diff options
Diffstat (limited to '')
-rw-r--r-- | admin/include/functions.php | 622 | ||||
-rw-r--r-- | admin/include/isadmin.inc.php | 3 |
2 files changed, 600 insertions, 25 deletions
diff --git a/admin/include/functions.php b/admin/include/functions.php index f29b469d6..ce7fa076f 100644 --- a/admin/include/functions.php +++ b/admin/include/functions.php @@ -53,7 +53,59 @@ function is_image( $filename, $create_thumbnail = false ) } return false; } - + +/** + * returns an array with all picture files according to $conf['picture_ext'] + * + * @param string $dir + * @return array + */ +function get_picture_files( $dir ) +{ + global $conf; + + $pictures = array(); + if ( $opendir = opendir( $dir ) ) + { + while ( $file = readdir( $opendir ) ) + { + if ( in_array( get_extension( $file ), $conf['picture_ext'] ) ) + { + array_push( $pictures, $file ); + } + } + } + return $pictures; +} + +/** + * returns an array with all thumbnails according to $conf['picture_ext'] + * and $conf['prefix_thumbnail'] + * + * @param string $dir + * @return array + */ +function get_thumb_files( $dir ) +{ + global $conf; + + $prefix_length = strlen( $conf['prefix_thumbnail'] ); + + $thumbnails = array(); + if ( $opendir = @opendir( $dir ) ) + { + while ( $file = readdir( $opendir ) ) + { + if ( in_array( get_extension( $file ), $conf['picture_ext'] ) + and substr($file,0,$prefix_length) == $conf['prefix_thumbnail'] ) + { + array_push( $thumbnails, $file ); + } + } + } + return $thumbnails; +} + function TN_exists( $dir, $file ) { global $conf; @@ -67,8 +119,9 @@ function TN_exists( $dir, $file ) } } return false; -} +} + // The function delete_site deletes a site // and call the function delete_category for each primary category of the site function delete_site( $id ) @@ -91,6 +144,7 @@ function delete_site( $id ) mysql_query( $query ); } + // The function delete_category deletes the category identified by the $id // It also deletes (in the database) : // - all the images of the images (thanks to delete_image, see further) @@ -144,6 +198,7 @@ function delete_category( $id ) mysql_query( $query ); } + // The function delete_image deletes the image identified by the $id // It also deletes (in the database) : // - all the comments related to the image @@ -178,13 +233,14 @@ function delete_image( $id ) mysql_query( $query ); $count_deleted++; } - + // The delete_user function delete a user identified by the $user_id // It also deletes : // - all the access linked to this user // - all the links to any group // - all the favorites linked to this user // - all sessions linked to this user +// - all categories informations linked to this user function delete_user( $user_id ) { // destruction of the access linked to the user @@ -210,7 +266,13 @@ function delete_user( $user_id ) $query.= ' WHERE user_id = '.$user_id; $query.= ';'; mysql_query( $query ); - + + // destruction of the categories informations linked with the user + $query = 'DELETE FROM '.PREFIX_TABLE.'user_category'; + $query.= ' WHERE user_id = '.$user_id; + $query.= ';'; + mysql_query( $query ); + // destruction of the user $query = 'DELETE FROM '.PREFIX_TABLE.'users'; $query.= ' WHERE id = '.$user_id; @@ -230,7 +292,10 @@ function delete_group( $group_id ) $query.= ';'; mysql_query( $query ); - // destruction of the group links for this group + // synchronize all users linked to the group + synchronize_group( $group_id ); + + // destruction of the users links for this group $query = 'DELETE FROM '.PREFIX_TABLE.'user_group'; $query.= ' WHERE group_id = '.$group_id; $query.= ';'; @@ -248,14 +313,17 @@ function delete_group( $group_id ) // or invisible) function check_favorites( $user_id ) { - $query = 'SELECT status'; + $query = 'SELECT status,forbidden_categories'; $query.= ' FROM '.PREFIX_TABLE.'users'; $query.= ' WHERE id = '.$user_id; $query.= ';'; $row = mysql_fetch_array( mysql_query( $query ) ); $status = $row['status']; // retrieving all the restricted categories for this user - $restricted_cat = get_all_restrictions( $user_id, $status ); + if ( isset( $row['forbidden_categories'] ) ) + $restricted_cat = explode( ',', $row['forbidden_categories'] ); + else + $restricted_cat = array(); // retrieving all the favorites for this user and comparing their // categories to the restricted categories $query = 'SELECT image_id'; @@ -314,26 +382,22 @@ function update_category( $id = 'all' ) $query.= ' FROM '.PREFIX_TABLE.'image_category'; $query.= ' WHERE category_id = '.$id; $query.= ';'; - $row = mysql_fetch_array( mysql_query( $query ) ); - $query = 'UPDATE '.PREFIX_TABLE.'categories'; - $query.= ' SET nb_images = '.$row['nb_images']; - $query.= ' WHERE id = '.$id; - $query.= ';'; - mysql_query( $query ); + list( $nb_images ) = mysql_fetch_array( mysql_query( $query ) ); // updating the date_last - $query = 'SELECT date_available'; + $query = 'SELECT MAX(date_available) AS date_available'; $query.= ' FROM '.PREFIX_TABLE.'images'; - $query.= ' LEFT JOIN '.PREFIX_TABLE.'image_category ON id = image_id'; + $query.= ' INNER JOIN '.PREFIX_TABLE.'image_category ON id = image_id'; $query.= ' WHERE category_id = '.$id; - $query.= ' ORDER BY date_available DESC'; - $query.= ' LIMIT 0,1'; $query.= ';'; - $row = mysql_fetch_array( mysql_query( $query ) ); + list( $date_available ) = mysql_fetch_array( mysql_query( $query ) ); + $query = 'UPDATE '.PREFIX_TABLE.'categories'; - $query.= " SET date_last = '".$row['date_available']."'"; + $query.= " SET date_last = '".$date_available."'"; + $query.= ', nb_images = '.$nb_images; $query.= ' WHERE id = '.$id; $query.= ';'; mysql_query( $query ); + // updating the representative_picture_id : if the representative // picture of the category is not any more linked to the category, we // have to set representative_picture_id to NULL @@ -343,7 +407,7 @@ function update_category( $id = 'all' ) $row = mysql_fetch_array( mysql_query( $query ) ); // if the category has no representative picture (ie // representative_picture_id == NULL) we don't update anything - if ( $row['representative_picture_id'] != '' ) + if ( isset( $row['representative_picture_id'] ) ) { $query = 'SELECT image_id'; $query.= ' FROM '.PREFIX_TABLE.'image_category'; @@ -366,7 +430,7 @@ function update_category( $id = 'all' ) function check_date_format( $date ) { // date arrives at this format : DD/MM/YYYY - list($day,$month,$year) = explode( '/', $date ); + @list($day,$month,$year) = explode( '/', $date ); return @checkdate( $month, $day, $year ); } @@ -432,4 +496,518 @@ function display_categories( $categories, $indent, } } } -?>
\ No newline at end of file + +/** + * Complete plain structure of the gallery + * + * Returns the plain structure (one level array) of the gallery. In the + * returned array, each element is an array with jeys 'id' and + * 'id_uppercat'. The function also fills the array $page['subcats'] which + * associate (category_id => array of sub-categories id). + * + * @param bool $use_name + * @return array + */ +function get_plain_structure( $use_name = false ) +{ + global $page; + + $plain_structure = array(); + + $query = 'SELECT id,id_uppercat'; + if ( $use_name ) $query.= ',name'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; + $query.= ' ORDER BY id_uppercat ASC, rank ASC'; + $query.= ';'; + + $subcats = array(); + $id_uppercat = 'NULL'; + + $result = mysql_query( $query ); + while ( $row = mysql_fetch_array( $result ) ) + { + $plain_structure[$row['id']]['id'] = $row['id']; + if ( !isset( $row['id_uppercat'] ) ) $row['id_uppercat'] = 'NULL'; + $plain_structure[$row['id']]['id_uppercat'] = $row['id_uppercat']; + if ( $use_name ) $plain_structure[$row['id']]['name'] = $row['name']; + // subcats list + if ( $row['id_uppercat'] != $id_uppercat ) + { + $page['subcats'][$id_uppercat] = $subcats; + + $subcats = array(); + $id_uppercat = $row['id_uppercat']; + } + array_push( $subcats, $row['id'] ); + } + mysql_free_result( $result ); + + $page['subcats'][$id_uppercat] = $subcats; + + return $plain_structure; +} + +/** + * get N levels array representing structure under the given category + * + * create_structure returns the N levels array representing structure under + * the given gategory id. It also updates the + * $page['plain_structure'][id]['all_subcats_id'] and + * $page['plain_structure'][id]['direct_subcats_ids'] for each sub category. + * + * @param int $id_uppercat + * @return array + */ +function create_structure( $id_uppercat ) +{ + global $page; + + $structure = array(); + $ids = get_subcats_ids( $id_uppercat ); + foreach ( $ids as $id ) { + $category = $page['plain_structure'][$id]; + + $category['subcats'] = create_structure( $id ); + + $page['plain_structure'][$id]['all_subcats_ids'] = + get_all_subcats_ids( $id ); + + $page['plain_structure'][$id]['direct_subcats_ids'] = + get_subcats_ids( $id ); + + array_push( $structure, $category ); + } + return $structure; +} + +/** + * returns direct sub-categories ids + * + * Returns an array containing all the direct sub-categories ids of the + * given category. It uses the $page['subcats'] global array. + * + * @param int $id_uppercat + * @return array + */ +function get_subcats_ids( $id_uppercat ) +{ + global $page; + + if ( $id_uppercat == '' ) $id_uppercat = 'NULL'; + + if ( isset( $page['subcats'][$id_uppercat] ) ) + return $page['subcats'][$id_uppercat]; + else + return array(); +} + +/** + * returns all sub-categories ids, not only direct ones + * + * Returns an array containing all the sub-categories ids of the given + * category, not only direct ones. This function is recursive. + * + * @param int $category_id + * @return array + */ +function get_all_subcats_ids( $category_id ) +{ + $ids = array(); + + $subcats = get_subcats_ids( $category_id ); + $ids = array_merge( $ids, $subcats ); + foreach ( $subcats as $subcat ) { + // recursive call + $sub_subcats = get_all_subcats_ids( $subcat ); + $ids = array_merge( $ids, $sub_subcats ); + } + return array_unique( $ids ); +} + +/** + * prepares the query to update the table user_category + * + * Prepares the query (global variable $values) to update table + * user_category : for a couple (user,category) the number of sub-categories + * and the last date of the category (all sub-categories taken into + * account). It also calls function update_uppercats for each category. The + * function is recursive. + * + * @param array $categories + * @return void + */ +function update_user_category( $categories ) +{ + global $page,$user_restrictions,$value_num,$values; + + foreach ( $categories as $category ) { + // recursive call + update_user_category( $category['subcats'] ); + // 1. update the table user_category + foreach ( $user_restrictions as $user_id => $restrictions ) { + // if the category is forbidden to this user, go to next user + if ( in_array( $category['id'], $restrictions ) ) continue; + + // how many sub_categories for this user ? + $user_subcats = array_diff( + $page['plain_structure'][$category['id']]['direct_subcats_ids'], + $restrictions ); + $user_nb_subcats = count( array_unique( $user_subcats ) ); + // last date of the category + $user_all_subcats = array_unique( array_diff( + $page['plain_structure'][$category['id']]['all_subcats_ids'], + $restrictions ) ); + + $query = 'SELECT MAX(date_last) AS last_date'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; + $query.= ' WHERE id IN ('.$category['id']; + if ( count( $user_all_subcats ) > 0 ) + $query.= ','.implode( ',', $user_all_subcats ); + $query.= ')'; + $query.= ';'; + $row = mysql_fetch_array( mysql_query( $query ) ); + + // insert a new line in database + if ( $value_num++ > 0 ) $values.= ', '; + else $values.= ' '; + $values.= '('.$user_id.",".$category['id']; + if ( isset( $row['last_date'] ) ) $values.= ",'".$row['last_date']."'"; + else $values.= ',NULL'; + $values.= ','.$user_nb_subcats.')'; + } + update_uppercats( $category['id'] ); + } +} + +/** + * updates the column categories.uppercats + * + * @param int $category_id + * @return void + */ +function update_uppercats( $category_id ) +{ + global $page; + + $final_id = $category_id; + $uppercats = array(); + + array_push( $uppercats, $category_id ); + $uppercat = $page['plain_structure'][$category_id]['id_uppercat']; + + while ( $uppercat != 'NULL' ) + { + array_push( $uppercats, $uppercat ); + $category_id = $page['plain_structure'][$category_id]['id_uppercat']; + $uppercat = $page['plain_structure'][$category_id]['id_uppercat']; + } + + $string_uppercats = implode( ',', array_reverse( $uppercats ) ); + $query = 'UPDATE '.PREFIX_TABLE.'categories'; + $query.= ' SET uppercats = '."'".$string_uppercats."'"; + $query.= ' WHERE id = '.$final_id; + $query.= ';'; + mysql_query( $query ); +} + +/** + * returns an array with the ids of the restricted categories for the user + * + * Returns an array with the ids of the restricted categories for the + * user. If the $check_invisible parameter is set to true, invisible + * categorie are added to the restricted one in the array. + * + * @param int $user_id + * @param string $user_status + * @param bool $check_invisible + * @param bool $use_groups + * @return array + */ +function get_user_restrictions( $user_id, $user_status, + $check_invisible, $use_groups = true ) +{ + // 1. retrieving ids of private categories + $query = 'SELECT id'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; + $query.= " WHERE status = 'private'"; + $query.= ';'; + $result = mysql_query( $query ); + $privates = array(); + while ( $row = mysql_fetch_array( $result ) ) + { + array_push( $privates, $row['id'] ); + } + // 2. retrieving all authorized categories for the user + $authorized = array(); + // 2.1. retrieving authorized categories thanks to personnal user + // authorization + $query = 'SELECT cat_id'; + $query.= ' FROM '.PREFIX_TABLE.'user_access'; + $query.= ' WHERE user_id = '.$user_id; + $query.= ';'; + $result = mysql_query( $query ); + while ( $row = mysql_fetch_array( $result ) ) + { + array_push( $authorized, $row['cat_id'] ); + } + // 2.2. retrieving authorized categories thanks to group authorization to + // which the user is a member + if ( $use_groups ) + { + $query = 'SELECT ga.cat_id'; + $query.= ' FROM '.PREFIX_TABLE.'user_group as ug'; + $query.= ', '.PREFIX_TABLE.'group_access as ga'; + $query.= ' WHERE ug.group_id = ga.group_id'; + $query.= ' AND ug.user_id = '.$user_id; + $query.= ';'; + $result = mysql_query( $query ); + while ( $row = mysql_fetch_array( $result ) ) + { + array_push( $authorized, $row['cat_id'] ); + } + $authorized = array_unique( $authorized ); + } + + $forbidden = array(); + foreach ( $privates as $private ) { + if ( !in_array( $private, $authorized ) ) + { + array_push( $forbidden, $private ); + } + } + + if ( $check_invisible ) + { + // 3. adding to the restricted categories, the invisible ones + if ( $user_status != 'admin' ) + { + $query = 'SELECT id'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; + $query.= " WHERE visible = 'false';"; + $result = mysql_query( $query ); + while ( $row = mysql_fetch_array( $result ) ) + { + array_push( $forbidden, $row['id'] ); + } + } + } + return array_unique( $forbidden ); +} + +/** + * finalizes operation for user_category table update + * + * This function is called by synchronization_*. It creates the + * $page['plain_structure'] and $page['structure'], get the SQL query to + * update user_category, clean user_category, and finally update the + * table. The users updates depends on the global array $user_restrictions. + * + * @return void + */ +function synchronize() +{ + global $user_restrictions,$page,$values; + + update_user_category( $page['structure'] ); + + // cleaning user_category table for users to update + foreach( $user_restrictions as $user_id => $restrictions ) { + $query = 'DELETE'; + $query.= ' FROM '.PREFIX_TABLE.'user_category'; + $query.= ' WHERE user_id = '.$user_id; + $query.= ';'; + mysql_query( $query ); + } + + $query = 'INSERT INTO '.PREFIX_TABLE.'user_category'; + $query.= ' (user_id,category_id,date_last,nb_sub_categories) VALUES '; + $query.= $values; + $query.= ';'; + mysql_query( $query ); +} + +/** + * synchronizes all users calculated informations + * + * fills global array $user_restrictions with all users and related + * restrictions before calling synchronize. + * + * @return void + */ +function synchronize_all_users() +{ + global $user_restrictions,$page; + + $page['plain_structure'] = get_plain_structure(); + $page['structure'] = create_structure( '' ); + + $user_restrictions = array(); + + $query = 'SELECT id'; + $query.= ' FROM '.PREFIX_TABLE.'users'; + $query.= ';'; + $result = mysql_query( $query ); + while ( $row = mysql_fetch_array( $result ) ) + { + $user_restrictions[$row['id']] = update_user_restrictions( $row['id'] ); + } + synchronize(); +} + +/** + * synchronizes 1 user calculated informations + * + * fills global array $user_restrictions with the user id and its related + * restrictions before calling synchronize. + * + * @param int $user_id + * @return void + */ +function synchronize_user( $user_id ) +{ + global $user_restrictions,$page; + + $page['plain_structure'] = get_plain_structure(); + $page['structure'] = create_structure( '' ); + + $user_restrictions = array(); + $user_restrictions[$user_id] = update_user_restrictions( $user_id ); + synchronize(); +} + +/** + * synchronizes all users (belonging to the group) calculated informations + * + * fills global array $user_restrictions with all users and related + * restrictions before calling synchronize. + * + * @return void + */ +function synchronize_group( $group_id ) +{ + global $user_restrictions,$page; + + $page['plain_structure'] = get_plain_structure(); + $page['structure'] = create_structure( '' ); + + $user_restrictions = array(); + + $query = 'SELECT id'; + $query.= ' FROM '.PREFIX_TABLE.'users'; + $query.= ', '.PREFIX_TABLE.'user_group'; + $query.= ' WHERE group_id = '.$group_id; + $query.= ' AND id = user_id'; + $query.= ';'; + $result = mysql_query( $query ); + while ( $row = mysql_fetch_array( $result ) ) + { + $user_restrictions[$row['id']] = update_user_restrictions( $row['id'] ); + } + synchronize(); +} + +/** + * updates the calculated data users.forbidden_categories, it includes + * sub-categories of the direct forbidden categories + * + * @param nt $user_id + * @return array + */ +function update_user_restrictions( $user_id ) +{ + $restrictions = get_user_all_restrictions( $user_id ); + + // update the users.forbidden_categories in database + $query = 'UPDATE '.PREFIX_TABLE.'users'; + $query.= ' SET forbidden_categories = '; + if ( count( $restrictions ) > 0 ) + $query.= "'".implode( ',', $restrictions )."'"; + else + $query.= 'NULL'; + $query .= ' WHERE id = '.$user_id; + $query.= ';'; + mysql_query( $query ); + + return $restrictions; +} + +/** + * returns all the restricted categories ids including sub-categories + * + * @param int $user_id + * @return array + */ +function get_user_all_restrictions( $user_id ) +{ + global $page; + + $query = 'SELECT status'; + $query.= ' FROM '.PREFIX_TABLE.'users'; + $query.= ' WHERE id = '.$user_id; + $query.= ';'; + $row = mysql_fetch_array( mysql_query( $query ) ); + + $base_restrictions=get_user_restrictions($user_id,$row['status'],true,true); + + $restrictions = $base_restrictions; + foreach ( $base_restrictions as $category_id ) { + echo $category_id.' is forbidden to user '.$user_id.'<br />'; + $restrictions = + array_merge( $restrictions, + $page['plain_structure'][$category_id]['all_subcats_ids'] ); + } + + return array_unique( $restrictions ); +} + +// The function is_user_allowed returns : +// - 0 : if the category is allowed with this $restrictions array +// - 1 : if this category is not allowed +// - 2 : if an uppercat category is not allowed +// Note : the restrictions array must represent ONLY direct forbidden +// categories, not all forbidden categories +function is_user_allowed( $category_id, $restrictions ) +{ + if ( in_array( $category_id, $restrictions ) ) return 1; + + $query = 'SELECT uppercats'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; + $query.= ' WHERE id = '.$category_id; + $query.= ';'; + $row = mysql_fetch_array( mysql_query( $query ) ); + $uppercats = explode( ',', $row['uppercats'] ); + foreach ( $uppercats as $category_id ) { + if ( in_array( $category_id, $restrictions ) ) return 2; + } + + // no restriction found : the user is allowed to access this category + return 0; +} + +/** + * returns an array containing sub-directories which can be a category + * + * directories nammed "thumbnail" are omitted + * + * @param string $basedir + * @return array + */ +function get_category_directories( $basedir ) +{ + $sub_dirs = array(); + + if ( $opendir = opendir( $basedir ) ) + { + while ( $file = readdir( $opendir ) ) + { + if ( $file != '.' and $file != '..' + and is_dir( $basedir.'/'.$file ) + and $file != 'thumbnail' ) + { + array_push( $sub_dirs, $file ); + } + } + } + return $sub_dirs; +} +?> diff --git a/admin/include/isadmin.inc.php b/admin/include/isadmin.inc.php index 341fc65ba..14032c566 100644 --- a/admin/include/isadmin.inc.php +++ b/admin/include/isadmin.inc.php @@ -16,10 +16,7 @@ * the Free Software Foundation; * * * ***************************************************************************/ -define( "PREFIX_INCLUDE", '' ); -include_once( './include/config.inc.php' ); -include_once( './include/user.inc.php' ); include( './admin/include/functions.php' ); $isadmin = true; |