aboutsummaryrefslogtreecommitdiffstats
path: root/include/functions_session.inc.php (follow)
Commit message (Collapse)AuthorAgeFilesLines
* - fix protection against session hijacking for IPv4; ti be done later for ipv6rvelices2011-09-081-6/+9
| | | | git-svn-id: http://piwigo.org/svn/trunk@12119 68402e56-0260-453c-a942-63ccdbb3a9ee
* bug:2402flop252011-08-151-5/+1
| | | | | | vsprintf() [function.vsprintf ]: Too few arguments => fix with that code but tests in various environements are needed git-svn-id: http://piwigo.org/svn/trunk@11951 68402e56-0260-453c-a942-63ccdbb3a9ee
* Happy new year 2011plegall2011-01-181-2/+2
| | | | | | | Change "Piwigo - a PHP based picture gallery" into "Piwigo - a PHP based photo gallery" git-svn-id: http://piwigo.org/svn/trunk@8728 68402e56-0260-453c-a942-63ccdbb3a9ee
* Bug 1766 fixed : [PostgreSQL] unkown database function UNIX_TIMESTAMP()nikrou2010-07-061-1/+1
| | | | | | Add a new function pwg_db_date_to_ts() to calculate a timestamp from a date git-svn-id: http://piwigo.org/svn/trunk@6666 68402e56-0260-453c-a942-63ccdbb3a9ee
* increase copyright year to 2010plegall2010-03-191-1/+1
| | | | git-svn-id: http://piwigo.org/svn/trunk@5196 68402e56-0260-453c-a942-63ccdbb3a9ee
* Feature 511 : add support for sqlite database enginenikrou2010-01-281-0/+1
| | | | | | Using session_write_close function when session handler use database because write is called after object destruction. git-svn-id: http://piwigo.org/svn/trunk@4781 68402e56-0260-453c-a942-63ccdbb3a9ee
* Feature 1244 resolvednikrou2009-11-201-1/+1
| | | | | | | | Replace all mysql functions in core code by ones independant of database engine Fix small php code synxtax : hash must be accessed with [ ] and not { }. git-svn-id: http://piwigo.org/svn/trunk@4325 68402e56-0260-453c-a942-63ccdbb3a9ee
* merge r3165 from branch 2.0 to trunkplegall2009-02-261-2/+10
| | | | | | | bug 913 fixed: ability to connect with an IPv6 address was added. git-svn-id: http://piwigo.org/svn/trunk@3166 68402e56-0260-453c-a942-63ccdbb3a9ee
* Administration: happy new year 2009, all PHP headers updated. plegall2009-01-041-1/+1
| | | | git-svn-id: http://piwigo.org/svn/trunk@3049 68402e56-0260-453c-a942-63ccdbb3a9ee
* - Bug fixed: username or password with accented character are now accepted ↵patdenice2008-11-221-12/+1
| | | | | | | | | for upgrade. - Simplify query in pwg_session_write function. - Retrieve data with cURL method in fetchRemote function now work with forwarded URL. git-svn-id: http://piwigo.org/svn/trunk@2900 68402e56-0260-453c-a942-63ccdbb3a9ee
* - Replace some mysql_query by pwg_query function.patdenice2008-11-191-1/+1
| | | | | | | | | - Add home button after upgrade.php. - Add utf8 charset for access denied message. - Replace some #content by .content in css files. - Fix menubar blocks borders with IE. git-svn-id: http://piwigo.org/svn/trunk@2884 68402e56-0260-453c-a942-63ccdbb3a9ee
* merge 2755 and 2756 from branch 2.0 to trunkrvelices2008-10-161-1/+2
| | | | | | | | - 2755 fix vulnerability http://www.milw0rm.com/exploits/6755 - 2756 security paranoia: protect session/remember me cookies from XSS attacks (works only if php>=5.2 and with IE/FF maybe others) git-svn-id: http://piwigo.org/svn/trunk@2757 68402e56-0260-453c-a942-63ccdbb3a9ee
* - images.file categories.permalink old_permalinks.permalink - become binaryrvelices2008-09-121-4/+9
| | | | | | | | | | | | | | - session security improvement: now the sessions are valid only for originating ip addr (with mask 255.255.0.0 to allow users behind load balancing proxies) -> stealing the session cookie is almost a non issue (with the exception of the 65536 machines in range) - metadata sync from the sync button does not overwrite valid data with empty metadata - other small fixes/enhancements: - added event get_category_image_orders - fix display issue with redirect.tpl (h1/h2 within h1) - fix known_script smarty function registration - query search form not submitted if q is empty - better admin css rules - some other minor changes (ws_core, rest_handler, functions_search...) git-svn-id: http://piwigo.org/svn/trunk@2521 68402e56-0260-453c-a942-63ccdbb3a9ee
* Bug fixed: as rvelices notified me by email, my header replacement script wasplegall2008-04-051-24/+0
| | | | | | | | | | | | bugged (r2297 was repeating new and old header). By the way, I've also removed the replacement keywords. We were using them because it was a common usage with CVS but it is advised not to use them with Subversion. Personnaly, it is a problem when I search differences between 2 Piwigo installations outside Subversion. git-svn-id: http://piwigo.org/svn/trunk@2299 68402e56-0260-453c-a942-63ccdbb3a9ee
* Modification: new header on PHP files, PhpWebGallery renamed Piwigo.plegall2008-04-041-0/+21
| | | | git-svn-id: http://piwigo.org/svn/trunk@2297 68402e56-0260-453c-a942-63ccdbb3a9ee
* Issue 0000684: History [Search] - Add a thumbnail displayrub2007-05-011-60/+2
| | | | | | | | | | | | | | | | o Display choice can be selected o Display choice is saved on on cookie o Small improvement picture link (hoverbox on all the link, alt&title on classic mode) o New cookie functions and use Enhance computing method of script_basename function. http://forum.phpwebgallery.net/viewtopic.php?pid=58258#p58258 Merge BSF 1988:1989 into branch-1_7 git-svn-id: http://piwigo.org/svn/trunk@1992 68402e56-0260-453c-a942-63ccdbb3a9ee
* - plugins with own independent scripts work now (cookie_path and url root arervelices2007-01-241-1/+18
| | | | | | | | | correct) - prepare a bit some url functions so that later we can fully embed pwg in scripts located outside pwg - remove some unnecessary language strings git-svn-id: http://piwigo.org/svn/trunk@1750 68402e56-0260-453c-a942-63ccdbb3a9ee
* - sessions are always started (even for visitors)rvelices2006-12-011-1/+46
| | | | | | - thumbnail order saved in the session instead of cookie git-svn-id: http://piwigo.org/svn/trunk@1623 68402e56-0260-453c-a942-63ccdbb3a9ee
* bug 451 fixed: problem with auto loginnikrou2006-07-231-5/+2
| | | | | | | | | | - add an auto_login_key in users_table - $conf['session_length'] is no more useful and sessions length will be 0 (until browser closed) - add $conf['remember_me_name'] for cookie remember name git-svn-id: http://piwigo.org/svn/trunk@1493 68402e56-0260-453c-a942-63ccdbb3a9ee
* fix bug 458: Cannot log due to broken session cookie (wrong "path")chrisaga2006-07-081-2/+9
| | | | | | | use $_SERVER['REDIRECT_URL'] if it's set add a trailing '/' git-svn-id: http://piwigo.org/svn/trunk@1442 68402e56-0260-453c-a942-63ccdbb3a9ee
* merge -r1428:1429 from branch 1.6 to trunk (bug fixed: check of nonplegall2006-07-031-1/+1
| | | | | | | emptiness on $_SERVER['PATH_INFO']) git-svn-id: http://piwigo.org/svn/trunk@1430 68402e56-0260-453c-a942-63ccdbb3a9ee
* merge r1216 from branch-1_6 into trunkrvelices2006-04-201-7/+13
| | | | | | | | bug 340: ini_set disabled to Club Internet ISP + 1 error text message fix: display issue with IE6 on admin rating (table from 100% to 99%) git-svn-id: http://piwigo.org/svn/trunk@1217 68402e56-0260-453c-a942-63ccdbb3a9ee
* bug 308: improve correctionnikrou2006-04-171-16/+6
| | | | | | | svn merge -r1190:1191 from branch1_6 into trunk git-svn-id: http://piwigo.org/svn/trunk@1192 68402e56-0260-453c-a942-63ccdbb3a9ee
* merge r1175 from branch-1_6 into trunkrvelices2006-04-141-3/+14
| | | | | | | | fix: sessions css 3px image border goes from both clear and dark to image.css git-svn-id: http://piwigo.org/svn/trunk@1176 68402e56-0260-453c-a942-63ccdbb3a9ee
* -bug 308 fixed: problem when updating sessionnikrou2006-04-141-1/+1
| | | | git-svn-id: http://piwigo.org/svn/trunk@1164 68402e56-0260-453c-a942-63ccdbb3a9ee
* URL rewriting: capable of fully working with urls without ?rvelices2006-03-221-2/+17
| | | | | | | | | | | | | | | | | | | | | | | | URL rewriting: works with image file instead of image id (change make_picture_url to generate urls with file name instead of image id) URL rewriting: completely works with category/best_rated and picture/best_rated/534 (change 'category.php?' to 'category' in make_index_url and 'picture.php?' to 'picture' in make_picture_url to see it) fix: picture category display in upper bar fix: function rate_picture variables and use of the new user type fix: caddie icon appears now on category page fix: admin element_set sql query was using storage_category_id column (column has moved to #image_categories) fix: replaced some old $_GET[xxx] with $page[xxx] fix: pictures have metadata url (use ? parameter - might change later) git-svn-id: http://piwigo.org/svn/trunk@1092 68402e56-0260-453c-a942-63ccdbb3a9ee
* optimization: in sessions write 1 less sql query (except during login)rvelices2006-03-031-37/+28
| | | | | | bug: corrected algorithm for pretty calendar month view git-svn-id: http://piwigo.org/svn/trunk@1063 68402e56-0260-453c-a942-63ccdbb3a9ee
* The session garbage collector should not be called when a session is closednikrou2006-02-121-1/+0
| | | | git-svn-id: http://piwigo.org/svn/trunk@1034 68402e56-0260-453c-a942-63ccdbb3a9ee
* small modification: we can now store any information in sessionsnikrou2006-02-111-1/+2
| | | | | | (cf topic:5667) git-svn-id: http://piwigo.org/svn/trunk@1032 68402e56-0260-453c-a942-63ccdbb3a9ee
* - remake of Remote sites and Synchronize: rvelices2006-02-081-1/+19
| | | | | | | | | | | | | | | - synchronization for remote and local sites are done by the same code - remote sites can update metadata now (not before) - bug 279 - fixes bug 82: has_high column - improve feature 280: user sort by filename - fix path to template mimetypes icons - bug 284: session cookie lifetime, deletion on logout and corrected issue when db upgrades were missing git-svn-id: http://piwigo.org/svn/trunk@1029 68402e56-0260-453c-a942-63ccdbb3a9ee
* fixed problem of cookie session pathnikrou2006-02-031-5/+5
| | | | | | | fixed problem of undefined variable conf in upgrade_feed.php fixed problem of undefined index is_the_guest of tab variable user git-svn-id: http://piwigo.org/svn/trunk@1023 68402e56-0260-453c-a942-63ccdbb3a9ee
* bug: new session system does not use db session handler during install.phprvelices2006-01-251-1/+31
| | | | | | | | bug: put back function generate_key (was also used by new password generation and new feed generation) git-svn-id: http://piwigo.org/svn/trunk@1013 68402e56-0260-453c-a942-63ccdbb3a9ee
* improve sessions: add comments to functionsnikrou2006-01-211-28/+60
| | | | git-svn-id: http://piwigo.org/svn/trunk@1010 68402e56-0260-453c-a942-63ccdbb3a9ee
* bug fix 261: improve security of sessions (next to svn:1004):nikrou2006-01-181-28/+54
| | | | | | | - improve presentation code style - add upgrade database file git-svn-id: http://piwigo.org/svn/trunk@1007 68402e56-0260-453c-a942-63ccdbb3a9ee
* Improve security of sessions: nikrou2006-01-151-96/+58
| | | | | | | - use only cookies to store session id on client side - use default php session system with database handler to store sessions on server side git-svn-id: http://piwigo.org/svn/trunk@1004 68402e56-0260-453c-a942-63ccdbb3a9ee
* - new : external authentication in another users table. Previous users tableplegall2005-08-081-15/+10
| | | | | | | | | | | | | | | | | | | | | | | | | is divided between users (common properties with any web application) and user_infos (phpwebgallery specific informations). External table and fields can be configured. - modification : profile.php is not reachable through administration anymore (not useful). - modification : in profile.php, current password is mandatory only if user tries to change his password. Username can't be changed. - deletion : of obsolete functions get_user_restrictions, update_user_restrictions, get_user_all_restrictions, is_user_allowed, update_user - modification : $user['forbidden_categories'] equals at least "-1" so that category_id NOT IN ($user['forbidden_categories']) can always be used. - modification : user_forbidden table becomes user_cache so that not only restriction informations can be stored in this table. git-svn-id: http://piwigo.org/svn/trunk@808 68402e56-0260-453c-a942-63ccdbb3a9ee
* - new feature : use Apache authentication. If $conf['apache_authentication']plegall2005-07-171-2/+2
| | | | | | | | | | | | | | | | is set true : if no user matches $_SERVER['REMOTE_USER'] in "users" table, PWG automatically creates one. This way, users can customize the behaviour of the application. - template : new organisation of identification menu (category.php). Simplification is required for Apache authentication (no logout link even if user is externally logged in) - new : usernames can contain quotes (required because Apache authentication authorized quotes in usernames) git-svn-id: http://piwigo.org/svn/trunk@804 68402e56-0260-453c-a942-63ccdbb3a9ee
* all headers adapted to new year 2005, happy new yearplegall2005-01-071-1/+1
| | | | git-svn-id: http://piwigo.org/svn/trunk@675 68402e56-0260-453c-a942-63ccdbb3a9ee
* - bug fixed : in admin/cat_list, next_rank cant' be calculted and query toplegall2004-12-181-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | count sub-categories per sub-categories became false if no sub-categories - virtual association come back in admin/infos_images (not only in admin/picture_modify) - check_favorites function in admin section becomes check_user_favorites in public section : favorites are checked when user tries to display his favorites. Function was optimized. - in function update_category, wrap of long queries due to many categories to update at the same time - typo fixed in description of paginate_pages_around configuration parameter - bug fixed in new navigation bar : no separation pipe was displayed between next and last when the page displayed was the last - sessions.expiration changed of type from int to datetime (a lot easier to read) - sessions.ip removed : IP address is no longer used to verify session - $lang['cat_options'] was missing in en_UK.iso-8859-1 - typo fixed in language/en_UK.iso-8859-1/admin.lang.php on editcat_lock_info language item git-svn-id: http://piwigo.org/svn/trunk@647 68402e56-0260-453c-a942-63ccdbb3a9ee
* update headers to comply with GPLz0rglub2004-11-061-4/+4
| | | | git-svn-id: http://piwigo.org/svn/trunk@593 68402e56-0260-453c-a942-63ccdbb3a9ee
* - function mysql_query replaced by pwg_query : the same with debuggingz0rglub2004-10-301-2/+2
| | | | | | | | | features - by default, DEBUG is set to 0 (off) git-svn-id: http://piwigo.org/svn/trunk@587 68402e56-0260-453c-a942-63ccdbb3a9ee
* - checkbox for "remember me" are only shown if authorizedz0rglub2004-10-061-7/+3
| | | | | | | | | | | | | | - simplification : each session is created with a cookie and if PhpWebGallery can't read the cookie, it uses the URI id and it will be used in the add_session_id function. - configuration parameter "auth_method" disappeared (didn't lived much...) - only one session id size possible. More comments for configuration in include/config.inc.php git-svn-id: http://piwigo.org/svn/trunk@555 68402e56-0260-453c-a942-63ccdbb3a9ee
* - deletion of session_time and session_id_size as config parameterz0rglub2004-10-021-24/+39
| | | | | | | | | | | | - new feature : "remember me" creates a long time cookie - possibility to set the default authentication method to URI or cookie - really technical parameters (session identifier size, session duration) are set in the config file and not in database + configuration.php git-svn-id: http://piwigo.org/svn/trunk@541 68402e56-0260-453c-a942-63ccdbb3a9ee
* - corrects bugs due to deletion of configuration parameters default_lang,z0rglub2004-09-071-1/+1
| | | | | | | | | | | | default_style (renamed to default_language and default_template), session_keyword - in install.php, corrects bug to deletion of language keys : conf_general_webmaster, conf_general_webmaster_info and renaming of conf_general_mail git-svn-id: http://piwigo.org/svn/trunk@518 68402e56-0260-453c-a942-63ccdbb3a9ee
* Split of langage filesgweltas2004-02-191-1/+1
| | | | git-svn-id: http://piwigo.org/svn/trunk@364 68402e56-0260-453c-a942-63ccdbb3a9ee
* header global refactoringz0rglub2004-02-111-18/+26
| | | | git-svn-id: http://piwigo.org/svn/trunk@362 68402e56-0260-453c-a942-63ccdbb3a9ee
* improve the header of each filez0rglub2003-08-241-2/+4
| | | | git-svn-id: http://piwigo.org/svn/trunk@57 68402e56-0260-453c-a942-63ccdbb3a9ee
* optional cookie identificationz0rglub2003-07-271-18/+28
| | | | git-svn-id: http://piwigo.org/svn/trunk@45 68402e56-0260-453c-a942-63ccdbb3a9ee
* *** empty log message ***z0rglub2003-05-181-3/+3
| | | | git-svn-id: http://piwigo.org/svn/trunk@14 68402e56-0260-453c-a942-63ccdbb3a9ee
* *** empty log message ***z0rglub2003-05-171-10/+10
| | | | git-svn-id: http://piwigo.org/svn/trunk@13 68402e56-0260-453c-a942-63ccdbb3a9ee