diff options
author | rub <rub@piwigo.org> | 2006-03-08 23:14:53 +0000 |
---|---|---|
committer | rub <rub@piwigo.org> | 2006-03-08 23:14:53 +0000 |
commit | b263f0c996eac52afc222b99fb1e9bcb6b064d65 (patch) | |
tree | 2cb3716ad84764801710483ab7538589c177a6a6 | |
parent | cba56c06ede13f30483ca587f0c79cb0e4d82aaa (diff) |
Step 1 improvement issue 0000301:
o Change status of table #_user_infos
o Don't send password to webmaster, guest, generic
Next Step:
o Functions Check of status
o Restricted Access for user generic
git-svn-id: http://piwigo.org/svn/trunk@1070 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | admin/include/functions.php | 2 | ||||
-rw-r--r-- | admin/include/isadmin.inc.php | 2 | ||||
-rw-r--r-- | admin/mailtousers.php | 18 | ||||
-rw-r--r-- | admin/user_list.php | 4 | ||||
-rw-r--r-- | category.php | 4 | ||||
-rw-r--r-- | include/common.inc.php | 2 | ||||
-rw-r--r-- | include/functions.inc.php | 2 | ||||
-rw-r--r-- | include/functions_notification.inc.php | 2 | ||||
-rw-r--r-- | include/functions_user.inc.php | 15 | ||||
-rw-r--r-- | install/db/12-database.php | 103 | ||||
-rw-r--r-- | install/phpwebgallery_structure.sql | 3 | ||||
-rw-r--r-- | language/en_UK.iso-8859-1/admin.lang.php | 5 | ||||
-rw-r--r-- | language/fr_FR.iso-8859-1/admin.lang.php | 5 | ||||
-rw-r--r-- | password.php | 8 | ||||
-rw-r--r-- | picture.php | 18 |
15 files changed, 160 insertions, 33 deletions
diff --git a/admin/include/functions.php b/admin/include/functions.php index f40b0e52f..9a748ef44 100644 --- a/admin/include/functions.php +++ b/admin/include/functions.php @@ -1230,7 +1230,7 @@ SELECT user_id { $insert = array(); $insert['user_id'] = $user_id; - $insert['status'] = 'guest'; + $insert['status'] = 'normal'; $insert['template'] = $conf['default_template']; $insert['nb_image_line'] = $conf['nb_image_line']; $insert['nb_line_page'] = $conf['nb_line_page']; diff --git a/admin/include/isadmin.inc.php b/admin/include/isadmin.inc.php index 569fa1f94..eac0b295c 100644 --- a/admin/include/isadmin.inc.php +++ b/admin/include/isadmin.inc.php @@ -27,7 +27,7 @@ include( PHPWG_ROOT_PATH.'admin/include/functions.php' ); -if ($user['status'] != 'admin') +if (!is_admin()) { echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />'; echo '<a href="'.PHPWG_ROOT_PATH.'identification.php">'.$lang['identification'].'</a></div>'; diff --git a/admin/mailtousers.php b/admin/mailtousers.php index b1d402580..97cb51048 100644 --- a/admin/mailtousers.php +++ b/admin/mailtousers.php @@ -77,16 +77,18 @@ where */ function update_data_user_mail_notification() { -/* $query = ' -insert into '.USER_MAIL_NOTIFICATION_TABLE.' - (user_id, enabled) - (select id, \'false\' from '.USERS_TABLE.' - where mail_address is not null and id not in (select user_id from '.USER_MAIL_NOTIFICATION_TABLE.')) -;'; - pwg_query($query);*/ - global $conf, $page; + // Set null mail_address empty + $query = ' +update + '.USERS_TABLE.' +set + mail_address = null +where + trim(mail_address) = \'\';'; + pwg_query($query); + $query = ' select id user_id, username, mail_address diff --git a/admin/user_list.php b/admin/user_list.php index 64890e06b..4459955e0 100644 --- a/admin/user_list.php +++ b/admin/user_list.php @@ -377,7 +377,7 @@ DELETE FROM '.USER_GROUP_TABLE.' // Webmaster status must not be changed if ($conf['webmaster_id'] == $user_id and isset($data['status'])) { - $data['status'] = 'admin'; + $data['status'] = 'webmaster'; } array_push($datas, $data); @@ -649,7 +649,7 @@ foreach (get_enums(USER_INFOS_TABLE, 'status') as $status) { $selected = $_POST['status'] == $status ? 'selected="selected"' : ''; } - else if ('guest' == $status) + else if ('normal' == $status) { $selected = 'selected="selected"'; } diff --git a/category.php b/category.php index 898b48bf7..c10269bf8 100644 --- a/category.php +++ b/category.php @@ -368,7 +368,7 @@ else $template->assign_block_vars('logout', array()); } - if ('admin' == $user['status']) + if (is_admin()) { $template->assign_block_vars('admin', array()); } @@ -408,7 +408,7 @@ $template->assign_block_vars( if (isset($page['cat']) and is_numeric($page['cat']) - and 'admin' == $user['status']) + and is_admin()) { $template->assign_block_vars( 'edit', diff --git a/include/common.inc.php b/include/common.inc.php index e0c564033..e2204cc8e 100644 --- a/include/common.inc.php +++ b/include/common.inc.php @@ -208,7 +208,7 @@ if ($conf['gallery_locked']) echo '</div>'; if ( basename($_SERVER["PHP_SELF"]) != 'identification.php' - and $user['status'] != 'admin' ) + and !is_admin() ) { exit(); } diff --git a/include/functions.inc.php b/include/functions.inc.php index 5dc764193..205b61a70 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -355,7 +355,7 @@ function pwg_log( $file, $category, $picture = '' ) if ($conf['log']) { - if ( ($conf['history_admin'] ) or ( (! $conf['history_admin']) and ($user['status'] != 'admin') ) ) + if ( ($conf['history_admin'] ) or ( (! $conf['history_admin']) and (!is_admin()) ) ) { $login = ($user['id'] == $conf['guest_id']) ? 'guest' : addslashes($user['username']); diff --git a/include/functions_notification.inc.php b/include/functions_notification.inc.php index 819dd3517..6ac995bb8 100644 --- a/include/functions_notification.inc.php +++ b/include/functions_notification.inc.php @@ -192,7 +192,7 @@ function news($start, $end) $nb_updated_categories)); } - if ('admin' == $user['status']) + if (is_admin()) { $nb_unvalidated_comments = count(unvalidated_comments($end)); if ($nb_unvalidated_comments > 0) diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index af695718a..64b12dfab 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -292,7 +292,7 @@ SELECT id } // if user is not an admin, locked categories can be considered as private$ - if ($user_status != 'admin') + if (!is_admin()) { $query = ' SELECT id @@ -439,7 +439,7 @@ function create_user_infos($user_id) $insert = array( 'user_id' => $user_id, - 'status' => $user_id == $conf['webmaster_id'] ? 'admin' : 'guest', + 'status' => $user_id == $conf['webmaster_id'] ? 'admin' : 'normal', 'template' => $conf['default_template'], 'nb_image_line' => $conf['nb_image_line'], 'nb_line_page' => $conf['nb_line_page'], @@ -536,4 +536,15 @@ function log_user($user_id, $remember_me) $_SESSION['id'] = $user_id; } +/* + * Return if current is an administrator + * @return bool +*/ +function is_admin() +{ + global $user; + + return ($user['status'] == 'webmaster' or $user['status'] == 'admin') ? true : false; +} + ?>
\ No newline at end of file diff --git a/install/db/12-database.php b/install/db/12-database.php new file mode 100644 index 000000000..3e6ed0200 --- /dev/null +++ b/install/db/12-database.php @@ -0,0 +1,103 @@ +<?php +// +-----------------------------------------------------------------------+ +// | PhpWebGallery - a PHP based picture gallery | +// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net | +// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net | +// +-----------------------------------------------------------------------+ +// | branch : BSF (Best So Far) +// | file : $RCSfile$ +// | last update : $Date: 2005-09-21 00:04:57 +0200 (mer, 21 sep 2005) $ +// | last modifier : $Author: plg $ +// | revision : $Revision: 870 $ +// +-----------------------------------------------------------------------+ +// | This program is free software; you can redistribute it and/or modify | +// | it under the terms of the GNU General Public License as published by | +// | the Free Software Foundation | +// | | +// | This program is distributed in the hope that it will be useful, but | +// | WITHOUT ANY WARRANTY; without even the implied warranty of | +// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | +// | General Public License for more details. | +// | | +// | You should have received a copy of the GNU General Public License | +// | along with this program; if not, write to the Free Software | +// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | +// | USA. | +// +-----------------------------------------------------------------------+ + +if (!defined('PHPWG_ROOT_PATH')) +{ + die('Hacking attempt!'); +} + +$upgrade_description = 'Field "Status" Table #user_infos changed'; + +include_once(PHPWG_ROOT_PATH.'include/constants.php'); +include(PHPWG_ROOT_PATH . 'include/config_default.inc.php'); +@include(PHPWG_ROOT_PATH. 'include/config_local.inc.php'); + +// +-----------------------------------------------------------------------+ +// | Upgrade content | +// +-----------------------------------------------------------------------+ + +echo "Alter table ".USER_INFOS_TABLE; +$query = " +alter table ".USER_INFOS_TABLE." + modify column `status` enum('webmaster', 'admin', 'normal', 'generic', 'guest') NOT NULL default 'guest' +;"; +pwg_query($query); + +echo "Define webmaster"; +$query = ' +update + '.USER_INFOS_TABLE.' +set status = \'webmaster\' +where + user_id = '.$conf['webmaster_id'].' and status = \'admin\' +;'; +$result = pwg_query($query); + +echo "Define normal"; +$query = ' +select + user_id +from + '.USER_INFOS_TABLE.' +where + user_id != '.$conf['guest_id'].' and status = \'guest\' +;'; +$result = pwg_query($query); + +$datas = array(); + +while ($row = mysql_fetch_array($result)) +{ + array_push( + $datas, + array( + 'user_id' => $row['user_id'], + 'status' => 'normal' + ) + ); +} + +mass_updates( + USER_INFOS_TABLE, + array( + 'primary' => array('user_id'), + 'update' => array('status') + ), + $datas + ); + +// +-----------------------------------------------------------------------+ +// | End notification | +// +-----------------------------------------------------------------------+ + +echo +"\n" +.'Column '.USER_INFOS_TABLE.'.status changed' +."\n" +; + +?> diff --git a/install/phpwebgallery_structure.sql b/install/phpwebgallery_structure.sql index 208f195dd..841aed340 100644 --- a/install/phpwebgallery_structure.sql +++ b/install/phpwebgallery_structure.sql @@ -1,4 +1,5 @@ -- MySQL dump 9.11 +-- MySQL dump 9.11 -- -- Host: localhost Database: pwg-bsf -- ------------------------------------------------------ @@ -294,7 +295,7 @@ CREATE TABLE `phpwebgallery_user_infos` ( `user_id` smallint(5) NOT NULL default '0', `nb_image_line` tinyint(1) unsigned NOT NULL default '5', `nb_line_page` tinyint(3) unsigned NOT NULL default '3', - `status` enum('admin','guest') NOT NULL default 'guest', + `status` enum('webmaster', 'admin', 'normal', 'generic', 'guest') NOT NULL default 'guest', `language` varchar(50) NOT NULL default 'english', `maxwidth` smallint(6) default NULL, `maxheight` smallint(6) default NULL, diff --git a/language/en_UK.iso-8859-1/admin.lang.php b/language/en_UK.iso-8859-1/admin.lang.php index 3411c5884..98fdf37a5 100644 --- a/language/en_UK.iso-8859-1/admin.lang.php +++ b/language/en_UK.iso-8859-1/admin.lang.php @@ -392,8 +392,11 @@ $lang['user_delete'] = 'Delete user'; $lang['user_delete_hint'] = 'Click here to delete this user. Warning! This operation cannot be undone!'; $lang['user_id URL parameter is missing'] = 'user_id URL parameter is missing'; $lang['user_status'] = 'User status'; +$lang['user_status_webmaster'] = 'Webmaster'; $lang['user_status_admin'] = 'Administrator'; -$lang['user_status_guest'] = 'User'; +$lang['user_status_normal'] = 'User'; +$lang['user_status_generic'] = 'Generic'; +$lang['user_status_guest'] = 'Guest'; $lang['username'] = 'username'; $lang['users'] = 'Users'; $lang['visitors'] = 'Visitors'; diff --git a/language/fr_FR.iso-8859-1/admin.lang.php b/language/fr_FR.iso-8859-1/admin.lang.php index a4474fdba..c13dfda82 100644 --- a/language/fr_FR.iso-8859-1/admin.lang.php +++ b/language/fr_FR.iso-8859-1/admin.lang.php @@ -392,8 +392,11 @@ $lang['user_delete'] = 'Supprimer utilisateur'; $lang['user_delete_hint'] = 'Cliquer ici pour supprimer cet utilisateur. Attention : cette opération ne peut pas être annulée !'; $lang['user_id URL parameter is missing'] = 'le paramètre d\'URL "user_id" manque'; $lang['user_status'] = 'Statut de l\'utilisateur'; +$lang['user_status_webmaster'] = 'Webmestre'; $lang['user_status_admin'] = 'Administrateur'; -$lang['user_status_guest'] = 'Visiteur'; +$lang['user_status_normal'] = 'Visiteur'; +$lang['user_status_generic'] = 'Générique'; +$lang['user_status_guest'] = 'Invité'; $lang['username'] = 'nom utilisateur'; $lang['users'] = 'Utilisateurs'; $lang['visitors'] = 'Visiteurs'; diff --git a/password.php b/password.php index 87a568f3c..3a15d270f 100644 --- a/password.php +++ b/password.php @@ -69,8 +69,12 @@ SELECT '.$conf['user_fields']['email'].' SELECT '.$conf['user_fields']['id'].' AS id , '.$conf['user_fields']['username'].' AS username , '.$conf['user_fields']['email'].' AS email - FROM '.USERS_TABLE.' - WHERE '.$conf['user_fields']['email'].' = \''.$mail_address.'\' +FROM '.USERS_TABLE.' as u + INNER JOIN '.USER_INFOS_TABLE.' AS ui + ON u.'.$conf['user_fields']['id'].' = ui.user_id +WHERE ' + .$conf['user_fields']['email'].' = \''.$mail_address.'\' AND + ui.status not in (\'guest\', \'generic\', \'webmaster\') ;'; $result = pwg_query($query); diff --git a/picture.php b/picture.php index 622955019..9f2e4a113 100644 --- a/picture.php +++ b/picture.php @@ -114,7 +114,7 @@ if ( count(array_intersect( } //-------------------------------------------------------------- representative -if ('admin' == $user['status'] and isset($_GET['representative'])) +if (is_admin() and isset($_GET['representative'])) { $query = ' UPDATE '.CATEGORIES_TABLE.' @@ -480,7 +480,7 @@ if ( isset( $_POST['content'] ) && !empty($_POST['content']) ) $data{'image_id'} = $_GET['image_id']; $data{'content'} = htmlspecialchars( $_POST['content'], ENT_QUOTES); - if (!$conf['comments_validation'] or $user['status'] == 'admin') + if (!$conf['comments_validation'] or is_admin()) { $data{'validated'} = 'true'; $data{'validation_date'} = $dbnow; @@ -498,9 +498,9 @@ if ( isset( $_POST['content'] ) && !empty($_POST['content']) ) // information message $message = $lang['comment_added']; - if (!$conf['comments_validation'] or $user['status'] == 'admin') + if (!$conf['comments_validation'] or is_admin()) - if ( $conf['comments_validation'] and $user['status'] != 'admin' ) + if ( $conf['comments_validation'] and !is_admin() ) { $message.= '<br />'.$lang['comment_to_validate']; } @@ -519,7 +519,7 @@ if ( isset( $_POST['content'] ) && !empty($_POST['content']) ) // comment deletion if ( isset( $_GET['del'] ) and is_numeric( $_GET['del'] ) - and $user['status'] == 'admin' ) + and is_admin() ) { $query = 'DELETE FROM '.COMMENTS_TABLE; $query.= ' WHERE id = '.$_GET['del']; @@ -686,7 +686,7 @@ if (isset($picture['current']['high'])) ); } // button to set the current picture as representative -if ('admin' == $user['status'] and +if (is_admin() and isset($page['cat']) and is_numeric($page['cat'])) { $template->assign_block_vars( @@ -700,7 +700,7 @@ if ('admin' == $user['status'] and ); } -if ('admin' == $user['status']) +if (is_admin()) { $template->assign_block_vars( 'caddie', @@ -752,7 +752,7 @@ if ( !$user['is_the_guest'] ) } } //------------------------------------ admin link for information modifications -if ( $user['status'] == 'admin' ) +if ( is_admin() ) { $template->assign_block_vars('admin', array()); } @@ -1152,7 +1152,7 @@ if ($page['show_comments']) 'COMMENT'=>parse_comment_content($row['content']) )); - if ( $user['status'] == 'admin' ) + if ( is_admin() ) { $template->assign_block_vars( 'comments.comment.delete', |