From d5b1c1be9e8dff671abab816efca302917bbdece Mon Sep 17 00:00:00 2001
From: nikrou <nikrou@piwigo.org>
Date: Wed, 4 Oct 2006 20:50:20 +0000
Subject: Fix bug 451: Auto login does not work properly svn merge r1492:1493
 from trunk svn merge r1510:1511 from trunk svn merge r1521:1522 from trunk
 svn merge r1523:1524 from trunk svn merge r1525:1526 from trunk auto_login
 key add to users table: - add update script - update upgrade_1.5.0.php script

(related to svn:1553)


git-svn-id: http://piwigo.org/svn/branches/branch-1_6@1554 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 include/user.inc.php | 59 ++++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 43 insertions(+), 16 deletions(-)

(limited to 'include/user.inc.php')

diff --git a/include/user.inc.php b/include/user.inc.php
index b1ec2f879..b2001fa23 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -25,26 +25,52 @@
 // | USA.                                                                  |
 // +-----------------------------------------------------------------------+
 
-// retrieving connected user informations
 if (isset($_COOKIE[session_name()])) 
 {
- session_start();
- if (isset($_SESSION['pwg_uid']))
- {
-   $user['id'] = $_SESSION['pwg_uid'];
-   $user['is_the_guest'] = false;
- }
- else 
- {
-   // session timeout
-   $user['id'] = $conf['guest_id'];
-   $user['is_the_guest'] = true;
- }
+  session_start();
+  if (isset($_GET['act']) and $_GET['act'] == 'logout')
+  {
+    // logout
+    $_SESSION = array();
+    session_unset();
+    session_destroy();
+    setcookie(session_name(),'',0,
+	      ini_get('session.cookie_path'), 
+	      ini_get('session.cookie_domain') 
+	      );
+    setcookie($conf['remember_me_name'], '', 0, cookie_path());
+    redirect(make_index_url());
+  } 
+  elseif (empty($_SESSION['pwg_uid'])) 
+  {
+    // timeout
+    setcookie(session_name(),'',0,
+	      ini_get('session.cookie_path'), 
+	      ini_get('session.cookie_domain') 
+	      );
+  }
+  else
+  {
+    $user['id'] = $_SESSION['pwg_uid'];
+    $user['is_the_guest'] = false;
+  }
+}
+elseif (!empty($_COOKIE[$conf['remember_me_name']]))
+{
+  auto_login();
 } 
-else 
+else
 {
- $user['id'] = $conf['guest_id'];
- $user['is_the_guest'] = true;
+  $user['id'] = $conf['guest_id'];
+  $user['is_the_guest'] = true;
+}
+
+if ($user['is_the_guest'] and !$conf['guest_access'] 
+    and (basename($_SERVER['PHP_SELF'])!='identification.php')
+    and (basename($_SERVER['PHP_SELF'])!='password.php')
+    and (basename($_SERVER['PHP_SELF'])!='register.php'))
+{
+  redirect (get_root_url().'identification.php');
 }
 
 // using Apache authentication override the above user search
@@ -58,6 +84,7 @@ if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER']))
   
   $user['is_the_guest'] = false;
 }
+
 $user = array_merge(
   $user,
   getuserdata(
-- 
cgit v1.2.3