HEX
Server: Apache
System: Linux WWW 6.1.0-40-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.153-1 (2025-09-20) x86_64
User: web11 (1011)
PHP: 8.2.29
Disabled: NONE
Upload Files
File: /var/www/ippmt.kauko.lt/wp-content/plugins/wp-photo-album-plus/wppa-users.php
<?php
/* wppa-users.php
* Package: wp-photo-album-plus
*
* Contains user and capabilities related routines
* Version 9.0.00.000
*
*/

if ( ! defined( 'ABSPATH' ) ) die( "Can't load this file directly" );

// Get number of users
function wppa_get_user_count() {
global $wpdb;
static $usercount;

	if ( empty( $usercount ) ) {
		$usercount = wppa_get_var( "SELECT COUNT(*) FROM $wpdb->users" );
	}

	return $usercount;
}

// Get all users
function wppa_get_users() {
global $wpdb;
static $users;

	if ( empty($users) ) {
		if ( wppa_get_user_count() > wppa_opt( 'max_users' ) ) {
			$users = array();
		}
		else {
			$users = wppa_get_results( "SELECT * FROM $wpdb->users
										  ORDER BY display_name" );
		}
	}
	return $users;
}

// Get the options html for a selectionbox with users
function wppa_get_user_select( $select = '', $public = true ) {

	// Init
	$result = '';

	// Unknown user
	$result .= '<option value="" disabled selected>' . __( 'Please select' , 'wp-photo-album-plus' ) . '</option>';

	// Who am i?
	$iam = $select == '' ? wppa_get_user() : $select;

	// Get all users
	$users = wppa_get_users();

	// Add user --- public ---
	if ( $public ) {
		$sel = $select == '--- public ---' ? 'selected' : '';
		$result .= '<option value="--- public ---" '.$sel.'>'.__( '--- public ---' , 'wp-photo-album-plus' ).'</option>';
	}

	// Add all users
	foreach ( $users as $usr ) {
		if ( $usr['user_login'] == $iam ) $sel = 'selected';
		else $sel = '';
		$result .= '<option value="' . esc_attr( $usr['user_login'] ) . '" ' . $sel . '>' . sanitize_text_field( $usr['display_name'] ) . '</option>';
	}

	// Done
	return $result;
}

// Wrapper for get_user_by()
function wppa_get_user_by( $key = 'login', $user = '#me', $check_anon = false ) {
static $cache;

	// Prepare cache
	if ( ! is_array( $cache) ) {
		$cache = ['key' => array(), 'user' => array()];
	}

	// If no name wanted because of anon shortcode attribute, return clear data
	if ( $check_anon && wppa_is_anon() ) {
		$result = new WP_User;
		$result -> display_name = '';
		$result -> login_name = '';
		return $result;
	}

	// Init
	$result = false;

	// Founmd in cache?
	if ( isset( $cache[$key][$user] ) ) {
		$result = $cache[$key][$user];
	}

	// Not in cache
	else {

		// Is it current loggedin user?
		if ( $user == '#me' ) {

			// Translate #me to login name
			$usr = wppa_get_user();
		}
		else {
			$usr = $user;
		}
		$result = get_user_by( $key, $usr );
	}

	// Not found or its an ip
	if ( ! $result ) {
		$result = new WP_User;
		$result -> display_name = __( 'Unknown user', 'wp-photo-album-plus' );
		$result -> login_name = __( 'Anonymous', 'wp-photo-album-plus' );
	}

	// Save in cache
	$cache[$key][$user] = $result;
	return $result;
}

// Get current user
// If logged in, return userdata as specified in $type
// If logged out, return IP
function wppa_get_user( $type = 'login' ) {
static $current_user;

	if ( wppa_is_cron() ) {
		return 'cron-job';
	}
/**/	if ( ! $current_user ) {
		$current_user = wp_get_current_user();
/**/	}
	if ( $current_user->exists() ) {
		switch ( $type ) {
			case 'login':
				return $current_user->user_login;
				break;
			case 'display':
				return $current_user->display_name;
				break;
			case 'id':
				return $current_user->ID;
				break;
			case 'email':
				return $current_user->user_email;
				break;
			case 'firstlast':
				return $current_user->user_firstname.' '.$current_user->user_lastname;
				break;
			default:
				return '';
		}
	}
	else {
		return wppa_get_user_ip();
	}
}

// Get display name of owner from login name
function wppa_get_owner_display( $owner ) {

	if ( $owner == '#me' ) {
		$owner = wppa_get_user();
	}
	$usr = get_user_by( 'login', $owner );

