mirrors/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2025-04-26 03:09:58 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

- new : external authentication in another users table. Previous users table

Browse source 
is divided between users (common properties with any web application) and
  user_infos (phpwebgallery specific informations). External table and
  fields can be configured.

- modification : profile.php is not reachable through administration anymore
  (not useful).

- modification : in profile.php, current password is mandatory only if user
  tries to change his password. Username can't be changed.

- deletion : of obsolete functions get_user_restrictions,
  update_user_restrictions, get_user_all_restrictions, is_user_allowed,
  update_user

- modification : $user['forbidden_categories'] equals at least "-1" so that
  category_id NOT IN ($user['forbidden_categories']) can always be used.

- modification : user_forbidden table becomes user_cache so that not only
  restriction informations can be stored in this table.


git-svn-id: http://piwigo.org/svn/trunk@808 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
plegall 2005-08-08 20:52:19 +00:00
parent 8b97a8154e
commit 273884a652
23 changed files with 638 additions and 741 deletions
Download patch file Download diff file Expand all files Collapse all files

9
admin.php
View file

@ -30,6 +30,13 @@ define('PHPWG_ROOT_PATH','./');
define('IN_ADMIN', true);
include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
// +-----------------------------------------------------------------------+
// | synchronize user informations |
// +-----------------------------------------------------------------------+
sync_users();
//--------------------------------------- validating page and creation of title
$page_valide = false;
$title = '';
@ -323,7 +330,7 @@ include(PHPWG_ROOT_PATH.'include/page_tail.php');
// | order permission refreshment |
// +-----------------------------------------------------------------------+
$query = '
UPDATE '.USER_FORBIDDEN_TABLE.'
UPDATE '.USER_CACHE_TABLE.'
SET need_update = \'true\'
;';
pwg_query($query);

5
admin/cat_perm.php
View file

@ -258,9 +258,10 @@ foreach (array_diff(array_keys($groups), $group_granted_ids) as $group_id)
$users = array();
$query = '
SELECT id, username
SELECT '.$conf['user_fields']['id'].' AS id,
'.$conf['user_fields']['username'].' AS username
FROM '.USERS_TABLE.'
WHERE id != 2
WHERE id != '.$conf['guest_id'].'
;';
$result = pwg_query($query);
while($row = mysql_fetch_array($result))

243
admin/include/functions.php
View file

@ -332,6 +332,8 @@ DELETE FROM '.IMAGES_TABLE.'
// - calculated permissions linked to the user
function delete_user($user_id)
{
global $conf;
// destruction of the access linked to the user
$query = '
DELETE FROM '.USER_ACCESS_TABLE.'
@ -367,10 +369,17 @@ DELETE FROM '.USER_FORBIDDEN_TABLE.'
;';
pwg_query($query);
// deletion of phpwebgallery specific informations
$query = '
DELETE FROM '.USER_INFOS_TABLE.'
WHERE user_id = '.$user_id.'
;';
pwg_query($query);
// destruction of the user
$query = '
DELETE FROM '.USERS_TABLE.'
WHERE id = '.$user_id.'
WHERE '.$conf['user_fields']['id'].' = '.$user_id.'
;';
pwg_query($query);
}
@ -552,165 +561,6 @@ function get_keywords( $keywords_string )
return array_unique( $keywords );
}
/**
* returns an array with the ids of the restricted categories for the user
*
* Returns an array with the ids of the restricted categories for the
* user. If the $check_invisible parameter is set to true, invisible
* categorie are added to the restricted one in the array.
*
* @param int $user_id
* @param string $user_status
* @param bool $check_invisible
* @param bool $use_groups
* @return array
*/
function get_user_restrictions( $user_id, $user_status,
$check_invisible, $use_groups = true )
{
// 1. retrieving ids of private categories
$query = 'SELECT id FROM '.CATEGORIES_TABLE;
$query.= " WHERE status = 'private'";
$query.= ';';
$result = pwg_query( $query );
$privates = array();
while ( $row = mysql_fetch_array( $result ) )
{
array_push( $privates, $row['id'] );
}
// 2. retrieving all authorized categories for the user
$authorized = array();
// 2.1. retrieving authorized categories thanks to personnal user
// authorization
$query = 'SELECT cat_id FROM '.USER_ACCESS_TABLE;
$query.= ' WHERE user_id = '.$user_id;
$query.= ';';
$result = pwg_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
array_push( $authorized, $row['cat_id'] );
}
// 2.2. retrieving authorized categories thanks to group authorization to
// which the user is a member
if ( $use_groups )
{
$query = 'SELECT ga.cat_id';
$query.= ' FROM '.USER_GROUP_TABLE.' as ug';
$query.= ', '.GROUP_ACCESS_TABLE.' as ga';
$query.= ' WHERE ug.group_id = ga.group_id';
$query.= ' AND ug.user_id = '.$user_id;
$query.= ';';
$result = pwg_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
array_push( $authorized, $row['cat_id'] );
}
$authorized = array_unique( $authorized );
}
$forbidden = array();
foreach ( $privates as $private ) {
if ( !in_array( $private, $authorized ) )
{
array_push( $forbidden, $private );
}
}
if ( $check_invisible )
{
// 3. adding to the restricted categories, the invisible ones
if ( $user_status != 'admin' )
{
$query = 'SELECT id FROM '.CATEGORIES_TABLE;
$query.= " WHERE visible = 'false';";
$result = pwg_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
array_push( $forbidden, $row['id'] );
}
}
}
return array_unique( $forbidden );
}
/**
* updates the calculated data users.forbidden_categories, it includes
* sub-categories of the direct forbidden categories
*
* @param nt $user_id
* @return array
*/
function update_user_restrictions( $user_id )
{
$restrictions = get_user_all_restrictions( $user_id );
// update the users.forbidden_categories in database
$query = 'UPDATE '.USERS_TABLE;
$query.= ' SET forbidden_categories = ';
if ( count( $restrictions ) > 0 )
$query.= "'".implode( ',', $restrictions )."'";
else
$query.= 'NULL';
$query .= ' WHERE id = '.$user_id;
$query.= ';';
pwg_query( $query );
return $restrictions;
}
/**
* returns all the restricted categories ids including sub-categories
*
* @param int $user_id
* @return array
*/
function get_user_all_restrictions( $user_id )
{
global $page;
$query = 'SELECT status';
$query.= ' FROM '.USERS_TABLE;
$query.= ' WHERE id = '.$user_id;
$query.= ';';
$row = mysql_fetch_array( pwg_query( $query ) );
$base_restrictions=get_user_restrictions($user_id,$row['status'],true,true);
$restrictions = $base_restrictions;
foreach ( $base_restrictions as $category_id ) {
echo $category_id.' is forbidden to user '.$user_id.'<br />';
$restrictions =
array_merge( $restrictions,
$page['plain_structure'][$category_id]['all_subcats_ids'] );
}
return array_unique( $restrictions );
}
// The function is_user_allowed returns :
// - 0 : if the category is allowed with this $restrictions array
// - 1 : if this category is not allowed
// - 2 : if an uppercat category is not allowed
// Note : the restrictions array must represent ONLY direct forbidden
// categories, not all forbidden categories
function is_user_allowed( $category_id, $restrictions )
{
if ( in_array( $category_id, $restrictions ) ) return 1;
$query = 'SELECT uppercats';
$query.= ' FROM '.CATEGORIES_TABLE;
$query.= ' WHERE id = '.$category_id;
$query.= ';';
$row = mysql_fetch_array( pwg_query( $query ) );
$uppercats = explode( ',', $row['uppercats'] );
foreach ( $uppercats as $category_id ) {
if ( in_array( $category_id, $restrictions ) ) return 2;
}
// no restriction found : the user is allowed to access this category
return 0;
}
/**
* returns an array containing sub-directories which can be a category
*
@ -842,8 +692,8 @@ function mass_updates($tablename, $dbfields, $datas)
// depending on the MySQL version, we use the multi table update or N
// update queries
$query = 'SELECT VERSION() AS version;';
$row = mysql_fetch_array(pwg_query($query));
if (count($datas) < 10 or version_compare($row['version'],'4.0.4') < 0)
list($mysql_version) = mysql_fetch_array(pwg_query($query));
if (count($datas) < 10 or version_compare($mysql_version, '4.0.4') < 0)
{
// MySQL is prior to version 4.0.4, multi table update feature is not
// available
@ -1334,4 +1184,73 @@ function micro_seconds()
$t2 = $t1[1].substr($t2[1], 0, 6);
return $t2;
}
/**
* compares and synchronizes USERS_TABLE and USER_INFOS_TABLE : each user in
* USERS_TABLE must be present in USER_INFOS_TABLE.
*/
function sync_users()
{
global $conf;
$query = '
SELECT '.$conf['user_fields']['id'].' AS id
FROM '.USERS_TABLE.'
;';
$base_users = array_from_query($query, 'id');
$query = '
SELECT user_id
FROM '.USER_INFOS_TABLE.'
;';
$infos_users = array_from_query($query, 'user_id');
// users present in $base_users and not in $infos_users must be added
$to_create = array_diff($base_users, $infos_users);
if (count($to_create) > 0)
{
$inserts = array();
list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();'));
foreach ($to_create as $user_id)
{
$insert = array();
$insert['user_id'] = $user_id;
$insert['status'] = 'guest';
$insert['template'] = $conf['default_template'];
$insert['nb_image_line'] = $conf['nb_image_line'];
$insert['nb_line_page'] = $conf['nb_line_page'];
$insert['language'] = $conf['default_language'];
$insert['recent_period'] = $conf['recent_period'];
$insert['feed_id'] = find_available_feed_id();
$insert['expand'] = boolean_to_string($conf['auto_expand']);
$insert['show_nb_comments'] =
boolean_to_string($conf['show_nb_comments']);
$insert['maxwidth'] = $conf['default_maxwidth'];
$insert['maxheight'] = $conf['default_maxheight'];
$insert['registration_date'] = $dbnow;
array_push($inserts, $insert);
}
mass_inserts(USER_INFOS_TABLE,
array_keys($inserts[0]),
$inserts);
}
// users present in $infos_users and not in $base_users must be deleted
$to_delete = array_diff($infos_users, $base_users);
if (count($to_delete) > 0)
{
$query = '
DELETE
FROM '.USER_INFOS_TABLE.'
WHERE user_id in ('.implode(',', $to_delete).')
;';
pwg_query($query);
}
}
?>

2
admin/search.php
View file

@ -73,7 +73,7 @@ if ( !empty($search_match) )
$sql = "SELECT username
FROM " . USERS_TABLE . "
WHERE username LIKE '" . str_replace("\'", "''", $username_search) . "'
AND id <> ".ANONYMOUS."
AND id <> ".$conf['guest_id']."
ORDER BY username";
if ( !($result = pwg_query($sql)) )
{

56
admin/user_list.php
View file

@ -45,10 +45,7 @@ include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
if (isset($_POST['submit_add']))
{
$page['errors'] = register_user($_POST['login'],
$_POST['password'],
$_POST['password'],
'');
$page['errors'] = register_user($_POST['login'], $_POST['password'], '');
}
// +-----------------------------------------------------------------------+
@ -66,7 +63,7 @@ if (isset($_POST['pref_submit']))
$query = '
SELECT id
FROM '.USERS_TABLE.'
WHERE id != 2
WHERE id != '.$conf['guest_id'].'
;';
$collection = array_from_query($query, 'id');
break;
@ -123,7 +120,7 @@ DELETE FROM '.USER_GROUP_TABLE.'
// properties to set for the collection (a user list)
$datas = array();
$dbfields = array('primary' => array('id'), 'update' => array());
$dbfields = array('primary' => array('user_id'), 'update' => array());
$formfields =
array('nb_image_line', 'nb_line_page', 'template', 'language',
@ -146,7 +143,7 @@ DELETE FROM '.USER_GROUP_TABLE.'
foreach ($collection as $user_id)
{
$data = array();
$data['id'] = $user_id;
$data['user_id'] = $user_id;
// TODO : verify if submited values are semanticaly correct
foreach ($dbfields['update'] as $dbfield)
@ -168,7 +165,7 @@ DELETE FROM '.USER_GROUP_TABLE.'
array_push($datas, $data);
}
mass_updates(USERS_TABLE, $dbfields, $datas);
mass_updates(USER_INFOS_TABLE, $dbfields, $datas);
}
}
else
@ -202,7 +199,7 @@ $template->set_filenames(array('user_list'=>'admin/user_list.tpl'));
$base_url = add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_list');
$conf['users_page'] = 10;
$conf['users_page'] = 20;
if (isset($_GET['start']) and is_numeric($_GET['start']))
{
@ -317,7 +314,7 @@ $template->assign_block_vars(
'SELECTED' => ''
));
foreach (get_enums(USERS_TABLE, 'status') as $status)
foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
{
$selected = (isset($_GET['status']) and $_GET['status'] == $status) ?
'selected="selected"' : '';
@ -432,7 +429,7 @@ foreach (get_languages() as $language_code => $language_name)
$blockname = 'pref_status_option';
foreach (get_enums(USERS_TABLE, 'status') as $status)
foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
{
if (isset($_POST['pref_submit']))
{
@ -550,7 +547,7 @@ if (isset($_GET['group'])
}
if (isset($_GET['status'])
and in_array($_GET['status'], get_enums(USERS_TABLE, 'status')))
and in_array($_GET['status'], get_enums(USER_INFOS_TABLE, 'status')))
{
$filter['status'] = $_GET['status'];
}
@ -560,23 +557,27 @@ if (isset($_GET['status'])
// +-----------------------------------------------------------------------+
$query = '
SELECT COUNT(DISTINCT(id))
FROM '.USERS_TABLE.' LEFT JOIN '.USER_GROUP_TABLE.' ON id = user_id
WHERE id != 2';
SELECT COUNT(DISTINCT u.'.$conf['user_fields']['id'].')
FROM '.USERS_TABLE.' AS u
INNER JOIN '.USER_INFOS_TABLE.' AS ui
ON u.'.$conf['user_fields']['id'].' = ui.user_id
LEFT JOIN '.USER_GROUP_TABLE.' AS ug
ON u.'.$conf['user_fields']['id'].' = ug.user_id
WHERE u.'.$conf['user_fields']['id'].' != '.$conf['guest_id'];
if (isset($filter['username']))
{
$query.= '
AND username LIKE \''.$filter['username'].'\'';
AND u.'.$conf['user_fields']['username'].' LIKE \''.$filter['username'].'\'';
}
if (isset($filter['group']))
{
$query.= '
AND group_id = '.$filter['group'];
AND ug.group_id = '.$filter['group'];
}
if (isset($filter['status']))
{
$query.= '
AND status = \''.$filter['status']."'";
AND ui.status = \''.$filter['status']."'";
}
$query.= '
;';
@ -617,9 +618,16 @@ if (isset($_GET['direction'])
}
$query = '
SELECT DISTINCT(id), username, mail_address, status
FROM '.USERS_TABLE.' LEFT JOIN '.USER_GROUP_TABLE.' ON id = user_id
WHERE id != 2';
SELECT DISTINCT u.'.$conf['user_fields']['id'].' AS id,
u.'.$conf['user_fields']['username'].' AS username,
u.'.$conf['user_fields']['email'].' AS email,
ui.status
FROM '.USERS_TABLE.' AS u
INNER JOIN '.USER_INFOS_TABLE.' AS ui
ON u.'.$conf['user_fields']['id'].' = ui.user_id
LEFT JOIN '.USER_GROUP_TABLE.' AS ug
ON u.'.$conf['user_fields']['id'].' = ug.user_id
WHERE id != '.$conf['guest_id'];
if (isset($filter['username']))
{
$query.= '
@ -628,12 +636,12 @@ if (isset($filter['username']))
if (isset($filter['group']))
{
$query.= '
AND group_id = '.$filter['group'];
AND ug.group_id = '.$filter['group'];
}
if (isset($filter['status']))
{
$query.= '
AND status = \''.$filter['status']."'";
AND ui.status = \''.$filter['status']."'";
}
$query.= '
ORDER BY '.$order_by.' '.$direction.'
@ -687,7 +695,7 @@ SELECT user_id, group_id
'U_PERM'=>add_session_id($perm_url.$item['id']),
'USERNAME'=>$item['username'],
'STATUS'=>$lang['user_status_'.$item['status']],
'EMAIL'=>isset($item['mail_address']) ? $item['mail_address'] : '',
'EMAIL'=>isset($item['email']) ? $item['email'] : '',
'GROUPS'=>$groups_string
));
}

4
category.php
View file

@ -171,7 +171,7 @@ $template->assign_vars(array(
'U_REGISTER' => add_session_id( PHPWG_ROOT_PATH.'register.php' ),
'U_LOGOUT' => PHPWG_ROOT_PATH.'category.php?act=logout',
'U_ADMIN'=>add_session_id( PHPWG_ROOT_PATH.'admin.php' ),
'U_PROFILE'=>add_session_id(PHPWG_ROOT_PATH.'profile.php?'.str_replace( '&', '&amp;', $_SERVER['QUERY_STRING'] )),
'U_PROFILE'=>add_session_id(PHPWG_ROOT_PATH.'profile.php'),
'U_CADDIE'=>add_session_id(PHPWG_ROOT_PATH.'category.php'.get_query_string_diff(array('caddie')).'&amp;caddie=1')
)
);
@ -311,7 +311,7 @@ $template->assign_block_vars(
'TITLE'=>l10n('RSS notification feed'),
'NAME'=>l10n('Notification feed'),
'U_SUMMARY'=>
'feed.php'.(ANONYMOUS != $user['id'] ? '?feed='.$user['feed_id'] : '')
'feed.php'.($user['is_the_guest'] ? '?feed='.$user['feed_id'] : '')
));
//------------------------------------------------------ main part : thumbnails

25
doc/ChangeLog
View file

@ -1,3 +1,28 @@
2005-08-08 Pierrick LE GALL
* new : external authentication in another users table. Previous
users table is divided between users (common properties with any
web application) and user_infos (phpwebgallery specific
informations). External table and fields can be configured.
* modification : profile.php is not reachable through
administration anymore (not useful).
* modification : in profile.php, current password is mandatory
only if user tries to change his password. Username can't be
changed.
* deletion : of obsolete functions get_user_restrictions,
update_user_restrictions, get_user_all_restrictions,
is_user_allowed, update_user
* modification : $user['forbidden_categories'] equals at least
"-1" so that category_id NOT IN ($user['forbidden_categories'])
can always be used.
* modification : user_forbidden table becomes user_cache so that
not only restriction informations can be stored in this table.
2005-07-17 Pierrick LE GALL
* improvement : in admin/element_set_global, javascript is not

20
feed.php
View file

@ -130,12 +130,12 @@ SELECT DISTINCT category_id
function new_users($start, $end)
{
$query = '
SELECT id
FROM '.USERS_TABLE.'
SELECT user_id
FROM '.USER_INFOS_TABLE.'
WHERE registration_date > \''.$start.'\'
AND registration_date <= \''.$end.'\'
;';
return array_from_query($query, 'id');
return array_from_query($query, 'user_id');
}
/**
@ -268,15 +268,17 @@ if (isset($_GET['feed'])
and preg_match('/^[A-Za-z0-9]{50}$/', $_GET['feed']))
{
$query = '
SELECT id, status, last_feed_check
FROM '.USERS_TABLE.'
SELECT user_id AS id,
status,
last_feed_check
FROM '.USER_INFOS_TABLE.'
WHERE feed_id = \''.$_GET['feed'].'\'
;';
$user = mysql_fetch_array(pwg_query($query));
}
else
{
$user = array('id' => ANONYMOUS,
$user = array('id' => $conf['guest_id'],
'status' => 'guest');
}
@ -300,7 +302,7 @@ $rss->link = 'http://phpwebgallery.net';
// | Feed creation |
// +-----------------------------------------------------------------------+
if (ANONYMOUS != $user['id'])
if ($conf['guest_id'] != $user['id'])
{
$news = news($user['last_feed_check'], $dbnow);
@ -330,9 +332,9 @@ if (ANONYMOUS != $user['id'])
}
$query = '
UPDATE '.USERS_TABLE.'
UPDATE '.USER_INFOS_TABLE.'
SET last_feed_check = \''.$dbnow.'\'
WHERE id = '.$user['id'].'
WHERE user_id = '.$user['id'].'
;';
pwg_query($query);
}

8
identification.php
View file

@ -33,14 +33,16 @@ include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
$errors = array();
if (isset($_POST['login']))
{
$username = mysql_escape_string($_POST['username']);
// retrieving the encrypted password of the login submitted
$query = '
SELECT id, password
SELECT '.$conf['user_fields']['id'].' AS id,
'.$conf['user_fields']['password'].' AS password
FROM '.USERS_TABLE.'
WHERE username = \''.$_POST['username'].'\'
WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
;';
$row = mysql_fetch_array(pwg_query($query));
if ($row['password'] == md5($_POST['password']))
if ($row['password'] == $conf['pass_convert']($_POST['password']))
{
$session_length = $conf['session_length'];
if ($conf['authorize_remembering']

41
include/common.inc.php
View file

@ -120,9 +120,9 @@ if (!defined('PHPWG_INSTALLED'))
exit;
}
include(PHPWG_ROOT_PATH . 'include/constants.php');
include(PHPWG_ROOT_PATH . 'include/config_default.inc.php');
@include(PHPWG_ROOT_PATH. 'include/config_local.inc.php');
include(PHPWG_ROOT_PATH . 'include/constants.php');
include(PHPWG_ROOT_PATH . 'include/functions.inc.php');
include(PHPWG_ROOT_PATH . 'include/template.php');
@ -164,4 +164,43 @@ while ( $row =mysql_fetch_array( $result ) )
}
include(PHPWG_ROOT_PATH.'include/user.inc.php');
// language files
$user_langdir = PHPWG_ROOT_PATH.'language/'.$user['language'];
$conf_langdir = PHPWG_ROOT_PATH.'language/'.$conf['default_language'];
if (file_exists($user_langdir.'/common.lang.php'))
{
include_once($user_langdir.'/common.lang.php');
}
else
{
include_once($conf_langdir.'/common.lang.php');
}
// The administration section requires 2 more language files
if (defined('IN_ADMIN') and IN_ADMIN)
{
foreach (array('admin', 'faq') as $section)
{
if (file_exists($user_langdir.'/'.$section.'.lang.php'))
{
include_once($user_langdir.'/'.$section.'.lang.php');
}
else
{
include_once($conf_langdir.'/'.$section.'.lang.php');
}
}
}
// only now we can set the localized username of the guest user (and not in
// include/user.inc.php)
if ($user['is_the_guest'])
{
$user['username'] = $lang['guest'];
}
// template instance
$template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template']);
?>

25
include/config_default.inc.php
View file

@ -227,4 +227,29 @@ $conf['show_picture_name_on_title'] = true;
// apache_authentication : use Apache authentication as reference instead of
// users table ?
$conf['apache_authentication'] = false;
// debug_l10n : display a warning message each time an unset language key is
// accessed
$conf['debug_l10n'] = false;
// users_table : which table is the reference for users ? Can be a different
// table than PhpWebGallery table
$conf['users_table'] = $prefixeTable.'users';
// user_fields : mapping between generic field names and table specific
// field names. For example, in PWG, the mail address is names
// "mail_address" and in punbb, it's called "email".
$conf['user_fields'] = array(
'id' => 'id',
'username' => 'username',
'password' => 'password',
'email' => 'mail_address'
);
// pass_convert : function to crypt or hash the clear user password to store
// it in the database
$conf['pass_convert'] = create_function('$s', 'return md5($s);');
// guest_id : id of the anonymous user
$conf['guest_id'] = 2;
?>

8
include/constants.php
View file

@ -30,9 +30,6 @@ define('PHPWG_VERSION', '%PWGVERSION%');
define('PHPWG_URL', 'http://www.phpwebgallery.net');
define('PHPWG_FORUM_URL', 'http://forum.phpwebgallery.net');
// User level
define('ANONYMOUS', 2);
// Error codes
define('GENERAL_MESSAGE', 200);
define('GENERAL_ERROR', 202);
@ -53,10 +50,11 @@ define('SESSIONS_TABLE', $prefixeTable.'sessions');
define('SITES_TABLE', $prefixeTable.'sites');
define('USER_ACCESS_TABLE', $prefixeTable.'user_access');
define('USER_GROUP_TABLE', $prefixeTable.'user_group');
define('USERS_TABLE', $prefixeTable.'users');
define('USERS_TABLE', $conf['users_table']);
define('USER_INFOS_TABLE', $prefixeTable.'user_infos');
define('WAITING_TABLE', $prefixeTable.'waiting');
define('IMAGE_METADATA_TABLE', $prefixeTable.'image_metadata');
define('RATE_TABLE', $prefixeTable.'rate');
define('USER_FORBIDDEN_TABLE', $prefixeTable.'user_forbidden');
define('USER_CACHE_TABLE', $prefixeTable.'user_cache');
define('CADDIE_TABLE', $prefixeTable.'caddie');
?>

9
include/functions.inc.php
View file

@ -774,8 +774,13 @@ function get_name_from_file($filename)
*/
function l10n($key)
{
global $lang;
global $lang, $conf;
return (isset($lang[$key])) ? $lang[$key] : $key;
if ($conf['debug_l10n'])
{
echo '[l10n] language key "'.$key.'" is not defined<br />';
}
return isset($lang[$key]) ? $lang[$key] : $key;
}
?>

22
include/functions_category.inc.php
View file

@ -40,11 +40,11 @@
* @param int category id to verify
* @return void
*/
function check_restrictions( $category_id )
function check_restrictions($category_id)
{
global $user,$lang;
global $user, $lang;
if ( in_array( $category_id, $user['restrictions'] ) )
if (in_array($category_id, explode(',', $user['forbidden_categories'])))
{
echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />';
echo '<a href="'.add_session_id( './category.php' ).'">';
@ -167,18 +167,12 @@ function count_user_total_images()
$query = '
SELECT COUNT(DISTINCT(image_id)) as total
FROM '.IMAGE_CATEGORY_TABLE;
if (count($user['restrictions']) > 0)
{
$query.= '
WHERE category_id NOT IN ('.$user['forbidden_categories'].')';
}
$query.= '
FROM '.IMAGE_CATEGORY_TABLE.'
WHERE category_id NOT IN ('.$user['forbidden_categories'].')
;';
$row = mysql_fetch_array(pwg_query($query));
return isset($row['total']) ? $row['total'] : 0;
list($total) = mysql_fetch_array(pwg_query($query));
return $total;
}
/**

33
include/functions_session.inc.php
View file

@ -109,28 +109,23 @@ function add_session_id( $url, $redirect = false )
{
global $page, $user, $conf;
if ( $user['has_cookie'] or $conf['apache_authentication']) return $url;
$amp = '&amp;';
if ( $redirect )
{
$amp = '&';
}
if ( !$user['is_the_guest'] )
{
if ( preg_match( '/\.php\?/',$url ) )
{
return $url.$amp.'id='.$page['session_id'];
}
else
{
return $url.'?id='.$page['session_id'];
}
}
else
if ($user['is_the_guest']
or $user['has_cookie']
or $conf['apache_authentication'])
{
return $url;
}
if (preg_match('/\.php\?/', $url))
{
$separator = $redirect ? '&' : '&amp;';
}
else
{
$separator = '?';
}
return $url.$separator.'id='.$page['session_id'];
}
// cookie_path returns the path to use for the PhpWebGallery cookie.

349
include/functions_user.inc.php
View file

@ -45,16 +45,11 @@ function validate_mail_address( $mail_address )
}
}
function register_user($login, $password, $password_conf,
$mail_address, $status = 'guest')
function register_user($login, $password, $mail_address)
{
global $lang, $conf;
$errors = array();
// login must not
// 1. be empty
// 2. start ou end with space character
// 4. be already used
if ($login == '')
{
array_push($errors, $lang['reg_err_login1']);
@ -67,121 +62,33 @@ function register_user($login, $password, $password_conf,
{
array_push($errors, $lang['reg_err_login3']);
}
$query = '
SELECT id
FROM '.USERS_TABLE.'
WHERE username = \''.mysql_escape_string($login).'\'
;';
$result = pwg_query($query);
if (mysql_num_rows($result) > 0)
if (get_userid($login))
{
array_push($errors, $lang['reg_err_login5']);
}
// given password must be the same as the confirmation
if ($password != $password_conf)
$mail_error = validate_mail_address($mail_address);
if ('' != $mail_error)
{
array_push($errors, $lang['reg_err_pass']);
}
$error_mail_address = validate_mail_address($mail_address);
if ($error_mail_address != '')
{
array_push($errors, $error_mail_address);
array_push($errors, $mail_error);
}
// if no error until here, registration of the user
if (count($errors) == 0)
{
$insert = array();
$insert['username'] = mysql_escape_string($login);
$insert['password'] = md5($password);
$insert['status'] = $status;
$insert['template'] = $conf['default_template'];
$insert['nb_image_line'] = $conf['nb_image_line'];
$insert['nb_line_page'] = $conf['nb_line_page'];
$insert['language'] = $conf['default_language'];
$insert['recent_period'] = $conf['recent_period'];
$insert['feed_id'] = find_available_feed_id();
$insert['expand'] = boolean_to_string($conf['auto_expand']);
$insert['show_nb_comments'] = boolean_to_string($conf['show_nb_comments']);
if ( $mail_address != '' )
{
$insert['mail_address'] = $mail_address;
}
if ($conf['default_maxwidth'] != '')
{
$insert['maxwidth'] = $conf['default_maxwidth'];
}
if ($conf['default_maxheight'] != '')
{
$insert['maxheight'] = $conf['default_maxheight'];
}
$insert =
array(
$conf['user_fields']['username'] => mysql_escape_string($login),
$conf['user_fields']['password'] => $conf['pass_convert']($password),
$conf['user_fields']['email'] => $mail_address
);
$query = '
INSERT INTO '.USERS_TABLE.'
('.implode(',', array_keys($insert)).')
VALUES
(';
$is_first = true;
foreach (array_keys($insert) as $field)
{
if (!$is_first)
{
$query.= ',';
}
$query.= "'".$insert[$field]."'";
$is_first = false;
}
$query.= ')
;';
pwg_query($query);
$query = '
UPDATE '.USERS_TABLE.'
SET registration_date = NOW()
WHERE id = '.mysql_insert_id().'
;';
pwg_query($query);
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
mass_inserts(USERS_TABLE, array_keys($insert), array($insert));
create_user_infos(mysql_insert_id());
}
return $errors;
}
function update_user( $user_id, $mail_address, $status,
$use_new_password = false, $password = '' )
{
$error = array();
$i = 0;
$error_mail_address = validate_mail_address( $mail_address );
if ( $error_mail_address != '' )
{
$error[$i++] = $error_mail_address;
}
if ( sizeof( $error ) == 0 )
{
$query = 'UPDATE '.USERS_TABLE;
$query.= " SET status = '".$status."'";
if ( $use_new_password )
{
$query.= ", password = '".md5( $password )."'";
}
$query.= ', mail_address = ';
if ( $mail_address != '' )
{
$query.= "'".$mail_address."'";
}
else
{
$query.= 'NULL';
}
$query.= ' WHERE id = '.$user_id;
$query.= ';';
pwg_query( $query );
}
return $error;
return $errors;
}
function check_login_authorization($guest_allowed = true)
@ -212,13 +119,107 @@ function setup_style($style)
return new Template(PHPWG_ROOT_PATH.'template/'.$style);
}
function getuserdata($user)
/**
* find informations related to the user identifier
*
* @param int user identifier
* @param boolean use_cache
* @param array
*/
function getuserdata($user_id, $use_cache)
{
$sql = "SELECT * FROM " . USERS_TABLE;
$sql.= " WHERE ";
$sql .= ( ( is_integer($user) ) ? "id = $user" : "username = '" . str_replace("\'", "''", $user) . "'" ) . " AND id <> " . ANONYMOUS;
$result = pwg_query($sql);
return ( $row = mysql_fetch_array($result) ) ? $row : false;
global $conf;
$userdata = array();
$query = '
SELECT ';
$is_first = true;
foreach ($conf['user_fields'] as $pwgfield => $dbfield)
{
if ($is_first)
{
$is_first = false;
}
else
{
$query.= '
, ';
}
$query.= $dbfield.' AS '.$pwgfield;
}
$query.= '
FROM '.USERS_TABLE.'
WHERE '.$conf['user_fields']['id'].' = \''.$user_id.'\'
;';
$row = mysql_fetch_array(pwg_query($query));
while (true)
{
$query = '
SELECT ui.*, uc.*
FROM '.USER_INFOS_TABLE.' AS ui LEFT JOIN '.USER_CACHE_TABLE.' AS uc
ON ui.user_id = uc.user_id
WHERE ui.user_id = \''.$user_id.'\'
;';
$result = pwg_query($query);
if (mysql_num_rows($result) > 0)
{
break;
}
else
{
create_user_infos($user_id);
}
}
$row = array_merge($row, mysql_fetch_array($result));
foreach ($row as $key => $value)
{
if (!is_numeric($key))
{
// If the field is true or false, the variable is transformed into a
// boolean value.
if ($value == 'true' or $value == 'false')
{
$userdata[$key] = get_boolean($value);
}
else
{
$userdata[$key] = $value;
}
}
}
if ($use_cache)
{
if (!isset($userdata['need_update'])
or !is_bool($userdata['need_update'])
or $userdata['need_update'] == true)
{
$userdata['forbidden_categories'] =
calculate_permissions($userdata['id'], $userdata['status']);
// update user cache
$query = '
DELETE FROM '.USER_CACHE_TABLE.'
WHERE user_id = '.$userdata['id'].'
;';
pwg_query($query);
$query = '
INSERT INTO '.USER_CACHE_TABLE.'
(user_id,need_update,forbidden_categories)
VALUES
('.$userdata['id'].',\'false\',\''.$userdata['forbidden_categories'].'\')
;';
pwg_query($query);
}
}
return $userdata;
}
/*
@ -261,11 +262,12 @@ DELETE FROM '.FAVORITES_TABLE.'
}
/**
* update table user_forbidden for the given user
* calculates the list of forbidden categories for a given user
*
* table user_forbidden contains calculated data. Calculation is based on
* private categories minus categories authorized to the groups the user
* belongs to minus the categories directly authorized to the user
* Calculation is based on private categories minus categories authorized to
* the groups the user belongs to minus the categories directly authorized
* to the user. The list contains at least -1 to be compliant with queries
* such as "WHERE category_id NOT IN ($forbidden_categories)"
*
* @param int user_id
* @param string user_status
@ -310,11 +312,7 @@ SELECT cat_id
FROM '.USER_ACCESS_TABLE.'
WHERE user_id = '.$user_id.'
;';
$result = pwg_query($query);
while ($row = mysql_fetch_array($result))
{
array_push($authorized_array, $row['cat_id']);
}
$authorized_array = array_from_query($query, 'cat_id');
// retrieve category ids authorized to the groups the user belongs to
$query = '
@ -323,11 +321,11 @@ SELECT cat_id
ON ug.group_id = ga.group_id
WHERE ug.user_id = '.$user_id.'
;';
$result = pwg_query($query);
while ($row = mysql_fetch_array($result))
{
array_push($authorized_array, $row['cat_id']);
}
$authorized_array =
array_merge(
$authorized_array,
array_from_query($query, 'cat_id')
);
// uniquify ids : some private categories might be authorized for the
// groups and for the user
@ -336,23 +334,12 @@ SELECT cat_id
// only unauthorized private categories are forbidden
$forbidden_array = array_diff($private_array, $authorized_array);
$query = '
DELETE FROM '.USER_FORBIDDEN_TABLE.'
WHERE user_id = '.$user_id.'
;';
pwg_query($query);
$forbidden_categories = implode(',', $forbidden_array);
// at least, the list contains -1 values. This category does not exists so
// where clauses such as "WHERE category_id NOT IN(-1)" will always be
// true.
array_push($forbidden_array, '-1');
$query = '
INSERT INTO '.USER_FORBIDDEN_TABLE.'
(user_id,need_update,forbidden_categories)
VALUES
('.$user_id.',\'false\',\''.$forbidden_categories.'\')
;';
pwg_query($query);
return $forbidden_categories;
return implode(',', $forbidden_array);
}
/**
@ -363,10 +350,12 @@ INSERT INTO '.USER_FORBIDDEN_TABLE.'
*/
function get_username($user_id)
{
global $conf;
$query = '
SELECT username
SELECT '.$conf['user_fields']['username'].'
FROM '.USERS_TABLE.'
WHERE id = '.intval($user_id).'
WHERE '.$conf['user_fields']['id'].' = '.intval($user_id).'
;';
$result = pwg_query($query);
if (mysql_num_rows($result) > 0)
@ -381,6 +370,36 @@ SELECT username
return $username;
}
/**
* returns user identifier thanks to his name, false if not found
*
* @param string username
* @param int user identifier
*/
function get_userid($username)
{
global $conf;
$username = mysql_escape_string($username);
$query = '
SELECT '.$conf['user_fields']['id'].'
FROM '.USERS_TABLE.'
WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
;';
$result = pwg_query($query);
if (mysql_num_rows($result) == 0)
{
return false;
}
else
{
list($user_id) = mysql_fetch_row($result);
return $user_id;
}
}
/**
* search an available feed_id
*
@ -393,7 +412,7 @@ function find_available_feed_id()
$key = generate_key(50);
$query = '
SELECT COUNT(*)
FROM '.USERS_TABLE.'
FROM '.USER_INFOS_TABLE.'
WHERE feed_id = \''.$key.'\'
;';
list($count) = mysql_fetch_row(pwg_query($query));
@ -403,4 +422,36 @@ SELECT COUNT(*)
}
}
}
?>
/**
* add user informations based on default values
*
* @param int user_id
*/
function create_user_infos($user_id)
{
global $conf;
list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();'));
$insert =
array(
'user_id' => $user_id,
'status' => 'guest',
'template' => $conf['default_template'],
'nb_image_line' => $conf['nb_image_line'],
'nb_line_page' => $conf['nb_line_page'],
'language' => $conf['default_language'],
'recent_period' => $conf['recent_period'],
'feed_id' => find_available_feed_id(),
'expand' => boolean_to_string($conf['auto_expand']),
'show_nb_comments' => boolean_to_string($conf['show_nb_comments']),
'maxwidth' => $conf['default_maxwidth'],
'maxheight' => $conf['default_maxheight'],
'registration_date' => $dbnow
);
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
mass_inserts(USER_INFOS_TABLE, array_keys($insert), array($insert));
}
?>

116
include/user.inc.php
View file

@ -38,7 +38,6 @@
// pwg_query($query);
// }
// retrieving connected user informations
if (isset($_COOKIE['id']))
{
@ -87,65 +86,24 @@ DELETE FROM '.SESSIONS_TABLE.'
}
if (!isset($user['id']))
{
$user['id'] = 2;
$user['id'] = $conf['guest_id'];
$user['is_the_guest'] = true;
}
// using Apache authentication override the above user search
if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER']))
{
$query = '
SELECT id
FROM '.USERS_TABLE.'
WHERE username = \''.mysql_escape_string($_SERVER['REMOTE_USER']).'\'
;';
$result = pwg_query($query);
if (mysql_num_rows($result) == 0)
if (!($user['id'] = get_userid($_SERVER['REMOTE_USER'])))
{
register_user($_SERVER['REMOTE_USER'], '', '', '');
$query = '
SELECT id
FROM '.USERS_TABLE.'
WHERE username = \''.mysql_escape_string($_SERVER['REMOTE_USER']).'\'
;';
list($user['id']) = mysql_fetch_row(pwg_query($query));
register_user($_SERVER['REMOTE_USER'], '', '');
$user['id'] = get_userid($_SERVER['REMOTE_USER']);
}
else
{
list($user['id']) = mysql_fetch_row($result);
}
$user['is_the_guest'] = false;
}
$query = '
SELECT u.*, uf.*
FROM '.USERS_TABLE.' AS u LEFT JOIN '.USER_FORBIDDEN_TABLE.' AS uf
ON id = user_id
WHERE u.id = '.$user['id'].'
;';
$row = mysql_fetch_array(pwg_query($query));
// affectation of each value retrieved in the users table into a variable of
// the array $user.
foreach ($row as $key => $value)
{
if (!is_numeric($key))
{
// If the field is true or false, the variable is transformed into a
// boolean value.
if ($value == 'true' or $value == 'false')
{
$user[$key] = get_boolean($value);
}
else
{
$user[$key] = $value;
}
}
}
$use_cache = (defined('IN_ADMIN') and IN_ADMIN) ? false : true;
$user = array_merge($user, getuserdata($user['id'], $use_cache));
// properties of user guest are found in the configuration
if ($user['is_the_guest'])
@ -161,66 +119,6 @@ if ($user['is_the_guest'])
$user['show_nb_comments'] = $conf['show_nb_comments'];
}
// if no information were found about user in user_forbidden table OR the
// forbidden categories must be updated : only if current user is in public
// part
if (!defined('IN_ADMIN') or !IN_ADMIN)
{
if (!isset($user['need_update'])
or !is_bool($user['need_update'])
or $user['need_update'] == true)
{
$user['forbidden_categories'] = calculate_permissions($user['id'],
$user['status']);
}
}
// forbidden_categories is a must be empty, at least
if (!isset($user['forbidden_categories']))
{
$user['forbidden_categories'] = '';
}
// special for $user['restrictions'] array
$user['restrictions'] = explode(',', $user['forbidden_categories']);
if ($user['restrictions'][0] == '')
{
$user['restrictions'] = array();
}
// calculation of the number of picture to display per page
$user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page'];
if (empty($user['language'])
or !file_exists(PHPWG_ROOT_PATH.'language/'.
$user['language'].'/common.lang.php'))
{
$user['language'] = $conf['default_language'];
}
include_once(PHPWG_ROOT_PATH.'language/'.$user['language'].'/common.lang.php');
// displaying the username in the language of the connected user, instead of
// "guest" as you can find in the database
if ($user['is_the_guest'])
{
$user['username'] = $lang['guest'];
}
// only if we are in the administration section
if (defined('IN_ADMIN') and IN_ADMIN)
{
$langdir = PHPWG_ROOT_PATH.'language/'.$user['language'];
if (!file_exists($langdir.'/admin.lang.php'))
{
$langdir = PHPWG_ROOT_PATH.'language/'.$conf['default_language'];
}
include_once($langdir.'/admin.lang.php');
include_once($langdir.'/faq.lang.php');
}
if (empty($user['template']))
{
$user['template'] = $conf['default_template'];
}
$template = setup_style($user['template']);
?>

47
install.php
View file

@ -300,26 +300,45 @@ if ( isset( $_POST['install'] ))
mysql_query( $query );
// webmaster admin user
$query = 'INSERT INTO '.USERS_TABLE;
$query.= ' (id,username,password,status,language,mail_address) VALUES ';
$query.= "(1,'".$admin_name."','".md5( $admin_pass1 )."'";
$query.= ",'admin','".$language."'";
$query.= ",'".$admin_mail."');";
$query = '
INSERT INTO '.USERS_TABLE.'
(id,username,password,mail_address)
VALUES
(1,\''.$admin_name.'\',\''.md5($admin_pass1).'\',\''.$admin_mail.'\')
;';
mysql_query($query);
$query = '
UPDATE '.USERS_TABLE.'
SET feed_id = \''.find_available_feed_id().'\'
WHERE id = 1
INSERT INTO '.USER_INFOS_TABLE.'
(user_id,status,language)
VALUES
(1, \'admin\', \''.$language.'\')
;';
mysql_query($query);
$query = '
UPDATE '.USER_INFOS_TABLE.'
SET feed_id = \''.find_available_feed_id().'\'
WHERE user_id = 1
;';
mysql_query($query);
// guest user
$query = 'INSERT INTO '.USERS_TABLE;
$query.= '(id,username,password,status,language) VALUES ';
$query.= "(2,'guest','','guest','".$language."')";
$query.= ';';
mysql_query( $query );
$query = '
INSERT INTO '.USERS_TABLE.'
(id,username,password,mail_address)
VALUES
(2,\'guest\',\'\',\'\')
;';
mysql_query($query);
$query = '
INSERT INTO '.USER_INFOS_TABLE.'
(user_id,status,language)
VALUES
(2, \'guest\', \''.$language.'\')
;';
mysql_query($query);
}
}

30
install/phpwebgallery_structure.sql
View file

@ -212,11 +212,11 @@ CREATE TABLE `phpwebgallery_user_access` (
) TYPE=MyISAM;
--
-- Table structure for table `phpwebgallery_user_forbidden`
-- Table structure for table `phpwebgallery_user_cache`
--
DROP TABLE IF EXISTS `phpwebgallery_user_forbidden`;
CREATE TABLE `phpwebgallery_user_forbidden` (
DROP TABLE IF EXISTS `phpwebgallery_user_cache`;
CREATE TABLE `phpwebgallery_user_cache` (
`user_id` smallint(5) unsigned NOT NULL default '0',
`need_update` enum('true','false') NOT NULL default 'true',
`forbidden_categories` text,
@ -235,15 +235,12 @@ CREATE TABLE `phpwebgallery_user_group` (
) TYPE=MyISAM;
--
-- Table structure for table `phpwebgallery_users`
-- Table structure for table `phpwebgallery_user_infos`
--
DROP TABLE IF EXISTS `phpwebgallery_users`;
CREATE TABLE `phpwebgallery_users` (
`id` smallint(5) unsigned NOT NULL auto_increment,
`username` varchar(20) binary NOT NULL default '',
`password` varchar(32) default NULL,
`mail_address` varchar(255) default NULL,
DROP TABLE IF EXISTS `phpwebgallery_user_infos`;
CREATE TABLE `phpwebgallery_user_infos` (
`user_id` smallint(5) unsigned NOT NULL default '0',
`nb_image_line` tinyint(1) unsigned NOT NULL default '5',
`nb_line_page` tinyint(3) unsigned NOT NULL default '3',
`status` enum('admin','guest') NOT NULL default 'guest',
@ -257,6 +254,19 @@ CREATE TABLE `phpwebgallery_users` (
`last_feed_check` datetime default NULL,
`feed_id` varchar(50) binary default NULL,
`registration_date` datetime NOT NULL default '0000-00-00 00:00:00',
UNIQUE KEY `user_infos_ui1` (`user_id`)
) TYPE=MyISAM;
--
-- Table structure for table `phpwebgallery_users`
--
DROP TABLE IF EXISTS `phpwebgallery_users`;
CREATE TABLE `phpwebgallery_users` (
`id` smallint(5) unsigned NOT NULL auto_increment,
`username` varchar(20) binary NOT NULL default '',
`password` varchar(32) default NULL,
`mail_address` varchar(255) default NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `users_ui1` (`username`)
) TYPE=MyISAM;

257
profile.php
View file

@ -29,29 +29,15 @@
// +-----------------------------------------------------------------------+
// | initialization |
// +-----------------------------------------------------------------------+
$userdata = array();
if (defined('IN_ADMIN') and IN_ADMIN and isset($_GET['user_id']))
{
$userdata = getuserdata(intval($_GET['user_id']));
}
elseif (defined('IN_ADMIN') and (isset($_POST['validate'])) )
{
$userdata = getuserdata(intval($_POST['userid']));
}
elseif (!defined('IN_ADMIN') or !IN_ADMIN)
{
define('PHPWG_ROOT_PATH','./');
include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
check_login_authorization(false);
$userdata = $user;
}
//------------------------------------------------------ update & customization
$infos = array('nb_image_line', 'nb_line_page', 'language',
'maxwidth', 'maxheight', 'expand', 'show_nb_comments',
'recent_period', 'template', 'mail_address');
define('PHPWG_ROOT_PATH','./');
include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
check_login_authorization(false);
$userdata = $user;
//------------------------------------------------------ update & customization
$errors = array();
if (isset($_POST['username']) && !isset($_POST['reset']))
if (isset($_POST['validate']))
{
$int_pattern = '/^\d+$/';
@ -74,153 +60,92 @@ if (isset($_POST['username']) && !isset($_POST['reset']))
array_push($errors, $lang['periods_error']);
}
// if mail_address has changed
if (!isset($userdata['mail_address']))
$mail_error = validate_mail_address($_POST['mail_address']);
if (!empty($mail_error))
{
$userdata['mail_address'] = '';
array_push($errors, $mail_error);
}
if ($_POST['mail_address'] != @$userdata['mail_address'])
if (!empty($_POST['use_new_pwd']))
{
if ($user['status'] == 'admin')
// password must be the same as its confirmation
if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
{
$mail_error = validate_mail_address($_POST['mail_address']);
if (!empty($mail_error))
{
array_push($errors, $mail_error);
}
array_push($errors,
l10n('New password confirmation does not correspond'));
}
else if (!empty($_POST['password']))
{
array_push($errors, $lang['reg_err_pass']);
}
else
{
// retrieving the encrypted password of the login submitted
$query = '
// changing password requires old password
$query = '
SELECT password
FROM '.USERS_TABLE.'
WHERE id = \''.$userdata['id'].'\'
WHERE '.$conf['user_fields']['id'].' = \''.$userdata['id'].'\'
;';
$row = mysql_fetch_array(pwg_query($query));
if ($row['password'] == md5($_POST['password']))
{
$mail_error = validate_mail_address($_POST['mail_address']);
if (!empty($mail_error))
{
array_push($errors, $mail_error);
}
}
else
{
array_push($errors, $lang['reg_err_pass']);
}
}
}
// password must be the same as its confirmation
if (!empty($_POST['use_new_pwd'])
and $_POST['use_new_pwd'] != $_POST['passwordConf'])
{
array_push($errors, $lang['reg_err_pass']);
}
// We check if we are in the admin level
if (isset($_POST['user_delete']))
{
if ($_POST['userid'] > 2) // gallery founder + guest
list($current_password) = mysql_fetch_row(pwg_query($query));
if ($conf['pass_convert']($_POST['password']) != $current_password)
{
delete_user($_POST['userid']);
}
else
{
array_push($errors, $lang['user_err_modify']);
}
}
// We check if we are in the admin level
if (isset($_POST['status']) and $_POST['status'] <> $userdata['status'])
{
if ($_POST['userid'] > 2) // gallery founder + guest
{
array_push($infos, 'status');
}
else
{
array_push($errors, $lang['user_err_modify']);
array_push($errors, l10n('Current password is wrong'));
}
}
if (count($errors) == 0)
{
$query = '
UPDATE '.USERS_TABLE.'
SET ';
$is_first = true;
foreach ($infos as $i => $info)
{
if (!$is_first)
{
$query.= '
, ';
}
$is_first = false;
$query.= $info;
$query.= ' = ';
if ($_POST[$info] == '')
{
$query.= 'NULL';
}
else
{
$query.= "'".$_POST[$info]."'";
}
}
$query.= '
WHERE id = '.$_POST['userid'].'
;';
pwg_query($query);
// mass_updates function
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
// update common user informations
$fields = array($conf['user_fields']['email']);
$data = array();
$data{$conf['user_fields']['id']} = $_POST['userid'];
$data{$conf['user_fields']['email']} = $_POST['mail_address'];
// password is updated only if filled
if (!empty($_POST['use_new_pwd']))
{
$query = '
UPDATE '.USERS_TABLE.'
SET password = \''.md5($_POST['use_new_pwd']).'\'
WHERE id = '.$_POST['userid'].'
;';
pwg_query($query);
array_push($fields, $conf['user_fields']['password']);
// password is encrpyted with function $conf['pass_convert']
$data{$conf['user_fields']['password']} =
$conf['pass_convert']($_POST['use_new_pwd']);
}
mass_updates(USERS_TABLE,
array('primary' => array($conf['user_fields']['id']),
'update' => $fields),
array($data));
// redirection
if (isset($_POST['validate']))
// update user "additional" informations (specific to PhpWebGallery)
$fields = array(
'nb_image_line', 'nb_line_page', 'language', 'maxwidth', 'maxheight',
'expand', 'show_nb_comments', 'recent_period', 'template'
);
$data = array();
$data{'user_id'} = $_POST['userid'];
foreach ($fields as $field)
{
if (!defined('IN_ADMIN') or !IN_ADMIN)
if (isset($_POST[$field]))
{
$url = PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING'];
redirect(add_session_id($url));
}
else
{
redirect(add_session_id(PHPWG_ROOT_PATH.'admin.php?page=profile'));
$data{$field} = $_POST[$field];
}
}
mass_updates(USER_INFOS_TABLE,
array('primary' => array('user_id'), 'update' => $fields),
array($data));
// redirection
$url = PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING'];
redirect(add_session_id($url));
}
}
// +-----------------------------------------------------------------------+
// | page header and options |
// +-----------------------------------------------------------------------+
$url_action = PHPWG_ROOT_PATH;
if (!defined('IN_ADMIN'))
{
$title= $lang['customize_page_title'];
include(PHPWG_ROOT_PATH.'include/page_header.php');
$url_action .='profile.php';
}
else
{
$url_action .='admin.php?page=profile';
}
$title= $lang['customize_page_title'];
include(PHPWG_ROOT_PATH.'include/page_header.php');
$url_action = PHPWG_ROOT_PATH.'profile.php';
//----------------------------------------------------- template initialization
$template->set_filenames(array('profile_body'=>'profile.tpl'));
@ -233,7 +158,7 @@ $template->assign_vars(
array(
'USERNAME'=>$userdata['username'],
'USERID'=>$userdata['id'],
'EMAIL'=>@$userdata['mail_address'],
'EMAIL'=>@$userdata['email'],
'LANG_SELECT'=>language_select($userdata['language'], 'language'),
'NB_IMAGE_LINE'=>$userdata['nb_image_line'],
'NB_ROW_PAGE'=>$userdata['nb_line_page'],
@ -270,43 +195,12 @@ $template->assign_vars(
'L_SUBMIT'=>$lang['submit'],
'L_RESET'=>$lang['reset'],
'L_RETURN' => $lang['home'],
'L_RETURN_HINT' => $lang['home_hint'],
'L_RETURN_HINT' => $lang['home_hint'],
'U_RETURN' => add_session_id(PHPWG_ROOT_PATH.'category.php'),
'F_ACTION'=>add_session_id($url_action),
));
if (!defined('IN_ADMIN') or !IN_ADMIN)
{
$url_return = PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING'];
$template->assign_vars(array('U_RETURN' => add_session_id($url_return)));
}
//------------------------------------------------------------- user management
if (defined('IN_ADMIN') and IN_ADMIN)
{
$status_select = '<select name="status">';
$status_select .='<option value = "guest" ';
if ($userdata['status'] == 'guest')
{
$status_select .= 'selected="selected"';
}
$status_select .='>'.$lang['user_status_guest'] .'</option>';
$status_select .='<option value = "admin" ';
if ($userdata['status'] == 'admin')
{
$status_select .= 'selected="selected"';
}
$status_select .='>'.$lang['user_status_admin'] .'</option>';
$status_select .='</select>';
$template->assign_block_vars(
'admin',
array(
'L_ADMIN_USER'=>$lang['user_management'],
'L_STATUS'=>$lang['user_status'],
'L_DELETE'=>$lang['user_delete'],
'L_DELETE_HINT'=>$lang['user_delete_hint'],
'STATUS'=>$status_select
));
}
// +-----------------------------------------------------------------------+
// | errors display |
// +-----------------------------------------------------------------------+
@ -321,14 +215,7 @@ if (count($errors) != 0)
// +-----------------------------------------------------------------------+
// | html code display |
// +-----------------------------------------------------------------------+
if (defined('IN_ADMIN') and IN_ADMIN)
{
$template->assign_var_from_handle('ADMIN_CONTENT', 'profile_body');
}
else
{
$template->assign_block_vars('profile',array());
$template->parse('profile_body');
include(PHPWG_ROOT_PATH.'include/page_tail.php');
}
$template->assign_block_vars('profile',array());
$template->parse('profile_body');
include(PHPWG_ROOT_PATH.'include/page_tail.php');
?>

15
register.php
View file

@ -32,8 +32,19 @@ include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
$errors = array();
if (isset($_POST['submit']))
{
$errors = register_user($_POST['login'], $_POST['password'],
$_POST['password_conf'], $_POST['mail_address']);
if ($_POST['password'] != $_POST['password_conf'])
{
array_push($errors, $lang['reg_err_pass']);
}
$errors =
array_merge(
$errors,
register_user($_POST['login'],
$_POST['password'],
$_POST['mail_address'])
);
if (count($errors) == 0)
{
$query = '

25
template/default/admin/user_list.tpl
View file

@ -94,13 +94,21 @@
</table>
<div class="navigationBar">{NAVBAR}</div>
<!-- delete the selected users ? -->
<fieldset>
<legend>{lang:Deletions}</legend>
<input type="checkbox" name="confirm_deletion" value="1" /> {lang:confirm}
<input type="submit" value="{lang:Delete selected users}" name="delete" class="bouton" />
</fieldset>
<!-- form to set properties for many users at once -->
<div class="admin">Preferences</div>
<fieldset>
<legend>{lang:Groups}</legend>
<table>
<tr>
<td>associate to groupe</td>
<td>{lang:associate to group}</td>
<td>
<select name="associate" size="1">
<!-- BEGIN associate_option -->
@ -111,7 +119,7 @@
</tr>
<tr>
<td>dissociate from groupe</td>
<td>{lang:dissociate from group}</td>
<td>
<select name="dissociate" size="1">
<!-- BEGIN dissociate_option -->
@ -121,6 +129,15 @@
</td>
</tr>
</table>
</fieldset>
<fieldset>
<legend>{lang:Preferences}</legend>
<table>
<tr>
<td>{L_NB_IMAGE_LINE}</td>
<td>
@ -239,6 +256,8 @@
</table>
</fieldset>
<p style="text-align:center;">
target
<input type="radio" name="target" value="all" /> all

30
template/default/profile.tpl
View file

@ -8,29 +8,28 @@
</div>
<!-- END errors -->
<!-- BEGIN profile -->
<div class="titrePage">{L_TITLE}</div>
<!-- END profile -->
<form method="post" name="profile" action="{F_ACTION}">
<input type="hidden" name="userid" value="{USERID}" />
<table width="70%" align="center">
<tr class="admin">
<th colspan="2">{L_REGISTRATION_INFO}</th>
</tr>
<tr>
<td width="50%">{L_USERNAME}</td>
<td><input type="text" name="username" value="{USERNAME}" />
<input type="hidden" name="userid" value="{USERID}" /></td>
<td>{USERNAME}</td>
</tr>
<tr>
<td>{L_EMAIL}</td>
<td><input type="text" name="mail_address" value="{EMAIL}" /></td>
</tr>
<!-- BEGIN profile -->
<tr>
<td>{L_CURRENT_PASSWORD} : <br /><span class="small">{L_CURRENT_PASSWORD_HINT}</span></td>
<td><input type="password" name="password" value="" /></td>
</tr>
<!-- END profile -->
<tr>
<td>{L_NEW_PASSWORD} : <br /><span class="small">{L_NEW_PASSWORD_HINT}</span></td>
<td><input type="password" name="use_new_pwd" value="" /></td>
@ -82,22 +81,6 @@
<td><input type="text" size="4" maxlength="4" name="maxheight" value="{MAXHEIGHT}" />
</td>
</tr>
<!-- BEGIN admin -->
<tr class="admin">
<th colspan="2">{modify.admin.L_ADMIN_USER}</th>
</tr>
<tr>
<td>{modify.admin.L_STATUS}</td>
<td>{modify.admin.STATUS}
</td>
</tr>
<tr>
<td>{modify.admin.L_DELETE}<br />
<span class="small">{modify.admin.L_DELETE_HINT}</span></td>
<td><input name="user_delete" type="checkbox" value="1">
</td>
</tr>
<!-- END admin -->
<tr>
<td colspan="2" align="center">
<input type="submit" name="validate" value="{L_SUBMIT}" class="bouton" />
@ -106,8 +89,7 @@
</tr>
</table>
</form>
<!-- BEGIN profile -->
<div style="text-align:center;margin:5px;">
<a href="{U_RETURN}" title="{L_RETURN_HINT}">[{L_RETURN}]</a>
</div>
<!-- END profile -->