aboutsummaryrefslogtreecommitdiffstats
path: root/BSF/include/functions_user.inc.php
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--BSF/include/functions_user.inc.php1340
1 files changed, 0 insertions, 1340 deletions
diff --git a/BSF/include/functions_user.inc.php b/BSF/include/functions_user.inc.php
deleted file mode 100644
index d2c9530e2..000000000
--- a/BSF/include/functions_user.inc.php
+++ /dev/null
@@ -1,1340 +0,0 @@
-<?php
-// +-----------------------------------------------------------------------+
-// | Piwigo - a PHP based picture gallery |
-// +-----------------------------------------------------------------------+
-// | Copyright(C) 2008 Piwigo Team http://piwigo.org |
-// | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net |
-// | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick |
-// +-----------------------------------------------------------------------+
-// | This program is free software; you can redistribute it and/or modify |
-// | it under the terms of the GNU General Public License as published by |
-// | the Free Software Foundation |
-// | |
-// | This program is distributed in the hope that it will be useful, but |
-// | WITHOUT ANY WARRANTY; without even the implied warranty of |
-// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
-// | General Public License for more details. |
-// | |
-// | You should have received a copy of the GNU General Public License |
-// | along with this program; if not, write to the Free Software |
-// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
-// | USA. |
-// +-----------------------------------------------------------------------+
-
-// validate_mail_address:
-// o verifies whether the given mail address has the
-// right format. ie someone@domain.com "someone" can contain ".", "-" or
-// even "_". Exactly as "domain". The extension doesn't have to be
-// "com". The mail address can also be empty.
-// o check if address could be empty
-// o check if address is not used by a other user
-// If the mail address doesn't correspond, an error message is returned.
-//
-function validate_mail_address($user_id, $mail_address)
-{
- global $conf;
-
- if (empty($mail_address) and
- !($conf['obligatory_user_mail_address'] and
- in_array(script_basename(), array('register', 'profile'))))
- {
- return '';
- }
-
- $regex = '/^[\w-]+(\.[\w-]+)*@[\w-]+(\.[\w-]+)*\.[a-z]+$/';
- if ( !preg_match( $regex, $mail_address ) )
- {
- return l10n('reg_err_mail_address');
- }
-
- if (defined("PHPWG_INSTALLED") and !empty($mail_address))
- {
- $query = '
-select count(*)
-from '.USERS_TABLE.'
-where upper('.$conf['user_fields']['email'].') = upper(\''.$mail_address.'\')
-'.(is_numeric($user_id) ? 'and '.$conf['user_fields']['id'].' != \''.$user_id.'\'' : '').'
-;';
- list($count) = mysql_fetch_array(pwg_query($query));
- if ($count != 0)
- {
- return l10n('reg_err_mail_address_dbl');
- }
- }
-}
-
-function register_user($login, $password, $mail_address,
- $with_notification = true, $errors = array())
-{
- global $conf;
-
- if ($login == '')
- {
- array_push($errors, l10n('reg_err_login1'));
- }
- if (ereg("^.* $", $login))
- {
- array_push($errors, l10n('reg_err_login2'));
- }
- if (ereg("^ .*$", $login))
- {
- array_push($errors, l10n('reg_err_login3'));
- }
- if (get_userid($login))
- {
- array_push($errors, l10n('reg_err_login5'));
- }
- $mail_error = validate_mail_address(null, $mail_address);
- if ('' != $mail_error)
- {
- array_push($errors, $mail_error);
- }
-
- $errors = trigger_event('register_user_check',
- $errors,
- array(
- 'username'=>$login,
- 'password'=>$password,
- 'email'=>$mail_address,
- )
- );
-
- // if no error until here, registration of the user
- if (count($errors) == 0)
- {
- // what will be the inserted id ?
- $query = '
-SELECT MAX('.$conf['user_fields']['id'].') + 1
- FROM '.USERS_TABLE.'
-;';
- list($next_id) = mysql_fetch_array(pwg_query($query));
-
- $insert =
- array(
- $conf['user_fields']['id'] => $next_id,
- $conf['user_fields']['username'] => mysql_escape_string($login),
- $conf['user_fields']['password'] => $conf['pass_convert']($password),
- $conf['user_fields']['email'] => $mail_address
- );
-
- include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
- mass_inserts(USERS_TABLE, array_keys($insert), array($insert));
-
- // Assign by default groups
- {
- $query = '
-SELECT id
- FROM '.GROUPS_TABLE.'
- WHERE is_default = \''.boolean_to_string(true).'\'
- ORDER BY id ASC
-;';
- $result = pwg_query($query);
-
- $inserts = array();
- while ($row = mysql_fetch_array($result))
- {
- array_push
- (
- $inserts,
- array
- (
- 'user_id' => $next_id,
- 'group_id' => $row['id']
- )
- );
- }
- }
-
- if (count($inserts) != 0)
- {
- include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
- mass_inserts(USER_GROUP_TABLE, array('user_id', 'group_id'), $inserts);
- }
-
- create_user_infos($next_id);
-
- if ($with_notification and $conf['email_admin_on_new_user'])
- {
- include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
- $admin_url = get_absolute_root_url()
- .'admin.php?page=user_list&username='.$login;
-
- $keyargs_content = array
- (
- get_l10n_args('User: %s', $login),
- get_l10n_args('Email: %s', $_POST['mail_address']),
- get_l10n_args('', ''),
- get_l10n_args('Admin: %s', $admin_url)
- );
-
- pwg_mail_notification_admins
- (
- get_l10n_args('Registration of %s', $login),
- $keyargs_content
- );
- }
-
- trigger_action('register_user',
- array(
- 'id'=>$next_id,
- 'username'=>$login,
- 'email'=>$mail_address,
- )
- );
- }
-
- return $errors;
-}
-
-function build_user( $user_id, $use_cache )
-{
- global $conf;
-
- $user['id'] = $user_id;
- $user = array_merge( $user, getuserdata($user_id, $use_cache) );
-
- if ($user['id'] == $conf['guest_id'] and $user['status'] <> 'guest')
- {
- $user['status'] = 'guest';
- $user['internal_status']['guest_must_be_guest'] = true;
- }
-
- // calculation of the number of picture to display per page
- $user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page'];
-
- if (is_admin($user['status']))
- {
- list($user['admin_template'], $user['admin_theme']) =
- explode ('/', $conf['admin_layout']);
- }
-
- list($user['template'], $user['theme']) = explode('/', $user['template']);
-
- return $user;
-}
-
-/**
- * find informations related to the user identifier
- *
- * @param int user identifier
- * @param boolean use_cache
- * @param array
- */
-function getuserdata($user_id, $use_cache)
-{
- global $conf;
-
- $userdata = array();
-
- $query = '
-SELECT ';
- $is_first = true;
- foreach ($conf['user_fields'] as $pwgfield => $dbfield)
- {
- if ($is_first)
- {
- $is_first = false;
- }
- else
- {
- $query.= '
- , ';
- }
- $query.= $dbfield.' AS '.$pwgfield;
- }
- $query.= '
- FROM '.USERS_TABLE.'
- WHERE '.$conf['user_fields']['id'].' = \''.$user_id.'\'
-;';
-
- $row = mysql_fetch_array(pwg_query($query));
-
- while (true)
- {
- $query = '
-SELECT ui.*, uc.*
- FROM '.USER_INFOS_TABLE.' AS ui LEFT JOIN '.USER_CACHE_TABLE.' AS uc
- ON ui.user_id = uc.user_id
- WHERE ui.user_id = \''.$user_id.'\'
-;';
- $result = pwg_query($query);
- if (mysql_num_rows($result) > 0)
- {
- break;
- }
- else
- {
- create_user_infos($user_id);
- }
- }
-
- $row = array_merge($row, mysql_fetch_array($result));
-
- foreach ($row as $key => $value)
- {
- if (!is_numeric($key))
- {
- // If the field is true or false, the variable is transformed into a
- // boolean value.
- if ($value == 'true' or $value == 'false')
- {
- $userdata[$key] = get_boolean($value);
- }
- else
- {
- $userdata[$key] = $value;
- }
- }
- }
-
- if ($use_cache)
- {
- if (!isset($userdata['need_update'])
- or !is_bool($userdata['need_update'])
- or $userdata['need_update'] == true)
- {
- $userdata['forbidden_categories'] =
- calculate_permissions($userdata['id'], $userdata['status']);
-
- /* now we build the list of forbidden images (this list does not contain
- images that are not in at least an authorized category)*/
- $query = '
-SELECT DISTINCT(id)
- FROM '.IMAGES_TABLE.' INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id=image_id
- WHERE category_id NOT IN ('.$userdata['forbidden_categories'].')
- AND level>'.$userdata['level'];
- $forbidden_ids = array_from_query($query, 'id');
-
- if ( empty($forbidden_ids) )
- {
- array_push( $forbidden_ids, 0 );
- }
- $userdata['image_access_type'] = 'NOT IN'; //TODO maybe later
- $userdata['image_access_list'] = implode(',',$forbidden_ids);
-
- update_user_cache_categories($userdata);
-
- // Set need update are done
- $userdata['need_update'] = false;
-
- // Indicate update done
- $userdata['need_update_done'] = true;
-
- $query = '
-SELECT COUNT(DISTINCT(image_id)) as total
- FROM '.IMAGE_CATEGORY_TABLE.'
- WHERE category_id NOT IN ('.$userdata['forbidden_categories'].')
- AND image_id '.$userdata['image_access_type'].' ('.$userdata['image_access_list'].')
-;';
- list($userdata['nb_total_images']) = mysql_fetch_array(pwg_query($query));
-
- // update user cache
- $query = '
-DELETE FROM '.USER_CACHE_TABLE.'
- WHERE user_id = '.$userdata['id'].'
-;';
- pwg_query($query);
-
- $query = '
-INSERT INTO '.USER_CACHE_TABLE.'
- (user_id, need_update, forbidden_categories, nb_total_images,
- image_access_type, image_access_list)
- VALUES
- ('.$userdata['id'].',\''.boolean_to_string($userdata['need_update']).'\',\''
- .$userdata['forbidden_categories'].'\','.$userdata['nb_total_images'].',"'
- .$userdata['image_access_type'].'","'.$userdata['image_access_list'].'")
-;';
- pwg_query($query);
- }
- else
- {
- // Indicate update not done
- $userdata['need_update_done'] = false;
- }
- }
-
- return $userdata;
-}
-
-/*
- * deletes favorites of the current user if he's not allowed to see them
- *
- * @return void
- */
-function check_user_favorites()
-{
- global $user;
-
- if ($user['forbidden_categories'] == '')
- {
- return;
- }
-
- // $filter['visible_categories'] and $filter['visible_images']
- // must be not used because filter <> restriction
- // retrieving images allowed : belonging to at least one authorized
- // category
- $query = '
-SELECT DISTINCT f.image_id
- FROM '.FAVORITES_TABLE.' AS f INNER JOIN '.IMAGE_CATEGORY_TABLE.' AS ic
- ON f.image_id = ic.image_id
- WHERE f.user_id = '.$user['id'].'
-'.get_sql_condition_FandF
- (
- array
- (
- 'forbidden_categories' => 'ic.category_id',
- ),
- 'AND'
- ).'
-;';
- $result = pwg_query($query);
- $authorizeds = array();
- while ($row = mysql_fetch_array($result))
- {
- array_push($authorizeds, $row['image_id']);
- }
-
- $query = '
-SELECT image_id
- FROM '.FAVORITES_TABLE.'
- WHERE user_id = '.$user['id'].'
-;';
- $result = pwg_query($query);
- $favorites = array();
- while ($row = mysql_fetch_array($result))
- {
- array_push($favorites, $row['image_id']);
- }
-
- $to_deletes = array_diff($favorites, $authorizeds);
-
- if (count($to_deletes) > 0)
- {
- $query = '
-DELETE FROM '.FAVORITES_TABLE.'
- WHERE image_id IN ('.implode(',', $to_deletes).')
- AND user_id = '.$user['id'].'
-;';
- pwg_query($query);
- }
-}
-
-/**
- * calculates the list of forbidden categories for a given user
- *
- * Calculation is based on private categories minus categories authorized to
- * the groups the user belongs to minus the categories directly authorized
- * to the user. The list contains at least -1 to be compliant with queries
- * such as "WHERE category_id NOT IN ($forbidden_categories)"
- *
- * @param int user_id
- * @param string user_status
- * @return string forbidden_categories
- */
-function calculate_permissions($user_id, $user_status)
-{
- $private_array = array();
- $authorized_array = array();
-
- $query = '
-SELECT id
- FROM '.CATEGORIES_TABLE.'
- WHERE status = \'private\'
-;';
- $result = pwg_query($query);
- while ($row = mysql_fetch_array($result))
- {
- array_push($private_array, $row['id']);
- }
-
- // retrieve category ids directly authorized to the user
- $query = '
-SELECT cat_id
- FROM '.USER_ACCESS_TABLE.'
- WHERE user_id = '.$user_id.'
-;';
- $authorized_array = array_from_query($query, 'cat_id');
-
- // retrieve category ids authorized to the groups the user belongs to
- $query = '
-SELECT cat_id
- FROM '.USER_GROUP_TABLE.' AS ug INNER JOIN '.GROUP_ACCESS_TABLE.' AS ga
- ON ug.group_id = ga.group_id
- WHERE ug.user_id = '.$user_id.'
-;';
- $authorized_array =
- array_merge(
- $authorized_array,
- array_from_query($query, 'cat_id')
- );
-
- // uniquify ids : some private categories might be authorized for the
- // groups and for the user
- $authorized_array = array_unique($authorized_array);
-
- // only unauthorized private categories are forbidden
- $forbidden_array = array_diff($private_array, $authorized_array);
-
- // if user is not an admin, locked categories are forbidden
- if (!is_admin($user_status))
- {
- $query = '
-SELECT id
- FROM '.CATEGORIES_TABLE.'
- WHERE visible = \'false\'
-;';
- $result = pwg_query($query);
- while ($row = mysql_fetch_array($result))
- {
- array_push($forbidden_array, $row['id']);
- }
- $forbidden_array = array_unique($forbidden_array);
- }
-
- if ( empty($forbidden_array) )
- {// at least, the list contains 0 value. This category does not exists so
- // where clauses such as "WHERE category_id NOT IN(0)" will always be
- // true.
- array_push($forbidden_array, 0);
- }
-
- return implode(',', $forbidden_array);
-}
-
-/**
- * compute data of categories branches (one branch only)
- */
-function compute_branch_cat_data(&$cats, &$list_cat_id, &$level, &$ref_level)
-{
- $date = '';
- $count_images = 0;
- $count_categories = 0;
- do
- {
- $cat_id = array_pop($list_cat_id);
- if (!is_null($cat_id))
- {
- // Count images and categories
- $cats[$cat_id]['count_images'] += $count_images;
- $cats[$cat_id]['count_categories'] += $count_categories;
- $count_images = $cats[$cat_id]['count_images'];
- $count_categories = $cats[$cat_id]['count_categories'] + 1;
-
- if ((empty($cats[$cat_id]['max_date_last'])) or ($cats[$cat_id]['max_date_last'] < $date))
- {
- $cats[$cat_id]['max_date_last'] = $date;
- }
- else
- {
- $date = $cats[$cat_id]['max_date_last'];
- }
- $ref_level = substr_count($cats[$cat_id]['global_rank'], '.') + 1;
- }
- else
- {
- $ref_level = 0;
- }
- } while ($level <= $ref_level);
-
- // Last cat updating must be added to list for next branch
- if ($ref_level <> 0)
- {
- array_push($list_cat_id, $cat_id);
- }
-}
-
-/**
- * compute data of categories branches
- */
-function compute_categories_data(&$cats)
-{
- $ref_level = 0;
- $level = 0;
- $list_cat_id = array();
-
- foreach ($cats as $id => $category)
- {
- // Compute
- $level = substr_count($category['global_rank'], '.') + 1;
- if ($level > $ref_level)
- {
- array_push($list_cat_id, $id);
- }
- else
- {
- compute_branch_cat_data($cats, $list_cat_id, $level, $ref_level);
- array_push($list_cat_id, $id);
- }
- $ref_level = $level;
- }
-
- $level = 1;
- compute_branch_cat_data($cats, $list_cat_id, $level, $ref_level);
-}
-
-/**
- * get computed array of categories
- *
- * @param array userdata
- * @param int filter_days number of recent days to filter on or null
- * @return array
- */
-function get_computed_categories($userdata, $filter_days=null)
-{
- $query = 'SELECT c.id cat_id, global_rank';
- // Count by date_available to avoid count null
- $query .= ',
- MAX(date_available) date_last, COUNT(date_available) nb_images
-FROM '.CATEGORIES_TABLE.' as c
- LEFT JOIN '.IMAGE_CATEGORY_TABLE.' AS ic ON ic.category_id = c.id
- LEFT JOIN '.IMAGES_TABLE.' AS i
- ON ic.image_id = i.id
- AND i.level<='.$userdata['level'];
-
- if ( isset($filter_days) )
- {
- $query .= ' AND i.date_available > SUBDATE(CURRENT_DATE,INTERVAL '.$filter_days.' DAY)';
- }
-
- if ( !empty($userdata['forbidden_categories']) )
- {
- $query.= '
- WHERE c.id NOT IN ('.$userdata['forbidden_categories'].')';
- }
-
- $query.= '
- GROUP BY c.id';
-
- $result = pwg_query($query);
-
- $cats = array();
- while ($row = mysql_fetch_assoc($result))
- {
- $row['user_id'] = $userdata['id'];
- $row['count_categories'] = 0;
- $row['count_images'] = (int)$row['nb_images'];
- $row['max_date_last'] = $row['date_last'];
-
- $cats += array($row['cat_id'] => $row);
- }
- usort($cats, 'global_rank_compare');
-
- compute_categories_data($cats);
-
- if ( isset($filter_days) )
- {
- $cat_tmp = $cats;
- $cats = array();
-
- foreach ($cat_tmp as $category)
- {
- if (!empty($category['max_date_last']))
- {
- // Re-init counters
- $category['count_categories'] = 0;
- $category['count_images'] = (int)$category['nb_images'];
- // Keep category
- $cats[$category['cat_id']] = $category;
- }
- }
- // Compute a second time
- compute_categories_data($cats);
- }
- return $cats;
-}
-
-/**
- * update data of user_cache_categories
- *
- * @param array userdata
- * @return null
- */
-function update_user_cache_categories($userdata)
-{
- // delete user cache
- $query = '
-DELETE FROM '.USER_CACHE_CATEGORIES_TABLE.'
- WHERE user_id = '.$userdata['id'].'
-;';
- pwg_query($query);
-
- $cats = get_computed_categories($userdata, null);
-
- include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
- mass_inserts
- (
- USER_CACHE_CATEGORIES_TABLE,
- array
- (
- 'user_id', 'cat_id',
- 'date_last', 'max_date_last', 'nb_images', 'count_images', 'count_categories'
- ),
- $cats
- );
-}
-
-/**
- * returns the username corresponding to the given user identifier if exists
- *
- * @param int user_id
- * @return mixed
- */
-function get_username($user_id)
-{
- global $conf;
-
- $query = '
-SELECT '.$conf['user_fields']['username'].'
- FROM '.USERS_TABLE.'
- WHERE '.$conf['user_fields']['id'].' = '.intval($user_id).'
-;';
- $result = pwg_query($query);
- if (mysql_num_rows($result) > 0)
- {
- list($username) = mysql_fetch_row($result);
- }
- else
- {
- return false;
- }
-
- return $username;
-}
-
-/**
- * returns user identifier thanks to his name, false if not found
- *
- * @param string username
- * @param int user identifier
- */
-function get_userid($username)
-{
- global $conf;
-
- $username = mysql_escape_string($username);
-
- $query = '
-SELECT '.$conf['user_fields']['id'].'
- FROM '.USERS_TABLE.'
- WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
-;';
- $result = pwg_query($query);
-
- if (mysql_num_rows($result) == 0)
- {
- return false;
- }
- else
- {
- list($user_id) = mysql_fetch_row($result);
- return $user_id;
- }
-}
-
-/**
- * search an available feed_id
- *
- * @return string feed identifier
- */
-function find_available_feed_id()
-{
- while (true)
- {
- $key = generate_key(50);
- $query = '
-SELECT COUNT(*)
- FROM '.USER_FEED_TABLE.'
- WHERE id = \''.$key.'\'
-;';
- list($count) = mysql_fetch_row(pwg_query($query));
- if (0 == $count)
- {
- return $key;
- }
- }
-}
-
-/*
- * Returns a array with default user value
- *
- * @param convert_str allows to convert string value if necessary
- */
-function get_default_user_info($convert_str = true)
-{
- global $page, $conf;
-
- if (!isset($page['cache_default_user']))
- {
- $query = 'select * from '.USER_INFOS_TABLE.
- ' where user_id = '.$conf['default_user_id'].';';
-
- $result = pwg_query($query);
- $page['cache_default_user'] = mysql_fetch_assoc($result);
-
- if ($page['cache_default_user'] !== false)
- {
- unset($page['cache_default_user']['user_id']);
- unset($page['cache_default_user']['status']);
- unset($page['cache_default_user']['registration_date']);
- }
- }
-
- if (is_array($page['cache_default_user']) and $convert_str)
- {
- $default_user = array();
- foreach ($page['cache_default_user'] as $name => $value)
- {
- // If the field is true or false, the variable is transformed into a
- // boolean value.
- if ($value == 'true' or $value == 'false')
- {
- $default_user[$name] = get_boolean($value);
- }
- else
- {
- $default_user[$name] = $value;
- }
- }
- return $default_user;
- }
- else
- {
- return $page['cache_default_user'];
- }
-}
-
-/*
- * Returns a default user value
- *
- * @param value_name: name of value
- * @param sos_value: value used if don't exist value
- */
-function get_default_user_value($value_name, $sos_value)
-{
- $default_user = get_default_user_info(true);
- if ($default_user === false or !isset($default_user[$value_name]))
- {
- return $sos_value;
- }
- else
- {
- return $default_user[$value_name];
- }
-}
-
-/*
- * Returns the default template value
- *
- */
-function get_default_template()
-{
- return get_default_user_value('template', PHPWG_DEFAULT_TEMPLATE);
-}
-
-/*
- * Returns the default language value
- *
- */
-function get_default_language()
-{
- return get_default_user_value('language', PHPWG_DEFAULT_LANGUAGE);
-}
-
-/**
- * add user informations based on default values
- *
- * @param int user_id / array of user_if
- * @param array of values used to override default user values
- */
-function create_user_infos($arg_id, $override_values = null)
-{
- global $conf;
-
- if (is_array($arg_id))
- {
- $user_ids = $arg_id;
- }
- else
- {
- $user_ids = array();
- if (is_numeric($arg_id))
- {
- $user_ids[] = $arg_id;
- }
- }
-
- if (!empty($user_ids))
- {
- $inserts = array();
- list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();'));
-
- $default_user = get_default_user_info(false);
- if ($default_user === false)
- {
- // Default on structure are used
- $default_user = array();
- }
-
- if (!is_null($override_values))
- {
- $default_user = array_merge($default_user, $override_values);
- }
-
- foreach ($user_ids as $user_id)
- {
- $level= isset($default_user['level']) ? $default_user['level'] : 0;
- if ($user_id == $conf['webmaster_id'])
- {
- $status = 'webmaster';
- $level = max( $conf['available_permission_levels'] );
- }
- else if (($user_id == $conf['guest_id']) or
- ($user_id == $conf['default_user_id']))
- {
- $status = 'guest';
- }
- else
- {
- $status = 'normal';
- }
-
- $insert = array_merge(
- $default_user,
- array(
- 'user_id' => $user_id,
- 'status' => $status,
- 'registration_date' => $dbnow,
- 'level' => $level
- ));
-
- array_push($inserts, $insert);
- }
-
- include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
- mass_inserts(USER_INFOS_TABLE, array_keys($inserts[0]), $inserts);
-
- }
-}
-
-/**
- * returns the groupname corresponding to the given group identifier if
- * exists
- *
- * @param int group_id
- * @return mixed
- */
-function get_groupname($group_id)
-{
- $query = '
-SELECT name
- FROM '.GROUPS_TABLE.'
- WHERE id = '.intval($group_id).'
-;';
- $result = pwg_query($query);
- if (mysql_num_rows($result) > 0)
- {
- list($groupname) = mysql_fetch_row($result);
- }
- else
- {
- return false;
- }
-
- return $groupname;
-}
-
-
-/**
- * returns the auto login key or false on error
- * @param int user_id
- * @param string [out] username
-*/
-function calculate_auto_login_key($user_id, &$username)
-{
- global $conf;
- $query = '
-SELECT '.$conf['user_fields']['username'].' AS username
- , '.$conf['user_fields']['password'].' AS password
-FROM '.USERS_TABLE.'
-WHERE '.$conf['user_fields']['id'].' = '.$user_id;
- $result = pwg_query($query);
- if (mysql_num_rows($result) > 0)
- {
- $row = mysql_fetch_assoc($result);
- $username = $row['username'];
- $data = $row['username'].$row['password'];
- $key = base64_encode(
- pack('H*', sha1($data))
- .hash_hmac('md5', $data, $conf['secret_key'],true)
- );
- return $key;
- }
- return false;
-}
-
-/*
- * Performs all required actions for user login
- * @param int user_id
- * @param bool remember_me
- * @return void
-*/
-function log_user($user_id, $remember_me)
-{
- global $conf, $user;
-
- if ($remember_me and $conf['authorize_remembering'])
- {
- $key = calculate_auto_login_key($user_id, $username);
- if ($key!==false)
- {
- $cookie = array('id' => (int)$user_id, 'key' => $key);
- setcookie($conf['remember_me_name'],
- serialize($cookie),
- time()+$conf['remember_me_length'],
- cookie_path()
- );
- }
- }
- else
- { // make sure we clean any remember me ...
- setcookie($conf['remember_me_name'], '', 0, cookie_path());
- }
- if ( session_id()!="" )
- { // we regenerate the session for security reasons
- // see http://www.acros.si/papers/session_fixation.pdf
- session_regenerate_id();
- }
- else
- {
- session_start();
- }
- $_SESSION['pwg_uid'] = (int)$user_id;
-
- $user['id'] = $_SESSION['pwg_uid'];
-}
-
-/*
- * Performs auto-connexion when cookie remember_me exists
- * @return true/false
-*/
-function auto_login() {
- global $conf;
-
- if ( isset( $_COOKIE[$conf['remember_me_name']] ) )
- {
- $cookie = unserialize(stripslashes($_COOKIE[$conf['remember_me_name']]));
- if ($cookie!==false and is_numeric(@$cookie['id']) )
- {
- $key = calculate_auto_login_key( $cookie['id'], $username );
- if ($key!==false and $key===$cookie['key'])
- {
- log_user($cookie['id'], true);
- trigger_action('login_success', $username);
- return true;
- }
- }
- setcookie($conf['remember_me_name'], '', 0, cookie_path());
- }
- return false;
-}
-
-/**
- * Tries to login a user given username and password (must be MySql escaped)
- * return true on success
- */
-function try_log_user($username, $password, $remember_me)
-{
- global $conf;
- // retrieving the encrypted password of the login submitted
- $query = '
-SELECT '.$conf['user_fields']['id'].' AS id,
- '.$conf['user_fields']['password'].' AS password
- FROM '.USERS_TABLE.'
- WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
-;';
- $row = mysql_fetch_assoc(pwg_query($query));
- if ($row['password'] == $conf['pass_convert']($password))
- {
- log_user($row['id'], $remember_me);
- trigger_action('login_success', $username);
- return true;
- }
- trigger_action('login_failure', $username);
- return false;
-}
-
-/*
- * Return user status used in this library
- * @return string
-*/
-function get_user_status($user_status)
-{
- global $user;
-
- if (empty($user_status))
- {
- if (isset($user['status']))
- {
- $user_status = $user['status'];
- }
- else
- {
- // swicth to default value
- $user_status = '';
- }
- }
- return $user_status;
-}
-
-/*
- * Return access_type definition of user
- * Test does with user status
- * @return bool
-*/
-function get_access_type_status($user_status='')
-{
- global $conf;
-
- switch (get_user_status($user_status))
- {
- case 'guest':
- {
- $access_type_status =
- ($conf['guest_access'] ? ACCESS_GUEST : ACCESS_FREE);
- break;
- }
- case 'generic':
- {
- $access_type_status = ACCESS_GUEST;
- break;
- }
- case 'normal':
- {
- $access_type_status = ACCESS_CLASSIC;
- break;
- }
- case 'admin':
- {
- $access_type_status = ACCESS_ADMINISTRATOR;
- break;
- }
- case 'webmaster':
- {
- $access_type_status = ACCESS_WEBMASTER;
- break;
- }
- default:
- {
- $access_type_status = ACCESS_FREE;
- break;
- }
- }
-
- return $access_type_status;
-}
-
-/*
- * Return if user have access to access_type definition
- * Test does with user status
- * @return bool
-*/
-function is_autorize_status($access_type, $user_status = '')
-{
- return (get_access_type_status($user_status) >= $access_type);
-}
-
-/*
- * Check if user have access to access_type definition
- * Stop action if there are not access
- * Test does with user status
- * @return none
-*/
-function check_status($access_type, $user_status = '')
-{
- if (!is_autorize_status($access_type, $user_status))
- {
- access_denied();
- }
-}
-
-/*
- * Return if user is generic
- * @return bool
-*/
- function is_generic($user_status = '')
-{
- return get_user_status($user_status) == 'generic';
-}
-
-/*
- * Return if user is only a guest
- * @return bool
-*/
- function is_a_guest($user_status = '')
-{
- return get_user_status($user_status) == 'guest';
-}
-
-/*
- * Return if user is, at least, a classic user
- * @return bool
-*/
- function is_classic_user($user_status = '')
-{
- return is_autorize_status(ACCESS_CLASSIC, $user_status);
-}
-
-/*
- * Return if user is, at least, an administrator
- * @return bool
-*/
- function is_admin($user_status = '')
-{
- return is_autorize_status(ACCESS_ADMINISTRATOR, $user_status);
-}
-
-/*
- * Return if current user is an adviser
- * @return bool
-*/
-function is_adviser()
-{
- global $user;
-
- return ($user['adviser'] == 'true');
-}
-
-/*
- * Return mail address as display text
- * @return string
-*/
-function get_email_address_as_display_text($email_address)
-{
- global $conf;
-
- if (!isset($email_address) or (trim($email_address) == ''))
- {
- return '';
- }
- else
- {
- if (defined('IN_ADMIN') and is_adviser())
- {
- return 'adviser.mode@'.$_SERVER['SERVER_NAME'];
- }
- else
- {
- return $email_address;
- }
- }
-}
-
-/*
- * Compute sql where condition with restrict and filter data. "FandF" means
- * Forbidden and Filters.
- *
- * @param array condition_fields: read function body
- * @param string prefix_condition: prefixes sql if condition is not empty
- * @param boolean force_one_condition: use at least "1 = 1"
- *
- * @return string sql where/conditions
- */
-function get_sql_condition_FandF(
- $condition_fields,
- $prefix_condition = null,
- $force_one_condition = false
- )
-{
- global $user, $filter;
-
- $sql_list = array();
-
- foreach ($condition_fields as $condition => $field_name)
- {
- switch($condition)
- {
- case 'forbidden_categories':
- {
- if (!empty($user['forbidden_categories']))
- {
- $sql_list[] =
- $field_name.' NOT IN ('.$user['forbidden_categories'].')';
- }
- break;
- }
- case 'visible_categories':
- {
- if (!empty($filter['visible_categories']))
- {
- $sql_list[] =
- $field_name.' IN ('.$filter['visible_categories'].')';
- }
- break;
- }
- case 'visible_images':
- if (!empty($filter['visible_images']))
- {
- $sql_list[] =
- $field_name.' IN ('.$filter['visible_images'].')';
- }
- // note there is no break - visible include forbidden
- case 'forbidden_images':
- if (
- !empty($user['image_access_list'])
- or $user['image_access_type']!='NOT IN'
- )
- {
- $table_prefix=null;
- if ($field_name=='id')
- {
- $table_prefix = '';
- }
- elseif ($field_name=='i.id')
- {
- $table_prefix = 'i.';
- }
- if ( isset($table_prefix) )
- {
- $sql_list[]=$table_prefix.'level<='.$user['level'];
- }
- else
- {
- $sql_list[]=$field_name.' '.$user['image_access_type']
- .' ('.$user['image_access_list'].')';
- }
- }
- break;
- default:
- {
- die('Unknow condition');
- break;
- }
- }
- }
-
- if (count($sql_list) > 0)
- {
- $sql = '('.implode(' AND ', $sql_list).')';
- }
- else
- {
- if ($force_one_condition)
- {
- $sql = '1 = 1';
- }
- else
- {
- $sql = '';
- }
- }
-
- if (isset($prefix_condition) and !empty($sql))
- {
- $sql = $prefix_condition.' '.$sql;
- }
-
- return $sql;
-}
-
-?> \ No newline at end of file