Context Navigation

source: trunk/include/functions_user.inc.php @ 21801

Last change on this file since 21801 was 21801, checked in by rvelices, 11 years ago
db changes for feature 2836 display # of comments/tags in menubar and feature 2557 recent photos should never be empty
Property svn:eol-style set to `LF`
File size: 38.5 KB

Rev	Line
[2]	1	<?php
[362]	2	// +-----------------------------------------------------------------------+
[8728]	3	// \| Piwigo - a PHP based photo gallery \|
[2297]	4	// +-----------------------------------------------------------------------+
[19703]	5	// \| Copyright(C) 2008-2013 Piwigo Team http://piwigo.org \|
[2297]	6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
	7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
	8	// +-----------------------------------------------------------------------+
	9	// \| This program is free software; you can redistribute it and/or modify \|
	10	// \| it under the terms of the GNU General Public License as published by \|
	11	// \| the Free Software Foundation \|
	12	// \| \|
	13	// \| This program is distributed in the hope that it will be useful, but \|
	14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	16	// \| General Public License for more details. \|
	17	// \| \|
	18	// \| You should have received a copy of the GNU General Public License \|
	19	// \| along with this program; if not, write to the Free Software \|
	20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	21	// \| USA. \|
	22	// +-----------------------------------------------------------------------+
[2]	23
[2115]	24	// validate_mail_address:
	25	// o verifies whether the given mail address has the
	26	// right format. ie someone@domain.com "someone" can contain ".", "-" or
	27	// even "_". Exactly as "domain". The extension doesn't have to be
	28	// "com". The mail address can also be empty.
	29	// o check if address could be empty
	30	// o check if address is not used by a other user
[9]	31	// If the mail address doesn't correspond, an error message is returned.
[2127]	32	//
[2124]	33	function validate_mail_address($user_id, $mail_address)
[2]	34	{
[2115]	35	global $conf;
[2]	36
[2032]	37	if (empty($mail_address) and
[2127]	38	!($conf['obligatory_user_mail_address'] and
[2124]	39	in_array(script_basename(), array('register', 'profile'))))
[2]	40	{
[9]	41	return '';
[2]	42	}
[2115]	43
[18164]	44	if ( !email_check_format($mail_address) )
[9]	45	{
[5021]	46	return l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)');
[9]	47	}
[2127]	48
[2115]	49	if (defined("PHPWG_INSTALLED") and !empty($mail_address))
	50	{
	51	$query = '
[18164]	52	SELECT count(*)
	53	FROM '.USERS_TABLE.'
	54	WHERE upper('.$conf['user_fields']['email'].') = upper(\''.$mail_address.'\')
	55	'.(is_numeric($user_id) ? 'AND '.$conf['user_fields']['id'].' != \''.$user_id.'\'' : '').'
[2115]	56	;';
[4325]	57	list($count) = pwg_db_fetch_row(pwg_query($query));
[2115]	58	if ($count != 0)
	59	{
[8635]	60	return l10n('this email address is already in use');
[2115]	61	}
	62	}
[2]	63	}
	64
[4429]	65	// validate_login_case:
	66	// o check if login is not used by a other user
	67	// If the login doesn't correspond, an error message is returned.
	68	//
	69	function validate_login_case($login)
	70	{
	71	global $conf;
[13074]	72
[4429]	73	if (defined("PHPWG_INSTALLED"))
	74	{
	75	$query = "
	76	SELECT ".$conf['user_fields']['username']."
	77	FROM ".USERS_TABLE."
	78	WHERE LOWER(".stripslashes($conf['user_fields']['username']).") = '".strtolower($login)."'
	79	;";
	80
	81	$count = pwg_db_num_rows(pwg_query($query));
	82
	83	if ($count > 0)
	84	{
[5021]	85	return l10n('this login is already used');
[4429]	86	}
	87	}
	88	}
[10860]	89	/**
	90	* For test on username case sensitivity
	91	*
	92	* @param : $username typed in by user for identification
	93	*
	94	* @return : $username found in database
	95	*
	96	*/
	97	function search_case_username($username)
	98	{
	99	global $conf;
[4429]	100
[10860]	101	$username_lo = strtolower($username);
	102
	103	$SCU_users = array();
[13074]	104
[10860]	105	$q = pwg_query("
	106	SELECT ".$conf['user_fields']['username']." AS username
	107	FROM `".USERS_TABLE."`;
	108	");
	109	while ($r = pwg_db_fetch_assoc($q))
	110	$SCU_users[$r['username']] = strtolower($r['username']);
	111	// $SCU_users is now an associative table where the key is the account as
	112	// registered in the DB, and the value is this same account, in lower case
[13074]	113
[10860]	114	$users_found = array_keys($SCU_users, $username_lo);
	115	// $users_found is now a table of which the values are all the accounts
	116	// which can be written in lowercase the same way as $username
	117	if (count($users_found) != 1) // If ambiguous, don't allow lowercase writing
	118	return $username; // but normal writing will work
	119	else
	120	return $users_found[0];
	121	}
[2178]	122	function register_user($login, $password, $mail_address,
	123	$with_notification = true, $errors = array())
[2]	124	{
[2115]	125	global $conf;
[2]	126
[661]	127	if ($login == '')
	128	{
[13074]	129	$errors[] = l10n('Please, enter a login');
[661]	130	}
[3747]	131	if (preg_match('/^.* $/', $login))
[661]	132	{
[13074]	133	$errors[] = l10n('login mustn\'t end with a space character');
[661]	134	}
[3747]	135	if (preg_match('/^ .*$/', $login))
[661]	136	{
[13074]	137	$errors[] = l10n('login mustn\'t start with a space character');
[661]	138	}
[808]	139	if (get_userid($login))
[804]	140	{
[13074]	141	$errors[] = l10n('this login is already used');
[2]	142	}
[9923]	143	if ($login != strip_tags($login))
	144	{
[13074]	145	$errors[] = l10n('html tags are not allowed in login');
[9923]	146	}
[2124]	147	$mail_error = validate_mail_address(null, $mail_address);
[808]	148	if ('' != $mail_error)
[661]	149	{
[13074]	150	$errors[] = $mail_error;
[661]	151	}
[2]	152
[5060]	153	if ($conf['insensitive_case_logon'] == true)
[4429]	154	{
	155	$login_error = validate_login_case($login);
	156	if ($login_error != '')
	157	{
[13074]	158	$errors[] = $login_error;
[4429]	159	}
	160	}
	161
[2237]	162	$errors = trigger_event('register_user_check',
	163	$errors,
	164	array(
[2268]	165	'username'=>$login,
[2237]	166	'password'=>$password,
	167	'email'=>$mail_address,
	168	)
	169	);
	170
[9]	171	// if no error until here, registration of the user
[661]	172	if (count($errors) == 0)
[2]	173	{
[906]	174	// what will be the inserted id ?
	175	$query = '
	176	SELECT MAX('.$conf['user_fields']['id'].') + 1
	177	FROM '.USERS_TABLE.'
	178	;';
[4325]	179	list($next_id) = pwg_db_fetch_row(pwg_query($query));
[1068]	180
[808]	181	$insert =
	182	array(
[906]	183	$conf['user_fields']['id'] => $next_id,
[4325]	184	$conf['user_fields']['username'] => pwg_db_real_escape_string($login),
[18889]	185	$conf['user_fields']['password'] => $conf['password_hash']($password),
[808]	186	$conf['user_fields']['email'] => $mail_address
	187	);
[661]	188
[808]	189	mass_inserts(USERS_TABLE, array_keys($insert), array($insert));
[1068]	190
[2178]	191	// Assign by default groups
	192	{
	193	$query = '
[1583]	194	SELECT id
	195	FROM '.GROUPS_TABLE.'
	196	WHERE is_default = \''.boolean_to_string(true).'\'
	197	ORDER BY id ASC
	198	;';
[2178]	199	$result = pwg_query($query);
[1581]	200
[2178]	201	$inserts = array();
[4325]	202	while ($row = pwg_db_fetch_assoc($result))
[2178]	203	{
[13074]	204	$inserts[] = array(
[2178]	205	'user_id' => $next_id,
	206	'group_id' => $row['id']
[13074]	207	);
[2178]	208	}
[1583]	209	}
[1581]	210
[1583]	211	if (count($inserts) != 0)
	212	{
	213	mass_inserts(USER_GROUP_TABLE, array('user_id', 'group_id'), $inserts);
[1581]	214	}
	215
[2425]	216	$override = null;
	217	if ($with_notification and $conf['browser_language'])
	218	{
	219	if ( !get_browser_language($override['language']) )
	220	$override=null;
	221	}
	222	create_user_infos($next_id, $override);
[1605]	223
[2178]	224	if ($with_notification and $conf['email_admin_on_new_user'])
	225	{
	226	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
	227	$admin_url = get_absolute_root_url()
[2268]	228	.'admin.php?page=user_list&username='.$login;
[2178]	229
	230	$keyargs_content = array
	231	(
[4304]	232	get_l10n_args('User: %s', stripslashes($login)),
[2178]	233	get_l10n_args('Email: %s', $_POST['mail_address']),
	234	get_l10n_args('', ''),
	235	get_l10n_args('Admin: %s', $admin_url)
	236	);
	237
	238	pwg_mail_notification_admins
	239	(
[4304]	240	get_l10n_args('Registration of %s', stripslashes($login)),
[2178]	241	$keyargs_content
	242	);
	243	}
	244
[1605]	245	trigger_action('register_user',
	246	array(
	247	'id'=>$next_id,
	248	'username'=>$login,
	249	'email'=>$mail_address,
	250	)
	251	);
[2]	252	}
[906]	253
[661]	254	return $errors;
[2]	255	}
	256
[1677]	257	function build_user( $user_id, $use_cache )
[1568]	258	{
	259	global $conf;
[2038]	260
[1568]	261	$user['id'] = $user_id;
[1677]	262	$user = array_merge( $user, getuserdata($user_id, $use_cache) );
[1926]	263
[2055]	264	if ($user['id'] == $conf['guest_id'] and $user['status'] <> 'guest')
	265	{
	266	$user['status'] = 'guest';
	267	$user['internal_status']['guest_must_be_guest'] = true;
	268	}
	269
[5123]	270	// Check user theme
[5264]	271	if (!isset($user['theme_name']))
[5123]	272	{
[5264]	273	$user['theme'] = get_default_theme();
[5123]	274	}
[2039]	275
[1568]	276	return $user;
	277	}
	278
[808]	279	/**
	280	* find informations related to the user identifier
	281	*
	282	* @param int user identifier
	283	* @param boolean use_cache
	284	* @param array
	285	*/
[1677]	286	function getuserdata($user_id, $use_cache)
[393]	287	{
[808]	288	global $conf;
	289
[6315]	290	// retrieve basic user data
[808]	291	$query = '
	292	SELECT ';
	293	$is_first = true;
	294	foreach ($conf['user_fields'] as $pwgfield => $dbfield)
	295	{
	296	if ($is_first)
	297	{
	298	$is_first = false;
	299	}
	300	else
	301	{
	302	$query.= '
	303	, ';
	304	}
	305	$query.= $dbfield.' AS '.$pwgfield;
	306	}
	307	$query.= '
	308	FROM '.USERS_TABLE.'
[3622]	309	WHERE '.$conf['user_fields']['id'].' = \''.$user_id.'\'';
[1068]	310
[4325]	311	$row = pwg_db_fetch_assoc(pwg_query($query));
[808]	312
[6510]	313	// retrieve additional user data ?
	314	if ($conf['external_authentification'])
	315	{
	316	$query = '
	317	SELECT
[11356]	318	COUNT(1) AS counter
[6510]	319	FROM '.USER_INFOS_TABLE.' AS ui
	320	LEFT JOIN '.USER_CACHE_TABLE.' AS uc ON ui.user_id = uc.user_id
	321	LEFT JOIN '.THEMES_TABLE.' AS t ON t.id = ui.theme
	322	WHERE ui.user_id = '.$user_id.'
	323	GROUP BY ui.user_id
	324	;';
[11356]	325	list($counter) = pwg_db_fetch_row(pwg_query($query));
	326	if ($counter != 1)
[6510]	327	{
	328	create_user_infos($user_id);
	329	}
[808]	330	}
[1068]	331
[11356]	332	// retrieve user info
	333	$query = '
	334	SELECT
	335	ui.*,
	336	uc.*,
	337	t.name AS theme_name
	338	FROM '.USER_INFOS_TABLE.' AS ui
	339	LEFT JOIN '.USER_CACHE_TABLE.' AS uc ON ui.user_id = uc.user_id
	340	LEFT JOIN '.THEMES_TABLE.' AS t ON t.id = ui.theme
	341	WHERE ui.user_id = '.$user_id.'
	342	;';
	343
	344	$result = pwg_query($query);
	345	$user_infos_row = pwg_db_fetch_assoc($result);
	346
[6315]	347	// then merge basic + additional user data
[18629]	348	$userdata = array_merge($row, $user_infos_row);
[1068]	349
[18629]	350	foreach ($userdata as &$value)
[808]	351	{
[18629]	352	// If the field is true or false, the variable is transformed into a boolean value.
