Context Navigation

source: trunk/include/functions_user.inc.php @ 30004

Last change on this file since 30004 was 29840, checked in by plg, 10 years ago
bug 3111: cleaner code for get_browser_language (no more reference as parameter)
Property svn:eol-style set to `LF`
File size: 36.0 KB

Rev	Line
[2]	1	<?php
[362]	2	// +-----------------------------------------------------------------------+
[8728]	3	// \| Piwigo - a PHP based photo gallery \|
[2297]	4	// +-----------------------------------------------------------------------+
[26461]	5	// \| Copyright(C) 2008-2014 Piwigo Team http://piwigo.org \|
[2297]	6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
	7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
	8	// +-----------------------------------------------------------------------+
	9	// \| This program is free software; you can redistribute it and/or modify \|
	10	// \| it under the terms of the GNU General Public License as published by \|
	11	// \| the Free Software Foundation \|
	12	// \| \|
	13	// \| This program is distributed in the hope that it will be useful, but \|
	14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	16	// \| General Public License for more details. \|
	17	// \| \|
	18	// \| You should have received a copy of the GNU General Public License \|
	19	// \| along with this program; if not, write to the Free Software \|
	20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	21	// \| USA. \|
	22	// +-----------------------------------------------------------------------+
[2]	23
[25728]	24	/**
	25	* @package functions\user
	26	*/
	27
	28
	29	/**
	30	* Checks if an email is well formed and not already in use.
	31	*
	32	* @param int $user_id
	33	* @param string $mail_address
	34	* @return string\|void error message or nothing
	35	*/
[2124]	36	function validate_mail_address($user_id, $mail_address)
[2]	37	{
[2115]	38	global $conf;
[2]	39
[2032]	40	if (empty($mail_address) and
[2127]	41	!($conf['obligatory_user_mail_address'] and
[2124]	42	in_array(script_basename(), array('register', 'profile'))))
[2]	43	{
[9]	44	return '';
[2]	45	}
[2115]	46
[18164]	47	if ( !email_check_format($mail_address) )
[9]	48	{
[5021]	49	return l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)');
[9]	50	}
[2127]	51
[2115]	52	if (defined("PHPWG_INSTALLED") and !empty($mail_address))
	53	{
	54	$query = '
[18164]	55	SELECT count(*)
	56	FROM '.USERS_TABLE.'
	57	WHERE upper('.$conf['user_fields']['email'].') = upper(\''.$mail_address.'\')
	58	'.(is_numeric($user_id) ? 'AND '.$conf['user_fields']['id'].' != \''.$user_id.'\'' : '').'
[2115]	59	;';
[4325]	60	list($count) = pwg_db_fetch_row(pwg_query($query));
[2115]	61	if ($count != 0)
	62	{
[8635]	63	return l10n('this email address is already in use');
[2115]	64	}
	65	}
[2]	66	}
	67
[25728]	68	/**
	69	* Checks if a login is not already in use.
	70	* Comparision is case insensitive.
	71	*
	72	* @param string $login
	73	* @return string\|void error message or nothing
	74	*/
[4429]	75	function validate_login_case($login)
	76	{
	77	global $conf;
[13074]	78
[4429]	79	if (defined("PHPWG_INSTALLED"))
	80	{
	81	$query = "
	82	SELECT ".$conf['user_fields']['username']."
	83	FROM ".USERS_TABLE."
	84	WHERE LOWER(".stripslashes($conf['user_fields']['username']).") = '".strtolower($login)."'
	85	;";
	86
	87	$count = pwg_db_num_rows(pwg_query($query));
	88
	89	if ($count > 0)
	90	{
[5021]	91	return l10n('this login is already used');
[4429]	92	}
	93	}
	94	}
[10860]	95	/**
[25728]	96	* Searches for user with the same username in different case.
[10860]	97	*
[25728]	98	* @param string $username typically typed in by user for identification
	99	* @return string $username found in database
[10860]	100	*/
	101	function search_case_username($username)
	102	{
	103	global $conf;
[4429]	104
[10860]	105	$username_lo = strtolower($username);
	106
	107	$SCU_users = array();
[13074]	108
[10860]	109	$q = pwg_query("
	110	SELECT ".$conf['user_fields']['username']." AS username
	111	FROM `".USERS_TABLE."`;
	112	");
	113	while ($r = pwg_db_fetch_assoc($q))
	114	$SCU_users[$r['username']] = strtolower($r['username']);
	115	// $SCU_users is now an associative table where the key is the account as
	116	// registered in the DB, and the value is this same account, in lower case
[13074]	117
[10860]	118	$users_found = array_keys($SCU_users, $username_lo);
	119	// $users_found is now a table of which the values are all the accounts
	120	// which can be written in lowercase the same way as $username
	121	if (count($users_found) != 1) // If ambiguous, don't allow lowercase writing
	122	return $username; // but normal writing will work
	123	else
	124	return $users_found[0];
	125	}
[25116]	126
	127	/**
[25728]	128	* Creates a new user.
	129	*
[25116]	130	* @param string $login
	131	* @param string $password
	132	* @param string $mail_adress
[25237]	133	* @param bool $notify_admin
[25728]	134	* @param array &$errors populated with error messages
[25237]	135	* @param bool $notify_user
[25728]	136	* @return int\|false user id or false
[25116]	137	*/
[25237]	138	function register_user($login, $password, $mail_address, $notify_admin=true, &$errors = array(), $notify_user=false)
[2]	139	{
[2115]	140	global $conf;
[2]	141
[661]	142	if ($login == '')
	143	{
[13074]	144	$errors[] = l10n('Please, enter a login');
[661]	145	}
[3747]	146	if (preg_match('/^.* $/', $login))
[661]	147	{
[13074]	148	$errors[] = l10n('login mustn\'t end with a space character');
[661]	149	}
[3747]	150	if (preg_match('/^ .*$/', $login))
[661]	151	{
[13074]	152	$errors[] = l10n('login mustn\'t start with a space character');
[661]	153	}
[808]	154	if (get_userid($login))
[804]	155	{
[13074]	156	$errors[] = l10n('this login is already used');
[2]	157	}
[9923]	158	if ($login != strip_tags($login))
	159	{
[13074]	160	$errors[] = l10n('html tags are not allowed in login');
[9923]	161	}
[2124]	162	$mail_error = validate_mail_address(null, $mail_address);
[808]	163	if ('' != $mail_error)
[661]	164	{
[13074]	165	$errors[] = $mail_error;
[661]	166	}
[2]	167
[5060]	168	if ($conf['insensitive_case_logon'] == true)
[4429]	169	{
	170	$login_error = validate_login_case($login);
	171	if ($login_error != '')
	172	{
[13074]	173	$errors[] = $login_error;
[4429]	174	}
	175	}
	176
[28587]	177	$errors = trigger_change(
[25237]	178	'register_user_check',
	179	$errors,
	180	array(
	181	'username'=>$login,
	182	'password'=>$password,
	183	'email'=>$mail_address,
	184	)
	185	);
[2237]	186
[9]	187	// if no error until here, registration of the user
[661]	188	if (count($errors) == 0)
[2]	189	{
[25237]	190	$insert = array(
	191	$conf['user_fields']['username'] => pwg_db_real_escape_string($login),
	192	$conf['user_fields']['password'] => $conf['password_hash']($password),
	193	$conf['user_fields']['email'] => $mail_address
	194	);
[661]	195
[25019]	196	single_insert(USERS_TABLE, $insert);
[25116]	197	$user_id = pwg_db_insert_id();
[1068]	198
[2178]	199	// Assign by default groups
[25116]	200	$query = '
[1583]	201	SELECT id
	202	FROM '.GROUPS_TABLE.'
	203	WHERE is_default = \''.boolean_to_string(true).'\'
	204	ORDER BY id ASC
	205	;';
[25116]	206	$result = pwg_query($query);
[1581]	207
[25116]	208	$inserts = array();
	209	while ($row = pwg_db_fetch_assoc($result))
	210	{
[25237]	211	$inserts[] = array(
	212	'user_id' => $user_id,
	213	'group_id' => $row['id']
[25116]	214	);
[1583]	215	}
[1581]	216
[1583]	217	if (count($inserts) != 0)
	218	{
	219	mass_inserts(USER_GROUP_TABLE, array('user_id', 'group_id'), $inserts);
[1581]	220	}
	221
[29840]	222	$override = array();
	223	if ($language = get_browser_language())
[2425]	224	{
[29840]	225	$override['language'] = $language;
[2425]	226	}
[29840]	227
[25116]	228	create_user_infos($user_id, $override);
[1605]	229
[25237]	230	if ($notify_admin and $conf['email_admin_on_new_user'])
[2178]	231	{
	232	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
[25237]	233	$admin_url = get_absolute_root_url().'admin.php?page=user_list&username='.$login;
[2178]	234
[25360]	235	$keyargs_content = array(
	236	get_l10n_args('User: %s', stripslashes($login) ),
[29759]	237	get_l10n_args('Email: %s', $mail_address),
[25360]	238	get_l10n_args(''),
	239	get_l10n_args('Admin: %s', $admin_url),
[25237]	240	);
[2178]	241
[25237]	242	pwg_mail_notification_admins(
[25360]	243	get_l10n_args('Registration of %s', stripslashes($login) ),
	244	$keyargs_content
[25237]	245	);
[2178]	246	}
	247
[25237]	248	if ($notify_user and email_check_format($mail_address))
	249	{
	250	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
[28714]	251
[25237]	252	$keyargs_content = array(
[26028]	253	get_l10n_args('Hello %s,', stripslashes($login)),
[25237]	254	get_l10n_args('Thank you for registering at %s!', $conf['gallery_title']),
	255	get_l10n_args('', ''),
	256	get_l10n_args('Here are your connection settings', ''),
[29075]	257	get_l10n_args('', ''),
	258	get_l10n_args('Link: %s', get_absolute_root_url()),
[26028]	259	get_l10n_args('Username: %s', stripslashes($login)),
	260	get_l10n_args('Password: %s', stripslashes($password)),
[25237]	261	get_l10n_args('Email: %s', $mail_address),
	262	get_l10n_args('', ''),
	263	get_l10n_args('If you think you\'ve received this email in error, please contact us at %s', get_webmaster_mail_address()),
	264	);
[28714]	265
[25237]	266	pwg_mail(
	267	$mail_address,
	268	array(
	269	'subject' => '['.$conf['gallery_title'].'] '.l10n('Registration'),
	270	'content' => l10n_args($keyargs_content),
	271	'content_format' => 'text/plain',
	272	)
	273	);
	274	}
	275
[28587]	276	trigger_notify(
[25237]	277	'register_user',
[1605]	278	array(
[25116]	279	'id'=>$user_id,
[1605]	280	'username'=>$login,
	281	'email'=>$mail_address,
[25237]	282	)
[1605]	283	);
[28714]	284
[25116]	285	return $user_id;
[2]	286	}
[25116]	287	else
	288	{
	289	return false;
	290	}
[2]	291	}
	292
[25728]	293	/**
	294	* Fetches user data from database.
	295	* Same that getuserdata() but with additional tests for guest.
	296	*
	297	* @param int $user_id
	298	* @param boolean $user_cache
	299	* @return array
	300	*/
	301	function build_user($user_id, $use_cache=true)
[1568]	302	{
	303	global $conf;
[2038]	304
[1568]	305	$user['id'] = $user_id;
[1677]	306	$user = array_merge( $user, getuserdata($user_id, $use_cache) );
[1926]	307
[2055]	308	if ($user['id'] == $conf['guest_id'] and $user['status'] <> 'guest')
	309	{
	310	$user['status'] = 'guest';
	311	$user['internal_status']['guest_must_be_guest'] = true;
	312	}
	313
[5123]	314	// Check user theme
[5264]	315	if (!isset($user['theme_name']))
[5123]	316	{
[5264]	317	$user['theme'] = get_default_theme();
[5123]	318	}
[2039]	319
[1568]	320	return $user;
	321	}
	322
[808]	323	/**
[25728]	324	* Finds informations related to the user identifier.
[808]	325	*
[25728]	326	* @param int $user_id
	327	* @param boolean $use_cache
	328	* @return array
[808]	329	*/
[25728]	330	function getuserdata($user_id, $use_cache=false)
[393]	331	{
[808]	332	global $conf;
	333
[6315]	334	// retrieve basic user data
[808]	335	$query = '
	336	SELECT ';
	337	$is_first = true;
	338	foreach ($conf['user_fields'] as $pwgfield => $dbfield)
	339	{
	340	if ($is_first)
	341	{
	342	$is_first = false;
	343	}
	344	else
	345	{
	346	$query.= '
	347	, ';
	348	}
	349	$query.= $dbfield.' AS '.$pwgfield;
	350	}
	351	$query.= '
	352	FROM '.USERS_TABLE.'
[3622]	353	WHERE '.$conf['user_fields']['id'].' = \''.$user_id.'\'';
[1068]	354
[4325]	355	$row = pwg_db_fetch_assoc(pwg_query($query));
[808]	356
[6510]	357	// retrieve additional user data ?
	358	if ($conf['external_authentification'])
	359	{
	360	$query = '
	361	SELECT
[11356]	362	COUNT(1) AS counter
[6510]	363	FROM '.USER_INFOS_TABLE.' AS ui
	364	LEFT JOIN '.USER_CACHE_TABLE.' AS uc ON ui.user_id = uc.user_id
	365	LEFT JOIN '.THEMES_TABLE.' AS t ON t.id = ui.theme
	366	WHERE ui.user_id = '.$user_id.'
	367	GROUP BY ui.user_id
	368	;';
[11356]	369	list($counter) = pwg_db_fetch_row(pwg_query($query));
	370	if ($counter != 1)
[6510]	371	{
	372	create_user_infos($user_id);
	373	}
[808]	374	}
[1068]	375
[11356]	376	// retrieve user info
	377	$query = '
	378	SELECT
	379	ui.*,
	380	uc.*,
	381	t.name AS theme_name
	382	FROM '.USER_INFOS_TABLE.' AS ui
	383	LEFT JOIN '.USER_CACHE_TABLE.' AS uc ON ui.user_id = uc.user_id
	384	LEFT JOIN '.THEMES_TABLE.' AS t ON t.id = ui.theme
	385	WHERE ui.user_id = '.$user_id.'
	386	;';
	387
	388	$result = pwg_query($query);
	389	$user_infos_row = pwg_db_fetch_assoc($result);
	390
[6315]	391	// then merge basic + additional user data
[18629]	392	$userdata = array_merge($row, $user_infos_row);
[1068]	393
[18629]	394	foreach ($userdata as &$value)
[808]	395	{
[18629]	396	// If the field is true or false, the variable is transformed into a boolean value.
	397	if ($value == 'true')
[808]	398	{
[18629]	399	$value = true;
[808]	400	}
[18629]	401	elseif ($value == 'false')
[808]	402	{
[18629]	403	$value = false;
[808]	404	}
	405	}
[18629]	406	unset($value);
[808]	407
	408	if ($use_cache)
	409	{
	410	if (!isset($userdata['need_update'])
	411	or !is_bool($userdata['need_update'])
[1677]	412	or $userdata['need_update'] == true)
[808]	413	{
[2448]	414	$userdata['cache_update_time'] = time();
	415
	416	// Set need update are done
	417	$userdata['need_update'] = false;
	418
[808]	419	$userdata['forbidden_categories'] =
	420	calculate_permissions($userdata['id'], $userdata['status']);
	421
[2084]	422	/* now we build the list of forbidden images (this list does not contain
	423	images that are not in at least an authorized category)*/
	424	$query = '
	425	SELECT DISTINCT(id)
	426	FROM '.IMAGES_TABLE.' INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id=image_id
	427	WHERE category_id NOT IN ('.$userdata['forbidden_categories'].')
	428	AND level>'.$userdata['level'];
[27388]	429	$forbidden_ids = query2array($query,null, 'id');
[2084]	430
	431	if ( empty($forbidden_ids) )
	432	{
[13074]	433	$forbidden_ids[] = 0;
[2084]	434	}
	435	$userdata['image_access_type'] = 'NOT IN'; //TODO maybe later
	436	$userdata['image_access_list'] = implode(',',$forbidden_ids);
	437
[1624]	438
[1081]	439	$query = '
	440	SELECT COUNT(DISTINCT(image_id)) as total
	441	FROM '.IMAGE_CATEGORY_TABLE.'
	442	WHERE category_id NOT IN ('.$userdata['forbidden_categories'].')
[3622]	443	AND image_id '.$userdata['image_access_type'].' ('.$userdata['image_access_list'].')';
[4325]	444	list($userdata['nb_total_images']) = pwg_db_fetch_row(pwg_query($query));
[1081]	445
[3622]	446
	447	// now we update user cache categories
	448	$user_cache_cats = get_computed_categories($userdata, null);
	449	if ( !is_admin($userdata['status']) )
	450	{ // for non admins we forbid categories with no image (feature 1053)
	451	$forbidden_ids = array();
[3640]	452	foreach ($user_cache_cats as $cat)
[3622]	453	{
	454	if ($cat['count_images']==0)
	455	{
[13074]	456	$forbidden_ids[] = $cat['cat_id'];
[22879]	457	remove_computed_category($user_cache_cats, $cat);
[3622]	458	}
	459	}
	460	if ( !empty($forbidden_ids) )
	461	{
	462	if ( empty($userdata['forbidden_categories']) )
	463	{
	464	$userdata['forbidden_categories'] = implode(',', $forbidden_ids);
	465	}
	466	else
	467	{
	468	$userdata['forbidden_categories'] .= ','.implode(',', $forbidden_ids);
	469	}
	470	}
	471	}
	472
	473	// delete user cache
	474	$query = '
	475	DELETE FROM '.USER_CACHE_CATEGORIES_TABLE.'
	476	WHERE user_id = '.$userdata['id'];
	477	pwg_query($query);
	478
[12748]	479	// Due to concurrency issues, we ask MySQL to ignore errors on
	480	// insert. This may happen when cache needs refresh and that Piwigo is
	481	// called "very simultaneously".
[25019]	482	mass_inserts(
[3622]	483	USER_CACHE_CATEGORIES_TABLE,
[25019]	484	array(
[3622]	485	'user_id', 'cat_id',
[22879]	486	'date_last', 'max_date_last', 'nb_images', 'count_images', 'nb_categories', 'count_categories'
[25019]	487	),
[12748]	488	$user_cache_cats,
	489	array('ignore' => true)
[3622]	490	);
	491
	492
[808]	493	// update user cache
	494	$query = '
	495	DELETE FROM '.USER_CACHE_TABLE.'
[3622]	496	WHERE user_id = '.$userdata['id'];
[808]	497	pwg_query($query);
[1068]	498
[12748]	499	// for the same reason as user_cache_categories, we ignore error on
	500	// this insert
[808]	501	$query = '
[12748]	502	INSERT IGNORE INTO '.USER_CACHE_TABLE.'
[2448]	503	(user_id, need_update, cache_update_time, forbidden_categories, nb_total_images,
[21801]	504	last_photo_date,
[2084]	505	image_access_type, image_access_list)
[808]	506	VALUES
[2448]	507	('.$userdata['id'].',\''.boolean_to_string($userdata['need_update']).'\','
	508	.$userdata['cache_update_time'].',\''
[21801]	509	.$userdata['forbidden_categories'].'\','.$userdata['nb_total_images'].','.
	510	(empty($userdata['last_photo_date']) ? 'NULL': '\''.$userdata['last_photo_date'].'\'').
