- new : external authentication in another users table. Previous users table

  is divided between users (common properties with any web application) and
  user_infos (phpwebgallery specific informations). External table and
  fields can be configured.

- modification : profile.php is not reachable through administration anymore
  (not useful).

- modification : in profile.php, current password is mandatory only if user
  tries to change his password. Username can't be changed.

- deletion : of obsolete functions get_user_restrictions,
  update_user_restrictions, get_user_all_restrictions, is_user_allowed,
  update_user

- modification : $user['forbidden_categories'] equals at least "-1" so that
  category_id NOT IN ($user['forbidden_categories']) can always be used.

- modification : user_forbidden table becomes user_cache so that not only
  restriction informations can be stored in this table.


git-svn-id: http://piwigo.org/svn/trunk@808 68402e56-0260-453c-a942-63ccdbb3a9ee

8 files changed, 300 insertions, 295 deletions

diff --git a/include/common.inc.php b/include/common.inc.php
index a57e00641..afed22c87 100644
--- a/include/common.inc.php
+++ b/include/common.inc.php
@@ -120,9 +120,9 @@ if (!defined('PHPWG_INSTALLED'))
   exit;
 }
 
-include(PHPWG_ROOT_PATH . 'include/constants.php');
 include(PHPWG_ROOT_PATH . 'include/config_default.inc.php');
 @include(PHPWG_ROOT_PATH. 'include/config_local.inc.php');
+include(PHPWG_ROOT_PATH . 'include/constants.php');
 include(PHPWG_ROOT_PATH . 'include/functions.inc.php');
 include(PHPWG_ROOT_PATH . 'include/template.php');
 
@@ -164,4 +164,43 @@ while ( $row =mysql_fetch_array( $result ) )
 }
 
 include(PHPWG_ROOT_PATH.'include/user.inc.php');
+
+// language files
+$user_langdir = PHPWG_ROOT_PATH.'language/'.$user['language'];
+$conf_langdir = PHPWG_ROOT_PATH.'language/'.$conf['default_language'];
+
+if (file_exists($user_langdir.'/common.lang.php'))
+{
+  include_once($user_langdir.'/common.lang.php');
+}
+else
+{
+  include_once($conf_langdir.'/common.lang.php');
+}
+
+// The administration section requires 2 more language files
+if (defined('IN_ADMIN') and IN_ADMIN)
+{
+  foreach (array('admin', 'faq') as $section)
+  {
+    if (file_exists($user_langdir.'/'.$section.'.lang.php'))
+    {
+      include_once($user_langdir.'/'.$section.'.lang.php');
+    }
+    else
+    {
+      include_once($conf_langdir.'/'.$section.'.lang.php');
+    }
+  }
+}
+
+// only now we can set the localized username of the guest user (and not in
+// include/user.inc.php)
+if ($user['is_the_guest'])
+{
+  $user['username'] = $lang['guest'];
+}
+
+// template instance
+$template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template']);
 ?>
diff --git a/include/config_default.inc.php b/include/config_default.inc.php
index 8debb63f0..d641223da 100644
--- a/include/config_default.inc.php
+++ b/include/config_default.inc.php
@@ -227,4 +227,29 @@ $conf['show_picture_name_on_title'] = true;
 // apache_authentication : use Apache authentication as reference instead of
 // users table ?
 $conf['apache_authentication'] = false;
+
+// debug_l10n : display a warning message each time an unset language key is
+// accessed
+$conf['debug_l10n'] = false;
+
+// users_table : which table is the reference for users ? Can be a different
+// table than PhpWebGallery table
+$conf['users_table'] = $prefixeTable.'users';
+
+// user_fields : mapping between generic field names and table specific
+// field names. For example, in PWG, the mail address is names
+// "mail_address" and in punbb, it's called "email".
+$conf['user_fields'] = array(
+  'id' => 'id',
+  'username' => 'username',
+  'password' => 'password',
+  'email' => 'mail_address'
+  );
+
+// pass_convert : function to crypt or hash the clear user password to store
+// it in the database
+$conf['pass_convert'] = create_function('$s', 'return md5($s);');
+
+// guest_id : id of the anonymous user
+$conf['guest_id'] = 2;
 ?>
diff --git a/include/constants.php b/include/constants.php
index 75764f1a5..258583305 100644
--- a/include/constants.php
+++ b/include/constants.php
@@ -30,9 +30,6 @@ define('PHPWG_VERSION', '%PWGVERSION%');
 define('PHPWG_URL', 'http://www.phpwebgallery.net');
 define('PHPWG_FORUM_URL', 'http://forum.phpwebgallery.net');
 
-// User level
-define('ANONYMOUS', 2);
- 
 // Error codes
 define('GENERAL_MESSAGE', 200);
 define('GENERAL_ERROR', 202);
@@ -53,10 +50,11 @@ define('SESSIONS_TABLE', $prefixeTable.'sessions');
 define('SITES_TABLE', $prefixeTable.'sites');
 define('USER_ACCESS_TABLE', $prefixeTable.'user_access');
 define('USER_GROUP_TABLE', $prefixeTable.'user_group');
-define('USERS_TABLE', $prefixeTable.'users');
+define('USERS_TABLE', $conf['users_table']);
+define('USER_INFOS_TABLE', $prefixeTable.'user_infos');
 define('WAITING_TABLE', $prefixeTable.'waiting');
 define('IMAGE_METADATA_TABLE', $prefixeTable.'image_metadata');
 define('RATE_TABLE', $prefixeTable.'rate');
-define('USER_FORBIDDEN_TABLE', $prefixeTable.'user_forbidden');
+define('USER_CACHE_TABLE', $prefixeTable.'user_cache');
 define('CADDIE_TABLE', $prefixeTable.'caddie');
 ?>
diff --git a/include/functions.inc.php b/include/functions.inc.php
index 2b1668de9..8a3a1f116 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -774,8 +774,13 @@ function get_name_from_file($filename)
  */
 function l10n($key)
 {
-  global $lang;
+  global $lang, $conf;
 
-  return (isset($lang[$key])) ? $lang[$key] : $key;
+  if ($conf['debug_l10n'])
+  {
+    echo '[l10n] language key "'.$key.'" is not defined<br />';
+  }
+  
+  return isset($lang[$key]) ? $lang[$key] : $key;
 }
 ?>
diff --git a/include/functions_category.inc.php b/include/functions_category.inc.php
index 383c0fa5d..005452db1 100644
--- a/include/functions_category.inc.php
+++ b/include/functions_category.inc.php
@@ -40,11 +40,11 @@
  * @param int category id to verify
  * @return void
  */
-function check_restrictions( $category_id )
+function check_restrictions($category_id)
 {
-  global $user,$lang;
+  global $user, $lang;
 
-  if ( in_array( $category_id, $user['restrictions'] ) )
+  if (in_array($category_id, explode(',', $user['forbidden_categories'])))
   {
     echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />';
     echo '<a href="'.add_session_id( './category.php' ).'">';
@@ -167,18 +167,12 @@ function count_user_total_images()
 
   $query = '
 SELECT COUNT(DISTINCT(image_id)) as total
-  FROM '.IMAGE_CATEGORY_TABLE;
-  if (count($user['restrictions']) > 0)
-  {
-    $query.= '
-  WHERE category_id NOT IN ('.$user['forbidden_categories'].')';
-  }
-  $query.= '
+  FROM '.IMAGE_CATEGORY_TABLE.'
+  WHERE category_id NOT IN ('.$user['forbidden_categories'].')
 ;';
- 
-  $row = mysql_fetch_array(pwg_query($query));
-
-  return isset($row['total']) ? $row['total'] : 0;
+  list($total) = mysql_fetch_array(pwg_query($query));
+  
+  return $total;
 }
 
