aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--admin/admin.php110
-rw-r--r--admin/cat_list.php (renamed from admin/cat.php)122
-rw-r--r--admin/cat_modify.php (renamed from admin/edit_cat.php)71
-rw-r--r--admin/cat_perm.php210
-rw-r--r--admin/configuration.php77
-rw-r--r--admin/group_list.php135
-rw-r--r--admin/group_perm.php104
-rw-r--r--admin/include/functions.php63
-rw-r--r--admin/include/isadmin.inc.php4
-rw-r--r--admin/perm.php270
-rw-r--r--admin/user_list.php69
-rw-r--r--admin/user_modify.php97
-rw-r--r--admin/user_perm.php174
-rw-r--r--include/config.inc.php4
-rw-r--r--include/functions.inc.php19
-rw-r--r--include/functions_category.inc.php22
-rw-r--r--include/functions_group.inc.php104
-rw-r--r--include/functions_user.inc.php111
-rw-r--r--include/functions_xml.inc.php7
-rw-r--r--include/init.inc.php4
-rw-r--r--include/user.inc.php27
-rw-r--r--include/vtemplate.class.php865
-rw-r--r--index.php15
-rw-r--r--language/francais.php39
-rw-r--r--picture.php133
-rw-r--r--register.php4
-rw-r--r--template/default/admin/cat_list.vtp (renamed from template/default/admin/cat.vtp)9
-rw-r--r--template/default/admin/cat_modify.vtp (renamed from template/default/admin/edit_cat.vtp)5
-rw-r--r--template/default/admin/cat_perm.vtp47
-rw-r--r--template/default/admin/group_list.vtp49
-rw-r--r--template/default/admin/group_perm.vtp24
-rw-r--r--template/default/admin/user_modify.vtp27
-rw-r--r--template/default/admin/user_perm.vtp31
-rw-r--r--template/default/picture.vtp4
34 files changed, 2012 insertions, 1044 deletions
diff --git a/admin/admin.php b/admin/admin.php
index 5730356fe..3825ca71a 100644
--- a/admin/admin.php
+++ b/admin/admin.php
@@ -25,55 +25,110 @@ $vtp->setGlobalVar( $handle, 'page_title', $lang['title_default'] );
$vtp->setGlobalVar( $handle, 'menu_title', $lang['menu_title'] );
//--------------------------------------- validating page and creation of title
$page_valide = false;
+$title = '';
switch ( $_GET['page'] )
{
case 'user_add':
- $titre = $lang['title_add']; $page_valide = true; break;
+ $title = $lang['title_add']; $page_valide = true; break;
case 'user_list':
- $titre = $lang['title_liste_users']; $page_valide = true; break;
+ $title = $lang['title_liste_users']; $page_valide = true; break;
case 'user_modify':
- $titre = $lang['title_modify']; $page_valide = true; break;
+ $title = $lang['title_modify']; $page_valide = true; break;
+ case 'user_perm':
+ if ( !is_numeric( $_GET['user_id'] ) ) $_GET['user_id'] = -1;
+ $query = 'SELECT status,username';
+ $query.= ' FROM '.PREFIX_TABLE.'users';
+ $query.= ' WHERE id = '.$_GET['user_id'];
+ $query.= ';';
+ $result = mysql_query( $query );
+ if ( mysql_num_rows( $result ) > 0 )
+ {
+ $row = mysql_fetch_array( $result );
+ $page['user_status'] = $row['status'];
+ if ( $row['username'] == 'guest' ) $row['username'] = $lang['guest'];
+ $page['user_username'] = $row['username'];
+ $page_valide = true;
+ $title = $lang['title_user_perm'].' "'.$page['user_username'].'"';
+ }
+ else
+ {
+ $page_valide = false;
+ }
+ break;
+ case 'group_list' :
+ $title = $lang['title_groups']; $page_valide = true; break;
+ case 'group_perm' :
+ if ( !is_numeric( $_GET['group_id'] ) ) $_GET['group_id'] = -1;
+ $query = 'SELECT name';
+ $query.= ' FROM '.PREFIX_TABLE.'groups';
+ $query.= ' WHERE id = '.$_GET['group_id'];
+ $query.= ';';
+ $result = mysql_query( $query );
+ if ( mysql_num_rows( $result ) > 0 )
+ {
+ $row = mysql_fetch_array( $result );
+ $title = $lang['title_group_perm'].' "'.$row['name'].'"';
+ $page_valide = true;
+ }
+ else
+ {
+ $page_valide = false;
+ }
+ break;
case 'historique':
- $titre = $lang['title_history']; $page_valide = true; break;
+ $title = $lang['title_history']; $page_valide = true; break;
case 'update':
- $titre = $lang['title_update']; $page_valide = true; break;
+ $title = $lang['title_update']; $page_valide = true; break;
case 'configuration':
- $titre = $lang['title_configuration']; $page_valide = true; break;
+ $title = $lang['title_configuration']; $page_valide = true; break;
case 'manuel':
- $titre = $lang['title_instructions']; $page_valide = true; break;
- case 'perm':
- $titre = $lang['title_permissions']; $page_valide = true; break;
- case 'cat':
- $titre = $lang['title_categories']; $page_valide = true; break;
- case 'edit_cat':
- $titre = $lang['title_edit_cat']; $page_valide = true; break;
+ $title = $lang['title_instructions']; $page_valide = true; break;
+ case 'cat_perm':
+ $title = $lang['title_cat_perm'];
+ if ( isset( $_GET['cat_id'] ) )
+ {
+ check_cat_id( $_GET['cat_id'] );
+ if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) )
+ {
+ $result = get_cat_info( $page['cat'] );
+ $name = get_cat_display_name( $result['name'],' > ', '' );
+ $title.= ' "'.$name.'"';
+ }
+ }
+ $page_valide = true;
+ break;
+ case 'cat_list':
+ $title = $lang['title_categories']; $page_valide = true; break;
+ case 'cat_modify':
+ $title = $lang['title_edit_cat']; $page_valide = true; break;
case 'infos_images':
- $titre = $lang['title_info_images']; $page_valide = true; break;
+ $title = $lang['title_info_images']; $page_valide = true; break;
case 'waiting':
- $titre = $lang['title_waiting']; $page_valide = true; break;
+ $title = $lang['title_waiting']; $page_valide = true; break;
case 'thumbnail':
- $titre = $lang['title_thumbnails'];
+ $title = $lang['title_thumbnails'];
if ( isset( $_GET['dir'] ) )
{
- $titre.= ' '.$lang['title_thumbnails_2'].' <span style="color:#006699;">';
+ $title.= ' '.$lang['title_thumbnails_2'].' <span style="color:#006699;">';
// $_GET['dir'] contient :
// ../galleries/vieux_lyon ou
// ../galleries/vieux_lyon/visite ou
// ../galleries/vieux_lyon/visite/truc ...
$dir = explode( "/", $_GET['dir'] );
- $titre.= $dir[2];
+ $title.= $dir[2];
for ( $i = 3; $i < sizeof( $dir ) - 1; $i++ )
{
- $titre.= ' &gt; '.$dir[$i];
+ $title.= ' &gt; '.$dir[$i];
}
- $titre.= "</span>";
+ $title.= "</span>";
}
$page_valide = true;
break;
default:
- $titre = $lang['title_default']; break;
+ $title = $lang['title_default']; break;
}
-$vtp->setGlobalVar( $handle, 'title', $titre );
+if ( $title == '' ) $title = $lang['title_default'];
+$vtp->setGlobalVar( $handle, 'title', $title );
//--------------------------------------------------------------------- summary
$link_start = './admin.php?page=';
// configuration
@@ -87,7 +142,7 @@ $vtp->closeSession( $handle, 'summary' );
$vtp->addSession( $handle, 'summary' );
$vtp->setVar( $handle, 'summary.indent', '' );
$vtp->setVar( $handle, 'summary.link',
- add_session_id( $link_start.'liste_users' ) );
+ add_session_id( $link_start.'user_list' ) );
$vtp->setVar( $handle, 'summary.name', $lang['menu_users'] );
$vtp->closeSession( $handle, 'summary' );
// user list
@@ -104,10 +159,17 @@ $vtp->setVar(
$handle, 'summary.link', add_session_id( $link_start.'user_add' ) );
$vtp->setVar( $handle, 'summary.name', $lang['menu_add_user'] );
$vtp->closeSession( $handle, 'summary' );
+// groups
+$vtp->addSession( $handle, 'summary' );
+$vtp->setVar( $handle, 'summary.indent', '' );
+$vtp->setVar( $handle, 'summary.link',
+ add_session_id( $link_start.'group_list' ) );
+$vtp->setVar( $handle, 'summary.name', $lang['menu_groups'] );
+$vtp->closeSession( $handle, 'summary' );
// categories
$vtp->addSession( $handle, 'summary' );
$vtp->setVar( $handle, 'summary.indent', '' );
-$vtp->setVar( $handle, 'summary.link', add_session_id( $link_start.'cat' ) );
+$vtp->setVar( $handle, 'summary.link',add_session_id( $link_start.'cat_list'));
$vtp->setVar( $handle, 'summary.name', $lang['menu_categories'] );
$vtp->closeSession( $handle, 'summary' );
// waiting
diff --git a/admin/cat.php b/admin/cat_list.php
index 890fa866a..a0c7696b7 100644
--- a/admin/cat.php
+++ b/admin/cat_list.php
@@ -17,7 +17,7 @@
***************************************************************************/
include_once( './include/isadmin.inc.php' );
//----------------------------------------------------- template initialization
-$sub = $vtp->Open( '../template/'.$user['template'].'/admin/cat.vtp' );
+$sub = $vtp->Open( '../template/'.$user['template'].'/admin/cat_list.vtp' );
// language
$vtp->setGlobalVar( $sub, 'cat_edit', $lang['cat_edit'] );
$vtp->setGlobalVar( $sub, 'cat_up', $lang['cat_up'] );
@@ -30,41 +30,41 @@ if ( isset( $_GET['up'] ) && is_numeric( $_GET['up'] ) )
{
// 1. searching level (id_uppercat)
// and rank of the category to move
- $query = 'select id_uppercat,rank';
- $query.= ' from '.PREFIX_TABLE.'categories';
- $query.= ' where id = '.$_GET['up'];
+ $query = 'SELECT id_uppercat,rank';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
+ $query.= ' WHERE id = '.$_GET['up'];
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
$level = $row['id_uppercat'];
$rank = $row['rank'];
// 2. searching the id and the rank of the category
// just above at the same level
- $query = 'select id,rank';
- $query.= ' from '.PREFIX_TABLE.'categories';
- $query.= ' where rank < '.$rank;
+ $query = 'SELECT id,rank';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
+ $query.= ' WHERE rank < '.$rank;
if ( $level == '' )
{
- $query.= ' and id_uppercat is null';
+ $query.= ' AND id_uppercat IS NULL';
}
else
{
- $query.= ' and id_uppercat = '.$level;
+ $query.= ' AND id_uppercat = '.$level;
}
- $query.= ' order by rank desc';
- $query.= ' limit 0,1';
+ $query.= ' ORDER BY rank DESC';
+ $query.= ' LIMIT 0,1';
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
$new_rank = $row['rank'];
$replaced_cat = $row['id'];
// 3. exchanging ranks between the two categories
- $query = 'update '.PREFIX_TABLE.'categories';
- $query.= ' set rank = '.$new_rank;
- $query.= ' where id = '.$_GET['up'];
+ $query = 'UPDATE '.PREFIX_TABLE.'categories';
+ $query.= ' SET rank = '.$new_rank;
+ $query.= ' WHERE id = '.$_GET['up'];
$query.= ';';
mysql_query( $query );
- $query = 'update '.PREFIX_TABLE.'categories';
- $query.= ' set rank = '.$rank;
- $query.= ' where id = '.$replaced_cat;
+ $query = 'UPDATE '.PREFIX_TABLE.'categories';
+ $query.= ' SET rank = '.$rank;
+ $query.= ' WHERE id = '.$replaced_cat;
$query.= ';';
mysql_query( $query );
}
@@ -72,41 +72,41 @@ if ( isset( $_GET['down'] ) && is_numeric( $_GET['down'] ) )
{
// 1. searching level (id_uppercat)
// and rank of the category to move
- $query = 'select id_uppercat,rank';
- $query.= ' from '.PREFIX_TABLE.'categories';
- $query.= ' where id = '.$_GET['down'];
+ $query = 'SELECT id_uppercat,rank';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
+ $query.= ' WHERE id = '.$_GET['down'];
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
$level = $row['id_uppercat'];
$rank = $row['rank'];
// 2. searching the id and the rank of the category
// just below at the same level
- $query = 'select id,rank';
- $query.= ' from '.PREFIX_TABLE.'categories';
- $query.= ' where rank > '.$rank;
+ $query = 'SELECT id,rank';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
+ $query.= ' WHERE rank > '.$rank;
if ( $level == '' )
{
- $query.= ' and id_uppercat is null';
+ $query.= ' AND id_uppercat is null';
}
else
{
- $query.= ' and id_uppercat = '.$level;
+ $query.= ' AND id_uppercat = '.$level;
}
- $query.= ' order by rank asc';
- $query.= ' limit 0,1';
+ $query.= ' ORDER BY rank ASC';
+ $query.= ' LIMIT 0,1';
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
$new_rank = $row['rank'];
$replaced_cat = $row['id'];
// 3. exchanging ranks between the two categories
- $query = 'update '.PREFIX_TABLE.'categories';
- $query.= ' set rank = '.$new_rank;
- $query.= ' where id = '.$_GET['down'];
+ $query = 'UPDATE '.PREFIX_TABLE.'categories';
+ $query.= ' SET rank = '.$new_rank;
+ $query.= ' WHERE id = '.$_GET['down'];
$query.= ';';
mysql_query( $query );
- $query = 'update '.PREFIX_TABLE.'categories';
- $query.= ' set rank = '.$rank;
- $query.= ' where id = '.$replaced_cat;
+ $query = 'UPDATE '.PREFIX_TABLE.'categories';
+ $query.= ' SET rank = '.$rank;
+ $query.= ' WHERE id = '.$replaced_cat;
$query.= ';';
mysql_query( $query );
}
@@ -115,24 +115,24 @@ function ordering( $id_uppercat )
{
$rank = 1;
- $query = 'select id';
- $query.= ' from '.PREFIX_TABLE.'categories';
+ $query = 'SELECT id';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
if ( !is_numeric( $id_uppercat ) )
{
- $query.= ' where id_uppercat is NULL';
+ $query.= ' WHERE id_uppercat IS NULL';
}
else
{
- $query.= ' where id_uppercat = '.$id_uppercat;
+ $query.= ' WHERE id_uppercat = '.$id_uppercat;
}
- $query.= ' order by rank asc, dir asc';
+ $query.= ' ORDER BY rank ASC, dir ASC';
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
- $query = 'update '.PREFIX_TABLE.'categories';
- $query.= ' set rank = '.$rank;
- $query.= ' where id = '.$row['id'];
+ $query = 'UPDATE '.PREFIX_TABLE.'categories';
+ $query.= ' SET rank = '.$rank;
+ $query.= ' WHERE id = '.$row['id'];
$query.= ';';
mysql_query( $query );
$rank++;
@@ -148,15 +148,15 @@ function display_cat_manager( $id_uppercat, $indent,
global $lang,$conf,$sub,$vtp;
// searching the min_rank and the max_rank of the category
- $query = 'select min(rank) as min, max(rank) as max';
- $query.= ' from '.PREFIX_TABLE.'categories';
+ $query = 'SELECT MIN(rank) AS min, MAX(rank) AS max';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
if ( !is_numeric( $id_uppercat ) )
{
- $query.= ' where id_uppercat is NULL';
+ $query.= ' WHERE id_uppercat IS NULL';
}
else
{
- $query.= ' where id_uppercat = '.$id_uppercat;
+ $query.= ' WHERE id_uppercat = '.$id_uppercat;
}
$query.= ';';
$result = mysql_query( $query );
@@ -176,17 +176,17 @@ function display_cat_manager( $id_uppercat, $indent,
$td = 'th';
}
- $query = 'select id,name,dir,nb_images,status,rank,site_id';
- $query.= ' from '.PREFIX_TABLE.'categories';
+ $query = 'SELECT id,name,dir,nb_images,status,rank,site_id,visible';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
if ( !is_numeric( $id_uppercat ) )
{
- $query.= ' where id_uppercat is NULL';
+ $query.= ' WHERE id_uppercat IS NULL';
}
else
{
- $query.= ' where id_uppercat = '.$id_uppercat;
+ $query.= ' WHERE id_uppercat = '.$id_uppercat;
}
- $query.= ' order by rank asc';
+ $query.= ' ORDER BY rank ASC';
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
@@ -207,13 +207,17 @@ function display_cat_manager( $id_uppercat, $indent,
}
$vtp->setVar( $sub, 'cat.name', $name );
$vtp->setVar( $sub, 'cat.dir', $row['dir'] );
- if ( $row['status'] == 'invisible' || !$uppercat_visible )
+ if ( $row['visible'] == 'false' or !$uppercat_visible )
{
$subcat_visible = false;
$vtp->setVar( $sub, 'cat.invisible', $lang['cat_invisible'] );
}
+ if ( $row['status'] == 'private' )
+ {
+ $vtp->setVar( $sub, 'cat.private', $lang['private'] );
+ }
$vtp->setVar( $sub, 'cat.nb_picture', $row['nb_images'] );
- $url = add_session_id( './admin.php?page=edit_cat&amp;cat='.$row['id'] );
+ $url = add_session_id( './admin.php?page=cat_modify&amp;cat='.$row['id'] );
$vtp->setVar( $sub, 'cat.edit_url', $url );
if ( $row['rank'] != $min_rank )
{
@@ -252,8 +256,18 @@ function display_cat_manager( $id_uppercat, $indent,
$vtp->addSession( $sub, 'no_image_info' );
$vtp->closeSession( $sub, 'no_image_info' );
}
- $url = add_session_id( './admin.php?page=perm&amp;cat_id='.$row['id'] );
- $vtp->setVar( $sub, 'cat.permission_url', $url );
+ if ( $row['status'] == 'private' )
+ {
+ $vtp->addSession( $sub, 'permission' );
+ $url=add_session_id('./admin.php?page=cat_perm&amp;cat_id='.$row['id']);
+ $vtp->setVar( $sub, 'permission.url', $url );
+ $vtp->closeSession( $sub, 'permission' );
+ }
+ else
+ {
+ $vtp->addSession( $sub, 'no_permission' );
+ $vtp->closeSession( $sub, 'no_permission' );
+ }
if ( $row['site_id'] == 1 )
{
$vtp->addSession( $sub, 'update' );
diff --git a/admin/edit_cat.php b/admin/cat_modify.php
index bcd78b751..3e171139f 100644
--- a/admin/edit_cat.php
+++ b/admin/cat_modify.php
@@ -1,6 +1,6 @@
<?php
/***************************************************************************
- * edit_cat.php *
+ * cat_modify.php *
* ------------------- *
* application : PhpWebGallery 1.3 *
* author : Pierrick LE GALL <pierrick@z0rglub.com> *
@@ -17,14 +17,41 @@
include_once( './include/isadmin.inc.php' );
//----------------------------------------------------- template initialization
-$sub = $vtp->Open( '../template/'.$user['template'].'/admin/edit_cat.vtp' );
+$sub = $vtp->Open( '../template/'.$user['template'].'/admin/cat_modify.vtp' );
$tpl = array( 'remote_site','editcat_confirm','editcat_back','editcat_title1',
- 'editcat_name', 'editcat_comment', 'editcat_status',
- 'editcat_status_info', 'submit' );
+ 'editcat_name','editcat_comment','editcat_status',
+ 'editcat_visible','editcat_status_info', 'submit' );
templatize_array( $tpl, 'lang', $sub );
+//---------------------------------------------------------------- verification
+if ( !is_numeric( $_GET['cat'] ) )
+{
+ $_GET['cat'] = '-1';
+}
//--------------------------------------------------------- form criteria check
if ( isset( $_POST['submit'] ) )
{
+ // if new status is different from previous one, deletion of all related
+ // links for access rights
+ $query = 'SELECT status';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
+ $query.= ' WHERE id = '.$_GET['cat'];
+ $query.= ';';
+ $row = mysql_fetch_array( mysql_query( $query ) );
+
+ if ( $_POST['status'] != $row['status'] )
+ {
+ // deletion of all access for groups concerning this category
+ $query = 'DELETE';
+ $query.= ' FROM '.PREFIX_TABLE.'group_access';
+ $query.= ' WHERE cat_id = '.$_GET['cat'];
+ mysql_query( $query );
+ // deletion of all access for users concerning this category
+ $query = 'DELETE';
+ $query.= ' FROM '.PREFIX_TABLE.'user_access';
+ $query.= ' WHERE cat_id = '.$_GET['cat'];
+ mysql_query( $query );
+ }
+
$query = 'UPDATE '.PREFIX_TABLE.'categories';
if ( $_POST['name'] == '' )
{
@@ -43,6 +70,7 @@ if ( isset( $_POST['submit'] ) )
$query.= ", comment = '".htmlentities( $_POST['comment'], ENT_QUOTES )."'";
}
$query.= ", status = '".$_POST['status']."'";
+ $query.= ", visible = '".$_POST['visible']."'";
$query.= " WHERE id = '".$_GET['cat']."'";
$query.= ';';
mysql_query( $query );
@@ -57,26 +85,28 @@ if ( isset( $_POST['submit'] ) )
check_favorites( $row['id'] );
}
$vtp->addSession( $sub, 'confirmation' );
- $url = add_session_id( './admin.php?page=cat' );
+ $url = add_session_id( './admin.php?page=cat_list' );
$vtp->setVar( $sub, 'confirmation.back_url', $url );
$vtp->closeSession( $sub, 'confirmation' );
}
//------------------------------------------------------------------------ form
-$form_action = './admin.php?page=edit_cat&amp;cat='.$_GET['cat'];
+$form_action = './admin.php?page=cat_modify&amp;cat='.$_GET['cat'];
$vtp->setVar( $sub, 'form_action', add_session_id( $form_action ) );
$query = 'SELECT a.id,name,dir,status,comment';
-$query.= ',id_uppercat,site_id,galleries_url';
+$query.= ',id_uppercat,site_id,galleries_url,visible';
$query.= ' FROM '.PREFIX_TABLE.'categories as a, '.PREFIX_TABLE.'sites as b';
$query.= ' WHERE a.id = '.$_GET['cat'];
$query.= ' AND a.site_id = b.id';
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
$result = get_cat_info( $row['id'] );
-
+// cat name
$cat_name = get_cat_display_name( $result['name'], ' - ', '' );
$vtp->setVar( $sub, 'cat:name', $cat_name );
+// cat dir
$vtp->setVar( $sub, 'cat:dir', $row['dir'] );
+// remote site ?
if ( $row['site_id'] != 1 )
{
$vtp->addSession( $sub, 'server' );
@@ -85,16 +115,39 @@ if ( $row['site_id'] != 1 )
}
$vtp->setVar( $sub, 'name', $row['name'] );
$vtp->setVar( $sub, 'comment', $row['comment'] );
+// status : public, private...
$options = get_enums( PREFIX_TABLE.'categories', 'status' );
foreach ( $options as $option ) {
$vtp->addSession( $sub, 'status_option' );
- $vtp->setVar( $sub, 'status_option.option', $option );
+ $vtp->setVar( $sub, 'status_option.option', $lang[$option] );
+ $vtp->setVar( $sub, 'status_option.value', $option );
if ( $option == $row['status'] )
{
$vtp->setVar( $sub, 'status_option.checked', ' checked="checked"' );
}
$vtp->closeSession( $sub, 'status_option' );
}
+// visible : true or false
+$vtp->addSession( $sub, 'visible_option' );
+$vtp->setVar( $sub, 'visible_option.value', 'true' );
+$vtp->setVar( $sub, 'visible_option.option', $lang['yes'] );
+$checked = '';
+if ( $row['visible'] == 'true' )
+{
+ $checked = ' checked="checked"';
+}
+$vtp->setVar( $sub, 'visible_option.checked', $checked );
+$vtp->closeSession( $sub, 'visible_option' );
+$vtp->addSession( $sub, 'visible_option' );
+$vtp->setVar( $sub, 'visible_option.value', 'false' );
+$vtp->setVar( $sub, 'visible_option.option', $lang['no'] );
+$checked = '';
+if ( $row['visible'] == 'false' )
+{
+ $checked = ' checked="checked"';
+}
+$vtp->setVar( $sub, 'visible_option.checked', $checked );
+$vtp->closeSession( $sub, 'visible_option' );
//----------------------------------------------------------- sending html code
$vtp->Parse( $handle , 'sub', $sub );
?> \ No newline at end of file
diff --git a/admin/cat_perm.php b/admin/cat_perm.php
new file mode 100644
index 000000000..d8e0f28dc
--- /dev/null
+++ b/admin/cat_perm.php
@@ -0,0 +1,210 @@
+<?php
+/***************************************************************************
+ * cat_perm.php *
+ * ------------------ *
+ * application : PhpWebGallery 1.3 *
+ * author : Pierrick LE GALL <pierrick@z0rglub.com> *
+ * *
+ ***************************************************************************/
+
+/***************************************************************************
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; *
+ * *
+ ***************************************************************************/
+include_once( './include/isadmin.inc.php' );
+//----------------------------------------------------- template initialization
+$sub = $vtp->Open( '../template/'.$user['template'].'/admin/cat_perm.vtp' );
+$error = array();
+$tpl = array( 'permuser_authorized','permuser_forbidden','menu_groups',
+ 'submit','menu_users','permuser_parent_forbidden' );
+templatize_array( $tpl, 'lang', $sub );
+//-------------------------------------------------------------- category infos
+if ( isset( $_GET['cat_id'] ) )
+{
+ check_cat_id( $_GET['cat_id'] );
+ if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) )
+ {
+ $result = get_cat_info( $page['cat'] );
+ $page['cat_name'] = $result['name'];
+ $page['id_uppercat'] = $result['id_uppercat'];
+ }
+}
+//---------------------------------------------------------- permission updates
+if ( isset( $_POST['submit'] ) )
+{
+ // groups access update
+ $query = 'DELETE';
+ $query.= ' FROM '.PREFIX_TABLE.'group_access';
+ $query.= ' WHERE cat_id = '.$page['cat'];
+ $query.= ';';
+ mysql_query( $query );
+ $query = 'SELECT id';
+ $query.= ' FROM '.PREFIX_TABLE.'groups';
+ $query.= ';';
+ $result = mysql_query( $query );
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ $radioname = 'groupaccess-'.$row['id'];
+ if ( $_POST[$radioname] == 0 )
+ {
+ $query = 'INSERT INTO '.PREFIX_TABLE.'group_access';
+ $query.= ' (cat_id,group_id) VALUES';
+ $query.= ' ('.$page['cat'].','.$row['id'].')';
+ $query.= ';';
+ mysql_query( $query );
+ }
+ }
+ // users access update
+ $query = 'DELETE';
+ $query.= ' FROM '.PREFIX_TABLE.'user_access';
+ $query.= ' WHERE cat_id = '.$page['cat'];
+ $query.= ';';
+ mysql_query( $query );
+ $query = 'SELECT id';
+ $query.= ' FROM '.PREFIX_TABLE.'users';
+ $query.= ';';
+ $result = mysql_query( $query );
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ $radioname = 'useraccess-'.$row['id'];
+ if ( $_POST[$radioname] == 0 )
+ {
+ $query = 'INSERT INTO '.PREFIX_TABLE.'user_access';
+ $query.= ' (cat_id,user_id) VALUES';
+ $query.= ' ('.$page['cat'].','.$row['id'].')';
+ $query.= ';';
+ mysql_query( $query );
+ }
+ check_favorites( $row['id'] );
+ }
+ // echo "<div class=\"info\">".$lang['permuser_info_message']." [ <a href=\"".add_session_id_to_url( "./admin.php?page=cat" )."\">".$lang['editcat_back']."</a> ]</div>";
+}
+//---------------------------------------------------------------------- groups
+$query = 'SELECT id,name';
+$query.= ' FROM '.PREFIX_TABLE.'groups';
+$query. ';';
+$result = mysql_query( $query );
+if ( mysql_num_rows( $result ) > 0 )
+{
+ $vtp->addSession( $sub, 'groups' );
+ // creating an array with all authorized groups for this category
+ $query = 'SELECT group_id';
+ $query.= ' FROM '.PREFIX_TABLE.'group_access';
+ $query.= ' WHERE cat_id = '.$_GET['cat_id'];
+ $query.= ';';
+ $subresult = mysql_query( $query );
+ $authorized_groups = array();
+ while ( $subrow = mysql_fetch_array( $subresult ) )
+ {
+ array_push( $authorized_groups, $subrow['group_id'] );
+ }
+ // displaying each group
+ while( $row = mysql_fetch_array( $result ) )
+ {
+ $vtp->addSession( $sub, 'group' );
+ if ( in_array( $row['id'], $authorized_groups ) )
+ {
+ $vtp->setVar( $sub, 'group.color', 'green' );
+ $vtp->setVar( $sub, 'group.authorized_checked', ' checked="checked"' );
+ }
+ else
+ {
+ $vtp->setVar( $sub, 'group.color', 'red' );
+ $vtp->setVar( $sub, 'group.forbidden_checked', ' checked="checked"' );
+ }
+ $vtp->setVar( $sub, 'group.groupname', $row['name'] );
+ $vtp->setVar( $sub, 'group.id', $row['id'] );
+ $vtp->closeSession( $sub, 'group' );
+ }
+ $vtp->closeSession( $sub, 'groups' );
+}
+//----------------------------------------------------------------------- users
+$query = 'SELECT id,username,status';
+$query.= ' FROM '.PREFIX_TABLE.'users';
+$query.= " WHERE username != '".$conf['webmaster']."'";
+$query.= ';';
+$result = mysql_query( $query );
+while ( $row = mysql_fetch_array( $result ) )
+{
+ $vtp->addSession( $sub, 'user' );
+ $vtp->setVar( $sub, 'user.id', $row['id'] );
+ $url = add_session_id( './admin.php?page=user_perm&amp;user_id='.$row['id']);
+ $vtp->setVar( $sub, 'user.user_perm_link', $url);
+ if ( $row['username'] == 'guest' )
+ {
+ $row['username'] = $lang['guest'];
+ }
+ $vtp->setVar( $sub, 'user.username', $row['username'] );
+
+ // for color of user : (red means access forbidden, green authorized) we
+ // ask all forbidden categories, including the groups rights
+ $restrictions = get_restrictions( $row['id'], $row['status'], false );
+ $is_user_allowed = is_user_allowed( $page['cat'], $restrictions );
+ if ( $is_user_allowed == 0 )
+ {
+ $vtp->setVar( $sub, 'user.color', 'green' );
+ }
+ else
+ {
+ $vtp->setVar( $sub, 'user.color', 'red' );
+ }
+ // for permission update button, we only ask forbidden categories for the
+ // user, not taking into account the groups the user belongs to
+ $restrictions = get_restrictions( $row['id'], $row['status'], false, false );
+ $is_user_allowed = is_user_allowed( $page['cat'], $restrictions );
+ if ( $is_user_allowed == 2 )
+ {
+ $vtp->addSession( $sub, 'parent_forbidden' );
+ $url = './admin.php?page=cat_perm&amp;cat_id='.$page['id_uppercat'];
+ $vtp->setVar( $sub, 'parent_forbidden.url', add_session_id( $url ) );
+ $vtp->closeSession( $sub, 'parent_forbidden' );
+ }
+ if ( $is_user_allowed == 0 )
+ {
+ $vtp->setVar( $sub, 'user.authorized_checked', ' checked="checked"' );
+ }
+ else
+ {
+ $vtp->setVar( $sub, 'user.forbidden_checked', ' checked="checked"' );
+ }
+ // user's group(s)
+ $query = 'SELECT g.name as groupname, g.id as groupid';
+ $query.= ' FROM '.PREFIX_TABLE.'groups as g';
+ $query.= ', '.PREFIX_TABLE.'user_group as ug';
+ $query.= ' WHERE ug.group_id = g.id';
+ $query.= ' AND ug.user_id = '.$row['id'];
+ $query.= ';';
+ $subresult = mysql_query( $query );
+ if ( mysql_num_rows( $subresult ) > 0 )
+ {
+ $vtp->addSession( $sub, 'usergroups' );
+ $i = 0;
+ while( $subrow = mysql_fetch_array( $subresult ) )
+ {
+ $vtp->addSession( $sub, 'usergroup' );
+ if ( in_array( $subrow['groupid'], $authorized_groups ) )
+ {
+ $vtp->setVar( $sub, 'usergroup.color', 'green' );
+ }
+ else
+ {
+ $vtp->setVar( $sub, 'usergroup.color', 'red' );
+ }
+ $vtp->setVar( $sub, 'usergroup.name', $subrow['groupname'] );
+ if ( $i < mysql_num_rows( $subresult ) - 1 )
+ {
+ $vtp->setVar( $sub, 'usergroup.separation', ',' );
+ }
+ $vtp->closeSession( $sub, 'usergroup' );
+ $i++;
+ }
+ $vtp->closeSession( $sub, 'usergroups' );
+ }
+ $vtp->closeSession( $sub, 'user' );
+}
+//----------------------------------------------------------- sending html code
+$vtp->Parse( $handle , 'sub', $sub );
+?> \ No newline at end of file
diff --git a/admin/configuration.php b/admin/configuration.php
index bb8978c65..34e148c4d 100644
--- a/admin/configuration.php
+++ b/admin/configuration.php
@@ -15,7 +15,7 @@
* the Free Software Foundation; *
* *
***************************************************************************/
-
+
include_once( './include/isadmin.inc.php' );
$Caracs = array("¥" => "Y", "µ" => "u", "À" => "A", "Á" => "A",
@@ -48,7 +48,8 @@ array( 'nb_image_line','nb_line_page','theme','language','maxwidth',
$error = array();
if ( isset( $_POST['submit'] ) )
{
- //purge de la table des session si demandé
+ $int_pattern = '/^\d+$/';
+ // empty session table if asked
if ( $_POST['empty_session_table'] == 1 )
{
$query = 'DELETE FROM '.PREFIX_TABLE.'sessions';
@@ -79,8 +80,8 @@ if ( isset( $_POST['submit'] ) )
array_push( $error, $lang['conf_err_mail'] );
}
// periods must be integer values, they represents number of days
- if ( !is_int( $_POST['short_period'] )
- or !is_int( $_POST['long_period'] ) )
+ if ( !preg_match( $int_pattern, $_POST['short_period'] )
+ or !preg_match( $int_pattern, $_POST['long_period'] ) )
{
array_push( $error, $lang['err_periods'] );
}
@@ -94,21 +95,21 @@ if ( isset( $_POST['submit'] ) )
}
}
// session_id size must be an integer between 4 and 50
- if ( !is_int( $_POST['session_id_size'] )
+ if ( !preg_match( $int_pattern, $_POST['session_id_size'] )
or $_POST['session_id_size'] < 4
or $_POST['session_id_size'] > 50 )
{
array_push( $error, $lang['conf_err_sid_size'] );
}
// session_time must be an integer between 5 and 60, in minutes
- if ( !is_int( $_POST['session_time'] )
+ if ( !preg_match( $int_pattern, $_POST['session_time'] )
or $_POST['session_time'] < 5
or $_POST['session_time'] > 60 )
{
array_push( $error, $lang['conf_err_sid_time'] );
}
// max_user_listbox must be an integer between 0 and 255 included
- if ( !is_int( $_POST['max_user_listbox'] )
+ if ( !preg_match( $int_pattern, $_POST['max_user_listbox'] )
or $_POST['max_user_listbox'] < 0
or $_POST['max_user_listbox'] > 255 )
{
@@ -116,14 +117,14 @@ if ( isset( $_POST['submit'] ) )
}
// the number of comments per page must be an integer between 5 and 50
// included
- if ( !is_int( $_POST['nb_comment_page'] )
+ if ( !preg_match( $int_pattern, $_POST['nb_comment_page'] )
or $_POST['nb_comment_page'] < 5
or $_POST['nb_comment_page'] > 50 )
{
array_push( $error, $lang['conf_err_comment_number'] );
}
// the maximum upload filesize must be an integer between 10 and 1000
- if ( !is_int( $_POST['upload_maxfilesize'] )
+ if ( !preg_match( $int_pattern, $_POST['upload_maxfilesize'] )
or $_POST['upload_maxfilesize'] < 10
or $_POST['upload_maxfilesize'] > 1000 )
{
@@ -131,63 +132,57 @@ if ( isset( $_POST['submit'] ) )
}
// the maximum width of uploaded pictures must be an integer superior to
// 10
- if ( !is_int( $_POST['upload_maxwidth'] )
+ if ( !preg_match( $int_pattern, $_POST['upload_maxwidth'] )
or $_POST['upload_maxwidth'] < 10 )
{
array_push( $error, $lang['conf_err_upload_maxwidth'] );
}
// the maximum height of uploaded pictures must be an integer superior to
// 10
- if ( !is_int( $_POST['upload_maxheight'] )
+ if ( !preg_match( $int_pattern, $_POST['upload_maxheight'] )
or $_POST['upload_maxheight'] < 10 )
{
array_push( $error, $lang['conf_err_upload_maxheight'] );
}
// the maximum width of uploaded thumbnails must be an integer superior to
// 10
- if ( !is_int( $_POST['upload_maxwidth_thumbnail'] )
+ if ( !preg_match( $int_pattern, $_POST['upload_maxwidth_thumbnail'] )
or $_POST['upload_maxwidth_thumbnail'] < 10 )
{
array_push( $error, $lang['conf_err_upload_maxwidth_thumbnail'] );
}
// the maximum width of uploaded thumbnails must be an integer superior to
// 10
- if ( !is_int( $_POST['upload_maxheight_thumbnail'] )
+ if ( !preg_match( $int_pattern, $_POST['upload_maxheight_thumbnail'] )
or $_POST['upload_maxheight_thumbnail'] < 10 )
{
array_push( $error, $lang['conf_err_upload_maxheight_thumbnail'] );
}
- $test = '';
- if ( is_int( $test ) ) echo 'salut'; exit();
- if ( $_POST['maxwidth'] != '' )
+
+ if ( $_POST['maxwidth'] != ''
+ and ( !preg_match( $int_pattern, $_POST['maxwidth'] )
+ or $_POST['maxwidth'] < 50 ) )
{
- if ( !ereg( "^[0-9]{2,}$", $_POST['maxwidth'] )
- or $_POST['maxwidth'] < 50 )
- {
- $error[$i++] = $lang['err_maxwidth'];
- }
+ array_push( $error, $lang['err_maxwidth'] );
}
- if ( $_POST['maxheight'] != '' )
+ if ( $_POST['maxheight']
+ and ( !preg_match( $int_pattern, $_POST['maxheight'] )
+ or $_POST['maxheight'] < 50 ) )
{
- if ( !ereg( "^[0-9]{2,}$", $_POST['maxheight'] )
- or $_POST['maxheight'] < 50 )
- {
- $error[$i++] = $lang['err_maxheight'];
- }
+ array_push( $error, $lang['err_maxheight'] );
}
- // on met à jour les paramètres de l'application
- // dans le cas où il n'y aucune erreurs
- if ( sizeof( $error ) == 0 )
+ // updating configuraiton if no error found
+ if ( count( $error ) == 0 )
{
- mysql_query( 'delete from '.PREFIX_TABLE.'config;' );
- $query = 'insert into '.PREFIX_TABLE.'config';
+ mysql_query( 'DELETE FROM '.PREFIX_TABLE.'config;' );
+ $query = 'INSERT INTO '.PREFIX_TABLE.'config';
$query.= ' (';
foreach ( $conf_infos as $i => $conf_info ) {
if ( $i > 0 ) $query.= ',';
$query.= $conf_info;
}
$query.= ')';
- $query.= ' values';
+ $query.= ' VALUES';
$query.= ' (';
foreach ( $conf_infos as $i => $conf_info ) {
if ( $i > 0 ) $query.= ',';
@@ -260,15 +255,12 @@ else
}
}
//----------------------------------------------------- template initialization
-$sub = $vtp->Open( '../template/'.$user['template'].
- '/admin/configuration.vtp' );
-// language
-$vtp->setGlobalVar( $sub, 'conf_confirmation', $lang['conf_confirmation'] );
-$vtp->setGlobalVar( $sub, 'remote_site', $lang['remote_site'] );
-$vtp->setGlobalVar( $sub, 'delete', $lang['delete'] );
-$vtp->setGlobalVar( $sub, 'conf_remote_site_delete_info',
- $lang['conf_remote_site_delete_info'] );
-$vtp->setGlobalVar( $sub, 'submit', $lang['submit'] );
+$sub = $vtp->Open(
+ '../template/'.$user['template'].'/admin/configuration.vtp' );
+
+$tpl = array( 'conf_confirmation','remote_site','delete',
+ 'conf_remote_site_delete_info','submit' );
+templatize_array( $tpl, 'lang', $sub );
//-------------------------------------------------------------- errors display
if ( sizeof( $error ) != 0 )
{
@@ -345,7 +337,6 @@ $vtp->setVar( $sub, 'radio.name', 'access' );
$vtp->setVar( $sub, 'radio.value', 'free' );
$vtp->setVar( $sub, 'radio.option', $lang['conf_general_access_1'] );
$checked = '';
-echo $access.'<br />';
if ( $access == 'free' )
{
$checked = ' checked="checked"';
diff --git a/admin/group_list.php b/admin/group_list.php
new file mode 100644
index 000000000..f58dff1ff
--- /dev/null
+++ b/admin/group_list.php
@@ -0,0 +1,135 @@
+<?php
+/***************************************************************************
+ * group.php *
+ * ------------------- *
+ * application : PhpWebGallery 1.3 *
+ * author : Pierrick LE GALL <pierrick@z0rglub.com> *
+ * *
+ ***************************************************************************/
+
+/***************************************************************************
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; *
+ * *
+ ***************************************************************************/
+include_once( './include/isadmin.inc.php' );
+//----------------------------------------------------- template initialization
+$sub = $vtp->Open( '../template/'.$user['template'].'/admin/group_list.vtp' );
+$tpl = array( 'group_add','add','listuser_permission','delete',
+ 'group_confirm','yes','no','group_list_title' );
+templatize_array( $tpl, 'lang', $sub );
+//-------------------------------------------------------------- delete a group
+$error = array();
+if ( isset ( $_GET['delete'] ) and is_numeric( $_GET['delete'] ) )
+{
+ $query = 'SELECT name';
+ $query.= ' FROM '.PREFIX_TABLE.'groups';
+ $query.= ' WHERE id = '.$_GET['delete'];
+ $query.= ';';
+ $row = mysql_fetch_array( mysql_query( $query ) );
+ // confirm group deletion ?
+ if ( $_GET['confirm'] != 1 )
+ {
+ $vtp->addSession( $sub, 'deletion' );
+ $vtp->setVar( $sub, 'deletion.name', $row['name'] );
+ $yes_url = './admin.php?page=group&amp;delete='.$_GET['delete'];
+ $yes_url.= '&amp;confirm=1';
+ $vtp->setVar( $sub, 'deletion.yes_url', add_session_id( $yes_url ) );
+ $no_url = './admin.php?page=group';
+ $vtp->setVar( $sub, 'deletion.no_url', add_session_id( $no_url ) );
+ $vtp->closeSession( $sub, 'deletion' );
+ }
+ // group deletion confirmed
+ else
+ {
+ $vtp->addSession( $sub, 'confirmation' );
+ $query = 'SELECT COUNT(*) AS nb_result';
+ $query.= ' FROM '.PREFIX_TABLE.'groups';
+ $query.= ' WHERE id = '.$_GET['delete'];
+ $query.= ';';
+ $row2 = mysql_fetch_array( mysql_query( $query ) );
+ if ( $row2['nb_result'] > 0 )
+ {
+ delete_group( $_GET['delete'] );
+ $vtp->setVar( $sub, 'confirmation.class', 'info' );
+ $info = '"'.$row['name'].'" '.$lang['listuser_info_deletion'];
+ $vtp->setVar( $sub, 'confirmation.info', $info );
+ }
+ else
+ {
+ $vtp->setVar( $sub, 'confirmation.class', 'erreur' );
+ $vtp->setVar( $sub, 'confirmation.info', $lang['group_err_unknown'] );
+ }
+ $vtp->closeSession( $sub, 'confirmation' );
+ }
+}
+//----------------------------------------------------------------- add a group
+if ( isset( $_POST['submit'] ) )
+{
+ if ( preg_match( "/'/", $_POST['name'] )
+ or preg_match( '/"/', $_POST['name'] ) )
+ {
+ array_push( $error, $lang['group_add_error1'] );
+ }
+ if ( count( $error ) == 0 )
+ {
+ // is the group not already existing ?
+ $query = 'SELECT id';
+ $query.= ' FROM '.PREFIX_TABLE.'groups';
+ $query.= " WHERE name = '".$_POST['name']."'";
+ $query.= ';';
+ $result = mysql_query( $query );
+ if ( mysql_num_rows( $result ) > 0 )
+ {
+ array_push( $error, $lang['group_add_error2'] );
+ }
+ }
+ if ( count( $error ) == 0 )
+ {
+ // creating the group
+ $query = ' INSERT INTO '.PREFIX_TABLE.'groups';
+ $query.= " (name) VALUES ('".$_POST['name']."')";
+ $query.= ';';
+ mysql_query( $query );
+ }
+}
+//-------------------------------------------------------------- errors display
+if ( sizeof( $error ) != 0 )
+{
+ $vtp->addSession( $sub, 'errors' );
+ for ( $i = 0; $i < sizeof( $error ); $i++ )
+ {
+ $vtp->addSession( $sub, 'li' );
+ $vtp->setVar( $sub, 'li.li', $error[$i] );
+ $vtp->closeSession( $sub, 'li' );
+ }
+ $vtp->closeSession( $sub, 'errors' );
+}
+//----------------------------------------------------------------- groups list
+$vtp->addSession( $sub, 'groups' );
+
+$query = 'SELECT id,name';
+$query.= ' FROM '.PREFIX_TABLE.'groups';
+$query.= ' ORDER BY id ASC';
+$query.= ';';
+$result = mysql_query( $query );
+while ( $row = mysql_fetch_array( $result ) )
+{
+ $vtp->addSession( $sub, 'group' );
+ $vtp->setVar( $sub, 'group.name', $row['name'] );
+ $url = './admin.php?page=group_perm&amp;group_id='.$row['id'];
+ $vtp->setVar( $sub, 'group.permission_url', add_session_id( $url ) );
+ $url = './admin.php?page=group&amp;delete='.$row['id'];
+ $vtp->setVar( $sub, 'group.deletion_url', add_session_id( $url ) );
+ $vtp->closeSession( $sub, 'group' );
+}
+
+$vtp->closeSession( $sub, 'groups' );
+//------------------------------------------------------- create new group form
+$action = './admin.php?'.$_SERVER['QUERY_STRING'];
+$vtp->setVar( $sub, 'form_action', $action );
+//----------------------------------------------------------- sending html code
+$vtp->Parse( $handle , 'sub', $sub );
+?> \ No newline at end of file
diff --git a/admin/group_perm.php b/admin/group_perm.php
new file mode 100644
index 000000000..67e5e2cd3
--- /dev/null
+++ b/admin/group_perm.php
@@ -0,0 +1,104 @@
+<?php
+/***************************************************************************
+ * group_perm.php *
+ * ------------------ *
+ * application : PhpWebGallery 1.3 *
+ * author : Pierrick LE GALL <pierrick@z0rglub.com> *
+ * *
+ ***************************************************************************/
+
+/***************************************************************************
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; *
+ * *
+ ***************************************************************************/
+include_once( './include/isadmin.inc.php' );
+//----------------------------------------------------- template initialization
+$sub = $vtp->Open( '../template/'.$user['template'].'/admin/group_perm.vtp' );
+$error = array();
+$tpl = array( 'permuser_authorized','permuser_forbidden','submit',
+ 'permuser_parent_forbidden','permuser_info_message',
+ 'adduser_info_back' );
+templatize_array( $tpl, 'lang', $sub );
+//--------------------------------------------------------------------- updates
+if ( isset( $_POST['submit'] ) )
+{
+ // cleaning the user_access table for this group
+ $query = 'DELETE FROM '.PREFIX_TABLE.'group_access';
+ $query.= ' WHERE group_id = '.$_GET['group_id'];
+ $query.= ';';
+ mysql_query( $query );
+ // selecting all private categories
+ $query = 'SELECT id';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
+ $query.= " WHERE status = 'private'";
+ $query.= ';';
+ $result = mysql_query( $query );
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ $radioname = 'access-'.$row['id'];
+ if ( $_POST[$radioname] == 0 )
+ {
+ $query = 'INSERT INTO '.PREFIX_TABLE.'group_access';
+ $query.= ' (group_id,cat_id) VALUES';
+ $query.= ' ('.$_GET['group_id'].','.$row['id'].')';
+ $query.= ';';
+ mysql_query ( $query );
+ }
+ }
+ $vtp->addSession( $sub, 'confirmation' );
+ $url = './admin.php?page=group_list';
+ $vtp->setVar( $sub, 'confirmation.back_url', add_session_id( $url ) );
+ $vtp->closeSession( $sub, 'confirmation' );
+}
+//---------------------------------------------------------------- form display
+$restrictions = get_group_restrictions( $_GET['group_id'] );
+$action = './admin.php?page=group_perm&amp;group_id='.$_GET['group_id'];
+$vtp->setVar( $sub, 'action', add_session_id( $action ) );
+// only private categories are listed
+$query = 'SELECT id';
+$query.= ' FROM '.PREFIX_TABLE.'categories';
+$query.= " WHERE status = 'private'";
+$query.= ';';
+$result = mysql_query( $query );
+while ( $row = mysql_fetch_array( $result ) )
+{
+ $vtp->addSession( $sub, 'category' );
+ $vtp->setVar( $sub, 'category.id', $row['id'] );
+ // Is the group allowed to access this category
+ $is_group_allowed = is_group_allowed( $row['id'], $restrictions );
+ if ( $is_group_allowed == 0 )
+ {
+ $vtp->setVar( $sub, 'category.color', 'green' );
+ }
+ else
+ {
+ $vtp->setVar( $sub, 'category.color', 'red' );
+ }
+ // category name
+ $cat_infos = get_cat_info( $row['id'] );
+ $name = get_cat_display_name( $cat_infos['name'],' &gt; ',
+ 'font-weight:bold;' );
+ $vtp->setVar( $sub, 'category.name', $name );
+ // any subcat forbidden for this group ?
+ if ( $is_group_allowed == 2 )
+ {
+ $vtp->addSession( $sub, 'parent_forbidden' );
+ $vtp->closeSession( $sub, 'parent_forbidden' );
+ }
+ // forbidden or authorized access ?
+ if ( $is_group_allowed == 0 or $is_group_allowed == 2 )
+ {
+ $vtp->setVar( $sub, 'category.authorized_checked', ' checked="checked"' );
+ }
+ else
+ {
+ $vtp->setVar( $sub, 'category.forbidden_checked', ' checked="checked"' );
+ }
+ $vtp->closeSession( $sub, 'category' );
+}
+//----------------------------------------------------------- sending html code
+$vtp->Parse( $handle , 'sub', $sub );
+?> \ No newline at end of file
diff --git a/admin/include/functions.php b/admin/include/functions.php
index c6678caf0..cd58d0822 100644
--- a/admin/include/functions.php
+++ b/admin/include/functions.php
@@ -101,13 +101,17 @@ function delete_category( $id )
{
delete_image( $row['id'] );
}
-
- // destruction of the restrictions linked to the category
- $query = 'DELETE FROM '.PREFIX_TABLE.'restrictions';
+
+ // destruction of the access linked to the category
+ $query = 'DELETE FROM '.PREFIX_TABLE.'user_access';
$query.= ' WHERE cat_id = '.$id;
$query.= ';';
mysql_query( $query );
-
+ $query = 'DELETE FROM '.PREFIX_TABLE.'group_access';
+ $query.= ' WHERE cat_id = '.$id;
+ $query.= ';';
+ mysql_query( $query );
+
// destruction of the sub-categories
$query = 'SELECT id';
$query.= ' FROM '.PREFIX_TABLE.'categories';
@@ -118,7 +122,7 @@ function delete_category( $id )
{
delete_category( $row['id'] );
}
-
+
// destruction of the category
$query = 'DELETE FROM '.PREFIX_TABLE.'categories';
$query.= ' WHERE id = '.$id;
@@ -156,21 +160,35 @@ function delete_image( $id )
// The delete_user function delete a user identified by the $user_id
// It also deletes :
-// - all the restrictions linked to this user
+// - all the access linked to this user
+// - all the links to any group
// - all the favorites linked to this user
+// - all sessions linked to this user
function delete_user( $user_id )
{
- // destruction of the restrictions linked to the user
- $query = 'DELETE FROM '.PREFIX_TABLE.'restrictions';
+ // destruction of the access linked to the user
+ $query = 'DELETE FROM '.PREFIX_TABLE.'user_access';
$query.= ' WHERE user_id = '.$user_id;
$query.= ';';
mysql_query( $query );
-
+
+ // destruction of the group links for this user
+ $query = 'DELETE FROM '.PREFIX_TABLE.'user_group';
+ $query.= ' WHERE user_id = '.$user_id;
+ $query.= ';';
+ mysql_query( $query );
+
// destruction of the favorites associated with the user
$query = 'DELETE FROM '.PREFIX_TABLE.'favorites';
$query.= ' WHERE user_id = '.$user_id;
$query.= ';';
mysql_query( $query );
+
+ // destruction of the sessions linked with the user
+ $query = 'DELETE FROM '.PREFIX_TABLE.'sessions';
+ $query.= ' WHERE user_id = '.$user_id;
+ $query.= ';';
+ mysql_query( $query );
// destruction of the user
$query = 'DELETE FROM '.PREFIX_TABLE.'users';
@@ -178,7 +196,32 @@ function delete_user( $user_id )
$query.= ';';
mysql_query( $query );
}
-
+
+// delete_group deletes a group identified by its $group_id.
+// It also deletes :
+// - all the access linked to this group
+// - all the links between this group and any user
+function delete_group( $group_id )
+{
+ // destruction of the access linked to the group
+ $query = 'DELETE FROM '.PREFIX_TABLE.'group_access';
+ $query.= ' WHERE group_id = '.$group_id;
+ $query.= ';';
+ mysql_query( $query );
+
+ // destruction of the group links for this group
+ $query = 'DELETE FROM '.PREFIX_TABLE.'user_group';
+ $query.= ' WHERE group_id = '.$group_id;
+ $query.= ';';
+ mysql_query( $query );
+
+ // destruction of the group
+ $query = 'DELETE FROM '.PREFIX_TABLE.'groups';
+ $query.= ' WHERE id = '.$group_id;
+ $query.= ';';
+ mysql_query( $query );
+}
+
// The check_favorites function deletes all the favorites of a user if he is
// not allowed to see them (the category or an upper category is restricted
// or invisible)
diff --git a/admin/include/isadmin.inc.php b/admin/include/isadmin.inc.php
index 64a77e9f3..17ef1435f 100644
--- a/admin/include/isadmin.inc.php
+++ b/admin/include/isadmin.inc.php
@@ -14,14 +14,12 @@
* the Free Software Foundation; *
* *
***************************************************************************/
-define( PREFIXE_INCLUDE, '.' );
+define( PREFIX_INCLUDE, '.' );
include_once( '../include/config.inc.php' );
include_once( '../include/user.inc.php' );
include( './include/functions.php' );
-$conf['lien_puce'] = $conf['repertoire_image'].'puce.gif';
-
$isadmin = true;
include_once( '../language/'.$user['language'].'.php' );
diff --git a/admin/perm.php b/admin/perm.php
deleted file mode 100644
index 257bb21fb..000000000
--- a/admin/perm.php
+++ /dev/null
@@ -1,270 +0,0 @@
-<?php
-/***************************************************************************
- * perm.php is a part of PhpWebGallery *
- * ------------------- *
- * last update : Tuesday, July 16, 2002 *
- * email : pierrick@z0rglub.com *
- * *
- ***************************************************************************/
-
-/***************************************************************************
- * *
- * This program is free software; you can redistribute it and/or modify *
- * it under the terms of the GNU General Public License as published by *
- * the Free Software Foundation; *
- * *
- ***************************************************************************/
- include_once( "./include/isadmin.inc.php" );
- //---------------------------------------------------données de l'utilisateur
- if ( isset( $HTTP_GET_VARS['user_id'] ) )
- {
- $query = "select id,pseudo,status from PREFIX_TABLE"."users where id = '".$HTTP_GET_VARS['user_id']."';";
- $result = mysql_query( $query );
- $row = mysql_fetch_array( $result );
- $page['pseudo'] = $row['pseudo'];
- $page['status'] = $row['status'];
- if ( mysql_num_rows( $result ) == 0 )
- {
- echo"<div class=\"erreur\">".$lang['user_err_unknown']."</div>";
- $erreur = true;
- }
- if ( $row['pseudo'] == $conf['webmaster'] )
- {
- echo"<div class=\"erreur\">".$lang['user_err_modify']."</div>";
- $erreur = true;
- }
- }
- //---------------------------------------------------données de la catégorie
- if ( isset( $HTTP_GET_VARS['cat_id'] ) )
- {
- $HTTP_GET_VARS['cat'] = $HTTP_GET_VARS['cat_id'];
- check_cat_id( $HTTP_GET_VARS['cat_id'] );
- if ( isset( $page['cat'] ) )
- {
- $result = get_cat_info( $page['cat'] );
- $page['cat_name'] = $result['name'];
- $page['id_uppercat'] = $result['id_uppercat'];
- }
- }
- //--------------------------------------------------------------- mise à jour
- if ( isset( $HTTP_POST_VARS['submit'] ) )
- {
- if ( isset( $HTTP_GET_VARS['user_id'] ) )
- {
- mysql_query ( "delete from PREFIX_TABLE"."restrictions where user_id = ".$HTTP_GET_VARS['user_id'].";" );
- $result = mysql_query ( "select id from PREFIX_TABLE"."categories;" );
- while ( $row = mysql_fetch_array ( $result ) )
- {
- $nom_select = "acces-".$row['id'];
- if ( $HTTP_POST_VARS[$nom_select] == 1 )
- {
- mysql_query ( "insert into PREFIX_TABLE"."restrictions (user_id,cat_id) values ('".$HTTP_GET_VARS['user_id']."','".$row['id']."');" );
- }
- }
- check_favorites( $HTTP_GET_VARS['user_id'] );
- echo "<div class=\"info\">".$lang['permuser_info_message']." [ <a href=\"".add_session_id_to_url( "./admin.php?page=liste_users" )."\">".$lang['adduser_info_back']."</a> ]</div>";
- }
- else if ( isset( $HTTP_GET_VARS['cat_id'] ) )
- {
- mysql_query ( "delete from PREFIX_TABLE"."restrictions where cat_id = '".$page['cat']."';" );
- $result = mysql_query( "select id from PREFIX_TABLE"."users where pseudo != '".$conf['webmaster']."';" );
- while ( $row = mysql_fetch_array ( $result ) )
- {
- $nom_select = "acces-".$row['id'];
- if ( $HTTP_POST_VARS[$nom_select] == 1 )
- {
- mysql_query ( "insert into PREFIX_TABLE"."restrictions (user_id,cat_id) values ('".$row['id']."','".$page['cat']."');" );
- }
- check_favorites( $row['id'] );
- }
- echo "<div class=\"info\">".$lang['permuser_info_message']." [ <a href=\"".add_session_id_to_url( "./admin.php?page=cat" )."\">".$lang['editcat_back']."</a> ]</div>";
- }
- }
- //--------------------------------------------------------------- formulaire
- function display_cat_manager( $id_uppercat, $indent, $uppercat_authorized, $level, $restriction )
- {
- global PREFIX_TABLE,$lang,$conf;
-
- $output = "";
-
- // will we use <th> or <td> lines ?
- if ( $level == 0 )
- {
- $start_line = "<th ";
- $start_line2 = "<th ";
- $end_line = "</th>";
- }
- else
- {
- $start_line = "<td ";
- $end_line = "</td>";
- if ( $level == 1 )
- {
- $start_line2 = "<td class=\"row1\" ";
- }
- else if ( $level == 2 )
- {
- $start_line2 = "<td class=\"row2\" ";
- }
- else if ( $level == 3 )
- {
- $start_line2 = "<td class=\"row3\" ";
- }
- else if ( $level == 4 )
- {
- $start_line2 = "<td class=\"row4\" ";
- }
- else
- {
- $start_line2 = "<td ";
- }
- }
-
- $query = "select id,name,dir,rank";
- $query.= " from PREFIX_TABLE"."categories";
- if ( !is_numeric( $id_uppercat ) )
- {
- $query.= " where id_uppercat is NULL";
- }
- else
- {
- $query.= " where id_uppercat = $id_uppercat";
- }
- $query.= " order by rank asc;";
- $result = mysql_query( $query );
- while ( $row = mysql_fetch_array( $result ) )
- {
- $subcat_authorized = true;
-
- $output.= "\n<tr>";
- $output.= "\n\t".$start_line."style=\"width:85%;text-align:left;\">$indent<img src=\"".$conf['lien_puce']."\" alt=\"&gt;\" />&nbsp;";
- if ( in_array( $row['id'], $restriction ) || !$uppercat_authorized )
- {
- $subcat_authorized = false;
- $color = "red";
- }
- else
- {
- $color = "green";
- }
- $output.= "<span style=\"color:$color;\">";
- if ( $row['name'] == "" )
- {
- $output.= str_replace( "_", " ", $row['dir'] );
- }
- else
- {
- $output.= $row['name'];
- }
- $output.= " [ dir : ".$row['dir']." ]";
- $output.= "</span>".$end_line;
- $output.= "\n\t".$start_line2." style=\"width:15%;white-space:nowrap;text-align:right;font-weight:normal;\">";
- $output.= "\n\t\t<input type=\"radio\" name=\"acces-".$row['id']."\" value=\"0\" checked=\"checked\"/>".$lang['permuser_authorized'];
- $output.= "\n\t\t<input type=\"radio\" name=\"acces-".$row['id']."\" value=\"1\"";
- if ( in_array( $row['id'], $restriction ) )
- {
- $output.= " checked=\"checked\"";
- }
- $output.= "/>".$lang['permuser_forbidden'];
- $output.= $end_line;
- $output.= "\n<tr>";
- $output.= display_cat_manager( $row['id'], $indent."&nbsp;&nbsp;&nbsp;&nbsp;", $subcat_authorized, $level + 1, $restriction );
- }
- return $output;
- }
-
- if ( !$erreur )
- {
- //----------------------------------------------
- // cas 1 : permissions pour un utilisateur donné
- if ( isset( $HTTP_GET_VARS['user_id'] ) )
- {
- echo"
- <table style=\"width:100%;\">
- <tr>
- <th>".$lang['permuser_title']." \"".$page['pseudo']."\"</th>
- </tr>
- </table>";
- $restriction = get_restrictions( $HTTP_GET_VARS['user_id'], $page['status'], false );
- echo"
- <form action=\"".add_session_id_to_url( "./admin.php?page=perm&amp;user_id=".$HTTP_GET_VARS['user_id'] )."\" method=\"post\">
- <div style=\"color:darkblue;margin:10px;text-align:center;\">".$lang['permuser_warning']."</div>
- <table style=\"width:100%;\">";
-
- echo display_cat_manager( "NULL", "&nbsp;&nbsp;&nbsp;&nbsp;", true, 0, $restriction );
-
- echo"
- <tr>
- <td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"submit\" value=\"".$lang['submit']."\"/></td>
- </tr>
- <table>
- </form>";
- }
- //----------------------------------------------
- // cas 2 : permissions pour une catégorie donnée
- else if ( isset( $HTTP_GET_VARS['cat_id'] ) )
- {
- echo"
- <table style=\"width:100%;\">
- <tr>
- <th>".$lang['permuser_cat_title']."\"".get_cat_display_name( $page['cat_name'], " - ", "font-style:italic;" )."\"</th>
- </tr>
- </table>";
- echo"
- <form action=\"".add_session_id_to_url( "./admin.php?page=perm&amp;cat_id=".$page['cat'] )."\" method=\"post\">
- <table style=\"width:100%;\">";
-
- $result = mysql_query( "select id,pseudo,status from PREFIX_TABLE"."users where pseudo != '".$conf['webmaster']."';" );
- $i = 0;
- while ( $row = mysql_fetch_array( $result ) )
- {
- $restrictions = get_restrictions( $row['id'], $row['status'], false );
- $is_user_allowed = is_user_allowed( $page['cat'], $restrictions );
- $class = "";
- if ( $i%2 == 1 )
- {
- $class = "class=\"row2\"";
- }
- echo"
- <tr>
- <td $class><a href=\"".add_session_id_to_url( "./admin.php?page=perm&amp;user_id=".$row['id'] )."\">";
- echo "<span style=\"color:";
- if ( $is_user_allowed > 0 )
- {
- echo "red";
- }
- else
- {
- echo "green";
- }
- echo "\">".$row['pseudo']."</span></a></td>
- <td $class style=\"text-align:right;\">";
- if ( $is_user_allowed == 2 )
- {
- echo "<a href=\"".add_session_id_to_url( "./admin.php?page=perm&amp;cat_id=".$page['id_uppercat'] )."\"><span style=\"color:red;\">".$lang['permuser_parent_forbidden']."</span></a>";
- }
- else
- {
- echo"
- <input type=\"radio\" name=\"acces-".$row['id']."\" value=\"0\" checked=\"checked\"/>".$lang['permuser_authorized']."
- <input type=\"radio\" name=\"acces-".$row['id']."\" value=\"1\"";
- if ( $is_user_allowed == 1 )
- {
- echo" checked=\"checked\"";
- }
- echo"/>".$lang['permuser_forbidden'];
- }
- echo"
- </td>
- </tr>";
- $i++;
- }
- echo"
- <tr>
- <td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"submit\" value=\"".$lang['submit']."\"/></td>
- </tr>
- </table>
- </form>";
- }
- }
-?> \ No newline at end of file
diff --git a/admin/user_list.php b/admin/user_list.php
index d4289489d..766bfc310 100644
--- a/admin/user_list.php
+++ b/admin/user_list.php
@@ -17,32 +17,18 @@
include_once( './include/isadmin.inc.php' );
//----------------------------------------------------- template initialization
$sub = $vtp->Open( '../template/'.$user['template'].'/admin/user_list.vtp' );
-// language
-$vtp->setGlobalVar( $sub, 'listuser_confirm', $lang['listuser_confirm'] );
-$vtp->setGlobalVar( $sub, 'listuser_modify_hint',
- $lang['listuser_modify_hint'] );
-$vtp->setGlobalVar( $sub, 'listuser_modify', $lang['listuser_modify'] );
-$vtp->setGlobalVar( $sub, 'listuser_permission',
- $lang['listuser_permission'] );
-$vtp->setGlobalVar( $sub, 'listuser_permission_hint',
- $lang['listuser_permission_hint'] );
-$vtp->setGlobalVar( $sub, 'listuser_delete_hint',
- $lang['listuser_delete_hint'] );
-$vtp->setGlobalVar( $sub, 'listuser_delete', $lang['listuser_delete'] );
-$vtp->setGlobalVar( $sub, 'yes', $lang['yes'] );
-$vtp->setGlobalVar( $sub, 'no', $lang['no'] );
-$vtp->setGlobalVar( $sub, 'listuser_button_all',
- $lang['listuser_button_all'] );
-$vtp->setGlobalVar( $sub, 'listuser_button_invert',
- $lang['listuser_button_invert'] );
-$vtp->setGlobalVar( $sub, 'listuser_button_create_address',
- $lang['listuser_button_create_address'] );
+$tpl = array( 'listuser_confirm','listuser_modify_hint','listuser_modify',
+ 'listuser_permission','listuser_permission_hint',
+ 'listuser_delete_hint','listuser_delete','yes','no',
+ 'listuser_button_all','listuser_button_invert',
+ 'listuser_button_create_address' );
+templatize_array( $tpl, 'lang', $sub );
//--------------------------------------------------------------- delete a user
if ( isset ( $_GET['delete'] ) and is_numeric( $_GET['delete'] ) )
{
- $query = 'select username';
- $query.= ' from '.PREFIX_TABLE.'users';
- $query.= ' where id = '.$_GET['delete'];
+ $query = 'SELECT username';
+ $query.= ' FROM '.PREFIX_TABLE.'users';
+ $query.= ' WHERE id = '.$_GET['delete'];
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
// confirm user deletion ?
@@ -64,9 +50,9 @@ if ( isset ( $_GET['delete'] ) and is_numeric( $_GET['delete'] ) )
if ( $row['username'] != 'guest'
and $row['username'] != $conf['webmaster'] )
{
- $query = 'select count(*) as nb_result';
- $query.= ' from '.PREFIX_TABLE.'users';
- $query.= ' where id = '.$_GET['delete'];
+ $query = 'SELECT COUNT(*) AS nb_result';
+ $query.= ' FROM '.PREFIX_TABLE.'users';
+ $query.= ' WHERE id = '.$_GET['delete'];
$query.= ';';
$row2 = mysql_fetch_array( mysql_query( $query ) );
if ( $row2['nb_result'] > 0 )
@@ -102,9 +88,9 @@ else
}
$vtp->setVar( $sub, 'users.form_action', $action );
- $query = 'select id,username,status,mail_address';
- $query.= ' from '.PREFIX_TABLE.'users';
- $query.= ' order by status asc, username asc';
+ $query = 'SELECT id,username,status,mail_address';
+ $query.= ' FROM '.PREFIX_TABLE.'users';
+ $query.= ' ORDER BY status ASC, username ASC';
$query.= ';';
$result = mysql_query( $query );
@@ -122,16 +108,8 @@ else
$title = $lang['listuser_user_group'].' ';
switch ( $row['status'] )
{
- case 'admin' :
- {
- $title.= $lang['adduser_status_admin'];
- break;
- }
- case 'guest' :
- {
- $title.= $lang['adduser_status_guest'];
- break;
- }
+ case 'admin' : $title.= $lang['adduser_status_admin']; break;
+ case 'guest' : $title.= $lang['adduser_status_guest']; break;
}
$vtp->setVar( $sub, 'category.title', $title );
$current_status = $row['status'];
@@ -152,9 +130,6 @@ else
if ( $row['username'] == 'guest' )
{
$vtp->setVar( $sub, 'user.color', 'green' );
- }
- if ( $row['username'] == 'guest' )
- {
$vtp->setVar( $sub, 'user.login', $lang['guest'] );
}
else
@@ -179,7 +154,8 @@ else
$vtp->closeSession( $sub, 'modify' );
}
// manage permission or not ?
- if ( $row['username'] == $conf['webmaster'] )
+ if ( $row['username'] == $conf['webmaster']
+ and $user['username'] != $conf['webmaster'] )
{
$vtp->addSession( $sub, 'not_permission' );
$vtp->closeSession( $sub, 'not_permission' );
@@ -187,7 +163,7 @@ else
else
{
$vtp->addSession( $sub, 'permission' );
- $url = './admin.php?page=perm&amp;user_id='.$row['id'];
+ $url = './admin.php?page=user_perm&amp;user_id='.$row['id'];
$vtp->setVar( $sub, 'permission.url', add_session_id( $url ) );
$vtp->setVar( $sub, 'permission.login', $row['username'] );
$vtp->closeSession( $sub, 'permission' );
@@ -215,9 +191,8 @@ else
{
$mail_address = array();
$i = 0;
- $query = 'select';
- $query.= ' id,mail_address';
- $query.= ' from '.PREFIX_TABLE.'users';
+ $query = 'SELECT id,mail_address';
+ $query.= ' FROM '.PREFIX_TABLE.'users';
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
diff --git a/admin/user_modify.php b/admin/user_modify.php
index 4989c31e2..792eef16b 100644
--- a/admin/user_modify.php
+++ b/admin/user_modify.php
@@ -20,7 +20,8 @@ $sub = $vtp->Open( '../template/'.$user['template'].'/admin/user_modify.vtp' );
$error = array();
$tpl = array( 'adduser_info_message', 'adduser_info_back', 'adduser_fill_form',
'login', 'new', 'password', 'mail_address', 'adduser_status',
- 'submit', 'adduser_info_password_updated' );
+ 'submit', 'adduser_info_password_updated','menu_groups',
+ 'dissociate','adduser_associate' );
templatize_array( $tpl, 'lang', $sub );
//--------------------------------------------------------- form criteria check
$error = array();
@@ -34,7 +35,9 @@ $query.= ' from '.PREFIX_TABLE.'users';
$query.= ' where id = '.$_GET['user_id'];
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
-
+$page['username'] = $row['username'];
+$page['status'] = $row['status'];
+$page['mail_address'] = $row['mail_address'];
// user is not modifiable if :
// 1. the selected user is the user "guest"
// 2. the selected user is the webmaster and the user making the modification
@@ -66,6 +69,34 @@ if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) )
$_POST['status'], $use_new_password,
$_POST['password'] ) );
}
+// association with groups management
+if ( isset( $_POST['submit'] ) )
+{
+ // deletion of checked groups
+ $query = 'SELECT id,name';
+ $query.= ' FROM '.PREFIX_TABLE.'groups';
+ $query.= ' ORDER BY id ASC';
+ $query.= ';';
+ $result = mysql_query( $query );
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ $dissociate = 'dissociate-'.$row['id'];
+ if ( $_POST[$dissociate] == 1 )
+ {
+ $query = 'DELETE FROM '.PREFIX_TABLE.'user_group';
+ $query.= ' WHERE user_id = '.$_GET['user_id'];
+ $query.= ' AND group_id ='.$row['id'];
+ $query.= ';';
+ mysql_query( $query );
+ }
+ }
+ // create a new association between the user and a group
+ $query = 'INSERT INTO '.PREFIX_TABLE.'user_group';
+ $query.= ' (user_id,group_id) VALUES';
+ $query.= ' ('.$_GET['user_id'].','.$_POST['associate'].')';
+ $query.= ';';
+ mysql_query( $query );
+}
//-------------------------------------------------------------- errors display
if ( sizeof( $error ) != 0 )
{
@@ -82,7 +113,7 @@ if ( sizeof( $error ) != 0 )
if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) )
{
$vtp->addSession( $sub, 'confirmation' );
- $vtp->setVar( $sub, 'confirmation.username', $row['username'] );
+ $vtp->setVar( $sub, 'confirmation.username', $page['username'] );
$url = add_session_id( './admin.php?page=user_list' );
$vtp->setVar( $sub, 'confirmation.url', $url );
$vtp->closeSession( $sub, 'confirmation' );
@@ -91,7 +122,6 @@ if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) )
$vtp->addSession( $sub, 'password_updated' );
$vtp->closeSession( $sub, 'password_updated' );
}
- $display_form = false;
}
//------------------------------------------------------------------------ form
if ( $display_form )
@@ -99,13 +129,15 @@ if ( $display_form )
$vtp->addSession( $sub, 'form' );
$action = './admin.php?page=user_modify&amp;user_id='.$_GET['user_id'];
$vtp->setVar( $sub, 'form.form_action', add_session_id( $action ) );
- $vtp->setVar( $sub, 'form.user:username', $row['username'] );
- $vtp->setVar( $sub, 'form.user:password', $_POST['password'] );
- $vtp->setVar( $sub, 'form.user:mail_address', $_POST['mail_address'] );
-
- if ( !isset( $_POST['status'] ) )
+ $vtp->setVar( $sub, 'form.user:username', $page['username'] );
+ if ( isset( $_POST['mail_address'] ) )
+ {
+ $page['mail_address'] = $_POST['mail_address'];
+ }
+ $vtp->setVar( $sub, 'form.user:mail_address', $page['mail_address'] );
+ if ( isset( $_POST['status'] ) )
{
- $_POST['status'] = 'guest';
+ $page['status'] = $_POST['status'];
}
$option = get_enums( PREFIX_TABLE.'users', 'status' );
for ( $i = 0; $i < sizeof( $option ); $i++ )
@@ -114,12 +146,55 @@ if ( $display_form )
$vtp->setVar( $sub, 'status_option.value', $option[$i] );
$vtp->setVar( $sub, 'status_option.option',
$lang['adduser_status_'.$option[$i]] );
- if( $option[$i] == $_POST['status'] )
+ if( $option[$i] == $page['status'] )
{
$vtp->setVar( $sub, 'status_option.selected', ' selected="selected"' );
}
$vtp->closeSession( $sub, 'status_option' );
}
+ // groups linked with this user
+ $query = 'SELECT id,name';
+ $query.= ' FROM '.PREFIX_TABLE.'user_group, '.PREFIX_TABLE.'groups';
+ $query.= ' WHERE group_id = id';
+ $query.= ' AND user_id = '.$_GET['user_id'];
+ $query.= ';';
+ $result = mysql_query( $query );
+ $user_groups = array();
+ if ( mysql_num_rows( $result ) > 0 )
+ {
+ $vtp->addSession( $sub, 'groups' );
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ $vtp->addSession( $sub, 'group' );
+ $vtp->setVar( $sub, 'group.name', $row['name'] );
+ $vtp->setVar( $sub, 'group.dissociate_id', $row['id'] );
+ $vtp->closeSession( $sub, 'group' );
+ array_push( $user_groups, $row['id'] );
+ }
+ $vtp->closeSession( $sub, 'groups' );
+ }
+ // empty group not to take into account
+ $vtp->addSession( $sub, 'associate_group' );
+ $vtp->setVar( $sub, 'associate_group.value', 'undef' );
+ $vtp->setVar( $sub, 'associate_group.option', '' );
+ $vtp->closeSession( $sub, 'associate_group' );
+ // groups not linked yet to the user
+ $query = 'SELECT id,name';
+ $query.= ' FROM '.PREFIX_TABLE.'groups';
+ $query.= ' ORDER BY id ASC';
+ $query.= ';';
+ $result = mysql_query( $query );
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ if ( !in_array( $row['id'], $user_groups ) )
+ {
+ $vtp->addSession( $sub, 'associate_group' );
+ $vtp->setVar( $sub, 'associate_group.value', $row['id'] );
+ $vtp->setVar( $sub, 'associate_group.option', $row['name'] );
+ $vtp->closeSession( $sub, 'associate_group' );
+ }
+ }
+
$url = add_session_id( './admin.php?page=user_list' );
$vtp->setVar( $sub, 'form.url_back', $url );
$vtp->closeSession( $sub, 'form' );
diff --git a/admin/user_perm.php b/admin/user_perm.php
new file mode 100644
index 000000000..081560c54
--- /dev/null
+++ b/admin/user_perm.php
@@ -0,0 +1,174 @@
+<?php
+/***************************************************************************
+ * user_perm.php *
+ * ------------------ *
+ * application : PhpWebGallery 1.3 *
+ * author : Pierrick LE GALL <pierrick@z0rglub.com> *
+ * *
+ ***************************************************************************/
+
+/***************************************************************************
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; *
+ * *
+ ***************************************************************************/
+include_once( './include/isadmin.inc.php' );
+//----------------------------------------------------- template initialization
+$sub = $vtp->Open( '../template/'.$user['template'].'/admin/user_perm.vtp' );
+$error = array();
+$tpl = array( 'permuser_authorized','permuser_forbidden','submit',
+ 'permuser_parent_forbidden','permuser_info_message',
+ 'adduser_info_back' );
+templatize_array( $tpl, 'lang', $sub );
+//--------------------------------------------------------------------- updates
+if ( isset( $_POST['submit'] ) )
+{
+ // cleaning the user_access table for this user
+ $query = 'DELETE FROM '.PREFIX_TABLE.'user_access';
+ $query.= ' WHERE user_id = '.$_GET['user_id'];
+ $query.= ';';
+ mysql_query( $query );
+ // selecting all private categories
+ $query = 'SELECT id';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
+ $query.= " WHERE status = 'private'";
+ $query.= ';';
+ $result = mysql_query( $query );
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ $radioname = 'access-'.$row['id'];
+ if ( $_POST[$radioname] == 0 )
+ {
+ $query = 'INSERT INTO '.PREFIX_TABLE.'user_access';
+ $query.= ' (user_id,cat_id) VALUES';
+ $query.= ' ('.$_GET['user_id'].','.$row['id'].')';
+ $query.= ';';
+ mysql_query ( $query );
+ }
+ }
+ check_favorites( $_GET['user_id'] );
+ $vtp->addSession( $sub, 'confirmation' );
+ $url = './admin.php?page=user_list';
+ $vtp->setVar( $sub, 'confirmation.back_url', add_session_id( $url ) );
+ $vtp->closeSession( $sub, 'confirmation' );
+}
+//---------------------------------------------------------------- form display
+$restrictions = get_restrictions( $_GET['user_id'], $page['user_status'],
+ false, false );
+$action = './admin.php?page=user_perm&amp;user_id='.$_GET['user_id'];
+$vtp->setVar( $sub, 'action', add_session_id( $action ) );
+// Association of group_ids with group_names -> caching informations
+$query = 'SELECT id,name';
+$query.= ' FROM '.PREFIX_TABLE.'groups';
+$query.= ';';
+$result = mysql_query( $query );
+$groups = array();
+while ( $row = mysql_fetch_array( $result ) )
+{
+ $groups[$row['id']] = $row['name'];
+}
+// Listing of groups the user belongs to
+$query = 'SELECT ug.group_id as groupid';
+$query.= ' FROM '.PREFIX_TABLE.'user_group as ug';
+$query.= ' WHERE user_id = '.$_GET['user_id'];
+$query.= ';';
+$result = mysql_query( $query );
+$usergroups = array();
+while ( $row = mysql_fetch_array( $result ) )
+{
+ array_push( $usergroups, $row['groupid'] );
+}
+// only private categories are listed
+$query = 'SELECT id';
+$query.= ' FROM '.PREFIX_TABLE.'categories';
+$query.= " WHERE status = 'private'";
+$query.= ';';
+$result = mysql_query( $query );
+while ( $row = mysql_fetch_array( $result ) )
+{
+ $vtp->addSession( $sub, 'category' );
+ $vtp->setVar( $sub, 'category.id', $row['id'] );
+ // we have to know whether the user is authorized to access this
+ // category. The category can be accessible for this user thanks to his
+ // personnal access rights OR thanks to the access rights of a group he
+ // belongs to.
+ // 1. group access :
+ // retrieving all authorized groups for this category and for this user
+ $query = 'SELECT ga.group_id as groupid';
+ $query.= ' FROM '.PREFIX_TABLE.'group_access as ga';
+ $query.= ', '.PREFIX_TABLE.'user_group as ug';
+ $query.= ' WHERE ga.group_id = ug.group_id';
+ $query.= ' AND ug.user_id = '.$_GET['user_id'];
+ $query.= ' AND cat_id = '.$row['id'];
+ $query.= ';';
+ $subresult = mysql_query( $query );
+ $authorized_groups = array();
+ while ( $subrow = mysql_fetch_array( $subresult ) )
+ {
+ array_push( $authorized_groups, $subrow['groupid'] );
+ }
+ // 2. personnal access
+ $is_user_allowed = is_user_allowed( $row['id'], $restrictions );
+ // link to the category permission management
+ $url = './admin.php?page=cat_perm&amp;cat_id='.$row['id'];
+ $vtp->setVar( $sub, 'category.cat_perm_link', add_session_id( $url ) );
+ // color of the category : green if the user is allowed by himself or
+ // thanks to a group he belongs to
+ if ( $is_user_allowed == 0 or count( $authorized_groups ) > 0 )
+ {
+ $vtp->setVar( $sub, 'category.color', 'green' );
+ }
+ else
+ {
+ $vtp->setVar( $sub, 'category.color', 'red' );
+ }
+ // category name
+ $cat_infos = get_cat_info( $row['id'] );
+ $name = get_cat_display_name( $cat_infos['name'],' &gt; ',
+ 'font-weight:bold;' );
+ $vtp->setVar( $sub, 'category.name', $name );
+ // usergroups
+ if ( count( $usergroups ) > 0 )
+ {
+ $vtp->addSession( $sub, 'usergroups' );
+ foreach ( $usergroups as $i => $usergroup ) {
+ $vtp->addSession( $sub, 'usergroup' );
+ $vtp->setVar( $sub, 'usergroup.name', $groups[$usergroup] );
+ if ( in_array( $usergroup, $authorized_groups ) )
+ {
+ $vtp->setVar( $sub, 'usergroup.color', 'green' );
+ }
+ else
+ {
+ $vtp->setVar( $sub, 'usergroup.color', 'red' );
+ }
+ if ( $i < count( $usergroups ) - 1 )
+ {
+ $vtp->setVar( $sub, 'usergroup.separation', ',' );
+ }
+ $vtp->closeSession( $sub, 'usergroup' );
+ }
+ $vtp->closeSession( $sub, 'usergroups' );
+ }
+ // any subcat forbidden for this user ?
+ if ( $is_user_allowed == 2 )
+ {
+ $vtp->addSession( $sub, 'parent_forbidden' );
+ $vtp->closeSession( $sub, 'parent_forbidden' );
+ }
+ // personnal forbidden or authorized access ?
+ if ( $is_user_allowed == 0 )
+ {
+ $vtp->setVar( $sub, 'category.authorized_checked', ' checked="checked"' );
+ }
+ else
+ {
+ $vtp->setVar( $sub, 'category.forbidden_checked', ' checked="checked"' );
+ }
+ $vtp->closeSession( $sub, 'category' );
+}
+//----------------------------------------------------------- sending html code
+$vtp->Parse( $handle , 'sub', $sub );
+?> \ No newline at end of file
diff --git a/include/config.inc.php b/include/config.inc.php
index f52996b9f..7df262d11 100644
--- a/include/config.inc.php
+++ b/include/config.inc.php
@@ -20,8 +20,8 @@ $page = array();
$user = array();
$lang = array();
-include_once( PREFIXE_INCLUDE.'./include/functions.inc.php' );
-include_once( PREFIXE_INCLUDE.'./include/vtemplate.class.php' );
+include_once( PREFIX_INCLUDE.'./include/functions.inc.php' );
+include_once( PREFIX_INCLUDE.'./include/vtemplate.class.php' );
// How to change the order of display for images in a category ?
//
diff --git a/include/functions.inc.php b/include/functions.inc.php
index eb8571e86..ec9081dce 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -18,6 +18,7 @@ include( 'functions_user.inc.php' );
include( 'functions_session.inc.php' );
include( 'functions_category.inc.php' );
include( 'functions_xml.inc.php' );
+include( 'functions_group.inc.php' );
//----------------------------------------------------------- generic functions
@@ -319,22 +320,22 @@ function replace_search( $string, $search )
function database_connection()
{
- // $cfgHote,$cfgUser,$cfgPassword,$cfgBase;
+// $xml_content = getXmlCode( PREFIXE_INCLUDE.'./include/database_config.xml' );
+// $mysql_conf = getChild( $xml_content, 'mysql' );
- $xml_content = getXmlCode( PREFIXE_INCLUDE.'./include/database_config.xml' );
- $mysql_conf = getChild( $xml_content, 'mysql' );
+// $cfgHote = getAttribute( $mysql_conf, 'host' );
+// $cfgUser = getAttribute( $mysql_conf, 'user' );
+// $cfgPassword = getAttribute( $mysql_conf, 'password' );
+// $cfgBase = getAttribute( $mysql_conf, 'base' );
+// define( PREFIX_TABLE, getAttribute( $mysql_conf, 'tablePrefix' ) );
- $cfgHote = getAttribute( $mysql_conf, 'host' );
- $cfgUser = getAttribute( $mysql_conf, 'user' );
- $cfgPassword = getAttribute( $mysql_conf, 'password' );
- $cfgBase = getAttribute( $mysql_conf, 'base' );
+ include( PREFIX_INCLUDE.'./include/mysql.inc.php' );
+ define( PREFIX_TABLE, $prefix_table );
@mysql_connect( $cfgHote, $cfgUser, $cfgPassword )
or die ( "Could not connect to server" );
@mysql_select_db( $cfgBase )
or die ( "Could not connect to database" );
-
- define( PREFIX_TABLE, getAttribute( $mysql_conf, 'tablePrefix' ) );
}
function pwg_log( $file, $category, $picture = '' )
diff --git a/include/functions_category.inc.php b/include/functions_category.inc.php
index 21de2ad71..de868db82 100644
--- a/include/functions_category.inc.php
+++ b/include/functions_category.inc.php
@@ -14,27 +14,25 @@
* the Free Software Foundation; *
* *
***************************************************************************/
+
function get_subcats_id( $cat_id )
{
- $restricted_cat = array();
- $i = 0;
+ $restricted_cats = array();
- $query = 'select id';
- $query.= ' from '.PREFIX_TABLE.'categories';
- $query.= ' where id_uppercat = '.$cat_id;
+ $query = 'SELECT id';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
+ $query.= ' WHERE id_uppercat = '.$cat_id;
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
- $restricted_cat[$i++] = $row['id'];
- $sub_restricted_cat = get_subcats_id( $row['id'] );
- for ( $j = 0; $j < sizeof( $sub_restricted_cat ); $j++ )
- {
- $restricted_cat[$i++] = $sub_restricted_cat[$j];
+ array_push( $restricted_cats, $row['id'] );
+ $sub_restricted_cats = get_subcats_id( $row['id'] );
+ foreach ( $sub_restricted_cats as $sub_restricted_cat ) {
+ array_push( $restricted_cats, $sub_restricted_cat );
}
}
-
- return $restricted_cat;
+ return $restricted_cats;
}
function check_restrictions( $category_id )
diff --git a/include/functions_group.inc.php b/include/functions_group.inc.php
new file mode 100644
index 000000000..f8987ab29
--- /dev/null
+++ b/include/functions_group.inc.php
@@ -0,0 +1,104 @@
+<?php
+/***************************************************************************
+ * functions_group.inc.php *
+ * -------------------- *
+ * application : PhpWebGallery 1.3 *
+ * author : Pierrick LE GALL <pierrick@z0rglub.com> *
+ * *
+ ***************************************************************************
+
+ ***************************************************************************
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; *
+ * *
+ ***************************************************************************/
+
+// get_group_restrictions returns an array containing all unaccessible
+// category ids.
+function get_group_restrictions( $group_id )
+{
+ // 1. retrieving ids of private categories
+ $query = 'SELECT id';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
+ $query.= " WHERE status = 'private'";
+ $query.= ';';
+ $result = mysql_query( $query );
+ $privates = array();
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ array_push( $privates, $row['id'] );
+ }
+ // 2. retrieving all authorized categories for the group
+ $authorized = array();
+ $query = 'SELECT cat_id';
+ $query.= ' FROM '.PREFIX_TABLE.'group_access';
+ $query.= ' WHERE group_id = '.$group_id;
+ $query.= ';';
+ $result = mysql_query( $query );
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ array_push( $authorized, $row['cat_id'] );
+ }
+
+ $forbidden = array();
+ foreach ( $privates as $private ) {
+ if ( !in_array( $private, $authorized ) )
+ {
+ array_push( $forbidden, $private );
+ }
+ }
+
+ return $forbidden;
+}
+
+// get_all_group_restrictions returns an array with ALL unaccessible
+// category ids, including sub-categories
+function get_all_group_restrictions( $group_id )
+{
+ $restricted_cats = get_group_restrictions( $group_id );
+ foreach ( $restricted_cats as $restricted_cat ) {
+ $sub_restricted_cats = get_subcats_id( $restricted_cat );
+ foreach ( $sub_restricted_cats as $sub_restricted_cat ) {
+ array_push( $restricted_cats, $sub_restricted_cat );
+ }
+ }
+ return $restricted_cats;
+}
+
+// The function is_group_allowed returns :
+// - 0 : if the category is allowed with this $restrictions array
+// - 1 : if this category is not allowed
+// - 2 : if an uppercat category is not allowed
+function is_group_allowed( $category_id, $restrictions )
+{
+ $lowest_category_id = $category_id;
+
+ $is_root = false;
+ while ( !$is_root and !in_array( $category_id, $restrictions ) )
+ {
+ $query = 'SELECT id_uppercat';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
+ $query.= ' WHERE id = '.$category_id;
+ $query.= ';';
+ $row = mysql_fetch_array( mysql_query( $query ) );
+ if ( $row['id_uppercat'] == '' )
+ {
+ $is_root = true;
+ }
+ $category_id = $row['id_uppercat'];
+ }
+
+ if ( in_array( $lowest_category_id, $restrictions ) )
+ {
+ return 1;
+ }
+ if ( in_array( $category_id, $restrictions ) )
+ {
+ return 2;
+ }
+ // this group is allowed to go in this category
+ return 0;
+}
+?> \ No newline at end of file
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index dcb569485..0f286b970 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -144,22 +144,22 @@ function register_user(
$query.= ');';
mysql_query( $query );
// 3. retrieving the id of the newly created user
- $query = 'select id';
- $query.= ' from '.PREFIX_TABLE.'users';
- $query.= " where username = '".$login."';";
+ $query = 'SELECT id';
+ $query.= ' FROM '.PREFIX_TABLE.'users';
+ $query.= " WHERE username = '".$login."';";
$row = mysql_fetch_array( mysql_query( $query ) );
$user_id = $row['id'];
- // 4. adding restrictions to the new user, the same as the user "guest"
- $query = 'select cat_id';
- $query.= ' from '.PREFIX_TABLE.'restrictions as r';
+ // 4. adding access to the new user, the same as the user "guest"
+ $query = 'SELECT cat_id';
+ $query.= ' FROM '.PREFIX_TABLE.'user_access as ua';
$query.= ','.PREFIX_TABLE.'users as u ';
- $query.= ' where u.id = r.user_id';
+ $query.= ' where u.id = ua.user_id';
$query.= " and u.username = 'guest';";
$result = mysql_query( $query );
while( $row = mysql_fetch_array( $result ) )
{
- $query = 'insert into '.PREFIX_TABLE.'restrictions';
- $query.= ' (user_id,cat_id) values';
+ $query = 'INSERT INTO '.PREFIX_TABLE.'user_access';
+ $query.= ' (user_id,cat_id) VALUES';
$query.= ' ('.$user_id.','.$row['cat_id'].');';
mysql_query ( $query );
}
@@ -181,8 +181,8 @@ function update_user( $user_id, $mail_address, $status,
if ( sizeof( $error ) == 0 )
{
- $query = 'update '.PREFIX_TABLE.'users';
- $query.= " set status = '".$status."'";
+ $query = 'UPDATE '.PREFIX_TABLE.'users';
+ $query.= " SET status = '".$status."'";
if ( $use_new_password )
{
$query.= ", password = '".md5( $password )."'";
@@ -196,9 +196,8 @@ function update_user( $user_id, $mail_address, $status,
{
$query.= 'NULL';
}
- $query.= ' where id = '.$user_id;
+ $query.= ' WHERE id = '.$user_id;
$query.= ';';
- echo $query;
mysql_query( $query );
}
return $error;
@@ -209,7 +208,7 @@ function check_login_authorization()
global $user,$lang,$conf,$page;
if ( $user['is_the_guest']
- and ( $conf['acces'] == 'restreint' or $page['cat'] == 'fav' ) )
+ and ( $conf['access'] == 'restricted' or $page['cat'] == 'fav' ) )
{
echo '<div style="text-align:center;">'.$lang['only_members'].'<br />';
echo '<a href="./identification.php">'.$lang['ident_title'].'</a></div>';
@@ -221,36 +220,75 @@ function check_login_authorization()
// restricted categories for the user.
// If the $check_invisible parameter is set to true, invisible categories
// are added to the restricted one in the array.
-function get_restrictions( $user_id, $user_status, $check_invisible )
+function get_restrictions( $user_id, $user_status,
+ $check_invisible, $use_groups = true )
{
- // 1. getting the ids of the restricted categories
+ // 1. retrieving ids of private categories
+ $query = 'SELECT id';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
+ $query.= " WHERE status = 'private'";
+ $query.= ';';
+ $result = mysql_query( $query );
+ $privates = array();
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ array_push( $privates, $row['id'] );
+ }
+ // 2. retrieving all authorized categories for the user
+ $authorized = array();
+ // 2.1. retrieving authorized categories thanks to personnal user
+ // authorization
$query = 'SELECT cat_id';
- $query.= ' FROM '.PREFIX_TABLE.'restrictions';
+ $query.= ' FROM '.PREFIX_TABLE.'user_access';
$query.= ' WHERE user_id = '.$user_id;
$query.= ';';
$result = mysql_query( $query );
-
- $restriction = array();
while ( $row = mysql_fetch_array( $result ) )
{
- array_push( $restriction, $row['cat_id'] );
+ array_push( $authorized, $row['cat_id'] );
}
+ // 2.2. retrieving authorized categories thanks to group authorization to
+ // which the user is a member
+ if ( $use_groups )
+ {
+ $query = 'SELECT ga.cat_id';
+ $query.= ' FROM '.PREFIX_TABLE.'user_group as ug';
+ $query.= ', '.PREFIX_TABLE.'group_access as ga';
+ $query.= ' WHERE ug.group_id = ga.group_id';
+ $query.= ' AND ug.user_id = '.$user_id;
+ $query.= ';';
+ $result = mysql_query( $query );
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ array_push( $authorized, $row['cat_id'] );
+ }
+ $authorized = array_unique( $authorized );
+ }
+
+ $forbidden = array();
+ foreach ( $privates as $private ) {
+ if ( !in_array( $private, $authorized ) )
+ {
+ array_push( $forbidden, $private );
+ }
+ }
+
if ( $check_invisible )
{
- // 2. adding to the restricted categories, the invisible ones
+ // 3. adding to the restricted categories, the invisible ones
if ( $user_status != 'admin' )
{
$query = 'SELECT id';
$query.= ' FROM '.PREFIX_TABLE.'categories';
- $query.= " WHERE status = 'invisible';";
+ $query.= " WHERE visible = 'false';";
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
- array_push( $restriction, $row['id'] );
+ array_push( $forbidden, $row['id'] );
}
}
}
- return $restriction;
+ return array_unique( $forbidden );
}
// The get_all_restrictions function returns an array with all the
@@ -258,17 +296,14 @@ function get_restrictions( $user_id, $user_status, $check_invisible )
// sub-categories and invisible categories
function get_all_restrictions( $user_id, $user_status )
{
- $restricted_cat = get_restrictions( $user_id, $user_status, true );
- $i = sizeof( $restricted_cat );
- for ( $k = 0; $k < sizeof( $restricted_cat ); $k++ )
- {
- $sub_restricted_cat = get_subcats_id( $restricted_cat[$k] );
- for ( $j = 0; $j < sizeof( $sub_restricted_cat ); $j++ )
- {
- $restricted_cat[$i++] = $sub_restricted_cat[$j];
+ $restricted_cats = get_restrictions( $user_id, $user_status, true );
+ foreach ( $restricted_cats as $restricted_cat ) {
+ $sub_restricted_cats = get_subcats_id( $restricted_cat );
+ foreach ( $sub_restricted_cats as $sub_restricted_cat ) {
+ array_push( $restricted_cats, $sub_restricted_cat );
}
}
- return $restricted_cat;
+ return $restricted_cats;
}
// The function is_user_allowed returns :
@@ -277,19 +312,17 @@ function get_all_restrictions( $user_id, $user_status )
// - 2 : if an uppercat category is not allowed
function is_user_allowed( $category_id, $restrictions )
{
- global $user;
-
$lowest_category_id = $category_id;
$is_root = false;
while ( !$is_root and !in_array( $category_id, $restrictions ) )
{
- $query = 'select id_uppercat';
- $query.= ' from '.PREFIX_TABLE.'categories';
- $query.= ' where id = '.$category_id;
+ $query = 'SELECT id_uppercat';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
+ $query.= ' WHERE id = '.$category_id;
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
- if ( $row['id_uppercat'] == "" )
+ if ( $row['id_uppercat'] == '' )
{
$is_root = true;
}
diff --git a/include/functions_xml.inc.php b/include/functions_xml.inc.php
index 1919608ad..61ed5d0f9 100644
--- a/include/functions_xml.inc.php
+++ b/include/functions_xml.inc.php
@@ -18,7 +18,6 @@
//------------------------------------------------------------------ constantes
define( ATT_REG, '\w+' );
define( VAL_REG, '[^"]*' );
-
//------------------------------------------------------------------- functions
// getContent returns the content of a tag
//
@@ -32,15 +31,15 @@ function getContent( $element )
// deleting start of the tag
$content = preg_replace( '/^<[^>]+>/', '', $element );
// deleting end of the tag
- $content = preg_replace( '/<\/\w+>$/', '', $content );
+ $content = preg_replace( '/<\/[^>]+>$/', '', $content );
// replacing multiple instance of space character
$content = preg_replace( '/\s+/', ' ', $content );
return $content;
}
-// The function get Attribute returns the value corresponding to the attribute
-// $attribute for the tag $element.
+// The function get Attribute returns the value corresponding to the
+// attribute $attribute for the tag $element.
function getAttribute( $element, $attribute )
{
$regex = '/^<\w+[^>]*'.$attribute.'\s*=\s*"('.VAL_REG.')"/i';
diff --git a/include/init.inc.php b/include/init.inc.php
index 21a3ac8b0..ad25a679b 100644
--- a/include/init.inc.php
+++ b/include/init.inc.php
@@ -14,8 +14,8 @@
* the Free Software Foundation; *
* *
***************************************************************************/
-define( PREFIXE_INCLUDE, '' );
-
+define( PREFIX_INCLUDE, '' );
+
include_once( './include/config.inc.php' );
include_once( './include/user.inc.php' );
diff --git a/include/user.inc.php b/include/user.inc.php
index 6447b220e..8efd8219f 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -24,7 +24,7 @@ $infos = array( 'id', 'username', 'mail_address', 'nb_image_line',
'maxheight', 'expand', 'show_nb_comments', 'short_period',
'long_period', 'template' );
-$query_user = 'select';
+$query_user = 'SELECT';
for ( $i = 0; $i < sizeof( $infos ); $i++ )
{
if ( $i > 0 )
@@ -37,16 +37,16 @@ for ( $i = 0; $i < sizeof( $infos ); $i++ )
}
$query_user.= $infos[$i];
}
-$query_user.= ' from '.PREFIX_TABLE.'users';
+$query_user.= ' FROM '.PREFIX_TABLE.'users';
$query_done = false;
$user['is_the_guest'] = false;
if ( isset( $_GET['id'] )
&& ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $_GET['id'] ) )
{
$page['session_id'] = $_GET['id'];
- $query = 'select user_id,expiration,ip';
- $query.= ' from '.PREFIX_TABLE.'sessions';
- $query.= " where id = '".$_GET['id']."'";
+ $query = 'SELECT user_id,expiration,ip';
+ $query.= ' FROM '.PREFIX_TABLE.'sessions';
+ $query.= " WHERE id = '".$_GET['id']."'";
$query.= ';';
$result = mysql_query( $query );
if ( mysql_num_rows( $result ) > 0 )
@@ -56,8 +56,8 @@ if ( isset( $_GET['id'] )
{
// deletion of the session from the database,
// because it is out-of-date
- $delete_query = 'delete from '.PREFIX_TABLE.'sessions';
- $delete_query.= " where id = '".$page['session_id']."'";
+ $delete_query = 'DELETE FROM '.PREFIX_TABLE.'sessions';
+ $delete_query.= " WHERE id = '".$page['session_id']."'";
$delete_query.= ';';
mysql_query( $delete_query );
}
@@ -65,7 +65,7 @@ if ( isset( $_GET['id'] )
{
if ( $_SERVER['REMOTE_ADDR'] == $row['ip'] )
{
- $query_user .= ' where id = '.$row['user_id'];
+ $query_user .= ' WHERE id = '.$row['user_id'];
$query_done = true;
}
}
@@ -73,7 +73,7 @@ if ( isset( $_GET['id'] )
}
if ( !$query_done )
{
- $query_user .= ' where id = 2';
+ $query_user .= ' WHERE id = 2';
$user['is_the_guest'] = true;
}
$query_user .= ';';
@@ -82,14 +82,13 @@ $row = mysql_fetch_array( mysql_query( $query_user ) );
// affectation of each value retrieved in the users table into a variable
// of the array $user.
-for ( $i = 0; $i < sizeof( $infos ); $i++ )
-{
- $user[$infos[$i]] = $row[$infos[$i]];
+foreach ( $infos as $info ) {
+ $user[$info] = $row[$info];
// If the field is true or false, the variable is transformed into a
// boolean value.
- if ( $row[$infos[$i]] == 'true' || $row[$infos[$i]] == 'false' )
+ if ( $row[$info] == 'true' or $row[$info] == 'false' )
{
- $user[$infos[$i]] = get_boolean( $row[$infos[$i]] );
+ $user[$info] = get_boolean( $row[$info] );
}
}
?> \ No newline at end of file
diff --git a/include/vtemplate.class.php b/include/vtemplate.class.php
index 8f531412c..5f905ac92 100644
--- a/include/vtemplate.class.php
+++ b/include/vtemplate.class.php
@@ -2,372 +2,369 @@
/*****************************************************************
* VIRTUAL-TEMPLATE
*
- * Version : 1.3.1 Base Edition ( Juillet 2002 ) build 6
+ * Version : 1.3.2 Base Edition ( Decembre 2003 ) build 1
*
* Address : http://vtemplate.sourceforge.net
*
* Authors:
- * + THIEBAUT Jean-Baptiste(J.Baptiste@leweby.com) - http://www.leweby.com .
+ * + THIEBAUT Jean-Baptiste(J.Baptiste@leweby.com) - http://www.leweby.com .
* + CAMPANA François (fc@netouaibe.com).
* Licence: GPL.
+ *
+ *
*
- *
+ *
*****************************************************************/
-if ( !isset($DEFINE_VTEMPLATE) )
-{
- define("ALL",1);
- define("VARTAG","{#"); // Tag d'ouverture des variables :
- // vous pouvez changer ce paramètre.
- define("VTEMPLATE_VERSION","1.3.1");
- define("VTEMPLATE_TYPE","BA");
- define("VTEMPLATE_BUILD","6");
-
-
- class Err
- {
- var $msg;
- var $titre;
-
- function error( $errno, $arg = "", $code = 0, $disp = 0 )
- {
+if ( !isset($DEFINE_VTEMPLATE) ){
+define("ALL",1);
+define("VARTAG","{#"); // Tag d'ouverture des variables : vous pouvez changer ce paramètre.
+define("VTEMPLATE_VERSION","1.3.1");
+define("VTEMPLATE_TYPE","BA");
+define("VTEMPLATE_BUILD","6");
+
+
+class Err {
+var $msg;
+var $titre;
+
+function error($errno,$arg="",$code=0,$disp=0){
// Gestion des erreurs
- switch($errno)
- {
- case 1:
- $this->titre="Erreur de session n° $code";
- $this->msg = "La zone $arg est déjà ouverte.Avant d'ajouter une session sur cette zone, vous devez la fermer à l'aide de la fonction closeSession().<br>" ;
- break;
- case 2:
- $this->titre="Erreur de session n° $code";
- $this->msg = "Vous tentez de fermer une session de la zone $arg alors qu'aucune session pour cette zone n'existe.Pour ouvrir une session, utilisez la fonction addSession().<br>";
- break;
- case 3:
- $this->titre="Erreur de session n° $code";
- $var = $arg[1];
- $zone = $arg[0];
- $this->msg = "Vous essayez de valoriser la variable $var sans avoir créer de session de la zone $zone.Utilisez la fonction addSession() pour créer une session, puis setVar pour valoriser une variable.<br>";
- break;
- case 4:
- $this->titre="Erreur de session n° $code";
- $var = $arg[1];
- $zone = $arg[0];
- $this->msg = "La variable $var que vous souhaitez valoriser n'existe pas dans la zone $zone.<br>";
- break;
- case 5:
- $this->titre="Erreur de parsing n° $code";
- $this->msg = "Vous utilisez des caractère non autorisés pour déclarer vos zones.Vous pouvez utiliser tous les caractères à l'exception de \'{\' , \'#\' \'}\' et \'|\'.<br>";
- break;
- case 6:
- $this->titre="Erreur de parsing n° $code";
- $this->msg = "Vous ne pouvez pas utiliser le même nom ($arg)de zone plusieurs fois.<br>";
- break;
- case 7:
- $this->titre="Erreur de parsing n° $code";
- $this->msg = "Vous avez oublié de fermer la zone $arg.<br>";
- break;
- case 8:
- $this->titre="Erreur de traitement n° $code";
- $this->msg = "Le fichier template $arg est introuvable.<br>";
- break;
- case 9:
- $this->titre="Erreur de traitement n° $code";
- $this->msg = "Impossible d'ouvrir le fichier $arg.Vérifiez les droits de ce fichier.<br>";
- break;
- case 10:
- $this->titre="Erreur de traitement n° $code";
- $this->msg = "Impossible de lire le fichier template $arg.<br>";
- break;
- case 11:
- $this->titre="Erreur de traitement n° $code";
- $this->msg = "La zone $arg est introuvable.Vérifiez la syntaxe de cette zone.<br>";
- break;
- case 12:
- $this->titre="Erreur de traitement n° $code";
- $this->msg = "La variable $arg est introuvable .Vérifiez la syntaxe de la variable.<br>";
- break;
- case 13:
- $this->titre="Erreur de traitement n° $code";
- $this->msg = "L'identifiant de fichier spécifié n'existe pas.Vérifiez les fonctions Open() de votre script.<br>";
- break;
- case 14:
- $this->titre="Erreur de traitement n° $code";
- $var = $arg[1];
- $file = $arg[0];
- $this->msg = "La variable $var dans le fichier $file est introuvable.Vérifiez la syntaxe de la variable.<br>";
- break;
- case 15:
- $this->titre="Erreur de traitement n° $code";
- $var = $arg[2];
- $zone = $arg[1];
- $fichier = $arg[0];
- $this->msg = "La variable $var dans la zone $zone du fichier $fichier est introuvable.Vérifiez la syntaxe de la variable et du nom de la zone.<br>";
- break;
- default:
- $this->titre = "Erreur inconnue $code";
- $this->msg = "Veuillez le rapporter aux auteurs de la classe.";
- }
- $this->titre .= ": <br>";
- if ($disp){
- $web = "Pour plus d'informations, consultez la <a href=\"http://www.virtual-solution.net/vtemplate/docs/debug-mod.php?version=".VTEMPLATE_VERSION."&build=".VTEMPLATE_BUILD."&type=".VTEMPLATE_TYPE."&error=$code\" target=\"_blank\">doc en ligne</a>";
- echo "<font face=verdana size=2 color=red><u>$this->titre</u><i>$this->msg</i>$web<br><br></font>";
- }
- return -1;
- }
+switch($errno){
+ case 1:
+ $this->titre="Erreur de session n° $code";
+ $this->msg = "La zone $arg est déjà ouverte.Avant d'ajouter une session sur cette zone, vous devez la fermer à l'aide de la fonction closeSession().<br>" ;
+ break;
+ case 2:
+ $this->titre="Erreur de session n° $code";
+ $this->msg = "Vous tentez de fermer une session de la zone $arg alors qu'aucune session pour cette zone n'existe.Pour ouvrir une session, utilisez la fonction addSession().<br>";
+ break;
+ case 3:
+ $this->titre="Erreur de session n° $code";
+ $var = $arg[1];
+ $zone = $arg[0];
+ $this->msg = "Vous essayez de valoriser la variable $var sans avoir créer de session de la zone $zone.Utilisez la fonction addSession() pour créer une session, puis setVar pour valoriser une variable.<br>";
+ break;
+ case 4:
+ $this->titre="Erreur de session n° $code";
+ $var = $arg[1];
+ $zone = $arg[0];
+ $this->msg = "La variable $var que vous souhaitez valoriser n'existe pas dans la zone $zone.<br>";
+ break;
+ case 5:
+ $this->titre="Erreur de parsing n° $code";
+ $this->msg = "Vous utilisez des caractère non autorisés pour déclarer vos zones.Vous pouvez utiliser tous les caractères à l'exception de \'{\' , \'#\' \'}\' et \'|\'.<br>";
+ break;
+ case 6:
+ $this->titre="Erreur de parsing n° $code";
+ $this->msg = "Vous ne pouvez pas utiliser le même nom ($arg)de zone plusieurs fois.<br>";
+ break;
+ case 7:
+ $this->titre="Erreur de parsing n° $code";
+ $this->msg = "Vous avez oublié de fermer la zone $arg.<br>";
+ break;
+ case 8:
+ $this->titre="Erreur de traitement n° $code";
+ $this->msg = "Le fichier template $arg est introuvable.<br>";
+ break;
+ case 9:
+ $this->titre="Erreur de traitement n° $code";
+ $this->msg = "Impossible d'ouvrir le fichier $arg.Vérifiez les droits de ce fichier.<br>";
+ break;
+ case 10:
+ $this->titre="Erreur de traitement n° $code";
+ $this->msg = "Impossible de lire le fichier template $arg.<br>";
+ break;
+ case 11:
+ $this->titre="Erreur de traitement n° $code";
+ $this->msg = "La zone $arg est introuvable.Vérifiez la syntaxe de cette zone.<br>";
+ break;
+ case 12:
+ $this->titre="Erreur de traitement n° $code";
+ $this->msg = "La variable $arg est introuvable .Vérifiez la syntaxe de la variable.<br>";
+ break;
+ case 13:
+ $this->titre="Erreur de traitement n° $code";
+ $this->msg = "L'identifiant de fichier spécifié n'existe pas.Vérifiez les fonctions Open() de votre script.<br>";
+ break;
+ case 14:
+ $this->titre="Erreur de traitement n° $code";
+ $var = $arg[1];
+ $file = $arg[0];
+ $this->msg = "La variable $var dans le fichier $file est introuvable.Vérifiez la syntaxe de la variable.<br>";
+ break;
+ case 15:
+ $this->titre="Erreur de traitement n° $code";
+ $var = $arg[2];
+ $zone = $arg[1];
+ $fichier = $arg[0];
+ $this->msg = "La variable $var dans la zone $zone du fichier $fichier est introuvable.Vérifiez la syntaxe de la variable et du nom de la zone.<br>";
+ break;
+ default:
+ $this->titre = "Erreur inconnue $code";
+ $this->msg = "Veuillez le rapporter aux auteurs de la classe.";
+}
+$this->titre .= ": <br>";
+if ($disp){
+ $web = "Pour plus d'informations, consultez la <a href=\"http://www.virtual-solution.net/vtemplate/docs/debug-mod.php?version=".VTEMPLATE_VERSION."&build=".VTEMPLATE_BUILD."&type=".VTEMPLATE_TYPE."&error=$code\" target=\"_blank\">doc en ligne</a>";
+ echo "<font face=verdana size=2 color=red><u>$this->titre</u><i>$this->msg</i>$web<br><br></font>";
+}
+return -1;
+}
// Fin classe
- }
+}
- class Session extends err{
-
- var $name; // Name of the session
- var $globalvar = array(); // List of global variable of the session
- var $varlist = array(); // List of var in this session
- var $subzone = array(); // list of sub-zone
- var $temp; // Generated code for the current session
- var $generated = NULL; // The final code
- var $source; // Source code
- var $used=0; // Indicates if the session contain used variable
- var $stored; // Give the filename were is stored the session
-
- function Session($name,$source,$stored){
- $this->name = $name;
- $this->source = $source;
- $this->stored = $stored;
- $this->parseVar();
- }
+class Session extends err{
+
+var $name; // Name of the session
+var $globalvar = array(); // List of global variable of the session
+var $varlist = array(); // List of var in this session
+var $subzone = array(); // list of sub-zone
+var $temp; // Generated code for the current session
+var $generated = NULL; // The final code
+var $source; // Source code
+var $used=0; // Indicates if the session contain used variable
+var $stored; // Give the filename were is stored the session
+
+function Session($name,$source,$stored){
+ $this->name = $name;
+ $this->source = $source;
+ $this->stored = $stored;
+ $this->parseVar();
+}
- function parseVar(){
- // Récupération des noms des variables
- $regle = "|".VARTAG."(.*)}|sU";
- preg_match_all ($regle,$this->source,$var1);
- // Création du tableau de variable à partir de la liste parsée.
- $this->varlist=@array_merge($var[1],$var1[1]);
- return 1;
- }
-
- function init(){
- if($this->used) return $this->error(1,array($this->stored,$this->name),"SESSION1",1);
+function parseVar(){
+ // Récupération des noms des variables
+ $regle = "|".VARTAG."(.*)}|sU";
+ preg_match_all ($regle,$this->source,$var1);
+ // Création du tableau de variable à partir de la liste parsée.
+ $this->varlist=@array_merge($var[1],$var1[1]);
+return 1;
+}
+
+function init(){
+if($this->used) return $this->error(1,array($this->stored,$this->name),"SESSION1",1);
// Reset generated code
- $this->temp = $this->source;
- $this->used = 1;
- }
- function closeSession(){
+$this->temp = $this->source;
+$this->used = 1;
+}
+function closeSession(){
// Check if the zone has been used.
- if(!$this->used) return $this->error(2,array($this->stored,$this->name),"SESSION2",1);
+if(!$this->used) return $this->error(2,array($this->stored,$this->name),"SESSION2",1);
// Set Globals vars.
- $this->generateCode();
- $this->used=0;
- return 1;
- }
+$this->generateCode();
+$this->used=0;
+return 1;
+}
- function reset(){
- $this->used = 0;
- $this->generated = NULL;
- return 1;
- }
+function reset(){
+$this->used = 0;
+$this->generated = NULL;
+return 1;
+}
- function addSubZone(&$subzone){
- $this->subzone[$subzone->name] = &$subzone;
- return 1;
- }
+function addSubZone(&$subzone){
+$this->subzone[$subzone->name] = &$subzone;
+return 1;
+}
- function setVar($varname,$value){
- if (!$this->used) return $this->error(3,array($this->stored,$this->name,$varname),"SESSION3",1);
- if (!in_array($varname,$this->varlist)) return $this->error(4,array($this->name,$varname),"SESSION4",1);
- $regle = "(\\".VARTAG."$varname\})";
- $this->temp = preg_replace($regle,$value,$this->temp);
- return 1;
- }
+function setVar($varname,$value){
+if (!$this->used) return $this->error(3,array($this->stored,$this->name,$varname),"SESSION3",1);
+if (!in_array($varname,$this->varlist)) return $this->error(4,array($this->name,$varname),"SESSION4",1);
+$regle = "(\\".VARTAG."$varname\})";
+$this->temp = preg_replace($regle,$value,$this->temp);
+return 1;
+}
- function dispVar(){
- echo "Liste variables de $this->name:<br>";
- foreach ( $this->varlist as $vars )
- echo "$vars <br>";
- }
+function dispVar(){
+ echo "Liste variables de $this->name:<br>";
+ foreach ( $this->varlist as $vars )
+ echo "$vars <br>";
+}
- function setGlobalVar($varname,$value){
- $set = 0;
- if (in_array($varname,$this->varlist)){
- // Replace the var into this session
- $this->globalvar[$varname]=$value;
- $set = 1;
- }
- // Replace the var into sub zones
- foreach(array_keys($this->subzone) as $subzone){
- $set = $this->subzone[$subzone]->setGlobalVar($varname,$value) || $set;
- }
- return $set;
- }
+function setGlobalVar($varname,$value){
+$set = 0;
+if (in_array($varname,$this->varlist)){
+ // Replace the var into this session
+ $this->globalvar[$varname]=$value;
+ $set = 1;
+}
+ // Replace the var into sub zones
+ foreach(array_keys($this->subzone) as $subzone){
+ $set = $this->subzone[$subzone]->setGlobalVar($varname,$value) || $set;
+ }
+ return $set;
+}
- function replaceGlobalVar(){
- if ( count($this->globalvar) )
- foreach($this->globalvar as $varname => $value){
- $regle = "(\\".VARTAG."$varname\})";
- $this->temp = preg_replace($regle,$value,$this->temp);
- }
- }
+function replaceGlobalVar(){
+if ( count($this->globalvar) )
+foreach($this->globalvar as $varname => $value){
+ $regle = "(\\".VARTAG."$varname\})";
+ $this->temp = preg_replace($regle,$value,$this->temp);
+}
+}
- function generateCode(){
- if ($this->used == 0) return $this->generated;
- // Replace global var.
- if ( count($this->globalvar) ) $this->replaceGlobalVar();
- // Replace all unused variable by ""
- $regle = "|\\".VARTAG."(.*)\}|";
- $this->temp = preg_replace($regle,"",$this->temp);
- // Generate the subzone(s) code
- if(count($this->subzone)){
- foreach(array_keys($this->subzone) as $subzone){
- $text = ($this->subzone[$subzone]->used) ? $this->subzone[$subzone]->generateCode() : $this->subzone[$subzone]->generated;
- $this->temp = preg_replace("(\|$subzone\|)",$text,$this->temp);
- $this->subzone[$subzone]->reset();
- }
- }
- $this->generated .= $this->temp;
- return $this->generated;
+function generateCode(){
+ if ($this->used == 0) return $this->generated;
+ // Replace global var.
+ if ( count($this->globalvar) ) $this->replaceGlobalVar();
+ // Replace all unused variable by ""
+ $regle = "|\\".VARTAG."([^}]*)\}|";
+ $this->temp = preg_replace($regle,"",$this->temp);
+ // Generate the subzone(s) code
+ if(count($this->subzone)){
+ foreach(array_keys($this->subzone) as $subzone){
+ $text = ($this->subzone[$subzone]->used) ? $this->subzone[$subzone]->generateCode() : $this->subzone[$subzone]->generated;
+ $this->temp = preg_replace("(\|$subzone\|)",$text,$this->temp);
+ $this->subzone[$subzone]->reset();
+ }
}
+$this->generated .= $this->temp;
+return $this->generated;
+}
- function inVarList($varname){
- return in_array($varname,$this->varlist);
- }
+function inVarList($varname){
+return in_array($varname,$this->varlist);
+}
// Fin classe
- }
+}
- class VTemplate_Private extends Err{
+class VTemplate_Private extends Err{
/****************************************
- * Private Class. *
- * ***************************************/
+* Private Class. *
+* ***************************************/
- var $sources=array(); // Sources des zones issues de la premiere partie du parsing.
- var $sessions=array(); // Tableau de sessions
- var $v_global=array(); // Globla var array.
+var $sources=array(); // Sources des zones issues de la premiere partie du parsing.
+var $sessions=array(); // Tableau de sessions
+var $v_global=array(); // Globla var array.
/****************************************************************
Parsing Functions for Template files. ( PF 1.0 )
-****************************************************************/
+ ****************************************************************/
- function getNom($code){
+function getNom($code){
// Retourne le premier nom de zone qu'il trouve dans le code
- preg_match("(<!--VTP_([^()]+)-->)sU",$code,$reg);
+ preg_match("(<!--VTP_([^()]+)-->)sU",$code,$reg);
- // Tester la présence des caratère invalides dans le nom ( | et {});
- if (@count(explode("|",$reg[1]))>1 || @count(explode("{",$reg[1]))>1 || @count(explode("}",$reg[1]))>1) exit($this->error(5,$reg[1],"PARSE1",1));
+ // Tester la présence des caratère invalides dans le nom ( | et {});
+ if (@count(explode("|",$reg[1]))>1 || @count(explode("{",$reg[1]))>1 || @count(explode("}",$reg[1]))>1) exit($this->error(5,$reg[1],"PARSE1",1));
- return @$reg[1];
- }
+ return @$reg[1];
+}
- function endTag($code,$nom){
+function endTag($code,$nom){
// Renvoie TRUE(1) si le tag de fermeture est présent.
- preg_match("(<!--/VTP_$nom-->)sU",$code,$reg);
+ preg_match("(<!--/VTP_$nom-->)sU",$code,$reg);
- return ($reg[0]!="<!--/VTP_$nom-->") ? 0 : 1;
- }
+return ($reg[0]!="<!--/VTP_$nom-->") ? 0 : 1;
+}
- function getSource($code,$nom,$type=0){
+function getSource($code,$nom,$type=0){
// Retourne le source de la zone de nom $nom
- preg_match_all ("(<!--VTP_$nom-->(.*)<!--/VTP_$nom-->)sU",$code,$reg);
+ preg_match_all ("(<!--VTP_$nom-->(.*)<!--/VTP_$nom-->)sU",$code,$reg);
- return $reg[$type][0];
- }
+return $reg[$type][0];
+}
- function parseZone($code_source,$nom_zone="|root|"){
+function parseZone($code_source,$nom_zone="|root|"){
// Fonction récursive de parsing du fichier template
- // Vérification que la zone n'existe pas
- if (isset($this->sources[$nom_zone])) exit($this->error(6,$nom_zone,"PARSE2",1));
+ // Vérification que la zone n'existe pas
+ if (isset($this->sources[$nom_zone])) exit($this->error(6,$nom_zone,"PARSE2",1));
- // Enregistrement du code source
- $this->sources[$nom_zone]["source"]=$code_source;
+ // Enregistrement du code source
+ $this->sources[$nom_zone]["source"]=$code_source;
- // Rappel de la fonction pour chaque fils.
- while($nom_fils=$this->getNom($this->sources[$nom_zone]["source"])){
+ // Rappel de la fonction pour chaque fils.
+ while($nom_fils=$this->getNom($this->sources[$nom_zone]["source"])){
- // Vérification que le tag de fin est présent.
- if (!$this->endTag($code_source,$nom_fils)) exit($this->error(7,$nom_fils,"PARSE3",1));
+ // Vérification que le tag de fin est présent.
+ if (!$this->endTag($code_source,$nom_fils)) exit($this->error(7,$nom_fils,"PARSE3",1));
- // Parse le fils
- $this->parseZone($this->getSource($this->sources[$nom_zone]["source"],$nom_fils,1),$nom_fils);
+ // Parse le fils
+ $this->parseZone($this->getSource($this->sources[$nom_zone]["source"],$nom_fils,1),$nom_fils);
- // Enregistre le nom du fils dans la liste des fils
- $this->sources[$nom_zone]["fils"][]=$nom_fils;
+ // Enregistre le nom du fils dans la liste des fils
+ $this->sources[$nom_zone]["fils"][]=$nom_fils;
- // Remplace le code du fils dans le source du père
- $this->sources[$nom_zone]["source"]=str_replace(
- $this->getSource($this->sources[$nom_zone]["source"],$nom_fils,0),
- "|$nom_fils|",
- $this->sources[$nom_zone]["source"]
- );
- // Teste si la zone $nom_fils n'existe pas plusieurs fois dans la zone $nom_zone
- if (count(explode("|$nom_fils|",$this->sources[$nom_zone]["source"]))>2) exit($this->error(6,$nom_fils,"PARSE4",1));
- }// fin While
+ // Remplace le code du fils dans le source du père
+ $this->sources[$nom_zone]["source"]=str_replace(
+ $this->getSource($this->sources[$nom_zone]["source"],$nom_fils,0),
+ "|$nom_fils|",
+ $this->sources[$nom_zone]["source"]
+ );
+ // Teste si la zone $nom_fils n'existe pas plusieurs fois dans la zone $nom_zone
+ if (count(explode("|$nom_fils|",$this->sources[$nom_zone]["source"]))>2) exit($this->error(6,$nom_fils,"PARSE4",1));
+ }// fin While
- return 1;
- }
+return 1;
+}
/****************************************************************
Session Management functions ( SMF 1.0 )
-****************************************************************/
+ ****************************************************************/
- function createSession($handle,$zone = "|root|"){
+function createSession($handle,$zone = "|root|"){
// Create a new session of the zone
- $this->sessions[$handle][$zone] = new Session($zone,$this->sources[$zone]["source"],$this->file_name[$handle]);
+$this->sessions[$handle][$zone] = new Session($zone,$this->sources[$zone]["source"],$this->file_name[$handle]);
// Create sub-zone
- if (@count($this->sources[$zone]["fils"])){
- foreach($this->sources[$zone]["fils"] as $subzone){
- $this->createSession($handle,$subzone);
- $this->sessions[$handle][$zone]->addSubZone($this->sessions[$handle][$subzone]);
- }
- }
+if (@count($this->sources[$zone]["fils"])){
+ foreach($this->sources[$zone]["fils"] as $subzone){
+ $this->createSession($handle,$subzone);
+ $this->sessions[$handle][$zone]->addSubZone($this->sessions[$handle][$subzone]);
+ }
+}
//end createSession
- }
+}
/****************************************************************
Global Variable Management Functions ( GVMF 1.0 )
-****************************************************************/
+ ****************************************************************/
- function setGZone($handle,$zone,$var,$value){
- // Define Global var for $zone and its sub-zone.
- // Set global value to $zone vars.
- return $this->sessions[$handle][$zone]->setGlobalVar($var,$value);
- }
+ function setGZone($handle,$zone,$var,$value){
+ // Define Global var for $zone and its sub-zone.
+ // Set global value to $zone vars.
+ return $this->sessions[$handle][$zone]->setGlobalVar($var,$value);
+}
- function setGFile($handle,$var,$value) {
- return $this->sessions[$handle]["|root|"]->setGlobalVar($var,$value);
- }
+function setGFile($handle,$var,$value) {
+ return $this->sessions[$handle]["|root|"]->setGlobalVar($var,$value);
+}
- function setGAll($var,$value){
- $declare = 0;
- $this->v_global[$var]=$value;
- if (is_array($this->sessions)){
- foreach($this->sessions as $handle => $v){
- $declare = $this->setGFile($handle,$var,$value) || $declare;
- }
- }
- return $declare;
- }
+function setGAll($var,$value){
+$declare = 0;
+$this->v_global[$var]=$value;
+if (is_array($this->sessions)){
+ foreach($this->sessions as $handle => $v){
+ $declare = $this->setGFile($handle,$var,$value) || $declare;
+ }
+ }
+return $declare;
+}
- function setGOpened($handle){
+function setGOpened($handle){
// Set Global var into the opened file
- foreach($this->v_global as $name => $val){
- $this->setGFile($handle,$name,$val);
- }
- return 1;
- }
+foreach($this->v_global as $name => $val){
+ $this->setGFile($handle,$name,$val);
+}
+return 1;
+}
// Fin VTemplate_Private
- }
+}
- class VTemplate extends VTemplate_Private{
+class VTemplate extends VTemplate_Private{
/****************************************
- * Public Class. *
- * ***************************************/
+* Public Class. *
+* ***************************************/
/****************************************************************
@@ -375,145 +372,233 @@ if ( !isset($DEFINE_VTEMPLATE) )
*****************************************************************/
- function Open($nomfichier){
+function Open($nomfichier){
// Ouverture d'un fichier source et retourne le handle de ce fichier
// Création du handle:
- $handle = "{".count($this->sessions)."}" ;
+$handle = "{".count($this->sessions)."}" ;
// Récupération du source à parser
- if (!@file_exists($nomfichier)) return $this->error(8,$nomfichier,"TTT1",1);
- if (!$f_id=@fopen($nomfichier,"r")) return $this->error(9,$nomfichier,"TTT2",1);
- if (!$source=@fread($f_id, filesize($nomfichier))) return $this->error(10,$nomfichier,"TTT3",1);
- clearstatcache();
- fclose($f_id);
+if (!@file_exists($nomfichier)) return $this->error(8,$nomfichier,"TTT1",1);
+if (!$f_id=@fopen($nomfichier,"r")) return $this->error(9,$nomfichier,"TTT2",1);
+if (!$source=@fread($f_id, filesize($nomfichier))) return $this->error(10,$nomfichier,"TTT3",1);
+clearstatcache();
+fclose($f_id);
// Store the filename
- $this->file_name[$handle]=$nomfichier;
+$this->file_name[$handle]=$nomfichier;
// Parse les zones
- $this->parseZone($source);
+$this->parseZone($source);
// Création du tableau de session
- $this->createSession($handle);
+$this->createSession($handle);
//Nettoyage des variables temporaires
- $this->sources=NULL;
+$this->sources=NULL;
// Set global var.
- $this->setGOpened($handle);
+$this->setGOpened($handle);
- $this->addSession($handle);
- return $handle;
- }
+$this->addSession($handle);
+return $handle;
+}
- function newSession($handle="{0}",$nom_zone = "|root|"){
- if ( $this->sessions[$handle][$nom_zone]->used ) $this->closeSession($handle,$nom_zone);
- $this->addSession($handle,$nom_zone,$cache,$time,$num_session);
- return 1;
- }
+function newSession($handle="{0}",$nom_zone = "|root|"){
+if ( $this->sessions[$handle][$nom_zone]->used ) $this->closeSession($handle,$nom_zone);
+$this->addSession($handle,$nom_zone,$cache,$time,$num_session);
+return 1;
+}
- function addSession($handle="{0}",$nom_zone = "|root|"){
- // Does the zone exist ?
- if(!isset($this->sessions[$handle][$nom_zone])) return $this->error(11,array($nom_zone,$this->file_name[$handle]),"TTT4",1);
- $this->sessions[$handle][$nom_zone]->init();
- return 1;
- }
+function addSession($handle="{0}",$nom_zone = "|root|"){
+ // Does the zone exist ?
+ if(!isset($this->sessions[$handle][$nom_zone])) return $this->error(11,array($nom_zone,$this->file_name[$handle]),"TTT4",1);
+ $this->sessions[$handle][$nom_zone]->init();
+ return 1;
+}
- function closeSession($handle="{0}",$nom_zone = "|root|"){
+function closeSession($handle="{0}",$nom_zone = "|root|"){
// Close the current session and all his sub-session
- // Check if the zone exists.
- if(!isset($this->sessions[$handle][$nom_zone])) return $this->error(11,array($nom_zone,$this->file_name[$handle]),"TTT5",1);
- // Closing sub-zone
- $this->sessions[$handle][$nom_zone]->closeSession();
- return 1;
- }
+ // Check if the zone exists.
+ if(!isset($this->sessions[$handle][$nom_zone])) return $this->error(11,array($nom_zone,$this->file_name[$handle]),"TTT5",1);
+ // Closing sub-zone
+ $this->sessions[$handle][$nom_zone]->closeSession();
+ return 1;
+}
- function setGlobalVar($arg1,$arg2,$arg3){
- if ($arg1 == 1){
- if (!$this->setGAll($arg2,$arg3)) return $this->error(12,$arg2,"TTT6",1);
- return 1;
- }
- if (!isset($this->sessions[$arg1])) return $this->error(13,$arg1,"TTT7",1);
- $tab=explode(".",$arg2);
- if (count($tab)==1){
- if (!$this->setGFile($arg1,$arg2,$arg3)) return $this->error(14,array($this->file_name[$arg1],$arg2),"TTT8",1);
- }
- else if (count($tab==2)){
- if (!isset($this->sessions[$arg1][$tab[0]])) return $this->error(11,array($tab[0],$this->file_name[$arg1],"TTT9",1));
- if (!$this->setGZone($arg1,$tab[0],$tab[1],$arg3)) return $this->error(15,array($this->file_name[$arg1],$tab[0],$tab[1]),"TTT10",1);
- }
- return 1;
- }
+function setGlobalVar($arg1,$arg2,$arg3){
+if ($arg1 == 1){
+ if (!$this->setGAll($arg2,$arg3)) return $this->error(12,$arg2,"TTT6",1);
+ return 1;
+}
+if (!isset($this->sessions[$arg1])) return $this->error(13,$arg1,"TTT7",1);
+ $tab=explode(".",$arg2);
+ if (count($tab)==1){
+ if (!$this->setGFile($arg1,$arg2,$arg3)) return $this->error(14,array($this->file_name[$arg1],$arg2),"TTT8",1);
+ }
+ else if (count($tab==2)){
+ if (!isset($this->sessions[$arg1][$tab[0]])) return $this->error(11,array($tab[0],$this->file_name[$arg1],"TTT9",1));
+ if (!$this->setGZone($arg1,$tab[0],$tab[1],$arg3)) return $this->error(15,array($this->file_name[$arg1],$tab[0],$tab[1]),"TTT10",1);
+ }
+return 1;
+}
- function setVar($handle,$zone_var,$val){
- // Fill the variable
- $tab=explode(".",$zone_var);
- if(count($tab)==2){
- $zone=$tab[0];
- $var=$tab[1];
- }
- else
- {
- $zone="|root|";
- $var=$tab[0];
- }
-
- // Teste l'existence de la zone dans la liste
- if (!isset($this->sessions[$handle][$zone])) return $this->error(11,array($this->file_name[$handle],$zone),"TTT11",1);
-
- //Enregistre la variable
- return $this->sessions[$handle][$zone]->setVar($var,$val);
- }
+function setVar($handle,$zone_var,$val){
+ // Fill the variable
+$tab=explode(".",$zone_var);
+ if(count($tab)==2){
+ $zone=$tab[0];
+ $var=$tab[1];
+ }
+ else
+ {
+ $zone="|root|";
+ $var=$tab[0];
+ }
+
+ // Teste l'existence de la zone dans la liste
+ if (!isset($this->sessions[$handle][$zone])) return $this->error(11,array($this->file_name[$handle],$zone),"TTT11",1);
+
+ //Enregistre la variable
+ return $this->sessions[$handle][$zone]->setVar($var,$val);
+}
- function Parse($handle_dest,$zone_var_dest,$handle_source,$zone_source="|root|"){
- if($this->sessions[$handle_source][$zone_source]->used == 1) $this->closeSession($handle_source,$zone_source);
- $this->setVar($handle_dest,$zone_var_dest, $this->sessions[$handle_source][$zone_source]->generated);
- }
+function Parse($handle_dest,$zone_var_dest,$handle_source,$zone_source="|root|"){
+ if($this->sessions[$handle_source][$zone_source]->used == 1) $this->closeSession($handle_source,$zone_source);
+ $this->setVar($handle_dest,$zone_var_dest, $this->sessions[$handle_source][$zone_source]->generated);
+}
- function setVarF($handle,$zone_var,$file){
+function setVarF($handle,$zone_var,$file){
// Fonction qui ouvre le fichier file et copie ce qu'il y a dedans dans une variable.
- $tab=explode(".",$zone_var);
+$tab=explode(".",$zone_var);
// Récupération nom de la zone et de la variable.
- if(count($tab)==2){
- $zone=$tab[0];
- $var=$tab[1];
- }
- else
- {
- $zone="|root|";
- $var=$tab[0];
- }
+ if(count($tab)==2){
+ $zone=$tab[0];
+ $var=$tab[1];
+ }
+ else
+ {
+ $zone="|root|";
+ $var=$tab[0];
+ }
// Teste l'existence de la zone dans la liste
- if (!is_object($this->sessions[$handle][$zone])) return $this->error(11,array($handle,$zone),"TTT12",1);
+ if (!is_object($this->sessions[$handle][$zone])) return $this->error(11,array($handle,$zone),"TTT12",1);
- // Récupération du source à lire
- if (!@file_exists($file)) return $this->error(8,$file,"TTT13",1);
- if (!$f_id=@fopen($file,"r")) return $this->error(9,$file,"TTT14",1);
- if (!$val=@fread($f_id, filesize($file))) return $this->error(10,$file,"TTT15",1);
- clearstatcache();
- fclose($f_id);
+ // Récupération du source à lire
+if (!@file_exists($file)) return $this->error(8,$file,"TTT13",1);
+if (!$f_id=@fopen($file,"r")) return $this->error(9,$file,"TTT14",1);
+if (!$val=@fread($f_id, filesize($file))) return $this->error(10,$file,"TTT15",1);
+clearstatcache();
+fclose($f_id);
//Enregistre la variable
- return $this->sessions[$handle][$zone]->setVar($var,$val);
- }
+return $this->sessions[$handle][$zone]->setVar($var,$val);
+}
+
+
- function isZone($handle, $zone="|root|")
- {
- return isset($this->sessions[$handle][$zone]) ;
- }
- function Display($handle="{0}",$display=1,$zone="|root|"){
- $this->closeSession($handle,$zone);
- $c_genere = $this->sessions[$handle][$zone]->generated;
+
+function isZone($handle, $zone="|root|")
+{
+return isset($this->sessions[$handle][$zone]) ;
+}
+
+function Display($handle="{0}",$display=1,$zone="|root|"){
+ $this->closeSession($handle,$zone);
+ $c_genere = $this->sessions[$handle][$zone]->generated;
- if ($display) echo $c_genere; else return ($c_genere);
- }
+ if ($display) echo $c_genere; else return ($c_genere);
+}
+//fonction complementaire version BETA
+
+/*
+*
+On peut l'utiliser :
+- SetVarTab($array): tout les couples clef/valeur sont valorisées
+- SetVarTab($array,$index) seuls les couples clef/valeur dont la clef est dans le tableau index ou dont la valeur == $index (si pas tableau)
+Si $index contient ou est une clef de type zone.clef, la clef sera extraite du texte est servira d'index pour $array
+
+Vincent
+*/
+
+function setVarTab($handle,$zones,$index = array()){
+ if (is_array($index))
+ {
+ if (count($index)>0)
+ {
+ reset($index);
+ while (list (, $key) = each ($index))
+ {
+ $tab=explode(".",$key);
+ if(count($tab)==2){
+ $var=$tab[1];
+ }
+ else
+ {
+ $var=$tab[0];
+ }
+ setVar($handle,$key,$zones[$var]);
+ }
+ }
+ else
+ {
+ reset($zones);
+ while (list ($key, $val) = each ($zones))
+ {
+ setVar($handle,$key,$val);
+ }
+ }
+ }
+ else
+ {
+ setVar($handle,$index,$zones[$index]);
+ }
+}
+
+function setGlobalVarTab($handle,$zones,$index = array()){
+
+ if (is_array($index))
+ {
+ if (count($index)>0)
+ {
+ reset($index);
+ while (list (, $key) = each ($index))
+ {
+ $tab=explode(".",$key);
+ if(count($tab)==2){
+ $var=$tab[1];
+ }
+ else
+ {
+ $var=$tab[0];
+ }
+ setGlobalVar($handle,$key,$zones[$var]);
+ }
+ }
+ else
+ {
+ reset($zones);
+ while (list ($key, $val) = each ($zones))
+ {
+ GlobalVar($handle,$key,$val);
+ }
+ }
+ }
+ else
+ {
+ setBlobalVar($handle,$index,$zones[$index]);
+ }
+}
+
+
+
+
// End VTemplate
- }
- $DEFINE_VTEMPLATE = 1;
+}
+$DEFINE_VTEMPLATE = 1;
}
?>
diff --git a/index.php b/index.php
index 54782e237..35f616f82 100644
--- a/index.php
+++ b/index.php
@@ -1,16 +1,13 @@
<?php
-include_once( './include/mysql.inc.php' );
+define( PREFIX_INCLUDE, '' );
include_once( './include/functions.inc.php' );
database_connection();
-// récupération des informations de configuration du site
-$query = 'select acces ';
-$query .= 'from '.PREFIX_TABLE.'config;';
+// retrieving configuration informations
+$query = 'SELECT access';
+$query.= ' FROM '.PREFIX_TABLE.'config;';
$row = mysql_fetch_array( mysql_query( $query ) );
-$url = 'category';
-if ( $row['acces'] == 'restreint' )
-{
- $url = 'identification';
-}
+if ( $row['access'] == 'restricted' ) $url = 'identification';
+else $url = 'category';
// redirection
$url.= '.php';
header( 'Request-URI: '.$url );
diff --git a/language/francais.php b/language/francais.php
index 5685578fe..cbf36d2bd 100644
--- a/language/francais.php
+++ b/language/francais.php
@@ -15,6 +15,10 @@ $lang['no'] = 'non';
$lang['yes'] = 'oui';
$lang['guest'] = 'visiteur';
$lang['mail_address'] = 'adresse mail';
+$lang['public'] = 'publique';
+$lang['private'] = 'privée';
+$lang['add'] = 'ajouter';
+$lang['dissociate'] = 'dissocier';
// end version 1.3
// page diapo
@@ -218,20 +222,26 @@ if ( $isadmin )
// $lang['title_add'] = 'Ajouter/Modifier un utilisateur';
$lang['title_add'] = 'Ajouter un utilisateur';
$lang['title_modify'] = 'Modifier un utilisateur';
+ $lang['title_groups'] = 'Gestion des groupes';
// end version 1.3
$lang['title_liste_users'] = 'Liste des utilisateurs';
$lang['title_history'] = 'Historique';
$lang['title_update'] = 'Mise à jour de la base de données';
$lang['title_configuration'] = 'Configuration de PhpWebGallery';
$lang['title_instructions'] = 'Instructions';
- $lang['title_permissions'] = 'Modifier les permissions pour un utilisateur';
+// start version 1.3
+// $lang['title_permissions'] = 'Modifier les permissions pour un utilisateur';
+ $lang['title_user_perm'] = 'Modifier les permissions pour l\'utilisateur';
+ $lang['title_cat_perm'] = 'Modifier les permissions pour la catégorie';
+ $lang['title_group_perm'] = 'Modifier les permissions pour le groupe';
+// end version 1.3
$lang['title_categories'] = 'Gestion des catégories';
$lang['title_edit_cat'] = 'Editer une catégorie';
$lang['title_info_images'] = 'Modifier les informations sur les images d\'une catégorie';
$lang['title_thumbnails'] = 'Création des miniatures';
$lang['title_thumbnails_2'] = 'pour';
$lang['title_default'] = 'Administration de PhpWebGallery';
-
+
$lang['menu_title'] = 'Administration';
$lang['menu_config'] = 'Configuration';
$lang['menu_users'] = 'Utilisateurs';
@@ -243,7 +253,10 @@ if ( $isadmin )
$lang['menu_history'] = 'Historique';
$lang['menu_instructions'] = 'Instructions';
$lang['menu_back'] = 'Page diapo';
-
+// start version 1.3
+ $lang['menu_groups'] = 'Groupes';
+// end version 1.3
+
$lang['title_waiting'] = 'Images en attente de validation';
$lang['menu_waiting'] = 'En attente';
@@ -383,9 +396,19 @@ if ( $isadmin )
$lang['adduser_status_admin'] = 'admin';
// start version 1.3
// $lang['adduser_status_member'] = 'membre';
+ $lang['adduser_associate'] = 'Associer au groupe';
// end version 1.3
$lang['adduser_status_guest'] = 'visiteur';
-
+
+// start version 1.3
+ $lang['group_add'] = 'Ajouter un groupe';
+ $lang['group_add_error1'] = 'Le nom du groupe ne doit pas comporter de " ou de \'';
+ $lang['group_add_error2'] = 'Ce nom de groupe est déjà utilisé';
+ $lang['group_confirm'] = 'Etes-vous sûr de vouloir supprimer le groupe';
+ $lang['group_list_title'] = 'Liste des groupes existants';
+ $lang['group_err_unknown'] = 'Ce groupe n\'existe pas dans la base de données';
+// end version 1.3
+
// page permissions
$lang['permuser_info_message'] = 'Permissions enregistrées';
$lang['permuser_title'] = 'Restrictions pour l\'utilisateur';
@@ -393,7 +416,9 @@ if ( $isadmin )
$lang['permuser_authorized'] = 'autorisé';
$lang['permuser_forbidden'] = 'interdit';
$lang['permuser_parent_forbidden'] = 'catégorie parente interdite';
- $lang['permuser_cat_title'] = 'Modifier les permissions pour ';
+// start version 1.3
+// $lang['permuser_cat_title'] = 'Modifier les permissions pour ';
+// end version 1.3
// page liste utilisateurs
$lang['listuser_confirm'] = 'Etes-vous sûr de vouloir supprimer l\'utilisateur';
@@ -433,7 +458,9 @@ if ( $isadmin )
$lang['editcat_comment'] = 'Commentaire';
$lang['editcat_status'] = 'Status';
$lang['editcat_status_info'] = '(invisible sauf pour les administrateurs)';
-
+// start version 1.3
+ $lang['editcat_visible'] = 'Visible';
+// end version 1.3
// page info images
$lang['infoimage_err_date'] = 'date erronée';
$lang['infoimage_general'] = 'Options générale pour la catégorie';
diff --git a/picture.php b/picture.php
index bcfbeeaa8..4723d4aac 100644
--- a/picture.php
+++ b/picture.php
@@ -28,20 +28,20 @@ if ( isset( $page['cat'] ) && is_numeric( $page['cat'] ) )
check_restrictions( $page['cat'] );
}
//---------------------------------------- incrementation of the number of hits
-$query = 'update '.PREFIX_TABLE.'images';
-$query.= ' set hit=hit+1';
-$query.= ' where id='.$_GET['image_id'];
+$query = 'UPDATE '.PREFIX_TABLE.'images';
+$query.= ' SET hit=hit+1';
+$query.= ' WHERE id='.$_GET['image_id'];
$query.= ';';
@mysql_query( $query );
//-------------------------------------------------------------- initialization
initialize_category( 'picture' );
$cat_directory = $page['cat_dir']; // by default
//------------------------------------- main picture information initialization
-$query = 'select id,date_available,comment,hit';
+$query = 'SELECT id,date_available,comment,hit';
$query.= ',author,name,file,date_creation,filesize,width,height,cat_id';
-$query.= ' from '.PREFIX_TABLE.'images';
+$query.= ' FROM '.PREFIX_TABLE.'images';
$query.= $page['where'];
-$query.= ' and id = '.$_GET['image_id'];
+$query.= ' AND id = '.$_GET['image_id'];
$query.= $conf['order_by'];
$query.= ';';
$result = mysql_query( $query );
@@ -59,8 +59,8 @@ $page['width'] = $row['width'];
$page['height'] = $row['height'];
$page['cat_id'] = $row['cat_id'];
// retrieving the number of the picture in its category (in order)
-$query = 'select id';
-$query.= ' from '.PREFIX_TABLE.'images';
+$query = 'SELECT id';
+$query.= ' FROM '.PREFIX_TABLE.'images';
$query.= $page['where'];
$query.= $conf['order_by'];
$query.= ';';
@@ -78,17 +78,17 @@ if ( isset( $_GET['add_fav'] ) )
if ( $_GET['add_fav'] == 1 )
{
// verify if the picture is already in the favorite of the user
- $query = 'select count(*) as nb_fav';
- $query.= ' from '.PREFIX_TABLE.'favorites';
- $query.= ' where image_id = '.$page['id'];
- $query.= ' and user_id = '.$user['id'];
+ $query = 'SELECT COUNT(*) AS nb_fav';
+ $query.= ' FROM '.PREFIX_TABLE.'favorites';
+ $query.= ' WHERE image_id = '.$page['id'];
+ $query.= ' AND user_id = '.$user['id'];
$query.= ';';
$result = mysql_query( $query );
$row = mysql_fetch_array( $result );
if ( $row['nb_fav'] == 0 )
{
- $query = 'insert into '.PREFIX_TABLE.'favorites';
- $query.= ' (image_id,user_id) values';
+ $query = 'INSERT INTO '.PREFIX_TABLE.'favorites';
+ $query.= ' (image_id,user_id) VALUES';
$query.= ' ('.$page['id'].','.$user['id'].')';
$query.= ';';
$result = mysql_query( $query );
@@ -96,9 +96,9 @@ if ( isset( $_GET['add_fav'] ) )
}
if ( $_GET['add_fav'] == 0 )
{
- $query = 'delete from '.PREFIX_TABLE.'favorites';
- $query.= ' where user_id = '.$user['id'];
- $query.= ' and image_id = '.$page['id'];
+ $query = 'DELETE FROM '.PREFIX_TABLE.'favorites';
+ $query.= ' WHERE user_id = '.$user['id'];
+ $query.= ' AND image_id = '.$page['id'];
$query.= ';';
$result = mysql_query( $query );
@@ -120,11 +120,11 @@ if ( isset( $_GET['add_fav'] ) )
{
$page['num'] = 0;
}
- $query = 'select id';
- $query.= ' from '.PREFIX_TABLE.'images';
+ $query = 'SELECT id';
+ $query.= ' FROM '.PREFIX_TABLE.'images';
$query.= $page['where'];
$query.= $conf['order_by'];
- $query.= ' limit '.$page['num'].',1';
+ $query.= ' LIMIT '.$page['num'].',1';
$query.= ';';
$result = mysql_query( $query );
$row = mysql_fetch_array( $result );
@@ -143,24 +143,15 @@ if ( isset( $_GET['add_fav'] ) )
}
//----------------------------------------------------- template initialization
$vtp = new VTemplate;
-$handle = $vtp->Open( './template/default/picture.vtp' );
-// language
-$vtp->setGlobalVar( $handle, 'back', $lang['back'] );
-$vtp->setGlobalVar( $handle, 'submit', $lang['submit'] );
-$vtp->setGlobalVar( $handle, 'comments_title', $lang['comments_title'] );
-$vtp->setGlobalVar( $handle, 'comments_del', $lang['comments_del'] );
-$vtp->setGlobalVar( $handle, 'delete', $lang['delete'] );
-$vtp->setGlobalVar( $handle, 'comments_add', $lang['comments_add'] );
-$vtp->setGlobalVar( $handle, 'author', $lang['author'] );
-// user
-$vtp->setGlobalVar( $handle, 'page_style', $user['style'] );
-$vtp->setGlobalVar( $handle, 'text_color', $user['couleur_text'] );
-// structure
-$vtp->setGlobalVar( $handle, 'frame_start', get_frame_start() );
-$vtp->setGlobalVar( $handle, 'frame_begin', get_frame_begin() );
-$vtp->setGlobalVar( $handle, 'frame_end', get_frame_end() );
+$handle = $vtp->Open( './template/'.$user['template'].'/picture.vtp' );
+initialize_template();
+
+$tpl = array( 'back','submit','comments_title','comments_del','delete',
+ 'comments_add','author' );
+templatize_array( $tpl, 'lang', $handle );
+$vtp->setGlobalVar( $handle, 'text_color', $user['couleur_text'] );
//------------------------------------------------------------------ page title
-if ( $page['name'] != "" )
+if ( $page['name'] != '' )
{
$vtp->setGlobalVar( $handle, 'page_title', $page['name'] );
}
@@ -172,11 +163,11 @@ else
if ( $page['num'] >= 1 )
{
$prev = $page['num'] - 1;
- $query = 'select id,name,file,tn_ext,cat_id';
- $query.= ' from '.PREFIX_TABLE.'images';
+ $query = 'SELECT id,name,file,tn_ext,cat_id';
+ $query.= ' FROM '.PREFIX_TABLE.'images';
$query.= $page['where'];
$query.= $conf['order_by'];
- $query.= ' limit '.$prev.',1';
+ $query.= ' LIMIT '.$prev.',1';
$query.= ';';
$result = mysql_query( $query );
$row = mysql_fetch_array( $result );
@@ -197,14 +188,8 @@ if ( $page['num'] >= 1 )
$prev_title = $lang['previous_image'].' : ';
$alt_thumbnaill = '';
- if ( $row['name'] != "" )
- {
- $alt_thumbnail = $row['name'];
- }
- else
- {
- $alt_thumbnail = $file;
- }
+ if ( $row['name'] != '' ) $alt_thumbnail = $row['name'];
+ else $alt_thumbnail = $file;
$prev_title.= $alt_thumbnail;
$url_link = './picture.php?image_id='.$row['id'].'&amp;cat='.$page['cat'];
@@ -320,22 +305,22 @@ if ( $page['date_creation'] != "" )
{
$vtp->addSession( $handle, 'info_line' );
$vtp->setVar( $handle, 'info_line.name', $lang['creation_date'].' : ' );
- $tab_date = explode( '-', $page['date_creation'] );
+ list( $year,$month,$day ) = explode( '-', $page['date_creation'] );
$vtp->setVar( $handle, 'info_line.content',
- $tab_date[2].'/'.$tab_date[1].'/'.$tab_date[0] );
+ $day.'/'.$month.'/'.$year );
$vtp->closeSession( $handle, 'info_line' );
}
// date of availability
$vtp->addSession( $handle, 'info_line' );
$vtp->setVar( $handle, 'info_line.name', $lang['registration_date'].' : ' );
-$tab_date = explode( '-', $page['date_available'] );
+list( $year,$month,$day ) = explode( '-', $page['date_available'] );
$vtp->setVar( $handle, 'info_line.content',
- $tab_date[2].'/'.$tab_date[1].'/'.$tab_date[0] );
+ $day.'/'.$month.'/'.$year );
$vtp->closeSession( $handle, 'info_line' );
// size in pixels
$vtp->addSession( $handle, 'info_line' );
$vtp->setVar( $handle, 'info_line.name', $lang['size'].' : ' );
-if ( $original_width != $final_width || $original_height != $final_height )
+if ( $original_width != $final_width or $original_height != $final_height )
{
$content = '[ <a href="'.$lien_image.'" title="'.$lang['true_size'].'">';
$content.= $original_width.'*'.$original_height.'</a> ]';
@@ -379,7 +364,7 @@ $vtp->setVar( $handle, 'info_line.name', $lang['visited'].' : ' );
$vtp->setVar( $handle, 'info_line.content', $page['hit'].' '.$lang['times'] );
$vtp->closeSession( $handle, 'info_line' );
//------------------------------------------------------- favorite manipulation
-if ( $page['cat'] != 'fav' && !$user['is_the_guest'] )
+if ( $page['cat'] != 'fav' and !$user['is_the_guest'] )
{
$url = './picture.php?cat='.$page['cat'].'&amp;image_id='.$page['id'];
$url.= '&amp;expand='.$_GET['expand'].'&amp;add_fav=1';
@@ -441,7 +426,7 @@ if ( $page['num'] < $page['cat_nb_images']-1 )
}
$file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
- $lien_thumbnail = $cat_directory."thumbnail/";
+ $lien_thumbnail = $cat_directory.'thumbnail/';
$lien_thumbnail.= $conf['prefix_thumbnail'].$file.".".$row['tn_ext'];
if ( $row['name'] != "" )
@@ -480,13 +465,13 @@ if ( $conf['show_comments'] )
// comment registeration
if ( isset( $_POST['content'] ) && $_POST['content'] != '' )
{
- $author = $user['pseudo'];
- if ( $_POST['author'] != "" )
+ $author = $user['username'];
+ if ( $_POST['author'] != '' )
{
$author = $_POST['author'];
}
- $query = 'insert into '.PREFIX_TABLE.'comments';
- $query.= ' (author,date,image_id,content) values';
+ $query = 'INSERT INTO '.PREFIX_TABLE.'comments';
+ $query.= ' (author,date,image_id,content) VALUES';
$query.= " ('".$author."',".time().",".$page['id'];
$query.= ",'".htmlspecialchars( $_POST['content'], ENT_QUOTES)."');";
mysql_query( $query );
@@ -496,14 +481,14 @@ if ( $conf['show_comments'] )
&& is_numeric( $_GET['del'] )
&& $user['status'] == 'admin' )
{
- $query = 'delete from '.PREFIX_TABLE.'comments';
- $query.= ' where id = '.$_GET['del'].';';
+ $query = 'DELETE FROM '.PREFIX_TABLE.'comments';
+ $query.= ' WHERE id = '.$_GET['del'].';';
mysql_query( $query );
}
// number of comment for this picture
- $query = 'select count(*) as nb_comments';
- $query.= ' from '.PREFIX_TABLE.'comments';
- $query.= ' where image_id = '.$page['id'].';';
+ $query = 'SELECT COUNT(*) AS nb_comments';
+ $query.= ' FROM '.PREFIX_TABLE.'comments';
+ $query.= ' WHERE image_id = '.$page['id'].';';
$row = mysql_fetch_array( mysql_query( $query ) );
$page['nb_comments'] = $row['nb_comments'];
// navigation bar creation
@@ -514,8 +499,8 @@ if ( $conf['show_comments'] )
$url.= '&amp;search='.$_GET['search'].'&amp;mode='.$_GET['mode'];
}
if( !isset( $_GET['start'] )
- || !is_numeric( $_GET['start'] )
- || ( is_numeric( $_GET['start'] ) && $_GET['start'] < 0 ) )
+ or !is_numeric( $_GET['start'] )
+ or ( is_numeric( $_GET['start'] ) and $_GET['start'] < 0 ) )
{
$page['start'] = 0;
}
@@ -531,11 +516,11 @@ if ( $conf['show_comments'] )
$vtp->setGlobalVar( $handle, 'navigation_bar', $page['navigation_bar'] );
$vtp->setGlobalVar( $handle, 'nb_comments', $page['nb_comments'] );
- $query = 'select id,author,date,image_id,content';
- $query.= ' from '.PREFIX_TABLE.'comments';
- $query.= ' where image_id = '.$page['id'];
- $query.= ' order by date asc';
- $query.= ' limit '.$page['start'].', '.$conf['nb_comment_page'].';';
+ $query = 'SELECT id,author,date,image_id,content';
+ $query.= ' FROM '.PREFIX_TABLE.'comments';
+ $query.= ' WHERE image_id = '.$page['id'];
+ $query.= ' ORDER BY date ASC';
+ $query.= ' LIMIT '.$page['start'].', '.$conf['nb_comment_page'].';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
@@ -580,10 +565,4 @@ mysql_close();
//----------------------------------------------------------- html code display
$code = $vtp->Display( $handle, 0 );
echo $code;
-//------------------------------------------------------------ log informations
-$query = 'insert into '.PREFIX_TABLE.'history';
-$query.= ' (date,login,IP,page,titre,categorie) values';
-$query.= " (".time().", '".$user['pseudo']."','".$_SERVER['REMOTE_ADDR']."'";
-$query.= ",'picture','".$page['file']."','".$intitule_cat."');";
-@mysql_query( $query );
?> \ No newline at end of file
diff --git a/register.php b/register.php
index 48d661d49..76b7455d3 100644
--- a/register.php
+++ b/register.php
@@ -16,9 +16,9 @@
***************************************************************************/
//----------------------------------------------------------- personnal include
-include_once( "./include/init.inc.php" );
+include_once( './include/init.inc.php' );
//-------------------------------------------------- access authorization check
-if ( $conf['acces'] == "restreint" )
+if ( $conf['access'] == "restricted" )
{
echo $lang['only_members'];
exit();
diff --git a/template/default/admin/cat.vtp b/template/default/admin/cat_list.vtp
index 4c0aca7e9..681e63023 100644
--- a/template/default/admin/cat.vtp
+++ b/template/default/admin/cat_list.vtp
@@ -4,7 +4,7 @@
<{#td} style="width:40%;text-align:left;">
{#indent}<img src="./images/puce.gif" alt="&gt;" />
&nbsp;{#name} [ dir : {#dir} ]
- <span style="color:red;font-weight:normal;"> {#invisible}</span>
+ <span style="color:red;font-weight:normal;"> {#invisible} <span style="font-weight:bold;">{#private}</span></span>
</{#td}>
<{#td} style="text-align:center;">
<div style="margin-left:3px;margin-right:3px;">{#nb_picture}</div>
@@ -42,7 +42,12 @@
</{#td}>
<{#td} class="{#class}"
style="width:10%;white-space:nowrap;text-align:center;">
- <a href="{#permission_url}">{#cat_permission}</a>
+ <!--VTP_permission-->
+ <a href="{#url}">{#cat_permission}</a>
+ <!--/VTP_permission-->
+ <!--VTP_no_permission-->
+ <span style="color:darkgray;">{#cat_permission}</span>
+ <!--/VTP_no_permission-->
</{#td}>
<{#td} class="{#class}"
style="width:10%;white-space:nowrap;text-align:center;">
diff --git a/template/default/admin/edit_cat.vtp b/template/default/admin/cat_modify.vtp
index 4bafd765b..90dcc093f 100644
--- a/template/default/admin/edit_cat.vtp
+++ b/template/default/admin/cat_modify.vtp
@@ -29,16 +29,15 @@
<td style="width:20%;">{#editcat_status}</td>
<td class="row2">
<!--VTP_status_option-->
- <input type="radio" name="status" value="{#option}"{#checked} />{#option}
+ <input type="radio" name="status" value="{#value}"{#checked} />{#option}
<!--/VTP_status_option-->
- {#editcat_status_info}
</td>
</tr>
<tr>
<td style="width:20%;">{#editcat_visible}</td>
<td class="row2">
<!--VTP_visible_option-->
- <input type="radio" name="visible" value="{#option}"{#checked} />{#option}
+ <input type="radio" name="visible" value="{#value}"{#checked} />{#option}
<!--/VTP_visible_option-->
{#editcat_status_info}
</td>
diff --git a/template/default/admin/cat_perm.vtp b/template/default/admin/cat_perm.vtp
new file mode 100644
index 000000000..cf8fab094
--- /dev/null
+++ b/template/default/admin/cat_perm.vtp
@@ -0,0 +1,47 @@
+<form action="{#action}" method="post">
+ <!--VTP_groups-->
+ <table style="width:100%;">
+ <tr>
+ <th colspan="2">{#menu_groups}</th>
+ </tr>
+ <!--VTP_group-->
+ <tr>
+ <td><a href="{#group_perm_link}"><span style="color:{#color}">{#groupname}</span></a></td>
+ <td style="text-align:right;">
+ <input type="radio" name="groupaccess-{#id}" value="0"{#authorized_checked}/>{#permuser_authorized}
+ <input type="radio" name="groupaccess-{#id}" value="1"{#forbidden_checked}/>{#permuser_forbidden}
+ </td>
+ </tr>
+ <!--/VTP_group-->
+ </table>
+ <!--/VTP_groups-->
+ <table style="width:100%;">
+ <tr>
+ <th colspan="2">{#menu_users}</th>
+ </tr>
+ <!--VTP_user-->
+ <tr>
+ <td>
+ <a href="{#user_perm_link}"><span style="color:{#color}">{#username}</span></a>
+ <!--VTP_usergroups-->
+ [
+ <!--VTP_usergroup-->
+ <span style="color:{#color};">{#name}</span>{#separation}
+ <!--/VTP_usergroup-->
+ ]
+ <!--/VTP_usergroups-->
+ </td>
+ <td style="text-align:right;">
+ <!--VTP_parent_forbidden-->
+ <a href="{#url}">{#permuser_parent_forbidden}</a>
+ <!--/VTP_parent_forbidden-->
+ <input type="radio" name="useraccess-{#id}" value="0"{#authorized_checked}/>{#permuser_authorized}
+ <input type="radio" name="useraccess-{#id}" value="1"{#forbidden_checked}/>{#permuser_forbidden}
+ </td>
+ </tr>
+ <!--/VTP_user-->
+ <tr>
+ <td colspan="2" align="center"><input type="submit" name="submit" value="{#submit}"/></td>
+ </tr>
+ </table>
+</form> \ No newline at end of file
diff --git a/template/default/admin/group_list.vtp b/template/default/admin/group_list.vtp
new file mode 100644
index 000000000..a02d8ad8d
--- /dev/null
+++ b/template/default/admin/group_list.vtp
@@ -0,0 +1,49 @@
+<!--VTP_errors-->
+<div class="errors">
+ <ul>
+ <!--VTP_li-->
+ <li>{#li}</li>
+ <!--/VTP_li-->
+ </ul>
+</div>
+<!--/VTP_errors-->
+<!--VTP_deletion-->
+<table style="width:100%;">
+ <tr>
+ <th colspan="2">{#group_confirm} "{#name}" ?</th>
+ </tr>
+ <tr>
+ <td align="center"><a href="{#yes_url}">{#yes}</a></td>
+ <td align="center" class="row2"><a href="{#no_url}">{#no}</a></td>
+ </tr>
+</table>
+<!--/VTP_deletion-->
+<!--VTP_confirmation-->
+<div class="{#class}">{#info}</div>
+<!--/VTP_confirmation-->
+<!--VTP_groups-->
+<table width="100%">
+ <tr>
+ <th colspan="3">{#group_list_title}</th>
+ </tr>
+ <!--VTP_group-->
+ <tr>
+ <td style="width:25%;">
+ <div style="margin-left:10px;color:{#color}"><img src="./images/puce.gif" alt="&gt;" /> {#name}</div>
+ </td>
+ <td class="row2" style="text-align:center;width:25%;">
+ <a href="{#permission_url}">{#listuser_permission}</a>
+ </td>
+ <td class="row2" style="text-align:center;width:25%;">
+ <a href="{#deletion_url}">{#delete}</a>
+ </td>
+ </tr>
+ <!--/VTP_group-->
+</table>
+<!--/VTP_groups-->
+<form method="post" action="{#form_action}">
+ <div style="text-align:center;margin:10px;">
+ {#group_add} <input type="text" name="name" />
+ <input type="submit" value="{#add}" name="submit" />
+ </div>
+</form> \ No newline at end of file
diff --git a/template/default/admin/group_perm.vtp b/template/default/admin/group_perm.vtp
new file mode 100644
index 000000000..89beae782
--- /dev/null
+++ b/template/default/admin/group_perm.vtp
@@ -0,0 +1,24 @@
+<!--VTP_confirmation-->
+<div class="info">{#permuser_info_message} [ <a href="{#back_url}">{#adduser_info_back}</a> ]</div>
+<!--/VTP_confirmation-->
+<form action="{#action}" method="post">
+ <table style="width:100%;">
+ <!--VTP_category-->
+ <tr>
+ <td>
+ <img src="./images/puce.gif" alt="&gt;" /> <a href="{#cat_perm_link}"><span style="color:{#color}">{#name}</span></a>
+ </td>
+ <td style="text-align:right;">
+ <!--VTP_parent_forbidden-->
+ {#permuser_parent_forbidden}
+ <!--/VTP_parent_forbidden-->
+ <input type="radio" name="access-{#id}" value="0"{#authorized_checked}/>{#permuser_authorized}
+ <input type="radio" name="access-{#id}" value="1"{#forbidden_checked}/>{#permuser_forbidden}
+ </td>
+ </tr>
+ <!--/VTP_category-->
+ <tr>
+ <td colspan="2" align="center"><input type="submit" name="submit" value="{#submit}"/></td>
+ </tr>
+ </table>
+</form> \ No newline at end of file
diff --git a/template/default/admin/user_modify.vtp b/template/default/admin/user_modify.vtp
index 53844d64f..49d2f1358 100644
--- a/template/default/admin/user_modify.vtp
+++ b/template/default/admin/user_modify.vtp
@@ -34,7 +34,7 @@
</tr>
<tr>
<td>{#new} {#password}<input type="checkbox" name="use_new_pwd" value="1" /></td>
- <td><input type="text" name="password" value="{#user:password}" /></td>
+ <td><input type="text" name="password" value="" /></td>
</tr>
<tr>
<td>{#mail_address}</td>
@@ -50,6 +50,31 @@
</select>
</td>
</tr>
+ <!--VTP_groups-->
+ <tr>
+ <td valign="top">{#menu_groups}</td>
+ <td>
+ <table>
+ <!--VTP_group-->
+ <tr>
+ <td>{#name}</td>
+ <td><input type="checkbox" name="dissociate-{#dissociate_id}" value="1" /> {#dissociate}</td>
+ </tr>
+ <!--/VTP_group-->
+ </table>
+ </td>
+ </tr>
+ <!--/VTP_groups-->
+ <tr>
+ <td>{#adduser_associate}</td>
+ <td>
+ <select name="associate">
+ <!--VTP_associate_group-->
+ <option value="{#value}">{#option}</option>
+ <!--/VTP_associate_group-->
+ </select>
+ </td>
+ </tr>
<tr>
<td colspan="2" align="center">
<input type="submit" name="submit" value="{#submit}" />
diff --git a/template/default/admin/user_perm.vtp b/template/default/admin/user_perm.vtp
new file mode 100644
index 000000000..aebdff9d5
--- /dev/null
+++ b/template/default/admin/user_perm.vtp
@@ -0,0 +1,31 @@
+<!--VTP_confirmation-->
+<div class="info">{#permuser_info_message} [ <a href="{#back_url}">{#adduser_info_back}</a> ]</div>
+<!--/VTP_confirmation-->
+<form action="{#action}" method="post">
+ <table style="width:100%;">
+ <!--VTP_category-->
+ <tr>
+ <td>
+ <img src="./images/puce.gif" alt="&gt;" /> <a href="{#cat_perm_link}"><span style="color:{#color}">{#name}</span></a>
+ <!--VTP_usergroups-->
+ [
+ <!--VTP_usergroup-->
+ <span style="color:{#color};">{#name}</span>{#separation}
+ <!--/VTP_usergroup-->
+ ]
+ <!--/VTP_usergroups-->
+ </td>
+ <td style="text-align:right;">
+ <!--VTP_parent_forbidden-->
+ {#permuser_parent_forbidden}
+ <!--/VTP_parent_forbidden-->
+ <input type="radio" name="access-{#id}" value="0"{#authorized_checked}/>{#permuser_authorized}
+ <input type="radio" name="access-{#id}" value="1"{#forbidden_checked}/>{#permuser_forbidden}
+ </td>
+ </tr>
+ <!--/VTP_category-->
+ <tr>
+ <td colspan="2" align="center"><input type="submit" name="submit" value="{#submit}"/></td>
+ </tr>
+ </table>
+</form> \ No newline at end of file
diff --git a/template/default/picture.vtp b/template/default/picture.vtp
index 2e20a4949..66fe213ac 100644
--- a/template/default/picture.vtp
+++ b/template/default/picture.vtp
@@ -1,6 +1,6 @@
<html>
<head>
- {#page_style}
+ {#style}
<!-- Specific style to picture.php-->
<style type="text/css">
.commentsAuthor,.commentsTitle,.commentsInfos,.commentsContent,.commentsNavigationBar {
@@ -44,6 +44,7 @@
<title>{#page_title}</title>
</head>
<body>
+ {#header}
<table style="width:100%;height:100%;">
<tr align="center" valign="middle">
<td>
@@ -162,5 +163,6 @@
</tr>
<!--/VTP_comments-->
</table>
+ {#footer}
</body>
</html> \ No newline at end of file