aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorz0rglub <z0rglub@piwigo.org>2003-05-13 10:02:06 +0000
committerz0rglub <z0rglub@piwigo.org>2003-05-13 10:02:06 +0000
commitb7b705f2685da04caa0be91debc2c66d279fddf5 (patch)
treee85fda5916493496acc30c396352507671d40632
parent0cc55ec468a8535c7bde3505a6449f07df7de654 (diff)
2003.05.13 user_add and user_modify added
git-svn-id: http://piwigo.org/svn/trunk@9 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--admin/admin.php97
-rw-r--r--admin/ajout.php326
-rw-r--r--admin/configuration.php9
-rw-r--r--admin/user_add.php284
-rw-r--r--admin/user_list.php57
-rw-r--r--admin/user_modify.php100
-rw-r--r--category.php11
-rw-r--r--identification.php22
-rw-r--r--include/functions.inc.php37
-rw-r--r--include/functions_category.inc.php4
-rw-r--r--include/functions_session.inc.php50
-rw-r--r--include/functions_user.inc.php77
-rw-r--r--include/init.inc.php4
-rw-r--r--include/user.inc.php12
-rw-r--r--language/francais.php34
-rw-r--r--profile.php10
-rw-r--r--template/default/admin/user_add.vtp58
-rw-r--r--template/default/admin/user_modify.vtp66
-rw-r--r--template/default/category.vtp2
19 files changed, 470 insertions, 790 deletions
diff --git a/admin/admin.php b/admin/admin.php
index ce0f601e7..a4c8b77c3 100644
--- a/admin/admin.php
+++ b/admin/admin.php
@@ -1,9 +1,9 @@
<?php
/***************************************************************************
- * admin.php is a part of PhpWebGallery *
+ * admin.php *
* ------------------- *
- * last update : Tuesday, July 16, 2002 *
- * email : pierrick@z0rglub.com *
+ * application : PhpWebGallery 1.3 *
+ * author : Pierrick LE GALL <pierrick@z0rglub.com> *
* *
***************************************************************************/
@@ -27,68 +27,31 @@ $vtp->setGlobalVar( $handle, 'menu_title', $lang['menu_title'] );
$page_valide = false;
switch ( $_GET['page'] )
{
- case 'ajout':
- {
- $titre = $lang['title_add'];
- $page_valide = true;
- break;
- }
+ case 'user_add':
+ $titre = $lang['title_add']; $page_valide = true; break;
case 'user_list':
- {
- $titre = $lang['title_liste_users'];
- $page_valide = true;
- break;
- }
+ $titre = $lang['title_liste_users']; $page_valide = true; break;
+ case 'user_modify':
+ $titre = $lang['title_modify']; $page_valide = true; break;
case 'historique':
- {
- $titre = $lang['title_history'];
- $page_valide = true;
- break;
- }
+ $titre = $lang['title_history']; $page_valide = true; break;
case 'miseajour':
- {
- $titre = $lang['title_update'];
- $page_valide = true;
- break;
- }
+ $titre = $lang['title_update']; $page_valide = true; break;
case 'configuration':
- {
- $titre = $lang['title_configuration'];
- $page_valide = true;
- break;
- }
+ $titre = $lang['title_configuration']; $page_valide = true; break;
case 'manuel':
- {
- $titre = $lang['title_instructions'];
- $page_valide = true;
- break;
- }
+ $titre = $lang['title_instructions']; $page_valide = true; break;
case 'perm':
- {
- $titre = $lang['title_permissions'];
- $page_valide = true;
- break;
- }
+ $titre = $lang['title_permissions']; $page_valide = true; break;
case 'cat':
- {
- $titre = $lang['title_categories'];
- $page_valide = true;
- break;
- }
+ $titre = $lang['title_categories']; $page_valide = true; break;
case 'edit_cat':
- {
- $titre = $lang['title_edit_cat'];
- $page_valide = true;
- break;
- }
+ $titre = $lang['title_edit_cat']; $page_valide = true; break;
case 'infos_images':
- {
- $titre = $lang['title_info_images'];
- $page_valide = true;
- break;
- }
+ $titre = $lang['title_info_images']; $page_valide = true; break;
+ case 'waiting':
+ $titre = $lang['title_waiting']; $page_valide = true; break;
case 'thumbnail':
- {
$titre = $lang['title_thumbnails'];
if ( isset( $_GET['dir'] ) )
{
@@ -107,20 +70,10 @@ switch ( $_GET['page'] )
}
$page_valide = true;
break;
- }
- case 'waiting':
- {
- $titre = $lang['title_waiting'];
- $page_valide = true;
- break;
- }
default:
- {
- $titre = $lang['title_default'];
- break;
- }
+ $titre = $lang['title_default']; break;
}
-$vtp->setGlobalVar( $handle, 'title', $titre );
+$vtp->setGlobalVar( $handle, 'title', $titre );
//--------------------------------------------------------------------- summary
$link_start = './admin.php?page=';
// configuration
@@ -147,7 +100,8 @@ $vtp->closeSession( $handle, 'summary' );
// user add
$vtp->addSession( $handle, 'summary' );
$vtp->setVar( $handle, 'summary.indent', '&nbsp;&nbsp;' );
-$vtp->setVar( $handle, 'summary.link', add_session_id( $link_start.'ajout' ) );
+$vtp->setVar(
+ $handle, 'summary.link', add_session_id( $link_start.'user_add' ) );
$vtp->setVar( $handle, 'summary.name', $lang['menu_add_user'] );
$vtp->closeSession( $handle, 'summary' );
// categories
@@ -211,10 +165,9 @@ if ( $page_valide )
}
else
{
- $vtp->setVar( $handle, 'sub',
- '<div style="text-align:center">'.
- $lang['default_message'].
- '</div>' );
+ $vtp->setVar(
+ $handle, 'sub',
+ '<div style="text-align:center">'.$lang['default_message'].'</div>' );
}
//----------------------------------------------------------- html code display
$code = $vtp->Display( $handle, 0 );
diff --git a/admin/ajout.php b/admin/ajout.php
deleted file mode 100644
index 3ae1fa2f8..000000000
--- a/admin/ajout.php
+++ /dev/null
@@ -1,326 +0,0 @@
-<?php
-/***************************************************************************
- * ajout.php is a part of PhpWebGallery *
- * ------------------- *
- * last update : Tuesday, July 16, 2002 *
- * email : pierrick@z0rglub.com *
- * *
- ***************************************************************************/
-
-/***************************************************************************
- * *
- * This program is free software; you can redistribute it and/or modify *
- * it under the terms of the GNU General Public License as published by *
- * the Free Software Foundation; *
- * *
- ***************************************************************************/
-
- include_once( "./include/isadmin.inc.php" );
- $error = array();
- $absent = false;
-
- $row = mysql_fetch_array( mysql_query( "select pseudo,status,mail_address from $prefixeTable"."users where id = '".$HTTP_GET_VARS['user_id']."';" ) );
- $pseudo = $row['pseudo'];
- $status = $row['status'];
- $mail_address = $row['mail_address'];
- if ( $pseudo == "visiteur" || ( $pseudo == $conf['webmaster'] && $user['pseudo'] != $conf['webmaster'] ) )
- {
- echo "<div class=\"erreur\">".$lang['user_err_modify']."</div>";
- $absent = true;
- }
- if ( $HTTP_GET_VARS['mode'] == "modif" )
- {
- if ( $pseudo == "" )
- {
- echo"<div class=\"info\">".$lang['user_err_unknown']."</div>";
- $absent = true;
- }
- }
- if ( !$absent )
- {
- if ( $HTTP_GET_VARS['valider'] == 1 )
- {
- $i = 0;
- // le pseudo ne doit pas
- // 1. être vide
- // 2. commencer ou se terminer par un espace
- // 3. comporter les caractères ' ou "
- // 4. être déjà utilisé
- // Notes sur le pseudo du webmaster :
- // - lorsque l'on trouve plusieurs occurences consécutives du caractère espace, on réduit à une seule occurence
- if ( $HTTP_GET_VARS['mode'] != "modif" )
- {
- if ( $HTTP_POST_VARS['pseudo'] == "" )
- {
- $error[$i++] = $lang['reg_err_login1'];
- }
- $pseudo = ereg_replace( "[ ]{2,}", " ", $HTTP_POST_VARS['pseudo'] );
- if ( ereg( "^.* $", $pseudo) )
- {
- $error[$i++] = $lang['reg_err_login2'];
- }
- if ( ereg( "^ .*$", $pseudo) )
- {
- $error[$i++] = $lang['reg_err_login3'];
- }
- if ( ereg( "'",$pseudo ) || ereg( "\"",$pseudo ) )
- {
- $error[$i++] = $lang['reg_err_login4'];
- }
- else
- {
- $query = "select id from $prefixeTable"."users where pseudo = '$pseudo';";
- $result = mysql_query( $query );
- if ( mysql_num_rows( $result ) > 0 )
- {
- $error[$i++] = "<li>".$lang['reg_err_login5']."</li>";
- }
- }
- }
- // le mail doit être conforme à qqch du type : nom@serveur.com
- if( $HTTP_POST_VARS['mail_address'] != "" && !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)", $HTTP_POST_VARS['mail_address'] ) )
- {
- $error[$i++] = $lang['reg_err_mail_address'];
- }
- // mis à jour des variables pour ne pas afficher celles issue de la BD
- $pseudo = $HTTP_POST_VARS['pseudo'];
- $password = $HTTP_POST_VARS['password'];
- $status = $HTTP_POST_VARS['status'];
- $mail_address = $HTTP_POST_VARS['mail_address'];
- // on met à jour les paramètres de l'applicaiton dans le cas où il n'y aucune erreur
- if ( sizeof( $error ) == 0 && $HTTP_GET_VARS['mode'] != "modif" )
- {
- // 1.récupération des valeurs par défaut de l'application pour nombre_image_ligne,nombre_ligne_page,couleur,language
- $row = mysql_fetch_array( mysql_query( "select nombre_image_ligne,nombre_ligne_page,theme,language from $prefixeTable"."users where pseudo = 'visiteur';" ) );
- // 2.ajout du nouvel utilisateur
- $query = "insert into $prefixeTable"."users (pseudo,password,mail_address,nombre_image_ligne,nombre_ligne_page,theme,language,status) values ('$pseudo','".md5( $HTTP_POST_VARS['password'] )."',";
- if ( $HTTP_POST_VARS['mail_address'] != "" )
- {
- $query.= "'".$HTTP_POST_VARS['mail_address']."'";
- }
- else
- {
- $query.= "NULL";
- }
- $query.= ",'".$row['nombre_image_ligne']."','".$row['nombre_ligne_page']."','".$row['theme']."','".$row['language']."','".$HTTP_POST_VARS['status']."');";
- mysql_query( $query );
- // 3. récupérer l'identifiant de l'utilisateur nouvellement créé
- $row = mysql_fetch_array( mysql_query( "select id from $prefixeTable"."users where pseudo = '$pseudo';" ) );
- $user_id = $row['id'];
- // 4.ajouter les restrictions au nouvel utilisateur, les mêmes que celles de l'utilisateur par défaut
- $query = "select cat_id ";
- $query.= "from $prefixeTable"."restrictions as r,$prefixeTable"."users as u ";
- $query.= "where u.id = r.user_id ";
- $query.= "and u.pseudo = 'visiteur';";
- $result = mysql_query( $query );
- while( $row = mysql_fetch_array( $result ) )
- {
- mysql_query ( "insert into $prefixeTable"."restrictions (user_id,cat_id) values ('$user_id','".$row['cat_id']."');" );
- }
- }
- if ( sizeof( $error ) == 0 && $HTTP_GET_VARS['mode'] == "modif" )
- {
- $query = "update $prefixeTable"."users";
- $query.= " set status = '".$HTTP_POST_VARS['status']."'";
- if ( $HTTP_POST_VARS['use_new_pwd'] == 1 )
- {
- $query.= ", password = '".md5( $HTTP_POST_VARS['password'] )."'";
- }
- $query.= ", mail_address = ";
- if ( $HTTP_POST_VARS['mail_address'] != "" )
- {
- $query.= "'".$HTTP_POST_VARS['mail_address']."'";
- }
- else
- {
- $query.= "NULL";
- }
- $query.= " where id = '".$HTTP_GET_VARS['user_id']."';";
- mysql_query( $query );
- }
- }
- if ( sizeof( $error ) > 0 )
- {
- echo "<div class=\"erreur\">".$lang['adduser_err_message'].sizeof( $error )." :";
- echo "<ul>";
- for ( $i = 0; $i < sizeof( $error ); $i++ )
- {
- echo "<li>".$error[$i]."</li>";
- }
- echo "</ul>";
- echo "</div>";
- }
- if ( sizeof( $error ) == 0 && $HTTP_GET_VARS['valider'] == 1 )
- {
- echo"<div class=\"info\">".$lang['adduser_info_message']."\"$pseudo\" ";
- if ( $HTTP_POST_VARS['use_new_pwd'] == 1 )
- {
- echo $lang['adduser_info_password_updated']." ";
- }
- echo"[ <a href=\"".add_session_id_to_url( "./admin.php?page=liste_users" )."\">".$lang['adduser_info_back']."</a> ]</div>";
- }
- if ( $HTTP_GET_VARS['valider'] != 1 || $HTTP_GET_VARS['mode'] != "modif" || sizeof( $error ) > 0 )
- {
- if ( $HTTP_GET_VARS['mode'] != "modif" && sizeof( $error ) == 0 )
- {
- unset( $pseudo, $password, $status, $mail_address );
- }
- if ( !isset( $HTTP_POST_VARS['use_new_pwd'] ) || $HTTP_POST_VARS['use_new_pwd'] != 1 )
- {
- unset( $password );
- }
- $action = "./admin.php?page=ajout&amp;valider=1";
- if ( $HTTP_GET_VARS['mode'] == "modif" )
- {
- $action.= "&amp;mode=modif&amp;user_id=".$HTTP_GET_VARS['user_id'];
- }
- echo"<form method=\"post\" action=\"".add_session_id_to_url( $action )."\">
- <table style=\"width:100%;\">
- <tr align=\"center\" valign=\"middle\">
- <td>
- <table style=\"margin-left:auto;margin-right:auto;\">
- <tr>
- <th colspan=\"2\">".$lang['adduser_fill_form']."</th>
- </tr>
- <tr>
- <td colspan=\"2\"><div style=\"margin-bottom:0px;\">&nbsp;</div></td>
- </tr>
- <tr>
- <td>".$lang['adduser_login']."</td>
- <td>";
- if ( $HTTP_GET_VARS['mode'] == "modif" )
- {
- echo"<span style=\"color:red;\">$pseudo [".$lang['adduser_unmodify']."]</span>";
- echo"<input type=\"hidden\" name=\"pseudo\" value=\"$pseudo\"/>";
- }
- else
- {
- echo"<input type=\"text\" name=\"pseudo\" value=\"$pseudo\"/>";
- }
- echo"
- </td>
- </tr>";
- echo"
- <tr>
- <td>";
- if ( $HTTP_GET_VARS['mode'] == "modif" )
- {
- echo $lang['new']." ".$lang['password']."<input type=\"checkbox\" name=\"use_new_pwd\" value=\"1\"";
- if ( isset( $HTTP_POST_VARS['use_new_pwd'] ) && $HTTP_POST_VARS['use_new_pwd'] == 1 )
- {
- echo " checked=\"checked\"";
- }
- echo " />";
- }
- else
- {
- echo $lang['password'];
- }
- echo"</td>
- <td>";
- echo"<input type=\"text\" name=\"password\" value=\"$password\"/></td>
- </tr>";
- echo"
- <tr>
- <td>".$lang['reg_mail_address']."</td>";
- echo "
- <td><input type=\"text\" name=\"mail_address\" value=\"$mail_address\"/></td>
- </tr>";
- echo"
- <tr>
- <td>".$lang['adduser_status']."</td>
- <td>";
- if ( $pseudo == $conf['webmaster'] )
- {
- echo "<span style=\"color:red;\">$status [".$lang['adduser_unmodify']."]</span>
- <input type=\"hidden\" name=\"status\" value=\"$status\"/>";
- }
- else
- {
- echo"
- <select name=\"status\">";
- // on récupère toutes les status possibles dans la base
- // par l'intermédiaire de la fonction get_enums
- $option = get_enums( $prefixeTable."users", "status" );
- for ( $i = 0; $i < sizeof( $option ); $i++ )
- {
- if ( isset( $status ) )
- {
- echo"
- <option value=\"$option[$i]\"";
- if ( $option[$i] == $status )
- {
- echo" selected=\"selected\"";
- }
- echo">";
- switch ( $option[$i] )
- {
- case "admin" :
- {
- echo $lang['adduser_status_admin'];
- break;
- }
- case "membre" :
- {
- echo $lang['adduser_status_member'];
- break;
- }
- case "visiteur" :
- {
- echo $lang['adduser_status_guest'];
- break;
- }
- }
- echo"</option>";
- }
- else
- {
- echo"
- <option value=\"$option[$i]\"";
- if ( $option[$i] == "visiteur" )
- {
- echo" selected=\"selected\"";
- }
- echo">";
- switch ( $option[$i] )
- {
- case "admin" :
- {
- echo $lang['adduser_status_admin'];
- break;
- }
- case "membre" :
- {
- echo $lang['adduser_status_member'];
- break;
- }
- case "visiteur" :
- {
- echo $lang['adduser_status_guest'];
- break;
- }
- }
- echo"</option>";
- }
- }
- echo"
- </select>";
- }
- echo"
- </td>
- </tr>
- <tr>
- <td colspan=\"2\" align=\"center\"><input type=\"submit\" value=\"".$lang['submit']."\"/></td>
- </tr>
- </table>
- </td>
- </tr>
- </table>
- </form>";
- if ( $HTTP_GET_VARS['mode'] == "modif" )
- {
- echo "<div style=\"text-align:center;margin-bottom:10px;\">[ <a href=\"".add_session_id_to_url( "./admin.php?page=liste_users" )."\">".$lang['adduser_info_back']."</a> ]</div>";
- }
- }
- }
-?> \ No newline at end of file
diff --git a/admin/configuration.php b/admin/configuration.php
index 6f1726f06..d0d4a6fc5 100644
--- a/admin/configuration.php
+++ b/admin/configuration.php
@@ -1,9 +1,9 @@
<?
/***************************************************************************
- * configuration.php is a part of PhpWebGallery *
+ * configuration.php *
* ------------------- *
- * last update : Tuesday, July 16, 2002 *
- * email : pierrick@z0rglub.com *
+ * application : PhpWebGallery 1.3 *
+ * author : Pierrick LE GALL <pierrick@z0rglub.com> *
* *
***************************************************************************/
@@ -293,7 +293,8 @@ else
$query.= $default_user_infos[$i];
}
$query .= ' from '.$prefixeTable.'users';
- $query.= " where pseudo ='visiteur';";
+ $query.= " where username = 'guest'";
+ $query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
diff --git a/admin/user_add.php b/admin/user_add.php
index cf67dcaa3..ef50c13f1 100644
--- a/admin/user_add.php
+++ b/admin/user_add.php
@@ -1,9 +1,9 @@
<?php
/***************************************************************************
- * ajout.php is a part of PhpWebGallery *
+ * user_add.php *
* ------------------- *
- * last update : Tuesday, July 16, 2002 *
- * email : pierrick@z0rglub.com *
+ * application : PhpWebGallery 1.3 *
+ * author : Pierrick LE GALL <pierrick@z0rglub.com> *
* *
***************************************************************************/
@@ -14,242 +14,68 @@
* the Free Software Foundation; *
* *
***************************************************************************/
-
include_once( './include/isadmin.inc.php' );
-
+//----------------------------------------------------- template initialization
+$sub = $vtp->Open( '../template/'.$user['template'].'/admin/user_add.vtp' );
+$tpl = array( 'adduser_info_message', 'adduser_info_back',
+ 'adduser_fill_form', 'login', 'password', 'mail_address',
+ 'adduser_status', 'submit' );
+templatize_array( $tpl, 'lang', $sub );
+//--------------------------------------------------------- form criteria check
$error = array();
-$absent = false;
-
-$query = 'select';
-$query.= ' pseudo,status,mail_address';
-$query.= ' from '.$prefixeTable.'users';
-$query.= ' where id = '.$_GET['user_id'];
-$query.= ';';
-$row = mysql_fetch_array( mysql_query( $query ) );
-
-$pseudo = $row['pseudo'];
-$status = $row['status'];
-$mail_address = $row['mail_address'];
-
-if ( $pseudo == 'visiteur' ||
- ( $pseudo == $conf['webmaster']
- && $user['pseudo'] != $conf['webmaster'] ) )
+if ( isset( $_POST['submit'] ) )
{
- echo "<div class=\"erreur\">".$lang['user_err_modify']."</div>";
- $absent = true;
+ $error = register_user(
+ $_POST['username'], $_POST['password'], $_POST['password'],
+ $_POST['mail_address'], $_POST['status'] );
}
-if ( $_GET['mode'] == 'modif' )
+//-------------------------------------------------------------- errors display
+if ( sizeof( $error ) != 0 )
{
- if ( $pseudo == '' )
+ $vtp->addSession( $sub, 'errors' );
+ for ( $i = 0; $i < sizeof( $error ); $i++ )
{
- echo"<div class=\"info\">".$lang['user_err_unknown']."</div>";
- $absent = true;
+ $vtp->addSession( $sub, 'li' );
+ $vtp->setVar( $sub, 'li.li', $error[$i] );
+ $vtp->closeSession( $sub, 'li' );
}
+ $vtp->closeSession( $sub, 'errors' );
}
-if ( !$absent )
+//---------------------------------------------------------------- confirmation
+if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) )
{
- if ( $_GET['valider'] == 1 )
- {
- if ( $_GET['mode'] != 'modif' )
- {
- $error = register_user( $_POST['pseudo'], $_POST['password'],
- $_POST['password'], $_POST['mail_address'],
- $_POST['status'] );
- }
- else
- {
- $use_new_password = false;
- if ( $_POST['use_new_pwd'] == 1)
- {
- $use_new_password = true;
- }
- $error = update_user( $_GET['user_id'], $_POST['mail_address'],
- $_POST['status'], $use_new_password,
- $_POST['password'] );
- }
- }
- if ( sizeof( $error ) > 0 )
- {
- echo "<div class=\"erreur\">".$lang['adduser_err_message'].sizeof( $error )." :";
- echo "<ul>";
- for ( $i = 0; $i < sizeof( $error ); $i++ )
- {
- echo "<li>".$error[$i]."</li>";
- }
- echo "</ul>";
- echo "</div>";
- }
- if ( sizeof( $error ) == 0 && $_GET['valider'] == 1 )
- {
- echo"<div class=\"info\">".$lang['adduser_info_message']."\"$pseudo\" ";
- if ( $_POST['use_new_pwd'] == 1 )
- {
- echo $lang['adduser_info_password_updated']." ";
- }
- echo"[ <a href=\"".add_session_id_to_url( "./admin.php?page=liste_users" )."\">".$lang['adduser_info_back']."</a> ]</div>";
- }
- if ( $_GET['valider'] != 1 || $_GET['mode'] != "modif" || sizeof( $error ) > 0 )
+ $vtp->addSession( $sub, 'confirmation' );
+ $vtp->setVar( $sub, 'confirmation.username', $_POST['username'] );
+ $url = add_session_id( './admin.php?page=user_list' );
+ $vtp->setVar( $sub, 'confirmation.url', $url );
+ $vtp->closeSession( $sub, 'confirmation' );
+ // reset all values
+ unset( $_POST );
+}
+//------------------------------------------------------------------------ form
+$action = add_session_id( './admin.php?page=user_add' );
+$vtp->setVar( $sub, 'form_action', $action );
+$vtp->setVar( $sub, 'user:username', $_POST['username'] );
+$vtp->setVar( $sub, 'user:password', $_POST['password'] );
+$vtp->setVar( $sub, 'user:mail_address', $_POST['mail_address'] );
+
+if ( !isset( $_POST['status'] ) )
+{
+ $_POST['status'] = 'guest';
+}
+$option = get_enums( $prefixeTable.'users', 'status' );
+for ( $i = 0; $i < sizeof( $option ); $i++ )
+{
+ $vtp->addSession( $sub, 'status_option' );
+ $vtp->setVar( $sub, 'status_option.value', $option[$i] );
+ $vtp->setVar( $sub, 'status_option.option',
+ $lang['adduser_status_'.$option[$i]] );
+ if( $option[$i] == $_POST['status'] )
{
- if ( $_GET['mode'] != "modif" && sizeof( $error ) == 0 )
- {
- unset( $pseudo, $password, $status, $mail_address );
- }
- if ( !isset( $_POST['use_new_pwd'] ) || $_POST['use_new_pwd'] != 1 )
- {
- unset( $password );
- }
- $action = "./admin.php?page=ajout&amp;valider=1";
- if ( $_GET['mode'] == "modif" )
- {
- $action.= "&amp;mode=modif&amp;user_id=".$_GET['user_id'];
- }
- echo"<form method=\"post\" action=\"".add_session_id_to_url( $action )."\">
- <table style=\"width:100%;\">
- <tr align=\"center\" valign=\"middle\">
- <td>
- <table style=\"margin-left:auto;margin-right:auto;\">
- <tr>
- <th colspan=\"2\">".$lang['adduser_fill_form']."</th>
- </tr>
- <tr>
- <td colspan=\"2\"><div style=\"margin-bottom:0px;\">&nbsp;</div></td>
- </tr>
- <tr>
- <td>".$lang['adduser_login']."</td>
- <td>";
- if ( $_GET['mode'] == "modif" )
- {
- echo"<span style=\"color:red;\">$pseudo [".$lang['adduser_unmodify']."]</span>";
- echo"<input type=\"hidden\" name=\"pseudo\" value=\"$pseudo\"/>";
- }
- else
- {
- echo"<input type=\"text\" name=\"pseudo\" value=\"$pseudo\"/>";
- }
- echo"
- </td>
- </tr>";
- echo"
- <tr>
- <td>";
- if ( $_GET['mode'] == "modif" )
- {
- echo $lang['new']." ".$lang['password']."<input type=\"checkbox\" name=\"use_new_pwd\" value=\"1\"";
- if ( isset( $_POST['use_new_pwd'] ) && $_POST['use_new_pwd'] == 1 )
- {
- echo " checked=\"checked\"";
- }
- echo " />";
- }
- else
- {
- echo $lang['password'];
- }
- echo"</td>
- <td>";
- echo"<input type=\"text\" name=\"password\" value=\"$password\"/></td>
- </tr>";
- echo"
- <tr>
- <td>".$lang['reg_mail_address']."</td>";
- echo "
- <td><input type=\"text\" name=\"mail_address\" value=\"$mail_address\"/></td>
- </tr>";
- echo"
- <tr>
- <td>".$lang['adduser_status']."</td>
- <td>";
- if ( $pseudo == $conf['webmaster'] )
- {
- echo "<span style=\"color:red;\">$status [".$lang['adduser_unmodify']."]</span>
- <input type=\"hidden\" name=\"status\" value=\"$status\"/>";
- }
- else
- {
- echo"
- <select name=\"status\">";
- // on récupère toutes les status possibles dans la base
- // par l'intermédiaire de la fonction get_enums
- $option = get_enums( $prefixeTable."users", "status" );
- for ( $i = 0; $i < sizeof( $option ); $i++ )
- {
- if ( isset( $status ) )
- {
- echo"
- <option value=\"$option[$i]\"";
- if ( $option[$i] == $status )
- {
- echo" selected=\"selected\"";
- }
- echo">";
- switch ( $option[$i] )
- {
- case "admin" :
- {
- echo $lang['adduser_status_admin'];
- break;
- }
- case "membre" :
- {
- echo $lang['adduser_status_member'];
- break;
- }
- case "visiteur" :
- {
- echo $lang['adduser_status_guest'];
- break;
- }
- }
- echo"</option>";
- }
- else
- {
- echo"
- <option value=\"$option[$i]\"";
- if ( $option[$i] == "visiteur" )
- {
- echo" selected=\"selected\"";
- }
- echo">";
- switch ( $option[$i] )
- {
- case "admin" :
- {
- echo $lang['adduser_status_admin'];
- break;
- }
- case "membre" :
- {
- echo $lang['adduser_status_member'];
- break;
- }
- case "visiteur" :
- {
- echo $lang['adduser_status_guest'];
- break;
- }
- }
- echo"</option>";
- }
- }
- echo"
- </select>";
- }
- echo"
- </td>
- </tr>
- <tr>
- <td colspan=\"2\" align=\"center\"><input type=\"submit\" value=\"".$lang['submit']."\"/></td>
- </tr>
- </table>
- </td>
- </tr>
- </table>
- </form>";
- if ( $_GET['mode'] == "modif" )
- {
- echo "<div style=\"text-align:center;margin-bottom:10px;\">[ <a href=\"".add_session_id_to_url( "./admin.php?page=liste_users" )."\">".$lang['adduser_info_back']."</a> ]</div>";
- }
+ $vtp->setVar( $sub, 'status_option.selected', ' selected="selected"' );
}
+ $vtp->closeSession( $sub, 'status_option' );
}
+//----------------------------------------------------------- sending html code
+$vtp->Parse( $handle , 'sub', $sub );
?> \ No newline at end of file
diff --git a/admin/user_list.php b/admin/user_list.php
index 8221ed30f..bcf6cc988 100644
--- a/admin/user_list.php
+++ b/admin/user_list.php
@@ -1,9 +1,9 @@
<?php
/***************************************************************************
- * liste_users.php is a part of PhpWebGallery *
+ * user_list.php *
* ------------------- *
- * last update : Tuesday, July 16, 2002 *
- * email : pierrick@z0rglub.com *
+ * application : PhpWebGallery 1.3 *
+ * author : Pierrick LE GALL <pierrick@z0rglub.com> *
* *
***************************************************************************/
@@ -38,9 +38,9 @@ $vtp->setGlobalVar( $sub, 'listuser_button_invert',
$vtp->setGlobalVar( $sub, 'listuser_button_create_address',
$lang['listuser_button_create_address'] );
//--------------------------------------------------------------- delete a user
-if ( isset ( $_GET['delete'] ) && is_numeric( $_GET['delete'] ) )
+if ( isset ( $_GET['delete'] ) and is_numeric( $_GET['delete'] ) )
{
- $query = 'select pseudo';
+ $query = 'select username';
$query.= ' from '.$prefixeTable.'users';
$query.= ' where id = '.$_GET['delete'];
$query.= ';';
@@ -49,7 +49,7 @@ if ( isset ( $_GET['delete'] ) && is_numeric( $_GET['delete'] ) )
if ( $_GET['confirm'] != 1 )
{
$vtp->addSession( $sub, 'deletion' );
- $vtp->setVar( $sub, 'deletion.login', $row['pseudo'] );
+ $vtp->setVar( $sub, 'deletion.login', $row['username'] );
$yes_url = './admin.php?page=user_list&amp;delete='.$_GET['delete'];
$yes_url.= '&amp;confirm=1';
$vtp->setVar( $sub, 'deletion.yes_url', add_session_id( $yes_url ) );
@@ -61,7 +61,8 @@ if ( isset ( $_GET['delete'] ) && is_numeric( $_GET['delete'] ) )
else
{
$vtp->addSession( $sub, 'confirmation' );
- if ( $row['pseudo'] != 'visiteur' && $row['pseudo'] != $conf['webmaster'] )
+ if ( $row['username'] != 'guest'
+ and $row['username'] != $conf['webmaster'] )
{
$query = 'select count(*) as nb_result';
$query.= ' from '.$prefixeTable.'users';
@@ -72,7 +73,7 @@ if ( isset ( $_GET['delete'] ) && is_numeric( $_GET['delete'] ) )
{
delete_user( $_GET['delete'] );
$vtp->setVar( $sub, 'confirmation.class', 'info' );
- $info = '"'.$row['pseudo'].'" '.$lang['listuser_info_deletion'];
+ $info = '"'.$row['username'].'" '.$lang['listuser_info_deletion'];
$vtp->setVar( $sub, 'confirmation.info', $info );
}
else
@@ -101,9 +102,9 @@ else
}
$vtp->setVar( $sub, 'users.form_action', $action );
- $query = 'select id,pseudo,status,mail_address';
+ $query = 'select id,username,status,mail_address';
$query.= ' from '.$prefixeTable.'users';
- $query.= ' order by status asc, pseudo asc';
+ $query.= ' order by status asc, username asc';
$query.= ';';
$result = mysql_query( $query );
@@ -126,7 +127,7 @@ else
$title.= $lang['adduser_status_admin'];
break;
}
- case 'visiteur' :
+ case 'guest' :
{
$title.= $lang['adduser_status_guest'];
break;
@@ -137,26 +138,33 @@ else
}
$vtp->addSession( $sub, 'user' );
// checkbox for mail management if the user has a mail address
- if ( $row['mail_address'] != '' && $row['pseudo'] != 'visiteur' )
+ if ( $row['mail_address'] != '' and $row['username'] != 'guest' )
{
$vtp->addSession( $sub, 'checkbox' );
$vtp->setVar( $sub, 'checkbox.name', 'mail-'.$row['id'] );
$vtp->closeSession( $sub, 'checkbox' );
}
// use a special color for the login of the user ?
- if ( $row['pseudo'] == $conf['webmaster'] )
+ if ( $row['username'] == $conf['webmaster'] )
{
$vtp->setVar( $sub, 'user.color', 'red' );
}
- if ( $row['pseudo'] == "visiteur" )
+ if ( $row['username'] == 'guest' )
{
$vtp->setVar( $sub, 'user.color', 'green' );
}
- $vtp->setVar( $sub, 'user.login', $row['pseudo'] );
+ if ( $row['username'] == 'guest' )
+ {
+ $vtp->setVar( $sub, 'user.login', $lang['guest'] );
+ }
+ else
+ {
+ $vtp->setVar( $sub, 'user.login', $row['username'] );
+ }
// modify or not modify ?
- if ( $row['pseudo'] == "visiteur"
- || ( $row['pseudo'] == $conf['webmaster']
- && $user['pseudo'] != $conf['webmaster'] ) )
+ if ( $row['username'] == 'guest'
+ or ( $row['username'] == $conf['webmaster']
+ and $user['username'] != $conf['webmaster'] ) )
{
$vtp->addSession( $sub, 'not_modify' );
$vtp->closeSession( $sub, 'not_modify' );
@@ -164,14 +172,14 @@ else
else
{
$vtp->addSession( $sub, 'modify' );
- $url = './admin.php?page=user_add&amp;mode=modif&amp;user_id=';
+ $url = './admin.php?page=user_modify&amp;user_id=';
$url.= $row['id'];
$vtp->setVar( $sub, 'modify.url', add_session_id( $url ) );
- $vtp->setVar( $sub, 'modify.login', $row['pseudo'] );
+ $vtp->setVar( $sub, 'modify.login', $row['username'] );
$vtp->closeSession( $sub, 'modify' );
}
// manage permission or not ?
- if ( $row['pseudo'] == $conf['webmaster'] )
+ if ( $row['username'] == $conf['webmaster'] )
{
$vtp->addSession( $sub, 'not_permission' );
$vtp->closeSession( $sub, 'not_permission' );
@@ -181,11 +189,12 @@ else
$vtp->addSession( $sub, 'permission' );
$url = './admin.php?page=perm&amp;user_id='.$row['id'];
$vtp->setVar( $sub, 'permission.url', add_session_id( $url ) );
- $vtp->setVar( $sub, 'permission.login', $row['pseudo'] );
+ $vtp->setVar( $sub, 'permission.login', $row['username'] );
$vtp->closeSession( $sub, 'permission' );
}
// is the user deletable or not ?
- if ( $row['pseudo'] == 'visiteur' || $row['pseudo'] == $conf['webmaster'] )
+ if ( $row['username'] == 'guest'
+ or $row['username'] == $conf['webmaster'] )
{
$vtp->addSession( $sub, 'not_delete' );
$vtp->closeSession( $sub, 'not_delete' );
@@ -195,7 +204,7 @@ else
$vtp->addSession( $sub, 'delete' );
$url = './admin.php?page=user_list&amp;delete='.$row['id'];
$vtp->setVar( $sub, 'delete.url', add_session_id( $url ) );
- $vtp->setVar( $sub, 'delete.login', $row['pseudo'] );
+ $vtp->setVar( $sub, 'delete.login', $row['username'] );
$vtp->closeSession( $sub, 'delete' );
}
$vtp->closeSession( $sub, 'user' );
diff --git a/admin/user_modify.php b/admin/user_modify.php
index fad131d81..6e14589c3 100644
--- a/admin/user_modify.php
+++ b/admin/user_modify.php
@@ -18,11 +18,16 @@ include_once( './include/isadmin.inc.php' );
//----------------------------------------------------- template initialization
$sub = $vtp->Open( '../template/'.$user['template'].'/admin/user_modify.vtp' );
$error = array();
-$tpl = array( 'user_err_modify', 'user_err_unknown' );
-templatize_array( $tpl, 'lang' );
+$tpl = array( 'adduser_info_message', 'adduser_info_back', 'adduser_fill_form',
+ 'login', 'new', 'password', 'mail_address', 'adduser_status',
+ 'submit', 'adduser_info_password_updated' );
+templatize_array( $tpl, 'lang', $sub );
//--------------------------------------------------------- form criteria check
+$error = array();
$display_form = true;
+// retrieving information in the database about the user identified by its
+// id in $_GET['user_id']
$query = 'select';
$query.= ' username,status,mail_address';
$query.= ' from '.$prefixeTable.'users';
@@ -30,34 +35,95 @@ $query.= ' where id = '.$_GET['user_id'];
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
-$username = $row['username'];
-$status = $row['status'];
-$mail_address = $row['mail_address'];
-
-if ( $username == 'guest'
- or ( $username == $conf['webmaster']
+// user is not modifiable if :
+// 1. the selected user is the user "guest"
+// 2. the selected user is the webmaster and the user making the modification
+// is not the webmaster
+if ( $row['username'] == 'guest'
+ or ( $row['username'] == $conf['webmaster']
and $user['username'] != $conf['webmaster'] ) )
{
- $vtp->addSession( $sub, 'err_modify' );
- $vtp->closeSession( $sub, 'err_modify' );
+ array_push( $error, $lang['user_err_modify'] );
$display_form = false;
}
-if ( $username == '' )
+// if the user was not found in the database, no modification possible
+if ( $row['username'] == '' )
{
- $vtp->addSession( $sub, 'err_unknown' );
- $vtp->closeSession( $sub, 'err_unknown' );
+ array_push( $error, $lang['user_err_unknown'] );
$display_form = false;
}
-if ( $display_form and isset( $_POST['submit'] ) )
+if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) )
{
+ // shall we use a new password and overwrite the old one ?
$use_new_password = false;
if ( $_POST['use_new_pwd'] == 1)
{
$use_new_password = true;
}
- $error = update_user(
- $_GET['user_id'], $_POST['mail_address'], $_POST['status'],
- $use_new_password, $POST['password'] );
+ $error = array_merge( $error, update_user(
+ $_GET['user_id'], $_POST['mail_address'],
+ $_POST['status'], $use_new_password,
+ $_POST['password'] ) );
+}
+//-------------------------------------------------------------- errors display
+if ( sizeof( $error ) != 0 )
+{
+ $vtp->addSession( $sub, 'errors' );
+ for ( $i = 0; $i < sizeof( $error ); $i++ )
+ {
+ $vtp->addSession( $sub, 'li' );
+ $vtp->setVar( $sub, 'li.li', $error[$i] );
+ $vtp->closeSession( $sub, 'li' );
+ }
+ $vtp->closeSession( $sub, 'errors' );
+}
+//---------------------------------------------------------------- confirmation
+if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) )
+{
+ $vtp->addSession( $sub, 'confirmation' );
+ $vtp->setVar( $sub, 'confirmation.username', $row['username'] );
+ $url = add_session_id( './admin.php?page=user_list' );
+ $vtp->setVar( $sub, 'confirmation.url', $url );
+ $vtp->closeSession( $sub, 'confirmation' );
+ if ( $use_new_pwd )
+ {
+ $vtp->addSession( $sub, 'password_updated' );
+ $vtp->closeSession( $sub, 'password_updated' );
+ }
+ $display_form = false;
+}
+//------------------------------------------------------------------------ form
+if ( $display_form )
+{
+ $vtp->addSession( $sub, 'form' );
+ $action = './admin.php?page=user_modify&amp;user_id='.$_GET['user_id'];
+ $vtp->setVar( $sub, 'form.form_action', add_session_id( $action ) );
+ $vtp->setVar( $sub, 'form.user:username', $row['username'] );
+ $vtp->setVar( $sub, 'form.user:password', $_POST['password'] );
+ $vtp->setVar( $sub, 'form.user:mail_address', $_POST['mail_address'] );
+
+ if ( !isset( $_POST['status'] ) )
+ {
+ $_POST['status'] = 'guest';
+ }
+ $option = get_enums( $prefixeTable.'users', 'status' );
+ for ( $i = 0; $i < sizeof( $option ); $i++ )
+ {
+ $vtp->addSession( $sub, 'status_option' );
+ $vtp->setVar( $sub, 'status_option.value', $option[$i] );
+ $vtp->setVar( $sub, 'status_option.option',
+ $lang['adduser_status_'.$option[$i]] );
+ if( $option[$i] == $_POST['status'] )
+ {
+ $vtp->setVar( $sub, 'status_option.selected', ' selected="selected"' );
+ }
+ $vtp->closeSession( $sub, 'status_option' );
+ }
+ $url = add_session_id( './admin.php?page=user_list' );
+ $vtp->setVar( $sub, 'form.url_back', $url );
+ $vtp->closeSession( $sub, 'form' );
}
+//----------------------------------------------------------- sending html code
+$vtp->Parse( $handle , 'sub', $sub );
?> \ No newline at end of file
diff --git a/category.php b/category.php
index 32cf0a361..6f36b1366 100644
--- a/category.php
+++ b/category.php
@@ -96,16 +96,17 @@ $tpl = array( 'categories','hint_category','sub-cat','images_available',
'favorite_cat_hint','favorite_cat','stats',
'most_visited_cat_hint','most_visited_cat','recent_cat',
'recent_cat_hint' );
-templatize_array( $tpl, 'lang' );
+templatize_array( $tpl, 'lang', $handle );
$tpl = array( 'mail_webmaster','webmaster','top_number','version','site_url' );
-templatize_array( $tpl, 'conf' );
+templatize_array( $tpl, 'conf', $handle );
-$tpl = array( 'short_period','long_period','style','lien_collapsed','pseudo' );
-templatize_array( $tpl, 'user' );
+$tpl = array( 'short_period','long_period','style','lien_collapsed',
+ 'username' );
+templatize_array( $tpl, 'user', $handle );
$tpl = array( 'title','navigation_bar','cat_comment','cat_nb_images' );
-templatize_array( $tpl, 'page' );
+templatize_array( $tpl, 'page', $handle );
// special global template vars
$vtp->setGlobalVar( $handle, 'icon_short', get_icon( time() ) );
diff --git a/identification.php b/identification.php
index d4c734939..ddbc2b932 100644
--- a/identification.php
+++ b/identification.php
@@ -1,9 +1,9 @@
<?php
/***************************************************************************
- * identification.php is a part of PhpWebGallery *
- * ------------------- *
- * last update : Thursday, December 26, 2002 *
- * email : pierrick@z0rglub.com *
+ * identification.php *
+ * ------------------ *
+ * application : PhpWebGallery 1.3 *
+ * author : Pierrick LE GALL <pierrick@z0rglub.com> *
* *
***************************************************************************/
@@ -25,15 +25,15 @@ if ( isset( $_POST['login'] ) )
// retrieving the encrypted password of the login submitted
$query = 'select password';
$query.= ' from '.$prefixeTable.'users';
- $query.= " where pseudo = '".$_POST['login']."';";
+ $query.= " where username = '".$_POST['login']."';";
$row = mysql_fetch_array( mysql_query( $query ) );
if( $row['password'] == md5( $_POST['pass'] ) )
{
$session_id = session_create( $_POST['login'] );
$url = 'category.php?id='.$session_id;
- header( "Request-URI: $url" );
- header( "Content-Location: $url" );
- header( "Location: $url" );
+ header( 'Request-URI: '.$url );
+ header( 'Content-Location: '.$url );
+ header( 'Location: '.$url );
exit();
}
else
@@ -77,17 +77,17 @@ if ( sizeof( $error ) != 0 )
}
//------------------------------------------------------------------ users list
// retrieving all the users login
-$query = 'select pseudo from '.$prefixeTable.'users;';
+$query = 'select username from '.$prefixeTable.'users;';
$result = mysql_query( $query );
if ( mysql_num_rows ( $result ) < $conf['max_user_listbox'] )
{
$vtp->addSession( $handle, 'select_field' );
while ( $row = mysql_fetch_array( $result ) )
{
- if ( $row['pseudo'] != 'visiteur' )
+ if ( $row['username'] != 'guest' )
{
$vtp->addSession( $handle, 'option' );
- $vtp->setVar( $handle, 'option.option', $row['pseudo'] );
+ $vtp->setVar( $handle, 'option.option', $row['username'] );
$vtp->closeSession( $handle, 'option' );
}
}
diff --git a/include/functions.inc.php b/include/functions.inc.php
index 76c95e326..85db1eb76 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -20,6 +20,33 @@ include( 'functions_category.inc.php' );
//----------------------------------------------------------- generic functions
+// get_enums returns an array containing the possible values of a enum field
+// in a table of the database.
+function get_enums( $table, $field )
+{
+ // retrieving the properties of the table. Each line represents a field :
+ // columns are 'Field', 'Type'
+ $result=mysql_query("desc $table");
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ // we are only interested in the the field given in parameter for the
+ // function
+ if ( $row['Field']==$field )
+ {
+ // retrieving possible values of the enum field
+ // enum('blue','green','black')
+ $option = explode( ',', substr($row['Type'], 5, -1 ) );
+ for ( $i = 0; $i < sizeof( $option ); $i++ )
+ {
+ // deletion of quotation marks
+ $option[$i] = str_replace( "'", '',$option[$i] );
+ }
+ }
+ }
+ mysql_free_result( $result );
+ return $option;
+}
+
// get_boolean transforms a string to a boolean value. If the string is
// "false" (case insensitive), then the boolean value false is returned. In
// any other case, true is returned.
@@ -54,9 +81,9 @@ function array_remove( $array, $value )
// are precised : e.g. 1052343429.89276600
function get_moment()
{
- $t1 = explode( " ", microtime() );
- $t2 = explode( ".", $t1[0] );
- $t2 = $t1[1].".".$t2[1];
+ $t1 = explode( ' ', microtime() );
+ $t2 = explode( '.', $t1[0] );
+ $t2 = $t1[1].'.'.$t2[1];
return $t2;
}
@@ -273,9 +300,9 @@ function pwg_log( $file, $category, $picture = '' )
}
}
-function templatize_array( $array, $global_array_name )
+function templatize_array( $array, $global_array_name, $handle )
{
- global $vtp, $handle, $lang, $page, $user, $conf;
+ global $vtp, $lang, $page, $user, $conf;
for( $i = 0; $i < sizeof( $array ); $i++ )
{
diff --git a/include/functions_category.inc.php b/include/functions_category.inc.php
index 051e89f56..115ee434e 100644
--- a/include/functions_category.inc.php
+++ b/include/functions_category.inc.php
@@ -1,6 +1,6 @@
<?php
/***************************************************************************
- * functions_category.inc.php *
+ * functions_category.inc.php *
* -------------------- *
* application : PhpWebGallery 1.3 *
* author : Pierrick LE GALL <pierrick@z0rglub.com> *
@@ -131,7 +131,7 @@ function display_cat( $id_uppercat, $indent, $restriction, $tab_expand )
{
$url.= "&amp;search=".$_GET['search'];
}
- $lien_cat = add_session_id_to_url( $url );
+ $lien_cat = add_session_id( $url );
if ( $row['name'] == "" )
{
$name = str_replace( "_", " ", $row['dir'] );
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index e85447221..722627dc7 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -48,10 +48,10 @@ function generate_key()
return $key;
}
-function session_create( $pseudo )
+function session_create( $username )
{
global $conf,$prefixeTable,$REMOTE_ADDR;
- // 1. trouver une clé de session inexistante
+ // 1. searching an unused sesison key
$id_found = false;
while ( !$id_found )
{
@@ -65,14 +65,13 @@ function session_create( $pseudo )
$id_found = true;
}
}
- // 2. récupération de l'id de l'utilisateur dont le pseudo
- // est passé en paramètre
+ // 2. retrieving id of the username given in parameter
$query = 'select id';
$query.= ' from '.$prefixeTable.'users';
- $query.= " where pseudo = '".$pseudo."';";
+ $query.= " where username = '".$username."';";
$row = mysql_fetch_array( mysql_query( $query ) );
$user_id = $row['id'];
- // 3. insertion de la session dans la base de donnée
+ // 3. inserting session in database
$expiration = $conf['session_time']*60+time();
$query = 'insert into '.$prefixeTable.'sessions';
$query.= ' (id,user_id,expiration,ip) values';
@@ -82,49 +81,28 @@ function session_create( $pseudo )
return $generated_id;
}
-
-function add_session_id_to_url( $url, $redirect = false )
-{
- global $page, $user;
- $amp = "&amp;";
- if ( $redirect )
- {
- $amp = "&";
- }
- if ( !$user['is_the_guest'] )
- {
- if ( ereg( "\.php\?",$url ) )
- {
- return $url.$amp."id=".$page['session_id'];
- }
- else
- {
- return $url."?id=".$page['session_id'];
- }
- }
- else
- {
- return $url;
- }
-}
+// add_session_id adds the id of the session to the string given in
+// parameter as $url. If the session id is the first parameter to the url,
+// it is preceded by a '?', else it is preceded by a '&amp;'. If the
+// parameter $redirect is set to true, '&' is used instead of '&'.
function add_session_id( $url, $redirect = false )
{
global $page, $user;
- $amp = "&amp;";
+ $amp = '&amp;';
if ( $redirect )
{
- $amp = "&";
+ $amp = '&';
}
if ( !$user['is_the_guest'] )
{
- if ( ereg( "\.php\?",$url ) )
+ if ( preg_match( '/\.php\?/',$url ) )
{
- return $url.$amp."id=".$page['session_id'];
+ return $url.$amp.'id='.$page['session_id'];
}
else
{
- return $url."?id=".$page['session_id'];
+ return $url.'?id='.$page['session_id'];
}
}
else
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 48160f113..03be22b1a 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -14,34 +14,39 @@
* the Free Software Foundation; *
* *
***************************************************************************/
+
+// validate_mail_address verifies whether the given mail address has the
+// right format. ie someone@domain.com "someone" can contain ".", "-" or
+// even "_". Exactly as "domain". The extension doesn't have to be
+// "com". The mail address can also be empty.
+// If the mail address doesn't correspond, an error message is returned.
function validate_mail_address( $mail_address )
{
global $lang;
- $output = '';
- // le mail doit être conforme à qqch du type : nom@serveur.com
- if ( $mail_address != ''
- and !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)",
- $mail_address ) )
+ if ( $mail_address == '' )
{
- $output = $lang['reg_err_mail_address'];
+ return '';
+ }
+ $regex = '/^[\w-]+(\.[\w-]+)*@[\w-]+(\.[\w-]+)*\.[a-z]+$/';
+ if ( !preg_match( $regex, $mail_address ) )
+ {
+ return $lang['reg_err_mail_address'];
}
-
- return $output;
}
-function register_user( $login, $password, $password_conf,
- $mail_address, $status = 'visiteur' )
+function register_user(
+ $login, $password, $password_conf, $mail_address, $status = 'guest' )
{
- global $prefixeTable;
+ global $prefixeTable, $lang;
$error = array();
$i = 0;
- // le login ne doit pas
- // 1. être vide
- // 2. commencer ou se terminer par un espace
- // 3. comporter les caractères ' ou "
- // 4. être déjà utilisé
+ // login must not
+ // 1. be empty
+ // 2. start ou end with space character
+ // 3. include ' or " characters
+ // 4. be already used
if ( $login == '' )
{
$error[$i++] = $lang['reg_err_login1'];
@@ -62,15 +67,14 @@ function register_user( $login, $password, $password_conf,
{
$query = 'select id';
$query.= ' from '.$prefixeTable.'users';
- $query.= " where pseudo = '".$login."';";
+ $query.= " where username = '".$login."';";
$result = mysql_query( $query );
if ( mysql_num_rows( $result ) > 0 )
{
$error[$i++] = $lang['reg_err_login5'];
}
}
- // on vérifie que le password rentré correspond bien
- // à la confirmation faite par l'utilisateur
+ // given password must be the same as the confirmation
if ( $password != $password_conf )
{
$error[$i++] = $lang['reg_err_pass'];
@@ -81,12 +85,11 @@ function register_user( $login, $password, $password_conf,
{
$error[$i++] = $error_mail_address;
}
-
- // on enregistre le nouvel utilisateur si aucune
- //erreur détectée dans les paramètres
+
+ // if no error until here, registration of the user
if ( sizeof( $error ) == 0 )
{
- // 1.récupération des valeurs par défaut de l'application
+ // 1. retrieving default values, the ones of the user "guest"
$infos = array( 'nb_image_line', 'nb_line_page', 'theme', 'language',
'maxwidth', 'maxheight', 'expand', 'show_nb_comments',
'short_period', 'long_period', 'template' );
@@ -104,17 +107,17 @@ function register_user( $login, $password, $password_conf,
$query.= $infos[$i];
}
$query.= ' from '.$prefixeTable.'users';
- $query.= " where pseudo = 'visiteur';";
+ $query.= " where username = 'guest';";
$row = mysql_fetch_array( mysql_query( $query ) );
- // 2.ajout du nouvel utilisateur
+ // 2. adding new user
$query = 'insert into '.$prefixeTable.'users';
$query.= ' (';
- $query.= ' pseudo,password,mail_address,status';
+ $query.= ' username,password,mail_address,status';
for ( $i = 0; $i < sizeof( $infos ); $i++ )
{
$query.= ','.$infos[$i];
}
- $query.= ' values (';
+ $query.= ') values (';
$query.= " '".$login."'";
$query.= ",'".md5( $password )."'";
if ( $mail_address != '' )
@@ -128,23 +131,30 @@ function register_user( $login, $password, $password_conf,
$query.= ",'".$status."'";
for ( $i = 0; $i < sizeof( $infos ); $i++ )
{
- $query.= ','.$row[$infos[$i]];
+ $query.= ',';
+ if ( $row[$infos[$i]] == '' )
+ {
+ $query.= 'NULL';
+ }
+ else
+ {
+ $query.= "'".$row[$infos[$i]]."'";
+ }
}
$query.= ');';
mysql_query( $query );
- // 3. récupérer l'identifiant de l'utilisateur nouvellement créé
+ // 3. retrieving the id of the newly created user
$query = 'select id';
$query.= ' from '.$prefixeTable.'users';
- $query.= " where pseudo = '".$login."';";
+ $query.= " where username = '".$login."';";
$row = mysql_fetch_array( mysql_query( $query ) );
$user_id = $row['id'];
- // 4.ajouter les restrictions au nouvel utilisateur,
- // les mêmes que celles de l'utilisateur par défaut
+ // 4. adding restrictions to the new user, the same as the user "guest"
$query = 'select cat_id';
$query.= ' from '.$prefixeTable.'restrictions as r';
$query.= ','.$prefixeTable.'users as u ';
$query.= ' where u.id = r.user_id';
- $query.= " and u.pseudo = 'visiteur';";
+ $query.= " and u.username = 'guest';";
$result = mysql_query( $query );
while( $row = mysql_fetch_array( $result ) )
{
@@ -190,6 +200,7 @@ function update_user( $user_id, $mail_address, $status,
}
$query.= ' where id = '.$user_id;
$query.= ';';
+ echo $query;
mysql_query( $query );
}
return $error;
diff --git a/include/init.inc.php b/include/init.inc.php
index 041545b3f..21a3ac8b0 100644
--- a/include/init.inc.php
+++ b/include/init.inc.php
@@ -29,9 +29,11 @@ $user['restrictions'] = get_restrictions( $user['id'], $user['status'], true );
$isadmin = false;
include_once( './language/'.$user['language'].'.php' );
+// displaying the username in the language of the connected user, instead of
+// "guest" as you can find in the database
if ( $user['is_the_guest'] )
{
- $user['pseudo'] = $lang['guest'];
+ $user['username'] = $lang['guest'];
}
include_once( './template/'.$user['template'].'/style.inc.php' );
include_once( './template/'.$user['template'].'/htmlfunctions.inc.php' );
diff --git a/include/user.inc.php b/include/user.inc.php
index b323385e7..3a95e08ab 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -1,9 +1,9 @@
<?php
/***************************************************************************
- * user.inc.php is a part of PhpWebGallery *
- * ------------------- *
- * last update : Saturday, October 26, 2002 *
- * email : pierrick@z0rglub.com *
+ * user.inc.php *
+ * ------------------ *
+ * application : PhpWebGallery 1.3 *
+ * author : Pierrick LE GALL <pierrick@z0rglub.com> *
* *
***************************************************************************
@@ -19,7 +19,7 @@
// Each field becomes an information of the array $user.
// Example :
// status --> $user['status']
-$infos = array( 'id', 'pseudo', 'mail_address', 'nb_image_line',
+$infos = array( 'id', 'username', 'mail_address', 'nb_image_line',
'nb_line_page', 'status', 'theme', 'language', 'maxwidth',
'maxheight', 'expand', 'show_nb_comments', 'short_period',
'long_period', 'template' );
@@ -71,7 +71,7 @@ if ( isset( $_GET['id'] )
}
if ( !$query_done )
{
- $query_user .= " where pseudo = 'visiteur'";
+ $query_user .= ' where id = 2';
$user['is_the_guest'] = true;
}
$query_user .= ';';
diff --git a/language/francais.php b/language/francais.php
index f760c9622..ceea46d63 100644
--- a/language/francais.php
+++ b/language/francais.php
@@ -14,6 +14,7 @@ $lang['date'] = 'date';
$lang['no'] = 'non';
$lang['yes'] = 'oui';
$lang['guest'] = 'visiteur';
+$lang['mail_address'] = 'adresse mail';
// end version 1.3
// page diapo
@@ -172,7 +173,9 @@ $lang['reg_err_login4'] = 'le pseudo ne doit pas comporter les caractère " et \'
$lang['reg_err_login5'] = 'ce pseudo est déjà utilisé';
$lang['reg_err_pass'] = 'veuillez retaper le mot de passe';
$lang['reg_confirm'] = 'confirmer';
-$lang['reg_mail_address'] = 'adresse mail';
+// start version 1.3
+// $lang['reg_mail_address'] = 'adresse mail';
+// end version 1.3
$lang['reg_err_mail_address'] = 'l\'adresse mail doit être de la forme xxx@yyy.eee (exemple : jack@altern.org)';
// page search
@@ -201,7 +204,11 @@ $lang['upload_successful'] = 'Image uploadée avec succès, un administrateur vali
if ( $isadmin )
{
// page admin
- $lang['title_add'] = 'Ajouter/Modifier un utilisateur';
+// start version 1.3
+// $lang['title_add'] = 'Ajouter/Modifier un utilisateur';
+ $lang['title_add'] = 'Ajouter un utilisateur';
+ $lang['title_modify'] = 'Modifier un utilisateur';
+// end version 1.3
$lang['title_liste_users'] = 'Liste des utilisateurs';
$lang['title_history'] = 'Historique';
$lang['title_update'] = 'Mise à jour de la base de données';
@@ -342,24 +349,29 @@ if ( $isadmin )
$lang['user_err_unknown'] = 'Cet utilisateur n\'existe pas dans la base de données';
// page d\'ajout/modification d\'utilisateur
-
- $lang['reg_err_login1'] = 'veuillez rentrer un pseudo';
- $lang['reg_err_login2'] = 'le pseudo ne doit pas se terminer par un espace';
- $lang['reg_err_login3'] = 'le pseudo ne doit pas commencer par un espace';
- $lang['reg_err_login4'] = 'le pseudo ne doit pas comporter les caractère " et \'';
- $lang['reg_err_login5'] = 'ce pseudo est déjà utilisé';
+// start version 1.3
+// $lang['reg_err_login1'] = 'veuillez rentrer un pseudo';
+// $lang['reg_err_login2'] = 'le pseudo ne doit pas se terminer par un espace';
+// $lang['reg_err_login3'] = 'le pseudo ne doit pas commencer par un espace';
+// $lang['reg_err_login4'] = 'le pseudo ne doit pas comporter les caractère " et \'';
+// $lang['reg_err_login5'] = 'ce pseudo est déjà utilisé';
- $lang['adduser_err_message'] = 'Vous avez commis des erreurs au nombre de ';
+// $lang['adduser_err_message'] = 'Vous avez commis des erreurs au nombre de ';
+// end version 1.3
$lang['adduser_info_message'] = 'Informations enregistrées dans la base de données concernant ';
$lang['adduser_info_password_updated'] = '(mot de passe modifié)';
$lang['adduser_info_back'] = 'retour liste utilisateurs';
$lang['adduser_fill_form'] = 'Veuillez remplir les champs suivants';
- $lang['adduser_login'] = 'pseudo';
+// start version 1.3
+// $lang['adduser_login'] = 'pseudo';
+// end version 1.3
$lang['adduser_unmodify'] = 'non modifiable';
$lang['adduser_status'] = 'status';
$lang['adduser_status_admin'] = 'admin';
- $lang['adduser_status_member'] = 'membre';
+// start version 1.3
+// $lang['adduser_status_member'] = 'membre';
+// end version 1.3
$lang['adduser_status_guest'] = 'visiteur';
// page permissions
diff --git a/profile.php b/profile.php
index 1f3d63828..b72e6db6a 100644
--- a/profile.php
+++ b/profile.php
@@ -152,12 +152,8 @@ $vtp->setGlobalVar( $handle, 'password', $lang['password'] );
$vtp->setGlobalVar( $handle, 'new', $lang['new'] );
$vtp->setGlobalVar( $handle, 'reg_confirm', $lang['reg_confirm'] );
$vtp->setGlobalVar( $handle, 'submit', $lang['submit'] );
-// user
-$vtp->setGlobalVar( $handle, 'page_style', $user['style'] );
-// structure
-$vtp->setGlobalVar( $handle, 'frame_start', get_frame_start() );
-$vtp->setGlobalVar( $handle, 'frame_begin', get_frame_begin() );
-$vtp->setGlobalVar( $handle, 'frame_end', get_frame_end() );
+
+initialize_template();
//----------------------------------------------------------------- form action
$url = './profile.php?cat='.$page['cat'].'&amp;expand='.$page['expand'];
if ( $page['cat'] == 'search' )
@@ -328,7 +324,7 @@ if ( in_array( 'maxheight', $infos ) )
if ( in_array( 'mail_address', $infos ) )
{
$vtp->addSession( $handle, 'line' );
- $vtp->setVar( $handle, 'line.name', $lang['reg_mail_address'] );
+ $vtp->setVar( $handle, 'line.name', $lang['mail_address'] );
$vtp->addSession( $handle, 'text' );
$vtp->setVar( $handle, 'text.name', 'mail_address' );
$vtp->setVar( $handle, 'text.value', $user['mail_address'] );
diff --git a/template/default/admin/user_add.vtp b/template/default/admin/user_add.vtp
new file mode 100644
index 000000000..8cfe05bf1
--- /dev/null
+++ b/template/default/admin/user_add.vtp
@@ -0,0 +1,58 @@
+<!--VTP_errors-->
+<div class="errors">
+ <ul>
+ <!--VTP_li-->
+ <li>{#li}</li>
+ <!--/VTP_li-->
+ </ul>
+</div>
+<!--/VTP_errors-->
+<!--VTP_confirmation-->
+<div class="info">
+ {#adduser_info_message} "{#username}"
+ [ <a href="{#url}">{#adduser_info_back}</a> ]
+</div>
+<!--/VTP_confirmation-->
+<form method="post" action="{#form_action}">
+ <table style="width:100%;">
+ <tr align="center" valign="middle">
+ <td>
+ <table style="margin-left:auto;margin-right:auto;">
+ <tr>
+ <th colspan="2">{#adduser_fill_form}</th>
+ </tr>
+ <tr>
+ <td colspan="2"><div style="margin-bottom:0px;">&nbsp;</div></td>
+ </tr>
+ <tr>
+ <td>{#login}</td>
+ <td><input type="text" name="username" value="{#user:username}" /></td>
+ </tr>
+ <tr>
+ <td>{#password}</td>
+ <td><input type="text" name="password" value="{#user:password}" /></td>
+ </tr>
+ <tr>
+ <td>{#mail_address}</td>
+ <td><input type="text" name="mail_address" value="{#user:mail_address}" /></td>
+ </tr>
+ <tr>
+ <td>{#adduser_status}</td>
+ <td>
+ <select name="status">
+ <!--VTP_status_option-->
+ <option value="{#value}"{#selected}>{#option}</option>
+ <!--/VTP_status_option-->
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" align="center">
+ <input type="submit" name="submit" value="{#submit}" />
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+</form> \ No newline at end of file
diff --git a/template/default/admin/user_modify.vtp b/template/default/admin/user_modify.vtp
new file mode 100644
index 000000000..53844d64f
--- /dev/null
+++ b/template/default/admin/user_modify.vtp
@@ -0,0 +1,66 @@
+<!--VTP_errors-->
+<div class="errors">
+ <ul>
+ <!--VTP_li-->
+ <li>{#li}</li>
+ <!--/VTP_li-->
+ </ul>
+</div>
+<!--/VTP_errors-->
+<!--VTP_confirmation-->
+<div class="info">
+ {#adduser_info_message} "{#username}"
+ <!--VTP_password_updated-->
+ {#adduser_info_password_updated}
+ <!--/VTP_password_updated-->
+ [ <a href="{#url}">{#adduser_info_back}</a> ]
+</div>
+<!--/VTP_confirmation-->
+<!--VTP_form-->
+<form method="post" action="{#form_action}">
+ <table style="width:100%;">
+ <tr align="center" valign="middle">
+ <td>
+ <table style="margin-left:auto;margin-right:auto;">
+ <tr>
+ <th colspan="2">{#adduser_fill_form}</th>
+ </tr>
+ <tr>
+ <td colspan="2"><div style="margin-bottom:0px;">&nbsp;</div></td>
+ </tr>
+ <tr>
+ <td>{#login}</td>
+ <td style="color:red;text-align:center;">{#user:username}</td>
+ </tr>
+ <tr>
+ <td>{#new} {#password}<input type="checkbox" name="use_new_pwd" value="1" /></td>
+ <td><input type="text" name="password" value="{#user:password}" /></td>
+ </tr>
+ <tr>
+ <td>{#mail_address}</td>
+ <td><input type="text" name="mail_address" value="{#user:mail_address}" /></td>
+ </tr>
+ <tr>
+ <td>{#adduser_status}</td>
+ <td>
+ <select name="status">
+ <!--VTP_status_option-->
+ <option value="{#value}"{#selected}>{#option}</option>
+ <!--/VTP_status_option-->
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" align="center">
+ <input type="submit" name="submit" value="{#submit}" />
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+</form>
+<div class="info">
+ [ <a href="{#url_back}">{#adduser_info_back}</a> ]
+</div>
+<!--/VTP_form--> \ No newline at end of file
diff --git a/template/default/category.vtp b/template/default/category.vtp
index 2cf06e234..975a48a18 100644
--- a/template/default/category.vtp
+++ b/template/default/category.vtp
@@ -87,7 +87,7 @@
<td align="right">
{#frame_start}1%{#frame_begin}
<div class="info">
- {#connected_user}&nbsp;{#pseudo}<br />
+ {#connected_user}&nbsp;{#username}<br />
{#recent_image}&nbsp;{#short_period}&nbsp;{#days}
{#icon_short}<br />
{#recent_image}&nbsp;{#long_period}&nbsp;{#days}