Context Navigation

source: branches/1.4/include/functions_user.inc.php @ 27569

Last change on this file since 27569 was 807, checked in by plg, 19 years ago
bug 133 corrected : Deleting user favorites is too restrictive. Instead of deleting a favorite because it belongs to at least one forbidden category, a favorite is deleted if it belongs to no authorized category (which was the expected behaviour).
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 10.4 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| branch : BSF (Best So Far)
8	// \| file : $RCSfile$
9	// \| last update : $Date: 2005-08-07 18:02:48 +0000 (Sun, 07 Aug 2005) $
10	// \| last modifier : $Author: plg $
11	// \| revision : $Revision: 807 $
12	// +-----------------------------------------------------------------------+
13	// \| This program is free software; you can redistribute it and/or modify \|
14	// \| it under the terms of the GNU General Public License as published by \|
15	// \| the Free Software Foundation \|
16	// \| \|
17	// \| This program is distributed in the hope that it will be useful, but \|
18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
20	// \| General Public License for more details. \|
21	// \| \|
22	// \| You should have received a copy of the GNU General Public License \|
23	// \| along with this program; if not, write to the Free Software \|
24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
25	// \| USA. \|
26	// +-----------------------------------------------------------------------+
27
28	// validate_mail_address verifies whether the given mail address has the
29	// right format. ie someone@domain.com "someone" can contain ".", "-" or
30	// even "_". Exactly as "domain". The extension doesn't have to be
31	// "com". The mail address can also be empty.
32	// If the mail address doesn't correspond, an error message is returned.
33	function validate_mail_address( $mail_address )
34	{
35	global $lang;
36
37	if ( $mail_address == '' )
38	{
39	return '';
40	}
41	$regex = '/^[\w-]+(\.[\w-]+)@[\w-]+(\.[\w-]+)\.[a-z]+$/';
42	if ( !preg_match( $regex, $mail_address ) )
43	{
44	return $lang['reg_err_mail_address'];
45	}
46	}
47
48	function register_user($login, $password, $password_conf,
49	$mail_address, $status = 'guest')
50	{
51	global $lang, $conf;
52
53	$errors = array();
54	// login must not
55	// 1. be empty
56	// 2. start ou end with space character
57	// 3. include ' or " characters
58	// 4. be already used
59	if ($login == '')
60	{
61	array_push($errors, $lang['reg_err_login1']);
62	}
63	if (ereg("^.* $", $login))
64	{
65	array_push($errors, $lang['reg_err_login2']);
66	}
67	if (ereg("^ .*$", $login))
68	{
69	array_push($errors, $lang['reg_err_login3']);
70	}
71
72	if (ereg("'", $login) or ereg("\"", $login))
73	{
74	array_push($errors, $lang['reg_err_login4']);
75	}
76	else
77	{
78	$query = '
79	SELECT id
80	FROM '.USERS_TABLE.'
81	WHERE username = \''.$login.'\'
82	;';
83	$result = pwg_query($query);
84	if (mysql_num_rows($result) > 0)
85	{
86	array_push($errors, $lang['reg_err_login5']);
87	}
88	}
89	// given password must be the same as the confirmation
90	if ($password != $password_conf)
91	{
92	array_push($errors, $lang['reg_err_pass']);
93	}
94
95	$error_mail_address = validate_mail_address($mail_address);
96	if ($error_mail_address != '')
97	{
98	array_push($errors, $error_mail_address);
99	}
100
101	// if no error until here, registration of the user
102	if (count($errors) == 0)
103	{
104	$insert = array();
105	$insert['username'] = $login;
106	$insert['password'] = md5($password);
107	$insert['status'] = $status;
108	$insert['template'] = $conf['default_template'];
109	$insert['nb_image_line'] = $conf['nb_image_line'];
110	$insert['nb_line_page'] = $conf['nb_line_page'];
111	$insert['language'] = $conf['default_language'];
112	$insert['recent_period'] = $conf['recent_period'];
113	$insert['expand'] = boolean_to_string($conf['auto_expand']);
114	$insert['show_nb_comments'] = boolean_to_string($conf['show_nb_comments']);
115	if ( $mail_address != '' )
116	{
117	$insert['mail_address'] = $mail_address;
118	}
119	if ($conf['default_maxwidth'] != '')
120	{
121	$insert['maxwidth'] = $conf['default_maxwidth'];
122	}
123	if ($conf['default_maxheight'] != '')
124	{
125	$insert['maxheight'] = $conf['default_maxheight'];
126	}
127
128	$query = '
129	INSERT INTO '.USERS_TABLE.'
130	('.implode(',', array_keys($insert)).')
