Changeset 45


Ignore:
Timestamp:
Jul 27, 2003, 10:24:10 AM (21 years ago)
Author:
z0rglub
Message:

optional cookie identification

Location:
trunk
Files:
9 edited

Legend:

Unmodified
Added
Removed

  • trunk/admin/configuration.php

    r42 r45  
    4242       'upload_maxfilesize', 'upload_maxwidth','upload_maxheight',
    4343       'upload_maxwidth_thumbnail','upload_maxheight_thumbnail','log',
    44        'comments_validation','comments_forall' );
     44       'comments_validation','comments_forall','authorize_cookies' );
    4545$default_user_infos =
    4646array( 'nb_image_line','nb_line_page','language','maxwidth',
     
    852852$vtp->closeSession( $sub, 'space_line' );
    853853$vtp->closeSession( $sub, 'line' );
     854// authorize cookies ?
     855$vtp->addSession( $sub, 'line' );
     856$vtp->addSession( $sub, 'param_line' );
     857$vtp->setVar( $sub, 'param_line.name', $lang['conf_session_cookie'] );
     858$vtp->addSession( $sub, 'group' );
     859$vtp->addSession( $sub, 'radio' );
     860$vtp->setVar( $sub, 'radio.name', 'authorize_cookies' );
     861$vtp->setVar( $sub, 'radio.value', 'true' );
     862$checked = '';
     863if ( $authorize_cookies == 'true' )
     864{
     865  $checked = ' checked="checked"';
     866}
     867$vtp->setVar( $sub, 'radio.checked', $checked );
     868$vtp->setVar( $sub, 'radio.option', $lang['yes'] );
     869$vtp->closeSession( $sub, 'radio' );
     870$vtp->addSession( $sub, 'radio' );
     871$vtp->setVar( $sub, 'radio.name', 'authorize_cookies' );
     872$vtp->setVar( $sub, 'radio.value', 'false' );
     873$checked = '';
     874if ( $authorize_cookies == 'false' )
     875{
     876  $checked = ' checked="checked"';
     877}
     878$vtp->setVar( $sub, 'radio.checked', $checked );
     879$vtp->setVar( $sub, 'radio.option', $lang['no'] );
     880$vtp->closeSession( $sub, 'radio' );
     881$vtp->closeSession( $sub, 'group' );
     882$vtp->setVar( $sub, 'param_line.def', $lang['conf_session_cookie_info'] );
     883$vtp->closeSession( $sub, 'param_line' );
     884$vtp->closeSession( $sub, 'line' );
    854885// session size
    855886$vtp->addSession( $sub, 'line' );

  • trunk/category.php

    r38 r45  
    2121//----------------------------------------------------------- personnal include
    2222include_once( './include/init.inc.php' );
     23//---------------------------------------------------------------------- logout
     24if ( $_GET['act'] == 'logout' and isset( $_COOKIE['id'] ) )
     25{
     26  // cookie deletion if exists
     27  setcookie( 'id', '', 0, cookie_path() );
     28  $url = 'category.php';
     29  header( 'Request-URI: '.$url ); 
     30  header( 'Content-Location: '.$url ); 
     31  header( 'Location: '.$url );
     32  exit();
     33}
    2334//-------------------------------------------------- access authorization check
    2435// creating the plain structure : array of all the available categories and
     
    151162  // logout link
    152163  $vtp->addSession( $handle, 'summary' );
    153   $vtp->setVar( $handle, 'summary.url', './category.php?cat='.$page['cat'] );
     164  $vtp->setVar( $handle, 'summary.url', './category.php?act=logout' );
    154165  $vtp->setVar( $handle, 'summary.title', '' );
    155166  $vtp->setVar( $handle, 'summary.name', replace_space( $lang['logout'] ) );

  • trunk/identification.php

    r26 r45  
    1919include_once( "./include/init.inc.php" );
    2020//-------------------------------------------------------------- identification
    21 $error = array();
     21$errors = array();
    2222if ( isset( $_POST['login'] ) )
    2323{
    24   $i = 0;
    2524  // retrieving the encrypted password of the login submitted
    2625  $query = 'select password';
     
    3938  else
    4039  {
    41     $error[$i++] = $lang['invalid_pwd'];
     40    array_push( $errors, $lang['invalid_pwd'] );
    4241  }
    4342}
     
    6463{
    6564  $vtp->addSession( $handle, 'errors' );
    66   for ( $i = 0; $i < sizeof( $error ); $i++ )
    67   {
     65  foreach ( $errors as $error ) {
    6866    $vtp->addSession( $handle, 'li' );
    69     $vtp->setVar( $handle, 'li.li', $error[$i] );
     67    $vtp->setVar( $handle, 'li.li', $error );
    7068    $vtp->closeSession( $handle, 'li' );
    7169  }

  • trunk/include/config.inc.php

    r42 r45  
    6363                'upload_maxheight', 'upload_maxwidth_thumbnail',
    6464                'upload_maxheight_thumbnail','log','comments_validation',
    65                 'comments_forall' );
     65                'comments_forall','authorize_cookies' );
    6666
    6767$query  = 'SELECT ';

