source: trunk/include/user.inc.php @ 1004

Last change on this file since 1004 was 1004, checked in by nikrou, 18 years ago

Improve security of sessions:

  • use only cookies to store session id on client side
  • use default php session system with database handler to store sessions on server side
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 3.1 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | PhpWebGallery - a PHP based picture gallery                           |
4// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
6// +-----------------------------------------------------------------------+
7// | branch        : BSF (Best So Far)
8// | file          : $RCSfile$
9// | last update   : $Date: 2006-01-15 13:45:42 +0000 (Sun, 15 Jan 2006) $
10// | last modifier : $Author: nikrou $
11// | revision      : $Revision: 1004 $
12// +-----------------------------------------------------------------------+
13// | This program is free software; you can redistribute it and/or modify  |
14// | it under the terms of the GNU General Public License as published by  |
15// | the Free Software Foundation                                          |
16// |                                                                       |
17// | This program is distributed in the hope that it will be useful, but   |
18// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
19// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
20// | General Public License for more details.                              |
21// |                                                                       |
22// | You should have received a copy of the GNU General Public License     |
23// | along with this program; if not, write to the Free Software           |
24// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
25// | USA.                                                                  |
26// +-----------------------------------------------------------------------+
27
28// retrieving connected user informations
29if (isset($_COOKIE[session_name()])) 
30{
31 session_start();
32 if (isset($_SESSION['id'])) 
33 {
34   $user['id'] = $_SESSION['id'];   
35 }
36 else 
37 {
38   // session timeout
39   $user['id'] = $conf['guest_id'];
40   $user['is_the_guest'] = true;
41 }
42} 
43else 
44{
45 $user['id'] = $conf['guest_id'];
46 $user['is_the_guest'] = true;
47}
48
49// using Apache authentication override the above user search
50if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER']))
51{
52  if (!($user['id'] = get_userid($_SERVER['REMOTE_USER'])))
53  {
54    register_user($_SERVER['REMOTE_USER'], '', '');
55    $user['id'] = get_userid($_SERVER['REMOTE_USER']);
56  }
57 
58  $user['is_the_guest'] = false;
59}
60
61$use_cache = (defined('IN_ADMIN') and IN_ADMIN) ? false : true;
62$user = array_merge($user, getuserdata($user['id'], $use_cache));
63
64// properties of user guest are found in the configuration
65if ($user['is_the_guest'])
66{
67  $user['template'] = $conf['default_template'];
68  $user['nb_image_line'] = $conf['nb_image_line'];
69  $user['nb_line_page'] = $conf['nb_line_page'];
70  $user['language'] = $conf['default_language'];
71  $user['maxwidth'] = $conf['default_maxwidth'];
72  $user['maxheight'] = $conf['default_maxheight'];
73  $user['recent_period'] = $conf['recent_period'];
74  $user['expand'] = $conf['auto_expand'];
75  $user['show_nb_comments'] = $conf['show_nb_comments'];
76}
77
78// calculation of the number of picture to display per page
79$user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page'];
80?>
Note: See TracBrowser for help on using the repository browser.