Changeset 245
- Timestamp:
- Jan 3, 2004, 9:35:20 PM (20 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/release-1_3/include/functions_user.inc.php
r99 r245 38 38 } 39 39 40 function register_user( 41 $login, $password, $password_conf,$mail_address, $status = 'guest' )40 function register_user( $login, $password, $password_conf, 41 $mail_address, $status = 'guest' ) 42 42 { 43 43 global $lang; … … 50 50 // 3. include ' or " characters 51 51 // 4. be already used 52 if ( $login == '' ) 53 { 54 $error[$i++] = $lang['reg_err_login1']; 55 } 56 if ( ereg( "^.* $", $login) ) 57 { 58 $error[$i++] = $lang['reg_err_login2']; 59 } 60 if ( ereg( "^ .*$", $login ) ) 61 { 62 $error[$i++] = $lang['reg_err_login3']; 63 } 52 if ( $login == '' ) $error[$i++] = $lang['reg_err_login1']; 53 if ( ereg( "^.* $", $login) ) $error[$i++] = $lang['reg_err_login2']; 54 if ( ereg( "^ .*$", $login ) ) $error[$i++] = $lang['reg_err_login3']; 55 64 56 if ( ereg( "'", $login ) or ereg( "\"", $login ) ) 65 {66 57 $error[$i++] = $lang['reg_err_login4']; 67 }68 58 else 69 59 { 70 $query = 'select id'; 71 $query.= ' from '.PREFIX_TABLE.'users'; 72 $query.= " where username = '".$login."';"; 73 $result = mysql_query( $query ); 74 if ( mysql_num_rows( $result ) > 0 ) 75 { 76 $error[$i++] = $lang['reg_err_login5']; 77 } 60 $query = 'SELECT id'; 61 $query.= ' FROM '.PREFIX_TABLE.'users'; 62 $query.= " WHERE username = '".$login."'"; 63 $query.= ';'; 64 $result = mysql_query( $query ); 65 if ( mysql_num_rows($result) > 0 ) $error[$i++] = $lang['reg_err_login5']; 78 66 } 79 67 // given password must be the same as the confirmation 80 if ( $password != $password_conf ) 81 { 82 $error[$i++] = $lang['reg_err_pass']; 83 } 68 if ( $password != $password_conf ) $error[$i++] = $lang['reg_err_pass']; 84 69 85 70 $error_mail_address = validate_mail_address( $mail_address ); 86 if ( $error_mail_address != '' ) 87 { 88 $error[$i++] = $error_mail_address; 89 } 71 if ( $error_mail_address != '' ) $error[$i++] = $error_mail_address; 90 72 91 73 // if no error until here, registration of the user … … 95 77 $infos = array( 'nb_image_line', 'nb_line_page', 'language', 96 78 'maxwidth', 'maxheight', 'expand', 'show_nb_comments', 97 'short_period', 'long_period', 'template' ); 98 $query = 'select'; 79 'short_period', 'long_period', 'template', 80 'forbidden_categories' ); 81 $query = 'SELECT '; 99 82 for ( $i = 0; $i < sizeof( $infos ); $i++ ) 100 83 { 101 if ( $i > 0 ) 102 { 103 $query.= ','; 104 } 105 else 106 { 107 $query.= ' '; 108 } 84 if ( $i > 0 ) $query.= ','; 109 85 $query.= $infos[$i]; 110 86 } 111 $query.= ' from '.PREFIX_TABLE.'users'; 112 $query.= " where username = 'guest';"; 87 $query.= ' FROM '.PREFIX_TABLE.'users'; 88 $query.= " WHERE username = 'guest'"; 89 $query.= ';'; 113 90 $row = mysql_fetch_array( mysql_query( $query ) ); 114 91 // 2. adding new user 115 $query = ' insert into'.PREFIX_TABLE.'users';92 $query = 'INSERT INTO '.PREFIX_TABLE.'users'; 116 93 $query.= ' ('; 117 94 $query.= ' username,password,mail_address,status'; … … 123 100 $query.= " '".$login."'"; 124 101 $query.= ",'".md5( $password )."'"; 125 if ( $mail_address != '' ) 126 { 127 $query.= ",'".$mail_address."'"; 128 } 129 else 130 { 131 $query.= ',NULL'; 132 } 102 if ( $mail_address != '' ) $query.= ",'".$mail_address."'"; 103 else $query.= ',NULL'; 133 104 $query.= ",'".$status."'"; 134 105 for ( $i = 0; $i < sizeof( $infos ); $i++ ) 135 106 { 136 107 $query.= ','; 137 if ( $row[$infos[$i]] == '' ) 138 { 139 $query.= 'NULL'; 140 } 141 else 142 { 143 $query.= "'".$row[$infos[$i]]."'"; 144 } 108 if ( $row[$infos[$i]] == '' ) $query.= 'NULL'; 109 else $query.= "'".$row[$infos[$i]]."'"; 145 110 } 146 111 $query.= ');'; … … 166 131 mysql_query ( $query ); 167 132 } 133 // 5. associate new user to the same groups that the guest 134 $query = 'SELECT group_id'; 135 $query.= ' FROM '.PREFIX_TABLE.'user_group AS ug'; 136 $query.= ', '.PREFIX_TABLE.'users AS u'; 137 $query.= " WHERE u.username = 'guest'"; 138 $query.= ' AND ug.user_id = u.id'; 139 $query.= ';'; 140 $result = mysql_query( $query ); 141 while( $row = mysql_fetch_array( $result ) ) 142 { 143 $query = 'INSERT INTO '.PREFIX_TABLE.'user_group'; 144 $query.= ' (user_id,group_id) VALUES'; 145 $query.= ' ('.$user_id.','.$row['group_id'].')'; 146 $query.= ';'; 147 mysql_query ( $query ); 148 } 149 // 6. has the same categories informations than guest 150 $query = 'SELECT category_id,date_last,nb_sub_categories'; 151 $query.= ' FROM '.PREFIX_TABLE.'user_category AS uc'; 152 $query.