From 45a8139acdc9a175f8f8e1536d42fa36bc57ff4c Mon Sep 17 00:00:00 2001
From: z0rglub <z0rglub@piwigo.org>
Date: Sun, 27 Jul 2003 08:24:10 +0000
Subject: optional cookie identification

git-svn-id: http://piwigo.org/svn/trunk@45 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 include/user.inc.php | 53 ++++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 39 insertions(+), 14 deletions(-)

(limited to 'include/user.inc.php')

diff --git a/include/user.inc.php b/include/user.inc.php
index f950b3a1e..a90e8983d 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -32,35 +32,60 @@ foreach ( $infos as $i => $info ) {
 $query_user.= ' FROM '.PREFIX_TABLE.'users';
 $query_done = false;
 $user['is_the_guest'] = false;
-if ( isset( $_GET['id'] )
-     && ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $_GET['id'] ) )
+
+// cookie deletion if administrator don't authorize them anymore
+if ( !$conf['authorize_cookies'] and isset( $_COOKIE['id'] ) )
+{
+  setcookie( 'id', '', 0, cookie_path() );
+  $url = 'category.php';
+  header( 'Request-URI: '.$url );  
+  header( 'Content-Location: '.$url );  
+  header( 'Location: '.$url );
+  exit();
+}
+
+$user['has_cookie'] = false;
+if     ( isset( $_GET['id']    ) ) $session_id = $_GET['id'];
+elseif ( isset( $_COOKIE['id'] ) )
 {
-  $page['session_id'] = $_GET['id'];
+  $session_id = $_COOKIE['id'];
+  $user['has_cookie'] = true;
+}
+
+if ( isset( $session_id )
+     and ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id ) )
+{
+  $page['session_id'] = $session_id;
   $query = 'SELECT user_id,expiration,ip';
   $query.= ' FROM '.PREFIX_TABLE.'sessions';
-  $query.= " WHERE id = '".$_GET['id']."'";
+  $query.= " WHERE id = '".$page['session_id']."'";
   $query.= ';';
   $result = mysql_query( $query );
   if ( mysql_num_rows( $result ) > 0 )
   {
     $row = mysql_fetch_array( $result );
-    if ( $row['expiration'] < time() )
-    {
-      // deletion of the session from the database,
-      // because it is out-of-date
-      $delete_query = 'DELETE FROM '.PREFIX_TABLE.'sessions';
-      $delete_query.= " WHERE id = '".$page['session_id']."'";
-      $delete_query.= ';';
-      mysql_query( $delete_query );
-    }
-    else
+    if ( !$user['has_cookie'] )
     {
+      if ( $row['expiration'] < time() )
+      {
+        // deletion of the session from the database,
+        // because it is out-of-date
+        $delete_query = 'DELETE FROM '.PREFIX_TABLE.'sessions';
+        $delete_query.= " WHERE id = '".$page['session_id']."'";
+        $delete_query.= ';';
+        mysql_query( $delete_query );
+      }
       if ( $_SERVER['REMOTE_ADDR'] == $row['ip'] )
       {
         $query_user .= ' WHERE id = '.$row['user_id'];
         $query_done = true;
       }
     }
+    else
+    {
+      $query_user .= ' WHERE id = '.$row['user_id'];
+      $query_done = true;
+    }
   }
 }
 if ( !$query_done )
-- 
cgit v1.2.3