag_order'] = array('id3v2','id3v1','vorbiscomment','quicktime','file'); 
 }
 /* Variables needed for vauth Module */
 $results['cookie_path'] 	= $results['raw_web_path'];
@ -162,7 +143,7 @@ require_once(conf('prefix') . "/modules/id3/getid3/getid3.php");
 require_once(conf('prefix') . '/modules/id3/vainfo.class.php');
 require_once(conf('prefix') . '/modules/infotools/Snoopy.class.php');
 require_once(conf('prefix') . '/modules/infotools/AmazonSearchEngine.class.php');
-require_once(conf('prefix') . '/modules/infotools/jamendoSearch.class.php');
+//require_once(conf('prefix') . '/modules/infotools/jamendoSearch.class.php');
 require_once(conf('prefix') . '/lib/xmlrpc.php');
 require_once(conf('prefix') . '/modules/xmlrpc/xmlrpc.inc');
@ -257,18 +238,13 @@ if (in_array("http",$results['auth_methods'])) {
 } // end if http auth
 if ($no_session) { 
 	define('NO_SESSION','1'); 
 } 
 // If we don't want a session
 if (NO_SESSION != '1' AND conf('use_auth')) { 
 	/* Verify Their session */
 	if (!vauth_check_session()) { logout(); exit; }
 	/* Create the new user */
-	$user = new User($_SESSION['userdata']['username']);
+	$user = get_user_from_username($_SESSION['userdata']['username']);
 	/* If they user ID doesn't exist deny them */
 	if (!$user->uid AND !conf('demo_mode')) { logout(); exit; } 
@ -303,7 +279,7 @@ else {
 		session_id(scrub_in($_REQUEST['sessid']));
 		session_start();
 	}
-	$user = new user($sess_results['username']);
+	$user = get_user_from_username($sess_results['username']);
 	init_preferences();
 }
--- a/lib/ui.lib.php
+++ b/lib/ui.lib.php
@ -1,7 +1,7 @@
 <?php
 /*
-   Copyright (c) 2001 - 2006 Ampache.org
+   Copyright (c) 2001 - 2007 Ampache.org
   All rights reserved.
   This program is free software; you can redistribute it and/or
@ -118,38 +118,6 @@ function access_denied() {
 } // access_denied
 /**
 *  show_users
 * shows all users (admin function)
 */
 function show_users () {
 	$dbh = dbh();
 	// Setup the View Ojbect
 	$view = new View();
 	$view->import_session_view();
 	// if we are returning
 	if ($_REQUEST['keep_view']) {
 		$view->initialize();
 	}
 	// If we aren't keeping the view then initlize it
 	else {
 		$sql = "SELECT username FROM user";
 		$db_results = mysql_query($sql, $dbh);
 		$total_items = mysql_num_rows($db_results);
 		if ($match != "Show_all") { $offset_limit = $_SESSION['userdata']['offset_limit']; }
 		$view = new View($sql, 'admin/users.php','fullname',$total_items,$offset_limit);
 	}
 	$db_result = mysql_query($view->sql, $dbh);
 	// wow this is stupid 
 	$GLOBALS['view'] = $view;
 	require(conf('prefix') . "/templates/show_users.inc");
 } // show_users()
 /**
 *  return_referer
 * returns the script part of the referer address passed by the web browser
@ -1421,19 +1389,21 @@ function xml_get_footer($type){
 } //xml_get_footer
 /**
- * show_manage_users
+ * get_users
- * This is the admin page for showing all of the users
+ * This returns an array of user objects and takes an sql statement
 */
-function show_manage_users() {
+function get_users($sql) { 
-        show_box_top(_('Manage Users'));
+	$db_results = mysql_query($sql,dbh()); 
        echo "<ul>\n\t<li><a href=\"".conf('web_path') . "/admin/users.php?action=show_add_user\">" . _('Add a new user') . "</a></li>\n</ul>\n";
        show_box_bottom();
-	/* Show the Users */
+	$results = array(); 
        show_users();
-} // show_manage_users
+	while ($u = mysql_fetch_assoc($db_results)) { 
 		$results[] = new User($u['id']); 
 	} 
 	return $results; 
 } // get_users
 ?>
--- a/login.php
+++ b/login.php
@ -26,7 +26,7 @@
 */
-$no_session = true;
+define('NO_SESSION','1');
 require_once('lib/init.php');
 /* We have to create a cookie here because IIS
@ -73,7 +73,7 @@ if ($_POST['username'] && $_POST['password']) {
 		$username = scrub_in($_POST['username']);
 		$password = scrub_in($_POST['password']);
 		$auth = authenticate($username, $password);
-                $user = new User($username);
+                $user = get_user_from_username($username);
 		if ($user->disabled == '1') { 	
                                $auth['success'] = false;
@ -124,7 +124,7 @@ if ($auth['success']) {
 	// Record the IP of this person!
