From 3c8309a7e621ede168cf7f6dfd8c8d55144525ea Mon Sep 17 00:00:00 2001
From: z0rglub <z0rglub@piwigo.org>
Date: Sat, 2 Oct 2004 23:12:50 +0000
Subject: - deletion of session_time and session_id_size as config parameter

- new feature : "remember me" creates a long time cookie

- possibility to set the default authentication method to URI or cookie

- really technical parameters (session identifier size, session duration)
  are set in the config file and not in database + configuration.php


git-svn-id: http://piwigo.org/svn/trunk@541 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 include/user.inc.php | 74 +++++++++++++++++++++++++++++-----------------------
 1 file changed, 42 insertions(+), 32 deletions(-)

(limited to 'include/user.inc.php')

diff --git a/include/user.inc.php b/include/user.inc.php
index c1f018f92..01a7243d1 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -30,55 +30,65 @@
 // Each field becomes an information of the array $user.
 // Example :
 //            status --> $user['status']
-$infos = array( 'id', 'username', 'mail_address', 'nb_image_line',
-                'nb_line_page', 'status', 'language', 'maxwidth',
-                'maxheight', 'expand', 'show_nb_comments', 'recent_period',
-                'template', 'forbidden_categories' );
+$infos = array('id','username','mail_address','nb_image_line','nb_line_page',
+               'status','language','maxwidth','maxheight','expand',
+               'show_nb_comments','recent_period','template',
+               'forbidden_categories');
 
 $query_user = 'SELECT * FROM '.USERS_TABLE;
 $query_done = false;
 $user['is_the_guest'] = false;
 
 // cookie deletion if administrator don't authorize them anymore
-if ( !$conf['authorize_cookies'] and isset( $_COOKIE['id'] ) )
+if (!$conf['authorize_remembering'] and isset($_COOKIE['id']))
 {
-  setcookie( 'id', '', 0, cookie_path() );
+  setcookie('id', '', 0, cookie_path());
   $url = 'category.php';
-  redirect( $url );
+  redirect($url);
 }
 
-$user['has_cookie'] = false;
-if     ( isset( $_GET['id']    ) ) $session_id = $_GET['id'];
-elseif ( isset( $_COOKIE['id'] ) )
+if (isset($_GET['id']))
+{
+  $session_id = $_GET['id'];
+  $user['has_cookie'] = false;
+  $session_id_size = $conf['session_id_size_URI'];
+}
+elseif (isset($_COOKIE['id']))
 {
   $session_id = $_COOKIE['id'];
   $user['has_cookie'] = true;
+  $session_id_size = $conf['session_id_size_cookie'];
+}
+else
+{
+  $user['has_cookie'] = false;
 }
 
-if ( isset( $session_id )
-     and ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id ) )
+if (isset($session_id)
+     and ereg("^[0-9a-zA-Z]{".$session_id_size."}$", $session_id))
 {
   $page['session_id'] = $session_id;
-  $query = 'SELECT user_id,expiration,ip';
-  $query.= ' FROM '.SESSIONS_TABLE;
-  $query.= " WHERE id = '".$page['session_id']."'";
-  $query.= ';';
-  $result = mysql_query( $query );
-  if ( mysql_num_rows( $result ) > 0 )
+  $query = '
+SELECT user_id,expiration,ip
+  FROM '.SESSIONS_TABLE.'
+  WHERE id = \''.$page['session_id'].'\'
+;';
+  $result = mysql_query($query);
+  if (mysql_num_rows($result) > 0)
   {
-    $row = mysql_fetch_array( $result );
-    if ( !$user['has_cookie'] )
+    $row = mysql_fetch_array($result);
+    if (!$user['has_cookie'])
     {
-      if ( $row['expiration'] < time() )
+      if ($row['expiration'] < time())
       {
         // deletion of the session from the database,
         // because it is out-of-date
         $delete_query = 'DELETE FROM '.SESSIONS_TABLE;
         $delete_query.= " WHERE id = '".$page['session_id']."'";
         $delete_query.= ';';
-        mysql_query( $delete_query );
+        mysql_query($delete_query);
       }
-      else if ( $_SERVER['REMOTE_ADDR'] == $row['ip'] )
+      else if ($_SERVER['REMOTE_ADDR'] == $row['ip'])
       {
         $query_user .= ' WHERE id = '.$row['user_id'];
         $query_done = true;
@@ -91,23 +101,23 @@ if ( isset( $session_id )
     }
   }
 }
-if ( !$query_done )
+if (!$query_done)
 {
   $query_user .= ' WHERE id = 2';
   $user['is_the_guest'] = true;
 }
 $query_user .= ';';
-$row = mysql_fetch_array( mysql_query( $query_user ) );
+$row = mysql_fetch_array(mysql_query($query_user));
 
 // affectation of each value retrieved in the users table into a variable
 // of the array $user.
-foreach ( $infos as $info ) {
-  if ( isset( $row[$info] ) )
+foreach ($infos as $info) {
+  if (isset($row[$info]))
   {
     // If the field is true or false, the variable is transformed into a
     // boolean value.
-    if ( $row[$info] == 'true' or $row[$info] == 'false' )
-      $user[$info] = get_boolean( $row[$info] );
+    if ($row[$info] == 'true' or $row[$info] == 'false')
+      $user[$info] = get_boolean($row[$info]);
     else
       $user[$info] = $row[$info];    
   }
@@ -118,14 +128,14 @@ foreach ( $infos as $info ) {
 }
 
 // special for $user['restrictions'] array
-$user['restrictions'] = explode( ',', $user['forbidden_categories'] );
-if ( $user['restrictions'][0] == '' )
+$user['restrictions'] = explode(',', $user['forbidden_categories']);
+if ($user['restrictions'][0] == '')
 {
   $user['restrictions'] = array();
 }
 
 $isadmin = false;
-if ( $user['status'] == 'admin' )
+if ($user['status'] == 'admin')
 {
   $isadmin =true;
 }
-- 
cgit v1.2.3