archive/piwigo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

- put back config['session_length'] disappeared in r1493 but has always been

Browse source 
used in the code (generates mysql errors on session garbage collector)
- fix auto_login (die mysql when session timed out, but user has remember)
- when a user reconnects from identification.php, the remember cookie was not
deleted
- fix all redirect warnings/errors (many changes - mainly in common.inc.php
and user.inc.php)
- reduced $conf['remember_me_length'] to 60 days, because now at each auto 
login the 60 days countdown restarts

git-svn-id: http://piwigo.org/svn/trunk@1568 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
rvelices 2006-10-20 02:17:53 +00:00
commit eaacbc7b2d
7 changed files with 183 additions and 163 deletions
Download patch file Download diff file Expand all files Collapse all files

5
identification.php
View file

@ -72,10 +72,7 @@ SELECT '.$conf['user_fields']['id'].' AS id,
array_push( $errors, $lang['invalid_pwd'] );
}
}
elseif (!empty($_COOKIE[$conf['remember_me_name']]))
{
auto_login();
}
//----------------------------------------------------- template initialization
//
// Start output of page

125
include/common.inc.php
View file

@ -132,6 +132,61 @@ or die ( "Could not connect to database server" );
mysql_select_db( $cfgBase )
or die ( "Could not connect to database" );
//
// Setup gallery wide options, if this fails then we output a CRITICAL_ERROR
// since basic gallery information is not available
//
load_conf_from_db();
include(PHPWG_ROOT_PATH.'include/user.inc.php');
// language files
include_once(get_language_filepath('common.lang.php'));
if (defined('IN_ADMIN') and IN_ADMIN)
{
include_once(get_language_filepath('admin.lang.php'));
}
// only now we can set the localized username of the guest user (and not in
// include/user.inc.php)
if ($user['is_the_guest'])
{
$user['username'] = $lang['guest'];
}
// template instance
$template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template'], $user['theme'] );
if ($conf['gallery_locked'])
{
$header_msgs[] = $lang['gallery_locked_message'];
if ( basename($_SERVER["SCRIPT_FILENAME"]) != 'identification.php'
and !is_admin() )
{
//next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG
$page['root_path'] = cookie_path();
echo $lang['gallery_locked_message']
.'<a href="'.get_root_url().'identification.php">.</a>';
exit();
}
}
if ($user['is_the_guest'] and !$conf['guest_access']
and !in_array( basename($_SERVER['SCRIPT_FILENAME']),
array('identification.php',
'password.php',
'register.php'
)
)
)
{
//next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG
$page['root_path'] = cookie_path();
redirect (get_root_url().'identification.php');
}
if ($conf['check_upgrade_feed']
and defined('PHPWG_IN_UPGRADE')
and PHPWG_IN_UPGRADE)
@ -149,80 +204,18 @@ SELECT id
// which upgrades need to be applied?
if (count(array_diff($existing, $applied)) > 0)
{
//next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG
$page['root_path'] = cookie_path();
$header_msgs[] = 'Some database upgrades are missing, '
.'<a href="'.PHPWG_ROOT_PATH.'upgrade_feed.php">upgrade now</a>';
.'<a href="'.get_root_url().'upgrade_feed.php">upgrade now</a>';
}
}
//
// Setup gallery wide options, if this fails then we output a CRITICAL_ERROR
// since basic gallery information is not available
//
load_conf_from_db();
include(PHPWG_ROOT_PATH.'include/user.inc.php');
// language files
include_once(get_language_filepath('common.lang.php'));
if (defined('IN_ADMIN') and IN_ADMIN)
{
include_once(get_language_filepath('admin.lang.php'));
}
if ($conf['gallery_locked'])
{
$header_msgs[] = $lang['gallery_locked_message']
. '<a href="'.PHPWG_ROOT_PATH.'identification.php">.</a>';
if ( basename($_SERVER["PHP_SELF"]) != 'identification.php'
and !is_admin() )
{
echo( $lang['gallery_locked_message'] );
exit();
}
}
// only now we can set the localized username of the guest user (and not in
// include/user.inc.php)
if ($user['is_the_guest'])
{
$user['username'] = $lang['guest'];
}
// include template/theme configuration
if (defined('IN_ADMIN') and IN_ADMIN)
{
list($user['template'], $user['theme']) =
explode
(
'/',
isset($conf['default_admin_layout']) ? $conf['default_admin_layout']
: $user['template']
);
// TODO : replace $conf['admin_layout'] by $user['admin_layout']
}
else
{
list($user['template'], $user['theme']) = explode('/', $user['template']);
}
// TODO : replace initial $user['template'] by $user['layout']
include(
PHPWG_ROOT_PATH
.'template/'.$user['template']
.'/theme/'.$user['theme']
.'/themeconf.inc.php'
);
if (is_adviser())
{
$header_msgs[] = $lang['adviser_mode_enabled'];
}
// template instance
$template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template']);
if (count($header_msgs) > 0)
{
$template->assign_block_vars('header_msgs',array());
@ -232,4 +225,4 @@ if (count($header_msgs) > 0)
array('HEADER_MSG'=>$header_msg));
}
}
?>
?>

5
include/config_default.inc.php
View file

@ -323,7 +323,10 @@ $conf['remember_me_name'] = 'pwg_remember';
// remember_me_length : time of validity for "remember me" cookies, in
// seconds.
$conf['remember_me_length'] = 31536000;
$conf['remember_me_length'] = 5184000;
// session_length : time of validity for normal session, in seconds.
$conf['session_length'] = 3600;
// +-----------------------------------------------------------------------+
// | debug |

34
include/functions.inc.php
View file

@ -584,8 +584,16 @@ function redirect( $url , $msg = '', $refresh_time = 0)
{
global $user, $template, $lang_info, $conf, $lang, $t2, $page, $debug;
if (!isset($lang_info)) {
if (!isset($lang_info))
{
$user = build_user( $conf['guest_id'], true);
include_once(get_language_filepath('common.lang.php'));
list($tmpl, $thm) = explode('/', $conf['default_template']);
$template = new Template(PHPWG_ROOT_PATH.'template/'.$tmpl, $thm);
}
else
{
$template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template'], $user['theme']);
}
if (empty($msg))
@ -602,26 +610,6 @@ function redirect( $url , $msg = '', $refresh_time = 0)
$url_link = $url;
$title = 'redirection';
unset($template);
if ( isset($user['template']) )
{
$template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template']);
}
else
{
list($tmpl, $thm) = explode('/', $conf['default_template']);
global $themeconf;
include(
PHPWG_ROOT_PATH
.'template/'.$tmpl
.'/theme/'.$thm
.'/themeconf.inc.php'
);
$template = new Template(PHPWG_ROOT_PATH.'template/'.$tmpl);
$user['is_the_guest']=true;
$user['id']=$conf['guest_id'];
}
$template->set_filenames( array( 'redirect' => 'redirect.tpl' ) );
include( PHPWG_ROOT_PATH.'include/page_header.php' );
@ -921,9 +909,9 @@ function str_translate_to_ascii7bits($str)
*/
function get_themeconf($key)
{
global $themeconf;
global $template;
return isset($themeconf[$key]) ? $themeconf[$key] : '';
return $template->get_themeconf($key);
}
/**

91
include/functions_user.inc.php
View file

@ -104,6 +104,52 @@ function setup_style($style)
return new Template(PHPWG_ROOT_PATH.'template/'.$style);
}
function build_user( $user_id, $use_cache )
{
global $conf;
$user['id'] = $user_id;
$user = array_merge( $user, getuserdata($user_id, $use_cache) );
if ( $user['id'] == $conf['guest_id'])
{
$user['is_the_guest']=true;
$user['template'] = $conf['default_template'];
$user['nb_image_line'] = $conf['nb_image_line'];
$user['nb_line_page'] = $conf['nb_line_page'];
$user['language'] = $conf['default_language'];
$user['maxwidth'] = $conf['default_maxwidth'];
$user['maxheight'] = $conf['default_maxheight'];
$user['recent_period'] = $conf['recent_period'];
$user['expand'] = $conf['auto_expand'];
$user['show_nb_comments'] = $conf['show_nb_comments'];
$user['enabled_high'] = $conf['newuser_default_enabled_high'];
}
else
{
$user['is_the_guest']=false;
}
// calculation of the number of picture to display per page
$user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page'];
// include template/theme configuration
if (defined('IN_ADMIN') and IN_ADMIN)
{
list($user['template'], $user['theme']) =
explode
(
'/',
isset($conf['default_admin_layout']) ? $conf['default_admin_layout']
: $user['template']
);
// TODO : replace $conf['admin_layout'] by $user['admin_layout']
}
else
{
list($user['template'], $user['theme']) = explode('/', $user['template']);
}
return $user;
}
/**
* find informations related to the user identifier
*
@ -580,40 +626,53 @@ UPDATE '.USERS_TABLE.'
cookie_path()
);
}
session_start();
else
{ // make sure we clean any remember me ...
setcookie($conf['remember_me_name'], '', 0, cookie_path());
}
if ( session_id()!="" )
{ // this can happpen when the session is expired and auto_login
session_regenerate_id();
}
else
{
session_start();
}
$_SESSION['pwg_uid'] = $user_id;
$user['id'] = $_SESSION['pwg_uid'];
$user['is_the_guest'] = false;
}
/*
* Performs auto-connexion when cookie remember_me exists
* @return void
* @return true/false
*/
function auto_login() {
global $conf;
// must remove slash added in include/common.inc.php
$cookie = unserialize(stripslashes($_COOKIE[$conf['remember_me_name']]));
if ( isset( $_COOKIE[$conf['remember_me_name']] ) )
{
// must remove slash added in include/common.inc.php
$cookie = unserialize(stripslashes($_COOKIE[$conf['remember_me_name']]));
$query = '
$query = '
SELECT auto_login_key
FROM '.USERS_TABLE.'
WHERE '.$conf['user_fields']['id'].' = '.$cookie['id'].'
;';
$auto_login_key = current(mysql_fetch_assoc(pwg_query($query)));
if ($auto_login_key == $cookie['key'])
{
log_user($cookie['id'], false);
redirect(make_index_url());
}
else
{
setcookie($conf['remember_me_name'], '', 0, cookie_path());
redirect(make_index_url());
$auto_login_key = current(mysql_fetch_assoc(pwg_query($query)));
if ($auto_login_key == $cookie['key'])
{
log_user($cookie['id'], true);
return true;
}
else
{
setcookie($conf['remember_me_name'], '', 0, cookie_path());
}
}
return false;
}
/*

29
include/template.php
View file

@ -59,13 +59,22 @@ class Template {
// output
var $output = '';
var $themeconf = array();
/**
* Constructor. Simply sets the root dir.
*
*/
function Template($root = ".")
function Template($root = ".", $theme= "")
{
$this->set_rootdir($root);
if ( $this->set_rootdir($root) )
{
if ( !empty( $theme ) )
{
include($root.'/theme/'.$theme.'/themeconf.inc.php');
$this->themeconf = $themeconf;
}
}
}
/**
@ -311,14 +320,14 @@ class Template {
{
die("Template->loadfile(): File $filename for handle $handle is empty");
}
$this->uncompiled_code[$handle] = $str;
return true;
}
/**
* Compiles the given string of code, and returns the result in a string.
*
@ -331,7 +340,7 @@ class Template {
// PWG specific : communication between template and $lang
$code = preg_replace('/\{lang:([^}]+)\}/e', "l10n('$1')", $code);
// PWG specific : expand themeconf.inc.php variables
$code = preg_replace('/\{themeconf:([^}]+)\}/e', "get_themeconf('$1')", $code);
$code = preg_replace('/\{themeconf:([^}]+)\}/e', '$this->get_themeconf(\'$1\')', $code);
$code = preg_replace('/\{pwg_root\}/e', "get_root_url()", $code);
// replace \ with \\ and then ' with \'.
@ -525,6 +534,10 @@ class Template {
return $varref;
}
function get_themeconf($key)
{
return isset($this->themeconf[$key]) ? $this->themeconf[$key] : '';
}
}
?>

75
include/user.inc.php
View file

@ -25,53 +25,44 @@
// | USA. |
// +-----------------------------------------------------------------------+
// by default we start with guest
$user['id'] = $conf['guest_id'];
if (isset($_COOKIE[session_name()]))
{
session_start();
if (isset($_GET['act']) and $_GET['act'] == 'logout')
{
// logout
{ // logout
$_SESSION = array();
session_unset();
session_destroy();
setcookie(session_name(),'',0,
ini_get('session.cookie_path'),
ini_get('session.cookie_domain')
);
ini_get('session.cookie_path'),
ini_get('session.cookie_domain')
);
setcookie($conf['remember_me_name'], '', 0, cookie_path());
redirect(make_index_url());
}
elseif (empty($_SESSION['pwg_uid']))
{
// timeout
}
elseif (empty($_SESSION['pwg_uid']))
{ // timeout
setcookie(session_name(),'',0,
ini_get('session.cookie_path'),
ini_get('session.cookie_domain')
);
ini_get('session.cookie_path'),
ini_get('session.cookie_domain')
);
}
else
{
$user['id'] = $_SESSION['pwg_uid'];
$user['is_the_guest'] = false;
}
}
elseif (!empty($_COOKIE[$conf['remember_me_name']]))
// Now check the auto-login
if ( $user['id']==$conf['guest_id'] )
{
auto_login();
}
else
{
$user['id'] = $conf['guest_id'];
$user['is_the_guest'] = true;
}
if ($user['is_the_guest'] and !$conf['guest_access']
and (basename($_SERVER['PHP_SELF'])!='identification.php')
and (basename($_SERVER['PHP_SELF'])!='password.php')
and (basename($_SERVER['PHP_SELF'])!='register.php'))
{
redirect (get_root_url().'identification.php');
}
// using Apache authentication override the above user search
if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER']))
@ -81,33 +72,9 @@ if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER']))
register_user($_SERVER['REMOTE_USER'], '', '');
$user['id'] = get_userid($_SERVER['REMOTE_USER']);
}
$user['is_the_guest'] = false;
}
$user = build_user( $user['id'],
( defined('IN_ADMIN') and IN_ADMIN ) ? false : true // use cache ?
);
$user = array_merge(
$user,
getuserdata(
$user['id'],
( defined('IN_ADMIN') and IN_ADMIN ) ? false : true // use cache ?
)
);
// properties of user guest are found in the configuration
if ($user['is_the_guest'])
{
$user['template'] = $conf['default_template'];
$user['nb_image_line'] = $conf['nb_image_line'];
$user['nb_line_page'] = $conf['nb_line_page'];
$user['language'] = $conf['default_language'];
$user['maxwidth'] = $conf['default_maxwidth'];
$user['maxheight'] = $conf['default_maxheight'];
$user['recent_period'] = $conf['recent_period'];
$user['expand'] = $conf['auto_expand'];
$user['show_nb_comments'] = $conf['show_nb_comments'];
$user['enabled_high'] = $conf['newuser_default_enabled_high'];
}
// calculation of the number of picture to display per page
$user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page'];
?>
?>