diff options
| author | nikrou <nikrou@piwigo.org> | 2006-01-15 13:49:29 +0000 |
|---|---|---|
| committer | nikrou <nikrou@piwigo.org> | 2006-01-15 13:49:29 +0000 |
| commit | 71d78a813f9b10c2fada4eaa25104a9c364ced6f (patch) | |
| tree | 6ddcab6acb896db36266baaf3dd3afb7cb40fd55 | |
| parent | 9d6404ad36375079e815979bd4bf476a5195df5e (diff) | |
Revert to revision 1002
git-svn-id: http://piwigo.org/svn/branches/branch-1_5@1005 68402e56-0260-453c-a942-63ccdbb3a9ee
42 files changed, 348 insertions, 246 deletions
@@ -45,7 +45,7 @@ $template->set_filenames( $template->assign_vars( array( - 'U_HOME' => PHPWG_ROOT_PATH.'category.php' + 'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php') ) ); @@ -65,29 +65,29 @@ $template->set_filenames(array('admin' => 'admin.tpl')); $template->assign_vars( array( - 'U_HISTORY'=> $link_start.'stats', - 'U_FAQ'=> $link_start.'help', - 'U_SITES'=> $link_start.'remote_site', - 'U_MAINTENANCE'=> $link_start.'maintenance', - 'U_CONFIG_GENERAL'=> $conf_link.'general', - 'U_CONFIG_COMMENTS'=> $conf_link.'comments', - 'U_CONFIG_DISPLAY'=> $conf_link.'default', - 'U_CATEGORIES'=> $link_start.'cat_list', - 'U_MOVE'=> $link_start.'cat_move', - 'U_CAT_UPLOAD'=> $opt_link.'upload', - 'U_CAT_COMMENTS'=> $opt_link.'comments', - 'U_CAT_VISIBLE'=> $opt_link.'visible', - 'U_CAT_STATUS'=> $opt_link.'status', - 'U_CAT_OPTIONS'=> $link_start.'cat_options', - 'U_CAT_UPDATE'=> $link_start.'update', - 'U_WAITING'=> $link_start.'waiting', - 'U_COMMENTS'=> $link_start.'comments', - 'U_CADDIE'=> $link_start.'element_set&cat=caddie', - 'U_THUMBNAILS'=> $link_start.'thumbnail', - 'U_USERS'=> $link_start.'user_list', - 'U_GROUPS'=> $link_start.'group_list', - 'U_ADMIN'=> PHPWG_ROOT_PATH.'admin.php', - 'U_RETURN'=> PHPWG_ROOT_PATH.'category.php' + 'U_HISTORY'=>add_session_id($link_start.'stats' ), + 'U_FAQ'=>add_session_id($link_start.'help' ), + 'U_SITES'=>add_session_id($link_start.'remote_site'), + 'U_MAINTENANCE'=>add_session_id($link_start.'maintenance'), + 'U_CONFIG_GENERAL'=>add_session_id($conf_link.'general' ), + 'U_CONFIG_COMMENTS'=>add_session_id($conf_link.'comments' ), + 'U_CONFIG_DISPLAY'=>add_session_id($conf_link.'default' ), + 'U_CATEGORIES'=>add_session_id($link_start.'cat_list' ), + 'U_MOVE'=>add_session_id($link_start.'cat_move' ), + 'U_CAT_UPLOAD'=>add_session_id($opt_link.'upload'), + 'U_CAT_COMMENTS'=>add_session_id($opt_link.'comments'), + 'U_CAT_VISIBLE'=>add_session_id($opt_link.'visible'), + 'U_CAT_STATUS'=>add_session_id($opt_link.'status'), + 'U_CAT_OPTIONS'=>add_session_id($link_start.'cat_options'), + 'U_CAT_UPDATE'=>add_session_id($link_start.'update'), + 'U_WAITING'=>add_session_id($link_start.'waiting' ), + 'U_COMMENTS'=>add_session_id($link_start.'comments' ), + 'U_CADDIE'=>add_session_id($link_start.'element_set&cat=caddie'), + 'U_THUMBNAILS'=>add_session_id($link_start.'thumbnail' ), + 'U_USERS'=>add_session_id($link_start.'user_list' ), + 'U_GROUPS'=>add_session_id($link_start.'group_list' ), + 'U_ADMIN'=>add_session_id( PHPWG_ROOT_PATH.'admin.php' ), + 'U_RETURN'=>add_session_id(PHPWG_ROOT_PATH.'category.php') ) ); @@ -96,7 +96,7 @@ if ($conf['allow_random_representative']) $template->assign_block_vars( 'representative', array( - 'URL' => $opt_link.'representative' + 'URL' => add_session_id($opt_link.'representative') ) ); } diff --git a/admin/cat_list.php b/admin/cat_list.php index f5e3e834e..3c8e1e8d2 100644 --- a/admin/cat_list.php +++ b/admin/cat_list.php @@ -65,7 +65,7 @@ function save_categories_order($categories) $categories = array(); $base_url = PHPWG_ROOT_PATH.'admin.php?page=cat_list'; -$navigation = '<a class="" href="'.$base_url.'">'; +$navigation = '<a class="" href="'.add_session_id($base_url).'">'; $navigation.= $lang['home']; $navigation.= '</a>'; @@ -238,7 +238,7 @@ else $template->assign_vars(array( 'CATEGORIES_NAV'=>$navigation, 'NEXT_RANK'=>$next_rank, - 'F_ACTION'=>$form_action, + 'F_ACTION'=>add_session_id($form_action), 'L_ADD_VIRTUAL'=>$lang['cat_add'], 'L_SUBMIT'=>$lang['submit'], @@ -317,9 +317,14 @@ foreach ($categories as $category) 'ID'=>$category['id'], 'RANK'=>$category['rank']*10, - 'U_JUMPTO'=>PHPWG_ROOT_PATH.'category.php?cat='.$category['id'], - 'U_CHILDREN'=>$cat_list_url.'&parent_id='.$category['id'], - 'U_EDIT'=>$base_url.'cat_modify&cat_id='.$category['id'] + 'U_JUMPTO'=> + add_session_id(PHPWG_ROOT_PATH.'category.php?cat='.$category['id']), + + 'U_CHILDREN'=> + add_session_id($cat_list_url.'&parent_id='.$category['id']), + + 'U_EDIT'=> + add_session_id($base_url.'cat_modify&cat_id='.$category['id']) ) ); @@ -328,7 +333,7 @@ foreach ($categories as $category) $template->assign_block_vars( 'category.delete', array( - 'URL'=>$self_url.'&delete='.$category['id'] + 'URL'=>add_session_id($self_url.'&delete='.$category['id']) ) ); } @@ -338,7 +343,7 @@ foreach ($categories as $category) $template->assign_block_vars( 'category.elements', array( - 'URL'=>$base_url.'element_set&cat='.$category['id'] + 'URL'=>add_session_id($base_url.'element_set&cat='.$category['id']) ) ); } @@ -348,7 +353,7 @@ foreach ($categories as $category) $template->assign_block_vars( 'category.permissions', array( - 'URL'=>$base_url.'cat_perm&cat='.$category['id'] + 'URL'=>add_session_id($base_url.'cat_perm&cat='.$category['id']) ) ); } diff --git a/admin/cat_modify.php b/admin/cat_modify.php index 8291e9030..0d82c13d4 100644 --- a/admin/cat_modify.php +++ b/admin/cat_modify.php @@ -171,11 +171,13 @@ $template->assign_vars(array( 'L_SUBMIT'=>$lang['submit'], 'L_SET_RANDOM_REPRESENTANT'=>$lang['cat_representant'], - 'U_JUMPTO'=>PHPWG_ROOT_PATH.'category.php?cat='.$category['id'], - 'U_CHILDREN'=>$cat_list_url.'&parent_id='.$category['id'], + 'U_JUMPTO'=> + add_session_id(PHPWG_ROOT_PATH.'category.php?cat='.$category['id']), + 'U_CHILDREN'=> + add_session_id($cat_list_url.'&parent_id='.$category['id']), 'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=cat_modify', - 'F_ACTION'=>$form_action + 'F_ACTION'=>add_session_id($form_action) )); @@ -184,7 +186,7 @@ if ('private' == $category['status']) $template->assign_block_vars( 'permissions', array( - 'URL'=>$base_url.'cat_perm&cat='.$category['id'] + 'URL'=>add_session_id($base_url.'cat_perm&cat='.$category['id']) ) ); } @@ -195,7 +197,7 @@ if ($category['nb_images'] > 0) $template->assign_block_vars( 'elements', array( - 'URL'=>$base_url.'element_set&cat='.$category['id'] + 'URL'=>add_session_id($base_url.'element_set&cat='.$category['id']) ) ); } @@ -265,7 +267,7 @@ else $template->assign_block_vars( 'delete', array( - 'URL'=>$self_url.'&delete='.$category['id'] + 'URL'=>add_session_id($self_url.'&delete='.$category['id']) ) ); diff --git a/admin/cat_move.php b/admin/cat_move.php index 0d030dca0..7760b6494 100644 --- a/admin/cat_move.php +++ b/admin/cat_move.php @@ -68,7 +68,7 @@ $template->set_filenames( $template->assign_vars( array( - 'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=cat_move', + 'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=cat_move'), ) ); diff --git a/admin/cat_options.php b/admin/cat_options.php index a43a4ec61..f8ca7527b 100644 --- a/admin/cat_options.php +++ b/admin/cat_options.php @@ -153,7 +153,7 @@ $template->assign_vars( 'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=cat_options', - 'F_ACTION'=>$base_url.$page['section'] + 'F_ACTION'=>add_session_id($base_url.$page['section']) ) ); diff --git a/admin/cat_perm.php b/admin/cat_perm.php index 95e9edaa9..f0c961103 100644 --- a/admin/cat_perm.php +++ b/admin/cat_perm.php @@ -207,7 +207,10 @@ $template->assign_vars( 'admin.php?page=cat_modify&cat_id=' ), 'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=cat_perm', - 'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=cat_perm&cat='.$page['cat'] + 'F_ACTION' => + add_session_id( + PHPWG_ROOT_PATH.'admin.php?page=cat_perm&cat='.$page['cat'] + ) ) ); diff --git a/admin/comments.php b/admin/comments.php index ef366c783..53d498c84 100644 --- a/admin/comments.php +++ b/admin/comments.php @@ -117,7 +117,7 @@ $template->set_filenames(array('comments'=>'admin/comments.tpl')); $template->assign_vars( array( - 'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=comments' + 'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=comments') ) ); @@ -141,8 +141,10 @@ while ($row = mysql_fetch_array($result)) 'comment', array( 'U_PICTURE' => + add_session_id( PHPWG_ROOT_PATH.'admin.php?page=picture_modify'. - '&image_id='.$row['image_id'], + '&image_id='.$row['image_id'] + ), 'ID' => $row['id'], 'TN_SRC' => get_thumbnail_src($row['path'], @$row['tn_ext']), 'AUTHOR' => $row['author'], diff --git a/admin/configuration.php b/admin/configuration.php index 5861ac495..f038800f4 100644 --- a/admin/configuration.php +++ b/admin/configuration.php @@ -149,7 +149,7 @@ $template->assign_vars( 'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=configuration', - 'F_ACTION'=>$action + 'F_ACTION'=>add_session_id($action) )); switch ($page['section']) diff --git a/admin/element_set_unit.php b/admin/element_set_unit.php index f3bf12bbd..fbffe99dd 100644 --- a/admin/element_set_unit.php +++ b/admin/element_set_unit.php @@ -222,8 +222,10 @@ SELECT id,path,tn_ext,name,date_creation,comment,keywords,author,file !empty($row['name']) ? $row['name'] : get_name_from_file($row['file']), 'U_EDIT' => + add_session_id( PHPWG_ROOT_PATH.'admin.php?page=picture_modify'. - '&image_id='.$row['id'], + '&image_id='.$row['id'] + ), 'ID' => $row['id'], 'FILENAME' => $row['path'], 'TN_SRC' => $src, diff --git a/admin/group_list.php b/admin/group_list.php index 0a9946fe5..7bc08b3f4 100644 --- a/admin/group_list.php +++ b/admin/group_list.php @@ -124,7 +124,8 @@ $template->set_filenames(array('group_list' => 'admin/group_list.tpl')); $template->assign_vars( array( - 'F_ADD_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=group_list' + 'F_ADD_ACTION' => + add_session_id(PHPWG_ROOT_PATH.'admin.php?page=group_list') ) ); diff --git a/admin/group_perm.php b/admin/group_perm.php index 2c474eb89..5c974008e 100644 --- a/admin/group_perm.php +++ b/admin/group_perm.php @@ -140,9 +140,11 @@ $template->assign_vars( 'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'], 'F_ACTION' => + add_session_id( PHPWG_ROOT_PATH. 'admin.php?page=group_perm&group_id='. $page['group'] + ) ) ); diff --git a/admin/intro.php b/admin/intro.php index 45e34a439..d7beec762 100644 --- a/admin/intro.php +++ b/admin/intro.php @@ -177,8 +177,10 @@ $template->assign_vars( 'DB_USERS' => sprintf(l10n('%d users'), $nb_users), 'DB_GROUPS' => sprintf(l10n('%d groups'), $nb_groups), 'DB_COMMENTS' => sprintf(l10n('%d comments'), $nb_comments), - 'U_CHECK_UPGRADE' => PHPWG_ROOT_PATH.'admin.php?action=check_upgrade', - 'U_PHPINFO' => PHPWG_ROOT_PATH.'admin.php?action=phpinfo' + 'U_CHECK_UPGRADE' => + add_session_id(PHPWG_ROOT_PATH.'admin.php?action=check_upgrade'), + 'U_PHPINFO' => + add_session_id(PHPWG_ROOT_PATH.'admin.php?action=phpinfo') ) ); @@ -215,7 +217,7 @@ if ($nb_waiting > 0) $template->assign_block_vars( 'waiting', array( - 'URL' => PHPWG_ROOT_PATH.'admin.php?page=waiting', + 'URL' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=waiting'), 'INFO' => sprintf(l10n('%d waiting for validation'), $nb_waiting) ) ); @@ -234,7 +236,7 @@ if ($nb_comments > 0) $template->assign_block_vars( 'unvalidated', array( - 'URL' => PHPWG_ROOT_PATH.'admin.php?page=comments', + 'URL' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=comments'), 'INFO' => sprintf(l10n('%d waiting for validation'), $nb_comments) ) ); diff --git a/admin/maintenance.php b/admin/maintenance.php index 067f1ff82..ec45196db 100644 --- a/admin/maintenance.php +++ b/admin/maintenance.php @@ -98,11 +98,11 @@ $start_url = PHPWG_ROOT_PATH.'admin.php?page=maintenance&action='; $template->assign_vars( array( - 'U_MAINT_CATEGORIES' => $start_url.'categories', - 'U_MAINT_IMAGES' => $start_url.'images', - 'U_MAINT_HISTORY' => $start_url.'history', - 'U_MAINT_SESSIONS' => $start_url.'sessions', - 'U_MAINT_FEEDS' => $start_url.'feeds', + 'U_MAINT_CATEGORIES' => add_session_id($start_url.'categories'), + 'U_MAINT_IMAGES' => add_session_id($start_url.'images'), + 'U_MAINT_HISTORY' => add_session_id($start_url.'history'), + 'U_MAINT_SESSIONS' => add_session_id($start_url.'sessions'), + 'U_MAINT_FEEDS' => add_session_id($start_url.'feeds'), 'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=maintenance', ) ); diff --git a/admin/picture_modify.php b/admin/picture_modify.php index 097857ec5..a8fa2b953 100644 --- a/admin/picture_modify.php +++ b/admin/picture_modify.php @@ -195,10 +195,12 @@ $template->set_filenames( $template->assign_vars( array( 'U_SYNC' => + add_session_id( PHPWG_ROOT_PATH.'admin.php?page=picture_modify'. '&image_id='.$_GET['image_id']. (isset($_GET['cat_id']) ? '&cat_id='.$_GET['cat_id'] : ''). - '&sync_metadata=1', + '&sync_metadata=1' + ), 'PATH'=>$row['path'], @@ -228,8 +230,10 @@ $template->assign_vars( stripslashes($_POST['description']) : @$row['comment'], 'F_ACTION' => + add_session_id( PHPWG_ROOT_PATH.'admin.php' .get_query_string_diff(array('sync_metadata')) + ) ) ); diff --git a/admin/remote_site.php b/admin/remote_site.php index 1ce1813a2..fb778084f 100644 --- a/admin/remote_site.php +++ b/admin/remote_site.php @@ -515,7 +515,7 @@ $template->assign_vars( 'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=remote_site', - 'F_ACTION'=>PHPWG_ROOT_PATH.'admin.php?page=remote_site' + 'F_ACTION'=>add_session_id(PHPWG_ROOT_PATH.'admin.php?page=remote_site') ) ); @@ -686,7 +686,7 @@ else 'local', array( 'URL' => $url, - 'U_UPDATE' => $base_url.'local_update' + 'U_UPDATE' => add_session_id($base_url.'local_update') ) ); @@ -731,10 +731,10 @@ while ($row = mysql_fetch_array($result)) 'sites.site', array( 'NAME' => $row['galleries_url'], - 'U_GENERATE' => $base_url.'generate', - 'U_UPDATE' => $base_url.'update', - 'U_CLEAN' => $base_url.'clean', - 'U_DELETE' => $base_url.'delete' + 'U_GENERATE' => add_session_id($base_url.'generate'), + 'U_UPDATE' => add_session_id($base_url.'update'), + 'U_CLEAN' => add_session_id($base_url.'clean'), + 'U_DELETE' => add_session_id($base_url.'delete') ) ); } diff --git a/admin/stats.php b/admin/stats.php index 02d7ec5d8..1a821a476 100644 --- a/admin/stats.php +++ b/admin/stats.php @@ -62,7 +62,7 @@ if (isset($_GET['day']) && isset($_GET['month']) && isset($_GET['year']) ) $date_of_day=$_GET['day'].' '.$lang['month'][$_GET['month']].' '.$_GET['year']; $title_page=$lang['stats_day_title'].' du '.$date_of_day; $url_back = PHPWG_ROOT_PATH."admin.php?page=stats"; - $url_back = $url_back; + $url_back = add_session_id($url_back); $title_details='<a href='.$url_back.'>'.$lang['stats_day_title'].'</a>'; $title_day = $date_of_day; } @@ -71,7 +71,7 @@ elseif ( isset($_GET['month']) && isset($_GET['year']) ) $date_of_day=$lang['month'][$_GET['month']].' '.$_GET['year']; $title_page=$lang['stats_month_title'].' : '.$date_of_day; $url_back = PHPWG_ROOT_PATH."admin.php?page=stats"; - $url_back = $url_back; + $url_back = add_session_id($url_back); $title_details='<a href='.$url_back.'>'.$lang['stats_day_title'].'</a>'; $title_day=$lang['today']; } @@ -105,7 +105,7 @@ $template->assign_vars(array( 'L_STAT_FILE'=>$lang['stats_file'], 'L_STAT_PICTURE'=>$lang['stats_picture'], - 'IMG_REPORT'=>$url_img + 'IMG_REPORT'=>add_session_id($url_img) )); //---------------------------------------------------------------- log history @@ -141,7 +141,7 @@ while ( $row = mysql_fetch_array( $result ) ) .'&day='.$row['d'] ; - $value = '<a href="'.$url.'">'; + $value = '<a href="'.add_session_id($url).'">'; $value.= $row['d'].' ('.$week_day.')'; $value.= "</a>"; } @@ -160,7 +160,7 @@ while ( $row = mysql_fetch_array( $result ) ) .'&month='.$row['m'] ; - $value = '<a href="'.$url.'">'; + $value = '<a href="'.add_session_id($url).'">'; $value.= $lang['month'][$row['m']].' '.$row['y']; $value.= "</a>"; } diff --git a/admin/thumbnail.php b/admin/thumbnail.php index 88ffdc952..5193388d7 100644 --- a/admin/thumbnail.php +++ b/admin/thumbnail.php @@ -358,7 +358,7 @@ if (count($remainings) > 0) $template->assign_block_vars( 'params', array( - 'F_ACTION'=>$form_url, + 'F_ACTION'=>add_session_id($form_url), $gdlabel=>'checked="checked"', $nlabel=>'checked="checked"', 'WIDTH_TN'=>$width, diff --git a/admin/user_list.php b/admin/user_list.php index 3eaac6d70..e51c8e583 100644 --- a/admin/user_list.php +++ b/admin/user_list.php @@ -424,7 +424,7 @@ while ($row = mysql_fetch_array($result)) $template->set_filenames(array('user_list'=>'admin/user_list.tpl')); -$base_url = PHPWG_ROOT_PATH.'admin.php?page=user_list'; +$base_url = add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_list'); if (isset($_GET['start']) and is_numeric($_GET['start'])) { @@ -790,8 +790,8 @@ foreach ($page['filtered_users'] as $num => $local_user) 'CLASS' => ($num % 2 == 1) ? 'row2' : 'row1', 'ID' => $local_user['id'], 'CHECKED' => $checked, - 'U_MOD' => $profile_url.$local_user['id'], - 'U_PERM' => $perm_url.$local_user['id'], + 'U_MOD' => add_session_id($profile_url.$local_user['id']), + 'U_PERM' => add_session_id($perm_url.$local_user['id']), 'USERNAME' => $local_user['username'], 'STATUS' => $lang['user_status_'.$local_user['status']], 'EMAIL' => isset($local_user['email']) ? $local_user['email'] : '', diff --git a/admin/user_perm.php b/admin/user_perm.php index 91ade3618..400678ce2 100644 --- a/admin/user_perm.php +++ b/admin/user_perm.php @@ -133,9 +133,11 @@ $template->assign_vars( 'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'], 'F_ACTION' => + add_session_id( PHPWG_ROOT_PATH. 'admin.php?page=user_perm'. '&user_id='.$page['user'] + ) ) ); diff --git a/admin/waiting.php b/admin/waiting.php index 647fcafe2..7c8e05b51 100644 --- a/admin/waiting.php +++ b/admin/waiting.php @@ -148,7 +148,7 @@ $template->assign_vars(array( 'L_RESET'=>$lang['reset'], 'L_DELETE'=>$lang['delete'], - 'F_ACTION'=>str_replace( '&', '&', $_SERVER['REQUEST_URI']) + 'F_ACTION'=>add_session_id(str_replace( '&', '&', $_SERVER['REQUEST_URI'] )) )); //---------------------------------------------------------------- form display diff --git a/category.php b/category.php index 1a74a912f..158781ae6 100644 --- a/category.php +++ b/category.php @@ -31,13 +31,10 @@ include_once( PHPWG_ROOT_PATH.'include/common.inc.php' ); //---------------------------------------------------------------------- logout if ( isset( $_GET['act'] ) and $_GET['act'] == 'logout' - and isset( $_COOKIE[session_name()] ) ) + and isset( $_COOKIE['id'] ) ) { // cookie deletion if exists - $_SESSION = array(); - session_unset(); - session_destroy(); - setcookie(session_name(),'',0,'/'); + setcookie( 'id', '', 0, cookie_path() ); $url = 'category.php'; redirect( $url ); } @@ -166,15 +163,15 @@ $template->assign_vars( 'L_PROFILE_HINT' => $lang['hint_customize'], 'L_REMEMBER_ME' => $lang['remember_me'], - 'F_IDENTIFY' => PHPWG_ROOT_PATH.'identification.php', + 'F_IDENTIFY' => add_session_id( PHPWG_ROOT_PATH.'identification.php' ), 'T_RECENT' => $icon_recent, - 'U_HOME' => PHPWG_ROOT_PATH.'category.php', - 'U_REGISTER' => PHPWG_ROOT_PATH.'register.php', - 'U_LOST_PASSWORD' => PHPWG_ROOT_PATH.'password.php', + 'U_HOME' => add_session_id( PHPWG_ROOT_PATH.'category.php' ), + 'U_REGISTER' => add_session_id( PHPWG_ROOT_PATH.'register.php' ), + 'U_LOST_PASSWORD' => add_session_id(PHPWG_ROOT_PATH.'password.php'), 'U_LOGOUT' => PHPWG_ROOT_PATH.'category.php?act=logout', - 'U_ADMIN'=> PHPWG_ROOT_PATH.'admin.php', - 'U_PROFILE'=> PHPWG_ROOT_PATH.'profile.php' + 'U_ADMIN'=>add_session_id( PHPWG_ROOT_PATH.'admin.php' ), + 'U_PROFILE'=>add_session_id(PHPWG_ROOT_PATH.'profile.php') ) ); //-------------------------------------------------------------- external links @@ -201,7 +198,7 @@ if ( !$user['is_the_guest'] ) $template->assign_block_vars( 'special_cat', array( - 'URL' => PHPWG_ROOT_PATH.'category.php?cat=fav', + 'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=fav'), 'TITLE' => $lang['favorite_cat_hint'], 'NAME' => $lang['favorite_cat'] )); @@ -210,7 +207,7 @@ if ( !$user['is_the_guest'] ) $template->assign_block_vars( 'special_cat', array( - 'URL' => PHPWG_ROOT_PATH.'category.php?cat=most_visited', + 'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=most_visited'), 'TITLE' => $lang['most_visited_cat_hint'], 'NAME' => $lang['most_visited_cat'] )); @@ -220,7 +217,7 @@ if ($conf['rate']) $template->assign_block_vars( 'special_cat', array( - 'URL' => PHPWG_ROOT_PATH.'category.php?cat=best_rated', + 'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=best_rated'), 'TITLE' => $lang['best_rated_cat_hint'], 'NAME' => $lang['best_rated_cat'] ) @@ -230,7 +227,7 @@ if ($conf['rate']) $template->assign_block_vars( 'special_cat', array( - 'URL' => PHPWG_ROOT_PATH.'random.php', + 'URL' => add_session_id(PHPWG_ROOT_PATH.'random.php'), 'TITLE' => $lang['random_cat_hint'], 'NAME' => $lang['random_cat'] )); @@ -238,7 +235,7 @@ $template->assign_block_vars( $template->assign_block_vars( 'special_cat', array( - 'URL' => PHPWG_ROOT_PATH.'category.php?cat=recent_pics', + 'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=recent_pics'), 'TITLE' => $lang['recent_pics_cat_hint'], 'NAME' => $lang['recent_pics_cat'] )); @@ -246,7 +243,7 @@ $template->assign_block_vars( $template->assign_block_vars( 'special_cat', array( - 'URL' => PHPWG_ROOT_PATH.'category.php?cat=recent_cats', + 'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=recent_cats'), 'TITLE' => $lang['recent_cats_cat_hint'], 'NAME' => $lang['recent_cats_cat'] )); @@ -254,7 +251,7 @@ $template->assign_block_vars( $template->assign_block_vars( 'special_cat', array( - 'URL' => PHPWG_ROOT_PATH.'category.php?cat=calendar', + 'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=calendar'), 'TITLE' => $lang['calendar_hint'], 'NAME' => $lang['calendar'] )); @@ -293,21 +290,21 @@ else $template->assign_block_vars('summary', array( 'TITLE'=>$lang['hint_search'], 'NAME'=>$lang['search'], -'U_SUMMARY'=> 'search.php', +'U_SUMMARY'=>add_session_id( 'search.php' ), )); // comments link $template->assign_block_vars('summary', array( 'TITLE'=>$lang['hint_comments'], 'NAME'=>$lang['comments'], -'U_SUMMARY'=> 'comments.php', +'U_SUMMARY'=>add_session_id( 'comments.php' ), )); // about link $template->assign_block_vars('summary', array( 'TITLE'=>$lang['about_page_title'], 'NAME'=>$lang['About'], -'U_SUMMARY'=> 'about.php?'.str_replace( '&', '&', $_SERVER['QUERY_STRING'] ) +'U_SUMMARY'=>add_session_id( 'about.php?'.str_replace( '&', '&', $_SERVER['QUERY_STRING'] ) ) )); // notification @@ -316,7 +313,7 @@ $template->assign_block_vars( array( 'TITLE'=>l10n('notification'), 'NAME'=>l10n('Notification'), - 'U_SUMMARY'=> PHPWG_ROOT_PATH.'notification.php' + 'U_SUMMARY'=>add_session_id(PHPWG_ROOT_PATH.'notification.php') )); if (isset($page['cat']) @@ -327,8 +324,10 @@ if (isset($page['cat']) 'edit', array( 'URL' => + add_session_id( PHPWG_ROOT_PATH.'admin.php?page=cat_modify' .'&cat_id='.$page['cat'] + ) ) ); } @@ -353,8 +352,10 @@ if (isset($page['cat']) 'caddie', array( 'URL' => + add_session_id( PHPWG_ROOT_PATH.'category.php' .get_query_string_diff(array('caddie')).'&caddie=1') + ) ); } } @@ -382,7 +383,7 @@ if ( isset ( $page['cat'] ) ) $url = PHPWG_ROOT_PATH.'upload.php?cat='.$page['cat']; $template->assign_block_vars( 'upload', - array('U_UPLOAD'=> $url ) + array('U_UPLOAD'=>add_session_id( $url )) ); } diff --git a/comments.php b/comments.php index 5215ab473..fa240aa29 100644 --- a/comments.php +++ b/comments.php @@ -228,7 +228,7 @@ $template->assign_vars( 'F_KEYWORD'=>@$_GET['keyword'], 'F_AUTHOR'=>@$_GET['author'], - 'U_HOME' => PHPWG_ROOT_PATH.'category.php' + 'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php') ) ); @@ -465,7 +465,7 @@ SELECT id, uppercats array( 'TITLE_IMG'=>$name, 'I_THUMB'=>$thumbnail_src, - 'U_THUMB'=>$url + 'U_THUMB'=>add_session_id($url) )); $author = $comment['author']; @@ -477,7 +477,7 @@ SELECT id, uppercats $template->assign_block_vars( 'comment', array( - 'U_PICTURE' => $url, + 'U_PICTURE' => add_session_id($url), 'TN_SRC' => $thumbnail_src, 'AUTHOR' => $author, 'DATE'=>format_date($comment['date'],'mysql_datetime',true), diff --git a/identification.php b/identification.php index 223e6c1e9..c55e009ed 100644 --- a/identification.php +++ b/identification.php @@ -51,9 +51,8 @@ SELECT '.$conf['user_fields']['id'].' AS id, { $session_length = $conf['remember_me_length']; } - session_start(); - $_SESSION['id'] = $row['id']; - redirect('category.php'); + $session_id = session_create($row['id'], $session_length); + redirect('category.php?id='.$session_id); } else { @@ -81,11 +80,11 @@ $template->assign_vars( 'L_FORGET' => $lang['ident_forgotten_password'], 'L_REMEMBER_ME'=>$lang['remember_me'], - 'U_REGISTER' => PHPWG_ROOT_PATH.'register.php', - 'U_LOST_PASSWORD' => PHPWG_ROOT_PATH.'password.php', - 'U_HOME' => PHPWG_ROOT_PATH.'category.php', + 'U_REGISTER' => add_session_id(PHPWG_ROOT_PATH.'register.php'), + 'U_LOST_PASSWORD' => add_session_id(PHPWG_ROOT_PATH.'password.php'), + 'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php'), - 'F_LOGIN_ACTION' => PHPWG_ROOT_PATH.'identification.php' + 'F_LOGIN_ACTION' => add_session_id(PHPWG_ROOT_PATH.'identification.php') )); if ($conf['authorize_remembering']) diff --git a/include/category_calendar.inc.php b/include/category_calendar.inc.php index fb2fffd09..a355a9339 100644 --- a/include/category_calendar.inc.php +++ b/include/category_calendar.inc.php @@ -67,6 +67,7 @@ foreach ($calendar_years as $calendar_year => $nb_picture_year) { $url = PHPWG_ROOT_PATH.'category.php?cat=calendar'; $url.= '&year='.$calendar_year; + $url = add_session_id($url); $years_nav_bar.= ' <a href="'.$url.'">'.$calendar_year.'</a>'; } } @@ -123,7 +124,7 @@ SELECT DISTINCT(MONTH('.$conf['calendar_datefield'].')) AS month $url = PHPWG_ROOT_PATH.'category.php?cat=calendar&month='; $url.= $page['calendar_year'].'.'.sprintf('%02s', $calendar_month); $months_nav_bar.= ' '; - $months_nav_bar.= '<a href="'.$url.'">'; + $months_nav_bar.= '<a href="'.add_session_id($url).'">'; $months_nav_bar.= $lang['month'][(int)$calendar_month]; $months_nav_bar.= '</a>'; } @@ -247,7 +248,7 @@ SELECT file,tn_ext,'.$conf['calendar_datefield'].',path 'IMAGE_ALT'=>$row['file'], 'IMAGE_TITLE'=>$thumbnail_title, - 'U_IMG_LINK'=>$url_link + 'U_IMG_LINK'=>add_session_id($url_link) ) ); @@ -307,7 +308,7 @@ SELECT file,tn_ext,'.$conf['calendar_datefield'].',path 'IMAGE_ALT'=>$row['file'], 'IMAGE_TITLE'=>$thumbnail_title, - 'U_IMG_LINK'=>$url_link + 'U_IMG_LINK'=>add_session_id($url_link) ) ); @@ -361,7 +362,7 @@ SELECT file,tn_ext,'.$conf['calendar_datefield'].',path 'IMAGE_ALT'=>$row['file'], 'IMAGE_TITLE'=>$thumbnail_title, - 'U_IMG_LINK'=>$url_link + 'U_IMG_LINK'=>add_session_id($url_link) ) ); @@ -435,7 +436,7 @@ SELECT file,tn_ext,'.$conf['calendar_datefield'].',path 'IMAGE_ALT'=>$row['file'], 'IMAGE_TITLE'=>$thumbnail_title, - 'U_IMG_LINK'=>$url_link + 'U_IMG_LINK'=>add_session_id($url_link) ) ); diff --git a/include/category_default.inc.php b/include/category_default.inc.php index 0965b331e..d553e9e05 100644 --- a/include/category_default.inc.php +++ b/include/category_default.inc.php @@ -89,7 +89,7 @@ while ($row = mysql_fetch_array($result)) 'IMAGE_TITLE' => $thumbnail_title, 'IMAGE_TS' => get_icon($row['date_available']), - 'U_IMG_LINK' => $url_link + 'U_IMG_LINK' => add_session_id($url_link) ) ); diff --git a/include/category_recent_cats.inc.php b/include/category_recent_cats.inc.php index 298def21d..1b3e84f1e 100644 --- a/include/category_recent_cats.inc.php +++ b/include/category_recent_cats.inc.php @@ -78,7 +78,7 @@ while ( $row = mysql_fetch_array( $result ) ) 'IMAGE_ALT' => $row['file'], 'IMAGE_TITLE' => $lang['hint_category'], - 'U_IMG_LINK' => $url_link + 'U_IMG_LINK' => add_session_id($url_link) ) ); diff --git a/include/category_subcats.inc.php b/include/category_subcats.inc.php index 5f64a3a7f..8e40d8498 100644 --- a/include/category_subcats.inc.php +++ b/include/category_subcats.inc.php @@ -152,7 +152,7 @@ SELECT id, path, tn_ext 'IMAGE_TITLE' => $lang['hint_category'], 'IMAGE_TS' => get_icon(@$item['date_last']), 'U_IMG_LINK' => - PHPWG_ROOT_PATH.'category.php?cat='.$item['category'] + add_session_id(PHPWG_ROOT_PATH.'category.php?cat='.$item['category']) ) ); diff --git a/include/config_default.inc.php b/include/config_default.inc.php index 96272dee6..33b9eab0b 100644 --- a/include/config_default.inc.php +++ b/include/config_default.inc.php @@ -256,21 +256,6 @@ $conf['use_exif_mapping'] = array( // | sessions | // +-----------------------------------------------------------------------+ -// specifies to use cookie to store the session id on client side -$conf['session_use_cookies'] = 1; - -// specifies to only use cookie to store the session id on client side -$conf['session_use_only_cookies'] = 1; - -// do not use transparent session id support -$conf['session_use_trans_sid'] = 0; - -// specifies the name of the session which is used as cookie name -$conf['session_name'] = 'pwg_id'; - -// comment the line below to use file handler for sessions. -$conf['session_save_handler'] = 'db'; - // authorize_remembering : permits user to stay logged for a long time. It // creates a cookie on client side. $conf['authorize_remembering'] = true; @@ -282,6 +267,16 @@ $conf['remember_me_length'] = 31536000; // session_length : time of validity for normal session, in seconds. $conf['session_length'] = 3600; +// session_id_size : a session identifier is compound of alphanumeric +// characters and is case sensitive. Each character is among 62 +// possibilities. The number of possible sessions is +// 62^$conf['session_id_size']. +// +// 62^5 = 916,132,832 +// 62^10 = 839,299,365,868,340,224 +// +$conf['session_id_size'] = 10; + // +-----------------------------------------------------------------------+ // | debug | // +-----------------------------------------------------------------------+ diff --git a/include/functions_category.inc.php b/include/functions_category.inc.php index 4c5f1f4be..ad118a905 100644 --- a/include/functions_category.inc.php +++ b/include/functions_category.inc.php @@ -47,7 +47,7 @@ function check_restrictions($category_id) if (in_array($category_id, explode(',', $user['forbidden_categories']))) { echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />'; - echo '<a href="./category.php">'; + echo '<a href="'.add_session_id( './category.php' ).'">'; echo $lang['thumbnails'].'</a></div>'; exit(); } diff --git a/include/functions_html.inc.php b/include/functions_html.inc.php index a2c45b7ef..50a999854 100644 --- a/include/functions_html.inc.php +++ b/include/functions_html.inc.php @@ -82,7 +82,7 @@ function create_navigation_bar($url, $nb_element, $start, if ($cur_page != 1) { $navbar.= '<a href="'; - $navbar.= $url.'&start=0'; + $navbar.= add_session_id($url.'&start=0'); $navbar.= '" class="'.$link_class.'">'.$lang['first_page']; $navbar.= '</a>'; } @@ -96,7 +96,7 @@ function create_navigation_bar($url, $nb_element, $start, { $previous = $start - $nb_element_page; $navbar.= '<a href="'; - $navbar.= $url.'&start='.$previous; + $navbar.= add_session_id( $url.'&start='.$previous ); $navbar.= '" class="'.$link_class.'">'.$lang['previous_page']; $navbar.= '</a>'; } @@ -109,7 +109,7 @@ function create_navigation_bar($url, $nb_element, $start, if ($cur_page > $pages_around + 1) { $navbar.= ' <a href="'; - $navbar.= $url.'&start=0'; + $navbar.= add_session_id($url.'&start=0'); $navbar.= '" class="'.$link_class.'">1</a>'; if ($cur_page > $pages_around + 2) { @@ -130,7 +130,7 @@ function create_navigation_bar($url, $nb_element, $start, { $temp_start = ($i - 1) * $nb_element_page; $navbar.= ' <a href="'; - $navbar.= $url.'&start='.$temp_start; + $navbar.= add_session_id($url.'&start='.$temp_start); $navbar.= '" class="'.$link_class.'">'.$i.'</a>'; } else @@ -148,7 +148,7 @@ function create_navigation_bar($url, $nb_element, $start, $navbar.= ' ...'; } $navbar.= ' <a href="'; - $navbar.= $url.'&start='.$temp_start; + $navbar.= add_session_id($url.'&start='.$temp_start); $navbar.= '" class="'.$link_class.'">'.$maximum.'</a>'; } @@ -159,7 +159,7 @@ function create_navigation_bar($url, $nb_element, $start, { $next = $start + $nb_element_page; $navbar.= '<a href="'; - $navbar.= $url.'&start='.$next; + $navbar.= add_session_id( $url.'&start='.$next ); $navbar.= '" class="'.$link_class.'">'.$lang['next_page'].'</a>'; } else @@ -173,7 +173,7 @@ function create_navigation_bar($url, $nb_element, $start, { $temp_start = ($maximum - 1) * $nb_element_page; $navbar.= '<a href="'; - $navbar.= $url.'&start='.$temp_start; + $navbar.= add_session_id($url.'&start='.$temp_start); $navbar.= '" class="'.$link_class.'">'.$lang['last_page']; $navbar.= '</a>'; } @@ -242,7 +242,7 @@ function get_cat_display_name($cat_informations, else { $output.= '<a class=""'; - $output.= ' href="'.PHPWG_ROOT_PATH.$url.$id.'">'; + $output.= ' href="'.add_session_id(PHPWG_ROOT_PATH.$url.$id).'">'; $output.= $name.'</a>'; } } @@ -311,7 +311,7 @@ SELECT id,name { $output.= ' <a class="" - href="'.PHPWG_ROOT_PATH.$url.$category_id.'">'.$name.'</a>'; + href="'.add_session_id(PHPWG_ROOT_PATH.$url.$category_id).'">'.$name.'</a>'; } } if ($replace_space) @@ -370,7 +370,7 @@ function get_html_menu_category($categories) } $menu.= '>'; - $url = PHPWG_ROOT_PATH.'category.php?cat='.$category['id']; + $url = add_session_id(PHPWG_ROOT_PATH.'category.php?cat='.$category['id']); $menu.= "\n".'<a href="'.$url.'">'.$category['name'].'</a>'; if ($category['nb_images'] > 0) diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php index 98a85c876..8a3bb911c 100644 --- a/include/functions_session.inc.php +++ b/include/functions_session.inc.php @@ -25,77 +25,115 @@ // | USA. | // +-----------------------------------------------------------------------+ -if (isset($conf['session_save_handler']) and ($conf['session_save_handler'] == 'db')) { - session_set_save_handler('pwg_session_open', - 'pwg_session_close', - 'pwg_session_read', - 'pwg_session_write', - 'pwg_session_destroy', - 'pwg_session_gc' - ); -} - -ini_set('session.use_cookies', $conf['session_use_cookies']); -ini_set('session.use_only_cookies', $conf['session_use_only_cookies']); -ini_set('session.use_trans_sid', $conf['session_use_trans_sid']); -ini_set('session.name', $conf['session_name']); - -function pwg_session_open($path, $name) +// The function generate_key creates a string with pseudo random characters. +// the size of the string depends on the $conf['session_id_size']. +// Characters used are a-z A-Z and numerical values. Examples : +// "Er4Tgh6", "Rrp08P", "54gj" +// input : none (using global variable) +// output : $key +function generate_key($size) { - return true; -} + global $conf; -function pwg_session_close() -{ - pwg_session_gc(); - return true; + $md5 = md5(substr(microtime(), 2, 6)); + $init = ''; + for ( $i = 0; $i < strlen( $md5 ); $i++ ) + { + if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i]; + } + $init = substr( $init, 0, 8 ); + mt_srand( $init ); + $key = ''; + for ( $i = 0; $i < $size; $i++ ) + { + $c = mt_rand( 0, 2 ); + if ( $c == 0 ) $key .= chr( mt_rand( 65, 90 ) ); + else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) ); + else $key .= mt_rand( 0, 9 ); + } + return $key; } -function pwg_session_read($session_id) +/** + * create a new session and returns the session identifier + * + * - find a non-already-used session key + * - create a session in database + * - return session identifier + * + * @param int userid + * @param int session_lentgh : in seconds + * @return string + */ +function session_create($userid, $session_length) { - $query = "SELECT data FROM " . SESSIONS_TABLE; - $query .= " WHERE id = '$session_id'"; - $result = pwg_query($query); - if ($result) { - $row = mysql_fetch_assoc($result); - return $row['data']; - } else { - return ''; + global $conf; + + // 1. searching an unused session key + $id_found = false; + while (!$id_found) + { + $generated_id = generate_key($conf['session_id_size']); + $query = ' +SELECT id + FROM '.SESSIONS_TABLE.' + WHERE id = \''.$generated_id.'\' +;'; + $result = pwg_query($query); + if (mysql_num_rows($result) == 0) + { + $id_found = true; + } } + // 3. inserting session in database + $query = ' +INSERT INTO '.SESSIONS_TABLE.' + (id,user_id,expiration) + VALUES + (\''.$generated_id.'\','.$userid.', + ADDDATE(NOW(), INTERVAL '.$session_length.' SECOND)) +;'; + pwg_query($query); + + $expiration = $session_length + time(); + setcookie('id', $generated_id, $expiration, cookie_path()); + + return $generated_id; } -function pwg_session_write($session_id, $data) +// add_session_id adds the id of the session to the string given in +// parameter as $url. If the session id is the first parameter to the url, +// it is preceded by a '?', else it is preceded by a '&'. If the +// parameter $redirect is set to true, '&' is used instead of '&'. +function add_session_id( $url, $redirect = false ) { - $query = "SELECT id FROM " . SESSIONS_TABLE; - $query .= " WHERE id = '$session_id'"; - $result = pwg_query($query); - if (mysql_num_rows($result)) { - $query = "UPDATE " . SESSIONS_TABLE . " SET expiration = now()"; - $query .= " WHERE id = '$session_id'"; - pwg_query($query); - } else { - $query = "INSERT INTO " . SESSIONS_TABLE . " (id,data,expiration)"; - $query .= " VALUES('$session_id','$data',now())"; - pwg_query($query); + global $page, $user, $conf; + + if ($user['is_the_guest'] + or $user['has_cookie'] + or $conf['apache_authentication']) + { + return $url; } - return true; -} -function pwg_session_destroy($session_id) -{ - $query = "DELETE FROM " . SESSIONS_TABLE; - $query .= " WHERE id = '$session_id'"; - pwg_query($query); - return true; + if (preg_match('/\.php\?/', $url)) + { + $separator = $redirect ? '&' : '&'; + } + else + { + $separator = '?'; + } + + return $url.$separator.'id='.$page['session_id']; } -function pwg_session_gc() +// cookie_path returns the path to use for the PhpWebGallery cookie. +// If PhpWebGallery is installed on : +// http://domain.org/meeting/gallery/category.php +// cookie_path will return : "/meeting/gallery" +function cookie_path() { - global $conf; - - $query = "DELETE FROM " . SESSIONS_TABLE; - $query .= " WHERE UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(expiration) > " . $conf['session_length']; - pwg_query($query); - return true; + return substr($_SERVER['PHP_SELF'],0,strrpos( $_SERVER['PHP_SELF'],'/')); } ?> diff --git a/include/page_header.php b/include/page_header.php index 6891787bd..8bf830cf5 100644 --- a/include/page_header.php +++ b/include/page_header.php @@ -61,7 +61,7 @@ if ( isset( $refresh ) and intval($refresh) >= 0 and isset( $url_link ) ) $template->assign_vars( array( 'REFRESH_TIME' => $refresh, - 'U_REFRESH' => $url_link + 'U_REFRESH' => add_session_id( $url_link ) )); $template->assign_block_vars('refresh', array()); } diff --git a/include/user.inc.php b/include/user.inc.php index 04adde9ac..8b51935a0 100644 --- a/include/user.inc.php +++ b/include/user.inc.php @@ -26,24 +26,55 @@ // +-----------------------------------------------------------------------+ // retrieving connected user informations -if (isset($_COOKIE[session_name()])) +if (isset($_COOKIE['id'])) { - session_start(); - if (isset($_SESSION['id'])) - { - $user['id'] = $_SESSION['id']; - } - else - { - // session timeout - $user['id'] = $conf['guest_id']; - $user['is_the_guest'] = true; - } -} -else + $session_id = $_COOKIE['id']; + $user['has_cookie'] = true; +} +else if (isset($_GET['id'])) +{ + $session_id = $_GET['id']; + $user['has_cookie'] = false; +} +else +{ + $user['has_cookie'] = false; +} + +if (isset($session_id) + and ereg("^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id)) +{ + $page['session_id'] = $session_id; + $query = ' +SELECT user_id,expiration,NOW() AS now + FROM '.SESSIONS_TABLE.' + WHERE id = \''.$page['session_id'].'\' +;'; + $result = pwg_query($query); + if (mysql_num_rows($result) > 0) + { + $row = mysql_fetch_array($result); + if (strnatcmp($row['expiration'], $row['now']) < 0) + { + // deletion of the session from the database, because it is + // out-of-date + $delete_query = ' +DELETE FROM '.SESSIONS_TABLE.' + WHERE id = \''.$page['session_id'].'\' +;'; + pwg_query($delete_query); + } + else + { + $user['id'] = $row['user_id']; + $user['is_the_guest'] = false; + } + } +} +if (!isset($user['id'])) { - $user['id'] = $conf['guest_id']; - $user['is_the_guest'] = true; + $user['id'] = $conf['guest_id']; + $user['is_the_guest'] = true; } // using Apache authentication override the above user search diff --git a/notification.php b/notification.php index 53950722d..a9d8dd2d1 100644 --- a/notification.php +++ b/notification.php @@ -58,7 +58,7 @@ $template->set_filenames(array('notification'=>'notification.tpl')); $template->assign_vars( array( 'FEED_URL' => PHPWG_ROOT_PATH.'feed.php?feed='.$page['feed'], - 'U_HOME' => PHPWG_ROOT_PATH.'category.php' + 'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php') ) ); diff --git a/password.php b/password.php index 9e0ad4029..f5ee6b2f8 100644 --- a/password.php +++ b/password.php @@ -176,7 +176,7 @@ $template->set_filenames(array('password'=>'password.tpl')); $template->assign_vars( array( - 'U_HOME' => PHPWG_ROOT_PATH.'category.php' + 'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php') ) ); diff --git a/picture.php b/picture.php index 5009e101a..b59cb1a87 100644 --- a/picture.php +++ b/picture.php @@ -82,7 +82,7 @@ while ($row = mysql_fetch_array($result)) if (!$belongs) { echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />'; - echo '<a href="'.PHPWG_ROOT_PATH.'category.php'.'">'; + echo '<a href="'.add_session_id( PHPWG_ROOT_PATH.'category.php' ).'">'; echo $lang['thumbnails'].'</a></div>'; exit(); } @@ -329,17 +329,18 @@ if ( isset( $_GET['add_fav'] ) ) { // there is no favorite picture anymore we redirect the user to the // category page - redirect($url_up); + $url = add_session_id($url_up); + redirect($url); } else if (!$has_prev) { $url = str_replace( '&', '&', $picture['next']['url'] ); - redirect( $url ); + $url = add_session_id( $url, true); } else { $url = str_replace('&', '&', $picture['prev']['url'] ); - redirect( $url ); + $url = add_session_id( $url, true); } redirect( $url ); } @@ -532,12 +533,12 @@ $template->assign_vars(array( 'L_UP_HINT' => $lang['home_hint'], 'L_UP_ALT' => $lang['home'], - 'U_HOME' => (PHPWG_ROOT_PATH.'category.php'), - 'U_UP' => $url_up, - 'U_METADATA' => $url_metadata, - 'U_ADMIN' => $url_admin, - 'U_SLIDESHOW'=> $url_slide, - 'U_ADD_COMMENT' => str_replace( '&', '&', $_SERVER['REQUEST_URI'] ) + 'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php'), + 'U_UP' => add_session_id($url_up), + 'U_METADATA' => add_session_id($url_metadata), + 'U_ADMIN' => add_session_id($url_admin), + 'U_SLIDESHOW'=> add_session_id($url_slide), + 'U_ADD_COMMENT' => add_session_id(str_replace( '&', '&', $_SERVER['REQUEST_URI'] )) ) ); @@ -594,8 +595,10 @@ if ('admin' == $user['status']) 'caddie', array( 'URL' => + add_session_id( PHPWG_ROOT_PATH.'picture.php' .get_query_string_diff(array('caddie')).'&caddie=1') + ) ); } @@ -653,7 +656,7 @@ if ($has_prev) array( 'TITLE_IMG' => $picture['prev']['name'], 'IMG' => $picture['prev']['thumbnail'], - 'U_IMG' => $picture['prev']['url'] + 'U_IMG' => add_session_id($picture['prev']['url']) )); } @@ -664,7 +667,7 @@ if ($has_next) array( 'TITLE_IMG' => $picture['next']['name'], 'IMG' => $picture['next']['thumbnail'], - 'U_IMG' => $picture['next']['url'] + 'U_IMG' => add_session_id($picture['next']['url']) )); } @@ -687,9 +690,11 @@ if (!empty($picture['current']['author'])) { $infos['INFO_AUTHOR'] = '<a href="'. + add_session_id( PHPWG_ROOT_PATH.'category.php?cat=search'. '&search=author:'.$picture['current']['author'] - .'">'.$picture['current']['author'].'</a>'; + ). + '">'.$picture['current']['author'].'</a>'; } else { @@ -701,9 +706,11 @@ if (!empty($picture['current']['date_creation'])) { $infos['INFO_CREATION_DATE'] = '<a href="'. + add_session_id( PHPWG_ROOT_PATH.'category.php?cat=search'. '&search=date_creation:'.$picture['current']['date_creation'] - .'">'.format_date($picture['current']['date_creation']).'</a>'; + ). + '">'.format_date($picture['current']['date_creation']).'</a>'; } else { @@ -713,10 +720,12 @@ else // date of availability $infos['INFO_AVAILABILITY_DATE'] = '<a href="'. + add_session_id( PHPWG_ROOT_PATH.'category.php?cat=search'. '&search=date_available:'. substr($picture['current']['date_available'], 0, 10) - .'">'. + ). + '">'. format_date($picture['current']['date_available'], 'mysql_datetime'). '</a>'; @@ -765,8 +774,10 @@ if (!empty($picture['current']['keywords'])) preg_replace( '/([^,]+)/', '<a href="'. + add_session_id( PHPWG_ROOT_PATH.'category.php?cat=search&search=keywords:$1' - .'">$1</a>', + ). + '">$1</a>', $picture['current']['keywords'] ); } @@ -890,7 +901,7 @@ if ( isset( $_GET['slideshow'] ) ) if ( !is_numeric( $_GET['slideshow'] ) ) $_GET['slideshow'] = $conf['slideshow_period']; $template->assign_block_vars('stop_slideshow', array( - 'U_SLIDESHOW'=>$picture['current']['url'] + 'U_SLIDESHOW'=>add_session_id( $picture['current']['url'] ) )); } @@ -1043,7 +1054,7 @@ if ($page['show_comments']) { $template->assign_block_vars( 'comments.comment.delete', - array('U_COMMENT_DELETE'=> $url.'&del='.$row['id'] + array('U_COMMENT_DELETE'=>add_session_id( $url.'&del='.$row['id']) )); } } diff --git a/profile.php b/profile.php index 06dc0b17b..4a85467e6 100644 --- a/profile.php +++ b/profile.php @@ -136,7 +136,7 @@ SELECT '.$conf['user_fields']['password'].' AS password // redirection $url = PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING']; - redirect($url); + redirect(add_session_id($url)); } } // +-----------------------------------------------------------------------+ @@ -198,9 +198,9 @@ $template->assign_vars( 'L_RETURN' => $lang['home'], 'L_RETURN_HINT' => $lang['home_hint'], - 'U_RETURN' => PHPWG_ROOT_PATH.'category.php', + 'U_RETURN' => add_session_id(PHPWG_ROOT_PATH.'category.php'), - 'F_ACTION'=>$url_action, + 'F_ACTION'=>add_session_id($url_action), )); $blockname = 'template_option'; diff --git a/random.php b/random.php index 189ac57b1..742a514e4 100644 --- a/random.php +++ b/random.php @@ -59,5 +59,5 @@ while ($row = mysql_fetch_array($result)) // | redirect | // +-----------------------------------------------------------------------+ $url = PHPWG_ROOT_PATH.'category.php?cat=list&list='.implode(',', $ids); -redirect($url); +redirect(add_session_id($url)); ?>
\ No newline at end of file diff --git a/register.php b/register.php index a4da4131f..27def1f85 100644 --- a/register.php +++ b/register.php @@ -76,9 +76,9 @@ $template->assign_vars(array( 'L_CONFIRM_PASSWORD' => $lang['reg_confirm'], 'L_EMAIL' => $lang['mail_address'], - 'U_HOME' => PHPWG_ROOT_PATH.'category.php', + 'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php'), - 'F_ACTION' => 'register.php', + 'F_ACTION' => add_session_id('register.php'), 'F_LOGIN' => $login, 'F_EMAIL' => $email )); diff --git a/search.php b/search.php index b02b52daa..2778c8b80 100644 --- a/search.php +++ b/search.php @@ -129,6 +129,7 @@ if (isset($_POST['submit'])) if (isset($_POST['submit']) and count($errors) == 0) { $url = 'category.php?cat=search&search='.$search_string; + $url = add_session_id($url, true); redirect($url); } //----------------------------------------------------- template initialization @@ -179,9 +180,9 @@ $template->assign_vars(array( 'TODAY_DAY' => date('d', time()), 'TODAY_MONTH' => date('m', time()), 'TODAY_YEAR' => date('Y', time()), - 'S_SEARCH_ACTION' => 'search.php', + 'S_SEARCH_ACTION' => add_session_id( 'search.php' ), 'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=search', - 'U_HOME' => 'category.php' + 'U_HOME' => add_session_id( 'category.php' ) ) ); diff --git a/upload.php b/upload.php index dce72a66f..39f0db5d2 100644 --- a/upload.php +++ b/upload.php @@ -125,7 +125,7 @@ if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) ) if ($page['cat_site_id'] != 1 or !$page['cat_uploadable']) { echo '<div style="text-align:center;">'.$lang['upload_forbidden'].'<br />'; - echo '<a href="./category.php">'; + echo '<a href="'.add_session_id( './category.php' ).'">'; echo $lang['thumbnails'].'</a></div>'; exit(); } @@ -299,9 +299,9 @@ $template->assign_vars(array( 'L_UPLOAD_DONE' => $lang['upload_successful'], 'L_MANDATORY' => $lang['mandatory'], - 'F_ACTION' => $u_form, + 'F_ACTION' => add_session_id( $u_form ), - 'U_RETURN' => PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING'] + 'U_RETURN' => add_session_id(PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING']) )); if ( !$page['upload_successful'] ) |