aboutsummaryrefslogtreecommitdiffstats
path: root/include/functions_session.inc.php (unfollow)
Commit message (Collapse)AuthorFilesLines
2013-01-20protect session data with pwg_db_real_escape_stringmistic1001-1/+1
git-svn-id: http://piwigo.org/svn/trunk@20281 68402e56-0260-453c-a942-63ccdbb3a9ee
2013-01-01 update Piwigo headers to 2013 (the end of the world didn't occur as ↵plegall1-1/+1
expected on r12922) git-svn-id: http://piwigo.org/svn/trunk@19703 68402e56-0260-453c-a942-63ccdbb3a9ee
2012-11-01feature 2783: ability to disable ip address in the session idplegall1-0/+7
git-svn-id: http://piwigo.org/svn/trunk@18850 68402e56-0260-453c-a942-63ccdbb3a9ee
2012-01-17update Piwigo headers to 2012, last change before the expected (or not) ↵mistic1001-1/+1
apocalypse git-svn-id: http://piwigo.org/svn/trunk@12922 68402e56-0260-453c-a942-63ccdbb3a9ee
2011-12-19feature:2538 transmits messages after comment edition trough SESSION (no ↵mistic1001-1/+1
more ugly url displayed, avoid some minor bugs) git-svn-id: http://piwigo.org/svn/trunk@12767 68402e56-0260-453c-a942-63ccdbb3a9ee
2011-09-08- fix protection against session hijacking for IPv4; ti be done later for ipv6rvelices1-6/+9
git-svn-id: http://piwigo.org/svn/trunk@12119 68402e56-0260-453c-a942-63ccdbb3a9ee
2011-08-15bug:2402flop251-5/+1
vsprintf() [function.vsprintf ]: Too few arguments => fix with that code but tests in various environements are needed git-svn-id: http://piwigo.org/svn/trunk@11951 68402e56-0260-453c-a942-63ccdbb3a9ee
2011-01-18Happy new year 2011plegall1-2/+2
Change "Piwigo - a PHP based picture gallery" into "Piwigo - a PHP based photo gallery" git-svn-id: http://piwigo.org/svn/trunk@8728 68402e56-0260-453c-a942-63ccdbb3a9ee
2010-07-06Bug 1766 fixed : [PostgreSQL] unkown database function UNIX_TIMESTAMP()nikrou1-1/+1
Add a new function pwg_db_date_to_ts() to calculate a timestamp from a date git-svn-id: http://piwigo.org/svn/trunk@6666 68402e56-0260-453c-a942-63ccdbb3a9ee
2010-03-19increase copyright year to 2010plegall1-1/+1
git-svn-id: http://piwigo.org/svn/trunk@5196 68402e56-0260-453c-a942-63ccdbb3a9ee
2010-01-28Feature 511 : add support for sqlite database enginenikrou1-0/+1
Using session_write_close function when session handler use database because write is called after object destruction. git-svn-id: http://piwigo.org/svn/trunk@4781 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-11-20Feature 1244 resolvednikrou1-1/+1
Replace all mysql functions in core code by ones independant of database engine Fix small php code synxtax : hash must be accessed with [ ] and not { }. git-svn-id: http://piwigo.org/svn/trunk@4325 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-02-26merge r3165 from branch 2.0 to trunkplegall1-2/+10
bug 913 fixed: ability to connect with an IPv6 address was added. git-svn-id: http://piwigo.org/svn/trunk@3166 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-01-04Administration: happy new year 2009, all PHP headers updated. plegall1-1/+1
git-svn-id: http://piwigo.org/svn/trunk@3049 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-11-22- Bug fixed: username or password with accented character are now accepted ↵patdenice1-12/+1
for upgrade. - Simplify query in pwg_session_write function. - Retrieve data with cURL method in fetchRemote function now work with forwarded URL. git-svn-id: http://piwigo.org/svn/trunk@2900 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-11-19- Replace some mysql_query by pwg_query function.patdenice1-1/+1
- Add home button after upgrade.php. - Add utf8 charset for access denied message. - Replace some #content by .content in css files. - Fix menubar blocks borders with IE. git-svn-id: http://piwigo.org/svn/trunk@2884 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-10-16merge 2755 and 2756 from branch 2.0 to trunkrvelices1-1/+2
- 2755 fix vulnerability http://www.milw0rm.com/exploits/6755 - 2756 security paranoia: protect session/remember me cookies from XSS attacks (works only if php>=5.2 and with IE/FF maybe others) git-svn-id: http://piwigo.org/svn/trunk@2757 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-09-12- images.file categories.permalink old_permalinks.permalink - become binaryrvelices1-4/+9
- session security improvement: now the sessions are valid only for originating ip addr (with mask 255.255.0.0 to allow users behind load balancing proxies) -> stealing the session cookie is almost a non issue (with the exception of the 65536 machines in range) - metadata sync from the sync button does not overwrite valid data with empty metadata - other small fixes/enhancements: - added event get_category_image_orders - fix display issue with redirect.tpl (h1/h2 within h1) - fix known_script smarty function registration - query search form not submitted if q is empty - better admin css rules - some other minor changes (ws_core, rest_handler, functions_search...) git-svn-id: http://piwigo.org/svn/trunk@2521 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-04-05Bug fixed: as rvelices notified me by email, my header replacement script wasplegall1-24/+0
bugged (r2297 was repeating new and old header). By the way, I've also removed the replacement keywords. We were using them because it was a common usage with CVS but it is advised not to use them with Subversion. Personnaly, it is a problem when I search differences between 2 Piwigo installations outside Subversion. git-svn-id: http://piwigo.org/svn/trunk@2299 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-04-04Modification: new header on PHP files, PhpWebGallery renamed Piwigo.plegall1-0/+21
git-svn-id: http://piwigo.org/svn/trunk@2297 68402e56-0260-453c-a942-63ccdbb3a9ee
2007-05-01Issue 0000684: History [Search] - Add a thumbnail displayrub1-60/+2
o Display choice can be selected o Display choice is saved on on cookie o Small improvement picture link (hoverbox on all the link, alt&title on classic mode) o New cookie functions and use Enhance computing method of script_basename function. http://forum.phpwebgallery.net/viewtopic.php?pid=58258#p58258 Merge BSF 1988:1989 into branch-1_7 git-svn-id: http://piwigo.org/svn/trunk@1992 68402e56-0260-453c-a942-63ccdbb3a9ee
2007-01-24- plugins with own independent scripts work now (cookie_path and url root arervelices1-1/+18
correct) - prepare a bit some url functions so that later we can fully embed pwg in scripts located outside pwg - remove some unnecessary language strings git-svn-id: http://piwigo.org/svn/trunk@1750 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-12-01- sessions are always started (even for visitors)rvelices1-1/+46
- thumbnail order saved in the session instead of cookie git-svn-id: http://piwigo.org/svn/trunk@1623 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-07-23bug 451 fixed: problem with auto loginnikrou1-5/+2
- add an auto_login_key in users_table - $conf['session_length'] is no more useful and sessions length will be 0 (until browser closed) - add $conf['remember_me_name'] for cookie remember name git-svn-id: http://piwigo.org/svn/trunk@1493 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-07-08fix bug 458: Cannot log due to broken session cookie (wrong "path")chrisaga1-2/+9
use $_SERVER['REDIRECT_URL'] if it's set add a trailing '/' git-svn-id: http://piwigo.org/svn/trunk@1442 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-07-03merge -r1428:1429 from branch 1.6 to trunk (bug fixed: check of nonplegall1-1/+1
emptiness on $_SERVER['PATH_INFO']) git-svn-id: http://piwigo.org/svn/trunk@1430 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-04-20merge r1216 from branch-1_6 into trunkrvelices1-7/+13
bug 340: ini_set disabled to Club Internet ISP + 1 error text message fix: display issue with IE6 on admin rating (table from 100% to 99%) git-svn-id: http://piwigo.org/svn/trunk@1217 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-04-17bug 308: improve correctionnikrou1-16/+6
svn merge -r1190:1191 from branch1_6 into trunk git-svn-id: http://piwigo.org/svn/trunk@1192 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-04-14merge r1175 from branch-1_6 into trunkrvelices1-3/+14
fix: sessions css 3px image border goes from both clear and dark to image.css git-svn-id: http://piwigo.org/svn/trunk@1176 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-04-14-bug 308 fixed: problem when updating sessionnikrou1-1/+1
git-svn-id: http://piwigo.org/svn/trunk@1164 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-03-22URL rewriting: capable of fully working with urls without ?rvelices1-2/+17
URL rewriting: works with image file instead of image id (change make_picture_url to generate urls with file name instead of image id) URL rewriting: completely works with category/best_rated and picture/best_rated/534 (change 'category.php?' to 'category' in make_index_url and 'picture.php?' to 'picture' in make_picture_url to see it) fix: picture category display in upper bar fix: function rate_picture variables and use of the new user type fix: caddie icon appears now on category page fix: admin element_set sql query was using storage_category_id column (column has moved to #image_categories) fix: replaced some old $_GET[xxx] with $page[xxx] fix: pictures have metadata url (use ? parameter - might change later) git-svn-id: http://piwigo.org/svn/trunk@1092 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-03-03optimization: in sessions write 1 less sql query (except during login)rvelices1-37/+28
bug: corrected algorithm for pretty calendar month view git-svn-id: http://piwigo.org/svn/trunk@1063 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-02-12The session garbage collector should not be called when a session is closednikrou1-1/+0
git-svn-id: http://piwigo.org/svn/trunk@1034 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-02-11small modification: we can now store any information in sessionsnikrou1-1/+2
(cf topic:5667) git-svn-id: http://piwigo.org/svn/trunk@1032 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-02-08- remake of Remote sites and Synchronize: rvelices1-1/+19
- synchronization for remote and local sites are done by the same code - remote sites can update metadata now (not before) - bug 279 - fixes bug 82: has_high column - improve feature 280: user sort by filename - fix path to template mimetypes icons - bug 284: session cookie lifetime, deletion on logout and corrected issue when db upgrades were missing git-svn-id: http://piwigo.org/svn/trunk@1029 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-02-03fixed problem of cookie session pathnikrou1-5/+5
fixed problem of undefined variable conf in upgrade_feed.php fixed problem of undefined index is_the_guest of tab variable user git-svn-id: http://piwigo.org/svn/trunk@1023 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-01-25bug: new session system does not use db session handler during install.phprvelices1-1/+31
bug: put back function generate_key (was also used by new password generation and new feed generation) git-svn-id: http://piwigo.org/svn/trunk@1013 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-01-21improve sessions: add comments to functionsnikrou1-28/+60
git-svn-id: http://piwigo.org/svn/trunk@1010 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-01-18bug fix 261: improve security of sessions (next to svn:1004):nikrou1-28/+54
- improve presentation code style - add upgrade database file git-svn-id: http://piwigo.org/svn/trunk@1007 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-01-15Improve security of sessions: nikrou1-96/+58
- use only cookies to store session id on client side - use default php session system with database handler to store sessions on server side git-svn-id: http://piwigo.org/svn/trunk@1004 68402e56-0260-453c-a942-63ccdbb3a9ee
2005-08-08- new : external authentication in another users table. Previous users tableplegall1-15/+10
is divided between users (common properties with any web application) and user_infos (phpwebgallery specific informations). External table and fields can be configured. - modification : profile.php is not reachable through administration anymore (not useful). - modification : in profile.php, current password is mandatory only if user tries to change his password. Username can't be changed. - deletion : of obsolete functions get_user_restrictions, update_user_restrictions, get_user_all_restrictions, is_user_allowed, update_user - modification : $user['forbidden_categories'] equals at least "-1" so that category_id NOT IN ($user['forbidden_categories']) can always be used. - modification : user_forbidden table becomes user_cache so that not only restriction informations can be stored in this table. git-svn-id: http://piwigo.org/svn/trunk@808 68402e56-0260-453c-a942-63ccdbb3a9ee
2005-07-17- new feature : use Apache authentication. If $conf['apache_authentication']plegall1-2/+2
is set true : if no user matches $_SERVER['REMOTE_USER'] in "users" table, PWG automatically creates one. This way, users can customize the behaviour of the application. - template : new organisation of identification menu (category.php). Simplification is required for Apache authentication (no logout link even if user is externally logged in) - new : usernames can contain quotes (required because Apache authentication authorized quotes in usernames) git-svn-id: http://piwigo.org/svn/trunk@804 68402e56-0260-453c-a942-63ccdbb3a9ee
2005-01-07all headers adapted to new year 2005, happy new yearplegall1-1/+1
git-svn-id: http://piwigo.org/svn/trunk@675 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-12-18- bug fixed : in admin/cat_list, next_rank cant' be calculted and query toplegall1-4/+4
count sub-categories per sub-categories became false if no sub-categories - virtual association come back in admin/infos_images (not only in admin/picture_modify) - check_favorites function in admin section becomes check_user_favorites in public section : favorites are checked when user tries to display his favorites. Function was optimized. - in function update_category, wrap of long queries due to many categories to update at the same time - typo fixed in description of paginate_pages_around configuration parameter - bug fixed in new navigation bar : no separation pipe was displayed between next and last when the page displayed was the last - sessions.expiration changed of type from int to datetime (a lot easier to read) - sessions.ip removed : IP address is no longer used to verify session - $lang['cat_options'] was missing in en_UK.iso-8859-1 - typo fixed in language/en_UK.iso-8859-1/admin.lang.php on editcat_lock_info language item git-svn-id: http://piwigo.org/svn/trunk@647 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-11-06update headers to comply with GPLz0rglub1-4/+4
git-svn-id: http://piwigo.org/svn/trunk@593 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-10-30- function mysql_query replaced by pwg_query : the same with debuggingz0rglub1-2/+2
features - by default, DEBUG is set to 0 (off) git-svn-id: http://piwigo.org/svn/trunk@587 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-10-06- checkbox for "remember me" are only shown if authorizedz0rglub1-7/+3
- simplification : each session is created with a cookie and if PhpWebGallery can't read the cookie, it uses the URI id and it will be used in the add_session_id function. - configuration parameter "auth_method" disappeared (didn't lived much...) - only one session id size possible. More comments for configuration in include/config.inc.php git-svn-id: http://piwigo.org/svn/trunk@555 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-10-02- deletion of session_time and session_id_size as config parameterz0rglub1-24/+39
- new feature : "remember me" creates a long time cookie - possibility to set the default authentication method to URI or cookie - really technical parameters (session identifier size, session duration) are set in the config file and not in database + configuration.php git-svn-id: http://piwigo.org/svn/trunk@541 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-09-07- corrects bugs due to deletion of configuration parameters default_lang,z0rglub1-1/+1
default_style (renamed to default_language and default_template), session_keyword - in install.php, corrects bug to deletion of language keys : conf_general_webmaster, conf_general_webmaster_info and renaming of conf_general_mail git-svn-id: http://piwigo.org/svn/trunk@518 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-02-19Split of langage filesgweltas1-1/+1
git-svn-id: http://piwigo.org/svn/trunk@364 68402e56-0260-453c-a942-63ccdbb3a9ee