diff options
| author | rvelices <rv-github@modusoptimus.com> | 2006-10-21 20:16:01 +0000 |
|---|---|---|
| committer | rvelices <rv-github@modusoptimus.com> | 2006-10-21 20:16:01 +0000 |
| commit | 641d335cff78b6e04c625ad3679547b73c1bb829 (patch) | |
| tree | 9ec2e38e6b42d59e4050d8fd5865517dcd760e5c | |
| parent | 8d7aa23a8e160c27bec20a21051b2d26217bcec9 (diff) | |
merge -r1568 from trunk to branch-1_6 (auto_login/redirect corrections)
git-svn-id: http://piwigo.org/svn/branches/branch-1_6@1572 68402e56-0260-453c-a942-63ccdbb3a9ee
| -rw-r--r-- | identification.php | 5 | ||||
| -rw-r--r-- | include/common.inc.php | 106 | ||||
| -rw-r--r-- | include/config_default.inc.php | 5 | ||||
| -rw-r--r-- | include/functions.inc.php | 41 | ||||
| -rw-r--r-- | include/functions_user.inc.php | 105 | ||||
| -rw-r--r-- | include/template.php | 29 | ||||
| -rw-r--r-- | include/user.inc.php | 79 |
7 files changed, 205 insertions, 165 deletions
diff --git a/identification.php b/identification.php index 9bfdef96f..f5131e431 100644 --- a/identification.php +++ b/identification.php @@ -71,10 +71,7 @@ SELECT '.$conf['user_fields']['id'].' AS id, array_push( $errors, $lang['invalid_pwd'] ); } } -elseif (!empty($_COOKIE[$conf['remember_me_name']])) -{ - auto_login(); -} + //----------------------------------------------------- template initialization // // Start output of page diff --git a/include/common.inc.php b/include/common.inc.php index d7b557679..217395a6f 100644 --- a/include/common.inc.php +++ b/include/common.inc.php @@ -132,28 +132,6 @@ or die ( "Could not connect to database server" ); mysql_select_db( $cfgBase ) or die ( "Could not connect to database" ); -if ($conf['check_upgrade_feed'] - and defined('PHPWG_IN_UPGRADE') - and PHPWG_IN_UPGRADE) -{ - // retrieve already applied upgrades - $query = ' -SELECT id - FROM '.UPGRADE_TABLE.' -;'; - $applied = array_from_query($query, 'id'); - - // retrieve existing upgrades - $existing = get_available_upgrade_ids(); - - // which upgrades need to be applied? - if (count(array_diff($existing, $applied)) > 0) - { - $header_msgs[] = 'Some database upgrades are missing, ' - .'<a href="'.PHPWG_ROOT_PATH.'upgrade_feed.php">upgrade now</a>'; - } -} - // // Setup gallery wide options, if this fails then we output a CRITICAL_ERROR // since basic gallery information is not available @@ -162,67 +140,83 @@ load_conf_from_db(); include(PHPWG_ROOT_PATH.'include/user.inc.php'); + // language files include_once(get_language_filepath('common.lang.php')); - if (defined('IN_ADMIN') and IN_ADMIN) { include_once(get_language_filepath('admin.lang.php')); } +// only now we can set the localized username of the guest user (and not in +// include/user.inc.php) +if ($user['is_the_guest']) +{ + $user['username'] = $lang['guest']; +} + +// template instance +$template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template'], $user['theme'] ); + if ($conf['gallery_locked']) { - $header_msgs[] = $lang['gallery_locked_message'] - . '<a href="'.PHPWG_ROOT_PATH.'identification.php">.</a>'; + $header_msgs[] = $lang['gallery_locked_message']; - if ( basename($_SERVER["PHP_SELF"]) != 'identification.php' + if ( basename($_SERVER["SCRIPT_FILENAME"]) != 'identification.php' and !is_admin() ) { - echo( $lang['gallery_locked_message'] ); + //next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG + $page['root_path'] = cookie_path(); + echo $lang['gallery_locked_message'] + .'<a href="'.get_root_url().'identification.php">.</a>'; exit(); } } -// only now we can set the localized username of the guest user (and not in -// include/user.inc.php) -if ($user['is_the_guest']) +if ($user['is_the_guest'] and !$conf['guest_access'] + and !in_array( basename($_SERVER['SCRIPT_FILENAME']), + array('identification.php', + 'password.php', + 'register.php' + ) + ) + ) { - $user['username'] = $lang['guest']; + //next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG + $page['root_path'] = cookie_path(); + redirect (get_root_url().'identification.php'); } -// include template/theme configuration -if (defined('IN_ADMIN') and IN_ADMIN) -{ - list($user['template'], $user['theme']) = - explode - ( - '/', - isset($conf['default_admin_layout']) ? $conf['default_admin_layout'] - : $user['template'] - ); -// TODO : replace $conf['admin_layout'] by $user['admin_layout'] -} -else +if ($conf['check_upgrade_feed'] + and defined('PHPWG_IN_UPGRADE') + and PHPWG_IN_UPGRADE) { - list($user['template'], $user['theme']) = explode('/', $user['template']); + // retrieve already applied upgrades + $query = ' +SELECT id + FROM '.UPGRADE_TABLE.' +;'; + $applied = array_from_query($query, 'id'); + + // retrieve existing upgrades + $existing = get_available_upgrade_ids(); + + // which upgrades need to be applied? + if (count(array_diff($existing, $applied)) > 0) + { + //next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG + $page['root_path'] = cookie_path(); + $header_msgs[] = 'Some database upgrades are missing, ' + .'<a href="'.get_root_url().'upgrade_feed.php">upgrade now</a>'; + } } -// TODO : replace initial $user['template'] by $user['layout'] -include( - PHPWG_ROOT_PATH - .'template/'.$user['template'] - .'/theme/'.$user['theme'] - .'/themeconf.inc.php' - ); if (is_adviser()) { $header_msgs[] = $lang['adviser_mode_enabled']; } -// template instance -$template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template']); - if (count($header_msgs) > 0) { $template->assign_block_vars('header_msgs',array()); @@ -232,4 +226,4 @@ if (count($header_msgs) > 0) array('HEADER_MSG'=>$header_msg)); } } -?> +?>
\ No newline at end of file diff --git a/include/config_default.inc.php b/include/config_default.inc.php index 2f573cc5a..9c12f1060 100644 --- a/include/config_default.inc.php +++ b/include/config_default.inc.php @@ -323,7 +323,10 @@ $conf['remember_me_name'] = 'pwg_remember'; // remember_me_length : time of validity for "remember me" cookies, in // seconds. -$conf['remember_me_length'] = 31536000; +$conf['remember_me_length'] = 5184000; + +// session_length : time of validity for normal session, in seconds. +$conf['session_length'] = 3600; // +-----------------------------------------------------------------------+ // | debug | diff --git a/include/functions.inc.php b/include/functions.inc.php index dae437a0d..06847b550 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -460,7 +460,7 @@ function format_date($date, $type = 'us', $show_time = false) return $formated_date; } -function pwg_stripslashes($value) +function pwg_stripslashes($value) { if (get_magic_quotes_gpc()) { @@ -469,7 +469,7 @@ function pwg_stripslashes($value) return $value; } -function pwg_addslashes($value) +function pwg_addslashes($value) { if (!get_magic_quotes_gpc()) { @@ -478,7 +478,7 @@ function pwg_addslashes($value) return $value; } -function pwg_quotemeta($value) +function pwg_quotemeta($value) { if (get_magic_quotes_gpc()) { $value = stripslashes($value); @@ -556,20 +556,23 @@ function pwg_debug( $string ) * @param integer $refreh_time * @return void */ -function redirect( $url , $msg = '', $refreh_time = 0) +function redirect( $url , $msg = '', $refresh_time = 0) { global $user, $template, $lang_info, $conf, $lang, $t2, $page, $debug; - unset($template); - $template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template']); - if (!isset($page['body_id'])) + if (!isset($lang_info)) { - $page['body_id'] = 'adminPage'; + $user = build_user( $conf['guest_id'], true); + include_once(get_language_filepath('common.lang.php')); + list($tmpl, $thm) = explode('/', $conf['default_template']); + $template = new Template(PHPWG_ROOT_PATH.'template/'.$tmpl, $thm); + } + else + { + $template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template'], $user['theme']); } - // $redirect_msg, $refresh, $url_link and $title are required for creating an automated - // refresh page in header.tpl - if (!isset($msg) or ($msg == '')) + if (empty($msg)) { $redirect_msg = l10n('redirect_msg'); } @@ -578,10 +581,13 @@ function redirect( $url , $msg = '', $refreh_time = 0) $redirect_msg = $msg; } $redirect_msg = nl2br($redirect_msg); - $refresh = $refreh_time; + + $refresh = $refresh_time; $url_link = $url; $title = 'redirection'; + $template->set_filenames( array( 'redirect' => 'redirect.tpl' ) ); + include( PHPWG_ROOT_PATH.'include/page_header.php' ); $template->set_filenames( array( 'redirect' => 'redirect.tpl' ) ); @@ -591,7 +597,6 @@ function redirect( $url , $msg = '', $refreh_time = 0) exit(); } - /** * returns $_SERVER['QUERY_STRING'] whitout keys given in parameters * @@ -693,7 +698,7 @@ function get_thumbnail_src($path, $tn_ext = '', $with_rewrite = true) function my_error($header) { global $conf; - + $error = '<pre>'; $error.= $header; $error.= '[mysql error '.mysql_errno().'] '; @@ -879,9 +884,9 @@ function str_translate_to_ascii7bits($str) */ function get_themeconf($key) { - global $themeconf; + global $template; - return isset($themeconf[$key]) ? $themeconf[$key] : ''; + return $template->get_themeconf($key); } /** @@ -938,7 +943,7 @@ function get_available_upgrade_ids() function load_conf_from_db() { global $conf; - + $query = ' SELECT param,value FROM '.CONFIG_TABLE.' @@ -953,7 +958,7 @@ SELECT param,value while ($row = mysql_fetch_array($result)) { $conf[ $row['param'] ] = isset($row['value']) ? $row['value'] : ''; - + // If the field is true or false, the variable is transformed into a // boolean value. if ($conf[$row['param']] == 'true' or $conf[$row['param']] == 'false') diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index ba085127f..0a3991574 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -104,6 +104,54 @@ function setup_style($style) return new Template(PHPWG_ROOT_PATH.'template/'.$style); } + +function build_user( $user_id, $use_cache ) +{ + global $conf; + $user['id'] = $user_id; + $user = array_merge( $user, getuserdata($user_id, $use_cache) ); + if ( $user['id'] == $conf['guest_id']) + { + $user['is_the_guest']=true; + $user['template'] = $conf['default_template']; + $user['nb_image_line'] = $conf['nb_image_line']; + $user['nb_line_page'] = $conf['nb_line_page']; + $user['language'] = $conf['default_language']; + $user['maxwidth'] = $conf['default_maxwidth']; + $user['maxheight'] = $conf['default_maxheight']; + $user['recent_period'] = $conf['recent_period']; + $user['expand'] = $conf['auto_expand']; + $user['show_nb_comments'] = $conf['show_nb_comments']; + $user['enabled_high'] = $conf['newuser_default_enabled_high']; + } + else + { + $user['is_the_guest']=false; + } + // calculation of the number of picture to display per page + $user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page']; + + // include template/theme configuration + if (defined('IN_ADMIN') and IN_ADMIN) + { + list($user['template'], $user['theme']) = + explode + ( + '/', + isset($conf['default_admin_layout']) ? $conf['default_admin_layout'] + : $user['template'] + ); + // TODO : replace $conf['admin_layout'] by $user['admin_layout'] + } + else + { + list($user['template'], $user['theme']) = explode('/', $user['template']); + } + + return $user; +} + + /** * find informations related to the user identifier * @@ -458,7 +506,7 @@ function create_user_infos($user_id) { $status = 'normal'; } - + $insert = array( 'user_id' => $user_id, @@ -556,13 +604,13 @@ function log_user($user_id, $remember_me) { // search for an existing auto_login_key $query = ' -SELECT auto_login_key +SELECT auto_login_key FROM '.USERS_TABLE.' WHERE '.$conf['user_fields']['id'].' = '.$user_id.' ;'; - + $auto_login_key = current(mysql_fetch_assoc(pwg_query($query))); - if (empty($auto_login_key)) + if (empty($auto_login_key)) { $auto_login_key = base64_encode(md5(uniqid(rand(), true))); $query = ' @@ -574,45 +622,58 @@ UPDATE '.USERS_TABLE.' } $cookie = array('id' => $user_id, 'key' => $auto_login_key); setcookie($conf['remember_me_name'], - serialize($cookie), + serialize($cookie), time()+$conf['remember_me_length'], cookie_path() ); } - session_start(); + else + { // make sure we clean any remember me ... + setcookie($conf['remember_me_name'], '', 0, cookie_path()); + } + if ( session_id()!="" ) + { // this can happpen when the session is expired and auto_login + session_regenerate_id(); + } + else + { + session_start(); + } $_SESSION['pwg_uid'] = $user_id; $user['id'] = $_SESSION['pwg_uid']; - $user['is_the_guest'] = false; } /* * Performs auto-connexion when cookie remember_me exists - * @return void + * @return true/false */ -function auto_login() { +function auto_login() { global $conf; - // must remove slash added in include/common.inc.php - $cookie = unserialize(stripslashes($_COOKIE[$conf['remember_me_name']])); + if ( isset( $_COOKIE[$conf['remember_me_name']] ) ) + { + // must remove slash added in include/common.inc.php + $cookie = unserialize(stripslashes($_COOKIE[$conf['remember_me_name']])); - $query = ' + $query = ' SELECT auto_login_key FROM '.USERS_TABLE.' WHERE '.$conf['user_fields']['id'].' = '.$cookie['id'].' ;'; - $auto_login_key = current(mysql_fetch_assoc(pwg_query($query))); - if ($auto_login_key == $cookie['key']) - { - log_user($cookie['id'], false); - redirect(make_index_url()); + $auto_login_key = current(mysql_fetch_assoc(pwg_query($query))); + if ($auto_login_key == $cookie['key']) + { + log_user($cookie['id'], true); + return true; + } + else + { + setcookie($conf['remember_me_name'], '', 0, cookie_path()); + } } - else - { - setcookie($conf['remember_me_name'], '', 0, cookie_path()); - redirect(make_index_url()); - } + return false; } /* diff --git a/include/template.php b/include/template.php index d93700b7a..df9c9a013 100644 --- a/include/template.php +++ b/include/template.php @@ -59,13 +59,22 @@ class Template { // output var $output = ''; + var $themeconf = array(); + /** * Constructor. Simply sets the root dir. * */ - function Template($root = ".") + function Template($root = ".", $theme= "") { - $this->set_rootdir($root); + if ( $this->set_rootdir($root) ) + { + if ( !empty( $theme ) ) + { + include($root.'/theme/'.$theme.'/themeconf.inc.php'); + $this->themeconf = $themeconf; + } + } } /** @@ -311,14 +320,14 @@ class Template { { die("Template->loadfile(): File $filename for handle $handle is empty"); } - + $this->uncompiled_code[$handle] = $str; - + return true; } - - - + + + /** * Compiles the given string of code, and returns the result in a string. * @@ -331,7 +340,7 @@ class Template { // PWG specific : communication between template and $lang $code = preg_replace('/\{lang:([^}]+)\}/e', "l10n('$1')", $code); // PWG specific : expand themeconf.inc.php variables - $code = preg_replace('/\{themeconf:([^}]+)\}/e', "get_themeconf('$1')", $code); + $code = preg_replace('/\{themeconf:([^}]+)\}/e', '$this->get_themeconf(\'$1\')', $code); $code = preg_replace('/\{pwg_root\}/e', "get_root_url()", $code); // replace \ with \\ and then ' with \'. @@ -525,6 +534,10 @@ class Template { return $varref; } + function get_themeconf($key) + { + return isset($this->themeconf[$key]) ? $this->themeconf[$key] : ''; + } } ?> diff --git a/include/user.inc.php b/include/user.inc.php index b2001fa23..b52ed2a07 100644 --- a/include/user.inc.php +++ b/include/user.inc.php @@ -2,7 +2,7 @@ // +-----------------------------------------------------------------------+ // | PhpWebGallery - a PHP based picture gallery | // | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net | -// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net | +// | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net | // +-----------------------------------------------------------------------+ // | branch : BSF (Best So Far) // | file : $RCSfile$ @@ -25,53 +25,44 @@ // | USA. | // +-----------------------------------------------------------------------+ -if (isset($_COOKIE[session_name()])) +// by default we start with guest +$user['id'] = $conf['guest_id']; + +if (isset($_COOKIE[session_name()])) { session_start(); if (isset($_GET['act']) and $_GET['act'] == 'logout') - { - // logout + { // logout $_SESSION = array(); session_unset(); session_destroy(); setcookie(session_name(),'',0, - ini_get('session.cookie_path'), - ini_get('session.cookie_domain') - ); + ini_get('session.cookie_path'), + ini_get('session.cookie_domain') + ); setcookie($conf['remember_me_name'], '', 0, cookie_path()); redirect(make_index_url()); - } - elseif (empty($_SESSION['pwg_uid'])) - { - // timeout + } + elseif (empty($_SESSION['pwg_uid'])) + { // timeout setcookie(session_name(),'',0, - ini_get('session.cookie_path'), - ini_get('session.cookie_domain') - ); + ini_get('session.cookie_path'), + ini_get('session.cookie_domain') + ); } else { $user['id'] = $_SESSION['pwg_uid']; - $user['is_the_guest'] = false; } } -elseif (!empty($_COOKIE[$conf['remember_me_name']])) + + +// Now check the auto-login +if ( $user['id']==$conf['guest_id'] ) { auto_login(); -} -else -{ - $user['id'] = $conf['guest_id']; - $user['is_the_guest'] = true; } -if ($user['is_the_guest'] and !$conf['guest_access'] - and (basename($_SERVER['PHP_SELF'])!='identification.php') - and (basename($_SERVER['PHP_SELF'])!='password.php') - and (basename($_SERVER['PHP_SELF'])!='register.php')) -{ - redirect (get_root_url().'identification.php'); -} // using Apache authentication override the above user search if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER'])) @@ -81,33 +72,9 @@ if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER'])) register_user($_SERVER['REMOTE_USER'], '', ''); $user['id'] = get_userid($_SERVER['REMOTE_USER']); } - - $user['is_the_guest'] = false; -} - -$user = array_merge( - $user, - getuserdata( - $user['id'], - ( defined('IN_ADMIN') and IN_ADMIN ) ? false : true // use cache ? - ) - ); - -// properties of user guest are found in the configuration -if ($user['is_the_guest']) -{ - $user['template'] = $conf['default_template']; - $user['nb_image_line'] = $conf['nb_image_line']; - $user['nb_line_page'] = $conf['nb_line_page']; - $user['language'] = $conf['default_language']; - $user['maxwidth'] = $conf['default_maxwidth']; - $user['maxheight'] = $conf['default_maxheight']; - $user['recent_period'] = $conf['recent_period']; - $user['expand'] = $conf['auto_expand']; - $user['show_nb_comments'] = $conf['show_nb_comments']; - $user['enabled_high'] = $conf['newuser_default_enabled_high']; } +$user = build_user( $user['id'], + ( defined('IN_ADMIN') and IN_ADMIN ) ? false : true // use cache ? + ); -// calculation of the number of picture to display per page -$user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page']; -?> +?>
\ No newline at end of file |