aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2005-08-08 20:52:19 +0000
committerplegall <plg@piwigo.org>2005-08-08 20:52:19 +0000
commit273884a65274e2688df1b2d3dc37103a46117772 (patch)
tree6d0756672c6b415c38abea4c8ea831cdeb3673fb
parent8b97a8154ebb024c1c2610d82646e48b913721bc (diff)
- new : external authentication in another users table. Previous users table
is divided between users (common properties with any web application) and user_infos (phpwebgallery specific informations). External table and fields can be configured. - modification : profile.php is not reachable through administration anymore (not useful). - modification : in profile.php, current password is mandatory only if user tries to change his password. Username can't be changed. - deletion : of obsolete functions get_user_restrictions, update_user_restrictions, get_user_all_restrictions, is_user_allowed, update_user - modification : $user['forbidden_categories'] equals at least "-1" so that category_id NOT IN ($user['forbidden_categories']) can always be used. - modification : user_forbidden table becomes user_cache so that not only restriction informations can be stored in this table. git-svn-id: http://piwigo.org/svn/trunk@808 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--admin.php9
-rw-r--r--admin/cat_perm.php5
-rw-r--r--admin/include/functions.php243
-rw-r--r--admin/search.php2
-rw-r--r--admin/user_list.php56
-rw-r--r--category.php4
-rw-r--r--doc/ChangeLog25
-rw-r--r--feed.php20
-rw-r--r--identification.php8
-rw-r--r--include/common.inc.php41
-rw-r--r--include/config_default.inc.php25
-rw-r--r--include/constants.php8
-rw-r--r--include/functions.inc.php9
-rw-r--r--include/functions_category.inc.php22
-rw-r--r--include/functions_session.inc.php25
-rw-r--r--include/functions_user.inc.php349
-rw-r--r--include/user.inc.php116
-rw-r--r--install.php45
-rw-r--r--install/phpwebgallery_structure.sql30
-rw-r--r--profile.php257
-rw-r--r--register.php15
-rw-r--r--template/default/admin/user_list.tpl25
-rw-r--r--template/default/profile.tpl30
23 files changed, 633 insertions, 736 deletions
diff --git a/admin.php b/admin.php
index ba6e1dd77..d56602854 100644
--- a/admin.php
+++ b/admin.php
@@ -30,6 +30,13 @@ define('PHPWG_ROOT_PATH','./');
define('IN_ADMIN', true);
include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
+
+// +-----------------------------------------------------------------------+
+// | synchronize user informations |
+// +-----------------------------------------------------------------------+
+
+sync_users();
+
//--------------------------------------- validating page and creation of title
$page_valide = false;
$title = '';
@@ -323,7 +330,7 @@ include(PHPWG_ROOT_PATH.'include/page_tail.php');
// | order permission refreshment |
// +-----------------------------------------------------------------------+
$query = '
-UPDATE '.USER_FORBIDDEN_TABLE.'
+UPDATE '.USER_CACHE_TABLE.'
SET need_update = \'true\'
;';
pwg_query($query);
diff --git a/admin/cat_perm.php b/admin/cat_perm.php
index 73bd0d866..7580cd28c 100644
--- a/admin/cat_perm.php
+++ b/admin/cat_perm.php
@@ -258,9 +258,10 @@ foreach (array_diff(array_keys($groups), $group_granted_ids) as $group_id)
$users = array();
$query = '
-SELECT id, username
+SELECT '.$conf['user_fields']['id'].' AS id,
+ '.$conf['user_fields']['username'].' AS username
FROM '.USERS_TABLE.'
- WHERE id != 2
+ WHERE id != '.$conf['guest_id'].'
;';
$result = pwg_query($query);
while($row = mysql_fetch_array($result))
diff --git a/admin/include/functions.php b/admin/include/functions.php
index a02ab962f..2364ada41 100644
--- a/admin/include/functions.php
+++ b/admin/include/functions.php
@@ -332,6 +332,8 @@ DELETE FROM '.IMAGES_TABLE.'
// - calculated permissions linked to the user
function delete_user($user_id)
{
+ global $conf;
+
// destruction of the access linked to the user
$query = '
DELETE FROM '.USER_ACCESS_TABLE.'
@@ -367,10 +369,17 @@ DELETE FROM '.USER_FORBIDDEN_TABLE.'
;';
pwg_query($query);
+ // deletion of phpwebgallery specific informations
+ $query = '
+DELETE FROM '.USER_INFOS_TABLE.'
+ WHERE user_id = '.$user_id.'
+;';
+ pwg_query($query);
+
// destruction of the user
$query = '
DELETE FROM '.USERS_TABLE.'
- WHERE id = '.$user_id.'
+ WHERE '.$conf['user_fields']['id'].' = '.$user_id.'
;';
pwg_query($query);
}
@@ -553,165 +562,6 @@ function get_keywords( $keywords_string )
}
/**
- * returns an array with the ids of the restricted categories for the user
- *
- * Returns an array with the ids of the restricted categories for the
- * user. If the $check_invisible parameter is set to true, invisible
- * categorie are added to the restricted one in the array.
- *
- * @param int $user_id
- * @param string $user_status
- * @param bool $check_invisible
- * @param bool $use_groups
- * @return array
- */
-function get_user_restrictions( $user_id, $user_status,
- $check_invisible, $use_groups = true )
-{
- // 1. retrieving ids of private categories
- $query = 'SELECT id FROM '.CATEGORIES_TABLE;
- $query.= " WHERE status = 'private'";
- $query.= ';';
- $result = pwg_query( $query );
- $privates = array();
- while ( $row = mysql_fetch_array( $result ) )
- {
- array_push( $privates, $row['id'] );
- }
- // 2. retrieving all authorized categories for the user
- $authorized = array();
- // 2.1. retrieving authorized categories thanks to personnal user
- // authorization
- $query = 'SELECT cat_id FROM '.USER_ACCESS_TABLE;
- $query.= ' WHERE user_id = '.$user_id;
- $query.= ';';
- $result = pwg_query( $query );
- while ( $row = mysql_fetch_array( $result ) )
- {
- array_push( $authorized, $row['cat_id'] );
- }
- // 2.2. retrieving authorized categories thanks to group authorization to
- // which the user is a member
- if ( $use_groups )
- {
- $query = 'SELECT ga.cat_id';
- $query.= ' FROM '.USER_GROUP_TABLE.' as ug';
- $query.= ', '.GROUP_ACCESS_TABLE.' as ga';
- $query.= ' WHERE ug.group_id = ga.group_id';
- $query.= ' AND ug.user_id = '.$user_id;
- $query.= ';';
- $result = pwg_query( $query );
- while ( $row = mysql_fetch_array( $result ) )
- {
- array_push( $authorized, $row['cat_id'] );
- }
- $authorized = array_unique( $authorized );
- }
-
- $forbidden = array();
- foreach ( $privates as $private ) {
- if ( !in_array( $private, $authorized ) )
- {
- array_push( $forbidden, $private );
- }
- }
-
- if ( $check_invisible )
- {
- // 3. adding to the restricted categories, the invisible ones
- if ( $user_status != 'admin' )
- {
- $query = 'SELECT id FROM '.CATEGORIES_TABLE;
- $query.= " WHERE visible = 'false';";
- $result = pwg_query( $query );
- while ( $row = mysql_fetch_array( $result ) )
- {
- array_push( $forbidden, $row['id'] );
- }
- }
- }
- return array_unique( $forbidden );
-}
-
-/**
- * updates the calculated data users.forbidden_categories, it includes
- * sub-categories of the direct forbidden categories
- *
- * @param nt $user_id
- * @return array
- */
-function update_user_restrictions( $user_id )
-{
- $restrictions = get_user_all_restrictions( $user_id );
-
- // update the users.forbidden_categories in database
- $query = 'UPDATE '.USERS_TABLE;
- $query.= ' SET forbidden_categories = ';
- if ( count( $restrictions ) > 0 )
- $query.= "'".implode( ',', $restrictions )."'";
- else
- $query.= 'NULL';
- $query .= ' WHERE id = '.$user_id;
- $query.= ';';
- pwg_query( $query );
-
- return $restrictions;
-}
-
-/**
- * returns all the restricted categories ids including sub-categories
- *
- * @param int $user_id
- * @return array
- */
-function get_user_all_restrictions( $user_id )
-{
- global $page;
-
- $query = 'SELECT status';
- $query.= ' FROM '.USERS_TABLE;
- $query.= ' WHERE id = '.$user_id;
- $query.= ';';
- $row = mysql_fetch_array( pwg_query( $query ) );
-
- $base_restrictions=get_user_restrictions($user_id,$row['status'],true,true);
-
- $restrictions = $base_restrictions;
- foreach ( $base_restrictions as $category_id ) {
- echo $category_id.' is forbidden to user '.$user_id.'<br />';
- $restrictions =
- array_merge( $restrictions,
- $page['plain_structure'][$category_id]['all_subcats_ids'] );
- }
-
- return array_unique( $restrictions );
-}
-
-// The function is_user_allowed returns :
-// - 0 : if the category is allowed with this $restrictions array
-// - 1 : if this category is not allowed
-// - 2 : if an uppercat category is not allowed
-// Note : the restrictions array must represent ONLY direct forbidden
-// categories, not all forbidden categories
-function is_user_allowed( $category_id, $restrictions )
-{
- if ( in_array( $category_id, $restrictions ) ) return 1;
-
- $query = 'SELECT uppercats';
- $query.= ' FROM '.CATEGORIES_TABLE;
- $query.= ' WHERE id = '.$category_id;
- $query.= ';';
- $row = mysql_fetch_array( pwg_query( $query ) );
- $uppercats = explode( ',', $row['uppercats'] );
- foreach ( $uppercats as $category_id ) {
- if ( in_array( $category_id, $restrictions ) ) return 2;
- }
-
- // no restriction found : the user is allowed to access this category
- return 0;
-}
-
-/**
* returns an array containing sub-directories which can be a category
*
* directories nammed "thumbnail", "pwg_high" or "pwg_representative" are
@@ -842,8 +692,8 @@ function mass_updates($tablename, $dbfields, $datas)
// depending on the MySQL version, we use the multi table update or N
// update queries
$query = 'SELECT VERSION() AS version;';
- $row = mysql_fetch_array(pwg_query($query));
- if (count($datas) < 10 or version_compare($row['version'],'4.0.4') < 0)
+ list($mysql_version) = mysql_fetch_array(pwg_query($query));
+ if (count($datas) < 10 or version_compare($mysql_version, '4.0.4') < 0)
{
// MySQL is prior to version 4.0.4, multi table update feature is not
// available
@@ -1334,4 +1184,73 @@ function micro_seconds()
$t2 = $t1[1].substr($t2[1], 0, 6);
return $t2;
}
+
+/**
+ * compares and synchronizes USERS_TABLE and USER_INFOS_TABLE : each user in
+ * USERS_TABLE must be present in USER_INFOS_TABLE.
+ */
+function sync_users()
+{
+ global $conf;
+
+ $query = '
+SELECT '.$conf['user_fields']['id'].' AS id
+ FROM '.USERS_TABLE.'
+;';
+ $base_users = array_from_query($query, 'id');
+
+ $query = '
+SELECT user_id
+ FROM '.USER_INFOS_TABLE.'
+;';
+ $infos_users = array_from_query($query, 'user_id');
+
+ // users present in $base_users and not in $infos_users must be added
+ $to_create = array_diff($base_users, $infos_users);
+
+ if (count($to_create) > 0)
+ {
+ $inserts = array();
+
+ list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();'));
+
+ foreach ($to_create as $user_id)
+ {
+ $insert = array();
+ $insert['user_id'] = $user_id;
+ $insert['status'] = 'guest';
+ $insert['template'] = $conf['default_template'];
+ $insert['nb_image_line'] = $conf['nb_image_line'];
+ $insert['nb_line_page'] = $conf['nb_line_page'];
+ $insert['language'] = $conf['default_language'];
+ $insert['recent_period'] = $conf['recent_period'];
+ $insert['feed_id'] = find_available_feed_id();
+ $insert['expand'] = boolean_to_string($conf['auto_expand']);
+ $insert['show_nb_comments'] =
+ boolean_to_string($conf['show_nb_comments']);
+ $insert['maxwidth'] = $conf['default_maxwidth'];
+ $insert['maxheight'] = $conf['default_maxheight'];
+ $insert['registration_date'] = $dbnow;
+
+ array_push($inserts, $insert);
+ }
+
+ mass_inserts(USER_INFOS_TABLE,
+ array_keys($inserts[0]),
+ $inserts);
+ }
+
+ // users present in $infos_users and not in $base_users must be deleted
+ $to_delete = array_diff($infos_users, $base_users);
+
+ if (count($to_delete) > 0)
+ {
+ $query = '
+DELETE
+ FROM '.USER_INFOS_TABLE.'
+ WHERE user_id in ('.implode(',', $to_delete).')
+;';
+ pwg_query($query);
+ }
+}
?>
diff --git a/admin/search.php b/admin/search.php
index e6eab6258..482d6afbc 100644
--- a/admin/search.php
+++ b/admin/search.php
@@ -73,7 +73,7 @@ if ( !empty($search_match) )
$sql = "SELECT username
FROM " . USERS_TABLE . "
WHERE username LIKE '" . str_replace("\'", "''", $username_search) . "'
- AND id <> ".ANONYMOUS."
+ AND id <> ".$conf['guest_id']."
ORDER BY username";
if ( !($result = pwg_query($sql)) )
{
diff --git a/admin/user_list.php b/admin/user_list.php
index 9ffc84e10..aa1bbff22 100644
--- a/admin/user_list.php
+++ b/admin/user_list.php
@@ -45,10 +45,7 @@ include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
if (isset($_POST['submit_add']))
{
- $page['errors'] = register_user($_POST['login'],
- $_POST['password'],
- $_POST['password'],
- '');
+ $page['errors'] = register_user($_POST['login'], $_POST['password'], '');
}
// +-----------------------------------------------------------------------+
@@ -66,7 +63,7 @@ if (isset($_POST['pref_submit']))
$query = '
SELECT id
FROM '.USERS_TABLE.'
- WHERE id != 2
+ WHERE id != '.$conf['guest_id'].'
;';
$collection = array_from_query($query, 'id');
break;
@@ -123,7 +120,7 @@ DELETE FROM '.USER_GROUP_TABLE.'
// properties to set for the collection (a user list)
$datas = array();
- $dbfields = array('primary' => array('id'), 'update' => array());
+ $dbfields = array('primary' => array('user_id'), 'update' => array());
$formfields =
array('nb_image_line', 'nb_line_page', 'template', 'language',
@@ -146,7 +143,7 @@ DELETE FROM '.USER_GROUP_TABLE.'
foreach ($collection as $user_id)
{
$data = array();
- $data['id'] = $user_id;
+ $data['user_id'] = $user_id;
// TODO : verify if submited values are semanticaly correct
foreach ($dbfields['update'] as $dbfield)
@@ -168,7 +165,7 @@ DELETE FROM '.USER_GROUP_TABLE.'
array_push($datas, $data);
}
- mass_updates(USERS_TABLE, $dbfields, $datas);
+ mass_updates(USER_INFOS_TABLE, $dbfields, $datas);
}
}
else
@@ -202,7 +199,7 @@ $template->set_filenames(array('user_list'=>'admin/user_list.tpl'));
$base_url = add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_list');
-$conf['users_page'] = 10;
+$conf['users_page'] = 20;
if (isset($_GET['start']) and is_numeric($_GET['start']))
{
@@ -317,7 +314,7 @@ $template->assign_block_vars(
'SELECTED' => ''
));
-foreach (get_enums(USERS_TABLE, 'status') as $status)
+foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
{
$selected = (isset($_GET['status']) and $_GET['status'] == $status) ?
'selected="selected"' : '';
@@ -432,7 +429,7 @@ foreach (get_languages() as $language_code => $language_name)
$blockname = 'pref_status_option';
-foreach (get_enums(USERS_TABLE, 'status') as $status)
+foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
{
if (isset($_POST['pref_submit']))
{
@@ -550,7 +547,7 @@ if (isset($_GET['group'])
}
if (isset($_GET['status'])
- and in_array($_GET['status'], get_enums(USERS_TABLE, 'status')))
+ and in_array($_GET['status'], get_enums(USER_INFOS_TABLE, 'status')))
{
$filter['status'] = $_GET['status'];
}
@@ -560,23 +557,27 @@ if (isset($_GET['status'])
// +-----------------------------------------------------------------------+
$query = '
-SELECT COUNT(DISTINCT(id))
- FROM '.USERS_TABLE.' LEFT JOIN '.USER_GROUP_TABLE.' ON id = user_id
- WHERE id != 2';
+SELECT COUNT(DISTINCT u.'.$conf['user_fields']['id'].')
+ FROM '.USERS_TABLE.' AS u
+ INNER JOIN '.USER_INFOS_TABLE.' AS ui
+ ON u.'.$conf['user_fields']['id'].' = ui.user_id
+ LEFT JOIN '.USER_GROUP_TABLE.' AS ug
+ ON u.'.$conf['user_fields']['id'].' = ug.user_id
+ WHERE u.'.$conf['user_fields']['id'].' != '.$conf['guest_id'];
if (isset($filter['username']))
{
$query.= '
- AND username LIKE \''.$filter['username'].'\'';
+ AND u.'.$conf['user_fields']['username'].' LIKE \''.$filter['username'].'\'';
}
if (isset($filter['group']))
{
$query.= '
- AND group_id = '.$filter['group'];
+ AND ug.group_id = '.$filter['group'];
}
if (isset($filter['status']))
{
$query.= '
- AND status = \''.$filter['status']."'";
+ AND ui.status = \''.$filter['status']."'";
}
$query.= '
;';
@@ -617,9 +618,16 @@ if (isset($_GET['direction'])
}
$query = '
-SELECT DISTINCT(id), username, mail_address, status
- FROM '.USERS_TABLE.' LEFT JOIN '.USER_GROUP_TABLE.' ON id = user_id
- WHERE id != 2';
+SELECT DISTINCT u.'.$conf['user_fields']['id'].' AS id,
+ u.'.$conf['user_fields']['username'].' AS username,
+ u.'.$conf['user_fields']['email'].' AS email,
+ ui.status
+ FROM '.USERS_TABLE.' AS u
+ INNER JOIN '.USER_INFOS_TABLE.' AS ui
+ ON u.'.$conf['user_fields']['id'].' = ui.user_id
+ LEFT JOIN '.USER_GROUP_TABLE.' AS ug
+ ON u.'.$conf['user_fields']['id'].' = ug.user_id
+ WHERE id != '.$conf['guest_id'];
if (isset($filter['username']))
{
$query.= '
@@ -628,12 +636,12 @@ if (isset($filter['username']))
if (isset($filter['group']))
{
$query.= '
- AND group_id = '.$filter['group'];
+ AND ug.group_id = '.$filter['group'];
}
if (isset($filter['status']))
{
$query.= '
- AND status = \''.$filter['status']."'";
+ AND ui.status = \''.$filter['status']."'";
}
$query.= '
ORDER BY '.$order_by.' '.$direction.'
@@ -687,7 +695,7 @@ SELECT user_id, group_id
'U_PERM'=>add_session_id($perm_url.$item['id']),
'USERNAME'=>$item['username'],
'STATUS'=>$lang['user_status_'.$item['status']],
- 'EMAIL'=>isset($item['mail_address']) ? $item['mail_address'] : '',
+ 'EMAIL'=>isset($item['email']) ? $item['email'] : '',
'GROUPS'=>$groups_string
));
}
diff --git a/category.php b/category.php
index bc93cdb38..81db39d09 100644
--- a/category.php
+++ b/category.php
@@ -171,7 +171,7 @@ $template->assign_vars(array(
'U_REGISTER' => add_session_id( PHPWG_ROOT_PATH.'register.php' ),
'U_LOGOUT' => PHPWG_ROOT_PATH.'category.php?act=logout',
'U_ADMIN'=>add_session_id( PHPWG_ROOT_PATH.'admin.php' ),
- 'U_PROFILE'=>add_session_id(PHPWG_ROOT_PATH.'profile.php?'.str_replace( '&', '&amp;', $_SERVER['QUERY_STRING'] )),
+ 'U_PROFILE'=>add_session_id(PHPWG_ROOT_PATH.'profile.php'),
'U_CADDIE'=>add_session_id(PHPWG_ROOT_PATH.'category.php'.get_query_string_diff(array('caddie')).'&amp;caddie=1')
)
);
@@ -311,7 +311,7 @@ $template->assign_block_vars(
'TITLE'=>l10n('RSS notification feed'),
'NAME'=>l10n('Notification feed'),
'U_SUMMARY'=>
- 'feed.php'.(ANONYMOUS != $user['id'] ? '?feed='.$user['feed_id'] : '')
+ 'feed.php'.($user['is_the_guest'] ? '?feed='.$user['feed_id'] : '')
));
//------------------------------------------------------ main part : thumbnails
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 2d03a1fbf..eca7006ff 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,28 @@
+2005-08-08 Pierrick LE GALL
+
+ * new : external authentication in another users table. Previous
+ users table is divided between users (common properties with any
+ web application) and user_infos (phpwebgallery specific
+ informations). External table and fields can be configured.
+
+ * modification : profile.php is not reachable through
+ administration anymore (not useful).
+
+ * modification : in profile.php, current password is mandatory
+ only if user tries to change his password. Username can't be
+ changed.
+
+ * deletion : of obsolete functions get_user_restrictions,
+ update_user_restrictions, get_user_all_restrictions,
+ is_user_allowed, update_user
+
+ * modification : $user['forbidden_categories'] equals at least
+ "-1" so that category_id NOT IN ($user['forbidden_categories'])
+ can always be used.
+
+ * modification : user_forbidden table becomes user_cache so that
+ not only restriction informations can be stored in this table.
+
2005-07-17 Pierrick LE GALL
* improvement : in admin/element_set_global, javascript is not
diff --git a/feed.php b/feed.php
index 40c833e02..32c492032 100644
--- a/feed.php
+++ b/feed.php
@@ -130,12 +130,12 @@ SELECT DISTINCT category_id
function new_users($start, $end)
{
$query = '
-SELECT id
- FROM '.USERS_TABLE.'
+SELECT user_id
+ FROM '.USER_INFOS_TABLE.'
WHERE registration_date > \''.$start.'\'
AND registration_date <= \''.$end.'\'
;';
- return array_from_query($query, 'id');
+ return array_from_query($query, 'user_id');
}
/**
@@ -268,15 +268,17 @@ if (isset($_GET['feed'])
and preg_match('/^[A-Za-z0-9]{50}$/', $_GET['feed']))
{
$query = '
-SELECT id, status, last_feed_check
- FROM '.USERS_TABLE.'
+SELECT user_id AS id,
+ status,
+ last_feed_check
+ FROM '.USER_INFOS_TABLE.'
WHERE feed_id = \''.$_GET['feed'].'\'
;';
$user = mysql_fetch_array(pwg_query($query));
}
else
{
- $user = array('id' => ANONYMOUS,
+ $user = array('id' => $conf['guest_id'],
'status' => 'guest');
}
@@ -300,7 +302,7 @@ $rss->link = 'http://phpwebgallery.net';
// | Feed creation |
// +-----------------------------------------------------------------------+
-if (ANONYMOUS != $user['id'])
+if ($conf['guest_id'] != $user['id'])
{
$news = news($user['last_feed_check'], $dbnow);
@@ -330,9 +332,9 @@ if (ANONYMOUS != $user['id'])
}
$query = '
-UPDATE '.USERS_TABLE.'
+UPDATE '.USER_INFOS_TABLE.'
SET last_feed_check = \''.$dbnow.'\'
- WHERE id = '.$user['id'].'
+ WHERE user_id = '.$user['id'].'
;';
pwg_query($query);
}
diff --git a/identification.php b/identification.php
index 5b7a776ef..2301934dd 100644
--- a/identification.php
+++ b/identification.php
@@ -33,14 +33,16 @@ include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
$errors = array();
if (isset($_POST['login']))
{
+ $username = mysql_escape_string($_POST['username']);
// retrieving the encrypted password of the login submitted
$query = '
-SELECT id, password
+SELECT '.$conf['user_fields']['id'].' AS id,
+ '.$conf['user_fields']['password'].' AS password
FROM '.USERS_TABLE.'
- WHERE username = \''.$_POST['username'].'\'
+ WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
;';
$row = mysql_fetch_array(pwg_query($query));
- if ($row['password'] == md5($_POST['password']))
+ if ($row['password'] == $conf['pass_convert']($_POST['password']))
{
$session_length = $conf['session_length'];
if ($conf['authorize_remembering']
diff --git a/include/common.inc.php b/include/common.inc.php
index a57e00641..afed22c87 100644
--- a/include/common.inc.php
+++ b/include/common.inc.php
@@ -120,9 +120,9 @@ if (!defined('PHPWG_INSTALLED'))
exit;
}
-include(PHPWG_ROOT_PATH . 'include/constants.php');
include(PHPWG_ROOT_PATH . 'include/config_default.inc.php');
@include(PHPWG_ROOT_PATH. 'include/config_local.inc.php');
+include(PHPWG_ROOT_PATH . 'include/constants.php');
include(PHPWG_ROOT_PATH . 'include/functions.inc.php');
include(PHPWG_ROOT_PATH . 'include/template.php');
@@ -164,4 +164,43 @@ while ( $row =mysql_fetch_array( $result ) )
}
include(PHPWG_ROOT_PATH.'include/user.inc.php');
+
+// language files
+$user_langdir = PHPWG_ROOT_PATH.'language/'.$user['language'];
+$conf_langdir = PHPWG_ROOT_PATH.'language/'.$conf['default_language'];
+
+if (file_exists($user_langdir.'/common.lang.php'))
+{
+ include_once($user_langdir.'/common.lang.php');
+}
+else
+{
+ include_once($conf_langdir.'/common.lang.php');
+}
+
+// The administration section requires 2 more language files
+if (defined('IN_ADMIN') and IN_ADMIN)
+{
+ foreach (array('admin', 'faq') as $section)
+ {
+ if (file_exists($user_langdir.'/'.$section.'.lang.php'))
+ {
+ include_once($user_langdir.'/'.$section.'.lang.php');
+ }
+ else
+ {
+ include_once($conf_langdir.'/'.$section.'.lang.php');
+ }
+ }
+}
+
+// only now we can set the localized username of the guest user (and not in
+// include/user.inc.php)
+if ($user['is_the_guest'])
+{
+ $user['username'] = $lang['guest'];
+}
+
+// template instance
+$template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template']);
?>
diff --git a/include/config_default.inc.php b/include/config_default.inc.php
index 8debb63f0..d641223da 100644
--- a/include/config_default.inc.php
+++ b/include/config_default.inc.php
@@ -227,4 +227,29 @@ $conf['show_picture_name_on_title'] = true;
// apache_authentication : use Apache authentication as reference instead of
// users table ?
$conf['apache_authentication'] = false;
+
+// debug_l10n : display a warning message each time an unset language key is
+// accessed
+$conf['debug_l10n'] = false;
+
+// users_table : which table is the reference for users ? Can be a different
+// table than PhpWebGallery table
+$conf['users_table'] = $prefixeTable.'users';
+
+// user_fields : mapping between generic field names and table specific
+// field names. For example, in PWG, the mail address is names
+// "mail_address" and in punbb, it's called "email".
+$conf['user_fields'] = array(
+ 'id' => 'id',
+ 'username' => 'username',
+ 'password' => 'password',
+ 'email' => 'mail_address'
+ );
+
+// pass_convert : function to crypt or hash the clear user password to store
+// it in the database
+$conf['pass_convert'] = create_function('$s', 'return md5($s);');
+
+// guest_id : id of the anonymous user
+$conf['guest_id'] = 2;
?>
diff --git a/include/constants.php b/include/constants.php
index 75764f1a5..258583305 100644
--- a/include/constants.php
+++ b/include/constants.php
@@ -30,9 +30,6 @@ define('PHPWG_VERSION', '%PWGVERSION%');
define('PHPWG_URL', 'http://www.phpwebgallery.net');
define('PHPWG_FORUM_URL', 'http://forum.phpwebgallery.net');
-// User level
-define('ANONYMOUS', 2);
-
// Error codes
define('GENERAL_MESSAGE', 200);
define('GENERAL_ERROR', 202);
@@ -53,10 +50,11 @@ define('SESSIONS_TABLE', $prefixeTable.'sessions');
define('SITES_TABLE', $prefixeTable.'sites');
define('USER_ACCESS_TABLE', $prefixeTable.'user_access');
define('USER_GROUP_TABLE', $prefixeTable.'user_group');
-define('USERS_TABLE', $prefixeTable.'users');
+define('USERS_TABLE', $conf['users_table']);
+define('USER_INFOS_TABLE', $prefixeTable.'user_infos');
define('WAITING_TABLE', $prefixeTable.'waiting');
define('IMAGE_METADATA_TABLE', $prefixeTable.'image_metadata');
define('RATE_TABLE', $prefixeTable.'rate');
-define('USER_FORBIDDEN_TABLE', $prefixeTable.'user_forbidden');
+define('USER_CACHE_TABLE', $prefixeTable.'user_cache');
define('CADDIE_TABLE', $prefixeTable.'caddie');
?>
diff --git a/include/functions.inc.php b/include/functions.inc.php
index 2b1668de9..8a3a1f116 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -774,8 +774,13 @@ function get_name_from_file($filename)
*/
function l10n($key)
{
- global $lang;
+ global $lang, $conf;
- return (isset($lang[$key])) ? $lang[$key] : $key;
+ if ($conf['debug_l10n'])
+ {
+ echo '[l10n] language key "'.$key.'" is not defined<br />';
+ }
+
+ return isset($lang[$key]) ? $lang[$key] : $key;
}
?>
diff --git a/include/functions_category.inc.php b/include/functions_category.inc.php
index 383c0fa5d..005452db1 100644
--- a/include/functions_category.inc.php
+++ b/include/functions_category.inc.php
@@ -40,11 +40,11 @@
* @param int category id to verify
* @return void
*/
-function check_restrictions( $category_id )
+function check_restrictions($category_id)
{
- global $user,$lang;
+ global $user, $lang;
- if ( in_array( $category_id, $user['restrictions'] ) )
+ if (in_array($category_id, explode(',', $user['forbidden_categories'])))
{
echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />';
echo '<a href="'.add_session_id( './category.php' ).'">';
@@ -167,18 +167,12 @@ function count_user_total_images()
$query = '
SELECT COUNT(DISTINCT(image_id)) as total
- FROM '.IMAGE_CATEGORY_TABLE;
- if (count($user['restrictions']) > 0)
- {
- $query.= '
- WHERE category_id NOT IN ('.$user['forbidden_categories'].')';
- }
- $query.= '
+ FROM '.IMAGE_CATEGORY_TABLE.'
+ WHERE category_id NOT IN ('.$user['forbidden_categories'].')
;';
-
- $row = mysql_fetch_array(pwg_query($query));
-
- return isset($row['total']) ? $row['total'] : 0;
+ list($total) = mysql_fetch_array(pwg_query($query));
+
+ return $total;
}
/**
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index b2509e1c1..8a3bb911c 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -109,28 +109,23 @@ function add_session_id( $url, $redirect = false )
{
global $page, $user, $conf;
- if ( $user['has_cookie'] or $conf['apache_authentication']) return $url;
-
- $amp = '&amp;';
- if ( $redirect )
+ if ($user['is_the_guest']
+ or $user['has_cookie']
+ or $conf['apache_authentication'])
{
- $amp = '&';
+ return $url;
}
- if ( !$user['is_the_guest'] )
+
+ if (preg_match('/\.php\?/', $url))
{
- if ( preg_match( '/\.php\?/',$url ) )
- {
- return $url.$amp.'id='.$page['session_id'];
- }
- else
- {
- return $url.'?id='.$page['session_id'];
- }
+ $separator = $redirect ? '&' : '&amp;';
}
else
{
- return $url;
+ $separator = '?';
}
+
+ return $url.$separator.'id='.$page['session_id'];
}
// cookie_path returns the path to use for the PhpWebGallery cookie.
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 1a2709254..0147dcac5 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -45,16 +45,11 @@ function validate_mail_address( $mail_address )
}
}
-function register_user($login, $password, $password_conf,
- $mail_address, $status = 'guest')
+function register_user($login, $password, $mail_address)
{
global $lang, $conf;
$errors = array();
- // login must not
- // 1. be empty
- // 2. start ou end with space character
- // 4. be already used
if ($login == '')
{
array_push($errors, $lang['reg_err_login1']);
@@ -67,121 +62,33 @@ function register_user($login, $password, $password_conf,
{
array_push($errors, $lang['reg_err_login3']);
}
-
- $query = '
-SELECT id
- FROM '.USERS_TABLE.'
- WHERE username = \''.mysql_escape_string($login).'\'
-;';
- $result = pwg_query($query);
- if (mysql_num_rows($result) > 0)
+ if (get_userid($login))
{
array_push($errors, $lang['reg_err_login5']);
}
-
- // given password must be the same as the confirmation
- if ($password != $password_conf)
+ $mail_error = validate_mail_address($mail_address);
+ if ('' != $mail_error)
{
- array_push($errors, $lang['reg_err_pass']);
- }
-
- $error_mail_address = validate_mail_address($mail_address);
- if ($error_mail_address != '')
- {
- array_push($errors, $error_mail_address);
+ array_push($errors, $mail_error);
}
// if no error until here, registration of the user
if (count($errors) == 0)
{
- $insert = array();
- $insert['username'] = mysql_escape_string($login);
- $insert['password'] = md5($password);
- $insert['status'] = $status;
- $insert['template'] = $conf['default_template'];
- $insert['nb_image_line'] = $conf['nb_image_line'];
- $insert['nb_line_page'] = $conf['nb_line_page'];
- $insert['language'] = $conf['default_language'];
- $insert['recent_period'] = $conf['recent_period'];
- $insert['feed_id'] = find_available_feed_id();
- $insert['expand'] = boolean_to_string($conf['auto_expand']);
- $insert['show_nb_comments'] = boolean_to_string($conf['show_nb_comments']);
- if ( $mail_address != '' )
- {
- $insert['mail_address'] = $mail_address;
- }
- if ($conf['default_maxwidth'] != '')
- {
- $insert['maxwidth'] = $conf['default_maxwidth'];
- }
- if ($conf['default_maxheight'] != '')
- {
- $insert['maxheight'] = $conf['default_maxheight'];
- }
+ $insert =
+ array(
+ $conf['user_fields']['username'] => mysql_escape_string($login),
+ $conf['user_fields']['password'] => $conf['pass_convert']($password),
+ $conf['user_fields']['email'] => $mail_address
+ );
- $query = '
-INSERT INTO '.USERS_TABLE.'
- ('.implode(',', array_keys($insert)).')
- VALUES
- (';
- $is_first = true;
- foreach (array_keys($insert) as $field)
- {
- if (!$is_first)
- {
- $query.= ',';
- }
- $query.= "'".$insert[$field]."'";
- $is_first = false;
- }
- $query.= ')
-;';
- pwg_query($query);
-
- $query = '
-UPDATE '.USERS_TABLE.'
- SET registration_date = NOW()
- WHERE id = '.mysql_insert_id().'
-;';
- pwg_query($query);
+ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+ mass_inserts(USERS_TABLE, array_keys($insert), array($insert));
+
+ create_user_infos(mysql_insert_id());
}
- return $errors;
-}
-
-function update_user( $user_id, $mail_address, $status,
- $use_new_password = false, $password = '' )
-{
- $error = array();
- $i = 0;
- $error_mail_address = validate_mail_address( $mail_address );
- if ( $error_mail_address != '' )
- {
- $error[$i++] = $error_mail_address;
- }
-
- if ( sizeof( $error ) == 0 )
- {
- $query = 'UPDATE '.USERS_TABLE;
- $query.= " SET status = '".$status."'";
- if ( $use_new_password )
- {
- $query.= ", password = '".md5( $password )."'";
- }
- $query.= ', mail_address = ';
- if ( $mail_address != '' )
- {
- $query.= "'".$mail_address."'";
- }
- else
- {
- $query.= 'NULL';
- }
- $query.= ' WHERE id = '.$user_id;
- $query.= ';';
- pwg_query( $query );
- }
- return $error;
+ return $errors;
}
function check_login_authorization($guest_allowed = true)
@@ -212,13 +119,107 @@ function setup_style($style)
return new Template(PHPWG_ROOT_PATH.'template/'.$style);
}
-function getuserdata($user)
+/**
+ * find informations related to the user identifier
+ *
+ * @param int user identifier
+ * @param boolean use_cache
+ * @param array
+ */
+function getuserdata($user_id, $use_cache)
{
- $sql = "SELECT * FROM " . USERS_TABLE;
- $sql.= " WHERE ";
- $sql .= ( ( is_integer($user) ) ? "id = $user" : "username = '" . str_replace("\'", "''", $user) . "'" ) . " AND id <> " . ANONYMOUS;
- $result = pwg_query($sql);
- return ( $row = mysql_fetch_array($result) ) ? $row : false;
+ global $conf;
+
+ $userdata = array();
+
+ $query = '
+SELECT ';
+ $is_first = true;
+ foreach ($conf['user_fields'] as $pwgfield => $dbfield)
+ {
+ if ($is_first)
+ {
+ $is_first = false;
+ }
+ else
+ {
+ $query.= '
+ , ';
+ }
+ $query.= $dbfield.' AS '.$pwgfield;
+ }
+ $query.= '
+ FROM '.USERS_TABLE.'
+ WHERE '.$conf['user_fields']['id'].' = \''.$user_id.'\'
+;';
+
+ $row = mysql_fetch_array(pwg_query($query));
+
+ while (true)
+ {
+ $query = '
+SELECT ui.*, uc.*
+ FROM '.USER_INFOS_TABLE.' AS ui LEFT JOIN '.USER_CACHE_TABLE.' AS uc
+ ON ui.user_id = uc.user_id
+ WHERE ui.user_id = \''.$user_id.'\'
+;';
+ $result = pwg_query($query);
+ if (mysql_num_rows($result) > 0)
+ {
+ break;
+ }
+ else
+ {
+ create_user_infos($user_id);
+ }
+ }
+
+ $row = array_merge($row, mysql_fetch_array($result));
+
+ foreach ($row as $key => $value)
+ {
+ if (!is_numeric($key))
+ {
+ // If the field is true or false, the variable is transformed into a
+ // boolean value.
+ if ($value == 'true' or $value == 'false')
+ {
+ $userdata[$key] = get_boolean($value);
+ }
+ else
+ {
+ $userdata[$key] = $value;
+ }
+ }
+ }
+
+ if ($use_cache)
+ {
+ if (!isset($userdata['need_update'])
+ or !is_bool($userdata['need_update'])
+ or $userdata['need_update'] == true)
+ {
+ $userdata['forbidden_categories'] =
+ calculate_permissions($userdata['id'], $userdata['status']);
+
+ // update user cache
+ $query = '
+DELETE FROM '.USER_CACHE_TABLE.'
+ WHERE user_id = '.$userdata['id'].'
+;';
+ pwg_query($query);
+
+ $query = '
+INSERT INTO '.USER_CACHE_TABLE.'
+ (user_id,need_update,forbidden_categories)
+ VALUES
+ ('.$userdata['id'].',\'false\',\''.$userdata['forbidden_categories'].'\')
+;';
+ pwg_query($query);
+ }
+ }
+
+ return $userdata;
}
/*
@@ -261,11 +262,12 @@ DELETE FROM '.FAVORITES_TABLE.'
}
/**
- * update table user_forbidden for the given user
+ * calculates the list of forbidden categories for a given user
*
- * table user_forbidden contains calculated data. Calculation is based on
- * private categories minus categories authorized to the groups the user
- * belongs to minus the categories directly authorized to the user
+ * Calculation is based on private categories minus categories authorized to
+ * the groups the user belongs to minus the categories directly authorized
+ * to the user. The list contains at least -1 to be compliant with queries
+ * such as "WHERE category_id NOT IN ($forbidden_categories)"
*
* @param int user_id
* @param string user_status
@@ -310,11 +312,7 @@ SELECT cat_id
FROM '.USER_ACCESS_TABLE.'
WHERE user_id = '.$user_id.'
;';
- $result = pwg_query($query);
- while ($row = mysql_fetch_array($result))
- {
- array_push($authorized_array, $row['cat_id']);
- }
+ $authorized_array = array_from_query($query, 'cat_id');
// retrieve category ids authorized to the groups the user belongs to
$query = '
@@ -323,11 +321,11 @@ SELECT cat_id
ON ug.group_id = ga.group_id
WHERE ug.user_id = '.$user_id.'
;';
- $result = pwg_query($query);
- while ($row = mysql_fetch_array($result))
- {
- array_push($authorized_array, $row['cat_id']);
- }
+ $authorized_array =
+ array_merge(
+ $authorized_array,
+ array_from_query($query, 'cat_id')
+ );
// uniquify ids : some private categories might be authorized for the
// groups and for the user
@@ -336,23 +334,12 @@ SELECT cat_id
// only unauthorized private categories are forbidden
$forbidden_array = array_diff($private_array, $authorized_array);
- $query = '
-DELETE FROM '.USER_FORBIDDEN_TABLE.'
- WHERE user_id = '.$user_id.'
-;';
- pwg_query($query);
-
- $forbidden_categories = implode(',', $forbidden_array);
+ // at least, the list contains -1 values. This category does not exists so
+ // where clauses such as "WHERE category_id NOT IN(-1)" will always be
+ // true.
+ array_push($forbidden_array, '-1');
- $query = '
-INSERT INTO '.USER_FORBIDDEN_TABLE.'
- (user_id,need_update,forbidden_categories)
- VALUES
- ('.$user_id.',\'false\',\''.$forbidden_categories.'\')
-;';
- pwg_query($query);
-
- return $forbidden_categories;
+ return implode(',', $forbidden_array);
}
/**
@@ -363,10 +350,12 @@ INSERT INTO '.USER_FORBIDDEN_TABLE.'
*/
function get_username($user_id)
{
+ global $conf;
+
$query = '
-SELECT username
+SELECT '.$conf['user_fields']['username'].'
FROM '.USERS_TABLE.'
- WHERE id = '.intval($user_id).'
+ WHERE '.$conf['user_fields']['id'].' = '.intval($user_id).'
;';
$result = pwg_query($query);
if (mysql_num_rows($result) > 0)
@@ -382,6 +371,36 @@ SELECT username
}
/**
+ * returns user identifier thanks to his name, false if not found
+ *
+ * @param string username
+ * @param int user identifier
+ */
+function get_userid($username)
+{
+ global $conf;
+
+ $username = mysql_escape_string($username);
+
+ $query = '
+SELECT '.$conf['user_fields']['id'].'
+ FROM '.USERS_TABLE.'
+ WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
+;';
+ $result = pwg_query($query);
+
+ if (mysql_num_rows($result) == 0)
+ {
+ return false;
+ }
+ else
+ {
+ list($user_id) = mysql_fetch_row($result);
+ return $user_id;
+ }
+}
+
+/**
* search an available feed_id
*
* @return string feed identifier
@@ -393,7 +412,7 @@ function find_available_feed_id()
$key = generate_key(50);
$query = '
SELECT COUNT(*)
- FROM '.USERS_TABLE.'
+ FROM '.USER_INFOS_TABLE.'
WHERE feed_id = \''.$key.'\'
;';
list($count) = mysql_fetch_row(pwg_query($query));
@@ -403,4 +422,36 @@ SELECT COUNT(*)
}
}
}
-?>
+
+/**
+ * add user informations based on default values
+ *
+ * @param int user_id
+ */
+function create_user_infos($user_id)
+{
+ global $conf;
+
+ list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();'));
+
+ $insert =
+ array(
+ 'user_id' => $user_id,
+ 'status' => 'guest',
+ 'template' => $conf['default_template'],
+ 'nb_image_line' => $conf['nb_image_line'],
+ 'nb_line_page' => $conf['nb_line_page'],
+ 'language' => $conf['default_language'],
+ 'recent_period' => $conf['recent_period'],
+ 'feed_id' => find_available_feed_id(),
+ 'expand' => boolean_to_string($conf['auto_expand']),
+ 'show_nb_comments' => boolean_to_string($conf['show_nb_comments']),
+ 'maxwidth' => $conf['default_maxwidth'],
+ 'maxheight' => $conf['default_maxheight'],
+ 'registration_date' => $dbnow
+ );
+
+ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+ mass_inserts(USER_INFOS_TABLE, array_keys($insert), array($insert));
+}
+?> \ No newline at end of file
diff --git a/include/user.inc.php b/include/user.inc.php
index 56b36039c..4c3e0fb6a 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -38,7 +38,6 @@
// pwg_query($query);
// }
-
// retrieving connected user informations
if (isset($_COOKIE['id']))
{
@@ -87,65 +86,24 @@ DELETE FROM '.SESSIONS_TABLE.'
}
if (!isset($user['id']))
{
- $user['id'] = 2;
+ $user['id'] = $conf['guest_id'];
$user['is_the_guest'] = true;
}
// using Apache authentication override the above user search
if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER']))
{
- $query = '
-SELECT id
- FROM '.USERS_TABLE.'
- WHERE username = \''.mysql_escape_string($_SERVER['REMOTE_USER']).'\'
-;';
- $result = pwg_query($query);
-
- if (mysql_num_rows($result) == 0)
+ if (!($user['id'] = get_userid($_SERVER['REMOTE_USER'])))
{
- register_user($_SERVER['REMOTE_USER'], '', '', '');
-
- $query = '
-SELECT id
- FROM '.USERS_TABLE.'
- WHERE username = \''.mysql_escape_string($_SERVER['REMOTE_USER']).'\'
-;';
- list($user['id']) = mysql_fetch_row(pwg_query($query));
+ register_user($_SERVER['REMOTE_USER'], '', '');
+ $user['id'] = get_userid($_SERVER['REMOTE_USER']);
}
- else
- {
- list($user['id']) = mysql_fetch_row($result);
- }
-
+
$user['is_the_guest'] = false;
}
-$query = '
-SELECT u.*, uf.*
- FROM '.USERS_TABLE.' AS u LEFT JOIN '.USER_FORBIDDEN_TABLE.' AS uf
- ON id = user_id
- WHERE u.id = '.$user['id'].'
-;';
-$row = mysql_fetch_array(pwg_query($query));
-
-// affectation of each value retrieved in the users table into a variable of
-// the array $user.
-foreach ($row as $key => $value)
-{
- if (!is_numeric($key))
- {
- // If the field is true or false, the variable is transformed into a
- // boolean value.
- if ($value == 'true' or $value == 'false')
- {
- $user[$key] = get_boolean($value);
- }
- else
- {
- $user[$key] = $value;
- }
- }
-}
+$use_cache = (defined('IN_ADMIN') and IN_ADMIN) ? false : true;
+$user = array_merge($user, getuserdata($user['id'], $use_cache));
// properties of user guest are found in the configuration
if ($user['is_the_guest'])
@@ -161,66 +119,6 @@ if ($user['is_the_guest'])
$user['show_nb_comments'] = $conf['show_nb_comments'];
}
-// if no information were found about user in user_forbidden table OR the
-// forbidden categories must be updated : only if current user is in public
-// part
-if (!defined('IN_ADMIN') or !IN_ADMIN)
-{
- if (!isset($user['need_update'])
- or !is_bool($user['need_update'])
- or $user['need_update'] == true)
- {
- $user['forbidden_categories'] = calculate_permissions($user['id'],
- $user['status']);
- }
-}
-
-// forbidden_categories is a must be empty, at least
-if (!isset($user['forbidden_categories']))
-{
- $user['forbidden_categories'] = '';
-}
-
-// special for $user['restrictions'] array
-$user['restrictions'] = explode(',', $user['forbidden_categories']);
-if ($user['restrictions'][0] == '')
-{
- $user['restrictions'] = array();
-}
-
// calculation of the number of picture to display per page
$user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page'];
-
-if (empty($user['language'])
- or !file_exists(PHPWG_ROOT_PATH.'language/'.
- $user['language'].'/common.lang.php'))
-{
- $user['language'] = $conf['default_language'];
-}
-include_once(PHPWG_ROOT_PATH.'language/'.$user['language'].'/common.lang.php');
-
-// displaying the username in the language of the connected user, instead of
-// "guest" as you can find in the database
-if ($user['is_the_guest'])
-{
- $user['username'] = $lang['guest'];
-}
-
-// only if we are in the administration section
-if (defined('IN_ADMIN') and IN_ADMIN)
-{
- $langdir = PHPWG_ROOT_PATH.'language/'.$user['language'];
- if (!file_exists($langdir.'/admin.lang.php'))
- {
- $langdir = PHPWG_ROOT_PATH.'language/'.$conf['default_language'];
- }
- include_once($langdir.'/admin.lang.php');
- include_once($langdir.'/faq.lang.php');
-}
-
-if (empty($user['template']))
-{
- $user['template'] = $conf['default_template'];
-}
-$template = setup_style($user['template']);
?>
diff --git a/install.php b/install.php
index e4e38fafe..2f5ea3f30 100644
--- a/install.php
+++ b/install.php
@@ -300,26 +300,45 @@ if ( isset( $_POST['install'] ))
mysql_query( $query );
// webmaster admin user
- $query = 'INSERT INTO '.USERS_TABLE;
- $query.= ' (id,username,password,status,language,mail_address) VALUES ';
- $query.= "(1,'".$admin_name."','".md5( $admin_pass1 )."'";
- $query.= ",'admin','".$language."'";
- $query.= ",'".$admin_mail."');";
+ $query = '
+INSERT INTO '.USERS_TABLE.'
+ (id,username,password,mail_address)
+ VALUES
+ (1,\''.$admin_name.'\',\''.md5($admin_pass1).'\',\''.$admin_mail.'\')
+;';
mysql_query($query);
$query = '
-UPDATE '.USERS_TABLE.'
+INSERT INTO '.USER_INFOS_TABLE.'
+ (user_id,status,language)
+ VALUES
+ (1, \'admin\', \''.$language.'\')
+;';
+ mysql_query($query);
+
+ $query = '
+UPDATE '.USER_INFOS_TABLE.'
SET feed_id = \''.find_available_feed_id().'\'
- WHERE id = 1
+ WHERE user_id = 1
;';
mysql_query($query);
-
+
// guest user
- $query = 'INSERT INTO '.USERS_TABLE;
- $query.= '(id,username,password,status,language) VALUES ';
- $query.= "(2,'guest','','guest','".$language."')";
- $query.= ';';
- mysql_query( $query );
+ $query = '
+INSERT INTO '.USERS_TABLE.'
+ (id,username,password,mail_address)
+ VALUES
+ (2,\'guest\',\'\',\'\')
+;';
+ mysql_query($query);
+
+ $query = '
+INSERT INTO '.USER_INFOS_TABLE.'
+ (user_id,status,language)
+ VALUES
+ (2, \'guest\', \''.$language.'\')
+;';
+ mysql_query($query);
}
}
diff --git a/install/phpwebgallery_structure.sql b/install/phpwebgallery_structure.sql
index 9ca7af0a7..98e81b3e9 100644
--- a/install/phpwebgallery_structure.sql
+++ b/install/phpwebgallery_structure.sql
@@ -212,11 +212,11 @@ CREATE TABLE `phpwebgallery_user_access` (
) TYPE=MyISAM;
--
--- Table structure for table `phpwebgallery_user_forbidden`
+-- Table structure for table `phpwebgallery_user_cache`
--
-DROP TABLE IF EXISTS `phpwebgallery_user_forbidden`;
-CREATE TABLE `phpwebgallery_user_forbidden` (
+DROP TABLE IF EXISTS `phpwebgallery_user_cache`;
+CREATE TABLE `phpwebgallery_user_cache` (
`user_id` smallint(5) unsigned NOT NULL default '0',
`need_update` enum('true','false') NOT NULL default 'true',
`forbidden_categories` text,
@@ -235,15 +235,12 @@ CREATE TABLE `phpwebgallery_user_group` (
) TYPE=MyISAM;
--
--- Table structure for table `phpwebgallery_users`
+-- Table structure for table `phpwebgallery_user_infos`
--
-DROP TABLE IF EXISTS `phpwebgallery_users`;
-CREATE TABLE `phpwebgallery_users` (
- `id` smallint(5) unsigned NOT NULL auto_increment,
- `username` varchar(20) binary NOT NULL default '',
- `password` varchar(32) default NULL,
- `mail_address` varchar(255) default NULL,
+DROP TABLE IF EXISTS `phpwebgallery_user_infos`;
+CREATE TABLE `phpwebgallery_user_infos` (
+ `user_id` smallint(5) unsigned NOT NULL default '0',
`nb_image_line` tinyint(1) unsigned NOT NULL default '5',
`nb_line_page` tinyint(3) unsigned NOT NULL default '3',
`status` enum('admin','guest') NOT NULL default 'guest',
@@ -257,6 +254,19 @@ CREATE TABLE `phpwebgallery_users` (
`last_feed_check` datetime default NULL,
`feed_id` varchar(50) binary default NULL,
`registration_date` datetime NOT NULL default '0000-00-00 00:00:00',
+ UNIQUE KEY `user_infos_ui1` (`user_id`)
+) TYPE=MyISAM;
+
+--
+-- Table structure for table `phpwebgallery_users`
+--
+
+DROP TABLE IF EXISTS `phpwebgallery_users`;
+CREATE TABLE `phpwebgallery_users` (
+ `id` smallint(5) unsigned NOT NULL auto_increment,
+ `username` varchar(20) binary NOT NULL default '',
+ `password` varchar(32) default NULL,
+ `mail_address` varchar(255) default NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `users_ui1` (`username`)
) TYPE=MyISAM;
diff --git a/profile.php b/profile.php
index ff75b0c67..09629ba9f 100644
--- a/profile.php
+++ b/profile.php
@@ -29,29 +29,15 @@
// +-----------------------------------------------------------------------+
// | initialization |
// +-----------------------------------------------------------------------+
-$userdata = array();
-if (defined('IN_ADMIN') and IN_ADMIN and isset($_GET['user_id']))
-{
- $userdata = getuserdata(intval($_GET['user_id']));
-}
-elseif (defined('IN_ADMIN') and (isset($_POST['validate'])) )
-{
- $userdata = getuserdata(intval($_POST['userid']));
-}
-elseif (!defined('IN_ADMIN') or !IN_ADMIN)
-{
- define('PHPWG_ROOT_PATH','./');
- include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
- check_login_authorization(false);
- $userdata = $user;
-}
-//------------------------------------------------------ update & customization
-$infos = array('nb_image_line', 'nb_line_page', 'language',
- 'maxwidth', 'maxheight', 'expand', 'show_nb_comments',
- 'recent_period', 'template', 'mail_address');
+define('PHPWG_ROOT_PATH','./');
+include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
+check_login_authorization(false);
+$userdata = $user;
+
+//------------------------------------------------------ update & customization
$errors = array();
-if (isset($_POST['username']) && !isset($_POST['reset']))
+if (isset($_POST['validate']))
{
$int_pattern = '/^\d+$/';
@@ -74,153 +60,92 @@ if (isset($_POST['username']) && !isset($_POST['reset']))
array_push($errors, $lang['periods_error']);
}
- // if mail_address has changed
- if (!isset($userdata['mail_address']))
+ $mail_error = validate_mail_address($_POST['mail_address']);
+ if (!empty($mail_error))
{
- $userdata['mail_address'] = '';
+ array_push($errors, $mail_error);
}
-
- if ($_POST['mail_address'] != @$userdata['mail_address'])
+
+ if (!empty($_POST['use_new_pwd']))
{
- if ($user['status'] == 'admin')
- {
- $mail_error = validate_mail_address($_POST['mail_address']);
- if (!empty($mail_error))
- {
- array_push($errors, $mail_error);
- }
- }
- else if (!empty($_POST['password']))
+ // password must be the same as its confirmation
+ if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
{
- array_push($errors, $lang['reg_err_pass']);
+ array_push($errors,
+ l10n('New password confirmation does not correspond'));
}
- else
- {
- // retrieving the encrypted password of the login submitted
- $query = '
+
+ // changing password requires old password
+ $query = '
SELECT password
FROM '.USERS_TABLE.'
- WHERE id = \''.$userdata['id'].'\'
+ WHERE '.$conf['user_fields']['id'].' = \''.$userdata['id'].'\'
;';
- $row = mysql_fetch_array(pwg_query($query));
- if ($row['password'] == md5($_POST['password']))
- {
- $mail_error = validate_mail_address($_POST['mail_address']);
- if (!empty($mail_error))
- {
- array_push($errors, $mail_error);
- }
- }
- else
- {
- array_push($errors, $lang['reg_err_pass']);
- }
- }
- }
-
- // password must be the same as its confirmation
- if (!empty($_POST['use_new_pwd'])
- and $_POST['use_new_pwd'] != $_POST['passwordConf'])
- {
- array_push($errors, $lang['reg_err_pass']);
- }
-
- // We check if we are in the admin level
- if (isset($_POST['user_delete']))
- {
- if ($_POST['userid'] > 2) // gallery founder + guest
- {
- delete_user($_POST['userid']);
- }
- else
- {
- array_push($errors, $lang['user_err_modify']);
- }
- }
-
- // We check if we are in the admin level
- if (isset($_POST['status']) and $_POST['status'] <> $userdata['status'])
- {
- if ($_POST['userid'] > 2) // gallery founder + guest
- {
- array_push($infos, 'status');
- }
- else
+ list($current_password) = mysql_fetch_row(pwg_query($query));
+
+ if ($conf['pass_convert']($_POST['password']) != $current_password)
{
- array_push($errors, $lang['user_err_modify']);
+ array_push($errors, l10n('Current password is wrong'));
}
}
if (count($errors) == 0)
{
- $query = '
-UPDATE '.USERS_TABLE.'
- SET ';
- $is_first = true;
- foreach ($infos as $i => $info)
- {
- if (!$is_first)
- {
- $query.= '
- , ';
- }
- $is_first = false;
-
- $query.= $info;
- $query.= ' = ';
- if ($_POST[$info] == '')
- {
- $query.= 'NULL';
- }
- else
- {
- $query.= "'".$_POST[$info]."'";
- }
- }
- $query.= '
- WHERE id = '.$_POST['userid'].'
-;';
- pwg_query($query);
+ // mass_updates function
+ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+
+ // update common user informations
+ $fields = array($conf['user_fields']['email']);
+
+ $data = array();
+ $data{$conf['user_fields']['id']} = $_POST['userid'];
+ $data{$conf['user_fields']['email']} = $_POST['mail_address'];
+ // password is updated only if filled
if (!empty($_POST['use_new_pwd']))
{
- $query = '
-UPDATE '.USERS_TABLE.'
- SET password = \''.md5($_POST['use_new_pwd']).'\'
- WHERE id = '.$_POST['userid'].'
-;';
- pwg_query($query);
+ array_push($fields, $conf['user_fields']['password']);
+ // password is encrpyted with function $conf['pass_convert']
+ $data{$conf['user_fields']['password']} =
+ $conf['pass_convert']($_POST['use_new_pwd']);
}
+ mass_updates(USERS_TABLE,
+ array('primary' => array($conf['user_fields']['id']),
+ 'update' => $fields),
+ array($data));
- // redirection
- if (isset($_POST['validate']))
+ // update user "additional" informations (specific to PhpWebGallery)
+ $fields = array(
+ 'nb_image_line', 'nb_line_page', 'language', 'maxwidth', 'maxheight',
+ 'expand', 'show_nb_comments', 'recent_period', 'template'
+ );
+
+ $data = array();
+ $data{'user_id'} = $_POST['userid'];
+
+ foreach ($fields as $field)
{
- if (!defined('IN_ADMIN') or !IN_ADMIN)
- {
- $url = PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING'];
- redirect(add_session_id($url));
- }
- else
+ if (isset($_POST[$field]))
{
- redirect(add_session_id(PHPWG_ROOT_PATH.'admin.php?page=profile'));
+ $data{$field} = $_POST[$field];
}
}
+ mass_updates(USER_INFOS_TABLE,
+ array('primary' => array('user_id'), 'update' => $fields),
+ array($data));
+
+ // redirection
+ $url = PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING'];
+ redirect(add_session_id($url));
}
}
// +-----------------------------------------------------------------------+
// | page header and options |
// +-----------------------------------------------------------------------+
-$url_action = PHPWG_ROOT_PATH;
-if (!defined('IN_ADMIN'))
-{
- $title= $lang['customize_page_title'];
- include(PHPWG_ROOT_PATH.'include/page_header.php');
- $url_action .='profile.php';
-}
-else
-{
- $url_action .='admin.php?page=profile';
-}
+$title= $lang['customize_page_title'];
+include(PHPWG_ROOT_PATH.'include/page_header.php');
+
+$url_action = PHPWG_ROOT_PATH.'profile.php';
//----------------------------------------------------- template initialization
$template->set_filenames(array('profile_body'=>'profile.tpl'));
@@ -233,7 +158,7 @@ $template->assign_vars(
array(
'USERNAME'=>$userdata['username'],
'USERID'=>$userdata['id'],
- 'EMAIL'=>@$userdata['mail_address'],
+ 'EMAIL'=>@$userdata['email'],
'LANG_SELECT'=>language_select($userdata['language'], 'language'),
'NB_IMAGE_LINE'=>$userdata['nb_image_line'],
'NB_ROW_PAGE'=>$userdata['nb_line_page'],
@@ -270,43 +195,12 @@ $template->assign_vars(
'L_SUBMIT'=>$lang['submit'],
'L_RESET'=>$lang['reset'],
'L_RETURN' => $lang['home'],
- 'L_RETURN_HINT' => $lang['home_hint'],
+ 'L_RETURN_HINT' => $lang['home_hint'],
+
+ 'U_RETURN' => add_session_id(PHPWG_ROOT_PATH.'category.php'),
'F_ACTION'=>add_session_id($url_action),
));
-
-if (!defined('IN_ADMIN') or !IN_ADMIN)
-{
- $url_return = PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING'];
- $template->assign_vars(array('U_RETURN' => add_session_id($url_return)));
-}
-//------------------------------------------------------------- user management
-if (defined('IN_ADMIN') and IN_ADMIN)
-{
- $status_select = '<select name="status">';
- $status_select .='<option value = "guest" ';
- if ($userdata['status'] == 'guest')
- {
- $status_select .= 'selected="selected"';
- }
- $status_select .='>'.$lang['user_status_guest'] .'</option>';
- $status_select .='<option value = "admin" ';
- if ($userdata['status'] == 'admin')
- {
- $status_select .= 'selected="selected"';
- }
- $status_select .='>'.$lang['user_status_admin'] .'</option>';
- $status_select .='</select>';
- $template->assign_block_vars(
- 'admin',
- array(
- 'L_ADMIN_USER'=>$lang['user_management'],
- 'L_STATUS'=>$lang['user_status'],
- 'L_DELETE'=>$lang['user_delete'],
- 'L_DELETE_HINT'=>$lang['user_delete_hint'],
- 'STATUS'=>$status_select
- ));
-}
// +-----------------------------------------------------------------------+
// | errors display |
// +-----------------------------------------------------------------------+
@@ -321,14 +215,7 @@ if (count($errors) != 0)
// +-----------------------------------------------------------------------+
// | html code display |
// +-----------------------------------------------------------------------+
-if (defined('IN_ADMIN') and IN_ADMIN)
-{
- $template->assign_var_from_handle('ADMIN_CONTENT', 'profile_body');
-}
-else
-{
- $template->assign_block_vars('profile',array());
- $template->parse('profile_body');
- include(PHPWG_ROOT_PATH.'include/page_tail.php');
-}
+$template->assign_block_vars('profile',array());
+$template->parse('profile_body');
+include(PHPWG_ROOT_PATH.'include/page_tail.php');
?>
diff --git a/register.php b/register.php
index c3c7ba73b..07b8b327a 100644
--- a/register.php
+++ b/register.php
@@ -32,8 +32,19 @@ include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
$errors = array();
if (isset($_POST['submit']))
{
- $errors = register_user($_POST['login'], $_POST['password'],
- $_POST['password_conf'], $_POST['mail_address']);
+ if ($_POST['password'] != $_POST['password_conf'])
+ {
+ array_push($errors, $lang['reg_err_pass']);
+ }
+
+ $errors =
+ array_merge(
+ $errors,
+ register_user($_POST['login'],
+ $_POST['password'],
+ $_POST['mail_address'])
+ );
+
if (count($errors) == 0)
{
$query = '
diff --git a/template/default/admin/user_list.tpl b/template/default/admin/user_list.tpl
index 51c1185cf..2c8a6cc9f 100644
--- a/template/default/admin/user_list.tpl
+++ b/template/default/admin/user_list.tpl
@@ -94,13 +94,21 @@
</table>
<div class="navigationBar">{NAVBAR}</div>
+<!-- delete the selected users ? -->
+<fieldset>
+ <legend>{lang:Deletions}</legend>
+ <input type="checkbox" name="confirm_deletion" value="1" /> {lang:confirm}
+ <input type="submit" value="{lang:Delete selected users}" name="delete" class="bouton" />
+</fieldset>
+
<!-- form to set properties for many users at once -->
-<div class="admin">Preferences</div>
+<fieldset>
+ <legend>{lang:Groups}</legend>
<table>
<tr>
- <td>associate to groupe</td>
+ <td>{lang:associate to group}</td>
<td>
<select name="associate" size="1">
<!-- BEGIN associate_option -->
@@ -111,7 +119,7 @@
</tr>
<tr>
- <td>dissociate from groupe</td>
+ <td>{lang:dissociate from group}</td>
<td>
<select name="dissociate" size="1">
<!-- BEGIN dissociate_option -->
@@ -121,6 +129,15 @@
</td>
</tr>
+</table>
+
+</fieldset>
+
+<fieldset>
+ <legend>{lang:Preferences}</legend>
+
+<table>
+
<tr>
<td>{L_NB_IMAGE_LINE}</td>
<td>
@@ -239,6 +256,8 @@
</table>
+</fieldset>
+
<p style="text-align:center;">
target
<input type="radio" name="target" value="all" /> all
diff --git a/template/default/profile.tpl b/template/default/profile.tpl
index 7d435304f..6bb881891 100644
--- a/template/default/profile.tpl
+++ b/template/default/profile.tpl
@@ -8,29 +8,28 @@
</div>
<!-- END errors -->
-<!-- BEGIN profile -->
<div class="titrePage">{L_TITLE}</div>
-<!-- END profile -->
+
<form method="post" name="profile" action="{F_ACTION}">
+
+<input type="hidden" name="userid" value="{USERID}" />
+
<table width="70%" align="center">
<tr class="admin">
<th colspan="2">{L_REGISTRATION_INFO}</th>
</tr>
<tr>
<td width="50%">{L_USERNAME}</td>
- <td><input type="text" name="username" value="{USERNAME}" />
- <input type="hidden" name="userid" value="{USERID}" /></td>
+ <td>{USERNAME}</td>
</tr>
<tr>
<td>{L_EMAIL}</td>
<td><input type="text" name="mail_address" value="{EMAIL}" /></td>
</tr>
- <!-- BEGIN profile -->
<tr>
<td>{L_CURRENT_PASSWORD} : <br /><span class="small">{L_CURRENT_PASSWORD_HINT}</span></td>
<td><input type="password" name="password" value="" /></td>
</tr>
- <!-- END profile -->
<tr>
<td>{L_NEW_PASSWORD} : <br /><span class="small">{L_NEW_PASSWORD_HINT}</span></td>
<td><input type="password" name="use_new_pwd" value="" /></td>
@@ -82,22 +81,6 @@
<td><input type="text" size="4" maxlength="4" name="maxheight" value="{MAXHEIGHT}" />
</td>
</tr>
-<!-- BEGIN admin -->
- <tr class="admin">
- <th colspan="2">{modify.admin.L_ADMIN_USER}</th>
- </tr>
- <tr>
- <td>{modify.admin.L_STATUS}</td>
- <td>{modify.admin.STATUS}
- </td>
- </tr>
- <tr>
- <td>{modify.admin.L_DELETE}<br />
- <span class="small">{modify.admin.L_DELETE_HINT}</span></td>
- <td><input name="user_delete" type="checkbox" value="1">
- </td>
- </tr>
-<!-- END admin -->
<tr>
<td colspan="2" align="center">
<input type="submit" name="validate" value="{L_SUBMIT}" class="bouton" />
@@ -106,8 +89,7 @@
</tr>
</table>
</form>
-<!-- BEGIN profile -->
+
<div style="text-align:center;margin:5px;">
<a href="{U_RETURN}" title="{L_RETURN_HINT}">[{L_RETURN}]</a>
</div>
-<!-- END profile -->