131	VALUES
132	(';
133	$is_first = true;
134	foreach (array_keys($insert) as $field)
135	{
136	if (!$is_first)
137	{
138	$query.= ',';
139	}
140	$query.= "'".$insert[$field]."'";
141	$is_first = false;
142	}
143	$query.= ')
144	;';
145	pwg_query($query);
146	}
147	return $errors;
148	}
149
150	function update_user( $user_id, $mail_address, $status,
151	$use_new_password = false, $password = '' )
152	{
153	$error = array();
154	$i = 0;
155
156	$error_mail_address = validate_mail_address( $mail_address );
157	if ( $error_mail_address != '' )
158	{
159	$error[$i++] = $error_mail_address;
160	}
161
162	if ( sizeof( $error ) == 0 )
163	{
164	$query = 'UPDATE '.USERS_TABLE;
165	$query.= " SET status = '".$status."'";
166	if ( $use_new_password )
167	{
168	$query.= ", password = '".md5( $password )."'";
169	}
170	$query.= ', mail_address = ';
171	if ( $mail_address != '' )
172	{
173	$query.= "'".$mail_address."'";
174	}
175	else
176	{
177	$query.= 'NULL';
178	}
179	$query.= ' WHERE id = '.$user_id;
180	$query.= ';';
181	pwg_query( $query );
182	}
183	return $error;
184	}
185
186	function check_login_authorization($guest_allowed = true)
187	{
188	global $user,$lang,$conf,$template;
189
190	if ($user['is_the_guest'] and !$guest_allowed)
191	{
192	echo '<div style="text-align:center;">'.$lang['only_members'].'<br />';
193	echo '<a href="./identification.php">'.$lang['ident_title'].'</a></div>';
194	exit();
195	}
196
197	if ($conf['gallery_locked'])
198	{
199	echo '<div style="text-align:center;">';
200	echo $lang['gallery_locked_message'];
201	echo '</div>';
202	if ($user['status'] != 'admin')
203	{
204	exit();
205	}
206	}
207	}
208
209	function setup_style($style)
210	{
211	return new Template(PHPWG_ROOT_PATH.'template/'.$style);
212	}
213
214	function getuserdata($user)
215	{
216	$sql = "SELECT * FROM " . USERS_TABLE;
217	$sql.= " WHERE ";
218	$sql .= ( ( is_integer($user) ) ? "id = $user" : "username = '" . str_replace("\'", "''", $user) . "'" ) . " AND id <> " . ANONYMOUS;
219	$result = pwg_query($sql);
220	return ( $row = mysql_fetch_array($result) ) ? $row : false;
221	}
222
223	/*
224	* deletes favorites of the current user if he's not allowed to see them
225	*
226	* @return void
227	*/
228	function check_user_favorites()
229	{
230	global $user;
231
232	if ($user['forbidden_categories'] == '')
233	{
234	return;
235	}
236
237	// retrieving images allowed : belonging to at least one authorized
238	// category
239	$query = '
240	SELECT DISTINCT f.image_id
241	FROM '.FAVORITES_TABLE.' AS f INNER JOIN '.IMAGE_CATEGORY_TABLE.' AS ic
242	ON f.image_id = ic.image_id
243	WHERE f.user_id = '.$user['id'].'
244	AND ic.category_id NOT IN ('.$user['forbidden_categories'].')
245	;';
246	$result = pwg_query($query);
247	$authorizeds = array();
248	while ($row = mysql_fetch_array($result))
249	{
250	array_push($authorizeds, $row['image_id']);
251	}
252
253	$query = '
254	SELECT image_id
255	FROM '.FAVORITES_TABLE.'
256	WHERE user_id = '.$user['id'].'
257	;';
258	$result = pwg_query($query);
259	$favorites = array();
260	while ($row = mysql_fetch_array($result))
261	{
262	array_push($favorites, $row['image_id']);
263	}
264
265	$to_deletes = array_diff($favorites, $authorizeds);
266
267	if (count($to_deletes) > 0)
268	{
269	$query = '
270	DELETE FROM '.FAVORITES_TABLE.'
271	WHERE image_id IN ('.implode(',', $to_deletes).')
272	AND user_id = '.$user['id'].'
273	;';
274	pwg_query($query);
275	}
276	}
277
278	/**
279	* update table user_forbidden for the given user
280	*
281	* table user_forbidden contains calculated data. Calculation is based on
282	* private categories minus categories authorized to the groups the user
283	* belongs to minus the categories directly authorized to the user
284	*
285	* @param int user_id
286	* @param string user_status
287	* @return string forbidden_categories
288	*/
289	function calculate_permissions($user_id, $user_status)
290	{
291	$private_array = array();
292	$authorized_array = array();
293
294	$query = '
295	SELECT id
296	FROM '.CATEGORIES_TABLE.'
297	WHERE status = \'private\'
298	;';
299	$result = pwg_query($query);
300	while ($row = mysql_fetch_array($result))
301	{
302	array_push($private_array, $row['id']);
303	}
304
305	// if user is not an admin, locked categories can be considered as private$
306	if ($user_status != 'admin')
307	{
308	$query = '
309	SELECT id
310	FROM '.CATEGORIES_TABLE.'
311	WHERE visible = \'false\'
312	;';
313	$result = pwg_query($query);
314	while ($row = mysql_fetch_array($result))
315	{
316	array_push($private_array, $row['id']);
317	}
318
319	$private_array = array_unique($private_array);
320	}
321
322	// retrieve category ids directly authorized to the user
323	$query = '
324	SELECT cat_id
325	FROM '.USER_ACCESS_TABLE.'
326	WHERE user_id = '.$user_id.'
327	;';
328	$result = pwg_query($query);
329	while ($row = mysql_fetch_array($result))
330	{
331	array_push($authorized_array, $row['cat_id']);
332	}
333
334	// retrieve category ids authorized to the groups the user belongs to
335	$query = '
336	SELECT cat_id
337	FROM '.USER_GROUP_TABLE.' AS ug INNER JOIN '.GROUP_ACCESS_TABLE.' AS ga
338	ON ug.group_id = ga.group_id
339	WHERE ug.user_id = '.$user_id.'
340	;';
341	$result = pwg_query($query);
342	while ($row = mysql_fetch_array($result))
343	{
344	array_push($authorized_array, $row['cat_id']);
345	}
346
347	// uniquify ids : some private categories might be authorized for the
348	// groups and for the user
349	$authorized_array = array_unique($authorized_array);
350
351	// only unauthorized private categories are forbidden
352	$forbidden_array = array_diff($private_array, $authorized_array);
353
354	$query = '
355	DELETE FROM '.USER_FORBIDDEN_TABLE.'
356	WHERE user_id = '.$user_id.'
357	;';
358	pwg_query($query);
359
360	$forbidden_categories = implode(',', $forbidden_array);
361
362	$query = '
363	INSERT INTO '.USER_FORBIDDEN_TABLE.'
364	(user_id,need_update,forbidden_categories)
365	VALUES
366	('.$user_id.',\'false\',\''.$forbidden_categories.'\')
367	;';
368	pwg_query($query);
369
370	return $forbidden_categories;
371	}
372
373	/**
374	* returns the username corresponding to the given user identifier if exists
375	*
376	* @param int user_id
377	* @return mixed
378	*/
379	function get_username($user_id)
380	{
381	$query = '
382	SELECT username
383	FROM '.USERS_TABLE.'
384	WHERE id = '.intval($user_id).'
385	;';
386	$result = pwg_query($query);
387	if (mysql_num_rows($result) > 0)
388	{
389	list($username) = mysql_fetch_row($result);
390	}
391	else
392	{
393	return false;
394	}
395
396	return $username;
397	}
398	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: