Step 1 improvement issue 0000301:

o Change status of table #_user_infos o Don't send password to webmaster, guest, generic Next Step: o Functions Check of status o Restricted Access for user generic git-svn-id: http://piwigo.org/svn/trunk@1070 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-03-08 23:14:53 +00:00 · 2006-03-08 23:14:53 +00:00 · b263f0c996
commit b263f0c996
parent cba56c06ed
15 changed files with 160 additions and 33 deletions
--- a/admin/include/functions.php
+++ b/admin/include/functions.php
@ -1230,7 +1230,7 @@ SELECT user_id
    {
      $insert = array();
      $insert['user_id'] = $user_id;
-      $insert['status'] = 'guest';
+      $insert['status'] = 'normal';
      $insert['template'] = $conf['default_template'];
      $insert['nb_image_line'] = $conf['nb_image_line'];
      $insert['nb_line_page'] = $conf['nb_line_page'];
--- a/admin/include/isadmin.inc.php
+++ b/admin/include/isadmin.inc.php
@ -27,7 +27,7 @@

 include( PHPWG_ROOT_PATH.'admin/include/functions.php' );

-if ($user['status'] != 'admin')
+if (!is_admin())
 {
  echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />';
  echo '<a href="'.PHPWG_ROOT_PATH.'identification.php">'.$lang['identification'].'</a></div>';
--- a/admin/mailtousers.php
+++ b/admin/mailtousers.php
@ -77,16 +77,18 @@ where
 */
 function update_data_user_mail_notification()
 {
-/*  $query = '
-insert into '.USER_MAIL_NOTIFICATION_TABLE.'
-  (user_id, enabled)
-  (select id, \'false\' from '.USERS_TABLE.'
-  where mail_address is not null and id not in (select user_id from '.USER_MAIL_NOTIFICATION_TABLE.'))
-;';
-  pwg_query($query);*/
-
  global $conf, $page;

+  // Set null mail_address empty
+  $query = '
+update 
+  '.USERS_TABLE.'
+set
+  mail_address = null
+where
+  trim(mail_address) = \'\';';
+  pwg_query($query);
+
  $query = '
 select
  id user_id, username, mail_address
--- a/admin/user_list.php
+++ b/admin/user_list.php
@ -377,7 +377,7 @@ DELETE FROM '.USER_GROUP_TABLE.'
      // Webmaster status must not be changed
      if ($conf['webmaster_id'] == $user_id and isset($data['status']))
      {
-        $data['status'] = 'admin';
+        $data['status'] = 'webmaster';
      }
      
      array_push($datas, $data);
@ -649,7 +649,7 @@ foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
  {
    $selected = $_POST['status'] == $status ? 'selected="selected"' : '';
  }
-  else if ('guest' == $status)
+  else if ('normal' == $status)
  {
    $selected = 'selected="selected"';
  }
--- a/category.php
+++ b/category.php
@ -368,7 +368,7 @@ else
    $template->assign_block_vars('logout', array());
  }

-  if ('admin' == $user['status'])
+  if (is_admin())
  {
    $template->assign_block_vars('admin', array());
  }
@ -408,7 +408,7 @@ $template->assign_block_vars(

 if (isset($page['cat'])
    and is_numeric($page['cat'])
-    and 'admin' == $user['status'])
+    and is_admin())
 {
  $template->assign_block_vars(
    'edit',
--- a/include/common.inc.php
+++ b/include/common.inc.php
@ -208,7 +208,7 @@ if ($conf['gallery_locked'])
  echo '</div>';

  if ( basename($_SERVER["PHP_SELF"]) != 'identification.php'
-      and $user['status'] != 'admin' )
+      and !is_admin() )
  {
    exit();
  }
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@ -355,7 +355,7 @@ function pwg_log( $file, $category, $picture = '' )

  if ($conf['log'])
  {
-   if ( ($conf['history_admin'] ) or  ( (! $conf['history_admin'])  and ($user['status'] != 'admin')  ) )
+   if ( ($conf['history_admin'] ) or  ( (! $conf['history_admin'])  and (!is_admin())  ) )
 	  {
    $login = ($user['id'] == $conf['guest_id'])
      ? 'guest' : addslashes($user['username']);
--- a/include/functions_notification.inc.php
+++ b/include/functions_notification.inc.php
@ -192,7 +192,7 @@ function news($start, $end)
                              $nb_updated_categories));
  }
  
-  if ('admin' == $user['status'])
+  if (is_admin())
  {
    $nb_unvalidated_comments = count(unvalidated_comments($end));
    if ($nb_unvalidated_comments > 0)
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@ -292,7 +292,7 @@ SELECT id
  }

  // if user is not an admin, locked categories can be considered as private$
-  if ($user_status != 'admin')
+  if (!is_admin())
  {
    $query = '
 SELECT id
@ -439,7 +439,7 @@ function create_user_infos($user_id)
  $insert =
    array(
      'user_id' => $user_id,
-      'status' => $user_id == $conf['webmaster_id'] ? 'admin' : 'guest',
+      'status' => $user_id == $conf['webmaster_id'] ? 'admin' : 'normal',
      'template' => $conf['default_template'],
      'nb_image_line' => $conf['nb_image_line'],
      'nb_line_page' => $conf['nb_line_page'],
@ -536,4 +536,15 @@ function log_user($user_id, $remember_me)
  $_SESSION['id'] = $user_id;
 }

+/*
+ * Return if current is an administrator
+ * @return bool
+*/
+function is_admin()
+{
+  global $user;
+  
+  return ($user['status'] == 'webmaster' or $user['status'] == 'admin') ? true : false;
+}
+
 ?>
--- a/install/db/12-database.php
+++ b/install/db/12-database.php
@ -0,0 +1,103 @@
+<?php
+// +-----------------------------------------------------------------------+
+// | PhpWebGallery - a PHP based picture gallery                           |
+// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
+// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
+// +-----------------------------------------------------------------------+
+// | branch        : BSF (Best So Far)
+// | file          : $RCSfile$
+// | last update   : $Date: 2005-09-21 00:04:57 +0200 (mer, 21 sep 2005) $
+// | last modifier : $Author: plg $
+// | revision      : $Revision: 870 $
+// +-----------------------------------------------------------------------+
+// | This program is free software; you can redistribute it and/or modify  |
+// | it under the terms of the GNU General Public License as published by  |
+// | the Free Software Foundation                                          |
+// |                                                                       |
+// | This program is distributed in the hope that it will be useful, but   |
+// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
+// | General Public License for more details.                              |
+// |                                                                       |
+// | You should have received a copy of the GNU General Public License     |
+// | along with this program; if not, write to the Free Software           |
+// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
+// | USA.                                                                  |
+// +-----------------------------------------------------------------------+
+
+if (!defined('PHPWG_ROOT_PATH'))
+{
+  die('Hacking attempt!');
+}
+
+$upgrade_description = 'Field "Status" Table #user_infos changed';
+
+include_once(PHPWG_ROOT_PATH.'include/constants.php');
+include(PHPWG_ROOT_PATH . 'include/config_default.inc.php');
+@include(PHPWG_ROOT_PATH. 'include/config_local.inc.php');
+
+// +-----------------------------------------------------------------------+
+// |                            Upgrade content                            |
+// +-----------------------------------------------------------------------+
+
+echo "Alter table ".USER_INFOS_TABLE;
+$query = "
+alter table ".USER_INFOS_TABLE."
+  modify column `status` enum('webmaster', 'admin', 'normal', 'generic', 'guest') NOT NULL default 'guest'
+;";
+pwg_query($query);
+
+echo "Define webmaster";
+$query = '
+update
+  '.USER_INFOS_TABLE.'
+set status = \'webmaster\'
+where
+  user_id = '.$conf['webmaster_id'].' and status = \'admin\'
+;';
+$result = pwg_query($query);
+
+echo "Define normal";
+$query = '
+select
+  user_id
+from
+  '.USER_INFOS_TABLE.'
+where
+  user_id != '.$conf['guest_id'].' and status = \'guest\'
+;';
+$result = pwg_query($query);
+
+$datas = array();
+
+while ($row = mysql_fetch_array($result))
+{
+  array_push(
+    $datas,
+    array(
+      'user_id'    => $row['user_id'],
+      'status' => 'normal'
+      )
+    );
+}
+
+mass_updates(
+  USER_INFOS_TABLE,
+  array(
+    'primary' => array('user_id'),
+    'update'  => array('status')
+    ),
+  $datas
+  );
+
+// +-----------------------------------------------------------------------+
+// |                           End notification                            |
+// +-----------------------------------------------------------------------+
+
+echo
+"\n"
+.'Column '.USER_INFOS_TABLE.'.status changed'
+."\n"
+;
+
+?>
--- a/install/phpwebgallery_structure.sql
+++ b/install/phpwebgallery_structure.sql
@ -1,4 +1,5 @@
 -- MySQL dump 9.11
+-- MySQL dump 9.11
 --
 -- Host: localhost    Database: pwg-bsf
 -- ------------------------------------------------------
@ -294,7 +295,7 @@ CREATE TABLE `phpwebgallery_user_infos` (
  `user_id` smallint(5) NOT NULL default '0',
  `nb_image_line` tinyint(1) unsigned NOT NULL default '5',
  `nb_line_page` tinyint(3) unsigned NOT NULL default '3',
-  `status` enum('admin','guest') NOT NULL default 'guest',
+  `status` enum('webmaster', 'admin', 'normal', 'generic', 'guest') NOT NULL default 'guest',
  `language` varchar(50) NOT NULL default 'english',
  `maxwidth` smallint(6) default NULL,
  `maxheight` smallint(6) default NULL,
--- a/language/en_UK.iso-8859-1/admin.lang.php
+++ b/language/en_UK.iso-8859-1/admin.lang.php
@ -392,8 +392,11 @@ $lang['user_delete'] = 'Delete user';
 $lang['user_delete_hint'] = 'Click here to delete this user. Warning! This operation cannot be undone!';
 $lang['user_id URL parameter is missing'] = 'user_id URL parameter is missing';
 $lang['user_status'] = 'User status';
+$lang['user_status_webmaster'] = 'Webmaster';
 $lang['user_status_admin'] = 'Administrator';
-$lang['user_status_guest'] = 'User';
+$lang['user_status_normal'] = 'User';
+$lang['user_status_generic'] = 'Generic';
+$lang['user_status_guest'] = 'Guest';
 $lang['username'] = 'username';
 $lang['users'] = 'Users';
 $lang['visitors'] = 'Visitors';
--- a/language/fr_FR.iso-8859-1/admin.lang.php
+++ b/language/fr_FR.iso-8859-1/admin.lang.php
@ -392,8 +392,11 @@ $lang['user_delete'] = 'Supprimer utilisateur';
 $lang['user_delete_hint'] = 'Cliquer ici pour supprimer cet utilisateur. Attention :  cette opération ne peut pas être annulée !';
 $lang['user_id URL parameter is missing'] = 'le paramètre d\'URL "user_id" manque';
 $lang['user_status'] = 'Statut de l\'utilisateur';
+$lang['user_status_webmaster'] = 'Webmestre';
 $lang['user_status_admin'] = 'Administrateur';
-$lang['user_status_guest'] = 'Visiteur';
+$lang['user_status_normal'] = 'Visiteur';
+$lang['user_status_generic'] = 'Générique';
+$lang['user_status_guest'] = 'Invité';
 $lang['username'] = 'nom utilisateur';
 $lang['users'] = 'Utilisateurs';
 $lang['visitors'] = 'Visiteurs';
--- a/password.php
+++ b/password.php
@ -69,8 +69,12 @@ SELECT '.$conf['user_fields']['email'].'
 SELECT '.$conf['user_fields']['id'].' AS id
     , '.$conf['user_fields']['username'].' AS username
     , '.$conf['user_fields']['email'].' AS email
-  FROM '.USERS_TABLE.'
-  WHERE '.$conf['user_fields']['email'].' = \''.$mail_address.'\'
+FROM '.USERS_TABLE.' as u
+  INNER JOIN '.USER_INFOS_TABLE.' AS ui
+      ON u.'.$conf['user_fields']['id'].' = ui.user_id
+WHERE '
+  .$conf['user_fields']['email'].' = \''.$mail_address.'\' AND
+  ui.status not in (\'guest\', \'generic\', \'webmaster\')
 ;';
    $result = pwg_query($query);

--- a/picture.php
+++ b/picture.php
@ -114,7 +114,7 @@ if ( count(array_intersect(
 }

 //-------------------------------------------------------------- representative
-if ('admin' == $user['status'] and isset($_GET['representative']))
+if (is_admin() and isset($_GET['representative']))
 {
  $query = '
 UPDATE '.CATEGORIES_TABLE.'
@ -480,7 +480,7 @@ if ( isset( $_POST['content'] ) && !empty($_POST['content']) )
      $data{'image_id'} = $_GET['image_id'];
      $data{'content'} = htmlspecialchars( $_POST['content'], ENT_QUOTES);

-      if (!$conf['comments_validation'] or $user['status'] == 'admin')
+      if (!$conf['comments_validation'] or is_admin())
      {
        $data{'validated'} = 'true';
        $data{'validation_date'} = $dbnow;
@ -498,9 +498,9 @@ if ( isset( $_POST['content'] ) && !empty($_POST['content']) )
      // information message
      $message = $lang['comment_added'];

-      if (!$conf['comments_validation'] or $user['status'] == 'admin')
+      if (!$conf['comments_validation'] or is_admin())

-      if ( $conf['comments_validation'] and $user['status'] != 'admin' )
+      if ( $conf['comments_validation'] and !is_admin() )
      {
        $message.= '<br />'.$lang['comment_to_validate'];
      }
@ -519,7 +519,7 @@ if ( isset( $_POST['content'] ) && !empty($_POST['content']) )
 // comment deletion
 if ( isset( $_GET['del'] )
     and is_numeric( $_GET['del'] )
-     and $user['status'] == 'admin' )
+     and is_admin() )
 {
  $query = 'DELETE FROM '.COMMENTS_TABLE;
  $query.= ' WHERE id = '.$_GET['del'];
@ -686,7 +686,7 @@ if (isset($picture['current']['high']))
  );
 }
 // button to set the current picture as representative
-if ('admin' == $user['status'] and
+if (is_admin() and
    isset($page['cat']) and is_numeric($page['cat']))
 {
  $template->assign_block_vars(
@ -700,7 +700,7 @@ if ('admin' == $user['status'] and
    );
 }

-if ('admin' == $user['status'])
+if (is_admin())
 {
  $template->assign_block_vars(
    'caddie',
@ -752,7 +752,7 @@ if ( !$user['is_the_guest'] )
  }
 }
 //------------------------------------ admin link for information modifications
-if ( $user['status'] == 'admin' )
+if ( is_admin() )
 {
  $template->assign_block_vars('admin', array());
 }
@ -1152,7 +1152,7 @@ if ($page['show_comments'])
    'COMMENT'=>parse_comment_content($row['content'])
    ));

-      if ( $user['status'] == 'admin' )
+      if ( is_admin() )
      {
        $template->assign_block_vars(
          'comments.comment.delete',