diff options
Diffstat (limited to '')
| -rw-r--r-- | include/common.inc.php | 41 | ||||
| -rw-r--r-- | include/config_default.inc.php | 25 | ||||
| -rw-r--r-- | include/constants.php | 8 | ||||
| -rw-r--r-- | include/functions.inc.php | 9 | ||||
| -rw-r--r-- | include/functions_category.inc.php | 22 | ||||
| -rw-r--r-- | include/functions_session.inc.php | 25 | ||||
| -rw-r--r-- | include/functions_user.inc.php | 349 | ||||
| -rw-r--r-- | include/user.inc.php | 116 |
8 files changed, 300 insertions, 295 deletions
diff --git a/include/common.inc.php b/include/common.inc.php index a57e00641..afed22c87 100644 --- a/include/common.inc.php +++ b/include/common.inc.php @@ -120,9 +120,9 @@ if (!defined('PHPWG_INSTALLED')) exit; } -include(PHPWG_ROOT_PATH . 'include/constants.php'); include(PHPWG_ROOT_PATH . 'include/config_default.inc.php'); @include(PHPWG_ROOT_PATH. 'include/config_local.inc.php'); +include(PHPWG_ROOT_PATH . 'include/constants.php'); include(PHPWG_ROOT_PATH . 'include/functions.inc.php'); include(PHPWG_ROOT_PATH . 'include/template.php'); @@ -164,4 +164,43 @@ while ( $row =mysql_fetch_array( $result ) ) } include(PHPWG_ROOT_PATH.'include/user.inc.php'); + +// language files +$user_langdir = PHPWG_ROOT_PATH.'language/'.$user['language']; +$conf_langdir = PHPWG_ROOT_PATH.'language/'.$conf['default_language']; + +if (file_exists($user_langdir.'/common.lang.php')) +{ + include_once($user_langdir.'/common.lang.php'); +} +else +{ + include_once($conf_langdir.'/common.lang.php'); +} + +// The administration section requires 2 more language files +if (defined('IN_ADMIN') and IN_ADMIN) +{ + foreach (array('admin', 'faq') as $section) + { + if (file_exists($user_langdir.'/'.$section.'.lang.php')) + { + include_once($user_langdir.'/'.$section.'.lang.php'); + } + else + { + include_once($conf_langdir.'/'.$section.'.lang.php'); + } + } +} + +// only now we can set the localized username of the guest user (and not in +// include/user.inc.php) +if ($user['is_the_guest']) +{ + $user['username'] = $lang['guest']; +} + +// template instance +$template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template']); ?> diff --git a/include/config_default.inc.php b/include/config_default.inc.php index 8debb63f0..d641223da 100644 --- a/include/config_default.inc.php +++ b/include/config_default.inc.php @@ -227,4 +227,29 @@ $conf['show_picture_name_on_title'] = true; // apache_authentication : use Apache authentication as reference instead of // users table ? $conf['apache_authentication'] = false; + +// debug_l10n : display a warning message each time an unset language key is +// accessed +$conf['debug_l10n'] = false; + +// users_table : which table is the reference for users ? Can be a different +// table than PhpWebGallery table +$conf['users_table'] = $prefixeTable.'users'; + +// user_fields : mapping between generic field names and table specific +// field names. For example, in PWG, the mail address is names +// "mail_address" and in punbb, it's called "email". +$conf['user_fields'] = array( + 'id' => 'id', + 'username' => 'username', + 'password' => 'password', + 'email' => 'mail_address' + ); + +// pass_convert : function to crypt or hash the clear user password to store +// it in the database +$conf['pass_convert'] = create_function('$s', 'return md5($s);'); + +// guest_id : id of the anonymous user +$conf['guest_id'] = 2; ?> diff --git a/include/constants.php b/include/constants.php index 75764f1a5..258583305 100644 --- a/include/constants.php +++ b/include/constants.php @@ -30,9 +30,6 @@ define('PHPWG_VERSION', '%PWGVERSION%'); define('PHPWG_URL', 'http://www.phpwebgallery.net'); define('PHPWG_FORUM_URL', 'http://forum.phpwebgallery.net'); -// User level -define('ANONYMOUS', 2); - // Error codes define('GENERAL_MESSAGE', 200); define('GENERAL_ERROR', 202); @@ -53,10 +50,11 @@ define('SESSIONS_TABLE', $prefixeTable.'sessions'); define('SITES_TABLE', $prefixeTable.'sites'); define('USER_ACCESS_TABLE', $prefixeTable.'user_access'); define('USER_GROUP_TABLE', $prefixeTable.'user_group'); -define('USERS_TABLE', $prefixeTable.'users'); +define('USERS_TABLE', $conf['users_table']); +define('USER_INFOS_TABLE', $prefixeTable.'user_infos'); define('WAITING_TABLE', $prefixeTable.'waiting'); define('IMAGE_METADATA_TABLE', $prefixeTable.'image_metadata'); define('RATE_TABLE', $prefixeTable.'rate'); -define('USER_FORBIDDEN_TABLE', $prefixeTable.'user_forbidden'); +define('USER_CACHE_TABLE', $prefixeTable.'user_cache'); define('CADDIE_TABLE', $prefixeTable.'caddie'); ?> diff --git a/include/functions.inc.php b/include/functions.inc.php index 2b1668de9..8a3a1f116 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -774,8 +774,13 @@ function get_name_from_file($filename) */ function l10n($key) { - global $lang; + global $lang, $conf; - return (isset($lang[$key])) ? $lang[$key] : $key; + if ($conf['debug_l10n']) + { + echo '[l10n] language key "'.$key.'" is not defined<br />'; + } + + return isset($lang[$key]) ? $lang[$key] : $key; } ?> diff --git a/include/functions_category.inc.php b/include/functions_category.inc.php index 383c0fa5d..005452db1 100644 --- a/include/functions_category.inc.php +++ b/include/functions_category.inc.php @@ -40,11 +40,11 @@ * @param int category id to verify * @return void */ -function check_restrictions( $category_id ) +function check_restrictions($category_id) { - global $user,$lang; + global $user, $lang; - if ( in_array( $category_id, $user['restrictions'] ) ) + if (in_array($category_id, explode(',', $user['forbidden_categories']))) { echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />'; echo '<a href="'.add_session_id( './category.php' ).'">'; @@ -167,18 +167,12 @@ function count_user_total_images() $query = ' SELECT COUNT(DISTINCT(image_id)) as total - FROM '.IMAGE_CATEGORY_TABLE; - if (count($user['restrictions']) > 0) - { - $query.= ' - WHERE category_id NOT IN ('.$user['forbidden_categories'].')'; - } - $query.= ' + FROM '.IMAGE_CATEGORY_TABLE.' + WHERE category_id NOT IN ('.$user['forbidden_categories'].') ;'; - - $row = mysql_fetch_array(pwg_query($query)); - - return isset($row['total']) ? $row['total'] : 0; + list($total) = mysql_fetch_array(pwg_query($query)); + + return $total; } /** diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php index b2509e1c1..8a3bb911c 100644 --- a/include/functions_session.inc.php +++ b/include/functions_session.inc.php @@ -109,28 +109,23 @@ function add_session_id( $url, $redirect = false ) { global $page, $user, $conf; - if ( $user['has_cookie'] or $conf['apache_authentication']) return $url; - - $amp = '&'; - if ( $redirect ) + if ($user['is_the_guest'] + or $user['has_cookie'] + or $conf['apache_authentication']) { - $amp = '&'; + return $url; } - if ( !$user['is_the_guest'] ) + + if (preg_match('/\.php\?/', $url)) { - if ( preg_match( '/\.php\?/',$url ) ) - { - return $url.$amp.'id='.$page['session_id']; - } - else - { - return $url.'?id='.$page['session_id']; - } + $separator = $redirect ? '&' : '&'; } else { - return $url; + $separator = '?'; } + + return $url.$separator.'id='.$page['session_id']; } // cookie_path returns the path to use for the PhpWebGallery cookie. diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 1a2709254..0147dcac5 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -45,16 +45,11 @@ function validate_mail_address( $mail_address ) } } -function register_user($login, $password, $password_conf, - $mail_address, $status = 'guest') +function register_user($login, $password, $mail_address) { global $lang, $conf; $errors = array(); - // login must not - // 1. be empty - // 2. start ou end with space character - // 4. be already used if ($login == '') { array_push($errors, $lang['reg_err_login1']); @@ -67,121 +62,33 @@ function register_user($login, $password, $password_conf, { array_push($errors, $lang['reg_err_login3']); } - - $query = ' -SELECT id - FROM '.USERS_TABLE.' - WHERE username = \''.mysql_escape_string($login).'\' -;'; - $result = pwg_query($query); - if (mysql_num_rows($result) > 0) + if (get_userid($login)) { array_push($errors, $lang['reg_err_login5']); } - - // given password must be the same as the confirmation - if ($password != $password_conf) + $mail_error = validate_mail_address($mail_address); + if ('' != $mail_error) { - array_push($errors, $lang['reg_err_pass']); - } - - $error_mail_address = validate_mail_address($mail_address); - if ($error_mail_address != '') - { - array_push($errors, $error_mail_address); + array_push($errors, $mail_error); } // if no error until here, registration of the user if (count($errors) == 0) { - $insert = array(); - $insert['username'] = mysql_escape_string($login); - $insert['password'] = md5($password); - $insert['status'] = $status; - $insert['template'] = $conf['default_template']; - $insert['nb_image_line'] = $conf['nb_image_line']; - $insert['nb_line_page'] = $conf['nb_line_page']; - $insert['language'] = $conf['default_language']; - $insert['recent_period'] = $conf['recent_period']; - $insert['feed_id'] = find_available_feed_id(); - $insert['expand'] = boolean_to_string($conf['auto_expand']); - $insert['show_nb_comments'] = boolean_to_string($conf['show_nb_comments']); - if ( $mail_address != '' ) - { - $insert['mail_address'] = $mail_address; - } - if ($conf['default_maxwidth'] != '') - { - $insert['maxwidth'] = $conf['default_maxwidth']; - } - if ($conf['default_maxheight'] != '') - { - $insert['maxheight'] = $conf['default_maxheight']; - } + $insert = + array( + $conf['user_fields']['username'] => mysql_escape_string($login), + $conf['user_fields']['password'] => $conf['pass_convert']($password), + $conf['user_fields']['email'] => $mail_address + ); - $query = ' -INSERT INTO '.USERS_TABLE.' - ('.implode(',', array_keys($insert)).') - VALUES - ('; - $is_first = true; - foreach (array_keys($insert) as $field) - { - if (!$is_first) - { - $query.= ','; - } - $query.= "'".$insert[$field]."'"; - $is_first = false; - } - $query.= ') -;'; - pwg_query($query); - - $query = ' -UPDATE '.USERS_TABLE.' - SET registration_date = NOW() - WHERE id = '.mysql_insert_id().' -;'; - pwg_query($query); + include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + mass_inserts(USERS_TABLE, array_keys($insert), array($insert)); + + create_user_infos(mysql_insert_id()); } - return $errors; -} - -function update_user( $user_id, $mail_address, $status, - $use_new_password = false, $password = '' ) -{ - $error = array(); - $i = 0; - $error_mail_address = validate_mail_address( $mail_address ); - if ( $error_mail_address != '' ) - { - $error[$i++] = $error_mail_address; - } - - if ( sizeof( $error ) == 0 ) - { - $query = 'UPDATE '.USERS_TABLE; - $query.= " SET status = '".$status."'"; - if ( $use_new_password ) - { - $query.= ", password = '".md5( $password )."'"; - } - $query.= ', mail_address = '; - if ( $mail_address != '' ) - { - $query.= "'".$mail_address."'"; - } - else - { - $query.= 'NULL'; - } - $query.= ' WHERE id = '.$user_id; - $query.= ';'; - pwg_query( $query ); - } - return $error; + return $errors; } function check_login_authorization($guest_allowed = true) @@ -212,13 +119,107 @@ function setup_style($style) return new Template(PHPWG_ROOT_PATH.'template/'.$style); } -function getuserdata($user) +/** + * find informations related to the user identifier + * + * @param int user identifier + * @param boolean use_cache + * @param array + */ +function getuserdata($user_id, $use_cache) { - $sql = "SELECT * FROM " . USERS_TABLE; - $sql.= " WHERE "; - $sql .= ( ( is_integer($user) ) ? "id = $user" : "username = '" . str_replace("\'", "''", $user) . "'" ) . " AND id <> " . ANONYMOUS; - $result = pwg_query($sql); - return ( $row = mysql_fetch_array($result) ) ? $row : false; + global $conf; + + $userdata = array(); + + $query = ' +SELECT '; + $is_first = true; + foreach ($conf['user_fields'] as $pwgfield => $dbfield) + { + if ($is_first) + { + $is_first = false; + } + else + { + $query.= ' + , '; + } + $query.= $dbfield.' AS '.$pwgfield; + } + $query.= ' + FROM '.USERS_TABLE.' + WHERE '.$conf['user_fields']['id'].' = \''.$user_id.'\' +;'; + + $row = mysql_fetch_array(pwg_query($query)); + + while (true) + { + $query = ' +SELECT ui.*, uc.* + FROM '.USER_INFOS_TABLE.' AS ui LEFT JOIN '.USER_CACHE_TABLE.' AS uc + ON ui.user_id = uc.user_id + WHERE ui.user_id = \''.$user_id.'\' +;'; + $result = pwg_query($query); + if (mysql_num_rows($result) > 0) + { + break; + } + else + { + create_user_infos($user_id); + } + } + + $row = array_merge($row, mysql_fetch_array($result)); + + foreach ($row as $key => $value) + { + if (!is_numeric($key)) + { + // If the field is true or false, the variable is transformed into a + // boolean value. + if ($value == 'true' or $value == 'false') + { + $userdata[$key] = get_boolean($value); + } + else + { + $userdata[$key] = $value; + } + } + } + + if ($use_cache) + { + if (!isset($userdata['need_update']) + or !is_bool($userdata['need_update']) + or $userdata['need_update'] == true) + { + $userdata['forbidden_categories'] = + calculate_permissions($userdata['id'], $userdata['status']); + + // update user cache + $query = ' +DELETE FROM '.USER_CACHE_TABLE.' + WHERE user_id = '.$userdata['id'].' +;'; + pwg_query($query); + + $query = ' +INSERT INTO '.USER_CACHE_TABLE.' + (user_id,need_update,forbidden_categories) + VALUES + ('.$userdata['id'].',\'false\',\''.$userdata['forbidden_categories'].'\') +;'; + pwg_query($query); + } + } + + return $userdata; } /* @@ -261,11 +262,12 @@ DELETE FROM '.FAVORITES_TABLE.' } /** - * update table user_forbidden for the given user + * calculates the list of forbidden categories for a given user * - * table user_forbidden contains calculated data. Calculation is based on - * private categories minus categories authorized to the groups the user - * belongs to minus the categories directly authorized to the user + * Calculation is based on private categories minus categories authorized to + * the groups the user belongs to minus the categories directly authorized + * to the user. The list contains at least -1 to be compliant with queries + * such as "WHERE category_id NOT IN ($forbidden_categories)" * * @param int user_id * @param string user_status @@ -310,11 +312,7 @@ SELECT cat_id FROM '.USER_ACCESS_TABLE.' WHERE user_id = '.$user_id.' ;'; - $result = pwg_query($query); - while ($row = mysql_fetch_array($result)) - { - array_push($authorized_array, $row['cat_id']); - } + $authorized_array = array_from_query($query, 'cat_id'); // retrieve category ids authorized to the groups the user belongs to $query = ' @@ -323,11 +321,11 @@ SELECT cat_id ON ug.group_id = ga.group_id WHERE ug.user_id = '.$user_id.' ;'; - $result = pwg_query($query); - while ($row = mysql_fetch_array($result)) - { - array_push($authorized_array, $row['cat_id']); - } + $authorized_array = + array_merge( + $authorized_array, + array_from_query($query, 'cat_id') + ); // uniquify ids : some private categories might be authorized for the // groups and for the user @@ -336,23 +334,12 @@ SELECT cat_id // only unauthorized private categories are forbidden $forbidden_array = array_diff($private_array, $authorized_array); - $query = ' -DELETE FROM '.USER_FORBIDDEN_TABLE.' - WHERE user_id = '.$user_id.' -;'; - pwg_query($query); - - $forbidden_categories = implode(',', $forbidden_array); + // at least, the list contains -1 values. This category does not exists so + // where clauses such as "WHERE category_id NOT IN(-1)" will always be + // true. + array_push($forbidden_array, '-1'); - $query = ' -INSERT INTO '.USER_FORBIDDEN_TABLE.' - (user_id,need_update,forbidden_categories) - VALUES - ('.$user_id.',\'false\',\''.$forbidden_categories.'\') -;'; - pwg_query($query); - - return $forbidden_categories; + return implode(',', $forbidden_array); } /** @@ -363,10 +350,12 @@ INSERT INTO '.USER_FORBIDDEN_TABLE.' */ function get_username($user_id) { + global $conf; + $query = ' -SELECT username +SELECT '.$conf['user_fields']['username'].' FROM '.USERS_TABLE.' - WHERE id = '.intval($user_id).' + WHERE '.$conf['user_fields']['id'].' = '.intval($user_id).' ;'; $result = pwg_query($query); if (mysql_num_rows($result) > 0) @@ -382,6 +371,36 @@ SELECT username } /** + * returns user identifier thanks to his name, false if not found + * + * @param string username + * @param int user identifier + */ +function get_userid($username) +{ + global $conf; + + $username = mysql_escape_string($username); + + $query = ' +SELECT '.$conf['user_fields']['id'].' + FROM '.USERS_TABLE.' + WHERE '.$conf['user_fields']['username'].' = \''.$username.'\' +;'; + $result = pwg_query($query); + + if (mysql_num_rows($result) == 0) + { + return false; + } + else + { + list($user_id) = mysql_fetch_row($result); + return $user_id; + } +} + +/** * search an available feed_id * * @return string feed identifier @@ -393,7 +412,7 @@ function find_available_feed_id() $key = generate_key(50); $query = ' SELECT COUNT(*) - FROM '.USERS_TABLE.' + FROM '.USER_INFOS_TABLE.' WHERE feed_id = \''.$key.'\' ;'; list($count) = mysql_fetch_row(pwg_query($query)); @@ -403,4 +422,36 @@ SELECT COUNT(*) } } } -?> + +/** + * add user informations based on default values + * + * @param int user_id + */ +function create_user_infos($user_id) +{ + global $conf; + + list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();')); + + $insert = + array( + 'user_id' => $user_id, + 'status' => 'guest', + 'template' => $conf['default_template'], + 'nb_image_line' => $conf['nb_image_line'], + 'nb_line_page' => $conf['nb_line_page'], + 'language' => $conf['default_language'], + 'recent_period' => $conf['recent_period'], + 'feed_id' => find_available_feed_id(), + 'expand' => boolean_to_string($conf['auto_expand']), + 'show_nb_comments' => boolean_to_string($conf['show_nb_comments']), + 'maxwidth' => $conf['default_maxwidth'], + 'maxheight' => $conf['default_maxheight'], + 'registration_date' => $dbnow + ); + + include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + mass_inserts(USER_INFOS_TABLE, array_keys($insert), array($insert)); +} +?>
\ No newline at end of file diff --git a/include/user.inc.php b/include/user.inc.php index 56b36039c..4c3e0fb6a 100644 --- a/include/user.inc.php +++ b/include/user.inc.php @@ -38,7 +38,6 @@ // pwg_query($query); // } - // retrieving connected user informations if (isset($_COOKIE['id'])) { @@ -87,65 +86,24 @@ DELETE FROM '.SESSIONS_TABLE.' } if (!isset($user['id'])) { - $user['id'] = 2; + $user['id'] = $conf['guest_id']; $user['is_the_guest'] = true; } // using Apache authentication override the above user search if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER'])) { - $query = ' -SELECT id - FROM '.USERS_TABLE.' - WHERE username = \''.mysql_escape_string($_SERVER['REMOTE_USER']).'\' -;'; - $result = pwg_query($query); - - if (mysql_num_rows($result) == 0) + if (!($user['id'] = get_userid($_SERVER['REMOTE_USER']))) { - register_user($_SERVER['REMOTE_USER'], '', '', ''); - - $query = ' -SELECT id - FROM '.USERS_TABLE.' - WHERE username = \''.mysql_escape_string($_SERVER['REMOTE_USER']).'\' -;'; - list($user['id']) = mysql_fetch_row(pwg_query($query)); + register_user($_SERVER['REMOTE_USER'], '', ''); + $user['id'] = get_userid($_SERVER['REMOTE_USER']); } - else - { - list($user['id']) = mysql_fetch_row($result); - } - + $user['is_the_guest'] = false; } -$query = ' -SELECT u.*, uf.* - FROM '.USERS_TABLE.' AS u LEFT JOIN '.USER_FORBIDDEN_TABLE.' AS uf - ON id = user_id - WHERE u.id = '.$user['id'].' -;'; -$row = mysql_fetch_array(pwg_query($query)); - -// affectation of each value retrieved in the users table into a variable of -// the array $user. -foreach ($row as $key => $value) -{ - if (!is_numeric($key)) - { - // If the field is true or false, the variable is transformed into a - // boolean value. - if ($value == 'true' or $value == 'false') - { - $user[$key] = get_boolean($value); - } - else - { - $user[$key] = $value; - } - } -} +$use_cache = (defined('IN_ADMIN') and IN_ADMIN) ? false : true; +$user = array_merge($user, getuserdata($user['id'], $use_cache)); // properties of user guest are found in the configuration if ($user['is_the_guest']) @@ -161,66 +119,6 @@ if ($user['is_the_guest']) $user['show_nb_comments'] = $conf['show_nb_comments']; } -// if no information were found about user in user_forbidden table OR the -// forbidden categories must be updated : only if current user is in public -// part -if (!defined('IN_ADMIN') or !IN_ADMIN) -{ - if (!isset($user['need_update']) - or !is_bool($user['need_update']) - or $user['need_update'] == true) - { - $user['forbidden_categories'] = calculate_permissions($user['id'], - $user['status']); - } -} - -// forbidden_categories is a must be empty, at least -if (!isset($user['forbidden_categories'])) -{ - $user['forbidden_categories'] = ''; -} - -// special for $user['restrictions'] array -$user['restrictions'] = explode(',', $user['forbidden_categories']); -if ($user['restrictions'][0] == '') -{ - $user['restrictions'] = array(); -} - // calculation of the number of picture to display per page $user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page']; - -if (empty($user['language']) - or !file_exists(PHPWG_ROOT_PATH.'language/'. - $user['language'].'/common.lang.php')) -{ - $user['language'] = $conf['default_language']; -} -include_once(PHPWG_ROOT_PATH.'language/'.$user['language'].'/common.lang.php'); - -// displaying the username in the language of the connected user, instead of -// "guest" as you can find in the database -if ($user['is_the_guest']) -{ - $user['username'] = $lang['guest']; -} - -// only if we are in the administration section -if (defined('IN_ADMIN') and IN_ADMIN) -{ - $langdir = PHPWG_ROOT_PATH.'language/'.$user['language']; - if (!file_exists($langdir.'/admin.lang.php')) - { - $langdir = PHPWG_ROOT_PATH.'language/'.$conf['default_language']; - } - include_once($langdir.'/admin.lang.php'); - include_once($langdir.'/faq.lang.php'); -} - -if (empty($user['template'])) -{ - $user['template'] = $conf['default_template']; -} -$template = setup_style($user['template']); ?> |