Context Navigation

source: trunk/include/functions_user.inc.php @ 3049

Last change on this file since 3049 was 3049, checked in by plg, 15 years ago
Administration: happy new year 2009, all PHP headers updated.
Property svn:eol-style set to `LF` Property svn:keywords set to `Author Date Id Revision`
File size: 32.6 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2009 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	// validate_mail_address:
25	// o verifies whether the given mail address has the
26	// right format. ie someone@domain.com "someone" can contain ".", "-" or
27	// even "_". Exactly as "domain". The extension doesn't have to be
28	// "com". The mail address can also be empty.
29	// o check if address could be empty
30	// o check if address is not used by a other user
31	// If the mail address doesn't correspond, an error message is returned.
32	//
33	function validate_mail_address($user_id, $mail_address)
34	{
35	global $conf;
36
37	if (empty($mail_address) and
38	!($conf['obligatory_user_mail_address'] and
39	in_array(script_basename(), array('register', 'profile'))))
40	{
41	return '';
42	}
43
44	$atom = '[-a-z0-9!#$%&\'*+\\/=?^_`{\|}~]'; // before arobase
45	$domain = '([a-z0-9]([-a-z0-9]*[a-z0-9]+)?)'; // domain name
46	$regex = '/^' . $atom . '+' . '(\.' . $atom . '+)*' . '@' . '(' . $domain . '{1,63}\.)+' . $domain . '{2,63}$/i';
47
48	if ( !preg_match( $regex, $mail_address ) )
49	{
50	return l10n('reg_err_mail_address');
51	}
52
53	if (defined("PHPWG_INSTALLED") and !empty($mail_address))
54	{
55	$query = '
56	select count(*)
57	from '.USERS_TABLE.'
58	where upper('.$conf['user_fields']['email'].') = upper(\''.$mail_address.'\')
59	'.(is_numeric($user_id) ? 'and '.$conf['user_fields']['id'].' != \''.$user_id.'\'' : '').'
60	;';
61	list($count) = mysql_fetch_array(pwg_query($query));
62	if ($count != 0)
63	{
64	return l10n('reg_err_mail_address_dbl');
65	}
66	}
67	}
68
69	function register_user($login, $password, $mail_address,
70	$with_notification = true, $errors = array())
71	{
72	global $conf;
73
74	if ($login == '')
75	{
76	array_push($errors, l10n('reg_err_login1'));
77	}
78	if (ereg("^.* $", $login))
79	{
80	array_push($errors, l10n('reg_err_login2'));
81	}
82	if (ereg("^ .*$", $login))
83	{
84	array_push($errors, l10n('reg_err_login3'));
85	}
86	if (get_userid($login))
87	{
88	array_push($errors, l10n('reg_err_login5'));
89	}
90	$mail_error = validate_mail_address(null, $mail_address);
91	if ('' != $mail_error)
92	{
93	array_push($errors, $mail_error);
94	}
95
96	$errors = trigger_event('register_user_check',
97	$errors,
98	array(
99	'username'=>$login,
100	'password'=>$password,
101	'email'=>$mail_address,
102	)
103	);
104
105	// if no error until here, registration of the user
106	if (count($errors) == 0)
107	{
108	// what will be the inserted id ?
109	$query = '
110	SELECT MAX('.$conf['user_fields']['id'].') + 1
111	FROM '.USERS_TABLE.'
112	;';
113	list($next_id) = mysql_fetch_array(pwg_query($query));
114
115	$insert =
116	array(
117	$conf['user_fields']['id'] => $next_id,
118	$conf['user_fields']['username'] => mysql_real_escape_string($login),
119	$conf['user_fields']['password'] => $conf['pass_convert']($password),
120	$conf['user_fields']['email'] => $mail_address
121	);
122
123	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
124	mass_inserts(USERS_TABLE, array_keys($insert), array($insert));
125
126	// Assign by default groups
127	{
128	$query = '
129	SELECT id
130	FROM '.GROUPS_TABLE.'
131	WHERE is_default = \''.boolean_to_string(true).'\'
132	ORDER BY id ASC
133	;';
134	$result = pwg_query($query);
135
136	$inserts = array();
137	while ($row = mysql_fetch_array($result))
138	{
139	array_push
140	(
141	$inserts,
142	array
143	(
144	'user_id' => $next_id,
145	'group_id' => $row['id']
146	)
147	);
148	}
149	}
150
151	if (count($inserts) != 0)
152	{
153	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
154	mass_inserts(USER_GROUP_TABLE, array('user_id', 'group_id'), $inserts);
155	}
156
157	$override = null;
158	if ($with_notification and $conf['browser_language'])
159	{
160	if ( !get_browser_language($override['language']) )
161	$override=null;
162	}
163	create_user_infos($next_id, $override);
164
165	if ($with_notification and $conf['email_admin_on_new_user'])
166	{
167	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
168	$admin_url = get_absolute_root_url()
169	.'admin.php?page=user_list&username='.$login;
170
171	$keyargs_content = array
172	(
173	get_l10n_args('User: %s', $login),
174	get_l10n_args('Email: %s', $_POST['mail_address']),
175	get_l10n_args('', ''),
176	get_l10n_args('Admin: %s', $admin_url)
177	);
178
179	pwg_mail_notification_admins
180	(
181	get_l10n_args('Registration of %s', $login),
182	$keyargs_content
183	);
184	}
185
186	trigger_action('register_user',
187	array(
188	'id'=>$next_id,
189	'username'=>$login,
190	'email'=>$mail_address,
191	)
192	);
193	}
194
195	return $errors;
196	}
197
198	function build_user( $user_id, $use_cache )
199	{
200	global $conf;
201
202	$user['id'] = $user_id;
203	$user = array_merge( $user, getuserdata($user_id, $use_cache) );
204
205	if ($user['id'] == $conf['guest_id'] and $user['status'] <> 'guest')
206	{
207	$user['status'] = 'guest';
208	$user['internal_status']['guest_must_be_guest'] = true;
209	}
210
211	// calculation of the number of picture to display per page
212	$user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page'];
213
214	list($user['template'], $user['theme']) = explode('/', $user['template']);
215
216	return $user;
217	}
218
219	/**
220	* find informations related to the user identifier
221	*
222	* @param int user identifier
223	* @param boolean use_cache
224	* @param array
225	*/
226	function getuserdata($user_id, $use_cache)
227	{
228	global $conf;
229
230	$userdata = array();
231
232	$query = '
233	SELECT ';
234	$is_first = true;
235	foreach ($conf['user_fields'] as $pwgfield => $dbfield)
236	{
237	if ($is_first)
238	{
239	$is_first = false;
240	}
241	else
242	{
243	$query.= '
244	, ';
245	}
246	$query.= $dbfield.' AS '.$pwgfield;
247	}
248	$query.= '
249	FROM '.USERS_TABLE.'
250	WHERE '.$conf['user_fields']['id'].' = \''.$user_id.'\'
251	;';
252
253	$row = mysql_fetch_array(pwg_query($query));
254
255	while (true)
256	{
257	$query = '
258	SELECT ui., uc.
259	FROM '.USER_INFOS_TABLE.' AS ui LEFT JOIN '.USER_CACHE_TABLE.' AS uc
260	ON ui.user_id = uc.user_id
261	WHERE ui.user_id = \''.$user_id.'\'
262	;';
263	$result = pwg_query($query);
264	if (mysql_num_rows($result) > 0)
265	{
266	break;
267	}
268	else
269	{
270	create_user_infos($user_id);
271	}
272	}
273
274	$row = array_merge($row, mysql_fetch_array($result));
275
276	foreach ($row as $key => $value)
277	{
278	if (!is_numeric($key))
279	{
280	// If the field is true or false, the variable is transformed into a
281	// boolean value.
282	if ($value == 'true' or $value == 'false')
283	{
284	$userdata[$key] = get_boolean($value);
285	}
286	else
287	{
288	$userdata[$key] = $value;
289	}
290	}
291	}
292
293	if ($use_cache)
294	{
295	if (!isset($userdata['need_update'])
296	or !is_bool($userdata['need_update'])
297	or $userdata['need_update'] == true)
298	{
299	$userdata['cache_update_time'] = time();
300
301	// Set need update are done
302	$userdata['need_update'] = false;
303
304	$userdata['forbidden_categories'] =
305	calculate_permissions($userdata['id'], $userdata['status']);
306
307	/* now we build the list of forbidden images (this list does not contain
308	images that are not in at least an authorized category)*/
309	$query = '
310	SELECT DISTINCT(id)
311	FROM '.IMAGES_TABLE.' INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id=image_id
312	WHERE category_id NOT IN ('.$userdata['forbidden_categories'].')
313	AND level>'.$userdata['level'];
314	$forbidden_ids = array_from_query($query, 'id');
315
316	if ( empty($forbidden_ids) )
317	{
318	array_push( $forbidden_ids, 0 );
319	}
320	$userdata['image_access_type'] = 'NOT IN'; //TODO maybe later
321	$userdata['image_access_list'] = implode(',',$forbidden_ids);
322
323	update_user_cache_categories($userdata);
324
325	$query = '
326	SELECT COUNT(DISTINCT(image_id)) as total
327	FROM '.IMAGE_CATEGORY_TABLE.'
328	WHERE category_id NOT IN ('.$userdata['forbidden_categories'].')
329	AND image_id '.$userdata['image_access_type'].' ('.$userdata['image_access_list'].')
330	;';
331	list($userdata['nb_total_images']) = mysql_fetch_array(pwg_query($query));
332
333	// update user cache
334	$query = '
335	DELETE FROM '.USER_CACHE_TABLE.'
336	WHERE user_id = '.$userdata['id'].'
337	;';
338	pwg_query($query);
339
340	$query = '
341	INSERT INTO '.USER_CACHE_TABLE.'
342	(user_id, need_update, cache_update_time, forbidden_categories, nb_total_images,
343	image_access_type, image_access_list)
344	VALUES
345	('.$userdata['id'].',\''.boolean_to_string($userdata['need_update']).'\','
346	.$userdata['cache_update_time'].',\''
347	.$userdata['forbidden_categories'].'\','.$userdata['nb_total_images'].',"'
348	.$userdata['image_access_type'].'","'.$userdata['image_access_list'].'")
349	;';
350	pwg_query($query);
351	}
352	}
353
354	return $userdata;
355	}
356
357	/*
358	* deletes favorites of the current user if he's not allowed to see them
359	*
360	* @return void
361	*/
362	function check_user_favorites()
363	{
364	global $user;
365
366	if ($user['forbidden_categories'] == '')
367	{
368	return;
369	}
370
371	// $filter['visible_categories'] and $filter['visible_images']
372	// must be not used because filter <> restriction
373	// retrieving images allowed : belonging to at least one authorized
374	// category
375	$query = '
376	SELECT DISTINCT f.image_id
377	FROM '.FAVORITES_TABLE.' AS f INNER JOIN '.IMAGE_CATEGORY_TABLE.' AS ic
378	ON f.image_id = ic.image_id
379	WHERE f.user_id = '.$user['id'].'
380	'.get_sql_condition_FandF
381	(
382	array
383	(
384	'forbidden_categories' => 'ic.category_id',
385	),
386	'AND'
387	).'
388	;';
389	$result = pwg_query($query);
390	$authorizeds = array();
391	while ($row = mysql_fetch_array($result))
392	{
393	array_push($authorizeds, $row['image_id']);
394	}
395
396	$query = '
397	SELECT image_id
398	FROM '.FAVORITES_TABLE.'
399	WHERE user_id = '.$user['id'].'
400	;';
401	$result = pwg_query($query);
402	$favorites = array();
403	while ($row = mysql_fetch_array($result))
404	{
405	array_push($favorites, $row['image_id']);
406	}
407
408	$to_deletes = array_diff($favorites, $authorizeds);
409
410	if (count($to_deletes) > 0)
411	{
412	$query = '
413	DELETE FROM '.FAVORITES_TABLE.'
414	WHERE image_id IN ('.implode(',', $to_deletes).')
415	AND user_id = '.$user['id'].'
416	;';
417	pwg_query($query);
418	}
419	}
420
421	/**
422	* calculates the list of forbidden categories for a given user
423	*
424	* Calculation is based on private categories minus categories authorized to
425	* the groups the user belongs to minus the categories directly authorized
426	* to the user. The list contains at least -1 to be compliant with queries
427	* such as "WHERE category_id NOT IN ($forbidden_categories)"
428	*
429	* @param int user_id
430	* @param string user_status
431	* @return string forbidden_categories
432	*/
433	function calculate_permissions($user_id, $user_status)
434	{
435	$private_array = array();
436	$authorized_array = array();
437
438	$query = '
439	SELECT id
440	FROM '.CATEGORIES_TABLE.'
441	WHERE status = \'private\'
442	;';
443	$result = pwg_query($query);
444	while ($row = mysql_fetch_array($result))
445	{
446	array_push($private_array, $row['id']);
447	}
448
449	// retrieve category ids directly authorized to the user
450	$query = '
451	SELECT cat_id
452	FROM '.USER_ACCESS_TABLE.'
453	WHERE user_id = '.$user_id.'
454	;';
455	$authorized_array = array_from_query($query, 'cat_id');
456
457	// retrieve category ids authorized to the groups the user belongs to
458	$query = '
459	SELECT cat_id
460	FROM '.USER_GROUP_TABLE.' AS ug INNER JOIN '.GROUP_ACCESS_TABLE.' AS ga
461	ON ug.group_id = ga.group_id
462	WHERE ug.user_id = '.$user_id.'
463	;';
464	$authorized_array =
465	array_merge(
466	$authorized_array,
467	array_from_query($query, 'cat_id')
468	);
469
470	// uniquify ids : some private categories might be authorized for the
471	// groups and for the user
472	$authorized_array = array_unique($authorized_array);
473
474	// only unauthorized private categories are forbidden
475	$forbidden_array = array_diff($private_array, $authorized_array);
476
477	// if user is not an admin, locked categories are forbidden
478	if (!is_admin($user_status))
479	{
480	$query = '
481	SELECT id
482	FROM '.CATEGORIES_TABLE.'
483	WHERE visible = \'false\'
484	;';
485	$result = pwg_query($query);
486	while ($row = mysql_fetch_array($result))
487	{
488	array_push($forbidden_array, $row['id']);
489	}
490	$forbidden_array = array_unique($forbidden_array);
491	}
492
493	if ( empty($forbidden_array) )
494	{// at least, the list contains 0 value. This category does not exists so
495	// where clauses such as "WHERE category_id NOT IN(0)" will always be
496	// true.
497	array_push($forbidden_array, 0);
498	}
499
500	return implode(',', $forbidden_array);
501	}
502
503	/**
504	* compute data of categories branches (one branch only)
505	*/
506	function compute_branch_cat_data(&$cats, &$list_cat_id, &$level, &$ref_level)
507	{
508	$date = '';
509	$count_images = 0;
510	$count_categories = 0;
511	do
512	{
513	$cat_id = array_pop($list_cat_id);
514	if (!is_null($cat_id))
515	{
516	// Count images and categories
517	$cats[$cat_id]['count_images'] += $count_images;
518	$cats[$cat_id]['count_categories'] += $count_categories;
519	$count_images = $cats[$cat_id]['count_images'];
520	$count_categories = $cats[$cat_id]['count_categories'] + 1;
521
522	if ((empty($cats[$cat_id]['max_date_last'])) or ($cats[$cat_id]['max_date_last'] < $date))
523	{
524	$cats[$cat_id]['max_date_last'] = $date;
525	}
526	else
527	{
528	$date = $cats[$cat_id]['max_date_last'];
529	}
530	$ref_level = substr_count($cats[$cat_id]['global_rank'], '.') + 1;
531	}
532	else
533	{
534	$ref_level = 0;
535	}
536	} while ($level <= $ref_level);
537
538	// Last cat updating must be added to list for next branch
539	if ($ref_level <> 0)
540	{
541	array_push($list_cat_id, $cat_id);
542	}
543	}
544
545	/**
546	* compute data of categories branches
547	*/
548	function compute_categories_data(&$cats)
549	{
550	$ref_level = 0;
551	$level = 0;
552	$list_cat_id = array();
553
554	foreach ($cats as $id => $category)
555	{
556	// Compute
557	$level = substr_count($category['global_rank'], '.') + 1;
558	if ($level > $ref_level)
559	{
560	array_push($list_cat_id, $id);
561	}
562	else
563	{
564	compute_branch_cat_data($cats, $list_cat_id, $level, $ref_level);
565	array_push($list_cat_id, $id);
566	}
567	$ref_level = $level;
568	}
569
570	$level = 1;
571	compute_branch_cat_data($cats, $list_cat_id, $level, $ref_level);
572	}
573
574	/**
575	* get computed array of categories
576	*
577	* @param array userdata
578	* @param int filter_days number of recent days to filter on or null
579	* @return array
580	*/
581	function get_computed_categories($userdata, $filter_days=null)
582	{
583	$query = 'SELECT c.id cat_id, global_rank';
584	// Count by date_available to avoid count null
585	$query .= ',
586	MAX(date_available) date_last, COUNT(date_available) nb_images
587	FROM '.CATEGORIES_TABLE.' as c
588	LEFT JOIN '.IMAGE_CATEGORY_TABLE.' AS ic ON ic.category_id = c.id
589	LEFT JOIN '.IMAGES_TABLE.' AS i
590	ON ic.image_id = i.id
591	AND i.level<='.$userdata['level'];
592
593	if ( isset($filter_days) )
594	{
595	$query .= ' AND i.date_available > SUBDATE(CURRENT_DATE,INTERVAL '.$filter_days.' DAY)';
596	}
597
598	if ( !empty($userdata['forbidden_categories']) )
599	{
600	$query.= '
601	WHERE c.id NOT IN ('.$userdata['forbidden_categories'].')';
602	}
603
604	$query.= '
605	GROUP BY c.id';
606
607	$result = pwg_query($query);
608
609	$cats = array();
610	while ($row = mysql_fetch_assoc($result))
611	{
612	$row['user_id'] = $userdata['id'];
613	$row['count_categories'] = 0;
614	$row['count_images'] = (int)$row['nb_images'];
615	$row['max_date_last'] = $row['date_last'];
616
617	$cats += array($row['cat_id'] => $row);
618	}
619	usort($cats, 'global_rank_compare');
620
621	compute_categories_data($cats);
622
623	if ( isset($filter_days) )
624	{
625	$cat_tmp = $cats;
626	$cats = array();
627
628	foreach ($cat_tmp as $category)
629	{
630	if (!empty($category['max_date_last']))
631	{
632	// Re-init counters
633	$category['count_categories'] = 0;
634	$category['count_images'] = (int)$category['nb_images'];
635	// Keep category
636	$cats[$category['cat_id']] = $category;
637	}
638	}
639	// Compute a second time
640	compute_categories_data($cats);
641	}
642	return $cats;
643	}
644
645	/**
646	* update data of user_cache_categories
647	*
648	* @param array userdata
649	* @return null
650	*/
651	function update_user_cache_categories($userdata)
652	{
653	// delete user cache
654	$query = '
655	DELETE FROM '.USER_CACHE_CATEGORIES_TABLE.'
656	WHERE user_id = '.$userdata['id'].'
657	;';
658	pwg_query($query);
659
660	$cats = get_computed_categories($userdata, null);
661
662	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
663	mass_inserts
664	(
665	USER_CACHE_CATEGORIES_TABLE,
666	array
667	(
668	'user_id', 'cat_id',
669	'date_last', 'max_date_last', 'nb_images', 'count_images', 'count_categories'
670	),
671	$cats
672	);
673	}
674
675	/**
676	* returns the username corresponding to the given user identifier if exists
677	*
678	* @param int user_id
679	* @return mixed
680	*/
681	function get_username($user_id)
682	{
683	global $conf;
684
685	$query = '
686	SELECT '.$conf['user_fields']['username'].'
687	FROM '.USERS_TABLE.'
688	WHERE '.$conf['user_fields']['id'].' = '.intval($user_id).'
689	;';
690	$result = pwg_query($query);
691	if (mysql_num_rows($result) > 0)
692	{
693	list($username) = mysql_fetch_row($result);
694	}
695	else
696	{
697	return false;
698	}
699
700	return $username;
701	}
702
703	/**
704	* returns user identifier thanks to his name, false if not found
705	*
706	* @param string username
707	* @param int user identifier
708	*/
709	function get_userid($username)
710	{
711	global $conf;
712
713	$username = mysql_real_escape_string($username);
714
715	$query = '
716	SELECT '.$conf['user_fields']['id'].'
717	FROM '.USERS_TABLE.'
718	WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
719	;';
720	$result = pwg_query($query);
721
722	if (mysql_num_rows($result) == 0)
723	{
724	return false;
725	}
726	else
727	{
728	list($user_id) = mysql_fetch_row($result);
729	return $user_id;
730	}
731	}
732
733	/**
734	* search an available feed_id
735	*
736	* @return string feed identifier
737	*/
738	function find_available_feed_id()
739	{
740	while (true)
741	{
742	$key = generate_key(50);
743	$query = '
744	SELECT COUNT(*)
745	FROM '.USER_FEED_TABLE.'
746	WHERE id = \''.$key.'\'
747	;';
748	list($count) = mysql_fetch_row(pwg_query($query));
749	if (0 == $count)
750	{
751	return $key;
752	}
753	}
754	}
755
756	/*
757	* Returns a array with default user value
758	*
759	* @param convert_str allows to convert string value if necessary
760	*/
761	function get_default_user_info($convert_str = true)
762	{
763	global $page, $conf;
764
765	if (!isset($page['cache_default_user']))
766	{
767	$query = 'select * from '.USER_INFOS_TABLE.
768	' where user_id = '.$conf['default_user_id'].';';
769
770	$result = pwg_query($query);
771	$page['cache_default_user'] = mysql_fetch_assoc($result);
772
773	if ($page['cache_default_user'] !== false)
774	{
775	unset($page['cache_default_user']['user_id']);
776	unset($page['cache_default_user']['status']);
777	unset($page['cache_default_user']['registration_date']);
778	}
779	}
780
781	if (is_array($page['cache_default_user']) and $convert_str)
782	{
783	$default_user = array();
784	foreach ($page['cache_default_user'] as $name => $value)
785	{
786	// If the field is true or false, the variable is transformed into a
787	// boolean value.
788	if ($value == 'true' or $value == 'false')
789	{
790	$default_user[$name] = get_boolean($value);
791	}
792	else
793	{
794	$default_user[$name] = $value;
795	}
796	}
797	return $default_user;
798	}
799	else
800	{
801	return $page['cache_default_user'];
802	}
803	}
804
805	/*
806	* Returns a default user value
807	*
808	* @param value_name: name of value
809	* @param sos_value: value used if don't exist value
810	*/
811	function get_default_user_value($value_name, $sos_value)
812	{
813	$default_user = get_default_user_info(true);
814	if ($default_user === false or !isset($default_user[$value_name]))
815	{
816	return $sos_value;
817	}
818	else
819	{
820	return $default_user[$value_name];
821	}
822	}
823
824	/*
825	* Returns the default template value
826	*
827	*/
828	function get_default_template()
829	{
830	return get_default_user_value('template', PHPWG_DEFAULT_TEMPLATE);
831	}
832
833	/*
834	* Returns the default language value
835	*
836	*/
837	function get_default_language()
838	{
839	return get_default_user_value('language', PHPWG_DEFAULT_LANGUAGE);
840	}
841
842	/**
843	* Returns true if the browser language value is set into param $lang
844	*
845	*/
846	function get_browser_language(&$lang)
847	{
848	$browser_language = substr(@$_SERVER["HTTP_ACCEPT_LANGUAGE"], 0, 2);
849	foreach (get_languages() as $language_code => $language_name)
850	{
851	if (substr($language_code, 0, 2) == $browser_language)
852	{
853	$lang = $language_code;
854	return true;
855	}
856	}
857	return false;
858	}
859
860	/**
861	* add user informations based on default values
862	*
863	* @param int user_id / array of user_if
864	* @param array of values used to override default user values
865	*/
866	function create_user_infos($arg_id, $override_values = null)
867	{
868	global $conf;
869
870	if (is_array($arg_id))
871	{
872	$user_ids = $arg_id;
873	}
874	else
875	{
876	$user_ids = array();
877	if (is_numeric($arg_id))
878	{
879	$user_ids[] = $arg_id;
880	}
881	}
882
883	if (!empty($user_ids))
884	{
885	$inserts = array();
886	list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();'));
887
888	$default_user = get_default_user_info(false);
889	if ($default_user === false)
890	{
891	// Default on structure are used
892	$default_user = array();
893	}
894
895	if (!is_null($override_values))
896	{
897	$default_user = array_merge($default_user, $override_values);
898	}
899
900	foreach ($user_ids as $user_id)
901	{
902	$level= isset($default_user['level']) ? $default_user['level'] : 0;
903	if ($user_id == $conf['webmaster_id'])
904	{
905	$status = 'webmaster';
906	$level = max( $conf['available_permission_levels'] );
907	}
908	else if (($user_id == $conf['guest_id']) or
909	($user_id == $conf['default_user_id']))
910	{
911	$status = 'guest';
912	}
913	else
914	{
915	$status = 'normal';
916	}
917
918	$insert = array_merge(
919	$default_user,
920	array(
921	'user_id' => $user_id,
922	'status' => $status,
923	'registration_date' => $dbnow,
924	'level' => $level
925	));
926
927	array_push($inserts, $insert);
928	}
929
930	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
931	mass_inserts(USER_INFOS_TABLE, array_keys($inserts[0]), $inserts);
932
933	}
934	}
935
936	/**
937	* returns the groupname corresponding to the given group identifier if
938	* exists
939	*
940	* @param int group_id
941	* @return mixed
942	*/
943	function get_groupname($group_id)
944	{
945	$query = '
946	SELECT name
947	FROM '.GROUPS_TABLE.'
948	WHERE id = '.intval($group_id).'
949	;';
950	$result = pwg_query($query);
951	if (mysql_num_rows($result) > 0)
952	{
953	list($groupname) = mysql_fetch_row($result);
954	}
955	else
956	{
957	return false;
958	}
959
960	return $groupname;
961	}
962
963
964	/**
965	* returns the auto login key or false on error
966	* @param int user_id
967	* @param time_t time
968	* @param string [out] username
969	*/
970	function calculate_auto_login_key($user_id, $time, &$username)
971	{
972	global $conf;
973	$query = '
974	SELECT '.$conf['user_fields']['username'].' AS username
975	, '.$conf['user_fields']['password'].' AS password
976	FROM '.USERS_TABLE.'
977	WHERE '.$conf['user_fields']['id'].' = '.$user_id;
978	$result = pwg_query($query);
979	if (mysql_num_rows($result) > 0)
980	{
981	$row = mysql_fetch_assoc($result);
982	$username = $row['username'];
983	$data = $time.$row['username'].$row['password'];
984	$key = base64_encode(
985	pack('H*', sha1($data))
986	.hash_hmac('md5', $data, $conf['secret_key'],true)
987	);
988	return $key;
989	}
990	return false;
991	}
992
993	/*
994	* Performs all required actions for user login
995	* @param int user_id
996	* @param bool remember_me
997	* @return void
998	*/
999	function log_user($user_id, $remember_me)
1000	{
1001	global $conf, $user;
1002
1003	if ($remember_me and $conf['authorize_remembering'])
1004	{
1005	$now = time();
1006	$key = calculate_auto_login_key($user_id, $now, $username);
1007	if ($key!==false)
1008	{
1009	$cookie = $user_id.'-'.$now.'-'.$key;
1010	if (version_compare(PHP_VERSION, '5.2', '>=') )
1011	{
1012	setcookie($conf['remember_me_name'],
1013	$cookie,
1014	time()+$conf['remember_me_length'],
1015	cookie_path(),ini_get('session.cookie_domain'),ini_get('session.cookie_secure'),
1016	ini_get('session.cookie_httponly')
1017	);
1018	}
1019	else
1020	{
1021	setcookie($conf['remember_me_name'],
1022	$cookie,
1023	time()+$conf['remember_me_length'],
1024	cookie_path(),ini_get('session.cookie_domain'),ini_get('session.cookie_secure')
1025	);
1026	}
1027	}
1028	}
1029	else
1030	{ // make sure we clean any remember me ...
1031	setcookie($conf['remember_me_name'], '', 0, cookie_path(),ini_get('session.cookie_domain'));
1032	}
1033	if ( session_id()!="" )
1034	{ // we regenerate the session for security reasons
1035	// see http://www.acros.si/papers/session_fixation.pdf
1036	session_regenerate_id();
1037	}
1038	else
1039	{
1040	session_start();
1041	}
1042	$_SESSION['pwg_uid'] = (int)$user_id;
1043
1044	$user['id'] = $_SESSION['pwg_uid'];
1045	}
1046
1047	/*
1048	* Performs auto-connexion when cookie remember_me exists
1049	* @return true/false
1050	*/
1051	function auto_login() {
1052	global $conf;
1053
1054	if ( isset( $_COOKIE[$conf['remember_me_name']] ) )
1055	{
1056	$cookie = explode('-', stripslashes($_COOKIE[$conf['remember_me_name']]));
1057	if ( count($cookie)===3
1058	and is_numeric(@$cookie[0]) /user id/
1059	and is_numeric(@$cookie[1]) /time/
1060	and time()-$conf['remember_me_length']<=@$cookie[1]
1061	and time()>=@$cookie[1] /cookie generated in the past/ )
1062	{
1063	$key = calculate_auto_login_key( $cookie[0], $cookie[1], $username );
1064	if ($key!==false and $key===$cookie[2])
1065	{
1066	log_user($cookie[0], true);
1067	trigger_action('login_success', $username);
1068	return true;
1069	}
1070	}
1071	setcookie($conf['remember_me_name'], '', 0, cookie_path(),ini_get('session.cookie_domain'));
1072	}
1073	return false;
1074	}
1075
1076	/**
1077	* Tries to login a user given username and password (must be MySql escaped)
1078	* return true on success
1079	*/
1080	function try_log_user($username, $password, $remember_me)
1081	{
1082	global $conf;
1083	// retrieving the encrypted password of the login submitted
1084	$query = '
1085	SELECT '.$conf['user_fields']['id'].' AS id,
1086	'.$conf['user_fields']['password'].' AS password
1087	FROM '.USERS_TABLE.'
1088	WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
1089	;';
1090	$row = mysql_fetch_assoc(pwg_query($query));
1091	if ($row['password'] == $conf['pass_convert']($password))
1092	{
1093	log_user($row['id'], $remember_me);
1094	trigger_action('login_success', $username);
1095	return true;
1096	}
1097	trigger_action('login_failure', $username);
1098	return false;
1099	}
1100
1101	/** Performs all the cleanup on user logout */
1102	function logout_user()
1103	{
1104	global $conf;
1105	$_SESSION = array();
1106	session_unset();
1107	session_destroy();
1108	setcookie(session_name(),'',0,
1109	ini_get('session.cookie_path'),
1110	ini_get('session.cookie_domain')
1111	);
1112	setcookie($conf['remember_me_name'], '', 0, cookie_path(),ini_get('session.cookie_domain'));
1113	}
1114
1115	/*
1116	* Return user status used in this library
1117	* @return string
1118	*/
1119	function get_user_status($user_status)
1120	{
1121	global $user;
1122
1123	if (empty($user_status))
1124	{
1125	if (isset($user['status']))
1126	{
1127	$user_status = $user['status'];
1128	}
1129	else
1130	{
1131	// swicth to default value
1132	$user_status = '';
1133	}
1134	}
1135	return $user_status;
1136	}
1137
1138	/*
1139	* Return access_type definition of user
1140	* Test does with user status
1141	* @return bool
1142	*/
1143	function get_access_type_status($user_status='')
1144	{
1145	global $conf;
1146
1147	switch (get_user_status($user_status))
1148	{
1149	case 'guest':
1150	{
1151	$access_type_status =
1152	($conf['guest_access'] ? ACCESS_GUEST : ACCESS_FREE);
1153	break;
1154	}
1155	case 'generic':
1156	{
1157	$access_type_status = ACCESS_GUEST;
1158	break;
1159	}
1160	case 'normal':
1161	{
1162	$access_type_status = ACCESS_CLASSIC;
1163	break;
1164	}
1165	case 'admin':
1166	{
1167	$access_type_status = ACCESS_ADMINISTRATOR;
1168	break;
1169	}
1170	case 'webmaster':
1171	{
1172	$access_type_status = ACCESS_WEBMASTER;
1173	break;
1174	}
1175	default:
1176	{
1177	$access_type_status = ACCESS_FREE;
1178	break;
1179	}
1180	}
1181
1182	return $access_type_status;
1183	}
1184
1185	/*
1186	* Return if user have access to access_type definition
1187	* Test does with user status
1188	* @return bool
1189	*/
1190	function is_autorize_status($access_type, $user_status = '')
1191	{
1192	return (get_access_type_status($user_status) >= $access_type);
1193	}
1194
1195	/*
1196	* Check if user have access to access_type definition
1197	* Stop action if there are not access
1198	* Test does with user status
1199	* @return none
1200	*/
1201	function check_status($access_type, $user_status = '')
1202	{
1203	if (!is_autorize_status($access_type, $user_status))
1204	{
1205	access_denied();
1206	}
1207	}
1208
1209	/*
1210	* Return if user is generic
1211	* @return bool
1212	*/
1213	function is_generic($user_status = '')
1214	{
1215	return get_user_status($user_status) == 'generic';
1216	}
1217
1218	/*
1219	* Return if user is only a guest
1220	* @return bool
1221	*/
1222	function is_a_guest($user_status = '')
1223	{
1224	return get_user_status($user_status) == 'guest';
1225	}
1226
1227	/*
1228	* Return if user is, at least, a classic user
1229	* @return bool
1230	*/
1231	function is_classic_user($user_status = '')
1232	{
1233	return is_autorize_status(ACCESS_CLASSIC, $user_status);
1234	}
1235
1236	/*
1237	* Return if user is, at least, an administrator
1238	* @return bool
1239	*/
1240	function is_admin($user_status = '')
1241	{
1242	return is_autorize_status(ACCESS_ADMINISTRATOR, $user_status);
1243	}
1244
1245	/*
1246	* Return if current user is an adviser
1247	* @return bool
1248	*/
1249	function is_adviser()
1250	{
1251	global $user;
1252
1253	return ($user['adviser'] == 'true');
1254	}
1255
1256	/*
1257	* Return mail address as display text
1258	* @return string
1259	*/
1260	function get_email_address_as_display_text($email_address)
1261	{
1262	global $conf;
1263
1264	if (!isset($email_address) or (trim($email_address) == ''))
1265	{
1266	return '';
1267	}
1268	else
1269	{
1270	if (defined('IN_ADMIN') and is_adviser())
1271	{
1272	return 'adviser.mode@'.$_SERVER['SERVER_NAME'];
1273	}
1274	else
1275	{
1276	return $email_address;
1277	}
1278	}
1279	}
1280
1281	/*
1282	* Compute sql where condition with restrict and filter data. "FandF" means
1283	* Forbidden and Filters.
1284	*
1285	* @param array condition_fields: read function body
1286	* @param string prefix_condition: prefixes sql if condition is not empty
1287	* @param boolean force_one_condition: use at least "1 = 1"
1288	*
1289	* @return string sql where/conditions
1290	*/
1291	function get_sql_condition_FandF(
1292	$condition_fields,
1293	$prefix_condition = null,
1294	$force_one_condition = false
1295	)
1296	{
1297	global $user, $filter;
1298
1299	$sql_list = array();
1300
1301	foreach ($condition_fields as $condition => $field_name)
1302	{
1303	switch($condition)
1304	{
1305	case 'forbidden_categories':
1306	{
1307	if (!empty($user['forbidden_categories']))
1308	{
1309	$sql_list[] =
1310	$field_name.' NOT IN ('.$user['forbidden_categories'].')';
1311	}
1312	break;
1313	}
1314	case 'visible_categories':
1315	{
1316	if (!empty($filter['visible_categories']))
1317	{
1318	$sql_list[] =
1319	$field_name.' IN ('.$filter['visible_categories'].')';
1320	}
1321	break;
1322	}
1323	case 'visible_images':
1324	if (!empty($filter['visible_images']))
1325	{
1326	$sql_list[] =
1327	$field_name.' IN ('.$filter['visible_images'].')';
1328	}
1329	// note there is no break - visible include forbidden
1330	case 'forbidden_images':
1331	if (
1332	!empty($user['image_access_list'])
1333	or $user['image_access_type']!='NOT IN'
1334	)
1335	{
1336	$table_prefix=null;
1337	if ($field_name=='id')
1338	{
1339	$table_prefix = '';
1340	}
1341	elseif ($field_name=='i.id')
1342	{
1343	$table_prefix = 'i.';
1344	}
1345	if ( isset($table_prefix) )
1346	{
1347	$sql_list[]=$table_prefix.'level<='.$user['level'];
1348	}
1349	else
1350	{
1351	$sql_list[]=$field_name.' '.$user['image_access_type']
1352	.' ('.$user['image_access_list'].')';
1353	}
1354	}
1355	break;
1356	default:
1357	{
1358	die('Unknow condition');
1359	break;
1360	}
1361	}
1362	}
1363
1364	if (count($sql_list) > 0)
1365	{
1366	$sql = '('.implode(' AND ', $sql_list).')';
1367	}
1368	else
1369	{
1370	$sql = $force_one_condition ? '1 = 1' : '';
1371	}
1372
1373	if (isset($prefix_condition) and !empty($sql))
1374	{
1375	$sql = $prefix_condition.' '.$sql;
1376	}
1377
1378	return $sql;
1379	}
1380
1381	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: