aboutsummaryrefslogtreecommitdiffstats
path: root/include/user.inc.php (unfollow)
Commit message (Collapse)AuthorFilesLines
2010-03-19increase copyright year to 2010plegall1-1/+1
git-svn-id: http://piwigo.org/svn/trunk@5196 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-01-04Administration: happy new year 2009, all PHP headers updated. plegall1-1/+1
git-svn-id: http://piwigo.org/svn/trunk@3049 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-10-16merge 2755 and 2756 from branch 2.0 to trunkrvelices1-8/+1
- 2755 fix vulnerability http://www.milw0rm.com/exploits/6755 - 2756 security paranoia: protect session/remember me cookies from XSS attacks (works only if php>=5.2 and with IE/FF maybe others) git-svn-id: http://piwigo.org/svn/trunk@2757 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-07-05- fix some side effects with browser language (wrong display/user creation ↵rvelices1-2/+2
in admin and mails to admin in user browser language) git-svn-id: http://piwigo.org/svn/trunk@2425 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-05-31Feature 0000080: Browser language detection (Use first active browser ↵vdigital1-1/+4
language as language for guest, generic members, registering process). If the language is not available PHPWG_DEFAULT_LANGUAGE is used as previously. git-svn-id: http://piwigo.org/svn/trunk@2371 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-04-05Bug fixed: as rvelices notified me by email, my header replacement script wasplegall1-25/+0
bugged (r2297 was repeating new and old header). By the way, I've also removed the replacement keywords. We were using them because it was a common usage with CVS but it is advised not to use them with Subversion. Personnaly, it is a problem when I search differences between 2 Piwigo installations outside Subversion. git-svn-id: http://piwigo.org/svn/trunk@2299 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-04-04Modification: new header on PHP files, PhpWebGallery renamed Piwigo.plegall1-0/+21
git-svn-id: http://piwigo.org/svn/trunk@2297 68402e56-0260-453c-a942-63ccdbb3a9ee
2007-12-11Resolved issue 0000784: Mail notification disabled on register userrub1-1/+1
Merge branch-1_7 2176:2177 into BSF git-svn-id: http://piwigo.org/svn/trunk@2178 68402e56-0260-453c-a942-63ccdbb3a9ee
2007-03-13Updates:vdigital1-2/+2
- Copyrights 2003-2007 - help - Some HTML comform requests git-svn-id: http://piwigo.org/svn/trunk@1903 68402e56-0260-453c-a942-63ccdbb3a9ee
2007-02-15- plugins: added new action user_initrvelices1-0/+1
- put in a new admin_multi_view:allows admins to change on the fly language/theme and view gallery as guest (useful for developers and just to show a 'new' way of using plugins) - removed some warnings from history.php and increased table width to 99% - remove unused admin language strings git-svn-id: http://piwigo.org/svn/trunk@1821 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-12-21Feature Issue ID 0000601: Filter all public pages with only recent elementsrub1-13/+2
It's a finalized version. Obsolete code of draft are removed. You can filter categories and images with recent date period on your screen selection. In the future, filter could be easy done on other type data (plugin?) You can flat categories and sub-categories with a recent date period of your choice. Next, perhaps, a panel to choice recent date for the 2 features. On draft, there have problem with MySql 5, be careful! Css problem not resolved: - Menu "Categories" is bad centered - Icon on dark too on the top git-svn-id: http://piwigo.org/svn/trunk@1677 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-12-13Feature Issue ID 0000601: Filter all public pages with only recent elementsrub1-1/+13
Last draft before final development. There a icon for global mode and one other for local mode. Counters are not good, filter on images are not everywhere applied, moment to update cache are not optimized, ... Go to http://forum.phpwebgallery.net/viewtopic.php?id=9490 git-svn-id: http://piwigo.org/svn/trunk@1651 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-12-01- sessions are always started (even for visitors)rvelices1-9/+5
- thumbnail order saved in the session instead of cookie git-svn-id: http://piwigo.org/svn/trunk@1623 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-10-20- put back config['session_length'] disappeared in r1493 but has always beenrvelices1-54/+21
used in the code (generates mysql errors on session garbage collector) - fix auto_login (die mysql when session timed out, but user has remember) - when a user reconnects from identification.php, the remember cookie was not deleted - fix all redirect warnings/errors (many changes - mainly in common.inc.php and user.inc.php) - reduced $conf['remember_me_length'] to 60 days, because now at each auto login the 60 days countdown restarts git-svn-id: http://piwigo.org/svn/trunk@1568 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-08-02fix bug 451: nikrou1-1/+3
password.php and register.php must be accessible when user is guest even if guest user is not allowed. git-svn-id: http://piwigo.org/svn/trunk@1524 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-08-01fix bug 451: nikrou1-1/+2
when guest access in not allowed identification.php script try to redirect to himself ad infinitum. git-svn-id: http://piwigo.org/svn/trunk@1522 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-07-28Fix bug 451: improvementnikrou1-15/+39
small problem with reconnexion after session timeout add auto-login function all staff for session (connexion, auto-login and logout) is now in include/user.inc.php git-svn-id: http://piwigo.org/svn/trunk@1511 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-04-21merge r1230 from branch-1_6 into trunkrvelices1-7/+7
bugs 344 and 308: broken user id in $_SESSION due to php.ini register_globals git-svn-id: http://piwigo.org/svn/trunk@1231 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-03-27improvement issue 0000127&0000301:rub1-0/+1
o Fix Missing Adviser tests o Improve pwg_high , set to is_the_guest default value for enabled_high git-svn-id: http://piwigo.org/svn/trunk@1106 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-02-23fix: permissioning not working (2 bugs)rvelices1-2/+1
fix: locked gallery cannot be unlocked (impossible to login) improvement: nicer display in redirect.tpl improvement: when a page is not accessible because of permissions (accessed through bookmark or email), redirect to identification.php and after identification to the initially requested page git-svn-id: http://piwigo.org/svn/trunk@1052 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-02-12improvement: $page['where'] string replaced by $page['items'].plegall1-2/+7
$page['where'] was an SQL clause used to retrieve pictures in #images table. $page['items'] is the list of picture ids of the current section. improvement: function initialize_category replaced by dedicated included PHP script include/section_init.inc.php. Code was refactored to improve readibility and maintenability. $page['navigation_bar'] is now build in category.php instead of initialize_category function. Function check_cat_id was also replaced by a piece of code in the new file. The file to include to display thumbnails from category.php is now set in section_init.inc.php instead of calculated in category.php. bug fix: the test for rel="up" link for standard HTML navigation links in category menu was not working with non numeric categories, such as "favorites". improvement: function check_login_authorization removed because useless but in profile.php. git-svn-id: http://piwigo.org/svn/trunk@1036 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-02-03fixed problem of cookie session pathnikrou1-0/+1
fixed problem of undefined variable conf in upgrade_feed.php fixed problem of undefined index is_the_guest of tab variable user git-svn-id: http://piwigo.org/svn/trunk@1023 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-01-15Improve security of sessions: nikrou1-47/+16
- use only cookies to store session id on client side - use default php session system with database handler to store sessions on server side git-svn-id: http://piwigo.org/svn/trunk@1004 68402e56-0260-453c-a942-63ccdbb3a9ee
2005-08-17- modification : major simplification of admin.php. Titles are managed byplegall1-13/+0
included page, localized items are managed directly in the template. - new : sub template admin/double_select is included in templates admin/cat_options, admin/user_perm and admin/group_perm. I haven't been able to use it in admin/picture_modify because it seems impossible to have two instance of the same sub-template without interfering. - modification : bug 99, in profile manager, no auto submit when changing language (useless and generate accessibility problem). - improvement : HTML semantically correct for administration menu, simpler syntax, less tags, correct tags (dl/dt/dd instead of div/div). - modification : number of waiting elements and unvalidated comments are displayed in admin/intro instead of administration menu (with a link to the dedicated pages). - deletion : no link to profile from admin/user_list anymore (no need). git-svn-id: http://piwigo.org/svn/trunk@817 68402e56-0260-453c-a942-63ccdbb3a9ee
2005-08-08- new : external authentication in another users table. Previous users tableplegall1-109/+7
is divided between users (common properties with any web application) and user_infos (phpwebgallery specific informations). External table and fields can be configured. - modification : profile.php is not reachable through administration anymore (not useful). - modification : in profile.php, current password is mandatory only if user tries to change his password. Username can't be changed. - deletion : of obsolete functions get_user_restrictions, update_user_restrictions, get_user_all_restrictions, is_user_allowed, update_user - modification : $user['forbidden_categories'] equals at least "-1" so that category_id NOT IN ($user['forbidden_categories']) can always be used. - modification : user_forbidden table becomes user_cache so that not only restriction informations can be stored in this table. git-svn-id: http://piwigo.org/svn/trunk@808 68402e56-0260-453c-a942-63ccdbb3a9ee
2005-07-17- new feature : use Apache authentication. If $conf['apache_authentication']plegall1-0/+29
is set true : if no user matches $_SERVER['REMOTE_USER'] in "users" table, PWG automatically creates one. This way, users can customize the behaviour of the application. - template : new organisation of identification menu (category.php). Simplification is required for Apache authentication (no logout link even if user is externally logged in) - new : usernames can contain quotes (required because Apache authentication authorized quotes in usernames) git-svn-id: http://piwigo.org/svn/trunk@804 68402e56-0260-453c-a942-63ccdbb3a9ee
2005-05-09- user list : links to profile page and permissions page are represented byplegall1-7/+11
icons (more compact) - user list : ability to associate to a group or to dissociate from a group a list of selected users - user list : ability to set user properties in "batch" mode (a selection of users at once) - user list : alternate background color for each line - (not in ChangeLog) temporary commented code to update current user language if $_POST['language'] is set (see include/user.inc.php for details) git-svn-id: http://piwigo.org/svn/trunk@787 68402e56-0260-453c-a942-63ccdbb3a9ee
2005-04-26Bug 99 : javascript error in profile.phpgweltas1-1/+10
Enhancement of the radio class under IE git-svn-id: http://piwigo.org/svn/trunk@772 68402e56-0260-453c-a942-63ccdbb3a9ee
2005-01-08- deletion of calculated permissions when deleting a userplegall1-1/+2
- taking into account locked categories during permissions calculation git-svn-id: http://piwigo.org/svn/trunk@680 68402e56-0260-453c-a942-63ccdbb3a9ee
2005-01-07all headers adapted to new year 2005, happy new yearplegall1-1/+1
git-svn-id: http://piwigo.org/svn/trunk@675 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-12-25- user permissions ask update at each admin page generation. Tableplegall1-5/+9
user_forbidden must be updated only if current user is not in administrative section - bug fixed : category.php, error on page title when non category selected - admin/search : bug on variable $PHP_SELF, replaced by $_SERVER['PHP_SELF'] - admin/user_perm : inheritence management. When a category become authorized, all parent categories become authorized, when a category become forbidden, all child category become forbidden - no more recursivity in delete_categories function - new function get_fs_directories for future new method of synchronization - new function get_uppercat_ids replacing several pieces of code doing the same - new function get_fulldirs used for metadata function get_filelist and future new method of synchronization - new function get_fs for future new method of synchronization - typo correction on lang item "about_message" - no link to category privacy status management on user permission anymore (giving the menu item instead) git-svn-id: http://piwigo.org/svn/trunk@657 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-12-20- new feature : lock temporary your gallery for maintenanceplegall1-0/+21
- $user keys for guest user are initialized with default values of $conf git-svn-id: http://piwigo.org/svn/trunk@653 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-12-20- replacement of PREFIX_TABLE constant in delete_user functionplegall1-6/+25
- deletion of $isadmin variable, replaced by constant IN_ADMIN - small refactoring - in include/common.inc.php, deletion of useless part "Obtain and encode users IP" and corresponding functions encode_ip and decode_ip - definition of $conf['default_language'] deleted from include/config.inc.php : it is already present in database table config - function init_userprefs deleted (useless), all its content moved to include/user.inc.php - admin.lang.php and faq.lang.php are loaded only if current user is in administrative section git-svn-id: http://piwigo.org/svn/trunk@650 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-12-20- in picture.php, $user['maxwidth'] and $user['maxheight'] can be unset ifplegall1-31/+42
NULL in database - new table user_forbidden {user_id,need_update,forbidden_categories} and deletion of field users.forbidden_categories - new function calculate_permissions to update table user_forbidden when needed - simplification of include/user.inc.php - in footer of each page, use "-" instead of "::" to separate page information git-svn-id: http://piwigo.org/svn/trunk@648 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-12-18- bug fixed : in admin/cat_list, next_rank cant' be calculted and query toplegall1-16/+9
count sub-categories per sub-categories became false if no sub-categories - virtual association come back in admin/infos_images (not only in admin/picture_modify) - check_favorites function in admin section becomes check_user_favorites in public section : favorites are checked when user tries to display his favorites. Function was optimized. - in function update_category, wrap of long queries due to many categories to update at the same time - typo fixed in description of paginate_pages_around configuration parameter - bug fixed in new navigation bar : no separation pipe was displayed between next and last when the page displayed was the last - sessions.expiration changed of type from int to datetime (a lot easier to read) - sessions.ip removed : IP address is no longer used to verify session - $lang['cat_options'] was missing in en_UK.iso-8859-1 - typo fixed in language/en_UK.iso-8859-1/admin.lang.php on editcat_lock_info language item git-svn-id: http://piwigo.org/svn/trunk@647 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-11-06update headers to comply with GPLz0rglub1-4/+4
git-svn-id: http://piwigo.org/svn/trunk@593 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-10-30- function mysql_query replaced by pwg_query : the same with debuggingz0rglub1-3/+3
features - by default, DEBUG is set to 0 (off) git-svn-id: http://piwigo.org/svn/trunk@587 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-10-06- checkbox for "remember me" are only shown if authorizedz0rglub1-15/+5
- simplification : each session is created with a cookie and if PhpWebGallery can't read the cookie, it uses the URI id and it will be used in the add_session_id function. - configuration parameter "auth_method" disappeared (didn't lived much...) - only one session id size possible. More comments for configuration in include/config.inc.php git-svn-id: http://piwigo.org/svn/trunk@555 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-10-02- deletion of session_time and session_id_size as config parameterz0rglub1-32/+42
- new feature : "remember me" creates a long time cookie - possibility to set the default authentication method to URI or cookie - really technical parameters (session identifier size, session duration) are set in the config file and not in database + configuration.php git-svn-id: http://piwigo.org/svn/trunk@541 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-09-23- Delivery of french translation in order to test i18ngweltas1-4/+0
- Deletion of collapsed & expanded gifs (obsoletes) - Creation of faq language file for further writing of a end user-oriented FAQ git-svn-id: http://piwigo.org/svn/trunk@532 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-07-28Installation procedure updategweltas1-2/+1
git-svn-id: http://piwigo.org/svn/trunk@463 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-07-09replacement of short_period and long_period by recent_periodz0rglub1-2/+2
git-svn-id: http://piwigo.org/svn/trunk@452 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-03-31redirections modification : use of a HTML refresh page instead of header PHPz0rglub1-4/+1
function. The purpose is to avoid redirections failure when extra characters are found in included PHP files. git-svn-id: http://piwigo.org/svn/trunk@405 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-03-27refactoringz0rglub1-2/+11
git-svn-id: http://piwigo.org/svn/trunk@397 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-02-26New default template - User sidegweltas1-1/+1
git-svn-id: http://piwigo.org/svn/trunk@375 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-02-20Migration of installation proceduregweltas1-1/+2
git-svn-id: http://piwigo.org/svn/trunk@367 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-02-11header global refactoringz0rglub1-18/+26
git-svn-id: http://piwigo.org/svn/trunk@362 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-02-07Template modificationgweltas1-0/+6
Split of the french language file git-svn-id: http://piwigo.org/svn/trunk@351 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-02-02Merge of the 1.3.1 releasegweltas1-15/+21
Creation of an unique include file (common.php) Creation of an unique define file (include/constants.php) Modification of the installation procedure git-svn-id: http://piwigo.org/svn/trunk@345 68402e56-0260-453c-a942-63ccdbb3a9ee
2003-09-12When a page is refresh with an expired session still existing in thez0rglub1-1/+1
database, the first page works -> corrected. git-svn-id: http://piwigo.org/svn/trunk@90 68402e56-0260-453c-a942-63ccdbb3a9ee