	511	',\''.$userdata['image_access_type'].'\',\''.$userdata['image_access_list'].'\')';
[808]	512	pwg_query($query);
	513	}
	514	}
	515
	516	return $userdata;
[393]	517	}
[647]	518
[25728]	519	/**
	520	* Deletes favorites of the current user if he's not allowed to see them.
[647]	521	*/
	522	function check_user_favorites()
	523	{
	524	global $user;
	525
	526	if ($user['forbidden_categories'] == '')
	527	{
	528	return;
	529	}
[832]	530
[1677]	531	// $filter['visible_categories'] and $filter['visible_images']
	532	// must be not used because filter <> restriction
[832]	533	// retrieving images allowed : belonging to at least one authorized
	534	// category
[647]	535	$query = '
[832]	536	SELECT DISTINCT f.image_id
[647]	537	FROM '.FAVORITES_TABLE.' AS f INNER JOIN '.IMAGE_CATEGORY_TABLE.' AS ic
	538	ON f.image_id = ic.image_id
	539	WHERE f.user_id = '.$user['id'].'
[25728]	540	'.get_sql_condition_FandF(
	541	array(
[1677]	542	'forbidden_categories' => 'ic.category_id',
[25728]	543	),
	544	'AND'
	545	).'
[647]	546	;';
[27388]	547	$authorizeds = query2array($query,null, 'image_id');
[647]	548
[832]	549	$query = '
	550	SELECT image_id
	551	FROM '.FAVORITES_TABLE.'
	552	WHERE user_id = '.$user['id'].'
	553	;';
[27388]	554	$favorites = query2array($query,null, 'image_id');
[832]	555
	556	$to_deletes = array_diff($favorites, $authorizeds);
	557	if (count($to_deletes) > 0)
	558	{
[647]	559	$query = '
	560	DELETE FROM '.FAVORITES_TABLE.'
[832]	561	WHERE image_id IN ('.implode(',', $to_deletes).')
[647]	562	AND user_id = '.$user['id'].'
	563	;';
	564	pwg_query($query);
	565	}
	566	}
[648]	567
	568	/**
[25728]	569	* Calculates the list of forbidden categories for a given user.
[648]	570	*
[808]	571	* Calculation is based on private categories minus categories authorized to
	572	* the groups the user belongs to minus the categories directly authorized
[25728]	573	* to the user. The list contains at least 0 to be compliant with queries
[808]	574	* such as "WHERE category_id NOT IN ($forbidden_categories)"
[648]	575	*
[25728]	576	* @param int $user_id
	577	* @param string $user_status
	578	* @return string comma separated ids
[648]	579	*/
[680]	580	function calculate_permissions($user_id, $user_status)
[648]	581	{
	582	$query = '
	583	SELECT id
	584	FROM '.CATEGORIES_TABLE.'
	585	WHERE status = \'private\'
	586	;';
[27388]	587	$private_array = query2array($query,null, 'id');
[680]	588
[648]	589	// retrieve category ids directly authorized to the user
	590	$query = '
	591	SELECT cat_id
	592	FROM '.USER_ACCESS_TABLE.'
	593	WHERE user_id = '.$user_id.'
	594	;';
[27388]	595	$authorized_array = query2array($query,null, 'cat_id');
[648]	596
	597	// retrieve category ids authorized to the groups the user belongs to
	598	$query = '
	599	SELECT cat_id
	600	FROM '.USER_GROUP_TABLE.' AS ug INNER JOIN '.GROUP_ACCESS_TABLE.' AS ga
	601	ON ug.group_id = ga.group_id
	602	WHERE ug.user_id = '.$user_id.'
	603	;';
[808]	604	$authorized_array =
	605	array_merge(
	606	$authorized_array,
[27388]	607	query2array($query,null, 'cat_id')
[808]	608	);
[648]	609
	610	// uniquify ids : some private categories might be authorized for the
	611	// groups and for the user
	612	$authorized_array = array_unique($authorized_array);
	613
	614	// only unauthorized private categories are forbidden
	615	$forbidden_array = array_diff($private_array, $authorized_array);
	616
[1117]	617	// if user is not an admin, locked categories are forbidden
[1851]	618	if (!is_admin($user_status))
[1117]	619	{
	620	$query = '
	621	SELECT id
	622	FROM '.CATEGORIES_TABLE.'
	623	WHERE visible = \'false\'
	624	;';
[27388]	625	$forbidden_array = array_merge($forbidden_array, query2array($query, null, 'id') );
[1117]	626	$forbidden_array = array_unique($forbidden_array);
	627	}
[1068]	628
[1117]	629	if ( empty($forbidden_array) )
[1331]	630	{// at least, the list contains 0 value. This category does not exists so
	631	// where clauses such as "WHERE category_id NOT IN(0)" will always be
[1117]	632	// true.
[13074]	633	$forbidden_array[] = 0;
[1117]	634	}
	635
[808]	636	return implode(',', $forbidden_array);
[648]	637	}
[708]	638
[1677]	639	/**
[25728]	640	* Returns user identifier thanks to his name.
[1677]	641	*
[25728]	642	* @param string $username
	643	* @param int\|false
[1677]	644	*/
[808]	645	function get_userid($username)
	646	{
	647	global $conf;
	648
[4325]	649	$username = pwg_db_real_escape_string($username);
[808]	650
	651	$query = '
	652	SELECT '.$conf['user_fields']['id'].'
	653	FROM '.USERS_TABLE.'
	654	WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
	655	;';
	656	$result = pwg_query($query);
	657
[4325]	658	if (pwg_db_num_rows($result) == 0)
[808]	659	{
	660	return false;
	661	}
	662	else
	663	{
[4325]	664	list($user_id) = pwg_db_fetch_row($result);
[808]	665	return $user_id;
	666	}
	667	}
	668
[25728]	669	/**
	670	* Returns user identifier thanks to his email.
	671	*
	672	* @param string $email
	673	* @param int\|false
	674	*/
[11992]	675	function get_userid_by_email($email)
	676	{
	677	global $conf;
	678
	679	$email = pwg_db_real_escape_string($email);
[13074]	680
[11992]	681	$query = '
	682	SELECT
	683	'.$conf['user_fields']['id'].'
	684	FROM '.USERS_TABLE.'
	685	WHERE UPPER('.$conf['user_fields']['email'].') = UPPER(\''.$email.'\')
	686	;';
	687	$result = pwg_query($query);
	688
	689	if (pwg_db_num_rows($result) == 0)
	690	{
	691	return false;
	692	}
	693	else
	694	{
	695	list($user_id) = pwg_db_fetch_row($result);
	696	return $user_id;
	697	}
	698	}
	699
[25728]	700	/**
	701	* Returns a array with default user valuees.
[808]	702	*
[25728]	703	* @param convert_str ceonferts 'true' and 'false' into booleans
	704	* @return array
[808]	705	*/
[25728]	706	function get_default_user_info($convert_str=true)
[808]	707	{
[3126]	708	global $cache, $conf;
[2084]	709
[3126]	710	if (!isset($cache['default_user']))
[1926]	711	{
[20545]	712	$query = '
	713	SELECT *
	714	FROM '.USER_INFOS_TABLE.'
	715	WHERE user_id = '.$conf['default_user_id'].'
	716	;';
[1068]	717
[1926]	718	$result = pwg_query($query);
[2084]	719
[20545]	720	if (pwg_db_num_rows($result) > 0)
[1930]	721	{
[20545]	722	$cache['default_user'] = pwg_db_fetch_assoc($result);
[21802]	723
[3126]	724	unset($cache['default_user']['user_id']);
	725	unset($cache['default_user']['status']);
	726	unset($cache['default_user']['registration_date']);
[1930]	727	}
[20545]	728	else
	729	{
	730	$cache['default_user'] = false;
	731	}
[1926]	732	}
[808]	733
[3126]	734	if (is_array($cache['default_user']) and $convert_str)
[1284]	735	{
[18629]	736	$default_user = $cache['default_user'];
	737	foreach ($default_user as &$value)
[1926]	738	{
[18629]	739	// If the field is true or false, the variable is transformed into a boolean value.
	740	if ($value == 'true')
[1926]	741	{
[18629]	742	$value = true;
[1926]	743	}
[18629]	744	elseif ($value == 'false')
[1926]	745	{
[18629]	746	$value = false;
[1926]	747	}
	748	}
	749	return $default_user;
[1284]	750	}
[1926]	751	else
[1284]	752	{
[3126]	753	return $cache['default_user'];
[1284]	754	}
[1926]	755	}
	756
[25728]	757	/**
	758	* Returns a default user value.
[1926]	759	*
[25728]	760	* @param string $value_name
	761	* @param mixed $default
	762	* @return mixed
[1926]	763	*/
[25728]	764	function get_default_user_value($value_name, $default)
[1926]	765	{
	766	$default_user = get_default_user_info(true);
[5271]	767	if ($default_user === false or empty($default_user[$value_name]))
[1926]	768	{
[25728]	769	return $default;
[1926]	770	}
[1284]	771	else
	772	{
[1926]	773	return $default_user[$value_name];
[1284]	774	}
[1926]	775	}
[1567]	776
[25728]	777	/**
	778	* Returns the default theme.
	779	* If the default theme is not available it returns the first available one.
[1926]	780	*
[25728]	781	* @return string
[1926]	782	*/
[5123]	783	function get_default_theme()
[1926]	784	{
[5982]	785	$theme = get_default_user_value('theme', PHPWG_DEFAULT_TEMPLATE);
	786	if (check_theme_installed($theme))
	787	{
	788	return $theme;
	789	}
[13074]	790
[5982]	791	// let's find the first available theme
[25728]	792	$active_themes = array_keys(get_pwg_themes());
	793	return $active_themes[0];
[1926]	794	}
[808]	795
[25728]	796	/**
	797	* Returns the default language.
[1926]	798	*
[25728]	799	* @return string
[1926]	800	*/
	801	function get_default_language()
	802	{
[2425]	803	return get_default_user_value('language', PHPWG_DEFAULT_LANGUAGE);
[808]	804	}
[817]	805
	806	/**
[25728]	807	* Tries to find the browser language among available languages.
	808	* @todo : try to match 'fr_CA' before 'fr'
	809	*
[29840]	810	* @return string
[25728]	811	*/
[29840]	812	function get_browser_language()
[2411]	813	{
[2572]	814	$browser_language = substr(@$_SERVER["HTTP_ACCEPT_LANGUAGE"], 0, 2);
[2411]	815	foreach (get_languages() as $language_code => $language_name)
	816	{
	817	if (substr($language_code, 0, 2) == $browser_language)
	818	{
[29840]	819	return $language_code;
[2411]	820	}
	821	}
[2425]	822	return false;
[2411]	823	}
	824
	825	/**
[25728]	826	* Creates user informations based on default values.
[1926]	827	*
[25728]	828	* @param int\|int[] $user_ids
	829	* @param array $override_values values used to override default user values
[1926]	830	*/
[25728]	831	function create_user_infos($user_ids, $override_values=null)
[1926]	832	{
	833	global $conf;
	834
[25728]	835	if (!is_array($user_ids))
[1926]	836	{
[25728]	837	$user_ids = array($user_ids);
[1926]	838	}
	839
	840	if (!empty($user_ids))
	841	{
	842	$inserts = array();
[4325]	843	list($dbnow) = pwg_db_fetch_row(pwg_query('SELECT NOW();'));
[1926]	844
	845	$default_user = get_default_user_info(false);
	846	if ($default_user === false)
	847	{
	848	// Default on structure are used
	849	$default_user = array();
	850	}
	851
[1930]	852	if (!is_null($override_values))
	853	{
	854	$default_user = array_merge($default_user, $override_values);
	855	}
	856
[1926]	857	foreach ($user_ids as $user_id)
	858	{
[2084]	859	$level= isset($default_user['level']) ? $default_user['level'] : 0;
[1926]	860	if ($user_id == $conf['webmaster_id'])
	861	{
	862	$status = 'webmaster';
[2084]	863	$level = max( $conf['available_permission_levels'] );
[1926]	864	}
[27388]	865	elseif (($user_id == $conf['guest_id']) or
[1926]	866	($user_id == $conf['default_user_id']))
	867	{
	868	$status = 'guest';
	869	}
	870	else
	871	{
	872	$status = 'normal';
	873	}
	874
[1930]	875	$insert = array_merge(
	876	$default_user,
[1926]	877	array(
	878	'user_id' => $user_id,
	879	'status' => $status,
[2084]	880	'registration_date' => $dbnow,
	881	'level' => $level
[1930]	882	));
[1926]	883
[18629]	884	$inserts[] = $insert;
[2084]	885	}
[1926]	886
	887	mass_inserts(USER_INFOS_TABLE, array_keys($inserts[0]), $inserts);
	888	}
	889	}
	890
	891	/**
[25728]	892	* Returns the auto login key for an user or false if the user is not found.
	893	*
	894	* @param int $user_id
	895	* @param int $time
	896	* @param string &$username fille with corresponding username
	897	* @return string\|false
	898	*/
[2409]	899	function calculate_auto_login_key($user_id, $time, &$username)
[1622]	900	{
	901	global $conf;
	902	$query = '
	903	SELECT '.$conf['user_fields']['username'].' AS username
	904	, '.$conf['user_fields']['password'].' AS password
	905	FROM '.USERS_TABLE.'
	906	WHERE '.$conf['user_fields']['id'].' = '.$user_id;
	907	$result = pwg_query($query);
[4325]	908	if (pwg_db_num_rows($result) > 0)
[1622]	909	{
[4325]	910	$row = pwg_db_fetch_assoc($result);
[4304]	911	$username = stripslashes($row['username']);
[11826]	912	$data = $time.$user_id.$username;
	913	$key = base64_encode( hash_hmac('sha1', $data, $conf['secret_key'].$row['password'],true) );
[1622]	914	return $key;
	915	}
	916	return false;
	917	}
	918
[25728]	919	/**
	920	* Performs all required actions for user login.
	921	*
	922	* @param int $user_id
	923	* @param bool $remember_me
	924	*/
[1068]	925	function log_user($user_id, $remember_me)
	926	{
[1511]	927	global $conf, $user;
[1493]	928
[1641]	929	if ($remember_me and $conf['authorize_remembering'])
[1068]	930	{
[2409]	931	$now = time();
	932	$key = calculate_auto_login_key($user_id, $now, $username);
[1622]	933	if ($key!==false)
[1493]	934	{
[2409]	935	$cookie = $user_id.'-'.$now.'-'.$key;
[27158]	936	setcookie($conf['remember_me_name'],
	937	$cookie,
	938	time()+$conf['remember_me_length'],
	939	cookie_path(),ini_get('session.cookie_domain'),ini_get('session.cookie_secure'),
	940	ini_get('session.cookie_httponly')
	941	);
[2029]	942	}
[1068]	943	}
[1568]	944	else
	945	{ // make sure we clean any remember me ...
[2757]	946	setcookie($conf['remember_me_name'], '', 0, cookie_path(),ini_get('session.cookie_domain'));
[1568]	947	}
	948	if ( session_id()!="" )
[1622]	949	{ // we regenerate the session for security reasons
	950	// see http://www.acros.si/papers/session_fixation.pdf
[6660]	951	session_regenerate_id(true);
[1568]	952	}
	953	else
	954	{
	955	session_start();
	956	}
[1622]	957	$_SESSION['pwg_uid'] = (int)$user_id;
[1511]	958
	959	$user['id'] = $_SESSION['pwg_uid'];
[28587]	960	trigger_notify('user_login', $user['id']);
[1068]	961	}
	962
[25728]	963	/**
	964	* Performs auto-connection when cookie remember_me exists.
	965	*
	966	* @return bool
	967	*/
	968	function auto_login()
	969	{
[1511]	970	global $conf;
	971
[1568]	972	if ( isset( $_COOKIE[$conf['remember_me_name']] ) )
	973	{
[2409]	974	$cookie = explode('-', stripslashes($_COOKIE[$conf['remember_me_name']]));
[2411]	975	if ( count($cookie)===3
[2409]	976	and is_numeric(@$cookie[0]) /user id/
	977	and is_numeric(@$cookie[1]) /time/
	978	and time()-$conf['remember_me_length']<=@$cookie[1]
	979	and time()>=@$cookie[1] /cookie generated in the past/ )
[1568]	980	{
[2409]	981	$key = calculate_auto_login_key( $cookie[0], $cookie[1], $username );
	982	if ($key!==false and $key===$cookie[2])
[1622]	983	{
[2409]	984	log_user($cookie[0], true);
[28587]	985	trigger_notify('login_success', stripslashes($username));
[1622]	986	return true;
	987	}
[1568]	988	}
[2757]	989	setcookie($conf['remember_me_name'], '', 0, cookie_path(),ini_get('session.cookie_domain'));
[1511]	990	}
[1568]	991	return false;
[1511]	992	}
	993
[1744]	994	/**
[25728]	995	* Hashes a password with the PasswordHash class from phpass security library.
	996	* @since 2.5
[18889]	997	*
[25728]	998	* @param string $password plain text
	999	* @return string
[18889]	1000	*/
	1001	function pwg_password_hash($password)
	1002	{
	1003	global $pwg_hasher;
	1004
	1005	if (empty($pwg_hasher))
	1006	{
	1007	require_once(PHPWG_ROOT_PATH.'include/passwordhash.class.php');
[21802]	1008
[18889]	1009	// We use the portable hash feature from phpass because we can't be sure
	1010	// Piwigo runs on PHP 5.3+ (and won't run on an older version in the
	1011	// future)
	1012	$pwg_hasher = new PasswordHash(13, true);
	1013	}
[21802]	1014
[18889]	1015	return $pwg_hasher->HashPassword($password);
	1016	}
	1017
	1018	/**
[25728]	1019	* Verifies a password, with the PasswordHash class from phpass security library.
	1020	* If the hash is 'old' (assumed MD5) the hash is updated in database, used for
	1021	* migration from Piwigo 2.4.
	1022	* @since 2.5
[18889]	1023	*
[25728]	1024	* @param string $password plain text
[18889]	1025	* @param string $hash may be md5 or phpass hashed password
[25728]	1026	* @param integer $user_id only useful to update password hash from md5 to phpass
	1027	* @return bool
[18889]	1028	*/
	1029	function pwg_password_verify($password, $hash, $user_id=null)
	1030	{
	1031	global $conf, $pwg_hasher;
	1032
[18890]	1033	// If the password has not been hashed with the current algorithm.
[25633]	1034	if (strpos($hash, '$P') !== 0)
[18889]	1035	{
[18890]	1036	if (!empty($conf['pass_convert']))
	1037	{
	1038	$check = ($hash == $conf['pass_convert']($password));
	1039	}
	1040	else
	1041	{
	1042	$check = ($hash == md5($password));
	1043	}
[21802]	1044
[22005]	1045	if ($check)
[18889]	1046	{
[22005]	1047	if (!isset($user_id) or $conf['external_authentification'])
	1048	{
	1049	return true;
	1050	}
[28714]	1051
[18889]	1052	// Rehash using new hash.
	1053	$hash = pwg_password_hash($password);
	1054
	1055	single_update(
	1056	USERS_TABLE,
	1057	array('password' => $hash),
	1058	array('id' => $user_id)
	1059	);
	1060	}
	1061	}
	1062
	1063	// If the stored hash is longer than an MD5, presume the
	1064	// new style phpass portable hash.
	1065	if (empty($pwg_hasher))
	1066	{
	1067	require_once(PHPWG_ROOT_PATH.'include/passwordhash.class.php');
[21802]	1068
[18889]	1069	// We use the portable hash feature
	1070	$pwg_hasher = new PasswordHash(13, true);
	1071	}
	1072
	1073	return $pwg_hasher->CheckPassword($password, $hash);
	1074	}
	1075
	1076	/**
[25728]	1077	* Tries to login a user given username and password (must be MySql escaped).
