Context Navigation

source: branches/branch-1_4/include/functions_user.inc.php @ 2056

Last change on this file since 2056 was 807, checked in by plg, 19 years ago
bug 133 corrected : Deleting user favorites is too restrictive. Instead of deleting a favorite because it belongs to at least one forbidden category, a favorite is deleted if it belongs to no authorized category (which was the expected behaviour).
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 10.4 KB

Rev	Line
[2]	1	<?php
[362]	2	// +-----------------------------------------------------------------------+
[593]	3	// \| PhpWebGallery - a PHP based picture gallery \|
	4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
[675]	5	// \| Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net \|
[362]	6	// +-----------------------------------------------------------------------+
[593]	7	// \| branch : BSF (Best So Far)
[362]	8	// \| file : $RCSfile$
	9	// \| last update : $Date: 2005-08-07 18:02:48 +0000 (Sun, 07 Aug 2005) $
	10	// \| last modifier : $Author: plg $
	11	// \| revision : $Revision: 807 $
	12	// +-----------------------------------------------------------------------+
	13	// \| This program is free software; you can redistribute it and/or modify \|
	14	// \| it under the terms of the GNU General Public License as published by \|
	15	// \| the Free Software Foundation \|
	16	// \| \|
	17	// \| This program is distributed in the hope that it will be useful, but \|
	18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	20	// \| General Public License for more details. \|
	21	// \| \|
	22	// \| You should have received a copy of the GNU General Public License \|
	23	// \| along with this program; if not, write to the Free Software \|
	24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	25	// \| USA. \|
	26	// +-----------------------------------------------------------------------+
[2]	27
[9]	28	// validate_mail_address verifies whether the given mail address has the
	29	// right format. ie someone@domain.com "someone" can contain ".", "-" or
	30	// even "_". Exactly as "domain". The extension doesn't have to be
	31	// "com". The mail address can also be empty.
	32	// If the mail address doesn't correspond, an error message is returned.
[2]	33	function validate_mail_address( $mail_address )
	34	{
	35	global $lang;
	36
[9]	37	if ( $mail_address == '' )
[2]	38	{
[9]	39	return '';
[2]	40	}
[9]	41	$regex = '/^[\w-]+(\.[\w-]+)@[\w-]+(\.[\w-]+)\.[a-z]+$/';
	42	if ( !preg_match( $regex, $mail_address ) )
	43	{
	44	return $lang['reg_err_mail_address'];
	45	}
[2]	46	}
	47
[661]	48	function register_user($login, $password, $password_conf,
	49	$mail_address, $status = 'guest')
[2]	50	{
[661]	51	global $lang, $conf;
[2]	52
[661]	53	$errors = array();
[9]	54	// login must not
	55	// 1. be empty
	56	// 2. start ou end with space character
	57	// 3. include ' or " characters
	58	// 4. be already used
[661]	59	if ($login == '')
	60	{
	61	array_push($errors, $lang['reg_err_login1']);
	62	}
	63	if (ereg("^.* $", $login))
	64	{
	65	array_push($errors, $lang['reg_err_login2']);
	66	}
	67	if (ereg("^ .*$", $login))
	68	{
	69	array_push($errors, $lang['reg_err_login3']);
	70	}
[345]	71
[661]	72	if (ereg("'", $login) or ereg("\"", $login))
	73	{
	74	array_push($errors, $lang['reg_err_login4']);
	75	}
[2]	76	else
	77	{
[661]	78	$query = '
	79	SELECT id
	80	FROM '.USERS_TABLE.'
	81	WHERE username = \''.$login.'\'
	82	;';
	83	$result = pwg_query($query);
	84	if (mysql_num_rows($result) > 0)
	85	{
	86	array_push($errors, $lang['reg_err_login5']);
	87	}
[2]	88	}
[9]	89	// given password must be the same as the confirmation
[661]	90	if ($password != $password_conf)
	91	{
	92	array_push($errors, $lang['reg_err_pass']);
	93	}
[2]	94
[661]	95	$error_mail_address = validate_mail_address($mail_address);
	96	if ($error_mail_address != '')
	97	{
	98	array_push($errors, $error_mail_address);
	99	}
[9]	100
	101	// if no error until here, registration of the user
[661]	102	if (count($errors) == 0)
[2]	103	{
[661]	104	$insert = array();
	105	$insert['username'] = $login;
	106	$insert['password'] = md5($password);
	107	$insert['status'] = $status;
	108	$insert['template'] = $conf['default_template'];
	109	$insert['nb_image_line'] = $conf['nb_image_line'];
	110	$insert['nb_line_page'] = $conf['nb_line_page'];
	111	$insert['language'] = $conf['default_language'];
	112	$insert['recent_period'] = $conf['recent_period'];
	113	$insert['expand'] = boolean_to_string($conf['auto_expand']);
	114	$insert['show_nb_comments'] = boolean_to_string($conf['show_nb_comments']);
	115	if ( $mail_address != '' )
[2]	116	{
[661]	117	$insert['mail_address'] = $mail_address;
[2]	118	}
[661]	119	if ($conf['default_maxwidth'] != '')
[2]	120	{
[661]	121	$insert['maxwidth'] = $conf['default_maxwidth'];
[2]	122	}
[661]	123	if ($conf['default_maxheight'] != '')
	124	{
	125	$insert['maxheight'] = $conf['default_maxheight'];
[2]	126	}
[661]	127
	128	$query = '
	129	INSERT INTO '.USERS_TABLE.'
	130	('.implode(',', array_keys($insert)).')
	131	VALUES
	132	(';
	133	$is_first = true;
	134	foreach (array_keys($insert) as $field)
	135	{
	136	if (!$is_first)
	137	{
	138	$query.= ',';
	139	}
	140	$query.= "'".$insert[$field]."'";
	141	$is_first = false;
	142	}
	143	$query.= ')
	144	;';
	145	pwg_query($query);
[2]	146	}
[661]	147	return $errors;
[2]	148	}
	149
	150	function update_user( $user_id, $mail_address, $status,
	151	$use_new_password = false, $password = '' )
	152	{
	153	$error = array();
	154	$i = 0;
	155
	156	$error_mail_address = validate_mail_address( $mail_address );
	157	if ( $error_mail_address != '' )
	158	{
	159	$error[$i++] = $error_mail_address;
	160	}
	161
	162	if ( sizeof( $error ) == 0 )
	163	{
[364]	164	$query = 'UPDATE '.USERS_TABLE;
[21]	165	$query.= " SET status = '".$status."'";
[2]	166	if ( $use_new_password )
	167	{
	168	$query.= ", password = '".md5( $password )."'";
	169	}
	170	$query.= ', mail_address = ';
	171	if ( $mail_address != '' )
	172	{
	173	$query.= "'".$mail_address."'";
	174	}
	175	else
	176	{
	177	$query.= 'NULL';
	178	}
[21]	179	$query.= ' WHERE id = '.$user_id;
[2]	180	$query.= ';';
[587]	181	pwg_query( $query );
[2]	182	}
	183	return $error;
	184	}
	185
[631]	186	function check_login_authorization($guest_allowed = true)
[2]	187	{
[653]	188	global $user,$lang,$conf,$template;
[14]	189
[651]	190	if ($user['is_the_guest'] and !$guest_allowed)
[2]	191	{
	192	echo '<div style="text-align:center;">'.$lang['only_members'].'<br />';
	193	echo '<a href="./identification.php">'.$lang['ident_title'].'</a></div>';
	194	exit();
	195	}
[653]	196
	197	if ($conf['gallery_locked'])
	198	{
	199	echo '<div style="text-align:center;">';
	200	echo $lang['gallery_locked_message'];
	201	echo '</div>';
	202	if ($user['status'] != 'admin')
	203	{
	204	exit();
	205	}
	206	}
[2]	207	}
[364]	208
	209	function setup_style($style)
	210	{
[672]	211	return new Template(PHPWG_ROOT_PATH.'template/'.$style);
[364]	212	}
	213
[393]	214	function getuserdata($user)
	215	{
	216	$sql = "SELECT * FROM " . USERS_TABLE;
	217	$sql.= " WHERE ";
	218	$sql .= ( ( is_integer($user) ) ? "id = $user" : "username = '" . str_replace("\'", "''", $user) . "'" ) . " AND id <> " . ANONYMOUS;
[587]	219	$result = pwg_query($sql);
[393]	220	return ( $row = mysql_fetch_array($result) ) ? $row : false;
	221	}
[647]	222
	223	/*
	224	* deletes favorites of the current user if he's not allowed to see them
	225	*
	226	* @return void
	227	*/
	228	function check_user_favorites()
	229	{
	230	global $user;
	231
	232	if ($user['forbidden_categories'] == '')
	233	{
	234	return;
	235	}
[807]	236
	237	// retrieving images allowed : belonging to at least one authorized
	238	// category
[647]	239	$query = '
[807]	240	SELECT DISTINCT f.image_id
[647]	241	FROM '.FAVORITES_TABLE.' AS f INNER JOIN '.IMAGE_CATEGORY_TABLE.' AS ic
	242	ON f.image_id = ic.image_id
	243	WHERE f.user_id = '.$user['id'].'
[807]	244	AND ic.category_id NOT IN ('.$user['forbidden_categories'].')
[647]	245	;';
	246	$result = pwg_query($query);
[807]	247	$authorizeds = array();
[647]	248	while ($row = mysql_fetch_array($result))
	249	{
[807]	250	array_push($authorizeds, $row['image_id']);
[647]	251	}
	252
[807]	253	$query = '
	254	SELECT image_id
	255	FROM '.FAVORITES_TABLE.'
	256	WHERE user_id = '.$user['id'].'
	257	;';
	258	$result = pwg_query($query);
	259	$favorites = array();
	260	while ($row = mysql_fetch_array($result))
[647]	261	{
[807]	262	array_push($favorites, $row['image_id']);
	263	}
	264
	265	$to_deletes = array_diff($favorites, $authorizeds);
	266
	267	if (count($to_deletes) > 0)
	268	{
[647]	269	$query = '
	270	DELETE FROM '.FAVORITES_TABLE.'
[807]	271	WHERE image_id IN ('.implode(',', $to_deletes).')
[647]	272	AND user_id = '.$user['id'].'
	273	;';
	274	pwg_query($query);
	275	}
	276	}
[648]	277
	278	/**
	279	* update table user_forbidden for the given user
	280	*
	281	* table user_forbidden contains calculated data. Calculation is based on
	282	* private categories minus categories authorized to the groups the user
	283	* belongs to minus the categories directly authorized to the user
	284	*
	285	* @param int user_id
[680]	286	* @param string user_status
[648]	287	* @return string forbidden_categories
	288	*/
[680]	289	function calculate_permissions($user_id, $user_status)
[648]	290	{
	291	$private_array = array();
	292	$authorized_array = array();
	293
	294	$query = '
	295	SELECT id
	296	FROM '.CATEGORIES_TABLE.'
	297	WHERE status = \'private\'
	298	;';
	299	$result = pwg_query($query);
	300	while ($row = mysql_fetch_array($result))
	301	{
	302	array_push($private_array, $row['id']);
	303	}
[680]	304
	305	// if user is not an admin, locked categories can be considered as private$
	306	if ($user_status != 'admin')
	307	{
	308	$query = '
	309	SELECT id
	310	FROM '.CATEGORIES_TABLE.'
	311	WHERE visible = \'false\'
	312	;';
	313	$result = pwg_query($query);
	314	while ($row = mysql_fetch_array($result))
	315	{
	316	array_push($private_array, $row['id']);
	317	}
	318
	319	$private_array = array_unique($private_array);
	320	}
[648]	321
	322	// retrieve category ids directly authorized to the user
	323	$query = '
	324	SELECT cat_id
	325	FROM '.USER_ACCESS_TABLE.'
	326	WHERE user_id = '.$user_id.'
	327	;';
	328	$result = pwg_query($query);
	329	while ($row = mysql_fetch_array($result))
	330	{
	331	array_push($authorized_array, $row['cat_id']);
	332	}
	333
	334	// retrieve category ids authorized to the groups the user belongs to
	335	$query = '
	336	SELECT cat_id
	337	FROM '.USER_GROUP_TABLE.' AS ug INNER JOIN '.GROUP_ACCESS_TABLE.' AS ga
	338	ON ug.group_id = ga.group_id
	339	WHERE ug.user_id = '.$user_id.'
	340	;';
	341	$result = pwg_query($query);
	342	while ($row = mysql_fetch_array($result))
	343	{
	344	array_push($authorized_array, $row['cat_id']);
	345	}
	346
	347	// uniquify ids : some private categories might be authorized for the
	348	// groups and for the user
	349	$authorized_array = array_unique($authorized_array);
	350
	351	// only unauthorized private categories are forbidden
	352	$forbidden_array = array_diff($private_array, $authorized_array);
	353
	354	$query = '
	355	DELETE FROM '.USER_FORBIDDEN_TABLE.'
	356	WHERE user_id = '.$user_id.'
	357	;';
	358	pwg_query($query);
	359
	360	$forbidden_categories = implode(',', $forbidden_array);
	361
	362	$query = '
	363	INSERT INTO '.USER_FORBIDDEN_TABLE.'
	364	(user_id,need_update,forbidden_categories)
	365	VALUES
	366	('.$user_id.',\'false\',\''.$forbidden_categories.'\')
	367	;';
	368	pwg_query($query);
	369
	370	return $forbidden_categories;
	371	}
[708]	372
	373	/**
	374	* returns the username corresponding to the given user identifier if exists
	375	*
	376	* @param int user_id
	377	* @return mixed
	378	*/
	379	function get_username($user_id)
	380	{
	381	$query = '
	382	SELECT username
	383	FROM '.USERS_TABLE.'
	384	WHERE id = '.intval($user_id).'
	385	;';
	386	$result = pwg_query($query);
	387	if (mysql_num_rows($result) > 0)
	388	{
	389	list($username) = mysql_fetch_row($result);
	390	}
	391	else
	392	{
	393	return false;
	394	}
	395
	396	return $username;
	397	}
[367]	398	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: