- new feature : use Apache authentication. If $conf['apache_authentication']

is set true : if no user matches $_SERVER['REMOTE_USER'] in "users" table,
  PWG automatically creates one. This way, users can customize the behaviour
  of the application.

- template : new organisation of identification menu
  (category.php). Simplification is required for Apache authentication (no
  logout link even if user is externally logged in)

- new : usernames can contain quotes (required because Apache authentication
  authorized quotes in usernames)


git-svn-id: http://piwigo.org/svn/trunk@804 68402e56-0260-453c-a942-63ccdbb3a9ee

category.php

@@ -254,21 +254,32 @@ $template->assign_block_vars(
     ));
 //--------------------------------------------------------------------- summary
 
-if ( !$user['is_the_guest'] )
+if ($user['is_the_guest'])
 {
-  $template->assign_block_vars('logout',array());
+  $template->assign_block_vars('register', array());
-  // administration link
+  $template->assign_block_vars('login', array());
-  if ( $user['status'] == 'admin' )
+  
+  $template->assign_block_vars('quickconnect', array());
+  if ($conf['authorize_remembering'])
   {
-    $template->assign_block_vars('logout.admin', array());
+    $template->assign_block_vars('quickconnect.remember_me', array());
   }
 }
 else
 {
-  $template->assign_block_vars('login',array());
+  $template->assign_block_vars('hello', array());
-  if ($conf['authorize_remembering'])
+  $template->assign_block_vars('profile', array());
+
+  // the logout link has no meaning with Apache authentication : it is not
+  // possible to logout with this kind of authentication.
+  if (!$conf['apache_authentication'])
   {
-    $template->assign_block_vars('login.remember_me',array());
+    $template->assign_block_vars('logout', array());
+  }
+
+  if ('admin' == $user['status'])
+  {
+    $template->assign_block_vars('admin', array());
   }
 }
 

doc/ChangeLog

@@ -1,3 +1,19 @@
+2005-07-17 Pierrick LE GALL
+
+	* new feature : use Apache authentication. If
+	$conf['apache_authentication'] is set true : if no user matches
+	$_SERVER['REMOTE_USER'] in "users" table, PWG automatically
+	creates one. This way, users can customize the behaviour of the
+	application.
+
+	* template : new organisation of identification menu
+	(category.php). Simplification is required for Apache
+	authentication (no logout link even if user is externally logged
+	in)
+
+	* new : usernames can contain quotes (required because Apache
+	authentication authorized quotes in usernames)
+
 2005-07-17 Pierrick LE GALL
 
 	* new configuration parameter : hide thumbnail captions on main

include/config_default.inc.php

@@ -223,4 +223,8 @@ $conf['show_thumbnail_caption'] = true;
 // show_picture_name_on_title : on picture presentation page, show picture
 // name ?
 $conf['show_picture_name_on_title'] = true;
+
+// apache_authentication : use Apache authentication as reference instead of
+// users table ?
+$conf['apache_authentication'] = false;
 ?>

include/functions_session.inc.php

@@ -107,9 +107,9 @@ INSERT INTO '.SESSIONS_TABLE.'
 // parameter $redirect is set to true, '&' is used instead of '&'.
 function add_session_id( $url, $redirect = false )
 {
-  global $page, $user;
+  global $page, $user, $conf;
 
-  if ( $user['has_cookie'] ) return $url;
+  if ( $user['has_cookie'] or $conf['apache_authentication']) return $url;
 
   $amp = '&';
   if ( $redirect )

include/functions_user.inc.php

@@ -54,7 +54,6 @@ function register_user($login, $password, $password_conf,
   // login must not
   //      1. be empty
   //      2. start ou end with space character
-  //      3. include ' or " characters
   //      4. be already used
   if ($login == '')
   {
@@ -69,23 +68,17 @@ function register_user($login, $password, $password_conf,
     array_push($errors, $lang['reg_err_login3']);
   }
 
-  if (ereg("'", $login) or ereg("\"", $login))
-  {
-    array_push($errors, $lang['reg_err_login4']);
-  }
-  else
-  {
   $query = '
 SELECT id
   FROM '.USERS_TABLE.'
-  WHERE username = \''.$login.'\'
+  WHERE username = \''.mysql_escape_string($login).'\'
 ;';
   $result = pwg_query($query);
   if (mysql_num_rows($result) > 0)
   {
     array_push($errors, $lang['reg_err_login5']);
   }
-  }
+
   // given password must be the same as the confirmation
   if ($password != $password_conf)
   {
@@ -102,7 +95,7 @@ SELECT id
   if (count($errors) == 0)
   {
     $insert = array();
-    $insert['username'] = $login;
+    $insert['username'] = mysql_escape_string($login);
     $insert['password'] = md5($password);
     $insert['status'] = $status;
     $insert['template'] = $conf['default_template'];

include/user.inc.php

@@ -91,6 +91,35 @@ if (!isset($user['id']))
   $user['is_the_guest'] = true;
 }
 
+// using Apache authentication override the above user search
+if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER']))
+{
+  $query = '
+SELECT id
+  FROM '.USERS_TABLE.'
+  WHERE username = \''.mysql_escape_string($_SERVER['REMOTE_USER']).'\'
+;';
+  $result = pwg_query($query);
+
+  if (mysql_num_rows($result) == 0)
+  {
+    register_user($_SERVER['REMOTE_USER'], '', '', '');
+
+    $query = '
+SELECT id
+  FROM '.USERS_TABLE.'
+  WHERE username = \''.mysql_escape_string($_SERVER['REMOTE_USER']).'\'
+;';
+    list($user['id']) = mysql_fetch_row(pwg_query($query));
+  }
+  else
+  {
+    list($user['id']) = mysql_fetch_row($result);
+  }
+
+  $user['is_the_guest'] = false;
+}
+
 $query = '
 SELECT u.*, uf.*
   FROM '.USERS_TABLE.' AS u LEFT JOIN '.USER_FORBIDDEN_TABLE.' AS uf

template/default/category.tpl

@@ -41,11 +41,34 @@
 		</div>
 		<div class="titreMenu">{L_IDENTIFY}</div>
 		 <div class="menu">
-		 <!-- BEGIN login -->
+                 <!-- BEGIN hello -->
+                 <p>{L_HELLO}&nbsp;{USERNAME}&nbsp;!</p>
+                 <!-- END hello -->
 		<ul class="menu">
+
+                  <!-- BEGIN register -->
 		  <li><a href="{U_REGISTER}">{L_REGISTER}</a></li>
+                  <!-- END register -->
+
+		  <!-- BEGIN login -->
 		  <li><a href="{F_IDENTIFY}">{L_LOGIN}</a></li>
+                  <!-- END login -->
+
+                  <!-- BEGIN logout -->
+                  <li><a href="{U_LOGOUT}">{L_LOGOUT}</a></li>
+                  <!-- END logout -->
+                  
+                  <!-- BEGIN profile -->
+                  <li><a href="{U_PROFILE}" title="{L_PROFILE_HINT}">{L_PROFILE}</a></li>
+                  <!-- END profile -->
+
+                  <!-- BEGIN admin -->
+                  <li><a href="{U_ADMIN}" title="{L_ADMIN_HINT}">{L_ADMIN}</a></li>
+                  <!-- END admin -->
+
                 </ul>
+
+                <!-- BEGIN quickconnect -->
                 <hr />
                 <form method="post" action="{F_IDENTIFY}">
 	          <input type="hidden" name="redirect" value="{U_REDIRECT}">
@@ -58,17 +81,8 @@
                   <!-- END remember_me -->
 		  <input type="submit" name="login" value="{L_SUBMIT}" class="bouton" />
 		</form>
-		<!-- END login -->
+		<!-- END quickconnect -->
-		<!-- BEGIN logout -->
+
-		<p>{L_HELLO}&nbsp;{USERNAME}&nbsp;!</p>
-		<ul class="menu">
-		  <li><a href="{U_LOGOUT}">{L_LOGOUT}</a></li>
-		  <li><a href="{U_PROFILE}" title="{L_PROFILE_HINT}">{L_PROFILE}</a></li>
-		<!-- BEGIN admin -->
-	      <li><a href="{U_ADMIN}" title="{L_ADMIN_HINT}">{L_ADMIN}</a></li>
-		<!-- END admin -->
-		</ul>
-		<!-- END logout -->
 		</div>
       </div>
 	</td>