diff options
author | rvelices <rv-github@modusoptimus.com> | 2008-07-01 02:09:21 +0000 |
---|---|---|
committer | rvelices <rv-github@modusoptimus.com> | 2008-07-01 02:09:21 +0000 |
commit | d91d0ac444a08c664d05c00a8593fc88fbb0c605 (patch) | |
tree | 7f560292f25e68b67604def548d2db595228bb94 | |
parent | 1d3706a42171b409e9d455194ee96d3fc87479a4 (diff) |
- remember me cookie security improvement (the time when the cookie was generated is saved and checked in range [now-remember_me_length; now]
- tags improvements
* pass to templates all fields in table #tags (handy for plugins such as type tags)
* fix issue with tag letter when first letter is accentuated (utf-8)
* tags are sorted on url_name instead of name (accentuated first letter chars are the same as without accent)
* better use of columns in by letter display mode
git-svn-id: http://piwigo.org/svn/trunk@2409 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r-- | admin/element_set_global.php | 1 | ||||
-rw-r--r-- | include/functions_html.inc.php | 7 | ||||
-rw-r--r-- | include/functions_tag.inc.php | 16 | ||||
-rw-r--r-- | include/functions_user.inc.php | 54 | ||||
-rw-r--r-- | include/menubar.inc.php | 36 | ||||
-rw-r--r-- | include/ws_functions.inc.php | 2 | ||||
-rw-r--r-- | search.php | 2 | ||||
-rw-r--r-- | tags.php | 60 | ||||
-rw-r--r-- | template/yoga/menubar.css | 126 | ||||
-rw-r--r-- | template/yoga/menubar.tpl | 12 | ||||
-rw-r--r-- | template/yoga/tags.tpl | 8 |
11 files changed, 149 insertions, 175 deletions
diff --git a/admin/element_set_global.php b/admin/element_set_global.php index e4725a059..20daf4dff 100644 --- a/admin/element_set_global.php +++ b/admin/element_set_global.php @@ -275,7 +275,6 @@ if (count($page['cat_elements_id']) > 0) { // remove tags $tags = get_common_tags($page['cat_elements_id'], -1); - usort($tags, 'name_compare'); $template->assign( array( diff --git a/include/functions_html.inc.php b/include/functions_html.inc.php index b51f6f9df..6f9e1fc5a 100644 --- a/include/functions_html.inc.php +++ b/include/functions_html.inc.php @@ -550,6 +550,11 @@ function name_compare($a, $b) return strcmp(strtolower($a['name']), strtolower($b['name'])); } +function tag_alpha_compare($a, $b) +{ + return strcmp(strtolower($a['url_name']), strtolower($b['url_name'])); +} + /** * exits the current script (either exit or redirect) */ @@ -732,7 +737,7 @@ function render_category_literal_description($desc) return strip_tags($desc, '<span><p><a><br><b><i><small><big><strong><em>'); } -/** returns the argument_ids array with new sequenced keys based on related +/** returns the argument_ids array with new sequenced keys based on related * names. Sequence is not case sensitive. * Warning: By definition, this function breaks original keys */ diff --git a/include/functions_tag.inc.php b/include/functions_tag.inc.php index 7bd5d8408..7645f6d82 100644 --- a/include/functions_tag.inc.php +++ b/include/functions_tag.inc.php @@ -59,7 +59,7 @@ SELECT tag_id, COUNT(DISTINCT(it.image_id)) counter } $query = ' -SELECT id, name, url_name +SELECT * FROM '.TAGS_TABLE; $result = pwg_query($query); $tags = array(); @@ -83,9 +83,7 @@ SELECT id, name, url_name function get_all_tags() { $query = ' -SELECT id, - name, - url_name +SELECT * FROM '.TAGS_TABLE.' ;'; $result = pwg_query($query); @@ -95,7 +93,7 @@ SELECT id, array_push($tags, $row); } - usort($tags, 'name_compare'); + usort($tags, 'tag_alpha_compare'); return $tags; } @@ -227,9 +225,9 @@ function get_common_tags($items, $max_tags, $excluded_tag_ids=null) return array(); } $query = ' -SELECT id, name, url_name, count(*) counter +SELECT t.*, count(*) counter FROM '.IMAGE_TAG_TABLE.' - INNER JOIN '.TAGS_TABLE.' ON tag_id = id + INNER JOIN '.TAGS_TABLE.' t ON tag_id = id WHERE image_id IN ('.implode(',', $items).')'; if (!empty($excluded_tag_ids)) { @@ -256,7 +254,7 @@ SELECT id, name, url_name, count(*) counter { array_push($tags, $row); } - usort($tags, 'name_compare'); + usort($tags, 'tag_alpha_compare'); return $tags; } @@ -307,7 +305,7 @@ function find_tags($ids, $url_names=array(), $names=array() ) } $query = ' -SELECT id, url_name, name +SELECT * FROM '.TAGS_TABLE.' WHERE '. implode( ' OR ', $where_clauses); diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 58b35e541..abbff998c 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -838,32 +838,7 @@ function get_default_template() */ function get_default_language() { - global $conf; - if (isset($conf['browser_language']) and $conf['browser_language']) - { - return get_browser_language(); - } - else - { - return get_default_user_value('language', PHPWG_DEFAULT_LANGUAGE); - } -} - -/* - * Returns the browser language value - * - */ -function get_browser_language() -{ - $browser_language = substr($_SERVER["HTTP_ACCEPT_LANGUAGE"], 0, 2); - foreach (get_languages() as $language_code => $language_name) - { - if (substr($language_code, 0, 2) == $browser_language) - { - return $language_code; - } - } - return PHPWG_DEFAULT_LANGUAGE; + return get_default_user_value('language', PHPWG_DEFAULT_LANGUAGE); } /** @@ -923,7 +898,6 @@ function create_user_infos($arg_id, $override_values = null) { $status = 'normal'; } - $default_user['language'] = get_default_language(); $insert = array_merge( $default_user, @@ -974,9 +948,10 @@ SELECT name /** * returns the auto login key or false on error * @param int user_id + * @param time_t time * @param string [out] username */ -function calculate_auto_login_key($user_id, &$username) +function calculate_auto_login_key($user_id, $time, &$username) { global $conf; $query = ' @@ -989,7 +964,7 @@ WHERE '.$conf['user_fields']['id'].' = '.$user_id; { $row = mysql_fetch_assoc($result); $username = $row['username']; - $data = $row['username'].$row['password']; + $data = $time.$row['username'].$row['password']; $key = base64_encode( pack('H*', sha1($data)) .hash_hmac('md5', $data, $conf['secret_key'],true) @@ -1011,12 +986,13 @@ function log_user($user_id, $remember_me) if ($remember_me and $conf['authorize_remembering']) { - $key = calculate_auto_login_key($user_id, $username); + $now = time(); + $key = calculate_auto_login_key($user_id, $now, $username); if ($key!==false) { - $cookie = array('id' => (int)$user_id, 'key' => $key); + $cookie = $user_id.'-'.$now.'-'.$key; setcookie($conf['remember_me_name'], - serialize($cookie), + $cookie, time()+$conf['remember_me_length'], cookie_path() ); @@ -1049,13 +1025,17 @@ function auto_login() { if ( isset( $_COOKIE[$conf['remember_me_name']] ) ) { - $cookie = unserialize(stripslashes($_COOKIE[$conf['remember_me_name']])); - if ($cookie!==false and is_numeric(@$cookie['id']) ) + $cookie = explode('-', stripslashes($_COOKIE[$conf['remember_me_name']])); + if ( count($cookie)===3 + and is_numeric(@$cookie[0]) /*user id*/ + and is_numeric(@$cookie[1]) /*time*/ + and time()-$conf['remember_me_length']<=@$cookie[1] + and time()>=@$cookie[1] /*cookie generated in the past*/ ) { - $key = calculate_auto_login_key( $cookie['id'], $username ); - if ($key!==false and $key===$cookie['key']) + $key = calculate_auto_login_key( $cookie[0], $cookie[1], $username ); + if ($key!==false and $key===$cookie[2]) { - log_user($cookie['id'], true); + log_user($cookie[0], true); trigger_action('login_success', $username); return true; } diff --git a/include/menubar.inc.php b/include/menubar.inc.php index 03e941226..0ff64827e 100644 --- a/include/menubar.inc.php +++ b/include/menubar.inc.php @@ -111,29 +111,23 @@ if ('tags' == @$page['section']) { $template->append( 'related_tags', - array( - 'U_TAG' => make_index_url( - array( - 'tags' => array($tag) - ) - ), - - 'NAME' => $tag['name'], - - 'CLASS' => 'tagLevel'.$tag['level'], - - 'add' => array( + array_merge( $tag, + array( + 'URL' => make_index_url( + array( + 'tags' => array($tag) + ) + ), - 'URL' => make_index_url( - array( - 'tags' => array_merge( - $page['tags'], - array($tag) + 'U_ADD' => make_index_url( + array( + 'tags' => array_merge( + $page['tags'], + array($tag) + ) ) - ) - ), - 'COUNTER' => $tag['counter'], - ) + ), + ) ) ); } diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php index 2488fd0bf..dc10719b6 100644 --- a/include/ws_functions.inc.php +++ b/include/ws_functions.inc.php @@ -889,7 +889,7 @@ function ws_tags_getList($params, &$service) } else { - usort($tags, 'name_compare'); + usort($tags, 'tag_alpha_compare'); } for ($i=0; $i<count($tags); $i++) { diff --git a/search.php b/search.php index fe161f476..ff10710fc 100644 --- a/search.php +++ b/search.php @@ -186,7 +186,7 @@ $available_tags = get_available_tags(); if (count($available_tags) > 0) { - usort( $available_tags, 'name_compare'); + usort( $available_tags, 'tag_alpha_compare'); $template->assign( 'TAG_SELECTION', @@ -84,12 +84,12 @@ $tags = get_available_tags(); if ($page['display_mode'] == 'letters') { // we want tags diplayed in alphabetic order - usort($tags, 'name_compare'); + usort($tags, 'tag_alpha_compare'); $current_letter = null; - $is_first_tag = true; $nb_tags = count($tags); - $current_column_tags = 0; + $current_column = 1; + $current_tag_idx = 0; $letter = array( 'tags' => array() @@ -97,21 +97,21 @@ if ($page['display_mode'] == 'letters') { foreach ($tags as $tag) { - $tag_letter = strtoupper(substr($tag['name'], 0, 1)); + $tag_letter = strtoupper(substr($tag['url_name'], 0, 1)); - if ($is_first_tag) { + if ($current_tag_idx==0) { $current_letter = $tag_letter; $letter['TITLE'] = $tag_letter; - $is_first_tag = false; } //lettre precedente differente de la lettre suivante if ($tag_letter !== $current_letter) { - if ($current_column_tags > $nb_tags/$conf['tag_letters_column_number']) + if ($current_column<$conf['tag_letters_column_number'] + and $current_tag_idx > $current_column*$nb_tags/$conf['tag_letters_column_number'] ) { $letter['CHANGE_COLUMN'] = true; - $current_column_tags = 0; + $current_column++; } $letter['TITLE'] = $current_letter; @@ -120,7 +120,7 @@ if ($page['display_mode'] == 'letters') { 'letters', $letter ); - + $current_letter = $tag_letter; $letter = array( 'tags' => array() @@ -129,18 +129,19 @@ if ($page['display_mode'] == 'letters') { array_push( $letter['tags'], - array( - 'URL' => make_index_url( - array( - 'tags' => array($tag), - ) - ), - 'NAME' => $tag['name'], - 'COUNTER' => $tag['counter'], + array_merge( + $tag, + array( + 'URL' => make_index_url( + array( + 'tags' => array($tag), + ) + ), + ) ) ); - - $current_column_tags++; + + $current_tag_idx++; } // flush last letter @@ -168,23 +169,22 @@ $tags = array_slice($tags, 0, $conf['full_tag_cloud_items_number']); $tags = add_level_to_tags($tags); // we want tags diplayed in alphabetic order -usort($tags, 'name_compare'); +usort($tags, 'tag_alpha_compare'); // display sorted tags foreach ($tags as $tag) { $template->append( 'tags', - array( - 'URL' => make_index_url( - array( - 'tags' => array($tag), - ) - ), - - 'NAME' => $tag['name'], - 'TITLE' => $tag['counter'], - 'CLASS' => 'tagLevel'.$tag['level'], + array_merge( + $tag, + array( + 'URL' => make_index_url( + array( + 'tags' => array($tag), + ) + ), + ) ) ); } diff --git a/template/yoga/menubar.css b/template/yoga/menubar.css index e676d5784..c777213c3 100644 --- a/template/yoga/menubar.css +++ b/template/yoga/menubar.css @@ -1,34 +1,32 @@ #menubar { - float: left; - margin: 0 0 10px 1em; - padding: 0; - /* Fix against the "double margin of a floated item" IE bug */ - /* Damned: that screws up top_navbar in opera 7.54/Linux! */ - display: inline; - text-align: left; /* follow-up of the "be nice to IE5" rule */ + float: left; + margin: 0 0 10px 1em; + padding: 0; + display: inline; + text-align: left; /* follow-up of the "be nice to IE5" rule */ } #menubar DL, #menubar DT, #menubar DD { - margin: 0; padding: 0; display: block; + margin: 0; padding: 0; display: block; } #menubar .button { - margin: 0 2px; - width: auto; - padding: 0; - text-indent: 0; - list-style: none; - text-align: center; - float: right; + margin: 0 2px; + width: auto; + padding: 0; + text-indent: 0; + list-style: none; + text-align: center; + float: right; } /* H2 properties copied here */ #menubar DT { - font-weight: bold; /* default for h2 */ - margin: 0; - padding: 5px 5px 5px 5px; - font-size: 120%; - text-align: center; + font-weight: bold; + margin: 0; + padding: 5px 5px 5px 5px; + font-size: 120%; + text-align: center; } #menubar UL, @@ -36,26 +34,26 @@ #menubar FORM, #menubar P, /* ooh, careful... */ #menubar .totalImages { - font-size: 92%; - margin: 10px 0 10px 10px; + font-size: 92%; + margin: 10px 0 10px 10px; } #menubar UL { - list-style-type: square; - list-style-position: inside; - padding: 0 0 0 2px; + list-style-type: square; + list-style-position: inside; + padding: 0 0 0 2px; } #menubar UL UL { - font-size: 100%; - margin-top: 0; - margin-bottom: 0; + font-size: 100%; + margin-top: 0; + margin-bottom: 0; } #menubar LI.selected A { - font-weight: bold; + font-weight: bold; } #menubar LI.selected LI A { - font-weight: normal; + font-weight: normal; } #menubar .menuInfoCatByChild { @@ -64,86 +62,86 @@ } #menubar HR { - display: block; - margin: 10px auto; - width: 90%; + display: block; + margin: 10px auto; + width: 90%; } #menubar INPUT { - text-indent: 2px; + text-indent: 2px; } /* quickconnect form */ FORM#quickconnect { - margin: 0; - padding: 5px; + margin: 0; + padding: 5px; } FORM#quickconnect FIELDSET { - margin: 0; - padding: 0 0 0.5em 0; + margin: 0; + padding: 0 0 0.5em 0; } FORM#quickconnect P { - margin-left: 0; - font-size: 100%; - float: left; - clear: left; + margin-left: 0; + font-size: 100%; + float: left; + clear: left; } FORM#quickconnect P INPUT { - margin: 0; + margin: 0; } FORM#quickconnect UL.actions { - display: inline; - float: right; - padding: 0; - text-align: right; /* Opera 7.5 */ + display: inline; + float: right; + padding: 0; + text-align: right; /* Opera 7.5 */ } FORM#quickconnect FIELDSET>UL.actions { - width: 40%; /* Opera 7.5 cannot find why width:auto fails :-( */ + width: 40%; /* Opera 7.5 cannot find why width:auto fails :-( */ } FORM#quickconnect UL.actions, FORM#quickconnect P, FORM#quickconnect LABEL { - padding: 0 0.5em 0 0.5em; + padding: 0 0.5em 0 0.5em; } FORM#quickconnect LABEL { - margin:0; - width: 100%; - box-sizing: border-box; /* CSS3 */ + margin:0; + width: 100%; + box-sizing: border-box; /* CSS3 */ } FORM#quickconnect INPUT[type=text], FORM#quickconnect INPUT[type=password] { - width: 100%; /* mozilla can handle 100% */ + width: 100%; /* mozilla can handle 100% */ } -/* same as above for IE with inputfix.htc */ -/* unfortunately IE doesn't handle that correctly */ -/* so you should set a width in em in local_layout.css */ +/* same as above for IE with inputfix.htc +unfortunately IE doesn't handle that correctly + so you should set a width in em in local_layout.css */ /*FORM#quickconnect INPUT.text, FORM#quickconnect INPUT.password { width: 95%; }*/ FORM#quicksearch { - margin-top: 4px; - margin-bottom: 1px; + margin-top: 4px; + margin-bottom: 1px; } -input#qsearchInput { - width: 90%; +INPUT#qsearchInput { + width: 90%; } #menubar #mbMenu p { margin: 0px; padding: 0px; } #menubar #menuTagCloud { - text-align: center; - margin: 5px 0; + text-align: center; + margin: 5px 0; } #menubar #menuTagCloud LI { - display: inline; - white-space: nowrap; /* No line break in the LI but Opera set nowrap to */ + display: inline; + white-space: nowrap; /* No line break in the LI but Opera set nowrap to */ } diff --git a/template/yoga/menubar.tpl b/template/yoga/menubar.tpl index fda136c29..eb260eeea 100644 --- a/template/yoga/menubar.tpl +++ b/template/yoga/menubar.tpl @@ -21,10 +21,10 @@ {/if}{*links*} {if isset($U_START_FILTER)} - <a href="{$U_START_FILTER}" title="{'start_filter_hint'|@translate}" rel="nofollow"><img src="{$ROOT_URL}{$themeconf.icon_dir}/start_filter.png" class="button" alt="{'start_filter_hint'|@translate}"></a> + <a href="{$U_START_FILTER}" title="{'start_filter_hint'|@translate}" rel="nofollow"><img src="{$ROOT_URL}{$themeconf.icon_dir}/start_filter.png" class="button" alt="start filter"></a> {/if} {if isset($U_STOP_FILTER)} - <a href="{$U_STOP_FILTER}" title="{'stop_filter_hint'|@translate}"><img src="{$ROOT_URL}{$themeconf.icon_dir}/stop_filter.png" class="button" alt="{'stop_filter_hint'|@translate}"></a> + <a href="{$U_STOP_FILTER}" title="{'stop_filter_hint'|@translate}"><img src="{$ROOT_URL}{$themeconf.icon_dir}/stop_filter.png" class="button" alt="stop filter"></a> {/if} <dl id="mbCategories"> @@ -48,14 +48,14 @@ <ul id="menuTagCloud"> {foreach from=$related_tags item=tag} <li> - {if !empty($tag.add) } - <a href="{$tag.add.URL}" - title="{$pwg->l10n_dec('%d element are also linked to current tags', '%d elements are also linked to current tags', $tag.add.COUNTER)}" + {if !empty($tag.U_ADD) } + <a href="{$tag.U_ADD}" + title="{$pwg->l10n_dec('%d element are also linked to current tags', '%d elements are also linked to current tags', $tag.counter)}" rel="nofollow"> <img src="{$ROOT_URL}{$themeconf.icon_dir}/add_tag.png" alt="+" /> </a> {/if} - <a href="{$tag.U_TAG}" class="{$tag.CLASS}" title="{'See elements linked to this tag only'|@translate}">{$tag.NAME}</a> + <a href="{$tag.URL}" class="tagLevel{$tag.level}" title="{'See elements linked to this tag only'|@translate}">{$tag.name}</a> </li> {/foreach} </ul> diff --git a/template/yoga/tags.tpl b/template/yoga/tags.tpl index cf41fd973..19a3a9a93 100644 --- a/template/yoga/tags.tpl +++ b/template/yoga/tags.tpl @@ -20,7 +20,7 @@ {if $display_mode == 'cloud'} <ul id="fullTagCloud"> {foreach from=$tags item=tag} - <li><a href="{$tag.URL}" class="{$tag.CLASS}" title="{$tag.TITLE}">{$tag.NAME}</a></li> + <li><a href="{$tag.URL}" class="tagLevel{$tag.level}" title="{$tag.counter}">{$tag.name}</a></li> {/foreach} </ul> {/if} @@ -35,8 +35,8 @@ <table class="tagLetterContent"> {foreach from=$letter.tags item=tag} <tr class="tagLine"> - <td><a href="{$tag.URL}">{$tag.NAME}</a></td> - <td class="nbEntries">{$pwg->l10n_dec('%d element', '%d elements', $tag.COUNTER)}</td> + <td><a href="{$tag.URL}">{$tag.name}</a></td> + <td class="nbEntries">{$pwg->l10n_dec('%d element', '%d elements', $tag.counter)}</td> </tr> {/foreach} </table> @@ -52,4 +52,4 @@ {/if} {/if} -</div> <!-- content --> +</div> <!-- content -->
\ No newline at end of file |