Context Navigation

source: branches/branch-1_7/include/functions_user.inc.php @ 2220

Last change on this file since 2220 was 2220, checked in by rub, 16 years ago
little corrections
Property svn:eol-style set to `LF` Property svn:keywords set to `Author Date Id Revision`
File size: 29.8 KB

Rev	Line
[2]	1	<?php
[362]	2	// +-----------------------------------------------------------------------+
[593]	3	// \| PhpWebGallery - a PHP based picture gallery \|
	4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
[2220]	5	// \| Copyright (C) 2003-2008 PhpWebGallery Team - http://phpwebgallery.net \|
[362]	6	// +-----------------------------------------------------------------------+
[1113]	7	// \| file : $Id: functions_user.inc.php 2220 2008-02-27 21:58:20Z rub $
[362]	8	// \| last update : $Date: 2008-02-27 21:58:20 +0000 (Wed, 27 Feb 2008) $
	9	// \| last modifier : $Author: rub $
	10	// \| revision : $Revision: 2220 $
	11	// +-----------------------------------------------------------------------+
	12	// \| This program is free software; you can redistribute it and/or modify \|
	13	// \| it under the terms of the GNU General Public License as published by \|
	14	// \| the Free Software Foundation \|
	15	// \| \|
	16	// \| This program is distributed in the hope that it will be useful, but \|
	17	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	18	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	19	// \| General Public License for more details. \|
	20	// \| \|
	21	// \| You should have received a copy of the GNU General Public License \|
	22	// \| along with this program; if not, write to the Free Software \|
	23	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	24	// \| USA. \|
	25	// +-----------------------------------------------------------------------+
[2]	26
[9]	27	// validate_mail_address verifies whether the given mail address has the
	28	// right format. ie someone@domain.com "someone" can contain ".", "-" or
	29	// even "_". Exactly as "domain". The extension doesn't have to be
	30	// "com". The mail address can also be empty.
	31	// If the mail address doesn't correspond, an error message is returned.
[2]	32	function validate_mail_address( $mail_address )
	33	{
	34	global $lang;
	35
[9]	36	if ( $mail_address == '' )
[2]	37	{
[9]	38	return '';
[2]	39	}
[9]	40	$regex = '/^[\w-]+(\.[\w-]+)@[\w-]+(\.[\w-]+)\.[a-z]+$/';
	41	if ( !preg_match( $regex, $mail_address ) )
	42	{
	43	return $lang['reg_err_mail_address'];
	44	}
[2]	45	}
	46
[2177]	47	function register_user($login, $password, $mail_address,
	48	$with_notification = true, $errors = array())
[2]	49	{
[661]	50	global $lang, $conf;
[2]	51
[661]	52	if ($login == '')
	53	{
	54	array_push($errors, $lang['reg_err_login1']);
	55	}
	56	if (ereg("^.* $", $login))
	57	{
	58	array_push($errors, $lang['reg_err_login2']);
	59	}
	60	if (ereg("^ .*$", $login))
	61	{
	62	array_push($errors, $lang['reg_err_login3']);
	63	}
[808]	64	if (get_userid($login))
[804]	65	{
	66	array_push($errors, $lang['reg_err_login5']);
[2]	67	}
[808]	68	$mail_error = validate_mail_address($mail_address);
	69	if ('' != $mail_error)
[661]	70	{
[808]	71	array_push($errors, $mail_error);
[661]	72	}
[2]	73
[9]	74	// if no error until here, registration of the user
[661]	75	if (count($errors) == 0)
[2]	76	{
[906]	77	// what will be the inserted id ?
	78	$query = '
	79	SELECT MAX('.$conf['user_fields']['id'].') + 1
	80	FROM '.USERS_TABLE.'
	81	;';
	82	list($next_id) = mysql_fetch_array(pwg_query($query));
[1068]	83
[808]	84	$insert =
	85	array(
[906]	86	$conf['user_fields']['id'] => $next_id,
[808]	87	$conf['user_fields']['username'] => mysql_escape_string($login),
	88	$conf['user_fields']['password'] => $conf['pass_convert']($password),
	89	$conf['user_fields']['email'] => $mail_address
	90	);
[661]	91
[808]	92	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
	93	mass_inserts(USERS_TABLE, array_keys($insert), array($insert));
[1068]	94
[2177]	95	// Assign by default groups
	96	{
	97	$query = '
[1583]	98	SELECT id
	99	FROM '.GROUPS_TABLE.'
	100	WHERE is_default = \''.boolean_to_string(true).'\'
	101	ORDER BY id ASC
	102	;';
[2177]	103	$result = pwg_query($query);
[1581]	104
[2177]	105	$inserts = array();
	106	while ($row = mysql_fetch_array($result))
	107	{
	108	array_push
[1583]	109	(
[2177]	110	$inserts,
	111	array
	112	(
	113	'user_id' => $next_id,
	114	'group_id' => $row['id']
	115	)
	116	);
	117	}
[1583]	118	}
[1581]	119
[1583]	120	if (count($inserts) != 0)
	121	{
[1581]	122	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
[1583]	123	mass_inserts(USER_GROUP_TABLE, array('user_id', 'group_id'), $inserts);
[1581]	124	}
	125
[906]	126	create_user_infos($next_id);
[1605]	127
[2177]	128	if ($with_notification and $conf['email_admin_on_new_user'])
	129	{
	130	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
	131	$username = $_POST['login'];
	132	$admin_url = get_absolute_root_url()
	133	.'admin.php?page=user_list&username='.$username;
	134
	135	$keyargs_content = array
	136	(
	137	get_l10n_args('User: %s', $username),
	138	get_l10n_args('Email: %s', $_POST['mail_address']),
	139	get_l10n_args('', ''),
	140	get_l10n_args('Admin: %s', $admin_url)
	141	);
	142
	143	pwg_mail_notification_admins
	144	(
	145	get_l10n_args('Registration of %s', $username),
	146	$keyargs_content
	147	);
	148	}
	149
[1605]	150	trigger_action('register_user',
	151	array(
	152	'id'=>$next_id,
	153	'username'=>$login,
	154	'email'=>$mail_address,
	155	)
	156	);
[2]	157	}
[906]	158
[661]	159	return $errors;
[2]	160	}
	161
[364]	162	function setup_style($style)
	163	{
[672]	164	return new Template(PHPWG_ROOT_PATH.'template/'.$style);
[364]	165	}
	166
[1677]	167	function build_user( $user_id, $use_cache )
[1568]	168	{
	169	global $conf;
[2040]	170
[1568]	171	$user['id'] = $user_id;
[1677]	172	$user = array_merge( $user, getuserdata($user_id, $use_cache) );
[1926]	173	$user['is_the_guest'] = ($user['id'] == $conf['guest_id']);
	174	$user['is_the_default'] = ($user['id'] == $conf['default_user_id']);
	175
[2054]	176	if ($user['is_the_guest'] and $user['status'] <> 'guest')
	177	{
	178	$user['status'] = 'guest';
	179	$user['internal_status']['guest_must_be_guest'] = true;
	180	}
	181
[1568]	182	// calculation of the number of picture to display per page
	183	$user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page'];
	184
[2040]	185	if (is_admin($user['status']))
[1568]	186	{
[2040]	187	list($user['admin_template'], $user['admin_theme']) =
[1568]	188	explode
	189	(
	190	'/',
	191	isset($conf['default_admin_layout']) ? $conf['default_admin_layout']
	192	: $user['template']
	193	);
	194	}
	195
[2040]	196	list($user['template'], $user['theme']) = explode('/', $user['template']);
	197
[1568]	198	return $user;
	199	}
	200
[808]	201	/**
	202	* find informations related to the user identifier
	203	*
	204	* @param int user identifier
	205	* @param boolean use_cache
	206	* @param array
	207	*/
[1677]	208	function getuserdata($user_id, $use_cache)
[393]	209	{
[808]	210	global $conf;
	211
	212	$userdata = array();
[1068]	213
[808]	214	$query = '
	215	SELECT ';
	216	$is_first = true;
	217	foreach ($conf['user_fields'] as $pwgfield => $dbfield)
	218	{
	219	if ($is_first)
	220	{
	221	$is_first = false;
	222	}
	223	else
	224	{
	225	$query.= '
	226	, ';
	227	}
	228	$query.= $dbfield.' AS '.$pwgfield;
	229	}
	230	$query.= '
	231	FROM '.USERS_TABLE.'
	232	WHERE '.$conf['user_fields']['id'].' = \''.$user_id.'\'
	233	;';
[1068]	234
[808]	235	$row = mysql_fetch_array(pwg_query($query));
	236
	237	while (true)
	238	{
	239	$query = '
	240	SELECT ui., uc.
	241	FROM '.USER_INFOS_TABLE.' AS ui LEFT JOIN '.USER_CACHE_TABLE.' AS uc
	242	ON ui.user_id = uc.user_id
	243	WHERE ui.user_id = \''.$user_id.'\'
	244	;';
	245	$result = pwg_query($query);
	246	if (mysql_num_rows($result) > 0)
	247	{
	248	break;
	249	}
	250	else
	251	{
	252	create_user_infos($user_id);
	253	}
	254	}
[1068]	255
[808]	256	$row = array_merge($row, mysql_fetch_array($result));
[1068]	257
[808]	258	foreach ($row as $key => $value)
	259	{
	260	if (!is_numeric($key))
	261	{
	262	// If the field is true or false, the variable is transformed into a
	263	// boolean value.
	264	if ($value == 'true' or $value == 'false')
	265	{
	266	$userdata[$key] = get_boolean($value);
	267	}
	268	else
	269	{
	270	$userdata[$key] = $value;
	271	}
	272	}
	273	}
	274
	275	if ($use_cache)
	276	{
	277	if (!isset($userdata['need_update'])
	278	or !is_bool($userdata['need_update'])
[1677]	279	or $userdata['need_update'] == true)
[808]	280	{
	281	$userdata['forbidden_categories'] =
	282	calculate_permissions($userdata['id'], $userdata['status']);
	283
[1860]	284	update_user_cache_categories($userdata);
[1624]	285
	286	// Set need update are done
[1677]	287	$userdata['need_update'] = false;
[1624]	288
[1677]	289	// Indicate update done
	290	$userdata['need_update_done'] = true;
	291
[1081]	292	$query = '
	293	SELECT COUNT(DISTINCT(image_id)) as total
	294	FROM '.IMAGE_CATEGORY_TABLE.'
	295	WHERE category_id NOT IN ('.$userdata['forbidden_categories'].')
	296	;';
	297	list($userdata['nb_total_images']) = mysql_fetch_array(pwg_query($query));
	298
[808]	299	// update user cache
	300	$query = '
	301	DELETE FROM '.USER_CACHE_TABLE.'
	302	WHERE user_id = '.$userdata['id'].'
	303	;';
	304	pwg_query($query);
[1068]	305
[808]	306	$query = '
	307	INSERT INTO '.USER_CACHE_TABLE.'
[1624]	308	(user_id, need_update, forbidden_categories, nb_total_images)
[808]	309	VALUES
[1624]	310	('.$userdata['id'].',\''.boolean_to_string($userdata['need_update']).'\',\''
[1081]	311	.$userdata['forbidden_categories'].'\','.$userdata['nb_total_images'].')
