[26140] | 1 | <?php |
---|
| 2 | defined('SUBSCRIBE_TO_PATH') or die('Hacking attempt!'); |
---|
| 3 | |
---|
| 4 | /** |
---|
| 5 | * Send comment to subscribers |
---|
| 6 | * @param: array comment (author, content, image_id|category_id) |
---|
| 7 | */ |
---|
| 8 | function send_comment_to_subscribers($comm) |
---|
| 9 | { |
---|
| 10 | if (empty($comm) or !is_array($comm)) |
---|
| 11 | { |
---|
| 12 | trigger_error('send_comment_to_subscribers: undefined comm', E_USER_WARNING); |
---|
| 13 | return false; |
---|
| 14 | } |
---|
| 15 | |
---|
| 16 | global $conf, $page, $user, $template; |
---|
| 17 | |
---|
| 18 | // create search clauses |
---|
| 19 | $where_clauses = array(); |
---|
| 20 | if (isset($comm['image_id'])) |
---|
| 21 | { |
---|
| 22 | $element_id = $comm['image_id']; |
---|
| 23 | $element_type = 'image'; |
---|
| 24 | |
---|
| 25 | $where_clauses[] = '(type = "image" AND element_id = '.$element_id.')'; |
---|
| 26 | $where_clauses[] = 'type = "all-images"'; |
---|
| 27 | if (!empty($page['category']['id'])) |
---|
| 28 | { |
---|
| 29 | $where_clauses[] = '(type = "album-images" AND element_id = '.$page['category']['id'].')'; |
---|
| 30 | } |
---|
| 31 | } |
---|
| 32 | else if (isset($comm['category_id'])) |
---|
| 33 | { |
---|
| 34 | $element_id = $comm['category_id']; |
---|
| 35 | $element_type = 'category'; |
---|
| 36 | |
---|
| 37 | $where_clauses[] = '(type = "album" AND element_id = '.$element_id.')'; |
---|
| 38 | $where_clauses[] = 'type = "all-albums"'; |
---|
| 39 | } |
---|
| 40 | else |
---|
| 41 | { |
---|
| 42 | return; |
---|
| 43 | } |
---|
| 44 | |
---|
| 45 | // exclude current user |
---|
| 46 | $exclude = null; |
---|
| 47 | if (!empty($_POST['stc_mail'])) |
---|
| 48 | { |
---|
| 49 | $exclude = pwg_db_real_escape_string($_POST['stc_mail']); |
---|
| 50 | } |
---|
| 51 | else if (!is_a_guest()) |
---|
| 52 | { |
---|
| 53 | $exclude = $user['email']; |
---|
| 54 | } |
---|
| 55 | |
---|
| 56 | // get subscribers datas |
---|
| 57 | $query = ' |
---|
| 58 | SELECT |
---|
| 59 | id, |
---|
| 60 | email, |
---|
| 61 | language |
---|
| 62 | FROM '.SUBSCRIBE_TO_TABLE.' |
---|
| 63 | WHERE ( |
---|
| 64 | '.implode("\n OR ", $where_clauses).' |
---|
| 65 | ) |
---|
| 66 | AND validated = true |
---|
| 67 | AND email != "'.$exclude.'" |
---|
| 68 | GROUP BY email |
---|
| 69 | '; |
---|
| 70 | $subscriptions = query2array($query); |
---|
| 71 | |
---|
| 72 | if (count($subscriptions)==0) |
---|
| 73 | { |
---|
| 74 | return; |
---|
| 75 | } |
---|
| 76 | |
---|
| 77 | set_make_full_url(); |
---|
| 78 | |
---|
| 79 | // get element infos |
---|
| 80 | if ($element_type == 'image') |
---|
| 81 | { |
---|
| 82 | $element = get_picture_infos($comm['image_id']); |
---|
| 83 | } |
---|
| 84 | else |
---|
| 85 | { |
---|
| 86 | $element = get_category_infos($comm['category_id']); |
---|
| 87 | } |
---|
| 88 | |
---|
| 89 | // format comment |
---|
| 90 | if ($comm['author'] == 'guest') |
---|
| 91 | { |
---|
| 92 | $comm['author'] = l10n('guest'); |
---|
| 93 | } |
---|
| 94 | |
---|
[26144] | 95 | $comm['author'] = trigger_change('render_comment_author', $comm['author']); |
---|
| 96 | $comm['content'] = trigger_change('render_comment_content', $comm['content']); |
---|
