From 11699a554688e1215bae9c550a5a67c15cdb8f36 Mon Sep 17 00:00:00 2001 From: z0rglub Date: Wed, 6 Oct 2004 22:48:48 +0000 Subject: - checkbox for "remember me" are only shown if authorized - simplification : each session is created with a cookie and if PhpWebGallery can't read the cookie, it uses the URI id and it will be used in the add_session_id function. - configuration parameter "auth_method" disappeared (didn't lived much...) - only one session id size possible. More comments for configuration in include/config.inc.php git-svn-id: http://piwigo.org/svn/trunk@555 68402e56-0260-453c-a942-63ccdbb3a9ee --- admin/configuration.php | 9 --------- category.php | 4 ++++ identification.php | 33 ++++++++++++-------------------- include/config.inc.php | 12 +++++++----- include/functions_session.inc.php | 10 +++------- include/user.inc.php | 20 +++++-------------- install/config.sql | 1 - language/en_UK.iso-8859-1/admin.lang.php | 4 ---- template/default/admin/configuration.tpl | 5 ----- template/default/category.tpl | 2 ++ template/default/identification.tpl | 2 ++ 11 files changed, 35 insertions(+), 67 deletions(-) diff --git a/admin/configuration.php b/admin/configuration.php index 1c8c206f0..36e52c500 100644 --- a/admin/configuration.php +++ b/admin/configuration.php @@ -154,8 +154,6 @@ $template->assign_vars( 'L_NO'=>$lang['no'], 'L_SUBMIT'=>$lang['submit'], 'L_RESET'=>$lang['reset'], - 'L_URI'=>$lang['URI'], - 'L_COOKIE'=>$lang['cookie'], 'F_ACTION'=>add_session_id($action) )); @@ -304,9 +302,6 @@ switch ($page['section']) } case 'session' : { - $auth_method_URI = ($conf['auth_method']=='URI')?'checked="checked"':''; - $auth_method_cookie = - ($conf['auth_method']=='cookie')?'checked="checked"':''; $authorize_remembering_yes = ($conf['authorize_remembering']=='true')?'checked="checked"':''; $authorize_remembering_no = @@ -316,14 +311,10 @@ switch ($page['section']) 'session', array( 'L_CONF_TITLE'=>$lang['conf_session_title'], - 'L_CONF_AUTH_METHOD'=>$lang['conf_auth_method'], - 'L_CONF_AUTH_METHOD_INFO'=>$lang['conf_auth_method_info'], 'L_CONF_AUTHORIZE_REMEMBERING'=>$lang['conf_authorize_remembering'], 'L_CONF_AUTHORIZE_REMEMBERING_INFO' => $lang['conf_authorize_remembering_info'], - 'AUTH_METHOD_URI'=>$auth_method_URI, - 'AUTH_METHOD_COOKIE'=>$auth_method_cookie, 'AUTHORIZE_REMEMBERING_YES'=>$authorize_remembering_yes, 'AUTHORIZE_REMEMBERING_NO'=>$authorize_remembering_no )); diff --git a/category.php b/category.php index 2e897e591..c0728dcf1 100644 --- a/category.php +++ b/category.php @@ -239,6 +239,10 @@ if ( !$user['is_the_guest'] ) else { $template->assign_block_vars('login',array()); + if ($conf['authorize_remembering']) + { + $template->assign_block_vars('login.remember_me',array()); + } } // search link diff --git a/identification.php b/identification.php index 602af430c..336879fe4 100644 --- a/identification.php +++ b/identification.php @@ -42,29 +42,15 @@ SELECT id, password $row = mysql_fetch_array(mysql_query($query)); if ($row['password'] == md5($_POST['password'])) { - if ($conf['auth_method'] == 'cookie' - or isset($_POST['remember_me']) and $_POST['remember_me'] == 1) + $session_length = $conf['session_length']; + if ($conf['authorize_remembering'] + and isset($_POST['remember_me']) + and $_POST['remember_me'] == 1) { - if ($conf['auth_method'] == 'cookie') - { - $cookie_length = $conf['session_length']; - } - else if ($_POST['remember_me'] == 1) - { - $cookie_length = $conf['remember_me_length']; - } - session_create($row['id'], - 'cookie', - $cookie_length); - redirect('category.php'); - } - else if ($conf['auth_method'] == 'URI') - { - $session_id = session_create($row['id'], - 'URI', - $conf['session_length']); - redirect('category.php?id='.$session_id); + $session_length = $conf['remember_me_length']; } + $session_id = session_create($row['id'], $session_length); + redirect('category.php?id='.$session_id); } else { @@ -97,6 +83,11 @@ $template->assign_vars( 'F_LOGIN_ACTION' => add_session_id('identification.php') )); + +if ($conf['authorize_remembering']) +{ + $template->assign_block_vars('remember_me',array()); +} //-------------------------------------------------------------- errors display if ( sizeof( $errors ) != 0 ) { diff --git a/include/config.inc.php b/include/config.inc.php index a2a3b0d4c..07ec9e8a6 100644 --- a/include/config.inc.php +++ b/include/config.inc.php @@ -96,9 +96,11 @@ $conf['remember_me_length'] = 31536000; // time of validity for normal session, in seconds. $conf['session_length'] = 3600; -// session id length when session id in URI -$conf['session_id_size_URI'] = 4; - -// session id length when session id in cookie -$conf['session_id_size_cookie'] = 50; +// session id size. A session identifier is compound of alphanumeric +// characters and is case sensitive. Each character is among 62 +// possibilities. The number of possible sessions is +// 62^$conf['session_id_size']. +// 62^5 = 916,132,832 +// 62^10 = 839,299,365,868,340,224 +$conf['session_id_size'] = 10; ?> diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php index ce66e3a30..bb0fca11c 100644 --- a/include/functions_session.inc.php +++ b/include/functions_session.inc.php @@ -62,11 +62,10 @@ function generate_key($size) * - return session identifier * * @param int userid - * @param string method : cookie or URI * @param int session_lentgh : in seconds * @return string */ -function session_create($userid, $method, $session_length) +function session_create($userid, $session_length) { global $conf; @@ -74,7 +73,7 @@ function session_create($userid, $method, $session_length) $id_found = false; while (!$id_found) { - $generated_id = generate_key($conf['session_id_size_'.$method]); + $generated_id = generate_key($conf['session_id_size']); $query = ' SELECT id FROM '.SESSIONS_TABLE.' @@ -97,10 +96,7 @@ INSERT INTO '.SESSIONS_TABLE.' ;'; mysql_query($query); - if ($method == 'cookie') - { - setcookie('id', $generated_id, $session_length+time(), cookie_path()); - } + setcookie('id', $generated_id, $expiration, cookie_path()); return $generated_id; } diff --git a/include/user.inc.php b/include/user.inc.php index 01a7243d1..a39441bb2 100644 --- a/include/user.inc.php +++ b/include/user.inc.php @@ -39,25 +39,15 @@ $query_user = 'SELECT * FROM '.USERS_TABLE; $query_done = false; $user['is_the_guest'] = false; -// cookie deletion if administrator don't authorize them anymore -if (!$conf['authorize_remembering'] and isset($_COOKIE['id'])) +if (isset($_COOKIE['id'])) { - setcookie('id', '', 0, cookie_path()); - $url = 'category.php'; - redirect($url); + $session_id = $_COOKIE['id']; + $user['has_cookie'] = true; } - -if (isset($_GET['id'])) +else if (isset($_GET['id'])) { $session_id = $_GET['id']; $user['has_cookie'] = false; - $session_id_size = $conf['session_id_size_URI']; -} -elseif (isset($_COOKIE['id'])) -{ - $session_id = $_COOKIE['id']; - $user['has_cookie'] = true; - $session_id_size = $conf['session_id_size_cookie']; } else { @@ -65,7 +55,7 @@ else } if (isset($session_id) - and ereg("^[0-9a-zA-Z]{".$session_id_size."}$", $session_id)) + and ereg("^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id)) { $page['session_id'] = $session_id; $query = ' diff --git a/install/config.sql b/install/config.sql index e6be0e8c9..52f810885 100644 --- a/install/config.sql +++ b/install/config.sql @@ -26,5 +26,4 @@ INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('use_iptc','false INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('use_exif','true','Use EXIF data during database synchronization with files metadata'); INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('show_iptc','false','Show IPTC metadata on picture.php if asked by user'); INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('show_exif','true','Show EXIF metadata on picture.php if asked by user'); -INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('auth_method','URI','Default method used to authenticate users : URI or cookie'); INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('authorize_remembering','true','Authorize users to be remembered, see $conf{remember_me_length}'); diff --git a/language/en_UK.iso-8859-1/admin.lang.php b/language/en_UK.iso-8859-1/admin.lang.php index 51b408d63..a9d96461c 100644 --- a/language/en_UK.iso-8859-1/admin.lang.php +++ b/language/en_UK.iso-8859-1/admin.lang.php @@ -174,10 +174,6 @@ $lang['conf_upload_maxheight_thumbnail_error'] = 'Maximum height authorized for // Configuration -> session $lang['conf_session_title'] = 'Sessions'; -$lang['conf_auth_method'] = 'Authentication method'; -$lang['conf_auth_method_info'] = 'The default authentication method can be URI (session identifier in the gallery links) or cookie (no session identifier in links but needs cookies to be authorized by web browser)'; -$lang['URI'] = 'URI'; -$lang['cookie'] = 'cookie'; $lang['conf_authorize_remembering'] = 'Authorize remembering'; $lang['conf_authorize_remembering_info'] = 'Permits user to log for a long time. It creates a cookie on client side, with duration set in include/config.inc.php (1 year per default)'; diff --git a/template/default/admin/configuration.tpl b/template/default/admin/configuration.tpl index a6d00aea7..26605c14b 100644 --- a/template/default/admin/configuration.tpl +++ b/template/default/admin/configuration.tpl @@ -147,11 +147,6 @@   - - - {session.L_CONF_AUTH_METHOD} :
{session.L_CONF_AUTH_METHOD_INFO} - {L_URI}   - {L_COOKIE} {session.L_CONF_AUTHORIZE_REMEMBERING} :
{session.L_CONF_AUTHORIZE_REMEMBERING_INFO} diff --git a/template/default/category.tpl b/template/default/category.tpl index a6effeefd..9f554ad83 100644 --- a/template/default/category.tpl +++ b/template/default/category.tpl @@ -40,7 +40,9 @@
{L_PASSWORD}

+ {L_REMEMBER_ME}
+ diff --git a/template/default/identification.tpl b/template/default/identification.tpl index 412c28ece..d180676fc 100644 --- a/template/default/identification.tpl +++ b/template/default/identification.tpl @@ -30,12 +30,14 @@ + {L_REMEMBER_ME}: + -- cgit v1.2.3