diff options
author | plegall <plg@piwigo.org> | 2005-08-08 20:52:19 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2005-08-08 20:52:19 +0000 |
commit | 273884a65274e2688df1b2d3dc37103a46117772 (patch) | |
tree | 6d0756672c6b415c38abea4c8ea831cdeb3673fb /admin | |
parent | 8b97a8154ebb024c1c2610d82646e48b913721bc (diff) |
- new : external authentication in another users table. Previous users table
is divided between users (common properties with any web application) and
user_infos (phpwebgallery specific informations). External table and
fields can be configured.
- modification : profile.php is not reachable through administration anymore
(not useful).
- modification : in profile.php, current password is mandatory only if user
tries to change his password. Username can't be changed.
- deletion : of obsolete functions get_user_restrictions,
update_user_restrictions, get_user_all_restrictions, is_user_allowed,
update_user
- modification : $user['forbidden_categories'] equals at least "-1" so that
category_id NOT IN ($user['forbidden_categories']) can always be used.
- modification : user_forbidden table becomes user_cache so that not only
restriction informations can be stored in this table.
git-svn-id: http://piwigo.org/svn/trunk@808 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | admin.php | 9 | ||||
-rw-r--r-- | admin/cat_perm.php | 5 | ||||
-rw-r--r-- | admin/include/functions.php | 243 | ||||
-rw-r--r-- | admin/search.php | 2 | ||||
-rw-r--r-- | admin/user_list.php | 56 |
5 files changed, 125 insertions, 190 deletions
@@ -30,6 +30,13 @@ define('PHPWG_ROOT_PATH','./'); define('IN_ADMIN', true); include_once( PHPWG_ROOT_PATH.'include/common.inc.php' ); include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' ); + +// +-----------------------------------------------------------------------+ +// | synchronize user informations | +// +-----------------------------------------------------------------------+ + +sync_users(); + //--------------------------------------- validating page and creation of title $page_valide = false; $title = ''; @@ -323,7 +330,7 @@ include(PHPWG_ROOT_PATH.'include/page_tail.php'); // | order permission refreshment | // +-----------------------------------------------------------------------+ $query = ' -UPDATE '.USER_FORBIDDEN_TABLE.' +UPDATE '.USER_CACHE_TABLE.' SET need_update = \'true\' ;'; pwg_query($query); diff --git a/admin/cat_perm.php b/admin/cat_perm.php index 73bd0d866..7580cd28c 100644 --- a/admin/cat_perm.php +++ b/admin/cat_perm.php @@ -258,9 +258,10 @@ foreach (array_diff(array_keys($groups), $group_granted_ids) as $group_id) $users = array(); $query = ' -SELECT id, username +SELECT '.$conf['user_fields']['id'].' AS id, + '.$conf['user_fields']['username'].' AS username FROM '.USERS_TABLE.' - WHERE id != 2 + WHERE id != '.$conf['guest_id'].' ;'; $result = pwg_query($query); while($row = mysql_fetch_array($result)) diff --git a/admin/include/functions.php b/admin/include/functions.php index a02ab962f..2364ada41 100644 --- a/admin/include/functions.php +++ b/admin/include/functions.php @@ -332,6 +332,8 @@ DELETE FROM '.IMAGES_TABLE.' // - calculated permissions linked to the user function delete_user($user_id) { + global $conf; + // destruction of the access linked to the user $query = ' DELETE FROM '.USER_ACCESS_TABLE.' @@ -367,10 +369,17 @@ DELETE FROM '.USER_FORBIDDEN_TABLE.' ;'; pwg_query($query); + // deletion of phpwebgallery specific informations + $query = ' +DELETE FROM '.USER_INFOS_TABLE.' + WHERE user_id = '.$user_id.' +;'; + pwg_query($query); + // destruction of the user $query = ' DELETE FROM '.USERS_TABLE.' - WHERE id = '.$user_id.' + WHERE '.$conf['user_fields']['id'].' = '.$user_id.' ;'; pwg_query($query); } @@ -553,165 +562,6 @@ function get_keywords( $keywords_string ) } /** - * returns an array with the ids of the restricted categories for the user - * - * Returns an array with the ids of the restricted categories for the - * user. If the $check_invisible parameter is set to true, invisible - * categorie are added to the restricted one in the array. - * - * @param int $user_id - * @param string $user_status - * @param bool $check_invisible - * @param bool $use_groups - * @return array - */ -function get_user_restrictions( $user_id, $user_status, - $check_invisible, $use_groups = true ) -{ - // 1. retrieving ids of private categories - $query = 'SELECT id FROM '.CATEGORIES_TABLE; - $query.= " WHERE status = 'private'"; - $query.= ';'; - $result = pwg_query( $query ); - $privates = array(); - while ( $row = mysql_fetch_array( $result ) ) - { - array_push( $privates, $row['id'] ); - } - // 2. retrieving all authorized categories for the user - $authorized = array(); - // 2.1. retrieving authorized categories thanks to personnal user - // authorization - $query = 'SELECT cat_id FROM '.USER_ACCESS_TABLE; - $query.= ' WHERE user_id = '.$user_id; - $query.= ';'; - $result = pwg_query( $query ); - while ( $row = mysql_fetch_array( $result ) ) - { - array_push( $authorized, $row['cat_id'] ); - } - // 2.2. retrieving authorized categories thanks to group authorization to - // which the user is a member - if ( $use_groups ) - { - $query = 'SELECT ga.cat_id'; - $query.= ' FROM '.USER_GROUP_TABLE.' as ug'; - $query.= ', '.GROUP_ACCESS_TABLE.' as ga'; - $query.= ' WHERE ug.group_id = ga.group_id'; - $query.= ' AND ug.user_id = '.$user_id; - $query.= ';'; - $result = pwg_query( $query ); - while ( $row = mysql_fetch_array( $result ) ) - { - array_push( $authorized, $row['cat_id'] ); - } - $authorized = array_unique( $authorized ); - } - - $forbidden = array(); - foreach ( $privates as $private ) { - if ( !in_array( $private, $authorized ) ) - { - array_push( $forbidden, $private ); - } - } - - if ( $check_invisible ) - { - // 3. adding to the restricted categories, the invisible ones - if ( $user_status != 'admin' ) - { - $query = 'SELECT id FROM '.CATEGORIES_TABLE; - $query.= " WHERE visible = 'false';"; - $result = pwg_query( $query ); - while ( $row = mysql_fetch_array( $result ) ) - { - array_push( $forbidden, $row['id'] ); - } - } - } - return array_unique( $forbidden ); -} - -/** - * updates the calculated data users.forbidden_categories, it includes - * sub-categories of the direct forbidden categories - * - * @param nt $user_id - * @return array - */ -function update_user_restrictions( $user_id ) -{ - $restrictions = get_user_all_restrictions( $user_id ); - - // update the users.forbidden_categories in database - $query = 'UPDATE '.USERS_TABLE; - $query.= ' SET forbidden_categories = '; - if ( count( $restrictions ) > 0 ) - $query.= "'".implode( ',', $restrictions )."'"; - else - $query.= 'NULL'; - $query .= ' WHERE id = '.$user_id; - $query.= ';'; - pwg_query( $query ); - - return $restrictions; -} - -/** - * returns all the restricted categories ids including sub-categories - * - * @param int $user_id - * @return array - */ -function get_user_all_restrictions( $user_id ) -{ - global $page; - - $query = 'SELECT status'; - $query.= ' FROM '.USERS_TABLE; - $query.= ' WHERE id = '.$user_id; - $query.= ';'; - $row = mysql_fetch_array( pwg_query( $query ) ); - - $base_restrictions=get_user_restrictions($user_id,$row['status'],true,true); - - $restrictions = $base_restrictions; - foreach ( $base_restrictions as $category_id ) { - echo $category_id.' is forbidden to user '.$user_id.'<br />'; - $restrictions = - array_merge( $restrictions, - $page['plain_structure'][$category_id]['all_subcats_ids'] ); - } - - return array_unique( $restrictions ); -} - -// The function is_user_allowed returns : -// - 0 : if the category is allowed with this $restrictions array -// - 1 : if this category is not allowed -// - 2 : if an uppercat category is not allowed -// Note : the restrictions array must represent ONLY direct forbidden -// categories, not all forbidden categories -function is_user_allowed( $category_id, $restrictions ) -{ - if ( in_array( $category_id, $restrictions ) ) return 1; - - $query = 'SELECT uppercats'; - $query.= ' FROM '.CATEGORIES_TABLE; - $query.= ' WHERE id = '.$category_id; - $query.= ';'; - $row = mysql_fetch_array( pwg_query( $query ) ); - $uppercats = explode( ',', $row['uppercats'] ); - foreach ( $uppercats as $category_id ) { - if ( in_array( $category_id, $restrictions ) ) return 2; - } - - // no restriction found : the user is allowed to access this category - return 0; -} - -/** * returns an array containing sub-directories which can be a category * * directories nammed "thumbnail", "pwg_high" or "pwg_representative" are @@ -842,8 +692,8 @@ function mass_updates($tablename, $dbfields, $datas) // depending on the MySQL version, we use the multi table update or N // update queries $query = 'SELECT VERSION() AS version;'; - $row = mysql_fetch_array(pwg_query($query)); - if (count($datas) < 10 or version_compare($row['version'],'4.0.4') < 0) + list($mysql_version) = mysql_fetch_array(pwg_query($query)); + if (count($datas) < 10 or version_compare($mysql_version, '4.0.4') < 0) { // MySQL is prior to version 4.0.4, multi table update feature is not // available @@ -1334,4 +1184,73 @@ function micro_seconds() $t2 = $t1[1].substr($t2[1], 0, 6); return $t2; } + +/** + * compares and synchronizes USERS_TABLE and USER_INFOS_TABLE : each user in + * USERS_TABLE must be present in USER_INFOS_TABLE. + */ +function sync_users() +{ + global $conf; + + $query = ' +SELECT '.$conf['user_fields']['id'].' AS id + FROM '.USERS_TABLE.' +;'; + $base_users = array_from_query($query, 'id'); + + $query = ' +SELECT user_id + FROM '.USER_INFOS_TABLE.' +;'; + $infos_users = array_from_query($query, 'user_id'); + + // users present in $base_users and not in $infos_users must be added + $to_create = array_diff($base_users, $infos_users); + + if (count($to_create) > 0) + { + $inserts = array(); + + list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();')); + + foreach ($to_create as $user_id) + { + $insert = array(); + $insert['user_id'] = $user_id; + $insert['status'] = 'guest'; + $insert['template'] = $conf['default_template']; + $insert['nb_image_line'] = $conf['nb_image_line']; + $insert['nb_line_page'] = $conf['nb_line_page']; + $insert['language'] = $conf['default_language']; + $insert['recent_period'] = $conf['recent_period']; + $insert['feed_id'] = find_available_feed_id(); + $insert['expand'] = boolean_to_string($conf['auto_expand']); + $insert['show_nb_comments'] = + boolean_to_string($conf['show_nb_comments']); + $insert['maxwidth'] = $conf['default_maxwidth']; + $insert['maxheight'] = $conf['default_maxheight']; + $insert['registration_date'] = $dbnow; + + array_push($inserts, $insert); + } + + mass_inserts(USER_INFOS_TABLE, + array_keys($inserts[0]), + $inserts); + } + + // users present in $infos_users and not in $base_users must be deleted + $to_delete = array_diff($infos_users, $base_users); + + if (count($to_delete) > 0) + { + $query = ' +DELETE + FROM '.USER_INFOS_TABLE.' + WHERE user_id in ('.implode(',', $to_delete).') +;'; + pwg_query($query); + } +} ?> diff --git a/admin/search.php b/admin/search.php index e6eab6258..482d6afbc 100644 --- a/admin/search.php +++ b/admin/search.php @@ -73,7 +73,7 @@ if ( !empty($search_match) ) $sql = "SELECT username FROM " . USERS_TABLE . " WHERE username LIKE '" . str_replace("\'", "''", $username_search) . "' - AND id <> ".ANONYMOUS." + AND id <> ".$conf['guest_id']." ORDER BY username"; if ( !($result = pwg_query($sql)) ) { diff --git a/admin/user_list.php b/admin/user_list.php index 9ffc84e10..aa1bbff22 100644 --- a/admin/user_list.php +++ b/admin/user_list.php @@ -45,10 +45,7 @@ include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); if (isset($_POST['submit_add'])) { - $page['errors'] = register_user($_POST['login'], - $_POST['password'], - $_POST['password'], - ''); + $page['errors'] = register_user($_POST['login'], $_POST['password'], ''); } // +-----------------------------------------------------------------------+ @@ -66,7 +63,7 @@ if (isset($_POST['pref_submit'])) $query = ' SELECT id FROM '.USERS_TABLE.' - WHERE id != 2 + WHERE id != '.$conf['guest_id'].' ;'; $collection = array_from_query($query, 'id'); break; @@ -123,7 +120,7 @@ DELETE FROM '.USER_GROUP_TABLE.' // properties to set for the collection (a user list) $datas = array(); - $dbfields = array('primary' => array('id'), 'update' => array()); + $dbfields = array('primary' => array('user_id'), 'update' => array()); $formfields = array('nb_image_line', 'nb_line_page', 'template', 'language', @@ -146,7 +143,7 @@ DELETE FROM '.USER_GROUP_TABLE.' foreach ($collection as $user_id) { $data = array(); - $data['id'] = $user_id; + $data['user_id'] = $user_id; // TODO : verify if submited values are semanticaly correct foreach ($dbfields['update'] as $dbfield) @@ -168,7 +165,7 @@ DELETE FROM '.USER_GROUP_TABLE.' array_push($datas, $data); } - mass_updates(USERS_TABLE, $dbfields, $datas); + mass_updates(USER_INFOS_TABLE, $dbfields, $datas); } } else @@ -202,7 +199,7 @@ $template->set_filenames(array('user_list'=>'admin/user_list.tpl')); $base_url = add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_list'); -$conf['users_page'] = 10; +$conf['users_page'] = 20; if (isset($_GET['start']) and is_numeric($_GET['start'])) { @@ -317,7 +314,7 @@ $template->assign_block_vars( 'SELECTED' => '' )); -foreach (get_enums(USERS_TABLE, 'status') as $status) +foreach (get_enums(USER_INFOS_TABLE, 'status') as $status) { $selected = (isset($_GET['status']) and $_GET['status'] == $status) ? 'selected="selected"' : ''; @@ -432,7 +429,7 @@ foreach (get_languages() as $language_code => $language_name) $blockname = 'pref_status_option'; -foreach (get_enums(USERS_TABLE, 'status') as $status) +foreach (get_enums(USER_INFOS_TABLE, 'status') as $status) { if (isset($_POST['pref_submit'])) { @@ -550,7 +547,7 @@ if (isset($_GET['group']) } if (isset($_GET['status']) - and in_array($_GET['status'], get_enums(USERS_TABLE, 'status'))) + and in_array($_GET['status'], get_enums(USER_INFOS_TABLE, 'status'))) { $filter['status'] = $_GET['status']; } @@ -560,23 +557,27 @@ if (isset($_GET['status']) // +-----------------------------------------------------------------------+ $query = ' -SELECT COUNT(DISTINCT(id)) - FROM '.USERS_TABLE.' LEFT JOIN '.USER_GROUP_TABLE.' ON id = user_id - WHERE id != 2'; +SELECT COUNT(DISTINCT u.'.$conf['user_fields']['id'].') + FROM '.USERS_TABLE.' AS u + INNER JOIN '.USER_INFOS_TABLE.' AS ui + ON u.'.$conf['user_fields']['id'].' = ui.user_id + LEFT JOIN '.USER_GROUP_TABLE.' AS ug + ON u.'.$conf['user_fields']['id'].' = ug.user_id + WHERE u.'.$conf['user_fields']['id'].' != '.$conf['guest_id']; if (isset($filter['username'])) { $query.= ' - AND username LIKE \''.$filter['username'].'\''; + AND u.'.$conf['user_fields']['username'].' LIKE \''.$filter['username'].'\''; } if (isset($filter['group'])) { $query.= ' - AND group_id = '.$filter['group']; + AND ug.group_id = '.$filter['group']; } if (isset($filter['status'])) { $query.= ' - AND status = \''.$filter['status']."'"; + AND ui.status = \''.$filter['status']."'"; } $query.= ' ;'; @@ -617,9 +618,16 @@ if (isset($_GET['direction']) } $query = ' -SELECT DISTINCT(id), username, mail_address, status - FROM '.USERS_TABLE.' LEFT JOIN '.USER_GROUP_TABLE.' ON id = user_id - WHERE id != 2'; +SELECT DISTINCT u.'.$conf['user_fields']['id'].' AS id, + u.'.$conf['user_fields']['username'].' AS username, + u.'.$conf['user_fields']['email'].' AS email, + ui.status + FROM '.USERS_TABLE.' AS u + INNER JOIN '.USER_INFOS_TABLE.' AS ui + ON u.'.$conf['user_fields']['id'].' = ui.user_id + LEFT JOIN '.USER_GROUP_TABLE.' AS ug + ON u.'.$conf['user_fields']['id'].' = ug.user_id + WHERE id != '.$conf['guest_id']; if (isset($filter['username'])) { $query.= ' @@ -628,12 +636,12 @@ if (isset($filter['username'])) if (isset($filter['group'])) { $query.= ' - AND group_id = '.$filter['group']; + AND ug.group_id = '.$filter['group']; } if (isset($filter['status'])) { $query.= ' - AND status = \''.$filter['status']."'"; + AND ui.status = \''.$filter['status']."'"; } $query.= ' ORDER BY '.$order_by.' '.$direction.' @@ -687,7 +695,7 @@ SELECT user_id, group_id 'U_PERM'=>add_session_id($perm_url.$item['id']), 'USERNAME'=>$item['username'], 'STATUS'=>$lang['user_status_'.$item['status']], - 'EMAIL'=>isset($item['mail_address']) ? $item['mail_address'] : '', + 'EMAIL'=>isset($item['email']) ? $item['email'] : '', 'GROUPS'=>$groups_string )); } |