 	// 
 	if (conf('track_user_ip')) { 
-		$user = new User($_POST['username']);
+		$user = get_user_from_username($username);
 		$user->insert_ip_history();	
 		unset($user);
 	}
--- a/templates/show_add_user.inc.php
+++ b/templates/show_add_user.inc.php
@ -0,0 +1,87 @@
 <?php
 /*
 Copyright (c) 2001 - 2007 Ampache.org
 All rights reserved.
 This program is free software; you can redistribute it and/or
 modify it under the terms of the GNU General Public License
 as published by the Free Software Foundation; either version 2
 of the License, or (at your option) any later version.
 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with this program; if not, write to the Free Software
 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */
 ?>
 <?php show_box_top(_('Adding a New User')); ?>
 <?php $GLOBALS['error']->print_error('general'); ?>
 <form name="add_user" enctype="multpart/form-data" method="post" action="<?php echo conf('web_path') . "/admin/users.php"; ?>">
 <table class="tabledata" cellspacing="0" cellpadding="0" border="0">
 <tr>
 	<td>
 		<?php echo  _('Username'); ?>:
 	</td>
 	<td>
 		<input type="text" name="username" size="30" maxlength="128" value="<?php echo scrub_out($_POST['username']); ?>" />
 		<?php $GLOBALS['error']->print_error('username'); ?>
 	</td>
 </tr>
 <tr>
 	<td><?php echo  _('Full Name'); ?>:</td>
 	<td>
 		<input type="text" name="fullname" size="30" value="<?php echo scrub_out($_POST['fullname']); ?>" />
 	</td>
 </tr>
 <tr>
 	<td>
 		<?php echo  _('E-mail'); ?>:
 	</td>
 	<td>
 		<input type="text" name="email" size="30" value="<?php echo scrub_out($_POST['email']); ?>" />
 	</td>
 </tr>
 <tr>
 	<td>
 		<?php echo  _('Password'); ?> :
 	</td>
 	<td>
 		<input type="password" name="password_1" size="30" value="" />
 		<?php $GLOBALS['error']->print_error('password'); ?>
 	</td>
 </tr>
 <tr>
 	<td>
 		<?php echo  _('Confirm Password'); ?>:
 	</td>
 	<td>
 		<input type="password" name="password_2" size="30" value="" />
 	</td>
 </tr>
 <tr>
 	<td>
 		<?php echo  _('User Access Level'); ?>:
 	</td>
        <td>
                <?php $var_name = "on_" . $working_user->access; ${$var_name} = 'selected="selected"'; ?>
                <select name="access">
                <option value="1" <?php echo $on_1; ?>><?php echo _('Guest'); ?></option>
                <option value="25" <?php echo $on_25; ?>><?php echo _('User'); ?></option>
                <option value="100" <?php echo $on_100; ?>><?php echo _('Admin'); ?></option>
                </select>
        </td>
 </tr>
 	<td colspan="2">
 		<input type="submit" value="<?php echo _('Add User'); ?>" />
 		<input type="hidden" name="action" value="add_user" />
 	</td>
 </tr>
 </table>
 </form>
 <?php show_box_bottom(); ?>
--- a/templates/show_confirmation.inc.php
+++ b/templates/show_confirmation.inc.php
@ -20,7 +20,7 @@
 */
 ?>
 <?php show_box_top(scrub_out($title)); ?>
-<?php echo scrub_out($text); ?>
+<?php echo $text; ?>
 <br />
 <div class="text-action">
 	<a href="<?php echo $path; ?>"><?php echo _('Continue'); ?></a>
--- a/templates/show_edit_user.inc.php
+++ b/templates/show_edit_user.inc.php
@ -1,7 +1,7 @@
 <?php
 /*
- Copyright (c) 2001 - 2006 Ampache.org
+ Copyright (c) 2001 - 2007 Ampache.org
 All rights reserved.
