diff options
Diffstat (limited to '')
-rw-r--r-- | include/functions_user.inc.php | 302 |
1 files changed, 302 insertions, 0 deletions
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php new file mode 100644 index 000000000..48160f113 --- /dev/null +++ b/include/functions_user.inc.php @@ -0,0 +1,302 @@ +<?php +/*************************************************************************** + * functions_user.inc.php * + * -------------------- * + * application : PhpWebGallery 1.3 * + * author : Pierrick LE GALL <pierrick@z0rglub.com> * + * * + *************************************************************************** + + *************************************************************************** + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation; * + * * + ***************************************************************************/ +function validate_mail_address( $mail_address ) +{ + global $lang; + + $output = ''; + // le mail doit être conforme à qqch du type : nom@serveur.com + if ( $mail_address != '' + and !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)", + $mail_address ) ) + { + $output = $lang['reg_err_mail_address']; + } + + return $output; +} + +function register_user( $login, $password, $password_conf, + $mail_address, $status = 'visiteur' ) +{ + global $prefixeTable; + + $error = array(); + $i = 0; + // le login ne doit pas + // 1. être vide + // 2. commencer ou se terminer par un espace + // 3. comporter les caractères ' ou " + // 4. être déjà utilisé + if ( $login == '' ) + { + $error[$i++] = $lang['reg_err_login1']; + } + if ( ereg( "^.* $", $login) ) + { + $error[$i++] = $lang['reg_err_login2']; + } + if ( ereg( "^ .*$", $login ) ) + { + $error[$i++] = $lang['reg_err_login3']; + } + if ( ereg( "'", $login ) or ereg( "\"", $login ) ) + { + $error[$i++] = $lang['reg_err_login4']; + } + else + { + $query = 'select id'; + $query.= ' from '.$prefixeTable.'users'; + $query.= " where pseudo = '".$login."';"; + $result = mysql_query( $query ); + if ( mysql_num_rows( $result ) > 0 ) + { + $error[$i++] = $lang['reg_err_login5']; + } + } + // on vérifie que le password rentré correspond bien + // à la confirmation faite par l'utilisateur + if ( $password != $password_conf ) + { + $error[$i++] = $lang['reg_err_pass']; + } + + $error_mail_address = validate_mail_address( $mail_address ); + if ( $error_mail_address != '' ) + { + $error[$i++] = $error_mail_address; + } + + // on enregistre le nouvel utilisateur si aucune + //erreur détectée dans les paramètres + if ( sizeof( $error ) == 0 ) + { + // 1.récupération des valeurs par défaut de l'application + $infos = array( 'nb_image_line', 'nb_line_page', 'theme', 'language', + 'maxwidth', 'maxheight', 'expand', 'show_nb_comments', + 'short_period', 'long_period', 'template' ); + $query = 'select'; + for ( $i = 0; $i < sizeof( $infos ); $i++ ) + { + if ( $i > 0 ) + { + $query.= ','; + } + else + { + $query.= ' '; + } + $query.= $infos[$i]; + } + $query.= ' from '.$prefixeTable.'users'; + $query.= " where pseudo = 'visiteur';"; + $row = mysql_fetch_array( mysql_query( $query ) ); + // 2.ajout du nouvel utilisateur + $query = 'insert into '.$prefixeTable.'users'; + $query.= ' ('; + $query.= ' pseudo,password,mail_address,status'; + for ( $i = 0; $i < sizeof( $infos ); $i++ ) + { + $query.= ','.$infos[$i]; + } + $query.= ' values ('; + $query.= " '".$login."'"; + $query.= ",'".md5( $password )."'"; + if ( $mail_address != '' ) + { + $query.= ",'".$mail_address."'"; + } + else + { + $query.= ',NULL'; + } + $query.= ",'".$status."'"; + for ( $i = 0; $i < sizeof( $infos ); $i++ ) + { + $query.= ','.$row[$infos[$i]]; + } + $query.= ');'; + mysql_query( $query ); + // 3. récupérer l'identifiant de l'utilisateur nouvellement créé + $query = 'select id'; + $query.= ' from '.$prefixeTable.'users'; + $query.= " where pseudo = '".$login."';"; + $row = mysql_fetch_array( mysql_query( $query ) ); + $user_id = $row['id']; + // 4.ajouter les restrictions au nouvel utilisateur, + // les mêmes que celles de l'utilisateur par défaut + $query = 'select cat_id'; + $query.= ' from '.$prefixeTable.'restrictions as r'; + $query.= ','.$prefixeTable.'users as u '; + $query.= ' where u.id = r.user_id'; + $query.= " and u.pseudo = 'visiteur';"; + $result = mysql_query( $query ); + while( $row = mysql_fetch_array( $result ) ) + { + $query = 'insert into '.$prefixeTable.'restrictions'; + $query.= ' (user_id,cat_id) values'; + $query.= ' ('.$user_id.','.$row['cat_id'].');'; + mysql_query ( $query ); + } + } + return $error; +} + +function update_user( $user_id, $mail_address, $status, + $use_new_password = false, $password = '' ) +{ + global $prefixeTable; + + $error = array(); + $i = 0; + + $error_mail_address = validate_mail_address( $mail_address ); + if ( $error_mail_address != '' ) + { + $error[$i++] = $error_mail_address; + } + + if ( sizeof( $error ) == 0 ) + { + $query = 'update '.$prefixeTable.'users'; + $query.= " set status = '".$status."'"; + if ( $use_new_password ) + { + $query.= ", password = '".md5( $password )."'"; + } + $query.= ', mail_address = '; + if ( $mail_address != '' ) + { + $query.= "'".$mail_address."'"; + } + else + { + $query.= 'NULL'; + } + $query.= ' where id = '.$user_id; + $query.= ';'; + mysql_query( $query ); + } + return $error; +} + +function check_login_authorization() +{ + global $user,$lang,$conf,$page; + if ( $user['is_the_guest'] + and ( $conf['acces'] == 'restreint' or $page['cat'] == 'fav' ) ) + { + echo '<div style="text-align:center;">'.$lang['only_members'].'<br />'; + echo '<a href="./identification.php">'.$lang['ident_title'].'</a></div>'; + exit(); + } +} + +// The function get_restrictions returns an array with the ids of the +// restricted categories for the user. +// If the $check_invisible parameter is set to true, invisible categories +// are added to the restricted one in the array. +function get_restrictions( $user_id, $user_status, $check_invisible ) +{ + global $prefixeTable; + + // 1. getting the ids of the restricted categories + $query = "select cat_id"; + $query.= " from $prefixeTable"."restrictions"; + $query.= " where user_id = $user_id;"; + $result = mysql_query( $query ); + $i = 0; + $restriction = array(); + while ( $row = mysql_fetch_array( $result ) ) + { + $restriction[$i++] = $row['cat_id']; + } + if ( $check_invisible ) + { + // 2. adding to the restricted categories, the invisible ones + if ( $user_status != "admin" ) + { + $query = 'select id'; + $query.= ' from '.$prefixeTable.'categories'; + $query.= " where status='invisible';"; + $result = mysql_query( $query ); + while ( $row = mysql_fetch_array( $result ) ) + { + $restriction[$i++] = $row['id']; + } + } + } + return $restriction; +} + +// The get_all_restrictions function returns an array with all the +// categories id which are restricted for the user. Including the +// sub-categories and invisible categories +function get_all_restrictions( $user_id, $user_status ) +{ + global $prefixeTable; + + $restricted_cat = get_restrictions( $user_id, $user_status, true ); + $i = sizeof( $restricted_cat ); + for ( $k = 0; $k < sizeof( $restricted_cat ); $k++ ) + { + $sub_restricted_cat = get_subcats_id( $restricted_cat[$k] ); + for ( $j = 0; $j < sizeof( $sub_restricted_cat ); $j++ ) + { + $restricted_cat[$i++] = $sub_restricted_cat[$j]; + } + } + return $restricted_cat; +} + +// The function is_user_allowed returns : +// - 0 : if the category is allowed with this $restrictions array +// - 1 : if this category is not allowed +// - 2 : if an uppercat category is not allowed +function is_user_allowed( $category_id, $restrictions ) +{ + global $user,$prefixeTable; + + $lowest_category_id = $category_id; + + $is_root = false; + while ( !$is_root and !in_array( $category_id, $restrictions ) ) + { + $query = "select id_uppercat"; + $query.= " from $prefixeTable"."categories"; + $query.= " where id = $category_id;"; + $row = mysql_fetch_array( mysql_query( $query ) ); + if ( $row['id_uppercat'] == "" ) + { + $is_root = true; + } + $category_id = $row['id_uppercat']; + } + + if ( in_array( $lowest_category_id, $restrictions ) ) + { + return 1; + } + if ( in_array( $category_id, $restrictions ) ) + { + return 2; + } + // this user is allowed to go in this category + return 0; +} +?>
\ No newline at end of file |