diff options
author | plegall <plg@piwigo.org> | 2016-01-06 14:41:25 +0100 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2016-01-06 14:41:25 +0100 |
commit | 646aa6f19a45618abaf35f1b889d421e9c184bc9 (patch) | |
tree | 96eff284a7f90fc24327cea3a9714a6b6e79365d /include | |
parent | aa581bd3dec54984845096e3a73d1ce72c6922bb (diff) | |
parent | 426e10e235689211fc52ee0077dce32ea3124bd6 (diff) |
Merge branch 'feature/392-auth-keys'
Diffstat (limited to '')
-rw-r--r-- | include/config_default.inc.php | 4 | ||||
-rw-r--r-- | include/constants.php | 2 | ||||
-rw-r--r-- | include/functions.inc.php | 2 | ||||
-rw-r--r-- | include/functions_html.inc.php | 16 | ||||
-rw-r--r-- | include/functions_mail.inc.php | 49 | ||||
-rw-r--r-- | include/functions_notification.inc.php | 67 | ||||
-rw-r--r-- | include/functions_user.inc.php | 135 | ||||
-rw-r--r-- | include/user.inc.php | 6 |
8 files changed, 251 insertions, 30 deletions
diff --git a/include/config_default.inc.php b/include/config_default.inc.php index eafb9d5a9..2de75764d 100644 --- a/include/config_default.inc.php +++ b/include/config_default.inc.php @@ -646,6 +646,10 @@ $conf['recent_post_dates'] = array( // the author shown in the RSS feed <author> element $conf['rss_feed_author'] = 'Piwigo notifier'; +// how long does the authentication key stays valid, in seconds. 3 days by +// default. 0 to disable. +$conf['auth_key_duration'] = 3*24*60*60; + // +-----------------------------------------------------------------------+ // | Set admin layout | // +-----------------------------------------------------------------------+ diff --git a/include/constants.php b/include/constants.php index ef321a4bc..f9a032d0f 100644 --- a/include/constants.php +++ b/include/constants.php @@ -81,6 +81,8 @@ if (!defined('USER_FEED_TABLE')) define('USER_FEED_TABLE', $prefixeTable.'user_feed'); if (!defined('RATE_TABLE')) define('RATE_TABLE', $prefixeTable.'rate'); +if (!defined('USER_AUTH_KEYS_TABLE')) + define('USER_AUTH_KEYS_TABLE', $prefixeTable.'user_auth_keys'); if (!defined('USER_CACHE_TABLE')) define('USER_CACHE_TABLE', $prefixeTable.'user_cache'); if (!defined('USER_CACHE_CATEGORIES_TABLE')) diff --git a/include/functions.inc.php b/include/functions.inc.php index 2119abe8f..578830ba5 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -446,6 +446,7 @@ INSERT INTO '.HISTORY_TABLE.' image_id, image_type, format_id, + auth_key_id, tag_ids ) VALUES @@ -459,6 +460,7 @@ INSERT INTO '.HISTORY_TABLE.' '.(isset($image_id) ? $image_id : 'NULL').', '.(isset($image_type) ? "'".$image_type."'" : 'NULL').', '.(isset($format_id) ? $format_id : 'NULL').', + '.(isset($page['auth_key_id']) ? $page['auth_key_id'] : 'NULL').', '.(isset($tags_string) ? "'".$tags_string."'" : 'NULL').' ) ;'; diff --git a/include/functions_html.inc.php b/include/functions_html.inc.php index 8668e68ad..59861c46d 100644 --- a/include/functions_html.inc.php +++ b/include/functions_html.inc.php @@ -103,10 +103,17 @@ function get_cat_display_name($cat_informations, $url='') function get_cat_display_name_cache($uppercats, $url = '', $single_link = false, - $link_class = null) + $link_class = null, + $auth_key=null) { global $cache, $conf; + $add_url_params = array(); + if (isset($auth_key)) + { + $add_url_params['auth'] = $auth_key; + } + if (!isset($cache['cat_names'])) { $query = ' @@ -119,7 +126,7 @@ SELECT id, name, permalink $output = ''; if ($single_link) { - $single_url = get_root_url().$url.array_pop(explode(',', $uppercats)); + $single_url = add_url_params(get_root_url().$url.array_pop(explode(',', $uppercats)), $add_url_params); $output.= '<a href="'.$single_url.'"'; if (isset($link_class)) { @@ -155,10 +162,13 @@ SELECT id, name, permalink { $output.= ' <a href="' - .make_index_url( + .add_url_params( + make_index_url( array( 'category' => $cat, ) + ), + $add_url_params ) .'">'.$cat['name'].'</a>'; } diff --git a/include/functions_mail.inc.php b/include/functions_mail.inc.php index ed1081713..67be16c15 100644 --- a/include/functions_mail.inc.php +++ b/include/functions_mail.inc.php @@ -514,6 +514,8 @@ SELECT DISTINCT language // get subset of users in this group for a specific language $query = ' SELECT + ui.user_id, + ui.status, u.'.$conf['user_fields']['username'].' AS name, u.'.$conf['user_fields']['email'].' AS email FROM '.USER_GROUP_TABLE.' AS ug @@ -534,13 +536,33 @@ SELECT switch_lang_to($language); - $return&= pwg_mail(null, - array_merge( - $args, - array('Bcc' => $users) - ), - $tpl - ); + foreach ($users as $u) + { + $authkey = create_user_auth_key($u['user_id'], $u['status']); + + $user_tpl = $tpl; + + if ($authkey !== false) + { + $user_tpl['assign']['LINK'] = add_url_params($tpl['assign']['LINK'], array('auth' => $authkey['auth_key'])); + + if (isset($user_tpl['assign']['IMG']['link'])) + { + $user_tpl['assign']['IMG']['link'] = add_url_params( + $user_tpl['assign']['IMG']['link'], + array('auth' => $authkey['auth_key']) + ); + } + } + + $user_args = $args; + if ($authkey !== false) + { + $user_args['auth_key'] = $authkey['auth_key']; + } + + $return &= pwg_mail($u['email'], $user_args, $user_tpl); + } switch_lang_back(); } @@ -563,6 +585,7 @@ SELECT * o theme: theme to use [default value $conf_mail['mail_theme']] * o mail_title: main title of the mail [default value $conf['gallery_title']] * o mail_subtitle: subtitle of the mail [default value subject] + * o auth_key: authentication key to add on footer link [default value null] * @param array $tpl - use these options to define a custom content template file * o filename * o dirname (optional) @@ -695,6 +718,10 @@ function pwg_mail($to, $args=array(), $tpl=array()) { // key compose of indexes witch allow to cache mail data $cache_key = $content_type.'-'.$lang_info['code']; + if (!empty($args['auth_key'])) + { + $cache_key.= '-'.$args['auth_key']; + } if (!isset($conf_mail[$cache_key])) { @@ -709,9 +736,15 @@ function pwg_mail($to, $args=array(), $tpl=array()) $template->set_filename('mail_header', 'header.tpl'); $template->set_filename('mail_footer', 'footer.tpl'); + $add_url_params = array(); + if (!empty($args['auth_key'])) + { + $add_url_params['auth'] = $args['auth_key']; + } + $template->assign( array( - 'GALLERY_URL' => get_gallery_home_url(), + 'GALLERY_URL' => add_url_params(get_gallery_home_url(), $add_url_params), 'GALLERY_TITLE' => isset($page['gallery_title']) ? $page['gallery_title'] : $conf['gallery_title'], 'VERSION' => $conf['show_version'] ? PHPWG_VERSION : '', 'PHPWG_URL' => defined('PHPWG_URL') ? PHPWG_URL : '', diff --git a/include/functions_notification.inc.php b/include/functions_notification.inc.php index bc4d1a374..c7bbb66b3 100644 --- a/include/functions_notification.inc.php +++ b/include/functions_notification.inc.php @@ -395,27 +395,45 @@ function add_news_line(&$news, $count, $singular_key, $plural_key, $url='', $add * @param bool $add_url add html link around news * @return array */ -function news($start=null, $end=null, $exclude_img_cats=false, $add_url=false) +function news($start=null, $end=null, $exclude_img_cats=false, $add_url=false, $auth_key=null) { $news = array(); - if (!$exclude_img_cats) + $add_url_params = array(); + if (isset($auth_key)) { - add_news_line( $news, - nb_new_elements($start, $end), '%d new photo', '%d new photos', - make_index_url(array('section'=>'recent_pics')), $add_url ); + $add_url_params['auth'] = $auth_key; } if (!$exclude_img_cats) { - add_news_line( $news, - nb_updated_categories($start, $end), '%d album updated', '%d albums updated', - make_index_url(array('section'=>'recent_cats')), $add_url ); + add_news_line( + $news, + nb_new_elements($start, $end), + '%d new photo', + '%d new photos', + add_url_params(make_index_url(array('section'=>'recent_pics')), $add_url_params), + $add_url + ); + + add_news_line( + $news, + nb_updated_categories($start, $end), + '%d album updated', + '%d albums updated', + add_url_params(make_index_url(array('section'=>'recent_cats')), $add_url_params), + $add_url + ); } - add_news_line( $news, - nb_new_comments($start, $end), '%d new comment', '%d new comments', - get_root_url().'comments.php', $add_url ); + add_news_line( + $news, + nb_new_comments($start, $end), + '%d new comment', + '%d new comments', + add_url_params(get_root_url().'comments.php', $add_url_params), + $add_url + ); if (is_admin()) { @@ -527,17 +545,23 @@ function get_recent_post_dates_array($args) * @param array $date_detail returned value of get_recent_post_dates() * @return string */ -function get_html_description_recent_post_date($date_detail) +function get_html_description_recent_post_date($date_detail, $auth_key=null) { global $conf; + $add_url_params = array(); + if (isset($auth_key)) + { + $add_url_params['auth'] = $auth_key; + } + $description = '<ul>'; $description .= '<li>' .l10n_dec('%d new photo', '%d new photos', $date_detail['nb_elements']) .' (' - .'<a href="'.make_index_url(array('section'=>'recent_pics')).'">' + .'<a href="'.add_url_params(make_index_url(array('section'=>'recent_pics')), $add_url_params).'">' .l10n('Recent photos').'</a>' .')' .'</li><br>'; @@ -546,11 +570,16 @@ function get_html_description_recent_post_date($date_detail) { $tn_src = DerivativeImage::thumb_url($element); $description .= '<a href="'. - make_picture_url(array( - 'image_id' => $element['id'], - 'image_file' => $element['file'], - )) - .'"><img src="'.$tn_src.'"></a>'; + add_url_params( + make_picture_url( + array( + 'image_id' => $element['id'], + 'image_file' => $element['file'], + ) + ), + $add_url_params + ) + .'"><img src="'.$tn_src.'"></a>'; } $description .= '...<br>'; @@ -564,7 +593,7 @@ function get_html_description_recent_post_date($date_detail) { $description .= '<li>' - .get_cat_display_name_cache($cat['uppercats']) + .get_cat_display_name_cache($cat['uppercats'],'', false, null, $auth_key) .' ('. l10n_dec('%d new photo', '%d new photos', $cat['img_count']).')' .'</li>'; diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 5f503b36e..cd186183a 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -1462,4 +1462,139 @@ function get_recent_photos_sql($db_field) .pwg_db_get_recent_period_expression($user['recent_period']) .','.pwg_db_get_recent_period_expression(1,$user['last_photo_date']).')'; } + +/** + * Performs auto-connection if authentication key is valid. + * + * @since 2.8 + * + * @return bool + */ +function auth_key_login($auth_key) +{ + global $conf, $user, $page; + + if ($user['id'] != $conf['guest_id']) + { + return false; + } + + if (!preg_match('/^[a-z0-9]{30}$/i', $auth_key)) + { + return false; + } + + $query = ' +SELECT + *, + '.$conf['user_fields']['username'].' AS username, + NOW() AS dbnow + FROM '.USER_AUTH_KEYS_TABLE.' AS uak + JOIN '.USER_INFOS_TABLE.' AS ui ON uak.user_id = ui.user_id + JOIN '.USERS_TABLE.' AS u ON u.'.$conf['user_fields']['id'].' = ui.user_id + WHERE auth_key = \''.$auth_key.'\' +;'; + $keys = query2array($query); + + if (count($keys) == 0) + { + return false; + } + + $key = $keys[0]; + + // is the key still valid? + if (strtotime($key['expired_on']) < strtotime($key['dbnow'])) + { + return false; + } + + // admin/webmaster/guest can't get connected with authentication keys + if (!in_array($key['status'], array('normal','generic'))) + { + return false; + } + + $user['id'] = $key['user_id']; + log_user($user['id'], false); + trigger_notify('login_success', stripslashes($key['username'])); + + // to be registered in history table by pwg_log function + $page['auth_key_id'] = $key['auth_key_id']; + + return true; +} + +/** + * Creates an authentication key. + * + * @since 2.8 + * @param int $user_id + * @return array + */ +function create_user_auth_key($user_id, $user_status=null) +{ + global $conf; + + if (0 == $conf['auth_key_duration']) + { + return false; + } + + if (!isset($user_status)) + { + // we have to find the user status + $query = ' +SELECT + status + FROM '.USER_INFOS_TABLE.' + WHERE user_id = '.$user_id.' +;'; + $user_infos = query2array($query); + + if (count($user_infos) == 0) + { + return false; + } + + $user_status = $user_infos[0]['status']; + } + + if (!in_array($user_status, array('normal','generic'))) + { + return false; + } + + $candidate = generate_key(30); + + $query = ' +SELECT + COUNT(*), + NOW(), + ADDDATE(NOW(), INTERVAL '.$conf['auth_key_duration'].' SECOND) + FROM '.USER_AUTH_KEYS_TABLE.' + WHERE auth_key = \''.$candidate.'\' +;'; + list($counter, $now, $expiration) = pwg_db_fetch_row(pwg_query($query)); + if (0 == $counter) + { + $key = array( + 'auth_key' => $candidate, + 'user_id' => $user_id, + 'created_on' => $now, + 'duration' => $conf['auth_key_duration'], + 'expired_on' => $expiration, + ); + + single_insert(USER_AUTH_KEYS_TABLE, $key); + + $key['auth_key_id'] = pwg_db_insert_id(); + + return $key; + } + else + { + return create_user_auth_key($user_id, $user_status); + } +} ?>
\ No newline at end of file diff --git a/include/user.inc.php b/include/user.inc.php index 4de5cc6c3..c02fcb0ac 100644 --- a/include/user.inc.php +++ b/include/user.inc.php @@ -65,6 +65,12 @@ if ($conf['apache_authentication']) } } +// automatic login by authentication key +if (isset($_GET['auth'])) +{ + auth_key_login($_GET['auth']); +} + $user = build_user( $user['id'], ( defined('IN_ADMIN') and IN_ADMIN ) ? false : true // use cache ? ); |