Context Navigation

source: trunk/include/functions_user.inc.php @ 4398

Last change on this file since 4398 was 4385, checked in by nikrou, 15 years ago

Feature_1255 :

single quotes in queries
start using $confdblayer

Property svn:eol-style set to LF

File size: 32.9 KB

Rev	Line
[2]	1	<?php
[362]	2	// +-----------------------------------------------------------------------+
[2297]	3	// \| Piwigo - a PHP based picture gallery \|
	4	// +-----------------------------------------------------------------------+
[3049]	5	// \| Copyright(C) 2008-2009 Piwigo Team http://piwigo.org \|
[2297]	6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
	7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
	8	// +-----------------------------------------------------------------------+
	9	// \| This program is free software; you can redistribute it and/or modify \|
	10	// \| it under the terms of the GNU General Public License as published by \|
	11	// \| the Free Software Foundation \|
	12	// \| \|
	13	// \| This program is distributed in the hope that it will be useful, but \|
	14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	16	// \| General Public License for more details. \|
	17	// \| \|
	18	// \| You should have received a copy of the GNU General Public License \|
	19	// \| along with this program; if not, write to the Free Software \|
	20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	21	// \| USA. \|
	22	// +-----------------------------------------------------------------------+
[2]	23
[2115]	24	// validate_mail_address:
	25	// o verifies whether the given mail address has the
	26	// right format. ie someone@domain.com "someone" can contain ".", "-" or
	27	// even "_". Exactly as "domain". The extension doesn't have to be
	28	// "com". The mail address can also be empty.
	29	// o check if address could be empty
	30	// o check if address is not used by a other user
[9]	31	// If the mail address doesn't correspond, an error message is returned.
[2127]	32	//
[2124]	33	function validate_mail_address($user_id, $mail_address)
[2]	34	{
[2115]	35	global $conf;
[2]	36
[2032]	37	if (empty($mail_address) and
[2127]	38	!($conf['obligatory_user_mail_address'] and
[2124]	39	in_array(script_basename(), array('register', 'profile'))))
[2]	40	{
[9]	41	return '';
[2]	42	}
[2115]	43
[2507]	44	$atom = '[-a-z0-9!#$%&\'*+\\/=?^_`{\|}~]'; // before arobase
[2572]	45	$domain = '([a-z0-9]([-a-z0-9]*[a-z0-9]+)?)'; // domain name
[2507]	46	$regex = '/^' . $atom . '+' . '(\.' . $atom . '+)*' . '@' . '(' . $domain . '{1,63}\.)+' . $domain . '{2,63}$/i';
	47
[9]	48	if ( !preg_match( $regex, $mail_address ) )
	49	{
[2115]	50	return l10n('reg_err_mail_address');
[9]	51	}
[2127]	52
[2115]	53	if (defined("PHPWG_INSTALLED") and !empty($mail_address))
	54	{
	55	$query = '
	56	select count(*)
	57	from '.USERS_TABLE.'
	58	where upper('.$conf['user_fields']['email'].') = upper(\''.$mail_address.'\')
[2124]	59	'.(is_numeric($user_id) ? 'and '.$conf['user_fields']['id'].' != \''.$user_id.'\'' : '').'
[2115]	60	;';
[4325]	61	list($count) = pwg_db_fetch_row(pwg_query($query));
[2115]	62	if ($count != 0)
	63	{
	64	return l10n('reg_err_mail_address_dbl');
	65	}
	66	}
[2]	67	}
	68
[2178]	69	function register_user($login, $password, $mail_address,
	70	$with_notification = true, $errors = array())
[2]	71	{
[2115]	72	global $conf;
[2]	73
[661]	74	if ($login == '')
	75	{
[2115]	76	array_push($errors, l10n('reg_err_login1'));
[661]	77	}
[3747]	78	if (preg_match('/^.* $/', $login))
[661]	79	{
[2115]	80	array_push($errors, l10n('reg_err_login2'));
[661]	81	}
[3747]	82	if (preg_match('/^ .*$/', $login))
[661]	83	{
[2115]	84	array_push($errors, l10n('reg_err_login3'));
[661]	85	}
[808]	86	if (get_userid($login))
[804]	87	{
[2115]	88	array_push($errors, l10n('reg_err_login5'));
[2]	89	}
[2124]	90	$mail_error = validate_mail_address(null, $mail_address);
[808]	91	if ('' != $mail_error)
[661]	92	{
[808]	93	array_push($errors, $mail_error);
[661]	94	}
[2]	95
[2237]	96	$errors = trigger_event('register_user_check',
	97	$errors,
	98	array(
[2268]	99	'username'=>$login,
[2237]	100	'password'=>$password,
	101	'email'=>$mail_address,
	102	)
	103	);
	104
[9]	105	// if no error until here, registration of the user
[661]	106	if (count($errors) == 0)
[2]	107	{
[906]	108	// what will be the inserted id ?
	109	$query = '
	110	SELECT MAX('.$conf['user_fields']['id'].') + 1
	111	FROM '.USERS_TABLE.'
	112	;';
[4325]	113	list($next_id) = pwg_db_fetch_row(pwg_query($query));
[1068]	114
[808]	115	$insert =
	116	array(
[906]	117	$conf['user_fields']['id'] => $next_id,
[4325]	118	$conf['user_fields']['username'] => pwg_db_real_escape_string($login),
[808]	119	$conf['user_fields']['password'] => $conf['pass_convert']($password),
	120	$conf['user_fields']['email'] => $mail_address
	121	);
[661]	122
[808]	123	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
	124	mass_inserts(USERS_TABLE, array_keys($insert), array($insert));
[1068]	125
[2178]	126	// Assign by default groups
	127	{
	128	$query = '
[1583]	129	SELECT id
	130	FROM '.GROUPS_TABLE.'
	131	WHERE is_default = \''.boolean_to_string(true).'\'
	132	ORDER BY id ASC
	133	;';
[2178]	134	$result = pwg_query($query);
[1581]	135
[2178]	136	$inserts = array();
[4325]	137	while ($row = pwg_db_fetch_assoc($result))
[2178]	138	{
	139	array_push
[1583]	140	(
[2178]	141	$inserts,
	142	array
	143	(
	144	'user_id' => $next_id,
	145	'group_id' => $row['id']
	146	)
	147	);
	148	}
[1583]	149	}
[1581]	150
[1583]	151	if (count($inserts) != 0)
	152	{
[1581]	153	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
[1583]	154	mass_inserts(USER_GROUP_TABLE, array('user_id', 'group_id'), $inserts);
[1581]	155	}
	156
[2425]	157	$override = null;
	158	if ($with_notification and $conf['browser_language'])
	159	{
	160	if ( !get_browser_language($override['language']) )
	161	$override=null;
	162	}
	163	create_user_infos($next_id, $override);
[1605]	164
[2178]	165	if ($with_notification and $conf['email_admin_on_new_user'])
	166	{
	167	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
	168	$admin_url = get_absolute_root_url()
[2268]	169	.'admin.php?page=user_list&username='.$login;
[2178]	170
	171	$keyargs_content = array
	172	(
[4304]	173	get_l10n_args('User: %s', stripslashes($login)),
[2178]	174	get_l10n_args('Email: %s', $_POST['mail_address']),
	175	get_l10n_args('', ''),
	176	get_l10n_args('Admin: %s', $admin_url)
	177	);
	178
	179	pwg_mail_notification_admins
	180	(
[4304]	181	get_l10n_args('Registration of %s', stripslashes($login)),
[2178]	182	$keyargs_content
	183	);
	184	}
	185
[1605]	186	trigger_action('register_user',
	187	array(
	188	'id'=>$next_id,
	189	'username'=>$login,
	190	'email'=>$mail_address,
	191	)
	192	);
[2]	193	}
[906]	194
[661]	195	return $errors;
[2]	196	}
	197
[1677]	198	function build_user( $user_id, $use_cache )
[1568]	199	{
	200	global $conf;
[2038]	201
[1568]	202	$user['id'] = $user_id;
[1677]	203	$user = array_merge( $user, getuserdata($user_id, $use_cache) );
[1926]	204
[2055]	205	if ($user['id'] == $conf['guest_id'] and $user['status'] <> 'guest')
	206	{
	207	$user['status'] = 'guest';
	208	$user['internal_status']['guest_must_be_guest'] = true;
	209	}
	210
[1568]	211	// calculation of the number of picture to display per page
	212	$user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page'];
	213
[2039]	214	list($user['template'], $user['theme']) = explode('/', $user['template']);
	215
[1568]	216	return $user;
	217	}
	218
[808]	219	/**
	220	* find informations related to the user identifier
	221	*
	222	* @param int user identifier
	223	* @param boolean use_cache
	224	* @param array
	225	*/
[1677]	226	function getuserdata($user_id, $use_cache)
[393]	227	{
[808]	228	global $conf;
	229
	230	$userdata = array();
[1068]	231
[808]	232	$query = '
	233	SELECT ';
	234	$is_first = true;
	235	foreach ($conf['user_fields'] as $pwgfield => $dbfield)
	236	{
	237	if ($is_first)
	238	{
	239	$is_first = false;
	240	}
	241	else
	242	{
	243	$query.= '
	244	, ';
	245	}
	246	$query.= $dbfield.' AS '.$pwgfield;
	247	}
	248	$query.= '
	249	FROM '.USERS_TABLE.'
[3622]	250	WHERE '.$conf['user_fields']['id'].' = \''.$user_id.'\'';
[1068]	251
[4325]	252	$row = pwg_db_fetch_assoc(pwg_query($query));
[808]	253
	254	while (true)
	255	{
	256	$query = '
	257	SELECT ui., uc.
	258	FROM '.USER_INFOS_TABLE.' AS ui LEFT JOIN '.USER_CACHE_TABLE.' AS uc
	259	ON ui.user_id = uc.user_id
[3622]	260	WHERE ui.user_id = \''.$user_id.'\'';
[808]	261	$result = pwg_query($query);
[4325]	262	if (pwg_db_num_rows($result) > 0)
[808]	263	{
	264	break;
	265	}
	266	else
	267	{
	268	create_user_infos($user_id);
	269	}
	270	}
[1068]	271
[4325]	272	$row = array_merge($row, pwg_db_fetch_assoc($result));
[1068]	273
[808]	274	foreach ($row as $key => $value)
	275	{
	276	if (!is_numeric($key))
	277	{
	278	// If the field is true or false, the variable is transformed into a
	279	// boolean value.
	280	if ($value == 'true' or $value == 'false')
	281	{
	282	$userdata[$key] = get_boolean($value);
	283	}
	284	else
	285	{
	286	$userdata[$key] = $value;
	287	}
	288	}
	289	}
	290
	291	if ($use_cache)
	292	{
	293	if (!isset($userdata['need_update'])
	294	or !is_bool($userdata['need_update'])
[1677]	295	or $userdata['need_update'] == true)
[808]	296	{
[2448]	297	$userdata['cache_update_time'] = time();
	298
	299	// Set need update are done
	300	$userdata['need_update'] = false;
	301
[808]	302	$userdata['forbidden_categories'] =
	303	calculate_permissions($userdata['id'], $userdata['status']);
	304
[2084]	305	/* now we build the list of forbidden images (this list does not contain
	306	images that are not in at least an authorized category)*/
	307	$query = '
	308	SELECT DISTINCT(id)
	309	FROM '.IMAGES_TABLE.' INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id=image_id
	310	WHERE category_id NOT IN ('.$userdata['forbidden_categories'].')
	311	AND level>'.$userdata['level'];
	312	$forbidden_ids = array_from_query($query, 'id');
	313
	314	if ( empty($forbidden_ids) )
	315	{
	316	array_push( $forbidden_ids, 0 );
	317	}
	318	$userdata['image_access_type'] = 'NOT IN'; //TODO maybe later
	319	$userdata['image_access_list'] = implode(',',$forbidden_ids);
	320
[1624]	321
[1081]	322	$query = '
	323	SELECT COUNT(DISTINCT(image_id)) as total
	324	FROM '.IMAGE_CATEGORY_TABLE.'
	325	WHERE category_id NOT IN ('.$userdata['forbidden_categories'].')
[3622]	326	AND image_id '.$userdata['image_access_type'].' ('.$userdata['image_access_list'].')';
[4325]	327	list($userdata['nb_total_images']) = pwg_db_fetch_row(pwg_query($query));
[1081]	328
[3622]	329
	330	// now we update user cache categories
	331	$user_cache_cats = get_computed_categories($userdata, null);
	332	if ( !is_admin($userdata['status']) )
	333	{ // for non admins we forbid categories with no image (feature 1053)
	334	$forbidden_ids = array();
[3640]	335	foreach ($user_cache_cats as $cat)
[3622]	336	{
	337	if ($cat['count_images']==0)
	338	{
[3640]	339	array_push($forbidden_ids, $cat['cat_id']);
	340	unset( $user_cache_cats[$cat['cat_id']] );
[3622]	341	}
	342	}
	343	if ( !empty($forbidden_ids) )
	344	{
	345	if ( empty($userdata['forbidden_categories']) )
	346	{
	347	$userdata['forbidden_categories'] = implode(',', $forbidden_ids);
	348	}
	349	else
	350	{
	351	$userdata['forbidden_categories'] .= ','.implode(',', $forbidden_ids);
	352	}
	353	}
	354	}
	355
	356	// delete user cache
	357	$query = '
	358	DELETE FROM '.USER_CACHE_CATEGORIES_TABLE.'
	359	WHERE user_id = '.$userdata['id'];
	360	pwg_query($query);
	361
	362	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
	363	mass_inserts
	364	(
	365	USER_CACHE_CATEGORIES_TABLE,
	366	array
	367	(
	368	'user_id', 'cat_id',
	369	'date_last', 'max_date_last', 'nb_images', 'count_images', 'count_categories'
	370	),
	371	$user_cache_cats
	372	);
	373
	374
[808]	375	// update user cache
	376	$query = '
	377	DELETE FROM '.USER_CACHE_TABLE.'
[3622]	378	WHERE user_id = '.$userdata['id'];
[808]	379	pwg_query($query);
[1068]	380
[808]	381	$query = '
	382	INSERT INTO '.USER_CACHE_TABLE.'
[2448]	383	(user_id, need_update, cache_update_time, forbidden_categories, nb_total_images,
[2084]	384	image_access_type, image_access_list)
[808]	385	VALUES
[2448]	386	('.$userdata['id'].',\''.boolean_to_string($userdata['need_update']).'\','
	387	.$userdata['cache_update_time'].',\''
[4367]	388	.$userdata['forbidden_categories'].'\','.$userdata['nb_total_images'].',\''
	389	.$userdata['image_access_type'].'\',\''.$userdata['image_access_list'].'\')';
[808]	390	pwg_query($query);
	391	}
	392	}
	393
	394	return $userdata;
[393]	395	}
[647]	396
	397	/*
	398	* deletes favorites of the current user if he's not allowed to see them
	399	*
	400	* @return void
	401	*/
	402	function check_user_favorites()
	403	{
	404	global $user;
	405
	406	if ($user['forbidden_categories'] == '')
	407	{
	408	return;
	409	}
[832]	410
[1677]	411	// $filter['visible_categories'] and $filter['visible_images']
	412	// must be not used because filter <> restriction
[832]	413	// retrieving images allowed : belonging to at least one authorized
	414	// category
[647]	415	$query = '
[832]	416	SELECT DISTINCT f.image_id
[647]	417	FROM '.FAVORITES_TABLE.' AS f INNER JOIN '.IMAGE_CATEGORY_TABLE.' AS ic
	418	ON f.image_id = ic.image_id
	419	WHERE f.user_id = '.$user['id'].'
[1677]	420	'.get_sql_condition_FandF
	421	(
	422	array
	423	(
	424	'forbidden_categories' => 'ic.category_id',
	425	),
	426	'AND'
	427	).'
[647]	428	;';
	429	$result = pwg_query($query);
[832]	430	$authorizeds = array();
[4325]	431	while ($row = pwg_db_fetch_assoc($result))
[647]	432	{
[832]	433	array_push($authorizeds, $row['image_id']);
[647]	434	}
	435
[832]	436	$query = '
	437	SELECT image_id
	438	FROM '.FAVORITES_TABLE.'
	439	WHERE user_id = '.$user['id'].'
	440	;';
	441	$result = pwg_query($query);
	442	$favorites = array();
[4325]	443	while ($row = pwg_db_fetch_assoc($result))
[647]	444	{
[832]	445	array_push($favorites, $row['image_id']);
	446	}
	447
	448	$to_deletes = array_diff($favorites, $authorizeds);
	449
	450	if (count($to_deletes) > 0)
	451	{
[647]	452	$query = '
	453	DELETE FROM '.FAVORITES_TABLE.'
[832]	454	WHERE image_id IN ('.implode(',', $to_deletes).')
[647]	455	AND user_id = '.$user['id'].'
	456	;';
	457	pwg_query($query);
	458	}
	459	}
[648]	460
	461	/**
[808]	462	* calculates the list of forbidden categories for a given user
[648]	463	*
[808]	464	* Calculation is based on private categories minus categories authorized to
	465	* the groups the user belongs to minus the categories directly authorized
	466	* to the user. The list contains at least -1 to be compliant with queries
	467	* such as "WHERE category_id NOT IN ($forbidden_categories)"
[648]	468	*
	469	* @param int user_id
[680]	470	* @param string user_status
[648]	471	* @return string forbidden_categories
	472	*/
[680]	473	function calculate_permissions($user_id, $user_status)
[648]	474	{
	475	$private_array = array();
	476	$authorized_array = array();
	477
	478	$query = '
	479	SELECT id
	480	FROM '.CATEGORIES_TABLE.'
	481	WHERE status = \'private\'
	482	;';
	483	$result = pwg_query($query);
[4325]	484	while ($row = pwg_db_fetch_assoc($result))
[648]	485	{
	486	array_push($private_array, $row['id']);
	487	}
[680]	488
[648]	489	// retrieve category ids directly authorized to the user
	490	$query = '
	491	SELECT cat_id
	492	FROM '.USER_ACCESS_TABLE.'
	493	WHERE user_id = '.$user_id.'
	494	;';
[808]	495	$authorized_array = array_from_query($query, 'cat_id');
[648]	496
	497	// retrieve category ids authorized to the groups the user belongs to
	498	$query = '
	499	SELECT cat_id
	500	FROM '.USER_GROUP_TABLE.' AS ug INNER JOIN '.GROUP_ACCESS_TABLE.' AS ga
	501	ON ug.group_id = ga.group_id
	502	WHERE ug.user_id = '.$user_id.'
	503	;';
[808]	504	$authorized_array =
	505	array_merge(
	506	$authorized_array,
	507	array_from_query($query, 'cat_id')
	508	);
[648]	509
	510	// uniquify ids : some private categories might be authorized for the
	511	// groups and for the user
	512	$authorized_array = array_unique($authorized_array);
	513
	514	// only unauthorized private categories are forbidden
	515	$forbidden_array = array_diff($private_array, $authorized_array);
	516
[1117]	517	// if user is not an admin, locked categories are forbidden
[1851]	518	if (!is_admin($user_status))
[1117]	519	{
	520	$query = '
	521	SELECT id
	522	FROM '.CATEGORIES_TABLE.'
	523	WHERE visible = \'false\'
	524	;';
	525	$result = pwg_query($query);
[4325]	526	while ($row = pwg_db_fetch_assoc($result))
[1117]	527	{
	528	array_push($forbidden_array, $row['id']);
	529	}
	530	$forbidden_array = array_unique($forbidden_array);
	531	}
[1068]	532
[1117]	533	if ( empty($forbidden_array) )
[1331]	534	{// at least, the list contains 0 value. This category does not exists so
	535	// where clauses such as "WHERE category_id NOT IN(0)" will always be
[1117]	536	// true.
[1331]	537	array_push($forbidden_array, 0);
[1117]	538	}
	539
[808]	540	return implode(',', $forbidden_array);
[648]	541	}
[708]	542
	543	/**
[1677]	544	* compute data of categories branches (one branch only)
[1624]	545	*/
[1640]	546	function compute_branch_cat_data(&$cats, &$list_cat_id, &$level, &$ref_level)
[1624]	547	{
[1640]	548	$date = '';
	549	$count_images = 0;
	550	$count_categories = 0;
	551	do
[1624]	552	{
[1640]	553	$cat_id = array_pop($list_cat_id);
	554	if (!is_null($cat_id))
[1624]	555	{
[1640]	556	// Count images and categories
	557	$cats[$cat_id]['count_images'] += $count_images;
	558	$cats[$cat_id]['count_categories'] += $count_categories;
	559	$count_images = $cats[$cat_id]['count_images'];
	560	$count_categories = $cats[$cat_id]['count_categories'] + 1;
	561
	562	if ((empty($cats[$cat_id]['max_date_last'])) or ($cats[$cat_id]['max_date_last'] < $date))
[1624]	563	{
[1640]	564	$cats[$cat_id]['max_date_last'] = $date;
[1624]	565	}
	566	else
	567	{
[1640]	568	$date = $cats[$cat_id]['max_date_last'];
[1624]	569	}
[1640]	570	$ref_level = substr_count($cats[$cat_id]['global_rank'], '.') + 1;
	571	}
	572	else
[1624]	573	{
[1640]	574	$ref_level = 0;
[1624]	575	}
[1640]	576	} while ($level <= $ref_level);
	577
	578	// Last cat updating must be added to list for next branch
	579	if ($ref_level <> 0)
	580	{
	581	array_push($list_cat_id, $cat_id);
[1624]	582	}
[1640]	583	}
[1624]	584
[1640]	585	/**
[1677]	586	* compute data of categories branches
[1640]	587	*/
[1677]	588	function compute_categories_data(&$cats)
[1640]	589	{
[1677]	590	$ref_level = 0;
	591	$level = 0;
	592	$list_cat_id = array();
[1624]	593
[1677]	594	foreach ($cats as $id => $category)
[1624]	595	{
[1677]	596	// Compute
	597	$level = substr_count($category['global_rank'], '.') + 1;
	598	if ($level > $ref_level)
	599	{
	600	array_push($list_cat_id, $id);
	601	}
	602	else
	603	{
	604	compute_branch_cat_data($cats, $list_cat_id, $level, $ref_level);
	605	array_push($list_cat_id, $id);
	606	}
	607	$ref_level = $level;
[1624]	608	}
[1651]	609
[1677]	610	$level = 1;
	611	compute_branch_cat_data($cats, $list_cat_id, $level, $ref_level);
	612	}
[1651]	613
[1677]	614	/**
	615	* get computed array of categories
	616	*
[1860]	617	* @param array userdata
	618	* @param int filter_days number of recent days to filter on or null
[1677]	619	* @return array
	620	*/
[1860]	621	function get_computed_categories($userdata, $filter_days=null)
[1677]	622	{
[1860]	623	$query = 'SELECT c.id cat_id, global_rank';
[2084]	624	// Count by date_available to avoid count null
	625	$query .= ',
[2324]	626	MAX(date_available) date_last, COUNT(date_available) nb_images
[2084]	627	FROM '.CATEGORIES_TABLE.' as c
	628	LEFT JOIN '.IMAGE_CATEGORY_TABLE.' AS ic ON ic.category_id = c.id
	629	LEFT JOIN '.IMAGES_TABLE.' AS i
	630	ON ic.image_id = i.id
	631	AND i.level<='.$userdata['level'];
	632
	633	if ( isset($filter_days) )
[1651]	634	{
[4367]	635	$query .= ' AND i.date_available > '.pwg_db_get_recent_period_expression($filter_days);
[1651]	636	}
	637
[1860]	638	if ( !empty($userdata['forbidden_categories']) )
[1651]	639	{
	640	$query.= '
[1860]	641	WHERE c.id NOT IN ('.$userdata['forbidden_categories'].')';
[1651]	642	}
	643
[2324]	644	$query.= '
[4385]	645	GROUP BY c.id, c.global_rank';
[1624]	646
	647	$result = pwg_query($query);
	648
	649	$cats = array();
[4325]	650	while ($row = pwg_db_fetch_assoc($result))
[1624]	651	{
[1860]	652	$row['user_id'] = $userdata['id'];
[1641]	653	$row['count_categories'] = 0;
[2324]	654	$row['count_images'] = (int)$row['nb_images'];
	655	$row['max_date_last'] = $row['date_last'];
[1860]	656
[1624]	657	$cats += array($row['cat_id'] => $row);
	658	}
[3642]	659	uasort($cats, 'global_rank_compare');
[1624]	660
[1677]	661	compute_categories_data($cats);
[1624]	662
[1860]	663	if ( isset($filter_days) )
[1624]	664	{
[1651]	665	$cat_tmp = $cats;
	666	$cats = array();
[1860]	667
[1677]	668	foreach ($cat_tmp as $category)
[1651]	669	{
[1677]	670	if (!empty($category['max_date_last']))
[1651]	671	{
[1677]	672	// Re-init counters
	673	$category['count_categories'] = 0;
[2324]	674	$category['count_images'] = (int)$category['nb_images'];
[1677]	675	// Keep category
	676	$cats[$category['cat_id']] = $category;
[1651]	677	}
	678	}
[1677]	679	// Compute a second time
	680	compute_categories_data($cats);
[1651]	681	}
[1677]	682	return $cats;
	683	}
	684
	685	/**
[808]	686	* returns user identifier thanks to his name, false if not found
	687	*
	688	* @param string username
	689	* @param int user identifier
	690	*/
	691	function get_userid($username)
	692	{
	693	global $conf;
	694
[4325]	695	$username = pwg_db_real_escape_string($username);
[808]	696
	697	$query = '
	698	SELECT '.$conf['user_fields']['id'].'
	699	FROM '.USERS_TABLE.'
	700	WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
	701	;';
	702	$result = pwg_query($query);
	703
[4325]	704	if (pwg_db_num_rows($result) == 0)
[808]	705	{
	706	return false;
	707	}
	708	else
	709	{
[4325]	710	list($user_id) = pwg_db_fetch_row($result);
[808]	711	return $user_id;
	712	}
	713	}
	714
	715	/**
[801]	716	* search an available feed_id
	717	*
	718	* @return string feed identifier
	719	*/
	720	function find_available_feed_id()
	721	{
	722	while (true)
	723	{
	724	$key = generate_key(50);
	725	$query = '
	726	SELECT COUNT(*)
[833]	727	FROM '.USER_FEED_TABLE.'
	728	WHERE id = \''.$key.'\'
[801]	729	;';
[4325]	730	list($count) = pwg_db_fetch_row(pwg_query($query));
[801]	731	if (0 == $count)
	732	{
	733	return $key;
	734	}
	735	}
	736	}
[808]	737
[1926]	738	/*
	739	* Returns a array with default user value
[808]	740	*
[1926]	741	* @param convert_str allows to convert string value if necessary
[808]	742	*/
[1926]	743	function get_default_user_info($convert_str = true)
[808]	744	{
[3126]	745	global $cache, $conf;
[2084]	746
[3126]	747	if (!isset($cache['default_user']))
[1926]	748	{
[3126]	749	$query = 'SELECT * FROM '.USER_INFOS_TABLE.
	750	' WHERE user_id = '.$conf['default_user_id'].';';
[1068]	751
[1926]	752	$result = pwg_query($query);
[4325]	753	$cache['default_user'] = pwg_db_fetch_assoc($result);
[2084]	754
[3126]	755	if ($cache['default_user'] !== false)
[1930]	756	{
[3126]	757	unset($cache['default_user']['user_id']);
	758	unset($cache['default_user']['status']);
	759	unset($cache['default_user']['registration_date']);
[1930]	760	}
[1926]	761	}
[808]	762
[3126]	763	if (is_array($cache['default_user']) and $convert_str)
[1284]	764	{
[1926]	765	$default_user = array();
[3126]	766	foreach ($cache['default_user'] as $name => $value)
[1926]	767	{
	768	// If the field is true or false, the variable is transformed into a
	769	// boolean value.
	770	if ($value == 'true' or $value == 'false')
	771	{
	772	$default_user[$name] = get_boolean($value);
	773	}
	774	else
	775	{
	776	$default_user[$name] = $value;
	777	}
	778	}
	779	return $default_user;
[1284]	780	}
[1926]	781	else
[1284]	782	{
[3126]	783	return $cache['default_user'];
[1284]	784	}
[1926]	785	}
	786
	787	/*
	788	* Returns a default user value
	789	*
	790	* @param value_name: name of value
	791	* @param sos_value: value used if don't exist value
	792	*/
	793	function get_default_user_value($value_name, $sos_value)
	794	{
	795	$default_user = get_default_user_info(true);
	796	if ($default_user === false or !isset($default_user[$value_name]))
	797	{
	798	return $sos_value;
	799	}
[1284]	800	else
	801	{
[1926]	802	return $default_user[$value_name];
[1284]	803	}
[1926]	804	}
[1567]	805
[1926]	806	/*
	807	* Returns the default template value
	808	*
	809	*/
	810	function get_default_template()
	811	{
	812	return get_default_user_value('template', PHPWG_DEFAULT_TEMPLATE);
	813	}
[808]	814
[1926]	815	/*
	816	* Returns the default language value
	817	*
	818	*/
	819	function get_default_language()
	820	{
[2425]	821	return get_default_user_value('language', PHPWG_DEFAULT_LANGUAGE);
[808]	822	}
[817]	823
	824	/**
[2425]	825	* Returns true if the browser language value is set into param $lang
[2411]	826	*
	827	*/
[2425]	828	function get_browser_language(&$lang)
[2411]	829	{
[2572]	830	$browser_language = substr(@$_SERVER["HTTP_ACCEPT_LANGUAGE"], 0, 2);
[2411]	831	foreach (get_languages() as $language_code => $language_name)
	832	{
	833	if (substr($language_code, 0, 2) == $browser_language)
	834	{
[2425]	835	$lang = $language_code;
	836	return true;
[2411]	837	}
	838	}
[2425]	839	return false;
[2411]	840	}
	841
	842	/**
[1926]	843	* add user informations based on default values
	844	*
	845	* @param int user_id / array of user_if
[1930]	846	* @param array of values used to override default user values
[1926]	847	*/
[1930]	848	function create_user_infos($arg_id, $override_values = null)
[1926]	849	{
	850	global $conf;
	851
	852	if (is_array($arg_id))
	853	{
	854	$user_ids = $arg_id;
	855	}
	856	else
	857	{
	858	$user_ids = array();
[2229]	859	if (is_numeric($arg_id))
[1926]	860	{
	861	$user_ids[] = $arg_id;
	862	}
	863	}
	864
	865	if (!empty($user_ids))
	866	{
	867	$inserts = array();
[4325]	868	list($dbnow) = pwg_db_fetch_row(pwg_query('SELECT NOW();'));
[1926]	869
	870	$default_user = get_default_user_info(false);
	871	if ($default_user === false)
	872	{
	873	// Default on structure are used
	874	$default_user = array();
	875	}
	876
[1930]	877	if (!is_null($override_values))
	878	{
	879	$default_user = array_merge($default_user, $override_values);
	880	}
	881
[1926]	882	foreach ($user_ids as $user_id)
	883	{
[2084]	884	$level= isset($default_user['level']) ? $default_user['level'] : 0;
[1926]	885	if ($user_id == $conf['webmaster_id'])
	886	{
	887	$status = 'webmaster';
[2084]	888	$level = max( $conf['available_permission_levels'] );
[1926]	889	}
[2084]	890	else if (($user_id == $conf['guest_id']) or
[1926]	891	($user_id == $conf['default_user_id']))
	892	{
	893	$status = 'guest';
	894	}
	895	else
	896	{
	897	$status = 'normal';
	898	}
	899
[1930]	900	$insert = array_merge(
	901	$default_user,
[1926]	902	array(
	903	'user_id' => $user_id,
	904	'status' => $status,
[2084]	905	'registration_date' => $dbnow,
	906	'level' => $level
[1930]	907	));
[1926]	908
	909	array_push($inserts, $insert);
[2084]	910	}
[1926]	911
	912	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
	913	mass_inserts(USER_INFOS_TABLE, array_keys($inserts[0]), $inserts);
	914
	915	}
	916	}
	917
	918	/**
[1622]	919	* returns the auto login key or false on error
	920	* @param int user_id
[2411]	921	* @param time_t time
[1744]	922	* @param string [out] username
[1622]	923	*/
[2409]	924	function calculate_auto_login_key($user_id, $time, &$username)
[1622]	925	{
	926	global $conf;
	927	$query = '
	928	SELECT '.$conf['user_fields']['username'].' AS username
	929	, '.$conf['user_fields']['password'].' AS password
	930	FROM '.USERS_TABLE.'
	931	WHERE '.$conf['user_fields']['id'].' = '.$user_id;
	932	$result = pwg_query($query);
[4325]	933	if (pwg_db_num_rows($result) > 0)
[1622]	934	{
[4325]	935	$row = pwg_db_fetch_assoc($result);
[4304]	936	$username = stripslashes($row['username']);
	937	$data = $time.stripslashes($row['username']).$row['password'];
[1744]	938	$key = base64_encode(
	939	pack('H*', sha1($data))
	940	.hash_hmac('md5', $data, $conf['secret_key'],true)
	941	);
[1622]	942	return $key;
	943	}
	944	return false;
	945	}
	946
[1068]	947	/*
	948	* Performs all required actions for user login
	949	* @param int user_id
	950	* @param bool remember_me
	951	* @return void
	952	*/
	953	function log_user($user_id, $remember_me)
	954	{
[1511]	955	global $conf, $user;
[1493]	956
[1641]	957	if ($remember_me and $conf['authorize_remembering'])
[1068]	958	{
[2409]	959	$now = time();
	960	$key = calculate_auto_login_key($user_id, $now, $username);
[1622]	961	if ($key!==false)
[1493]	962	{
[2409]	963	$cookie = $user_id.'-'.$now.'-'.$key;
[2757]	964	if (version_compare(PHP_VERSION, '5.2', '>=') )
	965	{
	966	setcookie($conf['remember_me_name'],
[2409]	967	$cookie,
[2029]	968	time()+$conf['remember_me_length'],
[2757]	969	cookie_path(),ini_get('session.cookie_domain'),ini_get('session.cookie_secure'),
	970	ini_get('session.cookie_httponly')
[2029]	971	);
[2757]	972	}
	973	else
	974	{
	975	setcookie($conf['remember_me_name'],
	976	$cookie,
	977	time()+$conf['remember_me_length'],
	978	cookie_path(),ini_get('session.cookie_domain'),ini_get('session.cookie_secure')
	979	);
	980	}
[2029]	981	}
[1068]	982	}
[1568]	983	else
	984	{ // make sure we clean any remember me ...
[2757]	985	setcookie($conf['remember_me_name'], '', 0, cookie_path(),ini_get('session.cookie_domain'));
[1568]	986	}
	987	if ( session_id()!="" )
[1622]	988	{ // we regenerate the session for security reasons
	989	// see http://www.acros.si/papers/session_fixation.pdf
[1568]	990	session_regenerate_id();
	991	}
	992	else
	993	{
	994	session_start();
	995	}
[1622]	996	$_SESSION['pwg_uid'] = (int)$user_id;
[1511]	997
	998	$user['id'] = $_SESSION['pwg_uid'];
[1068]	999	}
	1000
[1070]	1001	/*
[1511]	1002	* Performs auto-connexion when cookie remember_me exists
[1568]	1003	* @return true/false
[1511]	1004	*/
[1567]	1005	function auto_login() {
[1511]	1006	global $conf;
	1007
[1568]	1008	if ( isset( $_COOKIE[$conf['remember_me_name']] ) )
	1009	{
[2409]	1010	$cookie = explode('-', stripslashes($_COOKIE[$conf['remember_me_name']]));
[2411]	1011	if ( count($cookie)===3
[2409]	1012	and is_numeric(@$cookie[0]) /user id/
	1013	and is_numeric(@$cookie[1]) /time/
	1014	and time()-$conf['remember_me_length']<=@$cookie[1]
	1015	and time()>=@$cookie[1] /cookie generated in the past/ )
[1568]	1016	{
[2409]	1017	$key = calculate_auto_login_key( $cookie[0], $cookie[1], $username );
	1018	if ($key!==false and $key===$cookie[2])
[1622]	1019	{
[2409]	1020	log_user($cookie[0], true);
[4304]	1021	trigger_action('login_success', stripslashes($username));
[1622]	1022	return true;
	1023	}
[1568]	1024	}
[2757]	1025	setcookie($conf['remember_me_name'], '', 0, cookie_path(),ini_get('session.cookie_domain'));
[1511]	1026	}
[1568]	1027	return false;
[1511]	1028	}
	1029
[1744]	1030	/**
	1031	* Tries to login a user given username and password (must be MySql escaped)
	1032	* return true on success
	1033	*/
	1034	function try_log_user($username, $password, $remember_me)
	1035	{
	1036	global $conf;
	1037	// retrieving the encrypted password of the login submitted
	1038	$query = '
	1039	SELECT '.$conf['user_fields']['id'].' AS id,
	1040	'.$conf['user_fields']['password'].' AS password
	1041	FROM '.USERS_TABLE.'
[4367]	1042	WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\'
[1744]	1043	;';
[4325]	1044	$row = pwg_db_fetch_assoc(pwg_query($query));
[1744]	1045	if ($row['password'] == $conf['pass_convert']($password))
	1046	{
	1047	log_user($row['id'], $remember_me);
[4304]	1048	trigger_action('login_success', stripslashes($username));
[1744]	1049	return true;
	1050	}
[4304]	1051	trigger_action('login_failure', stripslashes($username));
[1744]	1052	return false;
	1053	}
	1054
[2757]	1055	/** Performs all the cleanup on user logout */
	1056	function logout_user()
	1057	{
	1058	global $conf;
	1059	$_SESSION = array();
	1060	session_unset();
	1061	session_destroy();
	1062	setcookie(session_name(),'',0,
	1063	ini_get('session.cookie_path'),
	1064	ini_get('session.cookie_domain')
	1065	);
	1066	setcookie($conf['remember_me_name'], '', 0, cookie_path(),ini_get('session.cookie_domain'));
	1067	}
	1068
[1511]	1069	/*
[2029]	1070	* Return user status used in this library
	1071	* @return string
[1070]	1072	*/
[2029]	1073	function get_user_status($user_status)
[1070]	1074	{
[2029]	1075	global $user;
[1072]	1076
[1854]	1077	if (empty($user_status))
[1075]	1078	{
[1854]	1079	if (isset($user['status']))
	1080	{
	1081	$user_status = $user['status'];
	1082	}
	1083	else
	1084	{
	1085	// swicth to default value
	1086	$user_status = '';
	1087	}
[1075]	1088	}
[2029]	1089	return $user_status;
	1090	}
[1075]	1091
[2029]	1092	/*
[2325]	1093	* Return access_type definition of user
[2029]	1094	* Test does with user status
	1095	* @return bool
	1096	*/
	1097	function get_access_type_status($user_status='')
	1098	{
	1099	global $conf;
	1100
	1101	switch (get_user_status($user_status))
[1072]	1102	{
[1075]	1103	case 'guest':
[1851]	1104	{
[1854]	1105	$access_type_status =
[2325]	1106	($conf['guest_access'] ? ACCESS_GUEST : ACCESS_FREE);
[1851]	1107	break;
	1108	}
[1075]	1109	case 'generic':
[1072]	1110	{
[1075]	1111	$access_type_status = ACCESS_GUEST;
	1112	break;
[1072]	1113	}
[1075]	1114	case 'normal':
	1115	{
	1116	$access_type_status = ACCESS_CLASSIC;
	1117	break;
	1118	}
	1119	case 'admin':
	1120	{
	1121	$access_type_status = ACCESS_ADMINISTRATOR;
	1122	break;
	1123	}
	1124	case 'webmaster':
	1125	{
	1126	$access_type_status = ACCESS_WEBMASTER;
	1127	break;
	1128	}
[2221]	1129	default:
[1854]	1130	{
[2325]	1131	$access_type_status = ACCESS_FREE;
[2221]	1132	break;
[1854]	1133	}
[1072]	1134	}
	1135
[1085]	1136	return $access_type_status;
[1070]	1137	}
	1138
[1072]	1139	/*
[1085]	1140	* Return if user have access to access_type definition
	1141	* Test does with user status
	1142	* @return bool
	1143	*/
[1851]	1144	function is_autorize_status($access_type, $user_status = '')
[1085]	1145	{
[1851]	1146	return (get_access_type_status($user_status) >= $access_type);
[1085]	1147	}
	1148
	1149	/*
	1150	* Check if user have access to access_type definition
[1072]	1151	* Stop action if there are not access
	1152	* Test does with user status
	1153	* @return none
	1154	*/
[1851]	1155	function check_status($access_type, $user_status = '')
[1072]	1156	{
[1851]	1157	if (!is_autorize_status($access_type, $user_status))
[1072]	1158	{
[1113]	1159	access_denied();
[1072]	1160	}
	1161	}
	1162
	1163	/*
[2163]	1164	* Return if user is generic
[1072]	1165	* @return bool
	1166	*/
[2163]	1167	function is_generic($user_status = '')
[2029]	1168	{
[2163]	1169	return get_user_status($user_status) == 'generic';
[2029]	1170	}
	1171
	1172	/*
[2163]	1173	* Return if user is only a guest
[2161]	1174	* @return bool
	1175	*/
[2163]	1176	function is_a_guest($user_status = '')
[2161]	1177	{
[2163]	1178	return get_user_status($user_status) == 'guest';
[2161]	1179	}
[2163]	1180
[2161]	1181	/*
[2029]	1182	* Return if user is, at least, a classic user
	1183	* @return bool
	1184	*/
	1185	function is_classic_user($user_status = '')
	1186	{
	1187	return is_autorize_status(ACCESS_CLASSIC, $user_status);
	1188	}
	1189
	1190	/*
	1191	* Return if user is, at least, an administrator
	1192	* @return bool
	1193	*/
[1851]	1194	function is_admin($user_status = '')
[1072]	1195	{
[1851]	1196	return is_autorize_status(ACCESS_ADMINISTRATOR, $user_status);
[1072]	1197	}
	1198
[1085]	1199	/*
	1200	* Return if current user is an adviser
	1201	* @return bool
	1202	*/
	1203	function is_adviser()
	1204	{
	1205	global $user;
	1206
	1207	return ($user['adviser'] == 'true');
	1208	}
[1458]	1209
	1210	/*
[3445]	1211	* Return if current user can edit/delete a comment
	1212	* @param action edit/delete
	1213	* @return bool
	1214	*/
[3622]	1215	function can_manage_comment($action, $comment_author_id)
[3445]	1216	{
	1217	if (!in_array($action, array('delete','edit'))) {
	1218	return false;
	1219	}
[3622]	1220	return (is_admin() \|\|
	1221	(($GLOBALS['user']['id'] == $comment_author_id)
[3450]	1222	&& !is_a_guest()
[3445]	1223	&& $GLOBALS['conf'][sprintf('user_can_%s_comment', $action)]));
	1224	}
	1225
	1226	/*
[1458]	1227	* Return mail address as display text
	1228	* @return string
	1229	*/
	1230	function get_email_address_as_display_text($email_address)
	1231	{
	1232	global $conf;
	1233
[1462]	1234	if (!isset($email_address) or (trim($email_address) == ''))
[1458]	1235	{
[1462]	1236	return '';
[1458]	1237	}
	1238	else
	1239	{
[2237]	1240	if (defined('IN_ADMIN') and is_adviser())
[1462]	1241	{
	1242	return 'adviser.mode@'.$_SERVER['SERVER_NAME'];
	1243	}
	1244	else
	1245	{
	1246	return $email_address;
	1247	}
[1458]	1248	}
	1249	}
	1250
[1677]	1251	/*
[1817]	1252	* Compute sql where condition with restrict and filter data. "FandF" means
	1253	* Forbidden and Filters.
[1677]	1254	*
[1817]	1255	* @param array condition_fields: read function body
	1256	* @param string prefix_condition: prefixes sql if condition is not empty
	1257	* @param boolean force_one_condition: use at least "1 = 1"
[1677]	1258	*
	1259	* @return string sql where/conditions
	1260	*/
[1817]	1261	function get_sql_condition_FandF(
	1262	$condition_fields,
	1263	$prefix_condition = null,
	1264	$force_one_condition = false
	1265	)
[1677]	1266	{
	1267	global $user, $filter;
	1268
	1269	$sql_list = array();
	1270
	1271	foreach ($condition_fields as $condition => $field_name)
	1272	{
	1273	switch($condition)
	1274	{
	1275	case 'forbidden_categories':
[1817]	1276	{
[1677]	1277	if (!empty($user['forbidden_categories']))
	1278	{
[1817]	1279	$sql_list[] =
	1280	$field_name.' NOT IN ('.$user['forbidden_categories'].')';
[1677]	1281	}
	1282	break;
[1817]	1283	}
[1677]	1284	case 'visible_categories':
[1817]	1285	{
[1677]	1286	if (!empty($filter['visible_categories']))
	1287	{
[1817]	1288	$sql_list[] =
	1289	$field_name.' IN ('.$filter['visible_categories'].')';
[1677]	1290	}
	1291	break;
[1817]	1292	}
[1677]	1293	case 'visible_images':
	1294	if (!empty($filter['visible_images']))
	1295	{
[1817]	1296	$sql_list[] =
	1297	$field_name.' IN ('.$filter['visible_images'].')';
[1677]	1298	}
[2084]	1299	// note there is no break - visible include forbidden
	1300	case 'forbidden_images':
	1301	if (
	1302	!empty($user['image_access_list'])
	1303	or $user['image_access_type']!='NOT IN'
	1304	)
	1305	{
	1306	$table_prefix=null;
	1307	if ($field_name=='id')
	1308	{
	1309	$table_prefix = '';
	1310	}
	1311	elseif ($field_name=='i.id')
	1312	{
	1313	$table_prefix = 'i.';
	1314	}
	1315	if ( isset($table_prefix) )
	1316	{
	1317	$sql_list[]=$table_prefix.'level<='.$user['level'];
	1318	}
	1319	else
	1320	{
	1321	$sql_list[]=$field_name.' '.$user['image_access_type']
	1322	.' ('.$user['image_access_list'].')';
	1323	}
	1324	}
[1677]	1325	break;
	1326	default:
[1817]	1327	{
[1677]	1328	die('Unknow condition');
	1329	break;
[1817]	1330	}
[1677]	1331	}
	1332	}
	1333
	1334	if (count($sql_list) > 0)
	1335	{
	1336	$sql = '('.implode(' AND ', $sql_list).')';
	1337	}
	1338	else
	1339	{
[2824]	1340	$sql = $force_one_condition ? '1 = 1' : '';
[1677]	1341	}
	1342
	1343	if (isset($prefix_condition) and !empty($sql))
	1344	{
	1345	$sql = $prefix_condition.' '.$sql;
	1346	}
	1347
	1348	return $sql;
	1349	}
	1350
[1860]	1351	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: