Changeset 10957


Ignore:
Timestamp:
May 20, 2011, 10:21:46 PM (14 years ago)
Author:
Eric
Message:
  • Use pwg_db_real_escape_string() instead of addslashes()
  • Database upgrade process simplied (using version_compare() and code refactoring)
  • Bug 2253 fixed - New feature to allow comments on pictures only for specific users (who belong to a group) when "comments for all" is set
Location:
extensions/UserAdvManager/trunk
Files:
18 edited

Legend:

Unmodified
Added
Removed
  • extensions/UserAdvManager/trunk/admin/UAM_admin.php

    r10942 r10957  
    106106  case 'global':
    107107
    108         if (isset($_POST['submit']) and isset($_POST['UAM_Mail_Info']) and isset($_POST['UAM_Username_Char']) and isset($_POST['UAM_Confirm_Mail']) and isset($_POST['UAM_No_Comment_Anonymous']) and isset($_POST['UAM_Password_Enforced']) and isset($_POST['UAM_AdminPassword_Enforced']) and isset($_POST['UAM_GhostUser_Tracker']) and isset($_POST['UAM_Admin_ConfMail']) and isset($_POST['UAM_RedirToProfile']) and isset($_POST['UAM_GTAuto']) and isset($_POST['UAM_GTAutoMail']) and isset($_POST['UAM_CustomPasswRetr']) and isset($_POST['UAM_USRAuto']) and isset($_POST['UAM_USRAutoMail']) and isset($_POST['UAM_Stuffs']) and isset($_POST['UAM_HidePassw']))
     108        if (isset($_POST['submit']) and isset($_POST['UAM_Mail_Info']) and isset($_POST['UAM_Username_Char']) and isset($_POST['UAM_Confirm_Mail']) and isset($_POST['UAM_No_Comment_Anonymous']) and isset($_POST['UAM_Password_Enforced']) and isset($_POST['UAM_AdminPassword_Enforced']) and isset($_POST['UAM_GhostUser_Tracker']) and isset($_POST['UAM_Admin_ConfMail']) and isset($_POST['UAM_RedirToProfile']) and isset($_POST['UAM_GTAuto']) and isset($_POST['UAM_GTAutoMail']) and isset($_POST['UAM_CustomPasswRetr']) and isset($_POST['UAM_USRAuto']) and isset($_POST['UAM_USRAutoMail']) and isset($_POST['UAM_Stuffs']) and isset($_POST['UAM_HidePassw']) and isset($_POST['UAM_GroupComm']))
    109109  {
    110110
     
    179179      $_POST['UAM_USRAutoMail'],
    180180      $_POST['UAM_Stuffs'],
    181       $_POST['UAM_HidePassw']
     181      $_POST['UAM_HidePassw'],
     182      $_POST['UAM_GroupComm'],
     183      (isset($_POST['UAM_AllowComm_Group'])?$_POST['UAM_AllowComm_Group']:''),
    182184      );
    183185
     
    257259  $Valid = -1;
    258260  $Downgrade = -1;
     261  $AllowComm = -1;
    259262       
    260263  //Check groups list in database
     
    284287                {
    285288                $Downgrade = $row['id'];
     289                }
     290    //configuration value for users group allowed to post comments
     291    if (isset($conf_UAM[37]) and $conf_UAM[37] == $row['id'])
     292                {
     293                $AllowComm = $row['id'];
    286294                }
    287295  }
     
    309317      'group_options'=> $groups,
    310318      'group_selected' => $Downgrade
     319                        )
     320        );
     321  //Template initialization for allowed group for comments
     322  $template->assign(
     323    'AllowComm_Group',
     324                array(
     325      'group_options'=> $groups,
     326      'group_selected' => $AllowComm
    311327                        )
    312328        );
     
    449465    'UAM_HIDEPASSW_TRUE'             => $conf_UAM[35]=='true' ?  'checked="checked"' : '' ,
    450466    'UAM_HIDEPASSW_FALSE'            => $conf_UAM[35]=='false' ?  'checked="checked"' : '' ,
     467    'UAM_GROUPCOMM_TRUE'             => $conf_UAM[36]=='true' ?  'checked="checked"' : '' ,
     468    'UAM_GROUPCOMM_FALSE'            => $conf_UAM[36]=='false' ?  'checked="checked"' : '' ,
     469    'UAM_ALLOWCOMM_GROUP'            => $conf_UAM[37],
    451470                'UAM_PASSWORD_TEST_SCORE'        => $UAM_Password_Test_Score,
    452471    'UAM_ERROR_REPORTS4'             => $UAM_Exclusionlist_Error,
  • extensions/UserAdvManager/trunk/admin/template/global.tpl

    r10391 r10957  
    679679
    680680            <li>
     681              <label class="cluetip" title="{'UAM_GroupCommTitle'|translate}|{'UAM_GroupCommTitle_d'|translate}">
     682                {'UAM_Group_Comments'|@translate}
     683              </label>
     684            <br><br>
     685              <input type="radio" value="false" {$UAM_GROUPCOMM_FALSE} name="UAM_GroupComm">
     686                {'UAM_Disable'|@translate}
     687            <br>
     688              <input type="radio" value="true" {$UAM_GROUPCOMM_TRUE} name="UAM_GroupComm">
     689                {'UAM_Enable'|@translate}
     690            <br><br>
     691              <ul>
     692                <li>
     693                  <label>
     694                    {'UAM_AllowedComm_Group'|@translate}
     695                  </label>
     696                <br><br>
     697                  <div id="uam_leftmargin">
     698                    {html_options name="UAM_AllowComm_Group" options=$AllowComm_Group.group_options selected=$AllowComm_Group.group_selected}
     699                  </div>
     700                </li>
     701              </ul>
     702            <br><br>
     703            </li>
     704
     705            <li>
    681706              <label class="cluetip" title="{'UAM_RedirTitle'|translate}|{'UAM_RedirTitle_d'|translate}">
    682707                {'UAM_RedirToProfile'|@translate}
  • extensions/UserAdvManager/trunk/changelog.txt.php

    r10942 r10957  
    250250
    251251-- 2.20.7 : Use pwg_db_real_escape_string() instead of addslashes()
     252            Database upgrade process simplied (using version_compare() and code refactoring)
     253            Bug 2253 fixed - New feature to allow comments on pictures only for specific users (who belong to a group) when "comments for all" is set
    252254*/
    253255?>
  • extensions/UserAdvManager/trunk/include/functions.inc.php

    r10706 r10957  
    752752 * Triggered on user_comment_check
    753753 *
    754  * checks if author is mandatory and set on comments post
     754 * checks if author is mandatory and set on comments post when comments for all is set
     755 *
     756 * cheks if author is in an allowed group to post comment when comments for all is not set
    755757 *
    756758 * @param : comment action, comment
     
    762764{
    763765  load_language('plugin.lang', UAM_PATH);
    764   global $infos, $conf, $template;
     766  global $infos, $conf, $user;
    765767
    766768  $conf_UAM = unserialize($conf['UserAdvManager']);
    767769
    768 // User creation OR update
    769   if (isset($conf_UAM[5]) and $conf_UAM[5] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
     770// Does not allow empty author name on comments for all
     771  if (isset($conf_UAM[5]) and $conf_UAM[5] == 'true' and $comm['author'] == 'guest' and $conf['comments_forall'])
    770772  {
    771773    $comment_action = 'reject';
    772774
    773775    array_push($infos, l10n('UAM_Empty Author'));
     776  }
     777
     778
     779// Do not allow comments if user is not in an allowed group
     780  if (isset($conf_UAM[36]) and $conf_UAM[36] == 'true' and !$conf['comments_forall'])
     781  {
     782    if (!UAM_CheckAuthor($comm['author']))
     783    {
     784      $comment_action = 'reject';
     785
     786      array_push($infos, l10n('UAM_Not_Allowed_Author'));
     787    }
    774788  }
    775789
     
    25262540
    25272541/**
     2542 * Called from UAM_CheckEmptyCommentAuthor()
     2543 * Checks if comment's author name is in the allowed group
     2544 *
     2545 * @author   : author's name
     2546 *
     2547 * @returns  : Boolean (true is user is allowed to post / false if not allowed)
     2548 *
     2549 */
     2550function UAM_CheckAuthor($author)
     2551{
     2552  global $conf;
     2553 
     2554        // Get UAM configuration
     2555  $conf_UAM = unserialize($conf['UserAdvManager']);
     2556 
     2557  if (isset($conf_UAM[37]) and $conf_UAM[37] <> -1)
     2558  {
     2559    $query = '
     2560SELECT u.id,
     2561       u.username,
     2562       ug.user_id,
     2563       ug.group_id
     2564FROM '.USERS_TABLE.' AS u
     2565  INNER JOIN '.USER_GROUP_TABLE.' AS ug
     2566    ON u.id = ug.user_id
     2567WHERE u.username LIKE "'.$author.'"
     2568  AND ug.group_id = '.$conf_UAM[37].'
     2569;';
     2570
     2571    $count = pwg_db_num_rows(pwg_query($query));
     2572
     2573    if (is_null($count) or $count == 0)
     2574    {
     2575      return false;
     2576    }
     2577    else
     2578      return true;
     2579  }
     2580}
     2581
     2582
     2583/**
    25282584 * Useful for debugging - 4 vars can be set
    25292585 * Output result to log.txt file
  • extensions/UserAdvManager/trunk/include/upgradedb.inc.php

    r10942 r10957  
    453453        pwg_query($query);
    454454}
     455
     456/* upgrade from 2.20.4 to 2.20.7 */
     457/* ***************************** */
     458function upgrade_2204_2207()
     459{
     460  global $conf;
     461
     462  // Upgrading options
     463  $query = '
     464SELECT value
     465  FROM '.CONFIG_TABLE.'
     466WHERE param = "UserAdvManager"
     467;';
     468
     469  $result = pwg_query($query);
     470  $conf_UAM = pwg_db_fetch_assoc($result);
     471   
     472  $Newconf_UAM = unserialize($conf_UAM['value']);
     473 
     474  $Newconf_UAM[36] = 'false';
     475  $Newconf_UAM[37] = '-1';
     476 
     477  $update_conf = serialize($Newconf_UAM);
     478   
     479  $query = '
     480UPDATE '.CONFIG_TABLE.'
     481SET value="'.pwg_db_real_escape_string($update_conf).'"
     482WHERE param="UserAdvManager"
     483LIMIT 1
     484;';
     485
     486        pwg_query($query);
     487}
    455488?>
  • extensions/UserAdvManager/trunk/language/de_DE/help/plugin.lang.php

    r10391 r10957  
    285285/*TODO*/$lang['UAM_HidePasswTitle_d'] = 'Choose here if you want to display the password chosen by the visitor in the information email. If you enable the option, the password will then appear in clear text. If you disable the password will not appear at all.';
    286286// --------- End: New or revised $lang ---- from version 2.20.4
     287
     288
     289// --------- Starting below: New or revised $lang ---- from version 2.20.7
     290$lang['UAM_GroupCommTitle'] = 'Kommentare zulassen, um eine Gruppe von Benutzern';
     291/*TODO*/$lang['UAM_GroupCommTitle_d'] = 'This option lets you specify a group of users who will allowed to post comments when the gallery is configured to not allow comments for all.
     292<br><br>
     293By default, when &quot;comments for all&quot; option is disabled, only registered users can post comments. With this option, you can restrict this behavior by specifying a user group. Thus, only registered users and members of this group may post comments.';
     294// --------- End: New or revised $lang ---- from version 2.20.7
    287295?>
  • extensions/UserAdvManager/trunk/language/de_DE/plugin.lang.php

    r10391 r10957  
    330330$lang['UAM_HidePassw'] = 'Passwort im Klartext in der Informations-E-Mail';
    331331// --------- End: New or revised $lang ---- from version 2.20.4
     332
     333
     334// --------- Starting below: New or revised $lang ---- from version 2.20.7
     335$lang['UAM_Group_Comments'] = 'Kommentare zulassen um eine Gruppe von Benutzern';
     336$lang['UAM_AllowedComm_Group'] = 'Wählen Sie die Gruppe von Benutzern gestattet Kommentare anzulegen:';
     337$lang['UAM_Not_Allowed_Author'] = 'Entschuldigung, Sie sind nicht befugt einen Kommentar abzugeben. Bitte kontaktieren Sie den Administrator der Website.';
     338// --------- End: New or revised $lang ---- from version 2.20.7
    332339?>
  • extensions/UserAdvManager/trunk/language/en_UK/help/plugin.lang.php

    r10391 r10957  
    285285$lang['UAM_HidePasswTitle_d'] = 'Choose here if you want to display the password chosen by the visitor in the information email. If you enable the option, the password will then appear in clear text. If you disable the password will not appear at all.';
    286286// --------- End: New or revised $lang ---- from version 2.20.4
     287
     288
     289// --------- Starting below: New or revised $lang ---- from version 2.20.7
     290$lang['UAM_GroupCommTitle'] = 'Allow comments to a group of users';
     291$lang['UAM_GroupCommTitle_d'] = 'This option lets you specify a group of users who will allowed to post comments when the gallery is configured to not allow comments for all.
     292<br><br>
     293By default, when &quot;comments for all&quot; option is disabled, only registered users can post comments. With this option, you can restrict this behavior by specifying a user group. Thus, only registered users and members of this group may post comments.';
     294// --------- End: New or revised $lang ---- from version 2.20.7
    287295?>
  • extensions/UserAdvManager/trunk/language/en_UK/plugin.lang.php

    r10391 r10957  
    332332$lang['UAM_HidePassw'] = 'Password in clear text in the information email';
    333333// --------- End: New or revised $lang ---- from version 2.20.4
     334
     335
     336// --------- Starting below: New or revised $lang ---- from version 2.20.7
     337$lang['UAM_Group_Comments'] = 'Allow comments to a group of users';
     338$lang['UAM_AllowedComm_Group'] = 'Select the group of users allowed to post comments:';
     339$lang['UAM_Not_Allowed_Author'] = 'Sorry, you are not authorized to post a comment. Please contact the site administrator.';
     340// --------- End: New or revised $lang ---- from version 2.20.7
    334341?>
  • extensions/UserAdvManager/trunk/language/es_ES/help/plugin.lang.php

    r10391 r10957  
    281281/*TODO*/$lang['UAM_HidePasswTitle_d'] = 'Choose here if you want to display the password chosen by the visitor in the information email. If you enable the option, the password will then appear in clear text. If you disable the password will not appear at all.';
    282282// --------- End: New or revised $lang ---- from version 2.20.4
     283
     284
     285// --------- Starting below: New or revised $lang ---- from version 2.20.7
     286/*TODO*/$lang['UAM_GroupCommTitle'] = 'Allow comments to a group of users';
     287/*TODO*/$lang['UAM_GroupCommTitle_d'] = 'This option lets you specify a group of users who will allowed to post comments when the gallery is configured to not allow comments for all.
     288<br><br>
     289By default, when &quot;comments for all&quot; option is disabled, only registered users can post comments. With this option, you can restrict this behavior by specifying a user group. Thus, only registered users and members of this group may post comments.';
     290// --------- End: New or revised $lang ---- from version 2.20.7
    283291?>
  • extensions/UserAdvManager/trunk/language/es_ES/plugin.lang.php

    r10391 r10957  
    370370$lang['UAM_HidePassw'] = 'Contraseña en texto claro en la información del correo electrónico';
    371371// --------- End: New or revised $lang ---- from version 2.20.4
     372
     373
     374// --------- Starting below: New or revised $lang ---- from version 2.20.7
     375/*TODO*/$lang['UAM_Group_Comments'] = 'Allow comments to a group of users';
     376/*TODO*/$lang['UAM_AllowedComm_Group'] = 'Select the group of users allowed to post comments:';
     377/*TODO*/$lang['UAM_Not_Allowed_Author'] = 'Sorry, you are not authorized to post a comment. Please contact the site administrator.';
     378// --------- End: New or revised $lang ---- from version 2.20.7
    372379?>
  • extensions/UserAdvManager/trunk/language/fr_FR/help/plugin.lang.php

    r10391 r10957  
    281281$lang['UAM_HidePasswTitle_d'] = 'Choisissez ici si vous souhaitez faire afficher le mot de passe choisi par le visiteur dans le mail d\'information. Si vous activez l\'option, le mot de passe apparaitra alors en clair. Si vous la désactivez, le mot de passe n\'apparaitra pas du tout.';
    282282// --------- End: New or revised $lang ---- from version 2.20.4
     283
     284
     285// --------- Starting below: New or revised $lang ---- from version 2.20.7
     286$lang['UAM_GroupCommTitle'] = 'Autoriser les commentaires pour un groupe d\'utilisateurs';
     287$lang['UAM_GroupCommTitle_d'] = 'Cette option permet de spécifier un groupe d\'utilisateurs qui seront autorisés à poster des commentaires lorsque la galerie est configurée pour ne pas autoriser les commentaires pour tous.
     288<br><br>
     289Par défaut, lorsque les &quot;commentaires pour tous&quot; sont désactivés, seuls les utilisateurs inscrits peuvent poster des commentaires. Avec cette option, vous pouvez restreindre d\'avantage ce fonctionnement en précisant un groupe d\'utilisateurs. Ainsi, seuls les utilisateurs inscrits et faisant partie de ce groupe pourront poster des commentaires.';
     290// --------- End: New or revised $lang ---- from version 2.20.7
    283291?>
  • extensions/UserAdvManager/trunk/language/fr_FR/plugin.lang.php

    r10391 r10957  
    331331$lang['UAM_HidePassw'] = 'Mot de passe en clair dans le mail d\'information';
    332332// --------- End: New or revised $lang ---- from version 2.20.4
     333
     334
     335// --------- Starting below: New or revised $lang ---- from version 2.20.7
     336$lang['UAM_Group_Comments'] = 'Autoriser les commentaires pour un groupe d\'utilisateurs';
     337$lang['UAM_AllowedComm_Group'] = 'Sélectionnez le groupe d\'utilisateurs autorisé à poster des commentaires :';
     338$lang['UAM_Not_Allowed_Author'] = 'Désolé, vous n\'êtes pas autorisé à poster un commentaire. Veuillez contacter l\'administrateur du site.';
     339// --------- End: New or revised $lang ---- from version 2.20.7
    333340?>
  • extensions/UserAdvManager/trunk/language/it_IT/help/plugin.lang.php

    r10391 r10957  
    272272/*TODO*/$lang['UAM_HidePasswTitle_d'] = 'Choose here if you want to display the password chosen by the visitor in the information email. If you enable the option, the password will then appear in clear text. If you disable the password will not appear at all.';
    273273// --------- End: New or revised $lang ---- from version 2.20.4
     274
     275
     276// --------- Starting below: New or revised $lang ---- from version 2.20.7
     277/*TODO*/$lang['UAM_GroupCommTitle'] = 'Allow comments to a group of users';
     278/*TODO*/$lang['UAM_GroupCommTitle_d'] = 'This option lets you specify a group of users who will allowed to post comments when the gallery is configured to not allow comments for all.
     279<br><br>
     280By default, when &quot;comments for all&quot; option is disabled, only registered users can post comments. With this option, you can restrict this behavior by specifying a user group. Thus, only registered users and members of this group may post comments.';
     281// --------- End: New or revised $lang ---- from version 2.20.7
    274282?>
  • extensions/UserAdvManager/trunk/language/it_IT/plugin.lang.php

    r10391 r10957  
    329329$lang['UAM_HidePassw'] = 'Password in chiaro nelle informazioni e-mail';
    330330// --------- End: New or revised $lang ---- from version 2.20.4
     331
     332
     333// --------- Starting below: New or revised $lang ---- from version 2.20.7
     334/*TODO*/$lang['UAM_Group_Comments'] = 'Allow comments to a group of users';
     335/*TODO*/$lang['UAM_AllowedComm_Group'] = 'Select the group of users allowed to post comments:';
     336/*TODO*/$lang['UAM_Not_Allowed_Author'] = 'Sorry, you are not authorized to post a comment. Please contact the site administrator.';
     337// --------- End: New or revised $lang ---- from version 2.20.7
    331338?>
  • extensions/UserAdvManager/trunk/language/lv_LV/help/plugin.lang.php

    r10391 r10957  
    307307/*TODO*/$lang['UAM_HidePasswTitle_d'] = 'Choose here if you want to display the password chosen by the visitor in the information email. If you enable the option, the password will then appear in clear text. If you disable the password will not appear at all.';
    308308// --------- End: New or revised $lang ---- from version 2.20.4
     309
     310
     311// --------- Starting below: New or revised $lang ---- from version 2.20.7
     312/*TODO*/$lang['UAM_GroupCommTitle'] = 'Allow comments to a group of users';
     313/*TODO*/$lang['UAM_GroupCommTitle_d'] = 'This option lets you specify a group of users who will allowed to post comments when the gallery is configured to not allow comments for all.
     314<br><br>
     315By default, when &quot;comments for all&quot; option is disabled, only registered users can post comments. With this option, you can restrict this behavior by specifying a user group. Thus, only registered users and members of this group may post comments.';
     316// --------- End: New or revised $lang ---- from version 2.20.7
    309317?>
  • extensions/UserAdvManager/trunk/language/lv_LV/plugin.lang.php

    r10391 r10957  
    367367/*TODO*/$lang['UAM_HidePassw'] = 'Clear password in information email';
    368368// --------- End: New or revised $lang ---- from version 2.20.4
     369
     370
     371// --------- Starting below: New or revised $lang ---- from version 2.20.7
     372/*TODO*/$lang['UAM_Group_Comments'] = 'Allow comments to a group of users';
     373/*TODO*/$lang['UAM_AllowedComm_Group'] = 'Select the group of users allowed to post comments:';
     374/*TODO*/$lang['UAM_Not_Allowed_Author'] = 'Sorry, you are not authorized to post a comment. Please contact the site administrator.';
     375// --------- End: New or revised $lang ---- from version 2.20.7
    369376?>
  • extensions/UserAdvManager/trunk/maintain.inc.php

    r10942 r10957  
    236236  }
    237237
    238 /* Check for upgrade from 2.16 to 2.20 */
    239 /* *********************************** */
    240   if (isset($conf['UserAdvManager_Version']) and strcmp($conf['UserAdvManager_Version'], '2.20.0') < 0)
    241   {
     238/* Check database upgrade since version 2.16.0 */
     239  if (isset($conf['UserAdvManager_Version']))
     240  {
     241    if (version_compare($conf['UserAdvManager_Version'], '2.20.0') < 0)
     242    {
    242243    /* upgrade from branch 2.16 to 2.20 */
    243244    /* ******************************** */
    244     upgrade_216_220();
    245   }
    246 
    247 /* Check for upgrade from 2.20.3 to 2.20.4 */
    248 /* *************************************** */
    249   if (isset($conf['UserAdvManager_Version']) and strcmp($conf['UserAdvManager_Version'], '2.20.4') < 0)
    250   {
    251     /* upgrade from branch 2.16 to 2.20 */
    252     /* ******************************** */
    253     upgrade_2203_2204();
     245      upgrade_216_220();
     246    }
     247   
     248    if (version_compare($conf['UserAdvManager_Version'], '2.20.4') < 0)
     249    {
     250    /* upgrade from version 2.20.3 to 2.20.4 */
     251    /* ************************************* */
     252      upgrade_2203_2204();
     253    }
     254   
     255    if (version_compare($conf['UserAdvManager_Version'], '2.20.7') < 0)
     256    {
     257    /* upgrade from version 2.20.4 to 2.20.7 */
     258    /* ************************************* */
     259      upgrade_2204_2207();
     260    }
    254261  }
    255262
Note: See TracChangeset for help on using the changeset viewer.