From b263f0c996eac52afc222b99fb1e9bcb6b064d65 Mon Sep 17 00:00:00 2001
From: rub <rub@piwigo.org>
Date: Wed, 8 Mar 2006 23:14:53 +0000
Subject: Step 1 improvement issue 0000301:   o Change status of table
 #_user_infos   o Don't send password to webmaster, guest, generic

Next Step:
  o Functions Check of status
  o Restricted Access for user generic

git-svn-id: http://piwigo.org/svn/trunk@1070 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 admin/include/functions.php              |   2 +-
 admin/include/isadmin.inc.php            |   2 +-
 admin/mailtousers.php                    |  18 +++---
 admin/user_list.php                      |   4 +-
 category.php                             |   4 +-
 include/common.inc.php                   |   2 +-
 include/functions.inc.php                |   2 +-
 include/functions_notification.inc.php   |   2 +-
 include/functions_user.inc.php           |  15 ++++-
 install/db/12-database.php               | 103 +++++++++++++++++++++++++++++++
 install/phpwebgallery_structure.sql      |   3 +-
 language/en_UK.iso-8859-1/admin.lang.php |   5 +-
 language/fr_FR.iso-8859-1/admin.lang.php |   5 +-
 password.php                             |   8 ++-
 picture.php                              |  18 +++---
 15 files changed, 160 insertions(+), 33 deletions(-)
 create mode 100644 install/db/12-database.php

diff --git a/admin/include/functions.php b/admin/include/functions.php
index f40b0e52f..9a748ef44 100644
--- a/admin/include/functions.php
+++ b/admin/include/functions.php
@@ -1230,7 +1230,7 @@ SELECT user_id
     {
       $insert = array();
       $insert['user_id'] = $user_id;
-      $insert['status'] = 'guest';
+      $insert['status'] = 'normal';
       $insert['template'] = $conf['default_template'];
       $insert['nb_image_line'] = $conf['nb_image_line'];
       $insert['nb_line_page'] = $conf['nb_line_page'];
diff --git a/admin/include/isadmin.inc.php b/admin/include/isadmin.inc.php
index 569fa1f94..eac0b295c 100644
--- a/admin/include/isadmin.inc.php
+++ b/admin/include/isadmin.inc.php
@@ -27,7 +27,7 @@
 
 include( PHPWG_ROOT_PATH.'admin/include/functions.php' );
 
-if ($user['status'] != 'admin')
+if (!is_admin())
 {
   echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />';
   echo '<a href="'.PHPWG_ROOT_PATH.'identification.php">'.$lang['identification'].'</a></div>';
diff --git a/admin/mailtousers.php b/admin/mailtousers.php
index b1d402580..97cb51048 100644
--- a/admin/mailtousers.php
+++ b/admin/mailtousers.php
@@ -77,16 +77,18 @@ where
  */
 function update_data_user_mail_notification()
 {
-/*  $query = '
-insert into '.USER_MAIL_NOTIFICATION_TABLE.'
-  (user_id, enabled)
-  (select id, \'false\' from '.USERS_TABLE.'
-  where mail_address is not null and id not in (select user_id from '.USER_MAIL_NOTIFICATION_TABLE.'))
-;';
-  pwg_query($query);*/
-
   global $conf, $page;
 
+  // Set null mail_address empty
+  $query = '
+update 
+  '.USERS_TABLE.'
+set
+  mail_address = null
+where
+  trim(mail_address) = \'\';';
+  pwg_query($query);
+
   $query = '
 select
   id user_id, username, mail_address
diff --git a/admin/user_list.php b/admin/user_list.php
index 64890e06b..4459955e0 100644
--- a/admin/user_list.php
+++ b/admin/user_list.php
@@ -377,7 +377,7 @@ DELETE FROM '.USER_GROUP_TABLE.'
       // Webmaster status must not be changed
       if ($conf['webmaster_id'] == $user_id and isset($data['status']))
       {
-        $data['status'] = 'admin';
+        $data['status'] = 'webmaster';
       }
       
       array_push($datas, $data);
@@ -649,7 +649,7 @@ foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
   {
     $selected = $_POST['status'] == $status ? 'selected="selected"' : '';
   }
-  else if ('guest' == $status)
+  else if ('normal' == $status)
   {
     $selected = 'selected="selected"';
   }
diff --git a/category.php b/category.php
index 898b48bf7..c10269bf8 100644
--- a/category.php
+++ b/category.php
@@ -368,7 +368,7 @@ else
     $template->assign_block_vars('logout', array());
   }
 
-  if ('admin' == $user['status'])
+  if (is_admin())
   {
     $template->assign_block_vars('admin', array());
   }
@@ -408,7 +408,7 @@ $template->assign_block_vars(
 
 if (isset($page['cat'])
     and is_numeric($page['cat'])
-    and 'admin' == $user['status'])
+    and is_admin())
 {
   $template->assign_block_vars(
     'edit',
diff --git a/include/common.inc.php b/include/common.inc.php
index e0c564033..e2204cc8e 100644
--- a/include/common.inc.php
+++ b/include/common.inc.php
@@ -208,7 +208,7 @@ if ($conf['gallery_locked'])
   echo '</div>';
 
   if ( basename($_SERVER["PHP_SELF"]) != 'identification.php'
-      and $user['status'] != 'admin' )
+      and !is_admin() )
   {
     exit();
   }
diff --git a/include/functions.inc.php b/include/functions.inc.php
index 5dc764193..205b61a70 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -355,7 +355,7 @@ function pwg_log( $file, $category, $picture = '' )
 
   if ($conf['log'])
   {
-   if ( ($conf['history_admin'] ) or  ( (! $conf['history_admin'])  and ($user['status'] != 'admin')  ) )
+   if ( ($conf['history_admin'] ) or  ( (! $conf['history_admin'])  and (!is_admin())  ) )
 	  {
     $login = ($user['id'] == $conf['guest_id'])
       ? 'guest' : addslashes($user['username']);
diff --git a/include/functions_notification.inc.php b/include/functions_notification.inc.php
index 819dd3517..6ac995bb8 100644
--- a/include/functions_notification.inc.php
+++ b/include/functions_notification.inc.php
@@ -192,7 +192,7 @@ function news($start, $end)
                               $nb_updated_categories));
   }
   
-  if ('admin' == $user['status'])
+  if (is_admin())
   {
     $nb_unvalidated_comments = count(unvalidated_comments($end));
     if ($nb_unvalidated_comments > 0)
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index af695718a..64b12dfab 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -292,7 +292,7 @@ SELECT id
   }
 
   // if user is not an admin, locked categories can be considered as private$
-  if ($user_status != 'admin')
+  if (!is_admin())
   {
     $query = '
 SELECT id
@@ -439,7 +439,7 @@ function create_user_infos($user_id)
   $insert =
     array(
       'user_id' => $user_id,
-      'status' => $user_id == $conf['webmaster_id'] ? 'admin' : 'guest',
+      'status' => $user_id == $conf['webmaster_id'] ? 'admin' : 'normal',
       'template' => $conf['default_template'],
       'nb_image_line' => $conf['nb_image_line'],
       'nb_line_page' => $conf['nb_line_page'],
@@ -536,4 +536,15 @@ function log_user($user_id, $remember_me)
   $_SESSION['id'] = $user_id;
 }
 
+/*
+ * Return if current is an administrator
+ * @return bool
+*/
+function is_admin()
+{
+  global $user;
+  
+  return ($user['status'] == 'webmaster' or $user['status'] == 'admin') ? true : false;
+}
+
 ?>
\ No newline at end of file
diff --git a/install/db/12-database.php b/install/db/12-database.php
new file mode 100644
index 000000000..3e6ed0200
--- /dev/null
+++ b/install/db/12-database.php
@@ -0,0 +1,103 @@
+<?php
+// +-----------------------------------------------------------------------+
+// | PhpWebGallery - a PHP based picture gallery                           |
+// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
+// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
+// +-----------------------------------------------------------------------+
+// | branch        : BSF (Best So Far)
+// | file          : $RCSfile$
+// | last update   : $Date: 2005-09-21 00:04:57 +0200 (mer, 21 sep 2005) $
+// | last modifier : $Author: plg $
+// | revision      : $Revision: 870 $
+// +-----------------------------------------------------------------------+
+// | This program is free software; you can redistribute it and/or modify  |
+// | it under the terms of the GNU General Public License as published by  |
+// | the Free Software Foundation                                          |
+// |                                                                       |
+// | This program is distributed in the hope that it will be useful, but   |
+// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
+// | General Public License for more details.                              |
+// |                                                                       |
+// | You should have received a copy of the GNU General Public License     |
+// | along with this program; if not, write to the Free Software           |
+// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
+// | USA.                                                                  |
+// +-----------------------------------------------------------------------+
+
+if (!defined('PHPWG_ROOT_PATH'))
+{
+  die('Hacking attempt!');
+}
+
+$upgrade_description = 'Field "Status" Table #user_infos changed';
+
+include_once(PHPWG_ROOT_PATH.'include/constants.php');
+include(PHPWG_ROOT_PATH . 'include/config_default.inc.php');
+@include(PHPWG_ROOT_PATH. 'include/config_local.inc.php');
+
+// +-----------------------------------------------------------------------+
+// |                            Upgrade content                            |
+// +-----------------------------------------------------------------------+
+
+echo "Alter table ".USER_INFOS_TABLE;
+$query = "
+alter table ".USER_INFOS_TABLE."
+  modify column `status` enum('webmaster', 'admin', 'normal', 'generic', 'guest') NOT NULL default 'guest'
+;";
+pwg_query($query);
+
+echo "Define webmaster";
+$query = '
+update
+  '.USER_INFOS_TABLE.'
+set status = \'webmaster\'
+where
+  user_id = '.$conf['webmaster_id'].' and status = \'admin\'
+;';
+$result = pwg_query($query);
+
+echo "Define normal";
+$query = '
+select
+  user_id
+from
+  '.USER_INFOS_TABLE.'
+where
+  user_id != '.$conf['guest_id'].' and status = \'guest\'
+;';
+$result = pwg_query($query);
+
+$datas = array();
+
+while ($row = mysql_fetch_array($result))
+{
+  array_push(
+    $datas,
+    array(
+      'user_id'    => $row['user_id'],
+      'status' => 'normal'
+      )
+    );
+}
+
+mass_updates(
+  USER_INFOS_TABLE,
+  array(
+    'primary' => array('user_id'),
+    'update'  => array('status')
+    ),
+  $datas
+  );
+
+// +-----------------------------------------------------------------------+
+// |                           End notification                            |
+// +-----------------------------------------------------------------------+
+
+echo
+"\n"
+.'Column '.USER_INFOS_TABLE.'.status changed'
+."\n"
+;
+
+?>
diff --git a/install/phpwebgallery_structure.sql b/install/phpwebgallery_structure.sql
index 208f195dd..841aed340 100644
--- a/install/phpwebgallery_structure.sql
+++ b/install/phpwebgallery_structure.sql
@@ -1,4 +1,5 @@
 -- MySQL dump 9.11
+-- MySQL dump 9.11
 --
 -- Host: localhost    Database: pwg-bsf
 -- ------------------------------------------------------
@@ -294,7 +295,7 @@ CREATE TABLE `phpwebgallery_user_infos` (
   `user_id` smallint(5) NOT NULL default '0',
   `nb_image_line` tinyint(1) unsigned NOT NULL default '5',
   `nb_line_page` tinyint(3) unsigned NOT NULL default '3',
-  `status` enum('admin','guest') NOT NULL default 'guest',
+  `status` enum('webmaster', 'admin', 'normal', 'generic', 'guest') NOT NULL default 'guest',
   `language` varchar(50) NOT NULL default 'english',
   `maxwidth` smallint(6) default NULL,
   `maxheight` smallint(6) default NULL,
diff --git a/language/en_UK.iso-8859-1/admin.lang.php b/language/en_UK.iso-8859-1/admin.lang.php
index 3411c5884..98fdf37a5 100644
--- a/language/en_UK.iso-8859-1/admin.lang.php
+++ b/language/en_UK.iso-8859-1/admin.lang.php
@@ -392,8 +392,11 @@ $lang['user_delete'] = 'Delete user';
 $lang['user_delete_hint'] = 'Click here to delete this user. Warning! This operation cannot be undone!';
 $lang['user_id URL parameter is missing'] = 'user_id URL parameter is missing';
 $lang['user_status'] = 'User status';
+$lang['user_status_webmaster'] = 'Webmaster';
 $lang['user_status_admin'] = 'Administrator';
-$lang['user_status_guest'] = 'User';
+$lang['user_status_normal'] = 'User';
+$lang['user_status_generic'] = 'Generic';
+$lang['user_status_guest'] = 'Guest';
 $lang['username'] = 'username';
 $lang['users'] = 'Users';
 $lang['visitors'] = 'Visitors';
diff --git a/language/fr_FR.iso-8859-1/admin.lang.php b/language/fr_FR.iso-8859-1/admin.lang.php
index a4474fdba..c13dfda82 100644
--- a/language/fr_FR.iso-8859-1/admin.lang.php
+++ b/language/fr_FR.iso-8859-1/admin.lang.php
@@ -392,8 +392,11 @@ $lang['user_delete'] = 'Supprimer utilisateur';
 $lang['user_delete_hint'] = 'Cliquer ici pour supprimer cet utilisateur. Attention :  cette opération ne peut pas être annulée !';
 $lang['user_id URL parameter is missing'] = 'le paramètre d\'URL "user_id" manque';
 $lang['user_status'] = 'Statut de l\'utilisateur';
+$lang['user_status_webmaster'] = 'Webmestre';
 $lang['user_status_admin'] = 'Administrateur';
-$lang['user_status_guest'] = 'Visiteur';
+$lang['user_status_normal'] = 'Visiteur';
+$lang['user_status_generic'] = 'Générique';
+$lang['user_status_guest'] = 'Invité';
 $lang['username'] = 'nom utilisateur';
 $lang['users'] = 'Utilisateurs';
 $lang['visitors'] = 'Visiteurs';
diff --git a/password.php b/password.php
index 87a568f3c..3a15d270f 100644
--- a/password.php
+++ b/password.php
@@ -69,8 +69,12 @@ SELECT '.$conf['user_fields']['email'].'
 SELECT '.$conf['user_fields']['id'].' AS id
      , '.$conf['user_fields']['username'].' AS username
      , '.$conf['user_fields']['email'].' AS email
-  FROM '.USERS_TABLE.'
-  WHERE '.$conf['user_fields']['email'].' = \''.$mail_address.'\'
+FROM '.USERS_TABLE.' as u
+  INNER JOIN '.USER_INFOS_TABLE.' AS ui
+      ON u.'.$conf['user_fields']['id'].' = ui.user_id
+WHERE '
+  .$conf['user_fields']['email'].' = \''.$mail_address.'\' AND
+  ui.status not in (\'guest\', \'generic\', \'webmaster\')
 ;';
     $result = pwg_query($query);
 
diff --git a/picture.php b/picture.php
index 622955019..9f2e4a113 100644
--- a/picture.php
+++ b/picture.php
@@ -114,7 +114,7 @@ if ( count(array_intersect(
 }
 
 //-------------------------------------------------------------- representative
-if ('admin' == $user['status'] and isset($_GET['representative']))
+if (is_admin() and isset($_GET['representative']))
 {
   $query = '
 UPDATE '.CATEGORIES_TABLE.'
@@ -480,7 +480,7 @@ if ( isset( $_POST['content'] ) && !empty($_POST['content']) )
       $data{'image_id'} = $_GET['image_id'];
       $data{'content'} = htmlspecialchars( $_POST['content'], ENT_QUOTES);
 
-      if (!$conf['comments_validation'] or $user['status'] == 'admin')
+      if (!$conf['comments_validation'] or is_admin())
       {
         $data{'validated'} = 'true';
         $data{'validation_date'} = $dbnow;
@@ -498,9 +498,9 @@ if ( isset( $_POST['content'] ) && !empty($_POST['content']) )
       // information message
       $message = $lang['comment_added'];
 
-      if (!$conf['comments_validation'] or $user['status'] == 'admin')
+      if (!$conf['comments_validation'] or is_admin())
 
-      if ( $conf['comments_validation'] and $user['status'] != 'admin' )
+      if ( $conf['comments_validation'] and !is_admin() )
       {
         $message.= '<br />'.$lang['comment_to_validate'];
       }
@@ -519,7 +519,7 @@ if ( isset( $_POST['content'] ) && !empty($_POST['content']) )
 // comment deletion
 if ( isset( $_GET['del'] )
      and is_numeric( $_GET['del'] )
-     and $user['status'] == 'admin' )
+     and is_admin() )
 {
   $query = 'DELETE FROM '.COMMENTS_TABLE;
   $query.= ' WHERE id = '.$_GET['del'];
@@ -686,7 +686,7 @@ if (isset($picture['current']['high']))
   );
 }
 // button to set the current picture as representative
-if ('admin' == $user['status'] and
+if (is_admin() and
     isset($page['cat']) and is_numeric($page['cat']))
 {
   $template->assign_block_vars(
@@ -700,7 +700,7 @@ if ('admin' == $user['status'] and
     );
 }
 
-if ('admin' == $user['status'])
+if (is_admin())
 {
   $template->assign_block_vars(
     'caddie',
@@ -752,7 +752,7 @@ if ( !$user['is_the_guest'] )
   }
 }
 //------------------------------------ admin link for information modifications
-if ( $user['status'] == 'admin' )
+if ( is_admin() )
 {
   $template->assign_block_vars('admin', array());
 }
@@ -1152,7 +1152,7 @@ if ($page['show_comments'])
     'COMMENT'=>parse_comment_content($row['content'])
     ));
 
-      if ( $user['status'] == 'admin' )
+      if ( is_admin() )
       {
         $template->assign_block_vars(
           'comments.comment.delete',
-- 
cgit v1.2.3