[26140] | 97 | |
---|
| 98 | include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php'); |
---|
| 99 | |
---|
| 100 | foreach ($subscriptions as $row) |
---|
| 101 | { |
---|
| 102 | // get subscriber id |
---|
| 103 | if ( ($uid = get_userid_by_email($row['email'])) !== false ) |
---|
| 104 | { |
---|
| 105 | $row['user_id'] = $uid; |
---|
| 106 | } |
---|
| 107 | else |
---|
| 108 | { |
---|
| 109 | $row['user_id'] = $conf['guest_id']; |
---|
| 110 | } |
---|
| 111 | |
---|
| 112 | // check permissions |
---|
| 113 | if (!user_can_view_element($row['user_id'], $element_id, $element_type)) |
---|
| 114 | { |
---|
| 115 | continue; |
---|
| 116 | } |
---|
| 117 | |
---|
| 118 | switch_lang_to($language); |
---|
| 119 | |
---|
| 120 | $comm['date'] = format_date(date('Y-m-d H:i:s')); |
---|
| 121 | |
---|
| 122 | pwg_mail( |
---|
| 123 | $row['email'], |
---|
| 124 | array( |
---|
[26141] | 125 | 'subject' => '['.strip_tags($conf['gallery_title']).'] '.l10n('New comment on %s', $element['name']), |
---|
[26140] | 126 | ), |
---|
| 127 | array( |
---|
| 128 | 'filename' => 'notification', |
---|
| 129 | 'dirname' => SUBSCRIBE_TO_PATH . 'template', |
---|
| 130 | 'assign' => array( |
---|
| 131 | 'ELEMENT' => $element, |
---|
| 132 | 'COMMENT' => $comm, |
---|
| 133 | 'UNSUB_URL' => make_stc_url('unsubscribe', $row['email'], $row['id']), |
---|
| 134 | 'MANAGE_URL' => make_stc_url('manage', $row['email']), |
---|
| 135 | ), |
---|
| 136 | ) |
---|
| 137 | ); |
---|
| 138 | |
---|
| 139 | switch_lang_back(); |
---|
| 140 | } |
---|
| 141 | |
---|
| 142 | load_language('plugin.lang', SUBSCRIBE_TO_PATH); |
---|
| 143 | unset_make_full_url(); |
---|
| 144 | } |
---|
| 145 | |
---|
| 146 | |
---|
| 147 | /** |
---|
| 148 | * add an email to subscribers list |
---|
| 149 | * @param: string email |
---|
| 150 | * @param: string type (image|album-images|all-images|album|all-albums) |
---|
| 151 | * @param: int element_id |
---|
| 152 | * @return: bool |
---|
| 153 | */ |
---|
[26816] | 154 | function subscribe_to_comments($email, $type, $element_id=null, $spam_check=true) |
---|
[26140] | 155 | { |
---|
| 156 | if (empty($type)) |
---|
| 157 | { |
---|
| 158 | trigger_error('subscribe_to_comment: missing type', E_USER_WARNING); |
---|
| 159 | return false; |
---|
| 160 | } |
---|
| 161 | |
---|
[26816] | 162 | if (!in_array($type, array('all-images','all-albums')) and !isset($element_id)) |
---|
[26140] | 163 | { |
---|
| 164 | trigger_error('subscribe_to_comment: missing element_id', E_USER_WARNING); |
---|
| 165 | return false; |
---|
| 166 | } |
---|
| 167 | |
---|
| 168 | global $page, $conf, $user, $template, $picture; |
---|
| 169 | |
---|
| 170 | // check email |
---|
| 171 | if (!empty($email) and !email_check_format($email)) |
---|
| 172 | { |
---|
| 173 | $page['errors'][] = l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)'); |
---|
| 174 | return false; |
---|
| 175 | } |
---|
| 176 | if ( (is_a_guest() or empty($user['email'])) and empty($email) ) |
---|
| 177 | { |
---|
| 178 | $page['errors'][] = l10n('Invalid email address, your are not subscribed to comments.'); |
---|
| 179 | return false; |
---|
| 180 | } |
---|
| 181 | else if (!is_a_guest() and empty($email)) |
---|
| 182 | { |
---|
