function save_upload_form_config($data, &$errors = array(), &$form_errors = array()) { if (!is_array($data) or empty($data)) { return false; } $upload_form_config = get_upload_form_config(); $updates = array(); foreach ($data as $field => $value) { if (!isset($upload_form_config[$field])) { continue; } if (is_bool($upload_form_config[$field]['default'])) { if (isset($value)) { $value = true; } else { $value = false; } $updates[] = array('param' => $field, 'value' => boolean_to_string($value)); } elseif ($upload_form_config[$field]['can_be_null'] and empty($value)) { $updates[] = array('param' => $field, 'value' => 'false'); } else { $min = $upload_form_config[$field]['min']; $max = $upload_form_config[$field]['max']; $pattern = $upload_form_config[$field]['pattern']; if (preg_match($pattern, $value) and $value >= $min and $value <= $max) { $updates[] = array('param' => $field, 'value' => $value); } else { $errors[] = sprintf($upload_form_config[$field]['error_message'], $min, $max); $form_errors[$field] = '[' . $min . ' .. ' . $max . ']'; } } } if (count($errors) == 0) { mass_updates(CONFIG_TABLE, array('primary' => array('param'), 'update' => array('value')), $updates); return true; } return false; }
/** * Finds informations related to the user identifier. * * @param int $user_id * @param boolean $use_cache * @return array */ function getuserdata($user_id, $use_cache = false) { global $conf; // retrieve basic user data $query = ' SELECT '; $is_first = true; foreach ($conf['user_fields'] as $pwgfield => $dbfield) { if ($is_first) { $is_first = false; } else { $query .= ' , '; } $query .= $dbfield . ' AS ' . $pwgfield; } $query .= ' FROM ' . USERS_TABLE . ' WHERE ' . $conf['user_fields']['id'] . ' = \'' . $user_id . '\''; $row = pwg_db_fetch_assoc(pwg_query($query)); // retrieve additional user data ? if ($conf['external_authentification']) { $query = ' SELECT COUNT(1) AS counter FROM ' . USER_INFOS_TABLE . ' AS ui LEFT JOIN ' . USER_CACHE_TABLE . ' AS uc ON ui.user_id = uc.user_id LEFT JOIN ' . THEMES_TABLE . ' AS t ON t.id = ui.theme WHERE ui.user_id = ' . $user_id . ' GROUP BY ui.user_id ;'; list($counter) = pwg_db_fetch_row(pwg_query($query)); if ($counter != 1) { create_user_infos($user_id); } } // retrieve user info $query = ' SELECT ui.*, uc.*, t.name AS theme_name FROM ' . USER_INFOS_TABLE . ' AS ui LEFT JOIN ' . USER_CACHE_TABLE . ' AS uc ON ui.user_id = uc.user_id LEFT JOIN ' . THEMES_TABLE . ' AS t ON t.id = ui.theme WHERE ui.user_id = ' . $user_id . ' ;'; $result = pwg_query($query); $user_infos_row = pwg_db_fetch_assoc($result); // then merge basic + additional user data $userdata = array_merge($row, $user_infos_row); foreach ($userdata as &$value) { // If the field is true or false, the variable is transformed into a boolean value. if ($value == 'true') { $value = true; } elseif ($value == 'false') { $value = false; } } unset($value); if ($use_cache) { if (!isset($userdata['need_update']) or !is_bool($userdata['need_update']) or $userdata['need_update'] == true) { $userdata['cache_update_time'] = time(); // Set need update are done $userdata['need_update'] = false; $userdata['forbidden_categories'] = calculate_permissions($userdata['id'], $userdata['status']); /* now we build the list of forbidden images (this list does not contain images that are not in at least an authorized category)*/ $query = ' SELECT DISTINCT(id) FROM ' . IMAGES_TABLE . ' INNER JOIN ' . IMAGE_CATEGORY_TABLE . ' ON id=image_id WHERE category_id NOT IN (' . $userdata['forbidden_categories'] . ') AND level>' . $userdata['level']; $forbidden_ids = query2array($query, null, 'id'); if (empty($forbidden_ids)) { $forbidden_ids[] = 0; } $userdata['image_access_type'] = 'NOT IN'; //TODO maybe later $userdata['image_access_list'] = implode(',', $forbidden_ids); $query = ' SELECT COUNT(DISTINCT(image_id)) as total FROM ' . IMAGE_CATEGORY_TABLE . ' WHERE category_id NOT IN (' . $userdata['forbidden_categories'] . ') AND image_id ' . $userdata['image_access_type'] . ' (' . $userdata['image_access_list'] . ')'; list($userdata['nb_total_images']) = pwg_db_fetch_row(pwg_query($query)); // now we update user cache categories $user_cache_cats = get_computed_categories($userdata, null); if (!is_admin($userdata['status'])) { // for non admins we forbid categories with no image (feature 1053) $forbidden_ids = array(); foreach ($user_cache_cats as $cat) { if ($cat['count_images'] == 0) { $forbidden_ids[] = $cat['cat_id']; remove_computed_category($user_cache_cats, $cat); } } if (!empty($forbidden_ids)) { if (empty($userdata['forbidden_categories'])) { $userdata['forbidden_categories'] = implode(',', $forbidden_ids); } else { $userdata['forbidden_categories'] .= ',' . implode(',', $forbidden_ids); } } } // delete user cache $query = ' DELETE FROM ' . USER_CACHE_CATEGORIES_TABLE . ' WHERE user_id = ' . $userdata['id']; pwg_query($query); // Due to concurrency issues, we ask MySQL to ignore errors on // insert. This may happen when cache needs refresh and that Piwigo is // called "very simultaneously". mass_inserts(USER_CACHE_CATEGORIES_TABLE, array('user_id', 'cat_id', 'date_last', 'max_date_last', 'nb_images', 'count_images', 'nb_categories', 'count_categories'), $user_cache_cats, array('ignore' => true)); // update user cache $query = ' DELETE FROM ' . USER_CACHE_TABLE . ' WHERE user_id = ' . $userdata['id']; pwg_query($query); // for the same reason as user_cache_categories, we ignore error on // this insert $query = ' INSERT IGNORE INTO ' . USER_CACHE_TABLE . ' (user_id, need_update, cache_update_time, forbidden_categories, nb_total_images, last_photo_date, image_access_type, image_access_list) VALUES (' . $userdata['id'] . ',\'' . boolean_to_string($userdata['need_update']) . '\',' . $userdata['cache_update_time'] . ',\'' . $userdata['forbidden_categories'] . '\',' . $userdata['nb_total_images'] . ',' . (empty($userdata['last_photo_date']) ? 'NULL' : '\'' . $userdata['last_photo_date'] . '\'') . ',\'' . $userdata['image_access_type'] . '\',\'' . $userdata['image_access_list'] . '\')'; pwg_query($query); } } return $userdata; }
} // + // | toggle_default // + if ($action == "toggle_default") { foreach ($groups as $group) { $query = ' SELECT name, is_default FROM ' . GROUPS_TABLE . ' WHERE id = ' . $group . ' ;'; list($groupname, $is_default) = pwg_db_fetch_row(pwg_query($query)); // update of the group $query = ' UPDATE ' . GROUPS_TABLE . ' SET is_default = \'' . boolean_to_string(!get_boolean($is_default)) . '\' WHERE id = ' . $group . ' ;'; pwg_query($query); $page['infos'][] = l10n('group "%s" updated', $groupname); } } invalidate_user_cache(); } // +-----------------------------------------------------------------------+ // | template init | // +-----------------------------------------------------------------------+ $template->set_filenames(array('group_list' => 'group_list.tpl')); $template->assign(array('F_ADD_ACTION' => get_root_url() . 'admin.php?page=group_list', 'U_HELP' => get_root_url() . 'admin/popuphelp.php?page=group_list', 'PWG_TOKEN' => get_pwg_token())); // +-----------------------------------------------------------------------+ // | group list |
/** * Add or update a config parameter * * @param string $param * @param string $value * @param boolean $updateGlobal update global *$conf* variable * @param callable $parser function to apply to the value before save in database (eg: serialize, json_encode) will not be applied to *$conf* if *$parser* is *true* */ function conf_update_param($param, $value, $updateGlobal = false, $parser = null) { if ($parser != null) { $dbValue = call_user_func($parser, $value); } else { if (is_array($value) || is_object($value)) { $dbValue = addslashes(serialize($value)); } else { $dbValue = boolean_to_string($value); } } $query = ' INSERT INTO ' . CONFIG_TABLE . ' (param, value) VALUES(\'' . $param . '\', \'' . $dbValue . '\') ON DUPLICATE KEY UPDATE value = \'' . $dbValue . '\' ;'; pwg_query($query); if ($updateGlobal) { global $conf; $conf[$param] = $value; } }
$result = pwg_query($query); $category['has_images'] = pwg_db_num_rows($result) > 0 ? true : false; // Navigation path $navigation = get_cat_display_name_cache($category['uppercats'], get_root_url() . 'admin.php?page=album-'); $form_action = $admin_album_base_url . '-properties'; //----------------------------------------------------- template initialization $template->set_filename('album_properties', 'cat_modify.tpl'); $base_url = get_root_url() . 'admin.php?page='; $cat_list_url = $base_url . 'cat_list'; $self_url = $cat_list_url; if (!empty($category['id_uppercat'])) { $self_url .= '&parent_id=' . $category['id_uppercat']; } $template->assign(array('CATEGORIES_NAV' => $navigation, 'CAT_ID' => $category['id'], 'CAT_NAME' => @htmlspecialchars($category['name']), 'CAT_COMMENT' => @htmlspecialchars($category['comment']), 'CAT_VISIBLE' => boolean_to_string($category['visible']), 'U_JUMPTO' => make_index_url(array('category' => $category)), 'U_ADD_PHOTOS_ALBUM' => $base_url . 'photos_add&album=' . $category['id'], 'U_CHILDREN' => $cat_list_url . '&parent_id=' . $category['id'], 'U_HELP' => get_root_url() . 'admin/popuphelp.php?page=cat_modify', 'F_ACTION' => $form_action)); if ($conf['activate_comments']) { $template->assign('CAT_COMMENTABLE', boolean_to_string($category['commentable'])); } // manage album elements link if ($category['has_images']) { $template->assign('U_MANAGE_ELEMENTS', $base_url . 'batch_manager&filter=album-' . $category['id']); $query = ' SELECT COUNT(image_id), MIN(DATE(date_available)), MAX(DATE(date_available)) FROM ' . IMAGES_TABLE . ' JOIN ' . IMAGE_CATEGORY_TABLE . ' ON image_id = id WHERE category_id = ' . $category['id'] . ' ;'; list($image_count, $min_date, $max_date) = pwg_db_fetch_row(pwg_query($query)); if ($min_date == $max_date) {
if (isset($_POST['cat'])) { $fs_fulldirs[] = $basedir; } // If $_POST['subcats-included'] != 1 ("Search in sub-albums" is unchecked) // $db_fulldirs doesn't include any subdirectories and $fs_fulldirs does // So $fs_fulldirs will be limited to the selected basedir // (if that one is in $fs_fulldirs) if (!isset($_POST['subcats-included']) or $_POST['subcats-included'] != 1) { $fs_fulldirs = array_intersect($fs_fulldirs, array_keys($db_fulldirs)); } $inserts = array(); // new categories are the directories not present yet in the database foreach (array_diff($fs_fulldirs, array_keys($db_fulldirs)) as $fulldir) { $dir = basename($fulldir); if (preg_match($conf['sync_chars_regex'], $dir)) { $insert = array('id' => $next_id++, 'dir' => $dir, 'name' => str_replace('_', ' ', $dir), 'site_id' => $site_id, 'commentable' => boolean_to_string($conf['newcat_default_commentable']), 'status' => $conf['newcat_default_status'], 'visible' => boolean_to_string($conf['newcat_default_visible'])); if (isset($db_fulldirs[dirname($fulldir)])) { $parent = $db_fulldirs[dirname($fulldir)]; $insert['id_uppercat'] = $parent; $insert['uppercats'] = $db_categories[$parent]['uppercats'] . ',' . $insert['id']; $insert['rank'] = $next_rank[$parent]++; $insert['global_rank'] = $db_categories[$parent]['global_rank'] . '.' . $insert['rank']; if ('private' == $db_categories[$parent]['status']) { $insert['status'] = 'private'; } if ('false' == $db_categories[$parent]['visible']) { $insert['visible'] = 'false'; } } else { $insert['uppercats'] = $insert['id']; $insert['rank'] = $next_rank['NULL']++;
function do_subscribe_unsubscribe_notification_by_mail($is_admin_request, $is_subscribe = false, $check_key_list = array()) { global $conf, $page, $env_nbm, $conf; set_make_full_url(); $check_key_treated = array(); $updated_data_count = 0; $error_on_updated_data_count = 0; if ($is_subscribe) { $msg_info = l10n('User %s [%s] was added to the subscription list.'); $msg_error = l10n('User %s [%s] was not added to the subscription list.'); } else { $msg_info = l10n('User %s [%s] was removed from the subscription list.'); $msg_error = l10n('User %s [%s] was not removed from the subscription list.'); } if (count($check_key_list) != 0) { $updates = array(); $enabled_value = boolean_to_string($is_subscribe); $data_users = get_user_notifications('subscribe', $check_key_list, !$is_subscribe); // Prepare message after change language $msg_break_timeout = l10n('Time to send mail is limited. Others mails are skipped.'); // Begin nbm users environment begin_users_env_nbm(true); foreach ($data_users as $nbm_user) { if (check_sendmail_timeout()) { // Stop fill list on 'send', if the quota is override $page['errors'][] = $msg_break_timeout; break; } // Fill return list $check_key_treated[] = $nbm_user['check_key']; $do_update = true; if ($nbm_user['mail_address'] != '') { // set env nbm user set_user_on_env_nbm($nbm_user, true); $subject = '[' . $conf['gallery_title'] . '] ' . ($is_subscribe ? l10n('Subscribe to notification by mail') : l10n('Unsubscribe from notification by mail')); // Assign current var for nbm mail assign_vars_nbm_mail_content($nbm_user); $section_action_by = $is_subscribe ? 'subscribe_by_' : 'unsubscribe_by_'; $section_action_by .= $is_admin_request ? 'admin' : 'himself'; $env_nbm['mail_template']->assign(array($section_action_by => true, 'GOTO_GALLERY_TITLE' => $conf['gallery_title'], 'GOTO_GALLERY_URL' => get_gallery_home_url())); $ret = pwg_mail(array('name' => stripslashes($nbm_user['username']), 'email' => $nbm_user['mail_address']), array('from' => $env_nbm['send_as_mail_formated'], 'subject' => $subject, 'email_format' => $env_nbm['email_format'], 'content' => $env_nbm['mail_template']->parse('notification_by_mail', true), 'content_format' => $env_nbm['email_format'])); if ($ret) { inc_mail_sent_success($nbm_user); } else { inc_mail_sent_failed($nbm_user); $do_update = false; } // unset env nbm user unset_user_on_env_nbm(); } if ($do_update) { $updates[] = array('check_key' => $nbm_user['check_key'], 'enabled' => $enabled_value); $updated_data_count += 1; $page['infos'][] = sprintf($msg_info, stripslashes($nbm_user['username']), $nbm_user['mail_address']); } else { $error_on_updated_data_count += 1; $page['errors'][] = sprintf($msg_error, stripslashes($nbm_user['username']), $nbm_user['mail_address']); } } // Restore nbm environment end_users_env_nbm(); display_counter_info(); mass_updates(USER_MAIL_NOTIFICATION_TABLE, array('primary' => array('check_key'), 'update' => array('enabled')), $updates); } $page['infos'][] = l10n_dec('%d user was updated.', '%d users were updated.', $updated_data_count); if ($error_on_updated_data_count != 0) { $page['errors'][] = l10n_dec('%d user was not updated.', '%d users were not updated.', $error_on_updated_data_count); } unset_make_full_url(); return $check_key_treated; }
// | the Free Software Foundation | // | | // | This program is distributed in the hope that it will be useful, but | // | WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | // | General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software | // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | // | USA. | // +-----------------------------------------------------------------------+ if (!defined('PHPWG_ROOT_PATH')) { die('Hacking attempt!'); } $upgrade_description = 'Add upload form parameters in database'; global $conf; load_conf_from_db(); $upload_form_config = array('websize_resize' => true, 'websize_maxwidth' => 800, 'websize_maxheight' => 600, 'websize_quality' => 95, 'thumb_maxwidth' => 128, 'thumb_maxheight' => 96, 'thumb_quality' => 95, 'thumb_crop' => false, 'thumb_follow_orientation' => true, 'hd_keep' => true, 'hd_resize' => false, 'hd_maxwidth' => 2000, 'hd_maxheight' => 2000, 'hd_quality' => 95); $inserts = array(); foreach ($upload_form_config as $param_shortname => $param) { $param_name = 'upload_form_' . $param_shortname; if (!isset($conf[$param_name])) { $conf[$param_name] = $param; array_push($inserts, array('param' => $param_name, 'value' => boolean_to_string($param))); } } if (count($inserts) > 0) { mass_inserts(CONFIG_TABLE, array_keys($inserts[0]), $inserts); } echo "\n" . $upgrade_description . "\n";
/** * Create a virtual category. * * @param string $category_name * @param int $parent_id * @param array $options * - boolean commentable * - boolean visible * - string status * - string comment * - boolean inherit * @return array ('info', 'id') or ('error') */ function create_virtual_category($category_name, $parent_id = null, $options = array()) { global $conf, $user; // is the given category name only containing blank spaces ? if (preg_match('/^\\s*$/', $category_name)) { return array('error' => l10n('The name of an album must not be empty')); } $insert = array('name' => $category_name, 'rank' => 0, 'global_rank' => 0); // is the album commentable? if (isset($options['commentable']) and is_bool($options['commentable'])) { $insert['commentable'] = $options['commentable']; } else { $insert['commentable'] = $conf['newcat_default_commentable']; } $insert['commentable'] = boolean_to_string($insert['commentable']); // is the album temporarily locked? (only visible by administrators, // whatever permissions) (may be overwritten if parent album is not // visible) if (isset($options['visible']) and is_bool($options['visible'])) { $insert['visible'] = $options['visible']; } else { $insert['visible'] = $conf['newcat_default_visible']; } $insert['visible'] = boolean_to_string($insert['visible']); // is the album private? (may be overwritten if parent album is private) if (isset($options['status']) and 'private' == $options['status']) { $insert['status'] = 'private'; } else { $insert['status'] = $conf['newcat_default_status']; } // any description for this album? if (isset($options['comment'])) { $insert['comment'] = $conf['allow_html_descriptions'] ? $options['comment'] : strip_tags($options['comment']); } if (!empty($parent_id) and is_numeric($parent_id)) { $query = ' SELECT id, uppercats, global_rank, visible, status FROM ' . CATEGORIES_TABLE . ' WHERE id = ' . $parent_id . ' ;'; $parent = pwg_db_fetch_assoc(pwg_query($query)); $insert['id_uppercat'] = $parent['id']; $insert['global_rank'] = $parent['global_rank'] . '.' . $insert['rank']; // at creation, must a category be visible or not ? Warning : if the // parent category is invisible, the category is automatically create // invisible. (invisible = locked) if ('false' == $parent['visible']) { $insert['visible'] = 'false'; } // at creation, must a category be public or private ? Warning : if the // parent category is private, the category is automatically create // private. if ('private' == $parent['status']) { $insert['status'] = 'private'; } $uppercats_prefix = $parent['uppercats'] . ','; } else { $uppercats_prefix = ''; } // we have then to add the virtual category single_insert(CATEGORIES_TABLE, $insert); $inserted_id = pwg_db_insert_id(CATEGORIES_TABLE); single_update(CATEGORIES_TABLE, array('uppercats' => $uppercats_prefix . $inserted_id), array('id' => $inserted_id)); update_global_rank(); if ('private' == $insert['status'] and !empty($insert['id_uppercat']) and (isset($options['inherit']) and $options['inherit'] or $conf['inheritance_by_default'])) { $query = ' SELECT group_id FROM ' . GROUP_ACCESS_TABLE . ' WHERE cat_id = ' . $insert['id_uppercat'] . ' ;'; $granted_grps = query2array($query, null, 'group_id'); $inserts = array(); foreach ($granted_grps as $granted_grp) { $inserts[] = array('group_id' => $granted_grp, 'cat_id' => $inserted_id); } mass_inserts(GROUP_ACCESS_TABLE, array('group_id', 'cat_id'), $inserts); $query = ' SELECT user_id FROM ' . USER_ACCESS_TABLE . ' WHERE cat_id = ' . $insert['id_uppercat'] . ' ;'; $granted_users = query2array($query, null, 'user_id'); add_permission_on_category($inserted_id, array_unique(array_merge(get_admins(), array($user['id']), $granted_users))); } elseif ('private' == $insert['status']) { add_permission_on_category($inserted_id, array_unique(array_merge(get_admins(), array($user['id'])))); } return array('info' => l10n('Virtual album added'), 'id' => $inserted_id); }
$query = ' UPDATE ' . GROUPS_TABLE . ' SET is_default = \'' . boolean_to_string(false) . '\' WHERE is_default = true ;'; pwg_query($query); // Set the new group as group by default $query = ' SELECT name FROM ' . GROUPS_TABLE . ' WHERE id = ' . $_POST['UAM_Validated_Group'] . ' ;'; $UAM_group = pwg_db_fetch_assoc(pwg_query($query)); $query = ' UPDATE ' . GROUPS_TABLE . ' SET is_default = \'' . boolean_to_string(true) . '\' WHERE id = ' . $_POST['UAM_Validated_Group'] . ' ;'; pwg_query($query); array_push($page['infos'], sprintf(l10n('UAM_group %s updated'), $UAM_group['name'])); } // Save global UAM configuration // ----------------------------- $newconf_UAM['MAIL_INFO'] = isset($_POST['UAM_Mail_Info']) ? $_POST['UAM_Mail_Info'] : 'false'; $newconf_UAM['CONFIRM_MAIL'] = isset($_POST['UAM_Confirm_Mail']) ? $_POST['UAM_Confirm_Mail'] : 'false'; $newconf_UAM['NO_CONFIRM_GROUP'] = isset($_POST['UAM_No_Confirm_Group']) ? $_POST['UAM_No_Confirm_Group'] : ''; $newconf_UAM['VALIDATED_GROUP'] = isset($_POST['UAM_Validated_Group']) ? $_POST['UAM_Validated_Group'] : ''; $newconf_UAM['VALIDATED_STATUS'] = isset($_POST['UAM_Validated_Status']) ? $_POST['UAM_Validated_Status'] : ''; $newconf_UAM['USERNAME_CHAR'] = $_POST['UAM_Username_Char']; $newconf_UAM['USERNAME_CHAR_LIST'] = isset($_POST['UAM_Username_List']) ? $_POST['UAM_Username_List'] : ''; $newconf_UAM['NO_CONFIRM_STATUS'] = isset($_POST['UAM_No_Confirm_Status']) ? $_POST['UAM_No_Confirm_Status'] : '';
/** * API method * Updates users * @param mixed[] $params * @option int[] user_id * @option string username (optional) * @option string password (optional) * @option string email (optional) * @option string status (optional) * @option int level (optional) * @option string language (optional) * @option string theme (optional) * @option int nb_image_page (optional) * @option int recent_period (optional) * @option bool expand (optional) * @option bool show_nb_comments (optional) * @option bool show_nb_hits (optional) * @option bool enabled_high (optional) */ function ws_users_setInfo($params, &$service) { if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); } global $conf, $user; include_once PHPWG_ROOT_PATH . 'admin/include/functions.php'; $updates = $updates_infos = array(); $update_status = null; if (count($params['user_id']) == 1) { if (get_username($params['user_id'][0]) === false) { return new PwgError(WS_ERR_INVALID_PARAM, 'This user does not exist.'); } if (!empty($params['username'])) { $user_id = get_userid($params['username']); if ($user_id and $user_id != $params['user_id'][0]) { return new PwgError(WS_ERR_INVALID_PARAM, l10n('this login is already used')); } if ($params['username'] != strip_tags($params['username'])) { return new PwgError(WS_ERR_INVALID_PARAM, l10n('html tags are not allowed in login')); } $updates[$conf['user_fields']['username']] = $params['username']; } if (!empty($params['email'])) { if (($error = validate_mail_address($params['user_id'][0], $params['email'])) != '') { return new PwgError(WS_ERR_INVALID_PARAM, $error); } $updates[$conf['user_fields']['email']] = $params['email']; } if (!empty($params['password'])) { $updates[$conf['user_fields']['password']] = $conf['password_hash']($params['password']); } } if (!empty($params['status'])) { if (in_array($params['status'], array('webmaster', 'admin')) and !is_webmaster()) { return new PwgError(403, 'Only webmasters can grant "webmaster/admin" status'); } if (!in_array($params['status'], array('guest', 'generic', 'normal', 'admin', 'webmaster'))) { return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid status'); } $protected_users = array($user['id'], $conf['guest_id'], $conf['webmaster_id']); // an admin can't change status of other admin/webmaster if ('admin' == $user['status']) { $query = ' SELECT user_id FROM ' . USER_INFOS_TABLE . ' WHERE status IN (\'webmaster\', \'admin\') ;'; $protected_users = array_merge($protected_users, query2array($query, null, 'user_id')); } // status update query is separated from the rest as not applying to the same // set of users (current, guest and webmaster can't be changed) $params['user_id_for_status'] = array_diff($params['user_id'], $protected_users); $update_status = $params['status']; } if (!empty($params['level']) or @$params['level'] === 0) { if (!in_array($params['level'], $conf['available_permission_levels'])) { return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid level'); } $updates_infos['level'] = $params['level']; } if (!empty($params['language'])) { if (!in_array($params['language'], array_keys(get_languages()))) { return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid language'); } $updates_infos['language'] = $params['language']; } if (!empty($params['theme'])) { if (!in_array($params['theme'], array_keys(get_pwg_themes()))) { return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid theme'); } $updates_infos['theme'] = $params['theme']; } if (!empty($params['nb_image_page'])) { $updates_infos['nb_image_page'] = $params['nb_image_page']; } if (!empty($params['recent_period']) or @$params['recent_period'] === 0) { $updates_infos['recent_period'] = $params['recent_period']; } if (!empty($params['expand']) or @$params['expand'] === false) { $updates_infos['expand'] = boolean_to_string($params['expand']); } if (!empty($params['show_nb_comments']) or @$params['show_nb_comments'] === false) { $updates_infos['show_nb_comments'] = boolean_to_string($params['show_nb_comments']); } if (!empty($params['show_nb_hits']) or @$params['show_nb_hits'] === false) { $updates_infos['show_nb_hits'] = boolean_to_string($params['show_nb_hits']); } if (!empty($params['enabled_high']) or @$params['enabled_high'] === false) { $updates_infos['enabled_high'] = boolean_to_string($params['enabled_high']); } // perform updates single_update(USERS_TABLE, $updates, array($conf['user_fields']['id'] => $params['user_id'][0])); if (isset($update_status) and count($params['user_id_for_status']) > 0) { $query = ' UPDATE ' . USER_INFOS_TABLE . ' SET status = "' . $update_status . '" WHERE user_id IN(' . implode(',', $params['user_id_for_status']) . ') ;'; pwg_query($query); } if (count($updates_infos) > 0) { $query = ' UPDATE ' . USER_INFOS_TABLE . ' SET '; $first = true; foreach ($updates_infos as $field => $value) { if (!$first) { $query .= ', '; } else { $first = false; } $query .= $field . ' = "' . $value . '"'; } $query .= ' WHERE user_id IN(' . implode(',', $params['user_id']) . ') ;'; pwg_query($query); } // manage association to groups if (!empty($params['group_id'])) { $query = ' DELETE FROM ' . USER_GROUP_TABLE . ' WHERE user_id IN (' . implode(',', $params['user_id']) . ') ;'; pwg_query($query); // we remove all provided groups that do not really exist $query = ' SELECT id FROM ' . GROUPS_TABLE . ' WHERE id IN (' . implode(',', $params['group_id']) . ') ;'; $group_ids = array_from_query($query, 'id'); // if only -1 (a group id that can't exist) is in the list, then no // group is associated if (count($group_ids) > 0) { $inserts = array(); foreach ($group_ids as $group_id) { foreach ($params['user_id'] as $user_id) { $inserts[] = array('user_id' => $user_id, 'group_id' => $group_id); } } mass_inserts(USER_GROUP_TABLE, array_keys($inserts[0]), $inserts); } } invalidate_user_cache(); return $service->invoke('pwg.users.getList', array('user_id' => $params['user_id'], 'display' => 'basics,' . implode(',', array_keys($updates_infos)))); }
/** * API method * Updates a group * @param mixed[] $params * @option int group_id * @option string name (optional) * @option bool is_default (optional) */ function ws_groups_setInfo($params, &$service) { if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); } $updates = array(); // does the group exist ? $query = ' SELECT COUNT(*) FROM ' . GROUPS_TABLE . ' WHERE id = ' . $params['group_id'] . ' ;'; list($count) = pwg_db_fetch_row(pwg_query($query)); if ($count == 0) { return new PwgError(WS_ERR_INVALID_PARAM, 'This group does not exist.'); } if (!empty($params['name'])) { $params['name'] = pwg_db_real_escape_string($params['name']); // is the name not already used ? $query = ' SELECT COUNT(*) FROM ' . GROUPS_TABLE . ' WHERE name = \'' . $params['name'] . '\' ;'; list($count) = pwg_db_fetch_row(pwg_query($query)); if ($count != 0) { return new PwgError(WS_ERR_INVALID_PARAM, 'This name is already used by another group.'); } $updates['name'] = $params['name']; } if (!empty($params['is_default']) or @$params['is_default'] === false) { $updates['is_default'] = boolean_to_string($params['is_default']); } single_update(GROUPS_TABLE, $updates, array('id' => $params['group_id'])); return $service->invoke('pwg.groups.getList', array('group_id' => $params['group_id'])); }
// | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software | // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | // | USA. | // +-----------------------------------------------------------------------+ if (!defined('PHPWG_ROOT_PATH')) { die('This page cannot be loaded directly, load upgrade.php'); } else { if (!defined('PHPWG_IN_UPGRADE') or !PHPWG_IN_UPGRADE) { die('Hacking attempt!'); } } $queries = array("\nALTER TABLE `" . PREFIX_TABLE . "categories`\n ADD COLUMN `permalink` varchar(64) default NULL\n;", "\nALTER TABLE `" . PREFIX_TABLE . "categories`\n ADD COLUMN `image_order` varchar(128) default NULL\n;", "\nALTER TABLE `" . PREFIX_TABLE . "categories`\n ADD UNIQUE `categories_i3` (`permalink`)\n;", "\nALTER TABLE `" . PREFIX_TABLE . "groups`\n ADD COLUMN `is_default` enum('true','false') NOT NULL default 'false'\n;", "\nRENAME TABLE `" . PREFIX_TABLE . "history` TO `" . PREFIX_TABLE . "history_backup`\n;", "\nCREATE TABLE `" . PREFIX_TABLE . "history` (\n `id` int(10) unsigned NOT NULL auto_increment,\n `date` date NOT NULL default '0000-00-00',\n `time` time NOT NULL default '00:00:00',\n `year` smallint(4) NOT NULL default '0',\n `month` tinyint(2) NOT NULL default '0',\n `day` tinyint(2) NOT NULL default '0',\n `hour` tinyint(2) NOT NULL default '0',\n `user_id` smallint(5) NOT NULL default '0',\n `IP` varchar(15) NOT NULL default '',\n `section` enum('categories','tags','search','list','favorites','most_visited','best_rated','recent_pics','recent_cats') default NULL,\n `category_id` smallint(5) default NULL,\n `tag_ids` varchar(50) default NULL,\n `image_id` mediumint(8) default NULL,\n `summarized` enum('true','false') default 'false',\n `image_type` enum('picture','high','other') default NULL,\n PRIMARY KEY (`id`),\n KEY `history_i1` (`summarized`)\n) ENGINE=MyISAM\n;", "\nALTER TABLE `" . PREFIX_TABLE . "image_category`\n DROP INDEX `image_category_i1`\n;", "\nALTER TABLE `" . PREFIX_TABLE . "image_category`\n ADD INDEX `image_category_i1` (`category_id`)\n;", "\nALTER TABLE `" . PREFIX_TABLE . "image_category`\n DROP INDEX `image_category_i2`\n;", "\nALTER TABLE `" . PREFIX_TABLE . "images`\n ADD COLUMN `high_filesize` mediumint(9) unsigned default NULL\n;", "\nALTER TABLE `" . PREFIX_TABLE . "user_infos`\n CHANGE COLUMN `language`\n `language` varchar(50) NOT NULL default 'en_UK.iso-8859-1'\n;", "\nALTER TABLE `" . PREFIX_TABLE . "user_infos`\n DROP COLUMN `auto_login_key`\n;", "\nALTER TABLE `" . PREFIX_TABLE . "user_infos`\n ADD COLUMN `show_nb_hits` enum('true','false') NOT NULL default 'false'\n;", "\nALTER TABLE `" . PREFIX_TABLE . "user_mail_notification`\n DROP INDEX `uidx_check_key`\n;", "\nALTER TABLE `" . PREFIX_TABLE . "user_mail_notification`\n ADD UNIQUE `user_mail_notification_ui1` (`check_key`)\n;", "\nCREATE TABLE `" . PREFIX_TABLE . "history_summary` (\n `id` varchar(13) NOT NULL default '',\n `year` smallint(4) NOT NULL default '0',\n `month` tinyint(2) default NULL,\n `day` tinyint(2) default NULL,\n `hour` tinyint(2) default NULL,\n `nb_pages` int(11) default NULL,\n PRIMARY KEY (`id`)\n) ENGINE=MyISAM\n;", "\nCREATE TABLE `" . PREFIX_TABLE . "old_permalinks` (\n `cat_id` smallint(5) unsigned NOT NULL default '0',\n `permalink` varchar(64) NOT NULL default '',\n `date_deleted` datetime NOT NULL default '0000-00-00 00:00:00',\n `last_hit` datetime default NULL,\n `hit` int(10) unsigned NOT NULL default '0',\n PRIMARY KEY (`permalink`)\n) ENGINE=MyISAM\n;", "\nCREATE TABLE `" . PREFIX_TABLE . "plugins` (\n `id` varchar(64) binary NOT NULL default '',\n `state` enum('inactive','active') NOT NULL default 'inactive',\n `version` varchar(64) NOT NULL default '0',\n PRIMARY KEY (`id`)\n) ENGINE=MyISAM\n;", "\nCREATE TABLE `" . PREFIX_TABLE . "user_cache_categories` (\n `user_id` smallint(5) NOT NULL default '0',\n `cat_id` smallint(5) unsigned NOT NULL default '0',\n `max_date_last` datetime default NULL,\n `count_images` mediumint(8) unsigned default '0',\n `count_categories` mediumint(8) unsigned default '0',\n PRIMARY KEY (`user_id`,`cat_id`)\n) ENGINE=MyISAM\n;", "\nINSERT INTO " . PREFIX_TABLE . "config\n (param,value,comment)\n VALUES\n ('show_nb_hits', 'false', 'Show hits count under thumbnails')\n;", "\nINSERT INTO " . PREFIX_TABLE . "config\n (param,value,comment)\n VALUES\n ('history_admin','false','keep a history of administrator visits on your website')\n;", "\nINSERT INTO " . PREFIX_TABLE . "config\n (param,value,comment)\n VALUES\n ('history_guest','true','keep a history of guest visits on your website')\n;", "\nINSERT INTO " . PREFIX_TABLE . "config\n (param,value,comment)\n VALUES\n ('allow_user_registration','true','allow visitors to register?')\n;", "\nINSERT INTO " . PREFIX_TABLE . "config\n (param,value,comment)\n VALUES\n ('secret_key', MD5(RAND()), 'a secret key specific to the gallery for internal use')\n;", "\nINSERT INTO " . PREFIX_TABLE . "config\n (param,value,comment)\n VALUES\n ('nbm_send_html_mail','true','Send mail on HTML format for notification by mail')\n;", "\nINSERT INTO " . PREFIX_TABLE . "config\n (param,value,comment)\n VALUES\n ('nbm_send_recent_post_dates','true','Send recent post by dates for notification by mail')\n;", "\nINSERT INTO " . PREFIX_TABLE . "config\n (param,value,comment)\n VALUES\n ('email_admin_on_new_user','false','Send an email to theadministrators when a user registers')\n;", "\nINSERT INTO " . PREFIX_TABLE . "config\n (param,value,comment)\n VALUES\n ('email_admin_on_comment','false','Send an email to the administrators when a valid comment is entered')\n;", "\nINSERT INTO " . PREFIX_TABLE . "config\n (param,value,comment)\n VALUES\n ('email_admin_on_comment_validation','false','Send an email to the administrators when a comment requires validation')\n;", "\nINSERT INTO " . PREFIX_TABLE . "config\n (param,value,comment)\n VALUES\n ('email_admin_on_picture_uploaded','false','Send an email to the administrators when a picture is uploaded')\n;", "\nUPDATE " . PREFIX_TABLE . "user_cache\n SET need_update = 'true'\n;"); foreach ($queries as $query) { pwg_query($query); } $replacements = array(array(''', '\''), array('"', '"'), array('<', '<'), array('>', '>'), array('&', '&')); foreach ($replacements as $replacement) { $query = ' UPDATE ' . PREFIX_TABLE . 'comments SET content = REPLACE(content, "' . addslashes($replacement[0]) . '", "' . addslashes($replacement[1]) . '") ;'; pwg_query($query); } load_conf_from_db(); $query = "\nUPDATE " . USER_INFOS_TABLE . "\nSET\n template = '" . $conf['default_template'] . "',\n nb_image_line = " . $conf['nb_image_line'] . ",\n nb_line_page = " . $conf['nb_line_page'] . ",\n language = '" . $conf['default_language'] . "',\n maxwidth = " . (empty($conf['default_maxwidth']) ? "NULL" : $conf['default_maxwidth']) . ",\n maxheight = " . (empty($conf['default_maxheight']) ? "NULL" : $conf['default_maxheight']) . ",\n recent_period = " . $conf['recent_period'] . ",\n expand = '" . boolean_to_string($conf['auto_expand']) . "',\n show_nb_comments = '" . boolean_to_string($conf['show_nb_comments']) . "',\n show_nb_hits = '" . boolean_to_string($conf['show_nb_hits']) . "',\n enabled_high = '" . boolean_to_string(isset($conf['newuser_default_enabled_high']) ? $conf['newuser_default_enabled_high'] : true) . "'\nWHERE\n user_id = " . $conf['default_user_id'] . ";"; pwg_query($query); $query = "\nDELETE FROM " . CONFIG_TABLE . "\nWHERE\n param IN\n(\n 'default_template',\n 'nb_image_line',\n 'nb_line_page',\n 'default_language',\n 'default_maxwidth',\n 'default_maxheight',\n 'recent_period',\n 'auto_expand',\n 'show_nb_comments',\n 'show_nb_hits'\n)\n;"; pwg_query($query); // now we upgrade from 1.7.0 include_once PHPWG_ROOT_PATH . 'install/upgrade_1.7.0.php';
/** * Encodes slideshow array params into a string * * @param array $decode_params * @return string */ function encode_slideshow_params($decode_params = array()) { global $conf; $params = array_diff_assoc(correct_slideshow_params($decode_params), get_default_slideshow_params()); $result = ''; foreach ($params as $name => $value) { // boolean_to_string return $value, if it's not a bool $result .= '+' . $name . '-' . boolean_to_string($value); } return $result; }