diff options
Diffstat (limited to '')
-rw-r--r-- | include/functions.inc.php | 1 | ||||
-rw-r--r-- | include/functions_cookie.inc.php | 114 | ||||
-rw-r--r-- | include/functions_rate.inc.php | 71 | ||||
-rw-r--r-- | include/functions_session.inc.php | 62 |
4 files changed, 145 insertions, 103 deletions
diff --git a/include/functions.inc.php b/include/functions.inc.php index becace1a4..e80e3cb3a 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -25,6 +25,7 @@ // +-----------------------------------------------------------------------+ include_once( PHPWG_ROOT_PATH .'include/functions_user.inc.php' ); +include_once( PHPWG_ROOT_PATH .'include/functions_cookie.inc.php' ); include_once( PHPWG_ROOT_PATH .'include/functions_session.inc.php' ); include_once( PHPWG_ROOT_PATH .'include/functions_category.inc.php' ); include_once( PHPWG_ROOT_PATH .'include/functions_xml.inc.php' ); diff --git a/include/functions_cookie.inc.php b/include/functions_cookie.inc.php new file mode 100644 index 000000000..28ef5ede9 --- /dev/null +++ b/include/functions_cookie.inc.php @@ -0,0 +1,114 @@ +<?php +// +-----------------------------------------------------------------------+ +// | PhpWebGallery - a PHP based picture gallery | +// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net | +// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net | +// +-----------------------------------------------------------------------+ +// | file : $Id$ +// | last update : $Date$ +// | last modifier : $Author$ +// | revision : $Revision$ +// +-----------------------------------------------------------------------+ +// | This program is free software; you can redistribute it and/or modify | +// | it under the terms of the GNU General Public License as published by | +// | the Free Software Foundation | +// | | +// | This program is distributed in the hope that it will be useful, but | +// | WITHOUT ANY WARRANTY; without even the implied warranty of | +// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | +// | General Public License for more details. | +// | | +// | You should have received a copy of the GNU General Public License | +// | along with this program; if not, write to the Free Software | +// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | +// | USA. | +// +-----------------------------------------------------------------------+ + +// cookie_path returns the path to use for the PhpWebGallery cookie. +// If PhpWebGallery is installed on : +// http://domain.org/meeting/gallery/category.php +// cookie_path will return : "/meeting/gallery" +function cookie_path() +{ + if ( isset($_SERVER['REDIRECT_SCRIPT_NAME']) and + !empty($_SERVER['REDIRECT_SCRIPT_NAME']) ) + { + $scr = $_SERVER['REDIRECT_SCRIPT_NAME']; + } + else if ( isset($_SERVER['REDIRECT_URL']) ) + { // mod_rewrite is activated for upper level directories. we must set the + // cookie to the path shown in the browser otherwise it will be discarded. + if ( isset($_SERVER['PATH_INFO']) and !empty($_SERVER['PATH_INFO']) ) + { + $idx = strpos( $_SERVER['REDIRECT_URL'], $_SERVER['PATH_INFO'] ); + if ($idx !== false) + { + $scr = substr($_SERVER['REDIRECT_URL'], 0, $idx); + } + else + {//this should never happen + $scr='//'; + } + } + else + { + $scr = $_SERVER['REDIRECT_URL']; + } + } + else + { + $scr = $_SERVER['SCRIPT_NAME']; + } + $scr = substr($scr,0,strrpos( $scr,'/')); + + // add a trailing '/' if needed + $scr .= ($scr{strlen($scr)-1} == '/') ? '' : '/'; + + if ( substr(PHPWG_ROOT_PATH,0,3)=='../') + { // this is maybe a plugin inside pwg directory + // TODO - what if it is an external script outside PWG ? + $scr = $scr.PHPWG_ROOT_PATH; + while (1) + { + $new = preg_replace('#[^/]+/\.\.(/|$)#', '', $scr); + if ($new==$scr) + { + break; + } + $scr=$new; + } + } + return $scr; +} + +/** + * persistently stores a variable in pwg cookie + * @return boolean true on success + * @see pwg_get_cookie_var + */ +function pwg_set_cookie_var($var, $value) +{ + $_COOKIE['pwg_'.$var] = $value; + return + setcookie('pwg_'.$var, $value, + strtotime('+10 years'), cookie_path()); +} + +/** + * retrieves the value of a persistent variable in pwg cookie + * @return mixed + * @see pwg_set_cookie_var + */ +function pwg_get_cookie_var($var, $default = null) +{ + if (isset($_COOKIE['pwg_'.$var])) + { + return $_COOKIE['pwg_'.$var]; + } + else + { + return $default; + } +} + +?> diff --git a/include/functions_rate.inc.php b/include/functions_rate.inc.php index 3fe1a668e..a0486bd55 100644 --- a/include/functions_rate.inc.php +++ b/include/functions_rate.inc.php @@ -4,8 +4,7 @@ // | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net | // | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net | // +-----------------------------------------------------------------------+ -// | branch : BSF (Best So Far) -// | file : $RCSfile$ +// | file : $Id$ // | last update : $Date$ // | last modifier : $Author$ // | revision : $Revision$ @@ -59,57 +58,43 @@ function rate_picture($image_id, $rate) } $anonymous_id = implode ('.', $ip_components); - if (isset($_COOKIE['pwg_anonymous_rater'])) - { - if ($anonymous_id != $_COOKIE['pwg_anonymous_rater']) - { // client has changed his IP adress or he's trying to fool us - $query = ' + $save_anonymous_id = pwg_get_cookie_var('anonymous_rater', $anonymous_id); + + if ($anonymous_id != $save_anonymous_id) + { // client has changed his IP adress or he's trying to fool us + $query = ' SELECT element_id - FROM '.RATE_TABLE.' - WHERE user_id = '.$user['id'].' - AND anonymous_id = \''.$anonymous_id.'\' +FROM '.RATE_TABLE.' +WHERE user_id = '.$user['id'].' + AND anonymous_id = \''.$anonymous_id.'\' ;'; - $already_there = array_from_query($query, 'element_id'); + $already_there = array_from_query($query, 'element_id'); - if (count($already_there) > 0) - { - $query = ' + if (count($already_there) > 0) + { + $query = ' DELETE - FROM '.RATE_TABLE.' - WHERE user_id = '.$user['id'].' - AND anonymous_id = \''.$_COOKIE['pwg_anonymous_rater'].'\' - AND element_id NOT IN ('.implode(',', $already_there).') +FROM '.RATE_TABLE.' +WHERE user_id = '.$user['id'].' + AND anonymous_id = \''.$save_anonymous_id.'\' + AND element_id NOT IN ('.implode(',', $already_there).') ;'; - pwg_query($query); - } + pwg_query($query); + } - $query = ' + $query = ' UPDATE - '.RATE_TABLE.' - SET anonymous_id = \'' .$anonymous_id.'\' - WHERE user_id = '.$user['id'].' - AND anonymous_id = \'' . $_COOKIE['pwg_anonymous_rater'].'\' +'.RATE_TABLE.' +SET anonymous_id = \'' .$anonymous_id.'\' +WHERE user_id = '.$user['id'].' + AND anonymous_id = \'' . $save_anonymous_id.'\' ;'; - pwg_query($query); + pwg_query($query); + } // end client changed ip - setcookie( - 'pwg_anonymous_rater', - $anonymous_id, - strtotime('+10 years'), - cookie_path() - ); - } // end client changed ip - } // end client has cookie - else - { - setcookie( - 'pwg_anonymous_rater', - $anonymous_id, - strtotime('+10 years'), - cookie_path() - ); - } + pwg_get_cookie_var('anonymous_rater', $anonymous_id); } // end anonymous user + $query = ' DELETE FROM '.RATE_TABLE.' diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php index d02fea3ae..8e49d9b0d 100644 --- a/include/functions_session.inc.php +++ b/include/functions_session.inc.php @@ -2,10 +2,9 @@ // +-----------------------------------------------------------------------+ // | PhpWebGallery - a PHP based picture gallery | // | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net | -// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net | +// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net | // +-----------------------------------------------------------------------+ -// | branch : BSF (Best So Far) -// | file : $RCSfile$ +// | file : $Id$ // | last update : $Date$ // | last modifier : $Author$ // | revision : $Revision$ @@ -75,63 +74,6 @@ if (isset($conf['session_save_handler']) session_set_cookie_params(0, cookie_path()); } -// cookie_path returns the path to use for the PhpWebGallery cookie. -// If PhpWebGallery is installed on : -// http://domain.org/meeting/gallery/category.php -// cookie_path will return : "/meeting/gallery" -function cookie_path() -{ - if ( isset($_SERVER['REDIRECT_SCRIPT_NAME']) and - !empty($_SERVER['REDIRECT_SCRIPT_NAME']) ) - { - $scr = $_SERVER['REDIRECT_SCRIPT_NAME']; - } - else if ( isset($_SERVER['REDIRECT_URL']) ) - { // mod_rewrite is activated for upper level directories. we must set the - // cookie to the path shown in the browser otherwise it will be discarded. - if ( isset($_SERVER['PATH_INFO']) and !empty($_SERVER['PATH_INFO']) ) - { - $idx = strpos( $_SERVER['REDIRECT_URL'], $_SERVER['PATH_INFO'] ); - if ($idx !== false) - { - $scr = substr($_SERVER['REDIRECT_URL'], 0, $idx); - } - else - {//this should never happen - $scr='//'; - } - } - else - { - $scr = $_SERVER['REDIRECT_URL']; - } - } - else - { - $scr = $_SERVER['SCRIPT_NAME']; - } - $scr = substr($scr,0,strrpos( $scr,'/')); - - // add a trailing '/' if needed - $scr .= ($scr{strlen($scr)-1} == '/') ? '' : '/'; - - if ( substr(PHPWG_ROOT_PATH,0,3)=='../') - { // this is maybe a plugin inside pwg directory - // TODO - what if it is an external script outside PWG ? - $scr = $scr.PHPWG_ROOT_PATH; - while (1) - { - $new = preg_replace('#[^/]+/\.\.(/|$)#', '', $scr); - if ($new==$scr) - { - break; - } - $scr=$new; - } - } - return $scr; -} - /** * returns true; used when the session_start() function is called * |