  • trunk/include/functions_session.inc.php

    r14 r45  
    1515 *                                                                         *
    1616 ***************************************************************************/
     17
     18// The function generate_key creates a string with pseudo random characters.
     19// the size of the string depends on the $conf['session_id_size'].
     20// Characters used are a-z A-Z and numerical values. Examples :
     21//                    "Er4Tgh6", "Rrp08P", "54gj"
     22// input  : none (using global variable)
     23// output : $key
    1724function generate_key()
    1825{
    1926  global $conf;
     27
    2028  $md5 = md5( substr( microtime(), 2, 6 ).$conf['session_keyword'] );
    2129  $init = '';
    2230  for ( $i = 0; $i < strlen( $md5 ); $i++ )
    2331  {
    24     if ( is_numeric( $md5[$i] ) )
    25     {
    26       $init.= $md5[$i];
    27     }
     32    if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i];
    2833  }
    2934  $init = substr( $init, 0, 8 );
     
    3338  {
    3439    $c = mt_rand( 0, 2 );
    35     if ( $c == 0 )
    36     {
    37       $key .= chr( mt_rand( 65, 90 ) );
    38     }
    39     else if ( $c == 1 )
    40     {
    41       $key .= chr( mt_rand( 97, 122 ) );
    42     }
    43     else
    44     {
    45       $key .= mt_rand( 0, 9 );
    46     }
     40    if ( $c == 0 )      $key .= chr( mt_rand( 65, 90 ) );
     41    else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) );
     42    else                $key .= mt_rand( 0, 9 );
    4743  }
    4844  return $key;
    4945}
    50        
     46
     47// The function create_session finds a non-already-used session key and
     48// returns it once found for the given user.
    5149function session_create( $username )
    5250{
    5351  global $conf;
    54   // 1. searching an unused sesison key
     52  // 1. searching an unused session key
    5553  $id_found = false;
    5654  while ( !$id_found )
     
    9088{
    9189  global $page, $user;
     90
     91  if ( $user['has_cookie'] ) return $url;
     92
    9293  $amp = '&amp;';
    9394  if ( $redirect )
     
    111112  }
    112113}
     114
     115// cookie_path returns the path to use for the PhpWebGallery cookie.
     116// If PhpWebGallery is installed on :
     117// http://domain.org/meeting/gallery/category.php
     118// cookie_path will return : "/meeting/gallery"
     119function cookie_path()
     120{
     121  return substr($_SERVER['PHP_SELF'],0,strrpos( $_SERVER['PHP_SELF'],'/'));
     122}
    113123?>

  • trunk/include/user.inc.php

    r26 r45  
    3333$query_done = false;
    3434$user['is_the_guest'] = false;
    35 if ( isset( $_GET['id'] )
    36      && ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $_GET['id'] ) )
     35
     36// cookie deletion if administrator don't authorize them anymore
     37if ( !$conf['authorize_cookies'] and isset( $_COOKIE['id'] ) )
    3738{
    38   $page['session_id'] = $_GET['id'];
     39  setcookie( 'id', '', 0, cookie_path() );
     40  $url = 'category.php';
     41  header( 'Request-URI: '.$url ); 
     42  header( 'Content-Location: '.$url ); 
     43  header( 'Location: '.$url );
     44  exit();
     45}
     46
     47$user['has_cookie'] = false;
     48if     ( isset( $_GET['id']    ) ) $session_id = $_GET['id'];
     49elseif ( isset( $_COOKIE['id'] ) )
     50{
     51  $session_id = $_COOKIE['id'];
     52  $user['has_cookie'] = true;
     53}
     54
     55if ( isset( $session_id )
     56     and ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id ) )
     57{
     58  $page['session_id'] = $session_id;
    3959  $query = 'SELECT user_id,expiration,ip';
    4060  $query.= ' FROM '.PREFIX_TABLE.'sessions';
    41   $query.= " WHERE id = '".$_GET['id']."'";
     61  $query.= " WHERE id = '".$page['session_id']."'";
    4262  $query.= ';';
    4363  $result = mysql_query( $query );
     
    4565  {
    4666    $row = mysql_fetch_array( $result );
    47     if ( $row['expiration'] < time() )
     67    if ( !$user['has_cookie'] )
    4868    {
    49       // deletion of the session from the database,
    50       // because it is out-of-date
    51       $delete_query = 'DELETE FROM '.PREFIX_TABLE.'sessions';
    52       $delete_query.= " WHERE id = '".$page['session_id']."'";
    53       $delete_query.= ';';
    54       mysql_query( $delete_query );
    55     }
    56     else
    57     {
     69      if ( $row['expiration'] < time() )
     70      {
     71        // deletion of the session from the database,
     72        // because it is out-of-date
     73        $delete_query = 'DELETE FROM '.PREFIX_TABLE.'sessions';
     74        $delete_query.= " WHERE id = '".$page['session_id']."'";
     75        $delete_query.= ';';
     76        mysql_query( $delete_query );
     77      }
    5878      if ( $_SERVER['REMOTE_ADDR'] == $row['ip'] )
    5979      {
     
    6181        $query_done = true;
    6282      }
     83    }
     84    else
     85    {
     86      $query_user .= ' WHERE id = '.$row['user_id'];
     87      $query_done = true;
    6388    }
    6489  }

  • trunk/language/francais.php

    r42 r45  
    137137$lang['err_periods'] = 'les périodes doivent être des entiers';
    138138$lang['err_periods_2'] = 'les périodes doivent être supérieures à 0, la période longue doit être plus grande que la période courte';
     139$lang['create_cookie'] = 'créer un cookie';
     140$lang['customize_day'] = 'jour';
     141$lang['customize_week'] = 'semaine';
     142$lang['customize_month'] = 'mois';
     143$lang['customize_year'] = 'an';
    139144// end version 1.3
    140145$lang['maxwidth'] = 'largeur maximum des images';
     
    400405  $lang['conf_session_delete'] = 'supprimer les sessions périmées';
    401406  $lang['conf_session_delete_info'] = 'il est recommandé de vider sa table de sessions car les sessions périmées restent enregistrées (mais ça ne pose pas de problème de sécurité)';
     407  // start version 1.3
     408  $lang['conf_session_cookie'] = 'autoriser les cookies';
     409  $lang['conf_session_cookie_info'] = 'les utilisateurs ne seront plus obligés de s\'identifier à chaque visite.';
     410  // end version 1.3
    402411               
    403412  // page user, clés générales

  • trunk/profile.php

    r26 r45  
    104104      mysql_query( $query );
    105105    }
     106    if ( $_POST['create_cookie'] == 1 )
     107    {
     108      setcookie( 'id',$page['session_id'],$_POST['cookie_expiration'],
     109                 cookie_path() );
     110    }
    106111    // redirection
    107112    $url = 'category.php?cat='.$page['cat'].'&expand='.$_GET['expand'];
     
    110115      $url.= '&search='.$_GET['search'].'&mode='.$_GET['mode'];
    111116    }
    112     $url = add_session_id( $url, true );
     117    if ( $_POST['create_cookie'] != 1 ) $url = add_session_id( $url, true );
    113118    header( 'Request-URI: '.$url ); 
    114119    header( 'Content-Location: '.$url ); 
     
    122127initialize_template();
    123128$tpl = array( 'customize_page_title','customize_title','password','new',
    124               'reg_confirm','submit' );
     129              'reg_confirm','submit','create_cookie' );
    125130templatize_array( $tpl, 'lang', $handle );
    126131//----------------------------------------------------------------- form action
     
    341346  $vtp->closeSession( $handle, 'line' );
    342347}
     348//--------------------------------------------------------------- create cookie
     349if ( $conf['authorize_cookies'] )
     350{
     351  $vtp->addSession( $handle, 'cookie' );
     352  $options = array(
     353    array( 'message' => '1 '.$lang['customize_day'],
     354           'value' => time() + 24*60*60 ),
     355    array( 'message' => '1 '.$lang['customize_week'],
     356           'value' => time() + 7*24*60*60 ),
     357    array( 'message' => '1 '.$lang['customize_month'],
     358           'value' => time() + 30*24*60*60 ),
     359    array( 'message' => '1 '.$lang['customize_year'],
     360           'value' => time() + 365*24*60*60 )
     361    );
     362  foreach ( $options as $option ) {
     363    $vtp->addSession( $handle, 'expiration_option' );
     364    $vtp->setVar( $handle, 'expiration_option.option', $option['message'] );
     365    $vtp->setVar( $handle, 'expiration_option.value', $option['value'] );
     366    $vtp->closeSession( $handle, 'expiration_option' );
     367  }
     368  $vtp->closeSession( $handle, 'cookie' );
     369}
    343370//----------------------------------------------------------- html code display
    344371$code = $vtp->Display( $handle, 0 );

  • trunk/template/default/profile.vtp

    r25 r45  
    5959                      </tr>
    6060                      <tr>
    61                         <td class="menu">{#new} {#password}<input type="checkbox" name="use_new_pwd" value="1" /></td>
     61                        <td class="menu">{#new} {#password} <input type="checkbox" name="use_new_pwd" value="1" /></td>
    6262                        <td class="menu"><input type="password" name="password" value="" /></td>
    6363                      </tr>
     
    6666                        <td class="menu"><input type="password" name="passwordConf" value="" /></td>
    6767                      </tr>
     68                      <!--VTP_cookie-->
     69                      <tr>
     70                        <td colspan="2">&nbsp;</td>
     71                      </tr>
     72                      <tr>
     73                        <td class="menu">{#create_cookie} <input type="checkbox" name="create_cookie" value="1" /></td>
     74                        <td class="menu">
     75                          <select name="cookie_expiration">
     76                          <!--VTP_expiration_option-->
     77                            <option value="{#value}">{#option}</option>
     78                          <!--/VTP_expiration_option-->
     79                          </select>
     80                        </td>
     81                      </tr>
     82                      <!--/VTP_cookie-->
    6883                      <tr>
    6984                        <td colspan="2">&nbsp;</td>
Note: See TracChangeset for help on using the changeset viewer.