aboutsummaryrefslogtreecommitdiffstats
path: root/include/functions_session.inc.php (unfollow)
Commit message (Collapse)AuthorFilesLines
2016-05-13fixes #479, fallback on srand.php to generate random bytesplegall1-1/+11
when random_compat does not find a suitable random generator. srand.php comes from https://github.com/GeorgeArgyros/Secure-random-bytes-in-PHP
2016-04-26bug #470, use a dedicated lib to generate random bytesplegall1-26/+11
2016-02-13bug #383, fix the bug in dedicated function as wellplegall1-1/+1
2016-02-12feature #383, dedicated function to delete sessionsplegall1-0/+16
2016-01-14happy new year 2016, all headers updatedplegall1-1/+1
2015-11-10fixes #373 ask a longer random stringplegall1-2/+2
to openssl_random_pseudo_bytes, to avoid reaching the base64 trailing "=" signs
2014-06-03bug 3082: increase generate_key randomness with openssl_random_pseudo_bytes ↵plegall1-8/+25
(with fallback on mt_rand for Windows+PHP<5.3.4) git-svn-id: http://piwigo.org/svn/trunk@28615 68402e56-0260-453c-a942-63ccdbb3a9ee
2014-06-02use lookup string for generate_key functionmistic1001-6/+6
git-svn-id: http://piwigo.org/svn/trunk@28591 68402e56-0260-453c-a942-63ccdbb3a9ee
2014-05-29bug 3082: random key generation algorithmrvelices1-10/+0
git-svn-id: http://piwigo.org/svn/trunk@28571 68402e56-0260-453c-a942-63ccdbb3a9ee
2014-01-05Update headers to 2014. Happy new year!!mistic1001-1/+1
git-svn-id: http://piwigo.org/svn/trunk@26461 68402e56-0260-453c-a942-63ccdbb3a9ee
2013-11-21feature 2999: documentation of functions_rate and functions_sessionmistic1001-56/+77
git-svn-id: http://piwigo.org/svn/trunk@25614 68402e56-0260-453c-a942-63ccdbb3a9ee
2013-01-20protect session data with pwg_db_real_escape_stringmistic1001-1/+1
git-svn-id: http://piwigo.org/svn/trunk@20281 68402e56-0260-453c-a942-63ccdbb3a9ee
2013-01-01 update Piwigo headers to 2013 (the end of the world didn't occur as ↵plegall1-1/+1
expected on r12922) git-svn-id: http://piwigo.org/svn/trunk@19703 68402e56-0260-453c-a942-63ccdbb3a9ee
2012-11-01feature 2783: ability to disable ip address in the session idplegall1-0/+7
git-svn-id: http://piwigo.org/svn/trunk@18850 68402e56-0260-453c-a942-63ccdbb3a9ee
2012-01-17update Piwigo headers to 2012, last change before the expected (or not) ↵mistic1001-1/+1
apocalypse git-svn-id: http://piwigo.org/svn/trunk@12922 68402e56-0260-453c-a942-63ccdbb3a9ee
2011-12-19feature:2538 transmits messages after comment edition trough SESSION (no ↵mistic1001-1/+1
more ugly url displayed, avoid some minor bugs) git-svn-id: http://piwigo.org/svn/trunk@12767 68402e56-0260-453c-a942-63ccdbb3a9ee
2011-09-08- fix protection against session hijacking for IPv4; ti be done later for ipv6rvelices1-6/+9
git-svn-id: http://piwigo.org/svn/trunk@12119 68402e56-0260-453c-a942-63ccdbb3a9ee
2011-08-15bug:2402flop251-5/+1
vsprintf() [function.vsprintf ]: Too few arguments => fix with that code but tests in various environements are needed git-svn-id: http://piwigo.org/svn/trunk@11951 68402e56-0260-453c-a942-63ccdbb3a9ee
2011-01-18Happy new year 2011plegall1-2/+2
Change "Piwigo - a PHP based picture gallery" into "Piwigo - a PHP based photo gallery" git-svn-id: http://piwigo.org/svn/trunk@8728 68402e56-0260-453c-a942-63ccdbb3a9ee
2010-07-06Bug 1766 fixed : [PostgreSQL] unkown database function UNIX_TIMESTAMP()nikrou1-1/+1
Add a new function pwg_db_date_to_ts() to calculate a timestamp from a date git-svn-id: http://piwigo.org/svn/trunk@6666 68402e56-0260-453c-a942-63ccdbb3a9ee
2010-03-19increase copyright year to 2010plegall1-1/+1
git-svn-id: http://piwigo.org/svn/trunk@5196 68402e56-0260-453c-a942-63ccdbb3a9ee
2010-01-28Feature 511 : add support for sqlite database enginenikrou1-0/+1
Using session_write_close function when session handler use database because write is called after object destruction. git-svn-id: http://piwigo.org/svn/trunk@4781 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-11-20Feature 1244 resolvednikrou1-1/+1
Replace all mysql functions in core code by ones independant of database engine Fix small php code synxtax : hash must be accessed with [ ] and not { }. git-svn-id: http://piwigo.org/svn/trunk@4325 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-02-26merge r3165 from branch 2.0 to trunkplegall1-2/+10
bug 913 fixed: ability to connect with an IPv6 address was added. git-svn-id: http://piwigo.org/svn/trunk@3166 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-01-04Administration: happy new year 2009, all PHP headers updated. plegall1-1/+1
git-svn-id: http://piwigo.org/svn/trunk@3049 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-11-22- Bug fixed: username or password with accented character are now accepted ↵patdenice1-12/+1
for upgrade. - Simplify query in pwg_session_write function. - Retrieve data with cURL method in fetchRemote function now work with forwarded URL. git-svn-id: http://piwigo.org/svn/trunk@2900 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-11-19- Replace some mysql_query by pwg_query function.patdenice1-1/+1
- Add home button after upgrade.php. - Add utf8 charset for access denied message. - Replace some #content by .content in css files. - Fix menubar blocks borders with IE. git-svn-id: http://piwigo.org/svn/trunk@2884 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-10-16merge 2755 and 2756 from branch 2.0 to trunkrvelices1-1/+2
- 2755 fix vulnerability http://www.milw0rm.com/exploits/6755 - 2756 security paranoia: protect session/remember me cookies from XSS attacks (works only if php>=5.2 and with IE/FF maybe others) git-svn-id: http://piwigo.org/svn/trunk@2757 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-09-12- images.file categories.permalink old_permalinks.permalink - become binaryrvelices1-4/+9
- session security improvement: now the sessions are valid only for originating ip addr (with mask 255.255.0.0 to allow users behind load balancing proxies) -> stealing the session cookie is almost a non issue (with the exception of the 65536 machines in range) - metadata sync from the sync button does not overwrite valid data with empty metadata - other small fixes/enhancements: - added event get_category_image_orders - fix display issue with redirect.tpl (h1/h2 within h1) - fix known_script smarty function registration - query search form not submitted if q is empty - better admin css rules - some other minor changes (ws_core, rest_handler, functions_search...) git-svn-id: http://piwigo.org/svn/trunk@2521 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-04-05Bug fixed: as rvelices notified me by email, my header replacement script wasplegall1-24/+0
bugged (r2297 was repeating new and old header). By the way, I've also removed the replacement keywords. We were using them because it was a common usage with CVS but it is advised not to use them with Subversion. Personnaly, it is a problem when I search differences between 2 Piwigo installations outside Subversion. git-svn-id: http://piwigo.org/svn/trunk@2299 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-04-04Modification: new header on PHP files, PhpWebGallery renamed Piwigo.plegall1-0/+21
git-svn-id: http://piwigo.org/svn/trunk@2297 68402e56-0260-453c-a942-63ccdbb3a9ee
2007-05-01Issue 0000684: History [Search] - Add a thumbnail displayrub1-60/+2
o Display choice can be selected o Display choice is saved on on cookie o Small improvement picture link (hoverbox on all the link, alt&title on classic mode) o New cookie functions and use Enhance computing method of script_basename function. http://forum.phpwebgallery.net/viewtopic.php?pid=58258#p58258 Merge BSF 1988:1989 into branch-1_7 git-svn-id: http://piwigo.org/svn/trunk@1992 68402e56-0260-453c-a942-63ccdbb3a9ee
2007-01-24- plugins with own independent scripts work now (cookie_path and url root arervelices1-1/+18
correct) - prepare a bit some url functions so that later we can fully embed pwg in scripts located outside pwg - remove some unnecessary language strings git-svn-id: http://piwigo.org/svn/trunk@1750 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-12-01- sessions are always started (even for visitors)rvelices1-1/+46
- thumbnail order saved in the session instead of cookie git-svn-id: http://piwigo.org/svn/trunk@1623 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-07-23bug 451 fixed: problem with auto loginnikrou1-5/+2
- add an auto_login_key in users_table - $conf['session_length'] is no more useful and sessions length will be 0 (until browser closed) - add $conf['remember_me_name'] for cookie remember name git-svn-id: http://piwigo.org/svn/trunk@1493 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-07-08fix bug 458: Cannot log due to broken session cookie (wrong "path")chrisaga1-2/+9
use $_SERVER['REDIRECT_URL'] if it's set add a trailing '/' git-svn-id: http://piwigo.org/svn/trunk@1442 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-07-03merge -r1428:1429 from branch 1.6 to trunk (bug fixed: check of nonplegall1-1/+1
emptiness on $_SERVER['PATH_INFO']) git-svn-id: http://piwigo.org/svn/trunk@1430 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-04-20merge r1216 from branch-1_6 into trunkrvelices1-7/+13
bug 340: ini_set disabled to Club Internet ISP + 1 error text message fix: display issue with IE6 on admin rating (table from 100% to 99%) git-svn-id: http://piwigo.org/svn/trunk@1217 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-04-17bug 308: improve correctionnikrou1-16/+6
svn merge -r1190:1191 from branch1_6 into trunk git-svn-id: http://piwigo.org/svn/trunk@1192 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-04-14merge r1175 from branch-1_6 into trunkrvelices1-3/+14
fix: sessions css 3px image border goes from both clear and dark to image.css git-svn-id: http://piwigo.org/svn/trunk@1176 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-04-14-bug 308 fixed: problem when updating sessionnikrou1-1/+1
git-svn-id: http://piwigo.org/svn/trunk@1164 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-03-22URL rewriting: capable of fully working with urls without ?rvelices1-2/+17
URL rewriting: works with image file instead of image id (change make_picture_url to generate urls with file name instead of image id) URL rewriting: completely works with category/best_rated and picture/best_rated/534 (change 'category.php?' to 'category' in make_index_url and 'picture.php?' to 'picture' in make_picture_url to see it) fix: picture category display in upper bar fix: function rate_picture variables and use of the new user type fix: caddie icon appears now on category page fix: admin element_set sql query was using storage_category_id column (column has moved to #image_categories) fix: replaced some old $_GET[xxx] with $page[xxx] fix: pictures have metadata url (use ? parameter - might change later) git-svn-id: http://piwigo.org/svn/trunk@1092 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-03-03optimization: in sessions write 1 less sql query (except during login)rvelices1-37/+28
bug: corrected algorithm for pretty calendar month view git-svn-id: http://piwigo.org/svn/trunk@1063 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-02-12The session garbage collector should not be called when a session is closednikrou1-1/+0
git-svn-id: http://piwigo.org/svn/trunk@1034 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-02-11small modification: we can now store any information in sessionsnikrou1-1/+2
(cf topic:5667) git-svn-id: http://piwigo.org/svn/trunk@1032 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-02-08- remake of Remote sites and Synchronize: rvelices1-1/+19
- synchronization for remote and local sites are done by the same code - remote sites can update metadata now (not before) - bug 279 - fixes bug 82: has_high column - improve feature 280: user sort by filename - fix path to template mimetypes icons - bug 284: session cookie lifetime, deletion on logout and corrected issue when db upgrades were missing git-svn-id: http://piwigo.org/svn/trunk@1029 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-02-03fixed problem of cookie session pathnikrou1-5/+5
fixed problem of undefined variable conf in upgrade_feed.php fixed problem of undefined index is_the_guest of tab variable user git-svn-id: http://piwigo.org/svn/trunk@1023 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-01-25bug: new session system does not use db session handler during install.phprvelices1-1/+31
bug: put back function generate_key (was also used by new password generation and new feed generation) git-svn-id: http://piwigo.org/svn/trunk@1013 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-01-21improve sessions: add comments to functionsnikrou1-28/+60
git-svn-id: http://piwigo.org/svn/trunk@1010 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-01-18bug fix 261: improve security of sessions (next to svn:1004):nikrou1-28/+54
- improve presentation code style - add upgrade database file git-svn-id: http://piwigo.org/svn/trunk@1007 68402e56-0260-453c-a942-63ccdbb3a9ee