	353	if ($value == 'true')
[808]	354	{
[18629]	355	$value = true;
[808]	356	}
[18629]	357	elseif ($value == 'false')
[808]	358	{
[18629]	359	$value = false;
[808]	360	}
	361	}
[18629]	362	unset($value);
[808]	363
	364	if ($use_cache)
	365	{
	366	if (!isset($userdata['need_update'])
	367	or !is_bool($userdata['need_update'])
[1677]	368	or $userdata['need_update'] == true)
[808]	369	{
[2448]	370	$userdata['cache_update_time'] = time();
	371
	372	// Set need update are done
	373	$userdata['need_update'] = false;
	374
[808]	375	$userdata['forbidden_categories'] =
	376	calculate_permissions($userdata['id'], $userdata['status']);
	377
[2084]	378	/* now we build the list of forbidden images (this list does not contain
	379	images that are not in at least an authorized category)*/
	380	$query = '
	381	SELECT DISTINCT(id)
	382	FROM '.IMAGES_TABLE.' INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id=image_id
	383	WHERE category_id NOT IN ('.$userdata['forbidden_categories'].')
	384	AND level>'.$userdata['level'];
	385	$forbidden_ids = array_from_query($query, 'id');
	386
	387	if ( empty($forbidden_ids) )
	388	{
[13074]	389	$forbidden_ids[] = 0;
[2084]	390	}
	391	$userdata['image_access_type'] = 'NOT IN'; //TODO maybe later
	392	$userdata['image_access_list'] = implode(',',$forbidden_ids);
	393
[1624]	394
[1081]	395	$query = '
	396	SELECT COUNT(DISTINCT(image_id)) as total
	397	FROM '.IMAGE_CATEGORY_TABLE.'
	398	WHERE category_id NOT IN ('.$userdata['forbidden_categories'].')
[3622]	399	AND image_id '.$userdata['image_access_type'].' ('.$userdata['image_access_list'].')';
[4325]	400	list($userdata['nb_total_images']) = pwg_db_fetch_row(pwg_query($query));
[1081]	401
[3622]	402
	403	// now we update user cache categories
	404	$user_cache_cats = get_computed_categories($userdata, null);
	405	if ( !is_admin($userdata['status']) )
	406	{ // for non admins we forbid categories with no image (feature 1053)
	407	$forbidden_ids = array();
[3640]	408	foreach ($user_cache_cats as $cat)
[3622]	409	{
	410	if ($cat['count_images']==0)
	411	{
[13074]	412	$forbidden_ids[] = $cat['cat_id'];
[3640]	413	unset( $user_cache_cats[$cat['cat_id']] );
[3622]	414	}
	415	}
	416	if ( !empty($forbidden_ids) )
	417	{
	418	if ( empty($userdata['forbidden_categories']) )
	419	{
	420	$userdata['forbidden_categories'] = implode(',', $forbidden_ids);
	421	}
	422	else
	423	{
	424	$userdata['forbidden_categories'] .= ','.implode(',', $forbidden_ids);
	425	}
	426	}
	427	}
	428
	429	// delete user cache
	430	$query = '
	431	DELETE FROM '.USER_CACHE_CATEGORIES_TABLE.'
	432	WHERE user_id = '.$userdata['id'];
	433	pwg_query($query);
	434
[12748]	435	// Due to concurrency issues, we ask MySQL to ignore errors on
	436	// insert. This may happen when cache needs refresh and that Piwigo is
	437	// called "very simultaneously".
[3622]	438	mass_inserts
	439	(
	440	USER_CACHE_CATEGORIES_TABLE,
	441	array
	442	(
	443	'user_id', 'cat_id',
	444	'date_last', 'max_date_last', 'nb_images', 'count_images', 'count_categories'
	445	),
[12748]	446	$user_cache_cats,
	447	array('ignore' => true)
[3622]	448	);
	449
	450
[808]	451	// update user cache
	452	$query = '
	453	DELETE FROM '.USER_CACHE_TABLE.'
[3622]	454	WHERE user_id = '.$userdata['id'];
[808]	455	pwg_query($query);
[1068]	456
[12748]	457	// for the same reason as user_cache_categories, we ignore error on
	458	// this insert
[808]	459	$query = '
[12748]	460	INSERT IGNORE INTO '.USER_CACHE_TABLE.'
[2448]	461	(user_id, need_update, cache_update_time, forbidden_categories, nb_total_images,
[21801]	462	last_photo_date,
[2084]	463	image_access_type, image_access_list)
[808]	464	VALUES
[2448]	465	('.$userdata['id'].',\''.boolean_to_string($userdata['need_update']).'\','
	466	.$userdata['cache_update_time'].',\''
[21801]	467	.$userdata['forbidden_categories'].'\','.$userdata['nb_total_images'].','.
	468	(empty($userdata['last_photo_date']) ? 'NULL': '\''.$userdata['last_photo_date'].'\'').
	469	',\''.$userdata['image_access_type'].'\',\''.$userdata['image_access_list'].'\')';
[808]	470	pwg_query($query);
	471	}
	472	}
	473
	474	return $userdata;
[393]	475	}
[647]	476
	477	/*
	478	* deletes favorites of the current user if he's not allowed to see them
	479	*
	480	* @return void
	481	*/
	482	function check_user_favorites()
	483	{
	484	global $user;
	485
	486	if ($user['forbidden_categories'] == '')
	487	{
	488	return;
	489	}
[832]	490
[1677]	491	// $filter['visible_categories'] and $filter['visible_images']
	492	// must be not used because filter <> restriction
[832]	493	// retrieving images allowed : belonging to at least one authorized
	494	// category
[647]	495	$query = '
[832]	496	SELECT DISTINCT f.image_id
[647]	497	FROM '.FAVORITES_TABLE.' AS f INNER JOIN '.IMAGE_CATEGORY_TABLE.' AS ic
	498	ON f.image_id = ic.image_id
	499	WHERE f.user_id = '.$user['id'].'
[1677]	500	'.get_sql_condition_FandF
	501	(
	502	array
	503	(
	504	'forbidden_categories' => 'ic.category_id',
	505	),
	506	'AND'
	507	).'
[647]	508	;';
[13074]	509	$authorizeds = array_from_query($query, 'image_id');
[647]	510
[832]	511	$query = '
	512	SELECT image_id
	513	FROM '.FAVORITES_TABLE.'
	514	WHERE user_id = '.$user['id'].'
	515	;';
[13074]	516	$favorites = array_from_query($query, 'image_id');
[832]	517
	518	$to_deletes = array_diff($favorites, $authorizeds);
	519	if (count($to_deletes) > 0)
	520	{
[647]	521	$query = '
	522	DELETE FROM '.FAVORITES_TABLE.'
[832]	523	WHERE image_id IN ('.implode(',', $to_deletes).')
[647]	524	AND user_id = '.$user['id'].'
	525	;';
	526	pwg_query($query);
	527	}
	528	}
[648]	529
	530	/**
[808]	531	* calculates the list of forbidden categories for a given user
[648]	532	*
[808]	533	* Calculation is based on private categories minus categories authorized to
	534	* the groups the user belongs to minus the categories directly authorized
	535	* to the user. The list contains at least -1 to be compliant with queries
	536	* such as "WHERE category_id NOT IN ($forbidden_categories)"
[648]	537	*
	538	* @param int user_id
[680]	539	* @param string user_status
[648]	540	* @return string forbidden_categories
	541	*/
[680]	542	function calculate_permissions($user_id, $user_status)
[648]	543	{
	544	$query = '
	545	SELECT id
	546	FROM '.CATEGORIES_TABLE.'
	547	WHERE status = \'private\'
	548	;';
[13074]	549	$private_array = array_from_query($query, 'id');
[680]	550
[648]	551	// retrieve category ids directly authorized to the user
	552	$query = '
	553	SELECT cat_id
	554	FROM '.USER_ACCESS_TABLE.'
	555	WHERE user_id = '.$user_id.'
	556	;';
[808]	557	$authorized_array = array_from_query($query, 'cat_id');
[648]	558
	559	// retrieve category ids authorized to the groups the user belongs to
	560	$query = '
	561	SELECT cat_id
	562	FROM '.USER_GROUP_TABLE.' AS ug INNER JOIN '.GROUP_ACCESS_TABLE.' AS ga
	563	ON ug.group_id = ga.group_id
	564	WHERE ug.user_id = '.$user_id.'
	565	;';
[808]	566	$authorized_array =
	567	array_merge(
	568	$authorized_array,
	569	array_from_query($query, 'cat_id')
	570	);
[648]	571
	572	// uniquify ids : some private categories might be authorized for the
	573	// groups and for the user
	574	$authorized_array = array_unique($authorized_array);
	575
	576	// only unauthorized private categories are forbidden
	577	$forbidden_array = array_diff($private_array, $authorized_array);
	578
[1117]	579	// if user is not an admin, locked categories are forbidden
[1851]	580	if (!is_admin($user_status))
[1117]	581	{
	582	$query = '
	583	SELECT id
	584	FROM '.CATEGORIES_TABLE.'
	585	WHERE visible = \'false\'
	586	;';
	587	$result = pwg_query($query);
[4325]	588	while ($row = pwg_db_fetch_assoc($result))
[1117]	589	{
[13074]	590	$forbidden_array[] = $row['id'];
[1117]	591	}
	592	$forbidden_array = array_unique($forbidden_array);
	593	}
[1068]	594
[1117]	595	if ( empty($forbidden_array) )
[1331]	596	{// at least, the list contains 0 value. This category does not exists so
	597	// where clauses such as "WHERE category_id NOT IN(0)" will always be
[1117]	598	// true.
[13074]	599	$forbidden_array[] = 0;
[1117]	600	}
	601
[808]	602	return implode(',', $forbidden_array);
[648]	603	}
[708]	604
	605	/**
[1677]	606	* compute data of categories branches (one branch only)
[1624]	607	*/
[1640]	608	function compute_branch_cat_data(&$cats, &$list_cat_id, &$level, &$ref_level)
[1624]	609	{
[1640]	610	$date = '';
	611	$count_images = 0;
	612	$count_categories = 0;
	613	do
[1624]	614	{
[1640]	615	$cat_id = array_pop($list_cat_id);
	616	if (!is_null($cat_id))
[1624]	617	{
[1640]	618	// Count images and categories
	619	$cats[$cat_id]['count_images'] += $count_images;
	620	$cats[$cat_id]['count_categories'] += $count_categories;
	621	$count_images = $cats[$cat_id]['count_images'];
	622	$count_categories = $cats[$cat_id]['count_categories'] + 1;
	623
	624	if ((empty($cats[$cat_id]['max_date_last'])) or ($cats[$cat_id]['max_date_last'] < $date))
[1624]	625	{
[1640]	626	$cats[$cat_id]['max_date_last'] = $date;
[1624]	627	}
	628	else
	629	{
[1640]	630	$date = $cats[$cat_id]['max_date_last'];
[1624]	631	}
[1640]	632	$ref_level = substr_count($cats[$cat_id]['global_rank'], '.') + 1;
	633	}
	634	else
[1624]	635	{
[1640]	636	$ref_level = 0;
[1624]	637	}
[1640]	638	} while ($level <= $ref_level);
	639
	640	// Last cat updating must be added to list for next branch
	641	if ($ref_level <> 0)
	642	{
[18629]	643	$list_cat_id[] = $cat_id;
[1624]	644	}
[1640]	645	}
[1624]	646
[1640]	647	/**
[1677]	648	* compute data of categories branches
[1640]	649	*/
[1677]	650	function compute_categories_data(&$cats)
[1640]	651	{
[1677]	652	$ref_level = 0;
	653	$level = 0;
	654	$list_cat_id = array();
[1624]	655
[1677]	656	foreach ($cats as $id => $category)
[1624]	657	{
[1677]	658	// Compute
	659	$level = substr_count($category['global_rank'], '.') + 1;
	660	if ($level > $ref_level)
	661	{
[18629]	662	$list_cat_id[] = $id;
[1677]	663	}
	664	else
	665	{
	666	compute_branch_cat_data($cats, $list_cat_id, $level, $ref_level);
[18629]	667	$list_cat_id[] = $id;
[1677]	668	}
	669	$ref_level = $level;
[1624]	670	}
[1651]	671
[1677]	672	$level = 1;
	673	compute_branch_cat_data($cats, $list_cat_id, $level, $ref_level);
	674	}
[1651]	675
[1677]	676	/**
	677	* get computed array of categories
	678	*
[1860]	679	* @param array userdata
	680	* @param int filter_days number of recent days to filter on or null
[1677]	681	* @return array
	682	*/
[21801]	683	function get_computed_categories(&$userdata, $filter_days=null)
[1677]	684	{
[6652]	685	$query = 'SELECT c.id AS cat_id, global_rank';
[2084]	686	// Count by date_available to avoid count null
	687	$query .= ',
[6652]	688	MAX(date_available) AS date_last, COUNT(date_available) AS nb_images
[2084]	689	FROM '.CATEGORIES_TABLE.' as c
	690	LEFT JOIN '.IMAGE_CATEGORY_TABLE.' AS ic ON ic.category_id = c.id
	691	LEFT JOIN '.IMAGES_TABLE.' AS i
	692	ON ic.image_id = i.id
	693	AND i.level<='.$userdata['level'];
	694
	695	if ( isset($filter_days) )
[1651]	696	{
[4367]	697	$query .= ' AND i.date_available > '.pwg_db_get_recent_period_expression($filter_days);
[1651]	698	}
	699
[1860]	700	if ( !empty($userdata['forbidden_categories']) )
[1651]	701	{
	702	$query.= '
[1860]	703	WHERE c.id NOT IN ('.$userdata['forbidden_categories'].')';
[1651]	704	}
	705
[2324]	706	$query.= '
[21801]	707	GROUP BY c.id';
[1624]	708
	709	$result = pwg_query($query);
	710
[21801]	711	$userdata['last_photo_date'] = null;
[1624]	712	$cats = array();
[4325]	713	while ($row = pwg_db_fetch_assoc($result))
[1624]	714	{
[1860]	715	$row['user_id'] = $userdata['id'];
[1641]	716	$row['count_categories'] = 0;
[2324]	717	$row['count_images'] = (int)$row['nb_images'];
	718	$row['max_date_last'] = $row['date_last'];
[21801]	719	if ($row['date_last'] > $userdata['last_photo_date'])
	720	{
	721	$userdata['last_photo_date'] = $row['date_last'];
	722	}
[1860]	723
[1624]	724	$cats += array($row['cat_id'] => $row);
	725	}
[3642]	726	uasort($cats, 'global_rank_compare');
[1624]	727
[1677]	728	compute_categories_data($cats);
[1624]	729
[1860]	730	if ( isset($filter_days) )
[1624]	731	{
[1651]	732	$cat_tmp = $cats;
	733	$cats = array();
[1860]	734
[1677]	735	foreach ($cat_tmp as $category)
[1651]	736	{
[1677]	737	if (!empty($category['max_date_last']))
[1651]	738	{
[1677]	739	// Re-init counters
	740	$category['count_categories'] = 0;
[2324]	741	$category['count_images'] = (int)$category['nb_images'];
[1677]	742	// Keep category
	743	$cats[$category['cat_id']] = $category;
[1651]	744	}
	745	}
[1677]	746	// Compute a second time
	747	compute_categories_data($cats);
[1651]	748	}
[1677]	749	return $cats;
	750	}
	751
	752	/**
[808]	753	* returns user identifier thanks to his name, false if not found
	754	*
	755	* @param string username
	756	* @param int user identifier
	757	*/
	758	function get_userid($username)
	759	{
	760	global $conf;
	761
[4325]	762	$username = pwg_db_real_escape_string($username);
[808]	763
	764	$query = '
