diff options
Diffstat (limited to '')
-rw-r--r-- | BSF/include/functions_user.inc.php | 1340 |
1 files changed, 1340 insertions, 0 deletions
diff --git a/BSF/include/functions_user.inc.php b/BSF/include/functions_user.inc.php new file mode 100644 index 000000000..d2c9530e2 --- /dev/null +++ b/BSF/include/functions_user.inc.php @@ -0,0 +1,1340 @@ +<?php +// +-----------------------------------------------------------------------+ +// | Piwigo - a PHP based picture gallery | +// +-----------------------------------------------------------------------+ +// | Copyright(C) 2008 Piwigo Team http://piwigo.org | +// | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net | +// | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick | +// +-----------------------------------------------------------------------+ +// | This program is free software; you can redistribute it and/or modify | +// | it under the terms of the GNU General Public License as published by | +// | the Free Software Foundation | +// | | +// | This program is distributed in the hope that it will be useful, but | +// | WITHOUT ANY WARRANTY; without even the implied warranty of | +// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | +// | General Public License for more details. | +// | | +// | You should have received a copy of the GNU General Public License | +// | along with this program; if not, write to the Free Software | +// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | +// | USA. | +// +-----------------------------------------------------------------------+ + +// validate_mail_address: +// o verifies whether the given mail address has the +// right format. ie someone@domain.com "someone" can contain ".", "-" or +// even "_". Exactly as "domain". The extension doesn't have to be +// "com". The mail address can also be empty. +// o check if address could be empty +// o check if address is not used by a other user +// If the mail address doesn't correspond, an error message is returned. +// +function validate_mail_address($user_id, $mail_address) +{ + global $conf; + + if (empty($mail_address) and + !($conf['obligatory_user_mail_address'] and + in_array(script_basename(), array('register', 'profile')))) + { + return ''; + } + + $regex = '/^[\w-]+(\.[\w-]+)*@[\w-]+(\.[\w-]+)*\.[a-z]+$/'; + if ( !preg_match( $regex, $mail_address ) ) + { + return l10n('reg_err_mail_address'); + } + + if (defined("PHPWG_INSTALLED") and !empty($mail_address)) + { + $query = ' +select count(*) +from '.USERS_TABLE.' +where upper('.$conf['user_fields']['email'].') = upper(\''.$mail_address.'\') +'.(is_numeric($user_id) ? 'and '.$conf['user_fields']['id'].' != \''.$user_id.'\'' : '').' +;'; + list($count) = mysql_fetch_array(pwg_query($query)); + if ($count != 0) + { + return l10n('reg_err_mail_address_dbl'); + } + } +} + +function register_user($login, $password, $mail_address, + $with_notification = true, $errors = array()) +{ + global $conf; + + if ($login == '') + { + array_push($errors, l10n('reg_err_login1')); + } + if (ereg("^.* $", $login)) + { + array_push($errors, l10n('reg_err_login2')); + } + if (ereg("^ .*$", $login)) + { + array_push($errors, l10n('reg_err_login3')); + } + if (get_userid($login)) + { + array_push($errors, l10n('reg_err_login5')); + } + $mail_error = validate_mail_address(null, $mail_address); + if ('' != $mail_error) + { + array_push($errors, $mail_error); + } + + $errors = trigger_event('register_user_check', + $errors, + array( + 'username'=>$login, + 'password'=>$password, + 'email'=>$mail_address, + ) + ); + + // if no error until here, registration of the user + if (count($errors) == 0) + { + // what will be the inserted id ? + $query = ' +SELECT MAX('.$conf['user_fields']['id'].') + 1 + FROM '.USERS_TABLE.' +;'; + list($next_id) = mysql_fetch_array(pwg_query($query)); + + $insert = + array( + $conf['user_fields']['id'] => $next_id, + $conf['user_fields']['username'] => mysql_escape_string($login), + $conf['user_fields']['password'] => $conf['pass_convert']($password), + $conf['user_fields']['email'] => $mail_address + ); + + include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + mass_inserts(USERS_TABLE, array_keys($insert), array($insert)); + + // Assign by default groups + { + $query = ' +SELECT id + FROM '.GROUPS_TABLE.' + WHERE is_default = \''.boolean_to_string(true).'\' + ORDER BY id ASC +;'; + $result = pwg_query($query); + + $inserts = array(); + while ($row = mysql_fetch_array($result)) + { + array_push + ( + $inserts, + array + ( + 'user_id' => $next_id, + 'group_id' => $row['id'] + ) + ); + } + } + + if (count($inserts) != 0) + { + include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + mass_inserts(USER_GROUP_TABLE, array('user_id', 'group_id'), $inserts); + } + + create_user_infos($next_id); + + if ($with_notification and $conf['email_admin_on_new_user']) + { + include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php'); + $admin_url = get_absolute_root_url() + .'admin.php?page=user_list&username='.$login; + + $keyargs_content = array + ( + get_l10n_args('User: %s', $login), + get_l10n_args('Email: %s', $_POST['mail_address']), + get_l10n_args('', ''), + get_l10n_args('Admin: %s', $admin_url) + ); + + pwg_mail_notification_admins + ( + get_l10n_args('Registration of %s', $login), + $keyargs_content + ); + } + + trigger_action('register_user', + array( + 'id'=>$next_id, + 'username'=>$login, + 'email'=>$mail_address, + ) + ); + } + + return $errors; +} + +function build_user( $user_id, $use_cache ) +{ + global $conf; + + $user['id'] = $user_id; + $user = array_merge( $user, getuserdata($user_id, $use_cache) ); + + if ($user['id'] == $conf['guest_id'] and $user['status'] <> 'guest') + { + $user['status'] = 'guest'; + $user['internal_status']['guest_must_be_guest'] = true; + } + + // calculation of the number of picture to display per page + $user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page']; + + if (is_admin($user['status'])) + { + list($user['admin_template'], $user['admin_theme']) = + explode ('/', $conf['admin_layout']); + } + + list($user['template'], $user['theme']) = explode('/', $user['template']); + + return $user; +} + +/** + * find informations related to the user identifier + * + * @param int user identifier + * @param boolean use_cache + * @param array + */ +function getuserdata($user_id, $use_cache) +{ + global $conf; + + $userdata = array(); + + $query = ' +SELECT '; + $is_first = true; + foreach ($conf['user_fields'] as $pwgfield => $dbfield) + { + if ($is_first) + { + $is_first = false; + } + else + { + $query.= ' + , '; + } + $query.= $dbfield.' AS '.$pwgfield; + } + $query.= ' + FROM '.USERS_TABLE.' + WHERE '.$conf['user_fields']['id'].' = \''.$user_id.'\' +;'; + + $row = mysql_fetch_array(pwg_query($query)); + + while (true) + { + $query = ' +SELECT ui.*, uc.* + FROM '.USER_INFOS_TABLE.' AS ui LEFT JOIN '.USER_CACHE_TABLE.' AS uc + ON ui.user_id = uc.user_id + WHERE ui.user_id = \''.$user_id.'\' +;'; + $result = pwg_query($query); + if (mysql_num_rows($result) > 0) + { + break; + } + else + { + create_user_infos($user_id); + } + } + + $row = array_merge($row, mysql_fetch_array($result)); + + foreach ($row as $key => $value) + { + if (!is_numeric($key)) + { + // If the field is true or false, the variable is transformed into a + // boolean value. + if ($value == 'true' or $value == 'false') + { + $userdata[$key] = get_boolean($value); + } + else + { + $userdata[$key] = $value; + } + } + } + + if ($use_cache) + { + if (!isset($userdata['need_update']) + or !is_bool($userdata['need_update']) + or $userdata['need_update'] == true) + { + $userdata['forbidden_categories'] = + calculate_permissions($userdata['id'], $userdata['status']); + + /* now we build the list of forbidden images (this list does not contain + images that are not in at least an authorized category)*/ + $query = ' +SELECT DISTINCT(id) + FROM '.IMAGES_TABLE.' INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id=image_id + WHERE category_id NOT IN ('.$userdata['forbidden_categories'].') + AND level>'.$userdata['level']; + $forbidden_ids = array_from_query($query, 'id'); + + if ( empty($forbidden_ids) ) + { + array_push( $forbidden_ids, 0 ); + } + $userdata['image_access_type'] = 'NOT IN'; //TODO maybe later + $userdata['image_access_list'] = implode(',',$forbidden_ids); + + update_user_cache_categories($userdata); + + // Set need update are done + $userdata['need_update'] = false; + + // Indicate update done + $userdata['need_update_done'] = true; + + $query = ' +SELECT COUNT(DISTINCT(image_id)) as total + FROM '.IMAGE_CATEGORY_TABLE.' + WHERE category_id NOT IN ('.$userdata['forbidden_categories'].') + AND image_id '.$userdata['image_access_type'].' ('.$userdata['image_access_list'].') +;'; + list($userdata['nb_total_images']) = mysql_fetch_array(pwg_query($query)); + + // update user cache + $query = ' +DELETE FROM '.USER_CACHE_TABLE.' + WHERE user_id = '.$userdata['id'].' +;'; + pwg_query($query); + + $query = ' +INSERT INTO '.USER_CACHE_TABLE.' + (user_id, need_update, forbidden_categories, nb_total_images, + image_access_type, image_access_list) + VALUES + ('.$userdata['id'].',\''.boolean_to_string($userdata['need_update']).'\',\'' + .$userdata['forbidden_categories'].'\','.$userdata['nb_total_images'].',"' + .$userdata['image_access_type'].'","'.$userdata['image_access_list'].'") +;'; + pwg_query($query); + } + else + { + // Indicate update not done + $userdata['need_update_done'] = false; + } + } + + return $userdata; +} + +/* + * deletes favorites of the current user if he's not allowed to see them + * + * @return void + */ +function check_user_favorites() +{ + global $user; + + if ($user['forbidden_categories'] == '') + { + return; + } + + // $filter['visible_categories'] and $filter['visible_images'] + // must be not used because filter <> restriction + // retrieving images allowed : belonging to at least one authorized + // category + $query = ' +SELECT DISTINCT f.image_id + FROM '.FAVORITES_TABLE.' AS f INNER JOIN '.IMAGE_CATEGORY_TABLE.' AS ic + ON f.image_id = ic.image_id + WHERE f.user_id = '.$user['id'].' +'.get_sql_condition_FandF + ( + array + ( + 'forbidden_categories' => 'ic.category_id', + ), + 'AND' + ).' +;'; + $result = pwg_query($query); + $authorizeds = array(); + while ($row = mysql_fetch_array($result)) + { + array_push($authorizeds, $row['image_id']); + } + + $query = ' +SELECT image_id + FROM '.FAVORITES_TABLE.' + WHERE user_id = '.$user['id'].' +;'; + $result = pwg_query($query); + $favorites = array(); + while ($row = mysql_fetch_array($result)) + { + array_push($favorites, $row['image_id']); + } + + $to_deletes = array_diff($favorites, $authorizeds); + + if (count($to_deletes) > 0) + { + $query = ' +DELETE FROM '.FAVORITES_TABLE.' + WHERE image_id IN ('.implode(',', $to_deletes).') + AND user_id = '.$user['id'].' +;'; + pwg_query($query); + } +} + +/** + * calculates the list of forbidden categories for a given user + * + * Calculation is based on private categories minus categories authorized to + * the groups the user belongs to minus the categories directly authorized + * to the user. The list contains at least -1 to be compliant with queries + * such as "WHERE category_id NOT IN ($forbidden_categories)" + * + * @param int user_id + * @param string user_status + * @return string forbidden_categories + */ +function calculate_permissions($user_id, $user_status) +{ + $private_array = array(); + $authorized_array = array(); + + $query = ' +SELECT id + FROM '.CATEGORIES_TABLE.' + WHERE status = \'private\' +;'; + $result = pwg_query($query); + while ($row = mysql_fetch_array($result)) + { + array_push($private_array, $row['id']); + } + + // retrieve category ids directly authorized to the user + $query = ' +SELECT cat_id + FROM '.USER_ACCESS_TABLE.' + WHERE user_id = '.$user_id.' +;'; + $authorized_array = array_from_query($query, 'cat_id'); + + // retrieve category ids authorized to the groups the user belongs to + $query = ' +SELECT cat_id + FROM '.USER_GROUP_TABLE.' AS ug INNER JOIN '.GROUP_ACCESS_TABLE.' AS ga + ON ug.group_id = ga.group_id + WHERE ug.user_id = '.$user_id.' +;'; + $authorized_array = + array_merge( + $authorized_array, + array_from_query($query, 'cat_id') + ); + + // uniquify ids : some private categories might be authorized for the + // groups and for the user + $authorized_array = array_unique($authorized_array); + + // only unauthorized private categories are forbidden + $forbidden_array = array_diff($private_array, $authorized_array); + + // if user is not an admin, locked categories are forbidden + if (!is_admin($user_status)) + { + $query = ' +SELECT id + FROM '.CATEGORIES_TABLE.' + WHERE visible = \'false\' +;'; + $result = pwg_query($query); + while ($row = mysql_fetch_array($result)) + { + array_push($forbidden_array, $row['id']); + } + $forbidden_array = array_unique($forbidden_array); + } + + if ( empty($forbidden_array) ) + {// at least, the list contains 0 value. This category does not exists so + // where clauses such as "WHERE category_id NOT IN(0)" will always be + // true. + array_push($forbidden_array, 0); + } + + return implode(',', $forbidden_array); +} + +/** + * compute data of categories branches (one branch only) + */ +function compute_branch_cat_data(&$cats, &$list_cat_id, &$level, &$ref_level) +{ + $date = ''; + $count_images = 0; + $count_categories = 0; + do + { + $cat_id = array_pop($list_cat_id); + if (!is_null($cat_id)) + { + // Count images and categories + $cats[$cat_id]['count_images'] += $count_images; + $cats[$cat_id]['count_categories'] += $count_categories; + $count_images = $cats[$cat_id]['count_images']; + $count_categories = $cats[$cat_id]['count_categories'] + 1; + + if ((empty($cats[$cat_id]['max_date_last'])) or ($cats[$cat_id]['max_date_last'] < $date)) + { + $cats[$cat_id]['max_date_last'] = $date; + } + else + { + $date = $cats[$cat_id]['max_date_last']; + } + $ref_level = substr_count($cats[$cat_id]['global_rank'], '.') + 1; + } + else + { + $ref_level = 0; + } + } while ($level <= $ref_level); + + // Last cat updating must be added to list for next branch + if ($ref_level <> 0) + { + array_push($list_cat_id, $cat_id); + } +} + +/** + * compute data of categories branches + */ +function compute_categories_data(&$cats) +{ + $ref_level = 0; + $level = 0; + $list_cat_id = array(); + + foreach ($cats as $id => $category) + { + // Compute + $level = substr_count($category['global_rank'], '.') + 1; + if ($level > $ref_level) + { + array_push($list_cat_id, $id); + } + else + { + compute_branch_cat_data($cats, $list_cat_id, $level, $ref_level); + array_push($list_cat_id, $id); + } + $ref_level = $level; + } + + $level = 1; + compute_branch_cat_data($cats, $list_cat_id, $level, $ref_level); +} + +/** + * get computed array of categories + * + * @param array userdata + * @param int filter_days number of recent days to filter on or null + * @return array + */ +function get_computed_categories($userdata, $filter_days=null) +{ + $query = 'SELECT c.id cat_id, global_rank'; + // Count by date_available to avoid count null + $query .= ', + MAX(date_available) date_last, COUNT(date_available) nb_images +FROM '.CATEGORIES_TABLE.' as c + LEFT JOIN '.IMAGE_CATEGORY_TABLE.' AS ic ON ic.category_id = c.id + LEFT JOIN '.IMAGES_TABLE.' AS i + ON ic.image_id = i.id + AND i.level<='.$userdata['level']; + + if ( isset($filter_days) ) + { + $query .= ' AND i.date_available > SUBDATE(CURRENT_DATE,INTERVAL '.$filter_days.' DAY)'; + } + + if ( !empty($userdata['forbidden_categories']) ) + { + $query.= ' + WHERE c.id NOT IN ('.$userdata['forbidden_categories'].')'; + } + + $query.= ' + GROUP BY c.id'; + + $result = pwg_query($query); + + $cats = array(); + while ($row = mysql_fetch_assoc($result)) + { + $row['user_id'] = $userdata['id']; + $row['count_categories'] = 0; + $row['count_images'] = (int)$row['nb_images']; + $row['max_date_last'] = $row['date_last']; + + $cats += array($row['cat_id'] => $row); + } + usort($cats, 'global_rank_compare'); + + compute_categories_data($cats); + + if ( isset($filter_days) ) + { + $cat_tmp = $cats; + $cats = array(); + + foreach ($cat_tmp as $category) + { + if (!empty($category['max_date_last'])) + { + // Re-init counters + $category['count_categories'] = 0; + $category['count_images'] = (int)$category['nb_images']; + // Keep category + $cats[$category['cat_id']] = $category; + } + } + // Compute a second time + compute_categories_data($cats); + } + return $cats; +} + +/** + * update data of user_cache_categories + * + * @param array userdata + * @return null + */ +function update_user_cache_categories($userdata) +{ + // delete user cache + $query = ' +DELETE FROM '.USER_CACHE_CATEGORIES_TABLE.' + WHERE user_id = '.$userdata['id'].' +;'; + pwg_query($query); + + $cats = get_computed_categories($userdata, null); + + include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + mass_inserts + ( + USER_CACHE_CATEGORIES_TABLE, + array + ( + 'user_id', 'cat_id', + 'date_last', 'max_date_last', 'nb_images', 'count_images', 'count_categories' + ), + $cats + ); +} + +/** + * returns the username corresponding to the given user identifier if exists + * + * @param int user_id + * @return mixed + */ +function get_username($user_id) +{ + global $conf; + + $query = ' +SELECT '.$conf['user_fields']['username'].' + FROM '.USERS_TABLE.' + WHERE '.$conf['user_fields']['id'].' = '.intval($user_id).' +;'; + $result = pwg_query($query); + if (mysql_num_rows($result) > 0) + { + list($username) = mysql_fetch_row($result); + } + else + { + return false; + } + + return $username; +} + +/** + * returns user identifier thanks to his name, false if not found + * + * @param string username + * @param int user identifier + */ +function get_userid($username) +{ + global $conf; + + $username = mysql_escape_string($username); + + $query = ' +SELECT '.$conf['user_fields']['id'].' + FROM '.USERS_TABLE.' + WHERE '.$conf['user_fields']['username'].' = \''.$username.'\' +;'; + $result = pwg_query($query); + + if (mysql_num_rows($result) == 0) + { + return false; + } + else + { + list($user_id) = mysql_fetch_row($result); + return $user_id; + } +} + +/** + * search an available feed_id + * + * @return string feed identifier + */ +function find_available_feed_id() +{ + while (true) + { + $key = generate_key(50); + $query = ' +SELECT COUNT(*) + FROM '.USER_FEED_TABLE.' + WHERE id = \''.$key.'\' +;'; + list($count) = mysql_fetch_row(pwg_query($query)); + if (0 == $count) + { + return $key; + } + } +} + +/* + * Returns a array with default user value + * + * @param convert_str allows to convert string value if necessary + */ +function get_default_user_info($convert_str = true) +{ + global $page, $conf; + + if (!isset($page['cache_default_user'])) + { + $query = 'select * from '.USER_INFOS_TABLE. + ' where user_id = '.$conf['default_user_id'].';'; + + $result = pwg_query($query); + $page['cache_default_user'] = mysql_fetch_assoc($result); + + if ($page['cache_default_user'] !== false) + { + unset($page['cache_default_user']['user_id']); + unset($page['cache_default_user']['status']); + unset($page['cache_default_user']['registration_date']); + } + } + + if (is_array($page['cache_default_user']) and $convert_str) + { + $default_user = array(); + foreach ($page['cache_default_user'] as $name => $value) + { + // If the field is true or false, the variable is transformed into a + // boolean value. + if ($value == 'true' or $value == 'false') + { + $default_user[$name] = get_boolean($value); + } + else + { + $default_user[$name] = $value; + } + } + return $default_user; + } + else + { + return $page['cache_default_user']; + } +} + +/* + * Returns a default user value + * + * @param value_name: name of value + * @param sos_value: value used if don't exist value + */ +function get_default_user_value($value_name, $sos_value) +{ + $default_user = get_default_user_info(true); + if ($default_user === false or !isset($default_user[$value_name])) + { + return $sos_value; + } + else + { + return $default_user[$value_name]; + } +} + +/* + * Returns the default template value + * + */ +function get_default_template() +{ + return get_default_user_value('template', PHPWG_DEFAULT_TEMPLATE); +} + +/* + * Returns the default language value + * + */ +function get_default_language() +{ + return get_default_user_value('language', PHPWG_DEFAULT_LANGUAGE); +} + +/** + * add user informations based on default values + * + * @param int user_id / array of user_if + * @param array of values used to override default user values + */ +function create_user_infos($arg_id, $override_values = null) +{ + global $conf; + + if (is_array($arg_id)) + { + $user_ids = $arg_id; + } + else + { + $user_ids = array(); + if (is_numeric($arg_id)) + { + $user_ids[] = $arg_id; + } + } + + if (!empty($user_ids)) + { + $inserts = array(); + list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();')); + + $default_user = get_default_user_info(false); + if ($default_user === false) + { + // Default on structure are used + $default_user = array(); + } + + if (!is_null($override_values)) + { + $default_user = array_merge($default_user, $override_values); + } + + foreach ($user_ids as $user_id) + { + $level= isset($default_user['level']) ? $default_user['level'] : 0; + if ($user_id == $conf['webmaster_id']) + { + $status = 'webmaster'; + $level = max( $conf['available_permission_levels'] ); + } + else if (($user_id == $conf['guest_id']) or + ($user_id == $conf['default_user_id'])) + { + $status = 'guest'; + } + else + { + $status = 'normal'; + } + + $insert = array_merge( + $default_user, + array( + 'user_id' => $user_id, + 'status' => $status, + 'registration_date' => $dbnow, + 'level' => $level + )); + + array_push($inserts, $insert); + } + + include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + mass_inserts(USER_INFOS_TABLE, array_keys($inserts[0]), $inserts); + + } +} + +/** + * returns the groupname corresponding to the given group identifier if + * exists + * + * @param int group_id + * @return mixed + */ +function get_groupname($group_id) +{ + $query = ' +SELECT name + FROM '.GROUPS_TABLE.' + WHERE id = '.intval($group_id).' +;'; + $result = pwg_query($query); + if (mysql_num_rows($result) > 0) + { + list($groupname) = mysql_fetch_row($result); + } + else + { + return false; + } + + return $groupname; +} + + +/** + * returns the auto login key or false on error + * @param int user_id + * @param string [out] username +*/ +function calculate_auto_login_key($user_id, &$username) +{ + global $conf; + $query = ' +SELECT '.$conf['user_fields']['username'].' AS username + , '.$conf['user_fields']['password'].' AS password +FROM '.USERS_TABLE.' +WHERE '.$conf['user_fields']['id'].' = '.$user_id; + $result = pwg_query($query); + if (mysql_num_rows($result) > 0) + { + $row = mysql_fetch_assoc($result); + $username = $row['username']; + $data = $row['username'].$row['password']; + $key = base64_encode( + pack('H*', sha1($data)) + .hash_hmac('md5', $data, $conf['secret_key'],true) + ); + return $key; + } + return false; +} + +/* + * Performs all required actions for user login + * @param int user_id + * @param bool remember_me + * @return void +*/ +function log_user($user_id, $remember_me) +{ + global $conf, $user; + + if ($remember_me and $conf['authorize_remembering']) + { + $key = calculate_auto_login_key($user_id, $username); + if ($key!==false) + { + $cookie = array('id' => (int)$user_id, 'key' => $key); + setcookie($conf['remember_me_name'], + serialize($cookie), + time()+$conf['remember_me_length'], + cookie_path() + ); + } + } + else + { // make sure we clean any remember me ... + setcookie($conf['remember_me_name'], '', 0, cookie_path()); + } + if ( session_id()!="" ) + { // we regenerate the session for security reasons + // see http://www.acros.si/papers/session_fixation.pdf + session_regenerate_id(); + } + else + { + session_start(); + } + $_SESSION['pwg_uid'] = (int)$user_id; + + $user['id'] = $_SESSION['pwg_uid']; +} + +/* + * Performs auto-connexion when cookie remember_me exists + * @return true/false +*/ +function auto_login() { + global $conf; + + if ( isset( $_COOKIE[$conf['remember_me_name']] ) ) + { + $cookie = unserialize(stripslashes($_COOKIE[$conf['remember_me_name']])); + if ($cookie!==false and is_numeric(@$cookie['id']) ) + { + $key = calculate_auto_login_key( $cookie['id'], $username ); + if ($key!==false and $key===$cookie['key']) + { + log_user($cookie['id'], true); + trigger_action('login_success', $username); + return true; + } + } + setcookie($conf['remember_me_name'], '', 0, cookie_path()); + } + return false; +} + +/** + * Tries to login a user given username and password (must be MySql escaped) + * return true on success + */ +function try_log_user($username, $password, $remember_me) +{ + global $conf; + // retrieving the encrypted password of the login submitted + $query = ' +SELECT '.$conf['user_fields']['id'].' AS id, + '.$conf['user_fields']['password'].' AS password + FROM '.USERS_TABLE.' + WHERE '.$conf['user_fields']['username'].' = \''.$username.'\' +;'; + $row = mysql_fetch_assoc(pwg_query($query)); + if ($row['password'] == $conf['pass_convert']($password)) + { + log_user($row['id'], $remember_me); + trigger_action('login_success', $username); + return true; + } + trigger_action('login_failure', $username); + return false; +} + +/* + * Return user status used in this library + * @return string +*/ +function get_user_status($user_status) +{ + global $user; + + if (empty($user_status)) + { + if (isset($user['status'])) + { + $user_status = $user['status']; + } + else + { + // swicth to default value + $user_status = ''; + } + } + return $user_status; +} + +/* + * Return access_type definition of user + * Test does with user status + * @return bool +*/ +function get_access_type_status($user_status='') +{ + global $conf; + + switch (get_user_status($user_status)) + { + case 'guest': + { + $access_type_status = + ($conf['guest_access'] ? ACCESS_GUEST : ACCESS_FREE); + break; + } + case 'generic': + { + $access_type_status = ACCESS_GUEST; + break; + } + case 'normal': + { + $access_type_status = ACCESS_CLASSIC; + break; + } + case 'admin': + { + $access_type_status = ACCESS_ADMINISTRATOR; + break; + } + case 'webmaster': + { + $access_type_status = ACCESS_WEBMASTER; + break; + } + default: + { + $access_type_status = ACCESS_FREE; + break; + } + } + + return $access_type_status; +} + +/* + * Return if user have access to access_type definition + * Test does with user status + * @return bool +*/ +function is_autorize_status($access_type, $user_status = '') +{ + return (get_access_type_status($user_status) >= $access_type); +} + +/* + * Check if user have access to access_type definition + * Stop action if there are not access + * Test does with user status + * @return none +*/ +function check_status($access_type, $user_status = '') +{ + if (!is_autorize_status($access_type, $user_status)) + { + access_denied(); + } +} + +/* + * Return if user is generic + * @return bool +*/ + function is_generic($user_status = '') +{ + return get_user_status($user_status) == 'generic'; +} + +/* + * Return if user is only a guest + * @return bool +*/ + function is_a_guest($user_status = '') +{ + return get_user_status($user_status) == 'guest'; +} + +/* + * Return if user is, at least, a classic user + * @return bool +*/ + function is_classic_user($user_status = '') +{ + return is_autorize_status(ACCESS_CLASSIC, $user_status); +} + +/* + * Return if user is, at least, an administrator + * @return bool +*/ + function is_admin($user_status = '') +{ + return is_autorize_status(ACCESS_ADMINISTRATOR, $user_status); +} + +/* + * Return if current user is an adviser + * @return bool +*/ +function is_adviser() +{ + global $user; + + return ($user['adviser'] == 'true'); +} + +/* + * Return mail address as display text + * @return string +*/ +function get_email_address_as_display_text($email_address) +{ + global $conf; + + if (!isset($email_address) or (trim($email_address) == '')) + { + return ''; + } + else + { + if (defined('IN_ADMIN') and is_adviser()) + { + return 'adviser.mode@'.$_SERVER['SERVER_NAME']; + } + else + { + return $email_address; + } + } +} + +/* + * Compute sql where condition with restrict and filter data. "FandF" means + * Forbidden and Filters. + * + * @param array condition_fields: read function body + * @param string prefix_condition: prefixes sql if condition is not empty + * @param boolean force_one_condition: use at least "1 = 1" + * + * @return string sql where/conditions + */ +function get_sql_condition_FandF( + $condition_fields, + $prefix_condition = null, + $force_one_condition = false + ) +{ + global $user, $filter; + + $sql_list = array(); + + foreach ($condition_fields as $condition => $field_name) + { + switch($condition) + { + case 'forbidden_categories': + { + if (!empty($user['forbidden_categories'])) + { + $sql_list[] = + $field_name.' NOT IN ('.$user['forbidden_categories'].')'; + } + break; + } + case 'visible_categories': + { + if (!empty($filter['visible_categories'])) + { + $sql_list[] = + $field_name.' IN ('.$filter['visible_categories'].')'; + } + break; + } + case 'visible_images': + if (!empty($filter['visible_images'])) + { + $sql_list[] = + $field_name.' IN ('.$filter['visible_images'].')'; + } + // note there is no break - visible include forbidden + case 'forbidden_images': + if ( + !empty($user['image_access_list']) + or $user['image_access_type']!='NOT IN' + ) + { + $table_prefix=null; + if ($field_name=='id') + { + $table_prefix = ''; + } + elseif ($field_name=='i.id') + { + $table_prefix = 'i.'; + } + if ( isset($table_prefix) ) + { + $sql_list[]=$table_prefix.'level<='.$user['level']; + } + else + { + $sql_list[]=$field_name.' '.$user['image_access_type'] + .' ('.$user['image_access_list'].')'; + } + } + break; + default: + { + die('Unknow condition'); + break; + } + } + } + + if (count($sql_list) > 0) + { + $sql = '('.implode(' AND ', $sql_list).')'; + } + else + { + if ($force_one_condition) + { + $sql = '1 = 1'; + } + else + { + $sql = ''; + } + } + + if (isset($prefix_condition) and !empty($sql)) + { + $sql = $prefix_condition.' '.$sql; + } + + return $sql; +} + +?>
\ No newline at end of file |