[2] | 1 | <?php |
---|
[362] | 2 | // +-----------------------------------------------------------------------+ |
---|
| 3 | // | functions_user.inc.php | |
---|
| 4 | // +-----------------------------------------------------------------------+ |
---|
| 5 | // | application : PhpWebGallery <http://phpwebgallery.net> | |
---|
| 6 | // | branch : BSF (Best So Far) | |
---|
| 7 | // +-----------------------------------------------------------------------+ |
---|
| 8 | // | file : $RCSfile$ |
---|
| 9 | // | last update : $Date: 2004-09-23 17:09:06 +0000 (Thu, 23 Sep 2004) $ |
---|
| 10 | // | last modifier : $Author: gweltas $ |
---|
| 11 | // | revision : $Revision: 532 $ |
---|
| 12 | // +-----------------------------------------------------------------------+ |
---|
| 13 | // | This program is free software; you can redistribute it and/or modify | |
---|
| 14 | // | it under the terms of the GNU General Public License as published by | |
---|
| 15 | // | the Free Software Foundation | |
---|
| 16 | // | | |
---|
| 17 | // | This program is distributed in the hope that it will be useful, but | |
---|
| 18 | // | WITHOUT ANY WARRANTY; without even the implied warranty of | |
---|
| 19 | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
---|
| 20 | // | General Public License for more details. | |
---|
| 21 | // | | |
---|
| 22 | // | You should have received a copy of the GNU General Public License | |
---|
| 23 | // | along with this program; if not, write to the Free Software | |
---|
| 24 | // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
---|
| 25 | // | USA. | |
---|
| 26 | // +-----------------------------------------------------------------------+ |
---|
[2] | 27 | |
---|
[9] | 28 | // validate_mail_address verifies whether the given mail address has the |
---|
| 29 | // right format. ie someone@domain.com "someone" can contain ".", "-" or |
---|
| 30 | // even "_". Exactly as "domain". The extension doesn't have to be |
---|
| 31 | // "com". The mail address can also be empty. |
---|
| 32 | // If the mail address doesn't correspond, an error message is returned. |
---|
[2] | 33 | function validate_mail_address( $mail_address ) |
---|
| 34 | { |
---|
| 35 | global $lang; |
---|
| 36 | |
---|
[9] | 37 | if ( $mail_address == '' ) |
---|
[2] | 38 | { |
---|
[9] | 39 | return ''; |
---|
[2] | 40 | } |
---|
[9] | 41 | $regex = '/^[\w-]+(\.[\w-]+)*@[\w-]+(\.[\w-]+)*\.[a-z]+$/'; |
---|
| 42 | if ( !preg_match( $regex, $mail_address ) ) |
---|
| 43 | { |
---|
| 44 | return $lang['reg_err_mail_address']; |
---|
| 45 | } |
---|
[2] | 46 | } |
---|
| 47 | |
---|
[345] | 48 | function register_user( $login, $password, $password_conf, |
---|
| 49 | $mail_address, $status = 'guest' ) |
---|
[2] | 50 | { |
---|
[13] | 51 | global $lang; |
---|
[2] | 52 | |
---|
| 53 | $error = array(); |
---|
| 54 | $i = 0; |
---|
[9] | 55 | // login must not |
---|
| 56 | // 1. be empty |
---|
| 57 | // 2. start ou end with space character |
---|
| 58 | // 3. include ' or " characters |
---|
| 59 | // 4. be already used |
---|
[345] | 60 | if ( $login == '' ) $error[$i++] = $lang['reg_err_login1']; |
---|
| 61 | if ( ereg( "^.* $", $login) ) $error[$i++] = $lang['reg_err_login2']; |
---|
| 62 | if ( ereg( "^ .*$", $login ) ) $error[$i++] = $lang['reg_err_login3']; |
---|
| 63 | |
---|
[2] | 64 | if ( ereg( "'", $login ) or ereg( "\"", $login ) ) |
---|
| 65 | $error[$i++] = $lang['reg_err_login4']; |
---|
| 66 | else |
---|
| 67 | { |
---|
[345] | 68 | $query = 'SELECT id'; |
---|
[364] | 69 | $query.= ' FROM '.USERS_TABLE; |
---|
[345] | 70 | $query.= " WHERE username = '".$login."'"; |
---|
| 71 | $query.= ';'; |
---|
[2] | 72 | $result = mysql_query( $query ); |
---|
[345] | 73 | if ( mysql_num_rows($result) > 0 ) $error[$i++] = $lang['reg_err_login5']; |
---|
[2] | 74 | } |
---|
[9] | 75 | // given password must be the same as the confirmation |
---|
[345] | 76 | if ( $password != $password_conf ) $error[$i++] = $lang['reg_err_pass']; |
---|
[2] | 77 | |
---|
| 78 | $error_mail_address = validate_mail_address( $mail_address ); |
---|
[345] | 79 | if ( $error_mail_address != '' ) $error[$i++] = $error_mail_address; |
---|
[9] | 80 | |
---|
| 81 | // if no error until here, registration of the user |
---|
[2] | 82 | if ( sizeof( $error ) == 0 ) |
---|
| 83 | { |
---|
[9] | 84 | // 1. retrieving default values, the ones of the user "guest" |
---|
[99] | 85 | $infos = array( 'nb_image_line', 'nb_line_page', 'language', |
---|
[2] | 86 | 'maxwidth', 'maxheight', 'expand', 'show_nb_comments', |
---|
[452] | 87 | 'recent_period', 'template', 'forbidden_categories' ); |
---|
[345] | 88 | $query = 'SELECT '; |
---|
[2] | 89 | for ( $i = 0; $i < sizeof( $infos ); $i++ ) |
---|
| 90 | { |
---|
[345] | 91 | if ( $i > 0 ) $query.= ','; |
---|
[2] | 92 | $query.= $infos[$i]; |
---|
| 93 | } |
---|
[364] | 94 | $query.= ' FROM '.USERS_TABLE; |
---|
[345] | 95 | $query.= " WHERE username = 'guest'"; |
---|
| 96 | $query.= ';'; |
---|
[2] | 97 | $row = mysql_fetch_array( mysql_query( $query ) ); |
---|
[9] | 98 | // 2. adding new user |
---|
[364] | 99 | $query = 'INSERT INTO '.USERS_TABLE; |
---|
[2] | 100 | $query.= ' ('; |
---|
[9] | 101 | $query.= ' username,password,mail_address,status'; |
---|
[2] | 102 | for ( $i = 0; $i < sizeof( $infos ); $i++ ) |
---|
| 103 | { |
---|
| 104 | $query.= ','.$infos[$i]; |
---|
| 105 | } |
---|
[9] | 106 | $query.= ') values ('; |
---|
[2] | 107 | $query.= " '".$login."'"; |
---|
| 108 | $query.= ",'".md5( $password )."'"; |
---|
[345] | 109 | if ( $mail_address != '' ) $query.= ",'".$mail_address."'"; |
---|
| 110 | else $query.= ',NULL'; |
---|
[2] | 111 | $query.= ",'".$status."'"; |
---|
[345] | 112 | foreach ( $infos as $info ) { |
---|
[9] | 113 | $query.= ','; |
---|
[345] | 114 | if ( !isset( $row[$info] ) ) $query.= 'NULL'; |
---|
| 115 | else $query.= "'".$row[$info]."'"; |
---|
[2] | 116 | } |
---|
| 117 | $query.= ');'; |
---|
| 118 | mysql_query( $query ); |
---|
[9] | 119 | // 3. retrieving the id of the newly created user |
---|
[21] | 120 | $query = 'SELECT id'; |
---|
[364] | 121 | $query.= ' FROM '.USERS_TABLE; |
---|
[21] | 122 | $query.= " WHERE username = '".$login."';"; |
---|
[2] | 123 | $row = mysql_fetch_array( mysql_query( $query ) ); |
---|
| 124 | $user_id = $row['id']; |
---|
[21] | 125 | // 4. adding access to the new user, the same as the user "guest" |
