diff options
author | z0rglub <z0rglub@piwigo.org> | 2004-10-02 23:12:50 +0000 |
---|---|---|
committer | z0rglub <z0rglub@piwigo.org> | 2004-10-02 23:12:50 +0000 |
commit | 3c8309a7e621ede168cf7f6dfd8c8d55144525ea (patch) | |
tree | 8b13443d84b3eae9ddead399bea404a981b2bc60 /include/user.inc.php | |
parent | da836ea95fce9a8b5711366253832d298e3c4a6e (diff) |
- deletion of session_time and session_id_size as config parameter
- new feature : "remember me" creates a long time cookie
- possibility to set the default authentication method to URI or cookie
- really technical parameters (session identifier size, session duration)
are set in the config file and not in database + configuration.php
git-svn-id: http://piwigo.org/svn/trunk@541 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/user.inc.php')
-rw-r--r-- | include/user.inc.php | 74 |
1 files changed, 42 insertions, 32 deletions
diff --git a/include/user.inc.php b/include/user.inc.php index c1f018f92..01a7243d1 100644 --- a/include/user.inc.php +++ b/include/user.inc.php @@ -30,55 +30,65 @@ // Each field becomes an information of the array $user. // Example : // status --> $user['status'] -$infos = array( 'id', 'username', 'mail_address', 'nb_image_line', - 'nb_line_page', 'status', 'language', 'maxwidth', - 'maxheight', 'expand', 'show_nb_comments', 'recent_period', - 'template', 'forbidden_categories' ); +$infos = array('id','username','mail_address','nb_image_line','nb_line_page', + 'status','language','maxwidth','maxheight','expand', + 'show_nb_comments','recent_period','template', + 'forbidden_categories'); $query_user = 'SELECT * FROM '.USERS_TABLE; $query_done = false; $user['is_the_guest'] = false; // cookie deletion if administrator don't authorize them anymore -if ( !$conf['authorize_cookies'] and isset( $_COOKIE['id'] ) ) +if (!$conf['authorize_remembering'] and isset($_COOKIE['id'])) { - setcookie( 'id', '', 0, cookie_path() ); + setcookie('id', '', 0, cookie_path()); $url = 'category.php'; - redirect( $url ); + redirect($url); } -$user['has_cookie'] = false; -if ( isset( $_GET['id'] ) ) $session_id = $_GET['id']; -elseif ( isset( $_COOKIE['id'] ) ) +if (isset($_GET['id'])) +{ + $session_id = $_GET['id']; + $user['has_cookie'] = false; + $session_id_size = $conf['session_id_size_URI']; +} +elseif (isset($_COOKIE['id'])) { $session_id = $_COOKIE['id']; $user['has_cookie'] = true; + $session_id_size = $conf['session_id_size_cookie']; +} +else +{ + $user['has_cookie'] = false; } -if ( isset( $session_id ) - and ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id ) ) +if (isset($session_id) + and ereg("^[0-9a-zA-Z]{".$session_id_size."}$", $session_id)) { $page['session_id'] = $session_id; - $query = 'SELECT user_id,expiration,ip'; - $query.= ' FROM '.SESSIONS_TABLE; - $query.= " WHERE id = '".$page['session_id']."'"; - $query.= ';'; - $result = mysql_query( $query ); - if ( mysql_num_rows( $result ) > 0 ) + $query = ' +SELECT user_id,expiration,ip + FROM '.SESSIONS_TABLE.' + WHERE id = \''.$page['session_id'].'\' +;'; + $result = mysql_query($query); + if (mysql_num_rows($result) > 0) { - $row = mysql_fetch_array( $result ); - if ( !$user['has_cookie'] ) + $row = mysql_fetch_array($result); + if (!$user['has_cookie']) { - if ( $row['expiration'] < time() ) + if ($row['expiration'] < time()) { // deletion of the session from the database, // because it is out-of-date $delete_query = 'DELETE FROM '.SESSIONS_TABLE; $delete_query.= " WHERE id = '".$page['session_id']."'"; $delete_query.= ';'; - mysql_query( $delete_query ); + mysql_query($delete_query); } - else if ( $_SERVER['REMOTE_ADDR'] == $row['ip'] ) + else if ($_SERVER['REMOTE_ADDR'] == $row['ip']) { $query_user .= ' WHERE id = '.$row['user_id']; $query_done = true; @@ -91,23 +101,23 @@ if ( isset( $session_id ) } } } -if ( !$query_done ) +if (!$query_done) { $query_user .= ' WHERE id = 2'; $user['is_the_guest'] = true; } $query_user .= ';'; -$row = mysql_fetch_array( mysql_query( $query_user ) ); +$row = mysql_fetch_array(mysql_query($query_user)); // affectation of each value retrieved in the users table into a variable // of the array $user. -foreach ( $infos as $info ) { - if ( isset( $row[$info] ) ) +foreach ($infos as $info) { + if (isset($row[$info])) { // If the field is true or false, the variable is transformed into a // boolean value. - if ( $row[$info] == 'true' or $row[$info] == 'false' ) - $user[$info] = get_boolean( $row[$info] ); + if ($row[$info] == 'true' or $row[$info] == 'false') + $user[$info] = get_boolean($row[$info]); else $user[$info] = $row[$info]; } @@ -118,14 +128,14 @@ foreach ( $infos as $info ) { } // special for $user['restrictions'] array -$user['restrictions'] = explode( ',', $user['forbidden_categories'] ); -if ( $user['restrictions'][0] == '' ) +$user['restrictions'] = explode(',', $user['forbidden_categories']); +if ($user['restrictions'][0] == '') { $user['restrictions'] = array(); } $isadmin = false; -if ( $user['status'] == 'admin' ) +if ($user['status'] == 'admin') { $isadmin =true; } |