aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorz0rglub <z0rglub@piwigo.org>2004-10-06 22:48:48 +0000
committerz0rglub <z0rglub@piwigo.org>2004-10-06 22:48:48 +0000
commit11699a554688e1215bae9c550a5a67c15cdb8f36 (patch)
treed1e23ac0f904d651df37ee8a349415a888f94383
parent944fb4856ed687de9f525d3d515d6f7b2287bb69 (diff)
- checkbox for "remember me" are only shown if authorized
- simplification : each session is created with a cookie and if PhpWebGallery can't read the cookie, it uses the URI id and it will be used in the add_session_id function. - configuration parameter "auth_method" disappeared (didn't lived much...) - only one session id size possible. More comments for configuration in include/config.inc.php git-svn-id: http://piwigo.org/svn/trunk@555 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--admin/configuration.php9
-rw-r--r--category.php4
-rw-r--r--identification.php33
-rw-r--r--include/config.inc.php12
-rw-r--r--include/functions_session.inc.php10
-rw-r--r--include/user.inc.php20
-rw-r--r--install/config.sql1
-rw-r--r--language/en_UK.iso-8859-1/admin.lang.php4
-rw-r--r--template/default/admin/configuration.tpl5
-rw-r--r--template/default/category.tpl2
-rw-r--r--template/default/identification.tpl2
11 files changed, 35 insertions, 67 deletions
diff --git a/admin/configuration.php b/admin/configuration.php
index 1c8c206f0..36e52c500 100644
--- a/admin/configuration.php
+++ b/admin/configuration.php
@@ -154,8 +154,6 @@ $template->assign_vars(
'L_NO'=>$lang['no'],
'L_SUBMIT'=>$lang['submit'],
'L_RESET'=>$lang['reset'],
- 'L_URI'=>$lang['URI'],
- 'L_COOKIE'=>$lang['cookie'],
'F_ACTION'=>add_session_id($action)
));
@@ -304,9 +302,6 @@ switch ($page['section'])
}
case 'session' :
{
- $auth_method_URI = ($conf['auth_method']=='URI')?'checked="checked"':'';
- $auth_method_cookie =
- ($conf['auth_method']=='cookie')?'checked="checked"':'';
$authorize_remembering_yes =
($conf['authorize_remembering']=='true')?'checked="checked"':'';
$authorize_remembering_no =
@@ -316,14 +311,10 @@ switch ($page['section'])
'session',
array(
'L_CONF_TITLE'=>$lang['conf_session_title'],
- 'L_CONF_AUTH_METHOD'=>$lang['conf_auth_method'],
- 'L_CONF_AUTH_METHOD_INFO'=>$lang['conf_auth_method_info'],
'L_CONF_AUTHORIZE_REMEMBERING'=>$lang['conf_authorize_remembering'],
'L_CONF_AUTHORIZE_REMEMBERING_INFO' =>
$lang['conf_authorize_remembering_info'],
- 'AUTH_METHOD_URI'=>$auth_method_URI,
- 'AUTH_METHOD_COOKIE'=>$auth_method_cookie,
'AUTHORIZE_REMEMBERING_YES'=>$authorize_remembering_yes,
'AUTHORIZE_REMEMBERING_NO'=>$authorize_remembering_no
));
diff --git a/category.php b/category.php
index 2e897e591..c0728dcf1 100644
--- a/category.php
+++ b/category.php
@@ -239,6 +239,10 @@ if ( !$user['is_the_guest'] )
else
{
$template->assign_block_vars('login',array());
+ if ($conf['authorize_remembering'])
+ {
+ $template->assign_block_vars('login.remember_me',array());
+ }
}
// search link
diff --git a/identification.php b/identification.php
index 602af430c..336879fe4 100644
--- a/identification.php
+++ b/identification.php
@@ -42,29 +42,15 @@ SELECT id, password
$row = mysql_fetch_array(mysql_query($query));
if ($row['password'] == md5($_POST['password']))
{
- if ($conf['auth_method'] == 'cookie'
- or isset($_POST['remember_me']) and $_POST['remember_me'] == 1)
+ $session_length = $conf['session_length'];
+ if ($conf['authorize_remembering']
+ and isset($_POST['remember_me'])
+ and $_POST['remember_me'] == 1)
{
- if ($conf['auth_method'] == 'cookie')
- {
- $cookie_length = $conf['session_length'];
- }
- else if ($_POST['remember_me'] == 1)
- {
- $cookie_length = $conf['remember_me_length'];
- }
- session_create($row['id'],
- 'cookie',
- $cookie_length);
- redirect('category.php');
- }
- else if ($conf['auth_method'] == 'URI')
- {
- $session_id = session_create($row['id'],
- 'URI',
- $conf['session_length']);
- redirect('category.php?id='.$session_id);
+ $session_length = $conf['remember_me_length'];
}
+ $session_id = session_create($row['id'], $session_length);
+ redirect('category.php?id='.$session_id);
}
else
{
@@ -97,6 +83,11 @@ $template->assign_vars(
'F_LOGIN_ACTION' => add_session_id('identification.php')
));
+
+if ($conf['authorize_remembering'])
+{
+ $template->assign_block_vars('remember_me',array());
+}
//-------------------------------------------------------------- errors display
if ( sizeof( $errors ) != 0 )
{
diff --git a/include/config.inc.php b/include/config.inc.php
index a2a3b0d4c..07ec9e8a6 100644
--- a/include/config.inc.php
+++ b/include/config.inc.php
@@ -96,9 +96,11 @@ $conf['remember_me_length'] = 31536000;
// time of validity for normal session, in seconds.
$conf['session_length'] = 3600;
-// session id length when session id in URI
-$conf['session_id_size_URI'] = 4;
-
-// session id length when session id in cookie
-$conf['session_id_size_cookie'] = 50;
+// session id size. A session identifier is compound of alphanumeric
+// characters and is case sensitive. Each character is among 62
+// possibilities. The number of possible sessions is
+// 62^$conf['session_id_size'].
+// 62^5 = 916,132,832
+// 62^10 = 839,299,365,868,340,224
+$conf['session_id_size'] = 10;
?>
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index ce66e3a30..bb0fca11c 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -62,11 +62,10 @@ function generate_key($size)
* - return session identifier
*
* @param int userid
- * @param string method : cookie or URI
* @param int session_lentgh : in seconds
* @return string
*/
-function session_create($userid, $method, $session_length)
+function session_create($userid, $session_length)
{
global $conf;
@@ -74,7 +73,7 @@ function session_create($userid, $method, $session_length)
$id_found = false;
while (!$id_found)
{
- $generated_id = generate_key($conf['session_id_size_'.$method]);
+ $generated_id = generate_key($conf['session_id_size']);
$query = '
SELECT id
FROM '.SESSIONS_TABLE.'
@@ -97,10 +96,7 @@ INSERT INTO '.SESSIONS_TABLE.'
;';
mysql_query($query);
- if ($method == 'cookie')
- {
- setcookie('id', $generated_id, $session_length+time(), cookie_path());
- }
+ setcookie('id', $generated_id, $expiration, cookie_path());
return $generated_id;
}
diff --git a/include/user.inc.php b/include/user.inc.php
index 01a7243d1..a39441bb2 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -39,25 +39,15 @@ $query_user = 'SELECT * FROM '.USERS_TABLE;
$query_done = false;
$user['is_the_guest'] = false;
-// cookie deletion if administrator don't authorize them anymore
-if (!$conf['authorize_remembering'] and isset($_COOKIE['id']))
+if (isset($_COOKIE['id']))
{
- setcookie('id', '', 0, cookie_path());
- $url = 'category.php';
- redirect($url);
+ $session_id = $_COOKIE['id'];
+ $user['has_cookie'] = true;
}
-
-if (isset($_GET['id']))
+else if (isset($_GET['id']))
{
$session_id = $_GET['id'];
$user['has_cookie'] = false;
- $session_id_size = $conf['session_id_size_URI'];
-}
-elseif (isset($_COOKIE['id']))
-{
- $session_id = $_COOKIE['id'];
- $user['has_cookie'] = true;
- $session_id_size = $conf['session_id_size_cookie'];
}
else
{
@@ -65,7 +55,7 @@ else
}
if (isset($session_id)
- and ereg("^[0-9a-zA-Z]{".$session_id_size."}$", $session_id))
+ and ereg("^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id))
{
$page['session_id'] = $session_id;
$query = '
diff --git a/install/config.sql b/install/config.sql
index e6be0e8c9..52f810885 100644
--- a/install/config.sql
+++ b/install/config.sql
@@ -26,5 +26,4 @@ INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('use_iptc','false
INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('use_exif','true','Use EXIF data during database synchronization with files metadata');
INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('show_iptc','false','Show IPTC metadata on picture.php if asked by user');
INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('show_exif','true','Show EXIF metadata on picture.php if asked by user');
-INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('auth_method','URI','Default method used to authenticate users : URI or cookie');
INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('authorize_remembering','true','Authorize users to be remembered, see $conf{remember_me_length}');
diff --git a/language/en_UK.iso-8859-1/admin.lang.php b/language/en_UK.iso-8859-1/admin.lang.php
index 51b408d63..a9d96461c 100644
--- a/language/en_UK.iso-8859-1/admin.lang.php
+++ b/language/en_UK.iso-8859-1/admin.lang.php
@@ -174,10 +174,6 @@ $lang['conf_upload_maxheight_thumbnail_error'] = 'Maximum height authorized for
// Configuration -> session
$lang['conf_session_title'] = 'Sessions';
-$lang['conf_auth_method'] = 'Authentication method';
-$lang['conf_auth_method_info'] = 'The default authentication method can be URI (session identifier in the gallery links) or cookie (no session identifier in links but needs cookies to be authorized by web browser)';
-$lang['URI'] = 'URI';
-$lang['cookie'] = 'cookie';
$lang['conf_authorize_remembering'] = 'Authorize remembering';
$lang['conf_authorize_remembering_info'] = 'Permits user to log for a long time. It creates a cookie on client side, with duration set in include/config.inc.php (1 year per default)';
diff --git a/template/default/admin/configuration.tpl b/template/default/admin/configuration.tpl
index a6d00aea7..26605c14b 100644
--- a/template/default/admin/configuration.tpl
+++ b/template/default/admin/configuration.tpl
@@ -149,11 +149,6 @@
<td colspan="2">&nbsp;</td>
</tr>
<tr>
- <td width="70%"><strong>{session.L_CONF_AUTH_METHOD}&nbsp;:</strong><br /><span class="small">{session.L_CONF_AUTH_METHOD_INFO}</span></td>
- <td class="row1"><input type="radio" class="radio" name="auth_method" value="URI" {session.AUTH_METHOD_URI} />{L_URI}&nbsp;&nbsp;
- <input type="radio" class="radio" name="auth_method" value="cookie" {session.AUTH_METHOD_COOKIE} />{L_COOKIE}</td>
- </tr>
- <tr>
<td width="70%"><strong>{session.L_CONF_AUTHORIZE_REMEMBERING}&nbsp;:</strong><br /><span class="small">{session.L_CONF_AUTHORIZE_REMEMBERING_INFO}</span></td>
<td class="row1"><input type="radio" class="radio" name="authorize_remembering" value="true" {session.AUTHORIZE_REMEMBERING_YES} />{L_YES}&nbsp;&nbsp;
<input type="radio" class="radio" name="authorize_remembering" value="false" {session.AUTHORIZE_REMEMBERING_NO} />{L_NO}</td>
diff --git a/template/default/category.tpl b/template/default/category.tpl
index a6effeefd..9f554ad83 100644
--- a/template/default/category.tpl
+++ b/template/default/category.tpl
@@ -40,7 +40,9 @@
<input type="text" name="username" size="15" value="" /><br />
{L_PASSWORD}<br />
<input type="password" name="password" size="15"><br />
+ <!-- BEGIN remember_me -->
<input type="checkbox" name="remember_me" value="1" /> {L_REMEMBER_ME}<br />
+ <!-- END remember_me -->
<input type="submit" name="login" value="{L_SUBMIT}" class="bouton" />
</form>
<!-- END login -->
diff --git a/template/default/identification.tpl b/template/default/identification.tpl
index 412c28ece..d180676fc 100644
--- a/template/default/identification.tpl
+++ b/template/default/identification.tpl
@@ -30,12 +30,14 @@
<input class="login" type="password" name="password" size="25" maxlength="25" />
</td>
</tr>
+ <!-- BEGIN remember_me -->
<tr>
<td align="right"><span class="gentbl">{L_REMEMBER_ME}:</span></td>
<td>
<input type="checkbox" name="remember_me" value="1" />
</td>
</tr>
+ <!-- END remember_me -->
<tr align="center">
<td colspan="2"><input type="submit" name="login" value="{L_LOGIN}" class="bouton" /></td>
</tr>