aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrvelices <rv-github@modusoptimus.com>2006-10-20 02:17:53 +0000
committerrvelices <rv-github@modusoptimus.com>2006-10-20 02:17:53 +0000
commiteaacbc7b2d224524eac6def04e9b721949afd4b8 (patch)
tree76fd94a28037ffc5ff5bafa037e411c0306ea4f0
parentdbadd4defb870c09664ea4178951d72f5d2ada3b (diff)
- put back config['session_length'] disappeared in r1493 but has always been
used in the code (generates mysql errors on session garbage collector) - fix auto_login (die mysql when session timed out, but user has remember) - when a user reconnects from identification.php, the remember cookie was not deleted - fix all redirect warnings/errors (many changes - mainly in common.inc.php and user.inc.php) - reduced $conf['remember_me_length'] to 60 days, because now at each auto login the 60 days countdown restarts git-svn-id: http://piwigo.org/svn/trunk@1568 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--identification.php5
-rw-r--r--include/common.inc.php107
-rw-r--r--include/config_default.inc.php5
-rw-r--r--include/functions.inc.php34
-rw-r--r--include/functions_user.inc.php91
-rw-r--r--include/template.php29
-rw-r--r--include/user.inc.php75
7 files changed, 183 insertions, 163 deletions
diff --git a/identification.php b/identification.php
index d37434682..a1a60ec08 100644
--- a/identification.php
+++ b/identification.php
@@ -72,10 +72,7 @@ SELECT '.$conf['user_fields']['id'].' AS id,
array_push( $errors, $lang['invalid_pwd'] );
}
}
-elseif (!empty($_COOKIE[$conf['remember_me_name']]))
-{
- auto_login();
-}
+
//----------------------------------------------------- template initialization
//
// Start output of page
diff --git a/include/common.inc.php b/include/common.inc.php
index d7b557679..d0376afe8 100644
--- a/include/common.inc.php
+++ b/include/common.inc.php
@@ -132,28 +132,6 @@ or die ( "Could not connect to database server" );
mysql_select_db( $cfgBase )
or die ( "Could not connect to database" );
-if ($conf['check_upgrade_feed']
- and defined('PHPWG_IN_UPGRADE')
- and PHPWG_IN_UPGRADE)
-{
- // retrieve already applied upgrades
- $query = '
-SELECT id
- FROM '.UPGRADE_TABLE.'
-;';
- $applied = array_from_query($query, 'id');
-
- // retrieve existing upgrades
- $existing = get_available_upgrade_ids();
-
- // which upgrades need to be applied?
- if (count(array_diff($existing, $applied)) > 0)
- {
- $header_msgs[] = 'Some database upgrades are missing, '
- .'<a href="'.PHPWG_ROOT_PATH.'upgrade_feed.php">upgrade now</a>';
- }
-}
-
//
// Setup gallery wide options, if this fails then we output a CRITICAL_ERROR
// since basic gallery information is not available
@@ -162,67 +140,82 @@ load_conf_from_db();
include(PHPWG_ROOT_PATH.'include/user.inc.php');
+
// language files
include_once(get_language_filepath('common.lang.php'));
-
if (defined('IN_ADMIN') and IN_ADMIN)
{
include_once(get_language_filepath('admin.lang.php'));
}
+// only now we can set the localized username of the guest user (and not in
+// include/user.inc.php)
+if ($user['is_the_guest'])
+{
+ $user['username'] = $lang['guest'];
+}
+
+// template instance
+$template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template'], $user['theme'] );
+
if ($conf['gallery_locked'])
{
- $header_msgs[] = $lang['gallery_locked_message']
- . '<a href="'.PHPWG_ROOT_PATH.'identification.php">.</a>';
+ $header_msgs[] = $lang['gallery_locked_message'];
- if ( basename($_SERVER["PHP_SELF"]) != 'identification.php'
+ if ( basename($_SERVER["SCRIPT_FILENAME"]) != 'identification.php'
and !is_admin() )
{
- echo( $lang['gallery_locked_message'] );
+ //next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG
+ $page['root_path'] = cookie_path();
+ echo $lang['gallery_locked_message']
+ .'<a href="'.get_root_url().'identification.php">.</a>';
exit();
}
}
-// only now we can set the localized username of the guest user (and not in
-// include/user.inc.php)
-if ($user['is_the_guest'])
+if ($user['is_the_guest'] and !$conf['guest_access']
+ and !in_array( basename($_SERVER['SCRIPT_FILENAME']),
+ array('identification.php',
+ 'password.php',
+ 'register.php'
+ )
+ )
+ )
{
- $user['username'] = $lang['guest'];
+ //next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG
+ $page['root_path'] = cookie_path();
+ redirect (get_root_url().'identification.php');
}
-// include template/theme configuration
-if (defined('IN_ADMIN') and IN_ADMIN)
-{
- list($user['template'], $user['theme']) =
- explode
- (
- '/',
- isset($conf['default_admin_layout']) ? $conf['default_admin_layout']
- : $user['template']
- );
-// TODO : replace $conf['admin_layout'] by $user['admin_layout']
-}
-else
+if ($conf['check_upgrade_feed']
+ and defined('PHPWG_IN_UPGRADE')
+ and PHPWG_IN_UPGRADE)
{
- list($user['template'], $user['theme']) = explode('/', $user['template']);
-}
-// TODO : replace initial $user['template'] by $user['layout']
+ // retrieve already applied upgrades
+ $query = '
+SELECT id
+ FROM '.UPGRADE_TABLE.'
+;';
+ $applied = array_from_query($query, 'id');
-include(
- PHPWG_ROOT_PATH
- .'template/'.$user['template']
- .'/theme/'.$user['theme']
- .'/themeconf.inc.php'
- );
+ // retrieve existing upgrades
+ $existing = get_available_upgrade_ids();
+
+ // which upgrades need to be applied?
+ if (count(array_diff($existing, $applied)) > 0)
+ {
+ //next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG
+ $page['root_path'] = cookie_path();
+ $header_msgs[] = 'Some database upgrades are missing, '
+ .'<a href="'.get_root_url().'upgrade_feed.php">upgrade now</a>';
+ }
+}
if (is_adviser())
{
$header_msgs[] = $lang['adviser_mode_enabled'];
}
-// template instance
-$template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template']);
-
if (count($header_msgs) > 0)
{
$template->assign_block_vars('header_msgs',array());
@@ -232,4 +225,4 @@ if (count($header_msgs) > 0)
array('HEADER_MSG'=>$header_msg));
}
}
-?>
+?> \ No newline at end of file
diff --git a/include/config_default.inc.php b/include/config_default.inc.php
index fb752fae8..c4426d711 100644
--- a/include/config_default.inc.php
+++ b/include/config_default.inc.php
@@ -323,7 +323,10 @@ $conf['remember_me_name'] = 'pwg_remember';
// remember_me_length : time of validity for "remember me" cookies, in
// seconds.
-$conf['remember_me_length'] = 31536000;
+$conf['remember_me_length'] = 5184000;
+
+// session_length : time of validity for normal session, in seconds.
+$conf['session_length'] = 3600;
// +-----------------------------------------------------------------------+
// | debug |
diff --git a/include/functions.inc.php b/include/functions.inc.php
index d23c55fa8..2e7a47b4b 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -584,8 +584,16 @@ function redirect( $url , $msg = '', $refresh_time = 0)
{
global $user, $template, $lang_info, $conf, $lang, $t2, $page, $debug;
- if (!isset($lang_info)) {
+ if (!isset($lang_info))
+ {
+ $user = build_user( $conf['guest_id'], true);
include_once(get_language_filepath('common.lang.php'));
+ list($tmpl, $thm) = explode('/', $conf['default_template']);
+ $template = new Template(PHPWG_ROOT_PATH.'template/'.$tmpl, $thm);
+ }
+ else
+ {
+ $template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template'], $user['theme']);
}
if (empty($msg))
@@ -602,26 +610,6 @@ function redirect( $url , $msg = '', $refresh_time = 0)
$url_link = $url;
$title = 'redirection';
- unset($template);
- if ( isset($user['template']) )
- {
- $template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template']);
- }
- else
- {
- list($tmpl, $thm) = explode('/', $conf['default_template']);
- global $themeconf;
- include(
- PHPWG_ROOT_PATH
- .'template/'.$tmpl
- .'/theme/'.$thm
- .'/themeconf.inc.php'
- );
- $template = new Template(PHPWG_ROOT_PATH.'template/'.$tmpl);
- $user['is_the_guest']=true;
- $user['id']=$conf['guest_id'];
- }
-
$template->set_filenames( array( 'redirect' => 'redirect.tpl' ) );
include( PHPWG_ROOT_PATH.'include/page_header.php' );
@@ -921,9 +909,9 @@ function str_translate_to_ascii7bits($str)
*/
function get_themeconf($key)
{
- global $themeconf;
+ global $template;
- return isset($themeconf[$key]) ? $themeconf[$key] : '';
+ return $template->get_themeconf($key);
}
/**
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 978739ca5..dac173f3e 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -104,6 +104,52 @@ function setup_style($style)
return new Template(PHPWG_ROOT_PATH.'template/'.$style);
}
+function build_user( $user_id, $use_cache )
+{
+ global $conf;
+ $user['id'] = $user_id;
+ $user = array_merge( $user, getuserdata($user_id, $use_cache) );
+ if ( $user['id'] == $conf['guest_id'])
+ {
+ $user['is_the_guest']=true;
+ $user['template'] = $conf['default_template'];
+ $user['nb_image_line'] = $conf['nb_image_line'];
+ $user['nb_line_page'] = $conf['nb_line_page'];
+ $user['language'] = $conf['default_language'];
+ $user['maxwidth'] = $conf['default_maxwidth'];
+ $user['maxheight'] = $conf['default_maxheight'];
+ $user['recent_period'] = $conf['recent_period'];
+ $user['expand'] = $conf['auto_expand'];
+ $user['show_nb_comments'] = $conf['show_nb_comments'];
+ $user['enabled_high'] = $conf['newuser_default_enabled_high'];
+ }
+ else
+ {
+ $user['is_the_guest']=false;
+ }
+ // calculation of the number of picture to display per page
+ $user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page'];
+
+ // include template/theme configuration
+ if (defined('IN_ADMIN') and IN_ADMIN)
+ {
+ list($user['template'], $user['theme']) =
+ explode
+ (
+ '/',
+ isset($conf['default_admin_layout']) ? $conf['default_admin_layout']
+ : $user['template']
+ );
+ // TODO : replace $conf['admin_layout'] by $user['admin_layout']
+ }
+ else
+ {
+ list($user['template'], $user['theme']) = explode('/', $user['template']);
+ }
+
+ return $user;
+}
+
/**
* find informations related to the user identifier
*
@@ -580,40 +626,53 @@ UPDATE '.USERS_TABLE.'
cookie_path()
);
}
- session_start();
+ else
+ { // make sure we clean any remember me ...
+ setcookie($conf['remember_me_name'], '', 0, cookie_path());
+ }
+ if ( session_id()!="" )
+ { // this can happpen when the session is expired and auto_login
+ session_regenerate_id();
+ }
+ else
+ {
+ session_start();
+ }
$_SESSION['pwg_uid'] = $user_id;
$user['id'] = $_SESSION['pwg_uid'];
- $user['is_the_guest'] = false;
}
/*
* Performs auto-connexion when cookie remember_me exists
- * @return void
+ * @return true/false
*/
function auto_login() {
global $conf;
- // must remove slash added in include/common.inc.php
- $cookie = unserialize(stripslashes($_COOKIE[$conf['remember_me_name']]));
+ if ( isset( $_COOKIE[$conf['remember_me_name']] ) )
+ {
+ // must remove slash added in include/common.inc.php
+ $cookie = unserialize(stripslashes($_COOKIE[$conf['remember_me_name']]));
- $query = '
+ $query = '
SELECT auto_login_key
FROM '.USERS_TABLE.'
WHERE '.$conf['user_fields']['id'].' = '.$cookie['id'].'
;';
- $auto_login_key = current(mysql_fetch_assoc(pwg_query($query)));
- if ($auto_login_key == $cookie['key'])
- {
- log_user($cookie['id'], false);
- redirect(make_index_url());
- }
- else
- {
- setcookie($conf['remember_me_name'], '', 0, cookie_path());
- redirect(make_index_url());
+ $auto_login_key = current(mysql_fetch_assoc(pwg_query($query)));
+ if ($auto_login_key == $cookie['key'])
+ {
+ log_user($cookie['id'], true);
+ return true;
+ }
+ else
+ {
+ setcookie($conf['remember_me_name'], '', 0, cookie_path());
+ }
}
+ return false;
}
/*
diff --git a/include/template.php b/include/template.php
index d93700b7a..df9c9a013 100644
--- a/include/template.php
+++ b/include/template.php
@@ -59,13 +59,22 @@ class Template {
// output
var $output = '';
+ var $themeconf = array();
+
/**
* Constructor. Simply sets the root dir.
*
*/
- function Template($root = ".")
+ function Template($root = ".", $theme= "")
{
- $this->set_rootdir($root);
+ if ( $this->set_rootdir($root) )
+ {
+ if ( !empty( $theme ) )
+ {
+ include($root.'/theme/'.$theme.'/themeconf.inc.php');
+ $this->themeconf = $themeconf;
+ }
+ }
}
/**
@@ -311,14 +320,14 @@ class Template {
{
die("Template->loadfile(): File $filename for handle $handle is empty");
}
-
+
$this->uncompiled_code[$handle] = $str;
-
+
return true;
}
-
-
-
+
+
+
/**
* Compiles the given string of code, and returns the result in a string.
*
@@ -331,7 +340,7 @@ class Template {
// PWG specific : communication between template and $lang
$code = preg_replace('/\{lang:([^}]+)\}/e', "l10n('$1')", $code);
// PWG specific : expand themeconf.inc.php variables
- $code = preg_replace('/\{themeconf:([^}]+)\}/e', "get_themeconf('$1')", $code);
+ $code = preg_replace('/\{themeconf:([^}]+)\}/e', '$this->get_themeconf(\'$1\')', $code);
$code = preg_replace('/\{pwg_root\}/e', "get_root_url()", $code);
// replace \ with \\ and then ' with \'.
@@ -525,6 +534,10 @@ class Template {
return $varref;
}
+ function get_themeconf($key)
+ {
+ return isset($this->themeconf[$key]) ? $this->themeconf[$key] : '';
+ }
}
?>
diff --git a/include/user.inc.php b/include/user.inc.php
index b6b6d1bcb..f5c77b2f8 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -25,53 +25,44 @@
// | USA. |
// +-----------------------------------------------------------------------+
+// by default we start with guest
+$user['id'] = $conf['guest_id'];
+
if (isset($_COOKIE[session_name()]))
{
session_start();
if (isset($_GET['act']) and $_GET['act'] == 'logout')
- {
- // logout
+ { // logout
$_SESSION = array();
session_unset();
session_destroy();
setcookie(session_name(),'',0,
- ini_get('session.cookie_path'),
- ini_get('session.cookie_domain')
- );
+ ini_get('session.cookie_path'),
+ ini_get('session.cookie_domain')
+ );
setcookie($conf['remember_me_name'], '', 0, cookie_path());
redirect(make_index_url());
- }
- elseif (empty($_SESSION['pwg_uid']))
- {
- // timeout
+ }
+ elseif (empty($_SESSION['pwg_uid']))
+ { // timeout
setcookie(session_name(),'',0,
- ini_get('session.cookie_path'),
- ini_get('session.cookie_domain')
- );
+ ini_get('session.cookie_path'),
+ ini_get('session.cookie_domain')
+ );
}
else
{
$user['id'] = $_SESSION['pwg_uid'];
- $user['is_the_guest'] = false;
}
}
-elseif (!empty($_COOKIE[$conf['remember_me_name']]))
+
+
+// Now check the auto-login
+if ( $user['id']==$conf['guest_id'] )
{
auto_login();
-}
-else
-{
- $user['id'] = $conf['guest_id'];
- $user['is_the_guest'] = true;
}
-if ($user['is_the_guest'] and !$conf['guest_access']
- and (basename($_SERVER['PHP_SELF'])!='identification.php')
- and (basename($_SERVER['PHP_SELF'])!='password.php')
- and (basename($_SERVER['PHP_SELF'])!='register.php'))
-{
- redirect (get_root_url().'identification.php');
-}
// using Apache authentication override the above user search
if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER']))
@@ -81,33 +72,9 @@ if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER']))
register_user($_SERVER['REMOTE_USER'], '', '');
$user['id'] = get_userid($_SERVER['REMOTE_USER']);
}
-
- $user['is_the_guest'] = false;
-}
-
-$user = array_merge(
- $user,
- getuserdata(
- $user['id'],
- ( defined('IN_ADMIN') and IN_ADMIN ) ? false : true // use cache ?
- )
- );
-
-// properties of user guest are found in the configuration
-if ($user['is_the_guest'])
-{
- $user['template'] = $conf['default_template'];
- $user['nb_image_line'] = $conf['nb_image_line'];
- $user['nb_line_page'] = $conf['nb_line_page'];
- $user['language'] = $conf['default_language'];
- $user['maxwidth'] = $conf['default_maxwidth'];
- $user['maxheight'] = $conf['default_maxheight'];
- $user['recent_period'] = $conf['recent_period'];
- $user['expand'] = $conf['auto_expand'];
- $user['show_nb_comments'] = $conf['show_nb_comments'];
- $user['enabled_high'] = $conf['newuser_default_enabled_high'];
}
+$user = build_user( $user['id'],
+ ( defined('IN_ADMIN') and IN_ADMIN ) ? false : true // use cache ?
+ );
-// calculation of the number of picture to display per page
-$user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page'];
-?>
+?> \ No newline at end of file