Step 1 improvement issue 0000301:

o Change status of table #_user_infos o Don't send password to webmaster, guest, generic Next Step: o Functions Check of status o Restricted Access for user generic git-svn-id: http://piwigo.org/svn/trunk@1070 68402e56-0260-453c-a942-63ccdbb3a9ee
Piwigo · Mar 8, 2006 · b263f0c · b263f0c
1 parent cba56c0
commit b263f0c
Show file tree

Hide file tree

Showing 15 changed files with 160 additions and 33 deletions.
diff --git a/admin/include/functions.php b/admin/include/functions.php
@@ -1230,7 +1230,7 @@ function sync_users()
     {
       $insert = array();
       $insert['user_id'] = $user_id;
-      $insert['status'] = 'guest';
+      $insert['status'] = 'normal';
       $insert['template'] = $conf['default_template'];
       $insert['nb_image_line'] = $conf['nb_image_line'];
       $insert['nb_line_page'] = $conf['nb_line_page'];

diff --git a/admin/include/isadmin.inc.php b/admin/include/isadmin.inc.php
@@ -27,7 +27,7 @@
 
 include( PHPWG_ROOT_PATH.'admin/include/functions.php' );
 
-if ($user['status'] != 'admin')
+if (!is_admin())
 {
   echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />';
   echo '<a href="'.PHPWG_ROOT_PATH.'identification.php">'.$lang['identification'].'</a></div>';

diff --git a/admin/mailtousers.php b/admin/mailtousers.php
@@ -77,16 +77,18 @@ function find_available_check_key()
  */
 function update_data_user_mail_notification()
 {
-/*  $query = '
-insert into '.USER_MAIL_NOTIFICATION_TABLE.'
-  (user_id, enabled)
-  (select id, \'false\' from '.USERS_TABLE.'
-  where mail_address is not null and id not in (select user_id from '.USER_MAIL_NOTIFICATION_TABLE.'))
-;';
-  pwg_query($query);*/
-
   global $conf, $page;
 
+  // Set null mail_address empty
+  $query = '
+update 
+  '.USERS_TABLE.'
+set
+  mail_address = null
+where
+  trim(mail_address) = \'\';';
+  pwg_query($query);
+
   $query = '
 select
   id user_id, username, mail_address

diff --git a/admin/user_list.php b/admin/user_list.php
@@ -377,7 +377,7 @@ function get_filtered_user_list()
       // Webmaster status must not be changed
       if ($conf['webmaster_id'] == $user_id and isset($data['status']))
       {
-        $data['status'] = 'admin';
+        $data['status'] = 'webmaster';
       }
 
       array_push($datas, $data);
@@ -649,7 +649,7 @@ function get_filtered_user_list()
   {
     $selected = $_POST['status'] == $status ? 'selected="selected"' : '';
   }
-  else if ('guest' == $status)
+  else if ('normal' == $status)
   {
     $selected = 'selected="selected"';
   }

diff --git a/category.php b/category.php
@@ -368,7 +368,7 @@
     $template->assign_block_vars('logout', array());
   }
 
-  if ('admin' == $user['status'])
+  if (is_admin())
   {
     $template->assign_block_vars('admin', array());
   }
@@ -408,7 +408,7 @@
 
 if (isset($page['cat'])
     and is_numeric($page['cat'])
-    and 'admin' == $user['status'])
+    and is_admin())
 {
   $template->assign_block_vars(
     'edit',

diff --git a/include/common.inc.php b/include/common.inc.php
@@ -208,7 +208,7 @@
   echo '</div>';
 
   if ( basename($_SERVER["PHP_SELF"]) != 'identification.php'
-      and $user['status'] != 'admin' )
+      and !is_admin() )
   {
     exit();
   }

diff --git a/include/functions.inc.php b/include/functions.inc.php
@@ -355,7 +355,7 @@ function pwg_log( $file, $category, $picture = '' )
 
   if ($conf['log'])
   {
-   if ( ($conf['history_admin'] ) or  ( (! $conf['history_admin'])  and ($user['status'] != 'admin')  ) )
+   if ( ($conf['history_admin'] ) or  ( (! $conf['history_admin'])  and (!is_admin())  ) )
 	  {
     $login = ($user['id'] == $conf['guest_id'])
       ? 'guest' : addslashes($user['username']);

diff --git a/include/functions_notification.inc.php b/include/functions_notification.inc.php
@@ -192,7 +192,7 @@ function news($start, $end)
                               $nb_updated_categories));
   }
 
-  if ('admin' == $user['status'])
+  if (is_admin())
   {
     $nb_unvalidated_comments = count(unvalidated_comments($end));
     if ($nb_unvalidated_comments > 0)

diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
@@ -292,7 +292,7 @@ function calculate_permissions($user_id, $user_status)
   }
 
   // if user is not an admin, locked categories can be considered as private$
-  if ($user_status != 'admin')
+  if (!is_admin())
   {
     $query = '
 SELECT id
@@ -439,7 +439,7 @@ function create_user_infos($user_id)
   $insert =
     array(
       'user_id' => $user_id,
-      'status' => $user_id == $conf['webmaster_id'] ? 'admin' : 'guest',
+      'status' => $user_id == $conf['webmaster_id'] ? 'admin' : 'normal',
       'template' => $conf['default_template'],
       'nb_image_line' => $conf['nb_image_line'],
       'nb_line_page' => $conf['nb_line_page'],
@@ -536,4 +536,15 @@ function log_user($user_id, $remember_me)
   $_SESSION['id'] = $user_id;
 }
 
+/*
+ * Return if current is an administrator
+ * @return bool
+*/
+function is_admin()
+{
+  global $user;
+
+  return ($user['status'] == 'webmaster' or $user['status'] == 'admin') ? true : false;
+}
+
 ?>
diff --git a/install/db/12-database.php b/install/db/12-database.php
@@ -0,0 +1,103 @@
+<?php
+// +-----------------------------------------------------------------------+
+// | PhpWebGallery - a PHP based picture gallery                           |
+// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
+// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
+// +-----------------------------------------------------------------------+
+// | branch        : BSF (Best So Far)
+// | file          : $RCSfile$
+// | last update   : $Date: 2005-09-21 00:04:57 +0200 (mer, 21 sep 2005) $
+// | last modifier : $Author: plg $
+// | revision      : $Revision: 870 $
+// +-----------------------------------------------------------------------+
+// | This program is free software; you can redistribute it and/or modify  |
+// | it under the terms of the GNU General Public License as published by  |
+// | the Free Software Foundation                                          |
+// |                                                                       |
+// | This program is distributed in the hope that it will be useful, but   |
+// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
+// | General Public License for more details.                              |
+// |                                                                       |
+// | You should have received a copy of the GNU General Public License     |
+// | along with this program; if not, write to the Free Software           |
+// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
+// | USA.                                                                  |
+// +-----------------------------------------------------------------------+
+
+if (!defined('PHPWG_ROOT_PATH'))
+{
+  die('Hacking attempt!');
+}
+
+$upgrade_description = 'Field "Status" Table #user_infos changed';
+
+include_once(PHPWG_ROOT_PATH.'include/constants.php');
+include(PHPWG_ROOT_PATH . 'include/config_default.inc.php');
+@include(PHPWG_ROOT_PATH. 'include/config_local.inc.php');
+
+// +-----------------------------------------------------------------------+
+// |                            Upgrade content                            |
+// +-----------------------------------------------------------------------+
+
+echo "Alter table ".USER_INFOS_TABLE;
+$query = "
+alter table ".USER_INFOS_TABLE."
+  modify column `status` enum('webmaster', 'admin', 'normal', 'generic', 'guest') NOT NULL default 'guest'
+;";
+pwg_query($query);
+
+echo "Define webmaster";
+$query = '
+update
+  '.USER_INFOS_TABLE.'
+set status = \'webmaster\'
+where
+  user_id = '.$conf['webmaster_id'].' and status = \'admin\'
+;';
+$result = pwg_query($query);
+
+echo "Define normal";
+$query = '
+select
+  user_id
+from
+  '.USER_INFOS_TABLE.'
+where
+  user_id != '.$conf['guest_id'].' and status = \'guest\'
+;';
+$result = pwg_query($query);
+
+$datas = array();
+
+while ($row = mysql_fetch_array($result))
+{
+  array_push(
+    $datas,
+    array(
+      'user_id'    => $row['user_id'],
+      'status' => 'normal'
+      )
+    );
+}
+
+mass_updates(
+  USER_INFOS_TABLE,
+  array(
+    'primary' => array('user_id'),
+    'update'  => array('status')
+    ),
+  $datas
+  );
+
+// +-----------------------------------------------------------------------+
+// |                           End notification                            |
+// +-----------------------------------------------------------------------+
+
+echo
+"\n"
+.'Column '.USER_INFOS_TABLE.'.status changed'
+."\n"
+;
+
+?>
diff --git a/install/phpwebgallery_structure.sql b/install/phpwebgallery_structure.sql
@@ -1,4 +1,5 @@
 -- MySQL dump 9.11
+-- MySQL dump 9.11
 --
 -- Host: localhost    Database: pwg-bsf
 -- ------------------------------------------------------
@@ -294,7 +295,7 @@ CREATE TABLE `phpwebgallery_user_infos` (
   `user_id` smallint(5) NOT NULL default '0',
   `nb_image_line` tinyint(1) unsigned NOT NULL default '5',
   `nb_line_page` tinyint(3) unsigned NOT NULL default '3',
-  `status` enum('admin','guest') NOT NULL default 'guest',
+  `status` enum('webmaster', 'admin', 'normal', 'generic', 'guest') NOT NULL default 'guest',
   `language` varchar(50) NOT NULL default 'english',
   `maxwidth` smallint(6) default NULL,
   `maxheight` smallint(6) default NULL,

diff --git a/language/en_UK.iso-8859-1/admin.lang.php b/language/en_UK.iso-8859-1/admin.lang.php
@@ -392,8 +392,11 @@
 $lang['user_delete_hint'] = 'Click here to delete this user. Warning! This operation cannot be undone!';
 $lang['user_id URL parameter is missing'] = 'user_id URL parameter is missing';
 $lang['user_status'] = 'User status';
+$lang['user_status_webmaster'] = 'Webmaster';
 $lang['user_status_admin'] = 'Administrator';
-$lang['user_status_guest'] = 'User';
+$lang['user_status_normal'] = 'User';
+$lang['user_status_generic'] = 'Generic';
+$lang['user_status_guest'] = 'Guest';
 $lang['username'] = 'username';
 $lang['users'] = 'Users';
 $lang['visitors'] = 'Visitors';

diff --git a/language/fr_FR.iso-8859-1/admin.lang.php b/language/fr_FR.iso-8859-1/admin.lang.php
@@ -392,8 +392,11 @@
 $lang['user_delete_hint'] = 'Cliquer ici pour supprimer cet utilisateur. Attention :  cette opération ne peut pas être annulée !';
 $lang['user_id URL parameter is missing'] = 'le paramètre d\'URL "user_id" manque';
 $lang['user_status'] = 'Statut de l\'utilisateur';
+$lang['user_status_webmaster'] = 'Webmestre';
 $lang['user_status_admin'] = 'Administrateur';
-$lang['user_status_guest'] = 'Visiteur';
+$lang['user_status_normal'] = 'Visiteur';
+$lang['user_status_generic'] = 'Générique';
+$lang['user_status_guest'] = 'Invité';
 $lang['username'] = 'nom utilisateur';
 $lang['users'] = 'Utilisateurs';
 $lang['visitors'] = 'Visiteurs';

diff --git a/password.php b/password.php
@@ -69,8 +69,12 @@
 SELECT '.$conf['user_fields']['id'].' AS id
      , '.$conf['user_fields']['username'].' AS username
      , '.$conf['user_fields']['email'].' AS email
-  FROM '.USERS_TABLE.'
-  WHERE '.$conf['user_fields']['email'].' = \''.$mail_address.'\'
+FROM '.USERS_TABLE.' as u
+  INNER JOIN '.USER_INFOS_TABLE.' AS ui
+      ON u.'.$conf['user_fields']['id'].' = ui.user_id
+WHERE '
+  .$conf['user_fields']['email'].' = \''.$mail_address.'\' AND
+  ui.status not in (\'guest\', \'generic\', \'webmaster\')
 ;';
     $result = pwg_query($query);
 

diff --git a/picture.php b/picture.php
@@ -114,7 +114,7 @@
 }
 
 //-------------------------------------------------------------- representative
-if ('admin' == $user['status'] and isset($_GET['representative']))
+if (is_admin() and isset($_GET['representative']))
 {
   $query = '
 UPDATE '.CATEGORIES_TABLE.'
@@ -480,7 +480,7 @@
       $data{'image_id'} = $_GET['image_id'];
       $data{'content'} = htmlspecialchars( $_POST['content'], ENT_QUOTES);
 
-      if (!$conf['comments_validation'] or $user['status'] == 'admin')
+      if (!$conf['comments_validation'] or is_admin())
       {
         $data{'validated'} = 'true';
         $data{'validation_date'} = $dbnow;
@@ -498,9 +498,9 @@
       // information message
       $message = $lang['comment_added'];
 
-      if (!$conf['comments_validation'] or $user['status'] == 'admin')
+      if (!$conf['comments_validation'] or is_admin())
 
-      if ( $conf['comments_validation'] and $user['status'] != 'admin' )
+      if ( $conf['comments_validation'] and !is_admin() )
       {
         $message.= '<br />'.$lang['comment_to_validate'];
       }
@@ -519,7 +519,7 @@
 // comment deletion
 if ( isset( $_GET['del'] )
      and is_numeric( $_GET['del'] )
-     and $user['status'] == 'admin' )
+     and is_admin() )
 {
   $query = 'DELETE FROM '.COMMENTS_TABLE;
   $query.= ' WHERE id = '.$_GET['del'];
@@ -686,7 +686,7 @@
   );
 }
 // button to set the current picture as representative
-if ('admin' == $user['status'] and
+if (is_admin() and
     isset($page['cat']) and is_numeric($page['cat']))
 {
   $template->assign_block_vars(
@@ -700,7 +700,7 @@
     );
 }
 
-if ('admin' == $user['status'])
+if (is_admin())
 {
   $template->assign_block_vars(
     'caddie',
@@ -752,7 +752,7 @@
   }
 }
 //------------------------------------ admin link for information modifications
-if ( $user['status'] == 'admin' )
+if ( is_admin() )
 {
   $template->assign_block_vars('admin', array());
 }
@@ -1152,7 +1152,7 @@
     'COMMENT'=>parse_comment_content($row['content'])
     ));
 
-      if ( $user['status'] == 'admin' )
+      if ( is_admin() )
       {
         $template->assign_block_vars(
           'comments.comment.delete',