diff options
| author | rvelices <rv-github@modusoptimus.com> | 2008-07-01 02:09:21 +0000 |
|---|---|---|
| committer | rvelices <rv-github@modusoptimus.com> | 2008-07-01 02:09:21 +0000 |
| commit | d91d0ac444a08c664d05c00a8593fc88fbb0c605 (patch) | |
| tree | 7f560292f25e68b67604def548d2db595228bb94 /include | |
| parent | 1d3706a42171b409e9d455194ee96d3fc87479a4 (diff) | |
- remember me cookie security improvement (the time when the cookie was generated is saved and checked in range [now-remember_me_length; now]
- tags improvements
* pass to templates all fields in table #tags (handy for plugins such as type tags)
* fix issue with tag letter when first letter is accentuated (utf-8)
* tags are sorted on url_name instead of name (accentuated first letter chars are the same as without accent)
* better use of columns in by letter display mode
git-svn-id: http://piwigo.org/svn/trunk@2409 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include')
| -rw-r--r-- | include/functions_html.inc.php | 7 | ||||
| -rw-r--r-- | include/functions_tag.inc.php | 16 | ||||
| -rw-r--r-- | include/functions_user.inc.php | 54 | ||||
| -rw-r--r-- | include/menubar.inc.php | 36 | ||||
| -rw-r--r-- | include/ws_functions.inc.php | 2 |
5 files changed, 46 insertions, 69 deletions
diff --git a/include/functions_html.inc.php b/include/functions_html.inc.php index b51f6f9df..6f9e1fc5a 100644 --- a/include/functions_html.inc.php +++ b/include/functions_html.inc.php @@ -550,6 +550,11 @@ function name_compare($a, $b) return strcmp(strtolower($a['name']), strtolower($b['name'])); } +function tag_alpha_compare($a, $b) +{ + return strcmp(strtolower($a['url_name']), strtolower($b['url_name'])); +} + /** * exits the current script (either exit or redirect) */ @@ -732,7 +737,7 @@ function render_category_literal_description($desc) return strip_tags($desc, '<span><p><a><br><b><i><small><big><strong><em>'); } -/** returns the argument_ids array with new sequenced keys based on related +/** returns the argument_ids array with new sequenced keys based on related * names. Sequence is not case sensitive. * Warning: By definition, this function breaks original keys */ diff --git a/include/functions_tag.inc.php b/include/functions_tag.inc.php index 7bd5d8408..7645f6d82 100644 --- a/include/functions_tag.inc.php +++ b/include/functions_tag.inc.php @@ -59,7 +59,7 @@ SELECT tag_id, COUNT(DISTINCT(it.image_id)) counter } $query = ' -SELECT id, name, url_name +SELECT * FROM '.TAGS_TABLE; $result = pwg_query($query); $tags = array(); @@ -83,9 +83,7 @@ SELECT id, name, url_name function get_all_tags() { $query = ' -SELECT id, - name, - url_name +SELECT * FROM '.TAGS_TABLE.' ;'; $result = pwg_query($query); @@ -95,7 +93,7 @@ SELECT id, array_push($tags, $row); } - usort($tags, 'name_compare'); + usort($tags, 'tag_alpha_compare'); return $tags; } @@ -227,9 +225,9 @@ function get_common_tags($items, $max_tags, $excluded_tag_ids=null) return array(); } $query = ' -SELECT id, name, url_name, count(*) counter +SELECT t.*, count(*) counter FROM '.IMAGE_TAG_TABLE.' - INNER JOIN '.TAGS_TABLE.' ON tag_id = id + INNER JOIN '.TAGS_TABLE.' t ON tag_id = id WHERE image_id IN ('.implode(',', $items).')'; if (!empty($excluded_tag_ids)) { @@ -256,7 +254,7 @@ SELECT id, name, url_name, count(*) counter { array_push($tags, $row); } - usort($tags, 'name_compare'); + usort($tags, 'tag_alpha_compare'); return $tags; } @@ -307,7 +305,7 @@ function find_tags($ids, $url_names=array(), $names=array() ) } $query = ' -SELECT id, url_name, name +SELECT * FROM '.TAGS_TABLE.' WHERE '. implode( ' OR ', $where_clauses); diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 58b35e541..abbff998c 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -838,32 +838,7 @@ function get_default_template() */ function get_default_language() { - global $conf; - if (isset($conf['browser_language']) and $conf['browser_language']) - { - return get_browser_language(); - } - else - { - return get_default_user_value('language', PHPWG_DEFAULT_LANGUAGE); - } -} - -/* - * Returns the browser language value - * - */ -function get_browser_language() -{ - $browser_language = substr($_SERVER["HTTP_ACCEPT_LANGUAGE"], 0, 2); - foreach (get_languages() as $language_code => $language_name) - { - if (substr($language_code, 0, 2) == $browser_language) - { - return $language_code; - } - } - return PHPWG_DEFAULT_LANGUAGE; + return get_default_user_value('language', PHPWG_DEFAULT_LANGUAGE); } /** @@ -923,7 +898,6 @@ function create_user_infos($arg_id, $override_values = null) { $status = 'normal'; } - $default_user['language'] = get_default_language(); $insert = array_merge( $default_user, @@ -974,9 +948,10 @@ SELECT name /** * returns the auto login key or false on error * @param int user_id + * @param time_t time * @param string [out] username */ -function calculate_auto_login_key($user_id, &$username) +function calculate_auto_login_key($user_id, $time, &$username) { global $conf; $query = ' @@ -989,7 +964,7 @@ WHERE '.$conf['user_fields']['id'].' = '.$user_id; { $row = mysql_fetch_assoc($result); $username = $row['username']; - $data = $row['username'].$row['password']; + $data = $time.$row['username'].$row['password']; $key = base64_encode( pack('H*', sha1($data)) .hash_hmac('md5', $data, $conf['secret_key'],true) @@ -1011,12 +986,13 @@ function log_user($user_id, $remember_me) if ($remember_me and $conf['authorize_remembering']) { - $key = calculate_auto_login_key($user_id, $username); + $now = time(); + $key = calculate_auto_login_key($user_id, $now, $username); if ($key!==false) { - $cookie = array('id' => (int)$user_id, 'key' => $key); + $cookie = $user_id.'-'.$now.'-'.$key; setcookie($conf['remember_me_name'], - serialize($cookie), + $cookie, time()+$conf['remember_me_length'], cookie_path() ); @@ -1049,13 +1025,17 @@ function auto_login() { if ( isset( $_COOKIE[$conf['remember_me_name']] ) ) { - $cookie = unserialize(stripslashes($_COOKIE[$conf['remember_me_name']])); - if ($cookie!==false and is_numeric(@$cookie['id']) ) + $cookie = explode('-', stripslashes($_COOKIE[$conf['remember_me_name']])); + if ( count($cookie)===3 + and is_numeric(@$cookie[0]) /*user id*/ + and is_numeric(@$cookie[1]) /*time*/ + and time()-$conf['remember_me_length']<=@$cookie[1] + and time()>=@$cookie[1] /*cookie generated in the past*/ ) { - $key = calculate_auto_login_key( $cookie['id'], $username ); - if ($key!==false and $key===$cookie['key']) + $key = calculate_auto_login_key( $cookie[0], $cookie[1], $username ); + if ($key!==false and $key===$cookie[2]) { - log_user($cookie['id'], true); + log_user($cookie[0], true); trigger_action('login_success', $username); return true; } diff --git a/include/menubar.inc.php b/include/menubar.inc.php index 03e941226..0ff64827e 100644 --- a/include/menubar.inc.php +++ b/include/menubar.inc.php @@ -111,29 +111,23 @@ if ('tags' == @$page['section']) { $template->append( 'related_tags', - array( - 'U_TAG' => make_index_url( - array( - 'tags' => array($tag) - ) - ), - - 'NAME' => $tag['name'], - - 'CLASS' => 'tagLevel'.$tag['level'], - - 'add' => array( + array_merge( $tag, + array( + 'URL' => make_index_url( + array( + 'tags' => array($tag) + ) + ), - 'URL' => make_index_url( - array( - 'tags' => array_merge( - $page['tags'], - array($tag) + 'U_ADD' => make_index_url( + array( + 'tags' => array_merge( + $page['tags'], + array($tag) + ) ) - ) - ), - 'COUNTER' => $tag['counter'], - ) + ), + ) ) ); } diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php index 2488fd0bf..dc10719b6 100644 --- a/include/ws_functions.inc.php +++ b/include/ws_functions.inc.php @@ -889,7 +889,7 @@ function ws_tags_getList($params, &$service) } else { - usort($tags, 'name_compare'); + usort($tags, 'tag_alpha_compare'); } for ($i=0; $i<count($tags); $i++) { |