Using session_write_close function when session handler use database because write is called after object destruction.
git-svn-id: http://piwigo.org/svn/trunk@4781 68402e56-0260-453c-a942-63ccdbb3a9ee
Replace all mysql functions in core code by ones independant of database engine
Fix small php code synxtax : hash must be accessed with [ ] and not { }.
git-svn-id: http://piwigo.org/svn/trunk@4325 68402e56-0260-453c-a942-63ccdbb3a9ee
- Simplify query in pwg_session_write function.
- Retrieve data with cURL method in fetchRemote function now work with forwarded URL.
git-svn-id: http://piwigo.org/svn/trunk@2900 68402e56-0260-453c-a942-63ccdbb3a9ee
- Add home button after upgrade.php.
- Add utf8 charset for access denied message.
- Replace some #content by .content in css files.
- Fix menubar blocks borders with IE.
git-svn-id: http://piwigo.org/svn/trunk@2884 68402e56-0260-453c-a942-63ccdbb3a9ee
- 2755 fix vulnerability http://www.milw0rm.com/exploits/6755
- 2756 security paranoia: protect session/remember me cookies from XSS attacks (works only if php>=5.2 and with IE/FF maybe others)
git-svn-id: http://piwigo.org/svn/trunk@2757 68402e56-0260-453c-a942-63ccdbb3a9ee
- session security improvement: now the sessions are valid only for originating ip addr (with mask 255.255.0.0 to allow users behind load balancing proxies) -> stealing the session cookie is almost a non issue (with the exception of the 65536 machines in range)
- metadata sync from the sync button does not overwrite valid data with empty metadata
- other small fixes/enhancements:
- added event get_category_image_orders
- fix display issue with redirect.tpl (h1/h2 within h1)
- fix known_script smarty function registration
- query search form not submitted if q is empty
- better admin css rules
- some other minor changes (ws_core, rest_handler, functions_search...)
git-svn-id: http://piwigo.org/svn/trunk@2521 68402e56-0260-453c-a942-63ccdbb3a9ee
bugged (r2297 was repeating new and old header).
By the way, I've also removed the replacement keywords. We were using them
because it was a common usage with CVS but it is advised not to use them with
Subversion. Personnaly, it is a problem when I search differences between 2
Piwigo installations outside Subversion.
git-svn-id: http://piwigo.org/svn/trunk@2299 68402e56-0260-453c-a942-63ccdbb3a9ee
o Display choice can be selected
o Display choice is saved on on cookie
o Small improvement picture link (hoverbox on all the link, alt&title on classic mode)
o New cookie functions and use
Enhance computing method of script_basename function.
http://forum.phpwebgallery.net/viewtopic.php?pid=58258#p58258
Merge BSF 1988:1989 into branch-1_7
git-svn-id: http://piwigo.org/svn/trunk@1992 68402e56-0260-453c-a942-63ccdbb3a9ee
correct)
- prepare a bit some url functions so that later we can fully embed pwg in
scripts located outside pwg
- remove some unnecessary language strings
git-svn-id: http://piwigo.org/svn/trunk@1750 68402e56-0260-453c-a942-63ccdbb3a9ee
- add an auto_login_key in users_table
- $conf['session_length'] is no more useful
and sessions length will be 0 (until browser closed)
- add $conf['remember_me_name'] for cookie remember name
git-svn-id: http://piwigo.org/svn/trunk@1493 68402e56-0260-453c-a942-63ccdbb3a9ee
bug 340: ini_set disabled to Club Internet ISP + 1 error text message
fix: display issue with IE6 on admin rating (table from 100% to 99%)
git-svn-id: http://piwigo.org/svn/trunk@1217 68402e56-0260-453c-a942-63ccdbb3a9ee
fix: sessions
css 3px image border goes from both clear and dark to image.css
git-svn-id: http://piwigo.org/svn/trunk@1176 68402e56-0260-453c-a942-63ccdbb3a9ee
URL rewriting: works with image file instead of image id (change
make_picture_url to generate urls with file name instead of image id)
URL rewriting: completely works with category/best_rated and
picture/best_rated/534 (change 'category.php?' to 'category' in make_index_url
and 'picture.php?' to 'picture' in make_picture_url to see it)
fix: picture category display in upper bar
fix: function rate_picture variables and use of the new user type
fix: caddie icon appears now on category page
fix: admin element_set sql query was using storage_category_id column
(column has moved to #image_categories)
fix: replaced some old $_GET[xxx] with $page[xxx]
fix: pictures have metadata url (use ? parameter - might change later)
git-svn-id: http://piwigo.org/svn/trunk@1092 68402e56-0260-453c-a942-63ccdbb3a9ee
- synchronization for remote and local sites are done by the same code
- remote sites can update metadata now (not before) - bug 279
- fixes bug 82: has_high column
- improve feature 280: user sort by filename
- fix path to template mimetypes icons
- bug 284: session cookie lifetime, deletion on logout and corrected issue
when db upgrades were missing
git-svn-id: http://piwigo.org/svn/trunk@1029 68402e56-0260-453c-a942-63ccdbb3a9ee
fixed problem of undefined variable conf in upgrade_feed.php
fixed problem of undefined index is_the_guest of tab variable user
git-svn-id: http://piwigo.org/svn/trunk@1023 68402e56-0260-453c-a942-63ccdbb3a9ee
bug: put back function generate_key (was also used by new password generation
and new feed generation)
git-svn-id: http://piwigo.org/svn/trunk@1013 68402e56-0260-453c-a942-63ccdbb3a9ee
- use only cookies to store session id on client side
- use default php session system with database handler to store sessions on server side
git-svn-id: http://piwigo.org/svn/trunk@1004 68402e56-0260-453c-a942-63ccdbb3a9ee
is divided between users (common properties with any web application) and
user_infos (phpwebgallery specific informations). External table and
fields can be configured.
- modification : profile.php is not reachable through administration anymore
(not useful).
- modification : in profile.php, current password is mandatory only if user
tries to change his password. Username can't be changed.
- deletion : of obsolete functions get_user_restrictions,
update_user_restrictions, get_user_all_restrictions, is_user_allowed,
update_user
- modification : $user['forbidden_categories'] equals at least "-1" so that
category_id NOT IN ($user['forbidden_categories']) can always be used.
- modification : user_forbidden table becomes user_cache so that not only
restriction informations can be stored in this table.
git-svn-id: http://piwigo.org/svn/trunk@808 68402e56-0260-453c-a942-63ccdbb3a9ee
is set true : if no user matches $_SERVER['REMOTE_USER'] in "users" table,
PWG automatically creates one. This way, users can customize the behaviour
of the application.
- template : new organisation of identification menu
(category.php). Simplification is required for Apache authentication (no
logout link even if user is externally logged in)
- new : usernames can contain quotes (required because Apache authentication
authorized quotes in usernames)
git-svn-id: http://piwigo.org/svn/trunk@804 68402e56-0260-453c-a942-63ccdbb3a9ee
count sub-categories per sub-categories became false if no sub-categories
- virtual association come back in admin/infos_images (not only in
admin/picture_modify)
- check_favorites function in admin section becomes check_user_favorites in
public section : favorites are checked when user tries to display his
favorites. Function was optimized.
- in function update_category, wrap of long queries due to many categories
to update at the same time
- typo fixed in description of paginate_pages_around configuration parameter
- bug fixed in new navigation bar : no separation pipe was displayed between
next and last when the page displayed was the last
- sessions.expiration changed of type from int to datetime (a lot easier to
read)
- sessions.ip removed : IP address is no longer used to verify session
- $lang['cat_options'] was missing in en_UK.iso-8859-1
- typo fixed in language/en_UK.iso-8859-1/admin.lang.php on
editcat_lock_info language item
git-svn-id: http://piwigo.org/svn/trunk@647 68402e56-0260-453c-a942-63ccdbb3a9ee
- simplification : each session is created with a cookie and if
PhpWebGallery can't read the cookie, it uses the URI id and it will be
used in the add_session_id function.
- configuration parameter "auth_method" disappeared (didn't lived much...)
- only one session id size possible. More comments for configuration in
include/config.inc.php
git-svn-id: http://piwigo.org/svn/trunk@555 68402e56-0260-453c-a942-63ccdbb3a9ee
- new feature : "remember me" creates a long time cookie
- possibility to set the default authentication method to URI or cookie
- really technical parameters (session identifier size, session duration)
are set in the config file and not in database + configuration.php
git-svn-id: http://piwigo.org/svn/trunk@541 68402e56-0260-453c-a942-63ccdbb3a9ee
default_style (renamed to default_language and default_template),
session_keyword
- in install.php, corrects bug to deletion of language keys :
conf_general_webmaster, conf_general_webmaster_info and renaming of
conf_general_mail
git-svn-id: http://piwigo.org/svn/trunk@518 68402e56-0260-453c-a942-63ccdbb3a9ee
