source: branches/branch-1_4/include/functions_user.inc.php @ 1237

Last change on this file since 1237 was 807, checked in by plg, 19 years ago
  • bug 133 corrected : Deleting user favorites is too restrictive. Instead of deleting a favorite because it belongs to at least one forbidden category, a favorite is deleted if it belongs to no authorized category (which was the expected behaviour).
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 10.4 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | PhpWebGallery - a PHP based picture gallery                           |
4// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
6// +-----------------------------------------------------------------------+
7// | branch        : BSF (Best So Far)
8// | file          : $RCSfile$
9// | last update   : $Date: 2005-08-07 18:02:48 +0000 (Sun, 07 Aug 2005) $
10// | last modifier : $Author: plg $
11// | revision      : $Revision: 807 $
12// +-----------------------------------------------------------------------+
13// | This program is free software; you can redistribute it and/or modify  |
14// | it under the terms of the GNU General Public License as published by  |
15// | the Free Software Foundation                                          |
16// |                                                                       |
17// | This program is distributed in the hope that it will be useful, but   |
18// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
19// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
20// | General Public License for more details.                              |
21// |                                                                       |
22// | You should have received a copy of the GNU General Public License     |
23// | along with this program; if not, write to the Free Software           |
24// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
25// | USA.                                                                  |
26// +-----------------------------------------------------------------------+
27
28// validate_mail_address verifies whether the given mail address has the
29// right format. ie someone@domain.com "someone" can contain ".", "-" or
30// even "_". Exactly as "domain". The extension doesn't have to be
31// "com". The mail address can also be empty.
32// If the mail address doesn't correspond, an error message is returned.
33function validate_mail_address( $mail_address )
34{
35  global $lang;
36
37  if ( $mail_address == '' )
38  {
39    return '';
40  }
41  $regex = '/^[\w-]+(\.[\w-]+)*@[\w-]+(\.[\w-]+)*\.[a-z]+$/';
42  if ( !preg_match( $regex, $mail_address ) )
43  {
44    return $lang['reg_err_mail_address'];
45  }
46}
47
48function register_user($login, $password, $password_conf,
49                       $mail_address, $status = 'guest')
50{
51  global $lang, $conf;
52
53  $errors = array();
54  // login must not
55  //      1. be empty
56  //      2. start ou end with space character
57  //      3. include ' or " characters
58  //      4. be already used
59  if ($login == '')
60  {
61    array_push($errors, $lang['reg_err_login1']);
62  }
63  if (ereg("^.* $", $login))
64  {
65    array_push($errors, $lang['reg_err_login2']);
66  }
67  if (ereg("^ .*$", $login))
68  {
69    array_push($errors, $lang['reg_err_login3']);
70  }
71
72  if (ereg("'", $login) or ereg("\"", $login))
73  {
74    array_push($errors, $lang['reg_err_login4']);
75  }
76  else
77  {
78    $query = '
79SELECT id
80  FROM '.USERS_TABLE.'
81  WHERE username = \''.$login.'\'
82;';
83    $result = pwg_query($query);
84    if (mysql_num_rows($result) > 0)
85    {
86      array_push($errors, $lang['reg_err_login5']);
87    }
88  }
89  // given password must be the same as the confirmation
90  if ($password != $password_conf)
91  {
92    array_push($errors, $lang['reg_err_pass']);
93  }
94
95  $error_mail_address = validate_mail_address($mail_address);
96  if ($error_mail_address != '')
97  {
98    array_push($errors, $error_mail_address);
99  }
100
101  // if no error until here, registration of the user
102  if (count($errors) == 0)
103  {
104    $insert = array();
105    $insert['username'] = $login;
106    $insert['password'] = md5($password);
107    $insert['status'] = $status;
108    $insert['template'] = $conf['default_template'];
109    $insert['nb_image_line'] = $conf['nb_image_line'];
110    $insert['nb_line_page'] = $conf['nb_line_page'];
111    $insert['language'] = $conf['default_language'];
112    $insert['recent_period'] = $conf['recent_period'];
113    $insert['expand'] = boolean_to_string($conf['auto_expand']);
114    $insert['show_nb_comments'] = boolean_to_string($conf['show_nb_comments']);
115    if ( $mail_address != '' )
116    {
117      $insert['mail_address'] = $mail_address;
118    }
119    if ($conf['default_maxwidth'] != '')
120    {
121      $insert['maxwidth'] = $conf['default_maxwidth'];
122    }
123    if ($conf['default_maxheight'] != '')
124    {
125      $insert['maxheight'] = $conf['default_maxheight'];
126    }
127
128    $query = '
129INSERT INTO '.USERS_TABLE.'
130  ('.implode(',', array_keys($insert)).')
131  VALUES
132  (';
133    $is_first = true;
134    foreach (array_keys($insert) as $field)
135    {
136      if (!$is_first)
137      {
138        $query.= ',';
139      }
140      $query.= "'".$insert[$field]."'";
141      $is_first = false;
142    }
143    $query.= ')
144;';
145    pwg_query($query);
146  }
147  return $errors;
148}
149
150function update_user( $user_id, $mail_address, $status,
151                      $use_new_password = false, $password = '' )
152{
153  $error = array();
154  $i = 0;
155 
156  $error_mail_address = validate_mail_address( $mail_address );
157  if ( $error_mail_address != '' )
158  {
159    $error[$i++] = $error_mail_address;
160  }
161
162  if ( sizeof( $error ) == 0 )
163  {
164    $query = 'UPDATE '.USERS_TABLE;
165    $query.= " SET status = '".$status."'";
166    if ( $use_new_password )
167    {
168      $query.= ", password = '".md5( $password )."'";
169    }
170    $query.= ', mail_address = ';
171    if ( $mail_address != '' )
172    {
173      $query.= "'".$mail_address."'";
174    }
175    else
176    {
177      $query.= 'NULL';
178    }
179    $query.= ' WHERE id = '.$user_id;
180    $query.= ';';
181    pwg_query( $query );
182  }
183  return $error;
184}
185
186function check_login_authorization($guest_allowed = true)
187{
188  global $user,$lang,$conf,$template;
189
190  if ($user['is_the_guest'] and !$guest_allowed)
191  {
192    echo '<div style="text-align:center;">'.$lang['only_members'].'<br />';
193    echo '<a href="./identification.php">'.$lang['ident_title'].'</a></div>';
194    exit();
195  }
196
197  if ($conf['gallery_locked'])
198  {
199    echo '<div style="text-align:center;">';
200    echo $lang['gallery_locked_message'];
201    echo '</div>';
202    if ($user['status'] != 'admin')
203    {
204      exit();
205    }
206  }
207}
208
209function setup_style($style)
210{
211  return new Template(PHPWG_ROOT_PATH.'template/'.$style);
212}
213
214function getuserdata($user)
215{
216  $sql = "SELECT * FROM " . USERS_TABLE;
217  $sql.= " WHERE ";
218  $sql .= ( ( is_integer($user) ) ? "id = $user" : "username = '" .  str_replace("\'", "''", $user) . "'" ) . " AND id <> " . ANONYMOUS;
219  $result = pwg_query($sql);
220  return ( $row = mysql_fetch_array($result) ) ? $row : false;
221}
222
223/*
224 * deletes favorites of the current user if he's not allowed to see them
225 *
226 * @return void
227 */
228function check_user_favorites()
229{
230  global $user;
231
232  if ($user['forbidden_categories'] == '')
233  {
234    return;
235  }
236
237  // retrieving images allowed : belonging to at least one authorized
238  // category
239  $query = '
240SELECT DISTINCT f.image_id
241  FROM '.FAVORITES_TABLE.' AS f INNER JOIN '.IMAGE_CATEGORY_TABLE.' AS ic
242    ON f.image_id = ic.image_id
243  WHERE f.user_id = '.$user['id'].'
244    AND ic.category_id NOT IN ('.$user['forbidden_categories'].')
245;';
246  $result = pwg_query($query);
247  $authorizeds = array();
248  while ($row = mysql_fetch_array($result))
249  {
250    array_push($authorizeds, $row['image_id']);
251  }
252
253  $query = '
254SELECT image_id
255  FROM '.FAVORITES_TABLE.'
256  WHERE user_id = '.$user['id'].'
257;';
258  $result = pwg_query($query);
259  $favorites = array();
260  while ($row = mysql_fetch_array($result))
261  {
262    array_push($favorites, $row['image_id']);
263  }
264
265  $to_deletes = array_diff($favorites, $authorizeds);
266
267  if (count($to_deletes) > 0)
268  {
269    $query = '
270DELETE FROM '.FAVORITES_TABLE.'
271  WHERE image_id IN ('.implode(',', $to_deletes).')
272    AND user_id = '.$user['id'].'
273;';
274    pwg_query($query);
275  }
276}
277
278/**
279 * update table user_forbidden for the given user
280 *
281 * table user_forbidden contains calculated data. Calculation is based on
282 * private categories minus categories authorized to the groups the user
283 * belongs to minus the categories directly authorized to the user
284 *
285 * @param int user_id
286 * @param string user_status
287 * @return string forbidden_categories
288 */
289function calculate_permissions($user_id, $user_status)
290{
291  $private_array = array();
292  $authorized_array = array();
293
294  $query = '
295SELECT id
296  FROM '.CATEGORIES_TABLE.'
297  WHERE status = \'private\'
298;';
299  $result = pwg_query($query);
300  while ($row = mysql_fetch_array($result))
301  {
302    array_push($private_array, $row['id']);
303  }
304
305  // if user is not an admin, locked categories can be considered as private$
306  if ($user_status != 'admin')
307  {
308    $query = '
309SELECT id
310  FROM '.CATEGORIES_TABLE.'
311  WHERE visible = \'false\'
312;';
313    $result = pwg_query($query);
314    while ($row = mysql_fetch_array($result))
315    {
316      array_push($private_array, $row['id']);
317    }
318
319    $private_array = array_unique($private_array);
320  }
321 
322  // retrieve category ids directly authorized to the user
323  $query = '
324SELECT cat_id
325  FROM '.USER_ACCESS_TABLE.'
326  WHERE user_id = '.$user_id.'
327;';
328  $result = pwg_query($query);
329  while ($row = mysql_fetch_array($result))
330  {
331    array_push($authorized_array, $row['cat_id']);
332  }
333
334  // retrieve category ids authorized to the groups the user belongs to
335  $query = '
336SELECT cat_id
337  FROM '.USER_GROUP_TABLE.' AS ug INNER JOIN '.GROUP_ACCESS_TABLE.' AS ga
338    ON ug.group_id = ga.group_id
339  WHERE ug.user_id = '.$user_id.'
340;';
341  $result = pwg_query($query);
342  while ($row = mysql_fetch_array($result))
343  {
344    array_push($authorized_array, $row['cat_id']);
345  }
346
347  // uniquify ids : some private categories might be authorized for the
348  // groups and for the user
349  $authorized_array = array_unique($authorized_array);
350
351  // only unauthorized private categories are forbidden
352  $forbidden_array = array_diff($private_array, $authorized_array);
353
354  $query = '
355DELETE FROM '.USER_FORBIDDEN_TABLE.'
356  WHERE user_id = '.$user_id.'
357;';
358  pwg_query($query);
359
360  $forbidden_categories = implode(',', $forbidden_array);
361 
362  $query = '
363INSERT INTO '.USER_FORBIDDEN_TABLE.'
364  (user_id,need_update,forbidden_categories)
365  VALUES
366  ('.$user_id.',\'false\',\''.$forbidden_categories.'\')
367;';
368  pwg_query($query);
369 
370  return $forbidden_categories;
371}
372
373/**
374 * returns the username corresponding to the given user identifier if exists
375 *
376 * @param int user_id
377 * @return mixed
378 */
379function get_username($user_id)
380{
381  $query = '
382SELECT username
383  FROM '.USERS_TABLE.'
384  WHERE id = '.intval($user_id).'
385;';
386  $result = pwg_query($query);
387  if (mysql_num_rows($result) > 0)
388  {
389    list($username) = mysql_fetch_row($result);
390  }
391  else
392  {
393    return false;
394  }
395 
396  return $username;
397}
398?>
Note: See TracBrowser for help on using the repository browser.