= ', '.PREFIX_TABLE.'users AS u'; 153 $query.= " WHERE u.username = 'guest'"; 154 $query.= ' AND uc.user_id = u.id'; 155 $query.= ';'; 156 $result = mysql_query( $query ); 157 while( $row = mysql_fetch_array( $result ) ) 158 { 159 $query = 'INSERT INTO '.PREFIX_TABLE.'user_category'; 160 $query.= ' (user_id,category_id,date_last,nb_sub_categories) VALUES'; 161 $query.= ' ('.$user_id.','.$row['category_id']; 162 $query.= ",'".$row['date_last']."',".$row['nb_sub_categories'].')'; 163 $query.= ';'; 164 mysql_query ( $query ); 165 } 168 166 } 169 167 return $error; … … 218 216 } 219 217 } 220 221 // The function get_restrictions returns an array with the ids of the222 // restricted categories for the user.223 // If the $check_invisible parameter is set to true, invisible categories224 // are added to the restricted one in the array.225 function get_restrictions( $user_id, $user_status,226 $check_invisible, $use_groups = true )227 {228 // 1. retrieving ids of private categories229 $query = 'SELECT id';230 $query.= ' FROM '.PREFIX_TABLE.'categories';231 $query.= " WHERE status = 'private'";232 $query.= ';';233 $result = mysql_query( $query );234 $privates = array();235 while ( $row = mysql_fetch_array( $result ) )236 {237 array_push( $privates, $row['id'] );238 }239 // 2. retrieving all authorized categories for the user240 $authorized = array();241 // 2.1. retrieving authorized categories thanks to personnal user242 // authorization243 $query = 'SELECT cat_id';244 $query.= ' FROM '.PREFIX_TABLE.'user_access';245 $query.= ' WHERE user_id = '.$user_id;246 $query.= ';';247 $result = mysql_query( $query );248 while ( $row = mysql_fetch_array( $result ) )249 {250 array_push( $authorized, $row['cat_id'] );251 }252 // 2.2. retrieving authorized categories thanks to group authorization to253 // which the user is a member254 if ( $use_groups )255 {256 $query = 'SELECT ga.cat_id';257 $query.= ' FROM '.PREFIX_TABLE.'user_group as ug';258 $query.= ', '.PREFIX_TABLE.'group_access as ga';259 $query.= ' WHERE ug.group_id = ga.group_id';260 $query.= ' AND ug.user_id = '.$user_id;261 $query.= ';';262 $result = mysql_query( $query );263 while ( $row = mysql_fetch_array( $result ) )264 {265 array_push( $authorized, $row['cat_id'] );266 }267 $authorized = array_unique( $authorized );268 }269 270 $forbidden = array();271 foreach ( $privates as $private ) {272 if ( !in_array( $private, $authorized ) )273 {274 array_push( $forbidden, $private );275 }276 }277 278 if ( $check_invisible )279 {280 // 3. adding to the restricted categories, the invisible ones281 if ( $user_status != 'admin' )282 {283 $query = 'SELECT id';284 $query.= ' FROM '.PREFIX_TABLE.'categories';285 $query.= " WHERE visible = 'false';";286 $result = mysql_query( $query );287 while ( $row = mysql_fetch_array( $result ) )288 {289 array_push( $forbidden, $row['id'] );290 }291 }292 }293 return array_unique( $forbidden );294 }295 296 // The get_all_restrictions function returns an array with all the297 // categories id which are restricted for the user. Including the298 // sub-categories and invisible categories299 function get_all_restrictions( $user_id, $user_status )300 {301 $restricted_cats = get_restrictions( $user_id, $user_status, true );302 foreach ( $restricted_cats as $restricted_cat ) {303 $sub_restricted_cats = get_subcats_id( $restricted_cat );304 foreach ( $sub_restricted_cats as $sub_restricted_cat ) {305 array_push( $restricted_cats, $sub_restricted_cat );306 }307 }308 return $restricted_cats;309 }310 311 // The function is_user_allowed returns :312 // - 0 : if the category is allowed with this $restrictions array313 // - 1 : if this category is not allowed314 // - 2 : if an uppercat category is not allowed315 function is_user_allowed( $category_id, $restrictions )316 {317 $lowest_category_id = $category_id;318 319 $is_root = false;320 while ( !$is_root and !in_array( $category_id, $restrictions ) )321 {322 $query = 'SELECT id_uppercat';323 $query.= ' FROM '.PREFIX_TABLE.'categories';324 $query.= ' WHERE id = '.$category_id;325 $query.= ';';326 $row = mysql_fetch_array( mysql_query( $query ) );327 if ( $row['id_uppercat'] == '' ) $is_root = true;328 $category_id = $row['id_uppercat'];329 }330 331 if ( in_array( $lowest_category_id, $restrictions ) ) return 1;332 if ( in_array( $category_id, $restrictions ) ) return 2;333 // this user is allowed to go in this category334 return 0;335 }336 218 ?>
Note: See TracChangeset
for help on using the changeset viewer.