aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/config_default.inc.php14
-rw-r--r--include/constants.php2
-rw-r--r--include/functions.inc.php13
-rw-r--r--include/functions_search.inc.php47
-rw-r--r--include/functions_session.inc.php16
-rw-r--r--include/functions_user.inc.php25
-rw-r--r--include/ws_functions.inc.php4
-rw-r--r--include/ws_functions/pwg.categories.php42
-rw-r--r--include/ws_functions/pwg.users.php26
9 files changed, 173 insertions, 16 deletions
diff --git a/include/config_default.inc.php b/include/config_default.inc.php
index f38942d15..f66dab486 100644
--- a/include/config_default.inc.php
+++ b/include/config_default.inc.php
@@ -832,4 +832,18 @@ $conf['log_level'] = 'DEBUG';
// Keep logs file during X days
$conf['log_archive_days'] = 30;
+
+// +-----------------------------------------------------------------------+
+// | Proxy Settings |
+// +-----------------------------------------------------------------------+
+
+// If piwigo needs a http-proxy to connect to the internet, set this to true
+$conf['use_proxy'] = false;
+
+// Connection string of the proxy
+$conf['proxy_server'] = 'proxy.domain.org:port';
+
+// If the http-proxy requires authentication, set username and password here
+// e.g. username:password
+$conf['proxy_auth'] = '';
?>
diff --git a/include/constants.php b/include/constants.php
index 8363f0d69..ab7c067c3 100644
--- a/include/constants.php
+++ b/include/constants.php
@@ -22,7 +22,7 @@
// +-----------------------------------------------------------------------+
// Default settings
-define('PHPWG_VERSION', '2.8.0RC1');
+define('PHPWG_VERSION', '2.8.0RC2');
define('PHPWG_DEFAULT_LANGUAGE', 'en_UK');
define('PHPWG_DEFAULT_TEMPLATE', 'elegant');
diff --git a/include/functions.inc.php b/include/functions.inc.php
index 0f26fde77..018747817 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -434,6 +434,17 @@ function pwg_log($image_id = null, $image_type = null, $format_id = null)
$tags_string = implode(',', $page['tag_ids']);
}
+ $ip = $_SERVER['REMOTE_ADDR'];
+ // In case of "too long" ipv6 address, we take only the 15 first chars.
+ //
+ // It would be "cleaner" to increase length of history.IP to 50 chars, but
+ // the alter table is very long on such a big table. We should plan this
+ // for a future version, once history table is kept "smaller".
+ if (strpos($ip,':') !== false and strlen($ip) > 15)
+ {
+ $ip = substr($ip, 0, 15);
+ }
+
$query = '
INSERT INTO '.HISTORY_TABLE.'
(
@@ -454,7 +465,7 @@ INSERT INTO '.HISTORY_TABLE.'
CURRENT_DATE,
CURRENT_TIME,
'.$user['id'].',
- \''.$_SERVER['REMOTE_ADDR'].'\',
+ \''.$ip.'\',
'.(isset($page['section']) ? "'".$page['section']."'" : 'NULL').',
'.(isset($page['category']['id']) ? $page['category']['id'] : 'NULL').',
'.(isset($image_id) ? $image_id : 'NULL').',
diff --git a/include/functions_search.inc.php b/include/functions_search.inc.php
index 69c57faa7..d8df4eea8 100644
--- a/include/functions_search.inc.php
+++ b/include/functions_search.inc.php
@@ -90,7 +90,7 @@ function get_sql_search_clause($search)
}
}
- if (isset($search['fields']['allwords']))
+ if (isset($search['fields']['allwords']) and count($search['fields']['allwords']['fields']) > 0)
{
$fields = array('file', 'name', 'comment');
@@ -98,7 +98,7 @@ function get_sql_search_clause($search)
{
$fields = array_intersect($fields, $search['fields']['allwords']['fields']);
}
-
+
// in the OR mode, request bust be :
// ((field1 LIKE '%word1%' OR field2 LIKE '%word1%')
// OR (field1 LIKE '%word2%' OR field2 LIKE '%word2%'))
@@ -199,7 +199,10 @@ function get_sql_search_clause($search)
*/
function get_regular_search_results($search, $images_where='')
{
- global $conf;
+ global $conf, $logger;
+
+ $logger->debug(__FUNCTION__, 'search', $search);
+
$forbidden = get_sql_condition_FandF(
array
(
@@ -213,12 +216,35 @@ function get_regular_search_results($search, $images_where='')
$items = array();
$tag_items = array();
+ if (isset($search['fields']['search_in_tags']))
+ {
+ $word_clauses = array();
+ foreach ($search['fields']['allwords']['words'] as $word)
+ {
+ $word_clauses[] = "name LIKE '%".$word."%'";
+ }
+
+ $query = '
+SELECT
+ id
+ FROM '.TAGS_TABLE.'
