aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrub <rub@piwigo.org>2006-03-08 23:14:53 +0000
committerrub <rub@piwigo.org>2006-03-08 23:14:53 +0000
commitb263f0c996eac52afc222b99fb1e9bcb6b064d65 (patch)
tree2cb3716ad84764801710483ab7538589c177a6a6
parentcba56c06ede13f30483ca587f0c79cb0e4d82aaa (diff)
Step 1 improvement issue 0000301:
o Change status of table #_user_infos o Don't send password to webmaster, guest, generic Next Step: o Functions Check of status o Restricted Access for user generic git-svn-id: http://piwigo.org/svn/trunk@1070 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--admin/include/functions.php2
-rw-r--r--admin/include/isadmin.inc.php2
-rw-r--r--admin/mailtousers.php18
-rw-r--r--admin/user_list.php4
-rw-r--r--category.php4
-rw-r--r--include/common.inc.php2
-rw-r--r--include/functions.inc.php2
-rw-r--r--include/functions_notification.inc.php2
-rw-r--r--include/functions_user.inc.php15
-rw-r--r--install/db/12-database.php103
-rw-r--r--install/phpwebgallery_structure.sql3
-rw-r--r--language/en_UK.iso-8859-1/admin.lang.php5
-rw-r--r--language/fr_FR.iso-8859-1/admin.lang.php5
-rw-r--r--password.php8
-rw-r--r--picture.php18
15 files changed, 160 insertions, 33 deletions
diff --git a/admin/include/functions.php b/admin/include/functions.php
index f40b0e52f..9a748ef44 100644
--- a/admin/include/functions.php
+++ b/admin/include/functions.php
@@ -1230,7 +1230,7 @@ SELECT user_id
{
$insert = array();
$insert['user_id'] = $user_id;
- $insert['status'] = 'guest';
+ $insert['status'] = 'normal';
$insert['template'] = $conf['default_template'];
$insert['nb_image_line'] = $conf['nb_image_line'];
$insert['nb_line_page'] = $conf['nb_line_page'];
diff --git a/admin/include/isadmin.inc.php b/admin/include/isadmin.inc.php
index 569fa1f94..eac0b295c 100644
--- a/admin/include/isadmin.inc.php
+++ b/admin/include/isadmin.inc.php
@@ -27,7 +27,7 @@
include( PHPWG_ROOT_PATH.'admin/include/functions.php' );
-if ($user['status'] != 'admin')
+if (!is_admin())
{
echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />';
echo '<a href="'.PHPWG_ROOT_PATH.'identification.php">'.$lang['identification'].'</a></div>';
diff --git a/admin/mailtousers.php b/admin/mailtousers.php
index b1d402580..97cb51048 100644
--- a/admin/mailtousers.php
+++ b/admin/mailtousers.php
@@ -77,16 +77,18 @@ where
*/
function update_data_user_mail_notification()
{
-/* $query = '
-insert into '.USER_MAIL_NOTIFICATION_TABLE.'
- (user_id, enabled)
- (select id, \'false\' from '.USERS_TABLE.'
- where mail_address is not null and id not in (select user_id from '.USER_MAIL_NOTIFICATION_TABLE.'))
-;';
- pwg_query($query);*/
-
global $conf, $page;
+ // Set null mail_address empty
+ $query = '
+update
+ '.USERS_TABLE.'
+set
+ mail_address = null
+where
+ trim(mail_address) = \'\';';
+ pwg_query($query);
+
$query = '
select
id user_id, username, mail_address
diff --git a/admin/user_list.php b/admin/user_list.php
index 64890e06b..4459955e0 100644
--- a/admin/user_list.php
+++ b/admin/user_list.php
@@ -377,7 +377,7 @@ DELETE FROM '.USER_GROUP_TABLE.'
// Webmaster status must not be changed
if ($conf['webmaster_id'] == $user_id and isset($data['status']))
{
- $data['status'] = 'admin';
+ $data['status'] = 'webmaster';
}
array_push($datas, $data);
@@ -649,7 +649,7 @@ foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
{
$selected = $_POST['status'] == $status ? 'selected="selected"' : '';
}
- else if ('guest' == $status)
+ else if ('normal' == $status)
{
$selected = 'selected="selected"';
}
diff --git a/category.php b/category.php
index 898b48bf7..c10269bf8 100644
--- a/category.php
+++ b/category.php
@@ -368,7 +368,7 @@ else
$template->assign_block_vars('logout', array());
}
- if ('admin' == $user['status'])
+ if (is_admin())
{
$template->assign_block_vars('admin', array());
}
@@ -408,7 +408,7 @@ $template->assign_block_vars(
if (isset($page['cat'])
and is_numeric($page['cat'])
- and 'admin' == $user['status'])
+ and is_admin())
{
$template->assign_block_vars(
'edit',
diff --git a/include/common.inc.php b/include/common.inc.php
index e0c564033..e2204cc8e 100644
--- a/include/common.inc.php
+++ b/include/common.inc.php
@@ -208,7 +208,7 @@ if ($conf['gallery_locked'])
echo '</div>';
if ( basename($_SERVER["PHP_SELF"]) != 'identification.php'
- and $user['status'] != 'admin' )
+ and !is_admin() )
{
exit();
}
diff --git a/include/functions.inc.php b/include/functions.inc.php
index 5dc764193..205b61a70 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -355,7 +355,7 @@ function pwg_log( $file, $category, $picture = '' )
if ($conf['log'])
{
- if ( ($conf['history_admin'] ) or ( (! $conf['history_admin']) and ($user['status'] != 'admin') ) )
+ if ( ($conf['history_admin'] ) or ( (! $conf['history_admin']) and (!is_admin()) ) )
{
$login = ($user['id'] == $conf['guest_id'])
? 'guest' : addslashes($user['username']);
diff --git a/include/functions_notification.inc.php b/include/functions_notification.inc.php
index 819dd3517..6ac995bb8 100644
--- a/include/functions_notification.inc.php
+++ b/include/functions_notification.inc.php
@@ -192,7 +192,7 @@ function news($start, $end)
$nb_updated_categories));
}
- if ('admin' == $user['status'])
+ if (is_admin())
{
$nb_unvalidated_comments = count(unvalidated_comments($end));
if ($nb_unvalidated_comments > 0)
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index af695718a..64b12dfab 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -292,7 +292,7 @@ SELECT id
}
// if user is not an admin, locked categories can be considered as private$
- if ($user_status != 'admin')
+ if (!is_admin())
{
$query = '
SELECT id
@@ -439,7 +439,7 @@ function create_user_infos($user_id)
$insert =
array(
'user_id' => $user_id,
- 'status' => $user_id == $conf['webmaster_id'] ? 'admin' : 'guest',
+ 'status' => $user_id == $conf['webmaster_id'] ? 'admin' : 'normal',
'template' => $conf['default_template'],
'nb_image_line' => $conf['nb_image_line'],
'nb_line_page' => $conf['nb_line_page'],
@@ -536,4 +536,15 @@ function log_user($user_id, $remember_me)
$_SESSION['id'] = $user_id;
}
+/*
+ * Return if current is an administrator
+ * @return bool
+*/
+function is_admin()
+{
+ global $user;
+
+ return ($user['status'] == 'webmaster' or $user['status'] == 'admin') ? true : false;
+}
+
?> \ No newline at end of file
diff --git a/install/db/12-database.php b/install/db/12-database.php
new file mode 100644
index 000000000..3e6ed0200
--- /dev/null
+++ b/install/db/12-database.php
@@ -0,0 +1,103 @@
+<?php
+// +-----------------------------------------------------------------------+
+// | PhpWebGallery - a PHP based picture gallery |
+// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
+// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
+// +-----------------------------------------------------------------------+
+// | branch : BSF (Best So Far)
+// | file : $RCSfile$
+// | last update : $Date: 2005-09-21 00:04:57 +0200 (mer, 21 sep 2005) $
+// | last modifier : $Author: plg $
+// | revision : $Revision: 870 $
+// +-----------------------------------------------------------------------+
+// | This program is free software; you can redistribute it and/or modify |
+// | it under the terms of the GNU General Public License as published by |
+// | the Free Software Foundation |
+// | |
+// | This program is distributed in the hope that it will be useful, but |
+// | WITHOUT ANY WARRANTY; without even the implied warranty of |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
+// | General Public License for more details. |
+// | |
+// | You should have received a copy of the GNU General Public License |
+// | along with this program; if not, write to the Free Software |
+// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
+// | USA. |
+// +-----------------------------------------------------------------------+
+
+if (!defined('PHPWG_ROOT_PATH'))
+{
+ die('Hacking attempt!');
+}
+
+$upgrade_description = 'Field "Status" Table #user_infos changed';
+
+include_once(PHPWG_ROOT_PATH.'include/constants.php');
+include(PHPWG_ROOT_PATH . 'include/config_default.inc.php');
+@include(PHPWG_ROOT_PATH. 'include/config_local.inc.php');
+
+// +-----------------------------------------------------------------------+
+// | Upgrade content |
+// +-----------------------------------------------------------------------+
+
+echo "Alter table ".USER_INFOS_TABLE;
+$query = "
+alter table ".USER_INFOS_TABLE."
+ modify column `status` enum('webmaster', 'admin', 'normal', 'generic', 'guest') NOT NULL default 'guest'
+;";
+pwg_query($query);
+
+echo "Define webmaster";
+$query = '
+update
+ '.USER_INFOS_TABLE.'
+set status = \'webmaster\'
+where
+ user_id = '.$conf['webmaster_id'].' and status = \'admin\'
+;';
+$result = pwg_query($query);
+
+echo "Define normal";
+$query = '
+select
+ user_id
+from
+ '.USER_INFOS_TABLE.'
+where
+ user_id != '.$conf['guest_id'].' and status = \'guest\'
+;';
+$result = pwg_query($query);
+
+$datas = array();
+
+while ($row = mysql_fetch_array($result))
+{
+ array_push(
+ $datas,
+ array(
+ 'user_id' => $row['user_id'],
+ 'status' => 'normal'
+ )
+ );
+}
+
+mass_updates(
+ USER_INFOS_TABLE,
+ array(
+ 'primary' => array('user_id'),
+ 'update' => array('status')
+ ),
+ $datas
+ );
+
+// +-----------------------------------------------------------------------+
+// | End notification |
+// +-----------------------------------------------------------------------+
+
+echo
+"\n"
+.'Column '.USER_INFOS_TABLE.'.status changed'
+."\n"
+;
+
+?>
diff --git a/install/phpwebgallery_structure.sql b/install/phpwebgallery_structure.sql
index 208f195dd..841aed340 100644
--- a/install/phpwebgallery_structure.sql
+++ b/install/phpwebgallery_structure.sql
@@ -1,4 +1,5 @@
-- MySQL dump 9.11
+-- MySQL dump 9.11
--
-- Host: localhost Database: pwg-bsf
-- ------------------------------------------------------
@@ -294,7 +295,7 @@ CREATE TABLE `phpwebgallery_user_infos` (
`user_id` smallint(5) NOT NULL default '0',
`nb_image_line` tinyint(1) unsigned NOT NULL default '5',
`nb_line_page` tinyint(3) unsigned NOT NULL default '3',
- `status` enum('admin','guest') NOT NULL default 'guest',
+ `status` enum('webmaster', 'admin', 'normal', 'generic', 'guest') NOT NULL default 'guest',
`language` varchar(50) NOT NULL default 'english',
`maxwidth` smallint(6) default NULL,
`maxheight` smallint(6) default NULL,
diff --git a/language/en_UK.iso-8859-1/admin.lang.php b/language/en_UK.iso-8859-1/admin.lang.php
index 3411c5884..98fdf37a5 100644
--- a/language/en_UK.iso-8859-1/admin.lang.php
+++ b/language/en_UK.iso-8859-1/admin.lang.php
@@ -392,8 +392,11 @@ $lang['user_delete'] = 'Delete user';
$lang['user_delete_hint'] = 'Click here to delete this user. Warning! This operation cannot be undone!';
$lang['user_id URL parameter is missing'] = 'user_id URL parameter is missing';
$lang['user_status'] = 'User status';
+$lang['user_status_webmaster'] = 'Webmaster';
$lang['user_status_admin'] = 'Administrator';
-$lang['user_status_guest'] = 'User';
+$lang['user_status_normal'] = 'User';
+$lang['user_status_generic'] = 'Generic';
+$lang['user_status_guest'] = 'Guest';
$lang['username'] = 'username';
$lang['users'] = 'Users';
$lang['visitors'] = 'Visitors';
diff --git a/language/fr_FR.iso-8859-1/admin.lang.php b/language/fr_FR.iso-8859-1/admin.lang.php
index a4474fdba..c13dfda82 100644
--- a/language/fr_FR.iso-8859-1/admin.lang.php
+++ b/language/fr_FR.iso-8859-1/admin.lang.php
@@ -392,8 +392,11 @@ $lang['user_delete'] = 'Supprimer utilisateur';
$lang['user_delete_hint'] = 'Cliquer ici pour supprimer cet utilisateur. Attention : cette opération ne peut pas être annulée !';
$lang['user_id URL parameter is missing'] = 'le paramètre d\'URL "user_id" manque';
$lang['user_status'] = 'Statut de l\'utilisateur';
+$lang['user_status_webmaster'] = 'Webmestre';
$lang['user_status_admin'] = 'Administrateur';
-$lang['user_status_guest'] = 'Visiteur';
+$lang['user_status_normal'] = 'Visiteur';
+$lang['user_status_generic'] = 'Générique';
+$lang['user_status_guest'] = 'Invité';
$lang['username'] = 'nom utilisateur';
$lang['users'] = 'Utilisateurs';
$lang['visitors'] = 'Visiteurs';
diff --git a/password.php b/password.php
index 87a568f3c..3a15d270f 100644
--- a/password.php
+++ b/password.php
@@ -69,8 +69,12 @@ SELECT '.$conf['user_fields']['email'].'
SELECT '.$conf['user_fields']['id'].' AS id
, '.$conf['user_fields']['username'].' AS username
, '.$conf['user_fields']['email'].' AS email
- FROM '.USERS_TABLE.'
- WHERE '.$conf['user_fields']['email'].' = \''.$mail_address.'\'
+FROM '.USERS_TABLE.' as u
+ INNER JOIN '.USER_INFOS_TABLE.' AS ui
+ ON u.'.$conf['user_fields']['id'].' = ui.user_id
+WHERE '
+ .$conf['user_fields']['email'].' = \''.$mail_address.'\' AND
+ ui.status not in (\'guest\', \'generic\', \'webmaster\')
;';
$result = pwg_query($query);
diff --git a/picture.php b/picture.php
index 622955019..9f2e4a113 100644
--- a/picture.php
+++ b/picture.php
@@ -114,7 +114,7 @@ if ( count(array_intersect(
}
//-------------------------------------------------------------- representative
-if ('admin' == $user['status'] and isset($_GET['representative']))
+if (is_admin() and isset($_GET['representative']))
{
$query = '
UPDATE '.CATEGORIES_TABLE.'
@@ -480,7 +480,7 @@ if ( isset( $_POST['content'] ) && !empty($_POST['content']) )
$data{'image_id'} = $_GET['image_id'];
$data{'content'} = htmlspecialchars( $_POST['content'], ENT_QUOTES);
- if (!$conf['comments_validation'] or $user['status'] == 'admin')
+ if (!$conf['comments_validation'] or is_admin())
{
$data{'validated'} = 'true';
$data{'validation_date'} = $dbnow;
@@ -498,9 +498,9 @@ if ( isset( $_POST['content'] ) && !empty($_POST['content']) )
// information message
$message = $lang['comment_added'];
- if (!$conf['comments_validation'] or $user['status'] == 'admin')
+ if (!$conf['comments_validation'] or is_admin())
- if ( $conf['comments_validation'] and $user['status'] != 'admin' )
+ if ( $conf['comments_validation'] and !is_admin() )
{
$message.= '<br />'.$lang['comment_to_validate'];
}
@@ -519,7 +519,7 @@ if ( isset( $_POST['content'] ) && !empty($_POST['content']) )
// comment deletion
if ( isset( $_GET['del'] )
and is_numeric( $_GET['del'] )
- and $user['status'] == 'admin' )
+ and is_admin() )
{
$query = 'DELETE FROM '.COMMENTS_TABLE;
$query.= ' WHERE id = '.$_GET['del'];
@@ -686,7 +686,7 @@ if (isset($picture['current']['high']))
);
}
// button to set the current picture as representative
-if ('admin' == $user['status'] and
+if (is_admin() and
isset($page['cat']) and is_numeric($page['cat']))
{
$template->assign_block_vars(
@@ -700,7 +700,7 @@ if ('admin' == $user['status'] and
);
}
-if ('admin' == $user['status'])
+if (is_admin())
{
$template->assign_block_vars(
'caddie',
@@ -752,7 +752,7 @@ if ( !$user['is_the_guest'] )
}
}
//------------------------------------ admin link for information modifications
-if ( $user['status'] == 'admin' )
+if ( is_admin() )
{
$template->assign_block_vars('admin', array());
}
@@ -1152,7 +1152,7 @@ if ($page['show_comments'])
'COMMENT'=>parse_comment_content($row['content'])
));
- if ( $user['status'] == 'admin' )
+ if ( is_admin() )
{
$template->assign_block_vars(
'comments.comment.delete',