diff options
| -rw-r--r-- | admin.php | 15 | ||||
| -rw-r--r-- | admin/group_list.php | 8 | ||||
| -rw-r--r-- | admin/search.php | 3 | ||||
| -rw-r--r-- | admin/user_list.php | 265 | ||||
| -rw-r--r-- | admin/user_modify.php | 225 | ||||
| -rw-r--r-- | admin/user_search.php | 4 | ||||
| -rw-r--r-- | category.php | 3 | ||||
| -rw-r--r-- | identification.php | 2 | ||||
| -rw-r--r-- | include/functions_user.inc.php | 4 | ||||
| -rw-r--r-- | language/en_UK.iso-8859-1/admin.lang.php | 89 | ||||
| -rw-r--r-- | language/fr_FR.iso-8859-1/admin.lang.php | 105 | ||||
| -rw-r--r-- | profile.php | 195 | ||||
| -rw-r--r-- | register.php | 17 | ||||
| -rw-r--r-- | template/default/admin/user_list.tpl | 101 | ||||
| -rw-r--r-- | template/default/admin/user_modify.tpl | 95 | ||||
| -rw-r--r-- | template/default/category.tpl | 5 | ||||
| -rw-r--r-- | template/default/identification.tpl | 4 | ||||
| -rw-r--r-- | template/default/profile.tpl | 46 |
18 files changed, 317 insertions, 869 deletions
@@ -34,16 +34,18 @@ include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' ); //--------------------------------------- validating page and creation of title $page_valide = false; $title = ''; +$username=''; +if (isset($_POST['username'])) $username=$_POST['username']; if (isset( $_GET['page'] )) switch ( $_GET['page'] ) { case 'user_list': $title = $lang['title_liste_users']; $page_valide = true; break; - case 'user_modify': - $title = $lang['title_modify']; $page_valide = true; break; + case 'profile': + $title = $lang['title_modify']; + $page_valide = true; + break; case 'user_search': - $username=''; - if (isset($_POST['username'])) $username=$_POST['username']; $title = $lang['title_user_perm'].' '.$username; $page_valide = true; break; case 'group_list' : @@ -93,8 +95,6 @@ switch ( $_GET['page'] ) $title = $lang['title_categories']; $page_valide = true; break; case 'cat_modify': $title = $lang['title_edit_cat']; $page_valide = true; break; - case 'admin_upload': - $title = $lang['upload']; $page_valide = true; break; case 'infos_images': $title = $lang['title_info_images']; $page_valide = true; break; case 'waiting': @@ -212,7 +212,7 @@ $template->assign_vars(array( 'U_CONFIG_METADATA'=>add_session_id($conf_link.'metadata' ), 'U_SITES'=>add_session_id($link_start.'remote_site'), 'U_PHPINFO'=>add_session_id($link_start.'admin_phpinfo' ), - 'U_USERS'=>add_session_id($link_start.'user_search' ), + 'U_USERS'=>add_session_id($link_start.'profile' ), 'U_GROUPS'=>add_session_id($link_start.'group_list' ), 'U_CATEGORIES'=>add_session_id($link_start.'cat_list' ), 'U_CAT_UPLOAD'=>add_session_id($opt_link.'upload'), @@ -235,6 +235,7 @@ $link_start = PHPWG_ROOT_PATH.'admin.php?page='; if ( $page_valide ) { if ($_GET['page']=='comments') include ( PHPWG_ROOT_PATH.'comments.php'); + elseif ($_GET['page']=='profile') include ( PHPWG_ROOT_PATH.'profile.php'); else include ( PHPWG_ROOT_PATH.'admin/'.$_GET['page'].'.php' ); } else diff --git a/admin/group_list.php b/admin/group_list.php index 3fbec59de..d399a6d69 100644 --- a/admin/group_list.php +++ b/admin/group_list.php @@ -34,10 +34,18 @@ include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' ); $error = array(); if ( isset( $_POST['delete'] ) && isset( $_POST['confirm_delete'] ) ) { + // destruction of the access linked to the group + $query = 'DELETE FROM '.GROUP_ACCESS_TABLE; + $query.= ' WHERE group_id = '.$_POST['group_id']; + $query.= ';'; + pwg_query( $query ); + + // destruction of the users links for this group $query = 'DELETE FROM ' . USER_GROUP_TABLE; $query.= ' WHERE group_id = '.$_POST['group_id']; pwg_query( $query ); + // destruction of the group $query = 'DELETE FROM ' . GROUPS_TABLE; $query.= ' WHERE id = '.$_POST['group_id']; $query.= ';'; diff --git a/admin/search.php b/admin/search.php index 485f8322a..f1716ff84 100644 --- a/admin/search.php +++ b/admin/search.php @@ -73,7 +73,8 @@ if ( !empty($search_match) ) $sql = "SELECT username FROM " . USERS_TABLE . " WHERE username LIKE '" . str_replace("\'", "''", $username_search) . "' - ORDER BY username"; + AND id <> ".ANONYMOUS." + ORDER BY username"; if ( !($result = pwg_query($sql)) ) { die('Could not obtain search results'); diff --git a/admin/user_list.php b/admin/user_list.php deleted file mode 100644 index c15980d72..000000000 --- a/admin/user_list.php +++ /dev/null @@ -1,265 +0,0 @@ -<?php -// +-----------------------------------------------------------------------+ -// | PhpWebGallery - a PHP based picture gallery | -// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net | -// | Copyright (C) 2003-2004 PhpWebGallery Team - http://phpwebgallery.net | -// +-----------------------------------------------------------------------+ -// | branch : BSF (Best So Far) -// | file : $RCSfile$ -// | last update : $Date$ -// | last modifier : $Author$ -// | revision : $Revision$ -// +-----------------------------------------------------------------------+ -// | This program is free software; you can redistribute it and/or modify | -// | it under the terms of the GNU General Public License as published by | -// | the Free Software Foundation | -// | | -// | This program is distributed in the hope that it will be useful, but | -// | WITHOUT ANY WARRANTY; without even the implied warranty of | -// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | -// | General Public License for more details. | -// | | -// | You should have received a copy of the GNU General Public License | -// | along with this program; if not, write to the Free Software | -// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | -// | USA. | -// +-----------------------------------------------------------------------+ -include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' ); - - - -//----------------------------------------------------- template initialization -$sub = $vtp->Open( './template/'.$user['template'].'/admin/user_list.vtp' ); -$tpl = array( 'listuser_confirm','listuser_modify_hint','listuser_modify', - 'listuser_permission','listuser_permission_hint', - 'listuser_delete_hint','listuser_delete','yes','no', - 'listuser_button_all','listuser_button_invert', - 'listuser_button_create_address','title_add','login','password', - 'add','errors_title' ); -templatize_array( $tpl, 'lang', $sub ); -$vtp->setGlobalVar( $sub, 'user_template', $user['template'] ); -//------------------------------------------------------------------ add a user -$errors = array(); -if ( isset( $_POST['submit_add_user'] ) ) -{ - $errors = register_user( - $_POST['username'], $_POST['password'], $_POST['password'], '', 'guest' ); -} -//-------------------------------------------------------------- errors display -if ( sizeof( $errors ) != 0 ) -{ - $vtp->addSession( $sub, 'errors' ); - foreach ( $errors as $error ) { - $vtp->addSession( $sub, 'li' ); - $vtp->setVar( $sub, 'li.li', $error ); - $vtp->closeSession( $sub, 'li' ); - } - $vtp->closeSession( $sub, 'errors' ); -} -else if ( isset( $_POST['submit_add_user'] ) ) -{ - $_POST = array(); -} -//--------------------------------------------------------------- delete a user -if ( isset ( $_GET['delete'] ) and is_numeric( $_GET['delete'] ) ) -{ - $query = 'SELECT username'; - $query.= ' FROM '.USERS_TABLE; - $query.= ' WHERE id = '.$_GET['delete']; - $query.= ';'; - $row = mysql_fetch_array( pwg_query( $query ) ); - // confirm user deletion ? - if ( !isset( $_GET['confirm'] ) ) - { - $vtp->addSession( $sub, 'deletion' ); - $vtp->setVar( $sub, 'deletion.login', $row['username'] ); - $yes_url = './admin.php?page=user_list&delete='.$_GET['delete']; - $yes_url.= '&confirm=1'; - $vtp->setVar( $sub, 'deletion.yes_url', add_session_id( $yes_url ) ); - $no_url = './admin.php?page=user_list'; - $vtp->setVar( $sub, 'deletion.no_url', add_session_id( $no_url ) ); - $vtp->closeSession( $sub, 'deletion' ); - } - // user deletion confirmed - else - { - $vtp->addSession( $sub, 'confirmation' ); - if ( $row['username'] != 'guest' - and $row['username'] != $conf['webmaster'] ) - { - $query = 'SELECT COUNT(*) AS nb_result'; - $query.= ' FROM '.USERS_TABLE; - $query.= ' WHERE id = '.$_GET['delete']; - $query.= ';'; - $row2 = mysql_fetch_array( pwg_query( $query ) ); - if ( $row2['nb_result'] > 0 ) - { - delete_user( $_GET['delete'] ); - $vtp->setVar( $sub, 'confirmation.class', 'info' ); - $info = '"'.$row['username'].'" '.$lang['listuser_info_deletion']; - $vtp->setVar( $sub, 'confirmation.info', $info ); - } - else - { - $vtp->setVar( $sub, 'confirmation.class', 'erreur' ); - $vtp->setVar( $sub, 'confirmation.info', $lang['user_err_unknown'] ); - } - } - else - { - $vtp->setVar( $sub, 'confirmation.class', 'erreur' ); - $vtp->setVar( $sub, 'confirmation.info', $lang['user_err_modify'] ); - } - $vtp->closeSession( $sub, 'confirmation' ); - } -} -//------------------------------------------------------------------ users list -else -{ - // add a user - $vtp->addSession( $sub, 'add_user' ); - $action = './admin.php?'.$_SERVER['QUERY_STRING']; - $vtp->setVar( $sub, 'add_user.form_action', $action ); - if (isset( $_POST['username'])) - $vtp->setVar( $sub, 'add_user.f_username', $_POST['username'] ); - $vtp->closeSession( $sub, 'add_user' ); - - $vtp->addSession( $sub, 'users' ); - - $action = './admin.php?'.$_SERVER['QUERY_STRING']; - if ( !isset( $_GET['mail'] ) ) - { - $action.= '&mail=true'; - } - $vtp->setVar( $sub, 'users.form_action', $action ); - - $query = 'SELECT id,username,status,mail_address'; - $query.= ' FROM '.USERS_TABLE; - $query.= ' ORDER BY status ASC, username ASC'; - $query.= ';'; - $result = pwg_query( $query ); - - $current_status = ''; - while ( $row = mysql_fetch_array( $result ) ) - { - // display the line indicating the status of the next users - if ( $row['status'] != $current_status ) - { - if ( $current_status != '' ) - { - $vtp->closeSession( $sub, 'category' ); - } - $vtp->addSession( $sub, 'category' ); - $title = $lang['listuser_user_group'].' '; - switch ( $row['status'] ) - { - case 'admin' : $title.= $lang['adduser_status_admin']; break; - case 'guest' : $title.= $lang['adduser_status_guest']; break; - } - $vtp->setVar( $sub, 'category.title', $title ); - $current_status = $row['status']; - } - $vtp->addSession( $sub, 'user' ); - // checkbox for mail management if the user has a mail address - if ( isset( $row['mail_address'] ) and $row['username'] != 'guest' ) - { - $vtp->addSession( $sub, 'checkbox' ); - $vtp->setVar( $sub, 'checkbox.name', 'mail-'.$row['id'] ); - $vtp->closeSession( $sub, 'checkbox' ); - } - // use a special color for the login of the user ? - if ( $row['username'] == $conf['webmaster'] ) - { - $vtp->setVar( $sub, 'user.color', 'red' ); - } - if ( $row['username'] == 'guest' ) - { - $vtp->setVar( $sub, 'user.color', 'green' ); - $vtp->setVar( $sub, 'user.login', $lang['guest'] ); - } - else - { - $vtp->setVar( $sub, 'user.login', $row['username'] ); - } - // modify or not modify ? - if ( $row['username'] == 'guest' - or ( $row['username'] == $conf['webmaster'] - and $user['username'] != $conf['webmaster'] ) ) - { - $vtp->addSession( $sub, 'not_modify' ); - $vtp->closeSession( $sub, 'not_modify' ); - } - else - { - $vtp->addSession( $sub, 'modify' ); - $url = './admin.php?page=user_modify&user_id='; - $url.= $row['id']; - $vtp->setVar( $sub, 'modify.url', add_session_id( $url ) ); - $vtp->setVar( $sub, 'modify.login', $row['username'] ); - $vtp->closeSession( $sub, 'modify' ); - } - // manage permission or not ? - if ( $row['username'] == $conf['webmaster'] - and $user['username'] != $conf['webmaster'] ) - { - $vtp->addSession( $sub, 'not_permission' ); - $vtp->closeSession( $sub, 'not_permission' ); - } - else - { - $vtp->addSession( $sub, 'permission' ); - $url = './admin.php?page=user_perm&user_id='.$row['id']; - $vtp->setVar( $sub, 'permission.url', add_session_id( $url ) ); - $vtp->setVar( $sub, 'permission.login', $row['username'] ); - $vtp->closeSession( $sub, 'permission' ); - } - // is the user deletable or not ? - if ( $row['username'] == 'guest' - or $row['username'] == $conf['webmaster'] ) - { - $vtp->addSession( $sub, 'not_delete' ); - $vtp->closeSession( $sub, 'not_delete' ); - } - else - { - $vtp->addSession( $sub, 'delete' ); - $url = './admin.php?page=user_list&delete='.$row['id']; - $vtp->setVar( $sub, 'delete.url', add_session_id( $url ) ); - $vtp->setVar( $sub, 'delete.login', $row['username'] ); - $vtp->closeSession( $sub, 'delete' ); - } - $vtp->closeSession( $sub, 'user' ); - } - $vtp->closeSession( $sub, 'category' ); - // mail management : creation of the mail address if asked by administrator - if ( isset( $_POST['submit_generate_mail'] ) and isset( $_GET['mail'] ) ) - { - $mails = array(); - $query = 'SELECT id,mail_address'; - $query.= ' FROM '.USERS_TABLE; - $query.= ';'; - $result = pwg_query( $query ); - while ( $row = mysql_fetch_array( $result ) ) - { - if ( isset( $_POST['mail-'.$row['id']] ) ) - array_push( $mails, $row['mail_address'] ); - } - $mail_destination = ''; - foreach ( $mails as $i => $mail_address ) { - if ( $i > 0 ) $mail_destination.= ','; - $mail_destination.= $mail_address; - } - if ( sizeof( $mails ) > 0 ) - { - $vtp->addSession( $sub, 'mail_link' ); - $vtp->setVar( $sub, 'mail_link.mailto', $mail_destination ); - $vtp->setVar( $sub, 'mail_link.mail_address_start', - substr( $mail_destination, 0, 50 ) ); - $vtp->closeSession( $sub, 'mail_link' ); - } - } - $vtp->closeSession( $sub, 'users' ); -} -//----------------------------------------------------------- sending html code -$vtp->Parse( $handle , 'sub', $sub ); -?> diff --git a/admin/user_modify.php b/admin/user_modify.php deleted file mode 100644 index 8ac6f5f81..000000000 --- a/admin/user_modify.php +++ /dev/null @@ -1,225 +0,0 @@ -<?php -// +-----------------------------------------------------------------------+ -// | PhpWebGallery - a PHP based picture gallery | -// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net | -// | Copyright (C) 2003-2004 PhpWebGallery Team - http://phpwebgallery.net | -// +-----------------------------------------------------------------------+ -// | branch : BSF (Best So Far) -// | file : $RCSfile$ -// | last update : $Date$ -// | last modifier : $Author$ -// | revision : $Revision$ -// +-----------------------------------------------------------------------+ -// | This program is free software; you can redistribute it and/or modify | -// | it under the terms of the GNU General Public License as published by | -// | the Free Software Foundation | -// | | -// | This program is distributed in the hope that it will be useful, but | -// | WITHOUT ANY WARRANTY; without even the implied warranty of | -// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | -// | General Public License for more details. | -// | | -// | You should have received a copy of the GNU General Public License | -// | along with this program; if not, write to the Free Software | -// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | -// | USA. | -// +-----------------------------------------------------------------------+ -include_once( './admin/include/isadmin.inc.php' ); -//----------------------------------------------------- template initialization -$sub = $vtp->Open( './template/'.$user['template'].'/admin/user_modify.vtp' ); -$error = array(); -$tpl = array( 'adduser_info_message', 'adduser_info_back', 'adduser_fill_form', - 'login', 'new', 'password', 'mail_address', 'adduser_status', - 'submit', 'adduser_info_password_updated','menu_groups', - 'dissociate','adduser_associate' ); -templatize_array( $tpl, 'lang', $sub ); -//--------------------------------------------------------- form criteria check -$error = array(); -$display_form = true; - -// retrieving information in the database about the user identified by its -// id in $_GET['user_id'] -$query = 'select'; -$query.= ' username,status,mail_address'; -$query.= ' from '.USERS_TABLE; -$query.= ' where id = '.$_GET['user_id']; -$query.= ';'; -$row = mysql_fetch_array( pwg_query( $query ) ); -$page['username'] = $row['username']; -$page['status'] = $row['status']; -if ( !isset( $row['mail_address'] ) ) $row['mail_address'] = ''; -$page['mail_address'] = $row['mail_address']; -// user is not modifiable if : -// 1. the selected user is the user "guest" -// 2. the selected user is the webmaster and the user making the modification -// is not the webmaster -if ( $row['username'] == 'guest' - or ( $row['username'] == $conf['webmaster'] - and $user['username'] != $conf['webmaster'] ) ) -{ - array_push( $error, $lang['user_err_modify'] ); - $display_form = false; -} -// if the user was not found in the database, no modification possible -if ( $row['username'] == '' ) -{ - array_push( $error, $lang['user_err_unknown'] ); - $display_form = false; -} - -if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) ) -{ - // shall we use a new password and overwrite the old one ? - $use_new_password = false; - if ( isset( $_POST['use_new_pwd'] ) ) $use_new_password = true; - // if we try to update the webmaster infos, we have to set the status to - // 'admin' - if ( $row['username'] == $conf['webmaster'] ) - $_POST['status'] = 'admin'; - - $error = array_merge( $error, update_user( - $_GET['user_id'], $_POST['mail_address'], - $_POST['status'], $use_new_password, - $_POST['password'] ) ); -} -// association with groups management -if ( isset( $_POST['submit'] ) ) -{ - // deletion of checked groups - $query = 'SELECT id,name'; - $query.= ' FROM '.PREFIX_TABLE.'groups'; - $query.= ' ORDER BY id ASC'; - $query.= ';'; - $result = pwg_query( $query ); - while ( $row = mysql_fetch_array( $result ) ) - { - $dissociate = 'dissociate-'.$row['id']; - if ( isset( $_POST[$dissociate] ) ) - { - $query = 'DELETE FROM '.PREFIX_TABLE.'user_group'; - $query.= ' WHERE user_id = '.$_GET['user_id']; - $query.= ' AND group_id ='.$row['id']; - $query.= ';'; - pwg_query( $query ); - } - } - // create a new association between the user and a group - $query = 'INSERT INTO '.PREFIX_TABLE.'user_group'; - $query.= ' (user_id,group_id) VALUES'; - $query.= ' ('.$_GET['user_id'].','.$_POST['associate'].')'; - $query.= ';'; - pwg_query( $query ); - // synchronize category informations for this user - synchronize_user( $_GET['user_id'] ); -} -//-------------------------------------------------------------- errors display -if ( sizeof( $error ) != 0 ) -{ - $vtp->addSession( $sub, 'errors' ); - for ( $i = 0; $i < sizeof( $error ); $i++ ) - { - $vtp->addSession( $sub, 'li' ); - $vtp->setVar( $sub, 'li.li', $error[$i] ); - $vtp->closeSession( $sub, 'li' ); - } - $vtp->closeSession( $sub, 'errors' ); -} -//---------------------------------------------------------------- confirmation -if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) ) -{ - $vtp->addSession( $sub, 'confirmation' ); - $vtp->setVar( $sub, 'confirmation.username', $page['username'] ); - $url = add_session_id( './admin.php?page=user_list' ); - $vtp->setVar( $sub, 'confirmation.url', $url ); - $vtp->closeSession( $sub, 'confirmation' ); - if ( $use_new_password ) - { - $vtp->addSession( $sub, 'password_updated' ); - $vtp->closeSession( $sub, 'password_updated' ); - } -} -//------------------------------------------------------------------------ form -if ( $display_form ) -{ - $vtp->addSession( $sub, 'form' ); - $action = './admin.php?page=user_modify&user_id='.$_GET['user_id']; - $vtp->setVar( $sub, 'form.form_action', add_session_id( $action ) ); - $vtp->setVar( $sub, 'form.user:username', $page['username'] ); - if ( isset( $_POST['mail_address'] ) ) - { - $page['mail_address'] = $_POST['mail_address']; - } - $vtp->setVar( $sub, 'form.user:mail_address', $page['mail_address'] ); - // change status only if the user is not the webmaster - if ( $page['username'] != $conf['webmaster'] ) - { - $vtp->addSession( $sub, 'status' ); - if ( isset( $_POST['status'] ) ) - { - $page['status'] = $_POST['status']; - } - $option = get_enums( PREFIX_TABLE.'users', 'status' ); - for ( $i = 0; $i < sizeof( $option ); $i++ ) - { - $vtp->addSession( $sub, 'status_option' ); - $vtp->setVar( $sub, 'status_option.value', $option[$i] ); - $vtp->setVar( $sub, 'status_option.option', - $lang['adduser_status_'.$option[$i]] ); - if( $option[$i] == $page['status'] ) - { - $vtp->setVar( $sub, 'status_option.selected', ' selected="selected"' ); - } - $vtp->closeSession( $sub, 'status_option' ); - } - $vtp->closeSession( $sub, 'status' ); - } - // groups linked with this user - $query = 'SELECT id,name'; - $query.= ' FROM '.PREFIX_TABLE.'user_group, '.PREFIX_TABLE.'groups'; - $query.= ' WHERE group_id = id'; - $query.= ' AND user_id = '.$_GET['user_id']; - $query.= ';'; - $result = pwg_query( $query ); - $user_groups = array(); - if ( mysql_num_rows( $result ) > 0 ) - { - $vtp->addSession( $sub, 'groups' ); - while ( $row = mysql_fetch_array( $result ) ) - { - $vtp->addSession( $sub, 'group' ); - $vtp->setVar( $sub, 'group.name', $row['name'] ); - $vtp->setVar( $sub, 'group.dissociate_id', $row['id'] ); - $vtp->closeSession( $sub, 'group' ); - array_push( $user_groups, $row['id'] ); - } - $vtp->closeSession( $sub, 'groups' ); - } - // empty group not to take into account - $vtp->addSession( $sub, 'associate_group' ); - $vtp->setVar( $sub, 'associate_group.value', 'undef' ); - $vtp->setVar( $sub, 'associate_group.option', '' ); - $vtp->closeSession( $sub, 'associate_group' ); - // groups not linked yet to the user - $query = 'SELECT id,name'; - $query.= ' FROM '.PREFIX_TABLE.'groups'; - $query.= ' ORDER BY id ASC'; - $query.= ';'; - $result = pwg_query( $query ); - while ( $row = mysql_fetch_array( $result ) ) - { - if ( !in_array( $row['id'], $user_groups ) ) - { - $vtp->addSession( $sub, 'associate_group' ); - $vtp->setVar( $sub, 'associate_group.value', $row['id'] ); - $vtp->setVar( $sub, 'associate_group.option', $row['name'] ); - $vtp->closeSession( $sub, 'associate_group' ); - } - } - - $url = add_session_id( './admin.php?page=user_list' ); - $vtp->setVar( $sub, 'form.url_back', $url ); - $vtp->closeSession( $sub, 'form' ); -} -//----------------------------------------------------------- sending html code -$vtp->Parse( $handle , 'sub', $sub ); -?> diff --git a/admin/user_search.php b/admin/user_search.php index 0d7d17bbd..220928992 100644 --- a/admin/user_search.php +++ b/admin/user_search.php @@ -78,8 +78,8 @@ $template->assign_vars(array( 'L_FORBIDDEN'=>$lang['forbidden'], 'L_PARENT_FORBIDDEN'=>$lang['permuser_parent_forbidden'], - 'F_SEARCH_USER_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_search'), - 'F_AUTH_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_search&user_id='.$user_id), + 'F_SEARCH_USER_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=profile'), + 'F_AUTH_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=profile&user_id='.$user_id), 'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php') )); diff --git a/category.php b/category.php index bd19bb847..0824c2efb 100644 --- a/category.php +++ b/category.php @@ -135,6 +135,8 @@ $template->assign_vars(array( 'L_USERNAME' => $lang['login'], 'L_PASSWORD' => $lang['password'], 'L_HELLO' => $lang['hello'], + 'L_REGISTER' => $lang['ident_register'], + 'L_LOGIN' => $lang['menu_login'], 'L_LOGOUT' => $lang['logout'], 'L_ADMIN' => $lang['admin'], 'L_ADMIN_HINT' => $lang['hint_admin'], @@ -146,6 +148,7 @@ $template->assign_vars(array( 'T_RECENT' => $icon_recent, 'U_HOME' => add_session_id( PHPWG_ROOT_PATH.'category.php' ), + 'U_REGISTER' => add_session_id( PHPWG_ROOT_PATH.'register.php' ), 'U_LOGOUT' => PHPWG_ROOT_PATH.'category.php?act=logout', 'U_ADMIN'=>add_session_id( PHPWG_ROOT_PATH.'admin.php' ), 'U_PROFILE'=>add_session_id(PHPWG_ROOT_PATH.'profile.php?'.str_replace( '&', '&', $_SERVER['QUERY_STRING'] )) diff --git a/identification.php b/identification.php index 8caae940d..8fd140a91 100644 --- a/identification.php +++ b/identification.php @@ -79,8 +79,6 @@ $template->assign_vars( 'L_FORGET' => $lang['ident_forgotten_password'], 'L_REMEMBER_ME'=>$lang['remember_me'], - 'T_STYLE' => $user['template'], - 'F_LOGIN_ACTION' => add_session_id('identification.php') )); diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 1ac224c31..1581ff28f 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -156,13 +156,13 @@ function update_user( $user_id, $mail_address, $status, return $error; } -function check_login_authorization() +function check_login_authorization($guest_allowed = true) { global $user,$lang,$conf,$page; if ( $user['is_the_guest']) { - if ( $conf['access'] == 'restricted' || (isset($page['cat']) && $page['cat'] == 'fav' ) ) + if ( $conf['access'] == 'restricted' || !$guest_allowed ) { echo '<div style="text-align:center;">'.$lang['only_members'].'<br />'; echo '<a href="./identification.php">'.$lang['ident_title'].'</a></div>'; diff --git a/language/en_UK.iso-8859-1/admin.lang.php b/language/en_UK.iso-8859-1/admin.lang.php index 46d385f98..16d249656 100644 --- a/language/en_UK.iso-8859-1/admin.lang.php +++ b/language/en_UK.iso-8859-1/admin.lang.php @@ -211,6 +211,37 @@ $lang['infoimage_addtoall'] = 'add to all'; $lang['infoimage_removefromall'] = 'remove from all'; $lang['infoimage_associate'] = 'Associate to the category'; +// Thumbnails +$lang['tn_width'] = 'width'; +$lang['tn_height'] = 'height'; +$lang['tn_no_support'] = 'Picture unreachable or no support'; +$lang['tn_format'] = 'for the file format'; +$lang['tn_thisformat'] = 'for this file format'; +$lang['tn_err_width'] = 'width must be a number superior to'; +$lang['tn_err_height'] = 'height must be a number superior to'; +$lang['tn_results_title'] = 'Results of miniaturization'; +$lang['tn_picture'] = 'picture'; +$lang['tn_results_gen_time'] = 'generated in'; +$lang['tn_stats'] = 'General statistics'; +$lang['tn_stats_nb'] = 'number of miniaturized pictures'; +$lang['tn_stats_total'] = 'total time'; +$lang['tn_stats_max'] = 'max time'; +$lang['tn_stats_min'] = 'min time'; +$lang['tn_stats_mean'] = 'average time'; +$lang['tn_err'] = 'You made mistakes'; +$lang['tn_params_title'] = 'Miniaturization parameters'; +$lang['tn_params_GD'] = 'GD version'; +$lang['tn_params_GD_info'] = '- GD is the picture manipulating library for PHP<br />-choose the version installed on your server. If you choose the wrong, you\'ll just have errors messages, come back with your browser and choose the other version. If no version works, it means your server doesn\'t support GD.'; +$lang['tn_params_width_info'] = 'maximum width that thumbnails can take'; +$lang['tn_params_height_info'] = 'maximum height that thumbnails can take'; +$lang['tn_params_create'] = 'create'; +$lang['tn_params_create_info'] = 'Do not try to miniaturize too many pictures in the same time.<br />Indeed, miniaturization uses a lot of CPU. If you installed PhpWebGallery on a free provider, a too high CPU load can sometime lead to the deletion of your website.'; +$lang['tn_params_format'] = 'file format'; +$lang['tn_params_format_info'] = 'only jpeg file format is supported for thumbnail creation'; +$lang['tn_alone_title'] = 'pictures without thumbnail (jpeg and png only)'; +$lang['tn_dirs_title'] = 'Directories list'; +$lang['tn_dirs_alone'] = 'pictures without thumbnail'; + // Update $lang['update_missing_tn'] = 'the thumbnail is missing for'; $lang['update_disappeared_tn'] = 'the thumbnail disapeared'; @@ -241,6 +272,15 @@ $lang['stats_global_graph_title'] = 'Pages seen by month'; $lang['stats_visitors_graph_title'] = 'Nombre de visiteurs par jour'; // Users +$lang['user_err_modify'] = 'This user can\'t be modified or deleted'; +$lang['user_err_unknown'] = 'This user doesn\'t exist in the database'; +$lang['user_management'] = 'Special field for administrators'; +$lang['user_status'] = 'User status'; +$lang['user_status_admin'] = 'Administrator'; +$lang['user_status_guest'] = 'User'; +$lang['user_delete'] = 'Delete user'; +$lang['user_delete_hint'] = 'Click here to delete this user. Warning! This operation cannot be undone!'; + // Groups $lang['group_confirm_delete']= 'Confirm group deletion'; @@ -252,18 +292,8 @@ $lang['group_edit'] = 'Manage users of the group'; $lang['group_deny_user'] = 'Deny selected'; $lang['group_add_user']= 'Add user'; -$lang['menu_add_user'] = 'add'; -$lang['menu_list_user'] = 'list'; -$lang['user_err_modify'] = 'This user can\'t be modified or deleted'; -$lang['user_err_unknown'] = 'This user doesn\'t exist in the database'; -$lang['adduser_info_message'] = 'Informations registered in the database for user '; -$lang['adduser_info_password_updated'] = '(password updated)'; -$lang['adduser_info_back'] = 'back to the users list'; -$lang['adduser_fill_form'] = 'Please fill the following form'; -$lang['adduser_unmodify'] = 'unmodifiable'; -$lang['adduser_status'] = 'status'; -$lang['adduser_status_admin'] = 'admin'; -$lang['adduser_status_guest'] = 'guest'; + + $lang['permuser_info_message'] = 'Permissions registered'; $lang['permuser_title'] = 'Restrictions for user'; $lang['permuser_warning'] = 'Warning : a "<span style="font-weight:bold;">forbidden access</span>" to the root of a category prevent from accessing the whole category'; @@ -276,41 +306,6 @@ $lang['listuser_modify'] = 'modify'; $lang['listuser_modify_hint'] = 'modify informations of'; $lang['listuser_permission'] = 'Permissions'; $lang['listuser_permission_hint'] = 'modify permissions of'; -$lang['listuser_delete'] = 'delete'; -$lang['listuser_delete_hint'] = 'delete user'; -$lang['listuser_button_all'] = 'all'; -$lang['listuser_button_invert'] = 'invert'; -$lang['listuser_button_create_address'] = 'create mail address'; - -$lang['tn_width'] = 'width'; -$lang['tn_height'] = 'height'; -$lang['tn_no_support'] = 'Picture unreachable or no support'; -$lang['tn_format'] = 'for the file format'; -$lang['tn_thisformat'] = 'for this file format'; -$lang['tn_err_width'] = 'width must be a number superior to'; -$lang['tn_err_height'] = 'height must be a number superior to'; -$lang['tn_results_title'] = 'Results of miniaturization'; -$lang['tn_picture'] = 'picture'; -$lang['tn_results_gen_time'] = 'generated in'; -$lang['tn_stats'] = 'General statistics'; -$lang['tn_stats_nb'] = 'number of miniaturized pictures'; -$lang['tn_stats_total'] = 'total time'; -$lang['tn_stats_max'] = 'max time'; -$lang['tn_stats_min'] = 'min time'; -$lang['tn_stats_mean'] = 'average time'; -$lang['tn_err'] = 'You made mistakes'; -$lang['tn_params_title'] = 'Miniaturization parameters'; -$lang['tn_params_GD'] = 'GD version'; -$lang['tn_params_GD_info'] = '- GD is the picture manipulating library for PHP<br />-choose the version installed on your server. If you choose the wrong, you\'ll just have errors messages, come back with your browser and choose the other version. If no version works, it means your server doesn\'t support GD.'; -$lang['tn_params_width_info'] = 'maximum width that thumbnails can take'; -$lang['tn_params_height_info'] = 'maximum height that thumbnails can take'; -$lang['tn_params_create'] = 'create'; -$lang['tn_params_create_info'] = 'Do not try to miniaturize too many pictures in the same time.<br />Indeed, miniaturization uses a lot of CPU. If you installed PhpWebGallery on a free provider, a too high CPU load can sometime lead to the deletion of your website.'; -$lang['tn_params_format'] = 'file format'; -$lang['tn_params_format_info'] = 'only jpeg file format is supported for thumbnail creation'; -$lang['tn_alone_title'] = 'pictures without thumbnail (jpeg and png only)'; -$lang['tn_dirs_title'] = 'Directories list'; -$lang['tn_dirs_alone'] = 'pictures without thumbnail'; $lang['title_add'] = 'Add a user'; diff --git a/language/fr_FR.iso-8859-1/admin.lang.php b/language/fr_FR.iso-8859-1/admin.lang.php index 6c6bcef7d..77113edbf 100644 --- a/language/fr_FR.iso-8859-1/admin.lang.php +++ b/language/fr_FR.iso-8859-1/admin.lang.php @@ -140,7 +140,8 @@ $lang['conf_prefix'] = 'Préfixe thumbnail'; $lang['conf_prefix_info'] = 'Les noms des fichiers miniatures en sont préfixé. Laissez vide en cas de doute.'; $lang['conf_prefix_thumbnail_error'] = 'Le préfixe doit être uniquement composé des caractères suivant : a-z, "-" ou "_"'; $lang['conf_access'] = 'Type d\'acces'; -$lang['conf_access_info'] = '- libre : n\'importe qui peut accéder à vos photos, tous les visiteurs peuvent se créer un compte pour pouvoir personnaliser l\'affichage<br />- restreint : l\'administrateur s\'occupe de créer des comptes, seuls les personnes membres peuvent accéder au site'; +$lang['conf_access_info'] = '- libre : n\'importe qui peut accéder à vos photos, tous les visiteurs peuvent se créer un compte pour pouvoir personnaliser l\'affichage<br /> +- restreint : l\'administrateur s\'occupe de créer des comptes, seuls les personnes membres peuvent accéder au site'; $lang['conf_log_info'] = 'historiser les visites sur le site ? Les visites seront visibles dans l\'historique de l\'administration'; $lang['conf_notification'] = 'Notification par mail'; $lang['conf_notification_info'] = 'Notification automatique par mail des administrateurs (seuls les administrateurs) lors de l\'ajout d\'un commentaire, ou lors de l\'ajout d\'une image.'; @@ -164,7 +165,8 @@ $lang['conf_nb_line_page_info'] = 'Nombre de lignes par page par défaut'; $lang['conf_recent_period_info'] = 'En nombre de jours. Période pendant laquelle l\'image est notée comme récente. La durée doit au moins être d\'un jour.'; $lang['conf_default_expand_info'] = 'Développer toutes les catégories par défaut dans le menu ?'; $lang['conf_show_nb_comments_info'] = 'Montrer le nombre de commentaires pour chaque image sur la page des miniatures'; -$lang['conf_default_maxwidth_info'] = 'Largeur maximum affichable pour les images : les images ne seront redimensionnées que pour l\'affichage, les fichiers images resteront intacts. Laisser vide si vous ne souhaitez pas mettre de limite.'; +$lang['conf_default_maxwidth_info'] = 'Largeur maximum affichable pour les images : les images ne seront redimensionnées que pour l\'affichage, les fichiers images resteront intacts. +Laisser vide si vous ne souhaitez pas mettre de limite.'; $lang['conf_default_maxheight_info'] = 'Idem mais pour la hauteur des images'; // Configuration -> upload @@ -212,7 +214,42 @@ $lang['infoimage_addtoall'] = 'ajouter à tous'; $lang['infoimage_removefromall'] = 'retirer à tous'; $lang['infoimage_associate'] = 'Associer à la catégorie'; -//Update +// Thumbnails +$lang['tn_width'] = 'largeur'; +$lang['tn_height'] = 'hauteur'; +$lang['tn_no_support'] = 'Image inexistante ou aucun support'; +$lang['tn_format'] = 'pour le format'; +$lang['tn_thisformat'] = 'pour ce format de fichier'; +$lang['tn_err_width'] = 'la largeur doit être un entier supérieur à'; +$lang['tn_err_height'] = 'la hauteur doit être un entier supérieur à'; +$lang['tn_results_title'] = 'Résultats de la miniaturisation'; +$lang['tn_picture'] = 'image'; +$lang['tn_results_gen_time'] = 'généré en'; +$lang['tn_stats'] = 'Statistiques générales'; +$lang['tn_stats_nb'] = 'nombre d\'images miniaturisées'; +$lang['tn_stats_total'] = 'temps total'; +$lang['tn_stats_max'] = 'temps max'; +$lang['tn_stats_min'] = 'temps min'; +$lang['tn_stats_mean'] = 'temps moyen'; +$lang['tn_err'] = 'Vous avez commis des erreurs'; +$lang['tn_params_title'] = 'Paramètres de miniaturisation'; +$lang['tn_params_GD'] = 'version de GD'; +$lang['tn_params_GD_info'] = '- GD est la bibliothèque de manipulation graphique pour PHP<br /> +- cochez la version de GD installée sur le serveur. Si vous choisissez l\'une et que vous obtenez ensuite des messages d\'erreur, choisissez l\'autre version. +Si aucune version ne marche, cela signifie que GD n\'est pas installé sur le serveur.'; +$lang['tn_params_width_info'] = 'largeur maximum que peut prendre les miniatures'; +$lang['tn_params_height_info'] = 'hauteur maximum que peut prendre les miniatures'; +$lang['tn_params_create'] = 'en créer'; +$lang['tn_params_create_info'] = 'N\'essayez pas de lancer directement un grand nombre de miniaturisation.<br /> +En effet la miniaturisation est coûteuse en ressources processeur pour le serveur. +Si vous êtes chez un hébergeur gratuit, une trop forte occupation processeur peut amener l\'hébergeur à supprimer votre compte.'; +$lang['tn_params_format'] = 'format'; +$lang['tn_params_format_info'] = 'seul le format jpeg est supporté pour la création des miniatures'; +$lang['tn_alone_title'] = 'images sans miniatures (format jpg et png uniquement)'; +$lang['tn_dirs_title'] = 'Liste des répertoires'; +$lang['tn_dirs_alone'] = 'images sans miniatures'; + +// Update $lang['update_missing_tn'] = 'Il manque la miniature pour'; $lang['update_disappeared_tn'] = 'La miniature n\'existe pas'; $lang['update_disappeared'] = 'n\'existe pas'; @@ -242,7 +279,14 @@ $lang['stats_global_graph_title'] = 'Nombre de pages vues par mois'; $lang['stats_visitors_graph_title'] = 'Nombre de visiteurs par jour'; // Users - +$lang['user_err_modify'] = 'Cet utilisateur ne peut pas être modifé ou supprimé'; +$lang['user_err_unknown'] = 'Cet utilisateur n\'existe pas dans la base de données'; +$lang['user_management'] = 'Champs spéciaux pour l\'administrateur'; +$lang['user_status'] = 'Statut de l\'utilisateur'; +$lang['user_status_admin'] = 'Administrateur'; +$lang['user_status_guest'] = 'Utilisateur'; +$lang['user_delete'] = 'Supprimer l\'utilisateur'; +$lang['user_delete_hint'] = 'Cliquez ici pour supprimer définitivement l\'utilisateur. Attention cette opération ne pourra être rétablie.'; // Groups $lang['group_list_title'] = 'Liste des groupes existants'; @@ -256,66 +300,15 @@ $lang['group_add_user']= 'Ajouter le membre'; // To be done -$lang['menu_add_user'] = 'ajout'; -$lang['menu_list_user'] = 'liste'; -$lang['user_err_modify'] = 'Cet utilisateur ne peut pas être modifé ou supprimé'; -$lang['user_err_unknown'] = 'Cet utilisateur n\'existe pas dans la base de données'; -$lang['adduser_info_message'] = 'Informations enregistrées dans la base de données concernant '; -$lang['adduser_info_password_updated'] = '(mot de passe modifié)'; -$lang['adduser_info_back'] = 'retour liste utilisateurs'; -$lang['adduser_fill_form'] = 'Veuillez remplir les champs suivants'; -$lang['adduser_unmodify'] = 'non modifiable'; -$lang['adduser_status'] = 'statut'; -$lang['adduser_status_admin'] = 'admin'; -$lang['adduser_status_guest'] = 'visiteur'; + $lang['permuser_info_message'] = 'Permissions enregistrées'; $lang['permuser_title'] = 'Restrictions pour l\'utilisateur'; $lang['permuser_warning'] = 'Attention : un "<span style="font-weight:bold;">accès interdit</span>" à la racine d\'une catégorie empêche l\'accès à toute la catégorie'; $lang['permuser_parent_forbidden'] = 'catégorie parente interdite'; -$lang['listuser_confirm'] = 'Etes-vous sûr de vouloir supprimer l\'utilisateur'; -$lang['listuser_info_deletion'] = 'a été supprimé de la base de données'; -$lang['listuser_modify'] = 'modifier'; -$lang['listuser_modify_hint'] = 'modifier les infos de'; -$lang['listuser_permission'] = 'permissions'; -$lang['listuser_permission_hint'] = 'modifier les permissions de'; -$lang['listuser_delete'] = 'supprimer'; -$lang['listuser_delete_hint'] = 'supprimer'; -$lang['listuser_button_all'] = 'tous'; -$lang['listuser_button_invert'] = 'inverser'; -$lang['listuser_button_create_address'] = 'générer adresse mail'; -$lang['tn_width'] = 'largeur'; -$lang['tn_height'] = 'hauteur'; -$lang['tn_no_support'] = 'Image inexistante ou aucun support'; -$lang['tn_format'] = 'pour le format'; -$lang['tn_thisformat'] = 'pour ce format de fichier'; -$lang['tn_err_width'] = 'la largeur doit être un entier supérieur à'; -$lang['tn_err_height'] = 'la hauteur doit être un entier supérieur à'; -$lang['tn_results_title'] = 'Résultats de la miniaturisation'; -$lang['tn_picture'] = 'image'; -$lang['tn_results_gen_time'] = 'généré en'; -$lang['tn_stats'] = 'Statistiques générales'; -$lang['tn_stats_nb'] = 'nombre d\'images miniaturisées'; -$lang['tn_stats_total'] = 'temps total'; -$lang['tn_stats_max'] = 'temps max'; -$lang['tn_stats_min'] = 'temps min'; -$lang['tn_stats_mean'] = 'temps moyen'; -$lang['tn_err'] = 'Vous avez commis des erreurs'; -$lang['tn_params_title'] = 'Paramètres de miniaturisation'; -$lang['tn_params_GD'] = 'version de GD'; -$lang['tn_params_GD_info'] = '- GD est la bibliothèque de manipulation graphique pour PHP<br />- cochez la version de GD installée sur le serveur. Si vous choisissez l\'une et que vous obtenez ensuite des messages d\'erreur, choisissez l\'autre version. Si aucune version ne marche, cela signifie que GD n\'est pas installé sur le serveur.'; -$lang['tn_params_width_info'] = 'largeur maximum que peut prendre les miniatures'; -$lang['tn_params_height_info'] = 'hauteur maximum que peut prendre les miniatures'; -$lang['tn_params_create'] = 'en créer'; -$lang['tn_params_create_info'] = 'N\'essayez pas de lancer directement un grand nombre de miniaturisation.<br />En effet la miniaturisation est coûteuse en ressources processeur pour le serveur. Si vous êtes chez un hébergeur gratuit, une trop forte occupation processeur peut amener l\'hébergeur à supprimer votre compte.'; -$lang['tn_params_format'] = 'format'; -$lang['tn_params_format_info'] = 'seul le format jpeg est supporté pour la création des miniatures'; -$lang['tn_alone_title'] = 'images sans miniatures (format jpg et png uniquement)'; -$lang['tn_dirs_title'] = 'Liste des répertoires'; -$lang['tn_dirs_alone'] = 'images sans miniatures'; $lang['title_add'] = 'Ajouter un utilisateur'; $lang['title_modify'] = 'Modifier un utilisateur'; diff --git a/profile.php b/profile.php index 71a964d80..c0287ac39 100644 --- a/profile.php +++ b/profile.php @@ -26,21 +26,29 @@ // +-----------------------------------------------------------------------+ // customize appearance of the site for a user -//----------------------------------------------------------- include -define('PHPWG_ROOT_PATH','./'); -include_once( PHPWG_ROOT_PATH.'include/common.inc.php' ); -//-------------------------------------------------- access authorization check -check_login_authorization(); -if ( $user['is_the_guest'] ) +// +-----------------------------------------------------------------------+ +// | initialization | +// +-----------------------------------------------------------------------+ +$userdata = array(); +if ( defined('IN_ADMIN') && isset( $_POST['submituser'] ) ) +{ + $userdata = getuserdata($_POST['username']); +} +elseif (defined('IN_ADMIN') && isset( $_POST['submit'] )) { - echo '<div style="text-align:center;">'.$lang['only_members'].'<br />'; - echo '<a href="./identification.php">'.$lang['ident_title'].'</a></div>'; - exit(); + $userdata = getuserdata(intval($_POST['userid'])); +} +elseif (!defined('IN_ADMIN')) +{ + define('PHPWG_ROOT_PATH','./'); + include_once(PHPWG_ROOT_PATH.'include/common.inc.php'); + check_login_authorization(false); + $userdata=$user; } //------------------------------------------------------ update & customization $infos = array( 'nb_image_line', 'nb_line_page', 'language', 'maxwidth', 'maxheight', 'expand', 'show_nb_comments', - 'recent_period', 'template', 'mail_address' ); + 'recent_period', 'template', 'mail_address'); // mise à jour dans la base de données des valeurs // des paramètres pour l'utilisateur courant // - on teste si chacune des variables est passée en argument à la page @@ -67,16 +75,21 @@ if ( isset( $_POST['submit'] ) ) { array_push( $errors, $lang['periods_error'] ); } - - if ( $_POST['mail_address']!= $user['mail_address']) + + if ( $_POST['mail_address']!= $userdata['mail_address']) { - if (!empty($_POST['password'])) - array_push( $errors, $lang['reg_err_pass'] ); - else - { - // retrieving the encrypted password of the login submitted + if ($user['status'] == 'admin') + { + $mail_error = validate_mail_address( $_POST['mail_address'] ); + if ( !empty($mail_error)) array_push( $errors, $mail_error ); + } + elseif (!empty($_POST['password'])) + array_push( $errors, $lang['reg_err_pass'] ); + else + { + // retrieving the encrypted password of the login submitted $query = 'SELECT password FROM '.USERS_TABLE.' - WHERE username = \''.$user['username'].'\';'; + WHERE username = \''.$userdata['username'].'\';'; $row = mysql_fetch_array(pwg_query($query)); if ($row['password'] == md5($_POST['password'])) { @@ -85,14 +98,37 @@ if ( isset( $_POST['submit'] ) ) } else array_push( $errors, $lang['reg_err_pass'] ); - } + + } } // password must be the same as its confirmation - if ( isset( $_POST['use_new_pwd'] ) + if ( !empty( $_POST['use_new_pwd'] ) and $_POST['use_new_pwd'] != $_POST['passwordConf'] ) array_push( $errors, $lang['reg_err_pass'] ); - + + // We check if we are in the admin level + if (isset ($_POST['user_delete'])) + { + if ($_POST['userid'] > 2) // gallery founder + guest + { + delete_user($_POST['userid']); + } + else + array_push( $errors, $lang['user_err_modify'] ); + } + + // We check if we are in the admin level + if (isset ($_POST['status']) && $_POST['status'] <> $userdata['status']) + { + if ($_POST['userid'] > 2) // gallery founder + guest + { + array_push($infos, 'status'); + } + else + array_push( $errors, $lang['user_err_modify'] ); + } + if ( count( $errors ) == 0 ) { $query = 'UPDATE '.USERS_TABLE; @@ -104,42 +140,79 @@ if ( isset( $_POST['submit'] ) ) if ( $_POST[$info] == '' ) $query.= 'NULL'; else $query.= "'".$_POST[$info]."'"; } - $query.= ' WHERE id = '.$user['id']; + $query.= ' WHERE id = '.$_POST['userid']; $query.= ';'; pwg_query( $query ); - if ( isset( $_POST['use_new_pwd'] ) ) + if ( !empty( $_POST['use_new_pwd'] ) ) { $query = 'UPDATE '.USERS_TABLE; $query.= " SET password = '".md5( $_POST['use_new_pwd'] )."'"; - $query.= ' WHERE id = '.$user['id']; + $query.= ' WHERE id = '.$_POST['userid']; $query.= ';'; pwg_query( $query ); } - + // redirection - redirect(add_session_id(PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING'])); + if (!defined('IN_ADMIN')) + { + redirect(add_session_id(PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING'])); + } + else + { + redirect(add_session_id(PHPWG_ROOT_PATH.'admin.php?page=profile')); + } } } + +// +-----------------------------------------------------------------------+ +// | page header and options | +// +-----------------------------------------------------------------------+ +$url_action = PHPWG_ROOT_PATH; +if (!defined('IN_ADMIN')) +{ + $title= $lang['customize_page_title']; + include(PHPWG_ROOT_PATH.'include/page_header.php'); + $url_action .='profile.php'; +} +else +{ + $url_action .='admin.php?page=profile'; +} //----------------------------------------------------- template initialization -$expand = ($user['expand']=='true')?'EXPAND_TREE_YES':'EXPAND_TREE_NO'; -$nb_comments = ($user['show_nb_comments']=='true')?'NB_COMMENTS_YES':'NB_COMMENTS_NO'; -$title = $lang['customize_page_title']; -include(PHPWG_ROOT_PATH.'include/page_header.php'); +$template->set_filenames(array('profile_body'=>'profile.tpl')); +if ( defined('IN_ADMIN') && empty($userdata)) +{ + $template->assign_block_vars('select_user',array()); + $template->assign_vars(array( + 'L_SELECT_USERNAME'=>$lang['Select_username'], + 'L_LOOKUP_USER'=>$lang['Look_up_user'], + 'L_FIND_USERNAME'=>$lang['Find_username'], + 'L_AUTH_USER'=>$lang['permuser_only_private'], + 'L_SUBMIT'=>$lang['submit'], -$template->set_filenames(array('profile'=>'profile.tpl')); + 'F_SEARCH_USER_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=profile'), + 'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php') + )); +} +else +{ +$expand = ($userdata['expand']=='true')?'EXPAND_TREE_YES':'EXPAND_TREE_NO'; +$nb_comments = ($userdata['show_nb_comments']=='true')?'NB_COMMENTS_YES':'NB_COMMENTS_NO'; +$template->assign_block_vars('modify',array()); $template->assign_vars(array( - 'USERNAME'=>$user['username'], - 'EMAIL'=>$user['mail_address'], - 'LANG_SELECT'=>language_select($user['language'], 'language'), - 'NB_IMAGE_LINE'=>$user['nb_image_line'], - 'NB_ROW_PAGE'=>$user['nb_line_page'], - 'STYLE_SELECT'=>style_select($user['template'], 'template'), - 'RECENT_PERIOD'=>$user['recent_period'], - 'MAXWIDTH'=>$user['maxwidth'], - 'MAXHEIGHT'=>$user['maxheight'], + 'USERNAME'=>$userdata['username'], + 'USERID'=>$userdata['id'], + 'EMAIL'=>$userdata['mail_address'], + 'LANG_SELECT'=>language_select($userdata['language'], 'language'), + 'NB_IMAGE_LINE'=>$userdata['nb_image_line'], + 'NB_ROW_PAGE'=>$userdata['nb_line_page'], + 'STYLE_SELECT'=>style_select($userdata['template'], 'template'), + 'RECENT_PERIOD'=>$userdata['recent_period'], + 'MAXWIDTH'=>$userdata['maxwidth'], + 'MAXHEIGHT'=>$userdata['maxheight'], $expand=>'checked="checked"', $nb_comments=>'checked="checked"', @@ -170,7 +243,7 @@ $template->assign_vars(array( 'L_RETURN' => $lang['home'], 'L_RETURN_HINT' => $lang['home_hint'], - 'F_ACTION'=>add_session_id(PHPWG_ROOT_PATH.'profile.php'), + 'F_ACTION'=>add_session_id($url_action), 'U_RETURN' => add_session_id(PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING']) )); @@ -178,13 +251,43 @@ $template->assign_vars(array( //-------------------------------------------------------------- errors display if ( sizeof( $errors ) != 0 ) { - $template->assign_block_vars('errors',array()); + $template->assign_block_vars('modify.errors',array()); for ( $i = 0; $i < sizeof( $errors ); $i++ ) { - $template->assign_block_vars('errors.error',array('ERROR'=>$errors[$i])); + $template->assign_block_vars('modify.errors.error',array('ERROR'=>$errors[$i])); } } -//----------------------------------------------------------- html code display -$template->pparse('profile'); -include(PHPWG_ROOT_PATH.'include/page_tail.php'); +//------------------------------------------------------------- user management +if (defined('IN_ADMIN')) +{ + $status_select = '<select name="status">'; + $status_select .='<option value = "guest" '; + if ($userdata['status'] == 'guest') $status_select .= 'selected="selected"'; + $status_select .='>'.$lang['user_status_guest'] .'</option>'; + $status_select .='<option value = "admin" '; + if ($userdata['status'] == 'admin') $status_select .= 'selected="selected"'; + $status_select .='>'.$lang['user_status_admin'] .'</option>'; + $status_select .='</select>'; + $template->assign_block_vars('modify.admin',array( + 'L_ADMIN_USER'=>$lang['user_management'], + 'L_STATUS'=>$lang['user_status'], + 'L_DELETE'=>$lang['user_delete'], + 'L_DELETE_HINT'=>$lang['user_delete_hint'], + 'STATUS'=>$status_select + )); +} +} +// +-----------------------------------------------------------------------+ +// | html code display | +// +-----------------------------------------------------------------------+ +if (defined('IN_ADMIN')) +{ + $template->assign_var_from_handle('ADMIN_CONTENT', 'profile_body'); +} +else +{ + $template->assign_block_vars('modify.profile',array()); + $template->pparse('profile_body'); + include(PHPWG_ROOT_PATH.'include/page_tail.php'); +} ?> diff --git a/register.php b/register.php index fc3332bde..f939ff3e9 100644 --- a/register.php +++ b/register.php @@ -28,21 +28,14 @@ //----------------------------------------------------------- include define('PHPWG_ROOT_PATH','./'); include_once( PHPWG_ROOT_PATH.'include/common.inc.php' ); -//-------------------------------------------------- access authorization check -if ( $conf['access'] == "restricted" ) -{ - echo $lang['only_members']; - exit(); -} //----------------------------------------------------------- user registration -$error = array(); +$errors = array(); if ( isset( $_POST['submit'] ) ) { - $error = register_user( $_POST['login'], $_POST['password'], + $errors = register_user( $_POST['login'], $_POST['password'], $_POST['password_conf'], $_POST['mail_address'] ); - if ( sizeof( $error ) == 0 ) + if ( sizeof( $errors ) == 0 ) { - $session_id = session_create( $_POST['login'] ); $url = 'category.php?id='.$session_id; redirect( $url ); } @@ -74,10 +67,10 @@ $template->assign_vars(array( )); //-------------------------------------------------------------- errors display -if ( sizeof( $error ) != 0 ) +if ( sizeof( $errors ) != 0 ) { $template->assign_block_vars('errors',array()); - for ( $i = 0; $i < sizeof( $error ); $i++ ) + for ( $i = 0; $i < sizeof( $errors ); $i++ ) { $template->assign_block_vars('errors.error',array('ERROR'=>$errors[$i])); } diff --git a/template/default/admin/user_list.tpl b/template/default/admin/user_list.tpl deleted file mode 100644 index 562ef8c42..000000000 --- a/template/default/admin/user_list.tpl +++ /dev/null @@ -1,101 +0,0 @@ -<!--VTP_deletion--> -<table style="width:100%;"> - <tr> - <th colspan="2">{#listuser_confirm} "{#login}" ?</th> - </tr> - <tr> - <td align="center"><a href="{#yes_url}">{#yes}</a></td> - <td align="center" class="row2"><a href="{#no_url}">{#no}</a></td> - </tr> -</table> -<!--/VTP_deletion--> - -<!--VTP_confirmation--> -<div class="{#class}">{#info}</div> -<!--/VTP_confirmation--> - -<!--VTP_errors--> -<div class="errors"> - <div class="errors_title">{#errors_title}</div> - <ul> - <!--VTP_li--> - <li>{#li}</li> - <!--/VTP_li--> - </ul> -</div> -<!--/VTP_errors--> - -<!--VTP_add_user--> -<form method="post" action="{#form_action}"> - <div style="text-align:center;margin:10px;"> - <span style="font-weight:bold;">{#title_add}</span> -> - {#login} : <input type="text" name="username" value="{#f_username}" /> - {#password} : <input type="text" name="password" value="{#f_password}" /> - <input type="submit" value="{#add}" name="submit_add_user" /> - </div> -</form> -<!--/VTP_add_user--> - -<!--VTP_users--> -<form method="post" action="{#form_action}"> -<table width="100%"> - <!--VTP_category--> - <tr> - <th colspan="5">{#title}</th> - </tr> - <!--VTP_user--> - <tr> - <td style="width:0px;"> - <div style="margin-left:2px;margin-right:2px;"> - <!--VTP_checkbox--> - <input type="checkbox" name="{#name}" value="1" /> - <!--/VTP_checkbox--> - </div> - </td> - <td style="width:25%;"> - <div style="margin-left:10px;color:{#color}">{#login}</div> - </td> - <td class="row2" style="text-align:center;width:25%;"> - <!--VTP_modify--> - <a href="{#url}" title="{#listuser_modify_hint} {#login}">{#listuser_modify}</a> - <!--/VTP_modify--> - <!--VTP_not_modify--> - <span style="color:darkgray;">{#listuser_modify}</span> - <!--/VTP_not_modify--> - </td> - <td class="row2" style="text-align:center;width:25%;"> - <!--VTP_permission--> - <a href="{#url}" title="{#listuser_permission_hint} {#login}">{#listuser_permission}</a> - <!--/VTP_permission--> - <!--VTP_not_permission--> - <span style="color:darkgray;">{#listuser_permission}</span> - <!--/VTP_not_permission--> - </td> - <td class="row2" style="text-align:center;width:25%;"> - <!--VTP_delete--> - <a href="{#url}" title="{#listuser_delete_hint} {#login}">{#listuser_delete}</a> - <!--/VTP_delete--> - <!--VTP_not_delete--> - <span style="color:darkgray;">{#listuser_delete}</span> - <!--/VTP_not_delete--> - </td> - </tr> - <!--/VTP_user--> - <!--/VTP_category--> - <tr> - <td colspan="5"> </td> - </tr> - <tr> - <td colspan="5"> - <img src="./template/{#user_template}/admin/images/arrow_select.gif" alt="<" /> - <input type="button" value="{#listuser_button_all}" onClick="SelectAll(this.form)" style="margin-left:5px;margin-right:5px;" /> - <input type="button" value="{#listuser_button_invert}" onClick="Inverser(this.form)" style="margin-left:5px;margin-right:5px;" /> - <input type="submit" value="{#listuser_button_create_address}" name="submit_generate_mail" style="margin-left:5px;margin-right:5px;" /> - <!--VTP_mail_link--> - <a href="mailto:{#mailto}">mailto:{#mail_address_start}...</a> - <!--/VTP_mail_link--> - </td> - </tr> -</table> -</form> -<!--/VTP_users-->
\ No newline at end of file diff --git a/template/default/admin/user_modify.tpl b/template/default/admin/user_modify.tpl deleted file mode 100644 index 475a0eff3..000000000 --- a/template/default/admin/user_modify.tpl +++ /dev/null @@ -1,95 +0,0 @@ -<!--VTP_errors--> -<div class="errors"> - <ul> - <!--VTP_li--> - <li>{#li}</li> - <!--/VTP_li--> - </ul> -</div> -<!--/VTP_errors--> -<!--VTP_confirmation--> -<div class="info"> - {#adduser_info_message} "{#username}" - <!--VTP_password_updated--> - {#adduser_info_password_updated} - <!--/VTP_password_updated--> - [ <a href="{#url}">{#adduser_info_back}</a> ] -</div> -<!--/VTP_confirmation--> -<!--VTP_form--> -<form method="post" action="{#form_action}"> - <table style="width:100%;"> - <tr align="center" valign="middle"> - <td> - <table style="margin-left:auto;margin-right:auto;"> - <tr> - <th colspan="2">{#adduser_fill_form}</th> - </tr> - <tr> - <td colspan="2"><div style="margin-bottom:0px;"> </div></td> - </tr> - <tr> - <td>{#login}</td> - <td style="color:red;text-align:center;">{#user:username}</td> - </tr> - <tr> - <td>{#new} {#password}<input type="checkbox" name="use_new_pwd" value="1" /></td> - <td><input type="text" name="password" value="" /></td> - </tr> - <tr> - <td>{#mail_address}</td> - <td><input type="text" name="mail_address" value="{#user:mail_address}" /></td> - </tr> - - <!--VTP_status--> - <tr> - <td>{#adduser_status}</td> - <td> - <select name="status"> - <!--VTP_status_option--> - <option value="{#value}"{#selected}>{#option}</option> - <!--/VTP_status_option--> - </select> - </td> - </tr> - <!--/VTP_status--> - - <!--VTP_groups--> - <tr> - <td valign="top">{#menu_groups}</td> - <td> - <table> - <!--VTP_group--> - <tr> - <td>{#name}</td> - <td><input type="checkbox" name="dissociate-{#dissociate_id}" value="1" /> {#dissociate}</td> - </tr> - <!--/VTP_group--> - </table> - </td> - </tr> - <!--/VTP_groups--> - <tr> - <td>{#adduser_associate}</td> - <td> - <select name="associate"> - <!--VTP_associate_group--> - <option value="{#value}">{#option}</option> - <!--/VTP_associate_group--> - </select> - </td> - </tr> - <tr> - <td colspan="2" align="center"> - <input type="submit" name="submit" value="{#submit}" /> - </td> - </tr> - </table> - </td> - </tr> - </table> -</form> -<div class="info"> - [ <a href="{#url_back}">{#adduser_info_back}</a> ] -</div> -<!--/VTP_form-->
\ No newline at end of file diff --git a/template/default/category.tpl b/template/default/category.tpl index 681d30102..00f95181d 100644 --- a/template/default/category.tpl +++ b/template/default/category.tpl @@ -32,6 +32,11 @@ <div class="titreMenu">{L_IDENTIFY}</div> <div class="menu"> <!-- BEGIN login --> + <ul class="menu"> + <li><a href="{U_REGISTER}">{L_REGISTER}</a></li> + <li><a href="{F_IDENTIFY}">{L_LOGIN}</a></li> + </ul> + <hr /> <form method="post" action="{F_IDENTIFY}"> <input type="hidden" name="redirect" value="{U_REDIRECT}"> {L_USERNAME}<br /> diff --git a/template/default/identification.tpl b/template/default/identification.tpl index d180676fc..c048e0d0f 100644 --- a/template/default/identification.tpl +++ b/template/default/identification.tpl @@ -49,9 +49,9 @@ <td colspan="3" align="center"> <!-- BEGIN free_access --> <p><a href="./category.php">[ {L_GUEST} ]</a></p> - <a href="register.php"><img src="./template/{T_STYLE}/theme/register.gif" style="border:0;" alt=""/> {L_REGISTER}</a> - + <a href="register.php"><img src="template/default/theme/register.gif" style="border:0;" alt=""/> {L_REGISTER}</a> - <!-- END free_access --> - <a href="mailto:{MAIL_ADMIN}?subject=[PhpWebGallery] {L_FORGET}"><img src="./template/{T_STYLE}/theme/lost.gif" style="border:0;" alt=""/> {L_FORGET}</a> + <a href="mailto:{MAIL_ADMIN}?subject=[PhpWebGallery] {L_FORGET}"><img src="template/default/theme/lost.gif" style="border:0;" alt=""/> {L_FORGET}</a> </td> </tr> </table> diff --git a/template/default/profile.tpl b/template/default/profile.tpl index 1c0aa9edb..b672e566f 100644 --- a/template/default/profile.tpl +++ b/template/default/profile.tpl @@ -1,30 +1,44 @@ +<!-- BEGIN select_user --> +<div class="admin">{L_SELECT_USERNAME}</div> +<form method="post" name="post" action="{F_SEARCH_USER_ACTION}"> + <input type="text" name="username" maxlength="50" size="20" /> + <input type="submit" name="submituser" value="{L_LOOKUP_USER}" class="bouton" /> + <input type="submit" name="usersubmit" value="{L_FIND_USERNAME}" class="bouton" onClick="window.open('{U_SEARCH_USER}', '_phpwgsearch', 'HEIGHT=250,resizable=yes,WIDTH=400');return false;" /> +</form> +<!-- END select_user --> +<!-- BEGIN modify --> +<!-- BEGIN profile --> <div class="titrePage">{L_TITLE}</div> -<form method="post" action="{F_ACTION}"> +<!-- END profile --> <!-- BEGIN errors --> - <div class="errors"> +<div class="errors"> <ul> <!-- BEGIN error --> - <li>{errors.error.ERROR}</li> + <li>{modify.errors.error.ERROR}</li> <!-- END error --> </ul> - </div> +</div> <!-- END errors --> +<form method="post" action="{F_ACTION}"> <table width="70%" align="center"> <tr class="admin"> <th colspan="2">{L_REGISTRATION_INFO}</th> </tr> <tr> <td width="50%">{L_USERNAME}</td> - <td><input type="text" name="username" value="{USERNAME}" /></td> + <td><input type="text" name="username" value="{USERNAME}" /> + <input type="hidden" name="userid" value="{USERID}" /></td> </tr> <tr> <td>{L_EMAIL}</td> <td><input type="text" name="mail_address" value="{EMAIL}" /></td> </tr> + <!-- BEGIN profile --> <tr> <td>{L_CURRENT_PASSWORD} : <br /><span class="small">{L_CURRENT_PASSWORD_HINT}</span></td> <td><input type="password" name="password" value="" /></td> </tr> + <!-- END profile --> <tr> <td>{L_NEW_PASSWORD} : <br /><span class="small">{L_NEW_PASSWORD_HINT}</span></td> <td><input type="password" name="use_new_pwd" value="" /></td> @@ -76,12 +90,32 @@ <td><input type="text" size="4" maxlength="4" name="maxheight" value="{MAXHEIGHT}" /> </td> </tr> +<!-- BEGIN admin --> + <tr class="admin"> + <th colspan="2">{modify.admin.L_ADMIN_USER}</th> + </tr> + <tr> + <td>{modify.admin.L_STATUS}</td> + <td>{modify.admin.STATUS} + </td> + </tr> + <tr> + <td>{modify.admin.L_DELETE}<br /> + <span class="small">{modify.admin.L_DELETE_HINT}</span></td> + <td><input name="user_delete" type="checkbox" value="1"> + </td> + </tr> +<!-- END admin --> +<tr> <td colspan="2" align="center"> <input type="submit" name="submit" value="{L_SUBMIT}" class="bouton" /> </td> </tr> </table> </form> +<!-- BEGIN profile --> <div style="text-align:center;margin:5px;"> <a href="{U_RETURN}" title="{L_RETURN_HINT}">[{L_RETURN}]</a> -</div>
\ No newline at end of file +</div> +<!-- END profile --> +<!-- END modify -->
\ No newline at end of file |