---|
| 126 | $query = 'SELECT cat_id'; |
---|
| 127 | $query.= ' FROM '.PREFIX_TABLE.'user_access as ua'; |
---|
[13] | 128 | $query.= ','.PREFIX_TABLE.'users as u '; |
---|
[21] | 129 | $query.= ' where u.id = ua.user_id'; |
---|
[9] | 130 | $query.= " and u.username = 'guest';"; |
---|
[2] | 131 | $result = mysql_query( $query ); |
---|
| 132 | while( $row = mysql_fetch_array( $result ) ) |
---|
| 133 | { |
---|
[21] | 134 | $query = 'INSERT INTO '.PREFIX_TABLE.'user_access'; |
---|
| 135 | $query.= ' (user_id,cat_id) VALUES'; |
---|
[2] | 136 | $query.= ' ('.$user_id.','.$row['cat_id'].');'; |
---|
| 137 | mysql_query ( $query ); |
---|
| 138 | } |
---|
[345] | 139 | // 5. associate new user to the same groups that the guest |
---|
| 140 | $query = 'SELECT group_id'; |
---|
| 141 | $query.= ' FROM '.PREFIX_TABLE.'user_group AS ug'; |
---|
| 142 | $query.= ', '.PREFIX_TABLE.'users AS u'; |
---|
| 143 | $query.= " WHERE u.username = 'guest'"; |
---|
| 144 | $query.= ' AND ug.user_id = u.id'; |
---|
| 145 | $query.= ';'; |
---|
| 146 | $result = mysql_query( $query ); |
---|
| 147 | while( $row = mysql_fetch_array( $result ) ) |
---|
| 148 | { |
---|
| 149 | $query = 'INSERT INTO '.PREFIX_TABLE.'user_group'; |
---|
| 150 | $query.= ' (user_id,group_id) VALUES'; |
---|
| 151 | $query.= ' ('.$user_id.','.$row['group_id'].')'; |
---|
| 152 | $query.= ';'; |
---|
| 153 | mysql_query ( $query ); |
---|
| 154 | } |
---|
[2] | 155 | } |
---|
| 156 | return $error; |
---|
| 157 | } |
---|
| 158 | |
---|
| 159 | function update_user( $user_id, $mail_address, $status, |
---|
| 160 | $use_new_password = false, $password = '' ) |
---|
| 161 | { |
---|
| 162 | $error = array(); |
---|
| 163 | $i = 0; |
---|
| 164 | |
---|
| 165 | $error_mail_address = validate_mail_address( $mail_address ); |
---|
| 166 | if ( $error_mail_address != '' ) |
---|
| 167 | { |
---|
| 168 | $error[$i++] = $error_mail_address; |
---|
| 169 | } |
---|
| 170 | |
---|
| 171 | if ( sizeof( $error ) == 0 ) |
---|
| 172 | { |
---|
[364] | 173 | $query = 'UPDATE '.USERS_TABLE; |
---|
[21] | 174 | $query.= " SET status = '".$status."'"; |
---|
[2] | 175 | if ( $use_new_password ) |
---|
| 176 | { |
---|
| 177 | $query.= ", password = '".md5( $password )."'"; |
---|
| 178 | } |
---|
| 179 | $query.= ', mail_address = '; |
---|
| 180 | if ( $mail_address != '' ) |
---|
| 181 | { |
---|
| 182 | $query.= "'".$mail_address."'"; |
---|
| 183 | } |
---|
| 184 | else |
---|
| 185 | { |
---|
| 186 | $query.= 'NULL'; |
---|
| 187 | } |
---|
[21] | 188 | $query.= ' WHERE id = '.$user_id; |
---|
[2] | 189 | $query.= ';'; |
---|
| 190 | mysql_query( $query ); |
---|
| 191 | } |
---|
| 192 | return $error; |
---|
| 193 | } |
---|
| 194 | |
---|
| 195 | function check_login_authorization() |
---|
| 196 | { |
---|
| 197 | global $user,$lang,$conf,$page; |
---|
[14] | 198 | |
---|
[345] | 199 | if ( $user['is_the_guest']) |
---|
[2] | 200 | { |
---|
[345] | 201 | if ( $conf['access'] == 'restricted' || (isset($page['cat']) && $page['cat'] == 'fav' ) ) |
---|
| 202 | { |
---|
[2] | 203 | echo '<div style="text-align:center;">'.$lang['only_members'].'<br />'; |
---|
| 204 | echo '<a href="./identification.php">'.$lang['ident_title'].'</a></div>'; |
---|
| 205 | exit(); |
---|
| 206 | } |
---|
[21] | 207 | } |
---|
[2] | 208 | } |
---|
[364] | 209 | |
---|
| 210 | // |
---|
| 211 | // Initialise user settings on page load |
---|
| 212 | function init_userprefs($userdata) |
---|
| 213 | { |
---|
[393] | 214 | global $conf, $template, $lang, $lang_info; |
---|
[524] | 215 | |
---|
[518] | 216 | $language = (!empty($userdata['language']) && !$userdata['is_the_guest'] )?$userdata['language']:$conf['default_language']; |
---|
[524] | 217 | |
---|
| 218 | if (!empty($userdata['template']) and !$userdata['is_the_guest']) |
---|
| 219 | { |
---|
| 220 | $template = $userdata['template']; |
---|
| 221 | } |
---|
| 222 | else |
---|
| 223 | { |
---|
| 224 | $template = $conf['default_template']; |
---|
| 225 | } |
---|
| 226 | |
---|
[393] | 227 | if ( !file_exists(@realpath(PHPWG_ROOT_PATH . 'language/' . $language . '/common.lang.php')) ) |
---|
[364] | 228 | { |
---|
[463] | 229 | $language = DEFAULT_LANGUAGE; |
---|
[364] | 230 | } |
---|
[393] | 231 | include_once(PHPWG_ROOT_PATH . 'language/' . $language . '/common.lang.php'); |
---|
[364] | 232 | |
---|
[393] | 233 | |
---|
[364] | 234 | if ($userdata['status'] == 'admin') |
---|
| 235 | { |
---|
[393] | 236 | if ( !file_exists(@realpath(PHPWG_ROOT_PATH . 'language/' . $language. '/admin.lang.php')) ) |
---|
[364] | 237 | { |
---|
[463] | 238 | $language = DEFAULT_LANGUAGE; |
---|
[364] | 239 | } |
---|
[393] | 240 | include_once(PHPWG_ROOT_PATH . 'language/' . $language . '/admin.lang.php'); |
---|
[532] | 241 | include_once(PHPWG_ROOT_PATH . 'language/' . $language . '/faq.lang.php'); |
---|
[364] | 242 | } |
---|
[524] | 243 | |
---|
| 244 | $template = setup_style($template); |
---|
[364] | 245 | return; |
---|
| 246 | } |
---|
| 247 | |
---|
| 248 | function setup_style($style) |
---|
| 249 | { |
---|
[367] | 250 | $template_path = 'template/' ; |
---|
| 251 | $template_name = $style ; |
---|
| 252 | $template = new Template(PHPWG_ROOT_PATH . $template_path . $template_name); |
---|
| 253 | return $template; |
---|
[364] | 254 | } |
---|
| 255 | |
---|
| 256 | function encode_ip($dotquad_ip) |
---|
| 257 | { |
---|
[393] | 258 | $ip_sep = explode('.', $dotquad_ip); |
---|
| 259 | return sprintf('%02x%02x%02x%02x', $ip_sep[0], $ip_sep[1], $ip_sep[2], $ip_sep[3]); |
---|
[364] | 260 | } |
---|
| 261 | |
---|
| 262 | function decode_ip($int_ip) |
---|
| 263 | { |
---|
[393] | 264 | $hexipbang = explode('.', chunk_split($int_ip, 2, '.')); |
---|
| 265 | return hexdec($hexipbang[0]). '.' . hexdec($hexipbang[1]) . '.' . hexdec($hexipbang[2]) . '.' . hexdec($hexipbang[3]); |
---|
[364] | 266 | } |
---|
[393] | 267 | |
---|
| 268 | function getuserdata($user) |
---|
| 269 | { |
---|
| 270 | $sql = "SELECT * FROM " . USERS_TABLE; |
---|
| 271 | $sql.= " WHERE "; |
---|
| 272 | $sql .= ( ( is_integer($user) ) ? "id = $user" : "username = '" . str_replace("\'", "''", $user) . "'" ) . " AND id <> " . ANONYMOUS; |
---|
| 273 | $result = mysql_query($sql); |
---|
| 274 | return ( $row = mysql_fetch_array($result) ) ? $row : false; |
---|
| 275 | } |
---|
[367] | 276 | ?> |
---|