- bug fixed : in admin/cat_list, next_rank cant' be calculted and query to

  count sub-categories per sub-categories became false if no sub-categories

- virtual association come back in admin/infos_images (not only in
  admin/picture_modify)

- check_favorites function in admin section becomes check_user_favorites in
  public section : favorites are checked when user tries to display his
  favorites. Function was optimized.

- in function update_category, wrap of long queries due to many categories
  to update at the same time

- typo fixed in description of paginate_pages_around configuration parameter

- bug fixed in new navigation bar : no separation pipe was displayed between
  next and last when the page displayed was the last

- sessions.expiration changed of type from int to datetime (a lot easier to
  read)

- sessions.ip removed : IP address is no longer used to verify session

- $lang['cat_options'] was missing in en_UK.iso-8859-1

- typo fixed in language/en_UK.iso-8859-1/admin.lang.php on
  editcat_lock_info language item


git-svn-id: http://piwigo.org/svn/trunk@647 68402e56-0260-453c-a942-63ccdbb3a9ee

6 files changed, 58 insertions, 23 deletions

diff --git a/include/config.inc.php b/include/config.inc.php
index e5926578d..22d205fad 100644
--- a/include/config.inc.php
+++ b/include/config.inc.php
@@ -190,7 +190,7 @@ $conf['newcat_default_status'] = 'public';
 // to the sub level
 $conf['level_separator'] = ' / ';
 
-// paginate_pages_around : on paginate navigation bar, on many pages display
-// before and after the current page ?
+// paginate_pages_around : on paginate navigation bar, how many pages
+// display before and after the current page ?
 $conf['paginate_pages_around'] = 2;
 ?>
diff --git a/include/functions_category.inc.php b/include/functions_category.inc.php
index 2fd502120..f08a2fa27 100644
--- a/include/functions_category.inc.php
+++ b/include/functions_category.inc.php
@@ -561,6 +561,8 @@ SELECT COUNT(DISTINCT(id)) AS nb_total_images
       // favorites displaying
       else if ( $page['cat'] == 'fav' )
       {
+        check_user_favorites();
+        
         $page['title'] = $lang['favorites'];
 
         $page['where'] = ', '.FAVORITES_TABLE.' AS fav';
diff --git a/include/functions_html.inc.php b/include/functions_html.inc.php
index f1b76169f..c60abc778 100644
--- a/include/functions_html.inc.php
+++ b/include/functions_html.inc.php
@@ -158,11 +158,12 @@ function create_navigation_bar($url, $nb_element, $start,
     {
       $navbar.= $lang['next_page'];
     }
+    
+    $navbar.= ' | ';
     // link to last page ?
     if ($cur_page != $maximum)
     {
       $temp_start = ($maximum - 1) * $nb_element_page;
-      $navbar.= ' | ';
       $navbar.= '<a href="';
       $navbar.= add_session_id($url.'&amp;start='.$temp_start);
       $navbar.= '" class="'.$link_class.'">'.$lang['last_page'];
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index aa454d3ea..bbbb739cd 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -86,16 +86,16 @@ SELECT id
     }
   }
   // 3. inserting session in database
-  $expiration = $session_length + time();
   $query = '
 INSERT INTO '.SESSIONS_TABLE.'
-  (id,user_id,expiration,ip)
+  (id,user_id,expiration)
   VALUES
-  (\''.$generated_id.'\','.$userid.','.$expiration.',
-   \''.$_SERVER['REMOTE_ADDR'].'\')
+  (\''.$generated_id.'\','.$userid.',
+   ADDDATE(NOW(), INTERVAL '.$session_length.' SECOND))
 ;';
   pwg_query($query);
 
+  $expiration = $session_length + time();
   setcookie('id', $generated_id, $expiration, cookie_path());
                 
   return $generated_id;
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 1581ff28f..c00ba2f4a 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -237,4 +237,43 @@ function getuserdata($user)
   $result = pwg_query($sql);
   return ( $row = mysql_fetch_array($result) ) ? $row : false;
 }
+
+/*
+ * deletes favorites of the current user if he's not allowed to see them
+ *
+ * @return void
+ */
+function check_user_favorites()
+{
+  global $user;
+
+  if ($user['forbidden_categories'] == '')
+  {
+    return;
+  }
+  
+  $query = '
+SELECT f.image_id
+  FROM '.FAVORITES_TABLE.' AS f INNER JOIN '.IMAGE_CATEGORY_TABLE.' AS ic
+    ON f.image_id = ic.image_id
+  WHERE f.user_id = '.$user['id'].'
+    AND ic.category_id IN ('.$user['forbidden_categories'].')
+;';
+  $result = pwg_query($query);
+  $elements = array();
+  while ($row = mysql_fetch_array($result))
+  {
+    array_push($elements, $row['image_id']);
+  }
+
+  if (count($elements) > 0)
+  {
+    $query = '
+DELETE FROM '.FAVORITES_TABLE.'
+  WHERE image_id IN ('.implode(',', $elements).')
+    AND user_id = '.$user['id'].'
+;';
+    pwg_query($query);
+  }
+}
 ?>
diff --git a/include/user.inc.php b/include/user.inc.php
index 3500ff186..eb5540f8b 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -59,7 +59,7 @@ if (isset($session_id)
 {
   $page['session_id'] = $session_id;
   $query = '
-SELECT user_id,expiration,ip
+SELECT user_id,expiration,NOW() AS now
   FROM '.SESSIONS_TABLE.'
   WHERE id = \''.$page['session_id'].'\'
 ;';
@@ -67,22 +67,15 @@ SELECT user_id,expiration,ip
   if (mysql_num_rows($result) > 0)
   {
     $row = mysql_fetch_array($result);
-    if (!$user['has_cookie'])
+    if (strnatcmp($row['expiration'], $row['now']) < 0)
     {
-      if ($row['expiration'] < time())
-      {
-        // deletion of the session from the database,
-        // because it is out-of-date
-        $delete_query = 'DELETE FROM '.SESSIONS_TABLE;
-        $delete_query.= " WHERE id = '".$page['session_id']."'";
-        $delete_query.= ';';
-        pwg_query($delete_query);
-      }
-      else if ($_SERVER['REMOTE_ADDR'] == $row['ip'])
-      {
-        $query_user .= ' WHERE id = '.$row['user_id'];
-        $query_done = true;
-      }
+      // deletion of the session from the database, because it is
+      // out-of-date
+      $delete_query = '
+DELETE FROM '.SESSIONS_TABLE.'
+  WHERE id = \''.$page['session_id'].'\'
+;';
+      pwg_query($delete_query);
     }
     else
     {