aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authornikrou <nikrou@piwigo.org>2006-07-23 15:25:49 +0000
committernikrou <nikrou@piwigo.org>2006-07-23 15:25:49 +0000
commit5d06d4354144066a39bca1c28b7a326b2de5283c (patch)
treea3ececb0721ce8bc367b9bc05dc03af0cfe1f68f
parente3c4d79f5be8d732185c151f9ac84ff0ddb51166 (diff)
bug 451 fixed: problem with auto login
- add an auto_login_key in users_table - $conf['session_length'] is no more useful and sessions length will be 0 (until browser closed) - add $conf['remember_me_name'] for cookie remember name git-svn-id: http://piwigo.org/svn/trunk@1493 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--identification.php28
-rw-r--r--include/config_default.inc.php6
-rw-r--r--include/functions_session.inc.php7
-rw-r--r--include/functions_user.inc.php28
-rw-r--r--install/db/26-database.php47
-rw-r--r--install/phpwebgallery_structure.sql3
6 files changed, 107 insertions, 12 deletions
diff --git a/identification.php b/identification.php
index df2df9b87..eba8834c0 100644
--- a/identification.php
+++ b/identification.php
@@ -71,6 +71,34 @@ SELECT '.$conf['user_fields']['id'].' AS id,
array_push( $errors, $lang['invalid_pwd'] );
}
}
+elseif (!empty($_COOKIE[$conf['remember_me_name']]))
+{
+ $cookie = unserialize(pwg_stripslashes($_COOKIE[$conf['remember_me_name']]));
+ $query = '
+SELECT auto_login_key
+ FROM '.USERS_TABLE.'
+ WHERE '.$conf['user_fields']['id'].' = '.$cookie['id'].'
+;';
+
+ $auto_login_key = current(mysql_fetch_assoc(pwg_query($query)));
+ if ($auto_login_key == $cookie['key'])
+ {
+ log_user($cookie['id'], false);
+ redirect(empty($redirect_to) ? make_index_url() : $redirect_to);
+ }
+ else
+ {
+ // Hacking attempt!
+ $query = '
+UPDATE '.USERS_TABLE.'
+ SET auto_login_key=\''.$auto_login_key.'\'
+ WHERE '.$conf['user_fields']['id'].' = '.$user_id.'
+;';
+ pwg_query($query);
+ setcookie($conf['remember_me_name'], '', 0, cookie_path());
+ redirect(empty($redirect_to) ? make_index_url() : $redirect_to);
+ }
+}
//----------------------------------------------------- template initialization
//
// Start output of page
diff --git a/include/config_default.inc.php b/include/config_default.inc.php
index c4c4bdb4d..0fb9eef43 100644
--- a/include/config_default.inc.php
+++ b/include/config_default.inc.php
@@ -312,13 +312,13 @@ $conf['session_save_handler'] = 'db';
// creates a cookie on client side.
$conf['authorize_remembering'] = true;
+// remember_me_name: specifies the name of the cookie used to stay logged
+$conf['remember_me_name'] = 'pwg_remember';
+
// remember_me_length : time of validity for "remember me" cookies, in
// seconds.
$conf['remember_me_length'] = 31536000;
-// session_length : time of validity for normal session, in seconds.
-$conf['session_length'] = 3600;
-
// +-----------------------------------------------------------------------+
// | debug |
// +-----------------------------------------------------------------------+
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index 8765028ae..7fdf5dde8 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -71,11 +71,8 @@ if (isset($conf['session_save_handler'])
ini_set('session.use_only_cookies', $conf['session_use_only_cookies']);
ini_set('session.use_trans_sid', intval($conf['session_use_trans_sid']));
}
- session_name( $conf['session_name'] );
- session_set_cookie_params(
- ini_get('session.cookie_lifetime'),
- cookie_path()
- );
+ session_name($conf['session_name']);
+ session_set_cookie_params(0, cookie_path());
}
// cookie_path returns the path to use for the PhpWebGallery cookie.
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index c3048d6b0..134f7493d 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -551,12 +551,34 @@ function get_language_filepath($filename)
function log_user($user_id, $remember_me)
{
global $conf;
- $session_length = $conf['session_length'];
+
if ($remember_me)
{
- $session_length = $conf['remember_me_length'];
+ // search for an existing auto_login_key
+ $query = '
+SELECT auto_login_key
+ FROM '.USERS_TABLE.'
+ WHERE '.$conf['user_fields']['id'].' = '.$user_id.'
+;';
+
+ $auto_login_key = current(mysql_fetch_assoc(pwg_query($query)));
+ if (empty($auto_login_key))
+ {
+ $auto_login_key = base64_encode(md5(uniqid(rand(), true)));
+ $query = '
+UPDATE '.USERS_TABLE.'
+ SET auto_login_key=\''.$auto_login_key.'\'
+ WHERE '.$conf['user_fields']['id'].' = '.$user_id.'
+;';
+ pwg_query($query);
+ }
+ $cookie = array('id' => $user_id, 'key' => $auto_login_key);
+ setcookie($conf['remember_me_name'],
+ serialize($cookie),
+ time()+$conf['remember_me_length'],
+ cookie_path()
+ );
}
- session_set_cookie_params($session_length);
session_start();
$_SESSION['pwg_uid'] = $user_id;
}
diff --git a/install/db/26-database.php b/install/db/26-database.php
new file mode 100644
index 000000000..fb0f291a5
--- /dev/null
+++ b/install/db/26-database.php
@@ -0,0 +1,47 @@
+<?php
+// +-----------------------------------------------------------------------+
+// | PhpWebGallery - a PHP based picture gallery |
+// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
+// | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net |
+// +-----------------------------------------------------------------------+
+// | branch : BSF (Best So Far)
+// | file : $RCSfile$
+// | last update : $Date: 2006-07-23 14:17:00 +0200 (dim, 23 jui 2006) $
+// | last modifier : $Author: nikrou $
+// | revision : $Revision: 1492 $
+// +-----------------------------------------------------------------------+
+// | This program is free software; you can redistribute it and/or modify |
+// | it under the terms of the GNU General Public License as published by |
+// | the Free Software Foundation |
+// | |
+// | This program is distributed in the hope that it will be useful, but |
+// | WITHOUT ANY WARRANTY; without even the implied warranty of |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
+// | General Public License for more details. |
+// | |
+// | You should have received a copy of the GNU General Public License |
+// | along with this program; if not, write to the Free Software |
+// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
+// | USA. |
+// +-----------------------------------------------------------------------+
+
+if (!defined('PHPWG_ROOT_PATH'))
+{
+ die('Hacking attempt!');
+}
+
+$upgrade_description = 'add an auto login key in users table';
+
+// add column auto_login_key
+$query = '
+ALTER TABLE '.PREFIX_TABLE.'users
+ ADD auto_login_key varchar(64) NOT NULL
+;';
+pwg_query($query);
+
+echo
+"\n"
+. $upgrade_description
+."\n"
+;
+?>
diff --git a/install/phpwebgallery_structure.sql b/install/phpwebgallery_structure.sql
index 73f132af7..5a3b13014 100644
--- a/install/phpwebgallery_structure.sql
+++ b/install/phpwebgallery_structure.sql
@@ -1,4 +1,4 @@
--- MySQL dump 9.11
+1-- MySQL dump 9.11
--
-- Host: localhost Database: pwg-bsf
-- ------------------------------------------------------
@@ -345,6 +345,7 @@ CREATE TABLE `phpwebgallery_users` (
`username` varchar(20) binary NOT NULL default '',
`password` varchar(32) default NULL,
`mail_address` varchar(255) default NULL,
+ `auto_login_key` varchar(64) default NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `users_ui1` (`username`)
) TYPE=MyISAM;