+ WHERE '.implode(' OR ', $word_clauses).'
+;';
+ $tag_ids = query2array($query, null, 'id');
+
+ $search_in_tags_items = get_image_ids_for_tags($tag_ids, 'OR');
+
+ $logger->debug(__FUNCTION__.' '.count($search_in_tags_items).' items in $search_in_tags_items');
+ }
+
if (isset($search['fields']['tags']))
{
$tag_items = get_image_ids_for_tags(
$search['fields']['tags']['words'],
$search['fields']['tags']['mode']
);
+
+ $logger->debug(__FUNCTION__.' '.count($tag_items).' items in $tag_items');
}
$search_clause = get_sql_search_clause($search);
@@ -237,6 +263,18 @@ SELECT DISTINCT(id)
$query .= $forbidden.'
'.$conf['order_by'];
$items = array_from_query($query, 'id');
+
+ $logger->debug(__FUNCTION__.' '.count($items).' items in $items');
+ }
+
+ if (isset($search_in_tags_items))
+ {
+ $items = array_unique(
+ array_merge(
+ $items,
+ $search_in_tags_items
+ )
+ );
}
if ( !empty($tag_items) )
@@ -244,7 +282,7 @@ SELECT DISTINCT(id)
switch ($search['mode'])
{
case 'AND':
- if (empty($search_clause))
+ if (empty($search_clause) and !isset($search_in_tags_items))
{
$items = $tag_items;
}
@@ -254,7 +292,6 @@ SELECT DISTINCT(id)
}
break;
case 'OR':
- $before_count = count($items);
$items = array_unique(
array_merge(
$items,
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index 9c12e26c1..fe43bc570 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -260,4 +260,20 @@ function pwg_unset_session_var($var)
return true;
}
+/**
+ * delete all sessions for a given user (certainly deleted)
+ *
+ * @since 2.8
+ * @param int $user_id
+ * @return null
+ */
+function delete_user_sessions($user_id)
+{
+ $query = '
+DELETE
+ FROM '.SESSIONS_TABLE.'
+ WHERE data LIKE \'%pwg_uid|i:'.(int)$user_id.';%\'
+;';
+ pwg_query($query);
+}
?>
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index ac85d1b47..de8f87c7f 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -945,10 +945,13 @@ function log_user($user_id, $remember_me)
{ // make sure we clean any remember me ...
setcookie($conf['remember_me_name'], '', 0, cookie_path(),ini_get('session.cookie_domain'));
}
- if ( session_id()!="" and (version_compare(PHP_VERSION, '7') <= 0 or version_compare(PHP_VERSION, '7.0.3') >= 0))
+ if ( session_id()!="" )
{ // we regenerate the session for security reasons
// see http://www.acros.si/papers/session_fixation.pdf
- session_regenerate_id(true);
+ if (version_compare(PHP_VERSION, '7') <= 0)
+ {
+ session_regenerate_id(true);
+ }
}
else
{
@@ -1593,4 +1596,22 @@ SELECT
return create_user_auth_key($user_id, $user_status);
}
}
+
+/**
+ * Deactivates authentication keys
+ *
+ * @since 2.8
+ * @param int $user_id
+ * @return null
+ */
+function deactivate_user_auth_keys($user_id)
+{
+ $query = '
+UPDATE '.USER_AUTH_KEYS_TABLE.'
+ SET expired_on = NOW()
+ WHERE user_id = '.$user_id.'
+ AND expired_on > NOW()
+;';
+ pwg_query($query);
+}
?>
diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php
index c36efec69..8834ac834 100644
--- a/include/ws_functions.inc.php
+++ b/include/ws_functions.inc.php
@@ -193,7 +193,7 @@ function ws_std_get_image_xml_attributes()
function ws_std_get_category_xml_attributes()
{
return array(
- 'id', 'url', 'nb_images', 'total_nb_images', 'nb_categories', 'date_last', 'max_date_last',
+ 'id', 'url', 'nb_images', 'total_nb_images', 'nb_categories', 'date_last', 'max_date_last', 'status',
);
}
@@ -235,4 +235,4 @@ function categories_flatlist_to_tree($categories)
return $tree;
}
-?> \ No newline at end of file
+?>
diff --git a/include/ws_functions/pwg.categories.php b/include/ws_functions/pwg.categories.php
index 5bafaf5da..502c8f18d 100644
--- a/include/ws_functions/pwg.categories.php
+++ b/include/ws_functions/pwg.categories.php
@@ -181,6 +181,11 @@ function ws_categories_getList($params, &$service)
{
global $user, $conf;
+ if (!in_array($params['thumbnail_size'], array_keys(ImageStdParams::get_defined_type_map())))
+ {
+ return new PwgError(WS_ERR_INVALID_PARAM, "Invalid thumbnail_size");
+ }
+
$where = array('1=1');
$join_type = 'INNER';
$join_user = $user['id'];
@@ -226,7 +231,7 @@ function ws_categories_getList($params, &$service)
$query = '
SELECT
- id, name, comment, permalink,
+ id, name, comment, permalink, status,
uppercats, global_rank, id_uppercat,
nb_images, count_images AS total_nb_images,
representative_picture_id, user_representative_picture_id, count_images, count_categories,
@@ -366,7 +371,7 @@ SELECT id, path, representative_ext, level
{
if ($row['level'] <= $user['level'])
{
- $thumbnail_src_of[$row['id']] = DerivativeImage::thumb_url($row);
+ $thumbnail_src_of[$row['id']] = DerivativeImage::url($params['thumbnail_size'], $row);
}
else
{
@@ -411,7 +416,7 @@ SELECT id, path, representative_ext
while ($row = pwg_db_fetch_assoc($result))
{
- $thumbnail_src_of[ $row['id'] ] = DerivativeImage::thumb_url($row);
+ $thumbnail_src_of[ $row['id'] ] = DerivativeImage::url($params['thumbnail_size'], $row);
}
}
}
@@ -489,7 +494,7 @@ SELECT category_id, COUNT(*) AS counter
$nb_images_of = query2array($query, 'category_id', 'counter');
$query = '
-SELECT id, name, comment, uppercats, global_rank, dir
+SELECT id, name, comment, uppercats, global_rank, dir, status
FROM '. CATEGORIES_TABLE .'
;';
$result = pwg_query($query);
@@ -529,7 +534,7 @@ SELECT id, name, comment, uppercats, global_rank, dir
'categories' => new PwgNamedArray(
$cats,
'category',
- array('id', 'nb_images', 'name', 'uppercats', 'global_rank')
+ array('id', 'nb_images', 'name', 'uppercats', 'global_rank', 'status')
)
);
}
@@ -586,6 +591,33 @@ function ws_categories_add($params, &$service)
*/
function ws_categories_setInfo($params, &$service)
{
+ // does the category really exist?
+ $query = '
+SELECT *
+ FROM '.CATEGORIES_TABLE.'
+ WHERE id = '.$params['category_id'].'
+;';
+ $categories = query2array($query);
+ if (count($categories) == 0)
+ {
+ return new PwgError(404, 'category_id not found');
+ }
+
+ $category = $categories[0];
+
+ if (!empty($params['status']))
+ {
+ if (!in_array($params['status'], array('private','public')))
+ {
+ return new PwgError(WS_ERR_INVALID_PARAM, "Invalid status, only public/private");
+ }
+
+ if ($params['status'] != $category['status'])
+ {
+ set_cat_status(array($params['category_id']), $params['status']);
+ }
+ }
+
$update = array(
'id' => $params['category_id'],
);
diff --git a/include/ws_functions/pwg.users.php b/include/ws_functions/pwg.users.php
index d878bcb31..eaa96c9c1 100644
--- a/include/ws_functions/pwg.users.php
+++ b/include/ws_functions/pwg.users.php
@@ -426,6 +426,27 @@ function ws_users_setInfo($params, &$service)
if (!empty($params['password']))
{
+ if (!is_webmaster())
+ {
+ $password_protected_users = array($conf['guest_id']);
+
+ $query = '
+SELECT
+ user_id
+ FROM '.USER_INFOS_TABLE.'
+ WHERE status IN (\'webmaster\', \'admin\')
+;';
+ $admin_ids = query2array($query, null, 'user_id');
+
+ // we add all admin+webmaster users BUT the user herself
+ $password_protected_users = array_merge($password_protected_users, array_diff($admin_ids, array($user['id'])));
+
+ if (in_array($params['user_id'][0], $password_protected_users))
+ {
+ return new PwgError(403, 'Only webmasters can change password of other "webmaster/admin" users');
+ }
+ }
+
$updates[ $conf['user_fields']['password'] ] = $conf['password_hash']($params['password']);
}
}
@@ -531,6 +552,11 @@ SELECT
array($conf['user_fields']['id'] => $params['user_id'][0])
);
+ if (isset($updates[ $conf['user_fields']['password'] ]))
+ {
+ deactivate_user_auth_keys($params['user_id'][0]);
+ }
+
if (isset($update_status) and count($params['user_id_for_status']) > 0)
{
$query = '
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-25 23:07:50 +0000