| 183 | $email = $user['email']; |
---|
| 184 | } |
---|
[26816] | 185 | |
---|
| 186 | // spam check |
---|
| 187 | if ($spam_check) |
---|
| 188 | { |
---|
| 189 | if (!trigger_change('loc_before_subscribe_to_comments', true, $email, $type, $element_id)) |
---|
| 190 | { |
---|
| 191 | return false; |
---|
| 192 | } |
---|
| 193 | } |
---|
[26140] | 194 | |
---|
| 195 | // search if already registered |
---|
| 196 | $query = ' |
---|
| 197 | SELECT id |
---|
| 198 | FROM '.SUBSCRIBE_TO_TABLE.' |
---|
| 199 | WHERE |
---|
| 200 | type = "'.$type.'" |
---|
[26816] | 201 | AND element_id = '. (isset($element_id) ? $element_id : 'NULL') .' |
---|
[26140] | 202 | AND email = "'.pwg_db_real_escape_string($email).'" |
---|
| 203 | ;'; |
---|
| 204 | $result = pwg_query($query); |
---|
| 205 | |
---|
| 206 | if (pwg_db_num_rows($result)) |
---|
| 207 | { |
---|
| 208 | return false; |
---|
| 209 | } |
---|
| 210 | |
---|
| 211 | $query = ' |
---|
| 212 | INSERT INTO '.SUBSCRIBE_TO_TABLE.'( |
---|
| 213 | type, |
---|
| 214 | element_id, |
---|
| 215 | language, |
---|
| 216 | email, |
---|
| 217 | registration_date, |
---|
| 218 | validated |
---|
| 219 | ) |
---|
| 220 | VALUES( |
---|
| 221 | "'.$type.'", |
---|
[26816] | 222 | '. (isset($element_id) ? $element_id : 'NULL') .', |
---|
[26140] | 223 | "'.$user['language'].'", |
---|
| 224 | "'.pwg_db_real_escape_string($email).'", |
---|
| 225 | NOW(), |
---|
| 226 | "'.(is_a_guest() ? "false" : "true").'" |
---|
| 227 | ) |
---|
| 228 | ;'; |
---|
| 229 | pwg_query($query); |
---|
| 230 | |
---|
| 231 | $stc_id = pwg_db_insert_id(); |
---|
| 232 | |
---|
| 233 | include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php'); |
---|
| 234 | |
---|
| 235 | set_make_full_url(); |
---|
| 236 | |
---|
| 237 | if (!is_a_guest() or $conf['Subscribe_to_Comments']['notify_admin_on_subscribe']) |
---|
| 238 | { |
---|
| 239 | switch ($type) |
---|
| 240 | { |
---|
| 241 | case 'image': |
---|
| 242 | $element = get_picture_infos($element_id); |
---|
| 243 | $element['on'] = l10n('the picture <a href="%s">%s</a>', $element['url'], $element['name']); |
---|
| 244 | break; |
---|
| 245 | case 'album-images': |
---|
| 246 | $element = get_category_infos($element_id); |
---|
| 247 | $element['on'] = l10n('all pictures of the album <a href="%s">%s</a>', $element['url'], $element['name']); |
---|
| 248 | break; |
---|
| 249 | case 'all-images': |
---|
| 250 | $element['thumbnail'] = null; |
---|
| 251 | $element['on'] = l10n('all pictures of the gallery'); |
---|
| 252 | break; |
---|
| 253 | case 'album': |
---|
| 254 | $element = get_category_infos($element_id); |
---|
| 255 | $element['on'] = l10n('the album <a href="%s">%s</a>', $element['url'], $element['name']); |
---|
| 256 | break; |
---|
| 257 | case 'all-albums': |
---|
| 258 | $element['thumbnail'] = null; |
---|
| 259 | $element['on'] = l10n('all albums of the gallery'); |
---|
| 260 | break; |
---|
| 261 | } |
---|
| 262 | } |
---|
| 263 | |
---|
| 264 | // send validation mail |
---|
| 265 | if (is_a_guest()) |
---|
| 266 | { |
---|
| 267 | pwg_mail( |
---|
| 268 | $email, |
---|
| 269 | array( |
---|
| 270 | 'subject' => '['.strip_tags($conf['gallery_title']).'] '.l10n('Confirm your subscription to comments'), |
---|
| 271 | ), |
---|
| 272 | array( |
---|
| 273 | 'filename' => 'confirm', |
---|
| 274 | 'dirname' => SUBSCRIBE_TO_PATH . 'template', |
---|
| 275 | 'assign' => array( |
---|
| 276 | 'ELEMENT' => $element, |
---|
| 277 | 'VALIDATE_URL' => make_stc_url('validate', $email, $stc_id), |
---|
| 278 | 'MANAGE_URL' => make_stc_url('manage', $email), |
---|
| 279 | ), |
---|
| 280 | ) |
---|
| 281 | ); |
---|
| 282 | |
---|
| 283 | $page['infos'][] = l10n('Please check your email in-box to confirm your subscription.'); |
---|
| 284 | } |
---|
| 285 | // just display confirmation message |
---|
| 286 | else |
---|
| 287 | { |
---|
| 288 | $page['infos'][] = l10n('You have been added to the list of subscribers.'); |
---|
| 289 | } |
---|
| 290 | |
---|
| 291 | // notify admins |
---|
| 292 | if ($conf['Subscribe_to_Comments']['notify_admin_on_subscribe']) |
---|
| 293 | { |
---|
| 294 | pwg_mail_notification_admins( |
---|
[26141] | 295 | get_l10n_args('New subscription on %s', strip_tags($element['on'])), |
---|
| 296 | array( |
---|
| 297 | get_l10n_args('%s has subscribed to comments on %s.', array($email, $element['on'])), |
---|
| 298 | ) |
---|
[26140] | 299 | ); |
---|
| 300 | } |
---|
| 301 | |
---|
| 302 | unset_make_full_url(); |
---|
| 303 | |
---|
| 304 | return true; |
---|
| 305 | } |
---|
| 306 | |
---|
| 307 | |
---|
| 308 | /** |
---|
| 309 | * remove an email from subscribers list |
---|
| 310 | * @param: string email |
---|
| 311 | * @param: int subscription id |
---|
| 312 | * @return: bool |
---|
| 313 | */ |
---|
| 314 | function un_subscribe_to_comments($email, $ids) |
---|
| 315 | { |
---|
| 316 | if (!empty($email) and !email_check_format($email)) |
---|
| 317 | { |
---|
| 318 | trigger_error('un_subscribe_to_comment: bad email', E_USER_WARNING); |
---|
| 319 | return false; |
---|
| 320 | } |
---|
| 321 | if (empty($ids)) |
---|
| 322 | { |
---|
| 323 | trigger_error('un_subscribe_to_comment: bad id', E_USER_WARNING); |
---|
| 324 | return false; |
---|
| 325 | } |
---|
| 326 | |
---|
| 327 | global $user; |
---|
| 328 | |
---|
| 329 | // check email |
---|
| 330 | if ( (is_a_guest() or empty($user['email'])) and empty($email) ) |
---|
| 331 | { |
---|
| 332 | return false; |
---|
| 333 | } |
---|
| 334 | else if (!is_a_guest() and empty($email)) |
---|
| 335 | { |
---|
| 336 | $email = $user['email']; |
---|
| 337 | } |
---|
| 338 | |
---|
| 339 | if (!is_array($ids)) |
---|
| 340 | { |
---|
| 341 | $ids = array($ids); |
---|
| 342 | } |
---|
| 343 | $ids = array_map('intval', $ids); |
---|
| 344 | |
---|
| 345 | // delete subscription |
---|
| 346 | $query = ' |
---|
| 347 | DELETE FROM '.SUBSCRIBE_TO_TABLE.' |
---|
| 348 | WHERE |
---|
| 349 | email = "'.pwg_db_real_escape_string($email).'" |
---|
| 350 | AND id IN('. implode(',', $ids) .') |
---|
| 351 | ;'; |
---|
| 352 | pwg_query($query); |
---|
| 353 | |
---|
| 354 | return (pwg_db_changes() != 0); |
---|
| 355 | } |
---|
| 356 | |
---|
| 357 | |
---|
| 358 | /** |
---|
| 359 | * validate a subscription |
---|
| 360 | * @param: string email |
---|
| 361 | * @param: int subscription id |
---|
| 362 | * @return: bool |
---|
| 363 | */ |
---|
| 364 | function validate_subscriptions($email, $ids) |
---|
| 365 | { |
---|
| 366 | if (!email_check_format($email)) |
---|
| 367 | { |
---|
| 368 | trigger_error('validate_subscriptions: bad email', E_USER_WARNING); |
---|
| 369 | return false; |
---|
| 370 | } |
---|
| 371 | if (empty($ids)) |
---|
| 372 | { |
---|
| 373 | trigger_error('validate_subscriptions: bad id', E_USER_WARNING); |
---|
| 374 | return false; |
---|
| 375 | } |
---|
| 376 | |
---|
| 377 | if (!is_array($ids)) |
---|
| 378 | { |
---|
| 379 | $ids = array($ids); |
---|
| 380 | } |
---|
| 381 | $ids = array_map('intval', $ids); |
---|
| 382 | |
---|
| 383 | $query = ' |
---|
| 384 | UPDATE '.SUBSCRIBE_TO_TABLE.' |
---|
| 385 | SET validated = "true" |
---|
| 386 | WHERE |
---|
| 387 | email = "'.pwg_db_real_escape_string($email).'" |
---|
| 388 | AND id IN('. implode(',', $ids) .') |
---|
| 389 | ;'; |
---|
| 390 | pwg_query($query); |
---|
| 391 | |
---|
| 392 | return (pwg_db_changes() != 0); |
---|
| 393 | } |
---|
| 394 | |
---|
| 395 | |
---|
| 396 | /** |
---|
| 397 | * create absolute url to subscriptions section |
---|
| 398 | * @param: string action |
---|
| 399 | * @param: string email |
---|
| 400 | * @param: int optional |
---|
| 401 | * @return: string |
---|
| 402 | */ |
---|
| 403 | function make_stc_url($action, $email, $id=null) |
---|
| 404 | { |
---|
| 405 | if (empty($action) or empty($email)) |
---|
| 406 | { |
---|
| 407 | trigger_error('make_stc_url: missing action and/or mail', E_USER_WARNING); |
---|
| 408 | return null; |
---|
| 409 | } |
---|
| 410 | |
---|
| 411 | global $conf; |
---|
| 412 | set_make_full_url(); |
---|
| 413 | |
---|
| 414 | $url_params = compact('action', 'email'); |
---|
| 415 | if (!empty($id)) |
---|
| 416 | { |
---|
| 417 | $url_params['id'] = $id; |
---|
| 418 | } |
---|
| 419 | |
---|
| 420 | $url_params['key'] = crypt_value( |
---|
| 421 | $action.$email.$id, |
---|
| 422 | $conf['secret_key'] |
---|
| 423 | ); |
---|
| 424 | |
---|
| 425 | $url = add_url_params( |
---|
| 426 | make_index_url(array('section' => 'subscriptions')), |
---|
| 427 | $url_params |
---|
| 428 | ); |
---|
| 429 | |
---|
| 430 | unset_make_full_url(); |
---|
| 431 | return $url; |
---|
| 432 | } |
---|
| 433 | |
---|
| 434 | |
---|
| 435 | /** |
---|
| 436 | * get name, url and thumbnail of a picture |
---|
| 437 | * @param: int image_id |
---|
| 438 | * @param: bool return thumbnail |
---|
| 439 | * @return: array (id, name, url, thumbnail) |
---|
| 440 | */ |
---|
| 441 | function get_picture_infos($image_id, $with_thumb=true) |
---|
| 442 | { |
---|
| 443 | if (empty($image_id)) |
---|
| 444 | { |
---|
| 445 | return array(); |
---|
| 446 | } |
---|
| 447 | |
---|
| 448 | $query = ' |
---|
| 449 | SELECT |
---|
| 450 | id, |
---|
| 451 | file, |
---|
| 452 | name, |
---|
| 453 | path |
---|
| 454 | FROM '.IMAGES_TABLE.' |
---|
| 455 | WHERE id = '.$image_id.' |
---|
| 456 | ;'; |
---|
| 457 | $element = pwg_db_fetch_assoc(pwg_query($query)); |
---|
| 458 | |
---|
| 459 | if (empty($element['name'])) |
---|
| 460 | { |
---|
| 461 | $element['name'] = get_name_from_file($element['file']); |
---|
| 462 | } |
---|
[26144] | 463 | $element['name'] = trigger_change('render_element_name', $element['name']); |
---|
[26140] | 464 | |
---|
| 465 | $element['url'] = make_picture_url(array( |
---|
| 466 | 'image_id'=>$element['id'] |
---|
| 467 | )); |
---|
| 468 | |
---|
| 469 | if ($with_thumb) |
---|
| 470 | { |
---|
| 471 | $element['thumbnail'] = DerivativeImage::thumb_url($element); |
---|
| 472 | } |
---|
| 473 | |
---|
| 474 | return $element; |
---|
| 475 | } |
---|
| 476 | |
---|
| 477 | /** |
---|
| 478 | * get name, url and thumbnail of a category |
---|
| 479 | * @param: int cat_id |
---|
| 480 | * @param: int return thumbnail |
---|
| 481 | * @return: array (id, name, url, thumbnail) |
---|
| 482 | */ |
---|
| 483 | function get_category_infos($cat_id, $with_thumb=true, $user_id=null) |
---|
| 484 | { |
---|
| 485 | global $conf; |
---|
| 486 | |
---|
| 487 | if ($user_id===null) |
---|
| 488 | { |
---|
| 489 | $user_id = $conf['guest_id']; |
---|
| 490 | } |
---|
| 491 | |
---|
| 492 | $query = ' |
---|
| 493 | SELECT |
---|
| 494 | cat.id, |
---|
| 495 | cat.name, |
---|
| 496 | cat.permalink, |
---|
| 497 | ucc.count_images, |
---|
| 498 | cat.uppercats, |
---|
| 499 | img.id AS image_id, |
---|
| 500 | img.path |
---|
| 501 | FROM '.CATEGORIES_TABLE.' AS cat |
---|
| 502 | LEFT JOIN '.USER_CACHE_CATEGORIES_TABLE.' AS ucc |
---|
| 503 | ON ucc.cat_id = cat.id AND ucc.user_id = '.$user_id.' |
---|
| 504 | LEFT JOIN '.IMAGES_TABLE.' AS img |
---|
| 505 | ON img.id = ucc.user_representative_picture_id |
---|
| 506 | WHERE cat.id = '.$cat_id.' |
---|
| 507 | ;'; |
---|
| 508 | $element = pwg_db_fetch_assoc(pwg_query($query)); |
---|
| 509 | |
---|
| 510 | $element['url'] = make_index_url(array( |
---|
| 511 | 'section'=>'categories', |
---|
| 512 | 'category'=>$element, |
---|
| 513 | )); |
---|
| 514 | |
---|
[26144] | 515 | $element['name'] = trigger_change('render_category_name', $element['name']); |
---|
[26140] | 516 | |
---|
| 517 | if ($with_thumb) |
---|
| 518 | { |
---|
| 519 | if (empty($element['image_id']) and $conf['allow_random_representative']) |
---|
| 520 | { |
---|
| 521 | $image = get_picture_infos(get_random_image_in_category($element)); |
---|
| 522 | $element['thumbnail'] = $image['thumbnail']; |
---|
| 523 | } |
---|
| 524 | else |
---|
| 525 | { |
---|
| 526 | $element['thumbnail'] = DerivativeImage::thumb_url(array( |
---|
| 527 | 'id'=>$element['image_id'], |
---|
| 528 | 'path'=>$element['path'], |
---|
| 529 | )); |
---|
| 530 | } |
---|
| 531 | } |
---|
| 532 | |
---|
| 533 | return $element; |
---|
| 534 | } |
---|
| 535 | |
---|
| 536 | |
---|
| 537 | /** |
---|
| 538 | * check if the given user can view the category/image |
---|
| 539 | * @param: int user_id |
---|
| 540 | * @param: int element_id |
---|
| 541 | * @param: string type (image|category) |
---|
| 542 | * @return: bool |
---|
| 543 | */ |
---|
| 544 | function user_can_view_element($user_id, $element_id, $type) |
---|
| 545 | { |
---|
| 546 | global $conf; |
---|
| 547 | |
---|
| 548 | $old_conf = $conf['external_authentification']; |
---|
| 549 | $conf['external_authentification'] = false; |
---|
| 550 | $user = getuserdata($user_id, true); |
---|
| 551 | $conf['external_authentification'] = $old_conf; |
---|
| 552 | |
---|
| 553 | if ($type == 'image') |
---|
| 554 | { |
---|
| 555 | return !in_array($element_id, explode(',', $user['image_access_list'])); |
---|
| 556 | } |
---|
| 557 | else if ($type == 'category') |
---|
| 558 | { |
---|
| 559 | return !in_array($element_id, explode(',', $user['forbidden_categories'])); |
---|
| 560 | } |
---|
| 561 | else |
---|
| 562 | { |
---|
| 563 | return false; |
---|
| 564 | } |
---|
| 565 | } |
---|
| 566 | |
---|
| 567 | |
---|
| 568 | /** |
---|
| 569 | * crypt a string using mcrypt extension or |
---|
| 570 | * http://stackoverflow.com/questions/800922/how-to-encrypt-string-without-mcrypt-library-in-php/802957#802957 |
---|
| 571 | * @param: string value to crypt |
---|
| 572 | * @param: string key |
---|
| 573 | * @return: string |
---|
| 574 | */ |
---|
| 575 | function crypt_value($value, $key) |
---|
| 576 | { |
---|
| 577 | if (extension_loaded('mcrypt')) |
---|
| 578 | { |
---|
| 579 | $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); |
---|
| 580 | $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); |
---|
| 581 | $result = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $value, MCRYPT_MODE_ECB, $iv); |
---|
| 582 | } |
---|
| 583 | else |
---|
| 584 | { |
---|
| 585 | $result = null; |
---|
| 586 | for($i = 0; $i < strlen($value); $i++) |
---|
| 587 | { |
---|
| 588 | $char = substr($value, $i, 1); |
---|
| 589 | $keychar = substr($key, ($i % strlen($key))-1, 1); |
---|
| 590 | $char = chr(ord($char) + ord($keychar)); |
---|
| 591 | $result .= $char; |
---|
| 592 | } |
---|
| 593 | } |
---|
| 594 | |
---|
| 595 | $result = base64url_encode($result); |
---|
| 596 | return trim($result); |
---|
| 597 | } |
---|
| 598 | |
---|
| 599 | /** |
---|
| 600 | * decrypt a string crypted with previous function |
---|
| 601 | * @param: string value to decrypt |
---|
| 602 | * @param: string key |
---|
| 603 | * @return: string |
---|
| 604 | */ |
---|
| 605 | function decrypt_value($value, $key) |
---|
| 606 | { |
---|
| 607 | $value = base64url_decode($value); |
---|
| 608 | |
---|
| 609 | if (extension_loaded('mcrypt')) |
---|
| 610 | { |
---|
| 611 | $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); |
---|
| 612 | $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); |
---|
| 613 | $result = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $value, MCRYPT_MODE_ECB, $iv); |
---|
| 614 | } |
---|
| 615 | else |
---|
| 616 | { |
---|
| 617 | $result = null; |
---|
| 618 | for($i = 0; $i < strlen($value); $i++) |
---|
| 619 | { |
---|
| 620 | $char = substr($value, $i, 1); |
---|
| 621 | $keychar = substr($key, ($i % strlen($key))-1, 1); |
---|
| 622 | $char = chr(ord($char) - ord($keychar)); |
---|
| 623 | $result .= $char; |
---|
| 624 | } |
---|
| 625 | } |
---|
| 626 | |
---|
| 627 | return trim($result); |
---|
| 628 | } |
---|
| 629 | |
---|
| 630 | /** |
---|
| 631 | * variant of base64 functions usable into url |
---|
| 632 | * http://php.net/manual/en/function.base64-encode.php#103849 |
---|
| 633 | */ |
---|
| 634 | if (!function_exists('base64url_encode')) |
---|
| 635 | { |
---|
| 636 | function base64url_encode($data) |
---|
| 637 | { |
---|
| 638 | return rtrim(strtr(base64_encode($data), '+/', '-_'), '='); |
---|
| 639 | } |
---|
| 640 | function base64url_decode($data) |
---|
| 641 | { |
---|
| 642 | return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT)); |
---|
| 643 | } |
---|
| 644 | } |
---|