From 273884a65274e2688df1b2d3dc37103a46117772 Mon Sep 17 00:00:00 2001 From: plegall Date: Mon, 8 Aug 2005 20:52:19 +0000 Subject: - new : external authentication in another users table. Previous users table is divided between users (common properties with any web application) and user_infos (phpwebgallery specific informations). External table and fields can be configured. - modification : profile.php is not reachable through administration anymore (not useful). - modification : in profile.php, current password is mandatory only if user tries to change his password. Username can't be changed. - deletion : of obsolete functions get_user_restrictions, update_user_restrictions, get_user_all_restrictions, is_user_allowed, update_user - modification : $user['forbidden_categories'] equals at least "-1" so that category_id NOT IN ($user['forbidden_categories']) can always be used. - modification : user_forbidden table becomes user_cache so that not only restriction informations can be stored in this table. git-svn-id: http://piwigo.org/svn/trunk@808 68402e56-0260-453c-a942-63ccdbb3a9ee --- admin.php | 9 +- admin/cat_perm.php | 5 +- admin/include/functions.php | 243 ++++++++---------------- admin/search.php | 2 +- admin/user_list.php | 56 +++--- category.php | 4 +- doc/ChangeLog | 25 +++ feed.php | 20 +- identification.php | 8 +- include/common.inc.php | 41 +++- include/config_default.inc.php | 25 +++ include/constants.php | 8 +- include/functions.inc.php | 9 +- include/functions_category.inc.php | 22 +-- include/functions_session.inc.php | 25 +-- include/functions_user.inc.php | 349 ++++++++++++++++++++--------------- include/user.inc.php | 116 +----------- install.php | 45 +++-- install/phpwebgallery_structure.sql | 30 ++- profile.php | 257 ++++++++------------------ register.php | 15 +- template/default/admin/user_list.tpl | 25 ++- template/default/profile.tpl | 30 +-- 23 files changed, 633 insertions(+), 736 deletions(-) diff --git a/admin.php b/admin.php index ba6e1dd77..d56602854 100644 --- a/admin.php +++ b/admin.php @@ -30,6 +30,13 @@ define('PHPWG_ROOT_PATH','./'); define('IN_ADMIN', true); include_once( PHPWG_ROOT_PATH.'include/common.inc.php' ); include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' ); + +// +-----------------------------------------------------------------------+ +// | synchronize user informations | +// +-----------------------------------------------------------------------+ + +sync_users(); + //--------------------------------------- validating page and creation of title $page_valide = false; $title = ''; @@ -323,7 +330,7 @@ include(PHPWG_ROOT_PATH.'include/page_tail.php'); // | order permission refreshment | // +-----------------------------------------------------------------------+ $query = ' -UPDATE '.USER_FORBIDDEN_TABLE.' +UPDATE '.USER_CACHE_TABLE.' SET need_update = \'true\' ;'; pwg_query($query); diff --git a/admin/cat_perm.php b/admin/cat_perm.php index 73bd0d866..7580cd28c 100644 --- a/admin/cat_perm.php +++ b/admin/cat_perm.php @@ -258,9 +258,10 @@ foreach (array_diff(array_keys($groups), $group_granted_ids) as $group_id) $users = array(); $query = ' -SELECT id, username +SELECT '.$conf['user_fields']['id'].' AS id, + '.$conf['user_fields']['username'].' AS username FROM '.USERS_TABLE.' - WHERE id != 2 + WHERE id != '.$conf['guest_id'].' ;'; $result = pwg_query($query); while($row = mysql_fetch_array($result)) diff --git a/admin/include/functions.php b/admin/include/functions.php index a02ab962f..2364ada41 100644 --- a/admin/include/functions.php +++ b/admin/include/functions.php @@ -332,6 +332,8 @@ DELETE FROM '.IMAGES_TABLE.' // - calculated permissions linked to the user function delete_user($user_id) { + global $conf; + // destruction of the access linked to the user $query = ' DELETE FROM '.USER_ACCESS_TABLE.' @@ -367,10 +369,17 @@ DELETE FROM '.USER_FORBIDDEN_TABLE.' ;'; pwg_query($query); + // deletion of phpwebgallery specific informations + $query = ' +DELETE FROM '.USER_INFOS_TABLE.' + WHERE user_id = '.$user_id.' +;'; + pwg_query($query); + // destruction of the user $query = ' DELETE FROM '.USERS_TABLE.' - WHERE id = '.$user_id.' + WHERE '.$conf['user_fields']['id'].' = '.$user_id.' ;'; pwg_query($query); } @@ -552,165 +561,6 @@ function get_keywords( $keywords_string ) return array_unique( $keywords ); } -/** - * returns an array with the ids of the restricted categories for the user - * - * Returns an array with the ids of the restricted categories for the - * user. If the $check_invisible parameter is set to true, invisible - * categorie are added to the restricted one in the array. - * - * @param int $user_id - * @param string $user_status - * @param bool $check_invisible - * @param bool $use_groups - * @return array - */ -function get_user_restrictions( $user_id, $user_status, - $check_invisible, $use_groups = true ) -{ - // 1. retrieving ids of private categories - $query = 'SELECT id FROM '.CATEGORIES_TABLE; - $query.= " WHERE status = 'private'"; - $query.= ';'; - $result = pwg_query( $query ); - $privates = array(); - while ( $row = mysql_fetch_array( $result ) ) - { - array_push( $privates, $row['id'] ); - } - // 2. retrieving all authorized categories for the user - $authorized = array(); - // 2.1. retrieving authorized categories thanks to personnal user - // authorization - $query = 'SELECT cat_id FROM '.USER_ACCESS_TABLE; - $query.= ' WHERE user_id = '.$user_id; - $query.= ';'; - $result = pwg_query( $query ); - while ( $row = mysql_fetch_array( $result ) ) - { - array_push( $authorized, $row['cat_id'] ); - } - // 2.2. retrieving authorized categories thanks to group authorization to - // which the user is a member - if ( $use_groups ) - { - $query = 'SELECT ga.cat_id'; - $query.= ' FROM '.USER_GROUP_TABLE.' as ug'; - $query.= ', '.GROUP_ACCESS_TABLE.' as ga'; - $query.= ' WHERE ug.group_id = ga.group_id'; - $query.= ' AND ug.user_id = '.$user_id; - $query.= ';'; - $result = pwg_query( $query ); - while ( $row = mysql_fetch_array( $result ) ) - { - array_push( $authorized, $row['cat_id'] ); - } - $authorized = array_unique( $authorized ); - } - - $forbidden = array(); - foreach ( $privates as $private ) { - if ( !in_array( $private, $authorized ) ) - { - array_push( $forbidden, $private ); - } - } - - if ( $check_invisible ) - { - // 3. adding to the restricted categories, the invisible ones - if ( $user_status != 'admin' ) - { - $query = 'SELECT id FROM '.CATEGORIES_TABLE; - $query.= " WHERE visible = 'false';"; - $result = pwg_query( $query ); - while ( $row = mysql_fetch_array( $result ) ) - { - array_push( $forbidden, $row['id'] ); - } - } - } - return array_unique( $forbidden ); -} - -/** - * updates the calculated data users.forbidden_categories, it includes - * sub-categories of the direct forbidden categories - * - * @param nt $user_id - * @return array - */ -function update_user_restrictions( $user_id ) -{ - $restrictions = get_user_all_restrictions( $user_id ); - - // update the users.forbidden_categories in database - $query = 'UPDATE '.USERS_TABLE; - $query.= ' SET forbidden_categories = '; - if ( count( $restrictions ) > 0 ) - $query.= "'".implode( ',', $restrictions )."'"; - else - $query.= 'NULL'; - $query .= ' WHERE id = '.$user_id; - $query.= ';'; - pwg_query( $query ); - - return $restrictions; -} - -/** - * returns all the restricted categories ids including sub-categories - * - * @param int $user_id - * @return array - */ -function get_user_all_restrictions( $user_id ) -{ - global $page; - - $query = 'SELECT status'; - $query.= ' FROM '.USERS_TABLE; - $query.= ' WHERE id = '.$user_id; - $query.= ';'; - $row = mysql_fetch_array( pwg_query( $query ) ); - - $base_restrictions=get_user_restrictions($user_id,$row['status'],true,true); - - $restrictions = $base_restrictions; - foreach ( $base_restrictions as $category_id ) { - echo $category_id.' is forbidden to user '.$user_id.'
'; - $restrictions = - array_merge( $restrictions, - $page['plain_structure'][$category_id]['all_subcats_ids'] ); - } - - return array_unique( $restrictions ); -} - -// The function is_user_allowed returns : -// - 0 : if the category is allowed with this $restrictions array -// - 1 : if this category is not allowed -// - 2 : if an uppercat category is not allowed -// Note : the restrictions array must represent ONLY direct forbidden -// categories, not all forbidden categories -function is_user_allowed( $category_id, $restrictions ) -{ - if ( in_array( $category_id, $restrictions ) ) return 1; - - $query = 'SELECT uppercats'; - $query.= ' FROM '.CATEGORIES_TABLE; - $query.= ' WHERE id = '.$category_id; - $query.= ';'; - $row = mysql_fetch_array( pwg_query( $query ) ); - $uppercats = explode( ',', $row['uppercats'] ); - foreach ( $uppercats as $category_id ) { - if ( in_array( $category_id, $restrictions ) ) return 2; - } - - // no restriction found : the user is allowed to access this category - return 0; -} - /** * returns an array containing sub-directories which can be a category * @@ -842,8 +692,8 @@ function mass_updates($tablename, $dbfields, $datas) // depending on the MySQL version, we use the multi table update or N // update queries $query = 'SELECT VERSION() AS version;'; - $row = mysql_fetch_array(pwg_query($query)); - if (count($datas) < 10 or version_compare($row['version'],'4.0.4') < 0) + list($mysql_version) = mysql_fetch_array(pwg_query($query)); + if (count($datas) < 10 or version_compare($mysql_version, '4.0.4') < 0) { // MySQL is prior to version 4.0.4, multi table update feature is not // available @@ -1334,4 +1184,73 @@ function micro_seconds() $t2 = $t1[1].substr($t2[1], 0, 6); return $t2; } + +/** + * compares and synchronizes USERS_TABLE and USER_INFOS_TABLE : each user in + * USERS_TABLE must be present in USER_INFOS_TABLE. + */ +function sync_users() +{ + global $conf; + + $query = ' +SELECT '.$conf['user_fields']['id'].' AS id + FROM '.USERS_TABLE.' +;'; + $base_users = array_from_query($query, 'id'); + + $query = ' +SELECT user_id + FROM '.USER_INFOS_TABLE.' +;'; + $infos_users = array_from_query($query, 'user_id'); + + // users present in $base_users and not in $infos_users must be added + $to_create = array_diff($base_users, $infos_users); + + if (count($to_create) > 0) + { + $inserts = array(); + + list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();')); + + foreach ($to_create as $user_id) + { + $insert = array(); + $insert['user_id'] = $user_id; + $insert['status'] = 'guest'; + $insert['template'] = $conf['default_template']; + $insert['nb_image_line'] = $conf['nb_image_line']; + $insert['nb_line_page'] = $conf['nb_line_page']; + $insert['language'] = $conf['default_language']; + $insert['recent_period'] = $conf['recent_period']; + $insert['feed_id'] = find_available_feed_id(); + $insert['expand'] = boolean_to_string($conf['auto_expand']); + $insert['show_nb_comments'] = + boolean_to_string($conf['show_nb_comments']); + $insert['maxwidth'] = $conf['default_maxwidth']; + $insert['maxheight'] = $conf['default_maxheight']; + $insert['registration_date'] = $dbnow; + + array_push($inserts, $insert); + } + + mass_inserts(USER_INFOS_TABLE, + array_keys($inserts[0]), + $inserts); + } + + // users present in $infos_users and not in $base_users must be deleted + $to_delete = array_diff($infos_users, $base_users); + + if (count($to_delete) > 0) + { + $query = ' +DELETE + FROM '.USER_INFOS_TABLE.' + WHERE user_id in ('.implode(',', $to_delete).') +;'; + pwg_query($query); + } +} ?> diff --git a/admin/search.php b/admin/search.php index e6eab6258..482d6afbc 100644 --- a/admin/search.php +++ b/admin/search.php @@ -73,7 +73,7 @@ if ( !empty($search_match) ) $sql = "SELECT username FROM " . USERS_TABLE . " WHERE username LIKE '" . str_replace("\'", "''", $username_search) . "' - AND id <> ".ANONYMOUS." + AND id <> ".$conf['guest_id']." ORDER BY username"; if ( !($result = pwg_query($sql)) ) { diff --git a/admin/user_list.php b/admin/user_list.php index 9ffc84e10..aa1bbff22 100644 --- a/admin/user_list.php +++ b/admin/user_list.php @@ -45,10 +45,7 @@ include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); if (isset($_POST['submit_add'])) { - $page['errors'] = register_user($_POST['login'], - $_POST['password'], - $_POST['password'], - ''); + $page['errors'] = register_user($_POST['login'], $_POST['password'], ''); } // +-----------------------------------------------------------------------+ @@ -66,7 +63,7 @@ if (isset($_POST['pref_submit'])) $query = ' SELECT id FROM '.USERS_TABLE.' - WHERE id != 2 + WHERE id != '.$conf['guest_id'].' ;'; $collection = array_from_query($query, 'id'); break; @@ -123,7 +120,7 @@ DELETE FROM '.USER_GROUP_TABLE.' // properties to set for the collection (a user list) $datas = array(); - $dbfields = array('primary' => array('id'), 'update' => array()); + $dbfields = array('primary' => array('user_id'), 'update' => array()); $formfields = array('nb_image_line', 'nb_line_page', 'template', 'language', @@ -146,7 +143,7 @@ DELETE FROM '.USER_GROUP_TABLE.' foreach ($collection as $user_id) { $data = array(); - $data['id'] = $user_id; + $data['user_id'] = $user_id; // TODO : verify if submited values are semanticaly correct foreach ($dbfields['update'] as $dbfield) @@ -168,7 +165,7 @@ DELETE FROM '.USER_GROUP_TABLE.' array_push($datas, $data); } - mass_updates(USERS_TABLE, $dbfields, $datas); + mass_updates(USER_INFOS_TABLE, $dbfields, $datas); } } else @@ -202,7 +199,7 @@ $template->set_filenames(array('user_list'=>'admin/user_list.tpl')); $base_url = add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_list'); -$conf['users_page'] = 10; +$conf['users_page'] = 20; if (isset($_GET['start']) and is_numeric($_GET['start'])) { @@ -317,7 +314,7 @@ $template->assign_block_vars( 'SELECTED' => '' )); -foreach (get_enums(USERS_TABLE, 'status') as $status) +foreach (get_enums(USER_INFOS_TABLE, 'status') as $status) { $selected = (isset($_GET['status']) and $_GET['status'] == $status) ? 'selected="selected"' : ''; @@ -432,7 +429,7 @@ foreach (get_languages() as $language_code => $language_name) $blockname = 'pref_status_option'; -foreach (get_enums(USERS_TABLE, 'status') as $status) +foreach (get_enums(USER_INFOS_TABLE, 'status') as $status) { if (isset($_POST['pref_submit'])) { @@ -550,7 +547,7 @@ if (isset($_GET['group']) } if (isset($_GET['status']) - and in_array($_GET['status'], get_enums(USERS_TABLE, 'status'))) + and in_array($_GET['status'], get_enums(USER_INFOS_TABLE, 'status'))) { $filter['status'] = $_GET['status']; } @@ -560,23 +557,27 @@ if (isset($_GET['status']) // +-----------------------------------------------------------------------+ $query = ' -SELECT COUNT(DISTINCT(id)) - FROM '.USERS_TABLE.' LEFT JOIN '.USER_GROUP_TABLE.' ON id = user_id - WHERE id != 2'; +SELECT COUNT(DISTINCT u.'.$conf['user_fields']['id'].') + FROM '.USERS_TABLE.' AS u + INNER JOIN '.USER_INFOS_TABLE.' AS ui + ON u.'.$conf['user_fields']['id'].' = ui.user_id + LEFT JOIN '.USER_GROUP_TABLE.' AS ug + ON u.'.$conf['user_fields']['id'].' = ug.user_id + WHERE u.'.$conf['user_fields']['id'].' != '.$conf['guest_id']; if (isset($filter['username'])) { $query.= ' - AND username LIKE \''.$filter['username'].'\''; + AND u.'.$conf['user_fields']['username'].' LIKE \''.$filter['username'].'\''; } if (isset($filter['group'])) { $query.= ' - AND group_id = '.$filter['group']; + AND ug.group_id = '.$filter['group']; } if (isset($filter['status'])) { $query.= ' - AND status = \''.$filter['status']."'"; + AND ui.status = \''.$filter['status']."'"; } $query.= ' ;'; @@ -617,9 +618,16 @@ if (isset($_GET['direction']) } $query = ' -SELECT DISTINCT(id), username, mail_address, status - FROM '.USERS_TABLE.' LEFT JOIN '.USER_GROUP_TABLE.' ON id = user_id - WHERE id != 2'; +SELECT DISTINCT u.'.$conf['user_fields']['id'].' AS id, + u.'.$conf['user_fields']['username'].' AS username, + u.'.$conf['user_fields']['email'].' AS email, + ui.status + FROM '.USERS_TABLE.' AS u + INNER JOIN '.USER_INFOS_TABLE.' AS ui + ON u.'.$conf['user_fields']['id'].' = ui.user_id + LEFT JOIN '.USER_GROUP_TABLE.' AS ug + ON u.'.$conf['user_fields']['id'].' = ug.user_id + WHERE id != '.$conf['guest_id']; if (isset($filter['username'])) { $query.= ' @@ -628,12 +636,12 @@ if (isset($filter['username'])) if (isset($filter['group'])) { $query.= ' - AND group_id = '.$filter['group']; + AND ug.group_id = '.$filter['group']; } if (isset($filter['status'])) { $query.= ' - AND status = \''.$filter['status']."'"; + AND ui.status = \''.$filter['status']."'"; } $query.= ' ORDER BY '.$order_by.' '.$direction.' @@ -687,7 +695,7 @@ SELECT user_id, group_id 'U_PERM'=>add_session_id($perm_url.$item['id']), 'USERNAME'=>$item['username'], 'STATUS'=>$lang['user_status_'.$item['status']], - 'EMAIL'=>isset($item['mail_address']) ? $item['mail_address'] : '', + 'EMAIL'=>isset($item['email']) ? $item['email'] : '', 'GROUPS'=>$groups_string )); } diff --git a/category.php b/category.php index bc93cdb38..81db39d09 100644 --- a/category.php +++ b/category.php @@ -171,7 +171,7 @@ $template->assign_vars(array( 'U_REGISTER' => add_session_id( PHPWG_ROOT_PATH.'register.php' ), 'U_LOGOUT' => PHPWG_ROOT_PATH.'category.php?act=logout', 'U_ADMIN'=>add_session_id( PHPWG_ROOT_PATH.'admin.php' ), - 'U_PROFILE'=>add_session_id(PHPWG_ROOT_PATH.'profile.php?'.str_replace( '&', '&', $_SERVER['QUERY_STRING'] )), + 'U_PROFILE'=>add_session_id(PHPWG_ROOT_PATH.'profile.php'), 'U_CADDIE'=>add_session_id(PHPWG_ROOT_PATH.'category.php'.get_query_string_diff(array('caddie')).'&caddie=1') ) ); @@ -311,7 +311,7 @@ $template->assign_block_vars( 'TITLE'=>l10n('RSS notification feed'), 'NAME'=>l10n('Notification feed'), 'U_SUMMARY'=> - 'feed.php'.(ANONYMOUS != $user['id'] ? '?feed='.$user['feed_id'] : '') + 'feed.php'.($user['is_the_guest'] ? '?feed='.$user['feed_id'] : '') )); //------------------------------------------------------ main part : thumbnails diff --git a/doc/ChangeLog b/doc/ChangeLog index 2d03a1fbf..eca7006ff 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,28 @@ +2005-08-08 Pierrick LE GALL + + * new : external authentication in another users table. Previous + users table is divided between users (common properties with any + web application) and user_infos (phpwebgallery specific + informations). External table and fields can be configured. + + * modification : profile.php is not reachable through + administration anymore (not useful). + + * modification : in profile.php, current password is mandatory + only if user tries to change his password. Username can't be + changed. + + * deletion : of obsolete functions get_user_restrictions, + update_user_restrictions, get_user_all_restrictions, + is_user_allowed, update_user + + * modification : $user['forbidden_categories'] equals at least + "-1" so that category_id NOT IN ($user['forbidden_categories']) + can always be used. + + * modification : user_forbidden table becomes user_cache so that + not only restriction informations can be stored in this table. + 2005-07-17 Pierrick LE GALL * improvement : in admin/element_set_global, javascript is not diff --git a/feed.php b/feed.php index 40c833e02..32c492032 100644 --- a/feed.php +++ b/feed.php @@ -130,12 +130,12 @@ SELECT DISTINCT category_id function new_users($start, $end) { $query = ' -SELECT id - FROM '.USERS_TABLE.' +SELECT user_id + FROM '.USER_INFOS_TABLE.' WHERE registration_date > \''.$start.'\' AND registration_date <= \''.$end.'\' ;'; - return array_from_query($query, 'id'); + return array_from_query($query, 'user_id'); } /** @@ -268,15 +268,17 @@ if (isset($_GET['feed']) and preg_match('/^[A-Za-z0-9]{50}$/', $_GET['feed'])) { $query = ' -SELECT id, status, last_feed_check - FROM '.USERS_TABLE.' +SELECT user_id AS id, + status, + last_feed_check + FROM '.USER_INFOS_TABLE.' WHERE feed_id = \''.$_GET['feed'].'\' ;'; $user = mysql_fetch_array(pwg_query($query)); } else { - $user = array('id' => ANONYMOUS, + $user = array('id' => $conf['guest_id'], 'status' => 'guest'); } @@ -300,7 +302,7 @@ $rss->link = 'http://phpwebgallery.net'; // | Feed creation | // +-----------------------------------------------------------------------+ -if (ANONYMOUS != $user['id']) +if ($conf['guest_id'] != $user['id']) { $news = news($user['last_feed_check'], $dbnow); @@ -330,9 +332,9 @@ if (ANONYMOUS != $user['id']) } $query = ' -UPDATE '.USERS_TABLE.' +UPDATE '.USER_INFOS_TABLE.' SET last_feed_check = \''.$dbnow.'\' - WHERE id = '.$user['id'].' + WHERE user_id = '.$user['id'].' ;'; pwg_query($query); } diff --git a/identification.php b/identification.php index 5b7a776ef..2301934dd 100644 --- a/identification.php +++ b/identification.php @@ -33,14 +33,16 @@ include_once( PHPWG_ROOT_PATH.'include/common.inc.php' ); $errors = array(); if (isset($_POST['login'])) { + $username = mysql_escape_string($_POST['username']); // retrieving the encrypted password of the login submitted $query = ' -SELECT id, password +SELECT '.$conf['user_fields']['id'].' AS id, + '.$conf['user_fields']['password'].' AS password FROM '.USERS_TABLE.' - WHERE username = \''.$_POST['username'].'\' + WHERE '.$conf['user_fields']['username'].' = \''.$username.'\' ;'; $row = mysql_fetch_array(pwg_query($query)); - if ($row['password'] == md5($_POST['password'])) + if ($row['password'] == $conf['pass_convert']($_POST['password'])) { $session_length = $conf['session_length']; if ($conf['authorize_remembering'] diff --git a/include/common.inc.php b/include/common.inc.php index a57e00641..afed22c87 100644 --- a/include/common.inc.php +++ b/include/common.inc.php @@ -120,9 +120,9 @@ if (!defined('PHPWG_INSTALLED')) exit; } -include(PHPWG_ROOT_PATH . 'include/constants.php'); include(PHPWG_ROOT_PATH . 'include/config_default.inc.php'); @include(PHPWG_ROOT_PATH. 'include/config_local.inc.php'); +include(PHPWG_ROOT_PATH . 'include/constants.php'); include(PHPWG_ROOT_PATH . 'include/functions.inc.php'); include(PHPWG_ROOT_PATH . 'include/template.php'); @@ -164,4 +164,43 @@ while ( $row =mysql_fetch_array( $result ) ) } include(PHPWG_ROOT_PATH.'include/user.inc.php'); + +// language files +$user_langdir = PHPWG_ROOT_PATH.'language/'.$user['language']; +$conf_langdir = PHPWG_ROOT_PATH.'language/'.$conf['default_language']; + +if (file_exists($user_langdir.'/common.lang.php')) +{ + include_once($user_langdir.'/common.lang.php'); +} +else +{ + include_once($conf_langdir.'/common.lang.php'); +} + +// The administration section requires 2 more language files +if (defined('IN_ADMIN') and IN_ADMIN) +{ + foreach (array('admin', 'faq') as $section) + { + if (file_exists($user_langdir.'/'.$section.'.lang.php')) + { + include_once($user_langdir.'/'.$section.'.lang.php'); + } + else + { + include_once($conf_langdir.'/'.$section.'.lang.php'); + } + } +} + +// only now we can set the localized username of the guest user (and not in +// include/user.inc.php) +if ($user['is_the_guest']) +{ + $user['username'] = $lang['guest']; +} + +// template instance +$template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template']); ?> diff --git a/include/config_default.inc.php b/include/config_default.inc.php index 8debb63f0..d641223da 100644 --- a/include/config_default.inc.php +++ b/include/config_default.inc.php @@ -227,4 +227,29 @@ $conf['show_picture_name_on_title'] = true; // apache_authentication : use Apache authentication as reference instead of // users table ? $conf['apache_authentication'] = false; + +// debug_l10n : display a warning message each time an unset language key is +// accessed +$conf['debug_l10n'] = false; + +// users_table : which table is the reference for users ? Can be a different +// table than PhpWebGallery table +$conf['users_table'] = $prefixeTable.'users'; + +// user_fields : mapping between generic field names and table specific +// field names. For example, in PWG, the mail address is names +// "mail_address" and in punbb, it's called "email". +$conf['user_fields'] = array( + 'id' => 'id', + 'username' => 'username', + 'password' => 'password', + 'email' => 'mail_address' + ); + +// pass_convert : function to crypt or hash the clear user password to store +// it in the database +$conf['pass_convert'] = create_function('$s', 'return md5($s);'); + +// guest_id : id of the anonymous user +$conf['guest_id'] = 2; ?> diff --git a/include/constants.php b/include/constants.php index 75764f1a5..258583305 100644 --- a/include/constants.php +++ b/include/constants.php @@ -30,9 +30,6 @@ define('PHPWG_VERSION', '%PWGVERSION%'); define('PHPWG_URL', 'http://www.phpwebgallery.net'); define('PHPWG_FORUM_URL', 'http://forum.phpwebgallery.net'); -// User level -define('ANONYMOUS', 2); - // Error codes define('GENERAL_MESSAGE', 200); define('GENERAL_ERROR', 202); @@ -53,10 +50,11 @@ define('SESSIONS_TABLE', $prefixeTable.'sessions'); define('SITES_TABLE', $prefixeTable.'sites'); define('USER_ACCESS_TABLE', $prefixeTable.'user_access'); define('USER_GROUP_TABLE', $prefixeTable.'user_group'); -define('USERS_TABLE', $prefixeTable.'users'); +define('USERS_TABLE', $conf['users_table']); +define('USER_INFOS_TABLE', $prefixeTable.'user_infos'); define('WAITING_TABLE', $prefixeTable.'waiting'); define('IMAGE_METADATA_TABLE', $prefixeTable.'image_metadata'); define('RATE_TABLE', $prefixeTable.'rate'); -define('USER_FORBIDDEN_TABLE', $prefixeTable.'user_forbidden'); +define('USER_CACHE_TABLE', $prefixeTable.'user_cache'); define('CADDIE_TABLE', $prefixeTable.'caddie'); ?> diff --git a/include/functions.inc.php b/include/functions.inc.php index 2b1668de9..8a3a1f116 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -774,8 +774,13 @@ function get_name_from_file($filename) */ function l10n($key) { - global $lang; + global $lang, $conf; - return (isset($lang[$key])) ? $lang[$key] : $key; + if ($conf['debug_l10n']) + { + echo '[l10n] language key "'.$key.'" is not defined
'; + } + + return isset($lang[$key]) ? $lang[$key] : $key; } ?> diff --git a/include/functions_category.inc.php b/include/functions_category.inc.php index 383c0fa5d..005452db1 100644 --- a/include/functions_category.inc.php +++ b/include/functions_category.inc.php @@ -40,11 +40,11 @@ * @param int category id to verify * @return void */ -function check_restrictions( $category_id ) +function check_restrictions($category_id) { - global $user,$lang; + global $user, $lang; - if ( in_array( $category_id, $user['restrictions'] ) ) + if (in_array($category_id, explode(',', $user['forbidden_categories']))) { echo '
'.$lang['access_forbiden'].'
'; echo ''; @@ -167,18 +167,12 @@ function count_user_total_images() $query = ' SELECT COUNT(DISTINCT(image_id)) as total - FROM '.IMAGE_CATEGORY_TABLE; - if (count($user['restrictions']) > 0) - { - $query.= ' - WHERE category_id NOT IN ('.$user['forbidden_categories'].')'; - } - $query.= ' + FROM '.IMAGE_CATEGORY_TABLE.' + WHERE category_id NOT IN ('.$user['forbidden_categories'].') ;'; - - $row = mysql_fetch_array(pwg_query($query)); - - return isset($row['total']) ? $row['total'] : 0; + list($total) = mysql_fetch_array(pwg_query($query)); + + return $total; } /** diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php index b2509e1c1..8a3bb911c 100644 --- a/include/functions_session.inc.php +++ b/include/functions_session.inc.php @@ -109,28 +109,23 @@ function add_session_id( $url, $redirect = false ) { global $page, $user, $conf; - if ( $user['has_cookie'] or $conf['apache_authentication']) return $url; - - $amp = '&'; - if ( $redirect ) + if ($user['is_the_guest'] + or $user['has_cookie'] + or $conf['apache_authentication']) { - $amp = '&'; + return $url; } - if ( !$user['is_the_guest'] ) + + if (preg_match('/\.php\?/', $url)) { - if ( preg_match( '/\.php\?/',$url ) ) - { - return $url.$amp.'id='.$page['session_id']; - } - else - { - return $url.'?id='.$page['session_id']; - } + $separator = $redirect ? '&' : '&'; } else { - return $url; + $separator = '?'; } + + return $url.$separator.'id='.$page['session_id']; } // cookie_path returns the path to use for the PhpWebGallery cookie. diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 1a2709254..0147dcac5 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -45,16 +45,11 @@ function validate_mail_address( $mail_address ) } } -function register_user($login, $password, $password_conf, - $mail_address, $status = 'guest') +function register_user($login, $password, $mail_address) { global $lang, $conf; $errors = array(); - // login must not - // 1. be empty - // 2. start ou end with space character - // 4. be already used if ($login == '') { array_push($errors, $lang['reg_err_login1']); @@ -67,121 +62,33 @@ function register_user($login, $password, $password_conf, { array_push($errors, $lang['reg_err_login3']); } - - $query = ' -SELECT id - FROM '.USERS_TABLE.' - WHERE username = \''.mysql_escape_string($login).'\' -;'; - $result = pwg_query($query); - if (mysql_num_rows($result) > 0) + if (get_userid($login)) { array_push($errors, $lang['reg_err_login5']); } - - // given password must be the same as the confirmation - if ($password != $password_conf) + $mail_error = validate_mail_address($mail_address); + if ('' != $mail_error) { - array_push($errors, $lang['reg_err_pass']); - } - - $error_mail_address = validate_mail_address($mail_address); - if ($error_mail_address != '') - { - array_push($errors, $error_mail_address); + array_push($errors, $mail_error); } // if no error until here, registration of the user if (count($errors) == 0) { - $insert = array(); - $insert['username'] = mysql_escape_string($login); - $insert['password'] = md5($password); - $insert['status'] = $status; - $insert['template'] = $conf['default_template']; - $insert['nb_image_line'] = $conf['nb_image_line']; - $insert['nb_line_page'] = $conf['nb_line_page']; - $insert['language'] = $conf['default_language']; - $insert['recent_period'] = $conf['recent_period']; - $insert['feed_id'] = find_available_feed_id(); - $insert['expand'] = boolean_to_string($conf['auto_expand']); - $insert['show_nb_comments'] = boolean_to_string($conf['show_nb_comments']); - if ( $mail_address != '' ) - { - $insert['mail_address'] = $mail_address; - } - if ($conf['default_maxwidth'] != '') - { - $insert['maxwidth'] = $conf['default_maxwidth']; - } - if ($conf['default_maxheight'] != '') - { - $insert['maxheight'] = $conf['default_maxheight']; - } + $insert = + array( + $conf['user_fields']['username'] => mysql_escape_string($login), + $conf['user_fields']['password'] => $conf['pass_convert']($password), + $conf['user_fields']['email'] => $mail_address + ); - $query = ' -INSERT INTO '.USERS_TABLE.' - ('.implode(',', array_keys($insert)).') - VALUES - ('; - $is_first = true; - foreach (array_keys($insert) as $field) - { - if (!$is_first) - { - $query.= ','; - } - $query.= "'".$insert[$field]."'"; - $is_first = false; - } - $query.= ') -;'; - pwg_query($query); - - $query = ' -UPDATE '.USERS_TABLE.' - SET registration_date = NOW() - WHERE id = '.mysql_insert_id().' -;'; - pwg_query($query); + include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + mass_inserts(USERS_TABLE, array_keys($insert), array($insert)); + + create_user_infos(mysql_insert_id()); } - return $errors; -} - -function update_user( $user_id, $mail_address, $status, - $use_new_password = false, $password = '' ) -{ - $error = array(); - $i = 0; - $error_mail_address = validate_mail_address( $mail_address ); - if ( $error_mail_address != '' ) - { - $error[$i++] = $error_mail_address; - } - - if ( sizeof( $error ) == 0 ) - { - $query = 'UPDATE '.USERS_TABLE; - $query.= " SET status = '".$status."'"; - if ( $use_new_password ) - { - $query.= ", password = '".md5( $password )."'"; - } - $query.= ', mail_address = '; - if ( $mail_address != '' ) - { - $query.= "'".$mail_address."'"; - } - else - { - $query.= 'NULL'; - } - $query.= ' WHERE id = '.$user_id; - $query.= ';'; - pwg_query( $query ); - } - return $error; + return $errors; } function check_login_authorization($guest_allowed = true) @@ -212,13 +119,107 @@ function setup_style($style) return new Template(PHPWG_ROOT_PATH.'template/'.$style); } -function getuserdata($user) +/** + * find informations related to the user identifier + * + * @param int user identifier + * @param boolean use_cache + * @param array + */ +function getuserdata($user_id, $use_cache) { - $sql = "SELECT * FROM " . USERS_TABLE; - $sql.= " WHERE "; - $sql .= ( ( is_integer($user) ) ? "id = $user" : "username = '" . str_replace("\'", "''", $user) . "'" ) . " AND id <> " . ANONYMOUS; - $result = pwg_query($sql); - return ( $row = mysql_fetch_array($result) ) ? $row : false; + global $conf; + + $userdata = array(); + + $query = ' +SELECT '; + $is_first = true; + foreach ($conf['user_fields'] as $pwgfield => $dbfield) + { + if ($is_first) + { + $is_first = false; + } + else + { + $query.= ' + , '; + } + $query.= $dbfield.' AS '.$pwgfield; + } + $query.= ' + FROM '.USERS_TABLE.' + WHERE '.$conf['user_fields']['id'].' = \''.$user_id.'\' +;'; + + $row = mysql_fetch_array(pwg_query($query)); + + while (true) + { + $query = ' +SELECT ui.*, uc.* + FROM '.USER_INFOS_TABLE.' AS ui LEFT JOIN '.USER_CACHE_TABLE.' AS uc + ON ui.user_id = uc.user_id + WHERE ui.user_id = \''.$user_id.'\' +;'; + $result = pwg_query($query); + if (mysql_num_rows($result) > 0) + { + break; + } + else + { + create_user_infos($user_id); + } + } + + $row = array_merge($row, mysql_fetch_array($result)); + + foreach ($row as $key => $value) + { + if (!is_numeric($key)) + { + // If the field is true or false, the variable is transformed into a + // boolean value. + if ($value == 'true' or $value == 'false') + { + $userdata[$key] = get_boolean($value); + } + else + { + $userdata[$key] = $value; + } + } + } + + if ($use_cache) + { + if (!isset($userdata['need_update']) + or !is_bool($userdata['need_update']) + or $userdata['need_update'] == true) + { + $userdata['forbidden_categories'] = + calculate_permissions($userdata['id'], $userdata['status']); + + // update user cache + $query = ' +DELETE FROM '.USER_CACHE_TABLE.' + WHERE user_id = '.$userdata['id'].' +;'; + pwg_query($query); + + $query = ' +INSERT INTO '.USER_CACHE_TABLE.' + (user_id,need_update,forbidden_categories) + VALUES + ('.$userdata['id'].',\'false\',\''.$userdata['forbidden_categories'].'\') +;'; + pwg_query($query); + } + } + + return $userdata; } /* @@ -261,11 +262,12 @@ DELETE FROM '.FAVORITES_TABLE.' } /** - * update table user_forbidden for the given user + * calculates the list of forbidden categories for a given user * - * table user_forbidden contains calculated data. Calculation is based on - * private categories minus categories authorized to the groups the user - * belongs to minus the categories directly authorized to the user + * Calculation is based on private categories minus categories authorized to + * the groups the user belongs to minus the categories directly authorized + * to the user. The list contains at least -1 to be compliant with queries + * such as "WHERE category_id NOT IN ($forbidden_categories)" * * @param int user_id * @param string user_status @@ -310,11 +312,7 @@ SELECT cat_id FROM '.USER_ACCESS_TABLE.' WHERE user_id = '.$user_id.' ;'; - $result = pwg_query($query); - while ($row = mysql_fetch_array($result)) - { - array_push($authorized_array, $row['cat_id']); - } + $authorized_array = array_from_query($query, 'cat_id'); // retrieve category ids authorized to the groups the user belongs to $query = ' @@ -323,11 +321,11 @@ SELECT cat_id ON ug.group_id = ga.group_id WHERE ug.user_id = '.$user_id.' ;'; - $result = pwg_query($query); - while ($row = mysql_fetch_array($result)) - { - array_push($authorized_array, $row['cat_id']); - } + $authorized_array = + array_merge( + $authorized_array, + array_from_query($query, 'cat_id') + ); // uniquify ids : some private categories might be authorized for the // groups and for the user @@ -336,23 +334,12 @@ SELECT cat_id // only unauthorized private categories are forbidden $forbidden_array = array_diff($private_array, $authorized_array); - $query = ' -DELETE FROM '.USER_FORBIDDEN_TABLE.' - WHERE user_id = '.$user_id.' -;'; - pwg_query($query); - - $forbidden_categories = implode(',', $forbidden_array); + // at least, the list contains -1 values. This category does not exists so + // where clauses such as "WHERE category_id NOT IN(-1)" will always be + // true. + array_push($forbidden_array, '-1'); - $query = ' -INSERT INTO '.USER_FORBIDDEN_TABLE.' - (user_id,need_update,forbidden_categories) - VALUES - ('.$user_id.',\'false\',\''.$forbidden_categories.'\') -;'; - pwg_query($query); - - return $forbidden_categories; + return implode(',', $forbidden_array); } /** @@ -363,10 +350,12 @@ INSERT INTO '.USER_FORBIDDEN_TABLE.' */ function get_username($user_id) { + global $conf; + $query = ' -SELECT username +SELECT '.$conf['user_fields']['username'].' FROM '.USERS_TABLE.' - WHERE id = '.intval($user_id).' + WHERE '.$conf['user_fields']['id'].' = '.intval($user_id).' ;'; $result = pwg_query($query); if (mysql_num_rows($result) > 0) @@ -381,6 +370,36 @@ SELECT username return $username; } +/** + * returns user identifier thanks to his name, false if not found + * + * @param string username + * @param int user identifier + */ +function get_userid($username) +{ + global $conf; + + $username = mysql_escape_string($username); + + $query = ' +SELECT '.$conf['user_fields']['id'].' + FROM '.USERS_TABLE.' + WHERE '.$conf['user_fields']['username'].' = \''.$username.'\' +;'; + $result = pwg_query($query); + + if (mysql_num_rows($result) == 0) + { + return false; + } + else + { + list($user_id) = mysql_fetch_row($result); + return $user_id; + } +} + /** * search an available feed_id * @@ -393,7 +412,7 @@ function find_available_feed_id() $key = generate_key(50); $query = ' SELECT COUNT(*) - FROM '.USERS_TABLE.' + FROM '.USER_INFOS_TABLE.' WHERE feed_id = \''.$key.'\' ;'; list($count) = mysql_fetch_row(pwg_query($query)); @@ -403,4 +422,36 @@ SELECT COUNT(*) } } } -?> + +/** + * add user informations based on default values + * + * @param int user_id + */ +function create_user_infos($user_id) +{ + global $conf; + + list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();')); + + $insert = + array( + 'user_id' => $user_id, + 'status' => 'guest', + 'template' => $conf['default_template'], + 'nb_image_line' => $conf['nb_image_line'], + 'nb_line_page' => $conf['nb_line_page'], + 'language' => $conf['default_language'], + 'recent_period' => $conf['recent_period'], + 'feed_id' => find_available_feed_id(), + 'expand' => boolean_to_string($conf['auto_expand']), + 'show_nb_comments' => boolean_to_string($conf['show_nb_comments']), + 'maxwidth' => $conf['default_maxwidth'], + 'maxheight' => $conf['default_maxheight'], + 'registration_date' => $dbnow + ); + + include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + mass_inserts(USER_INFOS_TABLE, array_keys($insert), array($insert)); +} +?> \ No newline at end of file diff --git a/include/user.inc.php b/include/user.inc.php index 56b36039c..4c3e0fb6a 100644 --- a/include/user.inc.php +++ b/include/user.inc.php @@ -38,7 +38,6 @@ // pwg_query($query); // } - // retrieving connected user informations if (isset($_COOKIE['id'])) { @@ -87,65 +86,24 @@ DELETE FROM '.SESSIONS_TABLE.' } if (!isset($user['id'])) { - $user['id'] = 2; + $user['id'] = $conf['guest_id']; $user['is_the_guest'] = true; } // using Apache authentication override the above user search if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER'])) { - $query = ' -SELECT id - FROM '.USERS_TABLE.' - WHERE username = \''.mysql_escape_string($_SERVER['REMOTE_USER']).'\' -;'; - $result = pwg_query($query); - - if (mysql_num_rows($result) == 0) + if (!($user['id'] = get_userid($_SERVER['REMOTE_USER']))) { - register_user($_SERVER['REMOTE_USER'], '', '', ''); - - $query = ' -SELECT id - FROM '.USERS_TABLE.' - WHERE username = \''.mysql_escape_string($_SERVER['REMOTE_USER']).'\' -;'; - list($user['id']) = mysql_fetch_row(pwg_query($query)); + register_user($_SERVER['REMOTE_USER'], '', ''); + $user['id'] = get_userid($_SERVER['REMOTE_USER']); } - else - { - list($user['id']) = mysql_fetch_row($result); - } - + $user['is_the_guest'] = false; } -$query = ' -SELECT u.*, uf.* - FROM '.USERS_TABLE.' AS u LEFT JOIN '.USER_FORBIDDEN_TABLE.' AS uf - ON id = user_id - WHERE u.id = '.$user['id'].' -;'; -$row = mysql_fetch_array(pwg_query($query)); - -// affectation of each value retrieved in the users table into a variable of -// the array $user. -foreach ($row as $key => $value) -{ - if (!is_numeric($key)) - { - // If the field is true or false, the variable is transformed into a - // boolean value. - if ($value == 'true' or $value == 'false') - { - $user[$key] = get_boolean($value); - } - else - { - $user[$key] = $value; - } - } -} +$use_cache = (defined('IN_ADMIN') and IN_ADMIN) ? false : true; +$user = array_merge($user, getuserdata($user['id'], $use_cache)); // properties of user guest are found in the configuration if ($user['is_the_guest']) @@ -161,66 +119,6 @@ if ($user['is_the_guest']) $user['show_nb_comments'] = $conf['show_nb_comments']; } -// if no information were found about user in user_forbidden table OR the -// forbidden categories must be updated : only if current user is in public -// part -if (!defined('IN_ADMIN') or !IN_ADMIN) -{ - if (!isset($user['need_update']) - or !is_bool($user['need_update']) - or $user['need_update'] == true) - { - $user['forbidden_categories'] = calculate_permissions($user['id'], - $user['status']); - } -} - -// forbidden_categories is a must be empty, at least -if (!isset($user['forbidden_categories'])) -{ - $user['forbidden_categories'] = ''; -} - -// special for $user['restrictions'] array -$user['restrictions'] = explode(',', $user['forbidden_categories']); -if ($user['restrictions'][0] == '') -{ - $user['restrictions'] = array(); -} - // calculation of the number of picture to display per page $user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page']; - -if (empty($user['language']) - or !file_exists(PHPWG_ROOT_PATH.'language/'. - $user['language'].'/common.lang.php')) -{ - $user['language'] = $conf['default_language']; -} -include_once(PHPWG_ROOT_PATH.'language/'.$user['language'].'/common.lang.php'); - -// displaying the username in the language of the connected user, instead of -// "guest" as you can find in the database -if ($user['is_the_guest']) -{ - $user['username'] = $lang['guest']; -} - -// only if we are in the administration section -if (defined('IN_ADMIN') and IN_ADMIN) -{ - $langdir = PHPWG_ROOT_PATH.'language/'.$user['language']; - if (!file_exists($langdir.'/admin.lang.php')) - { - $langdir = PHPWG_ROOT_PATH.'language/'.$conf['default_language']; - } - include_once($langdir.'/admin.lang.php'); - include_once($langdir.'/faq.lang.php'); -} - -if (empty($user['template'])) -{ - $user['template'] = $conf['default_template']; -} -$template = setup_style($user['template']); ?> diff --git a/install.php b/install.php index e4e38fafe..2f5ea3f30 100644 --- a/install.php +++ b/install.php @@ -300,26 +300,45 @@ if ( isset( $_POST['install'] )) mysql_query( $query ); // webmaster admin user - $query = 'INSERT INTO '.USERS_TABLE; - $query.= ' (id,username,password,status,language,mail_address) VALUES '; - $query.= "(1,'".$admin_name."','".md5( $admin_pass1 )."'"; - $query.= ",'admin','".$language."'"; - $query.= ",'".$admin_mail."');"; + $query = ' +INSERT INTO '.USERS_TABLE.' + (id,username,password,mail_address) + VALUES + (1,\''.$admin_name.'\',\''.md5($admin_pass1).'\',\''.$admin_mail.'\') +;'; mysql_query($query); $query = ' -UPDATE '.USERS_TABLE.' +INSERT INTO '.USER_INFOS_TABLE.' + (user_id,status,language) + VALUES + (1, \'admin\', \''.$language.'\') +;'; + mysql_query($query); + + $query = ' +UPDATE '.USER_INFOS_TABLE.' SET feed_id = \''.find_available_feed_id().'\' - WHERE id = 1 + WHERE user_id = 1 ;'; mysql_query($query); - + // guest user - $query = 'INSERT INTO '.USERS_TABLE; - $query.= '(id,username,password,status,language) VALUES '; - $query.= "(2,'guest','','guest','".$language."')"; - $query.= ';'; - mysql_query( $query ); + $query = ' +INSERT INTO '.USERS_TABLE.' + (id,username,password,mail_address) + VALUES + (2,\'guest\',\'\',\'\') +;'; + mysql_query($query); + + $query = ' +INSERT INTO '.USER_INFOS_TABLE.' + (user_id,status,language) + VALUES + (2, \'guest\', \''.$language.'\') +;'; + mysql_query($query); } } diff --git a/install/phpwebgallery_structure.sql b/install/phpwebgallery_structure.sql index 9ca7af0a7..98e81b3e9 100644 --- a/install/phpwebgallery_structure.sql +++ b/install/phpwebgallery_structure.sql @@ -212,11 +212,11 @@ CREATE TABLE `phpwebgallery_user_access` ( ) TYPE=MyISAM; -- --- Table structure for table `phpwebgallery_user_forbidden` +-- Table structure for table `phpwebgallery_user_cache` -- -DROP TABLE IF EXISTS `phpwebgallery_user_forbidden`; -CREATE TABLE `phpwebgallery_user_forbidden` ( +DROP TABLE IF EXISTS `phpwebgallery_user_cache`; +CREATE TABLE `phpwebgallery_user_cache` ( `user_id` smallint(5) unsigned NOT NULL default '0', `need_update` enum('true','false') NOT NULL default 'true', `forbidden_categories` text, @@ -235,15 +235,12 @@ CREATE TABLE `phpwebgallery_user_group` ( ) TYPE=MyISAM; -- --- Table structure for table `phpwebgallery_users` +-- Table structure for table `phpwebgallery_user_infos` -- -DROP TABLE IF EXISTS `phpwebgallery_users`; -CREATE TABLE `phpwebgallery_users` ( - `id` smallint(5) unsigned NOT NULL auto_increment, - `username` varchar(20) binary NOT NULL default '', - `password` varchar(32) default NULL, - `mail_address` varchar(255) default NULL, +DROP TABLE IF EXISTS `phpwebgallery_user_infos`; +CREATE TABLE `phpwebgallery_user_infos` ( + `user_id` smallint(5) unsigned NOT NULL default '0', `nb_image_line` tinyint(1) unsigned NOT NULL default '5', `nb_line_page` tinyint(3) unsigned NOT NULL default '3', `status` enum('admin','guest') NOT NULL default 'guest', @@ -257,6 +254,19 @@ CREATE TABLE `phpwebgallery_users` ( `last_feed_check` datetime default NULL, `feed_id` varchar(50) binary default NULL, `registration_date` datetime NOT NULL default '0000-00-00 00:00:00', + UNIQUE KEY `user_infos_ui1` (`user_id`) +) TYPE=MyISAM; + +-- +-- Table structure for table `phpwebgallery_users` +-- + +DROP TABLE IF EXISTS `phpwebgallery_users`; +CREATE TABLE `phpwebgallery_users` ( + `id` smallint(5) unsigned NOT NULL auto_increment, + `username` varchar(20) binary NOT NULL default '', + `password` varchar(32) default NULL, + `mail_address` varchar(255) default NULL, PRIMARY KEY (`id`), UNIQUE KEY `users_ui1` (`username`) ) TYPE=MyISAM; diff --git a/profile.php b/profile.php index ff75b0c67..09629ba9f 100644 --- a/profile.php +++ b/profile.php @@ -29,29 +29,15 @@ // +-----------------------------------------------------------------------+ // | initialization | // +-----------------------------------------------------------------------+ -$userdata = array(); -if (defined('IN_ADMIN') and IN_ADMIN and isset($_GET['user_id'])) -{ - $userdata = getuserdata(intval($_GET['user_id'])); -} -elseif (defined('IN_ADMIN') and (isset($_POST['validate'])) ) -{ - $userdata = getuserdata(intval($_POST['userid'])); -} -elseif (!defined('IN_ADMIN') or !IN_ADMIN) -{ - define('PHPWG_ROOT_PATH','./'); - include_once(PHPWG_ROOT_PATH.'include/common.inc.php'); - check_login_authorization(false); - $userdata = $user; -} -//------------------------------------------------------ update & customization -$infos = array('nb_image_line', 'nb_line_page', 'language', - 'maxwidth', 'maxheight', 'expand', 'show_nb_comments', - 'recent_period', 'template', 'mail_address'); +define('PHPWG_ROOT_PATH','./'); +include_once(PHPWG_ROOT_PATH.'include/common.inc.php'); +check_login_authorization(false); +$userdata = $user; + +//------------------------------------------------------ update & customization $errors = array(); -if (isset($_POST['username']) && !isset($_POST['reset'])) +if (isset($_POST['validate'])) { $int_pattern = '/^\d+$/'; @@ -74,153 +60,92 @@ if (isset($_POST['username']) && !isset($_POST['reset'])) array_push($errors, $lang['periods_error']); } - // if mail_address has changed - if (!isset($userdata['mail_address'])) + $mail_error = validate_mail_address($_POST['mail_address']); + if (!empty($mail_error)) { - $userdata['mail_address'] = ''; + array_push($errors, $mail_error); } - - if ($_POST['mail_address'] != @$userdata['mail_address']) + + if (!empty($_POST['use_new_pwd'])) { - if ($user['status'] == 'admin') - { - $mail_error = validate_mail_address($_POST['mail_address']); - if (!empty($mail_error)) - { - array_push($errors, $mail_error); - } - } - else if (!empty($_POST['password'])) + // password must be the same as its confirmation + if ($_POST['use_new_pwd'] != $_POST['passwordConf']) { - array_push($errors, $lang['reg_err_pass']); + array_push($errors, + l10n('New password confirmation does not correspond')); } - else - { - // retrieving the encrypted password of the login submitted - $query = ' + + // changing password requires old password + $query = ' SELECT password FROM '.USERS_TABLE.' - WHERE id = \''.$userdata['id'].'\' + WHERE '.$conf['user_fields']['id'].' = \''.$userdata['id'].'\' ;'; - $row = mysql_fetch_array(pwg_query($query)); - if ($row['password'] == md5($_POST['password'])) - { - $mail_error = validate_mail_address($_POST['mail_address']); - if (!empty($mail_error)) - { - array_push($errors, $mail_error); - } - } - else - { - array_push($errors, $lang['reg_err_pass']); - } - } - } - - // password must be the same as its confirmation - if (!empty($_POST['use_new_pwd']) - and $_POST['use_new_pwd'] != $_POST['passwordConf']) - { - array_push($errors, $lang['reg_err_pass']); - } - - // We check if we are in the admin level - if (isset($_POST['user_delete'])) - { - if ($_POST['userid'] > 2) // gallery founder + guest - { - delete_user($_POST['userid']); - } - else - { - array_push($errors, $lang['user_err_modify']); - } - } - - // We check if we are in the admin level - if (isset($_POST['status']) and $_POST['status'] <> $userdata['status']) - { - if ($_POST['userid'] > 2) // gallery founder + guest - { - array_push($infos, 'status'); - } - else + list($current_password) = mysql_fetch_row(pwg_query($query)); + + if ($conf['pass_convert']($_POST['password']) != $current_password) { - array_push($errors, $lang['user_err_modify']); + array_push($errors, l10n('Current password is wrong')); } } if (count($errors) == 0) { - $query = ' -UPDATE '.USERS_TABLE.' - SET '; - $is_first = true; - foreach ($infos as $i => $info) - { - if (!$is_first) - { - $query.= ' - , '; - } - $is_first = false; - - $query.= $info; - $query.= ' = '; - if ($_POST[$info] == '') - { - $query.= 'NULL'; - } - else - { - $query.= "'".$_POST[$info]."'"; - } - } - $query.= ' - WHERE id = '.$_POST['userid'].' -;'; - pwg_query($query); + // mass_updates function + include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + + // update common user informations + $fields = array($conf['user_fields']['email']); + + $data = array(); + $data{$conf['user_fields']['id']} = $_POST['userid']; + $data{$conf['user_fields']['email']} = $_POST['mail_address']; + // password is updated only if filled if (!empty($_POST['use_new_pwd'])) { - $query = ' -UPDATE '.USERS_TABLE.' - SET password = \''.md5($_POST['use_new_pwd']).'\' - WHERE id = '.$_POST['userid'].' -;'; - pwg_query($query); + array_push($fields, $conf['user_fields']['password']); + // password is encrpyted with function $conf['pass_convert'] + $data{$conf['user_fields']['password']} = + $conf['pass_convert']($_POST['use_new_pwd']); } + mass_updates(USERS_TABLE, + array('primary' => array($conf['user_fields']['id']), + 'update' => $fields), + array($data)); - // redirection - if (isset($_POST['validate'])) + // update user "additional" informations (specific to PhpWebGallery) + $fields = array( + 'nb_image_line', 'nb_line_page', 'language', 'maxwidth', 'maxheight', + 'expand', 'show_nb_comments', 'recent_period', 'template' + ); + + $data = array(); + $data{'user_id'} = $_POST['userid']; + + foreach ($fields as $field) { - if (!defined('IN_ADMIN') or !IN_ADMIN) - { - $url = PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING']; - redirect(add_session_id($url)); - } - else + if (isset($_POST[$field])) { - redirect(add_session_id(PHPWG_ROOT_PATH.'admin.php?page=profile')); + $data{$field} = $_POST[$field]; } } + mass_updates(USER_INFOS_TABLE, + array('primary' => array('user_id'), 'update' => $fields), + array($data)); + + // redirection + $url = PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING']; + redirect(add_session_id($url)); } } // +-----------------------------------------------------------------------+ // | page header and options | // +-----------------------------------------------------------------------+ -$url_action = PHPWG_ROOT_PATH; -if (!defined('IN_ADMIN')) -{ - $title= $lang['customize_page_title']; - include(PHPWG_ROOT_PATH.'include/page_header.php'); - $url_action .='profile.php'; -} -else -{ - $url_action .='admin.php?page=profile'; -} +$title= $lang['customize_page_title']; +include(PHPWG_ROOT_PATH.'include/page_header.php'); + +$url_action = PHPWG_ROOT_PATH.'profile.php'; //----------------------------------------------------- template initialization $template->set_filenames(array('profile_body'=>'profile.tpl')); @@ -233,7 +158,7 @@ $template->assign_vars( array( 'USERNAME'=>$userdata['username'], 'USERID'=>$userdata['id'], - 'EMAIL'=>@$userdata['mail_address'], + 'EMAIL'=>@$userdata['email'], 'LANG_SELECT'=>language_select($userdata['language'], 'language'), 'NB_IMAGE_LINE'=>$userdata['nb_image_line'], 'NB_ROW_PAGE'=>$userdata['nb_line_page'], @@ -270,43 +195,12 @@ $template->assign_vars( 'L_SUBMIT'=>$lang['submit'], 'L_RESET'=>$lang['reset'], 'L_RETURN' => $lang['home'], - 'L_RETURN_HINT' => $lang['home_hint'], + 'L_RETURN_HINT' => $lang['home_hint'], + + 'U_RETURN' => add_session_id(PHPWG_ROOT_PATH.'category.php'), 'F_ACTION'=>add_session_id($url_action), )); - -if (!defined('IN_ADMIN') or !IN_ADMIN) -{ - $url_return = PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING']; - $template->assign_vars(array('U_RETURN' => add_session_id($url_return))); -} -//------------------------------------------------------------- user management -if (defined('IN_ADMIN') and IN_ADMIN) -{ - $status_select = ''; - $template->assign_block_vars( - 'admin', - array( - 'L_ADMIN_USER'=>$lang['user_management'], - 'L_STATUS'=>$lang['user_status'], - 'L_DELETE'=>$lang['user_delete'], - 'L_DELETE_HINT'=>$lang['user_delete_hint'], - 'STATUS'=>$status_select - )); -} // +-----------------------------------------------------------------------+ // | errors display | // +-----------------------------------------------------------------------+ @@ -321,14 +215,7 @@ if (count($errors) != 0) // +-----------------------------------------------------------------------+ // | html code display | // +-----------------------------------------------------------------------+ -if (defined('IN_ADMIN') and IN_ADMIN) -{ - $template->assign_var_from_handle('ADMIN_CONTENT', 'profile_body'); -} -else -{ - $template->assign_block_vars('profile',array()); - $template->parse('profile_body'); - include(PHPWG_ROOT_PATH.'include/page_tail.php'); -} +$template->assign_block_vars('profile',array()); +$template->parse('profile_body'); +include(PHPWG_ROOT_PATH.'include/page_tail.php'); ?> diff --git a/register.php b/register.php index c3c7ba73b..07b8b327a 100644 --- a/register.php +++ b/register.php @@ -32,8 +32,19 @@ include_once( PHPWG_ROOT_PATH.'include/common.inc.php' ); $errors = array(); if (isset($_POST['submit'])) { - $errors = register_user($_POST['login'], $_POST['password'], - $_POST['password_conf'], $_POST['mail_address']); + if ($_POST['password'] != $_POST['password_conf']) + { + array_push($errors, $lang['reg_err_pass']); + } + + $errors = + array_merge( + $errors, + register_user($_POST['login'], + $_POST['password'], + $_POST['mail_address']) + ); + if (count($errors) == 0) { $query = ' diff --git a/template/default/admin/user_list.tpl b/template/default/admin/user_list.tpl index 51c1185cf..2c8a6cc9f 100644 --- a/template/default/admin/user_list.tpl +++ b/template/default/admin/user_list.tpl @@ -94,13 +94,21 @@
{NAVBAR}
+ +
+ {lang:Deletions} + {lang:confirm} + +
+ -
Preferences
+
+ {lang:Groups} - + - + +
associate to groupe{lang:associate to group}
dissociate from groupe{lang:dissociate from group}
+ +
+ +
+ {lang:Preferences} + + +
{L_NB_IMAGE_LINE} @@ -239,6 +256,8 @@
+
+

target all diff --git a/template/default/profile.tpl b/template/default/profile.tpl index 7d435304f..6bb881891 100644 --- a/template/default/profile.tpl +++ b/template/default/profile.tpl @@ -8,29 +8,28 @@

-
{L_TITLE}
- +
+ + + - + - - @@ -82,22 +81,6 @@ - - - - - - - - - - - - -
{L_REGISTRATION_INFO}
{L_USERNAME} - {USERNAME}
{L_EMAIL}
{L_CURRENT_PASSWORD} :
{L_CURRENT_PASSWORD_HINT}
{L_NEW_PASSWORD} :
{L_NEW_PASSWORD_HINT}
{modify.admin.L_ADMIN_USER}
{modify.admin.L_STATUS}{modify.admin.STATUS} -
{modify.admin.L_DELETE}
- {modify.admin.L_DELETE_HINT}		 -
@@ -106,8 +89,7 @@
- +
[{L_RETURN}]
- -- cgit v1.2.3