source: trunk/include/user.inc.php @ 541

Last change on this file since 541 was 541, checked in by z0rglub, 20 years ago
  • deletion of session_time and session_id_size as config parameter
  • new feature : "remember me" creates a long time cookie
  • possibility to set the default authentication method to URI or cookie
  • really technical parameters (session identifier size, session duration) are set in the config file and not in database + configuration.php
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 4.8 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// |                             user.inc.php                              |
4// +-----------------------------------------------------------------------+
5// | application   : PhpWebGallery <http://phpwebgallery.net>              |
6// | branch        : BSF (Best So Far)                                     |
7// +-----------------------------------------------------------------------+
8// | file          : $RCSfile$
9// | last update   : $Date: 2004-10-02 23:12:50 +0000 (Sat, 02 Oct 2004) $
10// | last modifier : $Author: z0rglub $
11// | revision      : $Revision: 541 $
12// +-----------------------------------------------------------------------+
13// | This program is free software; you can redistribute it and/or modify  |
14// | it under the terms of the GNU General Public License as published by  |
15// | the Free Software Foundation                                          |
16// |                                                                       |
17// | This program is distributed in the hope that it will be useful, but   |
18// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
19// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
20// | General Public License for more details.                              |
21// |                                                                       |
22// | You should have received a copy of the GNU General Public License     |
23// | along with this program; if not, write to the Free Software           |
24// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
25// | USA.                                                                  |
26// +-----------------------------------------------------------------------+
27
28// retrieving user informations
29// $infos array is used to know the fields to retrieve in the table "users"
30// Each field becomes an information of the array $user.
31// Example :
32//            status --> $user['status']
33$infos = array('id','username','mail_address','nb_image_line','nb_line_page',
34               'status','language','maxwidth','maxheight','expand',
35               'show_nb_comments','recent_period','template',
36               'forbidden_categories');
37
38$query_user = 'SELECT * FROM '.USERS_TABLE;
39$query_done = false;
40$user['is_the_guest'] = false;
41
42// cookie deletion if administrator don't authorize them anymore
43if (!$conf['authorize_remembering'] and isset($_COOKIE['id']))
44{
45  setcookie('id', '', 0, cookie_path());
46  $url = 'category.php';
47  redirect($url);
48}
49
50if (isset($_GET['id']))
51{
52  $session_id = $_GET['id'];
53  $user['has_cookie'] = false;
54  $session_id_size = $conf['session_id_size_URI'];
55}
56elseif (isset($_COOKIE['id']))
57{
58  $session_id = $_COOKIE['id'];
59  $user['has_cookie'] = true;
60  $session_id_size = $conf['session_id_size_cookie'];
61}
62else
63{
64  $user['has_cookie'] = false;
65}
66
67if (isset($session_id)
68     and ereg("^[0-9a-zA-Z]{".$session_id_size."}$", $session_id))
69{
70  $page['session_id'] = $session_id;
71  $query = '
72SELECT user_id,expiration,ip
73  FROM '.SESSIONS_TABLE.'
74  WHERE id = \''.$page['session_id'].'\'
75;';
76  $result = mysql_query($query);
77  if (mysql_num_rows($result) > 0)
78  {
79    $row = mysql_fetch_array($result);
80    if (!$user['has_cookie'])
81    {
82      if ($row['expiration'] < time())
83      {
84        // deletion of the session from the database,
85        // because it is out-of-date
86        $delete_query = 'DELETE FROM '.SESSIONS_TABLE;
87        $delete_query.= " WHERE id = '".$page['session_id']."'";
88        $delete_query.= ';';
89        mysql_query($delete_query);
90      }
91      else if ($_SERVER['REMOTE_ADDR'] == $row['ip'])
92      {
93        $query_user .= ' WHERE id = '.$row['user_id'];
94        $query_done = true;
95      }
96    }
97    else
98    {
99      $query_user .= ' WHERE id = '.$row['user_id'];
100      $query_done = true;
101    }
102  }
103}
104if (!$query_done)
105{
106  $query_user .= ' WHERE id = 2';
107  $user['is_the_guest'] = true;
108}
109$query_user .= ';';
110$row = mysql_fetch_array(mysql_query($query_user));
111
112// affectation of each value retrieved in the users table into a variable
113// of the array $user.
114foreach ($infos as $info) {
115  if (isset($row[$info]))
116  {
117    // If the field is true or false, the variable is transformed into a
118    // boolean value.
119    if ($row[$info] == 'true' or $row[$info] == 'false')
120      $user[$info] = get_boolean($row[$info]);
121    else
122      $user[$info] = $row[$info];   
123  }
124  else
125  {
126    $user[$info] = '';
127  }
128}
129
130// special for $user['restrictions'] array
131$user['restrictions'] = explode(',', $user['forbidden_categories']);
132if ($user['restrictions'][0] == '')
133{
134  $user['restrictions'] = array();
135}
136
137$isadmin = false;
138if ($user['status'] == 'admin')
139{
140  $isadmin =true;
141}
142// calculation of the number of picture to display per page
143$user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page'];
144init_userprefs($user);
145?>
Note: See TracBrowser for help on using the repository browser.