 /**
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index b2509e1c1..8a3bb911c 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -109,28 +109,23 @@ function add_session_id( $url, $redirect = false )
 {
   global $page, $user, $conf;
 
-  if ( $user['has_cookie'] or $conf['apache_authentication']) return $url;
-
-  $amp = '&amp;';
-  if ( $redirect )
+  if ($user['is_the_guest']
+      or $user['has_cookie']
+      or $conf['apache_authentication'])
   {
-    $amp = '&';
+    return $url;
   }
-  if ( !$user['is_the_guest'] )
+
+  if (preg_match('/\.php\?/', $url))
   {
-    if ( preg_match( '/\.php\?/',$url ) )
-    {
-      return $url.$amp.'id='.$page['session_id'];
-    }
-    else
-    {
-      return $url.'?id='.$page['session_id'];
-    }
+    $separator = $redirect ? '&' : '&amp;';
   }
   else
   {
-    return $url;
+    $separator = '?';
   }
+
+  return $url.$separator.'id='.$page['session_id'];
 }
 
 // cookie_path returns the path to use for the PhpWebGallery cookie.
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 1a2709254..0147dcac5 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -45,16 +45,11 @@ function validate_mail_address( $mail_address )
   }
 }
 
-function register_user($login, $password, $password_conf,
-                       $mail_address, $status = 'guest')
+function register_user($login, $password, $mail_address)
 {
   global $lang, $conf;
 
   $errors = array();
-  // login must not
-  //      1. be empty
-  //      2. start ou end with space character
-  //      4. be already used
   if ($login == '')
   {
     array_push($errors, $lang['reg_err_login1']);
@@ -67,121 +62,33 @@ function register_user($login, $password, $password_conf,
   {
     array_push($errors, $lang['reg_err_login3']);
   }
-
-  $query = '
-SELECT id
-  FROM '.USERS_TABLE.'
-  WHERE username = \''.mysql_escape_string($login).'\'
-;';
-  $result = pwg_query($query);
-  if (mysql_num_rows($result) > 0)
+  if (get_userid($login))
   {
     array_push($errors, $lang['reg_err_login5']);
   }
-
-  // given password must be the same as the confirmation
-  if ($password != $password_conf)
+  $mail_error = validate_mail_address($mail_address);
+  if ('' != $mail_error)
   {
-    array_push($errors, $lang['reg_err_pass']);
-  }
-
-  $error_mail_address = validate_mail_address($mail_address);
-  if ($error_mail_address != '')
-  {
-    array_push($errors, $error_mail_address);
+    array_push($errors, $mail_error);
   }
 
   // if no error until here, registration of the user
   if (count($errors) == 0)
   {
-    $insert = array();
-    $insert['username'] = mysql_escape_string($login);
-    $insert['password'] = md5($password);
-    $insert['status'] = $status;
-    $insert['template'] = $conf['default_template'];
-    $insert['nb_image_line'] = $conf['nb_image_line'];
-    $insert['nb_line_page'] = $conf['nb_line_page'];
-    $insert['language'] = $conf['default_language'];
-    $insert['recent_period'] = $conf['recent_period'];
-    $insert['feed_id'] = find_available_feed_id();
-    $insert['expand'] = boolean_to_string($conf['auto_expand']);
-    $insert['show_nb_comments'] = boolean_to_string($conf['show_nb_comments']);
-    if ( $mail_address != '' )
-    {
-      $insert['mail_address'] = $mail_address;
-    }
-    if ($conf['default_maxwidth'] != '')
-    {
-      $insert['maxwidth'] = $conf['default_maxwidth'];
-    }
-    if ($conf['default_maxheight'] != '')
-    {
-      $insert['maxheight'] = $conf['default_maxheight'];
-    }
+    $insert =
+      array(
+        $conf['user_fields']['username'] => mysql_escape_string($login),
+        $conf['user_fields']['password'] => $conf['pass_convert']($password),
+        $conf['user_fields']['email'] => $mail_address
+        );
 
-    $query = '
-INSERT INTO '.USERS_TABLE.'
-  ('.implode(',', array_keys($insert)).')
-  VALUES
-  (';
-    $is_first = true;
-    foreach (array_keys($insert) as $field)
-    {
-      if (!$is_first)
-      {
-        $query.= ',';
-      }
-      $query.= "'".$insert[$field]."'";
-      $is_first = false;
-    }
-    $query.= ')
-;';
-    pwg_query($query);
-
-    $query = '
-UPDATE '.USERS_TABLE.'
-  SET registration_date = NOW()
-  WHERE id = '.mysql_insert_id().'
-;';
-    pwg_query($query);
+    include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+    mass_inserts(USERS_TABLE, array_keys($insert), array($insert));
+    
+    create_user_infos(mysql_insert_id());
   }
-  return $errors;
-}
-
-function update_user( $user_id, $mail_address, $status,
-                      $use_new_password = false, $password = '' )
-{
-  $error = array();
-  $i = 0;
   
-  $error_mail_address = validate_mail_address( $mail_address );
-  if ( $error_mail_address != '' )
-  {
-    $error[$i++] = $error_mail_address;
-  }
-
-  if ( sizeof( $error ) == 0 )
-  {
-    $query = 'UPDATE '.USERS_TABLE;
-    $query.= " SET status = '".$status."'";
-    if ( $use_new_password )
-    {
-      $query.= ", password = '".md5( $password )."'";
-    }
-    $query.= ', mail_address = ';
-    if ( $mail_address != '' )
-    {
-      $query.= "'".$mail_address."'";
-    }
-    else
-    {
-      $query.= 'NULL';
-    }
-    $query.= ' WHERE id = '.$user_id;
-    $query.= ';';
-    pwg_query( $query );
-  }
-  return $error;
+  return $errors;
 }
 
 function check_login_authorization($guest_allowed = true)
@@ -212,13 +119,107 @@ function setup_style($style)
   return new Template(PHPWG_ROOT_PATH.'template/'.$style);
 }
 
-function getuserdata($user)
+/**
+ * find informations related to the user identifier
+ *
+ * @param int user identifier
+ * @param boolean use_cache
+ * @param array
+ */
+function getuserdata($user_id, $use_cache)
 {
-  $sql = "SELECT * FROM " . USERS_TABLE;
-  $sql.= " WHERE ";
-  $sql .= ( ( is_integer($user) ) ? "id = $user" : "username = '" .  str_replace("\'", "''", $user) . "'" ) . " AND id <> " . ANONYMOUS;
-  $result = pwg_query($sql);
-  return ( $row = mysql_fetch_array($result) ) ? $row : false;
+  global $conf;
+
+  $userdata = array();
+  
+  $query = '
+SELECT ';
+  $is_first = true;
+  foreach ($conf['user_fields'] as $pwgfield => $dbfield)
+  {
+    if ($is_first)
+    {
+      $is_first = false;
+    }
+    else
+    {
+      $query.= '
+     , ';
+    }
+    $query.= $dbfield.' AS '.$pwgfield;
+  }
+  $query.= '
+  FROM '.USERS_TABLE.'
+  WHERE '.$conf['user_fields']['id'].' = \''.$user_id.'\'
+;';
+  
+  $row = mysql_fetch_array(pwg_query($query));
+
+  while (true)
+  {
+    $query = '
+SELECT ui.*, uc.*
+  FROM '.USER_INFOS_TABLE.' AS ui LEFT JOIN '.USER_CACHE_TABLE.' AS uc
+    ON ui.user_id = uc.user_id
+  WHERE ui.user_id = \''.$user_id.'\'
+;';
+    $result = pwg_query($query);
+    if (mysql_num_rows($result) > 0)
+    {
+      break;
+    }
+    else
+    {
+      create_user_infos($user_id);
+    }
+  }
+  
+  $row = array_merge($row, mysql_fetch_array($result));
+  
+  foreach ($row as $key => $value)
+  {
+    if (!is_numeric($key))
+    {
+      // If the field is true or false, the variable is transformed into a
+      // boolean value.
+      if ($value == 'true' or $value == 'false')
+      {
+        $userdata[$key] = get_boolean($value);
+      }
+      else
+      {
+        $userdata[$key] = $value;
+      }
+    }
+  }
+
+  if ($use_cache)
+  {
+    if (!isset($userdata['need_update'])
+        or !is_bool($userdata['need_update'])
+        or $userdata['need_update'] == true)
+    {
+      $userdata['forbidden_categories'] =
+        calculate_permissions($userdata['id'], $userdata['status']);
+
+      // update user cache
+      $query = '
+DELETE FROM '.USER_CACHE_TABLE.'
+  WHERE user_id = '.$userdata['id'].'
+;';
+      pwg_query($query);
+  
+      $query = '
+INSERT INTO '.USER_CACHE_TABLE.'
+  (user_id,need_update,forbidden_categories)
+  VALUES
+  ('.$userdata['id'].',\'false\',\''.$userdata['forbidden_categories'].'\')
+;';
+      pwg_query($query);
+    }
+  }
+
+  return $userdata;
 }
 
 /*
@@ -261,11 +262,12 @@ DELETE FROM '.FAVORITES_TABLE.'
 }
 
 /**
- * update table user_forbidden for the given user
+ * calculates the list of forbidden categories for a given user
  *
- * table user_forbidden contains calculated data. Calculation is based on
- * private categories minus categories authorized to the groups the user
- * belongs to minus the categories directly authorized to the user
+ * Calculation is based on private categories minus categories authorized to
+ * the groups the user belongs to minus the categories directly authorized
+ * to the user. The list contains at least -1 to be compliant with queries
+ * such as "WHERE category_id NOT IN ($forbidden_categories)"
  *
  * @param int user_id
  * @param string user_status
@@ -310,11 +312,7 @@ SELECT cat_id
   FROM '.USER_ACCESS_TABLE.'
   WHERE user_id = '.$user_id.'
 ;';
-  $result = pwg_query($query);
-  while ($row = mysql_fetch_array($result))
-  {
-    array_push($authorized_array, $row['cat_id']);
-  }
+  $authorized_array = array_from_query($query, 'cat_id');
 
   // retrieve category ids authorized to the groups the user belongs to
   $query = '
@@ -323,11 +321,11 @@ SELECT cat_id
     ON ug.group_id = ga.group_id
   WHERE ug.user_id = '.$user_id.'
 ;';
-  $result = pwg_query($query);
-  while ($row = mysql_fetch_array($result))
-  {
-    array_push($authorized_array, $row['cat_id']);
-  }
+  $authorized_array =
+    array_merge(
+      $authorized_array,
+      array_from_query($query, 'cat_id')
+      );
 
   // uniquify ids : some private categories might be authorized for the
   // groups and for the user
@@ -336,23 +334,12 @@ SELECT cat_id
   // only unauthorized private categories are forbidden
   $forbidden_array = array_diff($private_array, $authorized_array);
 
-  $query = '
-DELETE FROM '.USER_FORBIDDEN_TABLE.'
-  WHERE user_id = '.$user_id.'
-;';
-  pwg_query($query);
-
-  $forbidden_categories = implode(',', $forbidden_array);
+  // at least, the list contains -1 values. This category does not exists so
+  // where clauses such as "WHERE category_id NOT IN(-1)" will always be
+  // true.
+  array_push($forbidden_array, '-1');
   
-  $query = '
-INSERT INTO '.USER_FORBIDDEN_TABLE.'
-  (user_id,need_update,forbidden_categories)
-  VALUES
-  ('.$user_id.',\'false\',\''.$forbidden_categories.'\')
-;';
-  pwg_query($query);
-  
-  return $forbidden_categories;
+  return implode(',', $forbidden_array);
 }
 
 /**
@@ -363,10 +350,12 @@ INSERT INTO '.USER_FORBIDDEN_TABLE.'
  */
 function get_username($user_id)
 {
+  global $conf;
+  
   $query = '
-SELECT username
+SELECT '.$conf['user_fields']['username'].'
   FROM '.USERS_TABLE.'
-  WHERE id = '.intval($user_id).'
+  WHERE '.$conf['user_fields']['id'].' = '.intval($user_id).'
 ;';
   $result = pwg_query($query);
   if (mysql_num_rows($result) > 0)
@@ -382,6 +371,36 @@ SELECT username
 }
 
 /**
+ * returns user identifier thanks to his name, false if not found
+ *
+ * @param string username
+ * @param int user identifier
+ */
+function get_userid($username)
+{
+  global $conf;
+
+  $username = mysql_escape_string($username);
+
+  $query = '
+SELECT '.$conf['user_fields']['id'].'
+  FROM '.USERS_TABLE.'
+  WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
+;';
+  $result = pwg_query($query);
+
+  if (mysql_num_rows($result) == 0)
+  {
+    return false;
+  }
+  else
+  {
+    list($user_id) = mysql_fetch_row($result);
+    return $user_id;
+  }
+}
+
+/**
  * search an available feed_id
  *
  * @return string feed identifier
@@ -393,7 +412,7 @@ function find_available_feed_id()
     $key = generate_key(50);
     $query = '
 SELECT COUNT(*)
-  FROM '.USERS_TABLE.'
+  FROM '.USER_INFOS_TABLE.'
   WHERE feed_id = \''.$key.'\'
 ;';
     list($count) = mysql_fetch_row(pwg_query($query));
@@ -403,4 +422,36 @@ SELECT COUNT(*)
     }
   }
 }
-?>
+
+/**
+ * add user informations based on default values
+ *
+ * @param int user_id
+ */
+function create_user_infos($user_id)
+{
+  global $conf;
+  
+  list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();'));
+
+  $insert =
+    array(
+      'user_id' => $user_id,
+      'status' => 'guest',
+      'template' => $conf['default_template'],
+      'nb_image_line' => $conf['nb_image_line'],
+      'nb_line_page' => $conf['nb_line_page'],
+      'language' => $conf['default_language'],
+      'recent_period' => $conf['recent_period'],
+      'feed_id' => find_available_feed_id(),
+      'expand' => boolean_to_string($conf['auto_expand']),
+      'show_nb_comments' => boolean_to_string($conf['show_nb_comments']),
+      'maxwidth' => $conf['default_maxwidth'],
+      'maxheight' => $conf['default_maxheight'],
+      'registration_date' => $dbnow
+      );
+
+  include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+  mass_inserts(USER_INFOS_TABLE, array_keys($insert), array($insert));
+}
+?>
\ No newline at end of file
diff --git a/include/user.inc.php b/include/user.inc.php
index 56b36039c..4c3e0fb6a 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -38,7 +38,6 @@
 //   pwg_query($query);
 // }
 
-
 // retrieving connected user informations
 if (isset($_COOKIE['id']))
 {
@@ -87,65 +86,24 @@ DELETE FROM '.SESSIONS_TABLE.'
 }
 if (!isset($user['id']))
 {
-  $user['id'] = 2;
+  $user['id'] = $conf['guest_id'];
   $user['is_the_guest'] = true;
 }
 
 // using Apache authentication override the above user search
 if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER']))
 {
-  $query = '
-SELECT id
-  FROM '.USERS_TABLE.'
-  WHERE username = \''.mysql_escape_string($_SERVER['REMOTE_USER']).'\'
-;';
-  $result = pwg_query($query);
-
-  if (mysql_num_rows($result) == 0)
+  if (!($user['id'] = get_userid($_SERVER['REMOTE_USER'])))
   {
-    register_user($_SERVER['REMOTE_USER'], '', '', '');
-
-    $query = '
-SELECT id
-  FROM '.USERS_TABLE.'
-  WHERE username = \''.mysql_escape_string($_SERVER['REMOTE_USER']).'\'
-;';
-    list($user['id']) = mysql_fetch_row(pwg_query($query));
+    register_user($_SERVER['REMOTE_USER'], '', '');
+    $user['id'] = get_userid($_SERVER['REMOTE_USER']);
   }
-  else
-  {
-    list($user['id']) = mysql_fetch_row($result);
-  }
-
+  
   $user['is_the_guest'] = false;
 }
 
-$query = '
-SELECT u.*, uf.*
-  FROM '.USERS_TABLE.' AS u LEFT JOIN '.USER_FORBIDDEN_TABLE.' AS uf
-    ON id = user_id
-  WHERE u.id = '.$user['id'].'
-;';
-$row = mysql_fetch_array(pwg_query($query));
-
-// affectation of each value retrieved in the users table into a variable of
-// the array $user.
-foreach ($row as $key => $value)
-{
-  if (!is_numeric($key))
-  {
-    // If the field is true or false, the variable is transformed into a
-    // boolean value.
-    if ($value == 'true' or $value == 'false')
-    {
-      $user[$key] = get_boolean($value);
-    }
-    else
-    {
-      $user[$key] = $value;
-    }
-  }
-}
+$use_cache = (defined('IN_ADMIN') and IN_ADMIN) ? false : true;
+$user = array_merge($user, getuserdata($user['id'], $use_cache));
 
 // properties of user guest are found in the configuration
 if ($user['is_the_guest'])
@@ -161,66 +119,6 @@ if ($user['is_the_guest'])
   $user['show_nb_comments'] = $conf['show_nb_comments'];
 }
 
-// if no information were found about user in user_forbidden table OR the
-// forbidden categories must be updated : only if current user is in public
-// part
-if (!defined('IN_ADMIN') or !IN_ADMIN)
-{
-  if (!isset($user['need_update'])
-      or !is_bool($user['need_update'])
-      or $user['need_update'] == true)
-  {
-    $user['forbidden_categories'] = calculate_permissions($user['id'],
-                                                          $user['status']);
-  }
-}
-
-// forbidden_categories is a must be empty, at least
-if (!isset($user['forbidden_categories']))
-{
-  $user['forbidden_categories'] = '';
-}
-
-// special for $user['restrictions'] array
-$user['restrictions'] = explode(',', $user['forbidden_categories']);
-if ($user['restrictions'][0] == '')
-{
-  $user['restrictions'] = array();
-}
-
 // calculation of the number of picture to display per page
 $user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page'];
-
-if (empty($user['language'])
-    or !file_exists(PHPWG_ROOT_PATH.'language/'.
-                    $user['language'].'/common.lang.php'))
-{
-  $user['language'] = $conf['default_language'];
-}
-include_once(PHPWG_ROOT_PATH.'language/'.$user['language'].'/common.lang.php');
-
-// displaying the username in the language of the connected user, instead of
-// "guest" as you can find in the database
-if ($user['is_the_guest'])
-{
-  $user['username'] = $lang['guest'];
-}
-
-// only if we are in the administration section
-if (defined('IN_ADMIN') and IN_ADMIN)
-{
-  $langdir = PHPWG_ROOT_PATH.'language/'.$user['language'];
-  if (!file_exists($langdir.'/admin.lang.php'))
-  {
-    $langdir = PHPWG_ROOT_PATH.'language/'.$conf['default_language'];
-  }
-  include_once($langdir.'/admin.lang.php');
-  include_once($langdir.'/faq.lang.php');
-}
-
-if (empty($user['template']))
-{
-  $user['template'] = $conf['default_template'];
-}
-$template = setup_style($user['template']);
 ?>