aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2005-07-17 15:06:39 +0000
committerplegall <plg@piwigo.org>2005-07-17 15:06:39 +0000
commite96510957cd6fb539fcaacb80e47f6f78abdefb7 (patch)
treeca28bd145aac1a5523765d4b995cabdb506e08cc /include
parenteb189de80066ce353e472cd9067defd67102177f (diff)
- new feature : use Apache authentication. If $conf['apache_authentication']
is set true : if no user matches $_SERVER['REMOTE_USER'] in "users" table, PWG automatically creates one. This way, users can customize the behaviour of the application. - template : new organisation of identification menu (category.php). Simplification is required for Apache authentication (no logout link even if user is externally logged in) - new : usernames can contain quotes (required because Apache authentication authorized quotes in usernames) git-svn-id: http://piwigo.org/svn/trunk@804 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include')
-rw-r--r--include/config_default.inc.php4
-rw-r--r--include/functions_session.inc.php4
-rw-r--r--include/functions_user.inc.php23
-rw-r--r--include/user.inc.php29
4 files changed, 43 insertions, 17 deletions
diff --git a/include/config_default.inc.php b/include/config_default.inc.php
index 08f68733b..8debb63f0 100644
--- a/include/config_default.inc.php
+++ b/include/config_default.inc.php
@@ -223,4 +223,8 @@ $conf['show_thumbnail_caption'] = true;
// show_picture_name_on_title : on picture presentation page, show picture
// name ?
$conf['show_picture_name_on_title'] = true;
+
+// apache_authentication : use Apache authentication as reference instead of
+// users table ?
+$conf['apache_authentication'] = false;
?>
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index 7190f8954..b2509e1c1 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -107,9 +107,9 @@ INSERT INTO '.SESSIONS_TABLE.'
// parameter $redirect is set to true, '&' is used instead of '&'.
function add_session_id( $url, $redirect = false )
{
- global $page, $user;
+ global $page, $user, $conf;
- if ( $user['has_cookie'] ) return $url;
+ if ( $user['has_cookie'] or $conf['apache_authentication']) return $url;
$amp = '&amp;';
if ( $redirect )
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 3e8588cf7..1a2709254 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -54,7 +54,6 @@ function register_user($login, $password, $password_conf,
// login must not
// 1. be empty
// 2. start ou end with space character
- // 3. include ' or " characters
// 4. be already used
if ($login == '')
{
@@ -69,23 +68,17 @@ function register_user($login, $password, $password_conf,
array_push($errors, $lang['reg_err_login3']);
}
- if (ereg("'", $login) or ereg("\"", $login))
- {
- array_push($errors, $lang['reg_err_login4']);
- }
- else
- {
- $query = '
+ $query = '
SELECT id
FROM '.USERS_TABLE.'
- WHERE username = \''.$login.'\'
+ WHERE username = \''.mysql_escape_string($login).'\'
;';
- $result = pwg_query($query);
- if (mysql_num_rows($result) > 0)
- {
- array_push($errors, $lang['reg_err_login5']);
- }
+ $result = pwg_query($query);
+ if (mysql_num_rows($result) > 0)
+ {
+ array_push($errors, $lang['reg_err_login5']);
}
+
// given password must be the same as the confirmation
if ($password != $password_conf)
{
@@ -102,7 +95,7 @@ SELECT id
if (count($errors) == 0)
{
$insert = array();
- $insert['username'] = $login;
+ $insert['username'] = mysql_escape_string($login);
$insert['password'] = md5($password);
$insert['status'] = $status;
$insert['template'] = $conf['default_template'];
diff --git a/include/user.inc.php b/include/user.inc.php
index b388943c0..56b36039c 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -91,6 +91,35 @@ if (!isset($user['id']))
$user['is_the_guest'] = true;
}
+// using Apache authentication override the above user search
+if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER']))
+{
+ $query = '
+SELECT id
+ FROM '.USERS_TABLE.'
+ WHERE username = \''.mysql_escape_string($_SERVER['REMOTE_USER']).'\'
+;';
+ $result = pwg_query($query);
+
+ if (mysql_num_rows($result) == 0)
+ {
+ register_user($_SERVER['REMOTE_USER'], '', '', '');
+
+ $query = '
+SELECT id
+ FROM '.USERS_TABLE.'
+ WHERE username = \''.mysql_escape_string($_SERVER['REMOTE_USER']).'\'
+;';
+ list($user['id']) = mysql_fetch_row(pwg_query($query));
+ }
+ else
+ {
+ list($user['id']) = mysql_fetch_row($result);
+ }
+
+ $user['is_the_guest'] = false;
+}
+
$query = '
SELECT u.*, uf.*
FROM '.USERS_TABLE.' AS u LEFT JOIN '.USER_FORBIDDEN_TABLE.' AS uf