aboutsummaryrefslogtreecommitdiffstats
path: root/admin/include
diff options
context:
space:
mode:
authorgweltas <gweltas@piwigo.org>2004-02-02 00:55:18 +0000
committergweltas <gweltas@piwigo.org>2004-02-02 00:55:18 +0000
commitbef4b3e3aa8e3d54cbf8b4962b9b5d4a89b55429 (patch)
tree647b2cf07ee8451a9314e1e8aebd11d9396cb32b /admin/include
parenteea989f019f21fbd7ae4aa8e2f4a1503992c23bf (diff)
Merge of the 1.3.1 release
Creation of an unique include file (common.php) Creation of an unique define file (include/constants.php) Modification of the installation procedure git-svn-id: http://piwigo.org/svn/trunk@345 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin/include')
-rw-r--r--admin/include/functions.php622
-rw-r--r--admin/include/isadmin.inc.php3
2 files changed, 600 insertions, 25 deletions
diff --git a/admin/include/functions.php b/admin/include/functions.php
index f29b469d6..ce7fa076f 100644
--- a/admin/include/functions.php
+++ b/admin/include/functions.php
@@ -53,7 +53,59 @@ function is_image( $filename, $create_thumbnail = false )
}
return false;
}
-
+
+/**
+ * returns an array with all picture files according to $conf['picture_ext']
+ *
+ * @param string $dir
+ * @return array
+ */
+function get_picture_files( $dir )
+{
+ global $conf;
+
+ $pictures = array();
+ if ( $opendir = opendir( $dir ) )
+ {
+ while ( $file = readdir( $opendir ) )
+ {
+ if ( in_array( get_extension( $file ), $conf['picture_ext'] ) )
+ {
+ array_push( $pictures, $file );
+ }
+ }
+ }
+ return $pictures;
+}
+
+/**
+ * returns an array with all thumbnails according to $conf['picture_ext']
+ * and $conf['prefix_thumbnail']
+ *
+ * @param string $dir
+ * @return array
+ */
+function get_thumb_files( $dir )
+{
+ global $conf;
+
+ $prefix_length = strlen( $conf['prefix_thumbnail'] );
+
+ $thumbnails = array();
+ if ( $opendir = @opendir( $dir ) )
+ {
+ while ( $file = readdir( $opendir ) )
+ {
+ if ( in_array( get_extension( $file ), $conf['picture_ext'] )
+ and substr($file,0,$prefix_length) == $conf['prefix_thumbnail'] )
+ {
+ array_push( $thumbnails, $file );
+ }
+ }
+ }
+ return $thumbnails;
+}
+
function TN_exists( $dir, $file )
{
global $conf;
@@ -67,8 +119,9 @@ function TN_exists( $dir, $file )
}
}
return false;
-}
+}
+
// The function delete_site deletes a site
// and call the function delete_category for each primary category of the site
function delete_site( $id )
@@ -91,6 +144,7 @@ function delete_site( $id )
mysql_query( $query );
}
+
// The function delete_category deletes the category identified by the $id
// It also deletes (in the database) :
// - all the images of the images (thanks to delete_image, see further)
@@ -144,6 +198,7 @@ function delete_category( $id )
mysql_query( $query );
}
+
// The function delete_image deletes the image identified by the $id
// It also deletes (in the database) :
// - all the comments related to the image
@@ -178,13 +233,14 @@ function delete_image( $id )
mysql_query( $query );
$count_deleted++;
}
-
+
// The delete_user function delete a user identified by the $user_id
// It also deletes :
// - all the access linked to this user
// - all the links to any group
// - all the favorites linked to this user
// - all sessions linked to this user
+// - all categories informations linked to this user
function delete_user( $user_id )
{
// destruction of the access linked to the user
@@ -210,7 +266,13 @@ function delete_user( $user_id )
$query.= ' WHERE user_id = '.$user_id;
$query.= ';';
mysql_query( $query );
-
+
+ // destruction of the categories informations linked with the user
+ $query = 'DELETE FROM '.PREFIX_TABLE.'user_category';
+ $query.= ' WHERE user_id = '.$user_id;
+ $query.= ';';
+ mysql_query( $query );
+
// destruction of the user
$query = 'DELETE FROM '.PREFIX_TABLE.'users';
$query.= ' WHERE id = '.$user_id;
@@ -230,7 +292,10 @@ function delete_group( $group_id )
$query.= ';';
mysql_query( $query );
- // destruction of the group links for this group
+ // synchronize all users linked to the group
+ synchronize_group( $group_id );
+
+ // destruction of the users links for this group
$query = 'DELETE FROM '.PREFIX_TABLE.'user_group';
$query.= ' WHERE group_id = '.$group_id;
$query.= ';';
@@ -248,14 +313,17 @@ function delete_group( $group_id )
// or invisible)
function check_favorites( $user_id )
{
- $query = 'SELECT status';
+ $query = 'SELECT status,forbidden_categories';
$query.= ' FROM '.PREFIX_TABLE.'users';
$query.= ' WHERE id = '.$user_id;
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
$status = $row['status'];
// retrieving all the restricted categories for this user
- $restricted_cat = get_all_restrictions( $user_id, $status );
+ if ( isset( $row['forbidden_categories'] ) )
+ $restricted_cat = explode( ',', $row['forbidden_categories'] );
+ else
+ $restricted_cat = array();
// retrieving all the favorites for this user and comparing their
// categories to the restricted categories
$query = 'SELECT image_id';
@@ -314,26 +382,22 @@ function update_category( $id = 'all' )
$query.= ' FROM '.PREFIX_TABLE.'image_category';
$query.= ' WHERE category_id = '.$id;
$query.= ';';
- $row = mysql_fetch_array( mysql_query( $query ) );
- $query = 'UPDATE '.PREFIX_TABLE.'categories';
- $query.= ' SET nb_images = '.$row['nb_images'];
- $query.= ' WHERE id = '.$id;
- $query.= ';';
- mysql_query( $query );
+ list( $nb_images ) = mysql_fetch_array( mysql_query( $query ) );
// updating the date_last
- $query = 'SELECT date_available';
+ $query = 'SELECT MAX(date_available) AS date_available';
$query.= ' FROM '.PREFIX_TABLE.'images';
- $query.= ' LEFT JOIN '.PREFIX_TABLE.'image_category ON id = image_id';
+ $query.= ' INNER JOIN '.PREFIX_TABLE.'image_category ON id = image_id';
$query.= ' WHERE category_id = '.$id;
- $query.= ' ORDER BY date_available DESC';
- $query.= ' LIMIT 0,1';
$query.= ';';
- $row = mysql_fetch_array( mysql_query( $query ) );
+ list( $date_available ) = mysql_fetch_array( mysql_query( $query ) );
+
$query = 'UPDATE '.PREFIX_TABLE.'categories';
- $query.= " SET date_last = '".$row['date_available']."'";
+ $query.= " SET date_last = '".$date_available."'";
+ $query.= ', nb_images = '.$nb_images;
$query.= ' WHERE id = '.$id;
$query.= ';';
mysql_query( $query );
+
// updating the representative_picture_id : if the representative
// picture of the category is not any more linked to the category, we
// have to set representative_picture_id to NULL
@@ -343,7 +407,7 @@ function update_category( $id = 'all' )
$row = mysql_fetch_array( mysql_query( $query ) );
// if the category has no representative picture (ie
// representative_picture_id == NULL) we don't update anything
- if ( $row['representative_picture_id'] != '' )
+ if ( isset( $row['representative_picture_id'] ) )
{
$query = 'SELECT image_id';
$query.= ' FROM '.PREFIX_TABLE.'image_category';
@@ -366,7 +430,7 @@ function update_category( $id = 'all' )
function check_date_format( $date )
{
// date arrives at this format : DD/MM/YYYY
- list($day,$month,$year) = explode( '/', $date );
+ @list($day,$month,$year) = explode( '/', $date );
return @checkdate( $month, $day, $year );
}
@@ -432,4 +496,518 @@ function display_categories( $categories, $indent,
}
}
}
-?> \ No newline at end of file
+
+/**
+ * Complete plain structure of the gallery
+ *
+ * Returns the plain structure (one level array) of the gallery. In the
+ * returned array, each element is an array with jeys 'id' and
+ * 'id_uppercat'. The function also fills the array $page['subcats'] which
+ * associate (category_id => array of sub-categories id).
+ *
+ * @param bool $use_name
+ * @return array
+ */
+function get_plain_structure( $use_name = false )
+{
+ global $page;
+
+ $plain_structure = array();
+
+ $query = 'SELECT id,id_uppercat';
+ if ( $use_name ) $query.= ',name';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
+ $query.= ' ORDER BY id_uppercat ASC, rank ASC';
+ $query.= ';';
+
+ $subcats = array();
+ $id_uppercat = 'NULL';
+
+ $result = mysql_query( $query );
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ $plain_structure[$row['id']]['id'] = $row['id'];
+ if ( !isset( $row['id_uppercat'] ) ) $row['id_uppercat'] = 'NULL';
+ $plain_structure[$row['id']]['id_uppercat'] = $row['id_uppercat'];
+ if ( $use_name ) $plain_structure[$row['id']]['name'] = $row['name'];
+ // subcats list
+ if ( $row['id_uppercat'] != $id_uppercat )
+ {
+ $page['subcats'][$id_uppercat] = $subcats;
+
+ $subcats = array();
+ $id_uppercat = $row['id_uppercat'];
+ }
+ array_push( $subcats, $row['id'] );
+ }
+ mysql_free_result( $result );
+
+ $page['subcats'][$id_uppercat] = $subcats;
+
+ return $plain_structure;
+}
+
+/**
+ * get N levels array representing structure under the given category
+ *
+ * create_structure returns the N levels array representing structure under
+ * the given gategory id. It also updates the
+ * $page['plain_structure'][id]['all_subcats_id'] and
+ * $page['plain_structure'][id]['direct_subcats_ids'] for each sub category.
+ *
+ * @param int $id_uppercat
+ * @return array
+ */
+function create_structure( $id_uppercat )
+{
+ global $page;
+
+ $structure = array();
+ $ids = get_subcats_ids( $id_uppercat );
+ foreach ( $ids as $id ) {
+ $category = $page['plain_structure'][$id];
+
+ $category['subcats'] = create_structure( $id );
+
+ $page['plain_structure'][$id]['all_subcats_ids'] =
+ get_all_subcats_ids( $id );
+
+ $page['plain_structure'][$id]['direct_subcats_ids'] =
+ get_subcats_ids( $id );
+
+ array_push( $structure, $category );
+ }
+ return $structure;
+}
+
+/**
+ * returns direct sub-categories ids
+ *
+ * Returns an array containing all the direct sub-categories ids of the
+ * given category. It uses the $page['subcats'] global array.
+ *
+ * @param int $id_uppercat
+ * @return array
+ */
+function get_subcats_ids( $id_uppercat )
+{
+ global $page;
+
+ if ( $id_uppercat == '' ) $id_uppercat = 'NULL';
+
+ if ( isset( $page['subcats'][$id_uppercat] ) )
+ return $page['subcats'][$id_uppercat];
+ else
+ return array();
+}
+
+/**
+ * returns all sub-categories ids, not only direct ones
+ *
+ * Returns an array containing all the sub-categories ids of the given
+ * category, not only direct ones. This function is recursive.
+ *
+ * @param int $category_id
+ * @return array
+ */
+function get_all_subcats_ids( $category_id )
+{
+ $ids = array();
+
+ $subcats = get_subcats_ids( $category_id );
+ $ids = array_merge( $ids, $subcats );
+ foreach ( $subcats as $subcat ) {
+ // recursive call
+ $sub_subcats = get_all_subcats_ids( $subcat );
+ $ids = array_merge( $ids, $sub_subcats );
+ }
+ return array_unique( $ids );
+}
+
+/**
+ * prepares the query to update the table user_category
+ *
+ * Prepares the query (global variable $values) to update table
+ * user_category : for a couple (user,category) the number of sub-categories
+ * and the last date of the category (all sub-categories taken into
+ * account). It also calls function update_uppercats for each category. The
+ * function is recursive.
+ *
+ * @param array $categories
+ * @return void
+ */
+function update_user_category( $categories )
+{
+ global $page,$user_restrictions,$value_num,$values;
+
+ foreach ( $categories as $category ) {
+ // recursive call
+ update_user_category( $category['subcats'] );
+ // 1. update the table user_category
+ foreach ( $user_restrictions as $user_id => $restrictions ) {
+ // if the category is forbidden to this user, go to next user
+ if ( in_array( $category['id'], $restrictions ) ) continue;
+
+ // how many sub_categories for this user ?
+ $user_subcats = array_diff(
+ $page['plain_structure'][$category['id']]['direct_subcats_ids'],
+ $restrictions );
+ $user_nb_subcats = count( array_unique( $user_subcats ) );
+ // last date of the category
+ $user_all_subcats = array_unique( array_diff(
+ $page['plain_structure'][$category['id']]['all_subcats_ids'],
+ $restrictions ) );
+
+ $query = 'SELECT MAX(date_last) AS last_date';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
+ $query.= ' WHERE id IN ('.$category['id'];
+ if ( count( $user_all_subcats ) > 0 )
+ $query.= ','.implode( ',', $user_all_subcats );
+ $query.= ')';
+ $query.= ';';
+ $row = mysql_fetch_array( mysql_query( $query ) );
+
+ // insert a new line in database
+ if ( $value_num++ > 0 ) $values.= ', ';
+ else $values.= ' ';
+ $values.= '('.$user_id.",".$category['id'];
+ if ( isset( $row['last_date'] ) ) $values.= ",'".$row['last_date']."'";
+ else $values.= ',NULL';
+ $values.= ','.$user_nb_subcats.')';
+ }
+ update_uppercats( $category['id'] );
+ }
+}
+
+/**
+ * updates the column categories.uppercats
+ *
+ * @param int $category_id
+ * @return void
+ */
+function update_uppercats( $category_id )
+{
+ global $page;
+
+ $final_id = $category_id;
+ $uppercats = array();
+
+ array_push( $uppercats, $category_id );
+ $uppercat = $page['plain_structure'][$category_id]['id_uppercat'];
+
+ while ( $uppercat != 'NULL' )
+ {
+ array_push( $uppercats, $uppercat );
+ $category_id = $page['plain_structure'][$category_id]['id_uppercat'];
+ $uppercat = $page['plain_structure'][$category_id]['id_uppercat'];
+ }
+
+ $string_uppercats = implode( ',', array_reverse( $uppercats ) );
+ $query = 'UPDATE '.PREFIX_TABLE.'categories';
+ $query.= ' SET uppercats = '."'".$string_uppercats."'";
+ $query.= ' WHERE id = '.$final_id;
+ $query.= ';';
+ mysql_query( $query );
+}
+
+/**
+ * returns an array with the ids of the restricted categories for the user
+ *
+ * Returns an array with the ids of the restricted categories for the
+ * user. If the $check_invisible parameter is set to true, invisible
+ * categorie are added to the restricted one in the array.
+ *
+ * @param int $user_id
+ * @param string $user_status
+ * @param bool $check_invisible
+ * @param bool $use_groups
+ * @return array
+ */
+function get_user_restrictions( $user_id, $user_status,
+ $check_invisible, $use_groups = true )
+{
+ // 1. retrieving ids of private categories
+ $query = 'SELECT id';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
+ $query.= " WHERE status = 'private'";
+ $query.= ';';
+ $result = mysql_query( $query );
+ $privates = array();
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ array_push( $privates, $row['id'] );
+ }
+ // 2. retrieving all authorized categories for the user
+ $authorized = array();
+ // 2.1. retrieving authorized categories thanks to personnal user
+ // authorization
+ $query = 'SELECT cat_id';
+ $query.= ' FROM '.PREFIX_TABLE.'user_access';
+ $query.= ' WHERE user_id = '.$user_id;
+ $query.= ';';
+ $result = mysql_query( $query );
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ array_push( $authorized, $row['cat_id'] );
+ }
+ // 2.2. retrieving authorized categories thanks to group authorization to
+ // which the user is a member
+ if ( $use_groups )
+ {
+ $query = 'SELECT ga.cat_id';
+ $query.= ' FROM '.PREFIX_TABLE.'user_group as ug';
+ $query.= ', '.PREFIX_TABLE.'group_access as ga';
+ $query.= ' WHERE ug.group_id = ga.group_id';
+ $query.= ' AND ug.user_id = '.$user_id;
+ $query.= ';';
+ $result = mysql_query( $query );
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ array_push( $authorized, $row['cat_id'] );
+ }
+ $authorized = array_unique( $authorized );
+ }
+
+ $forbidden = array();
+ foreach ( $privates as $private ) {
+ if ( !in_array( $private, $authorized ) )
+ {
+ array_push( $forbidden, $private );
+ }
+ }
+
+ if ( $check_invisible )
+ {
+ // 3. adding to the restricted categories, the invisible ones
+ if ( $user_status != 'admin' )
+ {
+ $query = 'SELECT id';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
+ $query.= " WHERE visible = 'false';";
+ $result = mysql_query( $query );
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ array_push( $forbidden, $row['id'] );
+ }
+ }
+ }
+ return array_unique( $forbidden );
+}
+
+/**
+ * finalizes operation for user_category table update
+ *
+ * This function is called by synchronization_*. It creates the
+ * $page['plain_structure'] and $page['structure'], get the SQL query to
+ * update user_category, clean user_category, and finally update the
+ * table. The users updates depends on the global array $user_restrictions.
+ *
+ * @return void
+ */
+function synchronize()
+{
+ global $user_restrictions,$page,$values;
+
+ update_user_category( $page['structure'] );
+
+ // cleaning user_category table for users to update
+ foreach( $user_restrictions as $user_id => $restrictions ) {
+ $query = 'DELETE';
+ $query.= ' FROM '.PREFIX_TABLE.'user_category';
+ $query.= ' WHERE user_id = '.$user_id;
+ $query.= ';';
+ mysql_query( $query );
+ }
+
+ $query = 'INSERT INTO '.PREFIX_TABLE.'user_category';
+ $query.= ' (user_id,category_id,date_last,nb_sub_categories) VALUES ';
+ $query.= $values;
+ $query.= ';';
+ mysql_query( $query );
+}
+
+/**
+ * synchronizes all users calculated informations
+ *
+ * fills global array $user_restrictions with all users and related
+ * restrictions before calling synchronize.
+ *
+ * @return void
+ */
+function synchronize_all_users()
+{
+ global $user_restrictions,$page;
+
+ $page['plain_structure'] = get_plain_structure();
+ $page['structure'] = create_structure( '' );
+
+ $user_restrictions = array();
+
+ $query = 'SELECT id';
+ $query.= ' FROM '.PREFIX_TABLE.'users';
+ $query.= ';';
+ $result = mysql_query( $query );
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ $user_restrictions[$row['id']] = update_user_restrictions( $row['id'] );
+ }
+ synchronize();
+}
+
+/**
+ * synchronizes 1 user calculated informations
+ *
+ * fills global array $user_restrictions with the user id and its related
+ * restrictions before calling synchronize.
+ *
+ * @param int $user_id
+ * @return void
+ */
+function synchronize_user( $user_id )
+{
+ global $user_restrictions,$page;
+
+ $page['plain_structure'] = get_plain_structure();
+ $page['structure'] = create_structure( '' );
+
+ $user_restrictions = array();
+ $user_restrictions[$user_id] = update_user_restrictions( $user_id );
+ synchronize();
+}
+
+/**
+ * synchronizes all users (belonging to the group) calculated informations
+ *
+ * fills global array $user_restrictions with all users and related
+ * restrictions before calling synchronize.
+ *
+ * @return void
+ */
+function synchronize_group( $group_id )
+{
+ global $user_restrictions,$page;
+
+ $page['plain_structure'] = get_plain_structure();
+ $page['structure'] = create_structure( '' );
+
+ $user_restrictions = array();
+
+ $query = 'SELECT id';
+ $query.= ' FROM '.PREFIX_TABLE.'users';
+ $query.= ', '.PREFIX_TABLE.'user_group';
+ $query.= ' WHERE group_id = '.$group_id;
+ $query.= ' AND id = user_id';
+ $query.= ';';
+ $result = mysql_query( $query );
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ $user_restrictions[$row['id']] = update_user_restrictions( $row['id'] );
+ }
+ synchronize();
+}
+
+/**
+ * updates the calculated data users.forbidden_categories, it includes
+ * sub-categories of the direct forbidden categories
+ *
+ * @param nt $user_id
+ * @return array
+ */
+function update_user_restrictions( $user_id )
+{
+ $restrictions = get_user_all_restrictions( $user_id );
+
+ // update the users.forbidden_categories in database
+ $query = 'UPDATE '.PREFIX_TABLE.'users';
+ $query.= ' SET forbidden_categories = ';
+ if ( count( $restrictions ) > 0 )
+ $query.= "'".implode( ',', $restrictions )."'";
+ else
+ $query.= 'NULL';
+ $query .= ' WHERE id = '.$user_id;
+ $query.= ';';
+ mysql_query( $query );
+
+ return $restrictions;
+}
+
+/**
+ * returns all the restricted categories ids including sub-categories
+ *
+ * @param int $user_id
+ * @return array
+ */
+function get_user_all_restrictions( $user_id )
+{
+ global $page;
+
+ $query = 'SELECT status';
+ $query.= ' FROM '.PREFIX_TABLE.'users';
+ $query.= ' WHERE id = '.$user_id;
+ $query.= ';';
+ $row = mysql_fetch_array( mysql_query( $query ) );
+
+ $base_restrictions=get_user_restrictions($user_id,$row['status'],true,true);
+
+ $restrictions = $base_restrictions;
+ foreach ( $base_restrictions as $category_id ) {
+ echo $category_id.' is forbidden to user '.$user_id.'<br />';
+ $restrictions =
+ array_merge( $restrictions,
+ $page['plain_structure'][$category_id]['all_subcats_ids'] );
+ }
+
+ return array_unique( $restrictions );
+}
+
+// The function is_user_allowed returns :
+// - 0 : if the category is allowed with this $restrictions array
+// - 1 : if this category is not allowed
+// - 2 : if an uppercat category is not allowed
+// Note : the restrictions array must represent ONLY direct forbidden
+// categories, not all forbidden categories
+function is_user_allowed( $category_id, $restrictions )
+{
+ if ( in_array( $category_id, $restrictions ) ) return 1;
+
+ $query = 'SELECT uppercats';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
+ $query.= ' WHERE id = '.$category_id;
+ $query.= ';';
+ $row = mysql_fetch_array( mysql_query( $query ) );
+ $uppercats = explode( ',', $row['uppercats'] );
+ foreach ( $uppercats as $category_id ) {
+ if ( in_array( $category_id, $restrictions ) ) return 2;
+ }
+
+ // no restriction found : the user is allowed to access this category
+ return 0;
+}
+
+/**
+ * returns an array containing sub-directories which can be a category
+ *
+ * directories nammed "thumbnail" are omitted
+ *
+ * @param string $basedir
+ * @return array
+ */
+function get_category_directories( $basedir )
+{
+ $sub_dirs = array();
+
+ if ( $opendir = opendir( $basedir ) )
+ {
+ while ( $file = readdir( $opendir ) )
+ {
+ if ( $file != '.' and $file != '..'
+ and is_dir( $basedir.'/'.$file )
+ and $file != 'thumbnail' )
+ {
+ array_push( $sub_dirs, $file );
+ }
+ }
+ }
+ return $sub_dirs;
+}
+?>
diff --git a/admin/include/isadmin.inc.php b/admin/include/isadmin.inc.php
index 341fc65ba..14032c566 100644
--- a/admin/include/isadmin.inc.php
+++ b/admin/include/isadmin.inc.php
@@ -16,10 +16,7 @@
* the Free Software Foundation; *
* *
***************************************************************************/
-define( "PREFIX_INCLUDE", '' );
-include_once( './include/config.inc.php' );
-include_once( './include/user.inc.php' );
include( './admin/include/functions.php' );
$isadmin = true;