optional cookie identification

git-svn-id: http://piwigo.org/svn/trunk@45 68402e56-0260-453c-a942-63ccdbb3a9ee
2003-07-27 08:24:10 +00:00 · 2003-07-27 08:24:10 +00:00 · 45a8139acd
commit 45a8139acd
parent 4e775187b8
9 changed files with 170 additions and 44 deletions
--- a/include/config.inc.php
+++ b/include/config.inc.php
@ -62,7 +62,7 @@ $infos = array( 'prefix_thumbnail', 'webmaster', 'mail_webmaster', 'access',
                'upload_available', 'upload_maxfilesize', 'upload_maxwidth',
                'upload_maxheight', 'upload_maxwidth_thumbnail',
                'upload_maxheight_thumbnail','log','comments_validation',
-                'comments_forall' );
+                'comments_forall','authorize_cookies' );

 $query  = 'SELECT ';
 foreach ( $infos as $i => $info ) {
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@ -14,17 +14,22 @@
 *   the Free Software Foundation;                                         *
 *                                                                         *
 ***************************************************************************/
+
+// The function generate_key creates a string with pseudo random characters.
+// the size of the string depends on the $conf['session_id_size'].
+// Characters used are a-z A-Z and numerical values. Examples :
+//                    "Er4Tgh6", "Rrp08P", "54gj"
+// input  : none (using global variable)
+// output : $key
 function generate_key()
 {
  global $conf;
+
  $md5 = md5( substr( microtime(), 2, 6 ).$conf['session_keyword'] );
  $init = '';
  for ( $i = 0; $i < strlen( $md5 ); $i++ )
  {
-    if ( is_numeric( $md5[$i] ) )
-    {
-      $init.= $md5[$i];
-    }
+    if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i];
  }
  $init = substr( $init, 0, 8 );
  mt_srand( $init );
@ -32,26 +37,19 @@ function generate_key()
  for ( $i = 0; $i < $conf['session_id_size']; $i++ )
  {
    $c = mt_rand( 0, 2 );
-    if ( $c == 0 )
-    {
-      $key .= chr( mt_rand( 65, 90 ) );
-    }
-    else if ( $c == 1 )
-    {
-      $key .= chr( mt_rand( 97, 122 ) );
-    }
-    else
-    {
-      $key .= mt_rand( 0, 9 );
-    }
+    if ( $c == 0 )      $key .= chr( mt_rand( 65, 90 ) );
+    else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) );
+    else                $key .= mt_rand( 0, 9 );
  }
  return $key;
 }
-        
+
+// The function create_session finds a non-already-used session key and
+// returns it once found for the given user.
 function session_create( $username )
 {
  global $conf;
-  // 1. searching an unused sesison key
+  // 1. searching an unused session key
  $id_found = false;
  while ( !$id_found )
  {
@ -89,6 +87,9 @@ function session_create( $username )
 function add_session_id( $url, $redirect = false )
 {
  global $page, $user;
+
+  if ( $user['has_cookie'] ) return $url;
+
  $amp = '&amp;';
  if ( $redirect )
  {
@ -110,4 +111,13 @@ function add_session_id( $url, $redirect = false )
    return $url;
  }
 }
+
+// cookie_path returns the path to use for the PhpWebGallery cookie.
+// If PhpWebGallery is installed on :
+// http://domain.org/meeting/gallery/category.php
+// cookie_path will return : "/meeting/gallery"
+function cookie_path()
+{
+  return substr($_SERVER['PHP_SELF'],0,strrpos( $_SERVER['PHP_SELF'],'/'));
+}
 ?>
--- a/include/user.inc.php
+++ b/include/user.inc.php
@ -32,35 +32,60 @@ foreach ( $infos as $i => $info ) {
 $query_user.= ' FROM '.PREFIX_TABLE.'users';
 $query_done = false;
 $user['is_the_guest'] = false;
-if ( isset( $_GET['id'] )
-     && ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $_GET['id'] ) )
+
+// cookie deletion if administrator don't authorize them anymore
+if ( !$conf['authorize_cookies'] and isset( $_COOKIE['id'] ) )
 {
-  $page['session_id'] = $_GET['id'];
+  setcookie( 'id', '', 0, cookie_path() );
+  $url = 'category.php';
+  header( 'Request-URI: '.$url );  
+  header( 'Content-Location: '.$url );  
+  header( 'Location: '.$url );
+  exit();
+}
+
+$user['has_cookie'] = false;
+if     ( isset( $_GET['id']    ) ) $session_id = $_GET['id'];
+elseif ( isset( $_COOKIE['id'] ) )
+{
+  $session_id = $_COOKIE['id'];
+  $user['has_cookie'] = true;
+}
+
+if ( isset( $session_id )
+     and ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id ) )
+{
+  $page['session_id'] = $session_id;
  $query = 'SELECT user_id,expiration,ip';
  $query.= ' FROM '.PREFIX_TABLE.'sessions';
-  $query.= " WHERE id = '".$_GET['id']."'";
+  $query.= " WHERE id = '".$page['session_id']."'";
  $query.= ';';
  $result = mysql_query( $query );
  if ( mysql_num_rows( $result ) > 0 )
  {
    $row = mysql_fetch_array( $result );
-    if ( $row['expiration'] < time() )
-    {
-      // deletion of the session from the database,
-      // because it is out-of-date
-      $delete_query = 'DELETE FROM '.PREFIX_TABLE.'sessions';
-      $delete_query.= " WHERE id = '".$page['session_id']."'";
-      $delete_query.= ';';
-      mysql_query( $delete_query );
-    }
-    else
+    if ( !$user['has_cookie'] )
    {
+      if ( $row['expiration'] < time() )
+      {
+        // deletion of the session from the database,
+        // because it is out-of-date
+        $delete_query = 'DELETE FROM '.PREFIX_TABLE.'sessions';
+        $delete_query.= " WHERE id = '".$page['session_id']."'";
+        $delete_query.= ';';
+        mysql_query( $delete_query );
+      }
      if ( $_SERVER['REMOTE_ADDR'] == $row['ip'] )
      {
        $query_user .= ' WHERE id = '.$row['user_id'];
        $query_done = true;
      }
    }
+    else
+    {
+      $query_user .= ' WHERE id = '.$row['user_id'];
+      $query_done = true;
+    }
  }
 }
 if ( !$query_done )