source: trunk/include/user.inc.php @ 555

Last change on this file since 555 was 555, checked in by z0rglub, 20 years ago
  • checkbox for "remember me" are only shown if authorized
  • simplification : each session is created with a cookie and if PhpWebGallery can't read the cookie, it uses the URI id and it will be used in the add_session_id function.
  • configuration parameter "auth_method" disappeared (didn't lived much...)
  • only one session id size possible. More comments for configuration in include/config.inc.php
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 4.4 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// |                             user.inc.php                              |
4// +-----------------------------------------------------------------------+
5// | application   : PhpWebGallery <http://phpwebgallery.net>              |
6// | branch        : BSF (Best So Far)                                     |
7// +-----------------------------------------------------------------------+
8// | file          : $RCSfile$
9// | last update   : $Date: 2004-10-06 22:48:48 +0000 (Wed, 06 Oct 2004) $
10// | last modifier : $Author: z0rglub $
11// | revision      : $Revision: 555 $
12// +-----------------------------------------------------------------------+
13// | This program is free software; you can redistribute it and/or modify  |
14// | it under the terms of the GNU General Public License as published by  |
15// | the Free Software Foundation                                          |
16// |                                                                       |
17// | This program is distributed in the hope that it will be useful, but   |
18// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
19// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
20// | General Public License for more details.                              |
21// |                                                                       |
22// | You should have received a copy of the GNU General Public License     |
23// | along with this program; if not, write to the Free Software           |
24// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
25// | USA.                                                                  |
26// +-----------------------------------------------------------------------+
27
28// retrieving user informations
29// $infos array is used to know the fields to retrieve in the table "users"
30// Each field becomes an information of the array $user.
31// Example :
32//            status --> $user['status']
33$infos = array('id','username','mail_address','nb_image_line','nb_line_page',
34               'status','language','maxwidth','maxheight','expand',
35               'show_nb_comments','recent_period','template',
36               'forbidden_categories');
37
38$query_user = 'SELECT * FROM '.USERS_TABLE;
39$query_done = false;
40$user['is_the_guest'] = false;
41
42if (isset($_COOKIE['id']))
43{
44  $session_id = $_COOKIE['id'];
45  $user['has_cookie'] = true;
46}
47else if (isset($_GET['id']))
48{
49  $session_id = $_GET['id'];
50  $user['has_cookie'] = false;
51}
52else
53{
54  $user['has_cookie'] = false;
55}
56
57if (isset($session_id)
58    and ereg("^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id))
59{
60  $page['session_id'] = $session_id;
61  $query = '
62SELECT user_id,expiration,ip
63  FROM '.SESSIONS_TABLE.'
64  WHERE id = \''.$page['session_id'].'\'
65;';
66  $result = mysql_query($query);
67  if (mysql_num_rows($result) > 0)
68  {
69    $row = mysql_fetch_array($result);
70    if (!$user['has_cookie'])
71    {
72      if ($row['expiration'] < time())
73      {
74        // deletion of the session from the database,
75        // because it is out-of-date
76        $delete_query = 'DELETE FROM '.SESSIONS_TABLE;
77        $delete_query.= " WHERE id = '".$page['session_id']."'";
78        $delete_query.= ';';
79        mysql_query($delete_query);
80      }
81      else if ($_SERVER['REMOTE_ADDR'] == $row['ip'])
82      {
83        $query_user .= ' WHERE id = '.$row['user_id'];
84        $query_done = true;
85      }
86    }
87    else
88    {
89      $query_user .= ' WHERE id = '.$row['user_id'];
90      $query_done = true;
91    }
92  }
93}
94if (!$query_done)
95{
96  $query_user .= ' WHERE id = 2';
97  $user['is_the_guest'] = true;
98}
99$query_user .= ';';
100$row = mysql_fetch_array(mysql_query($query_user));
101
102// affectation of each value retrieved in the users table into a variable
103// of the array $user.
104foreach ($infos as $info) {
105  if (isset($row[$info]))
106  {
107    // If the field is true or false, the variable is transformed into a
108    // boolean value.
109    if ($row[$info] == 'true' or $row[$info] == 'false')
110      $user[$info] = get_boolean($row[$info]);
111    else
112      $user[$info] = $row[$info];   
113  }
114  else
115  {
116    $user[$info] = '';
117  }
118}
119
120// special for $user['restrictions'] array
121$user['restrictions'] = explode(',', $user['forbidden_categories']);
122if ($user['restrictions'][0] == '')
123{
124  $user['restrictions'] = array();
125}
126
127$isadmin = false;
128if ($user['status'] == 'admin')
129{
130  $isadmin =true;
131}
132// calculation of the number of picture to display per page
133$user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page'];
134init_userprefs($user);
135?>
Note: See TracBrowser for help on using the repository browser.