aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrvelices <rv-github@modusoptimus.com>2006-10-21 20:16:01 +0000
committerrvelices <rv-github@modusoptimus.com>2006-10-21 20:16:01 +0000
commit641d335cff78b6e04c625ad3679547b73c1bb829 (patch)
tree9ec2e38e6b42d59e4050d8fd5865517dcd760e5c
parent8d7aa23a8e160c27bec20a21051b2d26217bcec9 (diff)
merge -r1568 from trunk to branch-1_6 (auto_login/redirect corrections)
git-svn-id: http://piwigo.org/svn/branches/branch-1_6@1572 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--identification.php5
-rw-r--r--include/common.inc.php106
-rw-r--r--include/config_default.inc.php5
-rw-r--r--include/functions.inc.php41
-rw-r--r--include/functions_user.inc.php105
-rw-r--r--include/template.php29
-rw-r--r--include/user.inc.php79
7 files changed, 205 insertions, 165 deletions
diff --git a/identification.php b/identification.php
index 9bfdef96f..f5131e431 100644
--- a/identification.php
+++ b/identification.php
@@ -71,10 +71,7 @@ SELECT '.$conf['user_fields']['id'].' AS id,
array_push( $errors, $lang['invalid_pwd'] );
}
}
-elseif (!empty($_COOKIE[$conf['remember_me_name']]))
-{
- auto_login();
-}
+
//----------------------------------------------------- template initialization
//
// Start output of page
diff --git a/include/common.inc.php b/include/common.inc.php
index d7b557679..217395a6f 100644
--- a/include/common.inc.php
+++ b/include/common.inc.php
@@ -132,28 +132,6 @@ or die ( "Could not connect to database server" );
mysql_select_db( $cfgBase )
or die ( "Could not connect to database" );
-if ($conf['check_upgrade_feed']
- and defined('PHPWG_IN_UPGRADE')
- and PHPWG_IN_UPGRADE)
-{
- // retrieve already applied upgrades
- $query = '
-SELECT id
- FROM '.UPGRADE_TABLE.'
-;';
- $applied = array_from_query($query, 'id');
-
- // retrieve existing upgrades
- $existing = get_available_upgrade_ids();
-
- // which upgrades need to be applied?
- if (count(array_diff($existing, $applied)) > 0)
- {
- $header_msgs[] = 'Some database upgrades are missing, '
- .'<a href="'.PHPWG_ROOT_PATH.'upgrade_feed.php">upgrade now</a>';
- }
-}
-
//
// Setup gallery wide options, if this fails then we output a CRITICAL_ERROR
// since basic gallery information is not available
@@ -162,67 +140,83 @@ load_conf_from_db();
include(PHPWG_ROOT_PATH.'include/user.inc.php');
+
// language files
include_once(get_language_filepath('common.lang.php'));
-
if (defined('IN_ADMIN') and IN_ADMIN)
{
include_once(get_language_filepath('admin.lang.php'));
}
+// only now we can set the localized username of the guest user (and not in
+// include/user.inc.php)
+if ($user['is_the_guest'])
+{
+ $user['username'] = $lang['guest'];
+}
+
+// template instance
+$template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template'], $user['theme'] );
+
if ($conf['gallery_locked'])
{
- $header_msgs[] = $lang['gallery_locked_message']
- . '<a href="'.PHPWG_ROOT_PATH.'identification.php">.</a>';
+ $header_msgs[] = $lang['gallery_locked_message'];
- if ( basename($_SERVER["PHP_SELF"]) != 'identification.php'
+ if ( basename($_SERVER["SCRIPT_FILENAME"]) != 'identification.php'
and !is_admin() )
{
- echo( $lang['gallery_locked_message'] );
+ //next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG
+ $page['root_path'] = cookie_path();
+ echo $lang['gallery_locked_message']
+ .'<a href="'.get_root_url().'identification.php">.</a>';
exit();
}
}
-// only now we can set the localized username of the guest user (and not in
-// include/user.inc.php)
-if ($user['is_the_guest'])
+if ($user['is_the_guest'] and !$conf['guest_access']
+ and !in_array( basename($_SERVER['SCRIPT_FILENAME']),
+ array('identification.php',
+ 'password.php',
+ 'register.php'
+ )
+ )
+ )
{
- $user['username'] = $lang['guest'];
+ //next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG
+ $page['root_path'] = cookie_path();
+ redirect (get_root_url().'identification.php');
}
-// include template/theme configuration
-if (defined('IN_ADMIN') and IN_ADMIN)
-{
- list($user['template'], $user['theme']) =
- explode
- (
- '/',
- isset($conf['default_admin_layout']) ? $conf['default_admin_layout']
- : $user['template']
- );
-// TODO : replace $conf['admin_layout'] by $user['admin_layout']
-}
-else
+if ($conf['check_upgrade_feed']
+ and defined('PHPWG_IN_UPGRADE')
+ and PHPWG_IN_UPGRADE)
{
- list($user['template'], $user['theme']) = explode('/', $user['template']);
+ // retrieve already applied upgrades
+ $query = '
+SELECT id
+ FROM '.UPGRADE_TABLE.'
+;';
+ $applied = array_from_query($query, 'id');
+
+ // retrieve existing upgrades
+ $existing = get_available_upgrade_ids();
+
+ // which upgrades need to be applied?
+ if (count(array_diff($existing, $applied)) > 0)
+ {
+ //next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG
+ $page['root_path'] = cookie_path();
+ $header_msgs[] = 'Some database upgrades are missing, '
+ .'<a href="'.get_root_url().'upgrade_feed.php">upgrade now</a>';
+ }
}
-// TODO : replace initial $user['template'] by $user['layout']
-include(
- PHPWG_ROOT_PATH
- .'template/'.$user['template']
- .'/theme/'.$user['theme']
- .'/themeconf.inc.php'
- );
if (is_adviser())
{
$header_msgs[] = $lang['adviser_mode_enabled'];
}
-// template instance
-$template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template']);
-
if (count($header_msgs) > 0)
{
$template->assign_block_vars('header_msgs',array());
@@ -232,4 +226,4 @@ if (count($header_msgs) > 0)
array('HEADER_MSG'=>$header_msg));
}
}
-?>
+?> \ No newline at end of file
diff --git a/include/config_default.inc.php b/include/config_default.inc.php
index 2f573cc5a..9c12f1060 100644
--- a/include/config_default.inc.php
+++ b/include/config_default.inc.php
@@ -323,7 +323,10 @@ $conf['remember_me_name'] = 'pwg_remember';
// remember_me_length : time of validity for "remember me" cookies, in
// seconds.
-$conf['remember_me_length'] = 31536000;
+$conf['remember_me_length'] = 5184000;
+
+// session_length : time of validity for normal session, in seconds.
+$conf['session_length'] = 3600;
// +-----------------------------------------------------------------------+
// | debug |
diff --git a/include/functions.inc.php b/include/functions.inc.php
index dae437a0d..06847b550 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -460,7 +460,7 @@ function format_date($date, $type = 'us', $show_time = false)
return $formated_date;
}
-function pwg_stripslashes($value)
+function pwg_stripslashes($value)
{
if (get_magic_quotes_gpc())
{
@@ -469,7 +469,7 @@ function pwg_stripslashes($value)
return $value;
}
-function pwg_addslashes($value)
+function pwg_addslashes($value)
{
if (!get_magic_quotes_gpc())
{
@@ -478,7 +478,7 @@ function pwg_addslashes($value)
return $value;
}
-function pwg_quotemeta($value)
+function pwg_quotemeta($value)
{
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
@@ -556,20 +556,23 @@ function pwg_debug( $string )
* @param integer $refreh_time
* @return void
*/
-function redirect( $url , $msg = '', $refreh_time = 0)
+function redirect( $url , $msg = '', $refresh_time = 0)
{
global $user, $template, $lang_info, $conf, $lang, $t2, $page, $debug;
- unset($template);
- $template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template']);
- if (!isset($page['body_id']))
+ if (!isset($lang_info))
{
- $page['body_id'] = 'adminPage';
+ $user = build_user( $conf['guest_id'], true);
+ include_once(get_language_filepath('common.lang.php'));
+ list($tmpl, $thm) = explode('/', $conf['default_template']);
+ $template = new Template(PHPWG_ROOT_PATH.'template/'.$tmpl, $thm);
+ }
+ else
+ {
+ $template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template'], $user['theme']);
}
- // $redirect_msg, $refresh, $url_link and $title are required for creating an automated
- // refresh page in header.tpl
- if (!isset($msg) or ($msg == ''))
+ if (empty($msg))
{
$redirect_msg = l10n('redirect_msg');
}
@@ -578,10 +581,13 @@ function redirect( $url , $msg = '', $refreh_time = 0)
$redirect_msg = $msg;
}
$redirect_msg = nl2br($redirect_msg);
- $refresh = $refreh_time;
+
+ $refresh = $refresh_time;
$url_link = $url;
$title = 'redirection';
+ $template->set_filenames( array( 'redirect' => 'redirect.tpl' ) );
+
include( PHPWG_ROOT_PATH.'include/page_header.php' );
$template->set_filenames( array( 'redirect' => 'redirect.tpl' ) );
@@ -591,7 +597,6 @@ function redirect( $url , $msg = '', $refreh_time = 0)
exit();
}
-
/**
* returns $_SERVER['QUERY_STRING'] whitout keys given in parameters
*
@@ -693,7 +698,7 @@ function get_thumbnail_src($path, $tn_ext = '', $with_rewrite = true)
function my_error($header)
{
global $conf;
-
+
$error = '<pre>';
$error.= $header;
$error.= '[mysql error '.mysql_errno().'] ';
@@ -879,9 +884,9 @@ function str_translate_to_ascii7bits($str)
*/
function get_themeconf($key)
{
- global $themeconf;
+ global $template;
- return isset($themeconf[$key]) ? $themeconf[$key] : '';
+ return $template->get_themeconf($key);
}
/**
@@ -938,7 +943,7 @@ function get_available_upgrade_ids()
function load_conf_from_db()
{
global $conf;
-
+
$query = '
SELECT param,value
FROM '.CONFIG_TABLE.'
@@ -953,7 +958,7 @@ SELECT param,value
while ($row = mysql_fetch_array($result))
{
$conf[ $row['param'] ] = isset($row['value']) ? $row['value'] : '';
-
+
// If the field is true or false, the variable is transformed into a
// boolean value.
if ($conf[$row['param']] == 'true' or $conf[$row['param']] == 'false')
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index ba085127f..0a3991574 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -104,6 +104,54 @@ function setup_style($style)
return new Template(PHPWG_ROOT_PATH.'template/'.$style);
}
+
+function build_user( $user_id, $use_cache )
+{
+ global $conf;
+ $user['id'] = $user_id;
+ $user = array_merge( $user, getuserdata($user_id, $use_cache) );
+ if ( $user['id'] == $conf['guest_id'])
+ {
+ $user['is_the_guest']=true;
+ $user['template'] = $conf['default_template'];
+ $user['nb_image_line'] = $conf['nb_image_line'];
+ $user['nb_line_page'] = $conf['nb_line_page'];
+ $user['language'] = $conf['default_language'];
+ $user['maxwidth'] = $conf['default_maxwidth'];
+ $user['maxheight'] = $conf['default_maxheight'];
+ $user['recent_period'] = $conf['recent_period'];
+ $user['expand'] = $conf['auto_expand'];
+ $user['show_nb_comments'] = $conf['show_nb_comments'];
+ $user['enabled_high'] = $conf['newuser_default_enabled_high'];
+ }
+ else
+ {
+ $user['is_the_guest']=false;
+ }
+ // calculation of the number of picture to display per page
+ $user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page'];
+
+ // include template/theme configuration
+ if (defined('IN_ADMIN') and IN_ADMIN)
+ {
+ list($user['template'], $user['theme']) =
+ explode
+ (
+ '/',
+ isset($conf['default_admin_layout']) ? $conf['default_admin_layout']
+ : $user['template']
+ );
+ // TODO : replace $conf['admin_layout'] by $user['admin_layout']
+ }
+ else
+ {
+ list($user['template'], $user['theme']) = explode('/', $user['template']);
+ }
+
+ return $user;
+}
+
+
/**
* find informations related to the user identifier
*
@@ -458,7 +506,7 @@ function create_user_infos($user_id)
{
$status = 'normal';
}
-
+
$insert =
array(
'user_id' => $user_id,
@@ -556,13 +604,13 @@ function log_user($user_id, $remember_me)
{
// search for an existing auto_login_key
$query = '
-SELECT auto_login_key
+SELECT auto_login_key
FROM '.USERS_TABLE.'
WHERE '.$conf['user_fields']['id'].' = '.$user_id.'
;';
-
+
$auto_login_key = current(mysql_fetch_assoc(pwg_query($query)));
- if (empty($auto_login_key))
+ if (empty($auto_login_key))
{
$auto_login_key = base64_encode(md5(uniqid(rand(), true)));
$query = '
@@ -574,45 +622,58 @@ UPDATE '.USERS_TABLE.'
}
$cookie = array('id' => $user_id, 'key' => $auto_login_key);
setcookie($conf['remember_me_name'],
- serialize($cookie),
+ serialize($cookie),
time()+$conf['remember_me_length'],
cookie_path()
);
}
- session_start();
+ else
+ { // make sure we clean any remember me ...
+ setcookie($conf['remember_me_name'], '', 0, cookie_path());
+ }
+ if ( session_id()!="" )
+ { // this can happpen when the session is expired and auto_login
+ session_regenerate_id();
+ }
+ else
+ {
+ session_start();
+ }
$_SESSION['pwg_uid'] = $user_id;
$user['id'] = $_SESSION['pwg_uid'];
- $user['is_the_guest'] = false;
}
/*
* Performs auto-connexion when cookie remember_me exists
- * @return void
+ * @return true/false
*/
-function auto_login() {
+function auto_login() {
global $conf;
- // must remove slash added in include/common.inc.php
- $cookie = unserialize(stripslashes($_COOKIE[$conf['remember_me_name']]));
+ if ( isset( $_COOKIE[$conf['remember_me_name']] ) )
+ {
+ // must remove slash added in include/common.inc.php
+ $cookie = unserialize(stripslashes($_COOKIE[$conf['remember_me_name']]));
- $query = '
+ $query = '
SELECT auto_login_key
FROM '.USERS_TABLE.'
WHERE '.$conf['user_fields']['id'].' = '.$cookie['id'].'
;';
- $auto_login_key = current(mysql_fetch_assoc(pwg_query($query)));
- if ($auto_login_key == $cookie['key'])
- {
- log_user($cookie['id'], false);
- redirect(make_index_url());
+ $auto_login_key = current(mysql_fetch_assoc(pwg_query($query)));
+ if ($auto_login_key == $cookie['key'])
+ {
+ log_user($cookie['id'], true);
+ return true;
+ }
+ else
+ {
+ setcookie($conf['remember_me_name'], '', 0, cookie_path());
+ }
}
- else
- {
- setcookie($conf['remember_me_name'], '', 0, cookie_path());
- redirect(make_index_url());
- }
+ return false;
}
/*
diff --git a/include/template.php b/include/template.php
index d93700b7a..df9c9a013 100644
--- a/include/template.php
+++ b/include/template.php
@@ -59,13 +59,22 @@ class Template {
// output
var $output = '';
+ var $themeconf = array();
+
/**
* Constructor. Simply sets the root dir.
*
*/
- function Template($root = ".")
+ function Template($root = ".", $theme= "")
{
- $this->set_rootdir($root);
+ if ( $this->set_rootdir($root) )
+ {
+ if ( !empty( $theme ) )
+ {
+ include($root.'/theme/'.$theme.'/themeconf.inc.php');
+ $this->themeconf = $themeconf;
+ }
+ }
}
/**
@@ -311,14 +320,14 @@ class Template {
{
die("Template->loadfile(): File $filename for handle $handle is empty");
}
-
+
$this->uncompiled_code[$handle] = $str;
-
+
return true;
}
-
-
-
+
+
+
/**
* Compiles the given string of code, and returns the result in a string.
*
@@ -331,7 +340,7 @@ class Template {
// PWG specific : communication between template and $lang
$code = preg_replace('/\{lang:([^}]+)\}/e', "l10n('$1')", $code);
// PWG specific : expand themeconf.inc.php variables
- $code = preg_replace('/\{themeconf:([^}]+)\}/e', "get_themeconf('$1')", $code);
+ $code = preg_replace('/\{themeconf:([^}]+)\}/e', '$this->get_themeconf(\'$1\')', $code);
$code = preg_replace('/\{pwg_root\}/e', "get_root_url()", $code);
// replace \ with \\ and then ' with \'.
@@ -525,6 +534,10 @@ class Template {
return $varref;
}
+ function get_themeconf($key)
+ {
+ return isset($this->themeconf[$key]) ? $this->themeconf[$key] : '';
+ }
}
?>
diff --git a/include/user.inc.php b/include/user.inc.php
index b2001fa23..b52ed2a07 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -2,7 +2,7 @@
// +-----------------------------------------------------------------------+
// | PhpWebGallery - a PHP based picture gallery |
// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
-// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
+// | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net |
// +-----------------------------------------------------------------------+
// | branch : BSF (Best So Far)
// | file : $RCSfile$
@@ -25,53 +25,44 @@
// | USA. |
// +-----------------------------------------------------------------------+
-if (isset($_COOKIE[session_name()]))
+// by default we start with guest
+$user['id'] = $conf['guest_id'];
+
+if (isset($_COOKIE[session_name()]))
{
session_start();
if (isset($_GET['act']) and $_GET['act'] == 'logout')
- {
- // logout
+ { // logout
$_SESSION = array();
session_unset();
session_destroy();
setcookie(session_name(),'',0,
- ini_get('session.cookie_path'),
- ini_get('session.cookie_domain')
- );
+ ini_get('session.cookie_path'),
+ ini_get('session.cookie_domain')
+ );
setcookie($conf['remember_me_name'], '', 0, cookie_path());
redirect(make_index_url());
- }
- elseif (empty($_SESSION['pwg_uid']))
- {
- // timeout
+ }
+ elseif (empty($_SESSION['pwg_uid']))
+ { // timeout
setcookie(session_name(),'',0,
- ini_get('session.cookie_path'),
- ini_get('session.cookie_domain')
- );
+ ini_get('session.cookie_path'),
+ ini_get('session.cookie_domain')
+ );
}
else
{
$user['id'] = $_SESSION['pwg_uid'];
- $user['is_the_guest'] = false;
}
}
-elseif (!empty($_COOKIE[$conf['remember_me_name']]))
+
+
+// Now check the auto-login
+if ( $user['id']==$conf['guest_id'] )
{
auto_login();
-}
-else
-{
- $user['id'] = $conf['guest_id'];
- $user['is_the_guest'] = true;
}
-if ($user['is_the_guest'] and !$conf['guest_access']
- and (basename($_SERVER['PHP_SELF'])!='identification.php')
- and (basename($_SERVER['PHP_SELF'])!='password.php')
- and (basename($_SERVER['PHP_SELF'])!='register.php'))
-{
- redirect (get_root_url().'identification.php');
-}
// using Apache authentication override the above user search
if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER']))
@@ -81,33 +72,9 @@ if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER']))
register_user($_SERVER['REMOTE_USER'], '', '');
$user['id'] = get_userid($_SERVER['REMOTE_USER']);
}
-
- $user['is_the_guest'] = false;
-}
-
-$user = array_merge(
- $user,
- getuserdata(
- $user['id'],
- ( defined('IN_ADMIN') and IN_ADMIN ) ? false : true // use cache ?
- )
- );
-
-// properties of user guest are found in the configuration
-if ($user['is_the_guest'])
-{
- $user['template'] = $conf['default_template'];
- $user['nb_image_line'] = $conf['nb_image_line'];
- $user['nb_line_page'] = $conf['nb_line_page'];
- $user['language'] = $conf['default_language'];
- $user['maxwidth'] = $conf['default_maxwidth'];
- $user['maxheight'] = $conf['default_maxheight'];
- $user['recent_period'] = $conf['recent_period'];
- $user['expand'] = $conf['auto_expand'];
- $user['show_nb_comments'] = $conf['show_nb_comments'];
- $user['enabled_high'] = $conf['newuser_default_enabled_high'];
}
+$user = build_user( $user['id'],
+ ( defined('IN_ADMIN') and IN_ADMIN ) ? false : true // use cache ?
+ );
-// calculation of the number of picture to display per page
-$user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page'];
-?>
+?> \ No newline at end of file