 This program is free software; you can redistribute it and/or
@ -19,35 +19,24 @@
 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */
 if ($type === 'new_user') { 
 	$userfield = "<input type=\"text\" name=\"new_username\" size=\"30\" value=\"" . scrub_out($username) . "\" />";
 	$title = _('Adding a New User');
 }
 else {
 	$userfield = scrub_out($username);
 	$title = _('Editing existing User');
 }
 ?>
-
+<?php show_box_top(_('Editing existing User')); ?>
 <br />
 <?php show_box_top($title); ?>
 <?php $GLOBALS['error']->print_error('general'); ?>
-<form name="update_user" method="post" action="<?php echo conf('web_path') . "/admin/users.php"; ?>">
+<form name="update_user" enctype="multipart/form-data" method="post" action="<?php echo conf('web_path') . "/admin/users.php"; ?>">
-<table cellspacing="0" cellpadding="0" border="0">
+<table class="tabledata" cellspacing="0" cellpadding="0" border="0">
 <tr>
 	<td>
 		<?php echo _('Username'); ?>:
 	</td>
 	<td>
-		<?php echo $userfield; ?>
+		<input type="text" name="username" size="30" maxlength="128" value="<?php echo scrub_out($working_user->username); ?>" />
 		<?php $GLOBALS['error']->print_error('username'); ?>
 	</td>
 </tr>
 <tr>
 	<td><?php echo _('Full Name'); ?>:</td>
 	<td>
-		<input type="text" name="new_fullname" size="30" value="<?php echo scrub_out($fullname); ?>" />
+		<input type="text" name="fullname" size="30" value="<?php echo scrub_out($working_user->fullname); ?>" />
 	</td>
 </tr>
 <tr>
@ -55,7 +44,7 @@ else {
 		<?php echo _('E-mail'); ?>:
 	</td>
 	<td>
-		<input type="text" name="new_email" size="30" value="<?php echo scrub_out($email); ?>" />
+		<input type="text" name="email" size="30" value="<?php echo scrub_out($working_user->email); ?>" />
 	</td>
 </tr>
 <tr>
@ -63,7 +52,7 @@ else {
 		<?php echo _('Password'); ?> :
 	</td>
 	<td>
-		<input type="password" name="new_password_1" size="30" value="" />
+		<input type="password" name="password_1" size="30" value="" />
 		<?php $GLOBALS['error']->print_error('password'); ?>
 	</td>
 </tr>
@ -72,7 +61,7 @@ else {
 		<?php echo _('Confirm Password'); ?>:
 	</td>
 	<td>
-		<input type="password" name="new_password_2" size="30" value="" />
+		<input type="password" name="password_2" size="30" value="" />
 	</td>
 </tr>
 <tr>
@ -80,24 +69,21 @@ else {
 		<?php echo  _('User Access Level'); ?>:
 	</td>
 	<td>
-		<select name="user_access">
+		<?php $var_name = "on_" . $working_user->access; ${$var_name} = 'selected="selected"'; ?>
-		<option value="1" <?php  if($access==='1') echo "selected=\"selected\""; ?>>Guest</option>
+		<select name="access">
-		<option value="user" <?php  if($access==='user') echo "selected=\"selected\""; ?>>User</option>
+		<option value="1" <?php echo $on_1; ?>><?php echo _('Guest'); ?></option>
-		<option value="admin" <?php  if($access==='admin') echo "selected=\"selected\""; ?>>Admin</option>
+		<option value="25" <?php echo $on_25; ?>><?php echo _('User'); ?></option>
 		<option value="100" <?php echo $on_100; ?>><?php echo _('Admin'); ?></option>
 		</select>
 	</td>
 </tr>
 <tr>
 	<td colspan="2">
 		<input type="hidden" name="action" value="update_user" />
 		<input type="submit" value="<?php echo _('Update User'); ?>" />
 		<input type="hidden" name="user_id" value="<?php echo $working_user->id; ?>" />
 	</td>
 </tr>
 </table>
 <?php
 if ($type == 'new_user') {
 	echo "<input type=\"hidden\" name=\"action\" value=\"add_user\" />";
 	echo "<input type=\"submit\" value=\"" . _('Add User') . "\" />";
 }
 else {
 	echo "<input type=\"hidden\" name=\"action\" value=\"update_user\" />\n";
 	echo "<input type=\"submit\" value=\"" . _('Update User') . "\" />\n";
 	echo "<input type=\"hidden\" name=\"new_username\" value=\"$id\" />";
 }
 ?>
 </form>
 <?php show_box_bottom(); ?>
--- a/templates/show_users.inc.php
+++ b/templates/show_users.inc.php
@ -1,7 +1,7 @@
 <?php
 /*
- Copyright (c) 2001 - 2006 Ampache.org
+ Copyright (c) 2001 - 2007 Ampache.org
 All rights reserved.
 This program is free software; you can redistribute it and/or
@ -18,15 +18,16 @@
 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */
 /*!
 @header Show Users (admin section)
 */
 $web_path = conf('web_path');
 $total_items = $view->total_items;
 $admin_menu = "admin/";
 ?>
 show_box_top(_('Manage Users')); 
 	echo get_user_icon('add_user') . '&nbsp;'; 
 	echo '<a href="' . $web_path . '/admin/users.php?action=show_add_user">' . _('Add a new user') . '</a>';
 show_box_bottom(); 
 ?>
 <?php show_box_top(); ?>
 <table class="tabledata" cellpadding="0" cellspacing="0" border="0">
 <tr class="table-header" align="center">
@ -37,10 +38,10 @@ $admin_menu = "admin/";
 <tr class="table-header">
 	<td align="center">
 		<a href="<?php echo $web_path; ?>/<?php echo $_SESSION['view_script']; ?>?action=<?php echo $_REQUEST['action']; ?>&amp;keep_view=true&amp;sort_type=fullname&amp;sort_order=0">
-		<b><?php echo _("Fullname"); ?></b>
+		<b><?php echo _('Fullname'); ?></b>
 		</a>
 		<a href="<?php echo $web_path; ?>/<?php echo $_SESSION['view_script']; ?>?action=<?php echo $_REQUEST['action']; ?>&amp;keep_view=true&amp;sort_type=username&amp;sort_order=0">
-		<b>(<?php echo _("Username"); ?>)</b>
+		<b>(<?php echo _('Username'); ?>)</b>
 		</a>
 	</td>
        <td align="center">
@ -67,19 +68,17 @@ $admin_menu = "admin/";
 	</td>
 </tr>
 <?php
-while ($results = mysql_fetch_object($db_result)) {
+foreach ($users as $working_user) { 
-	$user = new User($results->username);
+	$working_user->format_user();
-        $last_seen = date("m\/d\/Y - H:i",$user->last_seen);
+        $last_seen = date("m\/d\/Y - H:i",$working_user->last_seen);
-        if (!$user->last_seen) { $last_seen = "Never"; }
+        if (!$working_user->last_seen) { $last_seen = _('Never'); }
-        $create_date = date("m\/d\/Y - H:i",$user->create_date);
+        $create_date = date("m\/d\/Y - H:i",$working_user->create_date);
-	$user->format_user();
+        if (!$working_user->create_date) { $create_date = _('Unknown'); }
        if (!$user->create_date) { $create_date = "Unknown"; }
 ?>
 <tr class="<?php echo flip_class(); ?>" align="center">
 	<td align="left">
-		<a href="<?php echo $web_path; ?>/admin/users.php?action=edit&amp;user=<?php echo $user->id; ?>">
+		<a href="<?php echo $web_path; ?>/admin/users.php?action=edit&amp;user_id=<?php echo $working_user->id; ?>">
-			<?php echo $user->fullname; ?> (<?php echo $user->username; ?>)
+			<?php echo $working_user->fullname; ?> (<?php echo $working_user->username; ?>)
 		</a>
 	</td>
        <td>
@ -90,54 +89,54 @@ while ($results = mysql_fetch_object($db_result)) {
 	</td>
        <td>
-		<?php echo $user->f_useage; ?>
+		<?php echo $working_user->f_useage; ?>
 	</td>
 	<?php if (conf('track_user_ip')) { ?>
        <td>
-		<a href="<?php echo $web_path; ?>/admin/users.php?action=show_ip_history&amp;user_id=<?php echo $user->id; ?>">
+		<a href="<?php echo $web_path; ?>/admin/users.php?action=show_ip_history&amp;user_id=<?php echo $working_user->id; ?>">
-			<?php echo $user->ip_history; ?>
+			<?php echo $working_user->ip_history; ?>
 		</a>
 	</td>
 	<?php } ?>
        <td>
-		<a href="<?php echo $web_path; ?>/admin/users.php?action=edit&amp;user=<?php echo $user->id; ?>">
+		<a href="<?php echo $web_path; ?>/admin/users.php?action=edit&amp;user_id=<?php echo $working_user->id; ?>">
 			<?php echo get_user_icon('edit'); ?>
 		</a>
 	</td>
        <td>
-		<a href="<?php echo $web_path; ?>/admin/preferences.php?action=user&amp;user_id=<?php echo $user->id; ?>">
+		<a href="<?php echo $web_path; ?>/admin/preferences.php?action=user&amp;user_id=<?php echo $working_user->id; ?>">
 			<?php echo get_user_icon('preferences'); ?>
 		</a>
 	</td>
 	<td>
-		<a href="<?php echo $web_path; ?>/stats.php?action=user_stats&amp;user_id=<?php echo $user->id; ?>">
+		<a href="<?php echo $web_path; ?>/stats.php?action=user_stats&amp;user_id=<?php echo $working_user->id; ?>">
 			<?php echo get_user_icon('statistics'); ?>
 		</a>
 	</td>
 	<?php
 	//FIXME: Fix this for the extra permission levels
 	if ($user->disabled == '1') { 
-		echo "<td><a href=\"".$web_path."/admin/users.php?action=update&amp;user=$user->username&amp;level=enabled\">" . get_user_icon('enable') . "</a></td>";
+		echo "<td><a href=\"".$web_path."/admin/users.php?action=enable&amp;user_id=$working_user->id\">" . get_user_icon('enable') . "</a></td>";
 	}
 	else {
-		echo "<td><a href=\"".$web_path."/admin/users.php?action=update&amp;user=$user->username&amp;level=disabled\">" . get_user_icon('disable') ."</a></td>";
+		echo "<td><a href=\"".$web_path."/admin/users.php?action=disable&amp;user_id=$working_user->id\">" . get_user_icon('disable') ."</a></td>";
 	}
 	?>
 	<td>
-		<a href="<?php echo $web_path; ?>/admin/users.php?action=delete&amp;user=<?php echo $user->username; ?>">
+		<a href="<?php echo $web_path; ?>/admin/users.php?action=delete&amp;user_id=<?php echo $working_user->id; ?>">
 		<?php echo get_user_icon('delete'); ?>
 		</a>
 	</td>
       <?php
-	if (($user->is_logged_in()) and ($user->is_online())) {
+	if (($working_user->is_logged_in()) and ($working_user->is_online())) {
 		echo "<td class=\"user_online\"> &nbsp; </td>";
-	} elseif ($user->disabled == 1) {
+	} elseif ($working_user->disabled == 1) {
 		echo "<td class=\"user_disabled\"> &nbsp; </td>";
 	} else {
 		echo "<td class=\"user_offline\"> &nbsp; </td>";
 	}
 ?>	
 </tr>
-<?php } //end while ($results = mysql_fetch_object($db_result)) ?>
+<?php } //end foreach users ?>
 </table>
 <?php show_box_bottom(); ?>
--- a/update.php
+++ b/update.php
@ -29,7 +29,7 @@
 /* Start House Keeping */
 	// We need this stuff
-	$no_session = 1;
+	define('NO_SESSION','1');
 	require('lib/init.php');
 	// Make a blank update object