Context Navigation

source: trunk/include/functions_user.inc.php @ 2083

Last change on this file since 2083 was 2055, checked in by rub, 17 years ago
Resolved issue 0000717: guest must be guest
Property svn:eol-style set to `LF` Property svn:keywords set to `Author Date Id Revision`
File size: 29.6 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| file : $Id: functions_user.inc.php 2055 2007-07-07 09:23:04Z rub $
8	// \| last update : $Date: 2007-07-07 09:23:04 +0000 (Sat, 07 Jul 2007) $
9	// \| last modifier : $Author: rub $
10	// \| revision : $Revision: 2055 $
11	// +-----------------------------------------------------------------------+
12	// \| This program is free software; you can redistribute it and/or modify \|
13	// \| it under the terms of the GNU General Public License as published by \|
14	// \| the Free Software Foundation \|
15	// \| \|
16	// \| This program is distributed in the hope that it will be useful, but \|
17	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
18	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
19	// \| General Public License for more details. \|
20	// \| \|
21	// \| You should have received a copy of the GNU General Public License \|
22	// \| along with this program; if not, write to the Free Software \|
23	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
24	// \| USA. \|
25	// +-----------------------------------------------------------------------+
26
27	// validate_mail_address verifies whether the given mail address has the
28	// right format. ie someone@domain.com "someone" can contain ".", "-" or
29	// even "_". Exactly as "domain". The extension doesn't have to be
30	// "com". The mail address can also be empty.
31	// If the mail address doesn't correspond, an error message is returned.
32	function validate_mail_address( $mail_address )
33	{
34	global $lang, $conf;
35
36	if (empty($mail_address) and
37	!($conf['obligatory_user_mail_address'] and in_array(script_basename(), array('register', 'profile'))))
38	{
39	return '';
40	}
41	$regex = '/^[\w-]+(\.[\w-]+)@[\w-]+(\.[\w-]+)\.[a-z]+$/';
42	if ( !preg_match( $regex, $mail_address ) )
43	{
44	return $lang['reg_err_mail_address'];
45	}
46	}
47
48	function register_user($login, $password, $mail_address, $errors = array())
49	{
50	global $lang, $conf;
51
52	if ($login == '')
53	{
54	array_push($errors, $lang['reg_err_login1']);
55	}
56	if (ereg("^.* $", $login))
57	{
58	array_push($errors, $lang['reg_err_login2']);
59	}
60	if (ereg("^ .*$", $login))
61	{
62	array_push($errors, $lang['reg_err_login3']);
63	}
64	if (get_userid($login))
65	{
66	array_push($errors, $lang['reg_err_login5']);
67	}
68	$mail_error = validate_mail_address($mail_address);
69	if ('' != $mail_error)
70	{
71	array_push($errors, $mail_error);
72	}
73
74	// if no error until here, registration of the user
75	if (count($errors) == 0)
76	{
77	// what will be the inserted id ?
78	$query = '
79	SELECT MAX('.$conf['user_fields']['id'].') + 1
80	FROM '.USERS_TABLE.'
81	;';
82	list($next_id) = mysql_fetch_array(pwg_query($query));
83
84	$insert =
85	array(
86	$conf['user_fields']['id'] => $next_id,
87	$conf['user_fields']['username'] => mysql_escape_string($login),
88	$conf['user_fields']['password'] => $conf['pass_convert']($password),
89	$conf['user_fields']['email'] => $mail_address
90	);
91
92	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
93	mass_inserts(USERS_TABLE, array_keys($insert), array($insert));
94
95	// Assign by default groups
96	{
97	$query = '
98	SELECT id
99	FROM '.GROUPS_TABLE.'
100	WHERE is_default = \''.boolean_to_string(true).'\'
101	ORDER BY id ASC
102	;';
103	$result = pwg_query($query);
104
105	$inserts = array();
106	while ($row = mysql_fetch_array($result))
107	{
108	array_push
109	(
110	$inserts,
111	array
112	(
113	'user_id' => $next_id,
114	'group_id' => $row['id']
115	)
116	);
117	}
118
119	if (count($inserts) != 0)
120	{
121	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
122	mass_inserts(USER_GROUP_TABLE, array('user_id', 'group_id'), $inserts);
123	}
124	}
125
126	create_user_infos($next_id);
127
128	trigger_action('register_user',
129	array(
130	'id'=>$next_id,
131	'username'=>$login,
132	'email'=>$mail_address,
133	)
134	);
135	}
136
137	return $errors;
138	}
139
140	function setup_style($style)
141	{
142	return new Template(PHPWG_ROOT_PATH.'template/'.$style);
143	}
144
145	function build_user( $user_id, $use_cache )
146	{
147	global $conf;
148
149	$user['id'] = $user_id;
150	$user = array_merge( $user, getuserdata($user_id, $use_cache) );
151
152	if ($user['id'] == $conf['guest_id'] and $user['status'] <> 'guest')
153	{
154	$user['status'] = 'guest';
155	$user['internal_status']['guest_must_be_guest'] = true;
156	}
157
158	// calculation of the number of picture to display per page
159	$user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page'];
160
161	if (is_admin($user['status']))
162	{
163	list($user['admin_template'], $user['admin_theme']) =
164	explode
165	(
166	'/',
167	isset($conf['default_admin_layout']) ? $conf['default_admin_layout']
168	: $user['template']
169	);
170	}
171
172	list($user['template'], $user['theme']) = explode('/', $user['template']);
173
174	return $user;
175	}
176
177	/**
178	* find informations related to the user identifier
179	*
180	* @param int user identifier
181	* @param boolean use_cache
182	* @param array
183	*/
184	function getuserdata($user_id, $use_cache)
185	{
186	global $conf;
187
188	$userdata = array();
189
190	$query = '
191	SELECT ';
192	$is_first = true;
193	foreach ($conf['user_fields'] as $pwgfield => $dbfield)
194	{
195	if ($is_first)
196	{
197	$is_first = false;
198	}
199	else
200	{
201	$query.= '
202	, ';
203	}
204	$query.= $dbfield.' AS '.$pwgfield;
205	}
206	$query.= '
207	FROM '.USERS_TABLE.'
208	WHERE '.$conf['user_fields']['id'].' = \''.$user_id.'\'
209	;';
210
211	$row = mysql_fetch_array(pwg_query($query));
212
213	while (true)
214	{
215	$query = '
216	SELECT ui., uc.
217	FROM '.USER_INFOS_TABLE.' AS ui LEFT JOIN '.USER_CACHE_TABLE.' AS uc
218	ON ui.user_id = uc.user_id
219	WHERE ui.user_id = \''.$user_id.'\'
220	;';
221	$result = pwg_query($query);
222	if (mysql_num_rows($result) > 0)
223	{
224	break;
225	}
226	else
227	{
228	create_user_infos($user_id);
229	}
230	}
231
232	$row = array_merge($row, mysql_fetch_array($result));
233
234	foreach ($row as $key => $value)
235	{
236	if (!is_numeric($key))
237	{
238	// If the field is true or false, the variable is transformed into a
239	// boolean value.
240	if ($value == 'true' or $value == 'false')
241	{
242	$userdata[$key] = get_boolean($value);
243	}
244	else
245	{
246	$userdata[$key] = $value;
247	}
248	}
249	}
250
251	if ($use_cache)
252	{
253	if (!isset($userdata['need_update'])
254	or !is_bool($userdata['need_update'])
255	or $userdata['need_update'] == true)
256	{
257	$userdata['forbidden_categories'] =
258	calculate_permissions($userdata['id'], $userdata['status']);
259
260	update_user_cache_categories($userdata);
261
262	// Set need update are done
263	$userdata['need_update'] = false;
264
265	// Indicate update done
266	$userdata['need_update_done'] = true;
267
268	$query = '
269	SELECT COUNT(DISTINCT(image_id)) as total
270	FROM '.IMAGE_CATEGORY_TABLE.'
271	WHERE category_id NOT IN ('.$userdata['forbidden_categories'].')
272	;';
273	list($userdata['nb_total_images']) = mysql_fetch_array(pwg_query($query));
274
275	// update user cache
276	$query = '
277	DELETE FROM '.USER_CACHE_TABLE.'
278	WHERE user_id = '.$userdata['id'].'
279	;';
280	pwg_query($query);
281
282	$query = '
283	INSERT INTO '.USER_CACHE_TABLE.'
284	(user_id, need_update, forbidden_categories, nb_total_images)
285	VALUES
286	('.$userdata['id'].',\''.boolean_to_string($userdata['need_update']).'\',\''
287	.$userdata['forbidden_categories'].'\','.$userdata['nb_total_images'].')
288	;';
289	pwg_query($query);
290	}
291	else
292	{
293	// Indicate update not done
294	$userdata['need_update_done'] = false;
295	}
296	}
297
298	return $userdata;
299	}
300
301	/*
302	* deletes favorites of the current user if he's not allowed to see them
303	*
304	* @return void
305	*/
306	function check_user_favorites()
307	{
308	global $user;
309
310	if ($user['forbidden_categories'] == '')
311	{
312	return;
313	}
314
315	// $filter['visible_categories'] and $filter['visible_images']
316	// must be not used because filter <> restriction
317	// retrieving images allowed : belonging to at least one authorized
318	// category
319	$query = '
320	SELECT DISTINCT f.image_id
321	FROM '.FAVORITES_TABLE.' AS f INNER JOIN '.IMAGE_CATEGORY_TABLE.' AS ic
322	ON f.image_id = ic.image_id
323	WHERE f.user_id = '.$user['id'].'
324	'.get_sql_condition_FandF
325	(
326	array
327	(
328	'forbidden_categories' => 'ic.category_id',
329	),
330	'AND'
331	).'
332	;';
333	$result = pwg_query($query);
334	$authorizeds = array();
335	while ($row = mysql_fetch_array($result))
336	{
337	array_push($authorizeds, $row['image_id']);
338	}
339
340	$query = '
341	SELECT image_id
342	FROM '.FAVORITES_TABLE.'
343	WHERE user_id = '.$user['id'].'
344	;';
345	$result = pwg_query($query);
346	$favorites = array();
347	while ($row = mysql_fetch_array($result))
348	{
349	array_push($favorites, $row['image_id']);
350	}
351
352	$to_deletes = array_diff($favorites, $authorizeds);
353
354	if (count($to_deletes) > 0)
355	{
356	$query = '
357	DELETE FROM '.FAVORITES_TABLE.'
358	WHERE image_id IN ('.implode(',', $to_deletes).')
359	AND user_id = '.$user['id'].'
360	;';
361	pwg_query($query);
362	}
363	}
364
365	/**
366	* calculates the list of forbidden categories for a given user
367	*
368	* Calculation is based on private categories minus categories authorized to
369	* the groups the user belongs to minus the categories directly authorized
370	* to the user. The list contains at least -1 to be compliant with queries
371	* such as "WHERE category_id NOT IN ($forbidden_categories)"
372	*
373	* @param int user_id
374	* @param string user_status
375	* @return string forbidden_categories
376	*/
377	function calculate_permissions($user_id, $user_status)
378	{
379	$private_array = array();
380	$authorized_array = array();
381
382	$query = '
383	SELECT id
384	FROM '.CATEGORIES_TABLE.'
385	WHERE status = \'private\'
386	;';
387	$result = pwg_query($query);
388	while ($row = mysql_fetch_array($result))
389	{
390	array_push($private_array, $row['id']);
391	}
392
393	// retrieve category ids directly authorized to the user
394	$query = '
395	SELECT cat_id
396	FROM '.USER_ACCESS_TABLE.'
397	WHERE user_id = '.$user_id.'
398	;';
399	$authorized_array = array_from_query($query, 'cat_id');
400
401	// retrieve category ids authorized to the groups the user belongs to
402	$query = '
403	SELECT cat_id
404	FROM '.USER_GROUP_TABLE.' AS ug INNER JOIN '.GROUP_ACCESS_TABLE.' AS ga
405	ON ug.group_id = ga.group_id
406	WHERE ug.user_id = '.$user_id.'
407	;';
408	$authorized_array =
409	array_merge(
410	$authorized_array,
411	array_from_query($query, 'cat_id')
412	);
413
414	// uniquify ids : some private categories might be authorized for the
415	// groups and for the user
416	$authorized_array = array_unique($authorized_array);
417
418	// only unauthorized private categories are forbidden
419	$forbidden_array = array_diff($private_array, $authorized_array);
420
421	// if user is not an admin, locked categories are forbidden
422	if (!is_admin($user_status))
423	{
424	$query = '
425	SELECT id
426	FROM '.CATEGORIES_TABLE.'
427	WHERE visible = \'false\'
428	;';
429	$result = pwg_query($query);
430	while ($row = mysql_fetch_array($result))
431	{
432	array_push($forbidden_array, $row['id']);
433	}
434	$forbidden_array = array_unique($forbidden_array);
435	}
436
437	if ( empty($forbidden_array) )
438	{// at least, the list contains 0 value. This category does not exists so
439	// where clauses such as "WHERE category_id NOT IN(0)" will always be
440	// true.
441	array_push($forbidden_array, 0);
442	}
443
444	return implode(',', $forbidden_array);
445	}
446
447	/**
448	* compute data of categories branches (one branch only)
449	*/
450	function compute_branch_cat_data(&$cats, &$list_cat_id, &$level, &$ref_level)
451	{
452	$date = '';
453	$count_images = 0;
454	$count_categories = 0;
455	do
456	{
457	$cat_id = array_pop($list_cat_id);
458	if (!is_null($cat_id))
459	{
460	// Count images and categories
461	$cats[$cat_id]['count_images'] += $count_images;
462	$cats[$cat_id]['count_categories'] += $count_categories;
463	$count_images = $cats[$cat_id]['count_images'];
464	$count_categories = $cats[$cat_id]['count_categories'] + 1;
465
466	if ((empty($cats[$cat_id]['max_date_last'])) or ($cats[$cat_id]['max_date_last'] < $date))
467	{
468	$cats[$cat_id]['max_date_last'] = $date;
469	}
470	else
471	{
472	$date = $cats[$cat_id]['max_date_last'];
473	}
474	$ref_level = substr_count($cats[$cat_id]['global_rank'], '.') + 1;
475	}
476	else
477	{
478	$ref_level = 0;
479	}
480	} while ($level <= $ref_level);
481
482	// Last cat updating must be added to list for next branch
483	if ($ref_level <> 0)
484	{
485	array_push($list_cat_id, $cat_id);
486	}
487	}
488
489	/**
490	* compute data of categories branches
491	*/
492	function compute_categories_data(&$cats)
493	{
494	$ref_level = 0;
495	$level = 0;
496	$list_cat_id = array();
497
498	foreach ($cats as $id => $category)
499	{
500	// Compute
501	$level = substr_count($category['global_rank'], '.') + 1;
502	if ($level > $ref_level)
503	{
504	array_push($list_cat_id, $id);
505	}
506	else
507	{
508	compute_branch_cat_data($cats, $list_cat_id, $level, $ref_level);
509	array_push($list_cat_id, $id);
510	}
511	$ref_level = $level;
512	}
513
514	$level = 1;
515	compute_branch_cat_data($cats, $list_cat_id, $level, $ref_level);
516	}
517
518	/**
519	* get computed array of categories
520	*
521	* @param array userdata
522	* @param int filter_days number of recent days to filter on or null
523	* @return array
524	*/
525	function get_computed_categories($userdata, $filter_days=null)
526	{
527	$group_by = '';
528
529	$query = 'SELECT c.id cat_id, global_rank';
530	if ( !isset($filter_days) )
531	{
532	$query .= ',
533	date_last cat_date_last,
534	nb_images cat_nb_images
535	FROM '.CATEGORIES_TABLE.' as c';
536	}
537	else
538	{
539	// Count by date_available to avoid count null
540	$query .= ',
541	MAX(date_available) cat_date_last,
542	COUNT(date_available) cat_nb_images
543	FROM '.CATEGORIES_TABLE.' as c
544	LEFT JOIN '.IMAGE_CATEGORY_TABLE.' AS ic ON ic.category_id = c.id
545	LEFT JOIN '.IMAGES_TABLE.' AS i
546	ON ic.image_id = i.id AND
547	i.date_available > SUBDATE(CURRENT_DATE,INTERVAL '.$filter_days.' DAY)';
548	$group_by = 'c.id';
549	}
550
551	if ( !empty($userdata['forbidden_categories']) )
552	{
553	$query.= '
554	WHERE c.id NOT IN ('.$userdata['forbidden_categories'].')';
555	}
556
557	if ( !empty($group_by) )
558	{
559	$query.= '
560	GROUP BY '.$group_by;
561	}
562
563	$result = pwg_query($query);
564
565	$cats = array();
566	while ($row = mysql_fetch_assoc($result))
567	{
568	$row['user_id'] = $userdata['id'];
569	$row['count_categories'] = 0;
570	$row['count_images'] = $row['cat_nb_images'];
571	$row['max_date_last'] = $row['cat_date_last'];
572
573	$cats += array($row['cat_id'] => $row);
574	}
575	usort($cats, 'global_rank_compare');
576
577	compute_categories_data($cats);
578
579	if ( isset($filter_days) )
580	{
581	$cat_tmp = $cats;
582	$cats = array();
583
584	foreach ($cat_tmp as $category)
585	{
586	if (!empty($category['max_date_last']))
587	{
588	// Re-init counters
589	$category['count_categories'] = 0;
590	$category['count_images'] = $category['cat_nb_images'];
591	// next line for update_cats_with_filtered_data
592	$category['nb_images'] = $category['cat_nb_images'];
593	// Keep category
594	$cats[$category['cat_id']] = $category;
595	}
596	}
597	// Compute a second time
598	compute_categories_data($cats);
599	}
600	return $cats;
601	}
602
603	/**
604	* update data of user_cache_categories
605	*
606	* @param array userdata
607	* @return null
608	*/
609	function update_user_cache_categories($userdata)
610	{
611	// delete user cache
612	$query = '
613	DELETE FROM '.USER_CACHE_CATEGORIES_TABLE.'
614	WHERE user_id = '.$userdata['id'].'
615	;';
616	pwg_query($query);
617
618	$cats = get_computed_categories($userdata, null);
619
620	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
621	mass_inserts
622	(
623	USER_CACHE_CATEGORIES_TABLE,
624	array
625	(
626	'user_id', 'cat_id',
627	'max_date_last', 'count_images', 'count_categories'
628	),
629	$cats
630	);
631	}
632
633	/**
634	* returns the username corresponding to the given user identifier if exists
635	*
636	* @param int user_id
637	* @return mixed
638	*/
639	function get_username($user_id)
640	{
641	global $conf;
642
643	$query = '
644	SELECT '.$conf['user_fields']['username'].'
645	FROM '.USERS_TABLE.'
646	WHERE '.$conf['user_fields']['id'].' = '.intval($user_id).'
647	;';
648	$result = pwg_query($query);
649	if (mysql_num_rows($result) > 0)
650	{
651	list($username) = mysql_fetch_row($result);
652	}
653	else
654	{
655	return false;
656	}
657
658	return $username;
659	}
660
661	/**
662	* returns user identifier thanks to his name, false if not found
663	*
664	* @param string username
665	* @param int user identifier
666	*/
667	function get_userid($username)
668	{
669	global $conf;
670
671	$username = mysql_escape_string($username);
672
673	$query = '
674	SELECT '.$conf['user_fields']['id'].'
675	FROM '.USERS_TABLE.'
676	WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
677	;';
678	$result = pwg_query($query);
679
680	if (mysql_num_rows($result) == 0)
681	{
682	return false;
683	}
684	else
685	{
686	list($user_id) = mysql_fetch_row($result);
687	return $user_id;
688	}
689	}
690
691	/**
692	* search an available feed_id
693	*
694	* @return string feed identifier
695	*/
696	function find_available_feed_id()
697	{
698	while (true)
699	{
700	$key = generate_key(50);
701	$query = '
702	SELECT COUNT(*)
703	FROM '.USER_FEED_TABLE.'
704	WHERE id = \''.$key.'\'
705	;';
706	list($count) = mysql_fetch_row(pwg_query($query));
707	if (0 == $count)
708	{
709	return $key;
710	}
711	}
712	}
713
714	/*
715	* Returns a array with default user value
716	*
717	* @param convert_str allows to convert string value if necessary
718	*/
719	function get_default_user_info($convert_str = true)
720	{
721	global $page, $conf;
722
723	if (!isset($page['cache_default_user']))
724	{
725	$query = 'select * from '.USER_INFOS_TABLE.
726	' where user_id = '.$conf['default_user_id'].';';
727
728	$result = pwg_query($query);
729	$page['cache_default_user'] = mysql_fetch_assoc($result);
730
731	if ($page['cache_default_user'] !== false)
732	{
733	unset($page['cache_default_user']['user_id']);
734	unset($page['cache_default_user']['status']);
735	unset($page['cache_default_user']['registration_date']);
736	}
737	}
738
739	if (is_array($page['cache_default_user']) and $convert_str)
740	{
741	$default_user = array();
742	foreach ($page['cache_default_user'] as $name => $value)
743	{
744	// If the field is true or false, the variable is transformed into a
745	// boolean value.
746	if ($value == 'true' or $value == 'false')
747	{
748	$default_user[$name] = get_boolean($value);
749	}
750	else
751	{
752	$default_user[$name] = $value;
753	}
754	}
755	return $default_user;
756	}
757	else
758	{
759	return $page['cache_default_user'];
760	}
761	}
762
763	/*
764	* Returns a default user value
765	*
766	* @param value_name: name of value
767	* @param sos_value: value used if don't exist value
768	*/
769	function get_default_user_value($value_name, $sos_value)
770	{
771	$default_user = get_default_user_info(true);
772	if ($default_user === false or !isset($default_user[$value_name]))
773	{
774	return $sos_value;
775	}
776	else
777	{
778	return $default_user[$value_name];
779	}
780	}
781
782	/*
783	* Returns the default template value
784	*
785	*/
786	function get_default_template()
787	{
788	return get_default_user_value('template', PHPWG_DEFAULT_TEMPLATE);
789	}
790
791	/*
792	* Returns the default language value
793	*
794	*/
795	function get_default_language()
796	{
797	return get_default_user_value('language', PHPWG_DEFAULT_LANGUAGE);
798	}
799
800	/**
801	* add user informations based on default values
802	*
803	* @param int user_id / array of user_if
804	* @param array of values used to override default user values
805	*/
806	function create_user_infos($arg_id, $override_values = null)
807	{
808	global $conf;
809
810	if (is_array($arg_id))
811	{
812	$user_ids = $arg_id;
813	}
814	else
815	{
816	$user_ids = array();
817	if (is_integer($arg_id))
818	{
819	$user_ids[] = $arg_id;
820	}
821	}
822
823	if (!empty($user_ids))
824	{
825	$inserts = array();
826	list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();'));
827
828	$default_user = get_default_user_info(false);
829	if ($default_user === false)
830	{
831	// Default on structure are used
832	$default_user = array();
833	}
834
835	if (!is_null($override_values))
836	{
837	$default_user = array_merge($default_user, $override_values);
838	}
839
840	foreach ($user_ids as $user_id)
841	{
842	if ($user_id == $conf['webmaster_id'])
843	{
844	$status = 'webmaster';
845	}
846	else if (($user_id == $conf['guest_id']) or
847	($user_id == $conf['default_user_id']))
848	{
849	$status = 'guest';
850	}
851	else
852	{
853	$status = 'normal';
854	}
855
856	$insert = array_merge(
857	$default_user,
858	array(
859	'user_id' => $user_id,
860	'status' => $status,
861	'registration_date' => $dbnow
862	));
863
864	array_push($inserts, $insert);
865	}
866
867	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
868	mass_inserts(USER_INFOS_TABLE, array_keys($inserts[0]), $inserts);
869
870	}
871	}
872
873	/**
874	* returns the groupname corresponding to the given group identifier if
875	* exists
876	*
877	* @param int group_id
878	* @return mixed
879	*/
880	function get_groupname($group_id)
881	{
882	$query = '
883	SELECT name
884	FROM '.GROUPS_TABLE.'
885	WHERE id = '.intval($group_id).'
886	;';
887	$result = pwg_query($query);
888	if (mysql_num_rows($result) > 0)
889	{
890	list($groupname) = mysql_fetch_row($result);
891	}
892	else
893	{
894	return false;
895	}
896
897	return $groupname;
898	}
899
900	/**
901	* return the file path of the given language filename, depending on the
902	* availability of the file
903	*
904	* in descending order of preference:
905	* param language, user language, default language
906	* PhpWebGallery default language.
907	*
908	* @param string filename
909	* @param string dirname
910	* @param string language
911	* @return string filepath
912	*/
913	function get_language_filepath($filename, $dirname = '', $language = '')
914	{
915	global $user, $conf;
916
917	if (empty($dirname))
918	{
919	$dirname = PHPWG_ROOT_PATH;
920	}
921	$dirname .= 'language'.'/';
922
923	$dir_methods = array();
924
925	if (!empty($language))
926	{
927	$dir_methods[] = 1;
928	}
929
930	$dir_methods[] = 2;
931	$dir_methods[] = 3;
932	$dir_methods[] = 4;
933
934	foreach ($dir_methods as $dir_method)
935	{
936	switch ($dir_method)
937	{
938	case '1':
939	{
940	$directory = $dirname.$language;
941	break;
942	}
943	case '2':
944	{
945	$directory = $dirname.$user['language'];
946	break;
947	}
948	case '3':
949	{
950	$directory = $dirname.get_default_language();
951	break;
952	}
953	case '4':
954	default:
955	{
956	$directory = $dirname.PHPWG_DEFAULT_LANGUAGE;
957	break;
958	}
959	{
960	$directory = '.';
961	}
962	}
963
964	$filepath = $directory.'/'.$filename;
965
966	if (file_exists($filepath))
967	{
968	return $filepath;
969	}
970	}
971
972	return false;
973	}
974
975	/**
976	* returns the auto login key or false on error
977	* @param int user_id
978	* @param string [out] username
979	*/
980	function calculate_auto_login_key($user_id, &$username)
981	{
982	global $conf;
983	$query = '
984	SELECT '.$conf['user_fields']['username'].' AS username
985	, '.$conf['user_fields']['password'].' AS password
986	FROM '.USERS_TABLE.'
987	WHERE '.$conf['user_fields']['id'].' = '.$user_id;
988	$result = pwg_query($query);
989	if (mysql_num_rows($result) > 0)
990	{
991	$row = mysql_fetch_assoc($result);
992	$username = $row['username'];
993	$data = $row['username'].$row['password'];
994	$key = base64_encode(
995	pack('H*', sha1($data))
996	.hash_hmac('md5', $data, $conf['secret_key'],true)
997	);
998	return $key;
999	}
1000	return false;
1001	}
1002
1003	/*
1004	* Performs all required actions for user login
1005	* @param int user_id
1006	* @param bool remember_me
1007	* @return void
1008	*/
1009	function log_user($user_id, $remember_me)
1010	{
1011	global $conf, $user;
1012
1013	if ($remember_me and $conf['authorize_remembering'])
1014	{
1015	$key = calculate_auto_login_key($user_id, $username);
1016	if ($key!==false)
1017	{
1018	$cookie = array('id' => (int)$user_id, 'key' => $key);
1019	setcookie($conf['remember_me_name'],
1020	serialize($cookie),
1021	time()+$conf['remember_me_length'],
1022	cookie_path()
1023	);
1024	}
1025	}
1026	else
1027	{ // make sure we clean any remember me ...
1028	setcookie($conf['remember_me_name'], '', 0, cookie_path());
1029	}
1030	if ( session_id()!="" )
1031	{ // we regenerate the session for security reasons
1032	// see http://www.acros.si/papers/session_fixation.pdf
1033	session_regenerate_id();
1034	}
1035	else
1036	{
1037	session_start();
1038	}
1039	$_SESSION['pwg_uid'] = (int)$user_id;
1040
1041	$user['id'] = $_SESSION['pwg_uid'];
1042	}
1043
1044	/*
1045	* Performs auto-connexion when cookie remember_me exists
1046	* @return true/false
1047	*/
1048	function auto_login() {
1049	global $conf;
1050
1051	if ( isset( $_COOKIE[$conf['remember_me_name']] ) )
1052	{
1053	$cookie = unserialize(stripslashes($_COOKIE[$conf['remember_me_name']]));
1054	if ($cookie!==false and is_numeric(@$cookie['id']) )
1055	{
1056	$key = calculate_auto_login_key( $cookie['id'], $username );
1057	if ($key!==false and $key===$cookie['key'])
1058	{
1059	log_user($cookie['id'], true);
1060	trigger_action('login_success', $username);
1061	return true;
1062	}
1063	}
1064	setcookie($conf['remember_me_name'], '', 0, cookie_path());
1065	}
1066	return false;
1067	}
1068
1069	/**
1070	* Tries to login a user given username and password (must be MySql escaped)
1071	* return true on success
1072	*/
1073	function try_log_user($username, $password, $remember_me)
1074	{
1075	global $conf;
1076	// retrieving the encrypted password of the login submitted
1077	$query = '
1078	SELECT '.$conf['user_fields']['id'].' AS id,
1079	'.$conf['user_fields']['password'].' AS password
1080	FROM '.USERS_TABLE.'
1081	WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
1082	;';
1083	$row = mysql_fetch_assoc(pwg_query($query));
1084	if ($row['password'] == $conf['pass_convert']($password))
1085	{
1086	log_user($row['id'], $remember_me);
1087	trigger_action('login_success', $username);
1088	return true;
1089	}
1090	trigger_action('login_failure', $username);
1091	return false;
1092	}
1093
1094	/*
1095	* Return user status used in this library
1096	* @return string
1097	*/
1098	function get_user_status($user_status)
1099	{
1100	global $user;
1101
1102	if (empty($user_status))
1103	{
1104	if (isset($user['status']))
1105	{
1106	$user_status = $user['status'];
1107	}
1108	else
1109	{
1110	// swicth to default value
1111	$user_status = '';
1112	}
1113	}
1114	return $user_status;
1115	}
1116
1117	/*
1118	* Return access_type definition of uuser
1119	* Test does with user status
1120	* @return bool
1121	*/
1122	function get_access_type_status($user_status='')
1123	{
1124	global $conf;
1125
1126	switch (get_user_status($user_status))
1127	{
1128	case 'guest':
1129	{
1130	$access_type_status =
1131	($conf['guest_access'] ? ACCESS_GUEST : ACCESS_NONE);
1132	break;
1133	}
1134	case 'generic':
1135	{
1136	$access_type_status = ACCESS_GUEST;
1137	break;
1138	}
1139	case 'normal':
1140	{
1141	$access_type_status = ACCESS_CLASSIC;
1142	break;
1143	}
1144	case 'admin':
1145	{
1146	$access_type_status = ACCESS_ADMINISTRATOR;
1147	break;
1148	}
1149	case 'webmaster':
1150	{
1151	$access_type_status = ACCESS_WEBMASTER;
1152	break;
1153	}
1154	case 'default':
1155	{
1156	$access_type_status = ACCESS_NONE;
1157	}
1158	}
1159
1160	return $access_type_status;
1161	}
1162
1163	/*
1164	* Return if user have access to access_type definition
1165	* Test does with user status
1166	* @return bool
1167	*/
1168	function is_autorize_status($access_type, $user_status = '')
1169	{
1170	return (get_access_type_status($user_status) >= $access_type);
1171	}
1172
1173	/*
1174	* Check if user have access to access_type definition
1175	* Stop action if there are not access
1176	* Test does with user status
1177	* @return none
1178	*/
1179	function check_status($access_type, $user_status = '')
1180	{
1181	if (!is_autorize_status($access_type, $user_status))
1182	{
1183	access_denied();
1184	}
1185	}
1186
1187	/*
1188	* Return if user is only a guest
1189	* @return bool
1190	*/
1191	function is_a_guest($user_status = '')
1192	{
1193	return get_user_status($user_status) == 'guest';
1194	}
1195
1196	/*
1197	* Return if user is, at least, a classic user
1198	* @return bool
1199	*/
1200	function is_classic_user($user_status = '')
1201	{
1202	return is_autorize_status(ACCESS_CLASSIC, $user_status);
1203	}
1204
1205	/*
1206	* Return if user is, at least, an administrator
1207	* @return bool
1208	*/
1209	function is_admin($user_status = '')
1210	{
1211	return is_autorize_status(ACCESS_ADMINISTRATOR, $user_status);
1212	}
1213
1214	/*
1215	* Return if current user is an adviser
1216	* @return bool
1217	*/
1218	function is_adviser()
1219	{
1220	global $user;
1221
1222	return ($user['adviser'] == 'true');
1223	}
1224
1225	/*
1226	* Return mail address as display text
1227	* @return string
1228	*/
1229	function get_email_address_as_display_text($email_address)
1230	{
1231	global $conf;
1232
1233	if (!isset($email_address) or (trim($email_address) == ''))
1234	{
1235	return '';
1236	}
1237	else
1238	{
1239	if (is_adviser())
1240	{
1241	return 'adviser.mode@'.$_SERVER['SERVER_NAME'];
1242	}
1243	else
1244	{
1245	return $email_address;
1246	}
1247	}
1248	}
1249
1250	/*
1251	* Compute sql where condition with restrict and filter data. "FandF" means
1252	* Forbidden and Filters.
1253	*
1254	* @param array condition_fields: read function body
1255	* @param string prefix_condition: prefixes sql if condition is not empty
1256	* @param boolean force_one_condition: use at least "1 = 1"
1257	*
1258	* @return string sql where/conditions
1259	*/
1260	function get_sql_condition_FandF(
1261	$condition_fields,
1262	$prefix_condition = null,
1263	$force_one_condition = false
1264	)
1265	{
1266	global $user, $filter;
1267
1268	$sql_list = array();
1269
1270	foreach ($condition_fields as $condition => $field_name)
1271	{
1272	switch($condition)
1273	{
1274	case 'forbidden_categories':
1275	{
1276	if (!empty($user['forbidden_categories']))
1277	{
1278	$sql_list[] =
1279	$field_name.' NOT IN ('.$user['forbidden_categories'].')';
1280	}
1281	break;
1282	}
1283	case 'visible_categories':
1284	{
1285	if (!empty($filter['visible_categories']))
1286	{
1287	$sql_list[] =
1288	$field_name.' IN ('.$filter['visible_categories'].')';
1289	}
1290	break;
1291	}
1292	case 'visible_images':
1293	{
1294	if (!empty($filter['visible_images']))
1295	{
1296	$sql_list[] =
1297	$field_name.' IN ('.$filter['visible_images'].')';
1298	}
1299	break;
1300	}
1301	default:
1302	{
1303	die('Unknow condition');
1304	break;
1305	}
1306	}
1307	}
1308
1309	if (count($sql_list) > 0)
1310	{
1311	$sql = '('.implode(' AND ', $sql_list).')';
1312	}
1313	else
1314	{
1315	if ($force_one_condition)
1316	{
1317	$sql = '1 = 1';
1318	}
1319	else
1320	{
1321	$sql = '';
1322	}
1323	}
1324
1325	if (isset($prefix_condition) and !empty($sql))
1326	{
1327	$sql = $prefix_condition.' '.$sql;
1328	}
1329
1330	return $sql;
1331	}
1332
1333	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: