}
// fill $conf global array
load_conf_from_db();
// PWG_CHARSET is required for building the fs_themes array in the
// themes class
if (!defined('PWG_CHARSET')) {
define('PWG_CHARSET', 'utf-8');
}
activate_core_themes();
activate_core_plugins();
$insert = array('id' => 1, 'galleries_url' => PHPWG_ROOT_PATH . 'galleries/');
mass_inserts(SITES_TABLE, array_keys($insert), array($insert));
// webmaster admin user
$inserts = array(array('id' => 1, 'username' => $admin_name, 'password' => md5($admin_pass1), 'mail_address' => $admin_mail), array('id' => 2, 'username' => 'guest'));
mass_inserts(USERS_TABLE, array_keys($inserts[0]), $inserts);
create_user_infos(array(1, 2), array('language' => $language));
// Available upgrades must be ignored after a fresh installation. To
// make PWG avoid upgrading, we must tell it upgrades have already been
// made.
list($dbnow) = pwg_db_fetch_row(pwg_query('SELECT NOW();'));
define('CURRENT_DATE', $dbnow);
$datas = array();
foreach (get_available_upgrade_ids() as $upgrade_id) {
$datas[] = array('id' => $upgrade_id, 'applied' => CURRENT_DATE, 'description' => 'upgrade included in installation');
}
mass_inserts(UPGRADE_TABLE, array_keys($datas[0]), $datas);
if ($is_newsletter_subscribe) {
fetchRemote(get_newsletter_subscribe_base_url($language) . $admin_mail, $result, array(), array('origin' => 'installation'));
}
}
}
/**
* Synchronize base users list and related users list.
*
* Compares and synchronizes base users table (USERS_TABLE) with its child
* tables (USER_INFOS_TABLE, USER_ACCESS, USER_CACHE, USER_GROUP) : each
* base user must be present in child tables, users in child tables not
* present in base table must be deleted.
*/
function sync_users()
{
global $conf;
$query = '
SELECT ' . $conf['user_fields']['id'] . ' AS id
FROM ' . USERS_TABLE . '
;';
$base_users = query2array($query, null, 'id');
$query = '
SELECT user_id
FROM ' . USER_INFOS_TABLE . '
;';
$infos_users = query2array($query, null, 'user_id');
// users present in $base_users and not in $infos_users must be added
$to_create = array_diff($base_users, $infos_users);
if (count($to_create) > 0) {
create_user_infos($to_create);
}
// users present in user related tables must be present in the base user
// table
$tables = array(USER_MAIL_NOTIFICATION_TABLE, USER_FEED_TABLE, USER_INFOS_TABLE, USER_ACCESS_TABLE, USER_CACHE_TABLE, USER_CACHE_CATEGORIES_TABLE, USER_GROUP_TABLE);
foreach ($tables as $table) {
$query = '
SELECT DISTINCT user_id
FROM ' . $table . '
;';
$to_delete = array_diff(query2array($query, null, 'user_id'), $base_users);
if (count($to_delete) > 0) {
$query = '
DELETE
FROM ' . $table . '
WHERE user_id in (' . implode(',', $to_delete) . ')
;';
pwg_query($query);
}
}
}
/**
* Finds informations related to the user identifier.
*
* @param int $user_id
* @param boolean $use_cache
* @return array
*/
function getuserdata($user_id, $use_cache = false)
{
global $conf;
// retrieve basic user data
$query = '
SELECT ';
$is_first = true;
foreach ($conf['user_fields'] as $pwgfield => $dbfield) {
if ($is_first) {
$is_first = false;
} else {
$query .= '
, ';
}
$query .= $dbfield . ' AS ' . $pwgfield;
}
$query .= '
FROM ' . USERS_TABLE . '
WHERE ' . $conf['user_fields']['id'] . ' = \'' . $user_id . '\'';
$row = pwg_db_fetch_assoc(pwg_query($query));
// retrieve additional user data ?
if ($conf['external_authentification']) {
$query = '
SELECT
COUNT(1) AS counter
FROM ' . USER_INFOS_TABLE . ' AS ui
LEFT JOIN ' . USER_CACHE_TABLE . ' AS uc ON ui.user_id = uc.user_id
LEFT JOIN ' . THEMES_TABLE . ' AS t ON t.id = ui.theme
WHERE ui.user_id = ' . $user_id . '
GROUP BY ui.user_id
;';
list($counter) = pwg_db_fetch_row(pwg_query($query));
if ($counter != 1) {
create_user_infos($user_id);
}
}
// retrieve user info
$query = '
SELECT
ui.*,
uc.*,
t.name AS theme_name
FROM ' . USER_INFOS_TABLE . ' AS ui
LEFT JOIN ' . USER_CACHE_TABLE . ' AS uc ON ui.user_id = uc.user_id
LEFT JOIN ' . THEMES_TABLE . ' AS t ON t.id = ui.theme
WHERE ui.user_id = ' . $user_id . '
;';
$result = pwg_query($query);
$user_infos_row = pwg_db_fetch_assoc($result);
// then merge basic + additional user data
$userdata = array_merge($row, $user_infos_row);
foreach ($userdata as &$value) {
// If the field is true or false, the variable is transformed into a boolean value.
if ($value == 'true') {
$value = true;
} elseif ($value == 'false') {
$value = false;
}
}
unset($value);
if ($use_cache) {
if (!isset($userdata['need_update']) or !is_bool($userdata['need_update']) or $userdata['need_update'] == true) {
$userdata['cache_update_time'] = time();
// Set need update are done
$userdata['need_update'] = false;
$userdata['forbidden_categories'] = calculate_permissions($userdata['id'], $userdata['status']);
/* now we build the list of forbidden images (this list does not contain
images that are not in at least an authorized category)*/
$query = '
SELECT DISTINCT(id)
FROM ' . IMAGES_TABLE . ' INNER JOIN ' . IMAGE_CATEGORY_TABLE . ' ON id=image_id
WHERE category_id NOT IN (' . $userdata['forbidden_categories'] . ')
AND level>' . $userdata['level'];
$forbidden_ids = query2array($query, null, 'id');
if (empty($forbidden_ids)) {
$forbidden_ids[] = 0;
}
$userdata['image_access_type'] = 'NOT IN';
//TODO maybe later
$userdata['image_access_list'] = implode(',', $forbidden_ids);
$query = '
SELECT COUNT(DISTINCT(image_id)) as total
FROM ' . IMAGE_CATEGORY_TABLE . '
WHERE category_id NOT IN (' . $userdata['forbidden_categories'] . ')
AND image_id ' . $userdata['image_access_type'] . ' (' . $userdata['image_access_list'] . ')';
list($userdata['nb_total_images']) = pwg_db_fetch_row(pwg_query($query));
// now we update user cache categories
$user_cache_cats = get_computed_categories($userdata, null);
if (!is_admin($userdata['status'])) {
// for non admins we forbid categories with no image (feature 1053)
$forbidden_ids = array();
foreach ($user_cache_cats as $cat) {
if ($cat['count_images'] == 0) {
$forbidden_ids[] = $cat['cat_id'];
remove_computed_category($user_cache_cats, $cat);
}
}
if (!empty($forbidden_ids)) {
if (empty($userdata['forbidden_categories'])) {
$userdata['forbidden_categories'] = implode(',', $forbidden_ids);
} else {
$userdata['forbidden_categories'] .= ',' . implode(',', $forbidden_ids);
}
}
}
// delete user cache
$query = '
DELETE FROM ' . USER_CACHE_CATEGORIES_TABLE . '
WHERE user_id = ' . $userdata['id'];
pwg_query($query);
// Due to concurrency issues, we ask MySQL to ignore errors on
// insert. This may happen when cache needs refresh and that Piwigo is
// called "very simultaneously".
mass_inserts(USER_CACHE_CATEGORIES_TABLE, array('user_id', 'cat_id', 'date_last', 'max_date_last', 'nb_images', 'count_images', 'nb_categories', 'count_categories'), $user_cache_cats, array('ignore' => true));
// update user cache
$query = '
DELETE FROM ' . USER_CACHE_TABLE . '
WHERE user_id = ' . $userdata['id'];
pwg_query($query);
// for the same reason as user_cache_categories, we ignore error on
// this insert
$query = '
INSERT IGNORE INTO ' . USER_CACHE_TABLE . '
(user_id, need_update, cache_update_time, forbidden_categories, nb_total_images,
last_photo_date,
image_access_type, image_access_list)
VALUES
(' . $userdata['id'] . ',\'' . boolean_to_string($userdata['need_update']) . '\',' . $userdata['cache_update_time'] . ',\'' . $userdata['forbidden_categories'] . '\',' . $userdata['nb_total_images'] . ',' . (empty($userdata['last_photo_date']) ? 'NULL' : '\'' . $userdata['last_photo_date'] . '\'') . ',\'' . $userdata['image_access_type'] . '\',\'' . $userdata['image_access_list'] . '\')';
pwg_query($query);
}
}
return $userdata;
}
/**
* Do correction user
*
* @param user_id, action
* @return boolean true if ok else false
*/
function c13y_correction_user($id, $action)
{
global $conf, $page;
$result = false;
if (!empty($id)) {
switch ($action) {
case 'creation':
if ($id == $conf['guest_id']) {
$name = 'guest';
$password = null;
} else {
if ($id == $conf['default_user_id']) {
$name = 'guest';
$password = null;
} else {
if ($id == $conf['webmaster_id']) {
$name = 'webmaster';
$password = generate_key(6);
}
}
}
if (isset($name)) {
$name_ok = false;
while (!$name_ok) {
$name_ok = get_userid($name) === false;
if (!$name_ok) {
$name .= generate_key(1);
}
}
$inserts = array(array('id' => $id, 'username' => addslashes($name), 'password' => $password));
mass_inserts(USERS_TABLE, array_keys($inserts[0]), $inserts);
create_user_infos($id);
$page['infos'][] = sprintf(l10n('User "%s" created with "%s" like password'), $name, $password);
$result = true;
}
break;
case 'status':
if ($id == $conf['guest_id']) {
$status = 'guest';
} else {
if ($id == $conf['default_user_id']) {
$status = 'guest';
} else {
if ($id == $conf['webmaster_id']) {
$status = 'webmaster';
}
}
}
if (isset($status)) {
$updates = array(array('user_id' => $id, 'status' => $status));
mass_updates(USER_INFOS_TABLE, array('primary' => array('user_id'), 'update' => array('status')), $updates);
$page['infos'][] = sprintf(l10n('Status of user "%s" updated'), get_username($id));
$result = true;
}
break;
}
}
return $result;
}
