Context Navigation

user.inc.php @ 804

Last change on this file since 804 was 804, checked in by plg, 19 years ago

new feature : use Apache authentication. If $confapache_authentication is set true : if no user matches $_SERVERREMOTE_USER in "users" table, PWG automatically creates one. This way, users can customize the behaviour of the application.

template : new organisation of identification menu (category.php). Simplification is required for Apache authentication (no logout link even if user is externally logged in)

new : usernames can contain quotes (required because Apache authentication authorized quotes in usernames)

Property svn:eol-style set to native
Property svn:keywords set to Author Date Id Revision

File size: 6.8 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| branch : BSF (Best So Far)
8	// \| file : $RCSfile$
9	// \| last update : $Date: 2005-07-17 15:06:39 +0000 (Sun, 17 Jul 2005) $
10	// \| last modifier : $Author: plg $
11	// \| revision : $Revision: 804 $
12	// +-----------------------------------------------------------------------+
13	// \| This program is free software; you can redistribute it and/or modify \|
14	// \| it under the terms of the GNU General Public License as published by \|
15	// \| the Free Software Foundation \|
16	// \| \|
17	// \| This program is distributed in the hope that it will be useful, but \|
18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
20	// \| General Public License for more details. \|
21	// \| \|
22	// \| You should have received a copy of the GNU General Public License \|
23	// \| along with this program; if not, write to the Free Software \|
24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
25	// \| USA. \|
26	// +-----------------------------------------------------------------------+
27
28	// Dynamic change of language with database persistency
29	//
30	// FIXME : ce bout de code fait planter l'assignation d'un language a
31	// plusieurs users simultanement dans la nouvelle page admin/user_list.php
32	//
33	// if (isset($_POST['language']))
34	// {
35	// $query = "UPDATE ".USERS_TABLE." SET language = '";
36	// $query.= $_POST['language'];
37	// $query.= "' WHERE id = ".$_POST['userid'].";";
38	// pwg_query($query);
39	// }
40
41
42	// retrieving connected user informations
43	if (isset($_COOKIE['id']))
44	{
45	$session_id = $_COOKIE['id'];
46	$user['has_cookie'] = true;
47	}
48	else if (isset($_GET['id']))
49	{
50	$session_id = $_GET['id'];
51	$user['has_cookie'] = false;
52	}
53	else
54	{
55	$user['has_cookie'] = false;
56	}
57
58	if (isset($session_id)
59	and ereg("^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id))
60	{
61	$page['session_id'] = $session_id;
62	$query = '
63	SELECT user_id,expiration,NOW() AS now
64	FROM '.SESSIONS_TABLE.'
65	WHERE id = \''.$page['session_id'].'\'
66	;';
67	$result = pwg_query($query);
68	if (mysql_num_rows($result) > 0)
69	{
70	$row = mysql_fetch_array($result);
71	if (strnatcmp($row['expiration'], $row['now']) < 0)
72	{
73	// deletion of the session from the database, because it is
74	// out-of-date
75	$delete_query = '
76	DELETE FROM '.SESSIONS_TABLE.'
77	WHERE id = \''.$page['session_id'].'\'
78	;';
79	pwg_query($delete_query);
80	}
81	else
82	{
83	$user['id'] = $row['user_id'];
84	$user['is_the_guest'] = false;
85	}
86	}
87	}
88	if (!isset($user['id']))
89	{
90	$user['id'] = 2;
91	$user['is_the_guest'] = true;
92	}
93
94	// using Apache authentication override the above user search
95	if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER']))
96	{
97	$query = '
98	SELECT id
99	FROM '.USERS_TABLE.'
100	WHERE username = \''.mysql_escape_string($_SERVER['REMOTE_USER']).'\'
101	;';
102	$result = pwg_query($query);
103
104	if (mysql_num_rows($result) == 0)
105	{
106	register_user($_SERVER['REMOTE_USER'], '', '', '');
107
108	$query = '
109	SELECT id
110	FROM '.USERS_TABLE.'
111	WHERE username = \''.mysql_escape_string($_SERVER['REMOTE_USER']).'\'
112	;';
113	list($user['id']) = mysql_fetch_row(pwg_query($query));
114	}
115	else
116	{
117	list($user['id']) = mysql_fetch_row($result);
118	}
119
120	$user['is_the_guest'] = false;
121	}
122
123	$query = '
124	SELECT u., uf.
125	FROM '.USERS_TABLE.' AS u LEFT JOIN '.USER_FORBIDDEN_TABLE.' AS uf
126	ON id = user_id
127	WHERE u.id = '.$user['id'].'
128	;';
129	$row = mysql_fetch_array(pwg_query($query));
130
131	// affectation of each value retrieved in the users table into a variable of
132	// the array $user.
133	foreach ($row as $key => $value)
134	{
135	if (!is_numeric($key))
136	{
137	// If the field is true or false, the variable is transformed into a
138	// boolean value.
139	if ($value == 'true' or $value == 'false')
140	{
141	$user[$key] = get_boolean($value);
142	}
143	else
144	{
145	$user[$key] = $value;
146	}
147	}
148	}
149
150	// properties of user guest are found in the configuration
151	if ($user['is_the_guest'])
152	{
153	$user['template'] = $conf['default_template'];
154	$user['nb_image_line'] = $conf['nb_image_line'];
155	$user['nb_line_page'] = $conf['nb_line_page'];
156	$user['language'] = $conf['default_language'];
157	$user['maxwidth'] = $conf['default_maxwidth'];
158	$user['maxheight'] = $conf['default_maxheight'];
159	$user['recent_period'] = $conf['recent_period'];
160	$user['expand'] = $conf['auto_expand'];
161	$user['show_nb_comments'] = $conf['show_nb_comments'];
162	}
163
164	// if no information were found about user in user_forbidden table OR the
165	// forbidden categories must be updated : only if current user is in public
166	// part
167	if (!defined('IN_ADMIN') or !IN_ADMIN)
168	{
169	if (!isset($user['need_update'])
170	or !is_bool($user['need_update'])
171	or $user['need_update'] == true)
172	{
173	$user['forbidden_categories'] = calculate_permissions($user['id'],
174	$user['status']);
175	}
176	}
177
178	// forbidden_categories is a must be empty, at least
179	if (!isset($user['forbidden_categories']))
180	{
181	$user['forbidden_categories'] = '';
182	}
183
184	// special for $user['restrictions'] array
185	$user['restrictions'] = explode(',', $user['forbidden_categories']);
186	if ($user['restrictions'][0] == '')
187	{
188	$user['restrictions'] = array();
189	}
190
191	// calculation of the number of picture to display per page
192	$user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page'];
193
194	if (empty($user['language'])
195	or !file_exists(PHPWG_ROOT_PATH.'language/'.
196	$user['language'].'/common.lang.php'))
197	{
198	$user['language'] = $conf['default_language'];
199	}
200	include_once(PHPWG_ROOT_PATH.'language/'.$user['language'].'/common.lang.php');
201
202	// displaying the username in the language of the connected user, instead of
203	// "guest" as you can find in the database
204	if ($user['is_the_guest'])
205	{
206	$user['username'] = $lang['guest'];
207	}
208
209	// only if we are in the administration section
210	if (defined('IN_ADMIN') and IN_ADMIN)
211	{
212	$langdir = PHPWG_ROOT_PATH.'language/'.$user['language'];
213	if (!file_exists($langdir.'/admin.lang.php'))
214	{
215	$langdir = PHPWG_ROOT_PATH.'language/'.$conf['default_language'];
216	}
217	include_once($langdir.'/admin.lang.php');
218	include_once($langdir.'/faq.lang.php');
219	}
220
221	if (empty($user['template']))
222	{
223	$user['template'] = $conf['default_template'];
224	}
225	$template = setup_style($user['template']);
226	?>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/include/user.inc.php @ 804

Download in other formats: