diff options
| -rw-r--r-- | admin/configuration.php | 9 | ||||
| -rw-r--r-- | category.php | 4 | ||||
| -rw-r--r-- | identification.php | 33 | ||||
| -rw-r--r-- | include/config.inc.php | 12 | ||||
| -rw-r--r-- | include/functions_session.inc.php | 10 | ||||
| -rw-r--r-- | include/user.inc.php | 20 | ||||
| -rw-r--r-- | install/config.sql | 1 | ||||
| -rw-r--r-- | language/en_UK.iso-8859-1/admin.lang.php | 4 | ||||
| -rw-r--r-- | template/default/admin/configuration.tpl | 5 | ||||
| -rw-r--r-- | template/default/category.tpl | 2 | ||||
| -rw-r--r-- | template/default/identification.tpl | 2 |
11 files changed, 35 insertions, 67 deletions
diff --git a/admin/configuration.php b/admin/configuration.php index 1c8c206f0..36e52c500 100644 --- a/admin/configuration.php +++ b/admin/configuration.php @@ -154,8 +154,6 @@ $template->assign_vars( 'L_NO'=>$lang['no'], 'L_SUBMIT'=>$lang['submit'], 'L_RESET'=>$lang['reset'], - 'L_URI'=>$lang['URI'], - 'L_COOKIE'=>$lang['cookie'], 'F_ACTION'=>add_session_id($action) )); @@ -304,9 +302,6 @@ switch ($page['section']) } case 'session' : { - $auth_method_URI = ($conf['auth_method']=='URI')?'checked="checked"':''; - $auth_method_cookie = - ($conf['auth_method']=='cookie')?'checked="checked"':''; $authorize_remembering_yes = ($conf['authorize_remembering']=='true')?'checked="checked"':''; $authorize_remembering_no = @@ -316,14 +311,10 @@ switch ($page['section']) 'session', array( 'L_CONF_TITLE'=>$lang['conf_session_title'], - 'L_CONF_AUTH_METHOD'=>$lang['conf_auth_method'], - 'L_CONF_AUTH_METHOD_INFO'=>$lang['conf_auth_method_info'], 'L_CONF_AUTHORIZE_REMEMBERING'=>$lang['conf_authorize_remembering'], 'L_CONF_AUTHORIZE_REMEMBERING_INFO' => $lang['conf_authorize_remembering_info'], - 'AUTH_METHOD_URI'=>$auth_method_URI, - 'AUTH_METHOD_COOKIE'=>$auth_method_cookie, 'AUTHORIZE_REMEMBERING_YES'=>$authorize_remembering_yes, 'AUTHORIZE_REMEMBERING_NO'=>$authorize_remembering_no )); diff --git a/category.php b/category.php index 2e897e591..c0728dcf1 100644 --- a/category.php +++ b/category.php @@ -239,6 +239,10 @@ if ( !$user['is_the_guest'] ) else { $template->assign_block_vars('login',array()); + if ($conf['authorize_remembering']) + { + $template->assign_block_vars('login.remember_me',array()); + } } // search link diff --git a/identification.php b/identification.php index 602af430c..336879fe4 100644 --- a/identification.php +++ b/identification.php @@ -42,29 +42,15 @@ SELECT id, password $row = mysql_fetch_array(mysql_query($query)); if ($row['password'] == md5($_POST['password'])) { - if ($conf['auth_method'] == 'cookie' - or isset($_POST['remember_me']) and $_POST['remember_me'] == 1) + $session_length = $conf['session_length']; + if ($conf['authorize_remembering'] + and isset($_POST['remember_me']) + and $_POST['remember_me'] == 1) { - if ($conf['auth_method'] == 'cookie') - { - $cookie_length = $conf['session_length']; - } - else if ($_POST['remember_me'] == 1) - { - $cookie_length = $conf['remember_me_length']; - } - session_create($row['id'], - 'cookie', - $cookie_length); - redirect('category.php'); - } - else if ($conf['auth_method'] == 'URI') - { - $session_id = session_create($row['id'], - 'URI', - $conf['session_length']); - redirect('category.php?id='.$session_id); + $session_length = $conf['remember_me_length']; } + $session_id = session_create($row['id'], $session_length); + redirect('category.php?id='.$session_id); } else { @@ -97,6 +83,11 @@ $template->assign_vars( 'F_LOGIN_ACTION' => add_session_id('identification.php') )); + +if ($conf['authorize_remembering']) +{ + $template->assign_block_vars('remember_me',array()); +} //-------------------------------------------------------------- errors display if ( sizeof( $errors ) != 0 ) { diff --git a/include/config.inc.php b/include/config.inc.php index a2a3b0d4c..07ec9e8a6 100644 --- a/include/config.inc.php +++ b/include/config.inc.php @@ -96,9 +96,11 @@ $conf['remember_me_length'] = 31536000; // time of validity for normal session, in seconds. $conf['session_length'] = 3600; -// session id length when session id in URI -$conf['session_id_size_URI'] = 4; - -// session id length when session id in cookie -$conf['session_id_size_cookie'] = 50; +// session id size. A session identifier is compound of alphanumeric +// characters and is case sensitive. Each character is among 62 +// possibilities. The number of possible sessions is +// 62^$conf['session_id_size']. +// 62^5 = 916,132,832 +// 62^10 = 839,299,365,868,340,224 +$conf['session_id_size'] = 10; ?> diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php index ce66e3a30..bb0fca11c 100644 --- a/include/functions_session.inc.php +++ b/include/functions_session.inc.php @@ -62,11 +62,10 @@ function generate_key($size) * - return session identifier * * @param int userid - * @param string method : cookie or URI * @param int session_lentgh : in seconds * @return string */ -function session_create($userid, $method, $session_length) +function session_create($userid, $session_length) { global $conf; @@ -74,7 +73,7 @@ function session_create($userid, $method, $session_length) $id_found = false; while (!$id_found) { - $generated_id = generate_key($conf['session_id_size_'.$method]); + $generated_id = generate_key($conf['session_id_size']); $query = ' SELECT id FROM '.SESSIONS_TABLE.' @@ -97,10 +96,7 @@ INSERT INTO '.SESSIONS_TABLE.' ;'; mysql_query($query); - if ($method == 'cookie') - { - setcookie('id', $generated_id, $session_length+time(), cookie_path()); - } + setcookie('id', $generated_id, $expiration, cookie_path()); return $generated_id; } diff --git a/include/user.inc.php b/include/user.inc.php index 01a7243d1..a39441bb2 100644 --- a/include/user.inc.php +++ b/include/user.inc.php @@ -39,25 +39,15 @@ $query_user = 'SELECT * FROM '.USERS_TABLE; $query_done = false; $user['is_the_guest'] = false; -// cookie deletion if administrator don't authorize them anymore -if (!$conf['authorize_remembering'] and isset($_COOKIE['id'])) +if (isset($_COOKIE['id'])) { - setcookie('id', '', 0, cookie_path()); - $url = 'category.php'; - redirect($url); + $session_id = $_COOKIE['id']; + $user['has_cookie'] = true; } - -if (isset($_GET['id'])) +else if (isset($_GET['id'])) { $session_id = $_GET['id']; $user['has_cookie'] = false; - $session_id_size = $conf['session_id_size_URI']; -} -elseif (isset($_COOKIE['id'])) -{ - $session_id = $_COOKIE['id']; - $user['has_cookie'] = true; - $session_id_size = $conf['session_id_size_cookie']; } else { @@ -65,7 +55,7 @@ else } if (isset($session_id) - and ereg("^[0-9a-zA-Z]{".$session_id_size."}$", $session_id)) + and ereg("^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id)) { $page['session_id'] = $session_id; $query = ' diff --git a/install/config.sql b/install/config.sql index e6be0e8c9..52f810885 100644 --- a/install/config.sql +++ b/install/config.sql @@ -26,5 +26,4 @@ INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('use_iptc','false INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('use_exif','true','Use EXIF data during database synchronization with files metadata'); INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('show_iptc','false','Show IPTC metadata on picture.php if asked by user'); INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('show_exif','true','Show EXIF metadata on picture.php if asked by user'); -INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('auth_method','URI','Default method used to authenticate users : URI or cookie'); INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('authorize_remembering','true','Authorize users to be remembered, see $conf{remember_me_length}'); diff --git a/language/en_UK.iso-8859-1/admin.lang.php b/language/en_UK.iso-8859-1/admin.lang.php index 51b408d63..a9d96461c 100644 --- a/language/en_UK.iso-8859-1/admin.lang.php +++ b/language/en_UK.iso-8859-1/admin.lang.php @@ -174,10 +174,6 @@ $lang['conf_upload_maxheight_thumbnail_error'] = 'Maximum height authorized for // Configuration -> session $lang['conf_session_title'] = 'Sessions'; -$lang['conf_auth_method'] = 'Authentication method'; -$lang['conf_auth_method_info'] = 'The default authentication method can be URI (session identifier in the gallery links) or cookie (no session identifier in links but needs cookies to be authorized by web browser)'; -$lang['URI'] = 'URI'; -$lang['cookie'] = 'cookie'; $lang['conf_authorize_remembering'] = 'Authorize remembering'; $lang['conf_authorize_remembering_info'] = 'Permits user to log for a long time. It creates a cookie on client side, with duration set in include/config.inc.php (1 year per default)'; diff --git a/template/default/admin/configuration.tpl b/template/default/admin/configuration.tpl index a6d00aea7..26605c14b 100644 --- a/template/default/admin/configuration.tpl +++ b/template/default/admin/configuration.tpl @@ -149,11 +149,6 @@ <td colspan="2"> </td> </tr> <tr> - <td width="70%"><strong>{session.L_CONF_AUTH_METHOD} :</strong><br /><span class="small">{session.L_CONF_AUTH_METHOD_INFO}</span></td> - <td class="row1"><input type="radio" class="radio" name="auth_method" value="URI" {session.AUTH_METHOD_URI} />{L_URI} - <input type="radio" class="radio" name="auth_method" value="cookie" {session.AUTH_METHOD_COOKIE} />{L_COOKIE}</td> - </tr> - <tr> <td width="70%"><strong>{session.L_CONF_AUTHORIZE_REMEMBERING} :</strong><br /><span class="small">{session.L_CONF_AUTHORIZE_REMEMBERING_INFO}</span></td> <td class="row1"><input type="radio" class="radio" name="authorize_remembering" value="true" {session.AUTHORIZE_REMEMBERING_YES} />{L_YES} <input type="radio" class="radio" name="authorize_remembering" value="false" {session.AUTHORIZE_REMEMBERING_NO} />{L_NO}</td> diff --git a/template/default/category.tpl b/template/default/category.tpl index a6effeefd..9f554ad83 100644 --- a/template/default/category.tpl +++ b/template/default/category.tpl @@ -40,7 +40,9 @@ <input type="text" name="username" size="15" value="" /><br /> {L_PASSWORD}<br /> <input type="password" name="password" size="15"><br /> + <!-- BEGIN remember_me --> <input type="checkbox" name="remember_me" value="1" /> {L_REMEMBER_ME}<br /> + <!-- END remember_me --> <input type="submit" name="login" value="{L_SUBMIT}" class="bouton" /> </form> <!-- END login --> diff --git a/template/default/identification.tpl b/template/default/identification.tpl index 412c28ece..d180676fc 100644 --- a/template/default/identification.tpl +++ b/template/default/identification.tpl @@ -30,12 +30,14 @@ <input class="login" type="password" name="password" size="25" maxlength="25" /> </td> </tr> + <!-- BEGIN remember_me --> <tr> <td align="right"><span class="gentbl">{L_REMEMBER_ME}:</span></td> <td> <input type="checkbox" name="remember_me" value="1" /> </td> </tr> + <!-- END remember_me --> <tr align="center"> <td colspan="2"><input type="submit" name="login" value="{L_LOGIN}" class="bouton" /></td> </tr> |