aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorz0rglub <z0rglub@piwigo.org>2004-01-03 20:35:20 +0000
committerz0rglub <z0rglub@piwigo.org>2004-01-03 20:35:20 +0000
commitd81d510568b7d34e7bdeeb55e7f40285299efb0d (patch)
tree4253d1bc6c65bc26318f007afa78754a5690ca4b /include
parent6f5ef234ec7a3d23a573a1c9d3ccc55f1d61f2d1 (diff)
- when creating a new user, taking into account that forbidden categories
are stored in users table, associate new user to the same groups that the guest, has the same categories informations than guest - remove functions get_restrictions, get_all_restrictions, is_user_allowed git-svn-id: http://piwigo.org/svn/branches/release-1_3@245 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include')
-rw-r--r--include/functions_user.inc.php234
1 files changed, 58 insertions, 176 deletions
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 5bc70cf92..050d83c6d 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -37,8 +37,8 @@ function validate_mail_address( $mail_address )
}
}
-function register_user(
- $login, $password, $password_conf, $mail_address, $status = 'guest' )
+function register_user( $login, $password, $password_conf,
+ $mail_address, $status = 'guest' )
{
global $lang;
@@ -49,44 +49,26 @@ function register_user(
// 2. start ou end with space character
// 3. include ' or " characters
// 4. be already used
- if ( $login == '' )
- {
- $error[$i++] = $lang['reg_err_login1'];
- }
- if ( ereg( "^.* $", $login) )
- {
- $error[$i++] = $lang['reg_err_login2'];
- }
- if ( ereg( "^ .*$", $login ) )
- {
- $error[$i++] = $lang['reg_err_login3'];
- }
+ if ( $login == '' ) $error[$i++] = $lang['reg_err_login1'];
+ if ( ereg( "^.* $", $login) ) $error[$i++] = $lang['reg_err_login2'];
+ if ( ereg( "^ .*$", $login ) ) $error[$i++] = $lang['reg_err_login3'];
+
if ( ereg( "'", $login ) or ereg( "\"", $login ) )
- {
$error[$i++] = $lang['reg_err_login4'];
- }
else
{
- $query = 'select id';
- $query.= ' from '.PREFIX_TABLE.'users';
- $query.= " where username = '".$login."';";
+ $query = 'SELECT id';
+ $query.= ' FROM '.PREFIX_TABLE.'users';
+ $query.= " WHERE username = '".$login."'";
+ $query.= ';';
$result = mysql_query( $query );
- if ( mysql_num_rows( $result ) > 0 )
- {
- $error[$i++] = $lang['reg_err_login5'];
- }
+ if ( mysql_num_rows($result) > 0 ) $error[$i++] = $lang['reg_err_login5'];
}
// given password must be the same as the confirmation
- if ( $password != $password_conf )
- {
- $error[$i++] = $lang['reg_err_pass'];
- }
+ if ( $password != $password_conf ) $error[$i++] = $lang['reg_err_pass'];
$error_mail_address = validate_mail_address( $mail_address );
- if ( $error_mail_address != '' )
- {
- $error[$i++] = $error_mail_address;
- }
+ if ( $error_mail_address != '' ) $error[$i++] = $error_mail_address;
// if no error until here, registration of the user
if ( sizeof( $error ) == 0 )
@@ -94,25 +76,20 @@ function register_user(
// 1. retrieving default values, the ones of the user "guest"
$infos = array( 'nb_image_line', 'nb_line_page', 'language',
'maxwidth', 'maxheight', 'expand', 'show_nb_comments',
- 'short_period', 'long_period', 'template' );
- $query = 'select';
+ 'short_period', 'long_period', 'template',
+ 'forbidden_categories' );
+ $query = 'SELECT ';
for ( $i = 0; $i < sizeof( $infos ); $i++ )
{
- if ( $i > 0 )
- {
- $query.= ',';
- }
- else
- {
- $query.= ' ';
- }
+ if ( $i > 0 ) $query.= ',';
$query.= $infos[$i];
}
- $query.= ' from '.PREFIX_TABLE.'users';
- $query.= " where username = 'guest';";
+ $query.= ' FROM '.PREFIX_TABLE.'users';
+ $query.= " WHERE username = 'guest'";
+ $query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
// 2. adding new user
- $query = 'insert into '.PREFIX_TABLE.'users';
+ $query = 'INSERT INTO '.PREFIX_TABLE.'users';
$query.= ' (';
$query.= ' username,password,mail_address,status';
for ( $i = 0; $i < sizeof( $infos ); $i++ )
@@ -122,26 +99,14 @@ function register_user(
$query.= ') values (';
$query.= " '".$login."'";
$query.= ",'".md5( $password )."'";
- if ( $mail_address != '' )
- {
- $query.= ",'".$mail_address."'";
- }
- else
- {
- $query.= ',NULL';
- }
+ if ( $mail_address != '' ) $query.= ",'".$mail_address."'";
+ else $query.= ',NULL';
$query.= ",'".$status."'";
for ( $i = 0; $i < sizeof( $infos ); $i++ )
{
$query.= ',';
- if ( $row[$infos[$i]] == '' )
- {
- $query.= 'NULL';
- }
- else
- {
- $query.= "'".$row[$infos[$i]]."'";
- }
+ if ( $row[$infos[$i]] == '' ) $query.= 'NULL';
+ else $query.= "'".$row[$infos[$i]]."'";
}
$query.= ');';
mysql_query( $query );
@@ -165,6 +130,39 @@ function register_user(
$query.= ' ('.$user_id.','.$row['cat_id'].');';
mysql_query ( $query );
}
+ // 5. associate new user to the same groups that the guest
+ $query = 'SELECT group_id';
+ $query.= ' FROM '.PREFIX_TABLE.'user_group AS ug';
+ $query.= ', '.PREFIX_TABLE.'users AS u';
+ $query.= " WHERE u.username = 'guest'";
+ $query.= ' AND ug.user_id = u.id';
+ $query.= ';';
+ $result = mysql_query( $query );
+ while( $row = mysql_fetch_array( $result ) )
+ {
+ $query = 'INSERT INTO '.PREFIX_TABLE.'user_group';
+ $query.= ' (user_id,group_id) VALUES';
+ $query.= ' ('.$user_id.','.$row['group_id'].')';
+ $query.= ';';
+ mysql_query ( $query );
+ }
+ // 6. has the same categories informations than guest
+ $query = 'SELECT category_id,date_last,nb_sub_categories';
+ $query.= ' FROM '.PREFIX_TABLE.'user_category AS uc';
+ $query.= ', '.PREFIX_TABLE.'users AS u';
+ $query.= " WHERE u.username = 'guest'";
+ $query.= ' AND uc.user_id = u.id';
+ $query.= ';';
+ $result = mysql_query( $query );
+ while( $row = mysql_fetch_array( $result ) )
+ {
+ $query = 'INSERT INTO '.PREFIX_TABLE.'user_category';
+ $query.= ' (user_id,category_id,date_last,nb_sub_categories) VALUES';
+ $query.= ' ('.$user_id.','.$row['category_id'];
+ $query.= ",'".$row['date_last']."',".$row['nb_sub_categories'].')';
+ $query.= ';';
+ mysql_query ( $query );
+ }
}
return $error;
}
@@ -217,120 +215,4 @@ function check_login_authorization()
exit();
}
}
-
-// The function get_restrictions returns an array with the ids of the
-// restricted categories for the user.
-// If the $check_invisible parameter is set to true, invisible categories
-// are added to the restricted one in the array.
-function get_restrictions( $user_id, $user_status,
- $check_invisible, $use_groups = true )
-{
- // 1. retrieving ids of private categories
- $query = 'SELECT id';
- $query.= ' FROM '.PREFIX_TABLE.'categories';
- $query.= " WHERE status = 'private'";
- $query.= ';';
- $result = mysql_query( $query );
- $privates = array();
- while ( $row = mysql_fetch_array( $result ) )
- {
- array_push( $privates, $row['id'] );
- }
- // 2. retrieving all authorized categories for the user
- $authorized = array();
- // 2.1. retrieving authorized categories thanks to personnal user
- // authorization
- $query = 'SELECT cat_id';
- $query.= ' FROM '.PREFIX_TABLE.'user_access';
- $query.= ' WHERE user_id = '.$user_id;
- $query.= ';';
- $result = mysql_query( $query );
- while ( $row = mysql_fetch_array( $result ) )
- {
- array_push( $authorized, $row['cat_id'] );
- }
- // 2.2. retrieving authorized categories thanks to group authorization to
- // which the user is a member
- if ( $use_groups )
- {
- $query = 'SELECT ga.cat_id';
- $query.= ' FROM '.PREFIX_TABLE.'user_group as ug';
- $query.= ', '.PREFIX_TABLE.'group_access as ga';
- $query.= ' WHERE ug.group_id = ga.group_id';
- $query.= ' AND ug.user_id = '.$user_id;
- $query.= ';';
- $result = mysql_query( $query );
- while ( $row = mysql_fetch_array( $result ) )
- {
- array_push( $authorized, $row['cat_id'] );
- }
- $authorized = array_unique( $authorized );
- }
-
- $forbidden = array();
- foreach ( $privates as $private ) {
- if ( !in_array( $private, $authorized ) )
- {
- array_push( $forbidden, $private );
- }
- }
-
- if ( $check_invisible )
- {
- // 3. adding to the restricted categories, the invisible ones
- if ( $user_status != 'admin' )
- {
- $query = 'SELECT id';
- $query.= ' FROM '.PREFIX_TABLE.'categories';
- $query.= " WHERE visible = 'false';";
- $result = mysql_query( $query );
- while ( $row = mysql_fetch_array( $result ) )
- {
- array_push( $forbidden, $row['id'] );
- }
- }
- }
- return array_unique( $forbidden );
-}
-
-// The get_all_restrictions function returns an array with all the
-// categories id which are restricted for the user. Including the
-// sub-categories and invisible categories
-function get_all_restrictions( $user_id, $user_status )
-{
- $restricted_cats = get_restrictions( $user_id, $user_status, true );
- foreach ( $restricted_cats as $restricted_cat ) {
- $sub_restricted_cats = get_subcats_id( $restricted_cat );
- foreach ( $sub_restricted_cats as $sub_restricted_cat ) {
- array_push( $restricted_cats, $sub_restricted_cat );
- }
- }
- return $restricted_cats;
-}
-
-// The function is_user_allowed returns :
-// - 0 : if the category is allowed with this $restrictions array
-// - 1 : if this category is not allowed
-// - 2 : if an uppercat category is not allowed
-function is_user_allowed( $category_id, $restrictions )
-{
- $lowest_category_id = $category_id;
-
- $is_root = false;
- while ( !$is_root and !in_array( $category_id, $restrictions ) )
- {
- $query = 'SELECT id_uppercat';
- $query.= ' FROM '.PREFIX_TABLE.'categories';
- $query.= ' WHERE id = '.$category_id;
- $query.= ';';
- $row = mysql_fetch_array( mysql_query( $query ) );
- if ( $row['id_uppercat'] == '' ) $is_root = true;
- $category_id = $row['id_uppercat'];
- }
-
- if ( in_array( $lowest_category_id, $restrictions ) ) return 1;
- if ( in_array( $category_id, $restrictions ) ) return 2;
- // this user is allowed to go in this category
- return 0;
-}
?> \ No newline at end of file