- checkbox for "remember me" are only shown if authorized

- simplification : each session is created with a cookie and if
  PhpWebGallery can't read the cookie, it uses the URI id and it will be
  used in the add_session_id function.

- configuration parameter "auth_method" disappeared (didn't lived much...)

- only one session id size possible. More comments for configuration in
  include/config.inc.php


git-svn-id: http://piwigo.org/svn/trunk@555 68402e56-0260-453c-a942-63ccdbb3a9ee

admin/configuration.php

@@ -154,8 +154,6 @@ $template->assign_vars(
     'L_NO'=>$lang['no'],
     'L_SUBMIT'=>$lang['submit'],
     'L_RESET'=>$lang['reset'],
-    'L_URI'=>$lang['URI'],
-    'L_COOKIE'=>$lang['cookie'],
     
     'F_ACTION'=>add_session_id($action)
     ));
@@ -304,9 +302,6 @@ switch ($page['section'])
   }
   case 'session' :
   {
-    $auth_method_URI = ($conf['auth_method']=='URI')?'checked="checked"':'';
-    $auth_method_cookie =
-      ($conf['auth_method']=='cookie')?'checked="checked"':'';
     $authorize_remembering_yes =
       ($conf['authorize_remembering']=='true')?'checked="checked"':'';
     $authorize_remembering_no =
@@ -316,14 +311,10 @@ switch ($page['section'])
       'session',
       array(
         'L_CONF_TITLE'=>$lang['conf_session_title'],
-        'L_CONF_AUTH_METHOD'=>$lang['conf_auth_method'],
-        'L_CONF_AUTH_METHOD_INFO'=>$lang['conf_auth_method_info'],
         'L_CONF_AUTHORIZE_REMEMBERING'=>$lang['conf_authorize_remembering'],
         'L_CONF_AUTHORIZE_REMEMBERING_INFO' =>
         $lang['conf_authorize_remembering_info'],
 
-        'AUTH_METHOD_URI'=>$auth_method_URI,
-        'AUTH_METHOD_COOKIE'=>$auth_method_cookie,
         'AUTHORIZE_REMEMBERING_YES'=>$authorize_remembering_yes,
         'AUTHORIZE_REMEMBERING_NO'=>$authorize_remembering_no
         ));

category.php

@@ -239,6 +239,10 @@ if ( !$user['is_the_guest'] )
 else
 {
   $template->assign_block_vars('login',array());
+  if ($conf['authorize_remembering'])
+  {
+    $template->assign_block_vars('login.remember_me',array());
+  }
 }
 
 // search link

identification.php

@@ -42,29 +42,15 @@ SELECT id, password
   $row = mysql_fetch_array(mysql_query($query));
   if ($row['password'] == md5($_POST['password']))
   {
-    if ($conf['auth_method'] == 'cookie'
-        or isset($_POST['remember_me']) and $_POST['remember_me'] == 1)
+    $session_length = $conf['session_length'];
+    if ($conf['authorize_remembering']
+        and isset($_POST['remember_me'])
+        and $_POST['remember_me'] == 1)
     {
-      if ($conf['auth_method'] == 'cookie')
-      {
-        $cookie_length = $conf['session_length'];
-      }
-      else if ($_POST['remember_me'] == 1)
-      {
-        $cookie_length = $conf['remember_me_length'];
-      }
-      session_create($row['id'],
-                     'cookie',
-                     $cookie_length);
-      redirect('category.php');
-    }
-    else if ($conf['auth_method'] == 'URI')
-    {
-      $session_id = session_create($row['id'],
-                                   'URI',
-                                   $conf['session_length']);
-      redirect('category.php?id='.$session_id);
+      $session_length = $conf['remember_me_length'];
     }
+    $session_id = session_create($row['id'], $session_length);
+    redirect('category.php?id='.$session_id);
   }
   else
   {
@@ -97,6 +83,11 @@ $template->assign_vars(
     
     'F_LOGIN_ACTION' => add_session_id('identification.php')
     ));
+
+if ($conf['authorize_remembering'])
+{
+  $template->assign_block_vars('remember_me',array());
+}
 //-------------------------------------------------------------- errors display
 if ( sizeof( $errors ) != 0 )
 {

include/config.inc.php

@@ -96,9 +96,11 @@ $conf['remember_me_length'] = 31536000;
 // time of validity for normal session, in seconds.
 $conf['session_length'] = 3600;
 
-// session id length when session id in URI
-$conf['session_id_size_URI'] = 4;
-
-// session id length when session id in cookie
-$conf['session_id_size_cookie'] = 50;
+// session id size. A session identifier is compound of alphanumeric
+// characters and is case sensitive. Each character is among 62
+// possibilities. The number of possible sessions is
+// 62^$conf['session_id_size'].
+// 62^5  =             916,132,832
+// 62^10 = 839,299,365,868,340,224
+$conf['session_id_size'] = 10;
 ?>

include/functions_session.inc.php

@@ -62,11 +62,10 @@ function generate_key($size)
  * - return session identifier
  *
  * @param int userid
- * @param string method : cookie or URI
  * @param int session_lentgh : in seconds
  * @return string
  */
-function session_create($userid, $method, $session_length)
+function session_create($userid, $session_length)
 {
   global $conf;
 
@@ -74,7 +73,7 @@ function session_create($userid, $method, $session_length)
   $id_found = false;
   while (!$id_found)
   {
-    $generated_id = generate_key($conf['session_id_size_'.$method]);
+    $generated_id = generate_key($conf['session_id_size']);
     $query = '
 SELECT id
   FROM '.SESSIONS_TABLE.'
@@ -97,10 +96,7 @@ INSERT INTO '.SESSIONS_TABLE.'
 ;';
   mysql_query($query);
 
-  if ($method == 'cookie')
-  {
-    setcookie('id', $generated_id, $session_length+time(), cookie_path());
-  }
+  setcookie('id', $generated_id, $expiration, cookie_path());
                 
   return $generated_id;
 }

include/user.inc.php

@@ -39,25 +39,15 @@ $query_user = 'SELECT * FROM '.USERS_TABLE;
 $query_done = false;
 $user['is_the_guest'] = false;
 
-// cookie deletion if administrator don't authorize them anymore
-if (!$conf['authorize_remembering'] and isset($_COOKIE['id']))
-{
-  setcookie('id', '', 0, cookie_path());
-  $url = 'category.php';
-  redirect($url);
-}
-
-if (isset($_GET['id']))
-{
-  $session_id = $_GET['id'];
-  $user['has_cookie'] = false;
-  $session_id_size = $conf['session_id_size_URI'];
-}
-elseif (isset($_COOKIE['id']))
+if (isset($_COOKIE['id']))
 {
   $session_id = $_COOKIE['id'];
   $user['has_cookie'] = true;
-  $session_id_size = $conf['session_id_size_cookie'];
+}
+else if (isset($_GET['id']))
+{
+  $session_id = $_GET['id'];
+  $user['has_cookie'] = false;
 }
 else
 {
@@ -65,7 +55,7 @@ else
 }
 
 if (isset($session_id)
-     and ereg("^[0-9a-zA-Z]{".$session_id_size."}$", $session_id))
+    and ereg("^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id))
 {
   $page['session_id'] = $session_id;
   $query = '

install/config.sql

@@ -26,5 +26,4 @@ INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('use_iptc','false
 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('use_exif','true','Use EXIF data during database synchronization with files metadata');
 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('show_iptc','false','Show IPTC metadata on picture.php if asked by user');
 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('show_exif','true','Show EXIF metadata on picture.php if asked by user');
-INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('auth_method','URI','Default method used to authenticate users : URI or cookie');
 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('authorize_remembering','true','Authorize users to be remembered, see $conf{remember_me_length}');

language/en_UK.iso-8859-1/admin.lang.php

@@ -174,10 +174,6 @@ $lang['conf_upload_maxheight_thumbnail_error'] = 'Maximum height authorized for
 
 // Configuration -> session
 $lang['conf_session_title'] = 'Sessions';
-$lang['conf_auth_method'] = 'Authentication method';
-$lang['conf_auth_method_info'] = 'The default authentication method can be URI (session identifier in the gallery links) or cookie (no session identifier in links but needs cookies to be authorized by web browser)';
-$lang['URI'] = 'URI';
-$lang['cookie'] = 'cookie';
 $lang['conf_authorize_remembering'] = 'Authorize remembering';
 $lang['conf_authorize_remembering_info'] = 'Permits user to log for a long time. It creates a cookie on client side, with duration set in include/config.inc.php (1 year per default)';
 

template/default/admin/configuration.tpl

@@ -147,11 +147,6 @@
   </tr>
   <tr>
     <td colspan="2">&nbsp;</td>
-  </tr>
-    <tr>
-    <td width="70%"><strong>{session.L_CONF_AUTH_METHOD}&nbsp;:</strong><br /><span class="small">{session.L_CONF_AUTH_METHOD_INFO}</span></td>
-	<td class="row1"><input type="radio" class="radio" name="auth_method" value="URI" {session.AUTH_METHOD_URI} />{L_URI}&nbsp;&nbsp;
-	<input type="radio" class="radio" name="auth_method" value="cookie" {session.AUTH_METHOD_COOKIE} />{L_COOKIE}</td>
   </tr>
     <tr>
     <td width="70%"><strong>{session.L_CONF_AUTHORIZE_REMEMBERING}&nbsp;:</strong><br /><span class="small">{session.L_CONF_AUTHORIZE_REMEMBERING_INFO}</span></td>

template/default/category.tpl

@@ -40,7 +40,9 @@
 		<input type="text" name="username" size="15" value="" /><br />
 		{L_PASSWORD}<br />
 		<input type="password" name="password" size="15"><br />
+                <!-- BEGIN remember_me -->
                 <input type="checkbox" name="remember_me" value="1" /> {L_REMEMBER_ME}<br />
+                <!-- END remember_me -->
 		<input type="submit" name="login" value="{L_SUBMIT}" class="bouton" />
 		</form>
 		<!-- END login -->

template/default/identification.tpl

@@ -30,12 +30,14 @@
 	  <input class="login" type="password" name="password" size="25" maxlength="25" />
 	</td>
   </tr>
+  <!-- BEGIN remember_me -->
   <tr>
         <td align="right"><span class="gentbl">{L_REMEMBER_ME}:</span></td>
         <td>
           <input type="checkbox" name="remember_me" value="1" />
         </td>
   </tr>
+  <!-- END remember_me -->
   <tr align="center"> 
 	<td colspan="2"><input type="submit" name="login" value="{L_LOGIN}" class="bouton" /></td>
   </tr>