[808]	312	;';
	313	pwg_query($query);
	314	}
[1677]	315	else
[1624]	316	{
[1677]	317	// Indicate update not done
	318	$userdata['need_update_done'] = false;
[1624]	319	}
[808]	320	}
	321
	322	return $userdata;
[393]	323	}
[647]	324
	325	/*
	326	* deletes favorites of the current user if he's not allowed to see them
	327	*
	328	* @return void
	329	*/
	330	function check_user_favorites()
	331	{
	332	global $user;
	333
	334	if ($user['forbidden_categories'] == '')
	335	{
	336	return;
	337	}
[832]	338
[1677]	339	// $filter['visible_categories'] and $filter['visible_images']
	340	// must be not used because filter <> restriction
[832]	341	// retrieving images allowed : belonging to at least one authorized
	342	// category
[647]	343	$query = '
[832]	344	SELECT DISTINCT f.image_id
[647]	345	FROM '.FAVORITES_TABLE.' AS f INNER JOIN '.IMAGE_CATEGORY_TABLE.' AS ic
	346	ON f.image_id = ic.image_id
	347	WHERE f.user_id = '.$user['id'].'
[1677]	348	'.get_sql_condition_FandF
	349	(
	350	array
	351	(
	352	'forbidden_categories' => 'ic.category_id',
	353	),
	354	'AND'
	355	).'
[647]	356	;';
	357	$result = pwg_query($query);
[832]	358	$authorizeds = array();
[647]	359	while ($row = mysql_fetch_array($result))
	360	{
[832]	361	array_push($authorizeds, $row['image_id']);
[647]	362	}
	363
[832]	364	$query = '
	365	SELECT image_id
	366	FROM '.FAVORITES_TABLE.'
	367	WHERE user_id = '.$user['id'].'
	368	;';
	369	$result = pwg_query($query);
	370	$favorites = array();
	371	while ($row = mysql_fetch_array($result))
[647]	372	{
[832]	373	array_push($favorites, $row['image_id']);
	374	}
	375
	376	$to_deletes = array_diff($favorites, $authorizeds);
	377
	378	if (count($to_deletes) > 0)
	379	{
[647]	380	$query = '
	381	DELETE FROM '.FAVORITES_TABLE.'
[832]	382	WHERE image_id IN ('.implode(',', $to_deletes).')
[647]	383	AND user_id = '.$user['id'].'
	384	;';
	385	pwg_query($query);
	386	}
	387	}
[648]	388
	389	/**
[808]	390	* calculates the list of forbidden categories for a given user
[648]	391	*
[808]	392	* Calculation is based on private categories minus categories authorized to
	393	* the groups the user belongs to minus the categories directly authorized
	394	* to the user. The list contains at least -1 to be compliant with queries
	395	* such as "WHERE category_id NOT IN ($forbidden_categories)"
[648]	396	*
	397	* @param int user_id
[680]	398	* @param string user_status
[648]	399	* @return string forbidden_categories
	400	*/
[680]	401	function calculate_permissions($user_id, $user_status)
[648]	402	{
	403	$private_array = array();
	404	$authorized_array = array();
	405
	406	$query = '
	407	SELECT id
	408	FROM '.CATEGORIES_TABLE.'
	409	WHERE status = \'private\'
	410	;';
	411	$result = pwg_query($query);
	412	while ($row = mysql_fetch_array($result))
	413	{
	414	array_push($private_array, $row['id']);
	415	}
[680]	416
[648]	417	// retrieve category ids directly authorized to the user
	418	$query = '
	419	SELECT cat_id
	420	FROM '.USER_ACCESS_TABLE.'
	421	WHERE user_id = '.$user_id.'
	422	;';
[808]	423	$authorized_array = array_from_query($query, 'cat_id');
[648]	424
	425	// retrieve category ids authorized to the groups the user belongs to
	426	$query = '
	427	SELECT cat_id
	428	FROM '.USER_GROUP_TABLE.' AS ug INNER JOIN '.GROUP_ACCESS_TABLE.' AS ga
	429	ON ug.group_id = ga.group_id
	430	WHERE ug.user_id = '.$user_id.'
	431	;';
[808]	432	$authorized_array =
	433	array_merge(
	434	$authorized_array,
	435	array_from_query($query, 'cat_id')
	436	);
[648]	437
	438	// uniquify ids : some private categories might be authorized for the
	439	// groups and for the user
	440	$authorized_array = array_unique($authorized_array);
	441
	442	// only unauthorized private categories are forbidden
	443	$forbidden_array = array_diff($private_array, $authorized_array);
	444
[1117]	445	// if user is not an admin, locked categories are forbidden
[1851]	446	if (!is_admin($user_status))
[1117]	447	{
	448	$query = '
	449	SELECT id
	450	FROM '.CATEGORIES_TABLE.'
	451	WHERE visible = \'false\'
	452	;';
	453	$result = pwg_query($query);
	454	while ($row = mysql_fetch_array($result))
	455	{
	456	array_push($forbidden_array, $row['id']);
	457	}
	458	$forbidden_array = array_unique($forbidden_array);
	459	}
[1068]	460
[1117]	461	if ( empty($forbidden_array) )
[1331]	462	{// at least, the list contains 0 value. This category does not exists so
	463	// where clauses such as "WHERE category_id NOT IN(0)" will always be
[1117]	464	// true.
[1331]	465	array_push($forbidden_array, 0);
[1117]	466	}
	467
[808]	468	return implode(',', $forbidden_array);
[648]	469	}
[708]	470
	471	/**
[1677]	472	* compute data of categories branches (one branch only)
[1624]	473	*/
[1640]	474	function compute_branch_cat_data(&$cats, &$list_cat_id, &$level, &$ref_level)
[1624]	475	{
[1640]	476	$date = '';
	477	$count_images = 0;
	478	$count_categories = 0;
	479	do
[1624]	480	{
[1640]	481	$cat_id = array_pop($list_cat_id);
	482	if (!is_null($cat_id))
[1624]	483	{
[1640]	484	// Count images and categories
	485	$cats[$cat_id]['count_images'] += $count_images;
	486	$cats[$cat_id]['count_categories'] += $count_categories;
	487	$count_images = $cats[$cat_id]['count_images'];
	488	$count_categories = $cats[$cat_id]['count_categories'] + 1;
	489
	490	if ((empty($cats[$cat_id]['max_date_last'])) or ($cats[$cat_id]['max_date_last'] < $date))
[1624]	491	{
[1640]	492	$cats[$cat_id]['max_date_last'] = $date;
[1624]	493	}
	494	else
	495	{
[1640]	496	$date = $cats[$cat_id]['max_date_last'];
[1624]	497	}
[1640]	498	$ref_level = substr_count($cats[$cat_id]['global_rank'], '.') + 1;
	499	}
	500	else
[1624]	501	{
[1640]	502	$ref_level = 0;
[1624]	503	}
[1640]	504	} while ($level <= $ref_level);
	505
	506	// Last cat updating must be added to list for next branch
	507	if ($ref_level <> 0)
	508	{
	509	array_push($list_cat_id, $cat_id);
[1624]	510	}
[1640]	511	}
[1624]	512
[1640]	513	/**
[1677]	514	* compute data of categories branches
[1640]	515	*/
[1677]	516	function compute_categories_data(&$cats)
[1640]	517	{
[1677]	518	$ref_level = 0;
	519	$level = 0;
	520	$list_cat_id = array();
[1624]	521
[1677]	522	foreach ($cats as $id => $category)
[1624]	523	{
[1677]	524	// Compute
	525	$level = substr_count($category['global_rank'], '.') + 1;
	526	if ($level > $ref_level)
	527	{
	528	array_push($list_cat_id, $id);
	529	}
	530	else
	531	{
	532	compute_branch_cat_data($cats, $list_cat_id, $level, $ref_level);
	533	array_push($list_cat_id, $id);
	534	}
	535	$ref_level = $level;
[1624]	536	}
[1651]	537
[1677]	538	$level = 1;
	539	compute_branch_cat_data($cats, $list_cat_id, $level, $ref_level);
	540	}
[1651]	541
[1677]	542	/**
	543	* get computed array of categories
	544	*
[1860]	545	* @param array userdata
	546	* @param int filter_days number of recent days to filter on or null
[1677]	547	* @return array
	548	*/
[1860]	549	function get_computed_categories($userdata, $filter_days=null)
[1677]	550	{
[1860]	551	$group_by = '';
[1651]	552
[1860]	553	$query = 'SELECT c.id cat_id, global_rank';
	554	if ( !isset($filter_days) )
[1651]	555	{
[1860]	556	$query .= ',
	557	date_last cat_date_last,
	558	nb_images cat_nb_images
	559	FROM '.CATEGORIES_TABLE.' as c';
[1651]	560	}
	561	else
	562	{
	563	// Count by date_available to avoid count null
[1860]	564	$query .= ',
	565	MAX(date_available) cat_date_last,
	566	COUNT(date_available) cat_nb_images
	567	FROM '.CATEGORIES_TABLE.' as c
[1677]	568	LEFT JOIN '.IMAGE_CATEGORY_TABLE.' AS ic ON ic.category_id = c.id
	569	LEFT JOIN '.IMAGES_TABLE.' AS i
[1860]	570	ON ic.image_id = i.id AND
	571	i.date_available > SUBDATE(CURRENT_DATE,INTERVAL '.$filter_days.' DAY)';
	572	$group_by = 'c.id';
[1651]	573	}
	574
[1860]	575	if ( !empty($userdata['forbidden_categories']) )
[1651]	576	{
	577	$query.= '
[1860]	578	WHERE c.id NOT IN ('.$userdata['forbidden_categories'].')';
[1651]	579	}
	580
[1860]	581	if ( !empty($group_by) )
[1651]	582	{
	583	$query.= '
[1860]	584	GROUP BY '.$group_by;
[1651]	585	}
[1624]	586
	587	$result = pwg_query($query);
	588
	589	$cats = array();
[1641]	590	while ($row = mysql_fetch_assoc($result))
[1624]	591	{
[1860]	592	$row['user_id'] = $userdata['id'];
[1641]	593	$row['count_categories'] = 0;
[1860]	594	$row['count_images'] = $row['cat_nb_images'];
	595	$row['max_date_last'] = $row['cat_date_last'];
	596
[1624]	597	$cats += array($row['cat_id'] => $row);
	598	}
	599	usort($cats, 'global_rank_compare');
	600
[1677]	601	compute_categories_data($cats);
[1624]	602
[1860]	603	if ( isset($filter_days) )
[1624]	604	{
[1651]	605	$cat_tmp = $cats;
	606	$cats = array();
[1860]	607
[1677]	608	foreach ($cat_tmp as $category)
[1651]	609	{
[1677]	610	if (!empty($category['max_date_last']))
[1651]	611	{
[1677]	612	// Re-init counters
	613	$category['count_categories'] = 0;
[1860]	614	$category['count_images'] = $category['cat_nb_images'];
	615	// next line for update_cats_with_filtered_data
	616	$category['nb_images'] = $category['cat_nb_images'];
[1677]	617	// Keep category
	618	$cats[$category['cat_id']] = $category;
[1651]	619	}
	620	}
[1677]	621	// Compute a second time
	622	compute_categories_data($cats);
[1651]	623	}
[1677]	624	return $cats;
	625	}
	626
	627	/**
	628	* update data of user_cache_categories
	629	*
[1860]	630	* @param array userdata
[1677]	631	* @return null
	632	*/
[1860]	633	function update_user_cache_categories($userdata)
[1677]	634	{
	635	// delete user cache
	636	$query = '
	637	DELETE FROM '.USER_CACHE_CATEGORIES_TABLE.'
[1860]	638	WHERE user_id = '.$userdata['id'].'
[1677]	639	;';
	640	pwg_query($query);
	641
[1860]	642	$cats = get_computed_categories($userdata, null);
[1677]	643
[1624]	644	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
	645	mass_inserts
	646	(
	647	USER_CACHE_CATEGORIES_TABLE,
	648	array
	649	(
[1641]	650	'user_id', 'cat_id',
	651	'max_date_last', 'count_images', 'count_categories'
[1624]	652	),
	653	$cats
	654	);
	655	}
	656
	657	/**
[708]	658	* returns the username corresponding to the given user identifier if exists
	659	*
	660	* @param int user_id
	661	* @return mixed
	662	*/
	663	function get_username($user_id)
	664	{
[808]	665	global $conf;
[1068]	666
[708]	667	$query = '
[808]	668	SELECT '.$conf['user_fields']['username'].'
[708]	669	FROM '.USERS_TABLE.'
[808]	670	WHERE '.$conf['user_fields']['id'].' = '.intval($user_id).'
[708]	671	;';
	672	$result = pwg_query($query);
	673	if (mysql_num_rows($result) > 0)
	674	{
	675	list($username) = mysql_fetch_row($result);
	676	}
	677	else
	678	{
	679	return false;
	680	}
[1068]	681
[708]	682	return $username;
	683	}
[801]	684
	685	/**
[808]	686	* returns user identifier thanks to his name, false if not found
	687	*
	688	* @param string username
	689	* @param int user identifier
	690	*/
	691	function get_userid($username)
	692	{
	693	global $conf;
	694
	695	$username = mysql_escape_string($username);
	696
	697	$query = '
	698	SELECT '.$conf['user_fields']['id'].'
	699	FROM '.USERS_TABLE.'
	700	WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
	701	;';
	702	$result = pwg_query($query);
	703
	704	if (mysql_num_rows($result) == 0)
	705	{
	706	return false;
	707	}
	708	else
	709	{
	710	list($user_id) = mysql_fetch_row($result);
	711	return $user_id;
	712	}
	713	}
	714
	715	/**
[801]	716	* search an available feed_id
	717	*
	718	* @return string feed identifier
	719	*/
	720	function find_available_feed_id()
	721	{
	722	while (true)
	723	{
	724	$key = generate_key(50);
	725	$query = '
	726	SELECT COUNT(*)
[833]	727	FROM '.USER_FEED_TABLE.'
	728	WHERE id = \''.$key.'\'
[801]	729	;';
	730	list($count) = mysql_fetch_row(pwg_query($query));
	731	if (0 == $count)
	732	{
	733	return $key;
	734	}
	735	}
	736	}
[808]	737
[1926]	738	/*
	739	* Returns a array with default user value
[808]	740	*
[1926]	741	* @param convert_str allows to convert string value if necessary
[808]	742	*/
[1926]	743	function get_default_user_info($convert_str = true)
[808]	744	{
[1926]	745	global $page, $conf;
	746
	747	if (!isset($page['cache_default_user']))
	748	{
	749	$query = 'select * from '.USER_INFOS_TABLE.
	750	' where user_id = '.$conf['default_user_id'].';';
[1068]	751
[1926]	752	$result = pwg_query($query);
	753	$page['cache_default_user'] = mysql_fetch_assoc($result);
[1930]	754
	755	if ($page['cache_default_user'] !== false)
	756	{
	757	unset($page['cache_default_user']['user_id']);
	758	unset($page['cache_default_user']['status']);
	759	unset($page['cache_default_user']['registration_date']);
	760	}
[1926]	761	}
[808]	762
[1926]	763	if (is_array($page['cache_default_user']) and $convert_str)
[1284]	764	{
[1926]	765	$default_user = array();
	766	foreach ($page['cache_default_user'] as $name => $value)
	767	{
	768	// If the field is true or false, the variable is transformed into a
	769	// boolean value.
	770	if ($value == 'true' or $value == 'false')
	771	{
	772	$default_user[$name] = get_boolean($value);
	773	}
	774	else
	775	{
	776	$default_user[$name] = $value;
	777	}
	778	}
	779	return $default_user;
[1284]	780	}
[1926]	781	else
[1284]	782	{
[1926]	783	return $page['cache_default_user'];
[1284]	784	}
[1926]	785	}
	786
	787	/*
	788	* Returns a default user value
	789	*
	790	* @param value_name: name of value
	791	* @param sos_value: value used if don't exist value
	792	*/
	793	function get_default_user_value($value_name, $sos_value)
	794	{
	795	$default_user = get_default_user_info(true);
	796	if ($default_user === false or !isset($default_user[$value_name]))
	797	{
	798	return $sos_value;
	799	}
[1284]	800	else
	801	{
[1926]	802	return $default_user[$value_name];
[1284]	803	}
[1926]	804	}
[1567]	805
[1926]	806	/*
	807	* Returns the default template value
	808	*
	809	*/
	810	function get_default_template()
	811	{
	812	return get_default_user_value('template', PHPWG_DEFAULT_TEMPLATE);
	813	}
[808]	814
[1926]	815	/*
	816	* Returns the default language value
	817	*
	818	*/
	819	function get_default_language()
	820	{
	821	return get_default_user_value('language', PHPWG_DEFAULT_LANGUAGE);
[808]	822	}
[817]	823
	824	/**
[1926]	825	* add user informations based on default values
	826	*
	827	* @param int user_id / array of user_if
[1930]	828	* @param array of values used to override default user values
[1926]	829	*/
[1930]	830	function create_user_infos($arg_id, $override_values = null)
[1926]	831	{
	832	global $conf;
	833
	834	if (is_array($arg_id))
	835	{
	836	$user_ids = $arg_id;
	837	}
	838	else
	839	{
	840	$user_ids = array();
	841	if (is_integer($arg_id))
	842	{
	843	$user_ids[] = $arg_id;
	844	}
	845	}
	846
	847	if (!empty($user_ids))
	848	{
	849	$inserts = array();
	850	list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();'));
	851
	852	$default_user = get_default_user_info(false);
	853	if ($default_user === false)
	854	{
	855	// Default on structure are used
	856	$default_user = array();
	857	}
	858
[1930]	859	if (!is_null($override_values))
	860	{
	861	$default_user = array_merge($default_user, $override_values);
	862	}
	863
[1926]	864	foreach ($user_ids as $user_id)
	865	{
	866	if ($user_id == $conf['webmaster_id'])
	867	{
	868	$status = 'webmaster';
	869	}
	870	else if (($user_id == $conf['guest_id']) or
	871	($user_id == $conf['default_user_id']))
	872	{
	873	$status = 'guest';
	874	}
	875	else
	876	{
	877	$status = 'normal';
	878	}
	879
[1930]	880	$insert = array_merge(
	881	$default_user,
[1926]	882	array(
	883	'user_id' => $user_id,
	884	'status' => $status,
	885	'registration_date' => $dbnow
[1930]	886	));
[1926]	887
	888	array_push($inserts, $insert);
	889	}
	890
	891	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
	892	mass_inserts(USER_INFOS_TABLE, array_keys($inserts[0]), $inserts);
	893
	894	}
	895	}
	896
	897	/**
[817]	898	* returns the groupname corresponding to the given group identifier if
	899	* exists
	900	*
	901	* @param int group_id
	902	* @return mixed
	903	*/
	904	function get_groupname($group_id)
	905	{
	906	$query = '
	907	SELECT name
	908	FROM '.GROUPS_TABLE.'
	909	WHERE id = '.intval($group_id).'
	910	;';
	911	$result = pwg_query($query);
	912	if (mysql_num_rows($result) > 0)
	913	{
	914	list($groupname) = mysql_fetch_row($result);
	915	}
	916	else
	917	{
	918	return false;
	919	}
[1068]	920
[817]	921	return $groupname;
	922	}
[879]	923
	924	/**
	925	* return the file path of the given language filename, depending on the
	926	* availability of the file
	927	*
[1904]	928	* in descending order of preference:
	929	* param language, user language, default language
[879]	930	* PhpWebGallery default language.
	931	*
	932	* @param string filename
[1699]	933	* @param string dirname
[1904]	934	* @param string language
[879]	935	* @return string filepath
	936	*/
[1904]	937	function get_language_filepath($filename, $dirname = '', $language = '')
[879]	938	{
	939	global $user, $conf;
[1068]	940
[1699]	941	if (empty($dirname))
	942	{
	943	$dirname = PHPWG_ROOT_PATH;
	944	}
	945	$dirname .= 'language'.'/';
	946
[1926]	947	$dir_methods = array();
	948
	949	if (!empty($language))
[1567]	950	{
[1926]	951	$dir_methods[] = 1;
[1904]	952	}
	953
[1926]	954	$dir_methods[] = 2;
	955	$dir_methods[] = 3;
	956	$dir_methods[] = 4;
	957
	958	foreach ($dir_methods as $dir_method)
[1904]	959	{
[1926]	960	switch ($dir_method)
	961	{
	962	case '1':
	963	{
	964	$directory = $dirname.$language;
	965	break;
	966	}
	967	case '2':
	968	{
	969	$directory = $dirname.$user['language'];
	970	break;
	971	}
	972	case '3':
	973	{
	974	$directory = $dirname.get_default_language();
	975	break;
	976	}
	977	case '4':
	978	default:
	979	{
	980	$directory = $dirname.PHPWG_DEFAULT_LANGUAGE;
	981	break;
	982	}
	983	{
	984	$directory = '.';
	985	}
	986	}
[879]	987
	988	$filepath = $directory.'/'.$filename;
[1068]	989
[879]	990	if (file_exists($filepath))
	991	{
	992	return $filepath;
	993	}
	994	}
[1068]	995
[879]	996	return false;
	997	}
[1068]	998
[1622]	999	/**
	1000	* returns the auto login key or false on error
	1001	* @param int user_id
[1744]	1002	* @param string [out] username
[1622]	1003	*/
[1744]	1004	function calculate_auto_login_key($user_id, &$username)
[1622]	1005	{
	1006	global $conf;
	1007	$query = '
	1008	SELECT '.$conf['user_fields']['username'].' AS username
	1009	, '.$conf['user_fields']['password'].' AS password
	1010	FROM '.USERS_TABLE.'
	1011	WHERE '.$conf['user_fields']['id'].' = '.$user_id;
	1012	$result = pwg_query($query);
	1013	if (mysql_num_rows($result) > 0)
	1014	{
	1015	$row = mysql_fetch_assoc($result);
[1744]	1016	$username = $row['username'];
	1017	$data = $row['username'].$row['password'];
	1018	$key = base64_encode(
	1019	pack('H*', sha1($data))
	1020	.hash_hmac('md5', $data, $conf['secret_key'],true)
	1021	);
[1622]	1022	return $key;
	1023	}
	1024	return false;
	1025	}
	1026
[1068]	1027	/*
	1028	* Performs all required actions for user login
	1029	* @param int user_id
	1030	* @param bool remember_me
	1031	* @return void
	1032	*/
	1033	function log_user($user_id, $remember_me)
	1034	{
[1511]	1035	global $conf, $user;
[1493]	1036
[1641]	1037	if ($remember_me and $conf['authorize_remembering'])
[1068]	1038	{
[1744]	1039	$key = calculate_auto_login_key($user_id, $username);
[1622]	1040	if ($key!==false)
[1493]	1041	{
[1622]	1042	$cookie = array('id' => (int)$user_id, 'key' => $key);
	1043	setcookie($conf['remember_me_name'],
	1044	serialize($cookie),
	1045	time()+$conf['remember_me_length'],
	1046	cookie_path()
[1493]	1047	);
[1622]	1048	}
[1068]	1049	}
[1568]	1050	else
	1051	{ // make sure we clean any remember me ...
	1052	setcookie($conf['remember_me_name'], '', 0, cookie_path());
	1053	}
	1054	if ( session_id()!="" )
[1622]	1055	{ // we regenerate the session for security reasons
	1056	// see http://www.acros.si/papers/session_fixation.pdf
[1568]	1057	session_regenerate_id();
	1058	}
	1059	else
	1060	{
	1061	session_start();
	1062	}
[1622]	1063	$_SESSION['pwg_uid'] = (int)$user_id;
[1511]	1064
	1065	$user['id'] = $_SESSION['pwg_uid'];
[1068]	1066	}
	1067
[1070]	1068	/*
[1511]	1069	* Performs auto-connexion when cookie remember_me exists
[1568]	1070	* @return true/false
[1511]	1071	*/
[1567]	1072	function auto_login() {
[1511]	1073	global $conf;
	1074
[1568]	1075	if ( isset( $_COOKIE[$conf['remember_me_name']] ) )
	1076	{
	1077	$cookie = unserialize(stripslashes($_COOKIE[$conf['remember_me_name']]));
[1744]	1078	if ($cookie!==false and is_numeric(@$cookie['id']) )
[1568]	1079	{
[1744]	1080	$key = calculate_auto_login_key( $cookie['id'], $username );
[1622]	1081	if ($key!==false and $key===$cookie['key'])
	1082	{
	1083	log_user($cookie['id'], true);
[1744]	1084	trigger_action('login_success', $username);
[1622]	1085	return true;
	1086	}
[1568]	1087	}
[1622]	1088	setcookie($conf['remember_me_name'], '', 0, cookie_path());
[1511]	1089	}
[1568]	1090	return false;
[1511]	1091	}
	1092
[1744]	1093	/**
	1094	* Tries to login a user given username and password (must be MySql escaped)
	1095	* return true on success
	1096	*/
	1097	function try_log_user($username, $password, $remember_me)
	1098	{
	1099	global $conf;
	1100	// retrieving the encrypted password of the login submitted
	1101	$query = '
	1102	SELECT '.$conf['user_fields']['id'].' AS id,
	1103	'.$conf['user_fields']['password'].' AS password
	1104	FROM '.USERS_TABLE.'
	1105	WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
	1106	;';
	1107	$row = mysql_fetch_assoc(pwg_query($query));
	1108	if ($row['password'] == $conf['pass_convert']($password))
	1109	{
	1110	log_user($row['id'], $remember_me);
	1111	trigger_action('login_success', $username);
	1112	return true;
	1113	}
	1114	trigger_action('login_failure', $username);
	1115	return false;
	1116	}
	1117
[1511]	1118	/*
[1085]	1119	* Return access_type definition of uuser
[1072]	1120	* Test does with user status
[1070]	1121	* @return bool
	1122	*/
[1850]	1123	function get_access_type_status($user_status='')
[1070]	1124	{
[1851]	1125	global $user, $conf;
[1072]	1126
[1854]	1127	if (empty($user_status))
[1075]	1128	{
[1854]	1129	if (isset($user['status']))
	1130	{
	1131	$user_status = $user['status'];
	1132	}
	1133	else
	1134	{
	1135	// swicth to default value
	1136	$user_status = '';
	1137	}
[1075]	1138	}
	1139
	1140	switch ($user_status)
[1072]	1141	{
[1075]	1142	case 'guest':
[1851]	1143	{
[1854]	1144	$access_type_status =
	1145	($conf['guest_access'] ? ACCESS_GUEST : ACCESS_NONE);
[1851]	1146	break;
	1147	}
[1075]	1148	case 'generic':
[1072]	1149	{
[1075]	1150	$access_type_status = ACCESS_GUEST;
	1151	break;
[1072]	1152	}
[1075]	1153	case 'normal':
	1154	{
	1155	$access_type_status = ACCESS_CLASSIC;
	1156	break;
	1157	}
	1158	case 'admin':
	1159	{
	1160	$access_type_status = ACCESS_ADMINISTRATOR;
	1161	break;
	1162	}
	1163	case 'webmaster':
	1164	{
	1165	$access_type_status = ACCESS_WEBMASTER;
	1166	break;
	1167	}
[2220]	1168	default:
[1854]	1169	{
	1170	$access_type_status = ACCESS_NONE;
[2220]	1171	break;
[1854]	1172	}
[1072]	1173	}
	1174
[1085]	1175	return $access_type_status;
[1070]	1176	}
	1177
[1072]	1178	/*
[1085]	1179	* Return if user have access to access_type definition
	1180	* Test does with user status
	1181	* @return bool
	1182	*/
[1851]	1183	function is_autorize_status($access_type, $user_status = '')
[1085]	1184	{
[1851]	1185	return (get_access_type_status($user_status) >= $access_type);
[1085]	1186	}
	1187
	1188	/*
	1189	* Check if user have access to access_type definition
[1072]	1190	* Stop action if there are not access
	1191	* Test does with user status
	1192	* @return none
	1193	*/
[1851]	1194	function check_status($access_type, $user_status = '')
[1072]	1195	{
[1851]	1196	if (!is_autorize_status($access_type, $user_status))
[1072]	1197	{
[1113]	1198	access_denied();
[1072]	1199	}
	1200	}
	1201
	1202	/*
[1085]	1203	* Return if user is an administrator
[1072]	1204	* @return bool
	1205	*/
[1851]	1206	function is_admin($user_status = '')
[1072]	1207	{
[1851]	1208	return is_autorize_status(ACCESS_ADMINISTRATOR, $user_status);
[1072]	1209	}
	1210
[1085]	1211	/*
	1212	* Return if current user is an adviser
	1213	* @return bool
	1214	*/
	1215	function is_adviser()
	1216	{
	1217	global $user;
	1218
	1219	return ($user['adviser'] == 'true');
	1220	}
[1458]	1221
	1222	/*
	1223	* Return mail address as display text
	1224	* @return string
	1225	*/
	1226	function get_email_address_as_display_text($email_address)
	1227	{
	1228	global $conf;
	1229
[1462]	1230	if (!isset($email_address) or (trim($email_address) == ''))
[1458]	1231	{
[1462]	1232	return '';
[1458]	1233	}
	1234	else
	1235	{
[1462]	1236	if (is_adviser())
	1237	{
	1238	return 'adviser.mode@'.$_SERVER['SERVER_NAME'];
	1239	}
	1240	else
	1241	{
	1242	return $email_address;
	1243	}
[1458]	1244	}
	1245	}
	1246
[1677]	1247	/*
[1817]	1248	* Compute sql where condition with restrict and filter data. "FandF" means
	1249	* Forbidden and Filters.
[1677]	1250	*
[1817]	1251	* @param array condition_fields: read function body
	1252	* @param string prefix_condition: prefixes sql if condition is not empty
	1253	* @param boolean force_one_condition: use at least "1 = 1"
[1677]	1254	*
	1255	* @return string sql where/conditions
	1256	*/
[1817]	1257	function get_sql_condition_FandF(
	1258	$condition_fields,
	1259	$prefix_condition = null,
	1260	$force_one_condition = false
	1261	)
[1677]	1262	{
	1263	global $user, $filter;
	1264
	1265	$sql_list = array();
	1266
	1267	foreach ($condition_fields as $condition => $field_name)
	1268	{
	1269	switch($condition)
	1270	{
	1271	case 'forbidden_categories':
[1817]	1272	{
[1677]	1273	if (!empty($user['forbidden_categories']))
	1274	{
[1817]	1275	$sql_list[] =
	1276	$field_name.' NOT IN ('.$user['forbidden_categories'].')';
[1677]	1277	}
	1278	break;
[1817]	1279	}
[1677]	1280	case 'visible_categories':
[1817]	1281	{
[1677]	1282	if (!empty($filter['visible_categories']))
	1283	{
[1817]	1284	$sql_list[] =
	1285	$field_name.' IN ('.$filter['visible_categories'].')';
[1677]	1286	}
	1287	break;
[1817]	1288	}
[1677]	1289	case 'visible_images':
[1817]	1290	{
[1677]	1291	if (!empty($filter['visible_images']))
	1292	{
[1817]	1293	$sql_list[] =
	1294	$field_name.' IN ('.$filter['visible_images'].')';
[1677]	1295	}
	1296	break;
[1817]	1297	}
[1677]	1298	default:
[1817]	1299	{
[1677]	1300	die('Unknow condition');
	1301	break;
[1817]	1302	}
[1677]	1303	}
	1304	}
	1305
	1306	if (count($sql_list) > 0)
	1307	{
	1308	$sql = '('.implode(' AND ', $sql_list).')';
	1309	}
	1310	else
	1311	{
	1312	if ($force_one_condition)
	1313	{
	1314	$sql = '1 = 1';
	1315	}
	1316	else
	1317	{
	1318	$sql = '';
	1319	}
	1320	}
	1321
	1322	if (isset($prefix_condition) and !empty($sql))
	1323	{
	1324	$sql = $prefix_condition.' '.$sql;
	1325	}
	1326
	1327	return $sql;
	1328	}
	1329
[1860]	1330	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: