| 6 |
kaklik |
1 |
<?php
|
|
|
2 |
// +-----------------------------------------------------------------------+
|
|
|
3 |
// | PhpWebGallery - a PHP based picture gallery |
|
|
|
4 |
// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
|
|
|
5 |
// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
|
|
|
6 |
// +-----------------------------------------------------------------------+
|
|
|
7 |
// | branch : BSF (Best So Far)
|
|
|
8 |
// | file : $RCSfile: functions_user.inc.php,v $
|
|
|
9 |
// | last update : $Date: 2005/01/19 23:34:42 $
|
|
|
10 |
// | last modifier : $Author: plg $
|
|
|
11 |
// | revision : $Revision: 1.37 $
|
|
|
12 |
// +-----------------------------------------------------------------------+
|
|
|
13 |
// | This program is free software; you can redistribute it and/or modify |
|
|
|
14 |
// | it under the terms of the GNU General Public License as published by |
|
|
|
15 |
// | the Free Software Foundation |
|
|
|
16 |
// | |
|
|
|
17 |
// | This program is distributed in the hope that it will be useful, but |
|
|
|
18 |
// | WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
|
19 |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
|
|
|
20 |
// | General Public License for more details. |
|
|
|
21 |
// | |
|
|
|
22 |
// | You should have received a copy of the GNU General Public License |
|
|
|
23 |
// | along with this program; if not, write to the Free Software |
|
|
|
24 |
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
|
|
|
25 |
// | USA. |
|
|
|
26 |
// +-----------------------------------------------------------------------+
|
|
|
27 |
|
|
|
28 |
// validate_mail_address verifies whether the given mail address has the
|
|
|
29 |
// right format. ie someone@domain.com "someone" can contain ".", "-" or
|
|
|
30 |
// even "_". Exactly as "domain". The extension doesn't have to be
|
|
|
31 |
// "com". The mail address can also be empty.
|
|
|
32 |
// If the mail address doesn't correspond, an error message is returned.
|
|
|
33 |
function validate_mail_address( $mail_address )
|
|
|
34 |
{
|
|
|
35 |
global $lang;
|
|
|
36 |
|
|
|
37 |
if ( $mail_address == '' )
|
|
|
38 |
{
|
|
|
39 |
return '';
|
|
|
40 |
}
|
|
|
41 |
$regex = '/^[\w-]+(\.[\w-]+)*@[\w-]+(\.[\w-]+)*\.[a-z]+$/';
|
|
|
42 |
if ( !preg_match( $regex, $mail_address ) )
|
|
|
43 |
{
|
|
|
44 |
return $lang['reg_err_mail_address'];
|
|
|
45 |
}
|
|
|
46 |
}
|
|
|
47 |
|
|
|
48 |
function register_user($login, $password, $password_conf,
|
|
|
49 |
$mail_address, $status = 'guest')
|
|
|
50 |
{
|
|
|
51 |
global $lang, $conf;
|
|
|
52 |
|
|
|
53 |
$errors = array();
|
|
|
54 |
// login must not
|
|
|
55 |
// 1. be empty
|
|
|
56 |
// 2. start ou end with space character
|
|
|
57 |
// 3. include ' or " characters
|
|
|
58 |
// 4. be already used
|
|
|
59 |
if ($login == '')
|
|
|
60 |
{
|
|
|
61 |
array_push($errors, $lang['reg_err_login1']);
|
|
|
62 |
}
|
|
|
63 |
if (ereg("^.* $", $login))
|
|
|
64 |
{
|
|
|
65 |
array_push($errors, $lang['reg_err_login2']);
|
|
|
66 |
}
|
|
|
67 |
if (ereg("^ .*$", $login))
|
|
|
68 |
{
|
|
|
69 |
array_push($errors, $lang['reg_err_login3']);
|
|
|
70 |
}
|
|
|
71 |
|
|
|
72 |
if (ereg("'", $login) or ereg("\"", $login))
|
|
|
73 |
{
|
|
|
74 |
array_push($errors, $lang['reg_err_login4']);
|
|
|
75 |
}
|
|
|
76 |
else
|
|
|
77 |
{
|
|
|
78 |
$query = '
|
|
|
79 |
SELECT id
|
|
|
80 |
FROM '.USERS_TABLE.'
|
|
|
81 |
WHERE username = \''.$login.'\'
|
|
|
82 |
;';
|
|
|
83 |
$result = pwg_query($query);
|
|
|
84 |
if (mysql_num_rows($result) > 0)
|
|
|
85 |
{
|
|
|
86 |
array_push($errors, $lang['reg_err_login5']);
|
|
|
87 |
}
|
|
|
88 |
}
|
|
|
89 |
// given password must be the same as the confirmation
|
|
|
90 |
if ($password != $password_conf)
|
|
|
91 |
{
|
|
|
92 |
array_push($errors, $lang['reg_err_pass']);
|
|
|
93 |
}
|
|
|
94 |
|
|
|
95 |
$error_mail_address = validate_mail_address($mail_address);
|
|
|
96 |
if ($error_mail_address != '')
|
|
|
97 |
{
|
|
|
98 |
array_push($errors, $error_mail_address);
|
|
|
99 |
}
|
|
|
100 |
|
|
|
101 |
// if no error until here, registration of the user
|
|
|
102 |
if (count($errors) == 0)
|
|
|
103 |
{
|
|
|
104 |
$insert = array();
|
|
|
105 |
$insert['username'] = $login;
|
|
|
106 |
$insert['password'] = md5($password);
|
|
|
107 |
$insert['status'] = $status;
|
|
|
108 |
$insert['template'] = $conf['default_template'];
|
|
|
109 |
$insert['nb_image_line'] = $conf['nb_image_line'];
|
|
|
110 |
$insert['nb_line_page'] = $conf['nb_line_page'];
|
|
|
111 |
$insert['language'] = $conf['default_language'];
|
|
|
112 |
$insert['recent_period'] = $conf['recent_period'];
|
|
|
113 |
$insert['expand'] = boolean_to_string($conf['auto_expand']);
|
|
|
114 |
$insert['show_nb_comments'] = boolean_to_string($conf['show_nb_comments']);
|
|
|
115 |
if ( $mail_address != '' )
|
|
|
116 |
{
|
|
|
117 |
$insert['mail_address'] = $mail_address;
|
|
|
118 |
}
|
|
|
119 |
if ($conf['default_maxwidth'] != '')
|
|
|
120 |
{
|
|
|
121 |
$insert['maxwidth'] = $conf['default_maxwidth'];
|
|
|
122 |
}
|
|
|
123 |
if ($conf['default_maxheight'] != '')
|
|
|
124 |
{
|
|
|
125 |
$insert['maxheight'] = $conf['default_maxheight'];
|
|
|
126 |
}
|
|
|
127 |
|
|
|
128 |
$query = '
|
|
|
129 |
INSERT INTO '.USERS_TABLE.'
|
|
|
130 |
('.implode(',', array_keys($insert)).')
|
|
|
131 |
VALUES
|
|
|
132 |
(';
|
|
|
133 |
$is_first = true;
|
|
|
134 |
foreach (array_keys($insert) as $field)
|
|
|
135 |
{
|
|
|
136 |
if (!$is_first)
|
|
|
137 |
{
|
|
|
138 |
$query.= ',';
|
|
|
139 |
}
|
|
|
140 |
$query.= "'".$insert[$field]."'";
|
|
|
141 |
$is_first = false;
|
|
|
142 |
}
|
|
|
143 |
$query.= ')
|
|
|
144 |
;';
|
|
|
145 |
pwg_query($query);
|
|
|
146 |
}
|
|
|
147 |
return $errors;
|
|
|
148 |
}
|
|
|
149 |
|
|
|
150 |
function update_user( $user_id, $mail_address, $status,
|
|
|
151 |
$use_new_password = false, $password = '' )
|
|
|
152 |
{
|
|
|
153 |
$error = array();
|
|
|
154 |
$i = 0;
|
|
|
155 |
|
|
|
156 |
$error_mail_address = validate_mail_address( $mail_address );
|
|
|
157 |
if ( $error_mail_address != '' )
|
|
|
158 |
{
|
|
|
159 |
$error[$i++] = $error_mail_address;
|
|
|
160 |
}
|
|
|
161 |
|
|
|
162 |
if ( sizeof( $error ) == 0 )
|
|
|
163 |
{
|
|
|
164 |
$query = 'UPDATE '.USERS_TABLE;
|
|
|
165 |
$query.= " SET status = '".$status."'";
|
|
|
166 |
if ( $use_new_password )
|
|
|
167 |
{
|
|
|
168 |
$query.= ", password = '".md5( $password )."'";
|
|
|
169 |
}
|
|
|
170 |
$query.= ', mail_address = ';
|
|
|
171 |
if ( $mail_address != '' )
|
|
|
172 |
{
|
|
|
173 |
$query.= "'".$mail_address."'";
|
|
|
174 |
}
|
|
|
175 |
else
|
|
|
176 |
{
|
|
|
177 |
$query.= 'NULL';
|
|
|
178 |
}
|
|
|
179 |
$query.= ' WHERE id = '.$user_id;
|
|
|
180 |
$query.= ';';
|
|
|
181 |
pwg_query( $query );
|
|
|
182 |
}
|
|
|
183 |
return $error;
|
|
|
184 |
}
|
|
|
185 |
|
|
|
186 |
function check_login_authorization($guest_allowed = true)
|
|
|
187 |
{
|
|
|
188 |
global $user,$lang,$conf,$template;
|
|
|
189 |
|
|
|
190 |
if ($user['is_the_guest'] and !$guest_allowed)
|
|
|
191 |
{
|
|
|
192 |
echo '<div style="text-align:center;">'.$lang['only_members'].'<br />';
|
|
|
193 |
echo '<a href="./identification.php">'.$lang['ident_title'].'</a></div>';
|
|
|
194 |
exit();
|
|
|
195 |
}
|
|
|
196 |
|
|
|
197 |
if ($conf['gallery_locked'])
|
|
|
198 |
{
|
|
|
199 |
echo '<div style="text-align:center;">';
|
|
|
200 |
echo $lang['gallery_locked_message'];
|
|
|
201 |
echo '</div>';
|
|
|
202 |
if ($user['status'] != 'admin')
|
|
|
203 |
{
|
|
|
204 |
exit();
|
|
|
205 |
}
|
|
|
206 |
}
|
|
|
207 |
}
|
|
|
208 |
|
|
|
209 |
function setup_style($style)
|
|
|
210 |
{
|
|
|
211 |
return new Template(PHPWG_ROOT_PATH.'template/'.$style);
|
|
|
212 |
}
|
|
|
213 |
|
|
|
214 |
function getuserdata($user)
|
|
|
215 |
{
|
|
|
216 |
$sql = "SELECT * FROM " . USERS_TABLE;
|
|
|
217 |
$sql.= " WHERE ";
|
|
|
218 |
$sql .= ( ( is_integer($user) ) ? "id = $user" : "username = '" . str_replace("\'", "''", $user) . "'" ) . " AND id <> " . ANONYMOUS;
|
|
|
219 |
$result = pwg_query($sql);
|
|
|
220 |
return ( $row = mysql_fetch_array($result) ) ? $row : false;
|
|
|
221 |
}
|
|
|
222 |
|
|
|
223 |
/*
|
|
|
224 |
* deletes favorites of the current user if he's not allowed to see them
|
|
|
225 |
*
|
|
|
226 |
* @return void
|
|
|
227 |
*/
|
|
|
228 |
function check_user_favorites()
|
|
|
229 |
{
|
|
|
230 |
global $user;
|
|
|
231 |
|
|
|
232 |
if ($user['forbidden_categories'] == '')
|
|
|
233 |
{
|
|
|
234 |
return;
|
|
|
235 |
}
|
|
|
236 |
|
|
|
237 |
$query = '
|
|
|
238 |
SELECT f.image_id
|
|
|
239 |
FROM '.FAVORITES_TABLE.' AS f INNER JOIN '.IMAGE_CATEGORY_TABLE.' AS ic
|
|
|
240 |
ON f.image_id = ic.image_id
|
|
|
241 |
WHERE f.user_id = '.$user['id'].'
|
|
|
242 |
AND ic.category_id IN ('.$user['forbidden_categories'].')
|
|
|
243 |
;';
|
|
|
244 |
$result = pwg_query($query);
|
|
|
245 |
$elements = array();
|
|
|
246 |
while ($row = mysql_fetch_array($result))
|
|
|
247 |
{
|
|
|
248 |
array_push($elements, $row['image_id']);
|
|
|
249 |
}
|
|
|
250 |
|
|
|
251 |
if (count($elements) > 0)
|
|
|
252 |
{
|
|
|
253 |
$query = '
|
|
|
254 |
DELETE FROM '.FAVORITES_TABLE.'
|
|
|
255 |
WHERE image_id IN ('.implode(',', $elements).')
|
|
|
256 |
AND user_id = '.$user['id'].'
|
|
|
257 |
;';
|
|
|
258 |
pwg_query($query);
|
|
|
259 |
}
|
|
|
260 |
}
|
|
|
261 |
|
|
|
262 |
/**
|
|
|
263 |
* update table user_forbidden for the given user
|
|
|
264 |
*
|
|
|
265 |
* table user_forbidden contains calculated data. Calculation is based on
|
|
|
266 |
* private categories minus categories authorized to the groups the user
|
|
|
267 |
* belongs to minus the categories directly authorized to the user
|
|
|
268 |
*
|
|
|
269 |
* @param int user_id
|
|
|
270 |
* @param string user_status
|
|
|
271 |
* @return string forbidden_categories
|
|
|
272 |
*/
|
|
|
273 |
function calculate_permissions($user_id, $user_status)
|
|
|
274 |
{
|
|
|
275 |
$private_array = array();
|
|
|
276 |
$authorized_array = array();
|
|
|
277 |
|
|
|
278 |
$query = '
|
|
|
279 |
SELECT id
|
|
|
280 |
FROM '.CATEGORIES_TABLE.'
|
|
|
281 |
WHERE status = \'private\'
|
|
|
282 |
;';
|
|
|
283 |
$result = pwg_query($query);
|
|
|
284 |
while ($row = mysql_fetch_array($result))
|
|
|
285 |
{
|
|
|
286 |
array_push($private_array, $row['id']);
|
|
|
287 |
}
|
|
|
288 |
|
|
|
289 |
// if user is not an admin, locked categories can be considered as private$
|
|
|
290 |
if ($user_status != 'admin')
|
|
|
291 |
{
|
|
|
292 |
$query = '
|
|
|
293 |
SELECT id
|
|
|
294 |
FROM '.CATEGORIES_TABLE.'
|
|
|
295 |
WHERE visible = \'false\'
|
|
|
296 |
;';
|
|
|
297 |
$result = pwg_query($query);
|
|
|
298 |
while ($row = mysql_fetch_array($result))
|
|
|
299 |
{
|
|
|
300 |
array_push($private_array, $row['id']);
|
|
|
301 |
}
|
|
|
302 |
|
|
|
303 |
$private_array = array_unique($private_array);
|
|
|
304 |
}
|
|
|
305 |
|
|
|
306 |
// retrieve category ids directly authorized to the user
|
|
|
307 |
$query = '
|
|
|
308 |
SELECT cat_id
|
|
|
309 |
FROM '.USER_ACCESS_TABLE.'
|
|
|
310 |
WHERE user_id = '.$user_id.'
|
|
|
311 |
;';
|
|
|
312 |
$result = pwg_query($query);
|
|
|
313 |
while ($row = mysql_fetch_array($result))
|
|
|
314 |
{
|
|
|
315 |
array_push($authorized_array, $row['cat_id']);
|
|
|
316 |
}
|
|
|
317 |
|
|
|
318 |
// retrieve category ids authorized to the groups the user belongs to
|
|
|
319 |
$query = '
|
|
|
320 |
SELECT cat_id
|
|
|
321 |
FROM '.USER_GROUP_TABLE.' AS ug INNER JOIN '.GROUP_ACCESS_TABLE.' AS ga
|
|
|
322 |
ON ug.group_id = ga.group_id
|
|
|
323 |
WHERE ug.user_id = '.$user_id.'
|
|
|
324 |
;';
|
|
|
325 |
$result = pwg_query($query);
|
|
|
326 |
while ($row = mysql_fetch_array($result))
|
|
|
327 |
{
|
|
|
328 |
array_push($authorized_array, $row['cat_id']);
|
|
|
329 |
}
|
|
|
330 |
|
|
|
331 |
// uniquify ids : some private categories might be authorized for the
|
|
|
332 |
// groups and for the user
|
|
|
333 |
$authorized_array = array_unique($authorized_array);
|
|
|
334 |
|
|
|
335 |
// only unauthorized private categories are forbidden
|
|
|
336 |
$forbidden_array = array_diff($private_array, $authorized_array);
|
|
|
337 |
|
|
|
338 |
$query = '
|
|
|
339 |
DELETE FROM '.USER_FORBIDDEN_TABLE.'
|
|
|
340 |
WHERE user_id = '.$user_id.'
|
|
|
341 |
;';
|
|
|
342 |
pwg_query($query);
|
|
|
343 |
|
|
|
344 |
$forbidden_categories = implode(',', $forbidden_array);
|
|
|
345 |
|
|
|
346 |
$query = '
|
|
|
347 |
INSERT INTO '.USER_FORBIDDEN_TABLE.'
|
|
|
348 |
(user_id,need_update,forbidden_categories)
|
|
|
349 |
VALUES
|
|
|
350 |
('.$user_id.',\'false\',\''.$forbidden_categories.'\')
|
|
|
351 |
;';
|
|
|
352 |
pwg_query($query);
|
|
|
353 |
|
|
|
354 |
return $forbidden_categories;
|
|
|
355 |
}
|
|
|
356 |
|
|
|
357 |
/**
|
|
|
358 |
* returns the username corresponding to the given user identifier if exists
|
|
|
359 |
*
|
|
|
360 |
* @param int user_id
|
|
|
361 |
* @return mixed
|
|
|
362 |
*/
|
|
|
363 |
function get_username($user_id)
|
|
|
364 |
{
|
|
|
365 |
$query = '
|
|
|
366 |
SELECT username
|
|
|
367 |
FROM '.USERS_TABLE.'
|
|
|
368 |
WHERE id = '.intval($user_id).'
|
|
|
369 |
;';
|
|
|
370 |
$result = pwg_query($query);
|
|
|
371 |
if (mysql_num_rows($result) > 0)
|
|
|
372 |
{
|
|
|
373 |
list($username) = mysql_fetch_row($result);
|
|
|
374 |
}
|
|
|
375 |
else
|
|
|
376 |
{
|
|
|
377 |
return false;
|
|
|
378 |
}
|
|
|
379 |
|
|
|
380 |
return $username;
|
|
|
381 |
}
|
|
|
382 |
?>
|