diff options
Diffstat (limited to '')
34 files changed, 2012 insertions, 1044 deletions
diff --git a/admin/admin.php b/admin/admin.php index 5730356fe..3825ca71a 100644 --- a/admin/admin.php +++ b/admin/admin.php @@ -25,55 +25,110 @@ $vtp->setGlobalVar( $handle, 'page_title', $lang['title_default'] ); $vtp->setGlobalVar( $handle, 'menu_title', $lang['menu_title'] ); //--------------------------------------- validating page and creation of title $page_valide = false; +$title = ''; switch ( $_GET['page'] ) { case 'user_add': - $titre = $lang['title_add']; $page_valide = true; break; + $title = $lang['title_add']; $page_valide = true; break; case 'user_list': - $titre = $lang['title_liste_users']; $page_valide = true; break; + $title = $lang['title_liste_users']; $page_valide = true; break; case 'user_modify': - $titre = $lang['title_modify']; $page_valide = true; break; + $title = $lang['title_modify']; $page_valide = true; break; + case 'user_perm': + if ( !is_numeric( $_GET['user_id'] ) ) $_GET['user_id'] = -1; + $query = 'SELECT status,username'; + $query.= ' FROM '.PREFIX_TABLE.'users'; + $query.= ' WHERE id = '.$_GET['user_id']; + $query.= ';'; + $result = mysql_query( $query ); + if ( mysql_num_rows( $result ) > 0 ) + { + $row = mysql_fetch_array( $result ); + $page['user_status'] = $row['status']; + if ( $row['username'] == 'guest' ) $row['username'] = $lang['guest']; + $page['user_username'] = $row['username']; + $page_valide = true; + $title = $lang['title_user_perm'].' "'.$page['user_username'].'"'; + } + else + { + $page_valide = false; + } + break; + case 'group_list' : + $title = $lang['title_groups']; $page_valide = true; break; + case 'group_perm' : + if ( !is_numeric( $_GET['group_id'] ) ) $_GET['group_id'] = -1; + $query = 'SELECT name'; + $query.= ' FROM '.PREFIX_TABLE.'groups'; + $query.= ' WHERE id = '.$_GET['group_id']; + $query.= ';'; + $result = mysql_query( $query ); + if ( mysql_num_rows( $result ) > 0 ) + { + $row = mysql_fetch_array( $result ); + $title = $lang['title_group_perm'].' "'.$row['name'].'"'; + $page_valide = true; + } + else + { + $page_valide = false; + } + break; case 'historique': - $titre = $lang['title_history']; $page_valide = true; break; + $title = $lang['title_history']; $page_valide = true; break; case 'update': - $titre = $lang['title_update']; $page_valide = true; break; + $title = $lang['title_update']; $page_valide = true; break; case 'configuration': - $titre = $lang['title_configuration']; $page_valide = true; break; + $title = $lang['title_configuration']; $page_valide = true; break; case 'manuel': - $titre = $lang['title_instructions']; $page_valide = true; break; - case 'perm': - $titre = $lang['title_permissions']; $page_valide = true; break; - case 'cat': - $titre = $lang['title_categories']; $page_valide = true; break; - case 'edit_cat': - $titre = $lang['title_edit_cat']; $page_valide = true; break; + $title = $lang['title_instructions']; $page_valide = true; break; + case 'cat_perm': + $title = $lang['title_cat_perm']; + if ( isset( $_GET['cat_id'] ) ) + { + check_cat_id( $_GET['cat_id'] ); + if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) ) + { + $result = get_cat_info( $page['cat'] ); + $name = get_cat_display_name( $result['name'],' > ', '' ); + $title.= ' "'.$name.'"'; + } + } + $page_valide = true; + break; + case 'cat_list': + $title = $lang['title_categories']; $page_valide = true; break; + case 'cat_modify': + $title = $lang['title_edit_cat']; $page_valide = true; break; case 'infos_images': - $titre = $lang['title_info_images']; $page_valide = true; break; + $title = $lang['title_info_images']; $page_valide = true; break; case 'waiting': - $titre = $lang['title_waiting']; $page_valide = true; break; + $title = $lang['title_waiting']; $page_valide = true; break; case 'thumbnail': - $titre = $lang['title_thumbnails']; + $title = $lang['title_thumbnails']; if ( isset( $_GET['dir'] ) ) { - $titre.= ' '.$lang['title_thumbnails_2'].' <span style="color:#006699;">'; + $title.= ' '.$lang['title_thumbnails_2'].' <span style="color:#006699;">'; // $_GET['dir'] contient : // ../galleries/vieux_lyon ou // ../galleries/vieux_lyon/visite ou // ../galleries/vieux_lyon/visite/truc ... $dir = explode( "/", $_GET['dir'] ); - $titre.= $dir[2]; + $title.= $dir[2]; for ( $i = 3; $i < sizeof( $dir ) - 1; $i++ ) { - $titre.= ' > '.$dir[$i]; + $title.= ' > '.$dir[$i]; } - $titre.= "</span>"; + $title.= "</span>"; } $page_valide = true; break; default: - $titre = $lang['title_default']; break; + $title = $lang['title_default']; break; } -$vtp->setGlobalVar( $handle, 'title', $titre ); +if ( $title == '' ) $title = $lang['title_default']; +$vtp->setGlobalVar( $handle, 'title', $title ); //--------------------------------------------------------------------- summary $link_start = './admin.php?page='; // configuration @@ -87,7 +142,7 @@ $vtp->closeSession( $handle, 'summary' ); $vtp->addSession( $handle, 'summary' ); $vtp->setVar( $handle, 'summary.indent', '' ); $vtp->setVar( $handle, 'summary.link', - add_session_id( $link_start.'liste_users' ) ); + add_session_id( $link_start.'user_list' ) ); $vtp->setVar( $handle, 'summary.name', $lang['menu_users'] ); $vtp->closeSession( $handle, 'summary' ); // user list @@ -104,10 +159,17 @@ $vtp->setVar( $handle, 'summary.link', add_session_id( $link_start.'user_add' ) ); $vtp->setVar( $handle, 'summary.name', $lang['menu_add_user'] ); $vtp->closeSession( $handle, 'summary' ); +// groups +$vtp->addSession( $handle, 'summary' ); +$vtp->setVar( $handle, 'summary.indent', '' ); +$vtp->setVar( $handle, 'summary.link', + add_session_id( $link_start.'group_list' ) ); +$vtp->setVar( $handle, 'summary.name', $lang['menu_groups'] ); +$vtp->closeSession( $handle, 'summary' ); // categories $vtp->addSession( $handle, 'summary' ); $vtp->setVar( $handle, 'summary.indent', '' ); -$vtp->setVar( $handle, 'summary.link', add_session_id( $link_start.'cat' ) ); +$vtp->setVar( $handle, 'summary.link',add_session_id( $link_start.'cat_list')); $vtp->setVar( $handle, 'summary.name', $lang['menu_categories'] ); $vtp->closeSession( $handle, 'summary' ); // waiting diff --git a/admin/cat.php b/admin/cat_list.php index 890fa866a..a0c7696b7 100644 --- a/admin/cat.php +++ b/admin/cat_list.php @@ -17,7 +17,7 @@ ***************************************************************************/ include_once( './include/isadmin.inc.php' ); //----------------------------------------------------- template initialization -$sub = $vtp->Open( '../template/'.$user['template'].'/admin/cat.vtp' ); +$sub = $vtp->Open( '../template/'.$user['template'].'/admin/cat_list.vtp' ); // language $vtp->setGlobalVar( $sub, 'cat_edit', $lang['cat_edit'] ); $vtp->setGlobalVar( $sub, 'cat_up', $lang['cat_up'] ); @@ -30,41 +30,41 @@ if ( isset( $_GET['up'] ) && is_numeric( $_GET['up'] ) ) { // 1. searching level (id_uppercat) // and rank of the category to move - $query = 'select id_uppercat,rank'; - $query.= ' from '.PREFIX_TABLE.'categories'; - $query.= ' where id = '.$_GET['up']; + $query = 'SELECT id_uppercat,rank'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; + $query.= ' WHERE id = '.$_GET['up']; $query.= ';'; $row = mysql_fetch_array( mysql_query( $query ) ); $level = $row['id_uppercat']; $rank = $row['rank']; // 2. searching the id and the rank of the category // just above at the same level - $query = 'select id,rank'; - $query.= ' from '.PREFIX_TABLE.'categories'; - $query.= ' where rank < '.$rank; + $query = 'SELECT id,rank'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; + $query.= ' WHERE rank < '.$rank; if ( $level == '' ) { - $query.= ' and id_uppercat is null'; + $query.= ' AND id_uppercat IS NULL'; } else { - $query.= ' and id_uppercat = '.$level; + $query.= ' AND id_uppercat = '.$level; } - $query.= ' order by rank desc'; - $query.= ' limit 0,1'; + $query.= ' ORDER BY rank DESC'; + $query.= ' LIMIT 0,1'; $query.= ';'; $row = mysql_fetch_array( mysql_query( $query ) ); $new_rank = $row['rank']; $replaced_cat = $row['id']; // 3. exchanging ranks between the two categories - $query = 'update '.PREFIX_TABLE.'categories'; - $query.= ' set rank = '.$new_rank; - $query.= ' where id = '.$_GET['up']; + $query = 'UPDATE '.PREFIX_TABLE.'categories'; + $query.= ' SET rank = '.$new_rank; + $query.= ' WHERE id = '.$_GET['up']; $query.= ';'; mysql_query( $query ); - $query = 'update '.PREFIX_TABLE.'categories'; - $query.= ' set rank = '.$rank; - $query.= ' where id = '.$replaced_cat; + $query = 'UPDATE '.PREFIX_TABLE.'categories'; + $query.= ' SET rank = '.$rank; + $query.= ' WHERE id = '.$replaced_cat; $query.= ';'; mysql_query( $query ); } @@ -72,41 +72,41 @@ if ( isset( $_GET['down'] ) && is_numeric( $_GET['down'] ) ) { // 1. searching level (id_uppercat) // and rank of the category to move - $query = 'select id_uppercat,rank'; - $query.= ' from '.PREFIX_TABLE.'categories'; - $query.= ' where id = '.$_GET['down']; + $query = 'SELECT id_uppercat,rank'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; + $query.= ' WHERE id = '.$_GET['down']; $query.= ';'; $row = mysql_fetch_array( mysql_query( $query ) ); $level = $row['id_uppercat']; $rank = $row['rank']; // 2. searching the id and the rank of the category // just below at the same level - $query = 'select id,rank'; - $query.= ' from '.PREFIX_TABLE.'categories'; - $query.= ' where rank > '.$rank; + $query = 'SELECT id,rank'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; + $query.= ' WHERE rank > '.$rank; if ( $level == '' ) { - $query.= ' and id_uppercat is null'; + $query.= ' AND id_uppercat is null'; } else { - $query.= ' and id_uppercat = '.$level; + $query.= ' AND id_uppercat = '.$level; } - $query.= ' order by rank asc'; - $query.= ' limit 0,1'; + $query.= ' ORDER BY rank ASC'; + $query.= ' LIMIT 0,1'; $query.= ';'; $row = mysql_fetch_array( mysql_query( $query ) ); $new_rank = $row['rank']; $replaced_cat = $row['id']; // 3. exchanging ranks between the two categories - $query = 'update '.PREFIX_TABLE.'categories'; - $query.= ' set rank = '.$new_rank; - $query.= ' where id = '.$_GET['down']; + $query = 'UPDATE '.PREFIX_TABLE.'categories'; + $query.= ' SET rank = '.$new_rank; + $query.= ' WHERE id = '.$_GET['down']; $query.= ';'; mysql_query( $query ); - $query = 'update '.PREFIX_TABLE.'categories'; - $query.= ' set rank = '.$rank; - $query.= ' where id = '.$replaced_cat; + $query = 'UPDATE '.PREFIX_TABLE.'categories'; + $query.= ' SET rank = '.$rank; + $query.= ' WHERE id = '.$replaced_cat; $query.= ';'; mysql_query( $query ); } @@ -115,24 +115,24 @@ function ordering( $id_uppercat ) { $rank = 1; - $query = 'select id'; - $query.= ' from '.PREFIX_TABLE.'categories'; + $query = 'SELECT id'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; if ( !is_numeric( $id_uppercat ) ) { - $query.= ' where id_uppercat is NULL'; + $query.= ' WHERE id_uppercat IS NULL'; } else { - $query.= ' where id_uppercat = '.$id_uppercat; + $query.= ' WHERE id_uppercat = '.$id_uppercat; } - $query.= ' order by rank asc, dir asc'; + $query.= ' ORDER BY rank ASC, dir ASC'; $query.= ';'; $result = mysql_query( $query ); while ( $row = mysql_fetch_array( $result ) ) { - $query = 'update '.PREFIX_TABLE.'categories'; - $query.= ' set rank = '.$rank; - $query.= ' where id = '.$row['id']; + $query = 'UPDATE '.PREFIX_TABLE.'categories'; + $query.= ' SET rank = '.$rank; + $query.= ' WHERE id = '.$row['id']; $query.= ';'; mysql_query( $query ); $rank++; @@ -148,15 +148,15 @@ function display_cat_manager( $id_uppercat, $indent, global $lang,$conf,$sub,$vtp; // searching the min_rank and the max_rank of the category - $query = 'select min(rank) as min, max(rank) as max'; - $query.= ' from '.PREFIX_TABLE.'categories'; + $query = 'SELECT MIN(rank) AS min, MAX(rank) AS max'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; if ( !is_numeric( $id_uppercat ) ) { - $query.= ' where id_uppercat is NULL'; + $query.= ' WHERE id_uppercat IS NULL'; } else { - $query.= ' where id_uppercat = '.$id_uppercat; + $query.= ' WHERE id_uppercat = '.$id_uppercat; } $query.= ';'; $result = mysql_query( $query ); @@ -176,17 +176,17 @@ function display_cat_manager( $id_uppercat, $indent, $td = 'th'; } - $query = 'select id,name,dir,nb_images,status,rank,site_id'; - $query.= ' from '.PREFIX_TABLE.'categories'; + $query = 'SELECT id,name,dir,nb_images,status,rank,site_id,visible'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; if ( !is_numeric( $id_uppercat ) ) { - $query.= ' where id_uppercat is NULL'; + $query.= ' WHERE id_uppercat IS NULL'; } else { - $query.= ' where id_uppercat = '.$id_uppercat; + $query.= ' WHERE id_uppercat = '.$id_uppercat; } - $query.= ' order by rank asc'; + $query.= ' ORDER BY rank ASC'; $query.= ';'; $result = mysql_query( $query ); while ( $row = mysql_fetch_array( $result ) ) @@ -207,13 +207,17 @@ function display_cat_manager( $id_uppercat, $indent, } $vtp->setVar( $sub, 'cat.name', $name ); $vtp->setVar( $sub, 'cat.dir', $row['dir'] ); - if ( $row['status'] == 'invisible' || !$uppercat_visible ) + if ( $row['visible'] == 'false' or !$uppercat_visible ) { $subcat_visible = false; $vtp->setVar( $sub, 'cat.invisible', $lang['cat_invisible'] ); } + if ( $row['status'] == 'private' ) + { + $vtp->setVar( $sub, 'cat.private', $lang['private'] ); + } $vtp->setVar( $sub, 'cat.nb_picture', $row['nb_images'] ); - $url = add_session_id( './admin.php?page=edit_cat&cat='.$row['id'] ); + $url = add_session_id( './admin.php?page=cat_modify&cat='.$row['id'] ); $vtp->setVar( $sub, 'cat.edit_url', $url ); if ( $row['rank'] != $min_rank ) { @@ -252,8 +256,18 @@ function display_cat_manager( $id_uppercat, $indent, $vtp->addSession( $sub, 'no_image_info' ); $vtp->closeSession( $sub, 'no_image_info' ); } - $url = add_session_id( './admin.php?page=perm&cat_id='.$row['id'] ); - $vtp->setVar( $sub, 'cat.permission_url', $url ); + if ( $row['status'] == 'private' ) + { + $vtp->addSession( $sub, 'permission' ); + $url=add_session_id('./admin.php?page=cat_perm&cat_id='.$row['id']); + $vtp->setVar( $sub, 'permission.url', $url ); + $vtp->closeSession( $sub, 'permission' ); + } + else + { + $vtp->addSession( $sub, 'no_permission' ); + $vtp->closeSession( $sub, 'no_permission' ); + } if ( $row['site_id'] == 1 ) { $vtp->addSession( $sub, 'update' ); diff --git a/admin/edit_cat.php b/admin/cat_modify.php index bcd78b751..3e171139f 100644 --- a/admin/edit_cat.php +++ b/admin/cat_modify.php @@ -1,6 +1,6 @@ <?php /*************************************************************************** - * edit_cat.php * + * cat_modify.php * * ------------------- * * application : PhpWebGallery 1.3 * * author : Pierrick LE GALL <pierrick@z0rglub.com> * @@ -17,14 +17,41 @@ include_once( './include/isadmin.inc.php' ); //----------------------------------------------------- template initialization -$sub = $vtp->Open( '../template/'.$user['template'].'/admin/edit_cat.vtp' ); +$sub = $vtp->Open( '../template/'.$user['template'].'/admin/cat_modify.vtp' ); $tpl = array( 'remote_site','editcat_confirm','editcat_back','editcat_title1', - 'editcat_name', 'editcat_comment', 'editcat_status', - 'editcat_status_info', 'submit' ); + 'editcat_name','editcat_comment','editcat_status', + 'editcat_visible','editcat_status_info', 'submit' ); templatize_array( $tpl, 'lang', $sub ); +//---------------------------------------------------------------- verification +if ( !is_numeric( $_GET['cat'] ) ) +{ + $_GET['cat'] = '-1'; +} //--------------------------------------------------------- form criteria check if ( isset( $_POST['submit'] ) ) { + // if new status is different from previous one, deletion of all related + // links for access rights + $query = 'SELECT status'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; + $query.= ' WHERE id = '.$_GET['cat']; + $query.= ';'; + $row = mysql_fetch_array( mysql_query( $query ) ); + + if ( $_POST['status'] != $row['status'] ) + { + // deletion of all access for groups concerning this category + $query = 'DELETE'; + $query.= ' FROM '.PREFIX_TABLE.'group_access'; + $query.= ' WHERE cat_id = '.$_GET['cat']; + mysql_query( $query ); + // deletion of all access for users concerning this category + $query = 'DELETE'; + $query.= ' FROM '.PREFIX_TABLE.'user_access'; + $query.= ' WHERE cat_id = '.$_GET['cat']; + mysql_query( $query ); + } + $query = 'UPDATE '.PREFIX_TABLE.'categories'; if ( $_POST['name'] == '' ) { @@ -43,6 +70,7 @@ if ( isset( $_POST['submit'] ) ) $query.= ", comment = '".htmlentities( $_POST['comment'], ENT_QUOTES )."'"; } $query.= ", status = '".$_POST['status']."'"; + $query.= ", visible = '".$_POST['visible']."'"; $query.= " WHERE id = '".$_GET['cat']."'"; $query.= ';'; mysql_query( $query ); @@ -57,26 +85,28 @@ if ( isset( $_POST['submit'] ) ) check_favorites( $row['id'] ); } $vtp->addSession( $sub, 'confirmation' ); - $url = add_session_id( './admin.php?page=cat' ); + $url = add_session_id( './admin.php?page=cat_list' ); $vtp->setVar( $sub, 'confirmation.back_url', $url ); $vtp->closeSession( $sub, 'confirmation' ); } //------------------------------------------------------------------------ form -$form_action = './admin.php?page=edit_cat&cat='.$_GET['cat']; +$form_action = './admin.php?page=cat_modify&cat='.$_GET['cat']; $vtp->setVar( $sub, 'form_action', add_session_id( $form_action ) ); $query = 'SELECT a.id,name,dir,status,comment'; -$query.= ',id_uppercat,site_id,galleries_url'; +$query.= ',id_uppercat,site_id,galleries_url,visible'; $query.= ' FROM '.PREFIX_TABLE.'categories as a, '.PREFIX_TABLE.'sites as b'; $query.= ' WHERE a.id = '.$_GET['cat']; $query.= ' AND a.site_id = b.id'; $query.= ';'; $row = mysql_fetch_array( mysql_query( $query ) ); $result = get_cat_info( $row['id'] ); - +// cat name $cat_name = get_cat_display_name( $result['name'], ' - ', '' ); $vtp->setVar( $sub, 'cat:name', $cat_name ); +// cat dir $vtp->setVar( $sub, 'cat:dir', $row['dir'] ); +// remote site ? if ( $row['site_id'] != 1 ) { $vtp->addSession( $sub, 'server' ); @@ -85,16 +115,39 @@ if ( $row['site_id'] != 1 ) } $vtp->setVar( $sub, 'name', $row['name'] ); $vtp->setVar( $sub, 'comment', $row['comment'] ); +// status : public, private... $options = get_enums( PREFIX_TABLE.'categories', 'status' ); foreach ( $options as $option ) { $vtp->addSession( $sub, 'status_option' ); - $vtp->setVar( $sub, 'status_option.option', $option ); + $vtp->setVar( $sub, 'status_option.option', $lang[$option] ); + $vtp->setVar( $sub, 'status_option.value', $option ); if ( $option == $row['status'] ) { $vtp->setVar( $sub, 'status_option.checked', ' checked="checked"' ); } $vtp->closeSession( $sub, 'status_option' ); } +// visible : true or false +$vtp->addSession( $sub, 'visible_option' ); +$vtp->setVar( $sub, 'visible_option.value', 'true' ); +$vtp->setVar( $sub, 'visible_option.option', $lang['yes'] ); +$checked = ''; +if ( $row['visible'] == 'true' ) +{ + $checked = ' checked="checked"'; +} +$vtp->setVar( $sub, 'visible_option.checked', $checked ); +$vtp->closeSession( $sub, 'visible_option' ); +$vtp->addSession( $sub, 'visible_option' ); +$vtp->setVar( $sub, 'visible_option.value', 'false' ); +$vtp->setVar( $sub, 'visible_option.option', $lang['no'] ); +$checked = ''; +if ( $row['visible'] == 'false' ) +{ + $checked = ' checked="checked"'; +} +$vtp->setVar( $sub, 'visible_option.checked', $checked ); +$vtp->closeSession( $sub, 'visible_option' ); //----------------------------------------------------------- sending html code $vtp->Parse( $handle , 'sub', $sub ); ?>
\ No newline at end of file diff --git a/admin/cat_perm.php b/admin/cat_perm.php new file mode 100644 index 000000000..d8e0f28dc --- /dev/null +++ b/admin/cat_perm.php @@ -0,0 +1,210 @@ +<?php +/*************************************************************************** + * cat_perm.php * + * ------------------ * + * application : PhpWebGallery 1.3 * + * author : Pierrick LE GALL <pierrick@z0rglub.com> * + * * + ***************************************************************************/ + +/*************************************************************************** + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation; * + * * + ***************************************************************************/ +include_once( './include/isadmin.inc.php' ); +//----------------------------------------------------- template initialization +$sub = $vtp->Open( '../template/'.$user['template'].'/admin/cat_perm.vtp' ); +$error = array(); +$tpl = array( 'permuser_authorized','permuser_forbidden','menu_groups', + 'submit','menu_users','permuser_parent_forbidden' ); +templatize_array( $tpl, 'lang', $sub ); +//-------------------------------------------------------------- category infos +if ( isset( $_GET['cat_id'] ) ) +{ + check_cat_id( $_GET['cat_id'] ); + if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) ) + { + $result = get_cat_info( $page['cat'] ); + $page['cat_name'] = $result['name']; + $page['id_uppercat'] = $result['id_uppercat']; + } +} +//---------------------------------------------------------- permission updates +if ( isset( $_POST['submit'] ) ) +{ + // groups access update + $query = 'DELETE'; + $query.= ' FROM '.PREFIX_TABLE.'group_access'; + $query.= ' WHERE cat_id = '.$page['cat']; + $query.= ';'; + mysql_query( $query ); + $query = 'SELECT id'; + $query.= ' FROM '.PREFIX_TABLE.'groups'; + $query.= ';'; + $result = mysql_query( $query ); + while ( $row = mysql_fetch_array( $result ) ) + { + $radioname = 'groupaccess-'.$row['id']; + if ( $_POST[$radioname] == 0 ) + { + $query = 'INSERT INTO '.PREFIX_TABLE.'group_access'; + $query.= ' (cat_id,group_id) VALUES'; + $query.= ' ('.$page['cat'].','.$row['id'].')'; + $query.= ';'; + mysql_query( $query ); + } + } + // users access update + $query = 'DELETE'; + $query.= ' FROM '.PREFIX_TABLE.'user_access'; + $query.= ' WHERE cat_id = '.$page['cat']; + $query.= ';'; + mysql_query( $query ); + $query = 'SELECT id'; + $query.= ' FROM '.PREFIX_TABLE.'users'; + $query.= ';'; + $result = mysql_query( $query ); + while ( $row = mysql_fetch_array( $result ) ) + { + $radioname = 'useraccess-'.$row['id']; + if ( $_POST[$radioname] == 0 ) + { + $query = 'INSERT INTO '.PREFIX_TABLE.'user_access'; + $query.= ' (cat_id,user_id) VALUES'; + $query.= ' ('.$page['cat'].','.$row['id'].')'; + $query.= ';'; + mysql_query( $query ); + } + check_favorites( $row['id'] ); + } + // echo "<div class=\"info\">".$lang['permuser_info_message']." [ <a href=\"".add_session_id_to_url( "./admin.php?page=cat" )."\">".$lang['editcat_back']."</a> ]</div>"; +} +//---------------------------------------------------------------------- groups +$query = 'SELECT id,name'; +$query.= ' FROM '.PREFIX_TABLE.'groups'; +$query. ';'; +$result = mysql_query( $query ); +if ( mysql_num_rows( $result ) > 0 ) +{ + $vtp->addSession( $sub, 'groups' ); + // creating an array with all authorized groups for this category + $query = 'SELECT group_id'; + $query.= ' FROM '.PREFIX_TABLE.'group_access'; + $query.= ' WHERE cat_id = '.$_GET['cat_id']; + $query.= ';'; + $subresult = mysql_query( $query ); + $authorized_groups = array(); + while ( $subrow = mysql_fetch_array( $subresult ) ) + { + array_push( $authorized_groups, $subrow['group_id'] ); + } + // displaying each group + while( $row = mysql_fetch_array( $result ) ) + { + $vtp->addSession( $sub, 'group' ); + if ( in_array( $row['id'], $authorized_groups ) ) + { + $vtp->setVar( $sub, 'group.color', 'green' ); + $vtp->setVar( $sub, 'group.authorized_checked', ' checked="checked"' ); + } + else + { + $vtp->setVar( $sub, 'group.color', 'red' ); + $vtp->setVar( $sub, 'group.forbidden_checked', ' checked="checked"' ); + } + $vtp->setVar( $sub, 'group.groupname', $row['name'] ); + $vtp->setVar( $sub, 'group.id', $row['id'] ); + $vtp->closeSession( $sub, 'group' ); + } + $vtp->closeSession( $sub, 'groups' ); +} +//----------------------------------------------------------------------- users +$query = 'SELECT id,username,status'; +$query.= ' FROM '.PREFIX_TABLE.'users'; +$query.= " WHERE username != '".$conf['webmaster']."'"; +$query.= ';'; +$result = mysql_query( $query ); +while ( $row = mysql_fetch_array( $result ) ) +{ + $vtp->addSession( $sub, 'user' ); + $vtp->setVar( $sub, 'user.id', $row['id'] ); + $url = add_session_id( './admin.php?page=user_perm&user_id='.$row['id']); + $vtp->setVar( $sub, 'user.user_perm_link', $url); + if ( $row['username'] == 'guest' ) + { + $row['username'] = $lang['guest']; + } + $vtp->setVar( $sub, 'user.username', $row['username'] ); + + // for color of user : (red means access forbidden, green authorized) we + // ask all forbidden categories, including the groups rights + $restrictions = get_restrictions( $row['id'], $row['status'], false ); + $is_user_allowed = is_user_allowed( $page['cat'], $restrictions ); + if ( $is_user_allowed == 0 ) + { + $vtp->setVar( $sub, 'user.color', 'green' ); + } + else + { + $vtp->setVar( $sub, 'user.color', 'red' ); + } + // for permission update button, we only ask forbidden categories for the + // user, not taking into account the groups the user belongs to + $restrictions = get_restrictions( $row['id'], $row['status'], false, false ); + $is_user_allowed = is_user_allowed( $page['cat'], $restrictions ); + if ( $is_user_allowed == 2 ) + { + $vtp->addSession( $sub, 'parent_forbidden' ); + $url = './admin.php?page=cat_perm&cat_id='.$page['id_uppercat']; + $vtp->setVar( $sub, 'parent_forbidden.url', add_session_id( $url ) ); + $vtp->closeSession( $sub, 'parent_forbidden' ); + } + if ( $is_user_allowed == 0 ) + { + $vtp->setVar( $sub, 'user.authorized_checked', ' checked="checked"' ); + } + else + { + $vtp->setVar( $sub, 'user.forbidden_checked', ' checked="checked"' ); + } + // user's group(s) + $query = 'SELECT g.name as groupname, g.id as groupid'; + $query.= ' FROM '.PREFIX_TABLE.'groups as g'; + $query.= ', '.PREFIX_TABLE.'user_group as ug'; + $query.= ' WHERE ug.group_id = g.id'; + $query.= ' AND ug.user_id = '.$row['id']; + $query.= ';'; + $subresult = mysql_query( $query ); + if ( mysql_num_rows( $subresult ) > 0 ) + { + $vtp->addSession( $sub, 'usergroups' ); + $i = 0; + while( $subrow = mysql_fetch_array( $subresult ) ) + { + $vtp->addSession( $sub, 'usergroup' ); + if ( in_array( $subrow['groupid'], $authorized_groups ) ) + { + $vtp->setVar( $sub, 'usergroup.color', 'green' ); + } + else + { + $vtp->setVar( $sub, 'usergroup.color', 'red' ); + } + $vtp->setVar( $sub, 'usergroup.name', $subrow['groupname'] ); + if ( $i < mysql_num_rows( $subresult ) - 1 ) + { + $vtp->setVar( $sub, 'usergroup.separation', ',' ); + } + $vtp->closeSession( $sub, 'usergroup' ); + $i++; + } + $vtp->closeSession( $sub, 'usergroups' ); + } + $vtp->closeSession( $sub, 'user' ); +} +//----------------------------------------------------------- sending html code +$vtp->Parse( $handle , 'sub', $sub ); +?>
\ No newline at end of file diff --git a/admin/configuration.php b/admin/configuration.php index bb8978c65..34e148c4d 100644 --- a/admin/configuration.php +++ b/admin/configuration.php @@ -15,7 +15,7 @@ * the Free Software Foundation; * * * ***************************************************************************/ - + include_once( './include/isadmin.inc.php' ); $Caracs = array("¥" => "Y", "µ" => "u", "À" => "A", "Á" => "A", @@ -48,7 +48,8 @@ array( 'nb_image_line','nb_line_page','theme','language','maxwidth', $error = array(); if ( isset( $_POST['submit'] ) ) { - //purge de la table des session si demandé + $int_pattern = '/^\d+$/'; + // empty session table if asked if ( $_POST['empty_session_table'] == 1 ) { $query = 'DELETE FROM '.PREFIX_TABLE.'sessions'; @@ -79,8 +80,8 @@ if ( isset( $_POST['submit'] ) ) array_push( $error, $lang['conf_err_mail'] ); } // periods must be integer values, they represents number of days - if ( !is_int( $_POST['short_period'] ) - or !is_int( $_POST['long_period'] ) ) + if ( !preg_match( $int_pattern, $_POST['short_period'] ) + or !preg_match( $int_pattern, $_POST['long_period'] ) ) { array_push( $error, $lang['err_periods'] ); } @@ -94,21 +95,21 @@ if ( isset( $_POST['submit'] ) ) } } // session_id size must be an integer between 4 and 50 - if ( !is_int( $_POST['session_id_size'] ) + if ( !preg_match( $int_pattern, $_POST['session_id_size'] ) or $_POST['session_id_size'] < 4 or $_POST['session_id_size'] > 50 ) { array_push( $error, $lang['conf_err_sid_size'] ); } // session_time must be an integer between 5 and 60, in minutes - if ( !is_int( $_POST['session_time'] ) + if ( !preg_match( $int_pattern, $_POST['session_time'] ) or $_POST['session_time'] < 5 or $_POST['session_time'] > 60 ) { array_push( $error, $lang['conf_err_sid_time'] ); } // max_user_listbox must be an integer between 0 and 255 included - if ( !is_int( $_POST['max_user_listbox'] ) + if ( !preg_match( $int_pattern, $_POST['max_user_listbox'] ) or $_POST['max_user_listbox'] < 0 or $_POST['max_user_listbox'] > 255 ) { @@ -116,14 +117,14 @@ if ( isset( $_POST['submit'] ) ) } // the number of comments per page must be an integer between 5 and 50 // included - if ( !is_int( $_POST['nb_comment_page'] ) + if ( !preg_match( $int_pattern, $_POST['nb_comment_page'] ) or $_POST['nb_comment_page'] < 5 or $_POST['nb_comment_page'] > 50 ) { array_push( $error, $lang['conf_err_comment_number'] ); } // the maximum upload filesize must be an integer between 10 and 1000 - if ( !is_int( $_POST['upload_maxfilesize'] ) + if ( !preg_match( $int_pattern, $_POST['upload_maxfilesize'] ) or $_POST['upload_maxfilesize'] < 10 or $_POST['upload_maxfilesize'] > 1000 ) { @@ -131,63 +132,57 @@ if ( isset( $_POST['submit'] ) ) } // the maximum width of uploaded pictures must be an integer superior to // 10 - if ( !is_int( $_POST['upload_maxwidth'] ) + if ( !preg_match( $int_pattern, $_POST['upload_maxwidth'] ) or $_POST['upload_maxwidth'] < 10 ) { array_push( $error, $lang['conf_err_upload_maxwidth'] ); } // the maximum height of uploaded pictures must be an integer superior to // 10 - if ( !is_int( $_POST['upload_maxheight'] ) + if ( !preg_match( $int_pattern, $_POST['upload_maxheight'] ) or $_POST['upload_maxheight'] < 10 ) { array_push( $error, $lang['conf_err_upload_maxheight'] ); } // the maximum width of uploaded thumbnails must be an integer superior to // 10 - if ( !is_int( $_POST['upload_maxwidth_thumbnail'] ) + if ( !preg_match( $int_pattern, $_POST['upload_maxwidth_thumbnail'] ) or $_POST['upload_maxwidth_thumbnail'] < 10 ) { array_push( $error, $lang['conf_err_upload_maxwidth_thumbnail'] ); } // the maximum width of uploaded thumbnails must be an integer superior to // 10 - if ( !is_int( $_POST['upload_maxheight_thumbnail'] ) + if ( !preg_match( $int_pattern, $_POST['upload_maxheight_thumbnail'] ) or $_POST['upload_maxheight_thumbnail'] < 10 ) { array_push( $error, $lang['conf_err_upload_maxheight_thumbnail'] ); } - $test = ''; - if ( is_int( $test ) ) echo 'salut'; exit(); - if ( $_POST['maxwidth'] != '' ) + + if ( $_POST['maxwidth'] != '' + and ( !preg_match( $int_pattern, $_POST['maxwidth'] ) + or $_POST['maxwidth'] < 50 ) ) { - if ( !ereg( "^[0-9]{2,}$", $_POST['maxwidth'] ) - or $_POST['maxwidth'] < 50 ) - { - $error[$i++] = $lang['err_maxwidth']; - } + array_push( $error, $lang['err_maxwidth'] ); } - if ( $_POST['maxheight'] != '' ) + if ( $_POST['maxheight'] + and ( !preg_match( $int_pattern, $_POST['maxheight'] ) + or $_POST['maxheight'] < 50 ) ) { - if ( !ereg( "^[0-9]{2,}$", $_POST['maxheight'] ) - or $_POST['maxheight'] < 50 ) - { - $error[$i++] = $lang['err_maxheight']; - } + array_push( $error, $lang['err_maxheight'] ); } - // on met à jour les paramètres de l'application - // dans le cas où il n'y aucune erreurs - if ( sizeof( $error ) == 0 ) + // updating configuraiton if no error found + if ( count( $error ) == 0 ) { - mysql_query( 'delete from '.PREFIX_TABLE.'config;' ); - $query = 'insert into '.PREFIX_TABLE.'config'; + mysql_query( 'DELETE FROM '.PREFIX_TABLE.'config;' ); + $query = 'INSERT INTO '.PREFIX_TABLE.'config'; $query.= ' ('; foreach ( $conf_infos as $i => $conf_info ) { if ( $i > 0 ) $query.= ','; $query.= $conf_info; } $query.= ')'; - $query.= ' values'; + $query.= ' VALUES'; $query.= ' ('; foreach ( $conf_infos as $i => $conf_info ) { if ( $i > 0 ) $query.= ','; @@ -260,15 +255,12 @@ else } } //----------------------------------------------------- template initialization -$sub = $vtp->Open( '../template/'.$user['template']. - '/admin/configuration.vtp' ); -// language -$vtp->setGlobalVar( $sub, 'conf_confirmation', $lang['conf_confirmation'] ); -$vtp->setGlobalVar( $sub, 'remote_site', $lang['remote_site'] ); -$vtp->setGlobalVar( $sub, 'delete', $lang['delete'] ); -$vtp->setGlobalVar( $sub, 'conf_remote_site_delete_info', - $lang['conf_remote_site_delete_info'] ); -$vtp->setGlobalVar( $sub, 'submit', $lang['submit'] ); +$sub = $vtp->Open( + '../template/'.$user['template'].'/admin/configuration.vtp' ); + +$tpl = array( 'conf_confirmation','remote_site','delete', + 'conf_remote_site_delete_info','submit' ); +templatize_array( $tpl, 'lang', $sub ); //-------------------------------------------------------------- errors display if ( sizeof( $error ) != 0 ) { @@ -345,7 +337,6 @@ $vtp->setVar( $sub, 'radio.name', 'access' ); $vtp->setVar( $sub, 'radio.value', 'free' ); $vtp->setVar( $sub, 'radio.option', $lang['conf_general_access_1'] ); $checked = ''; -echo $access.'<br />'; if ( $access == 'free' ) { $checked = ' checked="checked"'; diff --git a/admin/group_list.php b/admin/group_list.php new file mode 100644 index 000000000..f58dff1ff --- /dev/null +++ b/admin/group_list.php @@ -0,0 +1,135 @@ +<?php +/*************************************************************************** + * group.php * + * ------------------- * + * application : PhpWebGallery 1.3 * + * author : Pierrick LE GALL <pierrick@z0rglub.com> * + * * + ***************************************************************************/ + +/*************************************************************************** + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation; * + * * + ***************************************************************************/ +include_once( './include/isadmin.inc.php' ); +//----------------------------------------------------- template initialization +$sub = $vtp->Open( '../template/'.$user['template'].'/admin/group_list.vtp' ); +$tpl = array( 'group_add','add','listuser_permission','delete', + 'group_confirm','yes','no','group_list_title' ); +templatize_array( $tpl, 'lang', $sub ); +//-------------------------------------------------------------- delete a group +$error = array(); +if ( isset ( $_GET['delete'] ) and is_numeric( $_GET['delete'] ) ) +{ + $query = 'SELECT name'; + $query.= ' FROM '.PREFIX_TABLE.'groups'; + $query.= ' WHERE id = '.$_GET['delete']; + $query.= ';'; + $row = mysql_fetch_array( mysql_query( $query ) ); + // confirm group deletion ? + if ( $_GET['confirm'] != 1 ) + { + $vtp->addSession( $sub, 'deletion' ); + $vtp->setVar( $sub, 'deletion.name', $row['name'] ); + $yes_url = './admin.php?page=group&delete='.$_GET['delete']; + $yes_url.= '&confirm=1'; + $vtp->setVar( $sub, 'deletion.yes_url', add_session_id( $yes_url ) ); + $no_url = './admin.php?page=group'; + $vtp->setVar( $sub, 'deletion.no_url', add_session_id( $no_url ) ); + $vtp->closeSession( $sub, 'deletion' ); + } + // group deletion confirmed + else + { + $vtp->addSession( $sub, 'confirmation' ); + $query = 'SELECT COUNT(*) AS nb_result'; + $query.= ' FROM '.PREFIX_TABLE.'groups'; + $query.= ' WHERE id = '.$_GET['delete']; + $query.= ';'; + $row2 = mysql_fetch_array( mysql_query( $query ) ); + if ( $row2['nb_result'] > 0 ) + { + delete_group( $_GET['delete'] ); + $vtp->setVar( $sub, 'confirmation.class', 'info' ); + $info = '"'.$row['name'].'" '.$lang['listuser_info_deletion']; + $vtp->setVar( $sub, 'confirmation.info', $info ); + } + else + { + $vtp->setVar( $sub, 'confirmation.class', 'erreur' ); + $vtp->setVar( $sub, 'confirmation.info', $lang['group_err_unknown'] ); + } + $vtp->closeSession( $sub, 'confirmation' ); + } +} +//----------------------------------------------------------------- add a group +if ( isset( $_POST['submit'] ) ) +{ + if ( preg_match( "/'/", $_POST['name'] ) + or preg_match( '/"/', $_POST['name'] ) ) + { + array_push( $error, $lang['group_add_error1'] ); + } + if ( count( $error ) == 0 ) + { + // is the group not already existing ? + $query = 'SELECT id'; + $query.= ' FROM '.PREFIX_TABLE.'groups'; + $query.= " WHERE name = '".$_POST['name']."'"; + $query.= ';'; + $result = mysql_query( $query ); + if ( mysql_num_rows( $result ) > 0 ) + { + array_push( $error, $lang['group_add_error2'] ); + } + } + if ( count( $error ) == 0 ) + { + // creating the group + $query = ' INSERT INTO '.PREFIX_TABLE.'groups'; + $query.= " (name) VALUES ('".$_POST['name']."')"; + $query.= ';'; + mysql_query( $query ); + } +} +//-------------------------------------------------------------- errors display +if ( sizeof( $error ) != 0 ) +{ + $vtp->addSession( $sub, 'errors' ); + for ( $i = 0; $i < sizeof( $error ); $i++ ) + { + $vtp->addSession( $sub, 'li' ); + $vtp->setVar( $sub, 'li.li', $error[$i] ); + $vtp->closeSession( $sub, 'li' ); + } + $vtp->closeSession( $sub, 'errors' ); +} +//----------------------------------------------------------------- groups list +$vtp->addSession( $sub, 'groups' ); + +$query = 'SELECT id,name'; +$query.= ' FROM '.PREFIX_TABLE.'groups'; +$query.= ' ORDER BY id ASC'; +$query.= ';'; +$result = mysql_query( $query ); +while ( $row = mysql_fetch_array( $result ) ) +{ + $vtp->addSession( $sub, 'group' ); + $vtp->setVar( $sub, 'group.name', $row['name'] ); + $url = './admin.php?page=group_perm&group_id='.$row['id']; + $vtp->setVar( $sub, 'group.permission_url', add_session_id( $url ) ); + $url = './admin.php?page=group&delete='.$row['id']; + $vtp->setVar( $sub, 'group.deletion_url', add_session_id( $url ) ); + $vtp->closeSession( $sub, 'group' ); +} + +$vtp->closeSession( $sub, 'groups' ); +//------------------------------------------------------- create new group form +$action = './admin.php?'.$_SERVER['QUERY_STRING']; +$vtp->setVar( $sub, 'form_action', $action ); +//----------------------------------------------------------- sending html code +$vtp->Parse( $handle , 'sub', $sub ); +?>
\ No newline at end of file diff --git a/admin/group_perm.php b/admin/group_perm.php new file mode 100644 index 000000000..67e5e2cd3 --- /dev/null +++ b/admin/group_perm.php @@ -0,0 +1,104 @@ +<?php +/*************************************************************************** + * group_perm.php * + * ------------------ * + * application : PhpWebGallery 1.3 * + * author : Pierrick LE GALL <pierrick@z0rglub.com> * + * * + ***************************************************************************/ + +/*************************************************************************** + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation; * + * * + ***************************************************************************/ +include_once( './include/isadmin.inc.php' ); +//----------------------------------------------------- template initialization +$sub = $vtp->Open( '../template/'.$user['template'].'/admin/group_perm.vtp' ); +$error = array(); +$tpl = array( 'permuser_authorized','permuser_forbidden','submit', + 'permuser_parent_forbidden','permuser_info_message', + 'adduser_info_back' ); +templatize_array( $tpl, 'lang', $sub ); +//--------------------------------------------------------------------- updates +if ( isset( $_POST['submit'] ) ) +{ + // cleaning the user_access table for this group + $query = 'DELETE FROM '.PREFIX_TABLE.'group_access'; + $query.= ' WHERE group_id = '.$_GET['group_id']; + $query.= ';'; + mysql_query( $query ); + // selecting all private categories + $query = 'SELECT id'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; + $query.= " WHERE status = 'private'"; + $query.= ';'; + $result = mysql_query( $query ); + while ( $row = mysql_fetch_array( $result ) ) + { + $radioname = 'access-'.$row['id']; + if ( $_POST[$radioname] == 0 ) + { + $query = 'INSERT INTO '.PREFIX_TABLE.'group_access'; + $query.= ' (group_id,cat_id) VALUES'; + $query.= ' ('.$_GET['group_id'].','.$row['id'].')'; + $query.= ';'; + mysql_query ( $query ); + } + } + $vtp->addSession( $sub, 'confirmation' ); + $url = './admin.php?page=group_list'; + $vtp->setVar( $sub, 'confirmation.back_url', add_session_id( $url ) ); + $vtp->closeSession( $sub, 'confirmation' ); +} +//---------------------------------------------------------------- form display +$restrictions = get_group_restrictions( $_GET['group_id'] ); +$action = './admin.php?page=group_perm&group_id='.$_GET['group_id']; +$vtp->setVar( $sub, 'action', add_session_id( $action ) ); +// only private categories are listed +$query = 'SELECT id'; +$query.= ' FROM '.PREFIX_TABLE.'categories'; +$query.= " WHERE status = 'private'"; +$query.= ';'; +$result = mysql_query( $query ); +while ( $row = mysql_fetch_array( $result ) ) +{ + $vtp->addSession( $sub, 'category' ); + $vtp->setVar( $sub, 'category.id', $row['id'] ); + // Is the group allowed to access this category + $is_group_allowed = is_group_allowed( $row['id'], $restrictions ); + if ( $is_group_allowed == 0 ) + { + $vtp->setVar( $sub, 'category.color', 'green' ); + } + else + { + $vtp->setVar( $sub, 'category.color', 'red' ); + } + // category name + $cat_infos = get_cat_info( $row['id'] ); + $name = get_cat_display_name( $cat_infos['name'],' > ', + 'font-weight:bold;' ); + $vtp->setVar( $sub, 'category.name', $name ); + // any subcat forbidden for this group ? + if ( $is_group_allowed == 2 ) + { + $vtp->addSession( $sub, 'parent_forbidden' ); + $vtp->closeSession( $sub, 'parent_forbidden' ); + } + // forbidden or authorized access ? + if ( $is_group_allowed == 0 or $is_group_allowed == 2 ) + { + $vtp->setVar( $sub, 'category.authorized_checked', ' checked="checked"' ); + } + else + { + $vtp->setVar( $sub, 'category.forbidden_checked', ' checked="checked"' ); + } + $vtp->closeSession( $sub, 'category' ); +} +//----------------------------------------------------------- sending html code +$vtp->Parse( $handle , 'sub', $sub ); +?>
\ No newline at end of file diff --git a/admin/include/functions.php b/admin/include/functions.php index c6678caf0..cd58d0822 100644 --- a/admin/include/functions.php +++ b/admin/include/functions.php @@ -101,13 +101,17 @@ function delete_category( $id ) { delete_image( $row['id'] ); } - - // destruction of the restrictions linked to the category - $query = 'DELETE FROM '.PREFIX_TABLE.'restrictions'; + + // destruction of the access linked to the category + $query = 'DELETE FROM '.PREFIX_TABLE.'user_access'; $query.= ' WHERE cat_id = '.$id; $query.= ';'; mysql_query( $query ); - + $query = 'DELETE FROM '.PREFIX_TABLE.'group_access'; + $query.= ' WHERE cat_id = '.$id; + $query.= ';'; + mysql_query( $query ); + // destruction of the sub-categories $query = 'SELECT id'; $query.= ' FROM '.PREFIX_TABLE.'categories'; @@ -118,7 +122,7 @@ function delete_category( $id ) { delete_category( $row['id'] ); } - + // destruction of the category $query = 'DELETE FROM '.PREFIX_TABLE.'categories'; $query.= ' WHERE id = '.$id; @@ -156,21 +160,35 @@ function delete_image( $id ) // The delete_user function delete a user identified by the $user_id // It also deletes : -// - all the restrictions linked to this user +// - all the access linked to this user +// - all the links to any group // - all the favorites linked to this user +// - all sessions linked to this user function delete_user( $user_id ) { - // destruction of the restrictions linked to the user - $query = 'DELETE FROM '.PREFIX_TABLE.'restrictions'; + // destruction of the access linked to the user + $query = 'DELETE FROM '.PREFIX_TABLE.'user_access'; $query.= ' WHERE user_id = '.$user_id; $query.= ';'; mysql_query( $query ); - + + // destruction of the group links for this user + $query = 'DELETE FROM '.PREFIX_TABLE.'user_group'; + $query.= ' WHERE user_id = '.$user_id; + $query.= ';'; + mysql_query( $query ); + // destruction of the favorites associated with the user $query = 'DELETE FROM '.PREFIX_TABLE.'favorites'; $query.= ' WHERE user_id = '.$user_id; $query.= ';'; mysql_query( $query ); + + // destruction of the sessions linked with the user + $query = 'DELETE FROM '.PREFIX_TABLE.'sessions'; + $query.= ' WHERE user_id = '.$user_id; + $query.= ';'; + mysql_query( $query ); // destruction of the user $query = 'DELETE FROM '.PREFIX_TABLE.'users'; @@ -178,7 +196,32 @@ function delete_user( $user_id ) $query.= ';'; mysql_query( $query ); } - + +// delete_group deletes a group identified by its $group_id. +// It also deletes : +// - all the access linked to this group +// - all the links between this group and any user +function delete_group( $group_id ) +{ + // destruction of the access linked to the group + $query = 'DELETE FROM '.PREFIX_TABLE.'group_access'; + $query.= ' WHERE group_id = '.$group_id; + $query.= ';'; + mysql_query( $query ); + + // destruction of the group links for this group + $query = 'DELETE FROM '.PREFIX_TABLE.'user_group'; + $query.= ' WHERE group_id = '.$group_id; + $query.= ';'; + mysql_query( $query ); + + // destruction of the group + $query = 'DELETE FROM '.PREFIX_TABLE.'groups'; + $query.= ' WHERE id = '.$group_id; + $query.= ';'; + mysql_query( $query ); +} + // The check_favorites function deletes all the favorites of a user if he is // not allowed to see them (the category or an upper category is restricted // or invisible) diff --git a/admin/include/isadmin.inc.php b/admin/include/isadmin.inc.php index 64a77e9f3..17ef1435f 100644 --- a/admin/include/isadmin.inc.php +++ b/admin/include/isadmin.inc.php @@ -14,14 +14,12 @@ * the Free Software Foundation; * * * ***************************************************************************/ -define( PREFIXE_INCLUDE, '.' ); +define( PREFIX_INCLUDE, '.' ); include_once( '../include/config.inc.php' ); include_once( '../include/user.inc.php' ); include( './include/functions.php' ); -$conf['lien_puce'] = $conf['repertoire_image'].'puce.gif'; - $isadmin = true; include_once( '../language/'.$user['language'].'.php' ); diff --git a/admin/perm.php b/admin/perm.php deleted file mode 100644 index 257bb21fb..000000000 --- a/admin/perm.php +++ /dev/null @@ -1,270 +0,0 @@ -<?php -/*************************************************************************** - * perm.php is a part of PhpWebGallery * - * ------------------- * - * last update : Tuesday, July 16, 2002 * - * email : pierrick@z0rglub.com * - * * - ***************************************************************************/ - -/*************************************************************************** - * * - * This program is free software; you can redistribute it and/or modify * - * it under the terms of the GNU General Public License as published by * - * the Free Software Foundation; * - * * - ***************************************************************************/ - include_once( "./include/isadmin.inc.php" ); - //---------------------------------------------------données de l'utilisateur - if ( isset( $HTTP_GET_VARS['user_id'] ) ) - { - $query = "select id,pseudo,status from PREFIX_TABLE"."users where id = '".$HTTP_GET_VARS['user_id']."';"; - $result = mysql_query( $query ); - $row = mysql_fetch_array( $result ); - $page['pseudo'] = $row['pseudo']; - $page['status'] = $row['status']; - if ( mysql_num_rows( $result ) == 0 ) - { - echo"<div class=\"erreur\">".$lang['user_err_unknown']."</div>"; - $erreur = true; - } - if ( $row['pseudo'] == $conf['webmaster'] ) - { - echo"<div class=\"erreur\">".$lang['user_err_modify']."</div>"; - $erreur = true; - } - } - //---------------------------------------------------données de la catégorie - if ( isset( $HTTP_GET_VARS['cat_id'] ) ) - { - $HTTP_GET_VARS['cat'] = $HTTP_GET_VARS['cat_id']; - check_cat_id( $HTTP_GET_VARS['cat_id'] ); - if ( isset( $page['cat'] ) ) - { - $result = get_cat_info( $page['cat'] ); - $page['cat_name'] = $result['name']; - $page['id_uppercat'] = $result['id_uppercat']; - } - } - //--------------------------------------------------------------- mise à jour - if ( isset( $HTTP_POST_VARS['submit'] ) ) - { - if ( isset( $HTTP_GET_VARS['user_id'] ) ) - { - mysql_query ( "delete from PREFIX_TABLE"."restrictions where user_id = ".$HTTP_GET_VARS['user_id'].";" ); - $result = mysql_query ( "select id from PREFIX_TABLE"."categories;" ); - while ( $row = mysql_fetch_array ( $result ) ) - { - $nom_select = "acces-".$row['id']; - if ( $HTTP_POST_VARS[$nom_select] == 1 ) - { - mysql_query ( "insert into PREFIX_TABLE"."restrictions (user_id,cat_id) values ('".$HTTP_GET_VARS['user_id']."','".$row['id']."');" ); - } - } - check_favorites( $HTTP_GET_VARS['user_id'] ); - echo "<div class=\"info\">".$lang['permuser_info_message']." [ <a href=\"".add_session_id_to_url( "./admin.php?page=liste_users" )."\">".$lang['adduser_info_back']."</a> ]</div>"; - } - else if ( isset( $HTTP_GET_VARS['cat_id'] ) ) - { - mysql_query ( "delete from PREFIX_TABLE"."restrictions where cat_id = '".$page['cat']."';" ); - $result = mysql_query( "select id from PREFIX_TABLE"."users where pseudo != '".$conf['webmaster']."';" ); - while ( $row = mysql_fetch_array ( $result ) ) - { - $nom_select = "acces-".$row['id']; - if ( $HTTP_POST_VARS[$nom_select] == 1 ) - { - mysql_query ( "insert into PREFIX_TABLE"."restrictions (user_id,cat_id) values ('".$row['id']."','".$page['cat']."');" ); - } - check_favorites( $row['id'] ); - } - echo "<div class=\"info\">".$lang['permuser_info_message']." [ <a href=\"".add_session_id_to_url( "./admin.php?page=cat" )."\">".$lang['editcat_back']."</a> ]</div>"; - } - } - //--------------------------------------------------------------- formulaire - function display_cat_manager( $id_uppercat, $indent, $uppercat_authorized, $level, $restriction ) - { - global PREFIX_TABLE,$lang,$conf; - - $output = ""; - - // will we use <th> or <td> lines ? - if ( $level == 0 ) - { - $start_line = "<th "; - $start_line2 = "<th "; - $end_line = "</th>"; - } - else - { - $start_line = "<td "; - $end_line = "</td>"; - if ( $level == 1 ) - { - $start_line2 = "<td class=\"row1\" "; - } - else if ( $level == 2 ) - { - $start_line2 = "<td class=\"row2\" "; - } - else if ( $level == 3 ) - { - $start_line2 = "<td class=\"row3\" "; - } - else if ( $level == 4 ) - { - $start_line2 = "<td class=\"row4\" "; - } - else - { - $start_line2 = "<td "; - } - } - - $query = "select id,name,dir,rank"; - $query.= " from PREFIX_TABLE"."categories"; - if ( !is_numeric( $id_uppercat ) ) - { - $query.= " where id_uppercat is NULL"; - } - else - { - $query.= " where id_uppercat = $id_uppercat"; - } - $query.= " order by rank asc;"; - $result = mysql_query( $query ); - while ( $row = mysql_fetch_array( $result ) ) - { - $subcat_authorized = true; - - $output.= "\n<tr>"; - $output.= "\n\t".$start_line."style=\"width:85%;text-align:left;\">$indent<img src=\"".$conf['lien_puce']."\" alt=\">\" /> "; - if ( in_array( $row['id'], $restriction ) || !$uppercat_authorized ) - { - $subcat_authorized = false; - $color = "red"; - } - else - { - $color = "green"; - } - $output.= "<span style=\"color:$color;\">"; - if ( $row['name'] == "" ) - { - $output.= str_replace( "_", " ", $row['dir'] ); - } - else - { - $output.= $row['name']; - } - $output.= " [ dir : ".$row['dir']." ]"; - $output.= "</span>".$end_line; - $output.= "\n\t".$start_line2." style=\"width:15%;white-space:nowrap;text-align:right;font-weight:normal;\">"; - $output.= "\n\t\t<input type=\"radio\" name=\"acces-".$row['id']."\" value=\"0\" checked=\"checked\"/>".$lang['permuser_authorized']; - $output.= "\n\t\t<input type=\"radio\" name=\"acces-".$row['id']."\" value=\"1\""; - if ( in_array( $row['id'], $restriction ) ) - { - $output.= " checked=\"checked\""; - } - $output.= "/>".$lang['permuser_forbidden']; - $output.= $end_line; - $output.= "\n<tr>"; - $output.= display_cat_manager( $row['id'], $indent." ", $subcat_authorized, $level + 1, $restriction ); - } - return $output; - } - - if ( !$erreur ) - { - //---------------------------------------------- - // cas 1 : permissions pour un utilisateur donné - if ( isset( $HTTP_GET_VARS['user_id'] ) ) - { - echo" - <table style=\"width:100%;\"> - <tr> - <th>".$lang['permuser_title']." \"".$page['pseudo']."\"</th> - </tr> - </table>"; - $restriction = get_restrictions( $HTTP_GET_VARS['user_id'], $page['status'], false ); - echo" - <form action=\"".add_session_id_to_url( "./admin.php?page=perm&user_id=".$HTTP_GET_VARS['user_id'] )."\" method=\"post\"> - <div style=\"color:darkblue;margin:10px;text-align:center;\">".$lang['permuser_warning']."</div> - <table style=\"width:100%;\">"; - - echo display_cat_manager( "NULL", " ", true, 0, $restriction ); - - echo" - <tr> - <td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"submit\" value=\"".$lang['submit']."\"/></td> - </tr> - <table> - </form>"; - } - //---------------------------------------------- - // cas 2 : permissions pour une catégorie donnée - else if ( isset( $HTTP_GET_VARS['cat_id'] ) ) - { - echo" - <table style=\"width:100%;\"> - <tr> - <th>".$lang['permuser_cat_title']."\"".get_cat_display_name( $page['cat_name'], " - ", "font-style:italic;" )."\"</th> - </tr> - </table>"; - echo" - <form action=\"".add_session_id_to_url( "./admin.php?page=perm&cat_id=".$page['cat'] )."\" method=\"post\"> - <table style=\"width:100%;\">"; - - $result = mysql_query( "select id,pseudo,status from PREFIX_TABLE"."users where pseudo != '".$conf['webmaster']."';" ); - $i = 0; - while ( $row = mysql_fetch_array( $result ) ) - { - $restrictions = get_restrictions( $row['id'], $row['status'], false ); - $is_user_allowed = is_user_allowed( $page['cat'], $restrictions ); - $class = ""; - if ( $i%2 == 1 ) - { - $class = "class=\"row2\""; - } - echo" - <tr> - <td $class><a href=\"".add_session_id_to_url( "./admin.php?page=perm&user_id=".$row['id'] )."\">"; - echo "<span style=\"color:"; - if ( $is_user_allowed > 0 ) - { - echo "red"; - } - else - { - echo "green"; - } - echo "\">".$row['pseudo']."</span></a></td> - <td $class style=\"text-align:right;\">"; - if ( $is_user_allowed == 2 ) - { - echo "<a href=\"".add_session_id_to_url( "./admin.php?page=perm&cat_id=".$page['id_uppercat'] )."\"><span style=\"color:red;\">".$lang['permuser_parent_forbidden']."</span></a>"; - } - else - { - echo" - <input type=\"radio\" name=\"acces-".$row['id']."\" value=\"0\" checked=\"checked\"/>".$lang['permuser_authorized']." - <input type=\"radio\" name=\"acces-".$row['id']."\" value=\"1\""; - if ( $is_user_allowed == 1 ) - { - echo" checked=\"checked\""; - } - echo"/>".$lang['permuser_forbidden']; - } - echo" - </td> - </tr>"; - $i++; - } - echo" - <tr> - <td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"submit\" value=\"".$lang['submit']."\"/></td> - </tr> - </table> - </form>"; - } - } -?>
\ No newline at end of file diff --git a/admin/user_list.php b/admin/user_list.php index d4289489d..766bfc310 100644 --- a/admin/user_list.php +++ b/admin/user_list.php @@ -17,32 +17,18 @@ include_once( './include/isadmin.inc.php' ); //----------------------------------------------------- template initialization $sub = $vtp->Open( '../template/'.$user['template'].'/admin/user_list.vtp' ); -// language -$vtp->setGlobalVar( $sub, 'listuser_confirm', $lang['listuser_confirm'] ); -$vtp->setGlobalVar( $sub, 'listuser_modify_hint', - $lang['listuser_modify_hint'] ); -$vtp->setGlobalVar( $sub, 'listuser_modify', $lang['listuser_modify'] ); -$vtp->setGlobalVar( $sub, 'listuser_permission', - $lang['listuser_permission'] ); -$vtp->setGlobalVar( $sub, 'listuser_permission_hint', - $lang['listuser_permission_hint'] ); -$vtp->setGlobalVar( $sub, 'listuser_delete_hint', - $lang['listuser_delete_hint'] ); -$vtp->setGlobalVar( $sub, 'listuser_delete', $lang['listuser_delete'] ); -$vtp->setGlobalVar( $sub, 'yes', $lang['yes'] ); -$vtp->setGlobalVar( $sub, 'no', $lang['no'] ); -$vtp->setGlobalVar( $sub, 'listuser_button_all', - $lang['listuser_button_all'] ); -$vtp->setGlobalVar( $sub, 'listuser_button_invert', - $lang['listuser_button_invert'] ); -$vtp->setGlobalVar( $sub, 'listuser_button_create_address', - $lang['listuser_button_create_address'] ); +$tpl = array( 'listuser_confirm','listuser_modify_hint','listuser_modify', + 'listuser_permission','listuser_permission_hint', + 'listuser_delete_hint','listuser_delete','yes','no', + 'listuser_button_all','listuser_button_invert', + 'listuser_button_create_address' ); +templatize_array( $tpl, 'lang', $sub ); //--------------------------------------------------------------- delete a user if ( isset ( $_GET['delete'] ) and is_numeric( $_GET['delete'] ) ) { - $query = 'select username'; - $query.= ' from '.PREFIX_TABLE.'users'; - $query.= ' where id = '.$_GET['delete']; + $query = 'SELECT username'; + $query.= ' FROM '.PREFIX_TABLE.'users'; + $query.= ' WHERE id = '.$_GET['delete']; $query.= ';'; $row = mysql_fetch_array( mysql_query( $query ) ); // confirm user deletion ? @@ -64,9 +50,9 @@ if ( isset ( $_GET['delete'] ) and is_numeric( $_GET['delete'] ) ) if ( $row['username'] != 'guest' and $row['username'] != $conf['webmaster'] ) { - $query = 'select count(*) as nb_result'; - $query.= ' from '.PREFIX_TABLE.'users'; - $query.= ' where id = '.$_GET['delete']; + $query = 'SELECT COUNT(*) AS nb_result'; + $query.= ' FROM '.PREFIX_TABLE.'users'; + $query.= ' WHERE id = '.$_GET['delete']; $query.= ';'; $row2 = mysql_fetch_array( mysql_query( $query ) ); if ( $row2['nb_result'] > 0 ) @@ -102,9 +88,9 @@ else } $vtp->setVar( $sub, 'users.form_action', $action ); - $query = 'select id,username,status,mail_address'; - $query.= ' from '.PREFIX_TABLE.'users'; - $query.= ' order by status asc, username asc'; + $query = 'SELECT id,username,status,mail_address'; + $query.= ' FROM '.PREFIX_TABLE.'users'; + $query.= ' ORDER BY status ASC, username ASC'; $query.= ';'; $result = mysql_query( $query ); @@ -122,16 +108,8 @@ else $title = $lang['listuser_user_group'].' '; switch ( $row['status'] ) { - case 'admin' : - { - $title.= $lang['adduser_status_admin']; - break; - } - case 'guest' : - { - $title.= $lang['adduser_status_guest']; - break; - } + case 'admin' : $title.= $lang['adduser_status_admin']; break; + case 'guest' : $title.= $lang['adduser_status_guest']; break; } $vtp->setVar( $sub, 'category.title', $title ); $current_status = $row['status']; @@ -152,9 +130,6 @@ else if ( $row['username'] == 'guest' ) { $vtp->setVar( $sub, 'user.color', 'green' ); - } - if ( $row['username'] == 'guest' ) - { $vtp->setVar( $sub, 'user.login', $lang['guest'] ); } else @@ -179,7 +154,8 @@ else $vtp->closeSession( $sub, 'modify' ); } // manage permission or not ? - if ( $row['username'] == $conf['webmaster'] ) + if ( $row['username'] == $conf['webmaster'] + and $user['username'] != $conf['webmaster'] ) { $vtp->addSession( $sub, 'not_permission' ); $vtp->closeSession( $sub, 'not_permission' ); @@ -187,7 +163,7 @@ else else { $vtp->addSession( $sub, 'permission' ); - $url = './admin.php?page=perm&user_id='.$row['id']; + $url = './admin.php?page=user_perm&user_id='.$row['id']; $vtp->setVar( $sub, 'permission.url', add_session_id( $url ) ); $vtp->setVar( $sub, 'permission.login', $row['username'] ); $vtp->closeSession( $sub, 'permission' ); @@ -215,9 +191,8 @@ else { $mail_address = array(); $i = 0; - $query = 'select'; - $query.= ' id,mail_address'; - $query.= ' from '.PREFIX_TABLE.'users'; + $query = 'SELECT id,mail_address'; + $query.= ' FROM '.PREFIX_TABLE.'users'; $query.= ';'; $result = mysql_query( $query ); while ( $row = mysql_fetch_array( $result ) ) diff --git a/admin/user_modify.php b/admin/user_modify.php index 4989c31e2..792eef16b 100644 --- a/admin/user_modify.php +++ b/admin/user_modify.php @@ -20,7 +20,8 @@ $sub = $vtp->Open( '../template/'.$user['template'].'/admin/user_modify.vtp' ); $error = array(); $tpl = array( 'adduser_info_message', 'adduser_info_back', 'adduser_fill_form', 'login', 'new', 'password', 'mail_address', 'adduser_status', - 'submit', 'adduser_info_password_updated' ); + 'submit', 'adduser_info_password_updated','menu_groups', + 'dissociate','adduser_associate' ); templatize_array( $tpl, 'lang', $sub ); //--------------------------------------------------------- form criteria check $error = array(); @@ -34,7 +35,9 @@ $query.= ' from '.PREFIX_TABLE.'users'; $query.= ' where id = '.$_GET['user_id']; $query.= ';'; $row = mysql_fetch_array( mysql_query( $query ) ); - +$page['username'] = $row['username']; +$page['status'] = $row['status']; +$page['mail_address'] = $row['mail_address']; // user is not modifiable if : // 1. the selected user is the user "guest" // 2. the selected user is the webmaster and the user making the modification @@ -66,6 +69,34 @@ if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) ) $_POST['status'], $use_new_password, $_POST['password'] ) ); } +// association with groups management +if ( isset( $_POST['submit'] ) ) +{ + // deletion of checked groups + $query = 'SELECT id,name'; + $query.= ' FROM '.PREFIX_TABLE.'groups'; + $query.= ' ORDER BY id ASC'; + $query.= ';'; + $result = mysql_query( $query ); + while ( $row = mysql_fetch_array( $result ) ) + { + $dissociate = 'dissociate-'.$row['id']; + if ( $_POST[$dissociate] == 1 ) + { + $query = 'DELETE FROM '.PREFIX_TABLE.'user_group'; + $query.= ' WHERE user_id = '.$_GET['user_id']; + $query.= ' AND group_id ='.$row['id']; + $query.= ';'; + mysql_query( $query ); + } + } + // create a new association between the user and a group + $query = 'INSERT INTO '.PREFIX_TABLE.'user_group'; + $query.= ' (user_id,group_id) VALUES'; + $query.= ' ('.$_GET['user_id'].','.$_POST['associate'].')'; + $query.= ';'; + mysql_query( $query ); +} //-------------------------------------------------------------- errors display if ( sizeof( $error ) != 0 ) { @@ -82,7 +113,7 @@ if ( sizeof( $error ) != 0 ) if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) ) { $vtp->addSession( $sub, 'confirmation' ); - $vtp->setVar( $sub, 'confirmation.username', $row['username'] ); + $vtp->setVar( $sub, 'confirmation.username', $page['username'] ); $url = add_session_id( './admin.php?page=user_list' ); $vtp->setVar( $sub, 'confirmation.url', $url ); $vtp->closeSession( $sub, 'confirmation' ); @@ -91,7 +122,6 @@ if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) ) $vtp->addSession( $sub, 'password_updated' ); $vtp->closeSession( $sub, 'password_updated' ); } - $display_form = false; } //------------------------------------------------------------------------ form if ( $display_form ) @@ -99,13 +129,15 @@ if ( $display_form ) $vtp->addSession( $sub, 'form' ); $action = './admin.php?page=user_modify&user_id='.$_GET['user_id']; $vtp->setVar( $sub, 'form.form_action', add_session_id( $action ) ); - $vtp->setVar( $sub, 'form.user:username', $row['username'] ); - $vtp->setVar( $sub, 'form.user:password', $_POST['password'] ); - $vtp->setVar( $sub, 'form.user:mail_address', $_POST['mail_address'] ); - - if ( !isset( $_POST['status'] ) ) + $vtp->setVar( $sub, 'form.user:username', $page['username'] ); + if ( isset( $_POST['mail_address'] ) ) + { + $page['mail_address'] = $_POST['mail_address']; + } + $vtp->setVar( $sub, 'form.user:mail_address', $page['mail_address'] ); + if ( isset( $_POST['status'] ) ) { - $_POST['status'] = 'guest'; + $page['status'] = $_POST['status']; } $option = get_enums( PREFIX_TABLE.'users', 'status' ); for ( $i = 0; $i < sizeof( $option ); $i++ ) @@ -114,12 +146,55 @@ if ( $display_form ) $vtp->setVar( $sub, 'status_option.value', $option[$i] ); $vtp->setVar( $sub, 'status_option.option', $lang['adduser_status_'.$option[$i]] ); - if( $option[$i] == $_POST['status'] ) + if( $option[$i] == $page['status'] ) { $vtp->setVar( $sub, 'status_option.selected', ' selected="selected"' ); } $vtp->closeSession( $sub, 'status_option' ); } + // groups linked with this user + $query = 'SELECT id,name'; + $query.= ' FROM '.PREFIX_TABLE.'user_group, '.PREFIX_TABLE.'groups'; + $query.= ' WHERE group_id = id'; + $query.= ' AND user_id = '.$_GET['user_id']; + $query.= ';'; + $result = mysql_query( $query ); + $user_groups = array(); + if ( mysql_num_rows( $result ) > 0 ) + { + $vtp->addSession( $sub, 'groups' ); + while ( $row = mysql_fetch_array( $result ) ) + { + $vtp->addSession( $sub, 'group' ); + $vtp->setVar( $sub, 'group.name', $row['name'] ); + $vtp->setVar( $sub, 'group.dissociate_id', $row['id'] ); + $vtp->closeSession( $sub, 'group' ); + array_push( $user_groups, $row['id'] ); + } + $vtp->closeSession( $sub, 'groups' ); + } + // empty group not to take into account + $vtp->addSession( $sub, 'associate_group' ); + $vtp->setVar( $sub, 'associate_group.value', 'undef' ); + $vtp->setVar( $sub, 'associate_group.option', '' ); + $vtp->closeSession( $sub, 'associate_group' ); + // groups not linked yet to the user + $query = 'SELECT id,name'; + $query.= ' FROM '.PREFIX_TABLE.'groups'; + $query.= ' ORDER BY id ASC'; + $query.= ';'; + $result = mysql_query( $query ); + while ( $row = mysql_fetch_array( $result ) ) + { + if ( !in_array( $row['id'], $user_groups ) ) + { + $vtp->addSession( $sub, 'associate_group' ); + $vtp->setVar( $sub, 'associate_group.value', $row['id'] ); + $vtp->setVar( $sub, 'associate_group.option', $row['name'] ); + $vtp->closeSession( $sub, 'associate_group' ); + } + } + $url = add_session_id( './admin.php?page=user_list' ); $vtp->setVar( $sub, 'form.url_back', $url ); $vtp->closeSession( $sub, 'form' ); diff --git a/admin/user_perm.php b/admin/user_perm.php new file mode 100644 index 000000000..081560c54 --- /dev/null +++ b/admin/user_perm.php @@ -0,0 +1,174 @@ +<?php +/*************************************************************************** + * user_perm.php * + * ------------------ * + * application : PhpWebGallery 1.3 * + * author : Pierrick LE GALL <pierrick@z0rglub.com> * + * * + ***************************************************************************/ + +/*************************************************************************** + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation; * + * * + ***************************************************************************/ +include_once( './include/isadmin.inc.php' ); +//----------------------------------------------------- template initialization +$sub = $vtp->Open( '../template/'.$user['template'].'/admin/user_perm.vtp' ); +$error = array(); +$tpl = array( 'permuser_authorized','permuser_forbidden','submit', + 'permuser_parent_forbidden','permuser_info_message', + 'adduser_info_back' ); +templatize_array( $tpl, 'lang', $sub ); +//--------------------------------------------------------------------- updates +if ( isset( $_POST['submit'] ) ) +{ + // cleaning the user_access table for this user + $query = 'DELETE FROM '.PREFIX_TABLE.'user_access'; + $query.= ' WHERE user_id = '.$_GET['user_id']; + $query.= ';'; + mysql_query( $query ); + // selecting all private categories + $query = 'SELECT id'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; + $query.= " WHERE status = 'private'"; + $query.= ';'; + $result = mysql_query( $query ); + while ( $row = mysql_fetch_array( $result ) ) + { + $radioname = 'access-'.$row['id']; + if ( $_POST[$radioname] == 0 ) + { + $query = 'INSERT INTO '.PREFIX_TABLE.'user_access'; + $query.= ' (user_id,cat_id) VALUES'; + $query.= ' ('.$_GET['user_id'].','.$row['id'].')'; + $query.= ';'; + mysql_query ( $query ); + } + } + check_favorites( $_GET['user_id'] ); + $vtp->addSession( $sub, 'confirmation' ); + $url = './admin.php?page=user_list'; + $vtp->setVar( $sub, 'confirmation.back_url', add_session_id( $url ) ); + $vtp->closeSession( $sub, 'confirmation' ); +} +//---------------------------------------------------------------- form display +$restrictions = get_restrictions( $_GET['user_id'], $page['user_status'], + false, false ); +$action = './admin.php?page=user_perm&user_id='.$_GET['user_id']; +$vtp->setVar( $sub, 'action', add_session_id( $action ) ); +// Association of group_ids with group_names -> caching informations +$query = 'SELECT id,name'; +$query.= ' FROM '.PREFIX_TABLE.'groups'; +$query.= ';'; +$result = mysql_query( $query ); +$groups = array(); +while ( $row = mysql_fetch_array( $result ) ) +{ + $groups[$row['id']] = $row['name']; +} +// Listing of groups the user belongs to +$query = 'SELECT ug.group_id as groupid'; +$query.= ' FROM '.PREFIX_TABLE.'user_group as ug'; +$query.= ' WHERE user_id = '.$_GET['user_id']; +$query.= ';'; +$result = mysql_query( $query ); +$usergroups = array(); +while ( $row = mysql_fetch_array( $result ) ) +{ + array_push( $usergroups, $row['groupid'] ); +} +// only private categories are listed +$query = 'SELECT id'; +$query.= ' FROM '.PREFIX_TABLE.'categories'; +$query.= " WHERE status = 'private'"; +$query.= ';'; +$result = mysql_query( $query ); +while ( $row = mysql_fetch_array( $result ) ) +{ + $vtp->addSession( $sub, 'category' ); + $vtp->setVar( $sub, 'category.id', $row['id'] ); + // we have to know whether the user is authorized to access this + // category. The category can be accessible for this user thanks to his + // personnal access rights OR thanks to the access rights of a group he + // belongs to. + // 1. group access : + // retrieving all authorized groups for this category and for this user + $query = 'SELECT ga.group_id as groupid'; + $query.= ' FROM '.PREFIX_TABLE.'group_access as ga'; + $query.= ', '.PREFIX_TABLE.'user_group as ug'; + $query.= ' WHERE ga.group_id = ug.group_id'; + $query.= ' AND ug.user_id = '.$_GET['user_id']; + $query.= ' AND cat_id = '.$row['id']; + $query.= ';'; + $subresult = mysql_query( $query ); + $authorized_groups = array(); + while ( $subrow = mysql_fetch_array( $subresult ) ) + { + array_push( $authorized_groups, $subrow['groupid'] ); + } + // 2. personnal access + $is_user_allowed = is_user_allowed( $row['id'], $restrictions ); + // link to the category permission management + $url = './admin.php?page=cat_perm&cat_id='.$row['id']; + $vtp->setVar( $sub, 'category.cat_perm_link', add_session_id( $url ) ); + // color of the category : green if the user is allowed by himself or + // thanks to a group he belongs to + if ( $is_user_allowed == 0 or count( $authorized_groups ) > 0 ) + { + $vtp->setVar( $sub, 'category.color', 'green' ); + } + else + { + $vtp->setVar( $sub, 'category.color', 'red' ); + } + // category name + $cat_infos = get_cat_info( $row['id'] ); + $name = get_cat_display_name( $cat_infos['name'],' > ', + 'font-weight:bold;' ); + $vtp->setVar( $sub, 'category.name', $name ); + // usergroups + if ( count( $usergroups ) > 0 ) + { + $vtp->addSession( $sub, 'usergroups' ); + foreach ( $usergroups as $i => $usergroup ) { + $vtp->addSession( $sub, 'usergroup' ); + $vtp->setVar( $sub, 'usergroup.name', $groups[$usergroup] ); + if ( in_array( $usergroup, $authorized_groups ) ) + { + $vtp->setVar( $sub, 'usergroup.color', 'green' ); + } + else + { + $vtp->setVar( $sub, 'usergroup.color', 'red' ); + } + if ( $i < count( $usergroups ) - 1 ) + { + $vtp->setVar( $sub, 'usergroup.separation', ',' ); + } + $vtp->closeSession( $sub, 'usergroup' ); + } + $vtp->closeSession( $sub, 'usergroups' ); + } + // any subcat forbidden for this user ? + if ( $is_user_allowed == 2 ) + { + $vtp->addSession( $sub, 'parent_forbidden' ); + $vtp->closeSession( $sub, 'parent_forbidden' ); + } + // personnal forbidden or authorized access ? + if ( $is_user_allowed == 0 ) + { + $vtp->setVar( $sub, 'category.authorized_checked', ' checked="checked"' ); + } + else + { + $vtp->setVar( $sub, 'category.forbidden_checked', ' checked="checked"' ); + } + $vtp->closeSession( $sub, 'category' ); +} +//----------------------------------------------------------- sending html code +$vtp->Parse( $handle , 'sub', $sub ); +?>
\ No newline at end of file diff --git a/include/config.inc.php b/include/config.inc.php index f52996b9f..7df262d11 100644 --- a/include/config.inc.php +++ b/include/config.inc.php @@ -20,8 +20,8 @@ $page = array(); $user = array(); $lang = array(); -include_once( PREFIXE_INCLUDE.'./include/functions.inc.php' ); -include_once( PREFIXE_INCLUDE.'./include/vtemplate.class.php' ); +include_once( PREFIX_INCLUDE.'./include/functions.inc.php' ); +include_once( PREFIX_INCLUDE.'./include/vtemplate.class.php' ); // How to change the order of display for images in a category ? // diff --git a/include/functions.inc.php b/include/functions.inc.php index eb8571e86..ec9081dce 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -18,6 +18,7 @@ include( 'functions_user.inc.php' ); include( 'functions_session.inc.php' ); include( 'functions_category.inc.php' ); include( 'functions_xml.inc.php' ); +include( 'functions_group.inc.php' ); //----------------------------------------------------------- generic functions @@ -319,22 +320,22 @@ function replace_search( $string, $search ) function database_connection() { - // $cfgHote,$cfgUser,$cfgPassword,$cfgBase; +// $xml_content = getXmlCode( PREFIXE_INCLUDE.'./include/database_config.xml' ); +// $mysql_conf = getChild( $xml_content, 'mysql' ); - $xml_content = getXmlCode( PREFIXE_INCLUDE.'./include/database_config.xml' ); - $mysql_conf = getChild( $xml_content, 'mysql' ); +// $cfgHote = getAttribute( $mysql_conf, 'host' ); +// $cfgUser = getAttribute( $mysql_conf, 'user' ); +// $cfgPassword = getAttribute( $mysql_conf, 'password' ); +// $cfgBase = getAttribute( $mysql_conf, 'base' ); +// define( PREFIX_TABLE, getAttribute( $mysql_conf, 'tablePrefix' ) ); - $cfgHote = getAttribute( $mysql_conf, 'host' ); - $cfgUser = getAttribute( $mysql_conf, 'user' ); - $cfgPassword = getAttribute( $mysql_conf, 'password' ); - $cfgBase = getAttribute( $mysql_conf, 'base' ); + include( PREFIX_INCLUDE.'./include/mysql.inc.php' ); + define( PREFIX_TABLE, $prefix_table ); @mysql_connect( $cfgHote, $cfgUser, $cfgPassword ) or die ( "Could not connect to server" ); @mysql_select_db( $cfgBase ) or die ( "Could not connect to database" ); - - define( PREFIX_TABLE, getAttribute( $mysql_conf, 'tablePrefix' ) ); } function pwg_log( $file, $category, $picture = '' ) diff --git a/include/functions_category.inc.php b/include/functions_category.inc.php index 21de2ad71..de868db82 100644 --- a/include/functions_category.inc.php +++ b/include/functions_category.inc.php @@ -14,27 +14,25 @@ * the Free Software Foundation; * * * ***************************************************************************/ + function get_subcats_id( $cat_id ) { - $restricted_cat = array(); - $i = 0; + $restricted_cats = array(); - $query = 'select id'; - $query.= ' from '.PREFIX_TABLE.'categories'; - $query.= ' where id_uppercat = '.$cat_id; + $query = 'SELECT id'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; + $query.= ' WHERE id_uppercat = '.$cat_id; $query.= ';'; $result = mysql_query( $query ); while ( $row = mysql_fetch_array( $result ) ) { - $restricted_cat[$i++] = $row['id']; - $sub_restricted_cat = get_subcats_id( $row['id'] ); - for ( $j = 0; $j < sizeof( $sub_restricted_cat ); $j++ ) - { - $restricted_cat[$i++] = $sub_restricted_cat[$j]; + array_push( $restricted_cats, $row['id'] ); + $sub_restricted_cats = get_subcats_id( $row['id'] ); + foreach ( $sub_restricted_cats as $sub_restricted_cat ) { + array_push( $restricted_cats, $sub_restricted_cat ); } } - - return $restricted_cat; + return $restricted_cats; } function check_restrictions( $category_id ) diff --git a/include/functions_group.inc.php b/include/functions_group.inc.php new file mode 100644 index 000000000..f8987ab29 --- /dev/null +++ b/include/functions_group.inc.php @@ -0,0 +1,104 @@ +<?php +/*************************************************************************** + * functions_group.inc.php * + * -------------------- * + * application : PhpWebGallery 1.3 * + * author : Pierrick LE GALL <pierrick@z0rglub.com> * + * * + *************************************************************************** + + *************************************************************************** + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation; * + * * + ***************************************************************************/ + +// get_group_restrictions returns an array containing all unaccessible +// category ids. +function get_group_restrictions( $group_id ) +{ + // 1. retrieving ids of private categories + $query = 'SELECT id'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; + $query.= " WHERE status = 'private'"; + $query.= ';'; + $result = mysql_query( $query ); + $privates = array(); + while ( $row = mysql_fetch_array( $result ) ) + { + array_push( $privates, $row['id'] ); + } + // 2. retrieving all authorized categories for the group + $authorized = array(); + $query = 'SELECT cat_id'; + $query.= ' FROM '.PREFIX_TABLE.'group_access'; + $query.= ' WHERE group_id = '.$group_id; + $query.= ';'; + $result = mysql_query( $query ); + while ( $row = mysql_fetch_array( $result ) ) + { + array_push( $authorized, $row['cat_id'] ); + } + + $forbidden = array(); + foreach ( $privates as $private ) { + if ( !in_array( $private, $authorized ) ) + { + array_push( $forbidden, $private ); + } + } + + return $forbidden; +} + +// get_all_group_restrictions returns an array with ALL unaccessible +// category ids, including sub-categories +function get_all_group_restrictions( $group_id ) +{ + $restricted_cats = get_group_restrictions( $group_id ); + foreach ( $restricted_cats as $restricted_cat ) { + $sub_restricted_cats = get_subcats_id( $restricted_cat ); + foreach ( $sub_restricted_cats as $sub_restricted_cat ) { + array_push( $restricted_cats, $sub_restricted_cat ); + } + } + return $restricted_cats; +} + +// The function is_group_allowed returns : +// - 0 : if the category is allowed with this $restrictions array +// - 1 : if this category is not allowed +// - 2 : if an uppercat category is not allowed +function is_group_allowed( $category_id, $restrictions ) +{ + $lowest_category_id = $category_id; + + $is_root = false; + while ( !$is_root and !in_array( $category_id, $restrictions ) ) + { + $query = 'SELECT id_uppercat'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; + $query.= ' WHERE id = '.$category_id; + $query.= ';'; + $row = mysql_fetch_array( mysql_query( $query ) ); + if ( $row['id_uppercat'] == '' ) + { + $is_root = true; + } + $category_id = $row['id_uppercat']; + } + + if ( in_array( $lowest_category_id, $restrictions ) ) + { + return 1; + } + if ( in_array( $category_id, $restrictions ) ) + { + return 2; + } + // this group is allowed to go in this category + return 0; +} +?>
\ No newline at end of file diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index dcb569485..0f286b970 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -144,22 +144,22 @@ function register_user( $query.= ');'; mysql_query( $query ); // 3. retrieving the id of the newly created user - $query = 'select id'; - $query.= ' from '.PREFIX_TABLE.'users'; - $query.= " where username = '".$login."';"; + $query = 'SELECT id'; + $query.= ' FROM '.PREFIX_TABLE.'users'; + $query.= " WHERE username = '".$login."';"; $row = mysql_fetch_array( mysql_query( $query ) ); $user_id = $row['id']; - // 4. adding restrictions to the new user, the same as the user "guest" - $query = 'select cat_id'; - $query.= ' from '.PREFIX_TABLE.'restrictions as r'; + // 4. adding access to the new user, the same as the user "guest" + $query = 'SELECT cat_id'; + $query.= ' FROM '.PREFIX_TABLE.'user_access as ua'; $query.= ','.PREFIX_TABLE.'users as u '; - $query.= ' where u.id = r.user_id'; + $query.= ' where u.id = ua.user_id'; $query.= " and u.username = 'guest';"; $result = mysql_query( $query ); while( $row = mysql_fetch_array( $result ) ) { - $query = 'insert into '.PREFIX_TABLE.'restrictions'; - $query.= ' (user_id,cat_id) values'; + $query = 'INSERT INTO '.PREFIX_TABLE.'user_access'; + $query.= ' (user_id,cat_id) VALUES'; $query.= ' ('.$user_id.','.$row['cat_id'].');'; mysql_query ( $query ); } @@ -181,8 +181,8 @@ function update_user( $user_id, $mail_address, $status, if ( sizeof( $error ) == 0 ) { - $query = 'update '.PREFIX_TABLE.'users'; - $query.= " set status = '".$status."'"; + $query = 'UPDATE '.PREFIX_TABLE.'users'; + $query.= " SET status = '".$status."'"; if ( $use_new_password ) { $query.= ", password = '".md5( $password )."'"; @@ -196,9 +196,8 @@ function update_user( $user_id, $mail_address, $status, { $query.= 'NULL'; } - $query.= ' where id = '.$user_id; + $query.= ' WHERE id = '.$user_id; $query.= ';'; - echo $query; mysql_query( $query ); } return $error; @@ -209,7 +208,7 @@ function check_login_authorization() global $user,$lang,$conf,$page; if ( $user['is_the_guest'] - and ( $conf['acces'] == 'restreint' or $page['cat'] == 'fav' ) ) + and ( $conf['access'] == 'restricted' or $page['cat'] == 'fav' ) ) { echo '<div style="text-align:center;">'.$lang['only_members'].'<br />'; echo '<a href="./identification.php">'.$lang['ident_title'].'</a></div>'; @@ -221,36 +220,75 @@ function check_login_authorization() // restricted categories for the user. // If the $check_invisible parameter is set to true, invisible categories // are added to the restricted one in the array. -function get_restrictions( $user_id, $user_status, $check_invisible ) +function get_restrictions( $user_id, $user_status, + $check_invisible, $use_groups = true ) { - // 1. getting the ids of the restricted categories + // 1. retrieving ids of private categories + $query = 'SELECT id'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; + $query.= " WHERE status = 'private'"; + $query.= ';'; + $result = mysql_query( $query ); + $privates = array(); + while ( $row = mysql_fetch_array( $result ) ) + { + array_push( $privates, $row['id'] ); + } + // 2. retrieving all authorized categories for the user + $authorized = array(); + // 2.1. retrieving authorized categories thanks to personnal user + // authorization $query = 'SELECT cat_id'; - $query.= ' FROM '.PREFIX_TABLE.'restrictions'; + $query.= ' FROM '.PREFIX_TABLE.'user_access'; $query.= ' WHERE user_id = '.$user_id; $query.= ';'; $result = mysql_query( $query ); - - $restriction = array(); while ( $row = mysql_fetch_array( $result ) ) { - array_push( $restriction, $row['cat_id'] ); + array_push( $authorized, $row['cat_id'] ); } + // 2.2. retrieving authorized categories thanks to group authorization to + // which the user is a member + if ( $use_groups ) + { + $query = 'SELECT ga.cat_id'; + $query.= ' FROM '.PREFIX_TABLE.'user_group as ug'; + $query.= ', '.PREFIX_TABLE.'group_access as ga'; + $query.= ' WHERE ug.group_id = ga.group_id'; + $query.= ' AND ug.user_id = '.$user_id; + $query.= ';'; + $result = mysql_query( $query ); + while ( $row = mysql_fetch_array( $result ) ) + { + array_push( $authorized, $row['cat_id'] ); + } + $authorized = array_unique( $authorized ); + } + + $forbidden = array(); + foreach ( $privates as $private ) { + if ( !in_array( $private, $authorized ) ) + { + array_push( $forbidden, $private ); + } + } + if ( $check_invisible ) { - // 2. adding to the restricted categories, the invisible ones + // 3. adding to the restricted categories, the invisible ones if ( $user_status != 'admin' ) { $query = 'SELECT id'; $query.= ' FROM '.PREFIX_TABLE.'categories'; - $query.= " WHERE status = 'invisible';"; + $query.= " WHERE visible = 'false';"; $result = mysql_query( $query ); while ( $row = mysql_fetch_array( $result ) ) { - array_push( $restriction, $row['id'] ); + array_push( $forbidden, $row['id'] ); } } } - return $restriction; + return array_unique( $forbidden ); } // The get_all_restrictions function returns an array with all the @@ -258,17 +296,14 @@ function get_restrictions( $user_id, $user_status, $check_invisible ) // sub-categories and invisible categories function get_all_restrictions( $user_id, $user_status ) { - $restricted_cat = get_restrictions( $user_id, $user_status, true ); - $i = sizeof( $restricted_cat ); - for ( $k = 0; $k < sizeof( $restricted_cat ); $k++ ) - { - $sub_restricted_cat = get_subcats_id( $restricted_cat[$k] ); - for ( $j = 0; $j < sizeof( $sub_restricted_cat ); $j++ ) - { - $restricted_cat[$i++] = $sub_restricted_cat[$j]; + $restricted_cats = get_restrictions( $user_id, $user_status, true ); + foreach ( $restricted_cats as $restricted_cat ) { + $sub_restricted_cats = get_subcats_id( $restricted_cat ); + foreach ( $sub_restricted_cats as $sub_restricted_cat ) { + array_push( $restricted_cats, $sub_restricted_cat ); } } - return $restricted_cat; + return $restricted_cats; } // The function is_user_allowed returns : @@ -277,19 +312,17 @@ function get_all_restrictions( $user_id, $user_status ) // - 2 : if an uppercat category is not allowed function is_user_allowed( $category_id, $restrictions ) { - global $user; - $lowest_category_id = $category_id; $is_root = false; while ( !$is_root and !in_array( $category_id, $restrictions ) ) { - $query = 'select id_uppercat'; - $query.= ' from '.PREFIX_TABLE.'categories'; - $query.= ' where id = '.$category_id; + $query = 'SELECT id_uppercat'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; + $query.= ' WHERE id = '.$category_id; $query.= ';'; $row = mysql_fetch_array( mysql_query( $query ) ); - if ( $row['id_uppercat'] == "" ) + if ( $row['id_uppercat'] == '' ) { $is_root = true; } diff --git a/include/functions_xml.inc.php b/include/functions_xml.inc.php index 1919608ad..61ed5d0f9 100644 --- a/include/functions_xml.inc.php +++ b/include/functions_xml.inc.php @@ -18,7 +18,6 @@ //------------------------------------------------------------------ constantes define( ATT_REG, '\w+' ); define( VAL_REG, '[^"]*' ); - //------------------------------------------------------------------- functions // getContent returns the content of a tag // @@ -32,15 +31,15 @@ function getContent( $element ) // deleting start of the tag $content = preg_replace( '/^<[^>]+>/', '', $element ); // deleting end of the tag - $content = preg_replace( '/<\/\w+>$/', '', $content ); + $content = preg_replace( '/<\/[^>]+>$/', '', $content ); // replacing multiple instance of space character $content = preg_replace( '/\s+/', ' ', $content ); return $content; } -// The function get Attribute returns the value corresponding to the attribute -// $attribute for the tag $element. +// The function get Attribute returns the value corresponding to the +// attribute $attribute for the tag $element. function getAttribute( $element, $attribute ) { $regex = '/^<\w+[^>]*'.$attribute.'\s*=\s*"('.VAL_REG.')"/i'; diff --git a/include/init.inc.php b/include/init.inc.php index 21a3ac8b0..ad25a679b 100644 --- a/include/init.inc.php +++ b/include/init.inc.php @@ -14,8 +14,8 @@ * the Free Software Foundation; * * * ***************************************************************************/ -define( PREFIXE_INCLUDE, '' ); - +define( PREFIX_INCLUDE, '' ); + include_once( './include/config.inc.php' ); include_once( './include/user.inc.php' ); diff --git a/include/user.inc.php b/include/user.inc.php index 6447b220e..8efd8219f 100644 --- a/include/user.inc.php +++ b/include/user.inc.php @@ -24,7 +24,7 @@ $infos = array( 'id', 'username', 'mail_address', 'nb_image_line', 'maxheight', 'expand', 'show_nb_comments', 'short_period', 'long_period', 'template' ); -$query_user = 'select'; +$query_user = 'SELECT'; for ( $i = 0; $i < sizeof( $infos ); $i++ ) { if ( $i > 0 ) @@ -37,16 +37,16 @@ for ( $i = 0; $i < sizeof( $infos ); $i++ ) } $query_user.= $infos[$i]; } -$query_user.= ' from '.PREFIX_TABLE.'users'; +$query_user.= ' FROM '.PREFIX_TABLE.'users'; $query_done = false; $user['is_the_guest'] = false; if ( isset( $_GET['id'] ) && ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $_GET['id'] ) ) { $page['session_id'] = $_GET['id']; - $query = 'select user_id,expiration,ip'; - $query.= ' from '.PREFIX_TABLE.'sessions'; - $query.= " where id = '".$_GET['id']."'"; + $query = 'SELECT user_id,expiration,ip'; + $query.= ' FROM '.PREFIX_TABLE.'sessions'; + $query.= " WHERE id = '".$_GET['id']."'"; $query.= ';'; $result = mysql_query( $query ); if ( mysql_num_rows( $result ) > 0 ) @@ -56,8 +56,8 @@ if ( isset( $_GET['id'] ) { // deletion of the session from the database, // because it is out-of-date - $delete_query = 'delete from '.PREFIX_TABLE.'sessions'; - $delete_query.= " where id = '".$page['session_id']."'"; + $delete_query = 'DELETE FROM '.PREFIX_TABLE.'sessions'; + $delete_query.= " WHERE id = '".$page['session_id']."'"; $delete_query.= ';'; mysql_query( $delete_query ); } @@ -65,7 +65,7 @@ if ( isset( $_GET['id'] ) { if ( $_SERVER['REMOTE_ADDR'] == $row['ip'] ) { - $query_user .= ' where id = '.$row['user_id']; + $query_user .= ' WHERE id = '.$row['user_id']; $query_done = true; } } @@ -73,7 +73,7 @@ if ( isset( $_GET['id'] ) } if ( !$query_done ) { - $query_user .= ' where id = 2'; + $query_user .= ' WHERE id = 2'; $user['is_the_guest'] = true; } $query_user .= ';'; @@ -82,14 +82,13 @@ $row = mysql_fetch_array( mysql_query( $query_user ) ); // affectation of each value retrieved in the users table into a variable // of the array $user. -for ( $i = 0; $i < sizeof( $infos ); $i++ ) -{ - $user[$infos[$i]] = $row[$infos[$i]]; +foreach ( $infos as $info ) { + $user[$info] = $row[$info]; // If the field is true or false, the variable is transformed into a // boolean value. - if ( $row[$infos[$i]] == 'true' || $row[$infos[$i]] == 'false' ) + if ( $row[$info] == 'true' or $row[$info] == 'false' ) { - $user[$infos[$i]] = get_boolean( $row[$infos[$i]] ); + $user[$info] = get_boolean( $row[$info] ); } } ?>
\ No newline at end of file diff --git a/include/vtemplate.class.php b/include/vtemplate.class.php index 8f531412c..5f905ac92 100644 --- a/include/vtemplate.class.php +++ b/include/vtemplate.class.php @@ -2,372 +2,369 @@ /***************************************************************** * VIRTUAL-TEMPLATE * - * Version : 1.3.1 Base Edition ( Juillet 2002 ) build 6 + * Version : 1.3.2 Base Edition ( Decembre 2003 ) build 1 * * Address : http://vtemplate.sourceforge.net * * Authors: - * + THIEBAUT Jean-Baptiste(J.Baptiste@leweby.com) - http://www.leweby.com . + * + THIEBAUT Jean-Baptiste(J.Baptiste@leweby.com) - http://www.leweby.com . * + CAMPANA François (fc@netouaibe.com). * Licence: GPL. + * + * * - * + * *****************************************************************/ -if ( !isset($DEFINE_VTEMPLATE) ) -{ - define("ALL",1); - define("VARTAG","{#"); // Tag d'ouverture des variables : - // vous pouvez changer ce paramètre. - define("VTEMPLATE_VERSION","1.3.1"); - define("VTEMPLATE_TYPE","BA"); - define("VTEMPLATE_BUILD","6"); - - - class Err - { - var $msg; - var $titre; - - function error( $errno, $arg = "", $code = 0, $disp = 0 ) - { +if ( !isset($DEFINE_VTEMPLATE) ){ +define("ALL",1); +define("VARTAG","{#"); // Tag d'ouverture des variables : vous pouvez changer ce paramètre. +define("VTEMPLATE_VERSION","1.3.1"); +define("VTEMPLATE_TYPE","BA"); +define("VTEMPLATE_BUILD","6"); + + +class Err { +var $msg; +var $titre; + +function error($errno,$arg="",$code=0,$disp=0){ // Gestion des erreurs - switch($errno) - { - case 1: - $this->titre="Erreur de session n° $code"; - $this->msg = "La zone $arg est déjà ouverte.Avant d'ajouter une session sur cette zone, vous devez la fermer à l'aide de la fonction closeSession().<br>" ; - break; - case 2: - $this->titre="Erreur de session n° $code"; - $this->msg = "Vous tentez de fermer une session de la zone $arg alors qu'aucune session pour cette zone n'existe.Pour ouvrir une session, utilisez la fonction addSession().<br>"; - break; - case 3: - $this->titre="Erreur de session n° $code"; - $var = $arg[1]; - $zone = $arg[0]; - $this->msg = "Vous essayez de valoriser la variable $var sans avoir créer de session de la zone $zone.Utilisez la fonction addSession() pour créer une session, puis setVar pour valoriser une variable.<br>"; - break; - case 4: - $this->titre="Erreur de session n° $code"; - $var = $arg[1]; - $zone = $arg[0]; - $this->msg = "La variable $var que vous souhaitez valoriser n'existe pas dans la zone $zone.<br>"; - break; - case 5: - $this->titre="Erreur de parsing n° $code"; - $this->msg = "Vous utilisez des caractère non autorisés pour déclarer vos zones.Vous pouvez utiliser tous les caractères à l'exception de \'{\' , \'#\' \'}\' et \'|\'.<br>"; - break; - case 6: - $this->titre="Erreur de parsing n° $code"; - $this->msg = "Vous ne pouvez pas utiliser le même nom ($arg)de zone plusieurs fois.<br>"; - break; - case 7: - $this->titre="Erreur de parsing n° $code"; - $this->msg = "Vous avez oublié de fermer la zone $arg.<br>"; - break; - case 8: - $this->titre="Erreur de traitement n° $code"; - $this->msg = "Le fichier template $arg est introuvable.<br>"; - break; - case 9: - $this->titre="Erreur de traitement n° $code"; - $this->msg = "Impossible d'ouvrir le fichier $arg.Vérifiez les droits de ce fichier.<br>"; - break; - case 10: - $this->titre="Erreur de traitement n° $code"; - $this->msg = "Impossible de lire le fichier template $arg.<br>"; - break; - case 11: - $this->titre="Erreur de traitement n° $code"; - $this->msg = "La zone $arg est introuvable.Vérifiez la syntaxe de cette zone.<br>"; - break; - case 12: - $this->titre="Erreur de traitement n° $code"; - $this->msg = "La variable $arg est introuvable .Vérifiez la syntaxe de la variable.<br>"; - break; - case 13: - $this->titre="Erreur de traitement n° $code"; - $this->msg = "L'identifiant de fichier spécifié n'existe pas.Vérifiez les fonctions Open() de votre script.<br>"; - break; - case 14: - $this->titre="Erreur de traitement n° $code"; - $var = $arg[1]; - $file = $arg[0]; - $this->msg = "La variable $var dans le fichier $file est introuvable.Vérifiez la syntaxe de la variable.<br>"; - break; - case 15: - $this->titre="Erreur de traitement n° $code"; - $var = $arg[2]; - $zone = $arg[1]; - $fichier = $arg[0]; - $this->msg = "La variable $var dans la zone $zone du fichier $fichier est introuvable.Vérifiez la syntaxe de la variable et du nom de la zone.<br>"; - break; - default: - $this->titre = "Erreur inconnue $code"; - $this->msg = "Veuillez le rapporter aux auteurs de la classe."; - } - $this->titre .= ": <br>"; - if ($disp){ - $web = "Pour plus d'informations, consultez la <a href=\"http://www.virtual-solution.net/vtemplate/docs/debug-mod.php?version=".VTEMPLATE_VERSION."&build=".VTEMPLATE_BUILD."&type=".VTEMPLATE_TYPE."&error=$code\" target=\"_blank\">doc en ligne</a>"; - echo "<font face=verdana size=2 color=red><u>$this->titre</u><i>$this->msg</i>$web<br><br></font>"; - } - return -1; - } +switch($errno){ + case 1: + $this->titre="Erreur de session n° $code"; + $this->msg = "La zone $arg est déjà ouverte.Avant d'ajouter une session sur cette zone, vous devez la fermer à l'aide de la fonction closeSession().<br>" ; + break; + case 2: + $this->titre="Erreur de session n° $code"; + $this->msg = "Vous tentez de fermer une session de la zone $arg alors qu'aucune session pour cette zone n'existe.Pour ouvrir une session, utilisez la fonction addSession().<br>"; + break; + case 3: + $this->titre="Erreur de session n° $code"; + $var = $arg[1]; + $zone = $arg[0]; + $this->msg = "Vous essayez de valoriser la variable $var sans avoir créer de session de la zone $zone.Utilisez la fonction addSession() pour créer une session, puis setVar pour valoriser une variable.<br>"; + break; + case 4: + $this->titre="Erreur de session n° $code"; + $var = $arg[1]; + $zone = $arg[0]; + $this->msg = "La variable $var que vous souhaitez valoriser n'existe pas dans la zone $zone.<br>"; + break; + case 5: + $this->titre="Erreur de parsing n° $code"; + $this->msg = "Vous utilisez des caractère non autorisés pour déclarer vos zones.Vous pouvez utiliser tous les caractères à l'exception de \'{\' , \'#\' \'}\' et \'|\'.<br>"; + break; + case 6: + $this->titre="Erreur de parsing n° $code"; + $this->msg = "Vous ne pouvez pas utiliser le même nom ($arg)de zone plusieurs fois.<br>"; + break; + case 7: + $this->titre="Erreur de parsing n° $code"; + $this->msg = "Vous avez oublié de fermer la zone $arg.<br>"; + break; + case 8: + $this->titre="Erreur de traitement n° $code"; + $this->msg = "Le fichier template $arg est introuvable.<br>"; + break; + case 9: + $this->titre="Erreur de traitement n° $code"; + $this->msg = "Impossible d'ouvrir le fichier $arg.Vérifiez les droits de ce fichier.<br>"; + break; + case 10: + $this->titre="Erreur de traitement n° $code"; + $this->msg = "Impossible de lire le fichier template $arg.<br>"; + break; + case 11: + $this->titre="Erreur de traitement n° $code"; + $this->msg = "La zone $arg est introuvable.Vérifiez la syntaxe de cette zone.<br>"; + break; + case 12: + $this->titre="Erreur de traitement n° $code"; + $this->msg = "La variable $arg est introuvable .Vérifiez la syntaxe de la variable.<br>"; + break; + case 13: + $this->titre="Erreur de traitement n° $code"; + $this->msg = "L'identifiant de fichier spécifié n'existe pas.Vérifiez les fonctions Open() de votre script.<br>"; + break; + case 14: + $this->titre="Erreur de traitement n° $code"; + $var = $arg[1]; + $file = $arg[0]; + $this->msg = "La variable $var dans le fichier $file est introuvable.Vérifiez la syntaxe de la variable.<br>"; + break; + case 15: + $this->titre="Erreur de traitement n° $code"; + $var = $arg[2]; + $zone = $arg[1]; + $fichier = $arg[0]; + $this->msg = "La variable $var dans la zone $zone du fichier $fichier est introuvable.Vérifiez la syntaxe de la variable et du nom de la zone.<br>"; + break; + default: + $this->titre = "Erreur inconnue $code"; + $this->msg = "Veuillez le rapporter aux auteurs de la classe."; +} +$this->titre .= ": <br>"; +if ($disp){ + $web = "Pour plus d'informations, consultez la <a href=\"http://www.virtual-solution.net/vtemplate/docs/debug-mod.php?version=".VTEMPLATE_VERSION."&build=".VTEMPLATE_BUILD."&type=".VTEMPLATE_TYPE."&error=$code\" target=\"_blank\">doc en ligne</a>"; + echo "<font face=verdana size=2 color=red><u>$this->titre</u><i>$this->msg</i>$web<br><br></font>"; +} +return -1; +} // Fin classe - } +} - class Session extends err{ - - var $name; // Name of the session - var $globalvar = array(); // List of global variable of the session - var $varlist = array(); // List of var in this session - var $subzone = array(); // list of sub-zone - var $temp; // Generated code for the current session - var $generated = NULL; // The final code - var $source; // Source code - var $used=0; // Indicates if the session contain used variable - var $stored; // Give the filename were is stored the session - - function Session($name,$source,$stored){ - $this->name = $name; - $this->source = $source; - $this->stored = $stored; - $this->parseVar(); - } +class Session extends err{ + +var $name; // Name of the session +var $globalvar = array(); // List of global variable of the session +var $varlist = array(); // List of var in this session +var $subzone = array(); // list of sub-zone +var $temp; // Generated code for the current session +var $generated = NULL; // The final code +var $source; // Source code +var $used=0; // Indicates if the session contain used variable +var $stored; // Give the filename were is stored the session + +function Session($name,$source,$stored){ + $this->name = $name; + $this->source = $source; + $this->stored = $stored; + $this->parseVar(); +} - function parseVar(){ - // Récupération des noms des variables - $regle = "|".VARTAG."(.*)}|sU"; - preg_match_all ($regle,$this->source,$var1); - // Création du tableau de variable à partir de la liste parsée. - $this->varlist=@array_merge($var[1],$var1[1]); - return 1; - } - - function init(){ - if($this->used) return $this->error(1,array($this->stored,$this->name),"SESSION1",1); +function parseVar(){ + // Récupération des noms des variables + $regle = "|".VARTAG."(.*)}|sU"; + preg_match_all ($regle,$this->source,$var1); + // Création du tableau de variable à partir de la liste parsée. + $this->varlist=@array_merge($var[1],$var1[1]); +return 1; +} + +function init(){ +if($this->used) return $this->error(1,array($this->stored,$this->name),"SESSION1",1); // Reset generated code - $this->temp = $this->source; - $this->used = 1; - } - function closeSession(){ +$this->temp = $this->source; +$this->used = 1; +} +function closeSession(){ // Check if the zone has been used. - if(!$this->used) return $this->error(2,array($this->stored,$this->name),"SESSION2",1); +if(!$this->used) return $this->error(2,array($this->stored,$this->name),"SESSION2",1); // Set Globals vars. - $this->generateCode(); - $this->used=0; - return 1; - } +$this->generateCode(); +$this->used=0; +return 1; +} - function reset(){ - $this->used = 0; - $this->generated = NULL; - return 1; - } +function reset(){ +$this->used = 0; +$this->generated = NULL; +return 1; +} - function addSubZone(&$subzone){ - $this->subzone[$subzone->name] = &$subzone; - return 1; - } +function addSubZone(&$subzone){ +$this->subzone[$subzone->name] = &$subzone; +return 1; +} - function setVar($varname,$value){ - if (!$this->used) return $this->error(3,array($this->stored,$this->name,$varname),"SESSION3",1); - if (!in_array($varname,$this->varlist)) return $this->error(4,array($this->name,$varname),"SESSION4",1); - $regle = "(\\".VARTAG."$varname\})"; - $this->temp = preg_replace($regle,$value,$this->temp); - return 1; - } +function setVar($varname,$value){ +if (!$this->used) return $this->error(3,array($this->stored,$this->name,$varname),"SESSION3",1); +if (!in_array($varname,$this->varlist)) return $this->error(4,array($this->name,$varname),"SESSION4",1); +$regle = "(\\".VARTAG."$varname\})"; +$this->temp = preg_replace($regle,$value,$this->temp); +return 1; +} - function dispVar(){ - echo "Liste variables de $this->name:<br>"; - foreach ( $this->varlist as $vars ) - echo "$vars <br>"; - } +function dispVar(){ + echo "Liste variables de $this->name:<br>"; + foreach ( $this->varlist as $vars ) + echo "$vars <br>"; +} - function setGlobalVar($varname,$value){ - $set = 0; - if (in_array($varname,$this->varlist)){ - // Replace the var into this session - $this->globalvar[$varname]=$value; - $set = 1; - } - // Replace the var into sub zones - foreach(array_keys($this->subzone) as $subzone){ - $set = $this->subzone[$subzone]->setGlobalVar($varname,$value) || $set; - } - return $set; - } +function setGlobalVar($varname,$value){ +$set = 0; +if (in_array($varname,$this->varlist)){ + // Replace the var into this session + $this->globalvar[$varname]=$value; + $set = 1; +} + // Replace the var into sub zones + foreach(array_keys($this->subzone) as $subzone){ + $set = $this->subzone[$subzone]->setGlobalVar($varname,$value) || $set; + } + return $set; +} - function replaceGlobalVar(){ - if ( count($this->globalvar) ) - foreach($this->globalvar as $varname => $value){ - $regle = "(\\".VARTAG."$varname\})"; - $this->temp = preg_replace($regle,$value,$this->temp); - } - } +function replaceGlobalVar(){ +if ( count($this->globalvar) ) +foreach($this->globalvar as $varname => $value){ + $regle = "(\\".VARTAG."$varname\})"; + $this->temp = preg_replace($regle,$value,$this->temp); +} +} - function generateCode(){ - if ($this->used == 0) return $this->generated; - // Replace global var. - if ( count($this->globalvar) ) $this->replaceGlobalVar(); - // Replace all unused variable by "" - $regle = "|\\".VARTAG."(.*)\}|"; - $this->temp = preg_replace($regle,"",$this->temp); - // Generate the subzone(s) code - if(count($this->subzone)){ - foreach(array_keys($this->subzone) as $subzone){ - $text = ($this->subzone[$subzone]->used) ? $this->subzone[$subzone]->generateCode() : $this->subzone[$subzone]->generated; - $this->temp = preg_replace("(\|$subzone\|)",$text,$this->temp); - $this->subzone[$subzone]->reset(); - } - } - $this->generated .= $this->temp; - return $this->generated; +function generateCode(){ + if ($this->used == 0) return $this->generated; + // Replace global var. + if ( count($this->globalvar) ) $this->replaceGlobalVar(); + // Replace all unused variable by "" + $regle = "|\\".VARTAG."([^}]*)\}|"; + $this->temp = preg_replace($regle,"",$this->temp); + // Generate the subzone(s) code + if(count($this->subzone)){ + foreach(array_keys($this->subzone) as $subzone){ + $text = ($this->subzone[$subzone]->used) ? $this->subzone[$subzone]->generateCode() : $this->subzone[$subzone]->generated; + $this->temp = preg_replace("(\|$subzone\|)",$text,$this->temp); + $this->subzone[$subzone]->reset(); + } } +$this->generated .= $this->temp; +return $this->generated; +} - function inVarList($varname){ - return in_array($varname,$this->varlist); - } +function inVarList($varname){ +return in_array($varname,$this->varlist); +} // Fin classe - } +} - class VTemplate_Private extends Err{ +class VTemplate_Private extends Err{ /**************************************** - * Private Class. * - * ***************************************/ +* Private Class. * +* ***************************************/ - var $sources=array(); // Sources des zones issues de la premiere partie du parsing. - var $sessions=array(); // Tableau de sessions - var $v_global=array(); // Globla var array. +var $sources=array(); // Sources des zones issues de la premiere partie du parsing. +var $sessions=array(); // Tableau de sessions +var $v_global=array(); // Globla var array. /**************************************************************** Parsing Functions for Template files. ( PF 1.0 ) -****************************************************************/ + ****************************************************************/ - function getNom($code){ +function getNom($code){ // Retourne le premier nom de zone qu'il trouve dans le code - preg_match("(<!--VTP_([^()]+)-->)sU",$code,$reg); + preg_match("(<!--VTP_([^()]+)-->)sU",$code,$reg); - // Tester la présence des caratère invalides dans le nom ( | et {}); - if (@count(explode("|",$reg[1]))>1 || @count(explode("{",$reg[1]))>1 || @count(explode("}",$reg[1]))>1) exit($this->error(5,$reg[1],"PARSE1",1)); + // Tester la présence des caratère invalides dans le nom ( | et {}); + if (@count(explode("|",$reg[1]))>1 || @count(explode("{",$reg[1]))>1 || @count(explode("}",$reg[1]))>1) exit($this->error(5,$reg[1],"PARSE1",1)); - return @$reg[1]; - } + return @$reg[1]; +} - function endTag($code,$nom){ +function endTag($code,$nom){ // Renvoie TRUE(1) si le tag de fermeture est présent. - preg_match("(<!--/VTP_$nom-->)sU",$code,$reg); + preg_match("(<!--/VTP_$nom-->)sU",$code,$reg); - return ($reg[0]!="<!--/VTP_$nom-->") ? 0 : 1; - } +return ($reg[0]!="<!--/VTP_$nom-->") ? 0 : 1; +} - function getSource($code,$nom,$type=0){ +function getSource($code,$nom,$type=0){ // Retourne le source de la zone de nom $nom - preg_match_all ("(<!--VTP_$nom-->(.*)<!--/VTP_$nom-->)sU",$code,$reg); + preg_match_all ("(<!--VTP_$nom-->(.*)<!--/VTP_$nom-->)sU",$code,$reg); - return $reg[$type][0]; - } +return $reg[$type][0]; +} - function parseZone($code_source,$nom_zone="|root|"){ +function parseZone($code_source,$nom_zone="|root|"){ // Fonction récursive de parsing du fichier template - // Vérification que la zone n'existe pas - if (isset($this->sources[$nom_zone])) exit($this->error(6,$nom_zone,"PARSE2",1)); + // Vérification que la zone n'existe pas + if (isset($this->sources[$nom_zone])) exit($this->error(6,$nom_zone,"PARSE2",1)); - // Enregistrement du code source - $this->sources[$nom_zone]["source"]=$code_source; + // Enregistrement du code source + $this->sources[$nom_zone]["source"]=$code_source; - // Rappel de la fonction pour chaque fils. - while($nom_fils=$this->getNom($this->sources[$nom_zone]["source"])){ + // Rappel de la fonction pour chaque fils. + while($nom_fils=$this->getNom($this->sources[$nom_zone]["source"])){ - // Vérification que le tag de fin est présent. - if (!$this->endTag($code_source,$nom_fils)) exit($this->error(7,$nom_fils,"PARSE3",1)); + // Vérification que le tag de fin est présent. + if (!$this->endTag($code_source,$nom_fils)) exit($this->error(7,$nom_fils,"PARSE3",1)); - // Parse le fils - $this->parseZone($this->getSource($this->sources[$nom_zone]["source"],$nom_fils,1),$nom_fils); + // Parse le fils + $this->parseZone($this->getSource($this->sources[$nom_zone]["source"],$nom_fils,1),$nom_fils); - // Enregistre le nom du fils dans la liste des fils - $this->sources[$nom_zone]["fils"][]=$nom_fils; + // Enregistre le nom du fils dans la liste des fils + $this->sources[$nom_zone]["fils"][]=$nom_fils; - // Remplace le code du fils dans le source du père - $this->sources[$nom_zone]["source"]=str_replace( - $this->getSource($this->sources[$nom_zone]["source"],$nom_fils,0), - "|$nom_fils|", - $this->sources[$nom_zone]["source"] - ); - // Teste si la zone $nom_fils n'existe pas plusieurs fois dans la zone $nom_zone - if (count(explode("|$nom_fils|",$this->sources[$nom_zone]["source"]))>2) exit($this->error(6,$nom_fils,"PARSE4",1)); - }// fin While + // Remplace le code du fils dans le source du père + $this->sources[$nom_zone]["source"]=str_replace( + $this->getSource($this->sources[$nom_zone]["source"],$nom_fils,0), + "|$nom_fils|", + $this->sources[$nom_zone]["source"] + ); + // Teste si la zone $nom_fils n'existe pas plusieurs fois dans la zone $nom_zone + if (count(explode("|$nom_fils|",$this->sources[$nom_zone]["source"]))>2) exit($this->error(6,$nom_fils,"PARSE4",1)); + }// fin While - return 1; - } +return 1; +} /**************************************************************** Session Management functions ( SMF 1.0 ) -****************************************************************/ + ****************************************************************/ - function createSession($handle,$zone = "|root|"){ +function createSession($handle,$zone = "|root|"){ // Create a new session of the zone - $this->sessions[$handle][$zone] = new Session($zone,$this->sources[$zone]["source"],$this->file_name[$handle]); +$this->sessions[$handle][$zone] = new Session($zone,$this->sources[$zone]["source"],$this->file_name[$handle]); // Create sub-zone - if (@count($this->sources[$zone]["fils"])){ - foreach($this->sources[$zone]["fils"] as $subzone){ - $this->createSession($handle,$subzone); - $this->sessions[$handle][$zone]->addSubZone($this->sessions[$handle][$subzone]); - } - } +if (@count($this->sources[$zone]["fils"])){ + foreach($this->sources[$zone]["fils"] as $subzone){ + $this->createSession($handle,$subzone); + $this->sessions[$handle][$zone]->addSubZone($this->sessions[$handle][$subzone]); + } +} //end createSession - } +} /**************************************************************** Global Variable Management Functions ( GVMF 1.0 ) -****************************************************************/ + ****************************************************************/ - function setGZone($handle,$zone,$var,$value){ - // Define Global var for $zone and its sub-zone. - // Set global value to $zone vars. - return $this->sessions[$handle][$zone]->setGlobalVar($var,$value); - } + function setGZone($handle,$zone,$var,$value){ + // Define Global var for $zone and its sub-zone. + // Set global value to $zone vars. + return $this->sessions[$handle][$zone]->setGlobalVar($var,$value); +} - function setGFile($handle,$var,$value) { - return $this->sessions[$handle]["|root|"]->setGlobalVar($var,$value); - } +function setGFile($handle,$var,$value) { + return $this->sessions[$handle]["|root|"]->setGlobalVar($var,$value); +} - function setGAll($var,$value){ - $declare = 0; - $this->v_global[$var]=$value; - if (is_array($this->sessions)){ - foreach($this->sessions as $handle => $v){ - $declare = $this->setGFile($handle,$var,$value) || $declare; - } - } - return $declare; - } +function setGAll($var,$value){ +$declare = 0; +$this->v_global[$var]=$value; +if (is_array($this->sessions)){ + foreach($this->sessions as $handle => $v){ + $declare = $this->setGFile($handle,$var,$value) || $declare; + } + } +return $declare; +} - function setGOpened($handle){ +function setGOpened($handle){ // Set Global var into the opened file - foreach($this->v_global as $name => $val){ - $this->setGFile($handle,$name,$val); - } - return 1; - } +foreach($this->v_global as $name => $val){ + $this->setGFile($handle,$name,$val); +} +return 1; +} // Fin VTemplate_Private - } +} - class VTemplate extends VTemplate_Private{ +class VTemplate extends VTemplate_Private{ /**************************************** - * Public Class. * - * ***************************************/ +* Public Class. * +* ***************************************/ /**************************************************************** @@ -375,145 +372,233 @@ if ( !isset($DEFINE_VTEMPLATE) ) *****************************************************************/ - function Open($nomfichier){ +function Open($nomfichier){ // Ouverture d'un fichier source et retourne le handle de ce fichier // Création du handle: - $handle = "{".count($this->sessions)."}" ; +$handle = "{".count($this->sessions)."}" ; // Récupération du source à parser - if (!@file_exists($nomfichier)) return $this->error(8,$nomfichier,"TTT1",1); - if (!$f_id=@fopen($nomfichier,"r")) return $this->error(9,$nomfichier,"TTT2",1); - if (!$source=@fread($f_id, filesize($nomfichier))) return $this->error(10,$nomfichier,"TTT3",1); - clearstatcache(); - fclose($f_id); +if (!@file_exists($nomfichier)) return $this->error(8,$nomfichier,"TTT1",1); +if (!$f_id=@fopen($nomfichier,"r")) return $this->error(9,$nomfichier,"TTT2",1); +if (!$source=@fread($f_id, filesize($nomfichier))) return $this->error(10,$nomfichier,"TTT3",1); +clearstatcache(); +fclose($f_id); // Store the filename - $this->file_name[$handle]=$nomfichier; +$this->file_name[$handle]=$nomfichier; // Parse les zones - $this->parseZone($source); +$this->parseZone($source); // Création du tableau de session - $this->createSession($handle); +$this->createSession($handle); //Nettoyage des variables temporaires - $this->sources=NULL; +$this->sources=NULL; // Set global var. - $this->setGOpened($handle); +$this->setGOpened($handle); - $this->addSession($handle); - return $handle; - } +$this->addSession($handle); +return $handle; +} - function newSession($handle="{0}",$nom_zone = "|root|"){ - if ( $this->sessions[$handle][$nom_zone]->used ) $this->closeSession($handle,$nom_zone); - $this->addSession($handle,$nom_zone,$cache,$time,$num_session); - return 1; - } +function newSession($handle="{0}",$nom_zone = "|root|"){ +if ( $this->sessions[$handle][$nom_zone]->used ) $this->closeSession($handle,$nom_zone); +$this->addSession($handle,$nom_zone,$cache,$time,$num_session); +return 1; +} - function addSession($handle="{0}",$nom_zone = "|root|"){ - // Does the zone exist ? - if(!isset($this->sessions[$handle][$nom_zone])) return $this->error(11,array($nom_zone,$this->file_name[$handle]),"TTT4",1); - $this->sessions[$handle][$nom_zone]->init(); - return 1; - } +function addSession($handle="{0}",$nom_zone = "|root|"){ + // Does the zone exist ? + if(!isset($this->sessions[$handle][$nom_zone])) return $this->error(11,array($nom_zone,$this->file_name[$handle]),"TTT4",1); + $this->sessions[$handle][$nom_zone]->init(); + return 1; +} - function closeSession($handle="{0}",$nom_zone = "|root|"){ +function closeSession($handle="{0}",$nom_zone = "|root|"){ // Close the current session and all his sub-session - // Check if the zone exists. - if(!isset($this->sessions[$handle][$nom_zone])) return $this->error(11,array($nom_zone,$this->file_name[$handle]),"TTT5",1); - // Closing sub-zone - $this->sessions[$handle][$nom_zone]->closeSession(); - return 1; - } + // Check if the zone exists. + if(!isset($this->sessions[$handle][$nom_zone])) return $this->error(11,array($nom_zone,$this->file_name[$handle]),"TTT5",1); + // Closing sub-zone + $this->sessions[$handle][$nom_zone]->closeSession(); + return 1; +} - function setGlobalVar($arg1,$arg2,$arg3){ - if ($arg1 == 1){ - if (!$this->setGAll($arg2,$arg3)) return $this->error(12,$arg2,"TTT6",1); - return 1; - } - if (!isset($this->sessions[$arg1])) return $this->error(13,$arg1,"TTT7",1); - $tab=explode(".",$arg2); - if (count($tab)==1){ - if (!$this->setGFile($arg1,$arg2,$arg3)) return $this->error(14,array($this->file_name[$arg1],$arg2),"TTT8",1); - } - else if (count($tab==2)){ - if (!isset($this->sessions[$arg1][$tab[0]])) return $this->error(11,array($tab[0],$this->file_name[$arg1],"TTT9",1)); - if (!$this->setGZone($arg1,$tab[0],$tab[1],$arg3)) return $this->error(15,array($this->file_name[$arg1],$tab[0],$tab[1]),"TTT10",1); - } - return 1; - } +function setGlobalVar($arg1,$arg2,$arg3){ +if ($arg1 == 1){ + if (!$this->setGAll($arg2,$arg3)) return $this->error(12,$arg2,"TTT6",1); + return 1; +} +if (!isset($this->sessions[$arg1])) return $this->error(13,$arg1,"TTT7",1); + $tab=explode(".",$arg2); + if (count($tab)==1){ + if (!$this->setGFile($arg1,$arg2,$arg3)) return $this->error(14,array($this->file_name[$arg1],$arg2),"TTT8",1); + } + else if (count($tab==2)){ + if (!isset($this->sessions[$arg1][$tab[0]])) return $this->error(11,array($tab[0],$this->file_name[$arg1],"TTT9",1)); + if (!$this->setGZone($arg1,$tab[0],$tab[1],$arg3)) return $this->error(15,array($this->file_name[$arg1],$tab[0],$tab[1]),"TTT10",1); + } +return 1; +} - function setVar($handle,$zone_var,$val){ - // Fill the variable - $tab=explode(".",$zone_var); - if(count($tab)==2){ - $zone=$tab[0]; - $var=$tab[1]; - } - else - { - $zone="|root|"; - $var=$tab[0]; - } - - // Teste l'existence de la zone dans la liste - if (!isset($this->sessions[$handle][$zone])) return $this->error(11,array($this->file_name[$handle],$zone),"TTT11",1); - - //Enregistre la variable - return $this->sessions[$handle][$zone]->setVar($var,$val); - } +function setVar($handle,$zone_var,$val){ + // Fill the variable +$tab=explode(".",$zone_var); + if(count($tab)==2){ + $zone=$tab[0]; + $var=$tab[1]; + } + else + { + $zone="|root|"; + $var=$tab[0]; + } + + // Teste l'existence de la zone dans la liste + if (!isset($this->sessions[$handle][$zone])) return $this->error(11,array($this->file_name[$handle],$zone),"TTT11",1); + + //Enregistre la variable + return $this->sessions[$handle][$zone]->setVar($var,$val); +} - function Parse($handle_dest,$zone_var_dest,$handle_source,$zone_source="|root|"){ - if($this->sessions[$handle_source][$zone_source]->used == 1) $this->closeSession($handle_source,$zone_source); - $this->setVar($handle_dest,$zone_var_dest, $this->sessions[$handle_source][$zone_source]->generated); - } +function Parse($handle_dest,$zone_var_dest,$handle_source,$zone_source="|root|"){ + if($this->sessions[$handle_source][$zone_source]->used == 1) $this->closeSession($handle_source,$zone_source); + $this->setVar($handle_dest,$zone_var_dest, $this->sessions[$handle_source][$zone_source]->generated); +} - function setVarF($handle,$zone_var,$file){ +function setVarF($handle,$zone_var,$file){ // Fonction qui ouvre le fichier file et copie ce qu'il y a dedans dans une variable. - $tab=explode(".",$zone_var); +$tab=explode(".",$zone_var); // Récupération nom de la zone et de la variable. - if(count($tab)==2){ - $zone=$tab[0]; - $var=$tab[1]; - } - else - { - $zone="|root|"; - $var=$tab[0]; - } + if(count($tab)==2){ + $zone=$tab[0]; + $var=$tab[1]; + } + else + { + $zone="|root|"; + $var=$tab[0]; + } // Teste l'existence de la zone dans la liste - if (!is_object($this->sessions[$handle][$zone])) return $this->error(11,array($handle,$zone),"TTT12",1); + if (!is_object($this->sessions[$handle][$zone])) return $this->error(11,array($handle,$zone),"TTT12",1); - // Récupération du source à lire - if (!@file_exists($file)) return $this->error(8,$file,"TTT13",1); - if (!$f_id=@fopen($file,"r")) return $this->error(9,$file,"TTT14",1); - if (!$val=@fread($f_id, filesize($file))) return $this->error(10,$file,"TTT15",1); - clearstatcache(); - fclose($f_id); + // Récupération du source à lire +if (!@file_exists($file)) return $this->error(8,$file,"TTT13",1); +if (!$f_id=@fopen($file,"r")) return $this->error(9,$file,"TTT14",1); +if (!$val=@fread($f_id, filesize($file))) return $this->error(10,$file,"TTT15",1); +clearstatcache(); +fclose($f_id); //Enregistre la variable - return $this->sessions[$handle][$zone]->setVar($var,$val); - } +return $this->sessions[$handle][$zone]->setVar($var,$val); +} + + - function isZone($handle, $zone="|root|") - { - return isset($this->sessions[$handle][$zone]) ; - } - function Display($handle="{0}",$display=1,$zone="|root|"){ - $this->closeSession($handle,$zone); - $c_genere = $this->sessions[$handle][$zone]->generated; + +function isZone($handle, $zone="|root|") +{ +return isset($this->sessions[$handle][$zone]) ; +} + +function Display($handle="{0}",$display=1,$zone="|root|"){ + $this->closeSession($handle,$zone); + $c_genere = $this->sessions[$handle][$zone]->generated; - if ($display) echo $c_genere; else return ($c_genere); - } + if ($display) echo $c_genere; else return ($c_genere); +} +//fonction complementaire version BETA + +/* +* +On peut l'utiliser : +- SetVarTab($array): tout les couples clef/valeur sont valorisées +- SetVarTab($array,$index) seuls les couples clef/valeur dont la clef est dans le tableau index ou dont la valeur == $index (si pas tableau) +Si $index contient ou est une clef de type zone.clef, la clef sera extraite du texte est servira d'index pour $array + +Vincent +*/ + +function setVarTab($handle,$zones,$index = array()){ + if (is_array($index)) + { + if (count($index)>0) + { + reset($index); + while (list (, $key) = each ($index)) + { + $tab=explode(".",$key); + if(count($tab)==2){ + $var=$tab[1]; + } + else + { + $var=$tab[0]; + } + setVar($handle,$key,$zones[$var]); + } + } + else + { + reset($zones); + while (list ($key, $val) = each ($zones)) + { + setVar($handle,$key,$val); + } + } + } + else + { + setVar($handle,$index,$zones[$index]); + } +} + +function setGlobalVarTab($handle,$zones,$index = array()){ + + if (is_array($index)) + { + if (count($index)>0) + { + reset($index); + while (list (, $key) = each ($index)) + { + $tab=explode(".",$key); + if(count($tab)==2){ + $var=$tab[1]; + } + else + { + $var=$tab[0]; + } + setGlobalVar($handle,$key,$zones[$var]); + } + } + else + { + reset($zones); + while (list ($key, $val) = each ($zones)) + { + GlobalVar($handle,$key,$val); + } + } + } + else + { + setBlobalVar($handle,$index,$zones[$index]); + } +} + + + + // End VTemplate - } - $DEFINE_VTEMPLATE = 1; +} +$DEFINE_VTEMPLATE = 1; } ?> @@ -1,16 +1,13 @@ <?php -include_once( './include/mysql.inc.php' ); +define( PREFIX_INCLUDE, '' ); include_once( './include/functions.inc.php' ); database_connection(); -// récupération des informations de configuration du site -$query = 'select acces '; -$query .= 'from '.PREFIX_TABLE.'config;'; +// retrieving configuration informations +$query = 'SELECT access'; +$query.= ' FROM '.PREFIX_TABLE.'config;'; $row = mysql_fetch_array( mysql_query( $query ) ); -$url = 'category'; -if ( $row['acces'] == 'restreint' ) -{ - $url = 'identification'; -} +if ( $row['access'] == 'restricted' ) $url = 'identification'; +else $url = 'category'; // redirection $url.= '.php'; header( 'Request-URI: '.$url ); diff --git a/language/francais.php b/language/francais.php index 5685578fe..cbf36d2bd 100644 --- a/language/francais.php +++ b/language/francais.php @@ -15,6 +15,10 @@ $lang['no'] = 'non'; $lang['yes'] = 'oui'; $lang['guest'] = 'visiteur'; $lang['mail_address'] = 'adresse mail'; +$lang['public'] = 'publique'; +$lang['private'] = 'privée'; +$lang['add'] = 'ajouter'; +$lang['dissociate'] = 'dissocier'; // end version 1.3 // page diapo @@ -218,20 +222,26 @@ if ( $isadmin ) // $lang['title_add'] = 'Ajouter/Modifier un utilisateur'; $lang['title_add'] = 'Ajouter un utilisateur'; $lang['title_modify'] = 'Modifier un utilisateur'; + $lang['title_groups'] = 'Gestion des groupes'; // end version 1.3 $lang['title_liste_users'] = 'Liste des utilisateurs'; $lang['title_history'] = 'Historique'; $lang['title_update'] = 'Mise à jour de la base de données'; $lang['title_configuration'] = 'Configuration de PhpWebGallery'; $lang['title_instructions'] = 'Instructions'; - $lang['title_permissions'] = 'Modifier les permissions pour un utilisateur'; +// start version 1.3 +// $lang['title_permissions'] = 'Modifier les permissions pour un utilisateur'; + $lang['title_user_perm'] = 'Modifier les permissions pour l\'utilisateur'; + $lang['title_cat_perm'] = 'Modifier les permissions pour la catégorie'; + $lang['title_group_perm'] = 'Modifier les permissions pour le groupe'; +// end version 1.3 $lang['title_categories'] = 'Gestion des catégories'; $lang['title_edit_cat'] = 'Editer une catégorie'; $lang['title_info_images'] = 'Modifier les informations sur les images d\'une catégorie'; $lang['title_thumbnails'] = 'Création des miniatures'; $lang['title_thumbnails_2'] = 'pour'; $lang['title_default'] = 'Administration de PhpWebGallery'; - + $lang['menu_title'] = 'Administration'; $lang['menu_config'] = 'Configuration'; $lang['menu_users'] = 'Utilisateurs'; @@ -243,7 +253,10 @@ if ( $isadmin ) $lang['menu_history'] = 'Historique'; $lang['menu_instructions'] = 'Instructions'; $lang['menu_back'] = 'Page diapo'; - +// start version 1.3 + $lang['menu_groups'] = 'Groupes'; +// end version 1.3 + $lang['title_waiting'] = 'Images en attente de validation'; $lang['menu_waiting'] = 'En attente'; @@ -383,9 +396,19 @@ if ( $isadmin ) $lang['adduser_status_admin'] = 'admin'; // start version 1.3 // $lang['adduser_status_member'] = 'membre'; + $lang['adduser_associate'] = 'Associer au groupe'; // end version 1.3 $lang['adduser_status_guest'] = 'visiteur'; - + +// start version 1.3 + $lang['group_add'] = 'Ajouter un groupe'; + $lang['group_add_error1'] = 'Le nom du groupe ne doit pas comporter de " ou de \''; + $lang['group_add_error2'] = 'Ce nom de groupe est déjà utilisé'; + $lang['group_confirm'] = 'Etes-vous sûr de vouloir supprimer le groupe'; + $lang['group_list_title'] = 'Liste des groupes existants'; + $lang['group_err_unknown'] = 'Ce groupe n\'existe pas dans la base de données'; +// end version 1.3 + // page permissions $lang['permuser_info_message'] = 'Permissions enregistrées'; $lang['permuser_title'] = 'Restrictions pour l\'utilisateur'; @@ -393,7 +416,9 @@ if ( $isadmin ) $lang['permuser_authorized'] = 'autorisé'; $lang['permuser_forbidden'] = 'interdit'; $lang['permuser_parent_forbidden'] = 'catégorie parente interdite'; - $lang['permuser_cat_title'] = 'Modifier les permissions pour '; +// start version 1.3 +// $lang['permuser_cat_title'] = 'Modifier les permissions pour '; +// end version 1.3 // page liste utilisateurs $lang['listuser_confirm'] = 'Etes-vous sûr de vouloir supprimer l\'utilisateur'; @@ -433,7 +458,9 @@ if ( $isadmin ) $lang['editcat_comment'] = 'Commentaire'; $lang['editcat_status'] = 'Status'; $lang['editcat_status_info'] = '(invisible sauf pour les administrateurs)'; - +// start version 1.3 + $lang['editcat_visible'] = 'Visible'; +// end version 1.3 // page info images $lang['infoimage_err_date'] = 'date erronée'; $lang['infoimage_general'] = 'Options générale pour la catégorie'; diff --git a/picture.php b/picture.php index bcfbeeaa8..4723d4aac 100644 --- a/picture.php +++ b/picture.php @@ -28,20 +28,20 @@ if ( isset( $page['cat'] ) && is_numeric( $page['cat'] ) ) check_restrictions( $page['cat'] ); } //---------------------------------------- incrementation of the number of hits -$query = 'update '.PREFIX_TABLE.'images'; -$query.= ' set hit=hit+1'; -$query.= ' where id='.$_GET['image_id']; +$query = 'UPDATE '.PREFIX_TABLE.'images'; +$query.= ' SET hit=hit+1'; +$query.= ' WHERE id='.$_GET['image_id']; $query.= ';'; @mysql_query( $query ); //-------------------------------------------------------------- initialization initialize_category( 'picture' ); $cat_directory = $page['cat_dir']; // by default //------------------------------------- main picture information initialization -$query = 'select id,date_available,comment,hit'; +$query = 'SELECT id,date_available,comment,hit'; $query.= ',author,name,file,date_creation,filesize,width,height,cat_id'; -$query.= ' from '.PREFIX_TABLE.'images'; +$query.= ' FROM '.PREFIX_TABLE.'images'; $query.= $page['where']; -$query.= ' and id = '.$_GET['image_id']; +$query.= ' AND id = '.$_GET['image_id']; $query.= $conf['order_by']; $query.= ';'; $result = mysql_query( $query ); @@ -59,8 +59,8 @@ $page['width'] = $row['width']; $page['height'] = $row['height']; $page['cat_id'] = $row['cat_id']; // retrieving the number of the picture in its category (in order) -$query = 'select id'; -$query.= ' from '.PREFIX_TABLE.'images'; +$query = 'SELECT id'; +$query.= ' FROM '.PREFIX_TABLE.'images'; $query.= $page['where']; $query.= $conf['order_by']; $query.= ';'; @@ -78,17 +78,17 @@ if ( isset( $_GET['add_fav'] ) ) if ( $_GET['add_fav'] == 1 ) { // verify if the picture is already in the favorite of the user - $query = 'select count(*) as nb_fav'; - $query.= ' from '.PREFIX_TABLE.'favorites'; - $query.= ' where image_id = '.$page['id']; - $query.= ' and user_id = '.$user['id']; + $query = 'SELECT COUNT(*) AS nb_fav'; + $query.= ' FROM '.PREFIX_TABLE.'favorites'; + $query.= ' WHERE image_id = '.$page['id']; + $query.= ' AND user_id = '.$user['id']; $query.= ';'; $result = mysql_query( $query ); $row = mysql_fetch_array( $result ); if ( $row['nb_fav'] == 0 ) { - $query = 'insert into '.PREFIX_TABLE.'favorites'; - $query.= ' (image_id,user_id) values'; + $query = 'INSERT INTO '.PREFIX_TABLE.'favorites'; + $query.= ' (image_id,user_id) VALUES'; $query.= ' ('.$page['id'].','.$user['id'].')'; $query.= ';'; $result = mysql_query( $query ); @@ -96,9 +96,9 @@ if ( isset( $_GET['add_fav'] ) ) } if ( $_GET['add_fav'] == 0 ) { - $query = 'delete from '.PREFIX_TABLE.'favorites'; - $query.= ' where user_id = '.$user['id']; - $query.= ' and image_id = '.$page['id']; + $query = 'DELETE FROM '.PREFIX_TABLE.'favorites'; + $query.= ' WHERE user_id = '.$user['id']; + $query.= ' AND image_id = '.$page['id']; $query.= ';'; $result = mysql_query( $query ); @@ -120,11 +120,11 @@ if ( isset( $_GET['add_fav'] ) ) { $page['num'] = 0; } - $query = 'select id'; - $query.= ' from '.PREFIX_TABLE.'images'; + $query = 'SELECT id'; + $query.= ' FROM '.PREFIX_TABLE.'images'; $query.= $page['where']; $query.= $conf['order_by']; - $query.= ' limit '.$page['num'].',1'; + $query.= ' LIMIT '.$page['num'].',1'; $query.= ';'; $result = mysql_query( $query ); $row = mysql_fetch_array( $result ); @@ -143,24 +143,15 @@ if ( isset( $_GET['add_fav'] ) ) } //----------------------------------------------------- template initialization $vtp = new VTemplate; -$handle = $vtp->Open( './template/default/picture.vtp' ); -// language -$vtp->setGlobalVar( $handle, 'back', $lang['back'] ); -$vtp->setGlobalVar( $handle, 'submit', $lang['submit'] ); -$vtp->setGlobalVar( $handle, 'comments_title', $lang['comments_title'] ); -$vtp->setGlobalVar( $handle, 'comments_del', $lang['comments_del'] ); -$vtp->setGlobalVar( $handle, 'delete', $lang['delete'] ); -$vtp->setGlobalVar( $handle, 'comments_add', $lang['comments_add'] ); -$vtp->setGlobalVar( $handle, 'author', $lang['author'] ); -// user -$vtp->setGlobalVar( $handle, 'page_style', $user['style'] ); -$vtp->setGlobalVar( $handle, 'text_color', $user['couleur_text'] ); -// structure -$vtp->setGlobalVar( $handle, 'frame_start', get_frame_start() ); -$vtp->setGlobalVar( $handle, 'frame_begin', get_frame_begin() ); -$vtp->setGlobalVar( $handle, 'frame_end', get_frame_end() ); +$handle = $vtp->Open( './template/'.$user['template'].'/picture.vtp' ); +initialize_template(); + +$tpl = array( 'back','submit','comments_title','comments_del','delete', + 'comments_add','author' ); +templatize_array( $tpl, 'lang', $handle ); +$vtp->setGlobalVar( $handle, 'text_color', $user['couleur_text'] ); //------------------------------------------------------------------ page title -if ( $page['name'] != "" ) +if ( $page['name'] != '' ) { $vtp->setGlobalVar( $handle, 'page_title', $page['name'] ); } @@ -172,11 +163,11 @@ else if ( $page['num'] >= 1 ) { $prev = $page['num'] - 1; - $query = 'select id,name,file,tn_ext,cat_id'; - $query.= ' from '.PREFIX_TABLE.'images'; + $query = 'SELECT id,name,file,tn_ext,cat_id'; + $query.= ' FROM '.PREFIX_TABLE.'images'; $query.= $page['where']; $query.= $conf['order_by']; - $query.= ' limit '.$prev.',1'; + $query.= ' LIMIT '.$prev.',1'; $query.= ';'; $result = mysql_query( $query ); $row = mysql_fetch_array( $result ); @@ -197,14 +188,8 @@ if ( $page['num'] >= 1 ) $prev_title = $lang['previous_image'].' : '; $alt_thumbnaill = ''; - if ( $row['name'] != "" ) - { - $alt_thumbnail = $row['name']; - } - else - { - $alt_thumbnail = $file; - } + if ( $row['name'] != '' ) $alt_thumbnail = $row['name']; + else $alt_thumbnail = $file; $prev_title.= $alt_thumbnail; $url_link = './picture.php?image_id='.$row['id'].'&cat='.$page['cat']; @@ -320,22 +305,22 @@ if ( $page['date_creation'] != "" ) { $vtp->addSession( $handle, 'info_line' ); $vtp->setVar( $handle, 'info_line.name', $lang['creation_date'].' : ' ); - $tab_date = explode( '-', $page['date_creation'] ); + list( $year,$month,$day ) = explode( '-', $page['date_creation'] ); $vtp->setVar( $handle, 'info_line.content', - $tab_date[2].'/'.$tab_date[1].'/'.$tab_date[0] ); + $day.'/'.$month.'/'.$year ); $vtp->closeSession( $handle, 'info_line' ); } // date of availability $vtp->addSession( $handle, 'info_line' ); $vtp->setVar( $handle, 'info_line.name', $lang['registration_date'].' : ' ); -$tab_date = explode( '-', $page['date_available'] ); +list( $year,$month,$day ) = explode( '-', $page['date_available'] ); $vtp->setVar( $handle, 'info_line.content', - $tab_date[2].'/'.$tab_date[1].'/'.$tab_date[0] ); + $day.'/'.$month.'/'.$year ); $vtp->closeSession( $handle, 'info_line' ); // size in pixels $vtp->addSession( $handle, 'info_line' ); $vtp->setVar( $handle, 'info_line.name', $lang['size'].' : ' ); -if ( $original_width != $final_width || $original_height != $final_height ) +if ( $original_width != $final_width or $original_height != $final_height ) { $content = '[ <a href="'.$lien_image.'" title="'.$lang['true_size'].'">'; $content.= $original_width.'*'.$original_height.'</a> ]'; @@ -379,7 +364,7 @@ $vtp->setVar( $handle, 'info_line.name', $lang['visited'].' : ' ); $vtp->setVar( $handle, 'info_line.content', $page['hit'].' '.$lang['times'] ); $vtp->closeSession( $handle, 'info_line' ); //------------------------------------------------------- favorite manipulation -if ( $page['cat'] != 'fav' && !$user['is_the_guest'] ) +if ( $page['cat'] != 'fav' and !$user['is_the_guest'] ) { $url = './picture.php?cat='.$page['cat'].'&image_id='.$page['id']; $url.= '&expand='.$_GET['expand'].'&add_fav=1'; @@ -441,7 +426,7 @@ if ( $page['num'] < $page['cat_nb_images']-1 ) } $file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") ); - $lien_thumbnail = $cat_directory."thumbnail/"; + $lien_thumbnail = $cat_directory.'thumbnail/'; $lien_thumbnail.= $conf['prefix_thumbnail'].$file.".".$row['tn_ext']; if ( $row['name'] != "" ) @@ -480,13 +465,13 @@ if ( $conf['show_comments'] ) // comment registeration if ( isset( $_POST['content'] ) && $_POST['content'] != '' ) { - $author = $user['pseudo']; - if ( $_POST['author'] != "" ) + $author = $user['username']; + if ( $_POST['author'] != '' ) { $author = $_POST['author']; } - $query = 'insert into '.PREFIX_TABLE.'comments'; - $query.= ' (author,date,image_id,content) values'; + $query = 'INSERT INTO '.PREFIX_TABLE.'comments'; + $query.= ' (author,date,image_id,content) VALUES'; $query.= " ('".$author."',".time().",".$page['id']; $query.= ",'".htmlspecialchars( $_POST['content'], ENT_QUOTES)."');"; mysql_query( $query ); @@ -496,14 +481,14 @@ if ( $conf['show_comments'] ) && is_numeric( $_GET['del'] ) && $user['status'] == 'admin' ) { - $query = 'delete from '.PREFIX_TABLE.'comments'; - $query.= ' where id = '.$_GET['del'].';'; + $query = 'DELETE FROM '.PREFIX_TABLE.'comments'; + $query.= ' WHERE id = '.$_GET['del'].';'; mysql_query( $query ); } // number of comment for this picture - $query = 'select count(*) as nb_comments'; - $query.= ' from '.PREFIX_TABLE.'comments'; - $query.= ' where image_id = '.$page['id'].';'; + $query = 'SELECT COUNT(*) AS nb_comments'; + $query.= ' FROM '.PREFIX_TABLE.'comments'; + $query.= ' WHERE image_id = '.$page['id'].';'; $row = mysql_fetch_array( mysql_query( $query ) ); $page['nb_comments'] = $row['nb_comments']; // navigation bar creation @@ -514,8 +499,8 @@ if ( $conf['show_comments'] ) $url.= '&search='.$_GET['search'].'&mode='.$_GET['mode']; } if( !isset( $_GET['start'] ) - || !is_numeric( $_GET['start'] ) - || ( is_numeric( $_GET['start'] ) && $_GET['start'] < 0 ) ) + or !is_numeric( $_GET['start'] ) + or ( is_numeric( $_GET['start'] ) and $_GET['start'] < 0 ) ) { $page['start'] = 0; } @@ -531,11 +516,11 @@ if ( $conf['show_comments'] ) $vtp->setGlobalVar( $handle, 'navigation_bar', $page['navigation_bar'] ); $vtp->setGlobalVar( $handle, 'nb_comments', $page['nb_comments'] ); - $query = 'select id,author,date,image_id,content'; - $query.= ' from '.PREFIX_TABLE.'comments'; - $query.= ' where image_id = '.$page['id']; - $query.= ' order by date asc'; - $query.= ' limit '.$page['start'].', '.$conf['nb_comment_page'].';'; + $query = 'SELECT id,author,date,image_id,content'; + $query.= ' FROM '.PREFIX_TABLE.'comments'; + $query.= ' WHERE image_id = '.$page['id']; + $query.= ' ORDER BY date ASC'; + $query.= ' LIMIT '.$page['start'].', '.$conf['nb_comment_page'].';'; $result = mysql_query( $query ); while ( $row = mysql_fetch_array( $result ) ) @@ -580,10 +565,4 @@ mysql_close(); //----------------------------------------------------------- html code display $code = $vtp->Display( $handle, 0 ); echo $code; -//------------------------------------------------------------ log informations -$query = 'insert into '.PREFIX_TABLE.'history'; -$query.= ' (date,login,IP,page,titre,categorie) values'; -$query.= " (".time().", '".$user['pseudo']."','".$_SERVER['REMOTE_ADDR']."'"; -$query.= ",'picture','".$page['file']."','".$intitule_cat."');"; -@mysql_query( $query ); ?>
\ No newline at end of file diff --git a/register.php b/register.php index 48d661d49..76b7455d3 100644 --- a/register.php +++ b/register.php @@ -16,9 +16,9 @@ ***************************************************************************/ //----------------------------------------------------------- personnal include -include_once( "./include/init.inc.php" ); +include_once( './include/init.inc.php' ); //-------------------------------------------------- access authorization check -if ( $conf['acces'] == "restreint" ) +if ( $conf['access'] == "restricted" ) { echo $lang['only_members']; exit(); diff --git a/template/default/admin/cat.vtp b/template/default/admin/cat_list.vtp index 4c0aca7e9..681e63023 100644 --- a/template/default/admin/cat.vtp +++ b/template/default/admin/cat_list.vtp @@ -4,7 +4,7 @@ <{#td} style="width:40%;text-align:left;"> {#indent}<img src="./images/puce.gif" alt=">" /> {#name} [ dir : {#dir} ] - <span style="color:red;font-weight:normal;"> {#invisible}</span> + <span style="color:red;font-weight:normal;"> {#invisible} <span style="font-weight:bold;">{#private}</span></span> </{#td}> <{#td} style="text-align:center;"> <div style="margin-left:3px;margin-right:3px;">{#nb_picture}</div> @@ -42,7 +42,12 @@ </{#td}> <{#td} class="{#class}" style="width:10%;white-space:nowrap;text-align:center;"> - <a href="{#permission_url}">{#cat_permission}</a> + <!--VTP_permission--> + <a href="{#url}">{#cat_permission}</a> + <!--/VTP_permission--> + <!--VTP_no_permission--> + <span style="color:darkgray;">{#cat_permission}</span> + <!--/VTP_no_permission--> </{#td}> <{#td} class="{#class}" style="width:10%;white-space:nowrap;text-align:center;"> diff --git a/template/default/admin/edit_cat.vtp b/template/default/admin/cat_modify.vtp index 4bafd765b..90dcc093f 100644 --- a/template/default/admin/edit_cat.vtp +++ b/template/default/admin/cat_modify.vtp @@ -29,16 +29,15 @@ <td style="width:20%;">{#editcat_status}</td> <td class="row2"> <!--VTP_status_option--> - <input type="radio" name="status" value="{#option}"{#checked} />{#option} + <input type="radio" name="status" value="{#value}"{#checked} />{#option} <!--/VTP_status_option--> - {#editcat_status_info} </td> </tr> <tr> <td style="width:20%;">{#editcat_visible}</td> <td class="row2"> <!--VTP_visible_option--> - <input type="radio" name="visible" value="{#option}"{#checked} />{#option} + <input type="radio" name="visible" value="{#value}"{#checked} />{#option} <!--/VTP_visible_option--> {#editcat_status_info} </td> diff --git a/template/default/admin/cat_perm.vtp b/template/default/admin/cat_perm.vtp new file mode 100644 index 000000000..cf8fab094 --- /dev/null +++ b/template/default/admin/cat_perm.vtp @@ -0,0 +1,47 @@ +<form action="{#action}" method="post"> + <!--VTP_groups--> + <table style="width:100%;"> + <tr> + <th colspan="2">{#menu_groups}</th> + </tr> + <!--VTP_group--> + <tr> + <td><a href="{#group_perm_link}"><span style="color:{#color}">{#groupname}</span></a></td> + <td style="text-align:right;"> + <input type="radio" name="groupaccess-{#id}" value="0"{#authorized_checked}/>{#permuser_authorized} + <input type="radio" name="groupaccess-{#id}" value="1"{#forbidden_checked}/>{#permuser_forbidden} + </td> + </tr> + <!--/VTP_group--> + </table> + <!--/VTP_groups--> + <table style="width:100%;"> + <tr> + <th colspan="2">{#menu_users}</th> + </tr> + <!--VTP_user--> + <tr> + <td> + <a href="{#user_perm_link}"><span style="color:{#color}">{#username}</span></a> + <!--VTP_usergroups--> + [ + <!--VTP_usergroup--> + <span style="color:{#color};">{#name}</span>{#separation} + <!--/VTP_usergroup--> + ] + <!--/VTP_usergroups--> + </td> + <td style="text-align:right;"> + <!--VTP_parent_forbidden--> + <a href="{#url}">{#permuser_parent_forbidden}</a> + <!--/VTP_parent_forbidden--> + <input type="radio" name="useraccess-{#id}" value="0"{#authorized_checked}/>{#permuser_authorized} + <input type="radio" name="useraccess-{#id}" value="1"{#forbidden_checked}/>{#permuser_forbidden} + </td> + </tr> + <!--/VTP_user--> + <tr> + <td colspan="2" align="center"><input type="submit" name="submit" value="{#submit}"/></td> + </tr> + </table> +</form>
\ No newline at end of file diff --git a/template/default/admin/group_list.vtp b/template/default/admin/group_list.vtp new file mode 100644 index 000000000..a02d8ad8d --- /dev/null +++ b/template/default/admin/group_list.vtp @@ -0,0 +1,49 @@ +<!--VTP_errors--> +<div class="errors"> + <ul> + <!--VTP_li--> + <li>{#li}</li> + <!--/VTP_li--> + </ul> +</div> +<!--/VTP_errors--> +<!--VTP_deletion--> +<table style="width:100%;"> + <tr> + <th colspan="2">{#group_confirm} "{#name}" ?</th> + </tr> + <tr> + <td align="center"><a href="{#yes_url}">{#yes}</a></td> + <td align="center" class="row2"><a href="{#no_url}">{#no}</a></td> + </tr> +</table> +<!--/VTP_deletion--> +<!--VTP_confirmation--> +<div class="{#class}">{#info}</div> +<!--/VTP_confirmation--> +<!--VTP_groups--> +<table width="100%"> + <tr> + <th colspan="3">{#group_list_title}</th> + </tr> + <!--VTP_group--> + <tr> + <td style="width:25%;"> + <div style="margin-left:10px;color:{#color}"><img src="./images/puce.gif" alt=">" /> {#name}</div> + </td> + <td class="row2" style="text-align:center;width:25%;"> + <a href="{#permission_url}">{#listuser_permission}</a> + </td> + <td class="row2" style="text-align:center;width:25%;"> + <a href="{#deletion_url}">{#delete}</a> + </td> + </tr> + <!--/VTP_group--> +</table> +<!--/VTP_groups--> +<form method="post" action="{#form_action}"> + <div style="text-align:center;margin:10px;"> + {#group_add} <input type="text" name="name" /> + <input type="submit" value="{#add}" name="submit" /> + </div> +</form>
\ No newline at end of file diff --git a/template/default/admin/group_perm.vtp b/template/default/admin/group_perm.vtp new file mode 100644 index 000000000..89beae782 --- /dev/null +++ b/template/default/admin/group_perm.vtp @@ -0,0 +1,24 @@ +<!--VTP_confirmation--> +<div class="info">{#permuser_info_message} [ <a href="{#back_url}">{#adduser_info_back}</a> ]</div> +<!--/VTP_confirmation--> +<form action="{#action}" method="post"> + <table style="width:100%;"> + <!--VTP_category--> + <tr> + <td> + <img src="./images/puce.gif" alt=">" /> <a href="{#cat_perm_link}"><span style="color:{#color}">{#name}</span></a> + </td> + <td style="text-align:right;"> + <!--VTP_parent_forbidden--> + {#permuser_parent_forbidden} + <!--/VTP_parent_forbidden--> + <input type="radio" name="access-{#id}" value="0"{#authorized_checked}/>{#permuser_authorized} + <input type="radio" name="access-{#id}" value="1"{#forbidden_checked}/>{#permuser_forbidden} + </td> + </tr> + <!--/VTP_category--> + <tr> + <td colspan="2" align="center"><input type="submit" name="submit" value="{#submit}"/></td> + </tr> + </table> +</form>
\ No newline at end of file diff --git a/template/default/admin/user_modify.vtp b/template/default/admin/user_modify.vtp index 53844d64f..49d2f1358 100644 --- a/template/default/admin/user_modify.vtp +++ b/template/default/admin/user_modify.vtp @@ -34,7 +34,7 @@ </tr> <tr> <td>{#new} {#password}<input type="checkbox" name="use_new_pwd" value="1" /></td> - <td><input type="text" name="password" value="{#user:password}" /></td> + <td><input type="text" name="password" value="" /></td> </tr> <tr> <td>{#mail_address}</td> @@ -50,6 +50,31 @@ </select> </td> </tr> + <!--VTP_groups--> + <tr> + <td valign="top">{#menu_groups}</td> + <td> + <table> + <!--VTP_group--> + <tr> + <td>{#name}</td> + <td><input type="checkbox" name="dissociate-{#dissociate_id}" value="1" /> {#dissociate}</td> + </tr> + <!--/VTP_group--> + </table> + </td> + </tr> + <!--/VTP_groups--> + <tr> + <td>{#adduser_associate}</td> + <td> + <select name="associate"> + <!--VTP_associate_group--> + <option value="{#value}">{#option}</option> + <!--/VTP_associate_group--> + </select> + </td> + </tr> <tr> <td colspan="2" align="center"> <input type="submit" name="submit" value="{#submit}" /> diff --git a/template/default/admin/user_perm.vtp b/template/default/admin/user_perm.vtp new file mode 100644 index 000000000..aebdff9d5 --- /dev/null +++ b/template/default/admin/user_perm.vtp @@ -0,0 +1,31 @@ +<!--VTP_confirmation--> +<div class="info">{#permuser_info_message} [ <a href="{#back_url}">{#adduser_info_back}</a> ]</div> +<!--/VTP_confirmation--> +<form action="{#action}" method="post"> + <table style="width:100%;"> + <!--VTP_category--> + <tr> + <td> + <img src="./images/puce.gif" alt=">" /> <a href="{#cat_perm_link}"><span style="color:{#color}">{#name}</span></a> + <!--VTP_usergroups--> + [ + <!--VTP_usergroup--> + <span style="color:{#color};">{#name}</span>{#separation} + <!--/VTP_usergroup--> + ] + <!--/VTP_usergroups--> + </td> + <td style="text-align:right;"> + <!--VTP_parent_forbidden--> + {#permuser_parent_forbidden} + <!--/VTP_parent_forbidden--> + <input type="radio" name="access-{#id}" value="0"{#authorized_checked}/>{#permuser_authorized} + <input type="radio" name="access-{#id}" value="1"{#forbidden_checked}/>{#permuser_forbidden} + </td> + </tr> + <!--/VTP_category--> + <tr> + <td colspan="2" align="center"><input type="submit" name="submit" value="{#submit}"/></td> + </tr> + </table> +</form>
\ No newline at end of file diff --git a/template/default/picture.vtp b/template/default/picture.vtp index 2e20a4949..66fe213ac 100644 --- a/template/default/picture.vtp +++ b/template/default/picture.vtp @@ -1,6 +1,6 @@ <html> <head> - {#page_style} + {#style} <!-- Specific style to picture.php--> <style type="text/css"> .commentsAuthor,.commentsTitle,.commentsInfos,.commentsContent,.commentsNavigationBar { @@ -44,6 +44,7 @@ <title>{#page_title}</title> </head> <body> + {#header} <table style="width:100%;height:100%;"> <tr align="center" valign="middle"> <td> @@ -162,5 +163,6 @@ </tr> <!--/VTP_comments--> </table> + {#footer} </body> </html>
\ No newline at end of file |