mirrors/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2025-04-26 11:19:55 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

*** empty log message ***

Browse source 
git-svn-id: http://piwigo.org/svn/trunk@21 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
z0rglub 2003-07-01 09:27:20 +00:00
parent 1080c51deb
commit 0ec91d8b48
34 changed files with 2007 additions and 1039 deletions
Download patch file Download diff file Expand all files Collapse all files

110
admin/admin.php
View file

@ -25,55 +25,110 @@ $vtp->setGlobalVar( $handle, 'page_title', $lang['title_default'] );
$vtp->setGlobalVar( $handle, 'menu_title', $lang['menu_title'] );
//--------------------------------------- validating page and creation of title
$page_valide = false;
$title = '';
switch ( $_GET['page'] )
{
case 'user_add':
$titre = $lang['title_add']; $page_valide = true; break;
$title = $lang['title_add']; $page_valide = true; break;
case 'user_list':
$titre = $lang['title_liste_users']; $page_valide = true; break;
$title = $lang['title_liste_users']; $page_valide = true; break;
case 'user_modify':
$titre = $lang['title_modify']; $page_valide = true; break;
$title = $lang['title_modify']; $page_valide = true; break;
case 'user_perm':
if ( !is_numeric( $_GET['user_id'] ) ) $_GET['user_id'] = -1;
$query = 'SELECT status,username';
$query.= ' FROM '.PREFIX_TABLE.'users';
$query.= ' WHERE id = '.$_GET['user_id'];
$query.= ';';
$result = mysql_query( $query );
if ( mysql_num_rows( $result ) > 0 )
{
$row = mysql_fetch_array( $result );
$page['user_status'] = $row['status'];
if ( $row['username'] == 'guest' ) $row['username'] = $lang['guest'];
$page['user_username'] = $row['username'];
$page_valide = true;
$title = $lang['title_user_perm'].' "'.$page['user_username'].'"';
}
else
{
$page_valide = false;
}
break;
case 'group_list' :
$title = $lang['title_groups']; $page_valide = true; break;
case 'group_perm' :
if ( !is_numeric( $_GET['group_id'] ) ) $_GET['group_id'] = -1;
$query = 'SELECT name';
$query.= ' FROM '.PREFIX_TABLE.'groups';
$query.= ' WHERE id = '.$_GET['group_id'];
$query.= ';';
$result = mysql_query( $query );
if ( mysql_num_rows( $result ) > 0 )
{
$row = mysql_fetch_array( $result );
$title = $lang['title_group_perm'].' "'.$row['name'].'"';
$page_valide = true;
}
else
{
$page_valide = false;
}
break;
case 'historique':
$titre = $lang['title_history']; $page_valide = true; break;
$title = $lang['title_history']; $page_valide = true; break;
case 'update':
$titre = $lang['title_update']; $page_valide = true; break;
$title = $lang['title_update']; $page_valide = true; break;
case 'configuration':
$titre = $lang['title_configuration']; $page_valide = true; break;
$title = $lang['title_configuration']; $page_valide = true; break;
case 'manuel':
$titre = $lang['title_instructions']; $page_valide = true; break;
case 'perm':
$titre = $lang['title_permissions']; $page_valide = true; break;
case 'cat':
$titre = $lang['title_categories']; $page_valide = true; break;
case 'edit_cat':
$titre = $lang['title_edit_cat']; $page_valide = true; break;
$title = $lang['title_instructions']; $page_valide = true; break;
case 'cat_perm':
$title = $lang['title_cat_perm'];
if ( isset( $_GET['cat_id'] ) )
{
check_cat_id( $_GET['cat_id'] );
if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) )
{
$result = get_cat_info( $page['cat'] );
$name = get_cat_display_name( $result['name'],' > ', '' );
$title.= ' "'.$name.'"';
}
}
$page_valide = true;
break;
case 'cat_list':
$title = $lang['title_categories']; $page_valide = true; break;
case 'cat_modify':
$title = $lang['title_edit_cat']; $page_valide = true; break;
case 'infos_images':
$titre = $lang['title_info_images']; $page_valide = true; break;
$title = $lang['title_info_images']; $page_valide = true; break;
case 'waiting':
$titre = $lang['title_waiting']; $page_valide = true; break;
$title = $lang['title_waiting']; $page_valide = true; break;
case 'thumbnail':
$titre = $lang['title_thumbnails'];
$title = $lang['title_thumbnails'];
if ( isset( $_GET['dir'] ) )
{
$titre.= ' '.$lang['title_thumbnails_2'].' <span style="color:#006699;">';
$title.= ' '.$lang['title_thumbnails_2'].' <span style="color:#006699;">';
// $_GET['dir'] contient :
// ../galleries/vieux_lyon ou
// ../galleries/vieux_lyon/visite ou
// ../galleries/vieux_lyon/visite/truc ...
$dir = explode( "/", $_GET['dir'] );
$titre.= $dir[2];
$title.= $dir[2];
for ( $i = 3; $i < sizeof( $dir ) - 1; $i++ )
{
$titre.= ' &gt; '.$dir[$i];
$title.= ' &gt; '.$dir[$i];
}
$titre.= "</span>";
$title.= "</span>";
}
$page_valide = true;
break;
default:
$titre = $lang['title_default']; break;
$title = $lang['title_default']; break;
}
$vtp->setGlobalVar( $handle, 'title', $titre );
if ( $title == '' ) $title = $lang['title_default'];
$vtp->setGlobalVar( $handle, 'title', $title );
//--------------------------------------------------------------------- summary
$link_start = './admin.php?page=';
// configuration
@ -87,7 +142,7 @@ $vtp->closeSession( $handle, 'summary' );
$vtp->addSession( $handle, 'summary' );
$vtp->setVar( $handle, 'summary.indent', '' );
$vtp->setVar( $handle, 'summary.link',
add_session_id( $link_start.'liste_users' ) );
add_session_id( $link_start.'user_list' ) );
$vtp->setVar( $handle, 'summary.name', $lang['menu_users'] );
$vtp->closeSession( $handle, 'summary' );
// user list
@ -104,10 +159,17 @@ $vtp->setVar(
$handle, 'summary.link', add_session_id( $link_start.'user_add' ) );
$vtp->setVar( $handle, 'summary.name', $lang['menu_add_user'] );
$vtp->closeSession( $handle, 'summary' );
// groups
$vtp->addSession( $handle, 'summary' );
$vtp->setVar( $handle, 'summary.indent', '' );
$vtp->setVar( $handle, 'summary.link',
add_session_id( $link_start.'group_list' ) );
$vtp->setVar( $handle, 'summary.name', $lang['menu_groups'] );
$vtp->closeSession( $handle, 'summary' );
// categories
$vtp->addSession( $handle, 'summary' );
$vtp->setVar( $handle, 'summary.indent', '' );
$vtp->setVar( $handle, 'summary.link', add_session_id( $link_start.'cat' ) );
$vtp->setVar( $handle, 'summary.link',add_session_id( $link_start.'cat_list'));
$vtp->setVar( $handle, 'summary.name', $lang['menu_categories'] );
$vtp->closeSession( $handle, 'summary' );
// waiting

122
admin/cat.php → admin/cat_list.php
View file

@ -17,7 +17,7 @@
***************************************************************************/
include_once( './include/isadmin.inc.php' );
//----------------------------------------------------- template initialization
$sub = $vtp->Open( '../template/'.$user['template'].'/admin/cat.vtp' );
$sub = $vtp->Open( '../template/'.$user['template'].'/admin/cat_list.vtp' );
// language
$vtp->setGlobalVar( $sub, 'cat_edit', $lang['cat_edit'] );
$vtp->setGlobalVar( $sub, 'cat_up', $lang['cat_up'] );
@ -30,41 +30,41 @@ if ( isset( $_GET['up'] ) && is_numeric( $_GET['up'] ) )
{
// 1. searching level (id_uppercat)
// and rank of the category to move
$query = 'select id_uppercat,rank';
$query.= ' from '.PREFIX_TABLE.'categories';
$query.= ' where id = '.$_GET['up'];
$query = 'SELECT id_uppercat,rank';
$query.= ' FROM '.PREFIX_TABLE.'categories';
$query.= ' WHERE id = '.$_GET['up'];
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
$level = $row['id_uppercat'];
$rank = $row['rank'];
// 2. searching the id and the rank of the category
// just above at the same level
$query = 'select id,rank';
$query.= ' from '.PREFIX_TABLE.'categories';
$query.= ' where rank < '.$rank;
$query = 'SELECT id,rank';
$query.= ' FROM '.PREFIX_TABLE.'categories';
$query.= ' WHERE rank < '.$rank;
if ( $level == '' )
{
$query.= ' and id_uppercat is null';
$query.= ' AND id_uppercat IS NULL';
}
else
{
$query.= ' and id_uppercat = '.$level;
$query.= ' AND id_uppercat = '.$level;
}
$query.= ' order by rank desc';
$query.= ' limit 0,1';
$query.= ' ORDER BY rank DESC';
$query.= ' LIMIT 0,1';
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
$new_rank = $row['rank'];
$replaced_cat = $row['id'];
// 3. exchanging ranks between the two categories
$query = 'update '.PREFIX_TABLE.'categories';
$query.= ' set rank = '.$new_rank;
$query.= ' where id = '.$_GET['up'];
$query = 'UPDATE '.PREFIX_TABLE.'categories';
$query.= ' SET rank = '.$new_rank;
$query.= ' WHERE id = '.$_GET['up'];
$query.= ';';
mysql_query( $query );
$query = 'update '.PREFIX_TABLE.'categories';
$query.= ' set rank = '.$rank;
$query.= ' where id = '.$replaced_cat;
$query = 'UPDATE '.PREFIX_TABLE.'categories';
$query.= ' SET rank = '.$rank;
$query.= ' WHERE id = '.$replaced_cat;
$query.= ';';
mysql_query( $query );
}
@ -72,41 +72,41 @@ if ( isset( $_GET['down'] ) && is_numeric( $_GET['down'] ) )
{
// 1. searching level (id_uppercat)
// and rank of the category to move
$query = 'select id_uppercat,rank';
$query.= ' from '.PREFIX_TABLE.'categories';
$query.= ' where id = '.$_GET['down'];
$query = 'SELECT id_uppercat,rank';
$query.= ' FROM '.PREFIX_TABLE.'categories';
$query.= ' WHERE id = '.$_GET['down'];
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
$level = $row['id_uppercat'];
$rank = $row['rank'];
// 2. searching the id and the rank of the category
// just below at the same level
$query = 'select id,rank';
$query.= ' from '.PREFIX_TABLE.'categories';
$query.= ' where rank > '.$rank;
$query = 'SELECT id,rank';
$query.= ' FROM '.PREFIX_TABLE.'categories';
$query.= ' WHERE rank > '.$rank;
if ( $level == '' )
{
$query.= ' and id_uppercat is null';
$query.= ' AND id_uppercat is null';
}
else
{
$query.= ' and id_uppercat = '.$level;
$query.= ' AND id_uppercat = '.$level;
}
$query.= ' order by rank asc';
$query.= ' limit 0,1';
$query.= ' ORDER BY rank ASC';
$query.= ' LIMIT 0,1';
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
$new_rank = $row['rank'];
$replaced_cat = $row['id'];
// 3. exchanging ranks between the two categories
$query = 'update '.PREFIX_TABLE.'categories';
$query.= ' set rank = '.$new_rank;
$query.= ' where id = '.$_GET['down'];
$query = 'UPDATE '.PREFIX_TABLE.'categories';
$query.= ' SET rank = '.$new_rank;
$query.= ' WHERE id = '.$_GET['down'];
$query.= ';';
mysql_query( $query );
$query = 'update '.PREFIX_TABLE.'categories';
$query.= ' set rank = '.$rank;
$query.= ' where id = '.$replaced_cat;
$query = 'UPDATE '.PREFIX_TABLE.'categories';
$query.= ' SET rank = '.$rank;
$query.= ' WHERE id = '.$replaced_cat;
$query.= ';';
mysql_query( $query );
}
@ -115,24 +115,24 @@ function ordering( $id_uppercat )
{
$rank = 1;
$query = 'select id';
$query.= ' from '.PREFIX_TABLE.'categories';
$query = 'SELECT id';
$query.= ' FROM '.PREFIX_TABLE.'categories';
if ( !is_numeric( $id_uppercat ) )
{
$query.= ' where id_uppercat is NULL';
$query.= ' WHERE id_uppercat IS NULL';
}
else
{
$query.= ' where id_uppercat = '.$id_uppercat;
$query.= ' WHERE id_uppercat = '.$id_uppercat;
}
$query.= ' order by rank asc, dir asc';
$query.= ' ORDER BY rank ASC, dir ASC';
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
$query = 'update '.PREFIX_TABLE.'categories';
$query.= ' set rank = '.$rank;
$query.= ' where id = '.$row['id'];
$query = 'UPDATE '.PREFIX_TABLE.'categories';
$query.= ' SET rank = '.$rank;
$query.= ' WHERE id = '.$row['id'];
$query.= ';';
mysql_query( $query );
$rank++;
@ -148,15 +148,15 @@ function display_cat_manager( $id_uppercat, $indent,
global $lang,$conf,$sub,$vtp;
// searching the min_rank and the max_rank of the category
$query = 'select min(rank) as min, max(rank) as max';
$query.= ' from '.PREFIX_TABLE.'categories';
$query = 'SELECT MIN(rank) AS min, MAX(rank) AS max';
$query.= ' FROM '.PREFIX_TABLE.'categories';
if ( !is_numeric( $id_uppercat ) )
{
$query.= ' where id_uppercat is NULL';
$query.= ' WHERE id_uppercat IS NULL';
}
else
{
$query.= ' where id_uppercat = '.$id_uppercat;
$query.= ' WHERE id_uppercat = '.$id_uppercat;
}
$query.= ';';
$result = mysql_query( $query );
@ -176,17 +176,17 @@ function display_cat_manager( $id_uppercat, $indent,
$td = 'th';
}
$query = 'select id,name,dir,nb_images,status,rank,site_id';
$query.= ' from '.PREFIX_TABLE.'categories';
$query = 'SELECT id,name,dir,nb_images,status,rank,site_id,visible';
$query.= ' FROM '.PREFIX_TABLE.'categories';
if ( !is_numeric( $id_uppercat ) )
{
$query.= ' where id_uppercat is NULL';
$query.= ' WHERE id_uppercat IS NULL';
}
else
{
$query.= ' where id_uppercat = '.$id_uppercat;
$query.= ' WHERE id_uppercat = '.$id_uppercat;
}
$query.= ' order by rank asc';
$query.= ' ORDER BY rank ASC';
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
@ -207,13 +207,17 @@ function display_cat_manager( $id_uppercat, $indent,
}
$vtp->setVar( $sub, 'cat.name', $name );
$vtp->setVar( $sub, 'cat.dir', $row['dir'] );
if ( $row['status'] == 'invisible' || !$uppercat_visible )
if ( $row['visible'] == 'false' or !$uppercat_visible )
{
$subcat_visible = false;
$vtp->setVar( $sub, 'cat.invisible', $lang['cat_invisible'] );
}
if ( $row['status'] == 'private' )
{
$vtp->setVar( $sub, 'cat.private', $lang['private'] );
}
$vtp->setVar( $sub, 'cat.nb_picture', $row['nb_images'] );
$url = add_session_id( './admin.php?page=edit_cat&amp;cat='.$row['id'] );
$url = add_session_id( './admin.php?page=cat_modify&amp;cat='.$row['id'] );
$vtp->setVar( $sub, 'cat.edit_url', $url );
if ( $row['rank'] != $min_rank )
{
@ -252,8 +256,18 @@ function display_cat_manager( $id_uppercat, $indent,
$vtp->addSession( $sub, 'no_image_info' );
$vtp->closeSession( $sub, 'no_image_info' );
}
$url = add_session_id( './admin.php?page=perm&amp;cat_id='.$row['id'] );
$vtp->setVar( $sub, 'cat.permission_url', $url );
if ( $row['status'] == 'private' )
{
$vtp->addSession( $sub, 'permission' );
$url=add_session_id('./admin.php?page=cat_perm&amp;cat_id='.$row['id']);
$vtp->setVar( $sub, 'permission.url', $url );
$vtp->closeSession( $sub, 'permission' );
}
else
{
$vtp->addSession( $sub, 'no_permission' );
$vtp->closeSession( $sub, 'no_permission' );
}
if ( $row['site_id'] == 1 )
{
$vtp->addSession( $sub, 'update' );

71
admin/edit_cat.php → admin/cat_modify.php
View file

@ -1,6 +1,6 @@
<?php
/***************************************************************************
* edit_cat.php *
* cat_modify.php *
* ------------------- *
* application : PhpWebGallery 1.3 *
* author : Pierrick LE GALL <pierrick@z0rglub.com> *
@ -17,14 +17,41 @@
include_once( './include/isadmin.inc.php' );
//----------------------------------------------------- template initialization
$sub = $vtp->Open( '../template/'.$user['template'].'/admin/edit_cat.vtp' );
$sub = $vtp->Open( '../template/'.$user['template'].'/admin/cat_modify.vtp' );
$tpl = array( 'remote_site','editcat_confirm','editcat_back','editcat_title1',
'editcat_name', 'editcat_comment', 'editcat_status',
'editcat_status_info', 'submit' );
'editcat_name','editcat_comment','editcat_status',
'editcat_visible','editcat_status_info', 'submit' );
templatize_array( $tpl, 'lang', $sub );
//---------------------------------------------------------------- verification
if ( !is_numeric( $_GET['cat'] ) )
{
$_GET['cat'] = '-1';
}
//--------------------------------------------------------- form criteria check
if ( isset( $_POST['submit'] ) )
{
// if new status is different from previous one, deletion of all related
// links for access rights
$query = 'SELECT status';
$query.= ' FROM '.PREFIX_TABLE.'categories';
$query.= ' WHERE id = '.$_GET['cat'];
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
if ( $_POST['status'] != $row['status'] )
{
// deletion of all access for groups concerning this category
$query = 'DELETE';
$query.= ' FROM '.PREFIX_TABLE.'group_access';
$query.= ' WHERE cat_id = '.$_GET['cat'];
mysql_query( $query );
// deletion of all access for users concerning this category
$query = 'DELETE';
$query.= ' FROM '.PREFIX_TABLE.'user_access';
$query.= ' WHERE cat_id = '.$_GET['cat'];
mysql_query( $query );
}
$query = 'UPDATE '.PREFIX_TABLE.'categories';
if ( $_POST['name'] == '' )
{
@ -43,6 +70,7 @@ if ( isset( $_POST['submit'] ) )
$query.= ", comment = '".htmlentities( $_POST['comment'], ENT_QUOTES )."'";
}
$query.= ", status = '".$_POST['status']."'";
$query.= ", visible = '".$_POST['visible']."'";
$query.= " WHERE id = '".$_GET['cat']."'";
$query.= ';';
mysql_query( $query );
@ -57,26 +85,28 @@ if ( isset( $_POST['submit'] ) )
check_favorites( $row['id'] );
}
$vtp->addSession( $sub, 'confirmation' );
$url = add_session_id( './admin.php?page=cat' );
$url = add_session_id( './admin.php?page=cat_list' );
$vtp->setVar( $sub, 'confirmation.back_url', $url );
$vtp->closeSession( $sub, 'confirmation' );
}
//------------------------------------------------------------------------ form
$form_action = './admin.php?page=edit_cat&amp;cat='.$_GET['cat'];
$form_action = './admin.php?page=cat_modify&amp;cat='.$_GET['cat'];
$vtp->setVar( $sub, 'form_action', add_session_id( $form_action ) );
$query = 'SELECT a.id,name,dir,status,comment';
$query.= ',id_uppercat,site_id,galleries_url';
$query.= ',id_uppercat,site_id,galleries_url,visible';
$query.= ' FROM '.PREFIX_TABLE.'categories as a, '.PREFIX_TABLE.'sites as b';
$query.= ' WHERE a.id = '.$_GET['cat'];
$query.= ' AND a.site_id = b.id';
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
$result = get_cat_info( $row['id'] );
// cat name
$cat_name = get_cat_display_name( $result['name'], ' - ', '' );
$vtp->setVar( $sub, 'cat:name', $cat_name );
// cat dir
$vtp->setVar( $sub, 'cat:dir', $row['dir'] );
// remote site ?
if ( $row['site_id'] != 1 )
{
$vtp->addSession( $sub, 'server' );
@ -85,16 +115,39 @@ if ( $row['site_id'] != 1 )
}
$vtp->setVar( $sub, 'name', $row['name'] );
$vtp->setVar( $sub, 'comment', $row['comment'] );
// status : public, private...
$options = get_enums( PREFIX_TABLE.'categories', 'status' );
foreach ( $options as $option ) {
$vtp->addSession( $sub, 'status_option' );
$vtp->setVar( $sub, 'status_option.option', $option );
$vtp->setVar( $sub, 'status_option.option', $lang[$option] );
$vtp->setVar( $sub, 'status_option.value', $option );
if ( $option == $row['status'] )
{
$vtp->setVar( $sub, 'status_option.checked', ' checked="checked"' );
}
$vtp->closeSession( $sub, 'status_option' );
}
// visible : true or false
$vtp->addSession( $sub, 'visible_option' );
$vtp->setVar( $sub, 'visible_option.value', 'true' );
$vtp->setVar( $sub, 'visible_option.option', $lang['yes'] );
$checked = '';
if ( $row['visible'] == 'true' )
{
$checked = ' checked="checked"';
}
$vtp->setVar( $sub, 'visible_option.checked', $checked );
$vtp->closeSession( $sub, 'visible_option' );
$vtp->addSession( $sub, 'visible_option' );
$vtp->setVar( $sub, 'visible_option.value', 'false' );
$vtp->setVar( $sub, 'visible_option.option', $lang['no'] );
$checked = '';
if ( $row['visible'] == 'false' )
{
$checked = ' checked="checked"';
}
$vtp->setVar( $sub, 'visible_option.checked', $checked );
$vtp->closeSession( $sub, 'visible_option' );
//----------------------------------------------------------- sending html code
$vtp->Parse( $handle , 'sub', $sub );
?>

210
admin/cat_perm.php Normal file
View file

@ -0,0 +1,210 @@
<?php
/***************************************************************************
* cat_perm.php *
* ------------------ *
* application : PhpWebGallery 1.3 *
* author : Pierrick LE GALL <pierrick@z0rglub.com> *
* *
***************************************************************************/
/***************************************************************************
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; *
* *
***************************************************************************/
include_once( './include/isadmin.inc.php' );
//----------------------------------------------------- template initialization
$sub = $vtp->Open( '../template/'.$user['template'].'/admin/cat_perm.vtp' );
$error = array();
$tpl = array( 'permuser_authorized','permuser_forbidden','menu_groups',
'submit','menu_users','permuser_parent_forbidden' );
templatize_array( $tpl, 'lang', $sub );
//-------------------------------------------------------------- category infos
if ( isset( $_GET['cat_id'] ) )
{
check_cat_id( $_GET['cat_id'] );
if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) )
{
$result = get_cat_info( $page['cat'] );
$page['cat_name'] = $result['name'];
$page['id_uppercat'] = $result['id_uppercat'];
}
}
//---------------------------------------------------------- permission updates
if ( isset( $_POST['submit'] ) )
{
// groups access update
$query = 'DELETE';
$query.= ' FROM '.PREFIX_TABLE.'group_access';
$query.= ' WHERE cat_id = '.$page['cat'];
$query.= ';';
mysql_query( $query );
$query = 'SELECT id';
$query.= ' FROM '.PREFIX_TABLE.'groups';
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
$radioname = 'groupaccess-'.$row['id'];
if ( $_POST[$radioname] == 0 )
{
$query = 'INSERT INTO '.PREFIX_TABLE.'group_access';
$query.= ' (cat_id,group_id) VALUES';
$query.= ' ('.$page['cat'].','.$row['id'].')';
$query.= ';';
mysql_query( $query );
}
}
// users access update
$query = 'DELETE';
$query.= ' FROM '.PREFIX_TABLE.'user_access';
$query.= ' WHERE cat_id = '.$page['cat'];
$query.= ';';
mysql_query( $query );
$query = 'SELECT id';
$query.= ' FROM '.PREFIX_TABLE.'users';
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
$radioname = 'useraccess-'.$row['id'];
if ( $_POST[$radioname] == 0 )
{
$query = 'INSERT INTO '.PREFIX_TABLE.'user_access';
$query.= ' (cat_id,user_id) VALUES';
$query.= ' ('.$page['cat'].','.$row['id'].')';
$query.= ';';
mysql_query( $query );
}
check_favorites( $row['id'] );
}
// echo "<div class=\"info\">".$lang['permuser_info_message']." [ <a href=\"".add_session_id_to_url( "./admin.php?page=cat" )."\">".$lang['editcat_back']."</a> ]</div>";
}
//---------------------------------------------------------------------- groups
$query = 'SELECT id,name';
$query.= ' FROM '.PREFIX_TABLE.'groups';
$query. ';';
$result = mysql_query( $query );
if ( mysql_num_rows( $result ) > 0 )
{
$vtp->addSession( $sub, 'groups' );
// creating an array with all authorized groups for this category
$query = 'SELECT group_id';
$query.= ' FROM '.PREFIX_TABLE.'group_access';
$query.= ' WHERE cat_id = '.$_GET['cat_id'];
$query.= ';';
$subresult = mysql_query( $query );
$authorized_groups = array();
while ( $subrow = mysql_fetch_array( $subresult ) )
{
array_push( $authorized_groups, $subrow['group_id'] );
}
// displaying each group
while( $row = mysql_fetch_array( $result ) )
{
$vtp->addSession( $sub, 'group' );
if ( in_array( $row['id'], $authorized_groups ) )
{
$vtp->setVar( $sub, 'group.color', 'green' );
$vtp->setVar( $sub, 'group.authorized_checked', ' checked="checked"' );
}
else
{
$vtp->setVar( $sub, 'group.color', 'red' );
$vtp->setVar( $sub, 'group.forbidden_checked', ' checked="checked"' );
}
$vtp->setVar( $sub, 'group.groupname', $row['name'] );
$vtp->setVar( $sub, 'group.id', $row['id'] );
$vtp->closeSession( $sub, 'group' );
}
$vtp->closeSession( $sub, 'groups' );
}
//----------------------------------------------------------------------- users
$query = 'SELECT id,username,status';
$query.= ' FROM '.PREFIX_TABLE.'users';
$query.= " WHERE username != '".$conf['webmaster']."'";
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
$vtp->addSession( $sub, 'user' );
$vtp->setVar( $sub, 'user.id', $row['id'] );
$url = add_session_id( './admin.php?page=user_perm&amp;user_id='.$row['id']);
$vtp->setVar( $sub, 'user.user_perm_link', $url);
if ( $row['username'] == 'guest' )
{
$row['username'] = $lang['guest'];
}
$vtp->setVar( $sub, 'user.username', $row['username'] );
// for color of user : (red means access forbidden, green authorized) we
// ask all forbidden categories, including the groups rights
$restrictions = get_restrictions( $row['id'], $row['status'], false );
$is_user_allowed = is_user_allowed( $page['cat'], $restrictions );
if ( $is_user_allowed == 0 )
{
$vtp->setVar( $sub, 'user.color', 'green' );
}
else
{
$vtp->setVar( $sub, 'user.color', 'red' );
}
// for permission update button, we only ask forbidden categories for the
// user, not taking into account the groups the user belongs to
$restrictions = get_restrictions( $row['id'], $row['status'], false, false );
$is_user_allowed = is_user_allowed( $page['cat'], $restrictions );
if ( $is_user_allowed == 2 )
{
$vtp->addSession( $sub, 'parent_forbidden' );
$url = './admin.php?page=cat_perm&amp;cat_id='.$page['id_uppercat'];
$vtp->setVar( $sub, 'parent_forbidden.url', add_session_id( $url ) );
$vtp->closeSession( $sub, 'parent_forbidden' );
}
if ( $is_user_allowed == 0 )
{
$vtp->setVar( $sub, 'user.authorized_checked', ' checked="checked"' );
}
else
{
$vtp->setVar( $sub, 'user.forbidden_checked', ' checked="checked"' );
}
// user's group(s)
$query = 'SELECT g.name as groupname, g.id as groupid';
$query.= ' FROM '.PREFIX_TABLE.'groups as g';
$query.= ', '.PREFIX_TABLE.'user_group as ug';
$query.= ' WHERE ug.group_id = g.id';
$query.= ' AND ug.user_id = '.$row['id'];
$query.= ';';
$subresult = mysql_query( $query );
if ( mysql_num_rows( $subresult ) > 0 )
{
$vtp->addSession( $sub, 'usergroups' );
$i = 0;
while( $subrow = mysql_fetch_array( $subresult ) )
{
$vtp->addSession( $sub, 'usergroup' );
if ( in_array( $subrow['groupid'], $authorized_groups ) )
{
$vtp->setVar( $sub, 'usergroup.color', 'green' );
}
else
{
$vtp->setVar( $sub, 'usergroup.color', 'red' );
}
$vtp->setVar( $sub, 'usergroup.name', $subrow['groupname'] );
if ( $i < mysql_num_rows( $subresult ) - 1 )
{
$vtp->setVar( $sub, 'usergroup.separation', ',' );
}
$vtp->closeSession( $sub, 'usergroup' );
$i++;
}
$vtp->closeSession( $sub, 'usergroups' );
}
$vtp->closeSession( $sub, 'user' );
}
//----------------------------------------------------------- sending html code
$vtp->Parse( $handle , 'sub', $sub );
?>

77
admin/configuration.php
View file

@ -15,7 +15,7 @@
* the Free Software Foundation; *
* *
***************************************************************************/
include_once( './include/isadmin.inc.php' );
$Caracs = array("¥" => "Y", "µ" => "u", "À" => "A", "Á" => "A",
@ -48,7 +48,8 @@ array( 'nb_image_line','nb_line_page','theme','language','maxwidth',
$error = array();
if ( isset( $_POST['submit'] ) )
{
//purge de la table des session si demandé
$int_pattern = '/^\d+$/';
// empty session table if asked
if ( $_POST['empty_session_table'] == 1 )
{
$query = 'DELETE FROM '.PREFIX_TABLE.'sessions';
@ -79,8 +80,8 @@ if ( isset( $_POST['submit'] ) )
array_push( $error, $lang['conf_err_mail'] );
}
// periods must be integer values, they represents number of days
if ( !is_int( $_POST['short_period'] )
or !is_int( $_POST['long_period'] ) )
if ( !preg_match( $int_pattern, $_POST['short_period'] )
or !preg_match( $int_pattern, $_POST['long_period'] ) )
{
array_push( $error, $lang['err_periods'] );
}
@ -94,21 +95,21 @@ if ( isset( $_POST['submit'] ) )
}
}
// session_id size must be an integer between 4 and 50
if ( !is_int( $_POST['session_id_size'] )
if ( !preg_match( $int_pattern, $_POST['session_id_size'] )
or $_POST['session_id_size'] < 4
or $_POST['session_id_size'] > 50 )
{
array_push( $error, $lang['conf_err_sid_size'] );
}
// session_time must be an integer between 5 and 60, in minutes
if ( !is_int( $_POST['session_time'] )
if ( !preg_match( $int_pattern, $_POST['session_time'] )
or $_POST['session_time'] < 5
or $_POST['session_time'] > 60 )
{
array_push( $error, $lang['conf_err_sid_time'] );
}
// max_user_listbox must be an integer between 0 and 255 included
if ( !is_int( $_POST['max_user_listbox'] )
if ( !preg_match( $int_pattern, $_POST['max_user_listbox'] )
or $_POST['max_user_listbox'] < 0
or $_POST['max_user_listbox'] > 255 )
{
@ -116,14 +117,14 @@ if ( isset( $_POST['submit'] ) )
}
// the number of comments per page must be an integer between 5 and 50
// included
if ( !is_int( $_POST['nb_comment_page'] )
if ( !preg_match( $int_pattern, $_POST['nb_comment_page'] )
or $_POST['nb_comment_page'] < 5
or $_POST['nb_comment_page'] > 50 )
{
array_push( $error, $lang['conf_err_comment_number'] );
}
// the maximum upload filesize must be an integer between 10 and 1000
if ( !is_int( $_POST['upload_maxfilesize'] )
if ( !preg_match( $int_pattern, $_POST['upload_maxfilesize'] )
or $_POST['upload_maxfilesize'] < 10
or $_POST['upload_maxfilesize'] > 1000 )
{
@ -131,63 +132,57 @@ if ( isset( $_POST['submit'] ) )
}
// the maximum width of uploaded pictures must be an integer superior to
// 10
if ( !is_int( $_POST['upload_maxwidth'] )
if ( !preg_match( $int_pattern, $_POST['upload_maxwidth'] )
or $_POST['upload_maxwidth'] < 10 )
{
array_push( $error, $lang['conf_err_upload_maxwidth'] );
}
// the maximum height of uploaded pictures must be an integer superior to
// 10
if ( !is_int( $_POST['upload_maxheight'] )
if ( !preg_match( $int_pattern, $_POST['upload_maxheight'] )
or $_POST['upload_maxheight'] < 10 )
{
array_push( $error, $lang['conf_err_upload_maxheight'] );
}
// the maximum width of uploaded thumbnails must be an integer superior to
// 10
if ( !is_int( $_POST['upload_maxwidth_thumbnail'] )
if ( !preg_match( $int_pattern, $_POST['upload_maxwidth_thumbnail'] )
or $_POST['upload_maxwidth_thumbnail'] < 10 )
{
array_push( $error, $lang['conf_err_upload_maxwidth_thumbnail'] );
}
// the maximum width of uploaded thumbnails must be an integer superior to
// 10
if ( !is_int( $_POST['upload_maxheight_thumbnail'] )
if ( !preg_match( $int_pattern, $_POST['upload_maxheight_thumbnail'] )
or $_POST['upload_maxheight_thumbnail'] < 10 )
{
array_push( $error, $lang['conf_err_upload_maxheight_thumbnail'] );
}
$test = '';
if ( is_int( $test ) ) echo 'salut'; exit();
if ( $_POST['maxwidth'] != '' )
if ( $_POST['maxwidth'] != ''
and ( !preg_match( $int_pattern, $_POST['maxwidth'] )
or $_POST['maxwidth'] < 50 ) )
{
if ( !ereg( "^[0-9]{2,}$", $_POST['maxwidth'] )
or $_POST['maxwidth'] < 50 )
{
$error[$i++] = $lang['err_maxwidth'];
}
array_push( $error, $lang['err_maxwidth'] );
}
if ( $_POST['maxheight'] != '' )
if ( $_POST['maxheight']
and ( !preg_match( $int_pattern, $_POST['maxheight'] )
or $_POST['maxheight'] < 50 ) )
{
if ( !ereg( "^[0-9]{2,}$", $_POST['maxheight'] )
or $_POST['maxheight'] < 50 )
{
$error[$i++] = $lang['err_maxheight'];
}
array_push( $error, $lang['err_maxheight'] );
}
// on met à jour les paramètres de l'application
// dans le cas où il n'y aucune erreurs
if ( sizeof( $error ) == 0 )
// updating configuraiton if no error found
if ( count( $error ) == 0 )
{
mysql_query( 'delete from '.PREFIX_TABLE.'config;' );
$query = 'insert into '.PREFIX_TABLE.'config';
mysql_query( 'DELETE FROM '.PREFIX_TABLE.'config;' );
$query = 'INSERT INTO '.PREFIX_TABLE.'config';
$query.= ' (';
foreach ( $conf_infos as $i => $conf_info ) {
if ( $i > 0 ) $query.= ',';
$query.= $conf_info;
}
$query.= ')';
$query.= ' values';
$query.= ' VALUES';
$query.= ' (';
foreach ( $conf_infos as $i => $conf_info ) {
if ( $i > 0 ) $query.= ',';
@ -260,15 +255,12 @@ else
}
}
//----------------------------------------------------- template initialization
$sub = $vtp->Open( '../template/'.$user['template'].
'/admin/configuration.vtp' );
// language
$vtp->setGlobalVar( $sub, 'conf_confirmation', $lang['conf_confirmation'] );
$vtp->setGlobalVar( $sub, 'remote_site', $lang['remote_site'] );
$vtp->setGlobalVar( $sub, 'delete', $lang['delete'] );
$vtp->setGlobalVar( $sub, 'conf_remote_site_delete_info',
$lang['conf_remote_site_delete_info'] );
$vtp->setGlobalVar( $sub, 'submit', $lang['submit'] );
$sub = $vtp->Open(
'../template/'.$user['template'].'/admin/configuration.vtp' );
$tpl = array( 'conf_confirmation','remote_site','delete',
'conf_remote_site_delete_info','submit' );
templatize_array( $tpl, 'lang', $sub );
//-------------------------------------------------------------- errors display
if ( sizeof( $error ) != 0 )
{
@ -345,7 +337,6 @@ $vtp->setVar( $sub, 'radio.name', 'access' );
$vtp->setVar( $sub, 'radio.value', 'free' );
$vtp->setVar( $sub, 'radio.option', $lang['conf_general_access_1'] );
$checked = '';
echo $access.'<br />';
if ( $access == 'free' )
{
$checked = ' checked="checked"';

135
admin/group_list.php Normal file
View file

@ -0,0 +1,135 @@
<?php
/***************************************************************************
* group.php *
* ------------------- *
* application : PhpWebGallery 1.3 *
* author : Pierrick LE GALL <pierrick@z0rglub.com> *
* *
***************************************************************************/
/***************************************************************************
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; *
* *
***************************************************************************/
include_once( './include/isadmin.inc.php' );
//----------------------------------------------------- template initialization
$sub = $vtp->Open( '../template/'.$user['template'].'/admin/group_list.vtp' );
$tpl = array( 'group_add','add','listuser_permission','delete',
'group_confirm','yes','no','group_list_title' );
templatize_array( $tpl, 'lang', $sub );
//-------------------------------------------------------------- delete a group
$error = array();
if ( isset ( $_GET['delete'] ) and is_numeric( $_GET['delete'] ) )
{
$query = 'SELECT name';
$query.= ' FROM '.PREFIX_TABLE.'groups';
$query.= ' WHERE id = '.$_GET['delete'];
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
// confirm group deletion ?
if ( $_GET['confirm'] != 1 )
{
$vtp->addSession( $sub, 'deletion' );
$vtp->setVar( $sub, 'deletion.name', $row['name'] );
$yes_url = './admin.php?page=group&amp;delete='.$_GET['delete'];
$yes_url.= '&amp;confirm=1';
$vtp->setVar( $sub, 'deletion.yes_url', add_session_id( $yes_url ) );
$no_url = './admin.php?page=group';
$vtp->setVar( $sub, 'deletion.no_url', add_session_id( $no_url ) );
$vtp->closeSession( $sub, 'deletion' );
}
// group deletion confirmed
else
{
$vtp->addSession( $sub, 'confirmation' );
$query = 'SELECT COUNT(*) AS nb_result';
$query.= ' FROM '.PREFIX_TABLE.'groups';
$query.= ' WHERE id = '.$_GET['delete'];
$query.= ';';
$row2 = mysql_fetch_array( mysql_query( $query ) );
if ( $row2['nb_result'] > 0 )
{
delete_group( $_GET['delete'] );
$vtp->setVar( $sub, 'confirmation.class', 'info' );
$info = '"'.$row['name'].'" '.$lang['listuser_info_deletion'];
$vtp->setVar( $sub, 'confirmation.info', $info );
}
else
{
$vtp->setVar( $sub, 'confirmation.class', 'erreur' );
$vtp->setVar( $sub, 'confirmation.info', $lang['group_err_unknown'] );
}
$vtp->closeSession( $sub, 'confirmation' );
}
}
//----------------------------------------------------------------- add a group
if ( isset( $_POST['submit'] ) )
{
if ( preg_match( "/'/", $_POST['name'] )
or preg_match( '/"/', $_POST['name'] ) )
{
array_push( $error, $lang['group_add_error1'] );
}
if ( count( $error ) == 0 )
{
// is the group not already existing ?
$query = 'SELECT id';
$query.= ' FROM '.PREFIX_TABLE.'groups';
$query.= " WHERE name = '".$_POST['name']."'";
$query.= ';';
$result = mysql_query( $query );
if ( mysql_num_rows( $result ) > 0 )
{
array_push( $error, $lang['group_add_error2'] );
}
}
if ( count( $error ) == 0 )
{
// creating the group
$query = ' INSERT INTO '.PREFIX_TABLE.'groups';
$query.= " (name) VALUES ('".$_POST['name']."')";
$query.= ';';
mysql_query( $query );
}
}
//-------------------------------------------------------------- errors display
if ( sizeof( $error ) != 0 )
{
$vtp->addSession( $sub, 'errors' );
for ( $i = 0; $i < sizeof( $error ); $i++ )
{
$vtp->addSession( $sub, 'li' );
$vtp->setVar( $sub, 'li.li', $error[$i] );
$vtp->closeSession( $sub, 'li' );
}
$vtp->closeSession( $sub, 'errors' );
}
//----------------------------------------------------------------- groups list
$vtp->addSession( $sub, 'groups' );
$query = 'SELECT id,name';
$query.= ' FROM '.PREFIX_TABLE.'groups';
$query.= ' ORDER BY id ASC';
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
$vtp->addSession( $sub, 'group' );
$vtp->setVar( $sub, 'group.name', $row['name'] );
$url = './admin.php?page=group_perm&amp;group_id='.$row['id'];
$vtp->setVar( $sub, 'group.permission_url', add_session_id( $url ) );
$url = './admin.php?page=group&amp;delete='.$row['id'];
$vtp->setVar( $sub, 'group.deletion_url', add_session_id( $url ) );
$vtp->closeSession( $sub, 'group' );
}
$vtp->closeSession( $sub, 'groups' );
//------------------------------------------------------- create new group form
$action = './admin.php?'.$_SERVER['QUERY_STRING'];
$vtp->setVar( $sub, 'form_action', $action );
//----------------------------------------------------------- sending html code
$vtp->Parse( $handle , 'sub', $sub );
?>

104
admin/group_perm.php Normal file
View file

@ -0,0 +1,104 @@
<?php
/***************************************************************************
* group_perm.php *
* ------------------ *
* application : PhpWebGallery 1.3 *
* author : Pierrick LE GALL <pierrick@z0rglub.com> *
* *
***************************************************************************/
/***************************************************************************
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; *
* *
***************************************************************************/
include_once( './include/isadmin.inc.php' );
//----------------------------------------------------- template initialization
$sub = $vtp->Open( '../template/'.$user['template'].'/admin/group_perm.vtp' );
$error = array();
$tpl = array( 'permuser_authorized','permuser_forbidden','submit',
'permuser_parent_forbidden','permuser_info_message',
'adduser_info_back' );
templatize_array( $tpl, 'lang', $sub );
//--------------------------------------------------------------------- updates
if ( isset( $_POST['submit'] ) )
{
// cleaning the user_access table for this group
$query = 'DELETE FROM '.PREFIX_TABLE.'group_access';
$query.= ' WHERE group_id = '.$_GET['group_id'];
$query.= ';';
mysql_query( $query );
// selecting all private categories
$query = 'SELECT id';
$query.= ' FROM '.PREFIX_TABLE.'categories';
$query.= " WHERE status = 'private'";
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
$radioname = 'access-'.$row['id'];
if ( $_POST[$radioname] == 0 )
{
$query = 'INSERT INTO '.PREFIX_TABLE.'group_access';
$query.= ' (group_id,cat_id) VALUES';
$query.= ' ('.$_GET['group_id'].','.$row['id'].')';
$query.= ';';
mysql_query ( $query );
}
}
$vtp->addSession( $sub, 'confirmation' );
$url = './admin.php?page=group_list';
$vtp->setVar( $sub, 'confirmation.back_url', add_session_id( $url ) );
$vtp->closeSession( $sub, 'confirmation' );
}
//---------------------------------------------------------------- form display
$restrictions = get_group_restrictions( $_GET['group_id'] );
$action = './admin.php?page=group_perm&amp;group_id='.$_GET['group_id'];
$vtp->setVar( $sub, 'action', add_session_id( $action ) );
// only private categories are listed
$query = 'SELECT id';
$query.= ' FROM '.PREFIX_TABLE.'categories';
$query.= " WHERE status = 'private'";
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
$vtp->addSession( $sub, 'category' );
$vtp->setVar( $sub, 'category.id', $row['id'] );
// Is the group allowed to access this category
$is_group_allowed = is_group_allowed( $row['id'], $restrictions );
if ( $is_group_allowed == 0 )
{
$vtp->setVar( $sub, 'category.color', 'green' );
}
else
{
$vtp->setVar( $sub, 'category.color', 'red' );
}
// category name
$cat_infos = get_cat_info( $row['id'] );
$name = get_cat_display_name( $cat_infos['name'],' &gt; ',
'font-weight:bold;' );
$vtp->setVar( $sub, 'category.name', $name );
// any subcat forbidden for this group ?
if ( $is_group_allowed == 2 )
{
$vtp->addSession( $sub, 'parent_forbidden' );
$vtp->closeSession( $sub, 'parent_forbidden' );
}
// forbidden or authorized access ?
if ( $is_group_allowed == 0 or $is_group_allowed == 2 )
{
$vtp->setVar( $sub, 'category.authorized_checked', ' checked="checked"' );
}
else
{
$vtp->setVar( $sub, 'category.forbidden_checked', ' checked="checked"' );
}
$vtp->closeSession( $sub, 'category' );
}
//----------------------------------------------------------- sending html code
$vtp->Parse( $handle , 'sub', $sub );
?>

63
admin/include/functions.php
View file

@ -101,13 +101,17 @@ function delete_category( $id )
{
delete_image( $row['id'] );
}
// destruction of the restrictions linked to the category
$query = 'DELETE FROM '.PREFIX_TABLE.'restrictions';
// destruction of the access linked to the category
$query = 'DELETE FROM '.PREFIX_TABLE.'user_access';
$query.= ' WHERE cat_id = '.$id;
$query.= ';';
mysql_query( $query );
$query = 'DELETE FROM '.PREFIX_TABLE.'group_access';
$query.= ' WHERE cat_id = '.$id;
$query.= ';';
mysql_query( $query );
// destruction of the sub-categories
$query = 'SELECT id';
$query.= ' FROM '.PREFIX_TABLE.'categories';
@ -118,7 +122,7 @@ function delete_category( $id )
{
delete_category( $row['id'] );
}
// destruction of the category
$query = 'DELETE FROM '.PREFIX_TABLE.'categories';
$query.= ' WHERE id = '.$id;
@ -156,21 +160,35 @@ function delete_image( $id )
// The delete_user function delete a user identified by the $user_id
// It also deletes :
// - all the restrictions linked to this user
// - all the access linked to this user
// - all the links to any group
// - all the favorites linked to this user
// - all sessions linked to this user
function delete_user( $user_id )
{
// destruction of the restrictions linked to the user
$query = 'DELETE FROM '.PREFIX_TABLE.'restrictions';
// destruction of the access linked to the user
$query = 'DELETE FROM '.PREFIX_TABLE.'user_access';
$query.= ' WHERE user_id = '.$user_id;
$query.= ';';
mysql_query( $query );
// destruction of the group links for this user
$query = 'DELETE FROM '.PREFIX_TABLE.'user_group';
$query.= ' WHERE user_id = '.$user_id;
$query.= ';';
mysql_query( $query );
// destruction of the favorites associated with the user
$query = 'DELETE FROM '.PREFIX_TABLE.'favorites';
$query.= ' WHERE user_id = '.$user_id;
$query.= ';';
mysql_query( $query );
// destruction of the sessions linked with the user
$query = 'DELETE FROM '.PREFIX_TABLE.'sessions';
$query.= ' WHERE user_id = '.$user_id;
$query.= ';';
mysql_query( $query );
// destruction of the user
$query = 'DELETE FROM '.PREFIX_TABLE.'users';
@ -178,7 +196,32 @@ function delete_user( $user_id )
$query.= ';';
mysql_query( $query );
}
// delete_group deletes a group identified by its $group_id.
// It also deletes :
// - all the access linked to this group
// - all the links between this group and any user
function delete_group( $group_id )
{
// destruction of the access linked to the group
$query = 'DELETE FROM '.PREFIX_TABLE.'group_access';
$query.= ' WHERE group_id = '.$group_id;
$query.= ';';
mysql_query( $query );
// destruction of the group links for this group
$query = 'DELETE FROM '.PREFIX_TABLE.'user_group';
$query.= ' WHERE group_id = '.$group_id;
$query.= ';';
mysql_query( $query );
// destruction of the group
$query = 'DELETE FROM '.PREFIX_TABLE.'groups';
$query.= ' WHERE id = '.$group_id;
$query.= ';';
mysql_query( $query );
}
// The check_favorites function deletes all the favorites of a user if he is
// not allowed to see them (the category or an upper category is restricted
// or invisible)

4
admin/include/isadmin.inc.php
View file

@ -14,14 +14,12 @@
* the Free Software Foundation; *
* *
***************************************************************************/
define( PREFIXE_INCLUDE, '.' );
define( PREFIX_INCLUDE, '.' );
include_once( '../include/config.inc.php' );
include_once( '../include/user.inc.php' );
include( './include/functions.php' );
$conf['lien_puce'] = $conf['repertoire_image'].'puce.gif';
$isadmin = true;
include_once( '../language/'.$user['language'].'.php' );

270
admin/perm.php
View file

@ -1,270 +0,0 @@
<?php
/***************************************************************************
* perm.php is a part of PhpWebGallery *
* ------------------- *
* last update : Tuesday, July 16, 2002 *
* email : pierrick@z0rglub.com *
* *
***************************************************************************/
/***************************************************************************
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; *
* *
***************************************************************************/
include_once( "./include/isadmin.inc.php" );
//---------------------------------------------------données de l'utilisateur
if ( isset( $HTTP_GET_VARS['user_id'] ) )
{
$query = "select id,pseudo,status from PREFIX_TABLE"."users where id = '".$HTTP_GET_VARS['user_id']."';";
$result = mysql_query( $query );
$row = mysql_fetch_array( $result );
$page['pseudo'] = $row['pseudo'];
$page['status'] = $row['status'];
if ( mysql_num_rows( $result ) == 0 )
{
echo"<div class=\"erreur\">".$lang['user_err_unknown']."</div>";
$erreur = true;
}
if ( $row['pseudo'] == $conf['webmaster'] )
{
echo"<div class=\"erreur\">".$lang['user_err_modify']."</div>";
$erreur = true;
}
}
//---------------------------------------------------données de la catégorie
if ( isset( $HTTP_GET_VARS['cat_id'] ) )
{
$HTTP_GET_VARS['cat'] = $HTTP_GET_VARS['cat_id'];
check_cat_id( $HTTP_GET_VARS['cat_id'] );
if ( isset( $page['cat'] ) )
{
$result = get_cat_info( $page['cat'] );
$page['cat_name'] = $result['name'];
$page['id_uppercat'] = $result['id_uppercat'];
}
}
//--------------------------------------------------------------- mise à jour
if ( isset( $HTTP_POST_VARS['submit'] ) )
{
if ( isset( $HTTP_GET_VARS['user_id'] ) )
{
mysql_query ( "delete from PREFIX_TABLE"."restrictions where user_id = ".$HTTP_GET_VARS['user_id'].";" );
$result = mysql_query ( "select id from PREFIX_TABLE"."categories;" );
while ( $row = mysql_fetch_array ( $result ) )
{
$nom_select = "acces-".$row['id'];
if ( $HTTP_POST_VARS[$nom_select] == 1 )
{
mysql_query ( "insert into PREFIX_TABLE"."restrictions (user_id,cat_id) values ('".$HTTP_GET_VARS['user_id']."','".$row['id']."');" );
}
}
check_favorites( $HTTP_GET_VARS['user_id'] );
echo "<div class=\"info\">".$lang['permuser_info_message']." [ <a href=\"".add_session_id_to_url( "./admin.php?page=liste_users" )."\">".$lang['adduser_info_back']."</a> ]</div>";
}
else if ( isset( $HTTP_GET_VARS['cat_id'] ) )
{
mysql_query ( "delete from PREFIX_TABLE"."restrictions where cat_id = '".$page['cat']."';" );
$result = mysql_query( "select id from PREFIX_TABLE"."users where pseudo != '".$conf['webmaster']."';" );
while ( $row = mysql_fetch_array ( $result ) )
{
$nom_select = "acces-".$row['id'];
if ( $HTTP_POST_VARS[$nom_select] == 1 )
{
mysql_query ( "insert into PREFIX_TABLE"."restrictions (user_id,cat_id) values ('".$row['id']."','".$page['cat']."');" );
}
check_favorites( $row['id'] );
}
echo "<div class=\"info\">".$lang['permuser_info_message']." [ <a href=\"".add_session_id_to_url( "./admin.php?page=cat" )."\">".$lang['editcat_back']."</a> ]</div>";
}
}
//--------------------------------------------------------------- formulaire
function display_cat_manager( $id_uppercat, $indent, $uppercat_authorized, $level, $restriction )
{
global PREFIX_TABLE,$lang,$conf;
$output = "";
// will we use <th> or <td> lines ?
if ( $level == 0 )
{
$start_line = "<th ";
$start_line2 = "<th ";
$end_line = "</th>";
}
else
{
$start_line = "<td ";
$end_line = "</td>";
if ( $level == 1 )
{
$start_line2 = "<td class=\"row1\" ";
}
else if ( $level == 2 )
{
$start_line2 = "<td class=\"row2\" ";
}
else if ( $level == 3 )
{
$start_line2 = "<td class=\"row3\" ";
}
else if ( $level == 4 )
{
$start_line2 = "<td class=\"row4\" ";
}
else
{
$start_line2 = "<td ";
}
}
$query = "select id,name,dir,rank";
$query.= " from PREFIX_TABLE"."categories";
if ( !is_numeric( $id_uppercat ) )
{
$query.= " where id_uppercat is NULL";
}
else
{
$query.= " where id_uppercat = $id_uppercat";
}
$query.= " order by rank asc;";
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
$subcat_authorized = true;
$output.= "\n<tr>";
$output.= "\n\t".$start_line."style=\"width:85%;text-align:left;\">$indent<img src=\"".$conf['lien_puce']."\" alt=\"&gt;\" />&nbsp;";
if ( in_array( $row['id'], $restriction ) || !$uppercat_authorized )
{
$subcat_authorized = false;
$color = "red";
}
else
{
$color = "green";
}
$output.= "<span style=\"color:$color;\">";
if ( $row['name'] == "" )
{
$output.= str_replace( "_", " ", $row['dir'] );
}
else
{
$output.= $row['name'];
}
$output.= " [ dir : ".$row['dir']." ]";
$output.= "</span>".$end_line;
$output.= "\n\t".$start_line2." style=\"width:15%;white-space:nowrap;text-align:right;font-weight:normal;\">";
$output.= "\n\t\t<input type=\"radio\" name=\"acces-".$row['id']."\" value=\"0\" checked=\"checked\"/>".$lang['permuser_authorized'];
$output.= "\n\t\t<input type=\"radio\" name=\"acces-".$row['id']."\" value=\"1\"";
if ( in_array( $row['id'], $restriction ) )
{
$output.= " checked=\"checked\"";
}
$output.= "/>".$lang['permuser_forbidden'];
$output.= $end_line;
$output.= "\n<tr>";
$output.= display_cat_manager( $row['id'], $indent."&nbsp;&nbsp;&nbsp;&nbsp;", $subcat_authorized, $level + 1, $restriction );
}
return $output;
}
if ( !$erreur )
{
//----------------------------------------------
// cas 1 : permissions pour un utilisateur donné
if ( isset( $HTTP_GET_VARS['user_id'] ) )
{
echo"
<table style=\"width:100%;\">
<tr>
<th>".$lang['permuser_title']." \"".$page['pseudo']."\"</th>
</tr>
</table>";
$restriction = get_restrictions( $HTTP_GET_VARS['user_id'], $page['status'], false );
echo"
<form action=\"".add_session_id_to_url( "./admin.php?page=perm&amp;user_id=".$HTTP_GET_VARS['user_id'] )."\" method=\"post\">
<div style=\"color:darkblue;margin:10px;text-align:center;\">".$lang['permuser_warning']."</div>
<table style=\"width:100%;\">";
echo display_cat_manager( "NULL", "&nbsp;&nbsp;&nbsp;&nbsp;", true, 0, $restriction );
echo"
<tr>
<td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"submit\" value=\"".$lang['submit']."\"/></td>
</tr>
<table>
</form>";
}
//----------------------------------------------
// cas 2 : permissions pour une catégorie donnée
else if ( isset( $HTTP_GET_VARS['cat_id'] ) )
{
echo"
<table style=\"width:100%;\">
<tr>
<th>".$lang['permuser_cat_title']."\"".get_cat_display_name( $page['cat_name'], " - ", "font-style:italic;" )."\"</th>
</tr>
</table>";
echo"
<form action=\"".add_session_id_to_url( "./admin.php?page=perm&amp;cat_id=".$page['cat'] )."\" method=\"post\">
<table style=\"width:100%;\">";
$result = mysql_query( "select id,pseudo,status from PREFIX_TABLE"."users where pseudo != '".$conf['webmaster']."';" );
$i = 0;
while ( $row = mysql_fetch_array( $result ) )
{
$restrictions = get_restrictions( $row['id'], $row['status'], false );
$is_user_allowed = is_user_allowed( $page['cat'], $restrictions );
$class = "";
if ( $i%2 == 1 )
{
$class = "class=\"row2\"";
}
echo"
<tr>
<td $class><a href=\"".add_session_id_to_url( "./admin.php?page=perm&amp;user_id=".$row['id'] )."\">";
echo "<span style=\"color:";
if ( $is_user_allowed > 0 )
{
echo "red";
}
else
{
echo "green";
}
echo "\">".$row['pseudo']."</span></a></td>
<td $class style=\"text-align:right;\">";
if ( $is_user_allowed == 2 )
{
echo "<a href=\"".add_session_id_to_url( "./admin.php?page=perm&amp;cat_id=".$page['id_uppercat'] )."\"><span style=\"color:red;\">".$lang['permuser_parent_forbidden']."</span></a>";
}
else
{
echo"
<input type=\"radio\" name=\"acces-".$row['id']."\" value=\"0\" checked=\"checked\"/>".$lang['permuser_authorized']."
<input type=\"radio\" name=\"acces-".$row['id']."\" value=\"1\"";
if ( $is_user_allowed == 1 )
{
echo" checked=\"checked\"";
}
echo"/>".$lang['permuser_forbidden'];
}
echo"
</td>
</tr>";
$i++;
}
echo"
<tr>
<td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"submit\" value=\"".$lang['submit']."\"/></td>
</tr>
</table>
</form>";
}
}
?>

69
admin/user_list.php
View file

@ -17,32 +17,18 @@
include_once( './include/isadmin.inc.php' );
//----------------------------------------------------- template initialization
$sub = $vtp->Open( '../template/'.$user['template'].'/admin/user_list.vtp' );
// language
$vtp->setGlobalVar( $sub, 'listuser_confirm', $lang['listuser_confirm'] );
$vtp->setGlobalVar( $sub, 'listuser_modify_hint',
$lang['listuser_modify_hint'] );
$vtp->setGlobalVar( $sub, 'listuser_modify', $lang['listuser_modify'] );
$vtp->setGlobalVar( $sub, 'listuser_permission',
$lang['listuser_permission'] );
$vtp->setGlobalVar( $sub, 'listuser_permission_hint',
$lang['listuser_permission_hint'] );
$vtp->setGlobalVar( $sub, 'listuser_delete_hint',
$lang['listuser_delete_hint'] );
$vtp->setGlobalVar( $sub, 'listuser_delete', $lang['listuser_delete'] );
$vtp->setGlobalVar( $sub, 'yes', $lang['yes'] );
$vtp->setGlobalVar( $sub, 'no', $lang['no'] );
$vtp->setGlobalVar( $sub, 'listuser_button_all',
$lang['listuser_button_all'] );
$vtp->setGlobalVar( $sub, 'listuser_button_invert',
$lang['listuser_button_invert'] );
$vtp->setGlobalVar( $sub, 'listuser_button_create_address',
$lang['listuser_button_create_address'] );
$tpl = array( 'listuser_confirm','listuser_modify_hint','listuser_modify',
'listuser_permission','listuser_permission_hint',
'listuser_delete_hint','listuser_delete','yes','no',
'listuser_button_all','listuser_button_invert',
'listuser_button_create_address' );
templatize_array( $tpl, 'lang', $sub );
//--------------------------------------------------------------- delete a user
if ( isset ( $_GET['delete'] ) and is_numeric( $_GET['delete'] ) )
{
$query = 'select username';
$query.= ' from '.PREFIX_TABLE.'users';
$query.= ' where id = '.$_GET['delete'];
$query = 'SELECT username';
$query.= ' FROM '.PREFIX_TABLE.'users';
$query.= ' WHERE id = '.$_GET['delete'];
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
// confirm user deletion ?
@ -64,9 +50,9 @@ if ( isset ( $_GET['delete'] ) and is_numeric( $_GET['delete'] ) )
if ( $row['username'] != 'guest'
and $row['username'] != $conf['webmaster'] )
{
$query = 'select count(*) as nb_result';
$query.= ' from '.PREFIX_TABLE.'users';
$query.= ' where id = '.$_GET['delete'];
$query = 'SELECT COUNT(*) AS nb_result';
$query.= ' FROM '.PREFIX_TABLE.'users';
$query.= ' WHERE id = '.$_GET['delete'];
$query.= ';';
$row2 = mysql_fetch_array( mysql_query( $query ) );
if ( $row2['nb_result'] > 0 )
@ -102,9 +88,9 @@ else
}
$vtp->setVar( $sub, 'users.form_action', $action );
$query = 'select id,username,status,mail_address';
$query.= ' from '.PREFIX_TABLE.'users';
$query.= ' order by status asc, username asc';
$query = 'SELECT id,username,status,mail_address';
$query.= ' FROM '.PREFIX_TABLE.'users';
$query.= ' ORDER BY status ASC, username ASC';
$query.= ';';
$result = mysql_query( $query );
@ -122,16 +108,8 @@ else
$title = $lang['listuser_user_group'].' ';
switch ( $row['status'] )
{
case 'admin' :
{
$title.= $lang['adduser_status_admin'];
break;
}
case 'guest' :
{
$title.= $lang['adduser_status_guest'];
break;
}
case 'admin' : $title.= $lang['adduser_status_admin']; break;
case 'guest' : $title.= $lang['adduser_status_guest']; break;
}
$vtp->setVar( $sub, 'category.title', $title );
$current_status = $row['status'];
@ -152,9 +130,6 @@ else
if ( $row['username'] == 'guest' )
{
$vtp->setVar( $sub, 'user.color', 'green' );
}
if ( $row['username'] == 'guest' )
{
$vtp->setVar( $sub, 'user.login', $lang['guest'] );
}
else
@ -179,7 +154,8 @@ else
$vtp->closeSession( $sub, 'modify' );
}
// manage permission or not ?
if ( $row['username'] == $conf['webmaster'] )
if ( $row['username'] == $conf['webmaster']
and $user['username'] != $conf['webmaster'] )
{
$vtp->addSession( $sub, 'not_permission' );
$vtp->closeSession( $sub, 'not_permission' );
@ -187,7 +163,7 @@ else
else
{
$vtp->addSession( $sub, 'permission' );
$url = './admin.php?page=perm&amp;user_id='.$row['id'];
$url = './admin.php?page=user_perm&amp;user_id='.$row['id'];
$vtp->setVar( $sub, 'permission.url', add_session_id( $url ) );
$vtp->setVar( $sub, 'permission.login', $row['username'] );
$vtp->closeSession( $sub, 'permission' );
@ -215,9 +191,8 @@ else
{
$mail_address = array();
$i = 0;
$query = 'select';
$query.= ' id,mail_address';
$query.= ' from '.PREFIX_TABLE.'users';
$query = 'SELECT id,mail_address';
$query.= ' FROM '.PREFIX_TABLE.'users';
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )

97
admin/user_modify.php
View file

@ -20,7 +20,8 @@ $sub = $vtp->Open( '../template/'.$user['template'].'/admin/user_modify.vtp' );
$error = array();
$tpl = array( 'adduser_info_message', 'adduser_info_back', 'adduser_fill_form',
'login', 'new', 'password', 'mail_address', 'adduser_status',
'submit', 'adduser_info_password_updated' );
'submit', 'adduser_info_password_updated','menu_groups',
'dissociate','adduser_associate' );
templatize_array( $tpl, 'lang', $sub );
//--------------------------------------------------------- form criteria check
$error = array();
@ -34,7 +35,9 @@ $query.= ' from '.PREFIX_TABLE.'users';
$query.= ' where id = '.$_GET['user_id'];
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
$page['username'] = $row['username'];
$page['status'] = $row['status'];
$page['mail_address'] = $row['mail_address'];
// user is not modifiable if :
// 1. the selected user is the user "guest"
// 2. the selected user is the webmaster and the user making the modification
@ -66,6 +69,34 @@ if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) )
$_POST['status'], $use_new_password,
$_POST['password'] ) );
}
// association with groups management
if ( isset( $_POST['submit'] ) )
{
// deletion of checked groups
$query = 'SELECT id,name';
$query.= ' FROM '.PREFIX_TABLE.'groups';
$query.= ' ORDER BY id ASC';
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
$dissociate = 'dissociate-'.$row['id'];
if ( $_POST[$dissociate] == 1 )
{
$query = 'DELETE FROM '.PREFIX_TABLE.'user_group';
$query.= ' WHERE user_id = '.$_GET['user_id'];
$query.= ' AND group_id ='.$row['id'];
$query.= ';';
mysql_query( $query );
}
}
// create a new association between the user and a group
$query = 'INSERT INTO '.PREFIX_TABLE.'user_group';
$query.= ' (user_id,group_id) VALUES';
$query.= ' ('.$_GET['user_id'].','.$_POST['associate'].')';
$query.= ';';
mysql_query( $query );
}
//-------------------------------------------------------------- errors display
if ( sizeof( $error ) != 0 )
{
@ -82,7 +113,7 @@ if ( sizeof( $error ) != 0 )
if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) )
{
$vtp->addSession( $sub, 'confirmation' );
$vtp->setVar( $sub, 'confirmation.username', $row['username'] );
$vtp->setVar( $sub, 'confirmation.username', $page['username'] );
$url = add_session_id( './admin.php?page=user_list' );
$vtp->setVar( $sub, 'confirmation.url', $url );
$vtp->closeSession( $sub, 'confirmation' );
@ -91,7 +122,6 @@ if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) )
$vtp->addSession( $sub, 'password_updated' );
$vtp->closeSession( $sub, 'password_updated' );
}
$display_form = false;
}
//------------------------------------------------------------------------ form
if ( $display_form )
@ -99,13 +129,15 @@ if ( $display_form )
$vtp->addSession( $sub, 'form' );
$action = './admin.php?page=user_modify&amp;user_id='.$_GET['user_id'];
$vtp->setVar( $sub, 'form.form_action', add_session_id( $action ) );
$vtp->setVar( $sub, 'form.user:username', $row['username'] );
$vtp->setVar( $sub, 'form.user:password', $_POST['password'] );
$vtp->setVar( $sub, 'form.user:mail_address', $_POST['mail_address'] );
if ( !isset( $_POST['status'] ) )
$vtp->setVar( $sub, 'form.user:username', $page['username'] );
if ( isset( $_POST['mail_address'] ) )
{
$_POST['status'] = 'guest';
$page['mail_address'] = $_POST['mail_address'];
}
$vtp->setVar( $sub, 'form.user:mail_address', $page['mail_address'] );
if ( isset( $_POST['status'] ) )
{
$page['status'] = $_POST['status'];
}
$option = get_enums( PREFIX_TABLE.'users', 'status' );
for ( $i = 0; $i < sizeof( $option ); $i++ )
@ -114,12 +146,55 @@ if ( $display_form )
$vtp->setVar( $sub, 'status_option.value', $option[$i] );
$vtp->setVar( $sub, 'status_option.option',
$lang['adduser_status_'.$option[$i]] );
if( $option[$i] == $_POST['status'] )
if( $option[$i] == $page['status'] )
{
$vtp->setVar( $sub, 'status_option.selected', ' selected="selected"' );
}
$vtp->closeSession( $sub, 'status_option' );
}
// groups linked with this user
$query = 'SELECT id,name';
$query.= ' FROM '.PREFIX_TABLE.'user_group, '.PREFIX_TABLE.'groups';
$query.= ' WHERE group_id = id';
$query.= ' AND user_id = '.$_GET['user_id'];
$query.= ';';
$result = mysql_query( $query );
$user_groups = array();
if ( mysql_num_rows( $result ) > 0 )
{
$vtp->addSession( $sub, 'groups' );
while ( $row = mysql_fetch_array( $result ) )
{
$vtp->addSession( $sub, 'group' );
$vtp->setVar( $sub, 'group.name', $row['name'] );
$vtp->setVar( $sub, 'group.dissociate_id', $row['id'] );
$vtp->closeSession( $sub, 'group' );
array_push( $user_groups, $row['id'] );
}
$vtp->closeSession( $sub, 'groups' );
}
// empty group not to take into account
$vtp->addSession( $sub, 'associate_group' );
$vtp->setVar( $sub, 'associate_group.value', 'undef' );
$vtp->setVar( $sub, 'associate_group.option', '' );
$vtp->closeSession( $sub, 'associate_group' );
// groups not linked yet to the user
$query = 'SELECT id,name';
$query.= ' FROM '.PREFIX_TABLE.'groups';
$query.= ' ORDER BY id ASC';
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
if ( !in_array( $row['id'], $user_groups ) )
{
$vtp->addSession( $sub, 'associate_group' );
$vtp->setVar( $sub, 'associate_group.value', $row['id'] );
$vtp->setVar( $sub, 'associate_group.option', $row['name'] );
$vtp->closeSession( $sub, 'associate_group' );
}
}
$url = add_session_id( './admin.php?page=user_list' );
$vtp->setVar( $sub, 'form.url_back', $url );
$vtp->closeSession( $sub, 'form' );

174
admin/user_perm.php Normal file
View file

@ -0,0 +1,174 @@
<?php
/***************************************************************************
* user_perm.php *
* ------------------ *
* application : PhpWebGallery 1.3 *
* author : Pierrick LE GALL <pierrick@z0rglub.com> *
* *
***************************************************************************/
/***************************************************************************
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; *
* *
***************************************************************************/
include_once( './include/isadmin.inc.php' );
//----------------------------------------------------- template initialization
$sub = $vtp->Open( '../template/'.$user['template'].'/admin/user_perm.vtp' );
$error = array();
$tpl = array( 'permuser_authorized','permuser_forbidden','submit',
'permuser_parent_forbidden','permuser_info_message',
'adduser_info_back' );
templatize_array( $tpl, 'lang', $sub );
//--------------------------------------------------------------------- updates
if ( isset( $_POST['submit'] ) )
{
// cleaning the user_access table for this user
$query = 'DELETE FROM '.PREFIX_TABLE.'user_access';
$query.= ' WHERE user_id = '.$_GET['user_id'];
$query.= ';';
mysql_query( $query );
// selecting all private categories
$query = 'SELECT id';
$query.= ' FROM '.PREFIX_TABLE.'categories';
$query.= " WHERE status = 'private'";
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
$radioname = 'access-'.$row['id'];
if ( $_POST[$radioname] == 0 )
{
$query = 'INSERT INTO '.PREFIX_TABLE.'user_access';
$query.= ' (user_id,cat_id) VALUES';
$query.= ' ('.$_GET['user_id'].','.$row['id'].')';
$query.= ';';
mysql_query ( $query );
}
}
check_favorites( $_GET['user_id'] );
$vtp->addSession( $sub, 'confirmation' );
$url = './admin.php?page=user_list';
$vtp->setVar( $sub, 'confirmation.back_url', add_session_id( $url ) );
$vtp->closeSession( $sub, 'confirmation' );
}
//---------------------------------------------------------------- form display
$restrictions = get_restrictions( $_GET['user_id'], $page['user_status'],
false, false );
$action = './admin.php?page=user_perm&amp;user_id='.$_GET['user_id'];
$vtp->setVar( $sub, 'action', add_session_id( $action ) );
// Association of group_ids with group_names -> caching informations
$query = 'SELECT id,name';
$query.= ' FROM '.PREFIX_TABLE.'groups';
$query.= ';';
$result = mysql_query( $query );
$groups = array();
while ( $row = mysql_fetch_array( $result ) )
{
$groups[$row['id']] = $row['name'];
}
// Listing of groups the user belongs to
$query = 'SELECT ug.group_id as groupid';
$query.= ' FROM '.PREFIX_TABLE.'user_group as ug';
$query.= ' WHERE user_id = '.$_GET['user_id'];
$query.= ';';
$result = mysql_query( $query );
$usergroups = array();
while ( $row = mysql_fetch_array( $result ) )
{
array_push( $usergroups, $row['groupid'] );
}
// only private categories are listed
$query = 'SELECT id';
$query.= ' FROM '.PREFIX_TABLE.'categories';
$query.= " WHERE status = 'private'";
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
$vtp->addSession( $sub, 'category' );
$vtp->setVar( $sub, 'category.id', $row['id'] );
// we have to know whether the user is authorized to access this
// category. The category can be accessible for this user thanks to his
// personnal access rights OR thanks to the access rights of a group he
// belongs to.
// 1. group access :
// retrieving all authorized groups for this category and for this user
$query = 'SELECT ga.group_id as groupid';
$query.= ' FROM '.PREFIX_TABLE.'group_access as ga';
$query.= ', '.PREFIX_TABLE.'user_group as ug';
$query.= ' WHERE ga.group_id = ug.group_id';
$query.= ' AND ug.user_id = '.$_GET['user_id'];
$query.= ' AND cat_id = '.$row['id'];
$query.= ';';
$subresult = mysql_query( $query );
$authorized_groups = array();
while ( $subrow = mysql_fetch_array( $subresult ) )
{
array_push( $authorized_groups, $subrow['groupid'] );
}
// 2. personnal access
$is_user_allowed = is_user_allowed( $row['id'], $restrictions );
// link to the category permission management
$url = './admin.php?page=cat_perm&amp;cat_id='.$row['id'];
$vtp->setVar( $sub, 'category.cat_perm_link', add_session_id( $url ) );
// color of the category : green if the user is allowed by himself or
// thanks to a group he belongs to
if ( $is_user_allowed == 0 or count( $authorized_groups ) > 0 )
{
$vtp->setVar( $sub, 'category.color', 'green' );
}
else
{
$vtp->setVar( $sub, 'category.color', 'red' );
}
// category name
$cat_infos = get_cat_info( $row['id'] );
$name = get_cat_display_name( $cat_infos['name'],' &gt; ',
'font-weight:bold;' );
$vtp->setVar( $sub, 'category.name', $name );
// usergroups
if ( count( $usergroups ) > 0 )
{
$vtp->addSession( $sub, 'usergroups' );
foreach ( $usergroups as $i => $usergroup ) {
$vtp->addSession( $sub, 'usergroup' );
$vtp->setVar( $sub, 'usergroup.name', $groups[$usergroup] );
if ( in_array( $usergroup, $authorized_groups ) )
{
$vtp->setVar( $sub, 'usergroup.color', 'green' );
}
else
{
$vtp->setVar( $sub, 'usergroup.color', 'red' );
}
if ( $i < count( $usergroups ) - 1 )
{
$vtp->setVar( $sub, 'usergroup.separation', ',' );
}
$vtp->closeSession( $sub, 'usergroup' );
}
$vtp->closeSession( $sub, 'usergroups' );
}
// any subcat forbidden for this user ?
if ( $is_user_allowed == 2 )
{
$vtp->addSession( $sub, 'parent_forbidden' );
$vtp->closeSession( $sub, 'parent_forbidden' );
}
// personnal forbidden or authorized access ?
if ( $is_user_allowed == 0 )
{
$vtp->setVar( $sub, 'category.authorized_checked', ' checked="checked"' );
}
else
{
$vtp->setVar( $sub, 'category.forbidden_checked', ' checked="checked"' );
}
$vtp->closeSession( $sub, 'category' );
}
//----------------------------------------------------------- sending html code
$vtp->Parse( $handle , 'sub', $sub );
?>

4
include/config.inc.php
View file

@ -20,8 +20,8 @@ $page = array();
$user = array();
$lang = array();
include_once( PREFIXE_INCLUDE.'./include/functions.inc.php' );
include_once( PREFIXE_INCLUDE.'./include/vtemplate.class.php' );
include_once( PREFIX_INCLUDE.'./include/functions.inc.php' );
include_once( PREFIX_INCLUDE.'./include/vtemplate.class.php' );
// How to change the order of display for images in a category ?
//

19
include/functions.inc.php
View file

@ -18,6 +18,7 @@ include( 'functions_user.inc.php' );
include( 'functions_session.inc.php' );
include( 'functions_category.inc.php' );
include( 'functions_xml.inc.php' );
include( 'functions_group.inc.php' );
//----------------------------------------------------------- generic functions
@ -319,22 +320,22 @@ function replace_search( $string, $search )
function database_connection()
{
// $cfgHote,$cfgUser,$cfgPassword,$cfgBase;
// $xml_content = getXmlCode( PREFIXE_INCLUDE.'./include/database_config.xml' );
// $mysql_conf = getChild( $xml_content, 'mysql' );
$xml_content = getXmlCode( PREFIXE_INCLUDE.'./include/database_config.xml' );
$mysql_conf = getChild( $xml_content, 'mysql' );
// $cfgHote = getAttribute( $mysql_conf, 'host' );
// $cfgUser = getAttribute( $mysql_conf, 'user' );
// $cfgPassword = getAttribute( $mysql_conf, 'password' );
// $cfgBase = getAttribute( $mysql_conf, 'base' );
// define( PREFIX_TABLE, getAttribute( $mysql_conf, 'tablePrefix' ) );
$cfgHote = getAttribute( $mysql_conf, 'host' );
$cfgUser = getAttribute( $mysql_conf, 'user' );
$cfgPassword = getAttribute( $mysql_conf, 'password' );
$cfgBase = getAttribute( $mysql_conf, 'base' );
include( PREFIX_INCLUDE.'./include/mysql.inc.php' );
define( PREFIX_TABLE, $prefix_table );
@mysql_connect( $cfgHote, $cfgUser, $cfgPassword )
or die ( "Could not connect to server" );
@mysql_select_db( $cfgBase )
or die ( "Could not connect to database" );
define( PREFIX_TABLE, getAttribute( $mysql_conf, 'tablePrefix' ) );
}
function pwg_log( $file, $category, $picture = '' )

22
include/functions_category.inc.php
View file

@ -14,27 +14,25 @@
* the Free Software Foundation; *
* *
***************************************************************************/
function get_subcats_id( $cat_id )
{
$restricted_cat = array();
$i = 0;
$restricted_cats = array();
$query = 'select id';
$query.= ' from '.PREFIX_TABLE.'categories';
$query.= ' where id_uppercat = '.$cat_id;
$query = 'SELECT id';
$query.= ' FROM '.PREFIX_TABLE.'categories';
$query.= ' WHERE id_uppercat = '.$cat_id;
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
$restricted_cat[$i++] = $row['id'];
$sub_restricted_cat = get_subcats_id( $row['id'] );
for ( $j = 0; $j < sizeof( $sub_restricted_cat ); $j++ )
{
$restricted_cat[$i++] = $sub_restricted_cat[$j];
array_push( $restricted_cats, $row['id'] );
$sub_restricted_cats = get_subcats_id( $row['id'] );
foreach ( $sub_restricted_cats as $sub_restricted_cat ) {
array_push( $restricted_cats, $sub_restricted_cat );
}
}
return $restricted_cat;
return $restricted_cats;
}
function check_restrictions( $category_id )

104
include/functions_group.inc.php Normal file
View file

@ -0,0 +1,104 @@
<?php
/***************************************************************************
* functions_group.inc.php *
* -------------------- *
* application : PhpWebGallery 1.3 *
* author : Pierrick LE GALL <pierrick@z0rglub.com> *
* *
***************************************************************************
***************************************************************************
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; *
* *
***************************************************************************/
// get_group_restrictions returns an array containing all unaccessible
// category ids.
function get_group_restrictions( $group_id )
{
// 1. retrieving ids of private categories
$query = 'SELECT id';
$query.= ' FROM '.PREFIX_TABLE.'categories';
$query.= " WHERE status = 'private'";
$query.= ';';
$result = mysql_query( $query );
$privates = array();
while ( $row = mysql_fetch_array( $result ) )
{
array_push( $privates, $row['id'] );
}
// 2. retrieving all authorized categories for the group
$authorized = array();
$query = 'SELECT cat_id';
$query.= ' FROM '.PREFIX_TABLE.'group_access';
$query.= ' WHERE group_id = '.$group_id;
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
array_push( $authorized, $row['cat_id'] );
}
$forbidden = array();
foreach ( $privates as $private ) {
if ( !in_array( $private, $authorized ) )
{
array_push( $forbidden, $private );
}
}
return $forbidden;
}
// get_all_group_restrictions returns an array with ALL unaccessible
// category ids, including sub-categories
function get_all_group_restrictions( $group_id )
{
$restricted_cats = get_group_restrictions( $group_id );
foreach ( $restricted_cats as $restricted_cat ) {
$sub_restricted_cats = get_subcats_id( $restricted_cat );
foreach ( $sub_restricted_cats as $sub_restricted_cat ) {
array_push( $restricted_cats, $sub_restricted_cat );
}
}
return $restricted_cats;
}
// The function is_group_allowed returns :
// - 0 : if the category is allowed with this $restrictions array
// - 1 : if this category is not allowed
// - 2 : if an uppercat category is not allowed
function is_group_allowed( $category_id, $restrictions )
{
$lowest_category_id = $category_id;
$is_root = false;
while ( !$is_root and !in_array( $category_id, $restrictions ) )
{
$query = 'SELECT id_uppercat';
$query.= ' FROM '.PREFIX_TABLE.'categories';
$query.= ' WHERE id = '.$category_id;
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
if ( $row['id_uppercat'] == '' )
{
$is_root = true;
}
$category_id = $row['id_uppercat'];
}
if ( in_array( $lowest_category_id, $restrictions ) )
{
return 1;
}
if ( in_array( $category_id, $restrictions ) )
{
return 2;
}
// this group is allowed to go in this category
return 0;
}
?>

111
include/functions_user.inc.php
View file

@ -144,22 +144,22 @@ function register_user(
$query.= ');';
mysql_query( $query );
// 3. retrieving the id of the newly created user
$query = 'select id';
$query.= ' from '.PREFIX_TABLE.'users';
$query.= " where username = '".$login."';";
$query = 'SELECT id';
$query.= ' FROM '.PREFIX_TABLE.'users';
$query.= " WHERE username = '".$login."';";
$row = mysql_fetch_array( mysql_query( $query ) );
$user_id = $row['id'];
// 4. adding restrictions to the new user, the same as the user "guest"
$query = 'select cat_id';
$query.= ' from '.PREFIX_TABLE.'restrictions as r';
// 4. adding access to the new user, the same as the user "guest"
$query = 'SELECT cat_id';
$query.= ' FROM '.PREFIX_TABLE.'user_access as ua';
$query.= ','.PREFIX_TABLE.'users as u ';
$query.= ' where u.id = r.user_id';
$query.= ' where u.id = ua.user_id';
$query.= " and u.username = 'guest';";
$result = mysql_query( $query );
while( $row = mysql_fetch_array( $result ) )
{
$query = 'insert into '.PREFIX_TABLE.'restrictions';
$query.= ' (user_id,cat_id) values';
$query = 'INSERT INTO '.PREFIX_TABLE.'user_access';
$query.= ' (user_id,cat_id) VALUES';
$query.= ' ('.$user_id.','.$row['cat_id'].');';
mysql_query ( $query );
}
@ -181,8 +181,8 @@ function update_user( $user_id, $mail_address, $status,
if ( sizeof( $error ) == 0 )
{
$query = 'update '.PREFIX_TABLE.'users';
$query.= " set status = '".$status."'";
$query = 'UPDATE '.PREFIX_TABLE.'users';
$query.= " SET status = '".$status."'";
if ( $use_new_password )
{
$query.= ", password = '".md5( $password )."'";
@ -196,9 +196,8 @@ function update_user( $user_id, $mail_address, $status,
{
$query.= 'NULL';
}
$query.= ' where id = '.$user_id;
$query.= ' WHERE id = '.$user_id;
$query.= ';';
echo $query;
mysql_query( $query );
}
return $error;
@ -209,7 +208,7 @@ function check_login_authorization()
global $user,$lang,$conf,$page;
if ( $user['is_the_guest']
and ( $conf['acces'] == 'restreint' or $page['cat'] == 'fav' ) )
and ( $conf['access'] == 'restricted' or $page['cat'] == 'fav' ) )
{
echo '<div style="text-align:center;">'.$lang['only_members'].'<br />';
echo '<a href="./identification.php">'.$lang['ident_title'].'</a></div>';
@ -221,36 +220,75 @@ function check_login_authorization()
// restricted categories for the user.
// If the $check_invisible parameter is set to true, invisible categories
// are added to the restricted one in the array.
function get_restrictions( $user_id, $user_status, $check_invisible )
function get_restrictions( $user_id, $user_status,
$check_invisible, $use_groups = true )
{
// 1. getting the ids of the restricted categories
// 1. retrieving ids of private categories
$query = 'SELECT id';
$query.= ' FROM '.PREFIX_TABLE.'categories';
$query.= " WHERE status = 'private'";
$query.= ';';
$result = mysql_query( $query );
$privates = array();
while ( $row = mysql_fetch_array( $result ) )
{
array_push( $privates, $row['id'] );
}
// 2. retrieving all authorized categories for the user
$authorized = array();
// 2.1. retrieving authorized categories thanks to personnal user
// authorization
$query = 'SELECT cat_id';
$query.= ' FROM '.PREFIX_TABLE.'restrictions';
$query.= ' FROM '.PREFIX_TABLE.'user_access';
$query.= ' WHERE user_id = '.$user_id;
$query.= ';';
$result = mysql_query( $query );
$restriction = array();
while ( $row = mysql_fetch_array( $result ) )
{
array_push( $restriction, $row['cat_id'] );
array_push( $authorized, $row['cat_id'] );
}
// 2.2. retrieving authorized categories thanks to group authorization to
// which the user is a member
if ( $use_groups )
{
$query = 'SELECT ga.cat_id';
$query.= ' FROM '.PREFIX_TABLE.'user_group as ug';
$query.= ', '.PREFIX_TABLE.'group_access as ga';
$query.= ' WHERE ug.group_id = ga.group_id';
$query.= ' AND ug.user_id = '.$user_id;
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
array_push( $authorized, $row['cat_id'] );
}
$authorized = array_unique( $authorized );
}
$forbidden = array();
foreach ( $privates as $private ) {
if ( !in_array( $private, $authorized ) )
{
array_push( $forbidden, $private );
}
}
if ( $check_invisible )
{
// 2. adding to the restricted categories, the invisible ones
// 3. adding to the restricted categories, the invisible ones
if ( $user_status != 'admin' )
{
$query = 'SELECT id';
$query.= ' FROM '.PREFIX_TABLE.'categories';
$query.= " WHERE status = 'invisible';";
$query.= " WHERE visible = 'false';";
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
array_push( $restriction, $row['id'] );
array_push( $forbidden, $row['id'] );
}
}
}
return $restriction;
return array_unique( $forbidden );
}
// The get_all_restrictions function returns an array with all the
@ -258,17 +296,14 @@ function get_restrictions( $user_id, $user_status, $check_invisible )
// sub-categories and invisible categories
function get_all_restrictions( $user_id, $user_status )
{
$restricted_cat = get_restrictions( $user_id, $user_status, true );
$i = sizeof( $restricted_cat );
for ( $k = 0; $k < sizeof( $restricted_cat ); $k++ )
{
$sub_restricted_cat = get_subcats_id( $restricted_cat[$k] );
for ( $j = 0; $j < sizeof( $sub_restricted_cat ); $j++ )
{
$restricted_cat[$i++] = $sub_restricted_cat[$j];
$restricted_cats = get_restrictions( $user_id, $user_status, true );
foreach ( $restricted_cats as $restricted_cat ) {
$sub_restricted_cats = get_subcats_id( $restricted_cat );
foreach ( $sub_restricted_cats as $sub_restricted_cat ) {
array_push( $restricted_cats, $sub_restricted_cat );
}
}
return $restricted_cat;
return $restricted_cats;
}
// The function is_user_allowed returns :
@ -277,19 +312,17 @@ function get_all_restrictions( $user_id, $user_status )
// - 2 : if an uppercat category is not allowed
function is_user_allowed( $category_id, $restrictions )
{
global $user;
$lowest_category_id = $category_id;
$is_root = false;
while ( !$is_root and !in_array( $category_id, $restrictions ) )
{
$query = 'select id_uppercat';
$query.= ' from '.PREFIX_TABLE.'categories';
$query.= ' where id = '.$category_id;
$query = 'SELECT id_uppercat';
$query.= ' FROM '.PREFIX_TABLE.'categories';
$query.= ' WHERE id = '.$category_id;
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
if ( $row['id_uppercat'] == "" )
if ( $row['id_uppercat'] == '' )
{
$is_root = true;
}

7
include/functions_xml.inc.php
View file

@ -18,7 +18,6 @@
//------------------------------------------------------------------ constantes
define( ATT_REG, '\w+' );
define( VAL_REG, '[^"]*' );
//------------------------------------------------------------------- functions
// getContent returns the content of a tag
//
@ -32,15 +31,15 @@ function getContent( $element )
// deleting start of the tag
$content = preg_replace( '/^<[^>]+>/', '', $element );
// deleting end of the tag
$content = preg_replace( '/<\/\w+>$/', '', $content );
$content = preg_replace( '/<\/[^>]+>$/', '', $content );
// replacing multiple instance of space character
$content = preg_replace( '/\s+/', ' ', $content );
return $content;
}
// The function get Attribute returns the value corresponding to the attribute
// $attribute for the tag $element.
// The function get Attribute returns the value corresponding to the
// attribute $attribute for the tag $element.
function getAttribute( $element, $attribute )
{
$regex = '/^<\w+[^>]*'.$attribute.'\s*=\s*"('.VAL_REG.')"/i';

4
include/init.inc.php
View file

@ -14,8 +14,8 @@
* the Free Software Foundation; *
* *
***************************************************************************/
define( PREFIXE_INCLUDE, '' );
define( PREFIX_INCLUDE, '' );
include_once( './include/config.inc.php' );
include_once( './include/user.inc.php' );

27
include/user.inc.php
View file

@ -24,7 +24,7 @@ $infos = array( 'id', 'username', 'mail_address', 'nb_image_line',
'maxheight', 'expand', 'show_nb_comments', 'short_period',
'long_period', 'template' );
$query_user = 'select';
$query_user = 'SELECT';
for ( $i = 0; $i < sizeof( $infos ); $i++ )
{
if ( $i > 0 )
@ -37,16 +37,16 @@ for ( $i = 0; $i < sizeof( $infos ); $i++ )
}
$query_user.= $infos[$i];
}
$query_user.= ' from '.PREFIX_TABLE.'users';
$query_user.= ' FROM '.PREFIX_TABLE.'users';
$query_done = false;
$user['is_the_guest'] = false;
if ( isset( $_GET['id'] )
&& ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $_GET['id'] ) )
{
$page['session_id'] = $_GET['id'];
$query = 'select user_id,expiration,ip';
$query.= ' from '.PREFIX_TABLE.'sessions';
$query.= " where id = '".$_GET['id']."'";
$query = 'SELECT user_id,expiration,ip';
$query.= ' FROM '.PREFIX_TABLE.'sessions';
$query.= " WHERE id = '".$_GET['id']."'";
$query.= ';';
$result = mysql_query( $query );
if ( mysql_num_rows( $result ) > 0 )
@ -56,8 +56,8 @@ if ( isset( $_GET['id'] )
{
// deletion of the session from the database,
// because it is out-of-date
$delete_query = 'delete from '.PREFIX_TABLE.'sessions';
$delete_query.= " where id = '".$page['session_id']."'";
$delete_query = 'DELETE FROM '.PREFIX_TABLE.'sessions';
$delete_query.= " WHERE id = '".$page['session_id']."'";
$delete_query.= ';';
mysql_query( $delete_query );
}
@ -65,7 +65,7 @@ if ( isset( $_GET['id'] )
{
if ( $_SERVER['REMOTE_ADDR'] == $row['ip'] )
{
$query_user .= ' where id = '.$row['user_id'];
$query_user .= ' WHERE id = '.$row['user_id'];
$query_done = true;
}
}
@ -73,7 +73,7 @@ if ( isset( $_GET['id'] )
}
if ( !$query_done )
{
$query_user .= ' where id = 2';
$query_user .= ' WHERE id = 2';
$user['is_the_guest'] = true;
}
$query_user .= ';';
@ -82,14 +82,13 @@ $row = mysql_fetch_array( mysql_query( $query_user ) );
// affectation of each value retrieved in the users table into a variable
// of the array $user.
for ( $i = 0; $i < sizeof( $infos ); $i++ )
{
$user[$infos[$i]] = $row[$infos[$i]];
foreach ( $infos as $info ) {
$user[$info] = $row[$info];
// If the field is true or false, the variable is transformed into a
// boolean value.
if ( $row[$infos[$i]] == 'true' || $row[$infos[$i]] == 'false' )
if ( $row[$info] == 'true' or $row[$info] == 'false' )
{
$user[$infos[$i]] = get_boolean( $row[$infos[$i]] );
$user[$info] = get_boolean( $row[$info] );
}
}
?>

855
include/vtemplate.class.php
View file

@ -2,372 +2,369 @@
/*****************************************************************
* VIRTUAL-TEMPLATE
*
* Version : 1.3.1 Base Edition ( Juillet 2002 ) build 6
* Version : 1.3.2 Base Edition ( Decembre 2003 ) build 1
*
* Address : http://vtemplate.sourceforge.net
*
* Authors:
* + THIEBAUT Jean-Baptiste(J.Baptiste@leweby.com) - http://www.leweby.com .
* + THIEBAUT Jean-Baptiste(J.Baptiste@leweby.com) - http://www.leweby.com .
* + CAMPANA François (fc@netouaibe.com).
* Licence: GPL.
*
*
*
*
*
*****************************************************************/
if ( !isset($DEFINE_VTEMPLATE) )
{
define("ALL",1);
define("VARTAG","{#"); // Tag d'ouverture des variables :
// vous pouvez changer ce paramètre.
define("VTEMPLATE_VERSION","1.3.1");
define("VTEMPLATE_TYPE","BA");
define("VTEMPLATE_BUILD","6");
class Err
{
var $msg;
var $titre;
function error( $errno, $arg = "", $code = 0, $disp = 0 )
{
if ( !isset($DEFINE_VTEMPLATE) ){
define("ALL",1);
define("VARTAG","{#"); // Tag d'ouverture des variables : vous pouvez changer ce paramètre.
define("VTEMPLATE_VERSION","1.3.1");
define("VTEMPLATE_TYPE","BA");
define("VTEMPLATE_BUILD","6");
class Err {
var $msg;
var $titre;
function error($errno,$arg="",$code=0,$disp=0){
// Gestion des erreurs
switch($errno)
{
case 1:
$this->titre="Erreur de session n° $code";
$this->msg = "La zone $arg est déjà ouverte.Avant d'ajouter une session sur cette zone, vous devez la fermer à l'aide de la fonction closeSession().<br>" ;
break;
case 2:
$this->titre="Erreur de session n° $code";
$this->msg = "Vous tentez de fermer une session de la zone $arg alors qu'aucune session pour cette zone n'existe.Pour ouvrir une session, utilisez la fonction addSession().<br>";
break;
case 3:
$this->titre="Erreur de session n° $code";
$var = $arg[1];
$zone = $arg[0];
$this->msg = "Vous essayez de valoriser la variable $var sans avoir créer de session de la zone $zone.Utilisez la fonction addSession() pour créer une session, puis setVar pour valoriser une variable.<br>";
break;
case 4:
$this->titre="Erreur de session n° $code";
$var = $arg[1];
$zone = $arg[0];
$this->msg = "La variable $var que vous souhaitez valoriser n'existe pas dans la zone $zone.<br>";
break;
case 5:
$this->titre="Erreur de parsing n° $code";
$this->msg = "Vous utilisez des caractère non autorisés pour déclarer vos zones.Vous pouvez utiliser tous les caractères à l'exception de \'{\' , \'#\' \'}\' et \'|\'.<br>";
break;
case 6:
$this->titre="Erreur de parsing n° $code";
$this->msg = "Vous ne pouvez pas utiliser le même nom ($arg)de zone plusieurs fois.<br>";
break;
case 7:
$this->titre="Erreur de parsing n° $code";
$this->msg = "Vous avez oublié de fermer la zone $arg.<br>";
break;
case 8:
$this->titre="Erreur de traitement n° $code";
$this->msg = "Le fichier template $arg est introuvable.<br>";
break;
case 9:
$this->titre="Erreur de traitement n° $code";
$this->msg = "Impossible d'ouvrir le fichier $arg.Vérifiez les droits de ce fichier.<br>";
break;
case 10:
$this->titre="Erreur de traitement n° $code";
$this->msg = "Impossible de lire le fichier template $arg.<br>";
break;
case 11:
$this->titre="Erreur de traitement n° $code";
$this->msg = "La zone $arg est introuvable.Vérifiez la syntaxe de cette zone.<br>";
break;
case 12:
$this->titre="Erreur de traitement n° $code";
$this->msg = "La variable $arg est introuvable .Vérifiez la syntaxe de la variable.<br>";
break;
case 13:
$this->titre="Erreur de traitement n° $code";
$this->msg = "L'identifiant de fichier spécifié n'existe pas.Vérifiez les fonctions Open() de votre script.<br>";
break;
case 14:
$this->titre="Erreur de traitement n° $code";
$var = $arg[1];
$file = $arg[0];
$this->msg = "La variable $var dans le fichier $file est introuvable.Vérifiez la syntaxe de la variable.<br>";
break;
case 15:
$this->titre="Erreur de traitement n° $code";
$var = $arg[2];
$zone = $arg[1];
$fichier = $arg[0];
$this->msg = "La variable $var dans la zone $zone du fichier $fichier est introuvable.Vérifiez la syntaxe de la variable et du nom de la zone.<br>";
break;
default:
$this->titre = "Erreur inconnue $code";
$this->msg = "Veuillez le rapporter aux auteurs de la classe.";
}
$this->titre .= ": <br>";
if ($disp){
$web = "Pour plus d'informations, consultez la <a href=\"http://www.virtual-solution.net/vtemplate/docs/debug-mod.php?version=".VTEMPLATE_VERSION."&build=".VTEMPLATE_BUILD."&type=".VTEMPLATE_TYPE."&error=$code\" target=\"_blank\">doc en ligne</a>";
echo "<font face=verdana size=2 color=red><u>$this->titre</u><i>$this->msg</i>$web<br><br></font>";
}
return -1;
}
switch($errno){
case 1:
$this->titre="Erreur de session n° $code";
$this->msg = "La zone $arg est déjà ouverte.Avant d'ajouter une session sur cette zone, vous devez la fermer à l'aide de la fonction closeSession().<br>" ;
break;
case 2:
$this->titre="Erreur de session n° $code";
$this->msg = "Vous tentez de fermer une session de la zone $arg alors qu'aucune session pour cette zone n'existe.Pour ouvrir une session, utilisez la fonction addSession().<br>";
break;
case 3:
$this->titre="Erreur de session n° $code";
$var = $arg[1];
$zone = $arg[0];
$this->msg = "Vous essayez de valoriser la variable $var sans avoir créer de session de la zone $zone.Utilisez la fonction addSession() pour créer une session, puis setVar pour valoriser une variable.<br>";
break;
case 4:
$this->titre="Erreur de session n° $code";
$var = $arg[1];
$zone = $arg[0];
$this->msg = "La variable $var que vous souhaitez valoriser n'existe pas dans la zone $zone.<br>";
break;
case 5:
$this->titre="Erreur de parsing n° $code";
$this->msg = "Vous utilisez des caractère non autorisés pour déclarer vos zones.Vous pouvez utiliser tous les caractères à l'exception de \'{\' , \'#\' \'}\' et \'|\'.<br>";
break;
case 6:
$this->titre="Erreur de parsing n° $code";
$this->msg = "Vous ne pouvez pas utiliser le même nom ($arg)de zone plusieurs fois.<br>";
break;
case 7:
$this->titre="Erreur de parsing n° $code";
$this->msg = "Vous avez oublié de fermer la zone $arg.<br>";
break;
case 8:
$this->titre="Erreur de traitement n° $code";
$this->msg = "Le fichier template $arg est introuvable.<br>";
break;
case 9:
$this->titre="Erreur de traitement n° $code";
$this->msg = "Impossible d'ouvrir le fichier $arg.Vérifiez les droits de ce fichier.<br>";
break;
case 10:
$this->titre="Erreur de traitement n° $code";
$this->msg = "Impossible de lire le fichier template $arg.<br>";
break;
case 11:
$this->titre="Erreur de traitement n° $code";
$this->msg = "La zone $arg est introuvable.Vérifiez la syntaxe de cette zone.<br>";
break;
case 12:
$this->titre="Erreur de traitement n° $code";
$this->msg = "La variable $arg est introuvable .Vérifiez la syntaxe de la variable.<br>";
break;
case 13:
$this->titre="Erreur de traitement n° $code";
$this->msg = "L'identifiant de fichier spécifié n'existe pas.Vérifiez les fonctions Open() de votre script.<br>";
break;
case 14:
$this->titre="Erreur de traitement n° $code";
$var = $arg[1];
$file = $arg[0];
$this->msg = "La variable $var dans le fichier $file est introuvable.Vérifiez la syntaxe de la variable.<br>";
break;
case 15:
$this->titre="Erreur de traitement n° $code";
$var = $arg[2];
$zone = $arg[1];
$fichier = $arg[0];
$this->msg = "La variable $var dans la zone $zone du fichier $fichier est introuvable.Vérifiez la syntaxe de la variable et du nom de la zone.<br>";
break;
default:
$this->titre = "Erreur inconnue $code";
$this->msg = "Veuillez le rapporter aux auteurs de la classe.";
}
$this->titre .= ": <br>";
if ($disp){
$web = "Pour plus d'informations, consultez la <a href=\"http://www.virtual-solution.net/vtemplate/docs/debug-mod.php?version=".VTEMPLATE_VERSION."&build=".VTEMPLATE_BUILD."&type=".VTEMPLATE_TYPE."&error=$code\" target=\"_blank\">doc en ligne</a>";
echo "<font face=verdana size=2 color=red><u>$this->titre</u><i>$this->msg</i>$web<br><br></font>";
}
return -1;
}
// Fin classe
}
}
class Session extends err{
class Session extends err{
var $name; // Name of the session
var $globalvar = array(); // List of global variable of the session
var $varlist = array(); // List of var in this session
var $subzone = array(); // list of sub-zone
var $temp; // Generated code for the current session
var $generated = NULL; // The final code
var $source; // Source code
var $used=0; // Indicates if the session contain used variable
var $stored; // Give the filename were is stored the session
var $name; // Name of the session
var $globalvar = array(); // List of global variable of the session
var $varlist = array(); // List of var in this session
var $subzone = array(); // list of sub-zone
var $temp; // Generated code for the current session
var $generated = NULL; // The final code
var $source; // Source code
var $used=0; // Indicates if the session contain used variable
var $stored; // Give the filename were is stored the session
function Session($name,$source,$stored){
$this->name = $name;
$this->source = $source;
$this->stored = $stored;
$this->parseVar();
}
function Session($name,$source,$stored){
$this->name = $name;
$this->source = $source;
$this->stored = $stored;
$this->parseVar();
}
function parseVar(){
// Récupération des noms des variables
$regle = "|".VARTAG."(.*)}|sU";
preg_match_all ($regle,$this->source,$var1);
// Création du tableau de variable à partir de la liste parsée.
$this->varlist=@array_merge($var[1],$var1[1]);
return 1;
}
function parseVar(){
// Récupération des noms des variables
$regle = "|".VARTAG."(.*)}|sU";
preg_match_all ($regle,$this->source,$var1);
// Création du tableau de variable à partir de la liste parsée.
$this->varlist=@array_merge($var[1],$var1[1]);
return 1;
}
function init(){
if($this->used) return $this->error(1,array($this->stored,$this->name),"SESSION1",1);
function init(){
if($this->used) return $this->error(1,array($this->stored,$this->name),"SESSION1",1);
// Reset generated code
$this->temp = $this->source;
$this->used = 1;
}
function closeSession(){
$this->temp = $this->source;
$this->used = 1;
}
function closeSession(){
// Check if the zone has been used.
if(!$this->used) return $this->error(2,array($this->stored,$this->name),"SESSION2",1);
if(!$this->used) return $this->error(2,array($this->stored,$this->name),"SESSION2",1);
// Set Globals vars.
$this->generateCode();
$this->used=0;
return 1;
}
$this->generateCode();
$this->used=0;
return 1;
}
function reset(){
$this->used = 0;
$this->generated = NULL;
return 1;
}
function reset(){
$this->used = 0;
$this->generated = NULL;
return 1;
}
function addSubZone(&$subzone){
$this->subzone[$subzone->name] = &$subzone;
return 1;
}
function addSubZone(&$subzone){
$this->subzone[$subzone->name] = &$subzone;
return 1;
}
function setVar($varname,$value){
if (!$this->used) return $this->error(3,array($this->stored,$this->name,$varname),"SESSION3",1);
if (!in_array($varname,$this->varlist)) return $this->error(4,array($this->name,$varname),"SESSION4",1);
$regle = "(\\".VARTAG."$varname\})";
$this->temp = preg_replace($regle,$value,$this->temp);
return 1;
}
function setVar($varname,$value){
if (!$this->used) return $this->error(3,array($this->stored,$this->name,$varname),"SESSION3",1);
if (!in_array($varname,$this->varlist)) return $this->error(4,array($this->name,$varname),"SESSION4",1);
$regle = "(\\".VARTAG."$varname\})";
$this->temp = preg_replace($regle,$value,$this->temp);
return 1;
}
function dispVar(){
echo "Liste variables de $this->name:<br>";
foreach ( $this->varlist as $vars )
echo "$vars <br>";
}
function dispVar(){
echo "Liste variables de $this->name:<br>";
foreach ( $this->varlist as $vars )
echo "$vars <br>";
}
function setGlobalVar($varname,$value){
$set = 0;
if (in_array($varname,$this->varlist)){
// Replace the var into this session
$this->globalvar[$varname]=$value;
$set = 1;
}
// Replace the var into sub zones
foreach(array_keys($this->subzone) as $subzone){
$set = $this->subzone[$subzone]->setGlobalVar($varname,$value) || $set;
}
return $set;
}
function setGlobalVar($varname,$value){
$set = 0;
if (in_array($varname,$this->varlist)){
// Replace the var into this session
$this->globalvar[$varname]=$value;
$set = 1;
}
// Replace the var into sub zones
foreach(array_keys($this->subzone) as $subzone){
$set = $this->subzone[$subzone]->setGlobalVar($varname,$value) || $set;
}
return $set;
}
function replaceGlobalVar(){
if ( count($this->globalvar) )
foreach($this->globalvar as $varname => $value){
$regle = "(\\".VARTAG."$varname\})";
$this->temp = preg_replace($regle,$value,$this->temp);
}
}
function replaceGlobalVar(){
if ( count($this->globalvar) )
foreach($this->globalvar as $varname => $value){
$regle = "(\\".VARTAG."$varname\})";
$this->temp = preg_replace($regle,$value,$this->temp);
}
}
function generateCode(){
if ($this->used == 0) return $this->generated;
// Replace global var.
if ( count($this->globalvar) ) $this->replaceGlobalVar();
// Replace all unused variable by ""
$regle = "|\\".VARTAG."(.*)\}|";
$this->temp = preg_replace($regle,"",$this->temp);
// Generate the subzone(s) code
if(count($this->subzone)){
foreach(array_keys($this->subzone) as $subzone){
$text = ($this->subzone[$subzone]->used) ? $this->subzone[$subzone]->generateCode() : $this->subzone[$subzone]->generated;
$this->temp = preg_replace("(\|$subzone\|)",$text,$this->temp);
$this->subzone[$subzone]->reset();
}
}
$this->generated .= $this->temp;
return $this->generated;
function generateCode(){
if ($this->used == 0) return $this->generated;
// Replace global var.
if ( count($this->globalvar) ) $this->replaceGlobalVar();
// Replace all unused variable by ""
$regle = "|\\".VARTAG."([^}]*)\}|";
$this->temp = preg_replace($regle,"",$this->temp);
// Generate the subzone(s) code
if(count($this->subzone)){
foreach(array_keys($this->subzone) as $subzone){
$text = ($this->subzone[$subzone]->used) ? $this->subzone[$subzone]->generateCode() : $this->subzone[$subzone]->generated;
$this->temp = preg_replace("(\|$subzone\|)",$text,$this->temp);
$this->subzone[$subzone]->reset();
}
}
$this->generated .= $this->temp;
return $this->generated;
}
function inVarList($varname){
return in_array($varname,$this->varlist);
}
function inVarList($varname){
return in_array($varname,$this->varlist);
}
// Fin classe
}
}
class VTemplate_Private extends Err{
class VTemplate_Private extends Err{
/****************************************
* Private Class. *
* ***************************************/
* Private Class. *
* ***************************************/
var $sources=array(); // Sources des zones issues de la premiere partie du parsing.
var $sessions=array(); // Tableau de sessions
var $v_global=array(); // Globla var array.
var $sources=array(); // Sources des zones issues de la premiere partie du parsing.
var $sessions=array(); // Tableau de sessions
var $v_global=array(); // Globla var array.
/****************************************************************
Parsing Functions for Template files. ( PF 1.0 )
****************************************************************/
****************************************************************/
function getNom($code){
function getNom($code){
// Retourne le premier nom de zone qu'il trouve dans le code
preg_match("(<!--VTP_([^()]+)-->)sU",$code,$reg);
preg_match("(<!--VTP_([^()]+)-->)sU",$code,$reg);
// Tester la présence des caratère invalides dans le nom ( | et {});
if (@count(explode("|",$reg[1]))>1 || @count(explode("{",$reg[1]))>1 || @count(explode("}",$reg[1]))>1) exit($this->error(5,$reg[1],"PARSE1",1));
// Tester la présence des caratère invalides dans le nom ( | et {});
if (@count(explode("|",$reg[1]))>1 || @count(explode("{",$reg[1]))>1 || @count(explode("}",$reg[1]))>1) exit($this->error(5,$reg[1],"PARSE1",1));
return @$reg[1];
}
return @$reg[1];
}
function endTag($code,$nom){
function endTag($code,$nom){
// Renvoie TRUE(1) si le tag de fermeture est présent.
preg_match("(<!--/VTP_$nom-->)sU",$code,$reg);
preg_match("(<!--/VTP_$nom-->)sU",$code,$reg);
return ($reg[0]!="<!--/VTP_$nom-->") ? 0 : 1;
}
return ($reg[0]!="<!--/VTP_$nom-->") ? 0 : 1;
}
function getSource($code,$nom,$type=0){
function getSource($code,$nom,$type=0){
// Retourne le source de la zone de nom $nom
preg_match_all ("(<!--VTP_$nom-->(.*)<!--/VTP_$nom-->)sU",$code,$reg);
preg_match_all ("(<!--VTP_$nom-->(.*)<!--/VTP_$nom-->)sU",$code,$reg);
return $reg[$type][0];
}
return $reg[$type][0];
}
function parseZone($code_source,$nom_zone="|root|"){
function parseZone($code_source,$nom_zone="|root|"){
// Fonction récursive de parsing du fichier template
// Vérification que la zone n'existe pas
if (isset($this->sources[$nom_zone])) exit($this->error(6,$nom_zone,"PARSE2",1));
// Vérification que la zone n'existe pas
if (isset($this->sources[$nom_zone])) exit($this->error(6,$nom_zone,"PARSE2",1));
// Enregistrement du code source
$this->sources[$nom_zone]["source"]=$code_source;
// Enregistrement du code source
$this->sources[$nom_zone]["source"]=$code_source;
// Rappel de la fonction pour chaque fils.
while($nom_fils=$this->getNom($this->sources[$nom_zone]["source"])){
// Rappel de la fonction pour chaque fils.
while($nom_fils=$this->getNom($this->sources[$nom_zone]["source"])){
// Vérification que le tag de fin est présent.
if (!$this->endTag($code_source,$nom_fils)) exit($this->error(7,$nom_fils,"PARSE3",1));
// Vérification que le tag de fin est présent.
if (!$this->endTag($code_source,$nom_fils)) exit($this->error(7,$nom_fils,"PARSE3",1));
// Parse le fils
$this->parseZone($this->getSource($this->sources[$nom_zone]["source"],$nom_fils,1),$nom_fils);
// Parse le fils
$this->parseZone($this->getSource($this->sources[$nom_zone]["source"],$nom_fils,1),$nom_fils);
// Enregistre le nom du fils dans la liste des fils
$this->sources[$nom_zone]["fils"][]=$nom_fils;
// Enregistre le nom du fils dans la liste des fils
$this->sources[$nom_zone]["fils"][]=$nom_fils;
// Remplace le code du fils dans le source du père
$this->sources[$nom_zone]["source"]=str_replace(
$this->getSource($this->sources[$nom_zone]["source"],$nom_fils,0),
"|$nom_fils|",
$this->sources[$nom_zone]["source"]
);
// Teste si la zone $nom_fils n'existe pas plusieurs fois dans la zone $nom_zone
if (count(explode("|$nom_fils|",$this->sources[$nom_zone]["source"]))>2) exit($this->error(6,$nom_fils,"PARSE4",1));
}// fin While
// Remplace le code du fils dans le source du père
$this->sources[$nom_zone]["source"]=str_replace(
$this->getSource($this->sources[$nom_zone]["source"],$nom_fils,0),
"|$nom_fils|",
$this->sources[$nom_zone]["source"]
);
// Teste si la zone $nom_fils n'existe pas plusieurs fois dans la zone $nom_zone
if (count(explode("|$nom_fils|",$this->sources[$nom_zone]["source"]))>2) exit($this->error(6,$nom_fils,"PARSE4",1));
}// fin While
return 1;
}
return 1;
}
/****************************************************************
Session Management functions ( SMF 1.0 )
****************************************************************/
****************************************************************/
function createSession($handle,$zone = "|root|"){
function createSession($handle,$zone = "|root|"){
// Create a new session of the zone
$this->sessions[$handle][$zone] = new Session($zone,$this->sources[$zone]["source"],$this->file_name[$handle]);
$this->sessions[$handle][$zone] = new Session($zone,$this->sources[$zone]["source"],$this->file_name[$handle]);
// Create sub-zone
if (@count($this->sources[$zone]["fils"])){
foreach($this->sources[$zone]["fils"] as $subzone){
$this->createSession($handle,$subzone);
$this->sessions[$handle][$zone]->addSubZone($this->sessions[$handle][$subzone]);
}
}
if (@count($this->sources[$zone]["fils"])){
foreach($this->sources[$zone]["fils"] as $subzone){
$this->createSession($handle,$subzone);
$this->sessions[$handle][$zone]->addSubZone($this->sessions[$handle][$subzone]);
}
}
//end createSession
}
}
/****************************************************************
Global Variable Management Functions ( GVMF 1.0 )
****************************************************************/
****************************************************************/
function setGZone($handle,$zone,$var,$value){
// Define Global var for $zone and its sub-zone.
// Set global value to $zone vars.
return $this->sessions[$handle][$zone]->setGlobalVar($var,$value);
}
function setGZone($handle,$zone,$var,$value){
// Define Global var for $zone and its sub-zone.
// Set global value to $zone vars.
return $this->sessions[$handle][$zone]->setGlobalVar($var,$value);
}
function setGFile($handle,$var,$value) {
return $this->sessions[$handle]["|root|"]->setGlobalVar($var,$value);
}
function setGFile($handle,$var,$value) {
return $this->sessions[$handle]["|root|"]->setGlobalVar($var,$value);
}
function setGAll($var,$value){
$declare = 0;
$this->v_global[$var]=$value;
if (is_array($this->sessions)){
foreach($this->sessions as $handle => $v){
$declare = $this->setGFile($handle,$var,$value) || $declare;
}
}
return $declare;
}
function setGAll($var,$value){
$declare = 0;
$this->v_global[$var]=$value;
if (is_array($this->sessions)){
foreach($this->sessions as $handle => $v){
$declare = $this->setGFile($handle,$var,$value) || $declare;
}
}
return $declare;
}
function setGOpened($handle){
function setGOpened($handle){
// Set Global var into the opened file
foreach($this->v_global as $name => $val){
$this->setGFile($handle,$name,$val);
}
return 1;
}
foreach($this->v_global as $name => $val){
$this->setGFile($handle,$name,$val);
}
return 1;
}
// Fin VTemplate_Private
}
}
class VTemplate extends VTemplate_Private{
class VTemplate extends VTemplate_Private{
/****************************************
* Public Class. *
* ***************************************/
* Public Class. *
* ***************************************/
/****************************************************************
@ -375,145 +372,233 @@ if ( !isset($DEFINE_VTEMPLATE) )
*****************************************************************/
function Open($nomfichier){
function Open($nomfichier){
// Ouverture d'un fichier source et retourne le handle de ce fichier
// Création du handle:
$handle = "{".count($this->sessions)."}" ;
$handle = "{".count($this->sessions)."}" ;
// Récupération du source à parser
if (!@file_exists($nomfichier)) return $this->error(8,$nomfichier,"TTT1",1);
if (!$f_id=@fopen($nomfichier,"r")) return $this->error(9,$nomfichier,"TTT2",1);
if (!$source=@fread($f_id, filesize($nomfichier))) return $this->error(10,$nomfichier,"TTT3",1);
clearstatcache();
fclose($f_id);
if (!@file_exists($nomfichier)) return $this->error(8,$nomfichier,"TTT1",1);
if (!$f_id=@fopen($nomfichier,"r")) return $this->error(9,$nomfichier,"TTT2",1);
if (!$source=@fread($f_id, filesize($nomfichier))) return $this->error(10,$nomfichier,"TTT3",1);
clearstatcache();
fclose($f_id);
// Store the filename
$this->file_name[$handle]=$nomfichier;
$this->file_name[$handle]=$nomfichier;
// Parse les zones
$this->parseZone($source);
$this->parseZone($source);
// Création du tableau de session
$this->createSession($handle);
$this->createSession($handle);
//Nettoyage des variables temporaires
$this->sources=NULL;
$this->sources=NULL;
// Set global var.
$this->setGOpened($handle);
$this->setGOpened($handle);
$this->addSession($handle);
return $handle;
}
$this->addSession($handle);
return $handle;
}
function newSession($handle="{0}",$nom_zone = "|root|"){
if ( $this->sessions[$handle][$nom_zone]->used ) $this->closeSession($handle,$nom_zone);
$this->addSession($handle,$nom_zone,$cache,$time,$num_session);
return 1;
}
function newSession($handle="{0}",$nom_zone = "|root|"){
if ( $this->sessions[$handle][$nom_zone]->used ) $this->closeSession($handle,$nom_zone);
$this->addSession($handle,$nom_zone,$cache,$time,$num_session);
return 1;
}
function addSession($handle="{0}",$nom_zone = "|root|"){
// Does the zone exist ?
if(!isset($this->sessions[$handle][$nom_zone])) return $this->error(11,array($nom_zone,$this->file_name[$handle]),"TTT4",1);
$this->sessions[$handle][$nom_zone]->init();
return 1;
}
function addSession($handle="{0}",$nom_zone = "|root|"){
// Does the zone exist ?
if(!isset($this->sessions[$handle][$nom_zone])) return $this->error(11,array($nom_zone,$this->file_name[$handle]),"TTT4",1);
$this->sessions[$handle][$nom_zone]->init();
return 1;
}
function closeSession($handle="{0}",$nom_zone = "|root|"){
function closeSession($handle="{0}",$nom_zone = "|root|"){
// Close the current session and all his sub-session
// Check if the zone exists.
if(!isset($this->sessions[$handle][$nom_zone])) return $this->error(11,array($nom_zone,$this->file_name[$handle]),"TTT5",1);
// Closing sub-zone
$this->sessions[$handle][$nom_zone]->closeSession();
return 1;
}
// Check if the zone exists.
if(!isset($this->sessions[$handle][$nom_zone])) return $this->error(11,array($nom_zone,$this->file_name[$handle]),"TTT5",1);
// Closing sub-zone
$this->sessions[$handle][$nom_zone]->closeSession();
return 1;
}
function setGlobalVar($arg1,$arg2,$arg3){
if ($arg1 == 1){
if (!$this->setGAll($arg2,$arg3)) return $this->error(12,$arg2,"TTT6",1);
return 1;
}
if (!isset($this->sessions[$arg1])) return $this->error(13,$arg1,"TTT7",1);
$tab=explode(".",$arg2);
if (count($tab)==1){
if (!$this->setGFile($arg1,$arg2,$arg3)) return $this->error(14,array($this->file_name[$arg1],$arg2),"TTT8",1);
}
else if (count($tab==2)){
if (!isset($this->sessions[$arg1][$tab[0]])) return $this->error(11,array($tab[0],$this->file_name[$arg1],"TTT9",1));
if (!$this->setGZone($arg1,$tab[0],$tab[1],$arg3)) return $this->error(15,array($this->file_name[$arg1],$tab[0],$tab[1]),"TTT10",1);
}
return 1;
}
function setGlobalVar($arg1,$arg2,$arg3){
if ($arg1 == 1){
if (!$this->setGAll($arg2,$arg3)) return $this->error(12,$arg2,"TTT6",1);
return 1;
}
if (!isset($this->sessions[$arg1])) return $this->error(13,$arg1,"TTT7",1);
$tab=explode(".",$arg2);
if (count($tab)==1){
if (!$this->setGFile($arg1,$arg2,$arg3)) return $this->error(14,array($this->file_name[$arg1],$arg2),"TTT8",1);
}
else if (count($tab==2)){
if (!isset($this->sessions[$arg1][$tab[0]])) return $this->error(11,array($tab[0],$this->file_name[$arg1],"TTT9",1));
if (!$this->setGZone($arg1,$tab[0],$tab[1],$arg3)) return $this->error(15,array($this->file_name[$arg1],$tab[0],$tab[1]),"TTT10",1);
}
return 1;
}
function setVar($handle,$zone_var,$val){
// Fill the variable
$tab=explode(".",$zone_var);
if(count($tab)==2){
$zone=$tab[0];
$var=$tab[1];
}
else
{
$zone="|root|";
$var=$tab[0];
}
function setVar($handle,$zone_var,$val){
// Fill the variable
$tab=explode(".",$zone_var);
if(count($tab)==2){
$zone=$tab[0];
$var=$tab[1];
}
else
{
$zone="|root|";
$var=$tab[0];
}
// Teste l'existence de la zone dans la liste
if (!isset($this->sessions[$handle][$zone])) return $this->error(11,array($this->file_name[$handle],$zone),"TTT11",1);
// Teste l'existence de la zone dans la liste
if (!isset($this->sessions[$handle][$zone])) return $this->error(11,array($this->file_name[$handle],$zone),"TTT11",1);
//Enregistre la variable
return $this->sessions[$handle][$zone]->setVar($var,$val);
}
//Enregistre la variable
return $this->sessions[$handle][$zone]->setVar($var,$val);
}
function Parse($handle_dest,$zone_var_dest,$handle_source,$zone_source="|root|"){
if($this->sessions[$handle_source][$zone_source]->used == 1) $this->closeSession($handle_source,$zone_source);
$this->setVar($handle_dest,$zone_var_dest, $this->sessions[$handle_source][$zone_source]->generated);
}
function Parse($handle_dest,$zone_var_dest,$handle_source,$zone_source="|root|"){
if($this->sessions[$handle_source][$zone_source]->used == 1) $this->closeSession($handle_source,$zone_source);
$this->setVar($handle_dest,$zone_var_dest, $this->sessions[$handle_source][$zone_source]->generated);
}
function setVarF($handle,$zone_var,$file){
function setVarF($handle,$zone_var,$file){
// Fonction qui ouvre le fichier file et copie ce qu'il y a dedans dans une variable.
$tab=explode(".",$zone_var);
$tab=explode(".",$zone_var);
// Récupération nom de la zone et de la variable.
if(count($tab)==2){
$zone=$tab[0];
$var=$tab[1];
}
else
{
$zone="|root|";
$var=$tab[0];
}
if(count($tab)==2){
$zone=$tab[0];
$var=$tab[1];
}
else
{
$zone="|root|";
$var=$tab[0];
}
// Teste l'existence de la zone dans la liste
if (!is_object($this->sessions[$handle][$zone])) return $this->error(11,array($handle,$zone),"TTT12",1);
if (!is_object($this->sessions[$handle][$zone])) return $this->error(11,array($handle,$zone),"TTT12",1);
// Récupération du source à lire
if (!@file_exists($file)) return $this->error(8,$file,"TTT13",1);
if (!$f_id=@fopen($file,"r")) return $this->error(9,$file,"TTT14",1);
if (!$val=@fread($f_id, filesize($file))) return $this->error(10,$file,"TTT15",1);
clearstatcache();
fclose($f_id);
// Récupération du source à lire
if (!@file_exists($file)) return $this->error(8,$file,"TTT13",1);
if (!$f_id=@fopen($file,"r")) return $this->error(9,$file,"TTT14",1);
if (!$val=@fread($f_id, filesize($file))) return $this->error(10,$file,"TTT15",1);
clearstatcache();
fclose($f_id);
//Enregistre la variable
return $this->sessions[$handle][$zone]->setVar($var,$val);
}
return $this->sessions[$handle][$zone]->setVar($var,$val);
}
function isZone($handle, $zone="|root|")
{
return isset($this->sessions[$handle][$zone]) ;
}
function Display($handle="{0}",$display=1,$zone="|root|"){
$this->closeSession($handle,$zone);
$c_genere = $this->sessions[$handle][$zone]->generated;
function isZone($handle, $zone="|root|")
{
return isset($this->sessions[$handle][$zone]) ;
}
function Display($handle="{0}",$display=1,$zone="|root|"){
$this->closeSession($handle,$zone);
$c_genere = $this->sessions[$handle][$zone]->generated;
if ($display) echo $c_genere; else return ($c_genere);
}
if ($display) echo $c_genere; else return ($c_genere);
}
//fonction complementaire version BETA
/*
*
On peut l'utiliser :
- SetVarTab($array): tout les couples clef/valeur sont valorisées
- SetVarTab($array,$index) seuls les couples clef/valeur dont la clef est dans le tableau index ou dont la valeur == $index (si pas tableau)
Si $index contient ou est une clef de type zone.clef, la clef sera extraite du texte est servira d'index pour $array
Vincent
*/
function setVarTab($handle,$zones,$index = array()){
if (is_array($index))
{
if (count($index)>0)
{
reset($index);
while (list (, $key) = each ($index))
{
$tab=explode(".",$key);
if(count($tab)==2){
$var=$tab[1];
}
else
{
$var=$tab[0];
}
setVar($handle,$key,$zones[$var]);
}
}
else
{
reset($zones);
while (list ($key, $val) = each ($zones))
{
setVar($handle,$key,$val);
}
}
}
else
{
setVar($handle,$index,$zones[$index]);
}
}
function setGlobalVarTab($handle,$zones,$index = array()){
if (is_array($index))
{
if (count($index)>0)
{
reset($index);
while (list (, $key) = each ($index))
{
$tab=explode(".",$key);
if(count($tab)==2){
$var=$tab[1];
}
else
{
$var=$tab[0];
}
setGlobalVar($handle,$key,$zones[$var]);
}
}
else
{
reset($zones);
while (list ($key, $val) = each ($zones))
{
GlobalVar($handle,$key,$val);
}
}
}
else
{
setBlobalVar($handle,$index,$zones[$index]);
}
}
// End VTemplate
}
$DEFINE_VTEMPLATE = 1;
}
$DEFINE_VTEMPLATE = 1;
}
?>

15
index.php
View file

@ -1,16 +1,13 @@
<?php
include_once( './include/mysql.inc.php' );
define( PREFIX_INCLUDE, '' );
include_once( './include/functions.inc.php' );
database_connection();
// récupération des informations de configuration du site
$query = 'select acces ';
$query .= 'from '.PREFIX_TABLE.'config;';
// retrieving configuration informations
$query = 'SELECT access';
$query.= ' FROM '.PREFIX_TABLE.'config;';
$row = mysql_fetch_array( mysql_query( $query ) );
$url = 'category';
if ( $row['acces'] == 'restreint' )
{
$url = 'identification';
}
if ( $row['access'] == 'restricted' ) $url = 'identification';
else $url = 'category';
// redirection
$url.= '.php';
header( 'Request-URI: '.$url );

39
language/francais.php
View file

@ -15,6 +15,10 @@ $lang['no'] = 'non';
$lang['yes'] = 'oui';
$lang['guest'] = 'visiteur';
$lang['mail_address'] = 'adresse mail';
$lang['public'] = 'publique';
$lang['private'] = 'privée';
$lang['add'] = 'ajouter';
$lang['dissociate'] = 'dissocier';
// end version 1.3
// page diapo
@ -218,20 +222,26 @@ if ( $isadmin )
// $lang['title_add'] = 'Ajouter/Modifier un utilisateur';
$lang['title_add'] = 'Ajouter un utilisateur';
$lang['title_modify'] = 'Modifier un utilisateur';
$lang['title_groups'] = 'Gestion des groupes';
// end version 1.3
$lang['title_liste_users'] = 'Liste des utilisateurs';
$lang['title_history'] = 'Historique';
$lang['title_update'] = 'Mise à jour de la base de données';
$lang['title_configuration'] = 'Configuration de PhpWebGallery';
$lang['title_instructions'] = 'Instructions';
$lang['title_permissions'] = 'Modifier les permissions pour un utilisateur';
// start version 1.3
// $lang['title_permissions'] = 'Modifier les permissions pour un utilisateur';
$lang['title_user_perm'] = 'Modifier les permissions pour l\'utilisateur';
$lang['title_cat_perm'] = 'Modifier les permissions pour la catégorie';
$lang['title_group_perm'] = 'Modifier les permissions pour le groupe';
// end version 1.3
$lang['title_categories'] = 'Gestion des catégories';
$lang['title_edit_cat'] = 'Editer une catégorie';
$lang['title_info_images'] = 'Modifier les informations sur les images d\'une catégorie';
$lang['title_thumbnails'] = 'Création des miniatures';
$lang['title_thumbnails_2'] = 'pour';
$lang['title_default'] = 'Administration de PhpWebGallery';
$lang['menu_title'] = 'Administration';
$lang['menu_config'] = 'Configuration';
$lang['menu_users'] = 'Utilisateurs';
@ -243,7 +253,10 @@ if ( $isadmin )
$lang['menu_history'] = 'Historique';
$lang['menu_instructions'] = 'Instructions';
$lang['menu_back'] = 'Page diapo';
// start version 1.3
$lang['menu_groups'] = 'Groupes';
// end version 1.3
$lang['title_waiting'] = 'Images en attente de validation';
$lang['menu_waiting'] = 'En attente';
@ -383,9 +396,19 @@ if ( $isadmin )
$lang['adduser_status_admin'] = 'admin';
// start version 1.3
// $lang['adduser_status_member'] = 'membre';
$lang['adduser_associate'] = 'Associer au groupe';
// end version 1.3
$lang['adduser_status_guest'] = 'visiteur';
// start version 1.3
$lang['group_add'] = 'Ajouter un groupe';
$lang['group_add_error1'] = 'Le nom du groupe ne doit pas comporter de " ou de \'';
$lang['group_add_error2'] = 'Ce nom de groupe est déjà utilisé';
$lang['group_confirm'] = 'Etes-vous sûr de vouloir supprimer le groupe';
$lang['group_list_title'] = 'Liste des groupes existants';
$lang['group_err_unknown'] = 'Ce groupe n\'existe pas dans la base de données';
// end version 1.3
// page permissions
$lang['permuser_info_message'] = 'Permissions enregistrées';
$lang['permuser_title'] = 'Restrictions pour l\'utilisateur';
@ -393,7 +416,9 @@ if ( $isadmin )
$lang['permuser_authorized'] = 'autorisé';
$lang['permuser_forbidden'] = 'interdit';
$lang['permuser_parent_forbidden'] = 'catégorie parente interdite';
$lang['permuser_cat_title'] = 'Modifier les permissions pour ';
// start version 1.3
// $lang['permuser_cat_title'] = 'Modifier les permissions pour ';
// end version 1.3
// page liste utilisateurs
$lang['listuser_confirm'] = 'Etes-vous sûr de vouloir supprimer l\'utilisateur';
@ -433,7 +458,9 @@ if ( $isadmin )
$lang['editcat_comment'] = 'Commentaire';
$lang['editcat_status'] = 'Status';
$lang['editcat_status_info'] = '(invisible sauf pour les administrateurs)';
// start version 1.3
$lang['editcat_visible'] = 'Visible';
// end version 1.3
// page info images
$lang['infoimage_err_date'] = 'date erronée';
$lang['infoimage_general'] = 'Options générale pour la catégorie';

133
picture.php
View file

@ -28,20 +28,20 @@ if ( isset( $page['cat'] ) && is_numeric( $page['cat'] ) )
check_restrictions( $page['cat'] );
}
//---------------------------------------- incrementation of the number of hits
$query = 'update '.PREFIX_TABLE.'images';
$query.= ' set hit=hit+1';
$query.= ' where id='.$_GET['image_id'];
$query = 'UPDATE '.PREFIX_TABLE.'images';
$query.= ' SET hit=hit+1';
$query.= ' WHERE id='.$_GET['image_id'];
$query.= ';';
@mysql_query( $query );
//-------------------------------------------------------------- initialization
initialize_category( 'picture' );
$cat_directory = $page['cat_dir']; // by default
//------------------------------------- main picture information initialization
$query = 'select id,date_available,comment,hit';
$query = 'SELECT id,date_available,comment,hit';
$query.= ',author,name,file,date_creation,filesize,width,height,cat_id';
$query.= ' from '.PREFIX_TABLE.'images';
$query.= ' FROM '.PREFIX_TABLE.'images';
$query.= $page['where'];
$query.= ' and id = '.$_GET['image_id'];
$query.= ' AND id = '.$_GET['image_id'];
$query.= $conf['order_by'];
$query.= ';';
$result = mysql_query( $query );
@ -59,8 +59,8 @@ $page['width'] = $row['width'];
$page['height'] = $row['height'];
$page['cat_id'] = $row['cat_id'];
// retrieving the number of the picture in its category (in order)
$query = 'select id';
$query.= ' from '.PREFIX_TABLE.'images';
$query = 'SELECT id';
$query.= ' FROM '.PREFIX_TABLE.'images';
$query.= $page['where'];
$query.= $conf['order_by'];
$query.= ';';
@ -78,17 +78,17 @@ if ( isset( $_GET['add_fav'] ) )
if ( $_GET['add_fav'] == 1 )
{
// verify if the picture is already in the favorite of the user
$query = 'select count(*) as nb_fav';
$query.= ' from '.PREFIX_TABLE.'favorites';
$query.= ' where image_id = '.$page['id'];
$query.= ' and user_id = '.$user['id'];
$query = 'SELECT COUNT(*) AS nb_fav';
$query.= ' FROM '.PREFIX_TABLE.'favorites';
$query.= ' WHERE image_id = '.$page['id'];
$query.= ' AND user_id = '.$user['id'];
$query.= ';';
$result = mysql_query( $query );
$row = mysql_fetch_array( $result );
if ( $row['nb_fav'] == 0 )
{
$query = 'insert into '.PREFIX_TABLE.'favorites';
$query.= ' (image_id,user_id) values';
$query = 'INSERT INTO '.PREFIX_TABLE.'favorites';
$query.= ' (image_id,user_id) VALUES';
$query.= ' ('.$page['id'].','.$user['id'].')';
$query.= ';';
$result = mysql_query( $query );
@ -96,9 +96,9 @@ if ( isset( $_GET['add_fav'] ) )
}
if ( $_GET['add_fav'] == 0 )
{
$query = 'delete from '.PREFIX_TABLE.'favorites';
$query.= ' where user_id = '.$user['id'];
$query.= ' and image_id = '.$page['id'];
$query = 'DELETE FROM '.PREFIX_TABLE.'favorites';
$query.= ' WHERE user_id = '.$user['id'];
$query.= ' AND image_id = '.$page['id'];
$query.= ';';
$result = mysql_query( $query );
@ -120,11 +120,11 @@ if ( isset( $_GET['add_fav'] ) )
{
$page['num'] = 0;
}
$query = 'select id';
$query.= ' from '.PREFIX_TABLE.'images';
$query = 'SELECT id';
$query.= ' FROM '.PREFIX_TABLE.'images';
$query.= $page['where'];
$query.= $conf['order_by'];
$query.= ' limit '.$page['num'].',1';
$query.= ' LIMIT '.$page['num'].',1';
$query.= ';';
$result = mysql_query( $query );
$row = mysql_fetch_array( $result );
@ -143,24 +143,15 @@ if ( isset( $_GET['add_fav'] ) )
}
//----------------------------------------------------- template initialization
$vtp = new VTemplate;
$handle = $vtp->Open( './template/default/picture.vtp' );
// language
$vtp->setGlobalVar( $handle, 'back', $lang['back'] );
$vtp->setGlobalVar( $handle, 'submit', $lang['submit'] );
$vtp->setGlobalVar( $handle, 'comments_title', $lang['comments_title'] );
$vtp->setGlobalVar( $handle, 'comments_del', $lang['comments_del'] );
$vtp->setGlobalVar( $handle, 'delete', $lang['delete'] );
$vtp->setGlobalVar( $handle, 'comments_add', $lang['comments_add'] );
$vtp->setGlobalVar( $handle, 'author', $lang['author'] );
// user
$vtp->setGlobalVar( $handle, 'page_style', $user['style'] );
$vtp->setGlobalVar( $handle, 'text_color', $user['couleur_text'] );
// structure
$vtp->setGlobalVar( $handle, 'frame_start', get_frame_start() );
$vtp->setGlobalVar( $handle, 'frame_begin', get_frame_begin() );
$vtp->setGlobalVar( $handle, 'frame_end', get_frame_end() );
$handle = $vtp->Open( './template/'.$user['template'].'/picture.vtp' );
initialize_template();
$tpl = array( 'back','submit','comments_title','comments_del','delete',
'comments_add','author' );
templatize_array( $tpl, 'lang', $handle );
$vtp->setGlobalVar( $handle, 'text_color', $user['couleur_text'] );
//------------------------------------------------------------------ page title
if ( $page['name'] != "" )
if ( $page['name'] != '' )
{
$vtp->setGlobalVar( $handle, 'page_title', $page['name'] );
}
@ -172,11 +163,11 @@ else
if ( $page['num'] >= 1 )
{
$prev = $page['num'] - 1;
$query = 'select id,name,file,tn_ext,cat_id';
$query.= ' from '.PREFIX_TABLE.'images';
$query = 'SELECT id,name,file,tn_ext,cat_id';
$query.= ' FROM '.PREFIX_TABLE.'images';
$query.= $page['where'];
$query.= $conf['order_by'];
$query.= ' limit '.$prev.',1';
$query.= ' LIMIT '.$prev.',1';
$query.= ';';
$result = mysql_query( $query );
$row = mysql_fetch_array( $result );
@ -197,14 +188,8 @@ if ( $page['num'] >= 1 )
$prev_title = $lang['previous_image'].' : ';
$alt_thumbnaill = '';
if ( $row['name'] != "" )
{
$alt_thumbnail = $row['name'];
}
else
{
$alt_thumbnail = $file;
}
if ( $row['name'] != '' ) $alt_thumbnail = $row['name'];
else $alt_thumbnail = $file;
$prev_title.= $alt_thumbnail;
$url_link = './picture.php?image_id='.$row['id'].'&amp;cat='.$page['cat'];
@ -320,22 +305,22 @@ if ( $page['date_creation'] != "" )
{
$vtp->addSession( $handle, 'info_line' );
$vtp->setVar( $handle, 'info_line.name', $lang['creation_date'].' : ' );
$tab_date = explode( '-', $page['date_creation'] );
list( $year,$month,$day ) = explode( '-', $page['date_creation'] );
$vtp->setVar( $handle, 'info_line.content',
$tab_date[2].'/'.$tab_date[1].'/'.$tab_date[0] );
$day.'/'.$month.'/'.$year );
$vtp->closeSession( $handle, 'info_line' );
}
// date of availability
$vtp->addSession( $handle, 'info_line' );
$vtp->setVar( $handle, 'info_line.name', $lang['registration_date'].' : ' );
$tab_date = explode( '-', $page['date_available'] );
list( $year,$month,$day ) = explode( '-', $page['date_available'] );
$vtp->setVar( $handle, 'info_line.content',
$tab_date[2].'/'.$tab_date[1].'/'.$tab_date[0] );
$day.'/'.$month.'/'.$year );
$vtp->closeSession( $handle, 'info_line' );
// size in pixels
$vtp->addSession( $handle, 'info_line' );
$vtp->setVar( $handle, 'info_line.name', $lang['size'].' : ' );
if ( $original_width != $final_width || $original_height != $final_height )
if ( $original_width != $final_width or $original_height != $final_height )
{
$content = '[ <a href="'.$lien_image.'" title="'.$lang['true_size'].'">';
$content.= $original_width.'*'.$original_height.'</a> ]';
@ -379,7 +364,7 @@ $vtp->setVar( $handle, 'info_line.name', $lang['visited'].' : ' );
$vtp->setVar( $handle, 'info_line.content', $page['hit'].' '.$lang['times'] );
$vtp->closeSession( $handle, 'info_line' );
//------------------------------------------------------- favorite manipulation
if ( $page['cat'] != 'fav' && !$user['is_the_guest'] )
if ( $page['cat'] != 'fav' and !$user['is_the_guest'] )
{
$url = './picture.php?cat='.$page['cat'].'&amp;image_id='.$page['id'];
$url.= '&amp;expand='.$_GET['expand'].'&amp;add_fav=1';
@ -441,7 +426,7 @@ if ( $page['num'] < $page['cat_nb_images']-1 )
}
$file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
$lien_thumbnail = $cat_directory."thumbnail/";
$lien_thumbnail = $cat_directory.'thumbnail/';
$lien_thumbnail.= $conf['prefix_thumbnail'].$file.".".$row['tn_ext'];
if ( $row['name'] != "" )
@ -480,13 +465,13 @@ if ( $conf['show_comments'] )
// comment registeration
if ( isset( $_POST['content'] ) && $_POST['content'] != '' )
{
$author = $user['pseudo'];
if ( $_POST['author'] != "" )
$author = $user['username'];
if ( $_POST['author'] != '' )
{
$author = $_POST['author'];
}
$query = 'insert into '.PREFIX_TABLE.'comments';
$query.= ' (author,date,image_id,content) values';
$query = 'INSERT INTO '.PREFIX_TABLE.'comments';
$query.= ' (author,date,image_id,content) VALUES';
$query.= " ('".$author."',".time().",".$page['id'];
$query.= ",'".htmlspecialchars( $_POST['content'], ENT_QUOTES)."');";
mysql_query( $query );
@ -496,14 +481,14 @@ if ( $conf['show_comments'] )
&& is_numeric( $_GET['del'] )
&& $user['status'] == 'admin' )
{
$query = 'delete from '.PREFIX_TABLE.'comments';
$query.= ' where id = '.$_GET['del'].';';
$query = 'DELETE FROM '.PREFIX_TABLE.'comments';
$query.= ' WHERE id = '.$_GET['del'].';';
mysql_query( $query );
}
// number of comment for this picture
$query = 'select count(*) as nb_comments';
$query.= ' from '.PREFIX_TABLE.'comments';
$query.= ' where image_id = '.$page['id'].';';
$query = 'SELECT COUNT(*) AS nb_comments';
$query.= ' FROM '.PREFIX_TABLE.'comments';
$query.= ' WHERE image_id = '.$page['id'].';';
$row = mysql_fetch_array( mysql_query( $query ) );
$page['nb_comments'] = $row['nb_comments'];
// navigation bar creation
@ -514,8 +499,8 @@ if ( $conf['show_comments'] )
$url.= '&amp;search='.$_GET['search'].'&amp;mode='.$_GET['mode'];
}
if( !isset( $_GET['start'] )
|| !is_numeric( $_GET['start'] )
|| ( is_numeric( $_GET['start'] ) && $_GET['start'] < 0 ) )
or !is_numeric( $_GET['start'] )
or ( is_numeric( $_GET['start'] ) and $_GET['start'] < 0 ) )
{
$page['start'] = 0;
}
@ -531,11 +516,11 @@ if ( $conf['show_comments'] )
$vtp->setGlobalVar( $handle, 'navigation_bar', $page['navigation_bar'] );
$vtp->setGlobalVar( $handle, 'nb_comments', $page['nb_comments'] );
$query = 'select id,author,date,image_id,content';
$query.= ' from '.PREFIX_TABLE.'comments';
$query.= ' where image_id = '.$page['id'];
$query.= ' order by date asc';
$query.= ' limit '.$page['start'].', '.$conf['nb_comment_page'].';';
$query = 'SELECT id,author,date,image_id,content';
$query.= ' FROM '.PREFIX_TABLE.'comments';
$query.= ' WHERE image_id = '.$page['id'];
$query.= ' ORDER BY date ASC';
$query.= ' LIMIT '.$page['start'].', '.$conf['nb_comment_page'].';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
@ -580,10 +565,4 @@ mysql_close();
//----------------------------------------------------------- html code display
$code = $vtp->Display( $handle, 0 );
echo $code;
//------------------------------------------------------------ log informations
$query = 'insert into '.PREFIX_TABLE.'history';
$query.= ' (date,login,IP,page,titre,categorie) values';
$query.= " (".time().", '".$user['pseudo']."','".$_SERVER['REMOTE_ADDR']."'";
$query.= ",'picture','".$page['file']."','".$intitule_cat."');";
@mysql_query( $query );
?>

4
register.php
View file

@ -16,9 +16,9 @@
***************************************************************************/
//----------------------------------------------------------- personnal include
include_once( "./include/init.inc.php" );
include_once( './include/init.inc.php' );
//-------------------------------------------------- access authorization check
if ( $conf['acces'] == "restreint" )
if ( $conf['access'] == "restricted" )
{
echo $lang['only_members'];
exit();

9
template/default/admin/cat.vtp → template/default/admin/cat_list.vtp
View file

@ -4,7 +4,7 @@
<{#td} style="width:40%;text-align:left;">
{#indent}<img src="./images/puce.gif" alt="&gt;" />
&nbsp;{#name} [ dir : {#dir} ]
<span style="color:red;font-weight:normal;"> {#invisible}</span>
<span style="color:red;font-weight:normal;"> {#invisible} <span style="font-weight:bold;">{#private}</span></span>
</{#td}>
<{#td} style="text-align:center;">
<div style="margin-left:3px;margin-right:3px;">{#nb_picture}</div>
@ -42,7 +42,12 @@
</{#td}>
<{#td} class="{#class}"
style="width:10%;white-space:nowrap;text-align:center;">
<a href="{#permission_url}">{#cat_permission}</a>
<!--VTP_permission-->
<a href="{#url}">{#cat_permission}</a>
<!--/VTP_permission-->
<!--VTP_no_permission-->
<span style="color:darkgray;">{#cat_permission}</span>
<!--/VTP_no_permission-->
</{#td}>
<{#td} class="{#class}"
style="width:10%;white-space:nowrap;text-align:center;">

5
template/default/admin/edit_cat.vtp → template/default/admin/cat_modify.vtp
View file

@ -29,16 +29,15 @@
<td style="width:20%;">{#editcat_status}</td>
<td class="row2">
<!--VTP_status_option-->
<input type="radio" name="status" value="{#option}"{#checked} />{#option}
<input type="radio" name="status" value="{#value}"{#checked} />{#option}
<!--/VTP_status_option-->
{#editcat_status_info}
</td>
</tr>
<tr>
<td style="width:20%;">{#editcat_visible}</td>
<td class="row2">
<!--VTP_visible_option-->
<input type="radio" name="visible" value="{#option}"{#checked} />{#option}
<input type="radio" name="visible" value="{#value}"{#checked} />{#option}
<!--/VTP_visible_option-->
{#editcat_status_info}
</td>

47
template/default/admin/cat_perm.vtp Normal file
View file

@ -0,0 +1,47 @@
<form action="{#action}" method="post">
<!--VTP_groups-->
<table style="width:100%;">
<tr>
<th colspan="2">{#menu_groups}</th>
</tr>
<!--VTP_group-->
<tr>
<td><a href="{#group_perm_link}"><span style="color:{#color}">{#groupname}</span></a></td>
<td style="text-align:right;">
<input type="radio" name="groupaccess-{#id}" value="0"{#authorized_checked}/>{#permuser_authorized}
<input type="radio" name="groupaccess-{#id}" value="1"{#forbidden_checked}/>{#permuser_forbidden}
</td>
</tr>
<!--/VTP_group-->
</table>
<!--/VTP_groups-->
<table style="width:100%;">
<tr>
<th colspan="2">{#menu_users}</th>
</tr>
<!--VTP_user-->
<tr>
<td>
<a href="{#user_perm_link}"><span style="color:{#color}">{#username}</span></a>
<!--VTP_usergroups-->
[
<!--VTP_usergroup-->
<span style="color:{#color};">{#name}</span>{#separation}
<!--/VTP_usergroup-->
]
<!--/VTP_usergroups-->
</td>
<td style="text-align:right;">
<!--VTP_parent_forbidden-->
<a href="{#url}">{#permuser_parent_forbidden}</a>
<!--/VTP_parent_forbidden-->
<input type="radio" name="useraccess-{#id}" value="0"{#authorized_checked}/>{#permuser_authorized}
<input type="radio" name="useraccess-{#id}" value="1"{#forbidden_checked}/>{#permuser_forbidden}
</td>
</tr>
<!--/VTP_user-->
<tr>
<td colspan="2" align="center"><input type="submit" name="submit" value="{#submit}"/></td>
</tr>
</table>
</form>

49
template/default/admin/group_list.vtp Normal file
View file

@ -0,0 +1,49 @@
<!--VTP_errors-->
<div class="errors">
<ul>
<!--VTP_li-->
<li>{#li}</li>
<!--/VTP_li-->
</ul>
</div>
<!--/VTP_errors-->
<!--VTP_deletion-->
<table style="width:100%;">
<tr>
<th colspan="2">{#group_confirm} "{#name}" ?</th>
</tr>
<tr>
<td align="center"><a href="{#yes_url}">{#yes}</a></td>
<td align="center" class="row2"><a href="{#no_url}">{#no}</a></td>
</tr>
</table>
<!--/VTP_deletion-->
<!--VTP_confirmation-->
<div class="{#class}">{#info}</div>
<!--/VTP_confirmation-->
<!--VTP_groups-->
<table width="100%">
<tr>
<th colspan="3">{#group_list_title}</th>
</tr>
<!--VTP_group-->
<tr>
<td style="width:25%;">
<div style="margin-left:10px;color:{#color}"><img src="./images/puce.gif" alt="&gt;" /> {#name}</div>
</td>
<td class="row2" style="text-align:center;width:25%;">
<a href="{#permission_url}">{#listuser_permission}</a>
</td>
<td class="row2" style="text-align:center;width:25%;">
<a href="{#deletion_url}">{#delete}</a>
</td>
</tr>
<!--/VTP_group-->
</table>
<!--/VTP_groups-->
<form method="post" action="{#form_action}">
<div style="text-align:center;margin:10px;">
{#group_add} <input type="text" name="name" />
<input type="submit" value="{#add}" name="submit" />
</div>
</form>

24
template/default/admin/group_perm.vtp Normal file
View file

@ -0,0 +1,24 @@
<!--VTP_confirmation-->
<div class="info">{#permuser_info_message} [ <a href="{#back_url}">{#adduser_info_back}</a> ]</div>
<!--/VTP_confirmation-->
<form action="{#action}" method="post">
<table style="width:100%;">
<!--VTP_category-->
<tr>
<td>
<img src="./images/puce.gif" alt="&gt;" /> <a href="{#cat_perm_link}"><span style="color:{#color}">{#name}</span></a>
</td>
<td style="text-align:right;">
<!--VTP_parent_forbidden-->
{#permuser_parent_forbidden}
<!--/VTP_parent_forbidden-->
<input type="radio" name="access-{#id}" value="0"{#authorized_checked}/>{#permuser_authorized}
<input type="radio" name="access-{#id}" value="1"{#forbidden_checked}/>{#permuser_forbidden}
</td>
</tr>
<!--/VTP_category-->
<tr>
<td colspan="2" align="center"><input type="submit" name="submit" value="{#submit}"/></td>
</tr>
</table>
</form>

27
template/default/admin/user_modify.vtp
View file

@ -34,7 +34,7 @@
</tr>
<tr>
<td>{#new} {#password}<input type="checkbox" name="use_new_pwd" value="1" /></td>
<td><input type="text" name="password" value="{#user:password}" /></td>
<td><input type="text" name="password" value="" /></td>
</tr>
<tr>
<td>{#mail_address}</td>
@ -50,6 +50,31 @@
</select>
</td>
</tr>
<!--VTP_groups-->
<tr>
<td valign="top">{#menu_groups}</td>
<td>
<table>
<!--VTP_group-->
<tr>
<td>{#name}</td>
<td><input type="checkbox" name="dissociate-{#dissociate_id}" value="1" /> {#dissociate}</td>
</tr>
<!--/VTP_group-->
</table>
</td>
</tr>
<!--/VTP_groups-->
<tr>
<td>{#adduser_associate}</td>
<td>
<select name="associate">
<!--VTP_associate_group-->
<option value="{#value}">{#option}</option>
<!--/VTP_associate_group-->
</select>
</td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" name="submit" value="{#submit}" />

31
template/default/admin/user_perm.vtp Normal file
View file

@ -0,0 +1,31 @@
<!--VTP_confirmation-->
<div class="info">{#permuser_info_message} [ <a href="{#back_url}">{#adduser_info_back}</a> ]</div>
<!--/VTP_confirmation-->
<form action="{#action}" method="post">
<table style="width:100%;">
<!--VTP_category-->
<tr>
<td>
<img src="./images/puce.gif" alt="&gt;" /> <a href="{#cat_perm_link}"><span style="color:{#color}">{#name}</span></a>
<!--VTP_usergroups-->
[
<!--VTP_usergroup-->
<span style="color:{#color};">{#name}</span>{#separation}
<!--/VTP_usergroup-->
]
<!--/VTP_usergroups-->
</td>
<td style="text-align:right;">
<!--VTP_parent_forbidden-->
{#permuser_parent_forbidden}
<!--/VTP_parent_forbidden-->
<input type="radio" name="access-{#id}" value="0"{#authorized_checked}/>{#permuser_authorized}
<input type="radio" name="access-{#id}" value="1"{#forbidden_checked}/>{#permuser_forbidden}
</td>
</tr>
<!--/VTP_category-->
<tr>
<td colspan="2" align="center"><input type="submit" name="submit" value="{#submit}"/></td>
</tr>
</table>
</form>

4
template/default/picture.vtp
View file

@ -1,6 +1,6 @@
<html>
<head>
{#page_style}
{#style}
<!-- Specific style to picture.php-->
<style type="text/css">
.commentsAuthor,.commentsTitle,.commentsInfos,.commentsContent,.commentsNavigationBar {
@ -44,6 +44,7 @@
<title>{#page_title}</title>
</head>
<body>
{#header}
<table style="width:100%;height:100%;">
<tr align="center" valign="middle">
<td>
@ -162,5 +163,6 @@
</tr>
<!--/VTP_comments-->
</table>
{#footer}
</body>
</html>