Context Navigation

source: trunk/include/ws_functions/pwg.users.php @ 25461

Last change on this file since 25461 was 25461, checked in by plg, 10 years ago
feature 2976: makes sure we output registration_date if registration_date_* is requested (same for last_visit_*)
File size: 15.0 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based photo gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2013 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	/**
25	* API method
26	* Returns a list of users
27	* @param mixed[] $params
28	* @option int[] user_id (optional)
29	* @option string username (optional)
30	* @option string[] status (optional)
31	* @option int min_level (optional)
32	* @option int[] group_id (optional)
33	* @option int per_page
34	* @option int page
35	* @option string order
36	*/
37	function ws_users_getList($params, &$service)
38	{
39	global $conf;
40
41	$where_clauses = array('1=1');
42
43	if (!empty($params['user_id']))
44	{
45	$where_clauses[] = 'u.'.$conf['user_fields']['id'].' IN('. implode(',', $params['user_id']) .')';
46	}
47
48	if (!empty($params['username']))
49	{
50	$where_clauses[] = 'u.'.$conf['user_fields']['username'].' LIKE \''.pwg_db_real_escape_string($params['username']).'\'';
51	}
52
53	if (!empty($params['status']))
54	{
55	$params['status'] = array_intersect($params['status'], get_enums(USER_INFOS_TABLE, 'status'));
56	if (count($params['status']) > 0)
57	{
58	$where_clauses[] = 'ui.status IN("'. implode('","', $params['status']) .'")';
59	}
60	}
61
62	if (!empty($params['min_level']))
63	{
64	if ( !in_array($params['min_level'], $conf['available_permission_levels']) )
65	{
66	return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid level');
67	}
68	$where_clauses[] = 'ui.level >= '.$params['min_level'];
69	}
70
71	if (!empty($params['group_id']))
72	{
73	$where_clauses[] = 'ug.group_id IN('. implode(',', $params['group_id']) .')';
74	}
75
76	$display = array('u.'.$conf['user_fields']['id'] => 'id');
77
78	if ($params['display'] != 'none')
79	{
80	$params['display'] = explode(',', $params['display']);
81
82	if (in_array('all', $params['display']))
83	{
84	$params['display'] = array_merge($params['display'], array(
85	'username','email','status','level','groups','language','theme',
86	'nb_image_page','recent_period','expand','show_nb_comments','show_nb_hits',
87	'enabled_high','registration_date','registration_date_string',
88	'registration_date_since', 'last_visit', 'last_visit_string',
89	'last_visit_since'
90	));
91	}
92	else if (in_array('basics', $params['display']))
93	{
94	$params['display'] = array_merge($params['display'], array(
95	'username','email','status','level','groups',
96	));
97	}
98
99	// if registration_date_string or registration_date_since is requested,
100	// then registration_date is automatically added
101	if (in_array('registration_date_string', $params['display']) and !in_array('registration_date', $params['display']))
102	{
103	$params['display'][] = 'registration_date';
104	}
105
106	if (in_array('registration_date_since', $params['display']) and !in_array('registration_date', $params['display']))
107	{
108	$params['display'][] = 'registration_date';
109	}
110
111	// if last_visit_string or last_visit_since is requested, then
112	// last_visit is automatically added
113	if (in_array('last_visit_string', $params['display']) and !in_array('last_visit', $params['display']))
114	{
115	$params['display'][] = 'last_visit';
116	}
117
118	if (in_array('last_visit_since', $params['display']) and !in_array('last_visit', $params['display']))
119	{
120	$params['display'][] = 'last_visit';
121	}
122
123	if (in_array('username', $params['display']))
124	{
125	$display['u.'.$conf['user_fields']['username']] = 'username';
126	}
127	if (in_array('email', $params['display']))
128	{
129	$display['u.'.$conf['user_fields']['email']] = 'email';
130	}
131
132	$ui_fields = array(
133	'status','level','language','theme','nb_image_page','recent_period','expand',
134	'show_nb_comments','show_nb_hits','enabled_high','registration_date'
135	);
136	foreach ($ui_fields as $field)
137	{
138	if (in_array($field, $params['display']))
139	{
140	$display['ui.'.$field] = $field;
141	}
142	}
143	}
144	else
145	{
146	$params['display'] = array();
147	}
148
149	$query = '
150	SELECT DISTINCT ';
151
152	$first = true;
153	foreach ($display as $field => $name)
154	{
155	if (!$first) $query.= ', ';
156	else $first = false;
157	$query.= $field .' AS '. $name;
158	}
159	if (in_array('groups', $params['display']))
160	{
161	if (!$first) $query.= ', ';
162	$query.= '"" AS groups';
163	}
164
165	$query.= '
166	FROM '. USERS_TABLE .' AS u
167	INNER JOIN '. USER_INFOS_TABLE .' AS ui
168	ON u.'. $conf['user_fields']['id'] .' = ui.user_id
169	LEFT JOIN '. USER_GROUP_TABLE .' AS ug
170	ON u.'. $conf['user_fields']['id'] .' = ug.user_id
171	WHERE
172	'. implode(' AND ', $where_clauses) .'
173	ORDER BY '. $params['order'] .'
174	LIMIT '. $params['per_page'] .'
175	OFFSET '. ($params['per_page']*$params['page']) .'
176	;';
177
178	$users = hash_from_query($query, 'id');
179
180	if (count($users) > 0)
181	{
182	if (in_array('groups', $params['display']))
183	{
184	$query = '
185	SELECT user_id, group_id
186	FROM '. USER_GROUP_TABLE .'
187	WHERE user_id IN ('. implode(',', array_keys($users)) .')
188	;';
189	$result = pwg_query($query);
190
191	while ($row = pwg_db_fetch_assoc($result))
192	{
193	$users[ $row['user_id'] ]['groups'][] = $row['group_id'];
194	}
195	}
196
197	if (in_array('registration_date_string', $params['display']))
198	{
199	foreach ($users as $cur_user)
200	{
201	$users[$cur_user['id']]['registration_date_string'] = format_date($cur_user['registration_date'], false, false);
202	}
203	}
204
205	if (in_array('registration_date_since', $params['display']))
206	{
207	foreach ($users as $cur_user)
208	{
209	$users[ $cur_user['id'] ]['registration_date_since'] = time_since($cur_user['registration_date'], 'month');
210	}
211	}
212
213	if (in_array('last_visit', $params['display']))
214	{
215	$query = '
216	SELECT
217	MAX(id) as history_id
218	FROM '.HISTORY_TABLE.'
219	WHERE user_id IN ('.implode(',', array_keys($users)).')
220	GROUP BY user_id
221	;';
222	$history_ids = array_from_query($query, 'history_id');
223
224	if (count($history_ids) == 0)
225	{
226	$history_ids[] = -1;
227	}
228
229	$query = '
230	SELECT
231	user_id,
232	date,
233	time
234	FROM '.HISTORY_TABLE.'
235	WHERE id IN ('.implode(',', $history_ids).')
236	;';
237	$result = pwg_query($query);
238	while ($row = pwg_db_fetch_assoc($result))
239	{
240	$last_visit = $row['date'].' '.$row['time'];
241	$users[ $row['user_id'] ]['last_visit'] = $last_visit;
242
243	if (in_array('last_visit_string', $params['display']))
244	{
245	$users[ $row['user_id'] ]['last_visit_string'] = format_date($last_visit, false, false);
246	}
247
248	if (in_array('last_visit_since', $params['display']))
249	{
250	$users[ $row['user_id'] ]['last_visit_since'] = time_since($last_visit, 'day');
251	}
252	}
253	}
254	}
255
256	return array(
257	'paging' => new PwgNamedStruct(
258	array(
259	'page' => $params['page'],
260	'per_page' => $params['per_page'],
261	'count' => count($users)
262	)
263	),
264	'users' => new PwgNamedArray(array_values($users), 'user')
265	);
266	}
267
268	/**
269	* API method
270	* Adds a user
271	* @param mixed[] $params
272	* @option string username
273	* @option string password (optional)
274	* @option string email (optional)
275	*/
276	function ws_users_add($params, &$service)
277	{
278	global $conf;
279
280	if ($conf['double_password_type_in_admin'])
281	{
282	if ($params['password'] != $params['password_confirm'])
283	{
284	return new PwgError(WS_ERR_INVALID_PARAM, l10n('The passwords do not match'));
285	}
286	}
287
288	$user_id = register_user(
289	$params['username'],
290	$params['password'],
291	$params['email'],
292	false, // notify admin
293	$errors,
294	$params['send_password_by_mail']
295	);
296
297	if (!$user_id)
298	{
299	return new PwgError(WS_ERR_INVALID_PARAM, $errors[0]);
300	}
301
302	return $service->invoke('pwg.users.getList', array('user_id'=>$user_id));
303	}
304
305	/**
306	* API method
307	* Deletes users
308	* @param mixed[] $params
309	* @option int[] user_id
310	* @option string pwg_token
311	*/
312	function ws_users_delete($params, &$service)
313	{
314	if (get_pwg_token() != $params['pwg_token'])
315	{
316	return new PwgError(403, 'Invalid security token');
317	}
318
319	global $conf, $user;
320
321	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
322
323	// protect some users
324	$params['user_id'] = array_diff(
325	$params['user_id'],
326	array(
327	$user['id'],
328	$conf['guest_id'],
329	$conf['default_user_id'],
330	$conf['webmaster_id'],
331	)
332	);
333
334	foreach ($params['user_id'] as $user_id)
335	{
336	delete_user($user_id);
337	}
338
339	return l10n_dec(
340	'%d user deleted', '%d users deleted',
341	count($params['user_id'])
342	);
343	}
344
345	/**
346	* API method
347	* Updates users
348	* @param mixed[] $params
349	* @option int[] user_id
350	* @option string username (optional)
351	* @option string password (optional)
352	* @option string email (optional)
353	* @option string status (optional)
354	* @option int level (optional)
355	* @option string language (optional)
356	* @option string theme (optional)
357	* @option int nb_image_page (optional)
358	* @option int recent_period (optional)
359	* @option bool expand (optional)
360	* @option bool show_nb_comments (optional)
361	* @option bool show_nb_hits (optional)
362	* @option bool enabled_high (optional)
363	*/
364	function ws_users_setInfo($params, &$service)
365	{
366	global $conf, $user;
367
368	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
369
370	$updates = $updates_infos = array();
371	$update_status = null;
372
373	if (count($params['user_id']) == 1)
374	{
375	if (get_username($params['user_id'][0]) === false)
376	{
377	return new PwgError(WS_ERR_INVALID_PARAM, 'This user does not exist.');
378	}
379
380	if (!empty($params['username']))
381	{
382	$user_id = get_userid($params['username']);
383	if ($user_id and $user_id != $params['user_id'][0])
384	{
385	return new PwgError(WS_ERR_INVALID_PARAM, l10n('this login is already used'));
386	}
387	if ($params['username'] != strip_tags($params['username']))
388	{
389	return new PwgError(WS_ERR_INVALID_PARAM, l10n('html tags are not allowed in login'));
390	}
391	$updates[ $conf['user_fields']['username'] ] = $params['username'];
392	}
393
394	if (!empty($params['email']))
395	{
396	if ( ($error = validate_mail_address($params['user_id'][0], $params['email'])) != '')
397	{
398	return new PwgError(WS_ERR_INVALID_PARAM, $error);
399	}
400	$updates[ $conf['user_fields']['email'] ] = $params['email'];
401	}
402
403	if (!empty($params['password']))
404	{
405	$updates[ $conf['user_fields']['password'] ] = $conf['password_hash']($params['password']);
406	}
407	}
408
409	if (!empty($params['status']))
410	{
411	if ( $params['status'] == 'webmaster' and !is_webmaster() )
412	{
413	return new PwgError(403, 'Only webmasters can grant "webmaster" status');
414	}
415	if ( !in_array($params['status'], array('guest','generic','normal','admin','webmaster')) )
416	{
417	return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid status');
418	}
419
420	// status update query is separated from the rest as not applying to the same
421	// set of users (current, guest and webmaster can't be changed)
422	$params['user_id_for_status'] = array_diff(
423	$params['user_id'],
424	array(
425	$user['id'],
426	$conf['guest_id'],
427	$conf['webmaster_id'],
428	)
429	);
430
431	$update_status = $params['status'];
432	}
433
434	if (!empty($params['level']) or @$params['level']===0)
435	{
436	if ( !in_array($params['level'], $conf['available_permission_levels']) )
437	{
438	return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid level');
439	}
440	$updates_infos['level'] = $params['level'];
441	}
442
443	if (!empty($params['language']))
444	{
445	if ( !in_array($params['language'], array_keys(get_languages())) )
446	{
447	return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid language');
448	}
449	$updates_infos['language'] = $params['language'];
450	}
451
452	if (!empty($params['theme']))
453	{
454	if ( !in_array($params['theme'], array_keys(get_pwg_themes())) )
455	{
456	return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid theme');
457	}
458	$updates_infos['theme'] = $params['theme'];
459	}
460
461	if (!empty($params['nb_image_page']))
462	{
463	$updates_infos['nb_image_page'] = $params['nb_image_page'];
464	}
465
466	if (!empty($params['recent_period']) or @$params['recent_period']===0)
467	{
468	$updates_infos['recent_period'] = $params['recent_period'];
469	}
470
471	if (!empty($params['expand']) or @$params['expand']===false)
472	{
473	$updates_infos['expand'] = boolean_to_string($params['expand']);
474	}
475
476	if (!empty($params['show_nb_comments']) or @$params['show_nb_comments']===false)
477	{
478	$updates_infos['show_nb_comments'] = boolean_to_string($params['show_nb_comments']);
479	}
480
481	if (!empty($params['show_nb_hits']) or @$params['show_nb_hits']===false)
482	{
483	$updates_infos['show_nb_hits'] = boolean_to_string($params['show_nb_hits']);
484	}
485
486	if (!empty($params['enabled_high']) or @$params['enabled_high']===false)
487	{
488	$updates_infos['enabled_high'] = boolean_to_string($params['enabled_high']);
489	}
490
491	// perform updates
492	single_update(
493	USERS_TABLE,
494	$updates,
495	array($conf['user_fields']['id'] => $params['user_id'][0])
496	);
497
498	if (isset($update_status) and count($params['user_id_for_status']) > 0)
499	{
500	$query = '
501	UPDATE '. USER_INFOS_TABLE .' SET
502	status = "'. $update_status .'"
503	WHERE user_id IN('. implode(',', $params['user_id_for_status']) .')
504	;';
505	pwg_query($query);
506	}
507
508	if (count($updates_infos) > 0)
509	{
510	$query = '
511	UPDATE '. USER_INFOS_TABLE .' SET ';
512
513	$first = true;
514	foreach ($updates_infos as $field => $value)
515	{
516	if (!$first) $query.= ', ';
517	else $first = false;
518	$query.= $field .' = "'. $value .'"';
519	}
520
521	$query.= '
522	WHERE user_id IN('. implode(',', $params['user_id']) .')
523	;';
524	pwg_query($query);
525	}
526
527	return $service->invoke('pwg.users.getList', array(
528	'user_id' => $params['user_id'],
529	'display' => 'basics,'.implode(',', array_keys($updates_infos)),
530	));
531	}
532
533	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: