Context Navigation

source: trunk/include/functions_user.inc.php @ 2155

Last change on this file since 2155 was 2132, checked in by rvelices, 17 years ago
RSS feed is PWG charset iptc are now converted from iso-8859-1 or utf-8 (automatic detection) to pwg charset remove function get_language_filepath load_language also checks for the default language
Property svn:eol-style set to `LF` Property svn:keywords set to `Author Date Id Revision`
File size: 30.3 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| file : $Id: functions_user.inc.php 2132 2007-10-09 22:43:09Z rvelices $
8	// \| last update : $Date: 2007-10-09 22:43:09 +0000 (Tue, 09 Oct 2007) $
9	// \| last modifier : $Author: rvelices $
10	// \| revision : $Revision: 2132 $
11	// +-----------------------------------------------------------------------+
12	// \| This program is free software; you can redistribute it and/or modify \|
13	// \| it under the terms of the GNU General Public License as published by \|
14	// \| the Free Software Foundation \|
15	// \| \|
16	// \| This program is distributed in the hope that it will be useful, but \|
17	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
18	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
19	// \| General Public License for more details. \|
20	// \| \|
21	// \| You should have received a copy of the GNU General Public License \|
22	// \| along with this program; if not, write to the Free Software \|
23	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
24	// \| USA. \|
25	// +-----------------------------------------------------------------------+
26
27	// validate_mail_address:
28	// o verifies whether the given mail address has the
29	// right format. ie someone@domain.com "someone" can contain ".", "-" or
30	// even "_". Exactly as "domain". The extension doesn't have to be
31	// "com". The mail address can also be empty.
32	// o check if address could be empty
33	// o check if address is not used by a other user
34	// If the mail address doesn't correspond, an error message is returned.
35	//
36	function validate_mail_address($user_id, $mail_address)
37	{
38	global $conf;
39
40	if (empty($mail_address) and
41	!($conf['obligatory_user_mail_address'] and
42	in_array(script_basename(), array('register', 'profile'))))
43	{
44	return '';
45	}
46
47	$regex = '/^[\w-]+(\.[\w-]+)@[\w-]+(\.[\w-]+)\.[a-z]+$/';
48	if ( !preg_match( $regex, $mail_address ) )
49	{
50	return l10n('reg_err_mail_address');
51	}
52
53	if (defined("PHPWG_INSTALLED") and !empty($mail_address))
54	{
55	$query = '
56	select count(*)
57	from '.USERS_TABLE.'
58	where upper('.$conf['user_fields']['email'].') = upper(\''.$mail_address.'\')
59	'.(is_numeric($user_id) ? 'and '.$conf['user_fields']['id'].' != \''.$user_id.'\'' : '').'
60	;';
61	list($count) = mysql_fetch_array(pwg_query($query));
62	if ($count != 0)
63	{
64	return l10n('reg_err_mail_address_dbl');
65	}
66	}
67	}
68
69	function register_user($login, $password, $mail_address, $errors = array())
70	{
71	global $conf;
72
73	if ($login == '')
74	{
75	array_push($errors, l10n('reg_err_login1'));
76	}
77	if (ereg("^.* $", $login))
78	{
79	array_push($errors, l10n('reg_err_login2'));
80	}
81	if (ereg("^ .*$", $login))
82	{
83	array_push($errors, l10n('reg_err_login3'));
84	}
85	if (get_userid($login))
86	{
87	array_push($errors, l10n('reg_err_login5'));
88	}
89	$mail_error = validate_mail_address(null, $mail_address);
90	if ('' != $mail_error)
91	{
92	array_push($errors, $mail_error);
93	}
94
95	// if no error until here, registration of the user
96	if (count($errors) == 0)
97	{
98	// what will be the inserted id ?
99	$query = '
100	SELECT MAX('.$conf['user_fields']['id'].') + 1
101	FROM '.USERS_TABLE.'
102	;';
103	list($next_id) = mysql_fetch_array(pwg_query($query));
104
105	$insert =
106	array(
107	$conf['user_fields']['id'] => $next_id,
108	$conf['user_fields']['username'] => mysql_escape_string($login),
109	$conf['user_fields']['password'] => $conf['pass_convert']($password),
110	$conf['user_fields']['email'] => $mail_address
111	);
112
113	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
114	mass_inserts(USERS_TABLE, array_keys($insert), array($insert));
115
116	// Assign by default groups
117	{
118	$query = '
119	SELECT id
120	FROM '.GROUPS_TABLE.'
121	WHERE is_default = \''.boolean_to_string(true).'\'
122	ORDER BY id ASC
123	;';
124	$result = pwg_query($query);
125
126	$inserts = array();
127	while ($row = mysql_fetch_array($result))
128	{
129	array_push
130	(
131	$inserts,
132	array
133	(
134	'user_id' => $next_id,
135	'group_id' => $row['id']
136	)
137	);
138	}
139
140	if (count($inserts) != 0)
141	{
142	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
143	mass_inserts(USER_GROUP_TABLE, array('user_id', 'group_id'), $inserts);
144	}
145	}
146
147	create_user_infos($next_id);
148
149	trigger_action('register_user',
150	array(
151	'id'=>$next_id,
152	'username'=>$login,
153	'email'=>$mail_address,
154	)
155	);
156	}
157
158	return $errors;
159	}
160
161	function build_user( $user_id, $use_cache )
162	{
163	global $conf;
164
165	$user['id'] = $user_id;
166	$user = array_merge( $user, getuserdata($user_id, $use_cache) );
167
168	if ($user['id'] == $conf['guest_id'] and $user['status'] <> 'guest')
169	{
170	$user['status'] = 'guest';
171	$user['internal_status']['guest_must_be_guest'] = true;
172	}
173
174	// calculation of the number of picture to display per page
175	$user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page'];
176
177	if (is_admin($user['status']))
178	{
179	list($user['admin_template'], $user['admin_theme']) =
180	explode
181	(
182	'/',
183	isset($conf['default_admin_layout']) ? $conf['default_admin_layout']
184	: $user['template']
185	);
186	}
187
188	list($user['template'], $user['theme']) = explode('/', $user['template']);
189
190	return $user;
191	}
192
193	/**
194	* find informations related to the user identifier
195	*
196	* @param int user identifier
197	* @param boolean use_cache
198	* @param array
199	*/
200	function getuserdata($user_id, $use_cache)
201	{
202	global $conf;
203
204	$userdata = array();
205
206	$query = '
207	SELECT ';
208	$is_first = true;
209	foreach ($conf['user_fields'] as $pwgfield => $dbfield)
210	{
211	if ($is_first)
212	{
213	$is_first = false;
214	}
215	else
216	{
217	$query.= '
218	, ';
219	}
220	$query.= $dbfield.' AS '.$pwgfield;
221	}
222	$query.= '
223	FROM '.USERS_TABLE.'
224	WHERE '.$conf['user_fields']['id'].' = \''.$user_id.'\'
225	;';
226
227	$row = mysql_fetch_array(pwg_query($query));
228
229	while (true)
230	{
231	$query = '
232	SELECT ui., uc.
233	FROM '.USER_INFOS_TABLE.' AS ui LEFT JOIN '.USER_CACHE_TABLE.' AS uc
234	ON ui.user_id = uc.user_id
235	WHERE ui.user_id = \''.$user_id.'\'
236	;';
237	$result = pwg_query($query);
238	if (mysql_num_rows($result) > 0)
239	{
240	break;
241	}
242	else
243	{
244	create_user_infos($user_id);
245	}
246	}
247
248	$row = array_merge($row, mysql_fetch_array($result));
249
250	foreach ($row as $key => $value)
251	{
252	if (!is_numeric($key))
253	{
254	// If the field is true or false, the variable is transformed into a
255	// boolean value.
256	if ($value == 'true' or $value == 'false')
257	{
258	$userdata[$key] = get_boolean($value);
259	}
260	else
261	{
262	$userdata[$key] = $value;
263	}
264	}
265	}
266
267	if ($use_cache)
268	{
269	if (!isset($userdata['need_update'])
270	or !is_bool($userdata['need_update'])
271	or $userdata['need_update'] == true)
272	{
273	$userdata['forbidden_categories'] =
274	calculate_permissions($userdata['id'], $userdata['status']);
275
276	/* now we build the list of forbidden images (this list does not contain
277	images that are not in at least an authorized category)*/
278	$query = '
279	SELECT DISTINCT(id)
280	FROM '.IMAGES_TABLE.' INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id=image_id
281	WHERE category_id NOT IN ('.$userdata['forbidden_categories'].')
282	AND level>'.$userdata['level'];
283	$forbidden_ids = array_from_query($query, 'id');
284
285	if ( empty($forbidden_ids) )
286	{
287	array_push( $forbidden_ids, 0 );
288	}
289	$userdata['image_access_type'] = 'NOT IN'; //TODO maybe later
290	$userdata['image_access_list'] = implode(',',$forbidden_ids);
291
292	update_user_cache_categories($userdata);
293
294	// Set need update are done
295	$userdata['need_update'] = false;
296
297	// Indicate update done
298	$userdata['need_update_done'] = true;
299
300	$query = '
301	SELECT COUNT(DISTINCT(image_id)) as total
302	FROM '.IMAGE_CATEGORY_TABLE.'
303	WHERE category_id NOT IN ('.$userdata['forbidden_categories'].')
304	AND image_id '.$userdata['image_access_type'].' ('.$userdata['image_access_list'].')
305	;';
306	list($userdata['nb_total_images']) = mysql_fetch_array(pwg_query($query));
307
308	// update user cache
309	$query = '
310	DELETE FROM '.USER_CACHE_TABLE.'
311	WHERE user_id = '.$userdata['id'].'
312	;';
313	pwg_query($query);
314
315	$query = '
316	INSERT INTO '.USER_CACHE_TABLE.'
317	(user_id, need_update, forbidden_categories, nb_total_images,
318	image_access_type, image_access_list)
319	VALUES
320	('.$userdata['id'].',\''.boolean_to_string($userdata['need_update']).'\',\''
321	.$userdata['forbidden_categories'].'\','.$userdata['nb_total_images'].',"'
322	.$userdata['image_access_type'].'","'.$userdata['image_access_list'].'")
323	;';
324	pwg_query($query);
325	}
326	else
327	{
328	// Indicate update not done
329	$userdata['need_update_done'] = false;
330	}
331	}
332
333	return $userdata;
334	}
335
336	/*
337	* deletes favorites of the current user if he's not allowed to see them
338	*
339	* @return void
340	*/
341	function check_user_favorites()
342	{
343	global $user;
344
345	if ($user['forbidden_categories'] == '')
346	{
347	return;
348	}
349
350	// $filter['visible_categories'] and $filter['visible_images']
351	// must be not used because filter <> restriction
352	// retrieving images allowed : belonging to at least one authorized
353	// category
354	$query = '
355	SELECT DISTINCT f.image_id
356	FROM '.FAVORITES_TABLE.' AS f INNER JOIN '.IMAGE_CATEGORY_TABLE.' AS ic
357	ON f.image_id = ic.image_id
358	WHERE f.user_id = '.$user['id'].'
359	'.get_sql_condition_FandF
360	(
361	array
362	(
363	'forbidden_categories' => 'ic.category_id',
364	),
365	'AND'
366	).'
367	;';
368	$result = pwg_query($query);
369	$authorizeds = array();
370	while ($row = mysql_fetch_array($result))
371	{
372	array_push($authorizeds, $row['image_id']);
373	}
374
375	$query = '
376	SELECT image_id
377	FROM '.FAVORITES_TABLE.'
378	WHERE user_id = '.$user['id'].'
379	;';
380	$result = pwg_query($query);
381	$favorites = array();
382	while ($row = mysql_fetch_array($result))
383	{
384	array_push($favorites, $row['image_id']);
385	}
386
387	$to_deletes = array_diff($favorites, $authorizeds);
388
389	if (count($to_deletes) > 0)
390	{
391	$query = '
392	DELETE FROM '.FAVORITES_TABLE.'
393	WHERE image_id IN ('.implode(',', $to_deletes).')
394	AND user_id = '.$user['id'].'
395	;';
396	pwg_query($query);
397	}
398	}
399
400	/**
401	* calculates the list of forbidden categories for a given user
402	*
403	* Calculation is based on private categories minus categories authorized to
404	* the groups the user belongs to minus the categories directly authorized
405	* to the user. The list contains at least -1 to be compliant with queries
406	* such as "WHERE category_id NOT IN ($forbidden_categories)"
407	*
408	* @param int user_id
409	* @param string user_status
410	* @return string forbidden_categories
411	*/
412	function calculate_permissions($user_id, $user_status)
413	{
414	$private_array = array();
415	$authorized_array = array();
416
417	$query = '
418	SELECT id
419	FROM '.CATEGORIES_TABLE.'
420	WHERE status = \'private\'
421	;';
422	$result = pwg_query($query);
423	while ($row = mysql_fetch_array($result))
424	{
425	array_push($private_array, $row['id']);
426	}
427
428	// retrieve category ids directly authorized to the user
429	$query = '
430	SELECT cat_id
431	FROM '.USER_ACCESS_TABLE.'
432	WHERE user_id = '.$user_id.'
433	;';
434	$authorized_array = array_from_query($query, 'cat_id');
435
436	// retrieve category ids authorized to the groups the user belongs to
437	$query = '
438	SELECT cat_id
439	FROM '.USER_GROUP_TABLE.' AS ug INNER JOIN '.GROUP_ACCESS_TABLE.' AS ga
440	ON ug.group_id = ga.group_id
441	WHERE ug.user_id = '.$user_id.'
442	;';
443	$authorized_array =
444	array_merge(
445	$authorized_array,
446	array_from_query($query, 'cat_id')
447	);
448
449	// uniquify ids : some private categories might be authorized for the
450	// groups and for the user
451	$authorized_array = array_unique($authorized_array);
452
453	// only unauthorized private categories are forbidden
454	$forbidden_array = array_diff($private_array, $authorized_array);
455
456	// if user is not an admin, locked categories are forbidden
457	if (!is_admin($user_status))
458	{
459	$query = '
460	SELECT id
461	FROM '.CATEGORIES_TABLE.'
462	WHERE visible = \'false\'
463	;';
464	$result = pwg_query($query);
465	while ($row = mysql_fetch_array($result))
466	{
467	array_push($forbidden_array, $row['id']);
468	}
469	$forbidden_array = array_unique($forbidden_array);
470	}
471
472	if ( empty($forbidden_array) )
473	{// at least, the list contains 0 value. This category does not exists so
474	// where clauses such as "WHERE category_id NOT IN(0)" will always be
475	// true.
476	array_push($forbidden_array, 0);
477	}
478
479	return implode(',', $forbidden_array);
480	}
481
482	/**
483	* compute data of categories branches (one branch only)
484	*/
485	function compute_branch_cat_data(&$cats, &$list_cat_id, &$level, &$ref_level)
486	{
487	$date = '';
488	$count_images = 0;
489	$count_categories = 0;
490	do
491	{
492	$cat_id = array_pop($list_cat_id);
493	if (!is_null($cat_id))
494	{
495	// Count images and categories
496	$cats[$cat_id]['count_images'] += $count_images;
497	$cats[$cat_id]['count_categories'] += $count_categories;
498	$count_images = $cats[$cat_id]['count_images'];
499	$count_categories = $cats[$cat_id]['count_categories'] + 1;
500
501	if ((empty($cats[$cat_id]['max_date_last'])) or ($cats[$cat_id]['max_date_last'] < $date))
502	{
503	$cats[$cat_id]['max_date_last'] = $date;
504	}
505	else
506	{
507	$date = $cats[$cat_id]['max_date_last'];
508	}
509	$ref_level = substr_count($cats[$cat_id]['global_rank'], '.') + 1;
510	}
511	else
512	{
513	$ref_level = 0;
514	}
515	} while ($level <= $ref_level);
516
517	// Last cat updating must be added to list for next branch
518	if ($ref_level <> 0)
519	{
520	array_push($list_cat_id, $cat_id);
521	}
522	}
523
524	/**
525	* compute data of categories branches
526	*/
527	function compute_categories_data(&$cats)
528	{
529	$ref_level = 0;
530	$level = 0;
531	$list_cat_id = array();
532
533	foreach ($cats as $id => $category)
534	{
535	// Compute
536	$level = substr_count($category['global_rank'], '.') + 1;
537	if ($level > $ref_level)
538	{
539	array_push($list_cat_id, $id);
540	}
541	else
542	{
543	compute_branch_cat_data($cats, $list_cat_id, $level, $ref_level);
544	array_push($list_cat_id, $id);
545	}
546	$ref_level = $level;
547	}
548
549	$level = 1;
550	compute_branch_cat_data($cats, $list_cat_id, $level, $ref_level);
551	}
552
553	/**
554	* get computed array of categories
555	*
556	* @param array userdata
557	* @param int filter_days number of recent days to filter on or null
558	* @return array
559	*/
560	function get_computed_categories($userdata, $filter_days=null)
561	{
562	$group_by = '';
563
564	$query = 'SELECT c.id cat_id, global_rank';
565	// Count by date_available to avoid count null
566	$query .= ',
567	MAX(date_available) cat_date_last, COUNT(date_available) cat_nb_images
568	FROM '.CATEGORIES_TABLE.' as c
569	LEFT JOIN '.IMAGE_CATEGORY_TABLE.' AS ic ON ic.category_id = c.id
570	LEFT JOIN '.IMAGES_TABLE.' AS i
571	ON ic.image_id = i.id
572	AND i.level<='.$userdata['level'];
573
574	if ( isset($filter_days) )
575	{
576	$query .= ' AND i.date_available > SUBDATE(CURRENT_DATE,INTERVAL '.$filter_days.' DAY)';
577	}
578	$group_by = 'c.id';
579
580	if ( !empty($userdata['forbidden_categories']) )
581	{
582	$query.= '
583	WHERE c.id NOT IN ('.$userdata['forbidden_categories'].')';
584	}
585
586	if ( !empty($group_by) )
587	{
588	$query.= '
589	GROUP BY '.$group_by;
590	}
591
592	$result = pwg_query($query);
593
594	$cats = array();
595	while ($row = mysql_fetch_assoc($result))
596	{
597	$row['user_id'] = $userdata['id'];
598	$row['count_categories'] = 0;
599	$row['count_images'] = $row['cat_nb_images'];
600	$row['max_date_last'] = $row['cat_date_last'];
601
602	$cats += array($row['cat_id'] => $row);
603	}
604	usort($cats, 'global_rank_compare');
605
606	compute_categories_data($cats);
607
608	if ( isset($filter_days) )
609	{
610	$cat_tmp = $cats;
611	$cats = array();
612
613	foreach ($cat_tmp as $category)
614	{
615	if (!empty($category['max_date_last']))
616	{
617	// Re-init counters
618	$category['count_categories'] = 0;
619	$category['count_images'] = $category['cat_nb_images'];
620	// next line for update_cats_with_filtered_data
621	$category['nb_images'] = $category['cat_nb_images'];
622	// Keep category
623	$cats[$category['cat_id']] = $category;
624	}
625	}
626	// Compute a second time
627	compute_categories_data($cats);
628	}
629	return $cats;
630	}
631
632	/**
633	* update data of user_cache_categories
634	*
635	* @param array userdata
636	* @return null
637	*/
638	function update_user_cache_categories($userdata)
639	{
640	// delete user cache
641	$query = '
642	DELETE FROM '.USER_CACHE_CATEGORIES_TABLE.'
643	WHERE user_id = '.$userdata['id'].'
644	;';
645	pwg_query($query);
646
647	$cats = get_computed_categories($userdata, null);
648
649	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
650	mass_inserts
651	(
652	USER_CACHE_CATEGORIES_TABLE,
653	array
654	(
655	'user_id', 'cat_id',
656	'max_date_last', 'count_images', 'count_categories'
657	),
658	$cats
659	);
660	}
661
662	/**
663	* returns the username corresponding to the given user identifier if exists
664	*
665	* @param int user_id
666	* @return mixed
667	*/
668	function get_username($user_id)
669	{
670	global $conf;
671
672	$query = '
673	SELECT '.$conf['user_fields']['username'].'
674	FROM '.USERS_TABLE.'
675	WHERE '.$conf['user_fields']['id'].' = '.intval($user_id).'
676	;';
677	$result = pwg_query($query);
678	if (mysql_num_rows($result) > 0)
679	{
680	list($username) = mysql_fetch_row($result);
681	}
682	else
683	{
684	return false;
685	}
686
687	return $username;
688	}
689
690	/**
691	* returns user identifier thanks to his name, false if not found
692	*
693	* @param string username
694	* @param int user identifier
695	*/
696	function get_userid($username)
697	{
698	global $conf;
699
700	$username = mysql_escape_string($username);
701
702	$query = '
703	SELECT '.$conf['user_fields']['id'].'
704	FROM '.USERS_TABLE.'
705	WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
706	;';
707	$result = pwg_query($query);
708
709	if (mysql_num_rows($result) == 0)
710	{
711	return false;
712	}
713	else
714	{
715	list($user_id) = mysql_fetch_row($result);
716	return $user_id;
717	}
718	}
719
720	/**
721	* search an available feed_id
722	*
723	* @return string feed identifier
724	*/
725	function find_available_feed_id()
726	{
727	while (true)
728	{
729	$key = generate_key(50);
730	$query = '
731	SELECT COUNT(*)
732	FROM '.USER_FEED_TABLE.'
733	WHERE id = \''.$key.'\'
734	;';
735	list($count) = mysql_fetch_row(pwg_query($query));
736	if (0 == $count)
737	{
738	return $key;
739	}
740	}
741	}
742
743	/*
744	* Returns a array with default user value
745	*
746	* @param convert_str allows to convert string value if necessary
747	*/
748	function get_default_user_info($convert_str = true)
749	{
750	global $page, $conf;
751
752	if (!isset($page['cache_default_user']))
753	{
754	$query = 'select * from '.USER_INFOS_TABLE.
755	' where user_id = '.$conf['default_user_id'].';';
756
757	$result = pwg_query($query);
758	$page['cache_default_user'] = mysql_fetch_assoc($result);
759
760	if ($page['cache_default_user'] !== false)
761	{
762	unset($page['cache_default_user']['user_id']);
763	unset($page['cache_default_user']['status']);
764	unset($page['cache_default_user']['registration_date']);
765	}
766	}
767
768	if (is_array($page['cache_default_user']) and $convert_str)
769	{
770	$default_user = array();
771	foreach ($page['cache_default_user'] as $name => $value)
772	{
773	// If the field is true or false, the variable is transformed into a
774	// boolean value.
