diff options
-rw-r--r-- | category.php | 27 | ||||
-rw-r--r-- | doc/ChangeLog | 16 | ||||
-rw-r--r-- | include/config_default.inc.php | 4 | ||||
-rw-r--r-- | include/functions_session.inc.php | 4 | ||||
-rw-r--r-- | include/functions_user.inc.php | 23 | ||||
-rw-r--r-- | include/user.inc.php | 29 | ||||
-rw-r--r-- | template/default/category.tpl | 64 |
7 files changed, 117 insertions, 50 deletions
diff --git a/category.php b/category.php index 700ab652a..bc93cdb38 100644 --- a/category.php +++ b/category.php @@ -254,21 +254,32 @@ $template->assign_block_vars( )); //--------------------------------------------------------------------- summary -if ( !$user['is_the_guest'] ) +if ($user['is_the_guest']) { - $template->assign_block_vars('logout',array()); - // administration link - if ( $user['status'] == 'admin' ) + $template->assign_block_vars('register', array()); + $template->assign_block_vars('login', array()); + + $template->assign_block_vars('quickconnect', array()); + if ($conf['authorize_remembering']) { - $template->assign_block_vars('logout.admin', array()); + $template->assign_block_vars('quickconnect.remember_me', array()); } } else { - $template->assign_block_vars('login',array()); - if ($conf['authorize_remembering']) + $template->assign_block_vars('hello', array()); + $template->assign_block_vars('profile', array()); + + // the logout link has no meaning with Apache authentication : it is not + // possible to logout with this kind of authentication. + if (!$conf['apache_authentication']) + { + $template->assign_block_vars('logout', array()); + } + + if ('admin' == $user['status']) { - $template->assign_block_vars('login.remember_me',array()); + $template->assign_block_vars('admin', array()); } } diff --git a/doc/ChangeLog b/doc/ChangeLog index 2b5cc3c85..d00edab52 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,5 +1,21 @@ 2005-07-17 Pierrick LE GALL + * new feature : use Apache authentication. If + $conf['apache_authentication'] is set true : if no user matches + $_SERVER['REMOTE_USER'] in "users" table, PWG automatically + creates one. This way, users can customize the behaviour of the + application. + + * template : new organisation of identification menu + (category.php). Simplification is required for Apache + authentication (no logout link even if user is externally logged + in) + + * new : usernames can contain quotes (required because Apache + authentication authorized quotes in usernames) + +2005-07-17 Pierrick LE GALL + * new configuration parameter : hide thumbnail captions on main page with $conf['show_thumbnail_caption'] diff --git a/include/config_default.inc.php b/include/config_default.inc.php index 08f68733b..8debb63f0 100644 --- a/include/config_default.inc.php +++ b/include/config_default.inc.php @@ -223,4 +223,8 @@ $conf['show_thumbnail_caption'] = true; // show_picture_name_on_title : on picture presentation page, show picture // name ? $conf['show_picture_name_on_title'] = true; + +// apache_authentication : use Apache authentication as reference instead of +// users table ? +$conf['apache_authentication'] = false; ?> diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php index 7190f8954..b2509e1c1 100644 --- a/include/functions_session.inc.php +++ b/include/functions_session.inc.php @@ -107,9 +107,9 @@ INSERT INTO '.SESSIONS_TABLE.' // parameter $redirect is set to true, '&' is used instead of '&'. function add_session_id( $url, $redirect = false ) { - global $page, $user; + global $page, $user, $conf; - if ( $user['has_cookie'] ) return $url; + if ( $user['has_cookie'] or $conf['apache_authentication']) return $url; $amp = '&'; if ( $redirect ) diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 3e8588cf7..1a2709254 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -54,7 +54,6 @@ function register_user($login, $password, $password_conf, // login must not // 1. be empty // 2. start ou end with space character - // 3. include ' or " characters // 4. be already used if ($login == '') { @@ -69,23 +68,17 @@ function register_user($login, $password, $password_conf, array_push($errors, $lang['reg_err_login3']); } - if (ereg("'", $login) or ereg("\"", $login)) - { - array_push($errors, $lang['reg_err_login4']); - } - else - { - $query = ' + $query = ' SELECT id FROM '.USERS_TABLE.' - WHERE username = \''.$login.'\' + WHERE username = \''.mysql_escape_string($login).'\' ;'; - $result = pwg_query($query); - if (mysql_num_rows($result) > 0) - { - array_push($errors, $lang['reg_err_login5']); - } + $result = pwg_query($query); + if (mysql_num_rows($result) > 0) + { + array_push($errors, $lang['reg_err_login5']); } + // given password must be the same as the confirmation if ($password != $password_conf) { @@ -102,7 +95,7 @@ SELECT id if (count($errors) == 0) { $insert = array(); - $insert['username'] = $login; + $insert['username'] = mysql_escape_string($login); $insert['password'] = md5($password); $insert['status'] = $status; $insert['template'] = $conf['default_template']; diff --git a/include/user.inc.php b/include/user.inc.php index b388943c0..56b36039c 100644 --- a/include/user.inc.php +++ b/include/user.inc.php @@ -91,6 +91,35 @@ if (!isset($user['id'])) $user['is_the_guest'] = true; } +// using Apache authentication override the above user search +if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER'])) +{ + $query = ' +SELECT id + FROM '.USERS_TABLE.' + WHERE username = \''.mysql_escape_string($_SERVER['REMOTE_USER']).'\' +;'; + $result = pwg_query($query); + + if (mysql_num_rows($result) == 0) + { + register_user($_SERVER['REMOTE_USER'], '', '', ''); + + $query = ' +SELECT id + FROM '.USERS_TABLE.' + WHERE username = \''.mysql_escape_string($_SERVER['REMOTE_USER']).'\' +;'; + list($user['id']) = mysql_fetch_row(pwg_query($query)); + } + else + { + list($user['id']) = mysql_fetch_row($result); + } + + $user['is_the_guest'] = false; +} + $query = ' SELECT u.*, uf.* FROM '.USERS_TABLE.' AS u LEFT JOIN '.USER_FORBIDDEN_TABLE.' AS uf diff --git a/template/default/category.tpl b/template/default/category.tpl index fd4c88262..437652138 100644 --- a/template/default/category.tpl +++ b/template/default/category.tpl @@ -41,34 +41,48 @@ </div> <div class="titreMenu">{L_IDENTIFY}</div> <div class="menu"> - <!-- BEGIN login --> + <!-- BEGIN hello --> + <p>{L_HELLO} {USERNAME} !</p> + <!-- END hello --> <ul class="menu"> + + <!-- BEGIN register --> <li><a href="{U_REGISTER}">{L_REGISTER}</a></li> - <li><a href="{F_IDENTIFY}">{L_LOGIN}</a></li> - </ul> - <hr /> - <form method="post" action="{F_IDENTIFY}"> - <input type="hidden" name="redirect" value="{U_REDIRECT}"> - {L_USERNAME}<br /> - <input type="text" name="username" size="15" value="" /><br /> - {L_PASSWORD}<br /> - <input type="password" name="password" size="15"><br /> - <!-- BEGIN remember_me --> - <input type="checkbox" name="remember_me" value="1" /> {L_REMEMBER_ME}<br /> - <!-- END remember_me --> - <input type="submit" name="login" value="{L_SUBMIT}" class="bouton" /> + <!-- END register --> + + <!-- BEGIN login --> + <li><a href="{F_IDENTIFY}">{L_LOGIN}</a></li> + <!-- END login --> + + <!-- BEGIN logout --> + <li><a href="{U_LOGOUT}">{L_LOGOUT}</a></li> + <!-- END logout --> + + <!-- BEGIN profile --> + <li><a href="{U_PROFILE}" title="{L_PROFILE_HINT}">{L_PROFILE}</a></li> + <!-- END profile --> + + <!-- BEGIN admin --> + <li><a href="{U_ADMIN}" title="{L_ADMIN_HINT}">{L_ADMIN}</a></li> + <!-- END admin --> + + </ul> + + <!-- BEGIN quickconnect --> + <hr /> + <form method="post" action="{F_IDENTIFY}"> + <input type="hidden" name="redirect" value="{U_REDIRECT}"> + {L_USERNAME}<br /> + <input type="text" name="username" size="15" value="" /><br /> + {L_PASSWORD}<br /> + <input type="password" name="password" size="15"><br /> + <!-- BEGIN remember_me --> + <input type="checkbox" name="remember_me" value="1" /> {L_REMEMBER_ME}<br /> + <!-- END remember_me --> + <input type="submit" name="login" value="{L_SUBMIT}" class="bouton" /> </form> - <!-- END login --> - <!-- BEGIN logout --> - <p>{L_HELLO} {USERNAME} !</p> - <ul class="menu"> - <li><a href="{U_LOGOUT}">{L_LOGOUT}</a></li> - <li><a href="{U_PROFILE}" title="{L_PROFILE_HINT}">{L_PROFILE}</a></li> - <!-- BEGIN admin --> - <li><a href="{U_ADMIN}" title="{L_ADMIN_HINT}">{L_ADMIN}</a></li> - <!-- END admin --> - </ul> - <!-- END logout --> + <!-- END quickconnect --> + </div> </div> </td> |