function save_upload_form_config($data, &$errors = array(), &$form_errors = array())
{
if (!is_array($data) or empty($data)) {
return false;
}
$upload_form_config = get_upload_form_config();
$updates = array();
foreach ($data as $field => $value) {
if (!isset($upload_form_config[$field])) {
continue;
}
if (is_bool($upload_form_config[$field]['default'])) {
if (isset($value)) {
$value = true;
} else {
$value = false;
}
$updates[] = array('param' => $field, 'value' => boolean_to_string($value));
} elseif ($upload_form_config[$field]['can_be_null'] and empty($value)) {
$updates[] = array('param' => $field, 'value' => 'false');
} else {
$min = $upload_form_config[$field]['min'];
$max = $upload_form_config[$field]['max'];
$pattern = $upload_form_config[$field]['pattern'];
if (preg_match($pattern, $value) and $value >= $min and $value <= $max) {
$updates[] = array('param' => $field, 'value' => $value);
} else {
$errors[] = sprintf($upload_form_config[$field]['error_message'], $min, $max);
$form_errors[$field] = '[' . $min . ' .. ' . $max . ']';
}
}
}
if (count($errors) == 0) {
mass_updates(CONFIG_TABLE, array('primary' => array('param'), 'update' => array('value')), $updates);
return true;
}
return false;
}
/**
* Finds informations related to the user identifier.
*
* @param int $user_id
* @param boolean $use_cache
* @return array
*/
function getuserdata($user_id, $use_cache = false)
{
global $conf;
// retrieve basic user data
$query = '
SELECT ';
$is_first = true;
foreach ($conf['user_fields'] as $pwgfield => $dbfield) {
if ($is_first) {
$is_first = false;
} else {
$query .= '
, ';
}
$query .= $dbfield . ' AS ' . $pwgfield;
}
$query .= '
FROM ' . USERS_TABLE . '
WHERE ' . $conf['user_fields']['id'] . ' = \'' . $user_id . '\'';
$row = pwg_db_fetch_assoc(pwg_query($query));
// retrieve additional user data ?
if ($conf['external_authentification']) {
$query = '
SELECT
COUNT(1) AS counter
FROM ' . USER_INFOS_TABLE . ' AS ui
LEFT JOIN ' . USER_CACHE_TABLE . ' AS uc ON ui.user_id = uc.user_id
LEFT JOIN ' . THEMES_TABLE . ' AS t ON t.id = ui.theme
WHERE ui.user_id = ' . $user_id . '
GROUP BY ui.user_id
;';
list($counter) = pwg_db_fetch_row(pwg_query($query));
if ($counter != 1) {
create_user_infos($user_id);
}
}
// retrieve user info
$query = '
SELECT
ui.*,
uc.*,
t.name AS theme_name
FROM ' . USER_INFOS_TABLE . ' AS ui
LEFT JOIN ' . USER_CACHE_TABLE . ' AS uc ON ui.user_id = uc.user_id
LEFT JOIN ' . THEMES_TABLE . ' AS t ON t.id = ui.theme
WHERE ui.user_id = ' . $user_id . '
;';
$result = pwg_query($query);
$user_infos_row = pwg_db_fetch_assoc($result);
// then merge basic + additional user data
$userdata = array_merge($row, $user_infos_row);
foreach ($userdata as &$value) {
// If the field is true or false, the variable is transformed into a boolean value.
if ($value == 'true') {
$value = true;
} elseif ($value == 'false') {
$value = false;
}
}
unset($value);
if ($use_cache) {
if (!isset($userdata['need_update']) or !is_bool($userdata['need_update']) or $userdata['need_update'] == true) {
$userdata['cache_update_time'] = time();
// Set need update are done
$userdata['need_update'] = false;
$userdata['forbidden_categories'] = calculate_permissions($userdata['id'], $userdata['status']);
/* now we build the list of forbidden images (this list does not contain
images that are not in at least an authorized category)*/
$query = '
SELECT DISTINCT(id)
FROM ' . IMAGES_TABLE . ' INNER JOIN ' . IMAGE_CATEGORY_TABLE . ' ON id=image_id
WHERE category_id NOT IN (' . $userdata['forbidden_categories'] . ')
AND level>' . $userdata['level'];
$forbidden_ids = query2array($query, null, 'id');
if (empty($forbidden_ids)) {
$forbidden_ids[] = 0;
}
$userdata['image_access_type'] = 'NOT IN';
//TODO maybe later
$userdata['image_access_list'] = implode(',', $forbidden_ids);
$query = '
SELECT COUNT(DISTINCT(image_id)) as total
FROM ' . IMAGE_CATEGORY_TABLE . '
WHERE category_id NOT IN (' . $userdata['forbidden_categories'] . ')
AND image_id ' . $userdata['image_access_type'] . ' (' . $userdata['image_access_list'] . ')';
list($userdata['nb_total_images']) = pwg_db_fetch_row(pwg_query($query));
// now we update user cache categories
$user_cache_cats = get_computed_categories($userdata, null);
if (!is_admin($userdata['status'])) {
// for non admins we forbid categories with no image (feature 1053)
$forbidden_ids = array();
foreach ($user_cache_cats as $cat) {
if ($cat['count_images'] == 0) {
$forbidden_ids[] = $cat['cat_id'];
remove_computed_category($user_cache_cats, $cat);
}
}
if (!empty($forbidden_ids)) {
if (empty($userdata['forbidden_categories'])) {
$userdata['forbidden_categories'] = implode(',', $forbidden_ids);
} else {
$userdata['forbidden_categories'] .= ',' . implode(',', $forbidden_ids);
}
}
}
// delete user cache
$query = '
DELETE FROM ' . USER_CACHE_CATEGORIES_TABLE . '
WHERE user_id = ' . $userdata['id'];
pwg_query($query);
// Due to concurrency issues, we ask MySQL to ignore errors on
// insert. This may happen when cache needs refresh and that Piwigo is
// called "very simultaneously".
mass_inserts(USER_CACHE_CATEGORIES_TABLE, array('user_id', 'cat_id', 'date_last', 'max_date_last', 'nb_images', 'count_images', 'nb_categories', 'count_categories'), $user_cache_cats, array('ignore' => true));
// update user cache
$query = '
DELETE FROM ' . USER_CACHE_TABLE . '
WHERE user_id = ' . $userdata['id'];
pwg_query($query);
// for the same reason as user_cache_categories, we ignore error on
// this insert
$query = '
INSERT IGNORE INTO ' . USER_CACHE_TABLE . '
(user_id, need_update, cache_update_time, forbidden_categories, nb_total_images,
last_photo_date,
image_access_type, image_access_list)
VALUES
(' . $userdata['id'] . ',\'' . boolean_to_string($userdata['need_update']) . '\',' . $userdata['cache_update_time'] . ',\'' . $userdata['forbidden_categories'] . '\',' . $userdata['nb_total_images'] . ',' . (empty($userdata['last_photo_date']) ? 'NULL' : '\'' . $userdata['last_photo_date'] . '\'') . ',\'' . $userdata['image_access_type'] . '\',\'' . $userdata['image_access_list'] . '\')';
pwg_query($query);
}
}
return $userdata;
}
}
// +
// | toggle_default
// +
if ($action == "toggle_default") {
foreach ($groups as $group) {
$query = '
SELECT name, is_default
FROM ' . GROUPS_TABLE . '
WHERE id = ' . $group . '
;';
list($groupname, $is_default) = pwg_db_fetch_row(pwg_query($query));
// update of the group
$query = '
UPDATE ' . GROUPS_TABLE . '
SET is_default = \'' . boolean_to_string(!get_boolean($is_default)) . '\'
WHERE id = ' . $group . '
;';
pwg_query($query);
$page['infos'][] = l10n('group "%s" updated', $groupname);
}
}
invalidate_user_cache();
}
// +-----------------------------------------------------------------------+
// | template init |
// +-----------------------------------------------------------------------+
$template->set_filenames(array('group_list' => 'group_list.tpl'));
$template->assign(array('F_ADD_ACTION' => get_root_url() . 'admin.php?page=group_list', 'U_HELP' => get_root_url() . 'admin/popuphelp.php?page=group_list', 'PWG_TOKEN' => get_pwg_token()));
// +-----------------------------------------------------------------------+
// | group list |
/**
* Add or update a config parameter
*
* @param string $param
* @param string $value
* @param boolean $updateGlobal update global *$conf* variable
* @param callable $parser function to apply to the value before save in database
(eg: serialize, json_encode) will not be applied to *$conf* if *$parser* is *true*
*/
function conf_update_param($param, $value, $updateGlobal = false, $parser = null)
{
if ($parser != null) {
$dbValue = call_user_func($parser, $value);
} else {
if (is_array($value) || is_object($value)) {
$dbValue = addslashes(serialize($value));
} else {
$dbValue = boolean_to_string($value);
}
}
$query = '
INSERT INTO
' . CONFIG_TABLE . ' (param, value)
VALUES(\'' . $param . '\', \'' . $dbValue . '\')
ON DUPLICATE KEY UPDATE value = \'' . $dbValue . '\'
;';
pwg_query($query);
if ($updateGlobal) {
global $conf;
$conf[$param] = $value;
}
}
$result = pwg_query($query);
$category['has_images'] = pwg_db_num_rows($result) > 0 ? true : false;
// Navigation path
$navigation = get_cat_display_name_cache($category['uppercats'], get_root_url() . 'admin.php?page=album-');
$form_action = $admin_album_base_url . '-properties';
//----------------------------------------------------- template initialization
$template->set_filename('album_properties', 'cat_modify.tpl');
$base_url = get_root_url() . 'admin.php?page=';
$cat_list_url = $base_url . 'cat_list';
$self_url = $cat_list_url;
if (!empty($category['id_uppercat'])) {
$self_url .= '&parent_id=' . $category['id_uppercat'];
}
$template->assign(array('CATEGORIES_NAV' => $navigation, 'CAT_ID' => $category['id'], 'CAT_NAME' => @htmlspecialchars($category['name']), 'CAT_COMMENT' => @htmlspecialchars($category['comment']), 'CAT_VISIBLE' => boolean_to_string($category['visible']), 'U_JUMPTO' => make_index_url(array('category' => $category)), 'U_ADD_PHOTOS_ALBUM' => $base_url . 'photos_add&album=' . $category['id'], 'U_CHILDREN' => $cat_list_url . '&parent_id=' . $category['id'], 'U_HELP' => get_root_url() . 'admin/popuphelp.php?page=cat_modify', 'F_ACTION' => $form_action));
if ($conf['activate_comments']) {
$template->assign('CAT_COMMENTABLE', boolean_to_string($category['commentable']));
}
// manage album elements link
if ($category['has_images']) {
$template->assign('U_MANAGE_ELEMENTS', $base_url . 'batch_manager&filter=album-' . $category['id']);
$query = '
SELECT
COUNT(image_id),
MIN(DATE(date_available)),
MAX(DATE(date_available))
FROM ' . IMAGES_TABLE . '
JOIN ' . IMAGE_CATEGORY_TABLE . ' ON image_id = id
WHERE category_id = ' . $category['id'] . '
;';
list($image_count, $min_date, $max_date) = pwg_db_fetch_row(pwg_query($query));
if ($min_date == $max_date) {
if (isset($_POST['cat'])) {
$fs_fulldirs[] = $basedir;
}
// If $_POST['subcats-included'] != 1 ("Search in sub-albums" is unchecked)
// $db_fulldirs doesn't include any subdirectories and $fs_fulldirs does
// So $fs_fulldirs will be limited to the selected basedir
// (if that one is in $fs_fulldirs)
if (!isset($_POST['subcats-included']) or $_POST['subcats-included'] != 1) {
$fs_fulldirs = array_intersect($fs_fulldirs, array_keys($db_fulldirs));
}
$inserts = array();
// new categories are the directories not present yet in the database
foreach (array_diff($fs_fulldirs, array_keys($db_fulldirs)) as $fulldir) {
$dir = basename($fulldir);
if (preg_match($conf['sync_chars_regex'], $dir)) {
$insert = array('id' => $next_id++, 'dir' => $dir, 'name' => str_replace('_', ' ', $dir), 'site_id' => $site_id, 'commentable' => boolean_to_string($conf['newcat_default_commentable']), 'status' => $conf['newcat_default_status'], 'visible' => boolean_to_string($conf['newcat_default_visible']));
if (isset($db_fulldirs[dirname($fulldir)])) {
$parent = $db_fulldirs[dirname($fulldir)];
$insert['id_uppercat'] = $parent;
$insert['uppercats'] = $db_categories[$parent]['uppercats'] . ',' . $insert['id'];
$insert['rank'] = $next_rank[$parent]++;
$insert['global_rank'] = $db_categories[$parent]['global_rank'] . '.' . $insert['rank'];
if ('private' == $db_categories[$parent]['status']) {
$insert['status'] = 'private';
}
if ('false' == $db_categories[$parent]['visible']) {
$insert['visible'] = 'false';
}
} else {
$insert['uppercats'] = $insert['id'];
$insert['rank'] = $next_rank['NULL']++;
function do_subscribe_unsubscribe_notification_by_mail($is_admin_request, $is_subscribe = false, $check_key_list = array())
{
global $conf, $page, $env_nbm, $conf;
set_make_full_url();
$check_key_treated = array();
$updated_data_count = 0;
$error_on_updated_data_count = 0;
if ($is_subscribe) {
$msg_info = l10n('User %s [%s] was added to the subscription list.');
$msg_error = l10n('User %s [%s] was not added to the subscription list.');
} else {
$msg_info = l10n('User %s [%s] was removed from the subscription list.');
$msg_error = l10n('User %s [%s] was not removed from the subscription list.');
}
if (count($check_key_list) != 0) {
$updates = array();
$enabled_value = boolean_to_string($is_subscribe);
$data_users = get_user_notifications('subscribe', $check_key_list, !$is_subscribe);
// Prepare message after change language
$msg_break_timeout = l10n('Time to send mail is limited. Others mails are skipped.');
// Begin nbm users environment
begin_users_env_nbm(true);
foreach ($data_users as $nbm_user) {
if (check_sendmail_timeout()) {
// Stop fill list on 'send', if the quota is override
$page['errors'][] = $msg_break_timeout;
break;
}
// Fill return list
$check_key_treated[] = $nbm_user['check_key'];
$do_update = true;
if ($nbm_user['mail_address'] != '') {
// set env nbm user
set_user_on_env_nbm($nbm_user, true);
$subject = '[' . $conf['gallery_title'] . '] ' . ($is_subscribe ? l10n('Subscribe to notification by mail') : l10n('Unsubscribe from notification by mail'));
// Assign current var for nbm mail
assign_vars_nbm_mail_content($nbm_user);
$section_action_by = $is_subscribe ? 'subscribe_by_' : 'unsubscribe_by_';
$section_action_by .= $is_admin_request ? 'admin' : 'himself';
$env_nbm['mail_template']->assign(array($section_action_by => true, 'GOTO_GALLERY_TITLE' => $conf['gallery_title'], 'GOTO_GALLERY_URL' => get_gallery_home_url()));
$ret = pwg_mail(array('name' => stripslashes($nbm_user['username']), 'email' => $nbm_user['mail_address']), array('from' => $env_nbm['send_as_mail_formated'], 'subject' => $subject, 'email_format' => $env_nbm['email_format'], 'content' => $env_nbm['mail_template']->parse('notification_by_mail', true), 'content_format' => $env_nbm['email_format']));
if ($ret) {
inc_mail_sent_success($nbm_user);
} else {
inc_mail_sent_failed($nbm_user);
$do_update = false;
}
// unset env nbm user
unset_user_on_env_nbm();
}
if ($do_update) {
$updates[] = array('check_key' => $nbm_user['check_key'], 'enabled' => $enabled_value);
$updated_data_count += 1;
$page['infos'][] = sprintf($msg_info, stripslashes($nbm_user['username']), $nbm_user['mail_address']);
} else {
$error_on_updated_data_count += 1;
$page['errors'][] = sprintf($msg_error, stripslashes($nbm_user['username']), $nbm_user['mail_address']);
}
}
// Restore nbm environment
end_users_env_nbm();
display_counter_info();
mass_updates(USER_MAIL_NOTIFICATION_TABLE, array('primary' => array('check_key'), 'update' => array('enabled')), $updates);
}
$page['infos'][] = l10n_dec('%d user was updated.', '%d users were updated.', $updated_data_count);
if ($error_on_updated_data_count != 0) {
$page['errors'][] = l10n_dec('%d user was not updated.', '%d users were not updated.', $error_on_updated_data_count);
}
unset_make_full_url();
return $check_key_treated;
}
// | the Free Software Foundation |
// | |
// | This program is distributed in the hope that it will be useful, but |
// | WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
// | General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software |
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
// | USA. |
// +-----------------------------------------------------------------------+
if (!defined('PHPWG_ROOT_PATH')) {
die('Hacking attempt!');
}
$upgrade_description = 'Add upload form parameters in database';
global $conf;
load_conf_from_db();
$upload_form_config = array('websize_resize' => true, 'websize_maxwidth' => 800, 'websize_maxheight' => 600, 'websize_quality' => 95, 'thumb_maxwidth' => 128, 'thumb_maxheight' => 96, 'thumb_quality' => 95, 'thumb_crop' => false, 'thumb_follow_orientation' => true, 'hd_keep' => true, 'hd_resize' => false, 'hd_maxwidth' => 2000, 'hd_maxheight' => 2000, 'hd_quality' => 95);
$inserts = array();
foreach ($upload_form_config as $param_shortname => $param) {
$param_name = 'upload_form_' . $param_shortname;
if (!isset($conf[$param_name])) {
$conf[$param_name] = $param;
array_push($inserts, array('param' => $param_name, 'value' => boolean_to_string($param)));
}
}
if (count($inserts) > 0) {
mass_inserts(CONFIG_TABLE, array_keys($inserts[0]), $inserts);
}
echo "\n" . $upgrade_description . "\n";
/**
* Create a virtual category.
*
* @param string $category_name
* @param int $parent_id
* @param array $options
* - boolean commentable
* - boolean visible
* - string status
* - string comment
* - boolean inherit
* @return array ('info', 'id') or ('error')
*/
function create_virtual_category($category_name, $parent_id = null, $options = array())
{
global $conf, $user;
// is the given category name only containing blank spaces ?
if (preg_match('/^\\s*$/', $category_name)) {
return array('error' => l10n('The name of an album must not be empty'));
}
$insert = array('name' => $category_name, 'rank' => 0, 'global_rank' => 0);
// is the album commentable?
if (isset($options['commentable']) and is_bool($options['commentable'])) {
$insert['commentable'] = $options['commentable'];
} else {
$insert['commentable'] = $conf['newcat_default_commentable'];
}
$insert['commentable'] = boolean_to_string($insert['commentable']);
// is the album temporarily locked? (only visible by administrators,
// whatever permissions) (may be overwritten if parent album is not
// visible)
if (isset($options['visible']) and is_bool($options['visible'])) {
$insert['visible'] = $options['visible'];
} else {
$insert['visible'] = $conf['newcat_default_visible'];
}
$insert['visible'] = boolean_to_string($insert['visible']);
// is the album private? (may be overwritten if parent album is private)
if (isset($options['status']) and 'private' == $options['status']) {
$insert['status'] = 'private';
} else {
$insert['status'] = $conf['newcat_default_status'];
}
// any description for this album?
if (isset($options['comment'])) {
$insert['comment'] = $conf['allow_html_descriptions'] ? $options['comment'] : strip_tags($options['comment']);
}
if (!empty($parent_id) and is_numeric($parent_id)) {
$query = '
SELECT id, uppercats, global_rank, visible, status
FROM ' . CATEGORIES_TABLE . '
WHERE id = ' . $parent_id . '
;';
$parent = pwg_db_fetch_assoc(pwg_query($query));
$insert['id_uppercat'] = $parent['id'];
$insert['global_rank'] = $parent['global_rank'] . '.' . $insert['rank'];
// at creation, must a category be visible or not ? Warning : if the
// parent category is invisible, the category is automatically create
// invisible. (invisible = locked)
if ('false' == $parent['visible']) {
$insert['visible'] = 'false';
}
// at creation, must a category be public or private ? Warning : if the
// parent category is private, the category is automatically create
// private.
if ('private' == $parent['status']) {
$insert['status'] = 'private';
}
$uppercats_prefix = $parent['uppercats'] . ',';
} else {
$uppercats_prefix = '';
}
// we have then to add the virtual category
single_insert(CATEGORIES_TABLE, $insert);
$inserted_id = pwg_db_insert_id(CATEGORIES_TABLE);
single_update(CATEGORIES_TABLE, array('uppercats' => $uppercats_prefix . $inserted_id), array('id' => $inserted_id));
update_global_rank();
if ('private' == $insert['status'] and !empty($insert['id_uppercat']) and (isset($options['inherit']) and $options['inherit'] or $conf['inheritance_by_default'])) {
$query = '
SELECT group_id
FROM ' . GROUP_ACCESS_TABLE . '
WHERE cat_id = ' . $insert['id_uppercat'] . '
;';
$granted_grps = query2array($query, null, 'group_id');
$inserts = array();
foreach ($granted_grps as $granted_grp) {
$inserts[] = array('group_id' => $granted_grp, 'cat_id' => $inserted_id);
}
mass_inserts(GROUP_ACCESS_TABLE, array('group_id', 'cat_id'), $inserts);
$query = '
SELECT user_id
FROM ' . USER_ACCESS_TABLE . '
WHERE cat_id = ' . $insert['id_uppercat'] . '
;';
$granted_users = query2array($query, null, 'user_id');
add_permission_on_category($inserted_id, array_unique(array_merge(get_admins(), array($user['id']), $granted_users)));
} elseif ('private' == $insert['status']) {
add_permission_on_category($inserted_id, array_unique(array_merge(get_admins(), array($user['id']))));
}
return array('info' => l10n('Virtual album added'), 'id' => $inserted_id);
}
$query = '
UPDATE ' . GROUPS_TABLE . '
SET is_default = \'' . boolean_to_string(false) . '\'
WHERE is_default = true
;';
pwg_query($query);
// Set the new group as group by default
$query = '
SELECT name
FROM ' . GROUPS_TABLE . '
WHERE id = ' . $_POST['UAM_Validated_Group'] . '
;';
$UAM_group = pwg_db_fetch_assoc(pwg_query($query));
$query = '
UPDATE ' . GROUPS_TABLE . '
SET is_default = \'' . boolean_to_string(true) . '\'
WHERE id = ' . $_POST['UAM_Validated_Group'] . '
;';
pwg_query($query);
array_push($page['infos'], sprintf(l10n('UAM_group %s updated'), $UAM_group['name']));
}
// Save global UAM configuration
// -----------------------------
$newconf_UAM['MAIL_INFO'] = isset($_POST['UAM_Mail_Info']) ? $_POST['UAM_Mail_Info'] : 'false';
$newconf_UAM['CONFIRM_MAIL'] = isset($_POST['UAM_Confirm_Mail']) ? $_POST['UAM_Confirm_Mail'] : 'false';
$newconf_UAM['NO_CONFIRM_GROUP'] = isset($_POST['UAM_No_Confirm_Group']) ? $_POST['UAM_No_Confirm_Group'] : '';
$newconf_UAM['VALIDATED_GROUP'] = isset($_POST['UAM_Validated_Group']) ? $_POST['UAM_Validated_Group'] : '';
$newconf_UAM['VALIDATED_STATUS'] = isset($_POST['UAM_Validated_Status']) ? $_POST['UAM_Validated_Status'] : '';
$newconf_UAM['USERNAME_CHAR'] = $_POST['UAM_Username_Char'];
$newconf_UAM['USERNAME_CHAR_LIST'] = isset($_POST['UAM_Username_List']) ? $_POST['UAM_Username_List'] : '';
$newconf_UAM['NO_CONFIRM_STATUS'] = isset($_POST['UAM_No_Confirm_Status']) ? $_POST['UAM_No_Confirm_Status'] : '';
/**
* API method
* Updates users
* @param mixed[] $params
* @option int[] user_id
* @option string username (optional)
* @option string password (optional)
* @option string email (optional)
* @option string status (optional)
* @option int level (optional)
* @option string language (optional)
* @option string theme (optional)
* @option int nb_image_page (optional)
* @option int recent_period (optional)
* @option bool expand (optional)
* @option bool show_nb_comments (optional)
* @option bool show_nb_hits (optional)
* @option bool enabled_high (optional)
*/
function ws_users_setInfo($params, &$service)
{
if (get_pwg_token() != $params['pwg_token']) {
return new PwgError(403, 'Invalid security token');
}
global $conf, $user;
include_once PHPWG_ROOT_PATH . 'admin/include/functions.php';
$updates = $updates_infos = array();
$update_status = null;
if (count($params['user_id']) == 1) {
if (get_username($params['user_id'][0]) === false) {
return new PwgError(WS_ERR_INVALID_PARAM, 'This user does not exist.');
}
if (!empty($params['username'])) {
$user_id = get_userid($params['username']);
if ($user_id and $user_id != $params['user_id'][0]) {
return new PwgError(WS_ERR_INVALID_PARAM, l10n('this login is already used'));
}
if ($params['username'] != strip_tags($params['username'])) {
return new PwgError(WS_ERR_INVALID_PARAM, l10n('html tags are not allowed in login'));
}
$updates[$conf['user_fields']['username']] = $params['username'];
}
if (!empty($params['email'])) {
if (($error = validate_mail_address($params['user_id'][0], $params['email'])) != '') {
return new PwgError(WS_ERR_INVALID_PARAM, $error);
}
$updates[$conf['user_fields']['email']] = $params['email'];
}
if (!empty($params['password'])) {
$updates[$conf['user_fields']['password']] = $conf['password_hash']($params['password']);
}
}
if (!empty($params['status'])) {
if (in_array($params['status'], array('webmaster', 'admin')) and !is_webmaster()) {
return new PwgError(403, 'Only webmasters can grant "webmaster/admin" status');
}
if (!in_array($params['status'], array('guest', 'generic', 'normal', 'admin', 'webmaster'))) {
return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid status');
}
$protected_users = array($user['id'], $conf['guest_id'], $conf['webmaster_id']);
// an admin can't change status of other admin/webmaster
if ('admin' == $user['status']) {
$query = '
SELECT
user_id
FROM ' . USER_INFOS_TABLE . '
WHERE status IN (\'webmaster\', \'admin\')
;';
$protected_users = array_merge($protected_users, query2array($query, null, 'user_id'));
}
// status update query is separated from the rest as not applying to the same
// set of users (current, guest and webmaster can't be changed)
$params['user_id_for_status'] = array_diff($params['user_id'], $protected_users);
$update_status = $params['status'];
}
if (!empty($params['level']) or @$params['level'] === 0) {
if (!in_array($params['level'], $conf['available_permission_levels'])) {
return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid level');
}
$updates_infos['level'] = $params['level'];
}
if (!empty($params['language'])) {
if (!in_array($params['language'], array_keys(get_languages()))) {
return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid language');
}
$updates_infos['language'] = $params['language'];
}
if (!empty($params['theme'])) {
if (!in_array($params['theme'], array_keys(get_pwg_themes()))) {
return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid theme');
}
$updates_infos['theme'] = $params['theme'];
}
if (!empty($params['nb_image_page'])) {
$updates_infos['nb_image_page'] = $params['nb_image_page'];
}
if (!empty($params['recent_period']) or @$params['recent_period'] === 0) {
$updates_infos['recent_period'] = $params['recent_period'];
}
if (!empty($params['expand']) or @$params['expand'] === false) {
$updates_infos['expand'] = boolean_to_string($params['expand']);
}
if (!empty($params['show_nb_comments']) or @$params['show_nb_comments'] === false) {
$updates_infos['show_nb_comments'] = boolean_to_string($params['show_nb_comments']);
}
if (!empty($params['show_nb_hits']) or @$params['show_nb_hits'] === false) {
$updates_infos['show_nb_hits'] = boolean_to_string($params['show_nb_hits']);
}
if (!empty($params['enabled_high']) or @$params['enabled_high'] === false) {
$updates_infos['enabled_high'] = boolean_to_string($params['enabled_high']);
}
// perform updates
single_update(USERS_TABLE, $updates, array($conf['user_fields']['id'] => $params['user_id'][0]));
if (isset($update_status) and count($params['user_id_for_status']) > 0) {
$query = '
UPDATE ' . USER_INFOS_TABLE . ' SET
status = "' . $update_status . '"
WHERE user_id IN(' . implode(',', $params['user_id_for_status']) . ')
;';
pwg_query($query);
}
if (count($updates_infos) > 0) {
$query = '
UPDATE ' . USER_INFOS_TABLE . ' SET ';
$first = true;
foreach ($updates_infos as $field => $value) {
if (!$first) {
$query .= ', ';
} else {
$first = false;
}
$query .= $field . ' = "' . $value . '"';
}
$query .= '
WHERE user_id IN(' . implode(',', $params['user_id']) . ')
;';
pwg_query($query);
}
// manage association to groups
if (!empty($params['group_id'])) {
$query = '
DELETE
FROM ' . USER_GROUP_TABLE . '
WHERE user_id IN (' . implode(',', $params['user_id']) . ')
;';
pwg_query($query);
// we remove all provided groups that do not really exist
$query = '
SELECT
id
FROM ' . GROUPS_TABLE . '
WHERE id IN (' . implode(',', $params['group_id']) . ')
;';
$group_ids = array_from_query($query, 'id');
// if only -1 (a group id that can't exist) is in the list, then no
// group is associated
if (count($group_ids) > 0) {
$inserts = array();
foreach ($group_ids as $group_id) {
foreach ($params['user_id'] as $user_id) {
$inserts[] = array('user_id' => $user_id, 'group_id' => $group_id);
}
}
mass_inserts(USER_GROUP_TABLE, array_keys($inserts[0]), $inserts);
}
}
invalidate_user_cache();
return $service->invoke('pwg.users.getList', array('user_id' => $params['user_id'], 'display' => 'basics,' . implode(',', array_keys($updates_infos))));
}
/**
* API method
* Updates a group
* @param mixed[] $params
* @option int group_id
* @option string name (optional)
* @option bool is_default (optional)
*/
function ws_groups_setInfo($params, &$service)
{
if (get_pwg_token() != $params['pwg_token']) {
return new PwgError(403, 'Invalid security token');
}
$updates = array();
// does the group exist ?
$query = '
SELECT COUNT(*)
FROM ' . GROUPS_TABLE . '
WHERE id = ' . $params['group_id'] . '
;';
list($count) = pwg_db_fetch_row(pwg_query($query));
if ($count == 0) {
return new PwgError(WS_ERR_INVALID_PARAM, 'This group does not exist.');
}
if (!empty($params['name'])) {
$params['name'] = pwg_db_real_escape_string($params['name']);
// is the name not already used ?
$query = '
SELECT COUNT(*)
FROM ' . GROUPS_TABLE . '
WHERE name = \'' . $params['name'] . '\'
;';
list($count) = pwg_db_fetch_row(pwg_query($query));
if ($count != 0) {
return new PwgError(WS_ERR_INVALID_PARAM, 'This name is already used by another group.');
}
$updates['name'] = $params['name'];
}
if (!empty($params['is_default']) or @$params['is_default'] === false) {
$updates['is_default'] = boolean_to_string($params['is_default']);
}
single_update(GROUPS_TABLE, $updates, array('id' => $params['group_id']));
return $service->invoke('pwg.groups.getList', array('group_id' => $params['group_id']));
}
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software |
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
// | USA. |
// +-----------------------------------------------------------------------+
if (!defined('PHPWG_ROOT_PATH')) {
die('This page cannot be loaded directly, load upgrade.php');
} else {
if (!defined('PHPWG_IN_UPGRADE') or !PHPWG_IN_UPGRADE) {
die('Hacking attempt!');
}
}
$queries = array("\nALTER TABLE `" . PREFIX_TABLE . "categories`\n ADD COLUMN `permalink` varchar(64) default NULL\n;", "\nALTER TABLE `" . PREFIX_TABLE . "categories`\n ADD COLUMN `image_order` varchar(128) default NULL\n;", "\nALTER TABLE `" . PREFIX_TABLE . "categories`\n ADD UNIQUE `categories_i3` (`permalink`)\n;", "\nALTER TABLE `" . PREFIX_TABLE . "groups`\n ADD COLUMN `is_default` enum('true','false') NOT NULL default 'false'\n;", "\nRENAME TABLE `" . PREFIX_TABLE . "history` TO `" . PREFIX_TABLE . "history_backup`\n;", "\nCREATE TABLE `" . PREFIX_TABLE . "history` (\n `id` int(10) unsigned NOT NULL auto_increment,\n `date` date NOT NULL default '0000-00-00',\n `time` time NOT NULL default '00:00:00',\n `year` smallint(4) NOT NULL default '0',\n `month` tinyint(2) NOT NULL default '0',\n `day` tinyint(2) NOT NULL default '0',\n `hour` tinyint(2) NOT NULL default '0',\n `user_id` smallint(5) NOT NULL default '0',\n `IP` varchar(15) NOT NULL default '',\n `section` enum('categories','tags','search','list','favorites','most_visited','best_rated','recent_pics','recent_cats') default NULL,\n `category_id` smallint(5) default NULL,\n `tag_ids` varchar(50) default NULL,\n `image_id` mediumint(8) default NULL,\n `summarized` enum('true','false') default 'false',\n `image_type` enum('picture','high','other') default NULL,\n PRIMARY KEY (`id`),\n KEY `history_i1` (`summarized`)\n) ENGINE=MyISAM\n;", "\nALTER TABLE `" . PREFIX_TABLE . "image_category`\n DROP INDEX `image_category_i1`\n;", "\nALTER TABLE `" . PREFIX_TABLE . "image_category`\n ADD INDEX `image_category_i1` (`category_id`)\n;", "\nALTER TABLE `" . PREFIX_TABLE . "image_category`\n DROP INDEX `image_category_i2`\n;", "\nALTER TABLE `" . PREFIX_TABLE . "images`\n ADD COLUMN `high_filesize` mediumint(9) unsigned default NULL\n;", "\nALTER TABLE `" . PREFIX_TABLE . "user_infos`\n CHANGE COLUMN `language`\n `language` varchar(50) NOT NULL default 'en_UK.iso-8859-1'\n;", "\nALTER TABLE `" . PREFIX_TABLE . "user_infos`\n DROP COLUMN `auto_login_key`\n;", "\nALTER TABLE `" . PREFIX_TABLE . "user_infos`\n ADD COLUMN `show_nb_hits` enum('true','false') NOT NULL default 'false'\n;", "\nALTER TABLE `" . PREFIX_TABLE . "user_mail_notification`\n DROP INDEX `uidx_check_key`\n;", "\nALTER TABLE `" . PREFIX_TABLE . "user_mail_notification`\n ADD UNIQUE `user_mail_notification_ui1` (`check_key`)\n;", "\nCREATE TABLE `" . PREFIX_TABLE . "history_summary` (\n `id` varchar(13) NOT NULL default '',\n `year` smallint(4) NOT NULL default '0',\n `month` tinyint(2) default NULL,\n `day` tinyint(2) default NULL,\n `hour` tinyint(2) default NULL,\n `nb_pages` int(11) default NULL,\n PRIMARY KEY (`id`)\n) ENGINE=MyISAM\n;", "\nCREATE TABLE `" . PREFIX_TABLE . "old_permalinks` (\n `cat_id` smallint(5) unsigned NOT NULL default '0',\n `permalink` varchar(64) NOT NULL default '',\n `date_deleted` datetime NOT NULL default '0000-00-00 00:00:00',\n `last_hit` datetime default NULL,\n `hit` int(10) unsigned NOT NULL default '0',\n PRIMARY KEY (`permalink`)\n) ENGINE=MyISAM\n;", "\nCREATE TABLE `" . PREFIX_TABLE . "plugins` (\n `id` varchar(64) binary NOT NULL default '',\n `state` enum('inactive','active') NOT NULL default 'inactive',\n `version` varchar(64) NOT NULL default '0',\n PRIMARY KEY (`id`)\n) ENGINE=MyISAM\n;", "\nCREATE TABLE `" . PREFIX_TABLE . "user_cache_categories` (\n `user_id` smallint(5) NOT NULL default '0',\n `cat_id` smallint(5) unsigned NOT NULL default '0',\n `max_date_last` datetime default NULL,\n `count_images` mediumint(8) unsigned default '0',\n `count_categories` mediumint(8) unsigned default '0',\n PRIMARY KEY (`user_id`,`cat_id`)\n) ENGINE=MyISAM\n;", "\nINSERT INTO " . PREFIX_TABLE . "config\n (param,value,comment)\n VALUES\n ('show_nb_hits', 'false', 'Show hits count under thumbnails')\n;", "\nINSERT INTO " . PREFIX_TABLE . "config\n (param,value,comment)\n VALUES\n ('history_admin','false','keep a history of administrator visits on your website')\n;", "\nINSERT INTO " . PREFIX_TABLE . "config\n (param,value,comment)\n VALUES\n ('history_guest','true','keep a history of guest visits on your website')\n;", "\nINSERT INTO " . PREFIX_TABLE . "config\n (param,value,comment)\n VALUES\n ('allow_user_registration','true','allow visitors to register?')\n;", "\nINSERT INTO " . PREFIX_TABLE . "config\n (param,value,comment)\n VALUES\n ('secret_key', MD5(RAND()), 'a secret key specific to the gallery for internal use')\n;", "\nINSERT INTO " . PREFIX_TABLE . "config\n (param,value,comment)\n VALUES\n ('nbm_send_html_mail','true','Send mail on HTML format for notification by mail')\n;", "\nINSERT INTO " . PREFIX_TABLE . "config\n (param,value,comment)\n VALUES\n ('nbm_send_recent_post_dates','true','Send recent post by dates for notification by mail')\n;", "\nINSERT INTO " . PREFIX_TABLE . "config\n (param,value,comment)\n VALUES\n ('email_admin_on_new_user','false','Send an email to theadministrators when a user registers')\n;", "\nINSERT INTO " . PREFIX_TABLE . "config\n (param,value,comment)\n VALUES\n ('email_admin_on_comment','false','Send an email to the administrators when a valid comment is entered')\n;", "\nINSERT INTO " . PREFIX_TABLE . "config\n (param,value,comment)\n VALUES\n ('email_admin_on_comment_validation','false','Send an email to the administrators when a comment requires validation')\n;", "\nINSERT INTO " . PREFIX_TABLE . "config\n (param,value,comment)\n VALUES\n ('email_admin_on_picture_uploaded','false','Send an email to the administrators when a picture is uploaded')\n;", "\nUPDATE " . PREFIX_TABLE . "user_cache\n SET need_update = 'true'\n;");
foreach ($queries as $query) {
pwg_query($query);
}
$replacements = array(array(''', '\''), array('"', '"'), array('<', '<'), array('>', '>'), array('&', '&'));
foreach ($replacements as $replacement) {
$query = '
UPDATE ' . PREFIX_TABLE . 'comments
SET content = REPLACE(content, "' . addslashes($replacement[0]) . '", "' . addslashes($replacement[1]) . '")
;';
pwg_query($query);
}
load_conf_from_db();
$query = "\nUPDATE " . USER_INFOS_TABLE . "\nSET\n template = '" . $conf['default_template'] . "',\n nb_image_line = " . $conf['nb_image_line'] . ",\n nb_line_page = " . $conf['nb_line_page'] . ",\n language = '" . $conf['default_language'] . "',\n maxwidth = " . (empty($conf['default_maxwidth']) ? "NULL" : $conf['default_maxwidth']) . ",\n maxheight = " . (empty($conf['default_maxheight']) ? "NULL" : $conf['default_maxheight']) . ",\n recent_period = " . $conf['recent_period'] . ",\n expand = '" . boolean_to_string($conf['auto_expand']) . "',\n show_nb_comments = '" . boolean_to_string($conf['show_nb_comments']) . "',\n show_nb_hits = '" . boolean_to_string($conf['show_nb_hits']) . "',\n enabled_high = '" . boolean_to_string(isset($conf['newuser_default_enabled_high']) ? $conf['newuser_default_enabled_high'] : true) . "'\nWHERE\n user_id = " . $conf['default_user_id'] . ";";
pwg_query($query);
$query = "\nDELETE FROM " . CONFIG_TABLE . "\nWHERE\n param IN\n(\n 'default_template',\n 'nb_image_line',\n 'nb_line_page',\n 'default_language',\n 'default_maxwidth',\n 'default_maxheight',\n 'recent_period',\n 'auto_expand',\n 'show_nb_comments',\n 'show_nb_hits'\n)\n;";
pwg_query($query);
// now we upgrade from 1.7.0
include_once PHPWG_ROOT_PATH . 'install/upgrade_1.7.0.php';
/**
* Encodes slideshow array params into a string
*
* @param array $decode_params
* @return string
*/
function encode_slideshow_params($decode_params = array())
{
global $conf;
$params = array_diff_assoc(correct_slideshow_params($decode_params), get_default_slideshow_params());
$result = '';
foreach ($params as $name => $value) {
// boolean_to_string return $value, if it's not a bool
$result .= '+' . $name . '-' . boolean_to_string($value);
}
return $result;
}
