aboutsummaryrefslogtreecommitdiffstats
path: root/include/user.inc.php
diff options
context:
space:
mode:
authorz0rglub <z0rglub@piwigo.org>2004-10-02 23:12:50 +0000
committerz0rglub <z0rglub@piwigo.org>2004-10-02 23:12:50 +0000
commit3c8309a7e621ede168cf7f6dfd8c8d55144525ea (patch)
tree8b13443d84b3eae9ddead399bea404a981b2bc60 /include/user.inc.php
parentda836ea95fce9a8b5711366253832d298e3c4a6e (diff)
- deletion of session_time and session_id_size as config parameter
- new feature : "remember me" creates a long time cookie - possibility to set the default authentication method to URI or cookie - really technical parameters (session identifier size, session duration) are set in the config file and not in database + configuration.php git-svn-id: http://piwigo.org/svn/trunk@541 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/user.inc.php')
-rw-r--r--include/user.inc.php74
1 files changed, 42 insertions, 32 deletions
diff --git a/include/user.inc.php b/include/user.inc.php
index c1f018f92..01a7243d1 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -30,55 +30,65 @@
// Each field becomes an information of the array $user.
// Example :
// status --> $user['status']
-$infos = array( 'id', 'username', 'mail_address', 'nb_image_line',
- 'nb_line_page', 'status', 'language', 'maxwidth',
- 'maxheight', 'expand', 'show_nb_comments', 'recent_period',
- 'template', 'forbidden_categories' );
+$infos = array('id','username','mail_address','nb_image_line','nb_line_page',
+ 'status','language','maxwidth','maxheight','expand',
+ 'show_nb_comments','recent_period','template',
+ 'forbidden_categories');
$query_user = 'SELECT * FROM '.USERS_TABLE;
$query_done = false;
$user['is_the_guest'] = false;
// cookie deletion if administrator don't authorize them anymore
-if ( !$conf['authorize_cookies'] and isset( $_COOKIE['id'] ) )
+if (!$conf['authorize_remembering'] and isset($_COOKIE['id']))
{
- setcookie( 'id', '', 0, cookie_path() );
+ setcookie('id', '', 0, cookie_path());
$url = 'category.php';
- redirect( $url );
+ redirect($url);
}
-$user['has_cookie'] = false;
-if ( isset( $_GET['id'] ) ) $session_id = $_GET['id'];
-elseif ( isset( $_COOKIE['id'] ) )
+if (isset($_GET['id']))
+{
+ $session_id = $_GET['id'];
+ $user['has_cookie'] = false;
+ $session_id_size = $conf['session_id_size_URI'];
+}
+elseif (isset($_COOKIE['id']))
{
$session_id = $_COOKIE['id'];
$user['has_cookie'] = true;
+ $session_id_size = $conf['session_id_size_cookie'];
+}
+else
+{
+ $user['has_cookie'] = false;
}
-if ( isset( $session_id )
- and ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id ) )
+if (isset($session_id)
+ and ereg("^[0-9a-zA-Z]{".$session_id_size."}$", $session_id))
{
$page['session_id'] = $session_id;
- $query = 'SELECT user_id,expiration,ip';
- $query.= ' FROM '.SESSIONS_TABLE;
- $query.= " WHERE id = '".$page['session_id']."'";
- $query.= ';';
- $result = mysql_query( $query );
- if ( mysql_num_rows( $result ) > 0 )
+ $query = '
+SELECT user_id,expiration,ip
+ FROM '.SESSIONS_TABLE.'
+ WHERE id = \''.$page['session_id'].'\'
+;';
+ $result = mysql_query($query);
+ if (mysql_num_rows($result) > 0)
{
- $row = mysql_fetch_array( $result );
- if ( !$user['has_cookie'] )
+ $row = mysql_fetch_array($result);
+ if (!$user['has_cookie'])
{
- if ( $row['expiration'] < time() )
+ if ($row['expiration'] < time())
{
// deletion of the session from the database,
// because it is out-of-date
$delete_query = 'DELETE FROM '.SESSIONS_TABLE;
$delete_query.= " WHERE id = '".$page['session_id']."'";
$delete_query.= ';';
- mysql_query( $delete_query );
+ mysql_query($delete_query);
}
- else if ( $_SERVER['REMOTE_ADDR'] == $row['ip'] )
+ else if ($_SERVER['REMOTE_ADDR'] == $row['ip'])
{
$query_user .= ' WHERE id = '.$row['user_id'];
$query_done = true;
@@ -91,23 +101,23 @@ if ( isset( $session_id )
}
}
}
-if ( !$query_done )
+if (!$query_done)
{
$query_user .= ' WHERE id = 2';
$user['is_the_guest'] = true;
}
$query_user .= ';';
-$row = mysql_fetch_array( mysql_query( $query_user ) );
+$row = mysql_fetch_array(mysql_query($query_user));
// affectation of each value retrieved in the users table into a variable
// of the array $user.
-foreach ( $infos as $info ) {
- if ( isset( $row[$info] ) )
+foreach ($infos as $info) {
+ if (isset($row[$info]))
{
// If the field is true or false, the variable is transformed into a
// boolean value.
- if ( $row[$info] == 'true' or $row[$info] == 'false' )
- $user[$info] = get_boolean( $row[$info] );
+ if ($row[$info] == 'true' or $row[$info] == 'false')
+ $user[$info] = get_boolean($row[$info]);
else
$user[$info] = $row[$info];
}
@@ -118,14 +128,14 @@ foreach ( $infos as $info ) {
}
// special for $user['restrictions'] array
-$user['restrictions'] = explode( ',', $user['forbidden_categories'] );
-if ( $user['restrictions'][0] == '' )
+$user['restrictions'] = explode(',', $user['forbidden_categories']);
+if ($user['restrictions'][0] == '')
{
$user['restrictions'] = array();
}
$isadmin = false;
-if ( $user['status'] == 'admin' )
+if ($user['status'] == 'admin')
{
$isadmin =true;
}