piwigo/include/user.inc.php

<?php
// +-----------------------------------------------------------------------+
// | PhpWebGallery - a PHP based picture gallery                           |
// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
// | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net |
// +-----------------------------------------------------------------------+
// | branch        : BSF (Best So Far)
// | file          : $RCSfile$
// | last update   : $Date$
// | last modifier : $Author$
// | revision      : $Revision$
// +-----------------------------------------------------------------------+
// | This program is free software; you can redistribute it and/or modify  |
// | it under the terms of the GNU General Public License as published by  |
// | the Free Software Foundation                                          |
// |                                                                       |
// | This program is distributed in the hope that it will be useful, but   |
// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
// | General Public License for more details.                              |
// |                                                                       |
// | You should have received a copy of the GNU General Public License     |
// | along with this program; if not, write to the Free Software           |
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
// | USA.                                                                  |
// +-----------------------------------------------------------------------+

// by default we start with guest
$user['id'] = $conf['guest_id'];

if (isset($_COOKIE[session_name()]))
{
  session_start();
  if (isset($_GET['act']) and $_GET['act'] == 'logout')
  { // logout
    $_SESSION = array();
    session_unset();
    session_destroy();
    setcookie(session_name(),'',0,
        ini_get('session.cookie_path'),
        ini_get('session.cookie_domain')
      );
    setcookie($conf['remember_me_name'], '', 0, cookie_path());
    redirect(make_index_url());
  }
  elseif (!empty($_SESSION['pwg_uid']))
  {
    $user['id'] = $_SESSION['pwg_uid'];
  }
}

// Now check the auto-login
if ( $user['id']==$conf['guest_id'] )
{
  auto_login();
}

if (session_id()=="")
{
  session_start();
}

// using Apache authentication override the above user search
if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER']))
{
  if (!($user['id'] = get_userid($_SERVER['REMOTE_USER'])))
  {
    register_user($_SERVER['REMOTE_USER'], '', '');
    $user['id'] = get_userid($_SERVER['REMOTE_USER']);
  }
}

$user = build_user( $user['id'],
          ( defined('IN_ADMIN') and IN_ADMIN ) ? false : true // use cache ?
         );

trigger_action('user_init', $user);
?>
Initial revision git-svn-id: http://piwigo.org/svn/trunk@2 68402e56-0260-453c-a942-63ccdbb3a9ee 2003-05-09 14:42:42 +02:00			`<?php`
header global refactoring git-svn-id: http://piwigo.org/svn/trunk@362 68402e56-0260-453c-a942-63ccdbb3a9ee 2004-02-12 00:20:38 +01:00			`// +-----------------------------------------------------------------------+`
update headers to comply with GPL git-svn-id: http://piwigo.org/svn/trunk@593 68402e56-0260-453c-a942-63ccdbb3a9ee 2004-11-06 22:12:59 +01:00			`// \| PhpWebGallery - a PHP based picture gallery \|`
			`// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|`
Feature Issue ID 0000601: Filter all public pages with only recent elements It's a finalized version. Obsolete code of draft are removed. You can filter categories and images with recent date period on your screen selection. In the future, filter could be easy done on other type data (plugin?) You can flat categories and sub-categories with a recent date period of your choice. Next, perhaps, a panel to choice recent date for the 2 features. On draft, there have problem with MySql 5, be careful! Css problem not resolved: - Menu "Categories" is bad centered - Icon on dark too on the top git-svn-id: http://piwigo.org/svn/trunk@1677 68402e56-0260-453c-a942-63ccdbb3a9ee 2006-12-21 22:38:20 +01:00			`// \| Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net \|`
header global refactoring git-svn-id: http://piwigo.org/svn/trunk@362 68402e56-0260-453c-a942-63ccdbb3a9ee 2004-02-12 00:20:38 +01:00			`// +-----------------------------------------------------------------------+`
update headers to comply with GPL git-svn-id: http://piwigo.org/svn/trunk@593 68402e56-0260-453c-a942-63ccdbb3a9ee 2004-11-06 22:12:59 +01:00			`// \| branch : BSF (Best So Far)`
header global refactoring git-svn-id: http://piwigo.org/svn/trunk@362 68402e56-0260-453c-a942-63ccdbb3a9ee 2004-02-12 00:20:38 +01:00			`// \| file : $RCSfile$`
			`// \| last update : $Date$`
			`// \| last modifier : $Author$`
			`// \| revision : $Revision$`
			`// +-----------------------------------------------------------------------+`
			`// \| This program is free software; you can redistribute it and/or modify \|`
			`// \| it under the terms of the GNU General Public License as published by \|`
			`// \| the Free Software Foundation \|`
			`// \| \|`
			`// \| This program is distributed in the hope that it will be useful, but \|`
			`// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|`
			`// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|`
			`// \| General Public License for more details. \|`
			`// \| \|`
			`// \| You should have received a copy of the GNU General Public License \|`
			`// \| along with this program; if not, write to the Free Software \|`
			`// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|`
			`// \| USA. \|`
			`// +-----------------------------------------------------------------------+`
Merge of the 1.3.1 release Creation of an unique include file (common.php) Creation of an unique define file (include/constants.php) Modification of the installation procedure git-svn-id: http://piwigo.org/svn/trunk@345 68402e56-0260-453c-a942-63ccdbb3a9ee 2004-02-02 01:55:18 +01:00
- put back config['session_length'] disappeared in r1493 but has always been used in the code (generates mysql errors on session garbage collector) - fix auto_login (die mysql when session timed out, but user has remember) - when a user reconnects from identification.php, the remember cookie was not deleted - fix all redirect warnings/errors (many changes - mainly in common.inc.php and user.inc.php) - reduced $conf['remember_me_length'] to 60 days, because now at each auto login the 60 days countdown restarts git-svn-id: http://piwigo.org/svn/trunk@1568 68402e56-0260-453c-a942-63ccdbb3a9ee 2006-10-20 04:17:53 +02:00			`// by default we start with guest`
			`$user['id'] = $conf['guest_id'];`

merge r1230 from branch-1_6 into trunk bugs 344 and 308: broken user id in $_SESSION due to php.ini register_globals git-svn-id: http://piwigo.org/svn/trunk@1231 68402e56-0260-453c-a942-63ccdbb3a9ee 2006-04-21 04:11:29 +02:00			`if (isset($_COOKIE[session_name()]))`
optional cookie identification git-svn-id: http://piwigo.org/svn/trunk@45 68402e56-0260-453c-a942-63ccdbb3a9ee 2003-07-27 10:24:10 +02:00			`{`
Fix bug 451: improvement small problem with reconnexion after session timeout add auto-login function all staff for session (connexion, auto-login and logout) is now in include/user.inc.php git-svn-id: http://piwigo.org/svn/trunk@1511 68402e56-0260-453c-a942-63ccdbb3a9ee 2006-07-28 11:34:27 +02:00			`session_start();`
			`if (isset($_GET['act']) and $_GET['act'] == 'logout')`
- put back config['session_length'] disappeared in r1493 but has always been used in the code (generates mysql errors on session garbage collector) - fix auto_login (die mysql when session timed out, but user has remember) - when a user reconnects from identification.php, the remember cookie was not deleted - fix all redirect warnings/errors (many changes - mainly in common.inc.php and user.inc.php) - reduced $conf['remember_me_length'] to 60 days, because now at each auto login the 60 days countdown restarts git-svn-id: http://piwigo.org/svn/trunk@1568 68402e56-0260-453c-a942-63ccdbb3a9ee 2006-10-20 04:17:53 +02:00			`{ // logout`
Fix bug 451: improvement small problem with reconnexion after session timeout add auto-login function all staff for session (connexion, auto-login and logout) is now in include/user.inc.php git-svn-id: http://piwigo.org/svn/trunk@1511 68402e56-0260-453c-a942-63ccdbb3a9ee 2006-07-28 11:34:27 +02:00			`$_SESSION = array();`
			`session_unset();`
			`session_destroy();`
			`setcookie(session_name(),'',0,`
- put back config['session_length'] disappeared in r1493 but has always been used in the code (generates mysql errors on session garbage collector) - fix auto_login (die mysql when session timed out, but user has remember) - when a user reconnects from identification.php, the remember cookie was not deleted - fix all redirect warnings/errors (many changes - mainly in common.inc.php and user.inc.php) - reduced $conf['remember_me_length'] to 60 days, because now at each auto login the 60 days countdown restarts git-svn-id: http://piwigo.org/svn/trunk@1568 68402e56-0260-453c-a942-63ccdbb3a9ee 2006-10-20 04:17:53 +02:00			`ini_get('session.cookie_path'),`
			`ini_get('session.cookie_domain')`
			`);`
Fix bug 451: improvement small problem with reconnexion after session timeout add auto-login function all staff for session (connexion, auto-login and logout) is now in include/user.inc.php git-svn-id: http://piwigo.org/svn/trunk@1511 68402e56-0260-453c-a942-63ccdbb3a9ee 2006-07-28 11:34:27 +02:00			`setcookie($conf['remember_me_name'], '', 0, cookie_path());`
			`redirect(make_index_url());`
- put back config['session_length'] disappeared in r1493 but has always been used in the code (generates mysql errors on session garbage collector) - fix auto_login (die mysql when session timed out, but user has remember) - when a user reconnects from identification.php, the remember cookie was not deleted - fix all redirect warnings/errors (many changes - mainly in common.inc.php and user.inc.php) - reduced $conf['remember_me_length'] to 60 days, because now at each auto login the 60 days countdown restarts git-svn-id: http://piwigo.org/svn/trunk@1568 68402e56-0260-453c-a942-63ccdbb3a9ee 2006-10-20 04:17:53 +02:00			`}`
- sessions are always started (even for visitors) - thumbnail order saved in the session instead of cookie git-svn-id: http://piwigo.org/svn/trunk@1623 68402e56-0260-453c-a942-63ccdbb3a9ee 2006-12-01 02:46:32 +01:00			`elseif (!empty($_SESSION['pwg_uid']))`
Fix bug 451: improvement small problem with reconnexion after session timeout add auto-login function all staff for session (connexion, auto-login and logout) is now in include/user.inc.php git-svn-id: http://piwigo.org/svn/trunk@1511 68402e56-0260-453c-a942-63ccdbb3a9ee 2006-07-28 11:34:27 +02:00			`{`
			`$user['id'] = $_SESSION['pwg_uid'];`
			`}`
merge r1230 from branch-1_6 into trunk bugs 344 and 308: broken user id in $_SESSION due to php.ini register_globals git-svn-id: http://piwigo.org/svn/trunk@1231 68402e56-0260-453c-a942-63ccdbb3a9ee 2006-04-21 04:11:29 +02:00			`}`
- put back config['session_length'] disappeared in r1493 but has always been used in the code (generates mysql errors on session garbage collector) - fix auto_login (die mysql when session timed out, but user has remember) - when a user reconnects from identification.php, the remember cookie was not deleted - fix all redirect warnings/errors (many changes - mainly in common.inc.php and user.inc.php) - reduced $conf['remember_me_length'] to 60 days, because now at each auto login the 60 days countdown restarts git-svn-id: http://piwigo.org/svn/trunk@1568 68402e56-0260-453c-a942-63ccdbb3a9ee 2006-10-20 04:17:53 +02:00
			`// Now check the auto-login`
			`if ( $user['id']==$conf['guest_id'] )`
Fix bug 451: improvement small problem with reconnexion after session timeout add auto-login function all staff for session (connexion, auto-login and logout) is now in include/user.inc.php git-svn-id: http://piwigo.org/svn/trunk@1511 68402e56-0260-453c-a942-63ccdbb3a9ee 2006-07-28 11:34:27 +02:00			`{`
			`auto_login();`
			`}`

- sessions are always started (even for visitors) - thumbnail order saved in the session instead of cookie git-svn-id: http://piwigo.org/svn/trunk@1623 68402e56-0260-453c-a942-63ccdbb3a9ee 2006-12-01 02:46:32 +01:00			`if (session_id()=="")`
			`{`
			`session_start();`
			`}`
Initial revision git-svn-id: http://piwigo.org/svn/trunk@2 68402e56-0260-453c-a942-63ccdbb3a9ee 2003-05-09 14:42:42 +02:00
- new feature : use Apache authentication. If $conf['apache_authentication'] is set true : if no user matches $_SERVER['REMOTE_USER'] in "users" table, PWG automatically creates one. This way, users can customize the behaviour of the application. - template : new organisation of identification menu (category.php). Simplification is required for Apache authentication (no logout link even if user is externally logged in) - new : usernames can contain quotes (required because Apache authentication authorized quotes in usernames) git-svn-id: http://piwigo.org/svn/trunk@804 68402e56-0260-453c-a942-63ccdbb3a9ee 2005-07-17 17:06:39 +02:00			`// using Apache authentication override the above user search`
			`if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER']))`
			`{`
- new : external authentication in another users table. Previous users table is divided between users (common properties with any web application) and user_infos (phpwebgallery specific informations). External table and fields can be configured. - modification : profile.php is not reachable through administration anymore (not useful). - modification : in profile.php, current password is mandatory only if user tries to change his password. Username can't be changed. - deletion : of obsolete functions get_user_restrictions, update_user_restrictions, get_user_all_restrictions, is_user_allowed, update_user - modification : $user['forbidden_categories'] equals at least "-1" so that category_id NOT IN ($user['forbidden_categories']) can always be used. - modification : user_forbidden table becomes user_cache so that not only restriction informations can be stored in this table. git-svn-id: http://piwigo.org/svn/trunk@808 68402e56-0260-453c-a942-63ccdbb3a9ee 2005-08-08 22:52:19 +02:00			`if (!($user['id'] = get_userid($_SERVER['REMOTE_USER'])))`
- new feature : use Apache authentication. If $conf['apache_authentication'] is set true : if no user matches $_SERVER['REMOTE_USER'] in "users" table, PWG automatically creates one. This way, users can customize the behaviour of the application. - template : new organisation of identification menu (category.php). Simplification is required for Apache authentication (no logout link even if user is externally logged in) - new : usernames can contain quotes (required because Apache authentication authorized quotes in usernames) git-svn-id: http://piwigo.org/svn/trunk@804 68402e56-0260-453c-a942-63ccdbb3a9ee 2005-07-17 17:06:39 +02:00			`{`
- new : external authentication in another users table. Previous users table is divided between users (common properties with any web application) and user_infos (phpwebgallery specific informations). External table and fields can be configured. - modification : profile.php is not reachable through administration anymore (not useful). - modification : in profile.php, current password is mandatory only if user tries to change his password. Username can't be changed. - deletion : of obsolete functions get_user_restrictions, update_user_restrictions, get_user_all_restrictions, is_user_allowed, update_user - modification : $user['forbidden_categories'] equals at least "-1" so that category_id NOT IN ($user['forbidden_categories']) can always be used. - modification : user_forbidden table becomes user_cache so that not only restriction informations can be stored in this table. git-svn-id: http://piwigo.org/svn/trunk@808 68402e56-0260-453c-a942-63ccdbb3a9ee 2005-08-08 22:52:19 +02:00			`register_user($_SERVER['REMOTE_USER'], '', '');`
			`$user['id'] = get_userid($_SERVER['REMOTE_USER']);`
- new feature : use Apache authentication. If $conf['apache_authentication'] is set true : if no user matches $_SERVER['REMOTE_USER'] in "users" table, PWG automatically creates one. This way, users can customize the behaviour of the application. - template : new organisation of identification menu (category.php). Simplification is required for Apache authentication (no logout link even if user is externally logged in) - new : usernames can contain quotes (required because Apache authentication authorized quotes in usernames) git-svn-id: http://piwigo.org/svn/trunk@804 68402e56-0260-453c-a942-63ccdbb3a9ee 2005-07-17 17:06:39 +02:00			`}`
- new feature : lock temporary your gallery for maintenance - $user keys for guest user are initialized with default values of $conf git-svn-id: http://piwigo.org/svn/trunk@653 68402e56-0260-453c-a942-63ccdbb3a9ee 2004-12-21 00:54:59 +01:00			`}`
Feature Issue ID 0000601: Filter all public pages with only recent elements Last draft before final development. There a icon for global mode and one other for local mode. Counters are not good, filter on images are not everywhere applied, moment to update cache are not optimized, ... Go to http://forum.phpwebgallery.net/viewtopic.php?id=9490 git-svn-id: http://piwigo.org/svn/trunk@1651 68402e56-0260-453c-a942-63ccdbb3a9ee 2006-12-13 01:05:16 +01:00
- put back config['session_length'] disappeared in r1493 but has always been used in the code (generates mysql errors on session garbage collector) - fix auto_login (die mysql when session timed out, but user has remember) - when a user reconnects from identification.php, the remember cookie was not deleted - fix all redirect warnings/errors (many changes - mainly in common.inc.php and user.inc.php) - reduced $conf['remember_me_length'] to 60 days, because now at each auto login the 60 days countdown restarts git-svn-id: http://piwigo.org/svn/trunk@1568 68402e56-0260-453c-a942-63ccdbb3a9ee 2006-10-20 04:17:53 +02:00			`$user = build_user( $user['id'],`
Feature Issue ID 0000601: Filter all public pages with only recent elements It's a finalized version. Obsolete code of draft are removed. You can filter categories and images with recent date period on your screen selection. In the future, filter could be easy done on other type data (plugin?) You can flat categories and sub-categories with a recent date period of your choice. Next, perhaps, a panel to choice recent date for the 2 features. On draft, there have problem with MySql 5, be careful! Css problem not resolved: - Menu "Categories" is bad centered - Icon on dark too on the top git-svn-id: http://piwigo.org/svn/trunk@1677 68402e56-0260-453c-a942-63ccdbb3a9ee 2006-12-21 22:38:20 +01:00			`( defined('IN_ADMIN') and IN_ADMIN ) ? false : true // use cache ?`
- put back config['session_length'] disappeared in r1493 but has always been used in the code (generates mysql errors on session garbage collector) - fix auto_login (die mysql when session timed out, but user has remember) - when a user reconnects from identification.php, the remember cookie was not deleted - fix all redirect warnings/errors (many changes - mainly in common.inc.php and user.inc.php) - reduced $conf['remember_me_length'] to 60 days, because now at each auto login the 60 days countdown restarts git-svn-id: http://piwigo.org/svn/trunk@1568 68402e56-0260-453c-a942-63ccdbb3a9ee 2006-10-20 04:17:53 +02:00			`);`
- new feature : lock temporary your gallery for maintenance - $user keys for guest user are initialized with default values of $conf git-svn-id: http://piwigo.org/svn/trunk@653 68402e56-0260-453c-a942-63ccdbb3a9ee 2004-12-21 00:54:59 +01:00
- plugins: added new action user_init - put in a new admin_multi_view:allows admins to change on the fly language/theme and view gallery as guest (useful for developers and just to show a 'new' way of using plugins) - removed some warnings from history.php and increased table width to 99% - remove unused admin language strings git-svn-id: http://piwigo.org/svn/trunk@1821 68402e56-0260-453c-a942-63ccdbb3a9ee 2007-02-15 04:03:16 +01:00			`trigger_action('user_init', $user);`
- put back config['session_length'] disappeared in r1493 but has always been used in the code (generates mysql errors on session garbage collector) - fix auto_login (die mysql when session timed out, but user has remember) - when a user reconnects from identification.php, the remember cookie was not deleted - fix all redirect warnings/errors (many changes - mainly in common.inc.php and user.inc.php) - reduced $conf['remember_me_length'] to 60 days, because now at each auto login the 60 days countdown restarts git-svn-id: http://piwigo.org/svn/trunk@1568 68402e56-0260-453c-a942-63ccdbb3a9ee 2006-10-20 04:17:53 +02:00			`?>`