	765	SELECT '.$conf['user_fields']['id'].'
	766	FROM '.USERS_TABLE.'
	767	WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
	768	;';
	769	$result = pwg_query($query);
	770
[4325]	771	if (pwg_db_num_rows($result) == 0)
[808]	772	{
	773	return false;
	774	}
	775	else
	776	{
[4325]	777	list($user_id) = pwg_db_fetch_row($result);
[808]	778	return $user_id;
	779	}
	780	}
	781
[11992]	782	function get_userid_by_email($email)
	783	{
	784	global $conf;
	785
	786	$email = pwg_db_real_escape_string($email);
[13074]	787
[11992]	788	$query = '
	789	SELECT
	790	'.$conf['user_fields']['id'].'
	791	FROM '.USERS_TABLE.'
	792	WHERE UPPER('.$conf['user_fields']['email'].') = UPPER(\''.$email.'\')
	793	;';
	794	$result = pwg_query($query);
	795
	796	if (pwg_db_num_rows($result) == 0)
	797	{
	798	return false;
	799	}
	800	else
	801	{
	802	list($user_id) = pwg_db_fetch_row($result);
	803	return $user_id;
	804	}
	805	}
	806
[1926]	807	/*
	808	* Returns a array with default user value
[808]	809	*
[1926]	810	* @param convert_str allows to convert string value if necessary
[808]	811	*/
[1926]	812	function get_default_user_info($convert_str = true)
[808]	813	{
[3126]	814	global $cache, $conf;
[2084]	815
[3126]	816	if (!isset($cache['default_user']))
[1926]	817	{
[20545]	818	$query = '
	819	SELECT *
	820	FROM '.USER_INFOS_TABLE.'
	821	WHERE user_id = '.$conf['default_user_id'].'
	822	;';
[1068]	823
[1926]	824	$result = pwg_query($query);
[2084]	825
[20545]	826	if (pwg_db_num_rows($result) > 0)
[1930]	827	{
[20545]	828	$cache['default_user'] = pwg_db_fetch_assoc($result);
	829
[3126]	830	unset($cache['default_user']['user_id']);
	831	unset($cache['default_user']['status']);
	832	unset($cache['default_user']['registration_date']);
[1930]	833	}
[20545]	834	else
	835	{
	836	$cache['default_user'] = false;
	837	}
[1926]	838	}
[808]	839
[3126]	840	if (is_array($cache['default_user']) and $convert_str)
[1284]	841	{
[18629]	842	$default_user = $cache['default_user'];
	843	foreach ($default_user as &$value)
[1926]	844	{
[18629]	845	// If the field is true or false, the variable is transformed into a boolean value.
	846	if ($value == 'true')
[1926]	847	{
[18629]	848	$value = true;
[1926]	849	}
[18629]	850	elseif ($value == 'false')
[1926]	851	{
[18629]	852	$value = false;
[1926]	853	}
	854	}
	855	return $default_user;
[1284]	856	}
[1926]	857	else
[1284]	858	{
[3126]	859	return $cache['default_user'];
[1284]	860	}
[1926]	861	}
	862
	863	/*
	864	* Returns a default user value
	865	*
	866	* @param value_name: name of value
	867	* @param sos_value: value used if don't exist value
	868	*/
	869	function get_default_user_value($value_name, $sos_value)
	870	{
	871	$default_user = get_default_user_info(true);
[5271]	872	if ($default_user === false or empty($default_user[$value_name]))
[1926]	873	{
	874	return $sos_value;
	875	}
[1284]	876	else
	877	{
[1926]	878	return $default_user[$value_name];
[1284]	879	}
[1926]	880	}
[1567]	881
[1926]	882	/*
	883	* Returns the default template value
	884	*
	885	*/
[5123]	886	function get_default_theme()
[1926]	887	{
[5982]	888	$theme = get_default_user_value('theme', PHPWG_DEFAULT_TEMPLATE);
	889	if (check_theme_installed($theme))
	890	{
	891	return $theme;
	892	}
[13074]	893
[5982]	894	// let's find the first available theme
	895	$active_themes = get_pwg_themes();
	896	foreach (array_keys(get_pwg_themes()) as $theme_id)
	897	{
[12670]	898	return $theme_id;
[5982]	899	}
[1926]	900	}
[808]	901
[1926]	902	/*
	903	* Returns the default language value
	904	*
	905	*/
	906	function get_default_language()
	907	{
[2425]	908	return get_default_user_value('language', PHPWG_DEFAULT_LANGUAGE);
[808]	909	}
[817]	910
	911	/**
[2425]	912	* Returns true if the browser language value is set into param $lang
[2411]	913	*
	914	*/
[2425]	915	function get_browser_language(&$lang)
[2411]	916	{
[2572]	917	$browser_language = substr(@$_SERVER["HTTP_ACCEPT_LANGUAGE"], 0, 2);
[2411]	918	foreach (get_languages() as $language_code => $language_name)
	919	{
	920	if (substr($language_code, 0, 2) == $browser_language)
	921	{
[2425]	922	$lang = $language_code;
	923	return true;
[2411]	924	}
	925	}
[2425]	926	return false;
[2411]	927	}
	928
	929	/**
[1926]	930	* add user informations based on default values
	931	*
	932	* @param int user_id / array of user_if
[1930]	933	* @param array of values used to override default user values
[1926]	934	*/
[1930]	935	function create_user_infos($arg_id, $override_values = null)
[1926]	936	{
	937	global $conf;
	938
	939	if (is_array($arg_id))
	940	{
	941	$user_ids = $arg_id;
	942	}
	943	else
	944	{
	945	$user_ids = array();
[2229]	946	if (is_numeric($arg_id))
[1926]	947	{
	948	$user_ids[] = $arg_id;
	949	}
	950	}
	951
	952	if (!empty($user_ids))
	953	{
	954	$inserts = array();
[4325]	955	list($dbnow) = pwg_db_fetch_row(pwg_query('SELECT NOW();'));
[1926]	956
	957	$default_user = get_default_user_info(false);
	958	if ($default_user === false)
	959	{
	960	// Default on structure are used
	961	$default_user = array();
	962	}
	963
[1930]	964	if (!is_null($override_values))
	965	{
	966	$default_user = array_merge($default_user, $override_values);
	967	}
	968
[1926]	969	foreach ($user_ids as $user_id)
	970	{
[2084]	971	$level= isset($default_user['level']) ? $default_user['level'] : 0;
[1926]	972	if ($user_id == $conf['webmaster_id'])
	973	{
	974	$status = 'webmaster';
[2084]	975	$level = max( $conf['available_permission_levels'] );
[1926]	976	}
[2084]	977	else if (($user_id == $conf['guest_id']) or
[1926]	978	($user_id == $conf['default_user_id']))
	979	{
	980	$status = 'guest';
	981	}
	982	else
	983	{
	984	$status = 'normal';
	985	}
	986
[1930]	987	$insert = array_merge(
	988	$default_user,
[1926]	989	array(
	990	'user_id' => $user_id,
	991	'status' => $status,
[2084]	992	'registration_date' => $dbnow,
	993	'level' => $level
[1930]	994	));
[1926]	995
[18629]	996	$inserts[] = $insert;
[2084]	997	}
[1926]	998
	999	mass_inserts(USER_INFOS_TABLE, array_keys($inserts[0]), $inserts);
	1000	}
	1001	}
	1002
	1003	/**
[1622]	1004	* returns the auto login key or false on error
	1005	* @param int user_id
[2411]	1006	* @param time_t time
[1744]	1007	* @param string [out] username
[1622]	1008	*/
[2409]	1009	function calculate_auto_login_key($user_id, $time, &$username)
[1622]	1010	{
	1011	global $conf;
	1012	$query = '
	1013	SELECT '.$conf['user_fields']['username'].' AS username
	1014	, '.$conf['user_fields']['password'].' AS password
	1015	FROM '.USERS_TABLE.'
	1016	WHERE '.$conf['user_fields']['id'].' = '.$user_id;
	1017	$result = pwg_query($query);
[4325]	1018	if (pwg_db_num_rows($result) > 0)
[1622]	1019	{
[4325]	1020	$row = pwg_db_fetch_assoc($result);
[4304]	1021	$username = stripslashes($row['username']);
[11826]	1022	$data = $time.$user_id.$username;
	1023	$key = base64_encode( hash_hmac('sha1', $data, $conf['secret_key'].$row['password'],true) );
[1622]	1024	return $key;
	1025	}
	1026	return false;
	1027	}
	1028
[1068]	1029	/*
	1030	* Performs all required actions for user login
	1031	* @param int user_id
	1032	* @param bool remember_me
	1033	* @return void
	1034	*/
	1035	function log_user($user_id, $remember_me)
	1036	{
[1511]	1037	global $conf, $user;
[1493]	1038
[1641]	1039	if ($remember_me and $conf['authorize_remembering'])
[1068]	1040	{
[2409]	1041	$now = time();
	1042	$key = calculate_auto_login_key($user_id, $now, $username);
[1622]	1043	if ($key!==false)
[1493]	1044	{
[2409]	1045	$cookie = $user_id.'-'.$now.'-'.$key;
[2757]	1046	if (version_compare(PHP_VERSION, '5.2', '>=') )
	1047	{
	1048	setcookie($conf['remember_me_name'],
[2409]	1049	$cookie,
[2029]	1050	time()+$conf['remember_me_length'],
[2757]	1051	cookie_path(),ini_get('session.cookie_domain'),ini_get('session.cookie_secure'),
	1052	ini_get('session.cookie_httponly')
[2029]	1053	);
[2757]	1054	}
	1055	else
	1056	{
	1057	setcookie($conf['remember_me_name'],
	1058	$cookie,
	1059	time()+$conf['remember_me_length'],
	1060	cookie_path(),ini_get('session.cookie_domain'),ini_get('session.cookie_secure')
	1061	);
	1062	}
[2029]	1063	}
[1068]	1064	}
[1568]	1065	else
	1066	{ // make sure we clean any remember me ...
[2757]	1067	setcookie($conf['remember_me_name'], '', 0, cookie_path(),ini_get('session.cookie_domain'));
[1568]	1068	}
	1069	if ( session_id()!="" )
[1622]	1070	{ // we regenerate the session for security reasons
	1071	// see http://www.acros.si/papers/session_fixation.pdf
[6660]	1072	session_regenerate_id(true);
[1568]	1073	}
	1074	else
	1075	{
	1076	session_start();
	1077	}
[1622]	1078	$_SESSION['pwg_uid'] = (int)$user_id;
[1511]	1079
	1080	$user['id'] = $_SESSION['pwg_uid'];
[20282]	1081	trigger_action('user_login', $user['id']);
[1068]	1082	}
	1083
[1070]	1084	/*
[1511]	1085	* Performs auto-connexion when cookie remember_me exists
[1568]	1086	* @return true/false
[1511]	1087	*/
[1567]	1088	function auto_login() {
[1511]	1089	global $conf;
	1090
[1568]	1091	if ( isset( $_COOKIE[$conf['remember_me_name']] ) )
	1092	{
[2409]	1093	$cookie = explode('-', stripslashes($_COOKIE[$conf['remember_me_name']]));
[2411]	1094	if ( count($cookie)===3
[2409]	1095	and is_numeric(@$cookie[0]) /user id/
	1096	and is_numeric(@$cookie[1]) /time/
	1097	and time()-$conf['remember_me_length']<=@$cookie[1]
	1098	and time()>=@$cookie[1] /cookie generated in the past/ )
[1568]	1099	{
[2409]	1100	$key = calculate_auto_login_key( $cookie[0], $cookie[1], $username );
	1101	if ($key!==false and $key===$cookie[2])
[1622]	1102	{
[2409]	1103	log_user($cookie[0], true);
[4304]	1104	trigger_action('login_success', stripslashes($username));
[1622]	1105	return true;
	1106	}
[1568]	1107	}
[2757]	1108	setcookie($conf['remember_me_name'], '', 0, cookie_path(),ini_get('session.cookie_domain'));
[1511]	1109	}
[1568]	1110	return false;
[1511]	1111	}
	1112
[1744]	1113	/**
[18889]	1114	* hashes a password, with the PasswordHash class from phpass security
	1115	* library. We use an "pwg_" prefix because function password_hash is
	1116	* planned for PHP 5.5. Code inspired from Wordpress.
	1117	*
	1118	* @param string $password Plain text user password to hash
	1119	* @return string The hash string of the password
	1120	*/
	1121	function pwg_password_hash($password)
	1122	{
	1123	global $pwg_hasher;
	1124
	1125	if (empty($pwg_hasher))
	1126	{
	1127	require_once(PHPWG_ROOT_PATH.'include/passwordhash.class.php');
	1128
	1129	// We use the portable hash feature from phpass because we can't be sure
	1130	// Piwigo runs on PHP 5.3+ (and won't run on an older version in the
	1131	// future)
	1132	$pwg_hasher = new PasswordHash(13, true);
	1133	}
	1134
	1135	return $pwg_hasher->HashPassword($password);
	1136	}
	1137
	1138	/**
	1139	* Verifies a password, with the PasswordHash class from phpass security
	1140	* library. We use an "pwg_" prefix because function password_verify is
	1141	* planned for PHP 5.5. Code inspired from Wordpress.
	1142	*
	1143	* @param string $password Plain text user password to hash
	1144	* @param string $hash may be md5 or phpass hashed password
	1145	* @param integer $account_id only useful to update password hash from md5 to phpass
	1146	* @return string The hash string of the password
	1147	*/
	1148	function pwg_password_verify($password, $hash, $user_id=null)
	1149	{
	1150	global $conf, $pwg_hasher;
	1151
[18890]	1152	// If the password has not been hashed with the current algorithm.
	1153	if (strpos('$P', $hash) !== 0)
[18889]	1154	{
[18890]	1155	if (!empty($conf['pass_convert']))
	1156	{
	1157	$check = ($hash == $conf['pass_convert']($password));
	1158	}
	1159	else
	1160	{
	1161	$check = ($hash == md5($password));
	1162	}
[18889]	1163
	1164	if ($check and isset($user_id) and !$conf['external_authentification'])
	1165	{
	1166	// Rehash using new hash.
	1167	$hash = pwg_password_hash($password);
	1168
	1169	single_update(
	1170	USERS_TABLE,
	1171	array('password' => $hash),
	1172	array('id' => $user_id)
	1173	);
	1174	}
	1175	}
	1176
	1177	// If the stored hash is longer than an MD5, presume the
	1178	// new style phpass portable hash.
	1179	if (empty($pwg_hasher))
	1180	{
	1181	require_once(PHPWG_ROOT_PATH.'include/passwordhash.class.php');
	1182
	1183	// We use the portable hash feature
	1184	$pwg_hasher = new PasswordHash(13, true);
	1185	}
	1186
	1187	return $pwg_hasher->CheckPassword($password, $hash);
	1188	}
	1189
	1190	/**
[1744]	1191	* Tries to login a user given username and password (must be MySql escaped)
	1192	* return true on success
	1193	*/
	1194	function try_log_user($username, $password, $remember_me)
	1195	{
[20282]	1196	return trigger_event('try_log_user', false, $username, $password, $remember_me);
	1197	}
	1198
	1199	add_event_handler('try_log_user', 'pwg_login', EVENT_HANDLER_PRIORITY_NEUTRAL, 4);
	1200
	1201	function pwg_login($success, $username, $password, $remember_me)
	1202	{
	1203	if ($success===true)
	1204	{
	1205	return true;
	1206	}
	1207
[11737]	1208	// we force the session table to be clean
	1209	pwg_session_gc();
[13074]	1210
[1744]	1211	global $conf;
	1212	// retrieving the encrypted password of the login submitted
	1213	$query = '
	1214	SELECT '.$conf['user_fields']['id'].' AS id,
	1215	'.$conf['user_fields']['password'].' AS password
	1216	FROM '.USERS_TABLE.'
[4367]	1217	WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\'
[1744]	1218	;';
[4325]	1219	$row = pwg_db_fetch_assoc(pwg_query($query));
[18889]	1220	if ($conf['password_verify']($password, $row['password'], $row['id']))
[1744]	1221	{
	1222	log_user($row['id'], $remember_me);
[4304]	1223	trigger_action('login_success', stripslashes($username));
[1744]	1224	return true;
	1225	}
[4304]	1226	trigger_action('login_failure', stripslashes($username));
[1744]	1227	return false;
	1228	}
	1229
[2757]	1230	/** Performs all the cleanup on user logout */
	1231	function logout_user()
	1232	{
	1233	global $conf;
[20282]	1234
	1235	trigger_action('user_logout', @$_SESSION['pwg_uid']);
	1236
[2757]	1237	$_SESSION = array();
	1238	session_unset();
	1239	session_destroy();
	1240	setcookie(session_name(),'',0,
	1241	ini_get('session.cookie_path'),
	1242	ini_get('session.cookie_domain')
	1243	);
	1244	setcookie($conf['remember_me_name'], '', 0, cookie_path(),ini_get('session.cookie_domain'));
	1245	}
	1246
[1511]	1247	/*
[2029]	1248	* Return user status used in this library
	1249	* @return string
[1070]	1250	*/
[2029]	1251	function get_user_status($user_status)
[1070]	1252	{
[2029]	1253	global $user;
[1072]	1254
[1854]	1255	if (empty($user_status))
[1075]	1256	{
[1854]	1257	if (isset($user['status']))
	1258	{
	1259	$user_status = $user['status'];
	1260	}
	1261	else
	1262	{
	1263	// swicth to default value
	1264	$user_status = '';
	1265	}
[1075]	1266	}
[2029]	1267	return $user_status;
	1268	}
[1075]	1269
[2029]	1270	/*
[2325]	1271	* Return access_type definition of user
[2029]	1272	* Test does with user status
	1273	* @return bool
	1274	*/
	1275	function get_access_type_status($user_status='')
	1276	{
	1277	global $conf;
	1278
	1279	switch (get_user_status($user_status))
[1072]	1280	{
[1075]	1281	case 'guest':
[1851]	1282	{
[1854]	1283	$access_type_status =
[2325]	1284	($conf['guest_access'] ? ACCESS_GUEST : ACCESS_FREE);
[1851]	1285	break;
	1286	}
[1075]	1287	case 'generic':
[1072]	1288	{
[1075]	1289	$access_type_status = ACCESS_GUEST;
	1290	break;
[1072]	1291	}
[1075]	1292	case 'normal':
	1293	{
	1294	$access_type_status = ACCESS_CLASSIC;
	1295	break;
	1296	}
	1297	case 'admin':
	1298	{
	1299	$access_type_status = ACCESS_ADMINISTRATOR;
	1300	break;
	1301	}
	1302	case 'webmaster':
	1303	{
	1304	$access_type_status = ACCESS_WEBMASTER;
	1305	break;
	1306	}
[2221]	1307	default:
[1854]	1308	{
[2325]	1309	$access_type_status = ACCESS_FREE;
[2221]	1310	break;
[1854]	1311	}
[1072]	1312	}
	1313
[1085]	1314	return $access_type_status;
[1070]	1315	}
	1316
[1072]	1317	/*
[1085]	1318	* Return if user have access to access_type definition
	1319	* Test does with user status
	1320	* @return bool
	1321	*/
[1851]	1322	function is_autorize_status($access_type, $user_status = '')
[1085]	1323	{
[1851]	1324	return (get_access_type_status($user_status) >= $access_type);
[1085]	1325	}
	1326
	1327	/*
	1328	* Check if user have access to access_type definition
[1072]	1329	* Stop action if there are not access
	1330	* Test does with user status
	1331	* @return none
	1332	*/
[1851]	1333	function check_status($access_type, $user_status = '')
[1072]	1334	{
[1851]	1335	if (!is_autorize_status($access_type, $user_status))
[1072]	1336	{
[1113]	1337	access_denied();
[1072]	1338	}
	1339	}
	1340
	1341	/*
[2163]	1342	* Return if user is generic
[1072]	1343	* @return bool
	1344	*/
[2163]	1345	function is_generic($user_status = '')
[2029]	1346	{
[2163]	1347	return get_user_status($user_status) == 'generic';
[2029]	1348	}
