- new feature : use Apache authentication. If $conf['apache_authentication']

  is set true : if no user matches $_SERVER['REMOTE_USER'] in "users" table,
  PWG automatically creates one. This way, users can customize the behaviour
  of the application.

- template : new organisation of identification menu
  (category.php). Simplification is required for Apache authentication (no
  logout link even if user is externally logged in)

- new : usernames can contain quotes (required because Apache authentication
  authorized quotes in usernames)


git-svn-id: http://piwigo.org/svn/trunk@804 68402e56-0260-453c-a942-63ccdbb3a9ee

7 files changed, 117 insertions, 50 deletions

diff --git a/category.php b/category.php
index 700ab652a..bc93cdb38 100644
--- a/category.php
+++ b/category.php
@@ -254,21 +254,32 @@ $template->assign_block_vars(
     ));
 //--------------------------------------------------------------------- summary
 
-if ( !$user['is_the_guest'] )
+if ($user['is_the_guest'])
 {
-  $template->assign_block_vars('logout',array());
-  // administration link
-  if ( $user['status'] == 'admin' )
+  $template->assign_block_vars('register', array());
+  $template->assign_block_vars('login', array());
+  
+  $template->assign_block_vars('quickconnect', array());
+  if ($conf['authorize_remembering'])
   {
-    $template->assign_block_vars('logout.admin', array());
+    $template->assign_block_vars('quickconnect.remember_me', array());
   }
 }
 else
 {
-  $template->assign_block_vars('login',array());
-  if ($conf['authorize_remembering'])
+  $template->assign_block_vars('hello', array());
+  $template->assign_block_vars('profile', array());
+
+  // the logout link has no meaning with Apache authentication : it is not
+  // possible to logout with this kind of authentication.
+  if (!$conf['apache_authentication'])
+  {
+    $template->assign_block_vars('logout', array());
+  }
+
+  if ('admin' == $user['status'])
   {
-    $template->assign_block_vars('login.remember_me',array());
+    $template->assign_block_vars('admin', array());
   }
 }
 
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 2b5cc3c85..d00edab52 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,5 +1,21 @@
 2005-07-17 Pierrick LE GALL
 
+	* new feature : use Apache authentication. If
+	$conf['apache_authentication'] is set true : if no user matches
+	$_SERVER['REMOTE_USER'] in "users" table, PWG automatically
+	creates one. This way, users can customize the behaviour of the
+	application.
+
+	* template : new organisation of identification menu
+	(category.php). Simplification is required for Apache
+	authentication (no logout link even if user is externally logged
+	in)
+
+	* new : usernames can contain quotes (required because Apache
+	authentication authorized quotes in usernames)
+
+2005-07-17 Pierrick LE GALL
+
 	* new configuration parameter : hide thumbnail captions on main
 	page with $conf['show_thumbnail_caption']
 
diff --git a/include/config_default.inc.php b/include/config_default.inc.php
index 08f68733b..8debb63f0 100644
--- a/include/config_default.inc.php
+++ b/include/config_default.inc.php
@@ -223,4 +223,8 @@ $conf['show_thumbnail_caption'] = true;
 // show_picture_name_on_title : on picture presentation page, show picture
 // name ?
 $conf['show_picture_name_on_title'] = true;
+
+// apache_authentication : use Apache authentication as reference instead of
+// users table ?
+$conf['apache_authentication'] = false;
 ?>
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index 7190f8954..b2509e1c1 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -107,9 +107,9 @@ INSERT INTO '.SESSIONS_TABLE.'
 // parameter $redirect is set to true, '&' is used instead of '&'.
 function add_session_id( $url, $redirect = false )
 {
-  global $page, $user;
+  global $page, $user, $conf;
 
-  if ( $user['has_cookie'] ) return $url;
+  if ( $user['has_cookie'] or $conf['apache_authentication']) return $url;
 
   $amp = '&';
   if ( $redirect )
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 3e8588cf7..1a2709254 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -54,7 +54,6 @@ function register_user($login, $password, $password_conf,
   // login must not
   //      1. be empty
   //      2. start ou end with space character
-  //      3. include ' or " characters
   //      4. be already used
   if ($login == '')
   {
@@ -69,23 +68,17 @@ function register_user($login, $password, $password_conf,
     array_push($errors, $lang['reg_err_login3']);
   }
 
-  if (ereg("'", $login) or ereg("\"", $login))
-  {
-    array_push($errors, $lang['reg_err_login4']);
-  }
-  else
-  {
-    $query = '
+  $query = '
 SELECT id
   FROM '.USERS_TABLE.'
-  WHERE username = \''.$login.'\'
+  WHERE username = \''.mysql_escape_string($login).'\'
 ;';
-    $result = pwg_query($query);
-    if (mysql_num_rows($result) > 0)
-    {
-      array_push($errors, $lang['reg_err_login5']);
-    }
+  $result = pwg_query($query);
+  if (mysql_num_rows($result) > 0)
+  {
+    array_push($errors, $lang['reg_err_login5']);
   }
+
   // given password must be the same as the confirmation
   if ($password != $password_conf)
   {
@@ -102,7 +95,7 @@ SELECT id
   if (count($errors) == 0)
   {
     $insert = array();
-    $insert['username'] = $login;
+    $insert['username'] = mysql_escape_string($login);
     $insert['password'] = md5($password);
     $insert['status'] = $status;
     $insert['template'] = $conf['default_template'];
diff --git a/include/user.inc.php b/include/user.inc.php
index b388943c0..56b36039c 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -91,6 +91,35 @@ if (!isset($user['id']))
   $user['is_the_guest'] = true;
 }
 
+// using Apache authentication override the above user search
+if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER']))
+{
+  $query = '
+SELECT id
+  FROM '.USERS_TABLE.'
+  WHERE username = \''.mysql_escape_string($_SERVER['REMOTE_USER']).'\'
+;';
+  $result = pwg_query($query);
+
+  if (mysql_num_rows($result) == 0)
+  {
+    register_user($_SERVER['REMOTE_USER'], '', '', '');
+
+    $query = '
+SELECT id
+  FROM '.USERS_TABLE.'
+  WHERE username = \''.mysql_escape_string($_SERVER['REMOTE_USER']).'\'
+;';
+    list($user['id']) = mysql_fetch_row(pwg_query($query));
+  }
+  else
+  {
+    list($user['id']) = mysql_fetch_row($result);
+  }
+
+  $user['is_the_guest'] = false;
+}
+
 $query = '
 SELECT u.*, uf.*
   FROM '.USERS_TABLE.' AS u LEFT JOIN '.USER_FORBIDDEN_TABLE.' AS uf
diff --git a/template/default/category.tpl b/template/default/category.tpl
index fd4c88262..437652138 100644
--- a/template/default/category.tpl
+++ b/template/default/category.tpl
@@ -41,34 +41,48 @@
 		</div>
 		<div class="titreMenu">{L_IDENTIFY}</div>
 		 <div class="menu">
-		 <!-- BEGIN login -->
+                 <!-- BEGIN hello -->
+                 <p>{L_HELLO}&nbsp;{USERNAME}&nbsp;!</p>
+                 <!-- END hello -->
 		<ul class="menu">
+
+                  <!-- BEGIN register -->
 		  <li><a href="{U_REGISTER}">{L_REGISTER}</a></li>
-			<li><a href="{F_IDENTIFY}">{L_LOGIN}</a></li>
-		</ul>
-		<hr />
-		<form method="post" action="{F_IDENTIFY}">
-		<input type="hidden" name="redirect" value="{U_REDIRECT}">
-		{L_USERNAME}<br />
-		<input type="text" name="username" size="15" value="" /><br />
-		{L_PASSWORD}<br />
-		<input type="password" name="password" size="15"><br />
-                <!-- BEGIN remember_me -->
-                <input type="checkbox" name="remember_me" value="1" /> {L_REMEMBER_ME}<br />
-                <!-- END remember_me -->
-		<input type="submit" name="login" value="{L_SUBMIT}" class="bouton" />
+                  <!-- END register -->
+
+		  <!-- BEGIN login -->
+		  <li><a href="{F_IDENTIFY}">{L_LOGIN}</a></li>
+                  <!-- END login -->
+
+                  <!-- BEGIN logout -->
+                  <li><a href="{U_LOGOUT}">{L_LOGOUT}</a></li>
+                  <!-- END logout -->
+                  
+                  <!-- BEGIN profile -->
+                  <li><a href="{U_PROFILE}" title="{L_PROFILE_HINT}">{L_PROFILE}</a></li>
+                  <!-- END profile -->
+
+                  <!-- BEGIN admin -->
+                  <li><a href="{U_ADMIN}" title="{L_ADMIN_HINT}">{L_ADMIN}</a></li>
+                  <!-- END admin -->
+
+                </ul>
+
+                <!-- BEGIN quickconnect -->
+                <hr />
+                <form method="post" action="{F_IDENTIFY}">
+	          <input type="hidden" name="redirect" value="{U_REDIRECT}">
+		  {L_USERNAME}<br />
+		  <input type="text" name="username" size="15" value="" /><br />
+		  {L_PASSWORD}<br />
+		  <input type="password" name="password" size="15"><br />
+                  <!-- BEGIN remember_me -->
+                  <input type="checkbox" name="remember_me" value="1" /> {L_REMEMBER_ME}<br />
+                  <!-- END remember_me -->
+		  <input type="submit" name="login" value="{L_SUBMIT}" class="bouton" />
 		</form>
-		<!-- END login -->
-		<!-- BEGIN logout -->
-		<p>{L_HELLO}&nbsp;{USERNAME}&nbsp;!</p>
-		<ul class="menu">
-		  <li><a href="{U_LOGOUT}">{L_LOGOUT}</a></li>
-		  <li><a href="{U_PROFILE}" title="{L_PROFILE_HINT}">{L_PROFILE}</a></li>
-		<!-- BEGIN admin -->
-	      <li><a href="{U_ADMIN}" title="{L_ADMIN_HINT}">{L_ADMIN}</a></li>
-		<!-- END admin -->
-		</ul>
-		<!-- END logout -->
+		<!-- END quickconnect -->
+
 		</div>
       </div>
 	</td>