Ignore:
Timestamp:
Aug 8, 2005, 10:52:19 PM (19 years ago)
Author:
plg
Message:
  • new : external authentication in another users table. Previous users table is divided between users (common properties with any web application) and user_infos (phpwebgallery specific informations). External table and fields can be configured.
  • modification : profile.php is not reachable through administration anymore (not useful).
  • modification : in profile.php, current password is mandatory only if user tries to change his password. Username can't be changed.
  • deletion : of obsolete functions get_user_restrictions, update_user_restrictions, get_user_all_restrictions, is_user_allowed, update_user
  • modification : user_forbidden table becomes user_cache so that not only restriction informations can be stored in this table.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/include/user.inc.php

    r804 r808  
    3838//   pwg_query($query);
    3939// }
    40 
    4140
    4241// retrieving connected user informations
     
    8887if (!isset($user['id']))
    8988{
    90   $user['id'] = 2;
     89  $user['id'] = $conf['guest_id'];
    9190  $user['is_the_guest'] = true;
    9291}
     
    9594if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER']))
    9695{
    97   $query = '
    98 SELECT id
    99   FROM '.USERS_TABLE.'
    100   WHERE username = \''.mysql_escape_string($_SERVER['REMOTE_USER']).'\'
    101 ;';
    102   $result = pwg_query($query);
    103 
    104   if (mysql_num_rows($result) == 0)
     96  if (!($user['id'] = get_userid($_SERVER['REMOTE_USER'])))
    10597  {
    106     register_user($_SERVER['REMOTE_USER'], '', '', '');
    107 
    108     $query = '
    109 SELECT id
    110   FROM '.USERS_TABLE.'
    111   WHERE username = \''.mysql_escape_string($_SERVER['REMOTE_USER']).'\'
    112 ;';
    113     list($user['id']) = mysql_fetch_row(pwg_query($query));
     98    register_user($_SERVER['REMOTE_USER'], '', '');
     99    $user['id'] = get_userid($_SERVER['REMOTE_USER']);
    114100  }
    115   else
    116   {
    117     list($user['id']) = mysql_fetch_row($result);
    118   }
    119 
     101 
    120102  $user['is_the_guest'] = false;
    121103}
    122104
    123 $query = '
    124 SELECT u.*, uf.*
    125   FROM '.USERS_TABLE.' AS u LEFT JOIN '.USER_FORBIDDEN_TABLE.' AS uf
    126     ON id = user_id
    127   WHERE u.id = '.$user['id'].'
    128 ;';
    129 $row = mysql_fetch_array(pwg_query($query));
    130 
    131 // affectation of each value retrieved in the users table into a variable of
    132 // the array $user.
    133 foreach ($row as $key => $value)
    134 {
    135   if (!is_numeric($key))
    136   {
    137     // If the field is true or false, the variable is transformed into a
    138     // boolean value.
    139     if ($value == 'true' or $value == 'false')
    140     {
    141       $user[$key] = get_boolean($value);
    142     }
    143     else
    144     {
    145       $user[$key] = $value;
    146     }
    147   }
    148 }
     105$use_cache = (defined('IN_ADMIN') and IN_ADMIN) ? false : true;
     106$user = array_merge($user, getuserdata($user['id'], $use_cache));
    149107
    150108// properties of user guest are found in the configuration
     
    162120}
    163121
    164 // if no information were found about user in user_forbidden table OR the
    165 // forbidden categories must be updated : only if current user is in public
    166 // part
    167 if (!defined('IN_ADMIN') or !IN_ADMIN)
    168 {
    169   if (!isset($user['need_update'])
    170       or !is_bool($user['need_update'])
    171       or $user['need_update'] == true)
    172   {
    173     $user['forbidden_categories'] = calculate_permissions($user['id'],
    174                                                           $user['status']);
    175   }
    176 }
    177 
    178 // forbidden_categories is a must be empty, at least
    179 if (!isset($user['forbidden_categories']))
    180 {
    181   $user['forbidden_categories'] = '';
    182 }
    183 
    184 // special for $user['restrictions'] array
    185 $user['restrictions'] = explode(',', $user['forbidden_categories']);
    186 if ($user['restrictions'][0] == '')
    187 {
    188   $user['restrictions'] = array();
    189 }
    190 
    191122// calculation of the number of picture to display per page
    192123$user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page'];
    193 
    194 if (empty($user['language'])
    195     or !file_exists(PHPWG_ROOT_PATH.'language/'.
    196                     $user['language'].'/common.lang.php'))
    197 {
    198   $user['language'] = $conf['default_language'];
    199 }
    200 include_once(PHPWG_ROOT_PATH.'language/'.$user['language'].'/common.lang.php');
    201 
    202 // displaying the username in the language of the connected user, instead of
    203 // "guest" as you can find in the database
    204 if ($user['is_the_guest'])
    205 {
    206   $user['username'] = $lang['guest'];
    207 }
    208 
    209 // only if we are in the administration section
    210 if (defined('IN_ADMIN') and IN_ADMIN)
    211 {
    212   $langdir = PHPWG_ROOT_PATH.'language/'.$user['language'];
    213   if (!file_exists($langdir.'/admin.lang.php'))
    214   {
    215     $langdir = PHPWG_ROOT_PATH.'language/'.$conf['default_language'];
    216   }
    217   include_once($langdir.'/admin.lang.php');
    218   include_once($langdir.'/faq.lang.php');
    219 }
    220 
    221 if (empty($user['template']))
    222 {
    223   $user['template'] = $conf['default_template'];
    224 }
    225 $template = setup_style($user['template']);
    226124?>
Note: See TracChangeset for help on using the changeset viewer.