feature #392, authentication keys, history log

When a user successfully performs an authentication with an auth_key, Piwigo
registers it in the history table.

For now, it is not shown/searchable in the history screen, but we can add it
in the future and we can provide a plugin with specific details about
authentication keys usage.

3 files changed, 45 insertions, 1 deletions

diff --git a/include/functions.inc.php b/include/functions.inc.php
index 2119abe8f..578830ba5 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -446,6 +446,7 @@ INSERT INTO '.HISTORY_TABLE.'
     image_id,
     image_type,
     format_id,
+    auth_key_id,
     tag_ids
   )
   VALUES
@@ -459,6 +460,7 @@ INSERT INTO '.HISTORY_TABLE.'
     '.(isset($image_id) ? $image_id : 'NULL').',
     '.(isset($image_type) ? "'".$image_type."'" : 'NULL').',
     '.(isset($format_id) ? $format_id : 'NULL').',
+    '.(isset($page['auth_key_id']) ? $page['auth_key_id'] : 'NULL').',
     '.(isset($tags_string) ? "'".$tags_string."'" : 'NULL').'
   )
 ;';
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index ba4ed6808..cd186183a 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -1472,7 +1472,7 @@ function get_recent_photos_sql($db_field)
  */
 function auth_key_login($auth_key)
 {
-  global $conf, $user;
+  global $conf, $user, $page;
 
   if ($user['id'] != $conf['guest_id'])
   {
@@ -1519,6 +1519,9 @@ SELECT
   log_user($user['id'], false);
   trigger_notify('login_success', stripslashes($key['username']));
 
+  // to be registered in history table by pwg_log function
+  $page['auth_key_id'] = $key['auth_key_id'];
+
   return true;
 }
 
diff --git a/install/db/148-database.php b/install/db/148-database.php
new file mode 100644
index 000000000..79edebdbc
--- /dev/null
+++ b/install/db/148-database.php
@@ -0,0 +1,39 @@
+<?php
+// +-----------------------------------------------------------------------+
+// | Piwigo - a PHP based photo gallery                                    |
+// +-----------------------------------------------------------------------+
+// | Copyright(C) 2008-2015 Piwigo Team                  http://piwigo.org |
+// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
+// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
+// +-----------------------------------------------------------------------+
+// | This program is free software; you can redistribute it and/or modify  |
+// | it under the terms of the GNU General Public License as published by  |
+// | the Free Software Foundation                                          |
+// |                                                                       |
+// | This program is distributed in the hope that it will be useful, but   |
+// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
+// | General Public License for more details.                              |
+// |                                                                       |
+// | You should have received a copy of the GNU General Public License     |
+// | along with this program; if not, write to the Free Software           |
+// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
+// | USA.                                                                  |
+// +-----------------------------------------------------------------------+
+
+if (!defined('PHPWG_ROOT_PATH'))
+{
+  die('Hacking attempt!');
+}
+
+$upgrade_description = 'add auth_key_id in history table';
+
+// we use PREFIX_TABLE, in case Piwigo uses an external user table
+pwg_query('
+ALTER TABLE `'.PREFIX_TABLE.'history`
+  ADD COLUMN `auth_key_id` int(11) unsigned DEFAULT NULL
+;');
+
+echo "\n".$upgrade_description."\n";
+
+?>