aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authornikrou <nikrou@piwigo.org>2006-01-15 12:52:55 +0000
committernikrou <nikrou@piwigo.org>2006-01-15 12:52:55 +0000
commit9d6404ad36375079e815979bd4bf476a5195df5e (patch)
tree4e4724a9f86cdc91d31419ac5b2a2489b858a70b
parent6d45ca83efc0f28bb00ecab1a9b4964279cc26b5 (diff)
Improve security of sessions:
- use only cookies to store session id on client side - use default php session system with database handler to store sessions on server side git-svn-id: http://piwigo.org/svn/branches/branch-1_5@1003 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--about.php2
-rw-r--r--admin.php48
-rw-r--r--admin/cat_list.php21
-rw-r--r--admin/cat_modify.php14
-rw-r--r--admin/cat_move.php2
-rw-r--r--admin/cat_options.php2
-rw-r--r--admin/cat_perm.php5
-rw-r--r--admin/comments.php6
-rw-r--r--admin/configuration.php2
-rw-r--r--admin/element_set_unit.php4
-rw-r--r--admin/group_list.php3
-rw-r--r--admin/group_perm.php2
-rw-r--r--admin/intro.php10
-rw-r--r--admin/maintenance.php10
-rw-r--r--admin/picture_modify.php6
-rw-r--r--admin/remote_site.php12
-rw-r--r--admin/stats.php10
-rw-r--r--admin/thumbnail.php2
-rw-r--r--admin/user_list.php6
-rw-r--r--admin/user_perm.php2
-rw-r--r--admin/waiting.php2
-rw-r--r--category.php47
-rw-r--r--comments.php6
-rw-r--r--identification.php13
-rw-r--r--include/category_calendar.inc.php11
-rw-r--r--include/category_default.inc.php2
-rw-r--r--include/category_recent_cats.inc.php2
-rw-r--r--include/category_subcats.inc.php2
-rw-r--r--include/config_default.inc.php25
-rw-r--r--include/functions_category.inc.php2
-rw-r--r--include/functions_html.inc.php20
-rw-r--r--include/functions_session.inc.php154
-rw-r--r--include/page_header.php2
-rw-r--r--include/user.inc.php63
-rw-r--r--notification.php2
-rw-r--r--password.php2
-rw-r--r--picture.php47
-rw-r--r--profile.php6
-rw-r--r--random.php2
-rw-r--r--register.php4
-rw-r--r--search.php5
-rw-r--r--upload.php6
42 files changed, 246 insertions, 348 deletions
diff --git a/about.php b/about.php
index 6f58f6557..a2d36854b 100644
--- a/about.php
+++ b/about.php
@@ -45,7 +45,7 @@ $template->set_filenames(
$template->assign_vars(
array(
- 'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php')
+ 'U_HOME' => PHPWG_ROOT_PATH.'category.php'
)
);
diff --git a/admin.php b/admin.php
index 3479d8be4..d144c968c 100644
--- a/admin.php
+++ b/admin.php
@@ -65,29 +65,29 @@ $template->set_filenames(array('admin' => 'admin.tpl'));
$template->assign_vars(
array(
- 'U_HISTORY'=>add_session_id($link_start.'stats' ),
- 'U_FAQ'=>add_session_id($link_start.'help' ),
- 'U_SITES'=>add_session_id($link_start.'remote_site'),
- 'U_MAINTENANCE'=>add_session_id($link_start.'maintenance'),
- 'U_CONFIG_GENERAL'=>add_session_id($conf_link.'general' ),
- 'U_CONFIG_COMMENTS'=>add_session_id($conf_link.'comments' ),
- 'U_CONFIG_DISPLAY'=>add_session_id($conf_link.'default' ),
- 'U_CATEGORIES'=>add_session_id($link_start.'cat_list' ),
- 'U_MOVE'=>add_session_id($link_start.'cat_move' ),
- 'U_CAT_UPLOAD'=>add_session_id($opt_link.'upload'),
- 'U_CAT_COMMENTS'=>add_session_id($opt_link.'comments'),
- 'U_CAT_VISIBLE'=>add_session_id($opt_link.'visible'),
- 'U_CAT_STATUS'=>add_session_id($opt_link.'status'),
- 'U_CAT_OPTIONS'=>add_session_id($link_start.'cat_options'),
- 'U_CAT_UPDATE'=>add_session_id($link_start.'update'),
- 'U_WAITING'=>add_session_id($link_start.'waiting' ),
- 'U_COMMENTS'=>add_session_id($link_start.'comments' ),
- 'U_CADDIE'=>add_session_id($link_start.'element_set&amp;cat=caddie'),
- 'U_THUMBNAILS'=>add_session_id($link_start.'thumbnail' ),
- 'U_USERS'=>add_session_id($link_start.'user_list' ),
- 'U_GROUPS'=>add_session_id($link_start.'group_list' ),
- 'U_ADMIN'=>add_session_id( PHPWG_ROOT_PATH.'admin.php' ),
- 'U_RETURN'=>add_session_id(PHPWG_ROOT_PATH.'category.php')
+ 'U_HISTORY'=> $link_start.'stats',
+ 'U_FAQ'=> $link_start.'help',
+ 'U_SITES'=> $link_start.'remote_site',
+ 'U_MAINTENANCE'=> $link_start.'maintenance',
+ 'U_CONFIG_GENERAL'=> $conf_link.'general',
+ 'U_CONFIG_COMMENTS'=> $conf_link.'comments',
+ 'U_CONFIG_DISPLAY'=> $conf_link.'default',
+ 'U_CATEGORIES'=> $link_start.'cat_list',
+ 'U_MOVE'=> $link_start.'cat_move',
+ 'U_CAT_UPLOAD'=> $opt_link.'upload',
+ 'U_CAT_COMMENTS'=> $opt_link.'comments',
+ 'U_CAT_VISIBLE'=> $opt_link.'visible',
+ 'U_CAT_STATUS'=> $opt_link.'status',
+ 'U_CAT_OPTIONS'=> $link_start.'cat_options',
+ 'U_CAT_UPDATE'=> $link_start.'update',
+ 'U_WAITING'=> $link_start.'waiting',
+ 'U_COMMENTS'=> $link_start.'comments',
+ 'U_CADDIE'=> $link_start.'element_set&amp;cat=caddie',
+ 'U_THUMBNAILS'=> $link_start.'thumbnail',
+ 'U_USERS'=> $link_start.'user_list',
+ 'U_GROUPS'=> $link_start.'group_list',
+ 'U_ADMIN'=> PHPWG_ROOT_PATH.'admin.php',
+ 'U_RETURN'=> PHPWG_ROOT_PATH.'category.php'
)
);
@@ -96,7 +96,7 @@ if ($conf['allow_random_representative'])
$template->assign_block_vars(
'representative',
array(
- 'URL' => add_session_id($opt_link.'representative')
+ 'URL' => $opt_link.'representative'
)
);
}
diff --git a/admin/cat_list.php b/admin/cat_list.php
index 3c8e1e8d2..f5e3e834e 100644
--- a/admin/cat_list.php
+++ b/admin/cat_list.php
@@ -65,7 +65,7 @@ function save_categories_order($categories)
$categories = array();
$base_url = PHPWG_ROOT_PATH.'admin.php?page=cat_list';
-$navigation = '<a class="" href="'.add_session_id($base_url).'">';
+$navigation = '<a class="" href="'.$base_url.'">';
$navigation.= $lang['home'];
$navigation.= '</a>';
@@ -238,7 +238,7 @@ else
$template->assign_vars(array(
'CATEGORIES_NAV'=>$navigation,
'NEXT_RANK'=>$next_rank,
- 'F_ACTION'=>add_session_id($form_action),
+ 'F_ACTION'=>$form_action,
'L_ADD_VIRTUAL'=>$lang['cat_add'],
'L_SUBMIT'=>$lang['submit'],
@@ -317,14 +317,9 @@ foreach ($categories as $category)
'ID'=>$category['id'],
'RANK'=>$category['rank']*10,
- 'U_JUMPTO'=>
- add_session_id(PHPWG_ROOT_PATH.'category.php?cat='.$category['id']),
-
- 'U_CHILDREN'=>
- add_session_id($cat_list_url.'&amp;parent_id='.$category['id']),
-
- 'U_EDIT'=>
- add_session_id($base_url.'cat_modify&amp;cat_id='.$category['id'])
+ 'U_JUMPTO'=>PHPWG_ROOT_PATH.'category.php?cat='.$category['id'],
+ 'U_CHILDREN'=>$cat_list_url.'&amp;parent_id='.$category['id'],
+ 'U_EDIT'=>$base_url.'cat_modify&amp;cat_id='.$category['id']
)
);
@@ -333,7 +328,7 @@ foreach ($categories as $category)
$template->assign_block_vars(
'category.delete',
array(
- 'URL'=>add_session_id($self_url.'&amp;delete='.$category['id'])
+ 'URL'=>$self_url.'&amp;delete='.$category['id']
)
);
}
@@ -343,7 +338,7 @@ foreach ($categories as $category)
$template->assign_block_vars(
'category.elements',
array(
- 'URL'=>add_session_id($base_url.'element_set&amp;cat='.$category['id'])
+ 'URL'=>$base_url.'element_set&amp;cat='.$category['id']
)
);
}
@@ -353,7 +348,7 @@ foreach ($categories as $category)
$template->assign_block_vars(
'category.permissions',
array(
- 'URL'=>add_session_id($base_url.'cat_perm&amp;cat='.$category['id'])
+ 'URL'=>$base_url.'cat_perm&amp;cat='.$category['id']
)
);
}
diff --git a/admin/cat_modify.php b/admin/cat_modify.php
index 0d82c13d4..8291e9030 100644
--- a/admin/cat_modify.php
+++ b/admin/cat_modify.php
@@ -171,13 +171,11 @@ $template->assign_vars(array(
'L_SUBMIT'=>$lang['submit'],
'L_SET_RANDOM_REPRESENTANT'=>$lang['cat_representant'],
- 'U_JUMPTO'=>
- add_session_id(PHPWG_ROOT_PATH.'category.php?cat='.$category['id']),
- 'U_CHILDREN'=>
- add_session_id($cat_list_url.'&amp;parent_id='.$category['id']),
+ 'U_JUMPTO'=>PHPWG_ROOT_PATH.'category.php?cat='.$category['id'],
+ 'U_CHILDREN'=>$cat_list_url.'&amp;parent_id='.$category['id'],
'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=cat_modify',
- 'F_ACTION'=>add_session_id($form_action)
+ 'F_ACTION'=>$form_action
));
@@ -186,7 +184,7 @@ if ('private' == $category['status'])
$template->assign_block_vars(
'permissions',
array(
- 'URL'=>add_session_id($base_url.'cat_perm&amp;cat='.$category['id'])
+ 'URL'=>$base_url.'cat_perm&amp;cat='.$category['id']
)
);
}
@@ -197,7 +195,7 @@ if ($category['nb_images'] > 0)
$template->assign_block_vars(
'elements',
array(
- 'URL'=>add_session_id($base_url.'element_set&amp;cat='.$category['id'])
+ 'URL'=>$base_url.'element_set&amp;cat='.$category['id']
)
);
}
@@ -267,7 +265,7 @@ else
$template->assign_block_vars(
'delete',
array(
- 'URL'=>add_session_id($self_url.'&amp;delete='.$category['id'])
+ 'URL'=>$self_url.'&amp;delete='.$category['id']
)
);
diff --git a/admin/cat_move.php b/admin/cat_move.php
index 7760b6494..0d030dca0 100644
--- a/admin/cat_move.php
+++ b/admin/cat_move.php
@@ -68,7 +68,7 @@ $template->set_filenames(
$template->assign_vars(
array(
- 'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=cat_move'),
+ 'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=cat_move',
)
);
diff --git a/admin/cat_options.php b/admin/cat_options.php
index f8ca7527b..a43a4ec61 100644
--- a/admin/cat_options.php
+++ b/admin/cat_options.php
@@ -153,7 +153,7 @@ $template->assign_vars(
'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=cat_options',
- 'F_ACTION'=>add_session_id($base_url.$page['section'])
+ 'F_ACTION'=>$base_url.$page['section']
)
);
diff --git a/admin/cat_perm.php b/admin/cat_perm.php
index f0c961103..95e9edaa9 100644
--- a/admin/cat_perm.php
+++ b/admin/cat_perm.php
@@ -207,10 +207,7 @@ $template->assign_vars(
'admin.php?page=cat_modify&amp;cat_id='
),
'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=cat_perm',
- 'F_ACTION' =>
- add_session_id(
- PHPWG_ROOT_PATH.'admin.php?page=cat_perm&amp;cat='.$page['cat']
- )
+ 'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=cat_perm&amp;cat='.$page['cat']
)
);
diff --git a/admin/comments.php b/admin/comments.php
index 53d498c84..ef366c783 100644
--- a/admin/comments.php
+++ b/admin/comments.php
@@ -117,7 +117,7 @@ $template->set_filenames(array('comments'=>'admin/comments.tpl'));
$template->assign_vars(
array(
- 'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=comments')
+ 'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=comments'
)
);
@@ -141,10 +141,8 @@ while ($row = mysql_fetch_array($result))
'comment',
array(
'U_PICTURE' =>
- add_session_id(
PHPWG_ROOT_PATH.'admin.php?page=picture_modify'.
- '&amp;image_id='.$row['image_id']
- ),
+ '&amp;image_id='.$row['image_id'],
'ID' => $row['id'],
'TN_SRC' => get_thumbnail_src($row['path'], @$row['tn_ext']),
'AUTHOR' => $row['author'],
diff --git a/admin/configuration.php b/admin/configuration.php
index f038800f4..5861ac495 100644
--- a/admin/configuration.php
+++ b/admin/configuration.php
@@ -149,7 +149,7 @@ $template->assign_vars(
'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=configuration',
- 'F_ACTION'=>add_session_id($action)
+ 'F_ACTION'=>$action
));
switch ($page['section'])
diff --git a/admin/element_set_unit.php b/admin/element_set_unit.php
index fbffe99dd..f3bf12bbd 100644
--- a/admin/element_set_unit.php
+++ b/admin/element_set_unit.php
@@ -222,10 +222,8 @@ SELECT id,path,tn_ext,name,date_creation,comment,keywords,author,file
!empty($row['name']) ?
$row['name'] : get_name_from_file($row['file']),
'U_EDIT' =>
- add_session_id(
PHPWG_ROOT_PATH.'admin.php?page=picture_modify'.
- '&amp;image_id='.$row['id']
- ),
+ '&amp;image_id='.$row['id'],
'ID' => $row['id'],
'FILENAME' => $row['path'],
'TN_SRC' => $src,
diff --git a/admin/group_list.php b/admin/group_list.php
index 7bc08b3f4..0a9946fe5 100644
--- a/admin/group_list.php
+++ b/admin/group_list.php
@@ -124,8 +124,7 @@ $template->set_filenames(array('group_list' => 'admin/group_list.tpl'));
$template->assign_vars(
array(
- 'F_ADD_ACTION' =>
- add_session_id(PHPWG_ROOT_PATH.'admin.php?page=group_list')
+ 'F_ADD_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=group_list'
)
);
diff --git a/admin/group_perm.php b/admin/group_perm.php
index 5c974008e..2c474eb89 100644
--- a/admin/group_perm.php
+++ b/admin/group_perm.php
@@ -140,11 +140,9 @@ $template->assign_vars(
'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'],
'F_ACTION' =>
- add_session_id(
PHPWG_ROOT_PATH.
'admin.php?page=group_perm&amp;group_id='.
$page['group']
- )
)
);
diff --git a/admin/intro.php b/admin/intro.php
index d7beec762..45e34a439 100644
--- a/admin/intro.php
+++ b/admin/intro.php
@@ -177,10 +177,8 @@ $template->assign_vars(
'DB_USERS' => sprintf(l10n('%d users'), $nb_users),
'DB_GROUPS' => sprintf(l10n('%d groups'), $nb_groups),
'DB_COMMENTS' => sprintf(l10n('%d comments'), $nb_comments),
- 'U_CHECK_UPGRADE' =>
- add_session_id(PHPWG_ROOT_PATH.'admin.php?action=check_upgrade'),
- 'U_PHPINFO' =>
- add_session_id(PHPWG_ROOT_PATH.'admin.php?action=phpinfo')
+ 'U_CHECK_UPGRADE' => PHPWG_ROOT_PATH.'admin.php?action=check_upgrade',
+ 'U_PHPINFO' => PHPWG_ROOT_PATH.'admin.php?action=phpinfo'
)
);
@@ -217,7 +215,7 @@ if ($nb_waiting > 0)
$template->assign_block_vars(
'waiting',
array(
- 'URL' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=waiting'),
+ 'URL' => PHPWG_ROOT_PATH.'admin.php?page=waiting',
'INFO' => sprintf(l10n('%d waiting for validation'), $nb_waiting)
)
);
@@ -236,7 +234,7 @@ if ($nb_comments > 0)
$template->assign_block_vars(
'unvalidated',
array(
- 'URL' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=comments'),
+ 'URL' => PHPWG_ROOT_PATH.'admin.php?page=comments',
'INFO' => sprintf(l10n('%d waiting for validation'), $nb_comments)
)
);
diff --git a/admin/maintenance.php b/admin/maintenance.php
index ec45196db..067f1ff82 100644
--- a/admin/maintenance.php
+++ b/admin/maintenance.php
@@ -98,11 +98,11 @@ $start_url = PHPWG_ROOT_PATH.'admin.php?page=maintenance&amp;action=';
$template->assign_vars(
array(
- 'U_MAINT_CATEGORIES' => add_session_id($start_url.'categories'),
- 'U_MAINT_IMAGES' => add_session_id($start_url.'images'),
- 'U_MAINT_HISTORY' => add_session_id($start_url.'history'),
- 'U_MAINT_SESSIONS' => add_session_id($start_url.'sessions'),
- 'U_MAINT_FEEDS' => add_session_id($start_url.'feeds'),
+ 'U_MAINT_CATEGORIES' => $start_url.'categories',
+ 'U_MAINT_IMAGES' => $start_url.'images',
+ 'U_MAINT_HISTORY' => $start_url.'history',
+ 'U_MAINT_SESSIONS' => $start_url.'sessions',
+ 'U_MAINT_FEEDS' => $start_url.'feeds',
'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=maintenance',
)
);
diff --git a/admin/picture_modify.php b/admin/picture_modify.php
index a8fa2b953..097857ec5 100644
--- a/admin/picture_modify.php
+++ b/admin/picture_modify.php
@@ -195,12 +195,10 @@ $template->set_filenames(
$template->assign_vars(
array(
'U_SYNC' =>
- add_session_id(
PHPWG_ROOT_PATH.'admin.php?page=picture_modify'.
'&amp;image_id='.$_GET['image_id'].
(isset($_GET['cat_id']) ? '&amp;cat_id='.$_GET['cat_id'] : '').
- '&amp;sync_metadata=1'
- ),
+ '&amp;sync_metadata=1',
'PATH'=>$row['path'],
@@ -230,10 +228,8 @@ $template->assign_vars(
stripslashes($_POST['description']) : @$row['comment'],
'F_ACTION' =>
- add_session_id(
PHPWG_ROOT_PATH.'admin.php'
.get_query_string_diff(array('sync_metadata'))
- )
)
);
diff --git a/admin/remote_site.php b/admin/remote_site.php
index fb778084f..1ce1813a2 100644
--- a/admin/remote_site.php
+++ b/admin/remote_site.php
@@ -515,7 +515,7 @@ $template->assign_vars(
'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=remote_site',
- 'F_ACTION'=>add_session_id(PHPWG_ROOT_PATH.'admin.php?page=remote_site')
+ 'F_ACTION'=>PHPWG_ROOT_PATH.'admin.php?page=remote_site'
)
);
@@ -686,7 +686,7 @@ else
'local',
array(
'URL' => $url,
- 'U_UPDATE' => add_session_id($base_url.'local_update')
+ 'U_UPDATE' => $base_url.'local_update'
)
);
@@ -731,10 +731,10 @@ while ($row = mysql_fetch_array($result))
'sites.site',
array(
'NAME' => $row['galleries_url'],
- 'U_GENERATE' => add_session_id($base_url.'generate'),
- 'U_UPDATE' => add_session_id($base_url.'update'),
- 'U_CLEAN' => add_session_id($base_url.'clean'),
- 'U_DELETE' => add_session_id($base_url.'delete')
+ 'U_GENERATE' => $base_url.'generate',
+ 'U_UPDATE' => $base_url.'update',
+ 'U_CLEAN' => $base_url.'clean',
+ 'U_DELETE' => $base_url.'delete'
)
);
}
diff --git a/admin/stats.php b/admin/stats.php
index 1a821a476..02d7ec5d8 100644
--- a/admin/stats.php
+++ b/admin/stats.php
@@ -62,7 +62,7 @@ if (isset($_GET['day']) && isset($_GET['month']) && isset($_GET['year']) )
$date_of_day=$_GET['day'].' '.$lang['month'][$_GET['month']].' '.$_GET['year'];
$title_page=$lang['stats_day_title'].' du '.$date_of_day;
$url_back = PHPWG_ROOT_PATH."admin.php?page=stats";
- $url_back = add_session_id($url_back);
+ $url_back = $url_back;
$title_details='<a href='.$url_back.'>'.$lang['stats_day_title'].'</a>';
$title_day = $date_of_day;
}
@@ -71,7 +71,7 @@ elseif ( isset($_GET['month']) && isset($_GET['year']) )
$date_of_day=$lang['month'][$_GET['month']].' '.$_GET['year'];
$title_page=$lang['stats_month_title'].' : '.$date_of_day;
$url_back = PHPWG_ROOT_PATH."admin.php?page=stats";
- $url_back = add_session_id($url_back);
+ $url_back = $url_back;
$title_details='<a href='.$url_back.'>'.$lang['stats_day_title'].'</a>';
$title_day=$lang['today'];
}
@@ -105,7 +105,7 @@ $template->assign_vars(array(
'L_STAT_FILE'=>$lang['stats_file'],
'L_STAT_PICTURE'=>$lang['stats_picture'],
- 'IMG_REPORT'=>add_session_id($url_img)
+ 'IMG_REPORT'=>$url_img
));
//---------------------------------------------------------------- log history
@@ -141,7 +141,7 @@ while ( $row = mysql_fetch_array( $result ) )
.'&amp;day='.$row['d']
;
- $value = '<a href="'.add_session_id($url).'">';
+ $value = '<a href="'.$url.'">';
$value.= $row['d'].' ('.$week_day.')';
$value.= "</a>";
}
@@ -160,7 +160,7 @@ while ( $row = mysql_fetch_array( $result ) )
.'&amp;month='.$row['m']
;
- $value = '<a href="'.add_session_id($url).'">';
+ $value = '<a href="'.$url.'">';
$value.= $lang['month'][$row['m']].' '.$row['y'];
$value.= "</a>";
}
diff --git a/admin/thumbnail.php b/admin/thumbnail.php
index 5193388d7..88ffdc952 100644
--- a/admin/thumbnail.php
+++ b/admin/thumbnail.php
@@ -358,7 +358,7 @@ if (count($remainings) > 0)
$template->assign_block_vars(
'params',
array(
- 'F_ACTION'=>add_session_id($form_url),
+ 'F_ACTION'=>$form_url,
$gdlabel=>'checked="checked"',
$nlabel=>'checked="checked"',
'WIDTH_TN'=>$width,
diff --git a/admin/user_list.php b/admin/user_list.php
index e51c8e583..3eaac6d70 100644
--- a/admin/user_list.php
+++ b/admin/user_list.php
@@ -424,7 +424,7 @@ while ($row = mysql_fetch_array($result))
$template->set_filenames(array('user_list'=>'admin/user_list.tpl'));
-$base_url = add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_list');
+$base_url = PHPWG_ROOT_PATH.'admin.php?page=user_list';
if (isset($_GET['start']) and is_numeric($_GET['start']))
{
@@ -790,8 +790,8 @@ foreach ($page['filtered_users'] as $num => $local_user)
'CLASS' => ($num % 2 == 1) ? 'row2' : 'row1',
'ID' => $local_user['id'],
'CHECKED' => $checked,
- 'U_MOD' => add_session_id($profile_url.$local_user['id']),
- 'U_PERM' => add_session_id($perm_url.$local_user['id']),
+ 'U_MOD' => $profile_url.$local_user['id'],
+ 'U_PERM' => $perm_url.$local_user['id'],
'USERNAME' => $local_user['username'],
'STATUS' => $lang['user_status_'.$local_user['status']],
'EMAIL' => isset($local_user['email']) ? $local_user['email'] : '',
diff --git a/admin/user_perm.php b/admin/user_perm.php
index 400678ce2..91ade3618 100644
--- a/admin/user_perm.php
+++ b/admin/user_perm.php
@@ -133,11 +133,9 @@ $template->assign_vars(
'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'],
'F_ACTION' =>
- add_session_id(
PHPWG_ROOT_PATH.
'admin.php?page=user_perm'.
'&amp;user_id='.$page['user']
- )
)
);
diff --git a/admin/waiting.php b/admin/waiting.php
index 7c8e05b51..647fcafe2 100644
--- a/admin/waiting.php
+++ b/admin/waiting.php
@@ -148,7 +148,7 @@ $template->assign_vars(array(
'L_RESET'=>$lang['reset'],
'L_DELETE'=>$lang['delete'],
- 'F_ACTION'=>add_session_id(str_replace( '&', '&amp;', $_SERVER['REQUEST_URI'] ))
+ 'F_ACTION'=>str_replace( '&', '&amp;', $_SERVER['REQUEST_URI'])
));
//---------------------------------------------------------------- form display
diff --git a/category.php b/category.php
index 158781ae6..1a74a912f 100644
--- a/category.php
+++ b/category.php
@@ -31,10 +31,13 @@ include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
//---------------------------------------------------------------------- logout
if ( isset( $_GET['act'] )
and $_GET['act'] == 'logout'
- and isset( $_COOKIE['id'] ) )
+ and isset( $_COOKIE[session_name()] ) )
{
// cookie deletion if exists
- setcookie( 'id', '', 0, cookie_path() );
+ $_SESSION = array();
+ session_unset();
+ session_destroy();
+ setcookie(session_name(),'',0,'/');
$url = 'category.php';
redirect( $url );
}
@@ -163,15 +166,15 @@ $template->assign_vars(
'L_PROFILE_HINT' => $lang['hint_customize'],
'L_REMEMBER_ME' => $lang['remember_me'],
- 'F_IDENTIFY' => add_session_id( PHPWG_ROOT_PATH.'identification.php' ),
+ 'F_IDENTIFY' => PHPWG_ROOT_PATH.'identification.php',
'T_RECENT' => $icon_recent,
- 'U_HOME' => add_session_id( PHPWG_ROOT_PATH.'category.php' ),
- 'U_REGISTER' => add_session_id( PHPWG_ROOT_PATH.'register.php' ),
- 'U_LOST_PASSWORD' => add_session_id(PHPWG_ROOT_PATH.'password.php'),
+ 'U_HOME' => PHPWG_ROOT_PATH.'category.php',
+ 'U_REGISTER' => PHPWG_ROOT_PATH.'register.php',
+ 'U_LOST_PASSWORD' => PHPWG_ROOT_PATH.'password.php',
'U_LOGOUT' => PHPWG_ROOT_PATH.'category.php?act=logout',
- 'U_ADMIN'=>add_session_id( PHPWG_ROOT_PATH.'admin.php' ),
- 'U_PROFILE'=>add_session_id(PHPWG_ROOT_PATH.'profile.php')
+ 'U_ADMIN'=> PHPWG_ROOT_PATH.'admin.php',
+ 'U_PROFILE'=> PHPWG_ROOT_PATH.'profile.php'
)
);
//-------------------------------------------------------------- external links
@@ -198,7 +201,7 @@ if ( !$user['is_the_guest'] )
$template->assign_block_vars(
'special_cat',
array(
- 'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=fav'),
+ 'URL' => PHPWG_ROOT_PATH.'category.php?cat=fav',
'TITLE' => $lang['favorite_cat_hint'],
'NAME' => $lang['favorite_cat']
));
@@ -207,7 +210,7 @@ if ( !$user['is_the_guest'] )
$template->assign_block_vars(
'special_cat',
array(
- 'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=most_visited'),
+ 'URL' => PHPWG_ROOT_PATH.'category.php?cat=most_visited',
'TITLE' => $lang['most_visited_cat_hint'],
'NAME' => $lang['most_visited_cat']
));
@@ -217,7 +220,7 @@ if ($conf['rate'])
$template->assign_block_vars(
'special_cat',
array(
- 'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=best_rated'),
+ 'URL' => PHPWG_ROOT_PATH.'category.php?cat=best_rated',
'TITLE' => $lang['best_rated_cat_hint'],
'NAME' => $lang['best_rated_cat']
)
@@ -227,7 +230,7 @@ if ($conf['rate'])
$template->assign_block_vars(
'special_cat',
array(
- 'URL' => add_session_id(PHPWG_ROOT_PATH.'random.php'),
+ 'URL' => PHPWG_ROOT_PATH.'random.php',
'TITLE' => $lang['random_cat_hint'],
'NAME' => $lang['random_cat']
));
@@ -235,7 +238,7 @@ $template->assign_block_vars(
$template->assign_block_vars(
'special_cat',
array(
- 'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=recent_pics'),
+ 'URL' => PHPWG_ROOT_PATH.'category.php?cat=recent_pics',
'TITLE' => $lang['recent_pics_cat_hint'],
'NAME' => $lang['recent_pics_cat']
));
@@ -243,7 +246,7 @@ $template->assign_block_vars(
$template->assign_block_vars(
'special_cat',
array(
- 'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=recent_cats'),
+ 'URL' => PHPWG_ROOT_PATH.'category.php?cat=recent_cats',
'TITLE' => $lang['recent_cats_cat_hint'],
'NAME' => $lang['recent_cats_cat']
));
@@ -251,7 +254,7 @@ $template->assign_block_vars(
$template->assign_block_vars(
'special_cat',
array(
- 'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=calendar'),
+ 'URL' => PHPWG_ROOT_PATH.'category.php?cat=calendar',
'TITLE' => $lang['calendar_hint'],
'NAME' => $lang['calendar']
));
@@ -290,21 +293,21 @@ else
$template->assign_block_vars('summary', array(
'TITLE'=>$lang['hint_search'],
'NAME'=>$lang['search'],
-'U_SUMMARY'=>add_session_id( 'search.php' ),
+'U_SUMMARY'=> 'search.php',
));
// comments link
$template->assign_block_vars('summary', array(
'TITLE'=>$lang['hint_comments'],
'NAME'=>$lang['comments'],
-'U_SUMMARY'=>add_session_id( 'comments.php' ),
+'U_SUMMARY'=> 'comments.php',
));
// about link
$template->assign_block_vars('summary', array(
'TITLE'=>$lang['about_page_title'],
'NAME'=>$lang['About'],
-'U_SUMMARY'=>add_session_id( 'about.php?'.str_replace( '&', '&amp;', $_SERVER['QUERY_STRING'] ) )
+'U_SUMMARY'=> 'about.php?'.str_replace( '&', '&amp;', $_SERVER['QUERY_STRING'] )
));
// notification
@@ -313,7 +316,7 @@ $template->assign_block_vars(
array(
'TITLE'=>l10n('notification'),
'NAME'=>l10n('Notification'),
- 'U_SUMMARY'=>add_session_id(PHPWG_ROOT_PATH.'notification.php')
+ 'U_SUMMARY'=> PHPWG_ROOT_PATH.'notification.php'
));
if (isset($page['cat'])
@@ -324,10 +327,8 @@ if (isset($page['cat'])
'edit',
array(
'URL' =>
- add_session_id(
PHPWG_ROOT_PATH.'admin.php?page=cat_modify'
.'&amp;cat_id='.$page['cat']
- )
)
);
}
@@ -352,10 +353,8 @@ if (isset($page['cat'])
'caddie',
array(
'URL' =>
- add_session_id(
PHPWG_ROOT_PATH.'category.php'
.get_query_string_diff(array('caddie')).'&amp;caddie=1')
- )
);
}
}
@@ -383,7 +382,7 @@ if ( isset ( $page['cat'] ) )
$url = PHPWG_ROOT_PATH.'upload.php?cat='.$page['cat'];
$template->assign_block_vars(
'upload',
- array('U_UPLOAD'=>add_session_id( $url ))
+ array('U_UPLOAD'=> $url )
);
}
diff --git a/comments.php b/comments.php
index fa240aa29..5215ab473 100644
--- a/comments.php
+++ b/comments.php
@@ -228,7 +228,7 @@ $template->assign_vars(
'F_KEYWORD'=>@$_GET['keyword'],
'F_AUTHOR'=>@$_GET['author'],
- 'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php')
+ 'U_HOME' => PHPWG_ROOT_PATH.'category.php'
)
);
@@ -465,7 +465,7 @@ SELECT id, uppercats
array(
'TITLE_IMG'=>$name,
'I_THUMB'=>$thumbnail_src,
- 'U_THUMB'=>add_session_id($url)
+ 'U_THUMB'=>$url
));
$author = $comment['author'];
@@ -477,7 +477,7 @@ SELECT id, uppercats
$template->assign_block_vars(
'comment',
array(
- 'U_PICTURE' => add_session_id($url),
+ 'U_PICTURE' => $url,
'TN_SRC' => $thumbnail_src,
'AUTHOR' => $author,
'DATE'=>format_date($comment['date'],'mysql_datetime',true),
diff --git a/identification.php b/identification.php
index c55e009ed..223e6c1e9 100644
--- a/identification.php
+++ b/identification.php
@@ -51,8 +51,9 @@ SELECT '.$conf['user_fields']['id'].' AS id,
{
$session_length = $conf['remember_me_length'];
}
- $session_id = session_create($row['id'], $session_length);
- redirect('category.php?id='.$session_id);
+ session_start();
+ $_SESSION['id'] = $row['id'];
+ redirect('category.php');
}
else
{
@@ -80,11 +81,11 @@ $template->assign_vars(
'L_FORGET' => $lang['ident_forgotten_password'],
'L_REMEMBER_ME'=>$lang['remember_me'],
- 'U_REGISTER' => add_session_id(PHPWG_ROOT_PATH.'register.php'),
- 'U_LOST_PASSWORD' => add_session_id(PHPWG_ROOT_PATH.'password.php'),
- 'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php'),
+ 'U_REGISTER' => PHPWG_ROOT_PATH.'register.php',
+ 'U_LOST_PASSWORD' => PHPWG_ROOT_PATH.'password.php',
+ 'U_HOME' => PHPWG_ROOT_PATH.'category.php',
- 'F_LOGIN_ACTION' => add_session_id(PHPWG_ROOT_PATH.'identification.php')
+ 'F_LOGIN_ACTION' => PHPWG_ROOT_PATH.'identification.php'
));
if ($conf['authorize_remembering'])
diff --git a/include/category_calendar.inc.php b/include/category_calendar.inc.php
index a355a9339..fb2fffd09 100644
--- a/include/category_calendar.inc.php
+++ b/include/category_calendar.inc.php
@@ -67,7 +67,6 @@ foreach ($calendar_years as $calendar_year => $nb_picture_year)
{
$url = PHPWG_ROOT_PATH.'category.php?cat=calendar';
$url.= '&amp;year='.$calendar_year;
- $url = add_session_id($url);
$years_nav_bar.= ' <a href="'.$url.'">'.$calendar_year.'</a>';
}
}
@@ -124,7 +123,7 @@ SELECT DISTINCT(MONTH('.$conf['calendar_datefield'].')) AS month
$url = PHPWG_ROOT_PATH.'category.php?cat=calendar&amp;month=';
$url.= $page['calendar_year'].'.'.sprintf('%02s', $calendar_month);
$months_nav_bar.= ' ';
- $months_nav_bar.= '<a href="'.add_session_id($url).'">';
+ $months_nav_bar.= '<a href="'.$url.'">';
$months_nav_bar.= $lang['month'][(int)$calendar_month];
$months_nav_bar.= '</a>';
}
@@ -248,7 +247,7 @@ SELECT file,tn_ext,'.$conf['calendar_datefield'].',path
'IMAGE_ALT'=>$row['file'],
'IMAGE_TITLE'=>$thumbnail_title,
- 'U_IMG_LINK'=>add_session_id($url_link)
+ 'U_IMG_LINK'=>$url_link
)
);
@@ -308,7 +307,7 @@ SELECT file,tn_ext,'.$conf['calendar_datefield'].',path
'IMAGE_ALT'=>$row['file'],
'IMAGE_TITLE'=>$thumbnail_title,
- 'U_IMG_LINK'=>add_session_id($url_link)
+ 'U_IMG_LINK'=>$url_link
)
);
@@ -362,7 +361,7 @@ SELECT file,tn_ext,'.$conf['calendar_datefield'].',path
'IMAGE_ALT'=>$row['file'],
'IMAGE_TITLE'=>$thumbnail_title,
- 'U_IMG_LINK'=>add_session_id($url_link)
+ 'U_IMG_LINK'=>$url_link
)
);
@@ -436,7 +435,7 @@ SELECT file,tn_ext,'.$conf['calendar_datefield'].',path
'IMAGE_ALT'=>$row['file'],
'IMAGE_TITLE'=>$thumbnail_title,
- 'U_IMG_LINK'=>add_session_id($url_link)
+ 'U_IMG_LINK'=>$url_link
)
);
diff --git a/include/category_default.inc.php b/include/category_default.inc.php
index d553e9e05..0965b331e 100644
--- a/include/category_default.inc.php
+++ b/include/category_default.inc.php
@@ -89,7 +89,7 @@ while ($row = mysql_fetch_array($result))
'IMAGE_TITLE' => $thumbnail_title,
'IMAGE_TS' => get_icon($row['date_available']),
- 'U_IMG_LINK' => add_session_id($url_link)
+ 'U_IMG_LINK' => $url_link
)
);
diff --git a/include/category_recent_cats.inc.php b/include/category_recent_cats.inc.php
index 1b3e84f1e..298def21d 100644
--- a/include/category_recent_cats.inc.php
+++ b/include/category_recent_cats.inc.php
@@ -78,7 +78,7 @@ while ( $row = mysql_fetch_array( $result ) )
'IMAGE_ALT' => $row['file'],
'IMAGE_TITLE' => $lang['hint_category'],
- 'U_IMG_LINK' => add_session_id($url_link)
+ 'U_IMG_LINK' => $url_link
)
);
diff --git a/include/category_subcats.inc.php b/include/category_subcats.inc.php
index 8e40d8498..5f64a3a7f 100644
--- a/include/category_subcats.inc.php
+++ b/include/category_subcats.inc.php
@@ -152,7 +152,7 @@ SELECT id, path, tn_ext
'IMAGE_TITLE' => $lang['hint_category'],
'IMAGE_TS' => get_icon(@$item['date_last']),
'U_IMG_LINK' =>
- add_session_id(PHPWG_ROOT_PATH.'category.php?cat='.$item['category'])
+ PHPWG_ROOT_PATH.'category.php?cat='.$item['category']
)
);
diff --git a/include/config_default.inc.php b/include/config_default.inc.php
index 33b9eab0b..96272dee6 100644
--- a/include/config_default.inc.php
+++ b/include/config_default.inc.php
@@ -256,6 +256,21 @@ $conf['use_exif_mapping'] = array(
// | sessions |
// +-----------------------------------------------------------------------+
+// specifies to use cookie to store the session id on client side
+$conf['session_use_cookies'] = 1;
+
+// specifies to only use cookie to store the session id on client side
+$conf['session_use_only_cookies'] = 1;
+
+// do not use transparent session id support
+$conf['session_use_trans_sid'] = 0;
+
+// specifies the name of the session which is used as cookie name
+$conf['session_name'] = 'pwg_id';
+
+// comment the line below to use file handler for sessions.
+$conf['session_save_handler'] = 'db';
+
// authorize_remembering : permits user to stay logged for a long time. It
// creates a cookie on client side.
$conf['authorize_remembering'] = true;
@@ -267,16 +282,6 @@ $conf['remember_me_length'] = 31536000;
// session_length : time of validity for normal session, in seconds.
$conf['session_length'] = 3600;
-// session_id_size : a session identifier is compound of alphanumeric
-// characters and is case sensitive. Each character is among 62
-// possibilities. The number of possible sessions is
-// 62^$conf['session_id_size'].
-//
-// 62^5 = 916,132,832
-// 62^10 = 839,299,365,868,340,224
-//
-$conf['session_id_size'] = 10;
-
// +-----------------------------------------------------------------------+
// | debug |
// +-----------------------------------------------------------------------+
diff --git a/include/functions_category.inc.php b/include/functions_category.inc.php
index ad118a905..4c5f1f4be 100644
--- a/include/functions_category.inc.php
+++ b/include/functions_category.inc.php
@@ -47,7 +47,7 @@ function check_restrictions($category_id)
if (in_array($category_id, explode(',', $user['forbidden_categories'])))
{
echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />';
- echo '<a href="'.add_session_id( './category.php' ).'">';
+ echo '<a href="./category.php">';
echo $lang['thumbnails'].'</a></div>';
exit();
}
diff --git a/include/functions_html.inc.php b/include/functions_html.inc.php
index 50a999854..a2c45b7ef 100644
--- a/include/functions_html.inc.php
+++ b/include/functions_html.inc.php
@@ -82,7 +82,7 @@ function create_navigation_bar($url, $nb_element, $start,
if ($cur_page != 1)
{
$navbar.= '<a href="';
- $navbar.= add_session_id($url.'&amp;start=0');
+ $navbar.= $url.'&amp;start=0';
$navbar.= '" class="'.$link_class.'">'.$lang['first_page'];
$navbar.= '</a>';
}
@@ -96,7 +96,7 @@ function create_navigation_bar($url, $nb_element, $start,
{
$previous = $start - $nb_element_page;
$navbar.= '<a href="';
- $navbar.= add_session_id( $url.'&amp;start='.$previous );
+ $navbar.= $url.'&amp;start='.$previous;
$navbar.= '" class="'.$link_class.'">'.$lang['previous_page'];
$navbar.= '</a>';
}
@@ -109,7 +109,7 @@ function create_navigation_bar($url, $nb_element, $start,
if ($cur_page > $pages_around + 1)
{
$navbar.= '&nbsp;<a href="';
- $navbar.= add_session_id($url.'&amp;start=0');
+ $navbar.= $url.'&amp;start=0';
$navbar.= '" class="'.$link_class.'">1</a>';
if ($cur_page > $pages_around + 2)
{
@@ -130,7 +130,7 @@ function create_navigation_bar($url, $nb_element, $start,
{
$temp_start = ($i - 1) * $nb_element_page;
$navbar.= '&nbsp;<a href="';
- $navbar.= add_session_id($url.'&amp;start='.$temp_start);
+ $navbar.= $url.'&amp;start='.$temp_start;
$navbar.= '" class="'.$link_class.'">'.$i.'</a>';
}
else
@@ -148,7 +148,7 @@ function create_navigation_bar($url, $nb_element, $start,
$navbar.= ' ...';
}
$navbar.= ' <a href="';
- $navbar.= add_session_id($url.'&amp;start='.$temp_start);
+ $navbar.= $url.'&amp;start='.$temp_start;
$navbar.= '" class="'.$link_class.'">'.$maximum.'</a>';
}
@@ -159,7 +159,7 @@ function create_navigation_bar($url, $nb_element, $start,
{
$next = $start + $nb_element_page;
$navbar.= '<a href="';
- $navbar.= add_session_id( $url.'&amp;start='.$next );
+ $navbar.= $url.'&amp;start='.$next;
$navbar.= '" class="'.$link_class.'">'.$lang['next_page'].'</a>';
}
else
@@ -173,7 +173,7 @@ function create_navigation_bar($url, $nb_element, $start,
{
$temp_start = ($maximum - 1) * $nb_element_page;
$navbar.= '<a href="';
- $navbar.= add_session_id($url.'&amp;start='.$temp_start);
+ $navbar.= $url.'&amp;start='.$temp_start;
$navbar.= '" class="'.$link_class.'">'.$lang['last_page'];
$navbar.= '</a>';
}
@@ -242,7 +242,7 @@ function get_cat_display_name($cat_informations,
else
{
$output.= '<a class=""';
- $output.= ' href="'.add_session_id(PHPWG_ROOT_PATH.$url.$id).'">';
+ $output.= ' href="'.PHPWG_ROOT_PATH.$url.$id.'">';
$output.= $name.'</a>';
}
}
@@ -311,7 +311,7 @@ SELECT id,name
{
$output.= '
<a class=""
- href="'.add_session_id(PHPWG_ROOT_PATH.$url.$category_id).'">'.$name.'</a>';
+ href="'.PHPWG_ROOT_PATH.$url.$category_id.'">'.$name.'</a>';
}
}
if ($replace_space)
@@ -370,7 +370,7 @@ function get_html_menu_category($categories)
}
$menu.= '>';
- $url = add_session_id(PHPWG_ROOT_PATH.'category.php?cat='.$category['id']);
+ $url = PHPWG_ROOT_PATH.'category.php?cat='.$category['id'];
$menu.= "\n".'<a href="'.$url.'">'.$category['name'].'</a>';
if ($category['nb_images'] > 0)
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index 8a3bb911c..98a85c876 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -25,115 +25,77 @@
// | USA. |
// +-----------------------------------------------------------------------+
-// The function generate_key creates a string with pseudo random characters.
-// the size of the string depends on the $conf['session_id_size'].
-// Characters used are a-z A-Z and numerical values. Examples :
-// "Er4Tgh6", "Rrp08P", "54gj"
-// input : none (using global variable)
-// output : $key
-function generate_key($size)
-{
- global $conf;
-
- $md5 = md5(substr(microtime(), 2, 6));
- $init = '';
- for ( $i = 0; $i < strlen( $md5 ); $i++ )
- {
- if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i];
- }
- $init = substr( $init, 0, 8 );
- mt_srand( $init );
- $key = '';
- for ( $i = 0; $i < $size; $i++ )
- {
- $c = mt_rand( 0, 2 );
- if ( $c == 0 ) $key .= chr( mt_rand( 65, 90 ) );
- else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) );
- else $key .= mt_rand( 0, 9 );
- }
- return $key;
+if (isset($conf['session_save_handler']) and ($conf['session_save_handler'] == 'db')) {
+ session_set_save_handler('pwg_session_open',
+ 'pwg_session_close',
+ 'pwg_session_read',
+ 'pwg_session_write',
+ 'pwg_session_destroy',
+ 'pwg_session_gc'
+ );
}
-/**
- * create a new session and returns the session identifier
- *
- * - find a non-already-used session key
- * - create a session in database
- * - return session identifier
- *
- * @param int userid
- * @param int session_lentgh : in seconds
- * @return string
- */
-function session_create($userid, $session_length)
-{
- global $conf;
+ini_set('session.use_cookies', $conf['session_use_cookies']);
+ini_set('session.use_only_cookies', $conf['session_use_only_cookies']);
+ini_set('session.use_trans_sid', $conf['session_use_trans_sid']);
+ini_set('session.name', $conf['session_name']);
- // 1. searching an unused session key
- $id_found = false;
- while (!$id_found)
- {
- $generated_id = generate_key($conf['session_id_size']);
- $query = '
-SELECT id
- FROM '.SESSIONS_TABLE.'
- WHERE id = \''.$generated_id.'\'
-;';
- $result = pwg_query($query);
- if (mysql_num_rows($result) == 0)
- {
- $id_found = true;
- }
- }
- // 3. inserting session in database
- $query = '
-INSERT INTO '.SESSIONS_TABLE.'
- (id,user_id,expiration)
- VALUES
- (\''.$generated_id.'\','.$userid.',
- ADDDATE(NOW(), INTERVAL '.$session_length.' SECOND))
-;';
- pwg_query($query);
-
- $expiration = $session_length + time();
- setcookie('id', $generated_id, $expiration, cookie_path());
-
- return $generated_id;
+function pwg_session_open($path, $name)
+{
+ return true;
}
-// add_session_id adds the id of the session to the string given in
-// parameter as $url. If the session id is the first parameter to the url,
-// it is preceded by a '?', else it is preceded by a '&amp;'. If the
-// parameter $redirect is set to true, '&' is used instead of '&'.
-function add_session_id( $url, $redirect = false )
+function pwg_session_close()
{
- global $page, $user, $conf;
+ pwg_session_gc();
+ return true;
+}
- if ($user['is_the_guest']
- or $user['has_cookie']
- or $conf['apache_authentication'])
- {
- return $url;
+function pwg_session_read($session_id)
+{
+ $query = "SELECT data FROM " . SESSIONS_TABLE;
+ $query .= " WHERE id = '$session_id'";
+ $result = pwg_query($query);
+ if ($result) {
+ $row = mysql_fetch_assoc($result);
+ return $row['data'];
+ } else {
+ return '';
}
+}
- if (preg_match('/\.php\?/', $url))
- {
- $separator = $redirect ? '&' : '&amp;';
- }
- else
- {
- $separator = '?';
+function pwg_session_write($session_id, $data)
+{
+ $query = "SELECT id FROM " . SESSIONS_TABLE;
+ $query .= " WHERE id = '$session_id'";
+ $result = pwg_query($query);
+ if (mysql_num_rows($result)) {
+ $query = "UPDATE " . SESSIONS_TABLE . " SET expiration = now()";
+ $query .= " WHERE id = '$session_id'";
+ pwg_query($query);
+ } else {
+ $query = "INSERT INTO " . SESSIONS_TABLE . " (id,data,expiration)";
+ $query .= " VALUES('$session_id','$data',now())";
+ pwg_query($query);
}
+ return true;
+}
- return $url.$separator.'id='.$page['session_id'];
+function pwg_session_destroy($session_id)
+{
+ $query = "DELETE FROM " . SESSIONS_TABLE;
+ $query .= " WHERE id = '$session_id'";
+ pwg_query($query);
+ return true;
}
-// cookie_path returns the path to use for the PhpWebGallery cookie.
-// If PhpWebGallery is installed on :
-// http://domain.org/meeting/gallery/category.php
-// cookie_path will return : "/meeting/gallery"
-function cookie_path()
+function pwg_session_gc()
{
- return substr($_SERVER['PHP_SELF'],0,strrpos( $_SERVER['PHP_SELF'],'/'));
+ global $conf;
+
+ $query = "DELETE FROM " . SESSIONS_TABLE;
+ $query .= " WHERE UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(expiration) > " . $conf['session_length'];
+ pwg_query($query);
+ return true;
}
?>
diff --git a/include/page_header.php b/include/page_header.php
index 8bf830cf5..6891787bd 100644
--- a/include/page_header.php
+++ b/include/page_header.php
@@ -61,7 +61,7 @@ if ( isset( $refresh ) and intval($refresh) >= 0 and isset( $url_link ) )
$template->assign_vars(
array(
'REFRESH_TIME' => $refresh,
- 'U_REFRESH' => add_session_id( $url_link )
+ 'U_REFRESH' => $url_link
));
$template->assign_block_vars('refresh', array());
}
diff --git a/include/user.inc.php b/include/user.inc.php
index 8b51935a0..04adde9ac 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -26,55 +26,24 @@
// +-----------------------------------------------------------------------+
// retrieving connected user informations
-if (isset($_COOKIE['id']))
+if (isset($_COOKIE[session_name()]))
{
- $session_id = $_COOKIE['id'];
- $user['has_cookie'] = true;
-}
-else if (isset($_GET['id']))
-{
- $session_id = $_GET['id'];
- $user['has_cookie'] = false;
-}
-else
-{
- $user['has_cookie'] = false;
-}
-
-if (isset($session_id)
- and ereg("^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id))
-{
- $page['session_id'] = $session_id;
- $query = '
-SELECT user_id,expiration,NOW() AS now
- FROM '.SESSIONS_TABLE.'
- WHERE id = \''.$page['session_id'].'\'
-;';
- $result = pwg_query($query);
- if (mysql_num_rows($result) > 0)
- {
- $row = mysql_fetch_array($result);
- if (strnatcmp($row['expiration'], $row['now']) < 0)
- {
- // deletion of the session from the database, because it is
- // out-of-date
- $delete_query = '
-DELETE FROM '.SESSIONS_TABLE.'
- WHERE id = \''.$page['session_id'].'\'
-;';
- pwg_query($delete_query);
- }
- else
- {
- $user['id'] = $row['user_id'];
- $user['is_the_guest'] = false;
- }
- }
-}
-if (!isset($user['id']))
+ session_start();
+ if (isset($_SESSION['id']))
+ {
+ $user['id'] = $_SESSION['id'];
+ }
+ else
+ {
+ // session timeout
+ $user['id'] = $conf['guest_id'];
+ $user['is_the_guest'] = true;
+ }
+}
+else
{
- $user['id'] = $conf['guest_id'];
- $user['is_the_guest'] = true;
+ $user['id'] = $conf['guest_id'];
+ $user['is_the_guest'] = true;
}
// using Apache authentication override the above user search
diff --git a/notification.php b/notification.php
index a9d8dd2d1..53950722d 100644
--- a/notification.php
+++ b/notification.php
@@ -58,7 +58,7 @@ $template->set_filenames(array('notification'=>'notification.tpl'));
$template->assign_vars(
array(
'FEED_URL' => PHPWG_ROOT_PATH.'feed.php?feed='.$page['feed'],
- 'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php')
+ 'U_HOME' => PHPWG_ROOT_PATH.'category.php'
)
);
diff --git a/password.php b/password.php
index f5ee6b2f8..9e0ad4029 100644
--- a/password.php
+++ b/password.php
@@ -176,7 +176,7 @@ $template->set_filenames(array('password'=>'password.tpl'));
$template->assign_vars(
array(
- 'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php')
+ 'U_HOME' => PHPWG_ROOT_PATH.'category.php'
)
);
diff --git a/picture.php b/picture.php
index b59cb1a87..5009e101a 100644
--- a/picture.php
+++ b/picture.php
@@ -82,7 +82,7 @@ while ($row = mysql_fetch_array($result))
if (!$belongs)
{
echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />';
- echo '<a href="'.add_session_id( PHPWG_ROOT_PATH.'category.php' ).'">';
+ echo '<a href="'.PHPWG_ROOT_PATH.'category.php'.'">';
echo $lang['thumbnails'].'</a></div>';
exit();
}
@@ -329,18 +329,17 @@ if ( isset( $_GET['add_fav'] ) )
{
// there is no favorite picture anymore we redirect the user to the
// category page
- $url = add_session_id($url_up);
- redirect($url);
+ redirect($url_up);
}
else if (!$has_prev)
{
$url = str_replace( '&amp;', '&', $picture['next']['url'] );
- $url = add_session_id( $url, true);
+ redirect( $url );
}
else
{
$url = str_replace('&amp;', '&', $picture['prev']['url'] );
- $url = add_session_id( $url, true);
+ redirect( $url );
}
redirect( $url );
}
@@ -533,12 +532,12 @@ $template->assign_vars(array(
'L_UP_HINT' => $lang['home_hint'],
'L_UP_ALT' => $lang['home'],
- 'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php'),
- 'U_UP' => add_session_id($url_up),
- 'U_METADATA' => add_session_id($url_metadata),
- 'U_ADMIN' => add_session_id($url_admin),
- 'U_SLIDESHOW'=> add_session_id($url_slide),
- 'U_ADD_COMMENT' => add_session_id(str_replace( '&', '&amp;', $_SERVER['REQUEST_URI'] ))
+ 'U_HOME' => (PHPWG_ROOT_PATH.'category.php'),
+ 'U_UP' => $url_up,
+ 'U_METADATA' => $url_metadata,
+ 'U_ADMIN' => $url_admin,
+ 'U_SLIDESHOW'=> $url_slide,
+ 'U_ADD_COMMENT' => str_replace( '&', '&amp;', $_SERVER['REQUEST_URI'] )
)
);
@@ -595,10 +594,8 @@ if ('admin' == $user['status'])
'caddie',
array(
'URL' =>
- add_session_id(
PHPWG_ROOT_PATH.'picture.php'
.get_query_string_diff(array('caddie')).'&amp;caddie=1')
- )
);
}
@@ -656,7 +653,7 @@ if ($has_prev)
array(
'TITLE_IMG' => $picture['prev']['name'],
'IMG' => $picture['prev']['thumbnail'],
- 'U_IMG' => add_session_id($picture['prev']['url'])
+ 'U_IMG' => $picture['prev']['url']
));
}
@@ -667,7 +664,7 @@ if ($has_next)
array(
'TITLE_IMG' => $picture['next']['name'],
'IMG' => $picture['next']['thumbnail'],
- 'U_IMG' => add_session_id($picture['next']['url'])
+ 'U_IMG' => $picture['next']['url']
));
}
@@ -690,11 +687,9 @@ if (!empty($picture['current']['author']))
{
$infos['INFO_AUTHOR'] =
'<a href="'.
- add_session_id(
PHPWG_ROOT_PATH.'category.php?cat=search'.
'&amp;search=author:'.$picture['current']['author']
- ).
- '">'.$picture['current']['author'].'</a>';
+ .'">'.$picture['current']['author'].'</a>';
}
else
{
@@ -706,11 +701,9 @@ if (!empty($picture['current']['date_creation']))
{
$infos['INFO_CREATION_DATE'] =
'<a href="'.
- add_session_id(
PHPWG_ROOT_PATH.'category.php?cat=search'.
'&amp;search=date_creation:'.$picture['current']['date_creation']
- ).
- '">'.format_date($picture['current']['date_creation']).'</a>';
+ .'">'.format_date($picture['current']['date_creation']).'</a>';
}
else
{
@@ -720,12 +713,10 @@ else
// date of availability
$infos['INFO_AVAILABILITY_DATE'] =
'<a href="'.
- add_session_id(
PHPWG_ROOT_PATH.'category.php?cat=search'.
'&amp;search=date_available:'.
substr($picture['current']['date_available'], 0, 10)
- ).
- '">'.
+ .'">'.
format_date($picture['current']['date_available'], 'mysql_datetime').
'</a>';
@@ -774,10 +765,8 @@ if (!empty($picture['current']['keywords']))
preg_replace(
'/([^,]+)/',
'<a href="'.
- add_session_id(
PHPWG_ROOT_PATH.'category.php?cat=search&amp;search=keywords:$1'
- ).
- '">$1</a>',
+ .'">$1</a>',
$picture['current']['keywords']
);
}
@@ -901,7 +890,7 @@ if ( isset( $_GET['slideshow'] ) )
if ( !is_numeric( $_GET['slideshow'] ) ) $_GET['slideshow'] = $conf['slideshow_period'];
$template->assign_block_vars('stop_slideshow', array(
- 'U_SLIDESHOW'=>add_session_id( $picture['current']['url'] )
+ 'U_SLIDESHOW'=>$picture['current']['url']
));
}
@@ -1054,7 +1043,7 @@ if ($page['show_comments'])
{
$template->assign_block_vars(
'comments.comment.delete',
- array('U_COMMENT_DELETE'=>add_session_id( $url.'&amp;del='.$row['id'])
+ array('U_COMMENT_DELETE'=> $url.'&amp;del='.$row['id']
));
}
}
diff --git a/profile.php b/profile.php
index 4a85467e6..06dc0b17b 100644
--- a/profile.php
+++ b/profile.php
@@ -136,7 +136,7 @@ SELECT '.$conf['user_fields']['password'].' AS password
// redirection
$url = PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING'];
- redirect(add_session_id($url));
+ redirect($url);
}
}
// +-----------------------------------------------------------------------+
@@ -198,9 +198,9 @@ $template->assign_vars(
'L_RETURN' => $lang['home'],
'L_RETURN_HINT' => $lang['home_hint'],
- 'U_RETURN' => add_session_id(PHPWG_ROOT_PATH.'category.php'),
+ 'U_RETURN' => PHPWG_ROOT_PATH.'category.php',
- 'F_ACTION'=>add_session_id($url_action),
+ 'F_ACTION'=>$url_action,
));
$blockname = 'template_option';
diff --git a/random.php b/random.php
index 742a514e4..189ac57b1 100644
--- a/random.php
+++ b/random.php
@@ -59,5 +59,5 @@ while ($row = mysql_fetch_array($result))
// | redirect |
// +-----------------------------------------------------------------------+
$url = PHPWG_ROOT_PATH.'category.php?cat=list&amp;list='.implode(',', $ids);
-redirect(add_session_id($url));
+redirect($url);
?> \ No newline at end of file
diff --git a/register.php b/register.php
index 27def1f85..a4da4131f 100644
--- a/register.php
+++ b/register.php
@@ -76,9 +76,9 @@ $template->assign_vars(array(
'L_CONFIRM_PASSWORD' => $lang['reg_confirm'],
'L_EMAIL' => $lang['mail_address'],
- 'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php'),
+ 'U_HOME' => PHPWG_ROOT_PATH.'category.php',
- 'F_ACTION' => add_session_id('register.php'),
+ 'F_ACTION' => 'register.php',
'F_LOGIN' => $login,
'F_EMAIL' => $email
));
diff --git a/search.php b/search.php
index 2778c8b80..b02b52daa 100644
--- a/search.php
+++ b/search.php
@@ -129,7 +129,6 @@ if (isset($_POST['submit']))
if (isset($_POST['submit']) and count($errors) == 0)
{
$url = 'category.php?cat=search&search='.$search_string;
- $url = add_session_id($url, true);
redirect($url);
}
//----------------------------------------------------- template initialization
@@ -180,9 +179,9 @@ $template->assign_vars(array(
'TODAY_DAY' => date('d', time()),
'TODAY_MONTH' => date('m', time()),
'TODAY_YEAR' => date('Y', time()),
- 'S_SEARCH_ACTION' => add_session_id( 'search.php' ),
+ 'S_SEARCH_ACTION' => 'search.php',
'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=search',
- 'U_HOME' => add_session_id( 'category.php' )
+ 'U_HOME' => 'category.php'
)
);
diff --git a/upload.php b/upload.php
index 39f0db5d2..dce72a66f 100644
--- a/upload.php
+++ b/upload.php
@@ -125,7 +125,7 @@ if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) )
if ($page['cat_site_id'] != 1 or !$page['cat_uploadable'])
{
echo '<div style="text-align:center;">'.$lang['upload_forbidden'].'<br />';
- echo '<a href="'.add_session_id( './category.php' ).'">';
+ echo '<a href="./category.php">';
echo $lang['thumbnails'].'</a></div>';
exit();
}
@@ -299,9 +299,9 @@ $template->assign_vars(array(
'L_UPLOAD_DONE' => $lang['upload_successful'],
'L_MANDATORY' => $lang['mandatory'],
- 'F_ACTION' => add_session_id( $u_form ),
+ 'F_ACTION' => $u_form,
- 'U_RETURN' => add_session_id(PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING'])
+ 'U_RETURN' => PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING']
));
if ( !$page['upload_successful'] )