	// If user does not exist, probably ip address, return untranslated
	if ( ! $usr ) {
		return __( 'Unknown user', 'wp-photo-album-plus' );
	}

	return $usr->display_name;
}

// Get display name of login name
function wppa_get_user_display( $login ) {
	return wppa_get_owner_display( $login );
}

// Test if a given user has a given role.
// @1: str role
// @2: int user id, default current user
// returns bool
function wppa_user_is( $role, $user_id = null ) {

 	if ( ! is_user_logged_in() ) return false;

	if ( $role == 'administrator' && wppa_is_user_superuser( $user_id ) ) {
		return true;
	}

	// WP itsself mixes roles and capabilities ( on multisites administrator is a cap of the superadmin )
	if ( $user_id ) {
		return user_can( $user_id, $role );
	}
	else {
		return current_user_can( $role );
	}
}

function wppa_user_is_admin() {
static $bret;

	if ( $bret === NULL ) {
		$bret = wppa_user_is( 'administrator' );
	}
	return $bret;
}

// Test if current user has extended access
// returns bool
function wppa_extended_access() {

	if ( wppa_user_is_admin() ) {
		return true;
	}

	return false;
}

// Test if current user is allowed to craete albums
// returns bool
function wppa_can_create_album() {
global $wpdb;
global $wp_roles;

	// Test for logged out users
	if ( ! is_user_logged_in() ) {
		return false;
	}

	// Admin can do everything
	if ( wppa_user_is_admin() ) {
		return true;
	}

	// A blacklisted user can not create albums
	if ( wppa_is_user_blacklisted() ) {
		return false;
	}

	// Check for global max albums per user setting
	$albs = wppa_get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->wppa_albums
											 WHERE owner = %s", wppa_get_user() ) );
	$gmax = wppa_opt( 'max_albums' );
	if ( $gmax && $albs >= $gmax ) {
		return false;
	}

	// Check for role dependant max albums per user setting
	$user 	= wp_get_current_user();
	$roles 	= $wp_roles->roles;
	foreach ( array_keys( $roles ) as $role ) {

		// Find firste role the user has
		if ( wppa_user_is( $role ) ) {
			$rmax = wppa_get_option( 'wppa_'.$role.'_album_limit_count', 0 );
			if ( ! $rmax || $albs < $rmax ) {
				return true;
			}
			else {
				return false;
			}
		}
	}

	// If a user has no role, deny creation
	return false;
}

// Test if current user is allowed to craete top level albums
// returns bool
function wppa_can_create_top_album() {

	if ( wppa_user_is_admin() ) {
		return true;
	}
	if ( ! wppa_can_create_album() ) {
		return false;
	}
	if ( wppa_switch( 'grant_an_album' ) &&
		0 != wppa_opt( 'grant_parent' ) ) {
			return false;
		}

	return true;
}

// Test if a user is on the blacklist
// @1: user id, default current user
// returns bool
function wppa_is_user_blacklisted( $user = -1 ) {
global $wpdb;
static $result = -1;

	$cur = ( -1 == $user );

	if ( $cur && -1 != $result ) {	// Already found out for current user
		return $result;
	}

	if ( $cur && ! is_user_logged_in() ) {	// An logged out user can not be on the blacklist
		$result = false;
		return false;
	}

	$blacklist = wppa_get_option( 'wppa_black_listed_users', array() );
	if ( empty( $blacklist ) ) {	// Anybody on the blacklist?
		$result = false;
		return false;
	}

	if ( $cur ) {
		$user = get_current_user_id();
	}

	if ( is_numeric( $user ) ) {
		$user = wppa_get_var( $wpdb->prepare( "SELECT user_login FROM $wpdb->users
												 WHERE ID = %d", $user ) );
	}
	else {
		return false;
	}

	if ( $cur ) {
		$result = in_array( $user, $blacklist );	// Save current users result.
	}

	return in_array( $user, $blacklist );
}

function wppa_is_user_superuser( $user = '' ) {

	// Default
	if ( ! $user ) {
		$login = wppa_get_user();
	}
	// Id given
	elseif ( is_numeric( $user ) ) {
		$usr = get_user_by( 'ID', $user );
		$login = $usr -> user_login;
	}
	// Login name given
	else {
		$login = $user;
	}

	$superlist = wppa_get_option( 'wppa_super_users', array() );

	if ( in_array( $login, $superlist ) ) {
		return true;
	}
	return false;
}

// See if the current user may edit a given photo
function wppa_may_user_fe_edit( $id ) {

	// Feature enabled?
	if ( wppa_opt( 'upload_edit' ) == '-none-' ) return false;

	// Blacklisted?
	if ( wppa_is_user_blacklisted() ) return false;

	// Superuser?
	if ( wppa_is_user_superuser() ) return true;

	// Basic user?
	if ( wppa_user_is_basic() ) return false;

	// Can edit albums?
	if ( current_user_can( 'wppa_admin' ) ) return true;

	// Test criteria
	switch( wppa_opt( 'upload_edit_users') ) {

		case 'owner':
			if ( wppa_get_user() == wppa_get_photo_owner( $id ) ) {
				if ( wppa_opt( 'upload_edit_period' ) ) {
					$up = wppa_get_photo_item( $id, 'timestamp' );
					$to = $up + wppa_opt( 'upload_edit_period' );
					if ( time() < $to ) {
						return true;
					}
					else {
						return false;
					}
				}
				else {
					return true;
				}
			}
			break;

	}

	return false;
}

// See if the current user may delete a given photo
function wppa_may_user_fe_delete( $id ) {

	// Basic user?
	if ( wppa_user_is_basic() ) return false;

	// Superuser?
	if ( wppa_is_user_superuser() ) return true;

	// Can edit albums?
	if ( current_user_can( 'wppa_admin' ) ) {
		$alb = wppa_get_photo_item( $id, 'album' );
		if ( wppa_have_access( $alb ) ) {
			return true;
		}
	}

	// If owner and owners may delete?
	if ( wppa_get_user() == wppa_get_photo_owner( $id ) ) {
		if ( wppa_switch( 'upload_delete' ) ) {
			if ( wppa_opt( 'upload_delete_period' ) ) {
				$up = wppa_get_photo_item( $id, 'timestamp' );
				$to = $up + wppa_opt( 'upload_delete_period' );
				if ( time() < $to ) {
					return true;
				}
				else {
					return false;
				}
			}
			else {
				return true;
			}
		}
	}

	return false;
}

// Convert user loginname or email into a link to the users BuddyPress domain.
// Only if configured and available.
// Otherwise return display name. If user no longer exists, return $owner
function wppa_bp_userlink( $owner, $esc_js = false, $email = false ) {
static $usercache;

	// Init
	if ( ! is_array( $usercache ) ) {
		$usercache = array();
	}

	// This owner already found?
	if ( isset( $usercache[$owner] ) ) {
		$result = $usercache[$owner];
	}

	// Get userdata
	else {
		$user = $email ? get_user_by( 'email', $owner ) : get_user_by( 'login', $owner );

		// User exists
		if ( $user ) {

			// Buddypress link configured and available?
			if ( wppa_switch( 'domain_link_buddypress' ) && function_exists( 'bp_core_get_userlink' ) ) {
				$result = bp_core_get_userlink( $user->ID );
			}
			else {
				$result = $user->display_name;
			}
		}

		// User vanished
		else {
			$result = $owner;
		}
	}

	// Cache the result
	$usercache[$owner] = $result;

	// Filter
	if ( $esc_js ) {
		$result = str_replace( array( '<', '>' ), array( '[', ']' ), $result );
	}

	// Done
	return $result;
}

// Convert login name to displayname
function wppa_display_name( $owner ) {

	// Init
	$result = $owner;

	// Get userdata
	$user = get_user_by( 'login', $owner );
	if ( ! $user ) {
		return $result; // User deleted
	}

	return $user->display_name;
}

// Get array of admin user ids
function wppa_get_admin_ids_a() {
global $wpdb;

	$admins = wppa_get_col( $wpdb->prepare( "SELECT user_id
											   FROM $wpdb->usermeta
											   WHERE meta_key = 'wp_capabilities'
											   AND meta_value LIKE %s", '%' . $wpdb->esc_like( 'administrator' ) . '%' ) );
	if ( is_array( $admins ) ) {

		// Remove possble roles like 'xyzadministrator'
		foreach( array_keys( $admins ) as $key ) {
			if ( ! user_can( $admins[$key], 'administrator' ) ) {
				unset( $admins[$key] );
			}
		}
	}
	else {
		$admins = array();
	}

	return $admins;
}

// Get array of superuser ids
function wppa_get_superuser_ids_a() {

	$susers = wppa_get_option( 'wppa_super_users', array() );

	if ( is_array( $susers ) ) {

		// Convert login names to user ids
		foreach ( array_keys( $susers ) as $k ) {
			$u = get_user_by( 'login', $susers[$k] );
			$susers[$k] = $u->ID;
		}
	}
	else {
		$susers = array();
	}

	return $susers;
}

// Has the current user rated photo $id?
function wppa_has_user_rated( $id ) {
global $wpdb;

	if ( is_user_logged_in() ) {
		$uid = wppa_get_user_id();
		$cnt = wppa_get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->wppa_rating WHERE photo = %d AND userid = %d", $id, $uid ) );
	}
	else {
		$uid = wppa_get_user_ip();
		$cnt = wppa_get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->wppa_rating WHERE photo = %d AND ip = %s", $id, $uid ) );
	}
	return ( $cnt > 0 );
}

// Has the current user commented photo $id?
function wppa_has_user_commented( $id ) {
global $wpdb;

	if ( is_user_logged_in() ) {
		$uid = wppa_get_user_id();
		$cnt = wppa_get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->wppa_comments WHERE photo = %d AND userid = %d", $id, $uid ) );
	}
	else {
		$uid = wppa_get_user_ip();
		$cnt = wppa_get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->wppa_comments WHERE photo = %d AND ip = %s", $id, $uid ) );
	}
	return ( $cnt > 0 );
}

// Get current users id
function wppa_get_user_id() {
	$user = wp_get_current_user();
	if ( $user ) {
		return $user->ID;
	}
	return -1;
}

// Get the users ip address
function wppa_get_user_ip() {

	$ip = '';
	if ( wppa_http_client_ip() ) {
		$ip = wppa_http_client_ip();
	}
	elseif ( wppa_http_x_forwarded_for() ) {
		$ip = wppa_http_x_forwarded_for();
	}
	elseif ( wppa_remote_addr() ) {
		$ip = wppa_remote_addr();
	}

	return $ip;
}

// Look for users premium level
function wppa_get_premium( $user_id ) {
global $wp_roles;

	// Init
	$medals = array( 'gold' => false, 'silver' => false, 'bronze' => false, 'plus' => false, 'none' => false );
	$roles 	= $wp_roles->roles;

	foreach ( array_keys( $roles ) as $role ) {

		// Find roles the user has
		if ( user_can( $user_id, $role ) ) {

			// Is this role a premium role?
			$medal = wppa_get_option( 'wppa_medal-' . $role, 'none' );
			$medals[$medal] = true;
			if ( $medal == 'gold' ) {
				return $medal; // There is no higher
			}

		}
	}

	if ( $medals['silver'] ) return 'silver';
	if ( $medals['bronze'] ) return 'bronze';
	if ( $medals['plus'] ) return 'plus';
	return 'none';
}

// Is current user basic level?
function wppa_user_is_basic() {
global $wp_roles;

	// Admin and super can not be basic
	if ( wppa_user_is_admin() ) {
		return false;
	}

	$roles 	= $wp_roles->roles;

	foreach ( array_keys( $roles ) as $role ) {

		// Find roles the user has
		if ( current_user_can( $role ) ) {

			// Is this role limited to basic?
			$medal = wppa_get_option( 'wppa_medal-' . $role, 'none' );
			if ( $medal == 'basic' ) {
				return true;
			}
		}
	}

	// No basic userrole found for the current user
	return false;
}

// Get the html for the premium medal
function wppa_get_premium_html( $userid ) {

	$result 	= '';
	$premium 	= wppa_get_premium( $userid );
	switch( $premium ) {
		case 'gold':
			$title = __('Gold member', 'wp-photo-album-plus' );
			break;
		case 'silver':
			$title = __('Silver member', 'wp-photo-album-plus' );
			break;
		case 'bronze':
			$title = __('Bronze member', 'wp-photo-album-plus' );
			break;
		case 'plus':
			$title = __('Plus member', 'wp-photo-album-plus' );
			break;
		default:
			$title = '';
			break;
	}

	if ( in_array( $premium, array( 'gold', 'silver', 'bronze' ) ) ) {
		$result =
		wppa_html_tag( 'img', ['src' => wppa_get_imgdir( 'medal_' . $premium . '_' . wppa_opt( 'medal_color' ) . '.png' ), 'style' => "height:1em;cursor:pointer", 'title' => $title] );
	}
	elseif ( $premium == 'plus' ) {
		$result =
		wppa_html_tag( 'img', ['src' => wppa_get_imgdir( 'plus.png' ), 'style' => "height:1em;cursor:pointer", 'title' => $title] );
	}

	return $result;
}