Subversion Repositories svnkaklik

Rev

Details | Last modification | View Log

Rev Author Line No. Line
6 kaklik 1
<?php
2
// +-----------------------------------------------------------------------+
3
// | PhpWebGallery - a PHP based picture gallery                           |
4
// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5
// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
6
// +-----------------------------------------------------------------------+
7
// | branch        : BSF (Best So Far)
8
// | file          : $RCSfile: functions_user.inc.php,v $
9
// | last update   : $Date: 2005/01/19 23:34:42 $
10
// | last modifier : $Author: plg $
11
// | revision      : $Revision: 1.37 $
12
// +-----------------------------------------------------------------------+
13
// | This program is free software; you can redistribute it and/or modify  |
14
// | it under the terms of the GNU General Public License as published by  |
15
// | the Free Software Foundation                                          |
16
// |                                                                       |
17
// | This program is distributed in the hope that it will be useful, but   |
18
// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
19
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
20
// | General Public License for more details.                              |
21
// |                                                                       |
22
// | You should have received a copy of the GNU General Public License     |
23
// | along with this program; if not, write to the Free Software           |
24
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
25
// | USA.                                                                  |
26
// +-----------------------------------------------------------------------+
27
 
28
// validate_mail_address verifies whether the given mail address has the
29
// right format. ie someone@domain.com "someone" can contain ".", "-" or
30
// even "_". Exactly as "domain". The extension doesn't have to be
31
// "com". The mail address can also be empty.
32
// If the mail address doesn't correspond, an error message is returned.
33
function validate_mail_address( $mail_address )
34
{
35
  global $lang;
36
 
37
  if ( $mail_address == '' )
38
  {
39
    return '';
40
  }
41
  $regex = '/^[\w-]+(\.[\w-]+)*@[\w-]+(\.[\w-]+)*\.[a-z]+$/';
42
  if ( !preg_match( $regex, $mail_address ) )
43
  {
44
    return $lang['reg_err_mail_address'];
45
  }
46
}
47
 
48
function register_user($login, $password, $password_conf,
49
                       $mail_address, $status = 'guest')
50
{
51
  global $lang, $conf;
52
 
53
  $errors = array();
54
  // login must not
55
  //      1. be empty
56
  //      2. start ou end with space character
57
  //      3. include ' or " characters
58
  //      4. be already used
59
  if ($login == '')
60
  {
61
    array_push($errors, $lang['reg_err_login1']);
62
  }
63
  if (ereg("^.* $", $login))
64
  {
65
    array_push($errors, $lang['reg_err_login2']);
66
  }
67
  if (ereg("^ .*$", $login))
68
  {
69
    array_push($errors, $lang['reg_err_login3']);
70
  }
71
 
72
  if (ereg("'", $login) or ereg("\"", $login))
73
  {
74
    array_push($errors, $lang['reg_err_login4']);
75
  }
76
  else
77
  {
78
    $query = '
79
SELECT id
80
  FROM '.USERS_TABLE.'
81
  WHERE username = \''.$login.'\'
82
;';
83
    $result = pwg_query($query);
84
    if (mysql_num_rows($result) > 0)
85
    {
86
      array_push($errors, $lang['reg_err_login5']);
87
    }
88
  }
89
  // given password must be the same as the confirmation
90
  if ($password != $password_conf)
91
  {
92
    array_push($errors, $lang['reg_err_pass']);
93
  }
94
 
95
  $error_mail_address = validate_mail_address($mail_address);
96
  if ($error_mail_address != '')
97
  {
98
    array_push($errors, $error_mail_address);
99
  }
100
 
101
  // if no error until here, registration of the user
102
  if (count($errors) == 0)
103
  {
104
    $insert = array();
105
    $insert['username'] = $login;
106
    $insert['password'] = md5($password);
107
    $insert['status'] = $status;
108
    $insert['template'] = $conf['default_template'];
109
    $insert['nb_image_line'] = $conf['nb_image_line'];
110
    $insert['nb_line_page'] = $conf['nb_line_page'];
111
    $insert['language'] = $conf['default_language'];
112
    $insert['recent_period'] = $conf['recent_period'];
113
    $insert['expand'] = boolean_to_string($conf['auto_expand']);
114
    $insert['show_nb_comments'] = boolean_to_string($conf['show_nb_comments']);
115
    if ( $mail_address != '' )
116
    {
117
      $insert['mail_address'] = $mail_address;
118
    }
119
    if ($conf['default_maxwidth'] != '')
120
    {
121
      $insert['maxwidth'] = $conf['default_maxwidth'];
122
    }
123
    if ($conf['default_maxheight'] != '')
124
    {
125
      $insert['maxheight'] = $conf['default_maxheight'];
126
    }
127
 
128
    $query = '
129
INSERT INTO '.USERS_TABLE.'
130
  ('.implode(',', array_keys($insert)).')
131
  VALUES
132
  (';
133
    $is_first = true;
134
    foreach (array_keys($insert) as $field)
135
    {
136
      if (!$is_first)
137
      {
138
        $query.= ',';
139
      }
140
      $query.= "'".$insert[$field]."'";
141
      $is_first = false;
142
    }
143
    $query.= ')
144
;';
145
    pwg_query($query);
146
  }
147
  return $errors;
148
}
149
 
150
function update_user( $user_id, $mail_address, $status,
151
                      $use_new_password = false, $password = '' )
152
{
153
  $error = array();
154
  $i = 0;
155
 
156
  $error_mail_address = validate_mail_address( $mail_address );
157
  if ( $error_mail_address != '' )
158
  {
159
    $error[$i++] = $error_mail_address;
160
  }
161
 
162
  if ( sizeof( $error ) == 0 )
163
  {
164
    $query = 'UPDATE '.USERS_TABLE;
165
    $query.= " SET status = '".$status."'";
166
    if ( $use_new_password )
167
    {
168
      $query.= ", password = '".md5( $password )."'";
169
    }
170
    $query.= ', mail_address = ';
171
    if ( $mail_address != '' )
172
    {
173
      $query.= "'".$mail_address."'";
174
    }
175
    else
176
    {
177
      $query.= 'NULL';
178
    }
179
    $query.= ' WHERE id = '.$user_id;
180
    $query.= ';';
181
    pwg_query( $query );
182
  }
183
  return $error;
184
}
185
 
186
function check_login_authorization($guest_allowed = true)
187
{
188
  global $user,$lang,$conf,$template;
189
 
190
  if ($user['is_the_guest'] and !$guest_allowed)
191
  {
192
    echo '<div style="text-align:center;">'.$lang['only_members'].'<br />';
193
    echo '<a href="./identification.php">'.$lang['ident_title'].'</a></div>';
194
    exit();
195
  }
196
 
197
  if ($conf['gallery_locked'])
198
  {
199
    echo '<div style="text-align:center;">';
200
    echo $lang['gallery_locked_message'];
201
    echo '</div>';
202
    if ($user['status'] != 'admin')
203
    {
204
      exit();
205
    }
206
  }
207
}
208
 
209
function setup_style($style)
210
{
211
  return new Template(PHPWG_ROOT_PATH.'template/'.$style);
212
}
213
 
214
function getuserdata($user)
215
{
216
  $sql = "SELECT * FROM " . USERS_TABLE;
217
  $sql.= " WHERE ";
218
  $sql .= ( ( is_integer($user) ) ? "id = $user" : "username = '" .  str_replace("\'", "''", $user) . "'" ) . " AND id <> " . ANONYMOUS;
219
  $result = pwg_query($sql);
220
  return ( $row = mysql_fetch_array($result) ) ? $row : false;
221
}
222
 
223
/*
224
 * deletes favorites of the current user if he's not allowed to see them
225
 *
226
 * @return void
227
 */
228
function check_user_favorites()
229
{
230
  global $user;
231
 
232
  if ($user['forbidden_categories'] == '')
233
  {
234
    return;
235
  }
236
 
237
  $query = '
238
SELECT f.image_id
239
  FROM '.FAVORITES_TABLE.' AS f INNER JOIN '.IMAGE_CATEGORY_TABLE.' AS ic
240
    ON f.image_id = ic.image_id
241
  WHERE f.user_id = '.$user['id'].'
242
    AND ic.category_id IN ('.$user['forbidden_categories'].')
243
;';
244
  $result = pwg_query($query);
245
  $elements = array();
246
  while ($row = mysql_fetch_array($result))
247
  {
248
    array_push($elements, $row['image_id']);
249
  }
250
 
251
  if (count($elements) > 0)
252
  {
253
    $query = '
254
DELETE FROM '.FAVORITES_TABLE.'
255
  WHERE image_id IN ('.implode(',', $elements).')
256
    AND user_id = '.$user['id'].'
257
;';
258
    pwg_query($query);
259
  }
260
}
261
 
262
/**
263
 * update table user_forbidden for the given user
264
 *
265
 * table user_forbidden contains calculated data. Calculation is based on
266
 * private categories minus categories authorized to the groups the user
267
 * belongs to minus the categories directly authorized to the user
268
 *
269
 * @param int user_id
270
 * @param string user_status
271
 * @return string forbidden_categories
272
 */
273
function calculate_permissions($user_id, $user_status)
274
{
275
  $private_array = array();
276
  $authorized_array = array();
277
 
278
  $query = '
279
SELECT id
280
  FROM '.CATEGORIES_TABLE.'
281
  WHERE status = \'private\'
282
;';
283
  $result = pwg_query($query);
284
  while ($row = mysql_fetch_array($result))
285
  {
286
    array_push($private_array, $row['id']);
287
  }
288
 
289
  // if user is not an admin, locked categories can be considered as private$
290
  if ($user_status != 'admin')
291
  {
292
    $query = '
293
SELECT id
294
  FROM '.CATEGORIES_TABLE.'
295
  WHERE visible = \'false\'
296
;';
297
    $result = pwg_query($query);
298
    while ($row = mysql_fetch_array($result))
299
    {
300
      array_push($private_array, $row['id']);
301
    }
302
 
303
    $private_array = array_unique($private_array);
304
  }
305
 
306
  // retrieve category ids directly authorized to the user
307
  $query = '
308
SELECT cat_id
309
  FROM '.USER_ACCESS_TABLE.'
310
  WHERE user_id = '.$user_id.'
311
;';
312
  $result = pwg_query($query);
313
  while ($row = mysql_fetch_array($result))
314
  {
315
    array_push($authorized_array, $row['cat_id']);
316
  }
317
 
318
  // retrieve category ids authorized to the groups the user belongs to
319
  $query = '
320
SELECT cat_id
321
  FROM '.USER_GROUP_TABLE.' AS ug INNER JOIN '.GROUP_ACCESS_TABLE.' AS ga
322
    ON ug.group_id = ga.group_id
323
  WHERE ug.user_id = '.$user_id.'
324
;';
325
  $result = pwg_query($query);
326
  while ($row = mysql_fetch_array($result))
327
  {
328
    array_push($authorized_array, $row['cat_id']);
329
  }
330
 
331
  // uniquify ids : some private categories might be authorized for the
332
  // groups and for the user
333
  $authorized_array = array_unique($authorized_array);
334
 
335
  // only unauthorized private categories are forbidden
336
  $forbidden_array = array_diff($private_array, $authorized_array);
337
 
338
  $query = '
339
DELETE FROM '.USER_FORBIDDEN_TABLE.'
340
  WHERE user_id = '.$user_id.'
341
;';
342
  pwg_query($query);
343
 
344
  $forbidden_categories = implode(',', $forbidden_array);
345
 
346
  $query = '
347
INSERT INTO '.USER_FORBIDDEN_TABLE.'
348
  (user_id,need_update,forbidden_categories)
349
  VALUES
350
  ('.$user_id.',\'false\',\''.$forbidden_categories.'\')
351
;';
352
  pwg_query($query);
353
 
354
  return $forbidden_categories;
355
}
356
 
357
/**
358
 * returns the username corresponding to the given user identifier if exists
359
 *
360
 * @param int user_id
361
 * @return mixed
362
 */
363
function get_username($user_id)
364
{
365
  $query = '
366
SELECT username
367
  FROM '.USERS_TABLE.'
368
  WHERE id = '.intval($user_id).'
369
;';
370
  $result = pwg_query($query);
371
  if (mysql_num_rows($result) > 0)
372
  {
373
    list($username) = mysql_fetch_row($result);
374
  }
375
  else
376
  {
377
    return false;
378
  }
379
 
380
  return $username;
381
}
382
?>