	1349
	1350	/*
[2163]	1351	* Return if user is only a guest
[2161]	1352	* @return bool
	1353	*/
[2163]	1354	function is_a_guest($user_status = '')
[2161]	1355	{
[2163]	1356	return get_user_status($user_status) == 'guest';
[2161]	1357	}
[2163]	1358
[2161]	1359	/*
[2029]	1360	* Return if user is, at least, a classic user
	1361	* @return bool
	1362	*/
	1363	function is_classic_user($user_status = '')
	1364	{
	1365	return is_autorize_status(ACCESS_CLASSIC, $user_status);
	1366	}
	1367
	1368	/*
	1369	* Return if user is, at least, an administrator
	1370	* @return bool
	1371	*/
[1851]	1372	function is_admin($user_status = '')
[1072]	1373	{
[1851]	1374	return is_autorize_status(ACCESS_ADMINISTRATOR, $user_status);
[1072]	1375	}
	1376
[1085]	1377	/*
[5272]	1378	* Return if user is, at least, a webmaster
	1379	* @return bool
	1380	*/
	1381	function is_webmaster($user_status = '')
	1382	{
	1383	return is_autorize_status(ACCESS_WEBMASTER, $user_status);
	1384	}
	1385
	1386	/*
[8126]	1387	* Adviser status is depreciated from piwigo 2.2
	1388	* @return false
[1085]	1389	*/
	1390	function is_adviser()
	1391	{
[12339]	1392	// TODO for Piwigo 2.4 : trigger a warning. We don't do it on Piwigo 2.3
	1393	// to avoid changes for plugin contributors
	1394	// trigger_error('call to obsolete function is_adviser', E_USER_WARNING);
[8126]	1395	return false;
[1085]	1396	}
[1458]	1397
	1398	/*
[5195]	1399	* Return if current user can edit/delete/validate a comment
	1400	* @param action edit/delete/validate
[3445]	1401	* @return bool
	1402	*/
[3622]	1403	function can_manage_comment($action, $comment_author_id)
[3445]	1404	{
[5195]	1405	global $user, $conf;
[13074]	1406
[5195]	1407	if (is_a_guest())
	1408	{
[3445]	1409	return false;
	1410	}
[13074]	1411
[5195]	1412	if (!in_array($action, array('delete','edit', 'validate')))
	1413	{
	1414	return false;
	1415	}
	1416
	1417	if (is_admin())
	1418	{
	1419	return true;
	1420	}
	1421
	1422	if ('edit' == $action and $conf['user_can_edit_comment'])
	1423	{
	1424	if ($comment_author_id == $user['id']) {
	1425	return true;
	1426	}
	1427	}
	1428
	1429	if ('delete' == $action and $conf['user_can_delete_comment'])
	1430	{
	1431	if ($comment_author_id == $user['id']) {
	1432	return true;
	1433	}
	1434	}
	1435
	1436	return false;
[3445]	1437	}
	1438
	1439	/*
[1458]	1440	* Return mail address as display text
	1441	* @return string
	1442	*/
	1443	function get_email_address_as_display_text($email_address)
	1444	{
	1445	global $conf;
	1446
[1462]	1447	if (!isset($email_address) or (trim($email_address) == ''))
[1458]	1448	{
[1462]	1449	return '';
[1458]	1450	}
	1451	else
	1452	{
[8126]	1453	return $email_address;
[1458]	1454	}
	1455	}
	1456
[1677]	1457	/*
[1817]	1458	* Compute sql where condition with restrict and filter data. "FandF" means
	1459	* Forbidden and Filters.
[1677]	1460	*
[1817]	1461	* @param array condition_fields: read function body
	1462	* @param string prefix_condition: prefixes sql if condition is not empty
	1463	* @param boolean force_one_condition: use at least "1 = 1"
[1677]	1464	*
	1465	* @return string sql where/conditions
	1466	*/
[1817]	1467	function get_sql_condition_FandF(
	1468	$condition_fields,
	1469	$prefix_condition = null,
	1470	$force_one_condition = false
	1471	)
[1677]	1472	{
	1473	global $user, $filter;
	1474
	1475	$sql_list = array();
	1476
	1477	foreach ($condition_fields as $condition => $field_name)
	1478	{
	1479	switch($condition)
	1480	{
	1481	case 'forbidden_categories':
[1817]	1482	{
[1677]	1483	if (!empty($user['forbidden_categories']))
	1484	{
[1817]	1485	$sql_list[] =
	1486	$field_name.' NOT IN ('.$user['forbidden_categories'].')';
[1677]	1487	}
	1488	break;
[1817]	1489	}
[1677]	1490	case 'visible_categories':
[1817]	1491	{
[1677]	1492	if (!empty($filter['visible_categories']))
	1493	{
[1817]	1494	$sql_list[] =
	1495	$field_name.' IN ('.$filter['visible_categories'].')';
[1677]	1496	}
	1497	break;
[1817]	1498	}
[1677]	1499	case 'visible_images':
	1500	if (!empty($filter['visible_images']))
	1501	{
[1817]	1502	$sql_list[] =
	1503	$field_name.' IN ('.$filter['visible_images'].')';
[1677]	1504	}
[2084]	1505	// note there is no break - visible include forbidden
	1506	case 'forbidden_images':
	1507	if (
	1508	!empty($user['image_access_list'])
	1509	or $user['image_access_type']!='NOT IN'
	1510	)
	1511	{
	1512	$table_prefix=null;
	1513	if ($field_name=='id')
	1514	{
	1515	$table_prefix = '';
	1516	}
	1517	elseif ($field_name=='i.id')
	1518	{
	1519	$table_prefix = 'i.';
	1520	}
	1521	if ( isset($table_prefix) )
	1522	{
	1523	$sql_list[]=$table_prefix.'level<='.$user['level'];
	1524	}
[21801]	1525	elseif ( !empty($user['image_access_list']) and !empty($user['image_access_type']) )
[2084]	1526	{
	1527	$sql_list[]=$field_name.' '.$user['image_access_type']
	1528	.' ('.$user['image_access_list'].')';
	1529	}
	1530	}
[1677]	1531	break;
	1532	default:
[1817]	1533	{
[1677]	1534	die('Unknow condition');
	1535	break;
[1817]	1536	}
[1677]	1537	}
	1538	}
	1539
	1540	if (count($sql_list) > 0)
	1541	{
	1542	$sql = '('.implode(' AND ', $sql_list).')';
	1543	}
	1544	else
	1545	{
[2824]	1546	$sql = $force_one_condition ? '1 = 1' : '';
[1677]	1547	}
	1548
	1549	if (isset($prefix_condition) and !empty($sql))
	1550	{
	1551	$sql = $prefix_condition.' '.$sql;
	1552	}
	1553
	1554	return $sql;
	1555	}
	1556
[11992]	1557	/**
	1558	* search an available activation_key
	1559	*
	1560	* @return string
	1561	*/
	1562	function get_user_activation_key()
	1563	{
	1564	while (true)
	1565	{
	1566	$key = generate_key(20);
	1567	$query = '
	1568	SELECT COUNT(*)
	1569	FROM '.USER_INFOS_TABLE.'
	1570	WHERE activation_key = \''.$key.'\'
	1571	;';
	1572	list($count) = pwg_db_fetch_row(pwg_query($query));
	1573	if (0 == $count)
	1574	{
	1575	return $key;
	1576	}
	1577	}
	1578	}
	1579
[12339]	1580	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: