aboutsummaryrefslogtreecommitdiffstats
path: root/include/functions_user.inc.php
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--include/functions_user.inc.php302
1 files changed, 302 insertions, 0 deletions
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
new file mode 100644
index 000000000..48160f113
--- /dev/null
+++ b/include/functions_user.inc.php
@@ -0,0 +1,302 @@
+<?php
+/***************************************************************************
+ * functions_user.inc.php *
+ * -------------------- *
+ * application : PhpWebGallery 1.3 *
+ * author : Pierrick LE GALL <pierrick@z0rglub.com> *
+ * *
+ ***************************************************************************
+
+ ***************************************************************************
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; *
+ * *
+ ***************************************************************************/
+function validate_mail_address( $mail_address )
+{
+ global $lang;
+
+ $output = '';
+ // le mail doit être conforme à qqch du type : nom@serveur.com
+ if ( $mail_address != ''
+ and !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)",
+ $mail_address ) )
+ {
+ $output = $lang['reg_err_mail_address'];
+ }
+
+ return $output;
+}
+
+function register_user( $login, $password, $password_conf,
+ $mail_address, $status = 'visiteur' )
+{
+ global $prefixeTable;
+
+ $error = array();
+ $i = 0;
+ // le login ne doit pas
+ // 1. être vide
+ // 2. commencer ou se terminer par un espace
+ // 3. comporter les caractères ' ou "
+ // 4. être déjà utilisé
+ if ( $login == '' )
+ {
+ $error[$i++] = $lang['reg_err_login1'];
+ }
+ if ( ereg( "^.* $", $login) )
+ {
+ $error[$i++] = $lang['reg_err_login2'];
+ }
+ if ( ereg( "^ .*$", $login ) )
+ {
+ $error[$i++] = $lang['reg_err_login3'];
+ }
+ if ( ereg( "'", $login ) or ereg( "\"", $login ) )
+ {
+ $error[$i++] = $lang['reg_err_login4'];
+ }
+ else
+ {
+ $query = 'select id';
+ $query.= ' from '.$prefixeTable.'users';
+ $query.= " where pseudo = '".$login."';";
+ $result = mysql_query( $query );
+ if ( mysql_num_rows( $result ) > 0 )
+ {
+ $error[$i++] = $lang['reg_err_login5'];
+ }
+ }
+ // on vérifie que le password rentré correspond bien
+ // à la confirmation faite par l'utilisateur
+ if ( $password != $password_conf )
+ {
+ $error[$i++] = $lang['reg_err_pass'];
+ }
+
+ $error_mail_address = validate_mail_address( $mail_address );
+ if ( $error_mail_address != '' )
+ {
+ $error[$i++] = $error_mail_address;
+ }
+
+ // on enregistre le nouvel utilisateur si aucune
+ //erreur détectée dans les paramètres
+ if ( sizeof( $error ) == 0 )
+ {
+ // 1.récupération des valeurs par défaut de l'application
+ $infos = array( 'nb_image_line', 'nb_line_page', 'theme', 'language',
+ 'maxwidth', 'maxheight', 'expand', 'show_nb_comments',
+ 'short_period', 'long_period', 'template' );
+ $query = 'select';
+ for ( $i = 0; $i < sizeof( $infos ); $i++ )
+ {
+ if ( $i > 0 )
+ {
+ $query.= ',';
+ }
+ else
+ {
+ $query.= ' ';
+ }
+ $query.= $infos[$i];
+ }
+ $query.= ' from '.$prefixeTable.'users';
+ $query.= " where pseudo = 'visiteur';";
+ $row = mysql_fetch_array( mysql_query( $query ) );
+ // 2.ajout du nouvel utilisateur
+ $query = 'insert into '.$prefixeTable.'users';
+ $query.= ' (';
+ $query.= ' pseudo,password,mail_address,status';
+ for ( $i = 0; $i < sizeof( $infos ); $i++ )
+ {
+ $query.= ','.$infos[$i];
+ }
+ $query.= ' values (';
+ $query.= " '".$login."'";
+ $query.= ",'".md5( $password )."'";
+ if ( $mail_address != '' )
+ {
+ $query.= ",'".$mail_address."'";
+ }
+ else
+ {
+ $query.= ',NULL';
+ }
+ $query.= ",'".$status."'";
+ for ( $i = 0; $i < sizeof( $infos ); $i++ )
+ {
+ $query.= ','.$row[$infos[$i]];
+ }
+ $query.= ');';
+ mysql_query( $query );
+ // 3. récupérer l'identifiant de l'utilisateur nouvellement créé
+ $query = 'select id';
+ $query.= ' from '.$prefixeTable.'users';
+ $query.= " where pseudo = '".$login."';";
+ $row = mysql_fetch_array( mysql_query( $query ) );
+ $user_id = $row['id'];
+ // 4.ajouter les restrictions au nouvel utilisateur,
+ // les mêmes que celles de l'utilisateur par défaut
+ $query = 'select cat_id';
+ $query.= ' from '.$prefixeTable.'restrictions as r';
+ $query.= ','.$prefixeTable.'users as u ';
+ $query.= ' where u.id = r.user_id';
+ $query.= " and u.pseudo = 'visiteur';";
+ $result = mysql_query( $query );
+ while( $row = mysql_fetch_array( $result ) )
+ {
+ $query = 'insert into '.$prefixeTable.'restrictions';
+ $query.= ' (user_id,cat_id) values';
+ $query.= ' ('.$user_id.','.$row['cat_id'].');';
+ mysql_query ( $query );
+ }
+ }
+ return $error;
+}
+
+function update_user( $user_id, $mail_address, $status,
+ $use_new_password = false, $password = '' )
+{
+ global $prefixeTable;
+
+ $error = array();
+ $i = 0;
+
+ $error_mail_address = validate_mail_address( $mail_address );
+ if ( $error_mail_address != '' )
+ {
+ $error[$i++] = $error_mail_address;
+ }
+
+ if ( sizeof( $error ) == 0 )
+ {
+ $query = 'update '.$prefixeTable.'users';
+ $query.= " set status = '".$status."'";
+ if ( $use_new_password )
+ {
+ $query.= ", password = '".md5( $password )."'";
+ }
+ $query.= ', mail_address = ';
+ if ( $mail_address != '' )
+ {
+ $query.= "'".$mail_address."'";
+ }
+ else
+ {
+ $query.= 'NULL';
+ }
+ $query.= ' where id = '.$user_id;
+ $query.= ';';
+ mysql_query( $query );
+ }
+ return $error;
+}
+
+function check_login_authorization()
+{
+ global $user,$lang,$conf,$page;
+ if ( $user['is_the_guest']
+ and ( $conf['acces'] == 'restreint' or $page['cat'] == 'fav' ) )
+ {
+ echo '<div style="text-align:center;">'.$lang['only_members'].'<br />';
+ echo '<a href="./identification.php">'.$lang['ident_title'].'</a></div>';
+ exit();
+ }
+}
+
+// The function get_restrictions returns an array with the ids of the
+// restricted categories for the user.
+// If the $check_invisible parameter is set to true, invisible categories
+// are added to the restricted one in the array.
+function get_restrictions( $user_id, $user_status, $check_invisible )
+{
+ global $prefixeTable;
+
+ // 1. getting the ids of the restricted categories
+ $query = "select cat_id";
+ $query.= " from $prefixeTable"."restrictions";
+ $query.= " where user_id = $user_id;";
+ $result = mysql_query( $query );
+ $i = 0;
+ $restriction = array();
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ $restriction[$i++] = $row['cat_id'];
+ }
+ if ( $check_invisible )
+ {
+ // 2. adding to the restricted categories, the invisible ones
+ if ( $user_status != "admin" )
+ {
+ $query = 'select id';
+ $query.= ' from '.$prefixeTable.'categories';
+ $query.= " where status='invisible';";
+ $result = mysql_query( $query );
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ $restriction[$i++] = $row['id'];
+ }
+ }
+ }
+ return $restriction;
+}
+
+// The get_all_restrictions function returns an array with all the
+// categories id which are restricted for the user. Including the
+// sub-categories and invisible categories
+function get_all_restrictions( $user_id, $user_status )
+{
+ global $prefixeTable;
+
+ $restricted_cat = get_restrictions( $user_id, $user_status, true );
+ $i = sizeof( $restricted_cat );
+ for ( $k = 0; $k < sizeof( $restricted_cat ); $k++ )
+ {
+ $sub_restricted_cat = get_subcats_id( $restricted_cat[$k] );
+ for ( $j = 0; $j < sizeof( $sub_restricted_cat ); $j++ )
+ {
+ $restricted_cat[$i++] = $sub_restricted_cat[$j];
+ }
+ }
+ return $restricted_cat;
+}
+
+// The function is_user_allowed returns :
+// - 0 : if the category is allowed with this $restrictions array
+// - 1 : if this category is not allowed
+// - 2 : if an uppercat category is not allowed
+function is_user_allowed( $category_id, $restrictions )
+{
+ global $user,$prefixeTable;
+
+ $lowest_category_id = $category_id;
+
+ $is_root = false;
+ while ( !$is_root and !in_array( $category_id, $restrictions ) )
+ {
+ $query = "select id_uppercat";
+ $query.= " from $prefixeTable"."categories";
+ $query.= " where id = $category_id;";
+ $row = mysql_fetch_array( mysql_query( $query ) );
+ if ( $row['id_uppercat'] == "" )
+ {
+ $is_root = true;
+ }
+ $category_id = $row['id_uppercat'];
+ }
+
+ if ( in_array( $lowest_category_id, $restrictions ) )
+ {
+ return 1;
+ }
+ if ( in_array( $category_id, $restrictions ) )
+ {
+ return 2;
+ }
+ // this user is allowed to go in this category
+ return 0;
+}
+?> \ No newline at end of file