diff options
| -rw-r--r-- | admin/admin.php | 97 | ||||
| -rw-r--r-- | admin/ajout.php | 326 | ||||
| -rw-r--r-- | admin/configuration.php | 9 | ||||
| -rw-r--r-- | admin/user_add.php | 284 | ||||
| -rw-r--r-- | admin/user_list.php | 57 | ||||
| -rw-r--r-- | admin/user_modify.php | 100 | ||||
| -rw-r--r-- | category.php | 11 | ||||
| -rw-r--r-- | identification.php | 22 | ||||
| -rw-r--r-- | include/functions.inc.php | 37 | ||||
| -rw-r--r-- | include/functions_category.inc.php | 4 | ||||
| -rw-r--r-- | include/functions_session.inc.php | 50 | ||||
| -rw-r--r-- | include/functions_user.inc.php | 77 | ||||
| -rw-r--r-- | include/init.inc.php | 4 | ||||
| -rw-r--r-- | include/user.inc.php | 12 | ||||
| -rw-r--r-- | language/francais.php | 34 | ||||
| -rw-r--r-- | profile.php | 10 | ||||
| -rw-r--r-- | template/default/admin/user_add.vtp | 58 | ||||
| -rw-r--r-- | template/default/admin/user_modify.vtp | 66 | ||||
| -rw-r--r-- | template/default/category.vtp | 2 |
19 files changed, 470 insertions, 790 deletions
diff --git a/admin/admin.php b/admin/admin.php index ce0f601e7..a4c8b77c3 100644 --- a/admin/admin.php +++ b/admin/admin.php @@ -1,9 +1,9 @@ <?php /*************************************************************************** - * admin.php is a part of PhpWebGallery * + * admin.php * * ------------------- * - * last update : Tuesday, July 16, 2002 * - * email : pierrick@z0rglub.com * + * application : PhpWebGallery 1.3 * + * author : Pierrick LE GALL <pierrick@z0rglub.com> * * * ***************************************************************************/ @@ -27,68 +27,31 @@ $vtp->setGlobalVar( $handle, 'menu_title', $lang['menu_title'] ); $page_valide = false; switch ( $_GET['page'] ) { - case 'ajout': - { - $titre = $lang['title_add']; - $page_valide = true; - break; - } + case 'user_add': + $titre = $lang['title_add']; $page_valide = true; break; case 'user_list': - { - $titre = $lang['title_liste_users']; - $page_valide = true; - break; - } + $titre = $lang['title_liste_users']; $page_valide = true; break; + case 'user_modify': + $titre = $lang['title_modify']; $page_valide = true; break; case 'historique': - { - $titre = $lang['title_history']; - $page_valide = true; - break; - } + $titre = $lang['title_history']; $page_valide = true; break; case 'miseajour': - { - $titre = $lang['title_update']; - $page_valide = true; - break; - } + $titre = $lang['title_update']; $page_valide = true; break; case 'configuration': - { - $titre = $lang['title_configuration']; - $page_valide = true; - break; - } + $titre = $lang['title_configuration']; $page_valide = true; break; case 'manuel': - { - $titre = $lang['title_instructions']; - $page_valide = true; - break; - } + $titre = $lang['title_instructions']; $page_valide = true; break; case 'perm': - { - $titre = $lang['title_permissions']; - $page_valide = true; - break; - } + $titre = $lang['title_permissions']; $page_valide = true; break; case 'cat': - { - $titre = $lang['title_categories']; - $page_valide = true; - break; - } + $titre = $lang['title_categories']; $page_valide = true; break; case 'edit_cat': - { - $titre = $lang['title_edit_cat']; - $page_valide = true; - break; - } + $titre = $lang['title_edit_cat']; $page_valide = true; break; case 'infos_images': - { - $titre = $lang['title_info_images']; - $page_valide = true; - break; - } + $titre = $lang['title_info_images']; $page_valide = true; break; + case 'waiting': + $titre = $lang['title_waiting']; $page_valide = true; break; case 'thumbnail': - { $titre = $lang['title_thumbnails']; if ( isset( $_GET['dir'] ) ) { @@ -107,20 +70,10 @@ switch ( $_GET['page'] ) } $page_valide = true; break; - } - case 'waiting': - { - $titre = $lang['title_waiting']; - $page_valide = true; - break; - } default: - { - $titre = $lang['title_default']; - break; - } + $titre = $lang['title_default']; break; } -$vtp->setGlobalVar( $handle, 'title', $titre ); +$vtp->setGlobalVar( $handle, 'title', $titre ); //--------------------------------------------------------------------- summary $link_start = './admin.php?page='; // configuration @@ -147,7 +100,8 @@ $vtp->closeSession( $handle, 'summary' ); // user add $vtp->addSession( $handle, 'summary' ); $vtp->setVar( $handle, 'summary.indent', ' ' ); -$vtp->setVar( $handle, 'summary.link', add_session_id( $link_start.'ajout' ) ); +$vtp->setVar( + $handle, 'summary.link', add_session_id( $link_start.'user_add' ) ); $vtp->setVar( $handle, 'summary.name', $lang['menu_add_user'] ); $vtp->closeSession( $handle, 'summary' ); // categories @@ -211,10 +165,9 @@ if ( $page_valide ) } else { - $vtp->setVar( $handle, 'sub', - '<div style="text-align:center">'. - $lang['default_message']. - '</div>' ); + $vtp->setVar( + $handle, 'sub', + '<div style="text-align:center">'.$lang['default_message'].'</div>' ); } //----------------------------------------------------------- html code display $code = $vtp->Display( $handle, 0 ); diff --git a/admin/ajout.php b/admin/ajout.php deleted file mode 100644 index 3ae1fa2f8..000000000 --- a/admin/ajout.php +++ /dev/null @@ -1,326 +0,0 @@ -<?php -/*************************************************************************** - * ajout.php is a part of PhpWebGallery * - * ------------------- * - * last update : Tuesday, July 16, 2002 * - * email : pierrick@z0rglub.com * - * * - ***************************************************************************/ - -/*************************************************************************** - * * - * This program is free software; you can redistribute it and/or modify * - * it under the terms of the GNU General Public License as published by * - * the Free Software Foundation; * - * * - ***************************************************************************/ - - include_once( "./include/isadmin.inc.php" ); - $error = array(); - $absent = false; - - $row = mysql_fetch_array( mysql_query( "select pseudo,status,mail_address from $prefixeTable"."users where id = '".$HTTP_GET_VARS['user_id']."';" ) ); - $pseudo = $row['pseudo']; - $status = $row['status']; - $mail_address = $row['mail_address']; - if ( $pseudo == "visiteur" || ( $pseudo == $conf['webmaster'] && $user['pseudo'] != $conf['webmaster'] ) ) - { - echo "<div class=\"erreur\">".$lang['user_err_modify']."</div>"; - $absent = true; - } - if ( $HTTP_GET_VARS['mode'] == "modif" ) - { - if ( $pseudo == "" ) - { - echo"<div class=\"info\">".$lang['user_err_unknown']."</div>"; - $absent = true; - } - } - if ( !$absent ) - { - if ( $HTTP_GET_VARS['valider'] == 1 ) - { - $i = 0; - // le pseudo ne doit pas - // 1. être vide - // 2. commencer ou se terminer par un espace - // 3. comporter les caractères ' ou " - // 4. être déjà utilisé - // Notes sur le pseudo du webmaster : - // - lorsque l'on trouve plusieurs occurences consécutives du caractère espace, on réduit à une seule occurence - if ( $HTTP_GET_VARS['mode'] != "modif" ) - { - if ( $HTTP_POST_VARS['pseudo'] == "" ) - { - $error[$i++] = $lang['reg_err_login1']; - } - $pseudo = ereg_replace( "[ ]{2,}", " ", $HTTP_POST_VARS['pseudo'] ); - if ( ereg( "^.* $", $pseudo) ) - { - $error[$i++] = $lang['reg_err_login2']; - } - if ( ereg( "^ .*$", $pseudo) ) - { - $error[$i++] = $lang['reg_err_login3']; - } - if ( ereg( "'",$pseudo ) || ereg( "\"",$pseudo ) ) - { - $error[$i++] = $lang['reg_err_login4']; - } - else - { - $query = "select id from $prefixeTable"."users where pseudo = '$pseudo';"; - $result = mysql_query( $query ); - if ( mysql_num_rows( $result ) > 0 ) - { - $error[$i++] = "<li>".$lang['reg_err_login5']."</li>"; - } - } - } - // le mail doit être conforme à qqch du type : nom@serveur.com - if( $HTTP_POST_VARS['mail_address'] != "" && !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)", $HTTP_POST_VARS['mail_address'] ) ) - { - $error[$i++] = $lang['reg_err_mail_address']; - } - // mis à jour des variables pour ne pas afficher celles issue de la BD - $pseudo = $HTTP_POST_VARS['pseudo']; - $password = $HTTP_POST_VARS['password']; - $status = $HTTP_POST_VARS['status']; - $mail_address = $HTTP_POST_VARS['mail_address']; - // on met à jour les paramètres de l'applicaiton dans le cas où il n'y aucune erreur - if ( sizeof( $error ) == 0 && $HTTP_GET_VARS['mode'] != "modif" ) - { - // 1.récupération des valeurs par défaut de l'application pour nombre_image_ligne,nombre_ligne_page,couleur,language - $row = mysql_fetch_array( mysql_query( "select nombre_image_ligne,nombre_ligne_page,theme,language from $prefixeTable"."users where pseudo = 'visiteur';" ) ); - // 2.ajout du nouvel utilisateur - $query = "insert into $prefixeTable"."users (pseudo,password,mail_address,nombre_image_ligne,nombre_ligne_page,theme,language,status) values ('$pseudo','".md5( $HTTP_POST_VARS['password'] )."',"; - if ( $HTTP_POST_VARS['mail_address'] != "" ) - { - $query.= "'".$HTTP_POST_VARS['mail_address']."'"; - } - else - { - $query.= "NULL"; - } - $query.= ",'".$row['nombre_image_ligne']."','".$row['nombre_ligne_page']."','".$row['theme']."','".$row['language']."','".$HTTP_POST_VARS['status']."');"; - mysql_query( $query ); - // 3. récupérer l'identifiant de l'utilisateur nouvellement créé - $row = mysql_fetch_array( mysql_query( "select id from $prefixeTable"."users where pseudo = '$pseudo';" ) ); - $user_id = $row['id']; - // 4.ajouter les restrictions au nouvel utilisateur, les mêmes que celles de l'utilisateur par défaut - $query = "select cat_id "; - $query.= "from $prefixeTable"."restrictions as r,$prefixeTable"."users as u "; - $query.= "where u.id = r.user_id "; - $query.= "and u.pseudo = 'visiteur';"; - $result = mysql_query( $query ); - while( $row = mysql_fetch_array( $result ) ) - { - mysql_query ( "insert into $prefixeTable"."restrictions (user_id,cat_id) values ('$user_id','".$row['cat_id']."');" ); - } - } - if ( sizeof( $error ) == 0 && $HTTP_GET_VARS['mode'] == "modif" ) - { - $query = "update $prefixeTable"."users"; - $query.= " set status = '".$HTTP_POST_VARS['status']."'"; - if ( $HTTP_POST_VARS['use_new_pwd'] == 1 ) - { - $query.= ", password = '".md5( $HTTP_POST_VARS['password'] )."'"; - } - $query.= ", mail_address = "; - if ( $HTTP_POST_VARS['mail_address'] != "" ) - { - $query.= "'".$HTTP_POST_VARS['mail_address']."'"; - } - else - { - $query.= "NULL"; - } - $query.= " where id = '".$HTTP_GET_VARS['user_id']."';"; - mysql_query( $query ); - } - } - if ( sizeof( $error ) > 0 ) - { - echo "<div class=\"erreur\">".$lang['adduser_err_message'].sizeof( $error )." :"; - echo "<ul>"; - for ( $i = 0; $i < sizeof( $error ); $i++ ) - { - echo "<li>".$error[$i]."</li>"; - } - echo "</ul>"; - echo "</div>"; - } - if ( sizeof( $error ) == 0 && $HTTP_GET_VARS['valider'] == 1 ) - { - echo"<div class=\"info\">".$lang['adduser_info_message']."\"$pseudo\" "; - if ( $HTTP_POST_VARS['use_new_pwd'] == 1 ) - { - echo $lang['adduser_info_password_updated']." "; - } - echo"[ <a href=\"".add_session_id_to_url( "./admin.php?page=liste_users" )."\">".$lang['adduser_info_back']."</a> ]</div>"; - } - if ( $HTTP_GET_VARS['valider'] != 1 || $HTTP_GET_VARS['mode'] != "modif" || sizeof( $error ) > 0 ) - { - if ( $HTTP_GET_VARS['mode'] != "modif" && sizeof( $error ) == 0 ) - { - unset( $pseudo, $password, $status, $mail_address ); - } - if ( !isset( $HTTP_POST_VARS['use_new_pwd'] ) || $HTTP_POST_VARS['use_new_pwd'] != 1 ) - { - unset( $password ); - } - $action = "./admin.php?page=ajout&valider=1"; - if ( $HTTP_GET_VARS['mode'] == "modif" ) - { - $action.= "&mode=modif&user_id=".$HTTP_GET_VARS['user_id']; - } - echo"<form method=\"post\" action=\"".add_session_id_to_url( $action )."\"> - <table style=\"width:100%;\"> - <tr align=\"center\" valign=\"middle\"> - <td> - <table style=\"margin-left:auto;margin-right:auto;\"> - <tr> - <th colspan=\"2\">".$lang['adduser_fill_form']."</th> - </tr> - <tr> - <td colspan=\"2\"><div style=\"margin-bottom:0px;\"> </div></td> - </tr> - <tr> - <td>".$lang['adduser_login']."</td> - <td>"; - if ( $HTTP_GET_VARS['mode'] == "modif" ) - { - echo"<span style=\"color:red;\">$pseudo [".$lang['adduser_unmodify']."]</span>"; - echo"<input type=\"hidden\" name=\"pseudo\" value=\"$pseudo\"/>"; - } - else - { - echo"<input type=\"text\" name=\"pseudo\" value=\"$pseudo\"/>"; - } - echo" - </td> - </tr>"; - echo" - <tr> - <td>"; - if ( $HTTP_GET_VARS['mode'] == "modif" ) - { - echo $lang['new']." ".$lang['password']."<input type=\"checkbox\" name=\"use_new_pwd\" value=\"1\""; - if ( isset( $HTTP_POST_VARS['use_new_pwd'] ) && $HTTP_POST_VARS['use_new_pwd'] == 1 ) - { - echo " checked=\"checked\""; - } - echo " />"; - } - else - { - echo $lang['password']; - } - echo"</td> - <td>"; - echo"<input type=\"text\" name=\"password\" value=\"$password\"/></td> - </tr>"; - echo" - <tr> - <td>".$lang['reg_mail_address']."</td>"; - echo " - <td><input type=\"text\" name=\"mail_address\" value=\"$mail_address\"/></td> - </tr>"; - echo" - <tr> - <td>".$lang['adduser_status']."</td> - <td>"; - if ( $pseudo == $conf['webmaster'] ) - { - echo "<span style=\"color:red;\">$status [".$lang['adduser_unmodify']."]</span> - <input type=\"hidden\" name=\"status\" value=\"$status\"/>"; - } - else - { - echo" - <select name=\"status\">"; - // on récupère toutes les status possibles dans la base - // par l'intermédiaire de la fonction get_enums - $option = get_enums( $prefixeTable."users", "status" ); - for ( $i = 0; $i < sizeof( $option ); $i++ ) - { - if ( isset( $status ) ) - { - echo" - <option value=\"$option[$i]\""; - if ( $option[$i] == $status ) - { - echo" selected=\"selected\""; - } - echo">"; - switch ( $option[$i] ) - { - case "admin" : - { - echo $lang['adduser_status_admin']; - break; - } - case "membre" : - { - echo $lang['adduser_status_member']; - break; - } - case "visiteur" : - { - echo $lang['adduser_status_guest']; - break; - } - } - echo"</option>"; - } - else - { - echo" - <option value=\"$option[$i]\""; - if ( $option[$i] == "visiteur" ) - { - echo" selected=\"selected\""; - } - echo">"; - switch ( $option[$i] ) - { - case "admin" : - { - echo $lang['adduser_status_admin']; - break; - } - case "membre" : - { - echo $lang['adduser_status_member']; - break; - } - case "visiteur" : - { - echo $lang['adduser_status_guest']; - break; - } - } - echo"</option>"; - } - } - echo" - </select>"; - } - echo" - </td> - </tr> - <tr> - <td colspan=\"2\" align=\"center\"><input type=\"submit\" value=\"".$lang['submit']."\"/></td> - </tr> - </table> - </td> - </tr> - </table> - </form>"; - if ( $HTTP_GET_VARS['mode'] == "modif" ) - { - echo "<div style=\"text-align:center;margin-bottom:10px;\">[ <a href=\"".add_session_id_to_url( "./admin.php?page=liste_users" )."\">".$lang['adduser_info_back']."</a> ]</div>"; - } - } - } -?>
\ No newline at end of file diff --git a/admin/configuration.php b/admin/configuration.php index 6f1726f06..d0d4a6fc5 100644 --- a/admin/configuration.php +++ b/admin/configuration.php @@ -1,9 +1,9 @@ <? /*************************************************************************** - * configuration.php is a part of PhpWebGallery * + * configuration.php * * ------------------- * - * last update : Tuesday, July 16, 2002 * - * email : pierrick@z0rglub.com * + * application : PhpWebGallery 1.3 * + * author : Pierrick LE GALL <pierrick@z0rglub.com> * * * ***************************************************************************/ @@ -293,7 +293,8 @@ else $query.= $default_user_infos[$i]; } $query .= ' from '.$prefixeTable.'users'; - $query.= " where pseudo ='visiteur';"; + $query.= " where username = 'guest'"; + $query.= ';'; $row = mysql_fetch_array( mysql_query( $query ) ); diff --git a/admin/user_add.php b/admin/user_add.php index cf67dcaa3..ef50c13f1 100644 --- a/admin/user_add.php +++ b/admin/user_add.php @@ -1,9 +1,9 @@ <?php /*************************************************************************** - * ajout.php is a part of PhpWebGallery * + * user_add.php * * ------------------- * - * last update : Tuesday, July 16, 2002 * - * email : pierrick@z0rglub.com * + * application : PhpWebGallery 1.3 * + * author : Pierrick LE GALL <pierrick@z0rglub.com> * * * ***************************************************************************/ @@ -14,242 +14,68 @@ * the Free Software Foundation; * * * ***************************************************************************/ - include_once( './include/isadmin.inc.php' ); - +//----------------------------------------------------- template initialization +$sub = $vtp->Open( '../template/'.$user['template'].'/admin/user_add.vtp' ); +$tpl = array( 'adduser_info_message', 'adduser_info_back', + 'adduser_fill_form', 'login', 'password', 'mail_address', + 'adduser_status', 'submit' ); +templatize_array( $tpl, 'lang', $sub ); +//--------------------------------------------------------- form criteria check $error = array(); -$absent = false; - -$query = 'select'; -$query.= ' pseudo,status,mail_address'; -$query.= ' from '.$prefixeTable.'users'; -$query.= ' where id = '.$_GET['user_id']; -$query.= ';'; -$row = mysql_fetch_array( mysql_query( $query ) ); - -$pseudo = $row['pseudo']; -$status = $row['status']; -$mail_address = $row['mail_address']; - -if ( $pseudo == 'visiteur' || - ( $pseudo == $conf['webmaster'] - && $user['pseudo'] != $conf['webmaster'] ) ) +if ( isset( $_POST['submit'] ) ) { - echo "<div class=\"erreur\">".$lang['user_err_modify']."</div>"; - $absent = true; + $error = register_user( + $_POST['username'], $_POST['password'], $_POST['password'], + $_POST['mail_address'], $_POST['status'] ); } -if ( $_GET['mode'] == 'modif' ) +//-------------------------------------------------------------- errors display +if ( sizeof( $error ) != 0 ) { - if ( $pseudo == '' ) + $vtp->addSession( $sub, 'errors' ); + for ( $i = 0; $i < sizeof( $error ); $i++ ) { - echo"<div class=\"info\">".$lang['user_err_unknown']."</div>"; - $absent = true; + $vtp->addSession( $sub, 'li' ); + $vtp->setVar( $sub, 'li.li', $error[$i] ); + $vtp->closeSession( $sub, 'li' ); } + $vtp->closeSession( $sub, 'errors' ); } -if ( !$absent ) +//---------------------------------------------------------------- confirmation +if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) ) { - if ( $_GET['valider'] == 1 ) - { - if ( $_GET['mode'] != 'modif' ) - { - $error = register_user( $_POST['pseudo'], $_POST['password'], - $_POST['password'], $_POST['mail_address'], - $_POST['status'] ); - } - else - { - $use_new_password = false; - if ( $_POST['use_new_pwd'] == 1) - { - $use_new_password = true; - } - $error = update_user( $_GET['user_id'], $_POST['mail_address'], - $_POST['status'], $use_new_password, - $_POST['password'] ); - } - } - if ( sizeof( $error ) > 0 ) - { - echo "<div class=\"erreur\">".$lang['adduser_err_message'].sizeof( $error )." :"; - echo "<ul>"; - for ( $i = 0; $i < sizeof( $error ); $i++ ) - { - echo "<li>".$error[$i]."</li>"; - } - echo "</ul>"; - echo "</div>"; - } - if ( sizeof( $error ) == 0 && $_GET['valider'] == 1 ) - { - echo"<div class=\"info\">".$lang['adduser_info_message']."\"$pseudo\" "; - if ( $_POST['use_new_pwd'] == 1 ) - { - echo $lang['adduser_info_password_updated']." "; - } - echo"[ <a href=\"".add_session_id_to_url( "./admin.php?page=liste_users" )."\">".$lang['adduser_info_back']."</a> ]</div>"; - } - if ( $_GET['valider'] != 1 || $_GET['mode'] != "modif" || sizeof( $error ) > 0 ) + $vtp->addSession( $sub, 'confirmation' ); + $vtp->setVar( $sub, 'confirmation.username', $_POST['username'] ); + $url = add_session_id( './admin.php?page=user_list' ); + $vtp->setVar( $sub, 'confirmation.url', $url ); + $vtp->closeSession( $sub, 'confirmation' ); + // reset all values + unset( $_POST ); +} +//------------------------------------------------------------------------ form +$action = add_session_id( './admin.php?page=user_add' ); +$vtp->setVar( $sub, 'form_action', $action ); +$vtp->setVar( $sub, 'user:username', $_POST['username'] ); +$vtp->setVar( $sub, 'user:password', $_POST['password'] ); +$vtp->setVar( $sub, 'user:mail_address', $_POST['mail_address'] ); + +if ( !isset( $_POST['status'] ) ) +{ + $_POST['status'] = 'guest'; +} +$option = get_enums( $prefixeTable.'users', 'status' ); +for ( $i = 0; $i < sizeof( $option ); $i++ ) +{ + $vtp->addSession( $sub, 'status_option' ); + $vtp->setVar( $sub, 'status_option.value', $option[$i] ); + $vtp->setVar( $sub, 'status_option.option', + $lang['adduser_status_'.$option[$i]] ); + if( $option[$i] == $_POST['status'] ) { - if ( $_GET['mode'] != "modif" && sizeof( $error ) == 0 ) - { - unset( $pseudo, $password, $status, $mail_address ); - } - if ( !isset( $_POST['use_new_pwd'] ) || $_POST['use_new_pwd'] != 1 ) - { - unset( $password ); - } - $action = "./admin.php?page=ajout&valider=1"; - if ( $_GET['mode'] == "modif" ) - { - $action.= "&mode=modif&user_id=".$_GET['user_id']; - } - echo"<form method=\"post\" action=\"".add_session_id_to_url( $action )."\"> - <table style=\"width:100%;\"> - <tr align=\"center\" valign=\"middle\"> - <td> - <table style=\"margin-left:auto;margin-right:auto;\"> - <tr> - <th colspan=\"2\">".$lang['adduser_fill_form']."</th> - </tr> - <tr> - <td colspan=\"2\"><div style=\"margin-bottom:0px;\"> </div></td> - </tr> - <tr> - <td>".$lang['adduser_login']."</td> - <td>"; - if ( $_GET['mode'] == "modif" ) - { - echo"<span style=\"color:red;\">$pseudo [".$lang['adduser_unmodify']."]</span>"; - echo"<input type=\"hidden\" name=\"pseudo\" value=\"$pseudo\"/>"; - } - else - { - echo"<input type=\"text\" name=\"pseudo\" value=\"$pseudo\"/>"; - } - echo" - </td> - </tr>"; - echo" - <tr> - <td>"; - if ( $_GET['mode'] == "modif" ) - { - echo $lang['new']." ".$lang['password']."<input type=\"checkbox\" name=\"use_new_pwd\" value=\"1\""; - if ( isset( $_POST['use_new_pwd'] ) && $_POST['use_new_pwd'] == 1 ) - { - echo " checked=\"checked\""; - } - echo " />"; - } - else - { - echo $lang['password']; - } - echo"</td> - <td>"; - echo"<input type=\"text\" name=\"password\" value=\"$password\"/></td> - </tr>"; - echo" - <tr> - <td>".$lang['reg_mail_address']."</td>"; - echo " - <td><input type=\"text\" name=\"mail_address\" value=\"$mail_address\"/></td> - </tr>"; - echo" - <tr> - <td>".$lang['adduser_status']."</td> - <td>"; - if ( $pseudo == $conf['webmaster'] ) - { - echo "<span style=\"color:red;\">$status [".$lang['adduser_unmodify']."]</span> - <input type=\"hidden\" name=\"status\" value=\"$status\"/>"; - } - else - { - echo" - <select name=\"status\">"; - // on récupère toutes les status possibles dans la base - // par l'intermédiaire de la fonction get_enums - $option = get_enums( $prefixeTable."users", "status" ); - for ( $i = 0; $i < sizeof( $option ); $i++ ) - { - if ( isset( $status ) ) - { - echo" - <option value=\"$option[$i]\""; - if ( $option[$i] == $status ) - { - echo" selected=\"selected\""; - } - echo">"; - switch ( $option[$i] ) - { - case "admin" : - { - echo $lang['adduser_status_admin']; - break; - } - case "membre" : - { - echo $lang['adduser_status_member']; - break; - } - case "visiteur" : - { - echo $lang['adduser_status_guest']; - break; - } - } - echo"</option>"; - } - else - { - echo" - <option value=\"$option[$i]\""; - if ( $option[$i] == "visiteur" ) - { - echo" selected=\"selected\""; - } - echo">"; - switch ( $option[$i] ) - { - case "admin" : - { - echo $lang['adduser_status_admin']; - break; - } - case "membre" : - { - echo $lang['adduser_status_member']; - break; - } - case "visiteur" : - { - echo $lang['adduser_status_guest']; - break; - } - } - echo"</option>"; - } - } - echo" - </select>"; - } - echo" - </td> - </tr> - <tr> - <td colspan=\"2\" align=\"center\"><input type=\"submit\" value=\"".$lang['submit']."\"/></td> - </tr> - </table> - </td> - </tr> - </table> - </form>"; - if ( $_GET['mode'] == "modif" ) - { - echo "<div style=\"text-align:center;margin-bottom:10px;\">[ <a href=\"".add_session_id_to_url( "./admin.php?page=liste_users" )."\">".$lang['adduser_info_back']."</a> ]</div>"; - } + $vtp->setVar( $sub, 'status_option.selected', ' selected="selected"' ); } + $vtp->closeSession( $sub, 'status_option' ); } +//----------------------------------------------------------- sending html code +$vtp->Parse( $handle , 'sub', $sub ); ?>
\ No newline at end of file diff --git a/admin/user_list.php b/admin/user_list.php index 8221ed30f..bcf6cc988 100644 --- a/admin/user_list.php +++ b/admin/user_list.php @@ -1,9 +1,9 @@ <?php /*************************************************************************** - * liste_users.php is a part of PhpWebGallery * + * user_list.php * * ------------------- * - * last update : Tuesday, July 16, 2002 * - * email : pierrick@z0rglub.com * + * application : PhpWebGallery 1.3 * + * author : Pierrick LE GALL <pierrick@z0rglub.com> * * * ***************************************************************************/ @@ -38,9 +38,9 @@ $vtp->setGlobalVar( $sub, 'listuser_button_invert', $vtp->setGlobalVar( $sub, 'listuser_button_create_address', $lang['listuser_button_create_address'] ); //--------------------------------------------------------------- delete a user -if ( isset ( $_GET['delete'] ) && is_numeric( $_GET['delete'] ) ) +if ( isset ( $_GET['delete'] ) and is_numeric( $_GET['delete'] ) ) { - $query = 'select pseudo'; + $query = 'select username'; $query.= ' from '.$prefixeTable.'users'; $query.= ' where id = '.$_GET['delete']; $query.= ';'; @@ -49,7 +49,7 @@ if ( isset ( $_GET['delete'] ) && is_numeric( $_GET['delete'] ) ) if ( $_GET['confirm'] != 1 ) { $vtp->addSession( $sub, 'deletion' ); - $vtp->setVar( $sub, 'deletion.login', $row['pseudo'] ); + $vtp->setVar( $sub, 'deletion.login', $row['username'] ); $yes_url = './admin.php?page=user_list&delete='.$_GET['delete']; $yes_url.= '&confirm=1'; $vtp->setVar( $sub, 'deletion.yes_url', add_session_id( $yes_url ) ); @@ -61,7 +61,8 @@ if ( isset ( $_GET['delete'] ) && is_numeric( $_GET['delete'] ) ) else { $vtp->addSession( $sub, 'confirmation' ); - if ( $row['pseudo'] != 'visiteur' && $row['pseudo'] != $conf['webmaster'] ) + if ( $row['username'] != 'guest' + and $row['username'] != $conf['webmaster'] ) { $query = 'select count(*) as nb_result'; $query.= ' from '.$prefixeTable.'users'; @@ -72,7 +73,7 @@ if ( isset ( $_GET['delete'] ) && is_numeric( $_GET['delete'] ) ) { delete_user( $_GET['delete'] ); $vtp->setVar( $sub, 'confirmation.class', 'info' ); - $info = '"'.$row['pseudo'].'" '.$lang['listuser_info_deletion']; + $info = '"'.$row['username'].'" '.$lang['listuser_info_deletion']; $vtp->setVar( $sub, 'confirmation.info', $info ); } else @@ -101,9 +102,9 @@ else } $vtp->setVar( $sub, 'users.form_action', $action ); - $query = 'select id,pseudo,status,mail_address'; + $query = 'select id,username,status,mail_address'; $query.= ' from '.$prefixeTable.'users'; - $query.= ' order by status asc, pseudo asc'; + $query.= ' order by status asc, username asc'; $query.= ';'; $result = mysql_query( $query ); @@ -126,7 +127,7 @@ else $title.= $lang['adduser_status_admin']; break; } - case 'visiteur' : + case 'guest' : { $title.= $lang['adduser_status_guest']; break; @@ -137,26 +138,33 @@ else } $vtp->addSession( $sub, 'user' ); // checkbox for mail management if the user has a mail address - if ( $row['mail_address'] != '' && $row['pseudo'] != 'visiteur' ) + if ( $row['mail_address'] != '' and $row['username'] != 'guest' ) { $vtp->addSession( $sub, 'checkbox' ); $vtp->setVar( $sub, 'checkbox.name', 'mail-'.$row['id'] ); $vtp->closeSession( $sub, 'checkbox' ); } // use a special color for the login of the user ? - if ( $row['pseudo'] == $conf['webmaster'] ) + if ( $row['username'] == $conf['webmaster'] ) { $vtp->setVar( $sub, 'user.color', 'red' ); } - if ( $row['pseudo'] == "visiteur" ) + if ( $row['username'] == 'guest' ) { $vtp->setVar( $sub, 'user.color', 'green' ); } - $vtp->setVar( $sub, 'user.login', $row['pseudo'] ); + if ( $row['username'] == 'guest' ) + { + $vtp->setVar( $sub, 'user.login', $lang['guest'] ); + } + else + { + $vtp->setVar( $sub, 'user.login', $row['username'] ); + } // modify or not modify ? - if ( $row['pseudo'] == "visiteur" - || ( $row['pseudo'] == $conf['webmaster'] - && $user['pseudo'] != $conf['webmaster'] ) ) + if ( $row['username'] == 'guest' + or ( $row['username'] == $conf['webmaster'] + and $user['username'] != $conf['webmaster'] ) ) { $vtp->addSession( $sub, 'not_modify' ); $vtp->closeSession( $sub, 'not_modify' ); @@ -164,14 +172,14 @@ else else { $vtp->addSession( $sub, 'modify' ); - $url = './admin.php?page=user_add&mode=modif&user_id='; + $url = './admin.php?page=user_modify&user_id='; $url.= $row['id']; $vtp->setVar( $sub, 'modify.url', add_session_id( $url ) ); - $vtp->setVar( $sub, 'modify.login', $row['pseudo'] ); + $vtp->setVar( $sub, 'modify.login', $row['username'] ); $vtp->closeSession( $sub, 'modify' ); } // manage permission or not ? - if ( $row['pseudo'] == $conf['webmaster'] ) + if ( $row['username'] == $conf['webmaster'] ) { $vtp->addSession( $sub, 'not_permission' ); $vtp->closeSession( $sub, 'not_permission' ); @@ -181,11 +189,12 @@ else $vtp->addSession( $sub, 'permission' ); $url = './admin.php?page=perm&user_id='.$row['id']; $vtp->setVar( $sub, 'permission.url', add_session_id( $url ) ); - $vtp->setVar( $sub, 'permission.login', $row['pseudo'] ); + $vtp->setVar( $sub, 'permission.login', $row['username'] ); $vtp->closeSession( $sub, 'permission' ); } // is the user deletable or not ? - if ( $row['pseudo'] == 'visiteur' || $row['pseudo'] == $conf['webmaster'] ) + if ( $row['username'] == 'guest' + or $row['username'] == $conf['webmaster'] ) { $vtp->addSession( $sub, 'not_delete' ); $vtp->closeSession( $sub, 'not_delete' ); @@ -195,7 +204,7 @@ else $vtp->addSession( $sub, 'delete' ); $url = './admin.php?page=user_list&delete='.$row['id']; $vtp->setVar( $sub, 'delete.url', add_session_id( $url ) ); - $vtp->setVar( $sub, 'delete.login', $row['pseudo'] ); + $vtp->setVar( $sub, 'delete.login', $row['username'] ); $vtp->closeSession( $sub, 'delete' ); } $vtp->closeSession( $sub, 'user' ); diff --git a/admin/user_modify.php b/admin/user_modify.php index fad131d81..6e14589c3 100644 --- a/admin/user_modify.php +++ b/admin/user_modify.php @@ -18,11 +18,16 @@ include_once( './include/isadmin.inc.php' ); //----------------------------------------------------- template initialization $sub = $vtp->Open( '../template/'.$user['template'].'/admin/user_modify.vtp' ); $error = array(); -$tpl = array( 'user_err_modify', 'user_err_unknown' ); -templatize_array( $tpl, 'lang' ); +$tpl = array( 'adduser_info_message', 'adduser_info_back', 'adduser_fill_form', + 'login', 'new', 'password', 'mail_address', 'adduser_status', + 'submit', 'adduser_info_password_updated' ); +templatize_array( $tpl, 'lang', $sub ); //--------------------------------------------------------- form criteria check +$error = array(); $display_form = true; +// retrieving information in the database about the user identified by its +// id in $_GET['user_id'] $query = 'select'; $query.= ' username,status,mail_address'; $query.= ' from '.$prefixeTable.'users'; @@ -30,34 +35,95 @@ $query.= ' where id = '.$_GET['user_id']; $query.= ';'; $row = mysql_fetch_array( mysql_query( $query ) ); -$username = $row['username']; -$status = $row['status']; -$mail_address = $row['mail_address']; - -if ( $username == 'guest' - or ( $username == $conf['webmaster'] +// user is not modifiable if : +// 1. the selected user is the user "guest" +// 2. the selected user is the webmaster and the user making the modification +// is not the webmaster +if ( $row['username'] == 'guest' + or ( $row['username'] == $conf['webmaster'] and $user['username'] != $conf['webmaster'] ) ) { - $vtp->addSession( $sub, 'err_modify' ); - $vtp->closeSession( $sub, 'err_modify' ); + array_push( $error, $lang['user_err_modify'] ); $display_form = false; } -if ( $username == '' ) +// if the user was not found in the database, no modification possible +if ( $row['username'] == '' ) { - $vtp->addSession( $sub, 'err_unknown' ); - $vtp->closeSession( $sub, 'err_unknown' ); + array_push( $error, $lang['user_err_unknown'] ); $display_form = false; } -if ( $display_form and isset( $_POST['submit'] ) ) +if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) ) { + // shall we use a new password and overwrite the old one ? $use_new_password = false; if ( $_POST['use_new_pwd'] == 1) { $use_new_password = true; } - $error = update_user( - $_GET['user_id'], $_POST['mail_address'], $_POST['status'], - $use_new_password, $POST['password'] ); + $error = array_merge( $error, update_user( + $_GET['user_id'], $_POST['mail_address'], + $_POST['status'], $use_new_password, + $_POST['password'] ) ); +} +//-------------------------------------------------------------- errors display +if ( sizeof( $error ) != 0 ) +{ + $vtp->addSession( $sub, 'errors' ); + for ( $i = 0; $i < sizeof( $error ); $i++ ) + { + $vtp->addSession( $sub, 'li' ); + $vtp->setVar( $sub, 'li.li', $error[$i] ); + $vtp->closeSession( $sub, 'li' ); + } + $vtp->closeSession( $sub, 'errors' ); +} +//---------------------------------------------------------------- confirmation +if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) ) +{ + $vtp->addSession( $sub, 'confirmation' ); + $vtp->setVar( $sub, 'confirmation.username', $row['username'] ); + $url = add_session_id( './admin.php?page=user_list' ); + $vtp->setVar( $sub, 'confirmation.url', $url ); + $vtp->closeSession( $sub, 'confirmation' ); + if ( $use_new_pwd ) + { + $vtp->addSession( $sub, 'password_updated' ); + $vtp->closeSession( $sub, 'password_updated' ); + } + $display_form = false; +} +//------------------------------------------------------------------------ form +if ( $display_form ) +{ + $vtp->addSession( $sub, 'form' ); + $action = './admin.php?page=user_modify&user_id='.$_GET['user_id']; + $vtp->setVar( $sub, 'form.form_action', add_session_id( $action ) ); + $vtp->setVar( $sub, 'form.user:username', $row['username'] ); + $vtp->setVar( $sub, 'form.user:password', $_POST['password'] ); + $vtp->setVar( $sub, 'form.user:mail_address', $_POST['mail_address'] ); + + if ( !isset( $_POST['status'] ) ) + { + $_POST['status'] = 'guest'; + } + $option = get_enums( $prefixeTable.'users', 'status' ); + for ( $i = 0; $i < sizeof( $option ); $i++ ) + { + $vtp->addSession( $sub, 'status_option' ); + $vtp->setVar( $sub, 'status_option.value', $option[$i] ); + $vtp->setVar( $sub, 'status_option.option', + $lang['adduser_status_'.$option[$i]] ); + if( $option[$i] == $_POST['status'] ) + { + $vtp->setVar( $sub, 'status_option.selected', ' selected="selected"' ); + } + $vtp->closeSession( $sub, 'status_option' ); + } + $url = add_session_id( './admin.php?page=user_list' ); + $vtp->setVar( $sub, 'form.url_back', $url ); + $vtp->closeSession( $sub, 'form' ); } +//----------------------------------------------------------- sending html code +$vtp->Parse( $handle , 'sub', $sub ); ?>
\ No newline at end of file diff --git a/category.php b/category.php index 32cf0a361..6f36b1366 100644 --- a/category.php +++ b/category.php @@ -96,16 +96,17 @@ $tpl = array( 'categories','hint_category','sub-cat','images_available', 'favorite_cat_hint','favorite_cat','stats', 'most_visited_cat_hint','most_visited_cat','recent_cat', 'recent_cat_hint' ); -templatize_array( $tpl, 'lang' ); +templatize_array( $tpl, 'lang', $handle ); $tpl = array( 'mail_webmaster','webmaster','top_number','version','site_url' ); -templatize_array( $tpl, 'conf' ); +templatize_array( $tpl, 'conf', $handle ); -$tpl = array( 'short_period','long_period','style','lien_collapsed','pseudo' ); -templatize_array( $tpl, 'user' ); +$tpl = array( 'short_period','long_period','style','lien_collapsed', + 'username' ); +templatize_array( $tpl, 'user', $handle ); $tpl = array( 'title','navigation_bar','cat_comment','cat_nb_images' ); -templatize_array( $tpl, 'page' ); +templatize_array( $tpl, 'page', $handle ); // special global template vars $vtp->setGlobalVar( $handle, 'icon_short', get_icon( time() ) ); diff --git a/identification.php b/identification.php index d4c734939..ddbc2b932 100644 --- a/identification.php +++ b/identification.php @@ -1,9 +1,9 @@ <?php /*************************************************************************** - * identification.php is a part of PhpWebGallery * - * ------------------- * - * last update : Thursday, December 26, 2002 * - * email : pierrick@z0rglub.com * + * identification.php * + * ------------------ * + * application : PhpWebGallery 1.3 * + * author : Pierrick LE GALL <pierrick@z0rglub.com> * * * ***************************************************************************/ @@ -25,15 +25,15 @@ if ( isset( $_POST['login'] ) ) // retrieving the encrypted password of the login submitted $query = 'select password'; $query.= ' from '.$prefixeTable.'users'; - $query.= " where pseudo = '".$_POST['login']."';"; + $query.= " where username = '".$_POST['login']."';"; $row = mysql_fetch_array( mysql_query( $query ) ); if( $row['password'] == md5( $_POST['pass'] ) ) { $session_id = session_create( $_POST['login'] ); $url = 'category.php?id='.$session_id; - header( "Request-URI: $url" ); - header( "Content-Location: $url" ); - header( "Location: $url" ); + header( 'Request-URI: '.$url ); + header( 'Content-Location: '.$url ); + header( 'Location: '.$url ); exit(); } else @@ -77,17 +77,17 @@ if ( sizeof( $error ) != 0 ) } //------------------------------------------------------------------ users list // retrieving all the users login -$query = 'select pseudo from '.$prefixeTable.'users;'; +$query = 'select username from '.$prefixeTable.'users;'; $result = mysql_query( $query ); if ( mysql_num_rows ( $result ) < $conf['max_user_listbox'] ) { $vtp->addSession( $handle, 'select_field' ); while ( $row = mysql_fetch_array( $result ) ) { - if ( $row['pseudo'] != 'visiteur' ) + if ( $row['username'] != 'guest' ) { $vtp->addSession( $handle, 'option' ); - $vtp->setVar( $handle, 'option.option', $row['pseudo'] ); + $vtp->setVar( $handle, 'option.option', $row['username'] ); $vtp->closeSession( $handle, 'option' ); } } diff --git a/include/functions.inc.php b/include/functions.inc.php index 76c95e326..85db1eb76 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -20,6 +20,33 @@ include( 'functions_category.inc.php' ); //----------------------------------------------------------- generic functions +// get_enums returns an array containing the possible values of a enum field +// in a table of the database. +function get_enums( $table, $field ) +{ + // retrieving the properties of the table. Each line represents a field : + // columns are 'Field', 'Type' + $result=mysql_query("desc $table"); + while ( $row = mysql_fetch_array( $result ) ) + { + // we are only interested in the the field given in parameter for the + // function + if ( $row['Field']==$field ) + { + // retrieving possible values of the enum field + // enum('blue','green','black') + $option = explode( ',', substr($row['Type'], 5, -1 ) ); + for ( $i = 0; $i < sizeof( $option ); $i++ ) + { + // deletion of quotation marks + $option[$i] = str_replace( "'", '',$option[$i] ); + } + } + } + mysql_free_result( $result ); + return $option; +} + // get_boolean transforms a string to a boolean value. If the string is // "false" (case insensitive), then the boolean value false is returned. In // any other case, true is returned. @@ -54,9 +81,9 @@ function array_remove( $array, $value ) // are precised : e.g. 1052343429.89276600 function get_moment() { - $t1 = explode( " ", microtime() ); - $t2 = explode( ".", $t1[0] ); - $t2 = $t1[1].".".$t2[1]; + $t1 = explode( ' ', microtime() ); + $t2 = explode( '.', $t1[0] ); + $t2 = $t1[1].'.'.$t2[1]; return $t2; } @@ -273,9 +300,9 @@ function pwg_log( $file, $category, $picture = '' ) } } -function templatize_array( $array, $global_array_name ) +function templatize_array( $array, $global_array_name, $handle ) { - global $vtp, $handle, $lang, $page, $user, $conf; + global $vtp, $lang, $page, $user, $conf; for( $i = 0; $i < sizeof( $array ); $i++ ) { diff --git a/include/functions_category.inc.php b/include/functions_category.inc.php index 051e89f56..115ee434e 100644 --- a/include/functions_category.inc.php +++ b/include/functions_category.inc.php @@ -1,6 +1,6 @@ <?php /*************************************************************************** - * functions_category.inc.php * + * functions_category.inc.php * * -------------------- * * application : PhpWebGallery 1.3 * * author : Pierrick LE GALL <pierrick@z0rglub.com> * @@ -131,7 +131,7 @@ function display_cat( $id_uppercat, $indent, $restriction, $tab_expand ) { $url.= "&search=".$_GET['search']; } - $lien_cat = add_session_id_to_url( $url ); + $lien_cat = add_session_id( $url ); if ( $row['name'] == "" ) { $name = str_replace( "_", " ", $row['dir'] ); diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php index e85447221..722627dc7 100644 --- a/include/functions_session.inc.php +++ b/include/functions_session.inc.php @@ -48,10 +48,10 @@ function generate_key() return $key; } -function session_create( $pseudo ) +function session_create( $username ) { global $conf,$prefixeTable,$REMOTE_ADDR; - // 1. trouver une clé de session inexistante + // 1. searching an unused sesison key $id_found = false; while ( !$id_found ) { @@ -65,14 +65,13 @@ function session_create( $pseudo ) $id_found = true; } } - // 2. récupération de l'id de l'utilisateur dont le pseudo - // est passé en paramètre + // 2. retrieving id of the username given in parameter $query = 'select id'; $query.= ' from '.$prefixeTable.'users'; - $query.= " where pseudo = '".$pseudo."';"; + $query.= " where username = '".$username."';"; $row = mysql_fetch_array( mysql_query( $query ) ); $user_id = $row['id']; - // 3. insertion de la session dans la base de donnée + // 3. inserting session in database $expiration = $conf['session_time']*60+time(); $query = 'insert into '.$prefixeTable.'sessions'; $query.= ' (id,user_id,expiration,ip) values'; @@ -82,49 +81,28 @@ function session_create( $pseudo ) return $generated_id; } - -function add_session_id_to_url( $url, $redirect = false ) -{ - global $page, $user; - $amp = "&"; - if ( $redirect ) - { - $amp = "&"; - } - if ( !$user['is_the_guest'] ) - { - if ( ereg( "\.php\?",$url ) ) - { - return $url.$amp."id=".$page['session_id']; - } - else - { - return $url."?id=".$page['session_id']; - } - } - else - { - return $url; - } -} +// add_session_id adds the id of the session to the string given in +// parameter as $url. If the session id is the first parameter to the url, +// it is preceded by a '?', else it is preceded by a '&'. If the +// parameter $redirect is set to true, '&' is used instead of '&'. function add_session_id( $url, $redirect = false ) { global $page, $user; - $amp = "&"; + $amp = '&'; if ( $redirect ) { - $amp = "&"; + $amp = '&'; } if ( !$user['is_the_guest'] ) { - if ( ereg( "\.php\?",$url ) ) + if ( preg_match( '/\.php\?/',$url ) ) { - return $url.$amp."id=".$page['session_id']; + return $url.$amp.'id='.$page['session_id']; } else { - return $url."?id=".$page['session_id']; + return $url.'?id='.$page['session_id']; } } else diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 48160f113..03be22b1a 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -14,34 +14,39 @@ * the Free Software Foundation; * * * ***************************************************************************/ + +// validate_mail_address verifies whether the given mail address has the +// right format. ie someone@domain.com "someone" can contain ".", "-" or +// even "_". Exactly as "domain". The extension doesn't have to be +// "com". The mail address can also be empty. +// If the mail address doesn't correspond, an error message is returned. function validate_mail_address( $mail_address ) { global $lang; - $output = ''; - // le mail doit être conforme à qqch du type : nom@serveur.com - if ( $mail_address != '' - and !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)", - $mail_address ) ) + if ( $mail_address == '' ) { - $output = $lang['reg_err_mail_address']; + return ''; + } + $regex = '/^[\w-]+(\.[\w-]+)*@[\w-]+(\.[\w-]+)*\.[a-z]+$/'; + if ( !preg_match( $regex, $mail_address ) ) + { + return $lang['reg_err_mail_address']; } - - return $output; } -function register_user( $login, $password, $password_conf, - $mail_address, $status = 'visiteur' ) +function register_user( + $login, $password, $password_conf, $mail_address, $status = 'guest' ) { - global $prefixeTable; + global $prefixeTable, $lang; $error = array(); $i = 0; - // le login ne doit pas - // 1. être vide - // 2. commencer ou se terminer par un espace - // 3. comporter les caractères ' ou " - // 4. être déjà utilisé + // login must not + // 1. be empty + // 2. start ou end with space character + // 3. include ' or " characters + // 4. be already used if ( $login == '' ) { $error[$i++] = $lang['reg_err_login1']; @@ -62,15 +67,14 @@ function register_user( $login, $password, $password_conf, { $query = 'select id'; $query.= ' from '.$prefixeTable.'users'; - $query.= " where pseudo = '".$login."';"; + $query.= " where username = '".$login."';"; $result = mysql_query( $query ); if ( mysql_num_rows( $result ) > 0 ) { $error[$i++] = $lang['reg_err_login5']; } } - // on vérifie que le password rentré correspond bien - // à la confirmation faite par l'utilisateur + // given password must be the same as the confirmation if ( $password != $password_conf ) { $error[$i++] = $lang['reg_err_pass']; @@ -81,12 +85,11 @@ function register_user( $login, $password, $password_conf, { $error[$i++] = $error_mail_address; } - - // on enregistre le nouvel utilisateur si aucune - //erreur détectée dans les paramètres + + // if no error until here, registration of the user if ( sizeof( $error ) == 0 ) { - // 1.récupération des valeurs par défaut de l'application + // 1. retrieving default values, the ones of the user "guest" $infos = array( 'nb_image_line', 'nb_line_page', 'theme', 'language', 'maxwidth', 'maxheight', 'expand', 'show_nb_comments', 'short_period', 'long_period', 'template' ); @@ -104,17 +107,17 @@ function register_user( $login, $password, $password_conf, $query.= $infos[$i]; } $query.= ' from '.$prefixeTable.'users'; - $query.= " where pseudo = 'visiteur';"; + $query.= " where username = 'guest';"; $row = mysql_fetch_array( mysql_query( $query ) ); - // 2.ajout du nouvel utilisateur + // 2. adding new user $query = 'insert into '.$prefixeTable.'users'; $query.= ' ('; - $query.= ' pseudo,password,mail_address,status'; + $query.= ' username,password,mail_address,status'; for ( $i = 0; $i < sizeof( $infos ); $i++ ) { $query.= ','.$infos[$i]; } - $query.= ' values ('; + $query.= ') values ('; $query.= " '".$login."'"; $query.= ",'".md5( $password )."'"; if ( $mail_address != '' ) @@ -128,23 +131,30 @@ function register_user( $login, $password, $password_conf, $query.= ",'".$status."'"; for ( $i = 0; $i < sizeof( $infos ); $i++ ) { - $query.= ','.$row[$infos[$i]]; + $query.= ','; + if ( $row[$infos[$i]] == '' ) + { + $query.= 'NULL'; + } + else + { + $query.= "'".$row[$infos[$i]]."'"; + } } $query.= ');'; mysql_query( $query ); - // 3. récupérer l'identifiant de l'utilisateur nouvellement créé + // 3. retrieving the id of the newly created user $query = 'select id'; $query.= ' from '.$prefixeTable.'users'; - $query.= " where pseudo = '".$login."';"; + $query.= " where username = '".$login."';"; $row = mysql_fetch_array( mysql_query( $query ) ); $user_id = $row['id']; - // 4.ajouter les restrictions au nouvel utilisateur, - // les mêmes que celles de l'utilisateur par défaut + // 4. adding restrictions to the new user, the same as the user "guest" $query = 'select cat_id'; $query.= ' from '.$prefixeTable.'restrictions as r'; $query.= ','.$prefixeTable.'users as u '; $query.= ' where u.id = r.user_id'; - $query.= " and u.pseudo = 'visiteur';"; + $query.= " and u.username = 'guest';"; $result = mysql_query( $query ); while( $row = mysql_fetch_array( $result ) ) { @@ -190,6 +200,7 @@ function update_user( $user_id, $mail_address, $status, } $query.= ' where id = '.$user_id; $query.= ';'; + echo $query; mysql_query( $query ); } return $error; diff --git a/include/init.inc.php b/include/init.inc.php index 041545b3f..21a3ac8b0 100644 --- a/include/init.inc.php +++ b/include/init.inc.php @@ -29,9 +29,11 @@ $user['restrictions'] = get_restrictions( $user['id'], $user['status'], true ); $isadmin = false; include_once( './language/'.$user['language'].'.php' ); +// displaying the username in the language of the connected user, instead of +// "guest" as you can find in the database if ( $user['is_the_guest'] ) { - $user['pseudo'] = $lang['guest']; + $user['username'] = $lang['guest']; } include_once( './template/'.$user['template'].'/style.inc.php' ); include_once( './template/'.$user['template'].'/htmlfunctions.inc.php' ); diff --git a/include/user.inc.php b/include/user.inc.php index b323385e7..3a95e08ab 100644 --- a/include/user.inc.php +++ b/include/user.inc.php @@ -1,9 +1,9 @@ <?php /*************************************************************************** - * user.inc.php is a part of PhpWebGallery * - * ------------------- * - * last update : Saturday, October 26, 2002 * - * email : pierrick@z0rglub.com * + * user.inc.php * + * ------------------ * + * application : PhpWebGallery 1.3 * + * author : Pierrick LE GALL <pierrick@z0rglub.com> * * * *************************************************************************** @@ -19,7 +19,7 @@ // Each field becomes an information of the array $user. // Example : // status --> $user['status'] -$infos = array( 'id', 'pseudo', 'mail_address', 'nb_image_line', +$infos = array( 'id', 'username', 'mail_address', 'nb_image_line', 'nb_line_page', 'status', 'theme', 'language', 'maxwidth', 'maxheight', 'expand', 'show_nb_comments', 'short_period', 'long_period', 'template' ); @@ -71,7 +71,7 @@ if ( isset( $_GET['id'] ) } if ( !$query_done ) { - $query_user .= " where pseudo = 'visiteur'"; + $query_user .= ' where id = 2'; $user['is_the_guest'] = true; } $query_user .= ';'; diff --git a/language/francais.php b/language/francais.php index f760c9622..ceea46d63 100644 --- a/language/francais.php +++ b/language/francais.php @@ -14,6 +14,7 @@ $lang['date'] = 'date'; $lang['no'] = 'non'; $lang['yes'] = 'oui'; $lang['guest'] = 'visiteur'; +$lang['mail_address'] = 'adresse mail'; // end version 1.3 // page diapo @@ -172,7 +173,9 @@ $lang['reg_err_login4'] = 'le pseudo ne doit pas comporter les caractère " et \' $lang['reg_err_login5'] = 'ce pseudo est déjà utilisé'; $lang['reg_err_pass'] = 'veuillez retaper le mot de passe'; $lang['reg_confirm'] = 'confirmer'; -$lang['reg_mail_address'] = 'adresse mail'; +// start version 1.3 +// $lang['reg_mail_address'] = 'adresse mail'; +// end version 1.3 $lang['reg_err_mail_address'] = 'l\'adresse mail doit être de la forme xxx@yyy.eee (exemple : jack@altern.org)'; // page search @@ -201,7 +204,11 @@ $lang['upload_successful'] = 'Image uploadée avec succès, un administrateur vali if ( $isadmin ) { // page admin - $lang['title_add'] = 'Ajouter/Modifier un utilisateur'; +// start version 1.3 +// $lang['title_add'] = 'Ajouter/Modifier un utilisateur'; + $lang['title_add'] = 'Ajouter un utilisateur'; + $lang['title_modify'] = 'Modifier un utilisateur'; +// end version 1.3 $lang['title_liste_users'] = 'Liste des utilisateurs'; $lang['title_history'] = 'Historique'; $lang['title_update'] = 'Mise à jour de la base de données'; @@ -342,24 +349,29 @@ if ( $isadmin ) $lang['user_err_unknown'] = 'Cet utilisateur n\'existe pas dans la base de données'; // page d\'ajout/modification d\'utilisateur - - $lang['reg_err_login1'] = 'veuillez rentrer un pseudo'; - $lang['reg_err_login2'] = 'le pseudo ne doit pas se terminer par un espace'; - $lang['reg_err_login3'] = 'le pseudo ne doit pas commencer par un espace'; - $lang['reg_err_login4'] = 'le pseudo ne doit pas comporter les caractère " et \''; - $lang['reg_err_login5'] = 'ce pseudo est déjà utilisé'; +// start version 1.3 +// $lang['reg_err_login1'] = 'veuillez rentrer un pseudo'; +// $lang['reg_err_login2'] = 'le pseudo ne doit pas se terminer par un espace'; +// $lang['reg_err_login3'] = 'le pseudo ne doit pas commencer par un espace'; +// $lang['reg_err_login4'] = 'le pseudo ne doit pas comporter les caractère " et \''; +// $lang['reg_err_login5'] = 'ce pseudo est déjà utilisé'; - $lang['adduser_err_message'] = 'Vous avez commis des erreurs au nombre de '; +// $lang['adduser_err_message'] = 'Vous avez commis des erreurs au nombre de '; +// end version 1.3 $lang['adduser_info_message'] = 'Informations enregistrées dans la base de données concernant '; $lang['adduser_info_password_updated'] = '(mot de passe modifié)'; $lang['adduser_info_back'] = 'retour liste utilisateurs'; $lang['adduser_fill_form'] = 'Veuillez remplir les champs suivants'; - $lang['adduser_login'] = 'pseudo'; +// start version 1.3 +// $lang['adduser_login'] = 'pseudo'; +// end version 1.3 $lang['adduser_unmodify'] = 'non modifiable'; $lang['adduser_status'] = 'status'; $lang['adduser_status_admin'] = 'admin'; - $lang['adduser_status_member'] = 'membre'; +// start version 1.3 +// $lang['adduser_status_member'] = 'membre'; +// end version 1.3 $lang['adduser_status_guest'] = 'visiteur'; // page permissions diff --git a/profile.php b/profile.php index 1f3d63828..b72e6db6a 100644 --- a/profile.php +++ b/profile.php @@ -152,12 +152,8 @@ $vtp->setGlobalVar( $handle, 'password', $lang['password'] ); $vtp->setGlobalVar( $handle, 'new', $lang['new'] ); $vtp->setGlobalVar( $handle, 'reg_confirm', $lang['reg_confirm'] ); $vtp->setGlobalVar( $handle, 'submit', $lang['submit'] ); -// user -$vtp->setGlobalVar( $handle, 'page_style', $user['style'] ); -// structure -$vtp->setGlobalVar( $handle, 'frame_start', get_frame_start() ); -$vtp->setGlobalVar( $handle, 'frame_begin', get_frame_begin() ); -$vtp->setGlobalVar( $handle, 'frame_end', get_frame_end() ); + +initialize_template(); //----------------------------------------------------------------- form action $url = './profile.php?cat='.$page['cat'].'&expand='.$page['expand']; if ( $page['cat'] == 'search' ) @@ -328,7 +324,7 @@ if ( in_array( 'maxheight', $infos ) ) if ( in_array( 'mail_address', $infos ) ) { $vtp->addSession( $handle, 'line' ); - $vtp->setVar( $handle, 'line.name', $lang['reg_mail_address'] ); + $vtp->setVar( $handle, 'line.name', $lang['mail_address'] ); $vtp->addSession( $handle, 'text' ); $vtp->setVar( $handle, 'text.name', 'mail_address' ); $vtp->setVar( $handle, 'text.value', $user['mail_address'] ); diff --git a/template/default/admin/user_add.vtp b/template/default/admin/user_add.vtp new file mode 100644 index 000000000..8cfe05bf1 --- /dev/null +++ b/template/default/admin/user_add.vtp @@ -0,0 +1,58 @@ +<!--VTP_errors--> +<div class="errors"> + <ul> + <!--VTP_li--> + <li>{#li}</li> + <!--/VTP_li--> + </ul> +</div> +<!--/VTP_errors--> +<!--VTP_confirmation--> +<div class="info"> + {#adduser_info_message} "{#username}" + [ <a href="{#url}">{#adduser_info_back}</a> ] +</div> +<!--/VTP_confirmation--> +<form method="post" action="{#form_action}"> + <table style="width:100%;"> + <tr align="center" valign="middle"> + <td> + <table style="margin-left:auto;margin-right:auto;"> + <tr> + <th colspan="2">{#adduser_fill_form}</th> + </tr> + <tr> + <td colspan="2"><div style="margin-bottom:0px;"> </div></td> + </tr> + <tr> + <td>{#login}</td> + <td><input type="text" name="username" value="{#user:username}" /></td> + </tr> + <tr> + <td>{#password}</td> + <td><input type="text" name="password" value="{#user:password}" /></td> + </tr> + <tr> + <td>{#mail_address}</td> + <td><input type="text" name="mail_address" value="{#user:mail_address}" /></td> + </tr> + <tr> + <td>{#adduser_status}</td> + <td> + <select name="status"> + <!--VTP_status_option--> + <option value="{#value}"{#selected}>{#option}</option> + <!--/VTP_status_option--> + </select> + </td> + </tr> + <tr> + <td colspan="2" align="center"> + <input type="submit" name="submit" value="{#submit}" /> + </td> + </tr> + </table> + </td> + </tr> + </table> +</form>
\ No newline at end of file diff --git a/template/default/admin/user_modify.vtp b/template/default/admin/user_modify.vtp new file mode 100644 index 000000000..53844d64f --- /dev/null +++ b/template/default/admin/user_modify.vtp @@ -0,0 +1,66 @@ +<!--VTP_errors--> +<div class="errors"> + <ul> + <!--VTP_li--> + <li>{#li}</li> + <!--/VTP_li--> + </ul> +</div> +<!--/VTP_errors--> +<!--VTP_confirmation--> +<div class="info"> + {#adduser_info_message} "{#username}" + <!--VTP_password_updated--> + {#adduser_info_password_updated} + <!--/VTP_password_updated--> + [ <a href="{#url}">{#adduser_info_back}</a> ] +</div> +<!--/VTP_confirmation--> +<!--VTP_form--> +<form method="post" action="{#form_action}"> + <table style="width:100%;"> + <tr align="center" valign="middle"> + <td> + <table style="margin-left:auto;margin-right:auto;"> + <tr> + <th colspan="2">{#adduser_fill_form}</th> + </tr> + <tr> + <td colspan="2"><div style="margin-bottom:0px;"> </div></td> + </tr> + <tr> + <td>{#login}</td> + <td style="color:red;text-align:center;">{#user:username}</td> + </tr> + <tr> + <td>{#new} {#password}<input type="checkbox" name="use_new_pwd" value="1" /></td> + <td><input type="text" name="password" value="{#user:password}" /></td> + </tr> + <tr> + <td>{#mail_address}</td> + <td><input type="text" name="mail_address" value="{#user:mail_address}" /></td> + </tr> + <tr> + <td>{#adduser_status}</td> + <td> + <select name="status"> + <!--VTP_status_option--> + <option value="{#value}"{#selected}>{#option}</option> + <!--/VTP_status_option--> + </select> + </td> + </tr> + <tr> + <td colspan="2" align="center"> + <input type="submit" name="submit" value="{#submit}" /> + </td> + </tr> + </table> + </td> + </tr> + </table> +</form> +<div class="info"> + [ <a href="{#url_back}">{#adduser_info_back}</a> ] +</div> +<!--/VTP_form-->
\ No newline at end of file diff --git a/template/default/category.vtp b/template/default/category.vtp index 2cf06e234..975a48a18 100644 --- a/template/default/category.vtp +++ b/template/default/category.vtp @@ -87,7 +87,7 @@ <td align="right"> {#frame_start}1%{#frame_begin} <div class="info"> - {#connected_user} {#pseudo}<br /> + {#connected_user} {#username}<br /> {#recent_image} {#short_period} {#days} {#icon_short}<br /> {#recent_image} {#long_period} {#days} |