Context Navigation

source: branches/2.5/include/functions_user.inc.php @ 26809

Last change on this file since 26809 was 25634, checked in by patdenice, 11 years ago
merge r25633 from trunk to branch 2.5 Small bug on password hash verification with strpos function
Property svn:eol-style set to `LF`
File size: 39.2 KB

Rev	Line
[2]	1	<?php
[362]	2	// +-----------------------------------------------------------------------+
[8728]	3	// \| Piwigo - a PHP based photo gallery \|
[2297]	4	// +-----------------------------------------------------------------------+
[19703]	5	// \| Copyright(C) 2008-2013 Piwigo Team http://piwigo.org \|
[2297]	6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
	7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
	8	// +-----------------------------------------------------------------------+
	9	// \| This program is free software; you can redistribute it and/or modify \|
	10	// \| it under the terms of the GNU General Public License as published by \|
	11	// \| the Free Software Foundation \|
	12	// \| \|
	13	// \| This program is distributed in the hope that it will be useful, but \|
	14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	16	// \| General Public License for more details. \|
	17	// \| \|
	18	// \| You should have received a copy of the GNU General Public License \|
	19	// \| along with this program; if not, write to the Free Software \|
	20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	21	// \| USA. \|
	22	// +-----------------------------------------------------------------------+
[2]	23
[2115]	24	// validate_mail_address:
	25	// o verifies whether the given mail address has the
	26	// right format. ie someone@domain.com "someone" can contain ".", "-" or
	27	// even "_". Exactly as "domain". The extension doesn't have to be
	28	// "com". The mail address can also be empty.
	29	// o check if address could be empty
	30	// o check if address is not used by a other user
[9]	31	// If the mail address doesn't correspond, an error message is returned.
[2127]	32	//
[2124]	33	function validate_mail_address($user_id, $mail_address)
[2]	34	{
[2115]	35	global $conf;
[2]	36
[2032]	37	if (empty($mail_address) and
[2127]	38	!($conf['obligatory_user_mail_address'] and
[2124]	39	in_array(script_basename(), array('register', 'profile'))))
[2]	40	{
[9]	41	return '';
[2]	42	}
[2115]	43
[18164]	44	if ( !email_check_format($mail_address) )
[9]	45	{
[5021]	46	return l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)');
[9]	47	}
[2127]	48
[2115]	49	if (defined("PHPWG_INSTALLED") and !empty($mail_address))
	50	{
	51	$query = '
[18164]	52	SELECT count(*)
	53	FROM '.USERS_TABLE.'
	54	WHERE upper('.$conf['user_fields']['email'].') = upper(\''.$mail_address.'\')
	55	'.(is_numeric($user_id) ? 'AND '.$conf['user_fields']['id'].' != \''.$user_id.'\'' : '').'
[2115]	56	;';
[4325]	57	list($count) = pwg_db_fetch_row(pwg_query($query));
[2115]	58	if ($count != 0)
	59	{
[8635]	60	return l10n('this email address is already in use');
[2115]	61	}
	62	}
[2]	63	}
	64
[4429]	65	// validate_login_case:
	66	// o check if login is not used by a other user
	67	// If the login doesn't correspond, an error message is returned.
	68	//
	69	function validate_login_case($login)
	70	{
	71	global $conf;
[13074]	72
[4429]	73	if (defined("PHPWG_INSTALLED"))
	74	{
	75	$query = "
	76	SELECT ".$conf['user_fields']['username']."
	77	FROM ".USERS_TABLE."
	78	WHERE LOWER(".stripslashes($conf['user_fields']['username']).") = '".strtolower($login)."'
	79	;";
	80
	81	$count = pwg_db_num_rows(pwg_query($query));
	82
	83	if ($count > 0)
	84	{
[5021]	85	return l10n('this login is already used');
[4429]	86	}
	87	}
	88	}
[10860]	89	/**
	90	* For test on username case sensitivity
	91	*
	92	* @param : $username typed in by user for identification
	93	*
	94	* @return : $username found in database
	95	*
	96	*/
	97	function search_case_username($username)
	98	{
	99	global $conf;
[4429]	100
[10860]	101	$username_lo = strtolower($username);
	102
	103	$SCU_users = array();
[13074]	104
[10860]	105	$q = pwg_query("
	106	SELECT ".$conf['user_fields']['username']." AS username
	107	FROM `".USERS_TABLE."`;
	108	");
	109	while ($r = pwg_db_fetch_assoc($q))
	110	$SCU_users[$r['username']] = strtolower($r['username']);
	111	// $SCU_users is now an associative table where the key is the account as
	112	// registered in the DB, and the value is this same account, in lower case
[13074]	113
[10860]	114	$users_found = array_keys($SCU_users, $username_lo);
	115	// $users_found is now a table of which the values are all the accounts
	116	// which can be written in lowercase the same way as $username
	117	if (count($users_found) != 1) // If ambiguous, don't allow lowercase writing
	118	return $username; // but normal writing will work
	119	else
	120	return $users_found[0];
	121	}
[2178]	122	function register_user($login, $password, $mail_address,
	123	$with_notification = true, $errors = array())
[2]	124	{
[2115]	125	global $conf;
[2]	126
[661]	127	if ($login == '')
	128	{
[13074]	129	$errors[] = l10n('Please, enter a login');
[661]	130	}
[3747]	131	if (preg_match('/^.* $/', $login))
[661]	132	{
[13074]	133	$errors[] = l10n('login mustn\'t end with a space character');
[661]	134	}
[3747]	135	if (preg_match('/^ .*$/', $login))
[661]	136	{
[13074]	137	$errors[] = l10n('login mustn\'t start with a space character');
[661]	138	}
[808]	139	if (get_userid($login))
[804]	140	{
[13074]	141	$errors[] = l10n('this login is already used');
[2]	142	}
[9923]	143	if ($login != strip_tags($login))
	144	{
[13074]	145	$errors[] = l10n('html tags are not allowed in login');
[9923]	146	}
[2124]	147	$mail_error = validate_mail_address(null, $mail_address);
[808]	148	if ('' != $mail_error)
[661]	149	{
[13074]	150	$errors[] = $mail_error;
[661]	151	}
[2]	152
[5060]	153	if ($conf['insensitive_case_logon'] == true)
[4429]	154	{
	155	$login_error = validate_login_case($login);
	156	if ($login_error != '')
	157	{
[13074]	158	$errors[] = $login_error;
[4429]	159	}
	160	}
	161
[2237]	162	$errors = trigger_event('register_user_check',
	163	$errors,
	164	array(
[2268]	165	'username'=>$login,
[2237]	166	'password'=>$password,
	167	'email'=>$mail_address,
	168	)
	169	);
	170
[9]	171	// if no error until here, registration of the user
[661]	172	if (count($errors) == 0)
[2]	173	{
[906]	174	// what will be the inserted id ?
	175	$query = '
	176	SELECT MAX('.$conf['user_fields']['id'].') + 1
	177	FROM '.USERS_TABLE.'
	178	;';
[4325]	179	list($next_id) = pwg_db_fetch_row(pwg_query($query));
[1068]	180
[808]	181	$insert =
	182	array(
[906]	183	$conf['user_fields']['id'] => $next_id,
[4325]	184	$conf['user_fields']['username'] => pwg_db_real_escape_string($login),
[18889]	185	$conf['user_fields']['password'] => $conf['password_hash']($password),
[808]	186	$conf['user_fields']['email'] => $mail_address
	187	);
[661]	188
[808]	189	mass_inserts(USERS_TABLE, array_keys($insert), array($insert));
[1068]	190
[2178]	191	// Assign by default groups
	192	{
	193	$query = '
[1583]	194	SELECT id
	195	FROM '.GROUPS_TABLE.'
	196	WHERE is_default = \''.boolean_to_string(true).'\'
	197	ORDER BY id ASC
	198	;';
[2178]	199	$result = pwg_query($query);
[1581]	200
[2178]	201	$inserts = array();
[4325]	202	while ($row = pwg_db_fetch_assoc($result))
[2178]	203	{
[13074]	204	$inserts[] = array(
[2178]	205	'user_id' => $next_id,
	206	'group_id' => $row['id']
[13074]	207	);
[2178]	208	}
[1583]	209	}
[1581]	210
[1583]	211	if (count($inserts) != 0)
	212	{
	213	mass_inserts(USER_GROUP_TABLE, array('user_id', 'group_id'), $inserts);
[1581]	214	}
	215
[2425]	216	$override = null;
	217	if ($with_notification and $conf['browser_language'])
	218	{
	219	if ( !get_browser_language($override['language']) )
	220	$override=null;
	221	}
	222	create_user_infos($next_id, $override);
[1605]	223
[2178]	224	if ($with_notification and $conf['email_admin_on_new_user'])
	225	{
	226	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
	227	$admin_url = get_absolute_root_url()
[2268]	228	.'admin.php?page=user_list&username='.$login;
[2178]	229
	230	$keyargs_content = array
	231	(
[4304]	232	get_l10n_args('User: %s', stripslashes($login)),
[2178]	233	get_l10n_args('Email: %s', $_POST['mail_address']),
	234	get_l10n_args('', ''),
	235	get_l10n_args('Admin: %s', $admin_url)
	236	);
	237
	238	pwg_mail_notification_admins
	239	(
[4304]	240	get_l10n_args('Registration of %s', stripslashes($login)),
[2178]	241	$keyargs_content
	242	);
	243	}
	244
[1605]	245	trigger_action('register_user',
	246	array(
	247	'id'=>$next_id,
	248	'username'=>$login,
	249	'email'=>$mail_address,
	250	)
	251	);
[2]	252	}
[906]	253
[661]	254	return $errors;
[2]	255	}
	256
[1677]	257	function build_user( $user_id, $use_cache )
[1568]	258	{
	259	global $conf;
[2038]	260
[1568]	261	$user['id'] = $user_id;
[1677]	262	$user = array_merge( $user, getuserdata($user_id, $use_cache) );
[1926]	263
[2055]	264	if ($user['id'] == $conf['guest_id'] and $user['status'] <> 'guest')
	265	{
	266	$user['status'] = 'guest';
	267	$user['internal_status']['guest_must_be_guest'] = true;
	268	}
	269
[5123]	270	// Check user theme
[5264]	271	if (!isset($user['theme_name']))
[5123]	272	{
[5264]	273	$user['theme'] = get_default_theme();
[5123]	274	}
[2039]	275
[1568]	276	return $user;
	277	}
	278
[808]	279	/**
	280	* find informations related to the user identifier
	281	*
	282	* @param int user identifier
	283	* @param boolean use_cache
	284	* @param array
	285	*/
[1677]	286	function getuserdata($user_id, $use_cache)
[393]	287	{
[808]	288	global $conf;
	289
[6315]	290	// retrieve basic user data
[808]	291	$query = '
	292	SELECT ';
	293	$is_first = true;
	294	foreach ($conf['user_fields'] as $pwgfield => $dbfield)
	295	{
	296	if ($is_first)
	297	{
	298	$is_first = false;
	299	}
	300	else
	301	{
	302	$query.= '
	303	, ';
	304	}
	305	$query.= $dbfield.' AS '.$pwgfield;
	306	}
	307	$query.= '
	308	FROM '.USERS_TABLE.'
[3622]	309	WHERE '.$conf['user_fields']['id'].' = \''.$user_id.'\'';
[1068]	310
[4325]	311	$row = pwg_db_fetch_assoc(pwg_query($query));
[808]	312
[6510]	313	// retrieve additional user data ?
	314	if ($conf['external_authentification'])
	315	{
	316	$query = '
	317	SELECT
[11356]	318	COUNT(1) AS counter
[6510]	319	FROM '.USER_INFOS_TABLE.' AS ui
	320	LEFT JOIN '.USER_CACHE_TABLE.' AS uc ON ui.user_id = uc.user_id
	321	LEFT JOIN '.THEMES_TABLE.' AS t ON t.id = ui.theme
	322	WHERE ui.user_id = '.$user_id.'
	323	GROUP BY ui.user_id
	324	;';
[11356]	325	list($counter) = pwg_db_fetch_row(pwg_query($query));
	326	if ($counter != 1)
[6510]	327	{
	328	create_user_infos($user_id);
	329	}
[808]	330	}
[1068]	331
[11356]	332	// retrieve user info
	333	$query = '
	334	SELECT
	335	ui.*,
	336	uc.*,
	337	t.name AS theme_name
	338	FROM '.USER_INFOS_TABLE.' AS ui
	339	LEFT JOIN '.USER_CACHE_TABLE.' AS uc ON ui.user_id = uc.user_id
	340	LEFT JOIN '.THEMES_TABLE.' AS t ON t.id = ui.theme
	341	WHERE ui.user_id = '.$user_id.'
	342	;';
	343
	344	$result = pwg_query($query);
	345	$user_infos_row = pwg_db_fetch_assoc($result);
	346
[6315]	347	// then merge basic + additional user data
[18629]	348	$userdata = array_merge($row, $user_infos_row);
[1068]	349
[18629]	350	foreach ($userdata as &$value)
[808]	351	{
[18629]	352	// If the field is true or false, the variable is transformed into a boolean value.
	353	if ($value == 'true')
[808]	354	{
[18629]	355	$value = true;
[808]	356	}
[18629]	357	elseif ($value == 'false')
[808]	358	{
[18629]	359	$value = false;
[808]	360	}
	361	}
[18629]	362	unset($value);
[808]	363
	364	if ($use_cache)
	365	{
	366	if (!isset($userdata['need_update'])
	367	or !is_bool($userdata['need_update'])
[1677]	368	or $userdata['need_update'] == true)
[808]	369	{
[2448]	370	$userdata['cache_update_time'] = time();
	371
	372	// Set need update are done
	373	$userdata['need_update'] = false;
	374
[808]	375	$userdata['forbidden_categories'] =
	376	calculate_permissions($userdata['id'], $userdata['status']);
	377
[2084]	378	/* now we build the list of forbidden images (this list does not contain
	379	images that are not in at least an authorized category)*/
	380	$query = '
	381	SELECT DISTINCT(id)
	382	FROM '.IMAGES_TABLE.' INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id=image_id
	383	WHERE category_id NOT IN ('.$userdata['forbidden_categories'].')
	384	AND level>'.$userdata['level'];
	385	$forbidden_ids = array_from_query($query, 'id');
	386
	387	if ( empty($forbidden_ids) )
	388	{
[13074]	389	$forbidden_ids[] = 0;
[2084]	390	}
	391	$userdata['image_access_type'] = 'NOT IN'; //TODO maybe later
	392	$userdata['image_access_list'] = implode(',',$forbidden_ids);
	393
[1624]	394
[1081]	395	$query = '
	396	SELECT COUNT(DISTINCT(image_id)) as total
	397	FROM '.IMAGE_CATEGORY_TABLE.'
	398	WHERE category_id NOT IN ('.$userdata['forbidden_categories'].')
[3622]	399	AND image_id '.$userdata['image_access_type'].' ('.$userdata['image_access_list'].')';
[4325]	400	list($userdata['nb_total_images']) = pwg_db_fetch_row(pwg_query($query));
[1081]	401
[3622]	402
	403	// now we update user cache categories
	404	$user_cache_cats = get_computed_categories($userdata, null);
	405	if ( !is_admin($userdata['status']) )
	406	{ // for non admins we forbid categories with no image (feature 1053)
[23075]	407	$uppercats_of = null;
[3622]	408	$forbidden_ids = array();
[3640]	409	foreach ($user_cache_cats as $cat)
[3622]	410	{
	411	if ($cat['count_images']==0)
	412	{
[13074]	413	$forbidden_ids[] = $cat['cat_id'];
[3640]	414	unset( $user_cache_cats[$cat['cat_id']] );
[23075]	415
	416	if (empty($uppercats_of))
	417	{
	418	$query = '
	419	SELECT
	420	id,
	421	uppercats
	422	FROM '.CATEGORIES_TABLE.'
	423	;';
	424	$uppercats_of = simple_hash_from_query($query, 'id', 'uppercats');
	425	}
	426
	427	// if child album is removed, we must decrease the number of
	428	// sub-albums of all parent albums (to the root)
	429	if (isset($uppercats_of[$cat['cat_id']]))
	430	{
	431	foreach (explode(',', $uppercats_of[$cat['cat_id']]) as $id)
	432	{
	433	// the last $id is the current album removed, it will always
	434	// fail the following condition because it was removed a few
	435	// lines before.
	436	if (isset($user_cache_cats[$id]))
	437	{
	438	$user_cache_cats[$id]['count_categories']--;
	439	}
	440	}
	441	}
[3622]	442	}
	443	}
	444	if ( !empty($forbidden_ids) )
	445	{
	446	if ( empty($userdata['forbidden_categories']) )
	447	{
	448	$userdata['forbidden_categories'] = implode(',', $forbidden_ids);
	449	}
	450	else
	451	{
	452	$userdata['forbidden_categories'] .= ','.implode(',', $forbidden_ids);
	453	}
	454	}
	455	}
	456
	457	// delete user cache
	458	$query = '
	459	DELETE FROM '.USER_CACHE_CATEGORIES_TABLE.'
	460	WHERE user_id = '.$userdata['id'];
	461	pwg_query($query);
	462
[12748]	463	// Due to concurrency issues, we ask MySQL to ignore errors on
	464	// insert. This may happen when cache needs refresh and that Piwigo is
	465	// called "very simultaneously".
[3622]	466	mass_inserts
	467	(
	468	USER_CACHE_CATEGORIES_TABLE,
	469	array
	470	(
	471	'user_id', 'cat_id',
	472	'date_last', 'max_date_last', 'nb_images', 'count_images', 'count_categories'
	473	),
[12748]	474	$user_cache_cats,
	475	array('ignore' => true)
[3622]	476	);
	477
	478
[808]	479	// update user cache
	480	$query = '
	481	DELETE FROM '.USER_CACHE_TABLE.'
[3622]	482	WHERE user_id = '.$userdata['id'];
[808]	483	pwg_query($query);
[1068]	484
[12748]	485	// for the same reason as user_cache_categories, we ignore error on
	486	// this insert
[808]	487	$query = '
[12748]	488	INSERT IGNORE INTO '.USER_CACHE_TABLE.'
[2448]	489	(user_id, need_update, cache_update_time, forbidden_categories, nb_total_images,
[2084]	490	image_access_type, image_access_list)
[808]	491	VALUES
[2448]	492	('.$userdata['id'].',\''.boolean_to_string($userdata['need_update']).'\','
	493	.$userdata['cache_update_time'].',\''
[4367]	494	.$userdata['forbidden_categories'].'\','.$userdata['nb_total_images'].',\''
	495	.$userdata['image_access_type'].'\',\''.$userdata['image_access_list'].'\')';
[808]	496	pwg_query($query);
	497	}
	498	}
	499
	500	return $userdata;
[393]	501	}
[647]	502
	503	/*
	504	* deletes favorites of the current user if he's not allowed to see them
	505	*
	506	* @return void
	507	*/
	508	function check_user_favorites()
	509	{
	510	global $user;
	511
	512	if ($user['forbidden_categories'] == '')
	513	{
	514	return;
	515	}
[832]	516
[1677]	517	// $filter['visible_categories'] and $filter['visible_images']
	518	// must be not used because filter <> restriction
[832]	519	// retrieving images allowed : belonging to at least one authorized
	520	// category
[647]	521	$query = '
[832]	522	SELECT DISTINCT f.image_id
[647]	523	FROM '.FAVORITES_TABLE.' AS f INNER JOIN '.IMAGE_CATEGORY_TABLE.' AS ic
	524	ON f.image_id = ic.image_id
	525	WHERE f.user_id = '.$user['id'].'
[1677]	526	'.get_sql_condition_FandF
	527	(
	528	array
	529	(
	530	'forbidden_categories' => 'ic.category_id',
	531	),
	532	'AND'
	533	).'
[647]	534	;';
[13074]	535	$authorizeds = array_from_query($query, 'image_id');
[647]	536
[832]	537	$query = '
	538	SELECT image_id
	539	FROM '.FAVORITES_TABLE.'
	540	WHERE user_id = '.$user['id'].'
	541	;';
[13074]	542	$favorites = array_from_query($query, 'image_id');
[832]	543
	544	$to_deletes = array_diff($favorites, $authorizeds);
	545	if (count($to_deletes) > 0)
	546	{
[647]	547	$query = '
	548	DELETE FROM '.FAVORITES_TABLE.'
[832]	549	WHERE image_id IN ('.implode(',', $to_deletes).')
[647]	550	AND user_id = '.$user['id'].'
	551	;';
	552	pwg_query($query);
	553	}
	554	}
[648]	555
	556	/**
[808]	557	* calculates the list of forbidden categories for a given user
[648]	558	*
[808]	559	* Calculation is based on private categories minus categories authorized to
	560	* the groups the user belongs to minus the categories directly authorized
	561	* to the user. The list contains at least -1 to be compliant with queries
	562	* such as "WHERE category_id NOT IN ($forbidden_categories)"
[648]	563	*
	564	* @param int user_id
[680]	565	* @param string user_status
[648]	566	* @return string forbidden_categories
	567	*/
[680]	568	function calculate_permissions($user_id, $user_status)
[648]	569	{
	570	$query = '
	571	SELECT id
	572	FROM '.CATEGORIES_TABLE.'
	573	WHERE status = \'private\'
	574	;';
[13074]	575	$private_array = array_from_query($query, 'id');
[680]	576
[648]	577	// retrieve category ids directly authorized to the user
	578	$query = '
	579	SELECT cat_id
	580	FROM '.USER_ACCESS_TABLE.'
	581	WHERE user_id = '.$user_id.'
	582	;';
[808]	583	$authorized_array = array_from_query($query, 'cat_id');
[648]	584
	585	// retrieve category ids authorized to the groups the user belongs to
	586	$query = '
	587	SELECT cat_id
	588	FROM '.USER_GROUP_TABLE.' AS ug INNER JOIN '.GROUP_ACCESS_TABLE.' AS ga
	589	ON ug.group_id = ga.group_id
	590	WHERE ug.user_id = '.$user_id.'
	591	;';
[808]	592	$authorized_array =
	593	array_merge(
	594	$authorized_array,
	595	array_from_query($query, 'cat_id')
	596	);
[648]	597
	598	// uniquify ids : some private categories might be authorized for the
	599	// groups and for the user
	600	$authorized_array = array_unique($authorized_array);
	601
	602	// only unauthorized private categories are forbidden
	603	$forbidden_array = array_diff($private_array, $authorized_array);
	604
[1117]	605	// if user is not an admin, locked categories are forbidden
[1851]	606	if (!is_admin($user_status))
[1117]	607	{
	608	$query = '
	609	SELECT id
	610	FROM '.CATEGORIES_TABLE.'
	611	WHERE visible = \'false\'
	612	;';
	613	$result = pwg_query($query);
[4325]	614	while ($row = pwg_db_fetch_assoc($result))
[1117]	615	{
[13074]	616	$forbidden_array[] = $row['id'];
[1117]	617	}
	618	$forbidden_array = array_unique($forbidden_array);
	619	}
[1068]	620
[1117]	621	if ( empty($forbidden_array) )
[1331]	622	{// at least, the list contains 0 value. This category does not exists so
	623	// where clauses such as "WHERE category_id NOT IN(0)" will always be
[1117]	624	// true.
[13074]	625	$forbidden_array[] = 0;
[1117]	626	}
	627
[808]	628	return implode(',', $forbidden_array);
[648]	629	}
[708]	630
	631	/**
[1677]	632	* compute data of categories branches (one branch only)
[1624]	633	*/
[1640]	634	function compute_branch_cat_data(&$cats, &$list_cat_id, &$level, &$ref_level)
[1624]	635	{
[1640]	636	$date = '';
	637	$count_images = 0;
	638	$count_categories = 0;
	639	do
[1624]	640	{
[1640]	641	$cat_id = array_pop($list_cat_id);
	642	if (!is_null($cat_id))
[1624]	643	{
[1640]	644	// Count images and categories
	645	$cats[$cat_id]['count_images'] += $count_images;
	646	$cats[$cat_id]['count_categories'] += $count_categories;
	647	$count_images = $cats[$cat_id]['count_images'];
	648	$count_categories = $cats[$cat_id]['count_categories'] + 1;
	649
	650	if ((empty($cats[$cat_id]['max_date_last'])) or ($cats[$cat_id]['max_date_last'] < $date))
[1624]	651	{
[1640]	652	$cats[$cat_id]['max_date_last'] = $date;
[1624]	653	}
	654	else
	655	{
[1640]	656	$date = $cats[$cat_id]['max_date_last'];
[1624]	657	}
[1640]	658	$ref_level = substr_count($cats[$cat_id]['global_rank'], '.') + 1;
	659	}
	660	else
[1624]	661	{
[1640]	662	$ref_level = 0;
[1624]	663	}
[1640]	664	} while ($level <= $ref_level);
	665
	666	// Last cat updating must be added to list for next branch
	667	if ($ref_level <> 0)
	668	{
[18629]	669	$list_cat_id[] = $cat_id;
[1624]	670	}
[1640]	671	}
[1624]	672
[1640]	673	/**
[1677]	674	* compute data of categories branches
[1640]	675	*/
[1677]	676	function compute_categories_data(&$cats)
[1640]	677	{
[1677]	678	$ref_level = 0;
	679	$level = 0;
	680	$list_cat_id = array();
[1624]	681
[1677]	682	foreach ($cats as $id => $category)
[1624]	683	{
[1677]	684	// Compute
	685	$level = substr_count($category['global_rank'], '.') + 1;
	686	if ($level > $ref_level)
	687	{
[18629]	688	$list_cat_id[] = $id;
[1677]	689	}
	690	else
	691	{
	692	compute_branch_cat_data($cats, $list_cat_id, $level, $ref_level);
[18629]	693	$list_cat_id[] = $id;
[1677]	694	}
	695	$ref_level = $level;
[1624]	696	}
[1651]	697
[1677]	698	$level = 1;
	699	compute_branch_cat_data($cats, $list_cat_id, $level, $ref_level);
	700	}
[1651]	701
[1677]	702	/**
	703	* get computed array of categories
	704	*
[1860]	705	* @param array userdata
	706	* @param int filter_days number of recent days to filter on or null
[1677]	707	* @return array
	708	*/
[1860]	709	function get_computed_categories($userdata, $filter_days=null)
[1677]	710	{
[6652]	711	$query = 'SELECT c.id AS cat_id, global_rank';
[2084]	712	// Count by date_available to avoid count null
	713	$query .= ',
[6652]	714	MAX(date_available) AS date_last, COUNT(date_available) AS nb_images
[2084]	715	FROM '.CATEGORIES_TABLE.' as c
	716	LEFT JOIN '.IMAGE_CATEGORY_TABLE.' AS ic ON ic.category_id = c.id
	717	LEFT JOIN '.IMAGES_TABLE.' AS i
	718	ON ic.image_id = i.id
	719	AND i.level<='.$userdata['level'];
	720
	721	if ( isset($filter_days) )
[1651]	722	{
[4367]	723	$query .= ' AND i.date_available > '.pwg_db_get_recent_period_expression($filter_days);
[1651]	724	}
	725
[1860]	726	if ( !empty($userdata['forbidden_categories']) )
[1651]	727	{
	728	$query.= '
[1860]	729	WHERE c.id NOT IN ('.$userdata['forbidden_categories'].')';
[1651]	730	}
	731
[2324]	732	$query.= '
[4385]	733	GROUP BY c.id, c.global_rank';
[1624]	734
	735	$result = pwg_query($query);
	736
	737	$cats = array();
[4325]	738	while ($row = pwg_db_fetch_assoc($result))
[1624]	739	{
[1860]	740	$row['user_id'] = $userdata['id'];
[1641]	741	$row['count_categories'] = 0;
[2324]	742	$row['count_images'] = (int)$row['nb_images'];
	743	$row['max_date_last'] = $row['date_last'];
[1860]	744
[1624]	745	$cats += array($row['cat_id'] => $row);
	746	}
[3642]	747	uasort($cats, 'global_rank_compare');
[1624]	748
[1677]	749	compute_categories_data($cats);
[1624]	750
[1860]	751	if ( isset($filter_days) )
[1624]	752	{
[1651]	753	$cat_tmp = $cats;
	754	$cats = array();
[1860]	755
[1677]	756	foreach ($cat_tmp as $category)
[1651]	757	{
[1677]	758	if (!empty($category['max_date_last']))
[1651]	759	{
[1677]	760	// Re-init counters
	761	$category['count_categories'] = 0;
[2324]	762	$category['count_images'] = (int)$category['nb_images'];
[1677]	763	// Keep category
	764	$cats[$category['cat_id']] = $category;
[1651]	765	}
	766	}
[1677]	767	// Compute a second time
	768	compute_categories_data($cats);
[1651]	769	}
[1677]	770	return $cats;
	771	}
	772
	773	/**
[808]	774	* returns user identifier thanks to his name, false if not found
	775	*
	776	* @param string username
	777	* @param int user identifier
	778	*/
	779	function get_userid($username)
	780	{
	781	global $conf;
	782
[4325]	783	$username = pwg_db_real_escape_string($username);
[808]	784
	785	$query = '
	786	SELECT '.$conf['user_fields']['id'].'
	787	FROM '.USERS_TABLE.'
	788	WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
	789	;';
	790	$result = pwg_query($query);
	791
[4325]	792	if (pwg_db_num_rows($result) == 0)
[808]	793	{
	794	return false;
	795	}
	796	else
	797	{
[4325]	798	list($user_id) = pwg_db_fetch_row($result);
[808]	799	return $user_id;
	800	}
	801	}
	802
[11992]	803	function get_userid_by_email($email)
	804	{
	805	global $conf;
	806
	807	$email = pwg_db_real_escape_string($email);
[13074]	808
[11992]	809	$query = '
	810	SELECT
	811	'.$conf['user_fields']['id'].'
	812	FROM '.USERS_TABLE.'
	813	WHERE UPPER('.$conf['user_fields']['email'].') = UPPER(\''.$email.'\')
	814	;';
	815	$result = pwg_query($query);
	816
	817	if (pwg_db_num_rows($result) == 0)
	818	{
	819	return false;
	820	}
	821	else
	822	{
	823	list($user_id) = pwg_db_fetch_row($result);
	824	return $user_id;
	825	}
	826	}
	827
[1926]	828	/*
	829	* Returns a array with default user value
[808]	830	*
[1926]	831	* @param convert_str allows to convert string value if necessary
[808]	832	*/
[1926]	833	function get_default_user_info($convert_str = true)
[808]	834	{
[3126]	835	global $cache, $conf;
[2084]	836
[3126]	837	if (!isset($cache['default_user']))
[1926]	838	{
[20545]	839	$query = '
	840	SELECT *
	841	FROM '.USER_INFOS_TABLE.'
	842	WHERE user_id = '.$conf['default_user_id'].'
	843	;';
[1068]	844
[1926]	845	$result = pwg_query($query);
[2084]	846
[20545]	847	if (pwg_db_num_rows($result) > 0)
[1930]	848	{
[20545]	849	$cache['default_user'] = pwg_db_fetch_assoc($result);
	850
[3126]	851	unset($cache['default_user']['user_id']);
	852	unset($cache['default_user']['status']);
	853	unset($cache['default_user']['registration_date']);
[1930]	854	}
[20545]	855	else
	856	{
	857	$cache['default_user'] = false;
	858	}
[1926]	859	}
[808]	860
[3126]	861	if (is_array($cache['default_user']) and $convert_str)
[1284]	862	{
[18629]	863	$default_user = $cache['default_user'];
	864	foreach ($default_user as &$value)
[1926]	865	{
[18629]	866	// If the field is true or false, the variable is transformed into a boolean value.
	867	if ($value == 'true')
[1926]	868	{
[18629]	869	$value = true;
[1926]	870	}
[18629]	871	elseif ($value == 'false')
[1926]	872	{
[18629]	873	$value = false;
[1926]	874	}
	875	}
	876	return $default_user;
[1284]	877	}
[1926]	878	else
[1284]	879	{
[3126]	880	return $cache['default_user'];
[1284]	881	}
[1926]	882	}
	883
	884	/*
	885	* Returns a default user value
	886	*
	887	* @param value_name: name of value
	888	* @param sos_value: value used if don't exist value
	889	*/
	890	function get_default_user_value($value_name, $sos_value)
	891	{
	892	$default_user = get_default_user_info(true);
[5271]	893	if ($default_user === false or empty($default_user[$value_name]))
[1926]	894	{
	895	return $sos_value;
	896	}
[1284]	897	else
	898	{
[1926]	899	return $default_user[$value_name];
[1284]	900	}
[1926]	901	}
[1567]	902
[1926]	903	/*
	904	* Returns the default template value
	905	*
	906	*/
[5123]	907	function get_default_theme()
[1926]	908	{
[5982]	909	$theme = get_default_user_value('theme', PHPWG_DEFAULT_TEMPLATE);
	910	if (check_theme_installed($theme))
	911	{
	912	return $theme;
	913	}
[13074]	914
[5982]	915	// let's find the first available theme
	916	$active_themes = get_pwg_themes();
	917	foreach (array_keys(get_pwg_themes()) as $theme_id)
	918	{
[12670]	919	return $theme_id;
[5982]	920	}
[1926]	921	}
[808]	922
[1926]	923	/*
	924	* Returns the default language value
	925	*
	926	*/
	927	function get_default_language()
	928	{
[2425]	929	return get_default_user_value('language', PHPWG_DEFAULT_LANGUAGE);
[808]	930	}
[817]	931
	932	/**
[2425]	933	* Returns true if the browser language value is set into param $lang
[2411]	934	*
	935	*/
[2425]	936	function get_browser_language(&$lang)
[2411]	937	{
[2572]	938	$browser_language = substr(@$_SERVER["HTTP_ACCEPT_LANGUAGE"], 0, 2);
[2411]	939	foreach (get_languages() as $language_code => $language_name)
	940	{
	941	if (substr($language_code, 0, 2) == $browser_language)
	942	{
[2425]	943	$lang = $language_code;
	944	return true;
[2411]	945	}
	946	}
[2425]	947	return false;
[2411]	948	}
	949
	950	/**
[1926]	951	* add user informations based on default values
	952	*
	953	* @param int user_id / array of user_if
[1930]	954	* @param array of values used to override default user values
[1926]	955	*/
[1930]	956	function create_user_infos($arg_id, $override_values = null)
[1926]	957	{
	958	global $conf;
	959
	960	if (is_array($arg_id))
	961	{
	962	$user_ids = $arg_id;
	963	}
	964	else
	965	{
	966	$user_ids = array();
[2229]	967	if (is_numeric($arg_id))
[1926]	968	{
	969	$user_ids[] = $arg_id;
	970	}
	971	}
	972
	973	if (!empty($user_ids))
	974	{
	975	$inserts = array();
[4325]	976	list($dbnow) = pwg_db_fetch_row(pwg_query('SELECT NOW();'));
[1926]	977
	978	$default_user = get_default_user_info(false);
	979	if ($default_user === false)
	980	{
	981	// Default on structure are used
	982	$default_user = array();
	983	}
	984
[1930]	985	if (!is_null($override_values))
	986	{
	987	$default_user = array_merge($default_user, $override_values);
	988	}
	989
[1926]	990	foreach ($user_ids as $user_id)
	991	{
[2084]	992	$level= isset($default_user['level']) ? $default_user['level'] : 0;
[1926]	993	if ($user_id == $conf['webmaster_id'])
	994	{
	995	$status = 'webmaster';
[2084]	996	$level = max( $conf['available_permission_levels'] );
[1926]	997	}
[2084]	998	else if (($user_id == $conf['guest_id']) or
[1926]	999	($user_id == $conf['default_user_id']))
	1000	{
	1001	$status = 'guest';
	1002	}
	1003	else
	1004	{
	1005	$status = 'normal';
	1006	}
	1007
[1930]	1008	$insert = array_merge(
	1009	$default_user,
[1926]	1010	array(
	1011	'user_id' => $user_id,
	1012	'status' => $status,
[2084]	1013	'registration_date' => $dbnow,
	1014	'level' => $level
[1930]	1015	));
[1926]	1016
[18629]	1017	$inserts[] = $insert;
[2084]	1018	}
[1926]	1019
	1020	mass_inserts(USER_INFOS_TABLE, array_keys($inserts[0]), $inserts);
	1021	}
	1022	}
	1023
	1024	/**
[1622]	1025	* returns the auto login key or false on error
	1026	* @param int user_id
[2411]	1027	* @param time_t time
[1744]	1028	* @param string [out] username
[1622]	1029	*/
[2409]	1030	function calculate_auto_login_key($user_id, $time, &$username)
[1622]	1031	{
	1032	global $conf;
	1033	$query = '
	1034	SELECT '.$conf['user_fields']['username'].' AS username
	1035	, '.$conf['user_fields']['password'].' AS password
	1036	FROM '.USERS_TABLE.'
	1037	WHERE '.$conf['user_fields']['id'].' = '.$user_id;
	1038	$result = pwg_query($query);
[4325]	1039	if (pwg_db_num_rows($result) > 0)
[1622]	1040	{
[4325]	1041	$row = pwg_db_fetch_assoc($result);
[4304]	1042	$username = stripslashes($row['username']);
[11826]	1043	$data = $time.$user_id.$username;
	1044	$key = base64_encode( hash_hmac('sha1', $data, $conf['secret_key'].$row['password'],true) );
[1622]	1045	return $key;
	1046	}
	1047	return false;
	1048	}
	1049
[1068]	1050	/*
	1051	* Performs all required actions for user login
	1052	* @param int user_id
	1053	* @param bool remember_me
	1054	* @return void
	1055	*/
	1056	function log_user($user_id, $remember_me)
	1057	{
[1511]	1058	global $conf, $user;
[1493]	1059
[1641]	1060	if ($remember_me and $conf['authorize_remembering'])
[1068]	1061	{
[2409]	1062	$now = time();
	1063	$key = calculate_auto_login_key($user_id, $now, $username);
[1622]	1064	if ($key!==false)
[1493]	1065	{
[2409]	1066	$cookie = $user_id.'-'.$now.'-'.$key;
[2757]	1067	if (version_compare(PHP_VERSION, '5.2', '>=') )
	1068	{
	1069	setcookie($conf['remember_me_name'],
[2409]	1070	$cookie,
[2029]	1071	time()+$conf['remember_me_length'],
[2757]	1072	cookie_path(),ini_get('session.cookie_domain'),ini_get('session.cookie_secure'),
	1073	ini_get('session.cookie_httponly')
[2029]	1074	);
[2757]	1075	}
	1076	else
	1077	{
	1078	setcookie($conf['remember_me_name'],
	1079	$cookie,
	1080	time()+$conf['remember_me_length'],
	1081	cookie_path(),ini_get('session.cookie_domain'),ini_get('session.cookie_secure')
	1082	);
	1083	}
[2029]	1084	}
[1068]	1085	}
[1568]	1086	else
	1087	{ // make sure we clean any remember me ...
[2757]	1088	setcookie($conf['remember_me_name'], '', 0, cookie_path(),ini_get('session.cookie_domain'));
[1568]	1089	}
	1090	if ( session_id()!="" )
[1622]	1091	{ // we regenerate the session for security reasons
	1092	// see http://www.acros.si/papers/session_fixation.pdf
[6660]	1093	session_regenerate_id(true);
[1568]	1094	}
	1095	else
	1096	{
	1097	session_start();
	1098	}
[1622]	1099	$_SESSION['pwg_uid'] = (int)$user_id;
[1511]	1100
	1101	$user['id'] = $_SESSION['pwg_uid'];
[20282]	1102	trigger_action('user_login', $user['id']);
[1068]	1103	}
	1104
[1070]	1105	/*
[1511]	1106	* Performs auto-connexion when cookie remember_me exists
[1568]	1107	* @return true/false
[1511]	1108	*/
[1567]	1109	function auto_login() {
[1511]	1110	global $conf;
	1111
[1568]	1112	if ( isset( $_COOKIE[$conf['remember_me_name']] ) )
	1113	{
[2409]	1114	$cookie = explode('-', stripslashes($_COOKIE[$conf['remember_me_name']]));
[2411]	1115	if ( count($cookie)===3
[2409]	1116	and is_numeric(@$cookie[0]) /user id/
	1117	and is_numeric(@$cookie[1]) /time/
	1118	and time()-$conf['remember_me_length']<=@$cookie[1]
	1119	and time()>=@$cookie[1] /cookie generated in the past/ )
[1568]	1120	{
[2409]	1121	$key = calculate_auto_login_key( $cookie[0], $cookie[1], $username );
	1122	if ($key!==false and $key===$cookie[2])
[1622]	1123	{
[2409]	1124	log_user($cookie[0], true);
[4304]	1125	trigger_action('login_success', stripslashes($username));
[1622]	1126	return true;
	1127	}
[1568]	1128	}
[2757]	1129	setcookie($conf['remember_me_name'], '', 0, cookie_path(),ini_get('session.cookie_domain'));
[1511]	1130	}
[1568]	1131	return false;
[1511]	1132	}
	1133
[1744]	1134	/**
[18889]	1135	* hashes a password, with the PasswordHash class from phpass security
	1136	* library. We use an "pwg_" prefix because function password_hash is
	1137	* planned for PHP 5.5. Code inspired from Wordpress.
	1138	*
	1139	* @param string $password Plain text user password to hash
	1140	* @return string The hash string of the password
	1141	*/
	1142	function pwg_password_hash($password)
	1143	{
	1144	global $pwg_hasher;
	1145
	1146	if (empty($pwg_hasher))
	1147	{
	1148	require_once(PHPWG_ROOT_PATH.'include/passwordhash.class.php');
	1149
	1150	// We use the portable hash feature from phpass because we can't be sure
	1151	// Piwigo runs on PHP 5.3+ (and won't run on an older version in the
	1152	// future)
	1153	$pwg_hasher = new PasswordHash(13, true);
	1154	}
	1155
	1156	return $pwg_hasher->HashPassword($password);
	1157	}
	1158
	1159	/**
	1160	* Verifies a password, with the PasswordHash class from phpass security
	1161	* library. We use an "pwg_" prefix because function password_verify is
	1162	* planned for PHP 5.5. Code inspired from Wordpress.
	1163	*
	1164	* @param string $password Plain text user password to hash
	1165	* @param string $hash may be md5 or phpass hashed password
	1166	* @param integer $account_id only useful to update password hash from md5 to phpass
	1167	* @return string The hash string of the password
	1168	*/
	1169	function pwg_password_verify($password, $hash, $user_id=null)
	1170	{
	1171	global $conf, $pwg_hasher;
	1172
[18890]	1173	// If the password has not been hashed with the current algorithm.
[25634]	1174	if (strpos($hash, '$P') !== 0)
[18889]	1175	{
[18890]	1176	if (!empty($conf['pass_convert']))
	1177	{
	1178	$check = ($hash == $conf['pass_convert']($password));
	1179	}
	1180	else
	1181	{
	1182	$check = ($hash == md5($password));
	1183	}
[18889]	1184
[21236]	1185	if ($check)
[18889]	1186	{
[21236]	1187	if (!isset($user_id) or $conf['external_authentification'])
	1188	{
	1189	return true;
	1190	}
	1191
[18889]	1192	// Rehash using new hash.
	1193	$hash = pwg_password_hash($password);
	1194
	1195	single_update(
	1196	USERS_TABLE,
	1197	array('password' => $hash),
	1198	array('id' => $user_id)
	1199	);
	1200	}
	1201	}
	1202
	1203	// If the stored hash is longer than an MD5, presume the
	1204	// new style phpass portable hash.
	1205	if (empty($pwg_hasher))
	1206	{
	1207	require_once(PHPWG_ROOT_PATH.'include/passwordhash.class.php');
	1208
	1209	// We use the portable hash feature
	1210	$pwg_hasher = new PasswordHash(13, true);
	1211	}
	1212
	1213	return $pwg_hasher->CheckPassword($password, $hash);
	1214	}
	1215
	1216	/**
[1744]	1217	* Tries to login a user given username and password (must be MySql escaped)
	1218	* return true on success
	1219	*/
	1220	function try_log_user($username, $password, $remember_me)
	1221	{
[20282]	1222	return trigger_event('try_log_user', false, $username, $password, $remember_me);
	1223	}
	1224
	1225	add_event_handler('try_log_user', 'pwg_login', EVENT_HANDLER_PRIORITY_NEUTRAL, 4);
	1226
	1227	function pwg_login($success, $username, $password, $remember_me)
	1228	{
	1229	if ($success===true)
	1230	{
	1231	return true;
	1232	}
	1233
[11737]	1234	// we force the session table to be clean
	1235	pwg_session_gc();
[13074]	1236
[1744]	1237	global $conf;
	1238	// retrieving the encrypted password of the login submitted
	1239	$query = '
	1240	SELECT '.$conf['user_fields']['id'].' AS id,
	1241	'.$conf['user_fields']['password'].' AS password
	1242	FROM '.USERS_TABLE.'
[4367]	1243	WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\'
[1744]	1244	;';
[4325]	1245	$row = pwg_db_fetch_assoc(pwg_query($query));
[18889]	1246	if ($conf['password_verify']($password, $row['password'], $row['id']))
[1744]	1247	{
	1248	log_user($row['id'], $remember_me);
[4304]	1249	trigger_action('login_success', stripslashes($username));
[1744]	1250	return true;
	1251	}
[4304]	1252	trigger_action('login_failure', stripslashes($username));
[1744]	1253	return false;
	1254	}
	1255
[2757]	1256	/** Performs all the cleanup on user logout */
	1257	function logout_user()
	1258	{
	1259	global $conf;
[20282]	1260
	1261	trigger_action('user_logout', @$_SESSION['pwg_uid']);
	1262
[2757]	1263	$_SESSION = array();
	1264	session_unset();
	1265	session_destroy();
	1266	setcookie(session_name(),'',0,
	1267	ini_get('session.cookie_path'),
	1268	ini_get('session.cookie_domain')
	1269	);
	1270	setcookie($conf['remember_me_name'], '', 0, cookie_path(),ini_get('session.cookie_domain'));
	1271	}
	1272
[1511]	1273	/*
[2029]	1274	* Return user status used in this library
	1275	* @return string
[1070]	1276	*/
[2029]	1277	function get_user_status($user_status)
[1070]	1278	{
[2029]	1279	global $user;
[1072]	1280
[1854]	1281	if (empty($user_status))
[1075]	1282	{
[1854]	1283	if (isset($user['status']))
	1284	{
	1285	$user_status = $user['status'];
	1286	}
	1287	else
	1288	{
	1289	// swicth to default value
	1290	$user_status = '';
	1291	}
[1075]	1292	}
[2029]	1293	return $user_status;
	1294	}
[1075]	1295
[2029]	1296	/*
[2325]	1297	* Return access_type definition of user
[2029]	1298	* Test does with user status
	1299	* @return bool
	1300	*/
	1301	function get_access_type_status($user_status='')
	1302	{
	1303	global $conf;
	1304
	1305	switch (get_user_status($user_status))
[1072]	1306	{
[1075]	1307	case 'guest':
[1851]	1308	{
[1854]	1309	$access_type_status =
[2325]	1310	($conf['guest_access'] ? ACCESS_GUEST : ACCESS_FREE);
[1851]	1311	break;
	1312	}
[1075]	1313	case 'generic':
[1072]	1314	{
[1075]	1315	$access_type_status = ACCESS_GUEST;
	1316	break;
[1072]	1317	}
[1075]	1318	case 'normal':
	1319	{
	1320	$access_type_status = ACCESS_CLASSIC;
	1321	break;
	1322	}
	1323	case 'admin':
	1324	{
	1325	$access_type_status = ACCESS_ADMINISTRATOR;
	1326	break;
	1327	}
	1328	case 'webmaster':
	1329	{
	1330	$access_type_status = ACCESS_WEBMASTER;
	1331	break;
	1332	}
[2221]	1333	default:
[1854]	1334	{
[2325]	1335	$access_type_status = ACCESS_FREE;
[2221]	1336	break;
[1854]	1337	}
[1072]	1338	}
	1339
[1085]	1340	return $access_type_status;
[1070]	1341	}
	1342
[1072]	1343	/*
[1085]	1344	* Return if user have access to access_type definition
	1345	* Test does with user status
	1346	* @return bool
	1347	*/
[1851]	1348	function is_autorize_status($access_type, $user_status = '')
[1085]	1349	{
[1851]	1350	return (get_access_type_status($user_status) >= $access_type);
[1085]	1351	}
	1352
	1353	/*
	1354	* Check if user have access to access_type definition
[1072]	1355	* Stop action if there are not access
	1356	* Test does with user status
	1357	* @return none
	1358	*/
[1851]	1359	function check_status($access_type, $user_status = '')
[1072]	1360	{
[1851]	1361	if (!is_autorize_status($access_type, $user_status))
[1072]	1362	{
[1113]	1363	access_denied();
[1072]	1364	}
	1365	}
	1366
	1367	/*
[2163]	1368	* Return if user is generic
[1072]	1369	* @return bool
	1370	*/
[2163]	1371	function is_generic($user_status = '')
[2029]	1372	{
[2163]	1373	return get_user_status($user_status) == 'generic';
[2029]	1374	}
	1375
	1376	/*
[2163]	1377	* Return if user is only a guest
[2161]	1378	* @return bool
	1379	*/
[2163]	1380	function is_a_guest($user_status = '')
[2161]	1381	{
[2163]	1382	return get_user_status($user_status) == 'guest';
[2161]	1383	}
[2163]	1384
[2161]	1385	/*
[2029]	1386	* Return if user is, at least, a classic user
	1387	* @return bool
	1388	*/
	1389	function is_classic_user($user_status = '')
	1390	{
	1391	return is_autorize_status(ACCESS_CLASSIC, $user_status);
	1392	}
	1393
	1394	/*
	1395	* Return if user is, at least, an administrator
	1396	* @return bool
	1397	*/
[1851]	1398	function is_admin($user_status = '')
[1072]	1399	{
[1851]	1400	return is_autorize_status(ACCESS_ADMINISTRATOR, $user_status);
[1072]	1401	}
	1402
[1085]	1403	/*
[5272]	1404	* Return if user is, at least, a webmaster
	1405	* @return bool
	1406	*/
	1407	function is_webmaster($user_status = '')
	1408	{
	1409	return is_autorize_status(ACCESS_WEBMASTER, $user_status);
	1410	}
	1411
	1412	/*
[8126]	1413	* Adviser status is depreciated from piwigo 2.2
	1414	* @return false
[1085]	1415	*/
	1416	function is_adviser()
	1417	{
[12339]	1418	// TODO for Piwigo 2.4 : trigger a warning. We don't do it on Piwigo 2.3
	1419	// to avoid changes for plugin contributors
	1420	// trigger_error('call to obsolete function is_adviser', E_USER_WARNING);
[8126]	1421	return false;
[1085]	1422	}
[1458]	1423
	1424	/*
[5195]	1425	* Return if current user can edit/delete/validate a comment
	1426	* @param action edit/delete/validate
[3445]	1427	* @return bool
	1428	*/
[3622]	1429	function can_manage_comment($action, $comment_author_id)
[3445]	1430	{
[5195]	1431	global $user, $conf;
[13074]	1432
[5195]	1433	if (is_a_guest())
	1434	{
[3445]	1435	return false;
	1436	}
[13074]	1437
[5195]	1438	if (!in_array($action, array('delete','edit', 'validate')))
	1439	{
	1440	return false;
	1441	}
	1442
	1443	if (is_admin())
	1444	{
	1445	return true;
	1446	}
	1447
	1448	if ('edit' == $action and $conf['user_can_edit_comment'])
	1449	{
	1450	if ($comment_author_id == $user['id']) {
	1451	return true;
	1452	}
	1453	}
	1454
	1455	if ('delete' == $action and $conf['user_can_delete_comment'])
	1456	{
	1457	if ($comment_author_id == $user['id']) {
	1458	return true;
	1459	}
	1460	}
	1461
	1462	return false;
[3445]	1463	}
	1464
	1465	/*
[1458]	1466	* Return mail address as display text
	1467	* @return string
	1468	*/
	1469	function get_email_address_as_display_text($email_address)
	1470	{
	1471	global $conf;
	1472
[1462]	1473	if (!isset($email_address) or (trim($email_address) == ''))
[1458]	1474	{
[1462]	1475	return '';
[1458]	1476	}
	1477	else
	1478	{
[8126]	1479	return $email_address;
[1458]	1480	}
	1481	}
	1482
[1677]	1483	/*
[1817]	1484	* Compute sql where condition with restrict and filter data. "FandF" means
	1485	* Forbidden and Filters.
[1677]	1486	*
[1817]	1487	* @param array condition_fields: read function body
	1488	* @param string prefix_condition: prefixes sql if condition is not empty
	1489	* @param boolean force_one_condition: use at least "1 = 1"
[1677]	1490	*
	1491	* @return string sql where/conditions
	1492	*/
[1817]	1493	function get_sql_condition_FandF(
	1494	$condition_fields,
	1495	$prefix_condition = null,
	1496	$force_one_condition = false
	1497	)
[1677]	1498	{
	1499	global $user, $filter;
	1500
	1501	$sql_list = array();
	1502
	1503	foreach ($condition_fields as $condition => $field_name)
	1504	{
	1505	switch($condition)
	1506	{
	1507	case 'forbidden_categories':
[1817]	1508	{
[1677]	1509	if (!empty($user['forbidden_categories']))
	1510	{
[1817]	1511	$sql_list[] =
	1512	$field_name.' NOT IN ('.$user['forbidden_categories'].')';
[1677]	1513	}
	1514	break;
[1817]	1515	}
[1677]	1516	case 'visible_categories':
[1817]	1517	{
[1677]	1518	if (!empty($filter['visible_categories']))
	1519	{
[1817]	1520	$sql_list[] =
	1521	$field_name.' IN ('.$filter['visible_categories'].')';
[1677]	1522	}
	1523	break;
[1817]	1524	}
[1677]	1525	case 'visible_images':
	1526	if (!empty($filter['visible_images']))
	1527	{
[1817]	1528	$sql_list[] =
	1529	$field_name.' IN ('.$filter['visible_images'].')';
[1677]	1530	}
[2084]	1531	// note there is no break - visible include forbidden
	1532	case 'forbidden_images':
	1533	if (
	1534	!empty($user['image_access_list'])
	1535	or $user['image_access_type']!='NOT IN'
	1536	)
	1537	{
	1538	$table_prefix=null;
	1539	if ($field_name=='id')
	1540	{
	1541	$table_prefix = '';
	1542	}
	1543	elseif ($field_name=='i.id')
	1544	{
	1545	$table_prefix = 'i.';
	1546	}
	1547	if ( isset($table_prefix) )
	1548	{
	1549	$sql_list[]=$table_prefix.'level<='.$user['level'];
	1550	}
[19333]	1551	else if ( !empty($user['image_access_list']) and !empty($user['image_access_type']) )
[2084]	1552	{
	1553	$sql_list[]=$field_name.' '.$user['image_access_type']
	1554	.' ('.$user['image_access_list'].')';
	1555	}
	1556	}
[1677]	1557	break;
	1558	default:
[1817]	1559	{
[1677]	1560	die('Unknow condition');
	1561	break;
[1817]	1562	}
[1677]	1563	}
	1564	}
	1565
	1566	if (count($sql_list) > 0)
	1567	{
	1568	$sql = '('.implode(' AND ', $sql_list).')';
	1569	}
	1570	else
	1571	{
[2824]	1572	$sql = $force_one_condition ? '1 = 1' : '';
[1677]	1573	}
	1574
	1575	if (isset($prefix_condition) and !empty($sql))
	1576	{
	1577	$sql = $prefix_condition.' '.$sql;
	1578	}
	1579
	1580	return $sql;
	1581	}
	1582
[11992]	1583	/**
	1584	* search an available activation_key
	1585	*
	1586	* @return string
	1587	*/
	1588	function get_user_activation_key()
	1589	{
	1590	while (true)
	1591	{
	1592	$key = generate_key(20);
	1593	$query = '
	1594	SELECT COUNT(*)
	1595	FROM '.USER_INFOS_TABLE.'
	1596	WHERE activation_key = \''.$key.'\'
	1597	;';
	1598	list($count) = pwg_db_fetch_row(pwg_query($query));
	1599	if (0 == $count)
	1600	{
	1601	return $key;
	1602	}
	1603	}
	1604	}
	1605
[12339]	1606	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: