Context Navigation

source: trunk/include/functions_user.inc.php @ 661

Last change on this file since 661 was 661, checked in by plg, 20 years ago
register process partly rewritten
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 9.2 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2004 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| branch : BSF (Best So Far)
8	// \| file : $RCSfile$
9	// \| last update : $Date: 2004-12-28 17:56:33 +0000 (Tue, 28 Dec 2004) $
10	// \| last modifier : $Author: plg $
11	// \| revision : $Revision: 661 $
12	// +-----------------------------------------------------------------------+
13	// \| This program is free software; you can redistribute it and/or modify \|
14	// \| it under the terms of the GNU General Public License as published by \|
15	// \| the Free Software Foundation \|
16	// \| \|
17	// \| This program is distributed in the hope that it will be useful, but \|
18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
20	// \| General Public License for more details. \|
21	// \| \|
22	// \| You should have received a copy of the GNU General Public License \|
23	// \| along with this program; if not, write to the Free Software \|
24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
25	// \| USA. \|
26	// +-----------------------------------------------------------------------+
27
28	// validate_mail_address verifies whether the given mail address has the
29	// right format. ie someone@domain.com "someone" can contain ".", "-" or
30	// even "_". Exactly as "domain". The extension doesn't have to be
31	// "com". The mail address can also be empty.
32	// If the mail address doesn't correspond, an error message is returned.
33	function validate_mail_address( $mail_address )
34	{
35	global $lang;
36
37	if ( $mail_address == '' )
38	{
39	return '';
40	}
41	$regex = '/^[\w-]+(\.[\w-]+)@[\w-]+(\.[\w-]+)\.[a-z]+$/';
42	if ( !preg_match( $regex, $mail_address ) )
43	{
44	return $lang['reg_err_mail_address'];
45	}
46	}
47
48	function register_user($login, $password, $password_conf,
49	$mail_address, $status = 'guest')
50	{
51	global $lang, $conf;
52
53	$errors = array();
54	// login must not
55	// 1. be empty
56	// 2. start ou end with space character
57	// 3. include ' or " characters
58	// 4. be already used
59	if ($login == '')
60	{
61	array_push($errors, $lang['reg_err_login1']);
62	}
63	if (ereg("^.* $", $login))
64	{
65	array_push($errors, $lang['reg_err_login2']);
66	}
67	if (ereg("^ .*$", $login))
68	{
69	array_push($errors, $lang['reg_err_login3']);
70	}
71
72	if (ereg("'", $login) or ereg("\"", $login))
73	{
74	array_push($errors, $lang['reg_err_login4']);
75	}
76	else
77	{
78	$query = '
79	SELECT id
80	FROM '.USERS_TABLE.'
81	WHERE username = \''.$login.'\'
82	;';
83	$result = pwg_query($query);
84	if (mysql_num_rows($result) > 0)
85	{
86	array_push($errors, $lang['reg_err_login5']);
87	}
88	}
89	// given password must be the same as the confirmation
90	if ($password != $password_conf)
91	{
92	array_push($errors, $lang['reg_err_pass']);
93	}
94
95	$error_mail_address = validate_mail_address($mail_address);
96	if ($error_mail_address != '')
97	{
98	array_push($errors, $error_mail_address);
99	}
100
101	// if no error until here, registration of the user
102	if (count($errors) == 0)
103	{
104	$insert = array();
105	$insert['username'] = $login;
106	$insert['password'] = md5($password);
107	$insert['status'] = $status;
108	$insert['template'] = $conf['default_template'];
109	$insert['nb_image_line'] = $conf['nb_image_line'];
110	$insert['nb_line_page'] = $conf['nb_line_page'];
111	$insert['language'] = $conf['default_language'];
112	$insert['recent_period'] = $conf['recent_period'];
113	$insert['expand'] = boolean_to_string($conf['auto_expand']);
114	$insert['show_nb_comments'] = boolean_to_string($conf['show_nb_comments']);
115	if ( $mail_address != '' )
116	{
117	$insert['mail_address'] = $mail_address;
118	}
119	if ($conf['default_maxwidth'] != '')
120	{
121	$insert['maxwidth'] = $conf['default_maxwidth'];
122	}
123	if ($conf['default_maxheight'] != '')
124	{
125	$insert['maxheight'] = $conf['default_maxheight'];
126	}
127
128	$query = '
129	INSERT INTO '.USERS_TABLE.'
130	('.implode(',', array_keys($insert)).')
131	VALUES
132	(';
133	$is_first = true;
134	foreach (array_keys($insert) as $field)
135	{
136	if (!$is_first)
137	{
138	$query.= ',';
139	}
140	$query.= "'".$insert[$field]."'";
141	$is_first = false;
142	}
143	$query.= ')
144	;';
145	pwg_query($query);
146	}
147	return $errors;
148	}
149
150	function update_user( $user_id, $mail_address, $status,
151	$use_new_password = false, $password = '' )
152	{
153	$error = array();
154	$i = 0;
155
156	$error_mail_address = validate_mail_address( $mail_address );
157	if ( $error_mail_address != '' )
158	{
159	$error[$i++] = $error_mail_address;
160	}
161
162	if ( sizeof( $error ) == 0 )
163	{
164	$query = 'UPDATE '.USERS_TABLE;
165	$query.= " SET status = '".$status."'";
166	if ( $use_new_password )
167	{
168	$query.= ", password = '".md5( $password )."'";
169	}
170	$query.= ', mail_address = ';
171	if ( $mail_address != '' )
172	{
173	$query.= "'".$mail_address."'";
174	}
175	else
176	{
177	$query.= 'NULL';
178	}
179	$query.= ' WHERE id = '.$user_id;
180	$query.= ';';
181	pwg_query( $query );
182	}
183	return $error;
184	}
185
186	function check_login_authorization($guest_allowed = true)
187	{
188	global $user,$lang,$conf,$template;
189
190	if ($user['is_the_guest'] and !$guest_allowed)
191	{
192	echo '<div style="text-align:center;">'.$lang['only_members'].'<br />';
193	echo '<a href="./identification.php">'.$lang['ident_title'].'</a></div>';
194	exit();
195	}
196
197	if ($conf['gallery_locked'])
198	{
199	echo '<div style="text-align:center;">';
200	echo $lang['gallery_locked_message'];
201	echo '</div>';
202	if ($user['status'] != 'admin')
203	{
204	exit();
205	}
206	}
207	}
208
209	function setup_style($style)
210	{
211	$template_path = 'template/' ;
212	$template_name = $style ;
213	$template = new Template(PHPWG_ROOT_PATH . $template_path . $template_name);
214	return $template;
215	}
216
217	function getuserdata($user)
218	{
219	$sql = "SELECT * FROM " . USERS_TABLE;
220	$sql.= " WHERE ";
221	$sql .= ( ( is_integer($user) ) ? "id = $user" : "username = '" . str_replace("\'", "''", $user) . "'" ) . " AND id <> " . ANONYMOUS;
222	$result = pwg_query($sql);
223	return ( $row = mysql_fetch_array($result) ) ? $row : false;
224	}
225
226	/*
227	* deletes favorites of the current user if he's not allowed to see them
228	*
229	* @return void
230	*/
231	function check_user_favorites()
232	{
233	global $user;
234
235	if ($user['forbidden_categories'] == '')
236	{
237	return;
238	}
239
240	$query = '
241	SELECT f.image_id
242	FROM '.FAVORITES_TABLE.' AS f INNER JOIN '.IMAGE_CATEGORY_TABLE.' AS ic
243	ON f.image_id = ic.image_id
244	WHERE f.user_id = '.$user['id'].'
245	AND ic.category_id IN ('.$user['forbidden_categories'].')
246	;';
247	$result = pwg_query($query);
248	$elements = array();
249	while ($row = mysql_fetch_array($result))
250	{
251	array_push($elements, $row['image_id']);
252	}
253
254	if (count($elements) > 0)
255	{
256	$query = '
257	DELETE FROM '.FAVORITES_TABLE.'
258	WHERE image_id IN ('.implode(',', $elements).')
259	AND user_id = '.$user['id'].'
260	;';
261	pwg_query($query);
262	}
263	}
264
265	/**
266	* update table user_forbidden for the given user
267	*
268	* table user_forbidden contains calculated data. Calculation is based on
269	* private categories minus categories authorized to the groups the user
270	* belongs to minus the categories directly authorized to the user
271	*
272	* @param int user_id
273	* @return string forbidden_categories
274	*/
275	function calculate_permissions($user_id)
276	{
277	$private_array = array();
278	$authorized_array = array();
279
280	$query = '
281	SELECT id
282	FROM '.CATEGORIES_TABLE.'
283	WHERE status = \'private\'
284	;';
285	$result = pwg_query($query);
286	while ($row = mysql_fetch_array($result))
287	{
288	array_push($private_array, $row['id']);
289	}
290
291	// retrieve category ids directly authorized to the user
292	$query = '
293	SELECT cat_id
294	FROM '.USER_ACCESS_TABLE.'
295	WHERE user_id = '.$user_id.'
296	;';
297	$result = pwg_query($query);
298	while ($row = mysql_fetch_array($result))
299	{
300	array_push($authorized_array, $row['cat_id']);
301	}
302
303	// retrieve category ids authorized to the groups the user belongs to
304	$query = '
305	SELECT cat_id
306	FROM '.USER_GROUP_TABLE.' AS ug INNER JOIN '.GROUP_ACCESS_TABLE.' AS ga
307	ON ug.group_id = ga.group_id
308	WHERE ug.user_id = '.$user_id.'
309	;';
310	$result = pwg_query($query);
311	while ($row = mysql_fetch_array($result))
312	{
313	array_push($authorized_array, $row['cat_id']);
314	}
315
316	// uniquify ids : some private categories might be authorized for the
317	// groups and for the user
318	$authorized_array = array_unique($authorized_array);
319
320	// only unauthorized private categories are forbidden
321	$forbidden_array = array_diff($private_array, $authorized_array);
322
323	$query = '
324	DELETE FROM '.USER_FORBIDDEN_TABLE.'
325	WHERE user_id = '.$user_id.'
326	;';
327	pwg_query($query);
328
329	$forbidden_categories = implode(',', $forbidden_array);
330
331	$query = '
332	INSERT INTO '.USER_FORBIDDEN_TABLE.'
333	(user_id,need_update,forbidden_categories)
334	VALUES
335	('.$user_id.',\'false\',\''.$forbidden_categories.'\')
336	;';
337	pwg_query($query);
338
339	return $forbidden_categories;
340	}
341	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: