From 641d335cff78b6e04c625ad3679547b73c1bb829 Mon Sep 17 00:00:00 2001
From: rvelices <rv-github@modusoptimus.com>
Date: Sat, 21 Oct 2006 20:16:01 +0000
Subject: merge -r1568 from trunk to branch-1_6 (auto_login/redirect
 corrections)

git-svn-id: http://piwigo.org/svn/branches/branch-1_6@1572 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 identification.php             |   5 +-
 include/common.inc.php         | 106 +++++++++++++++++++----------------------
 include/config_default.inc.php |   5 +-
 include/functions.inc.php      |  41 +++++++++-------
 include/functions_user.inc.php | 105 +++++++++++++++++++++++++++++++---------
 include/template.php           |  29 +++++++----
 include/user.inc.php           |  79 +++++++++---------------------
 7 files changed, 205 insertions(+), 165 deletions(-)

diff --git a/identification.php b/identification.php
index 9bfdef96f..f5131e431 100644
--- a/identification.php
+++ b/identification.php
@@ -71,10 +71,7 @@ SELECT '.$conf['user_fields']['id'].' AS id,
     array_push( $errors, $lang['invalid_pwd'] );
   }
 }
-elseif (!empty($_COOKIE[$conf['remember_me_name']]))
-{
-  auto_login();
-}
+
 //----------------------------------------------------- template initialization
 //
 // Start output of page
diff --git a/include/common.inc.php b/include/common.inc.php
index d7b557679..217395a6f 100644
--- a/include/common.inc.php
+++ b/include/common.inc.php
@@ -132,28 +132,6 @@ or die ( "Could not connect to database server" );
 mysql_select_db( $cfgBase )
 or die ( "Could not connect to database" );
 
-if ($conf['check_upgrade_feed']
-    and defined('PHPWG_IN_UPGRADE')
-    and PHPWG_IN_UPGRADE)
-{
-  // retrieve already applied upgrades
-  $query = '
-SELECT id
-  FROM '.UPGRADE_TABLE.'
-;';
-  $applied = array_from_query($query, 'id');
-
-  // retrieve existing upgrades
-  $existing = get_available_upgrade_ids();
-
-  // which upgrades need to be applied?
-  if (count(array_diff($existing, $applied)) > 0)
-  {
-    $header_msgs[] = 'Some database upgrades are missing, '
-      .'<a href="'.PHPWG_ROOT_PATH.'upgrade_feed.php">upgrade now</a>';
-  }
-}
-
 //
 // Setup gallery wide options, if this fails then we output a CRITICAL_ERROR
 // since basic gallery information is not available
@@ -162,67 +140,83 @@ load_conf_from_db();
 
 include(PHPWG_ROOT_PATH.'include/user.inc.php');
 
+
 // language files
 include_once(get_language_filepath('common.lang.php'));
-
 if (defined('IN_ADMIN') and IN_ADMIN)
 {
   include_once(get_language_filepath('admin.lang.php'));
 }
 
+// only now we can set the localized username of the guest user (and not in
+// include/user.inc.php)
+if ($user['is_the_guest'])
+{
+  $user['username'] = $lang['guest'];
+}
+
+// template instance
+$template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template'], $user['theme'] );
+
 if ($conf['gallery_locked'])
 {
-  $header_msgs[] = $lang['gallery_locked_message']
-    . '<a href="'.PHPWG_ROOT_PATH.'identification.php">.</a>';
+  $header_msgs[] = $lang['gallery_locked_message'];
 
-  if ( basename($_SERVER["PHP_SELF"]) != 'identification.php'
+  if ( basename($_SERVER["SCRIPT_FILENAME"]) != 'identification.php'
       and !is_admin() )
   {
-    echo( $lang['gallery_locked_message'] );
+    //next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG
+    $page['root_path'] = cookie_path();
+    echo $lang['gallery_locked_message']
+      .'<a href="'.get_root_url().'identification.php">.</a>';
     exit();
   }
 }
 
-// only now we can set the localized username of the guest user (and not in
-// include/user.inc.php)
-if ($user['is_the_guest'])
+if ($user['is_the_guest'] and !$conf['guest_access']
+    and !in_array( basename($_SERVER['SCRIPT_FILENAME']),
+                      array('identification.php',
+                            'password.php',
+                            'register.php'
+                        )
+                  )
+    )
 {
-  $user['username'] = $lang['guest'];
+  //next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG
+  $page['root_path'] = cookie_path();
+  redirect (get_root_url().'identification.php');
 }
 
-// include template/theme configuration
-if (defined('IN_ADMIN') and IN_ADMIN)
-{
-  list($user['template'], $user['theme']) =
-    explode
-    (
-      '/',
-      isset($conf['default_admin_layout']) ? $conf['default_admin_layout']
-                                           : $user['template']
-    );
-// TODO : replace $conf['admin_layout'] by $user['admin_layout']
-}
-else
+if ($conf['check_upgrade_feed']
+    and defined('PHPWG_IN_UPGRADE')
+    and PHPWG_IN_UPGRADE)
 {
-  list($user['template'], $user['theme']) = explode('/', $user['template']);
+  // retrieve already applied upgrades
+  $query = '
+SELECT id
+  FROM '.UPGRADE_TABLE.'
+;';
+  $applied = array_from_query($query, 'id');
+
+  // retrieve existing upgrades
+  $existing = get_available_upgrade_ids();
+
+  // which upgrades need to be applied?
+  if (count(array_diff($existing, $applied)) > 0)
+  {
+    //next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG
+    $page['root_path'] = cookie_path();
+    $header_msgs[] = 'Some database upgrades are missing, '
+      .'<a href="'.get_root_url().'upgrade_feed.php">upgrade now</a>';
+  }
 }
-// TODO : replace initial $user['template'] by $user['layout']
 
-include(
-  PHPWG_ROOT_PATH
-  .'template/'.$user['template']
-  .'/theme/'.$user['theme']
-  .'/themeconf.inc.php'
-  );
 
 if (is_adviser())
 {
   $header_msgs[] = $lang['adviser_mode_enabled'];
 }
 
-// template instance
-$template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template']);
-
 if (count($header_msgs) > 0)
 {
   $template->assign_block_vars('header_msgs',array());
@@ -232,4 +226,4 @@ if (count($header_msgs) > 0)
                                  array('HEADER_MSG'=>$header_msg));
   }
 }
-?>
+?>
\ No newline at end of file
diff --git a/include/config_default.inc.php b/include/config_default.inc.php
index 2f573cc5a..9c12f1060 100644
--- a/include/config_default.inc.php
+++ b/include/config_default.inc.php
@@ -323,7 +323,10 @@ $conf['remember_me_name'] = 'pwg_remember';
 
 // remember_me_length : time of validity for "remember me" cookies, in
 // seconds.
-$conf['remember_me_length'] = 31536000;
+$conf['remember_me_length'] = 5184000;
+
+// session_length : time of validity for normal session, in seconds.
+$conf['session_length'] = 3600;
 
 // +-----------------------------------------------------------------------+
 // |                                debug                                  |
diff --git a/include/functions.inc.php b/include/functions.inc.php
index dae437a0d..06847b550 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -460,7 +460,7 @@ function format_date($date, $type = 'us', $show_time = false)
   return $formated_date;
 }
 
-function pwg_stripslashes($value) 
+function pwg_stripslashes($value)
 {
   if (get_magic_quotes_gpc())
   {
@@ -469,7 +469,7 @@ function pwg_stripslashes($value)
   return $value;
 }
 
-function pwg_addslashes($value) 
+function pwg_addslashes($value)
 {
   if (!get_magic_quotes_gpc())
   {
@@ -478,7 +478,7 @@ function pwg_addslashes($value)
   return $value;
 }
 
-function pwg_quotemeta($value) 
+function pwg_quotemeta($value)
 {
   if (get_magic_quotes_gpc()) {
     $value = stripslashes($value);
@@ -556,20 +556,23 @@ function pwg_debug( $string )
  * @param integer $refreh_time
  * @return void
  */
-function redirect( $url , $msg = '', $refreh_time = 0)
+function redirect( $url , $msg = '', $refresh_time = 0)
 {
   global $user, $template, $lang_info, $conf, $lang, $t2, $page, $debug;
 
-  unset($template);
-  $template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template']);
-  if (!isset($page['body_id'])) 
+  if (!isset($lang_info))
   {
-    $page['body_id'] = 'adminPage';
+    $user = build_user( $conf['guest_id'], true);
+    include_once(get_language_filepath('common.lang.php'));
+    list($tmpl, $thm) = explode('/', $conf['default_template']);
+    $template = new Template(PHPWG_ROOT_PATH.'template/'.$tmpl, $thm);
+  }
+  else
+  {
+    $template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template'], $user['theme']);
   }
 
-  // $redirect_msg, $refresh, $url_link and $title are required for creating an automated
-  // refresh page in header.tpl
-  if (!isset($msg) or ($msg == ''))
+  if (empty($msg))
   {
     $redirect_msg = l10n('redirect_msg');
   }
@@ -578,10 +581,13 @@ function redirect( $url , $msg = '', $refreh_time = 0)
     $redirect_msg = $msg;
   }
   $redirect_msg = nl2br($redirect_msg);
-  $refresh = $refreh_time;
+
+  $refresh = $refresh_time;
   $url_link = $url;
   $title = 'redirection';
 
+  $template->set_filenames( array( 'redirect' => 'redirect.tpl' ) );
+
   include( PHPWG_ROOT_PATH.'include/page_header.php' );
 
   $template->set_filenames( array( 'redirect' => 'redirect.tpl' ) );
@@ -591,7 +597,6 @@ function redirect( $url , $msg = '', $refreh_time = 0)
 
   exit();
 }
-
 /**
  * returns $_SERVER['QUERY_STRING'] whitout keys given in parameters
  *
@@ -693,7 +698,7 @@ function get_thumbnail_src($path, $tn_ext = '', $with_rewrite = true)
 function my_error($header)
 {
   global $conf;
-  
+
   $error = '<pre>';
   $error.= $header;
   $error.= '[mysql error '.mysql_errno().'] ';
@@ -879,9 +884,9 @@ function str_translate_to_ascii7bits($str)
  */
 function get_themeconf($key)
 {
-  global $themeconf;
+  global $template;
 
-  return isset($themeconf[$key]) ? $themeconf[$key] : '';
+  return $template->get_themeconf($key);
 }
 
 /**
@@ -938,7 +943,7 @@ function get_available_upgrade_ids()
 function load_conf_from_db()
 {
   global $conf;
-  
+
   $query = '
 SELECT param,value
  FROM '.CONFIG_TABLE.'
@@ -953,7 +958,7 @@ SELECT param,value
   while ($row = mysql_fetch_array($result))
   {
     $conf[ $row['param'] ] = isset($row['value']) ? $row['value'] : '';
-    
+
     // If the field is true or false, the variable is transformed into a
     // boolean value.
     if ($conf[$row['param']] == 'true' or $conf[$row['param']] == 'false')
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index ba085127f..0a3991574 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -104,6 +104,54 @@ function setup_style($style)
   return new Template(PHPWG_ROOT_PATH.'template/'.$style);
 }
 
+
+function build_user( $user_id, $use_cache )
+{
+  global $conf;
+  $user['id'] = $user_id;
+  $user = array_merge( $user, getuserdata($user_id, $use_cache) );
+  if ( $user['id'] == $conf['guest_id'])
+  {
+    $user['is_the_guest']=true;
+    $user['template'] = $conf['default_template'];
+    $user['nb_image_line'] = $conf['nb_image_line'];
+    $user['nb_line_page'] = $conf['nb_line_page'];
+    $user['language'] = $conf['default_language'];
+    $user['maxwidth'] = $conf['default_maxwidth'];
+    $user['maxheight'] = $conf['default_maxheight'];
+    $user['recent_period'] = $conf['recent_period'];
+    $user['expand'] = $conf['auto_expand'];
+    $user['show_nb_comments'] = $conf['show_nb_comments'];
+    $user['enabled_high'] = $conf['newuser_default_enabled_high'];
+  }
+  else
+  {
+    $user['is_the_guest']=false;
+  }
+  // calculation of the number of picture to display per page
+  $user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page'];
+
+  // include template/theme configuration
+  if (defined('IN_ADMIN') and IN_ADMIN)
+  {
+    list($user['template'], $user['theme']) =
+      explode
+      (
+        '/',
+        isset($conf['default_admin_layout']) ? $conf['default_admin_layout']
+                                             : $user['template']
+      );
+    // TODO : replace $conf['admin_layout'] by $user['admin_layout']
+  }
+  else
+  {
+    list($user['template'], $user['theme']) = explode('/', $user['template']);
+  }
+
+  return $user;
+}
+
+
 /**
  * find informations related to the user identifier
  *
@@ -458,7 +506,7 @@ function create_user_infos($user_id)
   {
     $status = 'normal';
   }
-  
+
   $insert =
     array(
       'user_id' => $user_id,
@@ -556,13 +604,13 @@ function log_user($user_id, $remember_me)
   {
     // search for an existing auto_login_key
     $query = '
-SELECT auto_login_key 
+SELECT auto_login_key
   FROM '.USERS_TABLE.'
   WHERE '.$conf['user_fields']['id'].' = '.$user_id.'
 ;';
- 
+
     $auto_login_key = current(mysql_fetch_assoc(pwg_query($query)));
-    if (empty($auto_login_key)) 
+    if (empty($auto_login_key))
     {
       $auto_login_key = base64_encode(md5(uniqid(rand(), true)));
       $query = '
@@ -574,45 +622,58 @@ UPDATE '.USERS_TABLE.'
     }
     $cookie = array('id' => $user_id, 'key' => $auto_login_key);
     setcookie($conf['remember_me_name'],
-	      serialize($cookie), 
+	      serialize($cookie),
 	      time()+$conf['remember_me_length'],
 	      cookie_path()
 	      );
   }
-  session_start();
+  else
+  { // make sure we clean any remember me ...
+    setcookie($conf['remember_me_name'], '', 0, cookie_path());
+  }
+  if ( session_id()!="" )
+  { // this can happpen when the session is expired and auto_login
+    session_regenerate_id();
+  }
+  else
+  {
+    session_start();
+  }
   $_SESSION['pwg_uid'] = $user_id;
 
   $user['id'] = $_SESSION['pwg_uid'];
-  $user['is_the_guest'] = false;
 }
 
 /*
  * Performs auto-connexion when cookie remember_me exists
- * @return void
+ * @return true/false
 */
-function auto_login() { 
+function auto_login() {
   global $conf;
 
-  // must remove slash added in include/common.inc.php
-  $cookie = unserialize(stripslashes($_COOKIE[$conf['remember_me_name']]));
+  if ( isset( $_COOKIE[$conf['remember_me_name']] ) )
+  {
+    // must remove slash added in include/common.inc.php
+    $cookie = unserialize(stripslashes($_COOKIE[$conf['remember_me_name']]));
 
-  $query = '
+    $query = '
 SELECT auto_login_key
   FROM '.USERS_TABLE.'
   WHERE '.$conf['user_fields']['id'].' = '.$cookie['id'].'
 ;';
 
-  $auto_login_key = current(mysql_fetch_assoc(pwg_query($query)));
-  if ($auto_login_key == $cookie['key'])
-  {
-    log_user($cookie['id'], false);
-    redirect(make_index_url());
+    $auto_login_key = current(mysql_fetch_assoc(pwg_query($query)));
+    if ($auto_login_key == $cookie['key'])
+    {
+      log_user($cookie['id'], true);
+      return true;
+    }
+    else
+    {
+      setcookie($conf['remember_me_name'], '', 0, cookie_path());
+    }
   }
-  else
-  {
-    setcookie($conf['remember_me_name'], '', 0, cookie_path());
-    redirect(make_index_url());
-  } 
+  return false;
 }
 
 /*
diff --git a/include/template.php b/include/template.php
index d93700b7a..df9c9a013 100644
--- a/include/template.php
+++ b/include/template.php
@@ -59,13 +59,22 @@ class Template {
   // output
   var $output = '';
 
+  var $themeconf = array();
+
   /**
    * Constructor. Simply sets the root dir.
    *
    */
-  function Template($root = ".")
+  function Template($root = ".", $theme= "")
     {
-      $this->set_rootdir($root);
+      if ( $this->set_rootdir($root) )
+      {
+        if ( !empty( $theme ) )
+        {
+          include($root.'/theme/'.$theme.'/themeconf.inc.php');
+          $this->themeconf = $themeconf;
+        }
+      }
     }
 
   /**
@@ -311,14 +320,14 @@ class Template {
       {
         die("Template->loadfile(): File $filename for handle $handle is empty");
       }
-      
+
       $this->uncompiled_code[$handle] = $str;
-      
+
       return true;
     }
-  
-  
-  
+
+
+
   /**
    * Compiles the given string of code, and returns the result in a string.
    *
@@ -331,7 +340,7 @@ class Template {
       // PWG specific : communication between template and $lang
       $code = preg_replace('/\{lang:([^}]+)\}/e', "l10n('$1')", $code);
       // PWG specific : expand themeconf.inc.php variables
-      $code = preg_replace('/\{themeconf:([^}]+)\}/e', "get_themeconf('$1')", $code);
+      $code = preg_replace('/\{themeconf:([^}]+)\}/e', '$this->get_themeconf(\'$1\')', $code);
       $code = preg_replace('/\{pwg_root\}/e', "get_root_url()", $code);
 
       // replace \ with \\ and then ' with \'.
@@ -525,6 +534,10 @@ class Template {
       return $varref;
     }
 
+    function get_themeconf($key)
+    {
+      return isset($this->themeconf[$key]) ? $this->themeconf[$key] : '';
+    }
 }
 
 ?>
diff --git a/include/user.inc.php b/include/user.inc.php
index b2001fa23..b52ed2a07 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -2,7 +2,7 @@
 // +-----------------------------------------------------------------------+
 // | PhpWebGallery - a PHP based picture gallery                           |
 // | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
-// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
+// | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net |
 // +-----------------------------------------------------------------------+
 // | branch        : BSF (Best So Far)
 // | file          : $RCSfile$
@@ -25,53 +25,44 @@
 // | USA.                                                                  |
 // +-----------------------------------------------------------------------+
 
-if (isset($_COOKIE[session_name()])) 
+// by default we start with guest
+$user['id'] = $conf['guest_id'];
+
+if (isset($_COOKIE[session_name()]))
 {
   session_start();
   if (isset($_GET['act']) and $_GET['act'] == 'logout')
-  {
-    // logout
+  { // logout
     $_SESSION = array();
     session_unset();
     session_destroy();
     setcookie(session_name(),'',0,
-	      ini_get('session.cookie_path'), 
-	      ini_get('session.cookie_domain') 
-	      );
+        ini_get('session.cookie_path'),
+        ini_get('session.cookie_domain')
+      );
     setcookie($conf['remember_me_name'], '', 0, cookie_path());
     redirect(make_index_url());
-  } 
-  elseif (empty($_SESSION['pwg_uid'])) 
-  {
-    // timeout
+  }
+  elseif (empty($_SESSION['pwg_uid']))
+  { // timeout
     setcookie(session_name(),'',0,
-	      ini_get('session.cookie_path'), 
-	      ini_get('session.cookie_domain') 
-	      );
+        ini_get('session.cookie_path'),
+        ini_get('session.cookie_domain')
+      );
   }
   else
   {
     $user['id'] = $_SESSION['pwg_uid'];
-    $user['is_the_guest'] = false;
   }
 }
-elseif (!empty($_COOKIE[$conf['remember_me_name']]))
+
+
+// Now check the auto-login
+if ( $user['id']==$conf['guest_id'] )
 {
   auto_login();
-} 
-else
-{
-  $user['id'] = $conf['guest_id'];
-  $user['is_the_guest'] = true;
 }
 
-if ($user['is_the_guest'] and !$conf['guest_access'] 
-    and (basename($_SERVER['PHP_SELF'])!='identification.php')
-    and (basename($_SERVER['PHP_SELF'])!='password.php')
-    and (basename($_SERVER['PHP_SELF'])!='register.php'))
-{
-  redirect (get_root_url().'identification.php');
-}
 
 // using Apache authentication override the above user search
 if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER']))
@@ -81,33 +72,9 @@ if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER']))
     register_user($_SERVER['REMOTE_USER'], '', '');
     $user['id'] = get_userid($_SERVER['REMOTE_USER']);
   }
-  
-  $user['is_the_guest'] = false;
-}
-
-$user = array_merge(
-  $user,
-  getuserdata(
-    $user['id'],
-    ( defined('IN_ADMIN') and IN_ADMIN ) ? false : true // use cache ?
-    )
-  );
-
-// properties of user guest are found in the configuration
-if ($user['is_the_guest'])
-{
-  $user['template'] = $conf['default_template'];
-  $user['nb_image_line'] = $conf['nb_image_line'];
-  $user['nb_line_page'] = $conf['nb_line_page'];
-  $user['language'] = $conf['default_language'];
-  $user['maxwidth'] = $conf['default_maxwidth'];
-  $user['maxheight'] = $conf['default_maxheight'];
-  $user['recent_period'] = $conf['recent_period'];
-  $user['expand'] = $conf['auto_expand'];
-  $user['show_nb_comments'] = $conf['show_nb_comments'];
-  $user['enabled_high'] = $conf['newuser_default_enabled_high'];
 }
+$user = build_user( $user['id'],
+          ( defined('IN_ADMIN') and IN_ADMIN ) ? false : true // use cache ?
+         );
 
-// calculation of the number of picture to display per page
-$user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page'];
-?>
+?>
\ No newline at end of file
-- 
cgit v1.2.3