From eaacbc7b2d224524eac6def04e9b721949afd4b8 Mon Sep 17 00:00:00 2001 From: rvelices Date: Fri, 20 Oct 2006 02:17:53 +0000 Subject: - put back config['session_length'] disappeared in r1493 but has always been used in the code (generates mysql errors on session garbage collector) - fix auto_login (die mysql when session timed out, but user has remember) - when a user reconnects from identification.php, the remember cookie was not deleted - fix all redirect warnings/errors (many changes - mainly in common.inc.php and user.inc.php) - reduced $conf['remember_me_length'] to 60 days, because now at each auto login the 60 days countdown restarts git-svn-id: http://piwigo.org/svn/trunk@1568 68402e56-0260-453c-a942-63ccdbb3a9ee --- identification.php | 5 +- include/common.inc.php | 107 +++++++++++++++++++---------------------- include/config_default.inc.php | 5 +- include/functions.inc.php | 34 +++++-------- include/functions_user.inc.php | 91 +++++++++++++++++++++++++++++------ include/template.php | 29 ++++++++--- include/user.inc.php | 75 ++++++++--------------------- 7 files changed, 183 insertions(+), 163 deletions(-) diff --git a/identification.php b/identification.php index d37434682..a1a60ec08 100644 --- a/identification.php +++ b/identification.php @@ -72,10 +72,7 @@ SELECT '.$conf['user_fields']['id'].' AS id, array_push( $errors, $lang['invalid_pwd'] ); } } -elseif (!empty($_COOKIE[$conf['remember_me_name']])) -{ - auto_login(); -} + //----------------------------------------------------- template initialization // // Start output of page diff --git a/include/common.inc.php b/include/common.inc.php index d7b557679..d0376afe8 100644 --- a/include/common.inc.php +++ b/include/common.inc.php @@ -132,28 +132,6 @@ or die ( "Could not connect to database server" ); mysql_select_db( $cfgBase ) or die ( "Could not connect to database" ); -if ($conf['check_upgrade_feed'] - and defined('PHPWG_IN_UPGRADE') - and PHPWG_IN_UPGRADE) -{ - // retrieve already applied upgrades - $query = ' -SELECT id - FROM '.UPGRADE_TABLE.' -;'; - $applied = array_from_query($query, 'id'); - - // retrieve existing upgrades - $existing = get_available_upgrade_ids(); - - // which upgrades need to be applied? - if (count(array_diff($existing, $applied)) > 0) - { - $header_msgs[] = 'Some database upgrades are missing, ' - .'upgrade now'; - } -} - // // Setup gallery wide options, if this fails then we output a CRITICAL_ERROR // since basic gallery information is not available @@ -162,67 +140,82 @@ load_conf_from_db(); include(PHPWG_ROOT_PATH.'include/user.inc.php'); + // language files include_once(get_language_filepath('common.lang.php')); - if (defined('IN_ADMIN') and IN_ADMIN) { include_once(get_language_filepath('admin.lang.php')); } +// only now we can set the localized username of the guest user (and not in +// include/user.inc.php) +if ($user['is_the_guest']) +{ + $user['username'] = $lang['guest']; +} + +// template instance +$template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template'], $user['theme'] ); + if ($conf['gallery_locked']) { - $header_msgs[] = $lang['gallery_locked_message'] - . '.'; + $header_msgs[] = $lang['gallery_locked_message']; - if ( basename($_SERVER["PHP_SELF"]) != 'identification.php' + if ( basename($_SERVER["SCRIPT_FILENAME"]) != 'identification.php' and !is_admin() ) { - echo( $lang['gallery_locked_message'] ); + //next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG + $page['root_path'] = cookie_path(); + echo $lang['gallery_locked_message'] + .'.'; exit(); } } -// only now we can set the localized username of the guest user (and not in -// include/user.inc.php) -if ($user['is_the_guest']) +if ($user['is_the_guest'] and !$conf['guest_access'] + and !in_array( basename($_SERVER['SCRIPT_FILENAME']), + array('identification.php', + 'password.php', + 'register.php' + ) + ) + ) { - $user['username'] = $lang['guest']; + //next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG + $page['root_path'] = cookie_path(); + redirect (get_root_url().'identification.php'); } -// include template/theme configuration -if (defined('IN_ADMIN') and IN_ADMIN) -{ - list($user['template'], $user['theme']) = - explode - ( - '/', - isset($conf['default_admin_layout']) ? $conf['default_admin_layout'] - : $user['template'] - ); -// TODO : replace $conf['admin_layout'] by $user['admin_layout'] -} -else +if ($conf['check_upgrade_feed'] + and defined('PHPWG_IN_UPGRADE') + and PHPWG_IN_UPGRADE) { - list($user['template'], $user['theme']) = explode('/', $user['template']); -} -// TODO : replace initial $user['template'] by $user['layout'] + // retrieve already applied upgrades + $query = ' +SELECT id + FROM '.UPGRADE_TABLE.' +;'; + $applied = array_from_query($query, 'id'); -include( - PHPWG_ROOT_PATH - .'template/'.$user['template'] - .'/theme/'.$user['theme'] - .'/themeconf.inc.php' - ); + // retrieve existing upgrades + $existing = get_available_upgrade_ids(); + + // which upgrades need to be applied? + if (count(array_diff($existing, $applied)) > 0) + { + //next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG + $page['root_path'] = cookie_path(); + $header_msgs[] = 'Some database upgrades are missing, ' + .'upgrade now'; + } +} if (is_adviser()) { $header_msgs[] = $lang['adviser_mode_enabled']; } -// template instance -$template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template']); - if (count($header_msgs) > 0) { $template->assign_block_vars('header_msgs',array()); @@ -232,4 +225,4 @@ if (count($header_msgs) > 0) array('HEADER_MSG'=>$header_msg)); } } -?> +?> \ No newline at end of file diff --git a/include/config_default.inc.php b/include/config_default.inc.php index fb752fae8..c4426d711 100644 --- a/include/config_default.inc.php +++ b/include/config_default.inc.php @@ -323,7 +323,10 @@ $conf['remember_me_name'] = 'pwg_remember'; // remember_me_length : time of validity for "remember me" cookies, in // seconds. -$conf['remember_me_length'] = 31536000; +$conf['remember_me_length'] = 5184000; + +// session_length : time of validity for normal session, in seconds. +$conf['session_length'] = 3600; // +-----------------------------------------------------------------------+ // | debug | diff --git a/include/functions.inc.php b/include/functions.inc.php index d23c55fa8..2e7a47b4b 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -584,8 +584,16 @@ function redirect( $url , $msg = '', $refresh_time = 0) { global $user, $template, $lang_info, $conf, $lang, $t2, $page, $debug; - if (!isset($lang_info)) { + if (!isset($lang_info)) + { + $user = build_user( $conf['guest_id'], true); include_once(get_language_filepath('common.lang.php')); + list($tmpl, $thm) = explode('/', $conf['default_template']); + $template = new Template(PHPWG_ROOT_PATH.'template/'.$tmpl, $thm); + } + else + { + $template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template'], $user['theme']); } if (empty($msg)) @@ -602,26 +610,6 @@ function redirect( $url , $msg = '', $refresh_time = 0) $url_link = $url; $title = 'redirection'; - unset($template); - if ( isset($user['template']) ) - { - $template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template']); - } - else - { - list($tmpl, $thm) = explode('/', $conf['default_template']); - global $themeconf; - include( - PHPWG_ROOT_PATH - .'template/'.$tmpl - .'/theme/'.$thm - .'/themeconf.inc.php' - ); - $template = new Template(PHPWG_ROOT_PATH.'template/'.$tmpl); - $user['is_the_guest']=true; - $user['id']=$conf['guest_id']; - } - $template->set_filenames( array( 'redirect' => 'redirect.tpl' ) ); include( PHPWG_ROOT_PATH.'include/page_header.php' ); @@ -921,9 +909,9 @@ function str_translate_to_ascii7bits($str) */ function get_themeconf($key) { - global $themeconf; + global $template; - return isset($themeconf[$key]) ? $themeconf[$key] : ''; + return $template->get_themeconf($key); } /** diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 978739ca5..dac173f3e 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -104,6 +104,52 @@ function setup_style($style) return new Template(PHPWG_ROOT_PATH.'template/'.$style); } +function build_user( $user_id, $use_cache ) +{ + global $conf; + $user['id'] = $user_id; + $user = array_merge( $user, getuserdata($user_id, $use_cache) ); + if ( $user['id'] == $conf['guest_id']) + { + $user['is_the_guest']=true; + $user['template'] = $conf['default_template']; + $user['nb_image_line'] = $conf['nb_image_line']; + $user['nb_line_page'] = $conf['nb_line_page']; + $user['language'] = $conf['default_language']; + $user['maxwidth'] = $conf['default_maxwidth']; + $user['maxheight'] = $conf['default_maxheight']; + $user['recent_period'] = $conf['recent_period']; + $user['expand'] = $conf['auto_expand']; + $user['show_nb_comments'] = $conf['show_nb_comments']; + $user['enabled_high'] = $conf['newuser_default_enabled_high']; + } + else + { + $user['is_the_guest']=false; + } + // calculation of the number of picture to display per page + $user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page']; + + // include template/theme configuration + if (defined('IN_ADMIN') and IN_ADMIN) + { + list($user['template'], $user['theme']) = + explode + ( + '/', + isset($conf['default_admin_layout']) ? $conf['default_admin_layout'] + : $user['template'] + ); + // TODO : replace $conf['admin_layout'] by $user['admin_layout'] + } + else + { + list($user['template'], $user['theme']) = explode('/', $user['template']); + } + + return $user; +} + /** * find informations related to the user identifier * @@ -580,40 +626,53 @@ UPDATE '.USERS_TABLE.' cookie_path() ); } - session_start(); + else + { // make sure we clean any remember me ... + setcookie($conf['remember_me_name'], '', 0, cookie_path()); + } + if ( session_id()!="" ) + { // this can happpen when the session is expired and auto_login + session_regenerate_id(); + } + else + { + session_start(); + } $_SESSION['pwg_uid'] = $user_id; $user['id'] = $_SESSION['pwg_uid']; - $user['is_the_guest'] = false; } /* * Performs auto-connexion when cookie remember_me exists - * @return void + * @return true/false */ function auto_login() { global $conf; - // must remove slash added in include/common.inc.php - $cookie = unserialize(stripslashes($_COOKIE[$conf['remember_me_name']])); + if ( isset( $_COOKIE[$conf['remember_me_name']] ) ) + { + // must remove slash added in include/common.inc.php + $cookie = unserialize(stripslashes($_COOKIE[$conf['remember_me_name']])); - $query = ' + $query = ' SELECT auto_login_key FROM '.USERS_TABLE.' WHERE '.$conf['user_fields']['id'].' = '.$cookie['id'].' ;'; - $auto_login_key = current(mysql_fetch_assoc(pwg_query($query))); - if ($auto_login_key == $cookie['key']) - { - log_user($cookie['id'], false); - redirect(make_index_url()); - } - else - { - setcookie($conf['remember_me_name'], '', 0, cookie_path()); - redirect(make_index_url()); + $auto_login_key = current(mysql_fetch_assoc(pwg_query($query))); + if ($auto_login_key == $cookie['key']) + { + log_user($cookie['id'], true); + return true; + } + else + { + setcookie($conf['remember_me_name'], '', 0, cookie_path()); + } } + return false; } /* diff --git a/include/template.php b/include/template.php index d93700b7a..df9c9a013 100644 --- a/include/template.php +++ b/include/template.php @@ -59,13 +59,22 @@ class Template { // output var $output = ''; + var $themeconf = array(); + /** * Constructor. Simply sets the root dir. * */ - function Template($root = ".") + function Template($root = ".", $theme= "") { - $this->set_rootdir($root); + if ( $this->set_rootdir($root) ) + { + if ( !empty( $theme ) ) + { + include($root.'/theme/'.$theme.'/themeconf.inc.php'); + $this->themeconf = $themeconf; + } + } } /** @@ -311,14 +320,14 @@ class Template { { die("Template->loadfile(): File $filename for handle $handle is empty"); } - + $this->uncompiled_code[$handle] = $str; - + return true; } - - - + + + /** * Compiles the given string of code, and returns the result in a string. * @@ -331,7 +340,7 @@ class Template { // PWG specific : communication between template and $lang $code = preg_replace('/\{lang:([^}]+)\}/e', "l10n('$1')", $code); // PWG specific : expand themeconf.inc.php variables - $code = preg_replace('/\{themeconf:([^}]+)\}/e', "get_themeconf('$1')", $code); + $code = preg_replace('/\{themeconf:([^}]+)\}/e', '$this->get_themeconf(\'$1\')', $code); $code = preg_replace('/\{pwg_root\}/e', "get_root_url()", $code); // replace \ with \\ and then ' with \'. @@ -525,6 +534,10 @@ class Template { return $varref; } + function get_themeconf($key) + { + return isset($this->themeconf[$key]) ? $this->themeconf[$key] : ''; + } } ?> diff --git a/include/user.inc.php b/include/user.inc.php index b6b6d1bcb..f5c77b2f8 100644 --- a/include/user.inc.php +++ b/include/user.inc.php @@ -25,53 +25,44 @@ // | USA. | // +-----------------------------------------------------------------------+ +// by default we start with guest +$user['id'] = $conf['guest_id']; + if (isset($_COOKIE[session_name()])) { session_start(); if (isset($_GET['act']) and $_GET['act'] == 'logout') - { - // logout + { // logout $_SESSION = array(); session_unset(); session_destroy(); setcookie(session_name(),'',0, - ini_get('session.cookie_path'), - ini_get('session.cookie_domain') - ); + ini_get('session.cookie_path'), + ini_get('session.cookie_domain') + ); setcookie($conf['remember_me_name'], '', 0, cookie_path()); redirect(make_index_url()); - } - elseif (empty($_SESSION['pwg_uid'])) - { - // timeout + } + elseif (empty($_SESSION['pwg_uid'])) + { // timeout setcookie(session_name(),'',0, - ini_get('session.cookie_path'), - ini_get('session.cookie_domain') - ); + ini_get('session.cookie_path'), + ini_get('session.cookie_domain') + ); } else { $user['id'] = $_SESSION['pwg_uid']; - $user['is_the_guest'] = false; } } -elseif (!empty($_COOKIE[$conf['remember_me_name']])) + + +// Now check the auto-login +if ( $user['id']==$conf['guest_id'] ) { auto_login(); -} -else -{ - $user['id'] = $conf['guest_id']; - $user['is_the_guest'] = true; } -if ($user['is_the_guest'] and !$conf['guest_access'] - and (basename($_SERVER['PHP_SELF'])!='identification.php') - and (basename($_SERVER['PHP_SELF'])!='password.php') - and (basename($_SERVER['PHP_SELF'])!='register.php')) -{ - redirect (get_root_url().'identification.php'); -} // using Apache authentication override the above user search if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER'])) @@ -81,33 +72,9 @@ if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER'])) register_user($_SERVER['REMOTE_USER'], '', ''); $user['id'] = get_userid($_SERVER['REMOTE_USER']); } - - $user['is_the_guest'] = false; -} - -$user = array_merge( - $user, - getuserdata( - $user['id'], - ( defined('IN_ADMIN') and IN_ADMIN ) ? false : true // use cache ? - ) - ); - -// properties of user guest are found in the configuration -if ($user['is_the_guest']) -{ - $user['template'] = $conf['default_template']; - $user['nb_image_line'] = $conf['nb_image_line']; - $user['nb_line_page'] = $conf['nb_line_page']; - $user['language'] = $conf['default_language']; - $user['maxwidth'] = $conf['default_maxwidth']; - $user['maxheight'] = $conf['default_maxheight']; - $user['recent_period'] = $conf['recent_period']; - $user['expand'] = $conf['auto_expand']; - $user['show_nb_comments'] = $conf['show_nb_comments']; - $user['enabled_high'] = $conf['newuser_default_enabled_high']; } +$user = build_user( $user['id'], + ( defined('IN_ADMIN') and IN_ADMIN ) ? false : true // use cache ? + ); -// calculation of the number of picture to display per page -$user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page']; -?> +?> \ No newline at end of file -- cgit v1.2.3