From 3c8309a7e621ede168cf7f6dfd8c8d55144525ea Mon Sep 17 00:00:00 2001 From: z0rglub Date: Sat, 2 Oct 2004 23:12:50 +0000 Subject: - deletion of session_time and session_id_size as config parameter - new feature : "remember me" creates a long time cookie - possibility to set the default authentication method to URI or cookie - really technical parameters (session identifier size, session duration) are set in the config file and not in database + configuration.php git-svn-id: http://piwigo.org/svn/trunk@541 68402e56-0260-453c-a942-63ccdbb3a9ee --- identification.php | 43 +++++++++++++++++++++++++++++++++---------- 1 file changed, 33 insertions(+), 10 deletions(-) (limited to 'identification.php') diff --git a/identification.php b/identification.php index 5d2a0eb46..602af430c 100644 --- a/identification.php +++ b/identification.php @@ -31,18 +31,40 @@ include_once( PHPWG_ROOT_PATH.'include/common.inc.php' ); //-------------------------------------------------------------- identification $errors = array(); -if ( isset( $_POST['login'] ) ) +if (isset($_POST['login'])) { // retrieving the encrypted password of the login submitted - $query = 'SELECT password'; - $query.= ' FROM '.USERS_TABLE; - $query.= " WHERE username = '".$_POST['username']."';"; - $row = mysql_fetch_array( mysql_query( $query ) ); - if( $row['password'] == md5( $_POST['password'] ) ) + $query = ' +SELECT id, password + FROM '.USERS_TABLE.' + WHERE username = \''.$_POST['username'].'\' +;'; + $row = mysql_fetch_array(mysql_query($query)); + if ($row['password'] == md5($_POST['password'])) { - $session_id = session_create( $_POST['username'] ); - $url = 'category.php?id='.$session_id; - redirect( $url ); + if ($conf['auth_method'] == 'cookie' + or isset($_POST['remember_me']) and $_POST['remember_me'] == 1) + { + if ($conf['auth_method'] == 'cookie') + { + $cookie_length = $conf['session_length']; + } + else if ($_POST['remember_me'] == 1) + { + $cookie_length = $conf['remember_me_length']; + } + session_create($row['id'], + 'cookie', + $cookie_length); + redirect('category.php'); + } + else if ($conf['auth_method'] == 'URI') + { + $session_id = session_create($row['id'], + 'URI', + $conf['session_length']); + redirect('category.php?id='.$session_id); + } } else { @@ -68,7 +90,8 @@ $template->assign_vars( 'L_LOGIN' => $lang['submit'], 'L_GUEST' => $lang['ident_guest_visit'], 'L_REGISTER' => $lang['ident_register'], - 'L_FORGET' => $lang['ident_forgotten_password'], + 'L_FORGET' => $lang['ident_forgotten_password'], + 'L_REMEMBER_ME'=>$lang['remember_me'], 'T_STYLE' => $user['template'], -- cgit v1.2.3