aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorz0rglub <z0rglub@piwigo.org>2003-07-27 08:24:10 +0000
committerz0rglub <z0rglub@piwigo.org>2003-07-27 08:24:10 +0000
commit45a8139acdc9a175f8f8e1536d42fa36bc57ff4c (patch)
treedf7b51fc1b5063cdbcd46856cd16d0dacc28acd7
parent4e775187b8d054835b179ff136ccd5ad5393711f (diff)
optional cookie identification
git-svn-id: http://piwigo.org/svn/trunk@45 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--admin/configuration.php33
-rw-r--r--category.php13
-rw-r--r--identification.php10
-rw-r--r--include/config.inc.php2
-rw-r--r--include/functions_session.inc.php46
-rw-r--r--include/user.inc.php53
-rw-r--r--language/francais.php9
-rw-r--r--profile.php31
-rw-r--r--template/default/profile.vtp17
9 files changed, 170 insertions, 44 deletions
diff --git a/admin/configuration.php b/admin/configuration.php
index 529a3541b..71802db1f 100644
--- a/admin/configuration.php
+++ b/admin/configuration.php
@@ -41,7 +41,7 @@ array( 'prefix_thumbnail','webmaster','mail_webmaster','access',
'show_comments','nb_comment_page','upload_available',
'upload_maxfilesize', 'upload_maxwidth','upload_maxheight',
'upload_maxwidth_thumbnail','upload_maxheight_thumbnail','log',
- 'comments_validation','comments_forall' );
+ 'comments_validation','comments_forall','authorize_cookies' );
$default_user_infos =
array( 'nb_image_line','nb_line_page','language','maxwidth',
'maxheight','expand','show_nb_comments','short_period','long_period',
@@ -851,6 +851,37 @@ $vtp->addSession( $sub, 'line' );
$vtp->addSession( $sub, 'space_line' );
$vtp->closeSession( $sub, 'space_line' );
$vtp->closeSession( $sub, 'line' );
+// authorize cookies ?
+$vtp->addSession( $sub, 'line' );
+$vtp->addSession( $sub, 'param_line' );
+$vtp->setVar( $sub, 'param_line.name', $lang['conf_session_cookie'] );
+$vtp->addSession( $sub, 'group' );
+$vtp->addSession( $sub, 'radio' );
+$vtp->setVar( $sub, 'radio.name', 'authorize_cookies' );
+$vtp->setVar( $sub, 'radio.value', 'true' );
+$checked = '';
+if ( $authorize_cookies == 'true' )
+{
+ $checked = ' checked="checked"';
+}
+$vtp->setVar( $sub, 'radio.checked', $checked );
+$vtp->setVar( $sub, 'radio.option', $lang['yes'] );
+$vtp->closeSession( $sub, 'radio' );
+$vtp->addSession( $sub, 'radio' );
+$vtp->setVar( $sub, 'radio.name', 'authorize_cookies' );
+$vtp->setVar( $sub, 'radio.value', 'false' );
+$checked = '';
+if ( $authorize_cookies == 'false' )
+{
+ $checked = ' checked="checked"';
+}
+$vtp->setVar( $sub, 'radio.checked', $checked );
+$vtp->setVar( $sub, 'radio.option', $lang['no'] );
+$vtp->closeSession( $sub, 'radio' );
+$vtp->closeSession( $sub, 'group' );
+$vtp->setVar( $sub, 'param_line.def', $lang['conf_session_cookie_info'] );
+$vtp->closeSession( $sub, 'param_line' );
+$vtp->closeSession( $sub, 'line' );
// session size
$vtp->addSession( $sub, 'line' );
$vtp->addSession( $sub, 'param_line' );
diff --git a/category.php b/category.php
index 5fe713adc..c6cfe1f42 100644
--- a/category.php
+++ b/category.php
@@ -20,6 +20,17 @@ $t2 = explode( '.', $t1[0] );
$t2 = $t1[1].'.'.$t2[1];
//----------------------------------------------------------- personnal include
include_once( './include/init.inc.php' );
+//---------------------------------------------------------------------- logout
+if ( $_GET['act'] == 'logout' and isset( $_COOKIE['id'] ) )
+{
+ // cookie deletion if exists
+ setcookie( 'id', '', 0, cookie_path() );
+ $url = 'category.php';
+ header( 'Request-URI: '.$url );
+ header( 'Content-Location: '.$url );
+ header( 'Location: '.$url );
+ exit();
+}
//-------------------------------------------------- access authorization check
// creating the plain structure : array of all the available categories and
// their relative informations, see the definition of the function
@@ -150,7 +161,7 @@ if ( !$user['is_the_guest'] )
{
// logout link
$vtp->addSession( $handle, 'summary' );
- $vtp->setVar( $handle, 'summary.url', './category.php?cat='.$page['cat'] );
+ $vtp->setVar( $handle, 'summary.url', './category.php?act=logout' );
$vtp->setVar( $handle, 'summary.title', '' );
$vtp->setVar( $handle, 'summary.name', replace_space( $lang['logout'] ) );
$vtp->closeSession( $handle, 'summary' );
diff --git a/identification.php b/identification.php
index c88719d03..2c8901a05 100644
--- a/identification.php
+++ b/identification.php
@@ -18,10 +18,9 @@
//----------------------------------------------------------- personnal include
include_once( "./include/init.inc.php" );
//-------------------------------------------------------------- identification
-$error = array();
+$errors = array();
if ( isset( $_POST['login'] ) )
{
- $i = 0;
// retrieving the encrypted password of the login submitted
$query = 'select password';
$query.= ' from '.PREFIX_TABLE.'users';
@@ -38,7 +37,7 @@ if ( isset( $_POST['login'] ) )
}
else
{
- $error[$i++] = $lang['invalid_pwd'];
+ array_push( $errors, $lang['invalid_pwd'] );
}
}
//----------------------------------------------------- template initialization
@@ -63,10 +62,9 @@ initialize_template();
if ( sizeof( $error ) != 0 )
{
$vtp->addSession( $handle, 'errors' );
- for ( $i = 0; $i < sizeof( $error ); $i++ )
- {
+ foreach ( $errors as $error ) {
$vtp->addSession( $handle, 'li' );
- $vtp->setVar( $handle, 'li.li', $error[$i] );
+ $vtp->setVar( $handle, 'li.li', $error );
$vtp->closeSession( $handle, 'li' );
}
$vtp->closeSession( $handle, 'errors' );
diff --git a/include/config.inc.php b/include/config.inc.php
index 07b3bfb14..ae54d5616 100644
--- a/include/config.inc.php
+++ b/include/config.inc.php
@@ -62,7 +62,7 @@ $infos = array( 'prefix_thumbnail', 'webmaster', 'mail_webmaster', 'access',
'upload_available', 'upload_maxfilesize', 'upload_maxwidth',
'upload_maxheight', 'upload_maxwidth_thumbnail',
'upload_maxheight_thumbnail','log','comments_validation',
- 'comments_forall' );
+ 'comments_forall','authorize_cookies' );
$query = 'SELECT ';
foreach ( $infos as $i => $info ) {
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index 6109456cc..34032b572 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -14,17 +14,22 @@
* the Free Software Foundation; *
* *
***************************************************************************/
+
+// The function generate_key creates a string with pseudo random characters.
+// the size of the string depends on the $conf['session_id_size'].
+// Characters used are a-z A-Z and numerical values. Examples :
+// "Er4Tgh6", "Rrp08P", "54gj"
+// input : none (using global variable)
+// output : $key
function generate_key()
{
global $conf;
+
$md5 = md5( substr( microtime(), 2, 6 ).$conf['session_keyword'] );
$init = '';
for ( $i = 0; $i < strlen( $md5 ); $i++ )
{
- if ( is_numeric( $md5[$i] ) )
- {
- $init.= $md5[$i];
- }
+ if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i];
}
$init = substr( $init, 0, 8 );
mt_srand( $init );
@@ -32,26 +37,19 @@ function generate_key()
for ( $i = 0; $i < $conf['session_id_size']; $i++ )
{
$c = mt_rand( 0, 2 );
- if ( $c == 0 )
- {
- $key .= chr( mt_rand( 65, 90 ) );
- }
- else if ( $c == 1 )
- {
- $key .= chr( mt_rand( 97, 122 ) );
- }
- else
- {
- $key .= mt_rand( 0, 9 );
- }
+ if ( $c == 0 ) $key .= chr( mt_rand( 65, 90 ) );
+ else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) );
+ else $key .= mt_rand( 0, 9 );
}
return $key;
}
-
+
+// The function create_session finds a non-already-used session key and
+// returns it once found for the given user.
function session_create( $username )
{
global $conf;
- // 1. searching an unused sesison key
+ // 1. searching an unused session key
$id_found = false;
while ( !$id_found )
{
@@ -89,6 +87,9 @@ function session_create( $username )
function add_session_id( $url, $redirect = false )
{
global $page, $user;
+
+ if ( $user['has_cookie'] ) return $url;
+
$amp = '&amp;';
if ( $redirect )
{
@@ -110,4 +111,13 @@ function add_session_id( $url, $redirect = false )
return $url;
}
}
+
+// cookie_path returns the path to use for the PhpWebGallery cookie.
+// If PhpWebGallery is installed on :
+// http://domain.org/meeting/gallery/category.php
+// cookie_path will return : "/meeting/gallery"
+function cookie_path()
+{
+ return substr($_SERVER['PHP_SELF'],0,strrpos( $_SERVER['PHP_SELF'],'/'));
+}
?> \ No newline at end of file
diff --git a/include/user.inc.php b/include/user.inc.php
index f950b3a1e..a90e8983d 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -32,35 +32,60 @@ foreach ( $infos as $i => $info ) {
$query_user.= ' FROM '.PREFIX_TABLE.'users';
$query_done = false;
$user['is_the_guest'] = false;
-if ( isset( $_GET['id'] )
- && ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $_GET['id'] ) )
+
+// cookie deletion if administrator don't authorize them anymore
+if ( !$conf['authorize_cookies'] and isset( $_COOKIE['id'] ) )
+{
+ setcookie( 'id', '', 0, cookie_path() );
+ $url = 'category.php';
+ header( 'Request-URI: '.$url );
+ header( 'Content-Location: '.$url );
+ header( 'Location: '.$url );
+ exit();
+}
+
+$user['has_cookie'] = false;
+if ( isset( $_GET['id'] ) ) $session_id = $_GET['id'];
+elseif ( isset( $_COOKIE['id'] ) )
{
- $page['session_id'] = $_GET['id'];
+ $session_id = $_COOKIE['id'];
+ $user['has_cookie'] = true;
+}
+
+if ( isset( $session_id )
+ and ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id ) )
+{
+ $page['session_id'] = $session_id;
$query = 'SELECT user_id,expiration,ip';
$query.= ' FROM '.PREFIX_TABLE.'sessions';
- $query.= " WHERE id = '".$_GET['id']."'";
+ $query.= " WHERE id = '".$page['session_id']."'";
$query.= ';';
$result = mysql_query( $query );
if ( mysql_num_rows( $result ) > 0 )
{
$row = mysql_fetch_array( $result );
- if ( $row['expiration'] < time() )
- {
- // deletion of the session from the database,
- // because it is out-of-date
- $delete_query = 'DELETE FROM '.PREFIX_TABLE.'sessions';
- $delete_query.= " WHERE id = '".$page['session_id']."'";
- $delete_query.= ';';
- mysql_query( $delete_query );
- }
- else
+ if ( !$user['has_cookie'] )
{
+ if ( $row['expiration'] < time() )
+ {
+ // deletion of the session from the database,
+ // because it is out-of-date
+ $delete_query = 'DELETE FROM '.PREFIX_TABLE.'sessions';
+ $delete_query.= " WHERE id = '".$page['session_id']."'";
+ $delete_query.= ';';
+ mysql_query( $delete_query );
+ }
if ( $_SERVER['REMOTE_ADDR'] == $row['ip'] )
{
$query_user .= ' WHERE id = '.$row['user_id'];
$query_done = true;
}
}
+ else
+ {
+ $query_user .= ' WHERE id = '.$row['user_id'];
+ $query_done = true;
+ }
}
}
if ( !$query_done )
diff --git a/language/francais.php b/language/francais.php
index 8e0f294e9..93fcc72cc 100644
--- a/language/francais.php
+++ b/language/francais.php
@@ -136,6 +136,11 @@ $lang['customize_long_period'] = 'période longue';
$lang['customize_template'] = 'template';
$lang['err_periods'] = 'les périodes doivent être des entiers';
$lang['err_periods_2'] = 'les périodes doivent être supérieures à 0, la période longue doit être plus grande que la période courte';
+$lang['create_cookie'] = 'créer un cookie';
+$lang['customize_day'] = 'jour';
+$lang['customize_week'] = 'semaine';
+$lang['customize_month'] = 'mois';
+$lang['customize_year'] = 'an';
// end version 1.3
$lang['maxwidth'] = 'largeur maximum des images';
$lang['maxheight'] = 'hauteur maximum des images';
@@ -399,6 +404,10 @@ if ( $isadmin )
$lang['conf_session_key_info'] = '- le mot-clef de session permet d\'améliorer le cryptage des identifiants de session.<br />- mettez n\'importe quelle chaîne de moins de 255 caractères.';
$lang['conf_session_delete'] = 'supprimer les sessions périmées';
$lang['conf_session_delete_info'] = 'il est recommandé de vider sa table de sessions car les sessions périmées restent enregistrées (mais ça ne pose pas de problème de sécurité)';
+ // start version 1.3
+ $lang['conf_session_cookie'] = 'autoriser les cookies';
+ $lang['conf_session_cookie_info'] = 'les utilisateurs ne seront plus obligés de s\'identifier à chaque visite.';
+ // end version 1.3
// page user, clés générales
$lang['user_err_modify'] = 'Cet utilisateur ne peut pas être modifé ou supprimé';
diff --git a/profile.php b/profile.php
index 7a47783a5..6d7cf557c 100644
--- a/profile.php
+++ b/profile.php
@@ -103,13 +103,18 @@ if ( isset( $_POST['submit'] ) )
$query.= ';';
mysql_query( $query );
}
+ if ( $_POST['create_cookie'] == 1 )
+ {
+ setcookie( 'id',$page['session_id'],$_POST['cookie_expiration'],
+ cookie_path() );
+ }
// redirection
$url = 'category.php?cat='.$page['cat'].'&expand='.$_GET['expand'];
if ( $page['cat'] == 'search' )
{
$url.= '&search='.$_GET['search'].'&mode='.$_GET['mode'];
}
- $url = add_session_id( $url, true );
+ if ( $_POST['create_cookie'] != 1 ) $url = add_session_id( $url, true );
header( 'Request-URI: '.$url );
header( 'Content-Location: '.$url );
header( 'Location: '.$url );
@@ -121,7 +126,7 @@ $vtp = new VTemplate;
$handle = $vtp->Open( './template/'.$user['template'].'/profile.vtp' );
initialize_template();
$tpl = array( 'customize_page_title','customize_title','password','new',
- 'reg_confirm','submit' );
+ 'reg_confirm','submit','create_cookie' );
templatize_array( $tpl, 'lang', $handle );
//----------------------------------------------------------------- form action
$url = './profile.php?cat='.$page['cat'].'&amp;expand='.$page['expand'];
@@ -340,6 +345,28 @@ if ( in_array( 'show_nb_comments', $infos ) )
$vtp->closeSession( $handle, 'group' );
$vtp->closeSession( $handle, 'line' );
}
+//--------------------------------------------------------------- create cookie
+if ( $conf['authorize_cookies'] )
+{
+ $vtp->addSession( $handle, 'cookie' );
+ $options = array(
+ array( 'message' => '1 '.$lang['customize_day'],
+ 'value' => time() + 24*60*60 ),
+ array( 'message' => '1 '.$lang['customize_week'],
+ 'value' => time() + 7*24*60*60 ),
+ array( 'message' => '1 '.$lang['customize_month'],
+ 'value' => time() + 30*24*60*60 ),
+ array( 'message' => '1 '.$lang['customize_year'],
+ 'value' => time() + 365*24*60*60 )
+ );
+ foreach ( $options as $option ) {
+ $vtp->addSession( $handle, 'expiration_option' );
+ $vtp->setVar( $handle, 'expiration_option.option', $option['message'] );
+ $vtp->setVar( $handle, 'expiration_option.value', $option['value'] );
+ $vtp->closeSession( $handle, 'expiration_option' );
+ }
+ $vtp->closeSession( $handle, 'cookie' );
+}
//----------------------------------------------------------- html code display
$code = $vtp->Display( $handle, 0 );
echo $code;
diff --git a/template/default/profile.vtp b/template/default/profile.vtp
index 0d1d20fe3..3aef1460a 100644
--- a/template/default/profile.vtp
+++ b/template/default/profile.vtp
@@ -58,13 +58,28 @@
<td colspan="2">&nbsp;</td>
</tr>
<tr>
- <td class="menu">{#new} {#password}<input type="checkbox" name="use_new_pwd" value="1" /></td>
+ <td class="menu">{#new} {#password} <input type="checkbox" name="use_new_pwd" value="1" /></td>
<td class="menu"><input type="password" name="password" value="" /></td>
</tr>
<tr>
<td class="menu">{#reg_confirm}</td>
<td class="menu"><input type="password" name="passwordConf" value="" /></td>
</tr>
+ <!--VTP_cookie-->
+ <tr>
+ <td colspan="2">&nbsp;</td>
+ </tr>
+ <tr>
+ <td class="menu">{#create_cookie} <input type="checkbox" name="create_cookie" value="1" /></td>
+ <td class="menu">
+ <select name="cookie_expiration">
+ <!--VTP_expiration_option-->
+ <option value="{#value}">{#option}</option>
+ <!--/VTP_expiration_option-->
+ </select>
+ </td>
+ </tr>
+ <!--/VTP_cookie-->
<tr>
<td colspan="2">&nbsp;</td>
</tr>