Changeset 245

Timestamp:

Jan 3, 2004, 9:35:20 PM (20 years ago)

Author:

z0rglub

Message:

• when creating a new user, taking into account that forbidden categories are stored in users table, associate new user to the same groups that the guest, has the same categories informations than guest

• remove functions get_restrictions, get_all_restrictions, is_user_allowed

File:

• branches/release-1_3/include/functions_user.inc.php (modified) (6 diffs)

branches/release-1_3/include/functions_user.inc.php

@@ -38 +38 @@
 }
 
-function register_user(
-  $login, $password, $password_conf, $mail_address, $status = 'guest' )
+function register_user( $login, $password, $password_conf,
+                        $mail_address, $status = 'guest' )
 {
   global $lang;
@@ -50 +50 @@
   //      3. include ' or " characters
   //      4. be already used
-  if ( $login == '' )
-  {
-    $error[$i++] = $lang['reg_err_login1'];
-  }
-  if ( ereg( "^.* $", $login) )
-  {
-    $error[$i++] = $lang['reg_err_login2'];
-  }
-  if ( ereg( "^ .*$", $login ) )
-  {
-    $error[$i++] = $lang['reg_err_login3'];
-  }
+  if ( $login == '' )            $error[$i++] = $lang['reg_err_login1'];
+  if ( ereg( "^.* $", $login) )  $error[$i++] = $lang['reg_err_login2'];
+  if ( ereg( "^ .*$", $login ) ) $error[$i++] = $lang['reg_err_login3'];
+
   if ( ereg( "'", $login ) or ereg( "\"", $login ) )
-  {
     $error[$i++] = $lang['reg_err_login4'];
-  }
   else
   {
-    $query = 'select id';
-    $query.= ' from '.PREFIX_TABLE.'users';
-    $query.= " where username = '".$login."';";
-    $result = mysql_query( $query );
-    if ( mysql_num_rows( $result ) > 0 )
-    {
-      $error[$i++] = $lang['reg_err_login5'];
-    }
+    $query = 'SELECT id';
+    $query.= ' FROM '.PREFIX_TABLE.'users';
+    $query.= " WHERE username = '".$login."'";
+    $query.= ';';
+    $result = mysql_query( $query );
+    if ( mysql_num_rows($result) > 0 ) $error[$i++] = $lang['reg_err_login5'];
   }
   // given password must be the same as the confirmation
-  if ( $password != $password_conf )
-  {
-    $error[$i++] = $lang['reg_err_pass'];
-  }
+  if ( $password != $password_conf ) $error[$i++] = $lang['reg_err_pass'];
 
   $error_mail_address = validate_mail_address( $mail_address );
-  if ( $error_mail_address != '' )
-  {
-    $error[$i++] = $error_mail_address;
-  }
+  if ( $error_mail_address != '' ) $error[$i++] = $error_mail_address;
 
   // if no error until here, registration of the user
@@ -95 +77 @@
     $infos = array( 'nb_image_line', 'nb_line_page', 'language',
                     'maxwidth', 'maxheight', 'expand', 'show_nb_comments',
-                    'short_period', 'long_period', 'template' );
-    $query = 'select';
+                    'short_period', 'long_period', 'template',
+                    'forbidden_categories' );
+    $query = 'SELECT ';
     for ( $i = 0; $i < sizeof( $infos ); $i++ )
     {
-      if ( $i > 0 )
-      {
-        $query.= ',';
-      }
-      else
-      {
-        $query.= ' ';
-      }
+      if ( $i > 0 ) $query.= ',';
       $query.= $infos[$i];
     }
-    $query.= ' from '.PREFIX_TABLE.'users';
-    $query.= " where username = 'guest';";
+    $query.= ' FROM '.PREFIX_TABLE.'users';
+    $query.= " WHERE username = 'guest'";
+    $query.= ';';
     $row = mysql_fetch_array( mysql_query( $query ) );
     // 2. adding new user
-    $query = 'insert into '.PREFIX_TABLE.'users';
+    $query = 'INSERT INTO '.PREFIX_TABLE.'users';
     $query.= ' (';
     $query.= ' username,password,mail_address,status';
@@ -123 +100 @@
     $query.= " '".$login."'";
     $query.= ",'".md5( $password )."'";
-    if ( $mail_address != '' )
-    {
-      $query.= ",'".$mail_address."'";
-    }
-    else
-    {
-      $query.= ',NULL';
-    }
+    if ( $mail_address != '' ) $query.= ",'".$mail_address."'";
+    else                       $query.= ',NULL';
     $query.= ",'".$status."'";
     for ( $i = 0; $i < sizeof( $infos ); $i++ )
     {
       $query.= ',';
-      if ( $row[$infos[$i]] == '' )
-      {
-        $query.= 'NULL';
-      }
-      else
-      {
-        $query.= "'".$row[$infos[$i]]."'";
-      }
+      if ( $row[$infos[$i]] == '' ) $query.= 'NULL';
+      else                          $query.= "'".$row[$infos[$i]]."'";
     }
     $query.= ');';
@@ -166 +131 @@
       mysql_query ( $query );
     }
+    // 5. associate new user to the same groups that the guest
+    $query = 'SELECT group_id';
+    $query.= ' FROM '.PREFIX_TABLE.'user_group AS ug';
+    $query.= ',     '.PREFIX_TABLE.'users      AS u';
+    $query.= " WHERE u.username = 'guest'";
+    $query.= ' AND ug.user_id = u.id';
+    $query.= ';';
+    $result = mysql_query( $query );
+    while( $row = mysql_fetch_array( $result ) )
+    {
+      $query = 'INSERT INTO '.PREFIX_TABLE.'user_group';
+      $query.= ' (user_id,group_id) VALUES';
+      $query.= ' ('.$user_id.','.$row['group_id'].')';
+      $query.= ';';
+      mysql_query ( $query );
+    }
+    // 6. has the same categories informations than guest
+    $query = 'SELECT category_id,date_last,nb_sub_categories';
+    $query.= ' FROM '.PREFIX_TABLE.'user_category AS uc';
+    $query.= ',     '.PREFIX_TABLE.'users         AS u';
+    $query.= " WHERE u.username = 'guest'";
+    $query.= ' AND uc.user_id = u.id';
+    $query.= ';';
+    $result = mysql_query( $query );
+    while( $row = mysql_fetch_array( $result ) )
+    {
+      $query = 'INSERT INTO '.PREFIX_TABLE.'user_category';
+      $query.= ' (user_id,category_id,date_last,nb_sub_categories) VALUES';
+      $query.= ' ('.$user_id.','.$row['category_id'];
+      $query.= ",'".$row['date_last']."',".$row['nb_sub_categories'].')';
+      $query.= ';';
+      mysql_query ( $query );
+    }
   }
   return $error;
@@ -218 +216 @@
   }
 }
-        
-// The function get_restrictions returns an array with the ids of the
-// restricted categories for the user.
-// If the $check_invisible parameter is set to true, invisible categories
-// are added to the restricted one in the array.
-function get_restrictions( $user_id, $user_status,
-                           $check_invisible, $use_groups = true )
-{
-  // 1. retrieving ids of private categories
-  $query = 'SELECT id';
-  $query.= ' FROM '.PREFIX_TABLE.'categories';
-  $query.= " WHERE status = 'private'";
-  $query.= ';';
-  $result = mysql_query( $query );
-  $privates = array();
-  while ( $row = mysql_fetch_array( $result ) )
-  {
-    array_push( $privates, $row['id'] );
-  }
-  // 2. retrieving all authorized categories for the user
-  $authorized = array();
-  // 2.1. retrieving authorized categories thanks to personnal user
-  //      authorization
-  $query = 'SELECT cat_id';
-  $query.= ' FROM '.PREFIX_TABLE.'user_access';
-  $query.= ' WHERE user_id = '.$user_id;
-  $query.= ';';
-  $result = mysql_query( $query );
-  while ( $row = mysql_fetch_array( $result ) )
-  {
-    array_push( $authorized, $row['cat_id'] );
-  }
-  // 2.2. retrieving authorized categories thanks to group authorization to
-  //      which the user is a member
-  if ( $use_groups )
-  {
-    $query = 'SELECT ga.cat_id';
-    $query.= ' FROM '.PREFIX_TABLE.'user_group as ug';
-    $query.= ', '.PREFIX_TABLE.'group_access as ga';
-    $query.= ' WHERE ug.group_id = ga.group_id';
-    $query.= ' AND ug.user_id = '.$user_id;
-    $query.= ';';
-    $result = mysql_query( $query );
-    while ( $row = mysql_fetch_array( $result ) )
-    {
-      array_push( $authorized, $row['cat_id'] );
-    }
-    $authorized = array_unique( $authorized );
-  }
-
-  $forbidden = array();
-  foreach ( $privates as $private ) {
-    if ( !in_array( $private, $authorized ) )
-    {
-      array_push( $forbidden, $private );
-    }
-  }
-
-  if ( $check_invisible )
-  {
-    // 3. adding to the restricted categories, the invisible ones
-    if ( $user_status != 'admin' )
-    {
-      $query = 'SELECT id';
-      $query.= ' FROM '.PREFIX_TABLE.'categories';
-      $query.= " WHERE visible = 'false';";
-      $result = mysql_query( $query );
-      while ( $row = mysql_fetch_array( $result ) )
-      {
-        array_push( $forbidden, $row['id'] );
-      }
-    }
-  }
-  return array_unique( $forbidden );
-}
-
-// The get_all_restrictions function returns an array with all the
-// categories id which are restricted for the user. Including the
-// sub-categories and invisible categories
-function get_all_restrictions( $user_id, $user_status )
-{
-  $restricted_cats = get_restrictions( $user_id, $user_status, true );
-  foreach ( $restricted_cats as $restricted_cat ) {
-    $sub_restricted_cats = get_subcats_id( $restricted_cat );
-    foreach ( $sub_restricted_cats as $sub_restricted_cat ) {
-      array_push( $restricted_cats, $sub_restricted_cat );
-    }
-  }
-  return $restricted_cats;
-}
-
-// The function is_user_allowed returns :
-//      - 0 : if the category is allowed with this $restrictions array
-//      - 1 : if this category is not allowed
-//      - 2 : if an uppercat category is not allowed
-function is_user_allowed( $category_id, $restrictions )
-{
-  $lowest_category_id = $category_id;
-
-  $is_root = false;
-  while ( !$is_root and !in_array( $category_id, $restrictions ) )
-  {
-    $query = 'SELECT id_uppercat';
-    $query.= ' FROM '.PREFIX_TABLE.'categories';
-    $query.= ' WHERE id = '.$category_id;
-    $query.= ';';
-    $row = mysql_fetch_array( mysql_query( $query ) );
-    if ( $row['id_uppercat'] == '' ) $is_root = true;
-    $category_id = $row['id_uppercat'];
-  }
-
-  if ( in_array( $lowest_category_id, $restrictions ) ) return 1;
-  if ( in_array( $category_id,        $restrictions ) ) return 2;
-  // this user is allowed to go in this category
-  return 0;
-}
 ?>