diff options
author | plegall <plg@piwigo.org> | 2005-07-17 15:06:39 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2005-07-17 15:06:39 +0000 |
commit | e96510957cd6fb539fcaacb80e47f6f78abdefb7 (patch) | |
tree | ca28bd145aac1a5523765d4b995cabdb506e08cc /include | |
parent | eb189de80066ce353e472cd9067defd67102177f (diff) |
- new feature : use Apache authentication. If $conf['apache_authentication']
is set true : if no user matches $_SERVER['REMOTE_USER'] in "users" table,
PWG automatically creates one. This way, users can customize the behaviour
of the application.
- template : new organisation of identification menu
(category.php). Simplification is required for Apache authentication (no
logout link even if user is externally logged in)
- new : usernames can contain quotes (required because Apache authentication
authorized quotes in usernames)
git-svn-id: http://piwigo.org/svn/trunk@804 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include')
-rw-r--r-- | include/config_default.inc.php | 4 | ||||
-rw-r--r-- | include/functions_session.inc.php | 4 | ||||
-rw-r--r-- | include/functions_user.inc.php | 23 | ||||
-rw-r--r-- | include/user.inc.php | 29 |
4 files changed, 43 insertions, 17 deletions
diff --git a/include/config_default.inc.php b/include/config_default.inc.php index 08f68733b..8debb63f0 100644 --- a/include/config_default.inc.php +++ b/include/config_default.inc.php @@ -223,4 +223,8 @@ $conf['show_thumbnail_caption'] = true; // show_picture_name_on_title : on picture presentation page, show picture // name ? $conf['show_picture_name_on_title'] = true; + +// apache_authentication : use Apache authentication as reference instead of +// users table ? +$conf['apache_authentication'] = false; ?> diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php index 7190f8954..b2509e1c1 100644 --- a/include/functions_session.inc.php +++ b/include/functions_session.inc.php @@ -107,9 +107,9 @@ INSERT INTO '.SESSIONS_TABLE.' // parameter $redirect is set to true, '&' is used instead of '&'. function add_session_id( $url, $redirect = false ) { - global $page, $user; + global $page, $user, $conf; - if ( $user['has_cookie'] ) return $url; + if ( $user['has_cookie'] or $conf['apache_authentication']) return $url; $amp = '&'; if ( $redirect ) diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 3e8588cf7..1a2709254 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -54,7 +54,6 @@ function register_user($login, $password, $password_conf, // login must not // 1. be empty // 2. start ou end with space character - // 3. include ' or " characters // 4. be already used if ($login == '') { @@ -69,23 +68,17 @@ function register_user($login, $password, $password_conf, array_push($errors, $lang['reg_err_login3']); } - if (ereg("'", $login) or ereg("\"", $login)) - { - array_push($errors, $lang['reg_err_login4']); - } - else - { - $query = ' + $query = ' SELECT id FROM '.USERS_TABLE.' - WHERE username = \''.$login.'\' + WHERE username = \''.mysql_escape_string($login).'\' ;'; - $result = pwg_query($query); - if (mysql_num_rows($result) > 0) - { - array_push($errors, $lang['reg_err_login5']); - } + $result = pwg_query($query); + if (mysql_num_rows($result) > 0) + { + array_push($errors, $lang['reg_err_login5']); } + // given password must be the same as the confirmation if ($password != $password_conf) { @@ -102,7 +95,7 @@ SELECT id if (count($errors) == 0) { $insert = array(); - $insert['username'] = $login; + $insert['username'] = mysql_escape_string($login); $insert['password'] = md5($password); $insert['status'] = $status; $insert['template'] = $conf['default_template']; diff --git a/include/user.inc.php b/include/user.inc.php index b388943c0..56b36039c 100644 --- a/include/user.inc.php +++ b/include/user.inc.php @@ -91,6 +91,35 @@ if (!isset($user['id'])) $user['is_the_guest'] = true; } +// using Apache authentication override the above user search +if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER'])) +{ + $query = ' +SELECT id + FROM '.USERS_TABLE.' + WHERE username = \''.mysql_escape_string($_SERVER['REMOTE_USER']).'\' +;'; + $result = pwg_query($query); + + if (mysql_num_rows($result) == 0) + { + register_user($_SERVER['REMOTE_USER'], '', '', ''); + + $query = ' +SELECT id + FROM '.USERS_TABLE.' + WHERE username = \''.mysql_escape_string($_SERVER['REMOTE_USER']).'\' +;'; + list($user['id']) = mysql_fetch_row(pwg_query($query)); + } + else + { + list($user['id']) = mysql_fetch_row($result); + } + + $user['is_the_guest'] = false; +} + $query = ' SELECT u.*, uf.* FROM '.USERS_TABLE.' AS u LEFT JOIN '.USER_FORBIDDEN_TABLE.' AS uf |