From 45a8139acdc9a175f8f8e1536d42fa36bc57ff4c Mon Sep 17 00:00:00 2001 From: z0rglub Date: Sun, 27 Jul 2003 08:24:10 +0000 Subject: optional cookie identification git-svn-id: http://piwigo.org/svn/trunk@45 68402e56-0260-453c-a942-63ccdbb3a9ee --- admin/configuration.php | 33 +++++++++++++++++++++++- category.php | 13 +++++++++- identification.php | 10 +++----- include/config.inc.php | 2 +- include/functions_session.inc.php | 46 ++++++++++++++++++++------------- include/user.inc.php | 53 ++++++++++++++++++++++++++++----------- language/francais.php | 9 +++++++ profile.php | 31 +++++++++++++++++++++-- template/default/profile.vtp | 17 ++++++++++++- 9 files changed, 170 insertions(+), 44 deletions(-) diff --git a/admin/configuration.php b/admin/configuration.php index 529a3541b..71802db1f 100644 --- a/admin/configuration.php +++ b/admin/configuration.php @@ -41,7 +41,7 @@ array( 'prefix_thumbnail','webmaster','mail_webmaster','access', 'show_comments','nb_comment_page','upload_available', 'upload_maxfilesize', 'upload_maxwidth','upload_maxheight', 'upload_maxwidth_thumbnail','upload_maxheight_thumbnail','log', - 'comments_validation','comments_forall' ); + 'comments_validation','comments_forall','authorize_cookies' ); $default_user_infos = array( 'nb_image_line','nb_line_page','language','maxwidth', 'maxheight','expand','show_nb_comments','short_period','long_period', @@ -851,6 +851,37 @@ $vtp->addSession( $sub, 'line' ); $vtp->addSession( $sub, 'space_line' ); $vtp->closeSession( $sub, 'space_line' ); $vtp->closeSession( $sub, 'line' ); +// authorize cookies ? +$vtp->addSession( $sub, 'line' ); +$vtp->addSession( $sub, 'param_line' ); +$vtp->setVar( $sub, 'param_line.name', $lang['conf_session_cookie'] ); +$vtp->addSession( $sub, 'group' ); +$vtp->addSession( $sub, 'radio' ); +$vtp->setVar( $sub, 'radio.name', 'authorize_cookies' ); +$vtp->setVar( $sub, 'radio.value', 'true' ); +$checked = ''; +if ( $authorize_cookies == 'true' ) +{ + $checked = ' checked="checked"'; +} +$vtp->setVar( $sub, 'radio.checked', $checked ); +$vtp->setVar( $sub, 'radio.option', $lang['yes'] ); +$vtp->closeSession( $sub, 'radio' ); +$vtp->addSession( $sub, 'radio' ); +$vtp->setVar( $sub, 'radio.name', 'authorize_cookies' ); +$vtp->setVar( $sub, 'radio.value', 'false' ); +$checked = ''; +if ( $authorize_cookies == 'false' ) +{ + $checked = ' checked="checked"'; +} +$vtp->setVar( $sub, 'radio.checked', $checked ); +$vtp->setVar( $sub, 'radio.option', $lang['no'] ); +$vtp->closeSession( $sub, 'radio' ); +$vtp->closeSession( $sub, 'group' ); +$vtp->setVar( $sub, 'param_line.def', $lang['conf_session_cookie_info'] ); +$vtp->closeSession( $sub, 'param_line' ); +$vtp->closeSession( $sub, 'line' ); // session size $vtp->addSession( $sub, 'line' ); $vtp->addSession( $sub, 'param_line' ); diff --git a/category.php b/category.php index 5fe713adc..c6cfe1f42 100644 --- a/category.php +++ b/category.php @@ -20,6 +20,17 @@ $t2 = explode( '.', $t1[0] ); $t2 = $t1[1].'.'.$t2[1]; //----------------------------------------------------------- personnal include include_once( './include/init.inc.php' ); +//---------------------------------------------------------------------- logout +if ( $_GET['act'] == 'logout' and isset( $_COOKIE['id'] ) ) +{ + // cookie deletion if exists + setcookie( 'id', '', 0, cookie_path() ); + $url = 'category.php'; + header( 'Request-URI: '.$url ); + header( 'Content-Location: '.$url ); + header( 'Location: '.$url ); + exit(); +} //-------------------------------------------------- access authorization check // creating the plain structure : array of all the available categories and // their relative informations, see the definition of the function @@ -150,7 +161,7 @@ if ( !$user['is_the_guest'] ) { // logout link $vtp->addSession( $handle, 'summary' ); - $vtp->setVar( $handle, 'summary.url', './category.php?cat='.$page['cat'] ); + $vtp->setVar( $handle, 'summary.url', './category.php?act=logout' ); $vtp->setVar( $handle, 'summary.title', '' ); $vtp->setVar( $handle, 'summary.name', replace_space( $lang['logout'] ) ); $vtp->closeSession( $handle, 'summary' ); diff --git a/identification.php b/identification.php index c88719d03..2c8901a05 100644 --- a/identification.php +++ b/identification.php @@ -18,10 +18,9 @@ //----------------------------------------------------------- personnal include include_once( "./include/init.inc.php" ); //-------------------------------------------------------------- identification -$error = array(); +$errors = array(); if ( isset( $_POST['login'] ) ) { - $i = 0; // retrieving the encrypted password of the login submitted $query = 'select password'; $query.= ' from '.PREFIX_TABLE.'users'; @@ -38,7 +37,7 @@ if ( isset( $_POST['login'] ) ) } else { - $error[$i++] = $lang['invalid_pwd']; + array_push( $errors, $lang['invalid_pwd'] ); } } //----------------------------------------------------- template initialization @@ -63,10 +62,9 @@ initialize_template(); if ( sizeof( $error ) != 0 ) { $vtp->addSession( $handle, 'errors' ); - for ( $i = 0; $i < sizeof( $error ); $i++ ) - { + foreach ( $errors as $error ) { $vtp->addSession( $handle, 'li' ); - $vtp->setVar( $handle, 'li.li', $error[$i] ); + $vtp->setVar( $handle, 'li.li', $error ); $vtp->closeSession( $handle, 'li' ); } $vtp->closeSession( $handle, 'errors' ); diff --git a/include/config.inc.php b/include/config.inc.php index 07b3bfb14..ae54d5616 100644 --- a/include/config.inc.php +++ b/include/config.inc.php @@ -62,7 +62,7 @@ $infos = array( 'prefix_thumbnail', 'webmaster', 'mail_webmaster', 'access', 'upload_available', 'upload_maxfilesize', 'upload_maxwidth', 'upload_maxheight', 'upload_maxwidth_thumbnail', 'upload_maxheight_thumbnail','log','comments_validation', - 'comments_forall' ); + 'comments_forall','authorize_cookies' ); $query = 'SELECT '; foreach ( $infos as $i => $info ) { diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php index 6109456cc..34032b572 100644 --- a/include/functions_session.inc.php +++ b/include/functions_session.inc.php @@ -14,17 +14,22 @@ * the Free Software Foundation; * * * ***************************************************************************/ + +// The function generate_key creates a string with pseudo random characters. +// the size of the string depends on the $conf['session_id_size']. +// Characters used are a-z A-Z and numerical values. Examples : +// "Er4Tgh6", "Rrp08P", "54gj" +// input : none (using global variable) +// output : $key function generate_key() { global $conf; + $md5 = md5( substr( microtime(), 2, 6 ).$conf['session_keyword'] ); $init = ''; for ( $i = 0; $i < strlen( $md5 ); $i++ ) { - if ( is_numeric( $md5[$i] ) ) - { - $init.= $md5[$i]; - } + if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i]; } $init = substr( $init, 0, 8 ); mt_srand( $init ); @@ -32,26 +37,19 @@ function generate_key() for ( $i = 0; $i < $conf['session_id_size']; $i++ ) { $c = mt_rand( 0, 2 ); - if ( $c == 0 ) - { - $key .= chr( mt_rand( 65, 90 ) ); - } - else if ( $c == 1 ) - { - $key .= chr( mt_rand( 97, 122 ) ); - } - else - { - $key .= mt_rand( 0, 9 ); - } + if ( $c == 0 ) $key .= chr( mt_rand( 65, 90 ) ); + else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) ); + else $key .= mt_rand( 0, 9 ); } return $key; } - + +// The function create_session finds a non-already-used session key and +// returns it once found for the given user. function session_create( $username ) { global $conf; - // 1. searching an unused sesison key + // 1. searching an unused session key $id_found = false; while ( !$id_found ) { @@ -89,6 +87,9 @@ function session_create( $username ) function add_session_id( $url, $redirect = false ) { global $page, $user; + + if ( $user['has_cookie'] ) return $url; + $amp = '&'; if ( $redirect ) { @@ -110,4 +111,13 @@ function add_session_id( $url, $redirect = false ) return $url; } } + +// cookie_path returns the path to use for the PhpWebGallery cookie. +// If PhpWebGallery is installed on : +// http://domain.org/meeting/gallery/category.php +// cookie_path will return : "/meeting/gallery" +function cookie_path() +{ + return substr($_SERVER['PHP_SELF'],0,strrpos( $_SERVER['PHP_SELF'],'/')); +} ?> \ No newline at end of file diff --git a/include/user.inc.php b/include/user.inc.php index f950b3a1e..a90e8983d 100644 --- a/include/user.inc.php +++ b/include/user.inc.php @@ -32,35 +32,60 @@ foreach ( $infos as $i => $info ) { $query_user.= ' FROM '.PREFIX_TABLE.'users'; $query_done = false; $user['is_the_guest'] = false; -if ( isset( $_GET['id'] ) - && ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $_GET['id'] ) ) + +// cookie deletion if administrator don't authorize them anymore +if ( !$conf['authorize_cookies'] and isset( $_COOKIE['id'] ) ) +{ + setcookie( 'id', '', 0, cookie_path() ); + $url = 'category.php'; + header( 'Request-URI: '.$url ); + header( 'Content-Location: '.$url ); + header( 'Location: '.$url ); + exit(); +} + +$user['has_cookie'] = false; +if ( isset( $_GET['id'] ) ) $session_id = $_GET['id']; +elseif ( isset( $_COOKIE['id'] ) ) { - $page['session_id'] = $_GET['id']; + $session_id = $_COOKIE['id']; + $user['has_cookie'] = true; +} + +if ( isset( $session_id ) + and ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id ) ) +{ + $page['session_id'] = $session_id; $query = 'SELECT user_id,expiration,ip'; $query.= ' FROM '.PREFIX_TABLE.'sessions'; - $query.= " WHERE id = '".$_GET['id']."'"; + $query.= " WHERE id = '".$page['session_id']."'"; $query.= ';'; $result = mysql_query( $query ); if ( mysql_num_rows( $result ) > 0 ) { $row = mysql_fetch_array( $result ); - if ( $row['expiration'] < time() ) - { - // deletion of the session from the database, - // because it is out-of-date - $delete_query = 'DELETE FROM '.PREFIX_TABLE.'sessions'; - $delete_query.= " WHERE id = '".$page['session_id']."'"; - $delete_query.= ';'; - mysql_query( $delete_query ); - } - else + if ( !$user['has_cookie'] ) { + if ( $row['expiration'] < time() ) + { + // deletion of the session from the database, + // because it is out-of-date + $delete_query = 'DELETE FROM '.PREFIX_TABLE.'sessions'; + $delete_query.= " WHERE id = '".$page['session_id']."'"; + $delete_query.= ';'; + mysql_query( $delete_query ); + } if ( $_SERVER['REMOTE_ADDR'] == $row['ip'] ) { $query_user .= ' WHERE id = '.$row['user_id']; $query_done = true; } } + else + { + $query_user .= ' WHERE id = '.$row['user_id']; + $query_done = true; + } } } if ( !$query_done ) diff --git a/language/francais.php b/language/francais.php index 8e0f294e9..93fcc72cc 100644 --- a/language/francais.php +++ b/language/francais.php @@ -136,6 +136,11 @@ $lang['customize_long_period'] = 'p $lang['customize_template'] = 'template'; $lang['err_periods'] = 'les périodes doivent être des entiers'; $lang['err_periods_2'] = 'les périodes doivent être supérieures à 0, la période longue doit être plus grande que la période courte'; +$lang['create_cookie'] = 'créer un cookie'; +$lang['customize_day'] = 'jour'; +$lang['customize_week'] = 'semaine'; +$lang['customize_month'] = 'mois'; +$lang['customize_year'] = 'an'; // end version 1.3 $lang['maxwidth'] = 'largeur maximum des images'; $lang['maxheight'] = 'hauteur maximum des images'; @@ -399,6 +404,10 @@ if ( $isadmin ) $lang['conf_session_key_info'] = '- le mot-clef de session permet d\'améliorer le cryptage des identifiants de session.
- mettez n\'importe quelle chaîne de moins de 255 caractères.'; $lang['conf_session_delete'] = 'supprimer les sessions périmées'; $lang['conf_session_delete_info'] = 'il est recommandé de vider sa table de sessions car les sessions périmées restent enregistrées (mais ça ne pose pas de problème de sécurité)'; + // start version 1.3 + $lang['conf_session_cookie'] = 'autoriser les cookies'; + $lang['conf_session_cookie_info'] = 'les utilisateurs ne seront plus obligés de s\'identifier à chaque visite.'; + // end version 1.3 // page user, clés générales $lang['user_err_modify'] = 'Cet utilisateur ne peut pas être modifé ou supprimé'; diff --git a/profile.php b/profile.php index 7a47783a5..6d7cf557c 100644 --- a/profile.php +++ b/profile.php @@ -103,13 +103,18 @@ if ( isset( $_POST['submit'] ) ) $query.= ';'; mysql_query( $query ); } + if ( $_POST['create_cookie'] == 1 ) + { + setcookie( 'id',$page['session_id'],$_POST['cookie_expiration'], + cookie_path() ); + } // redirection $url = 'category.php?cat='.$page['cat'].'&expand='.$_GET['expand']; if ( $page['cat'] == 'search' ) { $url.= '&search='.$_GET['search'].'&mode='.$_GET['mode']; } - $url = add_session_id( $url, true ); + if ( $_POST['create_cookie'] != 1 ) $url = add_session_id( $url, true ); header( 'Request-URI: '.$url ); header( 'Content-Location: '.$url ); header( 'Location: '.$url ); @@ -121,7 +126,7 @@ $vtp = new VTemplate; $handle = $vtp->Open( './template/'.$user['template'].'/profile.vtp' ); initialize_template(); $tpl = array( 'customize_page_title','customize_title','password','new', - 'reg_confirm','submit' ); + 'reg_confirm','submit','create_cookie' ); templatize_array( $tpl, 'lang', $handle ); //----------------------------------------------------------------- form action $url = './profile.php?cat='.$page['cat'].'&expand='.$page['expand']; @@ -340,6 +345,28 @@ if ( in_array( 'show_nb_comments', $infos ) ) $vtp->closeSession( $handle, 'group' ); $vtp->closeSession( $handle, 'line' ); } +//--------------------------------------------------------------- create cookie +if ( $conf['authorize_cookies'] ) +{ + $vtp->addSession( $handle, 'cookie' ); + $options = array( + array( 'message' => '1 '.$lang['customize_day'], + 'value' => time() + 24*60*60 ), + array( 'message' => '1 '.$lang['customize_week'], + 'value' => time() + 7*24*60*60 ), + array( 'message' => '1 '.$lang['customize_month'], + 'value' => time() + 30*24*60*60 ), + array( 'message' => '1 '.$lang['customize_year'], + 'value' => time() + 365*24*60*60 ) + ); + foreach ( $options as $option ) { + $vtp->addSession( $handle, 'expiration_option' ); + $vtp->setVar( $handle, 'expiration_option.option', $option['message'] ); + $vtp->setVar( $handle, 'expiration_option.value', $option['value'] ); + $vtp->closeSession( $handle, 'expiration_option' ); + } + $vtp->closeSession( $handle, 'cookie' ); +} //----------------------------------------------------------- html code display $code = $vtp->Display( $handle, 0 ); echo $code; diff --git a/template/default/profile.vtp b/template/default/profile.vtp index 0d1d20fe3..3aef1460a 100644 --- a/template/default/profile.vtp +++ b/template/default/profile.vtp @@ -58,13 +58,28 @@   - {#new} {#password} + {#new} {#password} {#reg_confirm} + + +   + + + {#create_cookie} + + + + +   -- cgit v1.2.3