	1078	*
	1079	* @param string $username
	1080	* @param string $password
	1081	* @param bool $remember_me
	1082	* @return bool
[1744]	1083	*/
	1084	function try_log_user($username, $password, $remember_me)
	1085	{
[28587]	1086	return trigger_change('try_log_user', false, $username, $password, $remember_me);
[20282]	1087	}
	1088
[28714]	1089	add_event_handler('try_log_user', 'pwg_login');
[20282]	1090
[25728]	1091	/**
	1092	* Default method for user login, can be overwritten with 'try_log_user' trigger.
	1093	* @see try_log_user()
	1094	*
	1095	* @param string $username
	1096	* @param string $password
	1097	* @param bool $remember_me
	1098	* @return bool
	1099	*/
[20282]	1100	function pwg_login($success, $username, $password, $remember_me)
	1101	{
[21802]	1102	if ($success===true)
[20282]	1103	{
	1104	return true;
	1105	}
[21802]	1106
[11737]	1107	// we force the session table to be clean
	1108	pwg_session_gc();
[13074]	1109
[1744]	1110	global $conf;
	1111	// retrieving the encrypted password of the login submitted
	1112	$query = '
	1113	SELECT '.$conf['user_fields']['id'].' AS id,
	1114	'.$conf['user_fields']['password'].' AS password
	1115	FROM '.USERS_TABLE.'
[4367]	1116	WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\'
[1744]	1117	;';
[4325]	1118	$row = pwg_db_fetch_assoc(pwg_query($query));
[18889]	1119	if ($conf['password_verify']($password, $row['password'], $row['id']))
[1744]	1120	{
	1121	log_user($row['id'], $remember_me);
[28587]	1122	trigger_notify('login_success', stripslashes($username));
[1744]	1123	return true;
	1124	}
[28587]	1125	trigger_notify('login_failure', stripslashes($username));
[1744]	1126	return false;
	1127	}
	1128
[25728]	1129	/**
	1130	* Performs all the cleanup on user logout.
	1131	*/
[2757]	1132	function logout_user()
	1133	{
	1134	global $conf;
[21802]	1135
[28587]	1136	trigger_notify('user_logout', @$_SESSION['pwg_uid']);
[21802]	1137
[2757]	1138	$_SESSION = array();
	1139	session_unset();
	1140	session_destroy();
	1141	setcookie(session_name(),'',0,
	1142	ini_get('session.cookie_path'),
	1143	ini_get('session.cookie_domain')
	1144	);
	1145	setcookie($conf['remember_me_name'], '', 0, cookie_path(),ini_get('session.cookie_domain'));
	1146	}
	1147
[25728]	1148	/**
	1149	* Return user status.
	1150	*
	1151	* @param string $user_status used if $user not initialized
[2029]	1152	* @return string
[25728]	1153	*/
	1154	function get_user_status($user_status='')
[1070]	1155	{
[2029]	1156	global $user;
[1072]	1157
[1854]	1158	if (empty($user_status))
[1075]	1159	{
[1854]	1160	if (isset($user['status']))
	1161	{
	1162	$user_status = $user['status'];
	1163	}
	1164	else
	1165	{
	1166	// swicth to default value
	1167	$user_status = '';
	1168	}
[1075]	1169	}
[2029]	1170	return $user_status;
	1171	}
[1075]	1172
[25728]	1173	/**
	1174	* Return ACCESS_* value for a given $status.
	1175	*
	1176	* @param string $user_status used if $user not initialized
	1177	* @return int one of ACCESS_* constants
	1178	*/
[2029]	1179	function get_access_type_status($user_status='')
	1180	{
	1181	global $conf;
	1182
	1183	switch (get_user_status($user_status))
[1072]	1184	{
[1075]	1185	case 'guest':
[1851]	1186	{
[1854]	1187	$access_type_status =
[2325]	1188	($conf['guest_access'] ? ACCESS_GUEST : ACCESS_FREE);
[1851]	1189	break;
	1190	}
[1075]	1191	case 'generic':
[1072]	1192	{
[1075]	1193	$access_type_status = ACCESS_GUEST;
	1194	break;
[1072]	1195	}
[1075]	1196	case 'normal':
	1197	{
	1198	$access_type_status = ACCESS_CLASSIC;
	1199	break;
	1200	}
	1201	case 'admin':
	1202	{
	1203	$access_type_status = ACCESS_ADMINISTRATOR;
	1204	break;
	1205	}
	1206	case 'webmaster':
	1207	{
	1208	$access_type_status = ACCESS_WEBMASTER;
	1209	break;
	1210	}
[2221]	1211	default:
[1854]	1212	{
[2325]	1213	$access_type_status = ACCESS_FREE;
[2221]	1214	break;
[1854]	1215	}
[1072]	1216	}
	1217
[1085]	1218	return $access_type_status;
[1070]	1219	}
	1220
[25728]	1221	/**
	1222	* Returns if user has access to a particular ACCESS_*
	1223	*
	1224	* @return int $access_type one of ACCESS_* constants
	1225	* @param string $user_status used if $user not initialized
[1085]	1226	* @return bool
[25728]	1227	*/
	1228	function is_autorize_status($access_type, $user_status='')
[1085]	1229	{
[1851]	1230	return (get_access_type_status($user_status) >= $access_type);
[1085]	1231	}
	1232
[25728]	1233	/**
	1234	* Abord script if user has no access to a particular ACCESS_*
	1235	*
	1236	* @return int $access_type one of ACCESS_* constants
	1237	* @param string $user_status used if $user not initialized
	1238	*/
	1239	function check_status($access_type, $user_status='')
[1072]	1240	{
[1851]	1241	if (!is_autorize_status($access_type, $user_status))
[1072]	1242	{
[1113]	1243	access_denied();
[1072]	1244	}
	1245	}
	1246
[25728]	1247	/**
	1248	* Returns if user is generic.
	1249	*
	1250	* @param string $user_status used if $user not initialized
[1072]	1251	* @return bool
[25728]	1252	*/
	1253	function is_generic($user_status='')
[2029]	1254	{
[2163]	1255	return get_user_status($user_status) == 'generic';
[2029]	1256	}
	1257
[25728]	1258	/**
	1259	* Returns if user is a guest.
	1260	*
	1261	* @param string $user_status used if $user not initialized
[2161]	1262	* @return bool
[25728]	1263	*/
	1264	function is_a_guest($user_status='')
[2161]	1265	{
[2163]	1266	return get_user_status($user_status) == 'guest';
[2161]	1267	}
[2163]	1268
[25728]	1269	/**
	1270	* Returns if user is, at least, a classic user.
	1271	*
	1272	* @param string $user_status used if $user not initialized
[2029]	1273	* @return bool
[25728]	1274	*/
	1275	function is_classic_user($user_status='')
[2029]	1276	{
	1277	return is_autorize_status(ACCESS_CLASSIC, $user_status);
	1278	}
	1279
[25728]	1280	/**
	1281	* Returns if user is, at least, an administrator.
	1282	*
	1283	* @param string $user_status used if $user not initialized
[2029]	1284	* @return bool
[25728]	1285	*/
	1286	function is_admin($user_status='')
[1072]	1287	{
[1851]	1288	return is_autorize_status(ACCESS_ADMINISTRATOR, $user_status);
[1072]	1289	}
	1290
[25728]	1291	/**
	1292	* Returns if user is a webmaster.
	1293	*
	1294	* @param string $user_status used if $user not initialized
[5272]	1295	* @return bool
[25728]	1296	*/
	1297	function is_webmaster($user_status='')
[5272]	1298	{
	1299	return is_autorize_status(ACCESS_WEBMASTER, $user_status);
	1300	}
	1301
[25728]	1302	/**
	1303	* Returns if current user can edit/delete/validate a comment.
	1304	*
	1305	* @param string $action edit/delete/validate
	1306	* @param int $comment_author_id
[3445]	1307	* @return bool
	1308	*/
[3622]	1309	function can_manage_comment($action, $comment_author_id)
[3445]	1310	{
[5195]	1311	global $user, $conf;
[13074]	1312
[5195]	1313	if (is_a_guest())
	1314	{
[3445]	1315	return false;
	1316	}
[13074]	1317
[5195]	1318	if (!in_array($action, array('delete','edit', 'validate')))
	1319	{
	1320	return false;
	1321	}
	1322
	1323	if (is_admin())
	1324	{
	1325	return true;
	1326	}
	1327
	1328	if ('edit' == $action and $conf['user_can_edit_comment'])
	1329	{
	1330	if ($comment_author_id == $user['id']) {
	1331	return true;
	1332	}
	1333	}
	1334
	1335	if ('delete' == $action and $conf['user_can_delete_comment'])
	1336	{
	1337	if ($comment_author_id == $user['id']) {
	1338	return true;
	1339	}
	1340	}
	1341
	1342	return false;
[3445]	1343	}
	1344
[25728]	1345	/**
	1346	* Compute sql WHERE condition with restrict and filter data.
	1347	* "FandF" means Forbidden and Filters.
[1677]	1348	*
[25728]	1349	* @param array $condition_fields one witch fields apply each filter
	1350	* - forbidden_categories
	1351	* - visible_categories
	1352	* - forbidden_images
	1353	* - visible_images
	1354	* @param string $prefix_condition prefixes query if condition is not empty
	1355	* @param boolean $force_one_condition use at least "1 = 1"
	1356	* @return string
[1677]	1357	*/
[1817]	1358	function get_sql_condition_FandF(
	1359	$condition_fields,
	1360	$prefix_condition = null,
	1361	$force_one_condition = false
	1362	)
[1677]	1363	{
	1364	global $user, $filter;
	1365
	1366	$sql_list = array();
	1367
	1368	foreach ($condition_fields as $condition => $field_name)
	1369	{
	1370	switch($condition)
	1371	{
	1372	case 'forbidden_categories':
[1817]	1373	{
[1677]	1374	if (!empty($user['forbidden_categories']))
	1375	{
[1817]	1376	$sql_list[] =
	1377	$field_name.' NOT IN ('.$user['forbidden_categories'].')';
[1677]	1378	}
	1379	break;
[1817]	1380	}
[1677]	1381	case 'visible_categories':
[1817]	1382	{
[1677]	1383	if (!empty($filter['visible_categories']))
	1384	{
[1817]	1385	$sql_list[] =
	1386	$field_name.' IN ('.$filter['visible_categories'].')';
[1677]	1387	}
	1388	break;
[1817]	1389	}
[1677]	1390	case 'visible_images':
	1391	if (!empty($filter['visible_images']))
	1392	{
[1817]	1393	$sql_list[] =
	1394	$field_name.' IN ('.$filter['visible_images'].')';
[1677]	1395	}
[2084]	1396	// note there is no break - visible include forbidden
	1397	case 'forbidden_images':
	1398	if (
	1399	!empty($user['image_access_list'])
	1400	or $user['image_access_type']!='NOT IN'
	1401	)
	1402	{
	1403	$table_prefix=null;
	1404	if ($field_name=='id')
	1405	{
	1406	$table_prefix = '';
	1407	}
	1408	elseif ($field_name=='i.id')
	1409	{
	1410	$table_prefix = 'i.';
	1411	}
	1412	if ( isset($table_prefix) )
	1413	{
	1414	$sql_list[]=$table_prefix.'level<='.$user['level'];
	1415	}
[21801]	1416	elseif ( !empty($user['image_access_list']) and !empty($user['image_access_type']) )
[2084]	1417	{
	1418	$sql_list[]=$field_name.' '.$user['image_access_type']
	1419	.' ('.$user['image_access_list'].')';
	1420	}
	1421	}
[1677]	1422	break;
	1423	default:
[1817]	1424	{
[1677]	1425	die('Unknow condition');
	1426	break;
[1817]	1427	}
[1677]	1428	}
	1429	}
	1430
	1431	if (count($sql_list) > 0)
	1432	{
	1433	$sql = '('.implode(' AND ', $sql_list).')';
	1434	}
	1435	else
	1436	{
[2824]	1437	$sql = $force_one_condition ? '1 = 1' : '';
[1677]	1438	}
	1439
	1440	if (isset($prefix_condition) and !empty($sql))
	1441	{
	1442	$sql = $prefix_condition.' '.$sql;
	1443	}
	1444
	1445	return $sql;
	1446	}
	1447
[28714]	1448	/**
[25728]	1449	* Returns sql WHERE condition for recent photos/albums for current user.
	1450	*
	1451	* @param string $db_field
	1452	* @return string
	1453	*/
[21802]	1454	function get_recent_photos_sql($db_field)
	1455	{
	1456	global $user;
	1457	if (!isset($user['last_photo_date']))
	1458	{
	1459	return '0=1';
	1460	}
	1461	return $db_field.'>=LEAST('
	1462	.pwg_db_get_recent_period_expression($user['recent_period'])
	1463	.','.pwg_db_get_recent_period_expression(1,$user['last_photo_date']).')';
	1464	}
[25728]	1465	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: