From 5d06d4354144066a39bca1c28b7a326b2de5283c Mon Sep 17 00:00:00 2001
From: nikrou <nikrou@piwigo.org>
Date: Sun, 23 Jul 2006 15:25:49 +0000
Subject: bug 451 fixed: problem with auto login - add an auto_login_key in
 users_table - $conf['session_length'] is no more useful     and sessions
 length will be 0 (until browser closed) - add $conf['remember_me_name'] for
 cookie remember name

git-svn-id: http://piwigo.org/svn/trunk@1493 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 identification.php                  | 28 ++++++++++++++++++++++
 include/config_default.inc.php      |  6 ++---
 include/functions_session.inc.php   |  7 ++----
 include/functions_user.inc.php      | 28 +++++++++++++++++++---
 install/db/26-database.php          | 47 +++++++++++++++++++++++++++++++++++++
 install/phpwebgallery_structure.sql |  3 ++-
 6 files changed, 107 insertions(+), 12 deletions(-)
 create mode 100644 install/db/26-database.php

diff --git a/identification.php b/identification.php
index df2df9b87..eba8834c0 100644
--- a/identification.php
+++ b/identification.php
@@ -71,6 +71,34 @@ SELECT '.$conf['user_fields']['id'].' AS id,
     array_push( $errors, $lang['invalid_pwd'] );
   }
 }
+elseif (!empty($_COOKIE[$conf['remember_me_name']]))
+{
+  $cookie = unserialize(pwg_stripslashes($_COOKIE[$conf['remember_me_name']]));
+  $query = '
+SELECT auto_login_key
+  FROM '.USERS_TABLE.'
+  WHERE '.$conf['user_fields']['id'].' = '.$cookie['id'].'
+;';
+
+  $auto_login_key = current(mysql_fetch_assoc(pwg_query($query)));
+  if ($auto_login_key == $cookie['key'])
+  {
+    log_user($cookie['id'], false);
+    redirect(empty($redirect_to) ? make_index_url() : $redirect_to);
+  }
+  else
+  {
+    // Hacking attempt!
+    $query = '
+UPDATE '.USERS_TABLE.'
+  SET auto_login_key=\''.$auto_login_key.'\'
+  WHERE '.$conf['user_fields']['id'].' = '.$user_id.'
+;';
+    pwg_query($query);
+    setcookie($conf['remember_me_name'], '', 0, cookie_path());
+    redirect(empty($redirect_to) ? make_index_url() : $redirect_to);
+  }
+}
 //----------------------------------------------------- template initialization
 //
 // Start output of page
diff --git a/include/config_default.inc.php b/include/config_default.inc.php
index c4c4bdb4d..0fb9eef43 100644
--- a/include/config_default.inc.php
+++ b/include/config_default.inc.php
@@ -312,13 +312,13 @@ $conf['session_save_handler'] = 'db';
 // creates a cookie on client side.
 $conf['authorize_remembering'] = true;
 
+// remember_me_name: specifies the name of the cookie used to stay logged
+$conf['remember_me_name'] = 'pwg_remember';
+
 // remember_me_length : time of validity for "remember me" cookies, in
 // seconds.
 $conf['remember_me_length'] = 31536000;
 
-// session_length : time of validity for normal session, in seconds.
-$conf['session_length'] = 3600;
-
 // +-----------------------------------------------------------------------+
 // |                                debug                                  |
 // +-----------------------------------------------------------------------+
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index 8765028ae..7fdf5dde8 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -71,11 +71,8 @@ if (isset($conf['session_save_handler'])
     ini_set('session.use_only_cookies', $conf['session_use_only_cookies']);
     ini_set('session.use_trans_sid', intval($conf['session_use_trans_sid']));
   }
-  session_name( $conf['session_name'] );
-  session_set_cookie_params(
-      ini_get('session.cookie_lifetime'),
-      cookie_path()
-    );
+  session_name($conf['session_name']);
+  session_set_cookie_params(0, cookie_path());
 }
 
 // cookie_path returns the path to use for the PhpWebGallery cookie.
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index c3048d6b0..134f7493d 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -551,12 +551,34 @@ function get_language_filepath($filename)
 function log_user($user_id, $remember_me)
 {
   global $conf;
-  $session_length = $conf['session_length'];
+
   if ($remember_me)
   {
-    $session_length = $conf['remember_me_length'];
+    // search for an existing auto_login_key
+    $query = '
+SELECT auto_login_key 
+  FROM '.USERS_TABLE.'
+  WHERE '.$conf['user_fields']['id'].' = '.$user_id.'
+;';
+ 
+    $auto_login_key = current(mysql_fetch_assoc(pwg_query($query)));
+    if (empty($auto_login_key)) 
+    {
+      $auto_login_key = base64_encode(md5(uniqid(rand(), true)));
+      $query = '
+UPDATE '.USERS_TABLE.'
+  SET auto_login_key=\''.$auto_login_key.'\'
+  WHERE '.$conf['user_fields']['id'].' = '.$user_id.'
+;';
+      pwg_query($query);
+    }
+    $cookie = array('id' => $user_id, 'key' => $auto_login_key);
+    setcookie($conf['remember_me_name'],
+	      serialize($cookie), 
+	      time()+$conf['remember_me_length'],
+	      cookie_path()
+	      );
   }
-  session_set_cookie_params($session_length);
   session_start();
   $_SESSION['pwg_uid'] = $user_id;
 }
diff --git a/install/db/26-database.php b/install/db/26-database.php
new file mode 100644
index 000000000..fb0f291a5
--- /dev/null
+++ b/install/db/26-database.php
@@ -0,0 +1,47 @@
+<?php
+// +-----------------------------------------------------------------------+
+// | PhpWebGallery - a PHP based picture gallery                           |
+// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
+// | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net |
+// +-----------------------------------------------------------------------+
+// | branch        : BSF (Best So Far)
+// | file          : $RCSfile$
+// | last update   : $Date: 2006-07-23 14:17:00 +0200 (dim, 23 jui 2006) $
+// | last modifier : $Author: nikrou $
+// | revision      : $Revision: 1492 $
+// +-----------------------------------------------------------------------+
+// | This program is free software; you can redistribute it and/or modify  |
+// | it under the terms of the GNU General Public License as published by  |
+// | the Free Software Foundation                                          |
+// |                                                                       |
+// | This program is distributed in the hope that it will be useful, but   |
+// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
+// | General Public License for more details.                              |
+// |                                                                       |
+// | You should have received a copy of the GNU General Public License     |
+// | along with this program; if not, write to the Free Software           |
+// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
+// | USA.                                                                  |
+// +-----------------------------------------------------------------------+
+
+if (!defined('PHPWG_ROOT_PATH'))
+{
+  die('Hacking attempt!');
+}
+
+$upgrade_description = 'add an auto login key in users table';
+
+// add column auto_login_key
+$query = '
+ALTER TABLE '.PREFIX_TABLE.'users
+  ADD auto_login_key varchar(64) NOT NULL
+;';
+pwg_query($query);
+
+echo
+"\n"
+. $upgrade_description
+."\n"
+;
+?>
diff --git a/install/phpwebgallery_structure.sql b/install/phpwebgallery_structure.sql
index 73f132af7..5a3b13014 100644
--- a/install/phpwebgallery_structure.sql
+++ b/install/phpwebgallery_structure.sql
@@ -1,4 +1,4 @@
--- MySQL dump 9.11
+1-- MySQL dump 9.11
 --
 -- Host: localhost    Database: pwg-bsf
 -- ------------------------------------------------------
@@ -345,6 +345,7 @@ CREATE TABLE `phpwebgallery_users` (
   `username` varchar(20) binary NOT NULL default '',
   `password` varchar(32) default NULL,
   `mail_address` varchar(255) default NULL,
+  `auto_login_key` varchar(64) default NULL,
   PRIMARY KEY  (`id`),
   UNIQUE KEY `users_ui1` (`username`)
 ) TYPE=MyISAM;
-- 
cgit v1.2.3