775	if ($value == 'true' or $value == 'false')
776	{
777	$default_user[$name] = get_boolean($value);
778	}
779	else
780	{
781	$default_user[$name] = $value;
782	}
783	}
784	return $default_user;
785	}
786	else
787	{
788	return $page['cache_default_user'];
789	}
790	}
791
792	/*
793	* Returns a default user value
794	*
795	* @param value_name: name of value
796	* @param sos_value: value used if don't exist value
797	*/
798	function get_default_user_value($value_name, $sos_value)
799	{
800	$default_user = get_default_user_info(true);
801	if ($default_user === false or !isset($default_user[$value_name]))
802	{
803	return $sos_value;
804	}
805	else
806	{
807	return $default_user[$value_name];
808	}
809	}
810
811	/*
812	* Returns the default template value
813	*
814	*/
815	function get_default_template()
816	{
817	return get_default_user_value('template', PHPWG_DEFAULT_TEMPLATE);
818	}
819
820	/*
821	* Returns the default language value
822	*
823	*/
824	function get_default_language()
825	{
826	return get_default_user_value('language', PHPWG_DEFAULT_LANGUAGE);
827	}
828
829	/**
830	* add user informations based on default values
831	*
832	* @param int user_id / array of user_if
833	* @param array of values used to override default user values
834	*/
835	function create_user_infos($arg_id, $override_values = null)
836	{
837	global $conf;
838
839	if (is_array($arg_id))
840	{
841	$user_ids = $arg_id;
842	}
843	else
844	{
845	$user_ids = array();
846	if (is_integer($arg_id))
847	{
848	$user_ids[] = $arg_id;
849	}
850	}
851
852	if (!empty($user_ids))
853	{
854	$inserts = array();
855	list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();'));
856
857	$default_user = get_default_user_info(false);
858	if ($default_user === false)
859	{
860	// Default on structure are used
861	$default_user = array();
862	}
863
864	if (!is_null($override_values))
865	{
866	$default_user = array_merge($default_user, $override_values);
867	}
868
869	foreach ($user_ids as $user_id)
870	{
871	$level= isset($default_user['level']) ? $default_user['level'] : 0;
872	if ($user_id == $conf['webmaster_id'])
873	{
874	$status = 'webmaster';
875	$level = max( $conf['available_permission_levels'] );
876	}
877	else if (($user_id == $conf['guest_id']) or
878	($user_id == $conf['default_user_id']))
879	{
880	$status = 'guest';
881	}
882	else
883	{
884	$status = 'normal';
885	}
886
887	$insert = array_merge(
888	$default_user,
889	array(
890	'user_id' => $user_id,
891	'status' => $status,
892	'registration_date' => $dbnow,
893	'level' => $level
894	));
895
896	array_push($inserts, $insert);
897	}
898
899	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
900	mass_inserts(USER_INFOS_TABLE, array_keys($inserts[0]), $inserts);
901
902	}
903	}
904
905	/**
906	* returns the groupname corresponding to the given group identifier if
907	* exists
908	*
909	* @param int group_id
910	* @return mixed
911	*/
912	function get_groupname($group_id)
913	{
914	$query = '
915	SELECT name
916	FROM '.GROUPS_TABLE.'
917	WHERE id = '.intval($group_id).'
918	;';
919	$result = pwg_query($query);
920	if (mysql_num_rows($result) > 0)
921	{
922	list($groupname) = mysql_fetch_row($result);
923	}
924	else
925	{
926	return false;
927	}
928
929	return $groupname;
930	}
931
932
933	/**
934	* returns the auto login key or false on error
935	* @param int user_id
936	* @param string [out] username
937	*/
938	function calculate_auto_login_key($user_id, &$username)
939	{
940	global $conf;
941	$query = '
942	SELECT '.$conf['user_fields']['username'].' AS username
943	, '.$conf['user_fields']['password'].' AS password
944	FROM '.USERS_TABLE.'
945	WHERE '.$conf['user_fields']['id'].' = '.$user_id;
946	$result = pwg_query($query);
947	if (mysql_num_rows($result) > 0)
948	{
949	$row = mysql_fetch_assoc($result);
950	$username = $row['username'];
951	$data = $row['username'].$row['password'];
952	$key = base64_encode(
953	pack('H*', sha1($data))
954	.hash_hmac('md5', $data, $conf['secret_key'],true)
955	);
956	return $key;
957	}
958	return false;
959	}
960
961	/*
962	* Performs all required actions for user login
963	* @param int user_id
964	* @param bool remember_me
965	* @return void
966	*/
967	function log_user($user_id, $remember_me)
968	{
969	global $conf, $user;
970
971	if ($remember_me and $conf['authorize_remembering'])
972	{
973	$key = calculate_auto_login_key($user_id, $username);
974	if ($key!==false)
975	{
976	$cookie = array('id' => (int)$user_id, 'key' => $key);
977	setcookie($conf['remember_me_name'],
978	serialize($cookie),
979	time()+$conf['remember_me_length'],
980	cookie_path()
981	);
982	}
983	}
984	else
985	{ // make sure we clean any remember me ...
986	setcookie($conf['remember_me_name'], '', 0, cookie_path());
987	}
988	if ( session_id()!="" )
989	{ // we regenerate the session for security reasons
990	// see http://www.acros.si/papers/session_fixation.pdf
991	session_regenerate_id();
992	}
993	else
994	{
995	session_start();
996	}
997	$_SESSION['pwg_uid'] = (int)$user_id;
998
999	$user['id'] = $_SESSION['pwg_uid'];
1000	}
1001
1002	/*
1003	* Performs auto-connexion when cookie remember_me exists
1004	* @return true/false
1005	*/
1006	function auto_login() {
1007	global $conf;
1008
1009	if ( isset( $_COOKIE[$conf['remember_me_name']] ) )
1010	{
1011	$cookie = unserialize(stripslashes($_COOKIE[$conf['remember_me_name']]));
1012	if ($cookie!==false and is_numeric(@$cookie['id']) )
1013	{
1014	$key = calculate_auto_login_key( $cookie['id'], $username );
1015	if ($key!==false and $key===$cookie['key'])
1016	{
1017	log_user($cookie['id'], true);
1018	trigger_action('login_success', $username);
1019	return true;
1020	}
1021	}
1022	setcookie($conf['remember_me_name'], '', 0, cookie_path());
1023	}
1024	return false;
1025	}
1026
1027	/**
1028	* Tries to login a user given username and password (must be MySql escaped)
1029	* return true on success
1030	*/
1031	function try_log_user($username, $password, $remember_me)
1032	{
1033	global $conf;
1034	// retrieving the encrypted password of the login submitted
1035	$query = '
1036	SELECT '.$conf['user_fields']['id'].' AS id,
1037	'.$conf['user_fields']['password'].' AS password
1038	FROM '.USERS_TABLE.'
1039	WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
1040	;';
1041	$row = mysql_fetch_assoc(pwg_query($query));
1042	if ($row['password'] == $conf['pass_convert']($password))
1043	{
1044	log_user($row['id'], $remember_me);
1045	trigger_action('login_success', $username);
1046	return true;
1047	}
1048	trigger_action('login_failure', $username);
1049	return false;
1050	}
1051
1052	/*
1053	* Return user status used in this library
1054	* @return string
1055	*/
1056	function get_user_status($user_status)
1057	{
1058	global $user;
1059
1060	if (empty($user_status))
1061	{
1062	if (isset($user['status']))
1063	{
1064	$user_status = $user['status'];
1065	}
1066	else
1067	{
1068	// swicth to default value
1069	$user_status = '';
1070	}
1071	}
1072	return $user_status;
1073	}
1074
1075	/*
1076	* Return access_type definition of uuser
1077	* Test does with user status
1078	* @return bool
1079	*/
1080	function get_access_type_status($user_status='')
1081	{
1082	global $conf;
1083
1084	switch (get_user_status($user_status))
1085	{
1086	case 'guest':
1087	{
1088	$access_type_status =
1089	($conf['guest_access'] ? ACCESS_GUEST : ACCESS_NONE);
1090	break;
1091	}
1092	case 'generic':
1093	{
1094	$access_type_status = ACCESS_GUEST;
1095	break;
1096	}
1097	case 'normal':
1098	{
1099	$access_type_status = ACCESS_CLASSIC;
1100	break;
1101	}
1102	case 'admin':
1103	{
1104	$access_type_status = ACCESS_ADMINISTRATOR;
1105	break;
1106	}
1107	case 'webmaster':
1108	{
1109	$access_type_status = ACCESS_WEBMASTER;
1110	break;
1111	}
1112	case 'default':
1113	{
1114	$access_type_status = ACCESS_NONE;
1115	}
1116	}
1117
1118	return $access_type_status;
1119	}
1120
1121	/*
1122	* Return if user have access to access_type definition
1123	* Test does with user status
1124	* @return bool
1125	*/
1126	function is_autorize_status($access_type, $user_status = '')
1127	{
1128	return (get_access_type_status($user_status) >= $access_type);
1129	}
1130
1131	/*
1132	* Check if user have access to access_type definition
1133	* Stop action if there are not access
1134	* Test does with user status
1135	* @return none
1136	*/
1137	function check_status($access_type, $user_status = '')
1138	{
1139	if (!is_autorize_status($access_type, $user_status))
1140	{
1141	access_denied();
1142	}
1143	}
1144
1145	/*
1146	* Return if user is only a guest
1147	* @return bool
1148	*/
1149	function is_a_guest($user_status = '')
1150	{
1151	return get_user_status($user_status) == 'guest';
1152	}
1153
1154	/*
1155	* Return if user is, at least, a classic user
1156	* @return bool
1157	*/
1158	function is_classic_user($user_status = '')
1159	{
1160	return is_autorize_status(ACCESS_CLASSIC, $user_status);
1161	}
1162
1163	/*
1164	* Return if user is, at least, an administrator
1165	* @return bool
1166	*/
1167	function is_admin($user_status = '')
1168	{
1169	return is_autorize_status(ACCESS_ADMINISTRATOR, $user_status);
1170	}
1171
1172	/*
1173	* Return if current user is an adviser
1174	* @return bool
1175	*/
1176	function is_adviser()
1177	{
1178	global $user;
1179
1180	return ($user['adviser'] == 'true');
1181	}
1182
1183	/*
1184	* Return mail address as display text
1185	* @return string
1186	*/
1187	function get_email_address_as_display_text($email_address)
1188	{
1189	global $conf;
1190
1191	if (!isset($email_address) or (trim($email_address) == ''))
1192	{
1193	return '';
1194	}
1195	else
1196	{
1197	if (is_adviser())
1198	{
1199	return 'adviser.mode@'.$_SERVER['SERVER_NAME'];
1200	}
1201	else
1202	{
1203	return $email_address;
1204	}
1205	}
1206	}
1207
1208	/*
1209	* Compute sql where condition with restrict and filter data. "FandF" means
1210	* Forbidden and Filters.
1211	*
1212	* @param array condition_fields: read function body
1213	* @param string prefix_condition: prefixes sql if condition is not empty
1214	* @param boolean force_one_condition: use at least "1 = 1"
1215	*
1216	* @return string sql where/conditions
1217	*/
1218	function get_sql_condition_FandF(
1219	$condition_fields,
1220	$prefix_condition = null,
1221	$force_one_condition = false
1222	)
1223	{
1224	global $user, $filter;
1225
1226	$sql_list = array();
1227
1228	foreach ($condition_fields as $condition => $field_name)
1229	{
1230	switch($condition)
1231	{
1232	case 'forbidden_categories':
1233	{
1234	if (!empty($user['forbidden_categories']))
1235	{
1236	$sql_list[] =
1237	$field_name.' NOT IN ('.$user['forbidden_categories'].')';
1238	}
1239	break;
1240	}
1241	case 'visible_categories':
1242	{
1243	if (!empty($filter['visible_categories']))
1244	{
1245	$sql_list[] =
1246	$field_name.' IN ('.$filter['visible_categories'].')';
1247	}
1248	break;
1249	}
1250	case 'visible_images':
1251	if (!empty($filter['visible_images']))
1252	{
1253	$sql_list[] =
1254	$field_name.' IN ('.$filter['visible_images'].')';
1255	}
1256	// note there is no break - visible include forbidden
1257	case 'forbidden_images':
1258	if (
1259	!empty($user['image_access_list'])
1260	or $user['image_access_type']!='NOT IN'
1261	)
1262	{
1263	$table_prefix=null;
1264	if ($field_name=='id')
1265	{
1266	$table_prefix = '';
1267	}
1268	elseif ($field_name=='i.id')
1269	{
1270	$table_prefix = 'i.';
1271	}
1272	if ( isset($table_prefix) )
1273	{
1274	$sql_list[]=$table_prefix.'level<='.$user['level'];
1275	}
1276	else
1277	{
1278	$sql_list[]=$field_name.' '.$user['image_access_type']
1279	.' ('.$user['image_access_list'].')';
1280	}
1281	}
1282	break;
1283	default:
1284	{
1285	die('Unknow condition');
1286	break;
1287	}
1288	}
1289	}
1290
1291	if (count($sql_list) > 0)
1292	{
1293	$sql = '('.implode(' AND ', $sql_list).')';
1294	}
1295	else
1296	{
1297	if ($force_one_condition)
1298	{
1299	$sql = '1 = 1';
1300	}
1301	else
1302	{
1303	$sql = '';
1304	}
1305	}
1306
1307	if (isset($prefix_condition) and !empty($sql))
1308	{
1309	$sql = $prefix_condition.' '.$sql;
1310	}
1311
1312	return $sql;
1313	}
1314
1315	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: