aboutsummaryrefslogtreecommitdiffstats
path: root/admin/include
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2005-08-08 20:52:19 +0000
committerplegall <plg@piwigo.org>2005-08-08 20:52:19 +0000
commit273884a65274e2688df1b2d3dc37103a46117772 (patch)
tree6d0756672c6b415c38abea4c8ea831cdeb3673fb /admin/include
parent8b97a8154ebb024c1c2610d82646e48b913721bc (diff)
- new : external authentication in another users table. Previous users table
is divided between users (common properties with any web application) and user_infos (phpwebgallery specific informations). External table and fields can be configured. - modification : profile.php is not reachable through administration anymore (not useful). - modification : in profile.php, current password is mandatory only if user tries to change his password. Username can't be changed. - deletion : of obsolete functions get_user_restrictions, update_user_restrictions, get_user_all_restrictions, is_user_allowed, update_user - modification : $user['forbidden_categories'] equals at least "-1" so that category_id NOT IN ($user['forbidden_categories']) can always be used. - modification : user_forbidden table becomes user_cache so that not only restriction informations can be stored in this table. git-svn-id: http://piwigo.org/svn/trunk@808 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--admin/include/functions.php243
1 files changed, 81 insertions, 162 deletions
diff --git a/admin/include/functions.php b/admin/include/functions.php
index a02ab962f..2364ada41 100644
--- a/admin/include/functions.php
+++ b/admin/include/functions.php
@@ -332,6 +332,8 @@ DELETE FROM '.IMAGES_TABLE.'
// - calculated permissions linked to the user
function delete_user($user_id)
{
+ global $conf;
+
// destruction of the access linked to the user
$query = '
DELETE FROM '.USER_ACCESS_TABLE.'
@@ -367,10 +369,17 @@ DELETE FROM '.USER_FORBIDDEN_TABLE.'
;';
pwg_query($query);
+ // deletion of phpwebgallery specific informations
+ $query = '
+DELETE FROM '.USER_INFOS_TABLE.'
+ WHERE user_id = '.$user_id.'
+;';
+ pwg_query($query);
+
// destruction of the user
$query = '
DELETE FROM '.USERS_TABLE.'
- WHERE id = '.$user_id.'
+ WHERE '.$conf['user_fields']['id'].' = '.$user_id.'
;';
pwg_query($query);
}
@@ -553,165 +562,6 @@ function get_keywords( $keywords_string )
}
/**
- * returns an array with the ids of the restricted categories for the user
- *
- * Returns an array with the ids of the restricted categories for the
- * user. If the $check_invisible parameter is set to true, invisible
- * categorie are added to the restricted one in the array.
- *
- * @param int $user_id
- * @param string $user_status
- * @param bool $check_invisible
- * @param bool $use_groups
- * @return array
- */
-function get_user_restrictions( $user_id, $user_status,
- $check_invisible, $use_groups = true )
-{
- // 1. retrieving ids of private categories
- $query = 'SELECT id FROM '.CATEGORIES_TABLE;
- $query.= " WHERE status = 'private'";
- $query.= ';';
- $result = pwg_query( $query );
- $privates = array();
- while ( $row = mysql_fetch_array( $result ) )
- {
- array_push( $privates, $row['id'] );
- }
- // 2. retrieving all authorized categories for the user
- $authorized = array();
- // 2.1. retrieving authorized categories thanks to personnal user
- // authorization
- $query = 'SELECT cat_id FROM '.USER_ACCESS_TABLE;
- $query.= ' WHERE user_id = '.$user_id;
- $query.= ';';
- $result = pwg_query( $query );
- while ( $row = mysql_fetch_array( $result ) )
- {
- array_push( $authorized, $row['cat_id'] );
- }
- // 2.2. retrieving authorized categories thanks to group authorization to
- // which the user is a member
- if ( $use_groups )
- {
- $query = 'SELECT ga.cat_id';
- $query.= ' FROM '.USER_GROUP_TABLE.' as ug';
- $query.= ', '.GROUP_ACCESS_TABLE.' as ga';
- $query.= ' WHERE ug.group_id = ga.group_id';
- $query.= ' AND ug.user_id = '.$user_id;
- $query.= ';';
- $result = pwg_query( $query );
- while ( $row = mysql_fetch_array( $result ) )
- {
- array_push( $authorized, $row['cat_id'] );
- }
- $authorized = array_unique( $authorized );
- }
-
- $forbidden = array();
- foreach ( $privates as $private ) {
- if ( !in_array( $private, $authorized ) )
- {
- array_push( $forbidden, $private );
- }
- }
-
- if ( $check_invisible )
- {
- // 3. adding to the restricted categories, the invisible ones
- if ( $user_status != 'admin' )
- {
- $query = 'SELECT id FROM '.CATEGORIES_TABLE;
- $query.= " WHERE visible = 'false';";
- $result = pwg_query( $query );
- while ( $row = mysql_fetch_array( $result ) )
- {
- array_push( $forbidden, $row['id'] );
- }
- }
- }
- return array_unique( $forbidden );
-}
-
-/**
- * updates the calculated data users.forbidden_categories, it includes
- * sub-categories of the direct forbidden categories
- *
- * @param nt $user_id
- * @return array
- */
-function update_user_restrictions( $user_id )
-{
- $restrictions = get_user_all_restrictions( $user_id );
-
- // update the users.forbidden_categories in database
- $query = 'UPDATE '.USERS_TABLE;
- $query.= ' SET forbidden_categories = ';
- if ( count( $restrictions ) > 0 )
- $query.= "'".implode( ',', $restrictions )."'";
- else
- $query.= 'NULL';
- $query .= ' WHERE id = '.$user_id;
- $query.= ';';
- pwg_query( $query );
-
- return $restrictions;
-}
-
-/**
- * returns all the restricted categories ids including sub-categories
- *
- * @param int $user_id
- * @return array
- */
-function get_user_all_restrictions( $user_id )
-{
- global $page;
-
- $query = 'SELECT status';
- $query.= ' FROM '.USERS_TABLE;
- $query.= ' WHERE id = '.$user_id;
- $query.= ';';
- $row = mysql_fetch_array( pwg_query( $query ) );
-
- $base_restrictions=get_user_restrictions($user_id,$row['status'],true,true);
-
- $restrictions = $base_restrictions;
- foreach ( $base_restrictions as $category_id ) {
- echo $category_id.' is forbidden to user '.$user_id.'<br />';
- $restrictions =
- array_merge( $restrictions,
- $page['plain_structure'][$category_id]['all_subcats_ids'] );
- }
-
- return array_unique( $restrictions );
-}
-
-// The function is_user_allowed returns :
-// - 0 : if the category is allowed with this $restrictions array
-// - 1 : if this category is not allowed
-// - 2 : if an uppercat category is not allowed
-// Note : the restrictions array must represent ONLY direct forbidden
-// categories, not all forbidden categories
-function is_user_allowed( $category_id, $restrictions )
-{
- if ( in_array( $category_id, $restrictions ) ) return 1;
-
- $query = 'SELECT uppercats';
- $query.= ' FROM '.CATEGORIES_TABLE;
- $query.= ' WHERE id = '.$category_id;
- $query.= ';';
- $row = mysql_fetch_array( pwg_query( $query ) );
- $uppercats = explode( ',', $row['uppercats'] );
- foreach ( $uppercats as $category_id ) {
- if ( in_array( $category_id, $restrictions ) ) return 2;
- }
-
- // no restriction found : the user is allowed to access this category
- return 0;
-}
-
-/**
* returns an array containing sub-directories which can be a category
*
* directories nammed "thumbnail", "pwg_high" or "pwg_representative" are
@@ -842,8 +692,8 @@ function mass_updates($tablename, $dbfields, $datas)
// depending on the MySQL version, we use the multi table update or N
// update queries
$query = 'SELECT VERSION() AS version;';
- $row = mysql_fetch_array(pwg_query($query));
- if (count($datas) < 10 or version_compare($row['version'],'4.0.4') < 0)
+ list($mysql_version) = mysql_fetch_array(pwg_query($query));
+ if (count($datas) < 10 or version_compare($mysql_version, '4.0.4') < 0)
{
// MySQL is prior to version 4.0.4, multi table update feature is not
// available
@@ -1334,4 +1184,73 @@ function micro_seconds()
$t2 = $t1[1].substr($t2[1], 0, 6);
return $t2;
}
+
+/**
+ * compares and synchronizes USERS_TABLE and USER_INFOS_TABLE : each user in
+ * USERS_TABLE must be present in USER_INFOS_TABLE.
+ */
+function sync_users()
+{
+ global $conf;
+
+ $query = '
+SELECT '.$conf['user_fields']['id'].' AS id
+ FROM '.USERS_TABLE.'
+;';
+ $base_users = array_from_query($query, 'id');
+
+ $query = '
+SELECT user_id
+ FROM '.USER_INFOS_TABLE.'
+;';
+ $infos_users = array_from_query($query, 'user_id');
+
+ // users present in $base_users and not in $infos_users must be added
+ $to_create = array_diff($base_users, $infos_users);
+
+ if (count($to_create) > 0)
+ {
+ $inserts = array();
+
+ list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();'));
+
+ foreach ($to_create as $user_id)
+ {
+ $insert = array();
+ $insert['user_id'] = $user_id;
+ $insert['status'] = 'guest';
+ $insert['template'] = $conf['default_template'];
+ $insert['nb_image_line'] = $conf['nb_image_line'];
+ $insert['nb_line_page'] = $conf['nb_line_page'];
+ $insert['language'] = $conf['default_language'];
+ $insert['recent_period'] = $conf['recent_period'];
+ $insert['feed_id'] = find_available_feed_id();
+ $insert['expand'] = boolean_to_string($conf['auto_expand']);
+ $insert['show_nb_comments'] =
+ boolean_to_string($conf['show_nb_comments']);
+ $insert['maxwidth'] = $conf['default_maxwidth'];
+ $insert['maxheight'] = $conf['default_maxheight'];
+ $insert['registration_date'] = $dbnow;
+
+ array_push($inserts, $insert);
+ }
+
+ mass_inserts(USER_INFOS_TABLE,
+ array_keys($inserts[0]),
+ $inserts);
+ }
+
+ // users present in $infos_users and not in $base_users must be deleted
+ $to_delete = array_diff($infos_users, $base_users);
+
+ if (count($to_delete) > 0)
+ {
+ $query = '
+DELETE
+ FROM '.USER_INFOS_TABLE.'
+ WHERE user_id in ('.implode(',', $to_delete).')
+;';
+ pwg_query($query);
+ }
+}
?>