1 | <?php |
---|
2 | /*************************************************************************** |
---|
3 | * functions_user.inc.php * |
---|
4 | * -------------------- * |
---|
5 | * application : PhpWebGallery 1.3 * |
---|
6 | * author : Pierrick LE GALL <pierrick@z0rglub.com> * |
---|
7 | * * |
---|
8 | *************************************************************************** |
---|
9 | |
---|
10 | *************************************************************************** |
---|
11 | * * |
---|
12 | * This program is free software; you can redistribute it and/or modify * |
---|
13 | * it under the terms of the GNU General Public License as published by * |
---|
14 | * the Free Software Foundation; * |
---|
15 | * * |
---|
16 | ***************************************************************************/ |
---|
17 | |
---|
18 | // validate_mail_address verifies whether the given mail address has the |
---|
19 | // right format. ie someone@domain.com "someone" can contain ".", "-" or |
---|
20 | // even "_". Exactly as "domain". The extension doesn't have to be |
---|
21 | // "com". The mail address can also be empty. |
---|
22 | // If the mail address doesn't correspond, an error message is returned. |
---|
23 | function validate_mail_address( $mail_address ) |
---|
24 | { |
---|
25 | global $lang; |
---|
26 | |
---|
27 | if ( $mail_address == '' ) |
---|
28 | { |
---|
29 | return ''; |
---|
30 | } |
---|
31 | $regex = '/^[\w-]+(\.[\w-]+)*@[\w-]+(\.[\w-]+)*\.[a-z]+$/'; |
---|
32 | if ( !preg_match( $regex, $mail_address ) ) |
---|
33 | { |
---|
34 | return $lang['reg_err_mail_address']; |
---|
35 | } |
---|
36 | } |
---|
37 | |
---|
38 | function register_user( |
---|
39 | $login, $password, $password_conf, $mail_address, $status = 'guest' ) |
---|
40 | { |
---|
41 | global $lang; |
---|
42 | |
---|
43 | $error = array(); |
---|
44 | $i = 0; |
---|
45 | // login must not |
---|
46 | // 1. be empty |
---|
47 | // 2. start ou end with space character |
---|
48 | // 3. include ' or " characters |
---|
49 | // 4. be already used |
---|
50 | if ( $login == '' ) |
---|
51 | { |
---|
52 | $error[$i++] = $lang['reg_err_login1']; |
---|
53 | } |
---|
54 | if ( ereg( "^.* $", $login) ) |
---|
55 | { |
---|
56 | $error[$i++] = $lang['reg_err_login2']; |
---|
57 | } |
---|
58 | if ( ereg( "^ .*$", $login ) ) |
---|
59 | { |
---|
60 | $error[$i++] = $lang['reg_err_login3']; |
---|
61 | } |
---|
62 | if ( ereg( "'", $login ) or ereg( "\"", $login ) ) |
---|
63 | { |
---|
64 | $error[$i++] = $lang['reg_err_login4']; |
---|
65 | } |
---|
66 | else |
---|
67 | { |
---|
68 | $query = 'select id'; |
---|
69 | $query.= ' from '.PREFIX_TABLE.'users'; |
---|
70 | $query.= " where username = '".$login."';"; |
---|
71 | $result = mysql_query( $query ); |
---|
72 | if ( mysql_num_rows( $result ) > 0 ) |
---|
73 | { |
---|
74 | $error[$i++] = $lang['reg_err_login5']; |
---|
75 | } |
---|
76 | } |
---|
77 | // given password must be the same as the confirmation |
---|
78 | if ( $password != $password_conf ) |
---|
79 | { |
---|
80 | $error[$i++] = $lang['reg_err_pass']; |
---|
81 | } |
---|
82 | |
---|
83 | $error_mail_address = validate_mail_address( $mail_address ); |
---|
84 | if ( $error_mail_address != '' ) |
---|
85 | { |
---|
86 | $error[$i++] = $error_mail_address; |
---|
87 | } |
---|
88 | |
---|
89 | // if no error until here, registration of the user |
---|
90 | if ( sizeof( $error ) == 0 ) |
---|
91 | { |
---|
92 | // 1. retrieving default values, the ones of the user "guest" |
---|
93 | $infos = array( 'nb_image_line', 'nb_line_page', 'theme', 'language', |
---|
94 | 'maxwidth', 'maxheight', 'expand', 'show_nb_comments', |
---|
95 | 'short_period', 'long_period', 'template' ); |
---|
96 | $query = 'select'; |
---|
97 | for ( $i = 0; $i < sizeof( $infos ); $i++ ) |
---|
98 | { |
---|
99 | if ( $i > 0 ) |
---|
100 | { |
---|
101 | $query.= ','; |
---|
102 | } |
---|
103 | else |
---|
104 | { |
---|
105 | $query.= ' '; |
---|
106 | } |
---|
107 | $query.= $infos[$i]; |
---|
108 | } |
---|
109 | $query.= ' from '.PREFIX_TABLE.'users'; |
---|
110 | $query.= " where username = 'guest';"; |
---|
111 | $row = mysql_fetch_array( mysql_query( $query ) ); |
---|
112 | // 2. adding new user |
---|
113 | $query = 'insert into '.PREFIX_TABLE.'users'; |
---|
114 | $query.= ' ('; |
---|
115 | $query.= ' username,password,mail_address,status'; |
---|
116 | for ( $i = 0; $i < sizeof( $infos ); $i++ ) |
---|
117 | { |
---|
118 | $query.= ','.$infos[$i]; |
---|
119 | } |
---|
120 | $query.= ') values ('; |
---|
121 | $query.= " '".$login."'"; |
---|
122 | $query.= ",'".md5( $password )."'"; |
---|
123 | if ( $mail_address != '' ) |
---|
124 | { |
---|
125 | $query.= ",'".$mail_address."'"; |
---|
126 | } |
---|
127 | else |
---|
128 | { |
---|
129 | $query.= ',NULL'; |
---|
130 | } |
---|
131 | $query.= ",'".$status."'"; |
---|
132 | for ( $i = 0; $i < sizeof( $infos ); $i++ ) |
---|
133 | { |
---|
134 | $query.= ','; |
---|
135 | if ( $row[$infos[$i]] == '' ) |
---|
136 | { |
---|
137 | $query.= 'NULL'; |
---|
138 | } |
---|
139 | else |
---|
140 | { |
---|
141 | $query.= "'".$row[$infos[$i]]."'"; |
---|
142 | } |
---|
143 | } |
---|
144 | $query.= ');'; |
---|
145 | mysql_query( $query ); |
---|
146 | // 3. retrieving the id of the newly created user |
---|
147 | $query = 'SELECT id'; |
---|
148 | $query.= ' FROM '.PREFIX_TABLE.'users'; |
---|
149 | $query.= " WHERE username = '".$login."';"; |
---|
150 | $row = mysql_fetch_array( mysql_query( $query ) ); |
---|
151 | $user_id = $row['id']; |
---|
152 | // 4. adding access to the new user, the same as the user "guest" |
---|
153 | $query = 'SELECT cat_id'; |
---|
154 | $query.= ' FROM '.PREFIX_TABLE.'user_access as ua'; |
---|
155 | $query.= ','.PREFIX_TABLE.'users as u '; |
---|
156 | $query.= ' where u.id = ua.user_id'; |
---|
157 | $query.= " and u.username = 'guest';"; |
---|
158 | $result = mysql_query( $query ); |
---|
159 | while( $row = mysql_fetch_array( $result ) ) |
---|
160 | { |
---|
161 | $query = 'INSERT INTO '.PREFIX_TABLE.'user_access'; |
---|
162 | $query.= ' (user_id,cat_id) VALUES'; |
---|
163 | $query.= ' ('.$user_id.','.$row['cat_id'].');'; |
---|
164 | mysql_query ( $query ); |
---|
165 | } |
---|
166 | } |
---|
167 | return $error; |
---|
168 | } |
---|
169 | |
---|
170 | function update_user( $user_id, $mail_address, $status, |
---|
171 | $use_new_password = false, $password = '' ) |
---|
172 | { |
---|
173 | $error = array(); |
---|
174 | $i = 0; |
---|
175 | |
---|
176 | $error_mail_address = validate_mail_address( $mail_address ); |
---|
177 | if ( $error_mail_address != '' ) |
---|
178 | { |
---|
179 | $error[$i++] = $error_mail_address; |
---|
180 | } |
---|
181 | |
---|
182 | if ( sizeof( $error ) == 0 ) |
---|
183 | { |
---|
184 | $query = 'UPDATE '.PREFIX_TABLE.'users'; |
---|
185 | $query.= " SET status = '".$status."'"; |
---|
186 | if ( $use_new_password ) |
---|
187 | { |
---|
188 | $query.= ", password = '".md5( $password )."'"; |
---|
189 | } |
---|
190 | $query.= ', mail_address = '; |
---|
191 | if ( $mail_address != '' ) |
---|
192 | { |
---|
193 | $query.= "'".$mail_address."'"; |
---|
194 | } |
---|
195 | else |
---|
196 | { |
---|
197 | $query.= 'NULL'; |
---|
198 | } |
---|
199 | $query.= ' WHERE id = '.$user_id; |
---|
200 | $query.= ';'; |
---|
201 | mysql_query( $query ); |
---|
202 | } |
---|
203 | return $error; |
---|
204 | } |
---|
205 | |
---|
206 | function check_login_authorization() |
---|
207 | { |
---|
208 | global $user,$lang,$conf,$page; |
---|
209 | |
---|
210 | if ( $user['is_the_guest'] |
---|
211 | and ( $conf['access'] == 'restricted' or $page['cat'] == 'fav' ) ) |
---|
212 | { |
---|
213 | echo '<div style="text-align:center;">'.$lang['only_members'].'<br />'; |
---|
214 | echo '<a href="./identification.php">'.$lang['ident_title'].'</a></div>'; |
---|
215 | exit(); |
---|
216 | } |
---|
217 | } |
---|
218 | |
---|
219 | // The function get_restrictions returns an array with the ids of the |
---|
220 | // restricted categories for the user. |
---|
221 | // If the $check_invisible parameter is set to true, invisible categories |
---|
222 | // are added to the restricted one in the array. |
---|
223 | function get_restrictions( $user_id, $user_status, |
---|
224 | $check_invisible, $use_groups = true ) |
---|
225 | { |
---|
226 | // 1. retrieving ids of private categories |
---|
227 | $query = 'SELECT id'; |
---|
228 | $query.= ' FROM '.PREFIX_TABLE.'categories'; |
---|
229 | $query.= " WHERE status = 'private'"; |
---|
230 | $query.= ';'; |
---|
231 | $result = mysql_query( $query ); |
---|
232 | $privates = array(); |
---|
233 | while ( $row = mysql_fetch_array( $result ) ) |
---|
234 | { |
---|
235 | array_push( $privates, $row['id'] ); |
---|
236 | } |
---|
237 | // 2. retrieving all authorized categories for the user |
---|
238 | $authorized = array(); |
---|
239 | // 2.1. retrieving authorized categories thanks to personnal user |
---|
240 | // authorization |
---|
241 | $query = 'SELECT cat_id'; |
---|
242 | $query.= ' FROM '.PREFIX_TABLE.'user_access'; |
---|
243 | $query.= ' WHERE user_id = '.$user_id; |
---|
244 | $query.= ';'; |
---|
245 | $result = mysql_query( $query ); |
---|
246 | while ( $row = mysql_fetch_array( $result ) ) |
---|
247 | { |
---|
248 | array_push( $authorized, $row['cat_id'] ); |
---|
249 | } |
---|
250 | // 2.2. retrieving authorized categories thanks to group authorization to |
---|
251 | // which the user is a member |
---|
252 | if ( $use_groups ) |
---|
253 | { |
---|
254 | $query = 'SELECT ga.cat_id'; |
---|
255 | $query.= ' FROM '.PREFIX_TABLE.'user_group as ug'; |
---|
256 | $query.= ', '.PREFIX_TABLE.'group_access as ga'; |
---|
257 | $query.= ' WHERE ug.group_id = ga.group_id'; |
---|
258 | $query.= ' AND ug.user_id = '.$user_id; |
---|
259 | $query.= ';'; |
---|
260 | $result = mysql_query( $query ); |
---|
261 | while ( $row = mysql_fetch_array( $result ) ) |
---|
262 | { |
---|
263 | array_push( $authorized, $row['cat_id'] ); |
---|
264 | } |
---|
265 | $authorized = array_unique( $authorized ); |
---|
266 | } |
---|
267 | |
---|
268 | $forbidden = array(); |
---|
269 | foreach ( $privates as $private ) { |
---|
270 | if ( !in_array( $private, $authorized ) ) |
---|
271 | { |
---|
272 | array_push( $forbidden, $private ); |
---|
273 | } |
---|
274 | } |
---|
275 | |
---|
276 | if ( $check_invisible ) |
---|
277 | { |
---|
278 | // 3. adding to the restricted categories, the invisible ones |
---|
279 | if ( $user_status != 'admin' ) |
---|
280 | { |
---|
281 | $query = 'SELECT id'; |
---|
282 | $query.= ' FROM '.PREFIX_TABLE.'categories'; |
---|
283 | $query.= " WHERE visible = 'false';"; |
---|
284 | $result = mysql_query( $query ); |
---|
285 | while ( $row = mysql_fetch_array( $result ) ) |
---|
286 | { |
---|
287 | array_push( $forbidden, $row['id'] ); |
---|
288 | } |
---|
289 | } |
---|
290 | } |
---|
291 | return array_unique( $forbidden ); |
---|
292 | } |
---|
293 | |
---|
294 | // The get_all_restrictions function returns an array with all the |
---|
295 | // categories id which are restricted for the user. Including the |
---|
296 | // sub-categories and invisible categories |
---|
297 | function get_all_restrictions( $user_id, $user_status ) |
---|
298 | { |
---|
299 | $restricted_cats = get_restrictions( $user_id, $user_status, true ); |
---|
300 | foreach ( $restricted_cats as $restricted_cat ) { |
---|
301 | $sub_restricted_cats = get_subcats_id( $restricted_cat ); |
---|
302 | foreach ( $sub_restricted_cats as $sub_restricted_cat ) { |
---|
303 | array_push( $restricted_cats, $sub_restricted_cat ); |
---|
304 | } |
---|
305 | } |
---|
306 | return $restricted_cats; |
---|
307 | } |
---|
308 | |
---|
309 | // The function is_user_allowed returns : |
---|
310 | // - 0 : if the category is allowed with this $restrictions array |
---|
311 | // - 1 : if this category is not allowed |
---|
312 | // - 2 : if an uppercat category is not allowed |
---|
313 | function is_user_allowed( $category_id, $restrictions ) |
---|
314 | { |
---|
315 | $lowest_category_id = $category_id; |
---|
316 | |
---|
317 | $is_root = false; |
---|
318 | while ( !$is_root and !in_array( $category_id, $restrictions ) ) |
---|
319 | { |
---|
320 | $query = 'SELECT id_uppercat'; |
---|
321 | $query.= ' FROM '.PREFIX_TABLE.'categories'; |
---|
322 | $query.= ' WHERE id = '.$category_id; |
---|
323 | $query.= ';'; |
---|
324 | $row = mysql_fetch_array( mysql_query( $query ) ); |
---|
325 | if ( $row['id_uppercat'] == '' ) $is_root = true; |
---|
326 | $category_id = $row['id_uppercat']; |
---|
327 | } |
---|
328 | |
---|
329 | if ( in_array( $lowest_category_id, $restrictions ) ) return 1; |
---|
330 | if ( in_array( $category_id, $restrictions ) ) return 2; |
---|
331 | // this user is allowed to go in this category |
---|
332 | return 0; |
---|
333 | } |
---|
334 | ?> |
---|