From d81d510568b7d34e7bdeeb55e7f40285299efb0d Mon Sep 17 00:00:00 2001 From: z0rglub Date: Sat, 3 Jan 2004 20:35:20 +0000 Subject: - when creating a new user, taking into account that forbidden categories are stored in users table, associate new user to the same groups that the guest, has the same categories informations than guest - remove functions get_restrictions, get_all_restrictions, is_user_allowed git-svn-id: http://piwigo.org/svn/branches/release-1_3@245 68402e56-0260-453c-a942-63ccdbb3a9ee --- include/functions_user.inc.php | 234 ++++++++++------------------------------- 1 file changed, 58 insertions(+), 176 deletions(-) diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 5bc70cf92..050d83c6d 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -37,8 +37,8 @@ function validate_mail_address( $mail_address ) } } -function register_user( - $login, $password, $password_conf, $mail_address, $status = 'guest' ) +function register_user( $login, $password, $password_conf, + $mail_address, $status = 'guest' ) { global $lang; @@ -49,44 +49,26 @@ function register_user( // 2. start ou end with space character // 3. include ' or " characters // 4. be already used - if ( $login == '' ) - { - $error[$i++] = $lang['reg_err_login1']; - } - if ( ereg( "^.* $", $login) ) - { - $error[$i++] = $lang['reg_err_login2']; - } - if ( ereg( "^ .*$", $login ) ) - { - $error[$i++] = $lang['reg_err_login3']; - } + if ( $login == '' ) $error[$i++] = $lang['reg_err_login1']; + if ( ereg( "^.* $", $login) ) $error[$i++] = $lang['reg_err_login2']; + if ( ereg( "^ .*$", $login ) ) $error[$i++] = $lang['reg_err_login3']; + if ( ereg( "'", $login ) or ereg( "\"", $login ) ) - { $error[$i++] = $lang['reg_err_login4']; - } else { - $query = 'select id'; - $query.= ' from '.PREFIX_TABLE.'users'; - $query.= " where username = '".$login."';"; + $query = 'SELECT id'; + $query.= ' FROM '.PREFIX_TABLE.'users'; + $query.= " WHERE username = '".$login."'"; + $query.= ';'; $result = mysql_query( $query ); - if ( mysql_num_rows( $result ) > 0 ) - { - $error[$i++] = $lang['reg_err_login5']; - } + if ( mysql_num_rows($result) > 0 ) $error[$i++] = $lang['reg_err_login5']; } // given password must be the same as the confirmation - if ( $password != $password_conf ) - { - $error[$i++] = $lang['reg_err_pass']; - } + if ( $password != $password_conf ) $error[$i++] = $lang['reg_err_pass']; $error_mail_address = validate_mail_address( $mail_address ); - if ( $error_mail_address != '' ) - { - $error[$i++] = $error_mail_address; - } + if ( $error_mail_address != '' ) $error[$i++] = $error_mail_address; // if no error until here, registration of the user if ( sizeof( $error ) == 0 ) @@ -94,25 +76,20 @@ function register_user( // 1. retrieving default values, the ones of the user "guest" $infos = array( 'nb_image_line', 'nb_line_page', 'language', 'maxwidth', 'maxheight', 'expand', 'show_nb_comments', - 'short_period', 'long_period', 'template' ); - $query = 'select'; + 'short_period', 'long_period', 'template', + 'forbidden_categories' ); + $query = 'SELECT '; for ( $i = 0; $i < sizeof( $infos ); $i++ ) { - if ( $i > 0 ) - { - $query.= ','; - } - else - { - $query.= ' '; - } + if ( $i > 0 ) $query.= ','; $query.= $infos[$i]; } - $query.= ' from '.PREFIX_TABLE.'users'; - $query.= " where username = 'guest';"; + $query.= ' FROM '.PREFIX_TABLE.'users'; + $query.= " WHERE username = 'guest'"; + $query.= ';'; $row = mysql_fetch_array( mysql_query( $query ) ); // 2. adding new user - $query = 'insert into '.PREFIX_TABLE.'users'; + $query = 'INSERT INTO '.PREFIX_TABLE.'users'; $query.= ' ('; $query.= ' username,password,mail_address,status'; for ( $i = 0; $i < sizeof( $infos ); $i++ ) @@ -122,26 +99,14 @@ function register_user( $query.= ') values ('; $query.= " '".$login."'"; $query.= ",'".md5( $password )."'"; - if ( $mail_address != '' ) - { - $query.= ",'".$mail_address."'"; - } - else - { - $query.= ',NULL'; - } + if ( $mail_address != '' ) $query.= ",'".$mail_address."'"; + else $query.= ',NULL'; $query.= ",'".$status."'"; for ( $i = 0; $i < sizeof( $infos ); $i++ ) { $query.= ','; - if ( $row[$infos[$i]] == '' ) - { - $query.= 'NULL'; - } - else - { - $query.= "'".$row[$infos[$i]]."'"; - } + if ( $row[$infos[$i]] == '' ) $query.= 'NULL'; + else $query.= "'".$row[$infos[$i]]."'"; } $query.= ');'; mysql_query( $query ); @@ -165,6 +130,39 @@ function register_user( $query.= ' ('.$user_id.','.$row['cat_id'].');'; mysql_query ( $query ); } + // 5. associate new user to the same groups that the guest + $query = 'SELECT group_id'; + $query.= ' FROM '.PREFIX_TABLE.'user_group AS ug'; + $query.= ', '.PREFIX_TABLE.'users AS u'; + $query.= " WHERE u.username = 'guest'"; + $query.= ' AND ug.user_id = u.id'; + $query.= ';'; + $result = mysql_query( $query ); + while( $row = mysql_fetch_array( $result ) ) + { + $query = 'INSERT INTO '.PREFIX_TABLE.'user_group'; + $query.= ' (user_id,group_id) VALUES'; + $query.= ' ('.$user_id.','.$row['group_id'].')'; + $query.= ';'; + mysql_query ( $query ); + } + // 6. has the same categories informations than guest + $query = 'SELECT category_id,date_last,nb_sub_categories'; + $query.= ' FROM '.PREFIX_TABLE.'user_category AS uc'; + $query.= ', '.PREFIX_TABLE.'users AS u'; + $query.= " WHERE u.username = 'guest'"; + $query.= ' AND uc.user_id = u.id'; + $query.= ';'; + $result = mysql_query( $query ); + while( $row = mysql_fetch_array( $result ) ) + { + $query = 'INSERT INTO '.PREFIX_TABLE.'user_category'; + $query.= ' (user_id,category_id,date_last,nb_sub_categories) VALUES'; + $query.= ' ('.$user_id.','.$row['category_id']; + $query.= ",'".$row['date_last']."',".$row['nb_sub_categories'].')'; + $query.= ';'; + mysql_query ( $query ); + } } return $error; } @@ -217,120 +215,4 @@ function check_login_authorization() exit(); } } - -// The function get_restrictions returns an array with the ids of the -// restricted categories for the user. -// If the $check_invisible parameter is set to true, invisible categories -// are added to the restricted one in the array. -function get_restrictions( $user_id, $user_status, - $check_invisible, $use_groups = true ) -{ - // 1. retrieving ids of private categories - $query = 'SELECT id'; - $query.= ' FROM '.PREFIX_TABLE.'categories'; - $query.= " WHERE status = 'private'"; - $query.= ';'; - $result = mysql_query( $query ); - $privates = array(); - while ( $row = mysql_fetch_array( $result ) ) - { - array_push( $privates, $row['id'] ); - } - // 2. retrieving all authorized categories for the user - $authorized = array(); - // 2.1. retrieving authorized categories thanks to personnal user - // authorization - $query = 'SELECT cat_id'; - $query.= ' FROM '.PREFIX_TABLE.'user_access'; - $query.= ' WHERE user_id = '.$user_id; - $query.= ';'; - $result = mysql_query( $query ); - while ( $row = mysql_fetch_array( $result ) ) - { - array_push( $authorized, $row['cat_id'] ); - } - // 2.2. retrieving authorized categories thanks to group authorization to - // which the user is a member - if ( $use_groups ) - { - $query = 'SELECT ga.cat_id'; - $query.= ' FROM '.PREFIX_TABLE.'user_group as ug'; - $query.= ', '.PREFIX_TABLE.'group_access as ga'; - $query.= ' WHERE ug.group_id = ga.group_id'; - $query.= ' AND ug.user_id = '.$user_id; - $query.= ';'; - $result = mysql_query( $query ); - while ( $row = mysql_fetch_array( $result ) ) - { - array_push( $authorized, $row['cat_id'] ); - } - $authorized = array_unique( $authorized ); - } - - $forbidden = array(); - foreach ( $privates as $private ) { - if ( !in_array( $private, $authorized ) ) - { - array_push( $forbidden, $private ); - } - } - - if ( $check_invisible ) - { - // 3. adding to the restricted categories, the invisible ones - if ( $user_status != 'admin' ) - { - $query = 'SELECT id'; - $query.= ' FROM '.PREFIX_TABLE.'categories'; - $query.= " WHERE visible = 'false';"; - $result = mysql_query( $query ); - while ( $row = mysql_fetch_array( $result ) ) - { - array_push( $forbidden, $row['id'] ); - } - } - } - return array_unique( $forbidden ); -} - -// The get_all_restrictions function returns an array with all the -// categories id which are restricted for the user. Including the -// sub-categories and invisible categories -function get_all_restrictions( $user_id, $user_status ) -{ - $restricted_cats = get_restrictions( $user_id, $user_status, true ); - foreach ( $restricted_cats as $restricted_cat ) { - $sub_restricted_cats = get_subcats_id( $restricted_cat ); - foreach ( $sub_restricted_cats as $sub_restricted_cat ) { - array_push( $restricted_cats, $sub_restricted_cat ); - } - } - return $restricted_cats; -} - -// The function is_user_allowed returns : -// - 0 : if the category is allowed with this $restrictions array -// - 1 : if this category is not allowed -// - 2 : if an uppercat category is not allowed -function is_user_allowed( $category_id, $restrictions ) -{ - $lowest_category_id = $category_id; - - $is_root = false; - while ( !$is_root and !in_array( $category_id, $restrictions ) ) - { - $query = 'SELECT id_uppercat'; - $query.= ' FROM '.PREFIX_TABLE.'categories'; - $query.= ' WHERE id = '.$category_id; - $query.= ';'; - $row = mysql_fetch_array( mysql_query( $query ) ); - if ( $row['id_uppercat'] == '' ) $is_root = true; - $category_id = $row['id_uppercat']; - } - - if ( in_array( $lowest_category_id, $restrictions ) ) return 1; - if ( in_array( $category_id, $restrictions ) ) return 2; - // this user is allowed to go in this category - return 0; -} ?> \ No newline at end of file -- cgit v1.2.3