Changeset 45
- Timestamp:
- Jul 27, 2003, 10:24:10 AM (21 years ago)
- Location:
- trunk
- Files:
-
- 9 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/admin/configuration.php
r42 r45 42 42 'upload_maxfilesize', 'upload_maxwidth','upload_maxheight', 43 43 'upload_maxwidth_thumbnail','upload_maxheight_thumbnail','log', 44 'comments_validation','comments_forall' );44 'comments_validation','comments_forall','authorize_cookies' ); 45 45 $default_user_infos = 46 46 array( 'nb_image_line','nb_line_page','language','maxwidth', … … 852 852 $vtp->closeSession( $sub, 'space_line' ); 853 853 $vtp->closeSession( $sub, 'line' ); 854 // authorize cookies ? 855 $vtp->addSession( $sub, 'line' ); 856 $vtp->addSession( $sub, 'param_line' ); 857 $vtp->setVar( $sub, 'param_line.name', $lang['conf_session_cookie'] ); 858 $vtp->addSession( $sub, 'group' ); 859 $vtp->addSession( $sub, 'radio' ); 860 $vtp->setVar( $sub, 'radio.name', 'authorize_cookies' ); 861 $vtp->setVar( $sub, 'radio.value', 'true' ); 862 $checked = ''; 863 if ( $authorize_cookies == 'true' ) 864 { 865 $checked = ' checked="checked"'; 866 } 867 $vtp->setVar( $sub, 'radio.checked', $checked ); 868 $vtp->setVar( $sub, 'radio.option', $lang['yes'] ); 869 $vtp->closeSession( $sub, 'radio' ); 870 $vtp->addSession( $sub, 'radio' ); 871 $vtp->setVar( $sub, 'radio.name', 'authorize_cookies' ); 872 $vtp->setVar( $sub, 'radio.value', 'false' ); 873 $checked = ''; 874 if ( $authorize_cookies == 'false' ) 875 { 876 $checked = ' checked="checked"'; 877 } 878 $vtp->setVar( $sub, 'radio.checked', $checked ); 879 $vtp->setVar( $sub, 'radio.option', $lang['no'] ); 880 $vtp->closeSession( $sub, 'radio' ); 881 $vtp->closeSession( $sub, 'group' ); 882 $vtp->setVar( $sub, 'param_line.def', $lang['conf_session_cookie_info'] ); 883 $vtp->closeSession( $sub, 'param_line' ); 884 $vtp->closeSession( $sub, 'line' ); 854 885 // session size 855 886 $vtp->addSession( $sub, 'line' ); -
trunk/category.php
r38 r45 21 21 //----------------------------------------------------------- personnal include 22 22 include_once( './include/init.inc.php' ); 23 //---------------------------------------------------------------------- logout 24 if ( $_GET['act'] == 'logout' and isset( $_COOKIE['id'] ) ) 25 { 26 // cookie deletion if exists 27 setcookie( 'id', '', 0, cookie_path() ); 28 $url = 'category.php'; 29 header( 'Request-URI: '.$url ); 30 header( 'Content-Location: '.$url ); 31 header( 'Location: '.$url ); 32 exit(); 33 } 23 34 //-------------------------------------------------- access authorization check 24 35 // creating the plain structure : array of all the available categories and … … 151 162 // logout link 152 163 $vtp->addSession( $handle, 'summary' ); 153 $vtp->setVar( $handle, 'summary.url', './category.php? cat='.$page['cat']);164 $vtp->setVar( $handle, 'summary.url', './category.php?act=logout' ); 154 165 $vtp->setVar( $handle, 'summary.title', '' ); 155 166 $vtp->setVar( $handle, 'summary.name', replace_space( $lang['logout'] ) ); -
trunk/identification.php
r26 r45 19 19 include_once( "./include/init.inc.php" ); 20 20 //-------------------------------------------------------------- identification 21 $error = array();21 $errors = array(); 22 22 if ( isset( $_POST['login'] ) ) 23 23 { 24 $i = 0;25 24 // retrieving the encrypted password of the login submitted 26 25 $query = 'select password'; … … 39 38 else 40 39 { 41 $error[$i++] = $lang['invalid_pwd'];40 array_push( $errors, $lang['invalid_pwd'] ); 42 41 } 43 42 } … … 64 63 { 65 64 $vtp->addSession( $handle, 'errors' ); 66 for ( $i = 0; $i < sizeof( $error ); $i++ ) 67 { 65 foreach ( $errors as $error ) { 68 66 $vtp->addSession( $handle, 'li' ); 69 $vtp->setVar( $handle, 'li.li', $error [$i]);67 $vtp->setVar( $handle, 'li.li', $error ); 70 68 $vtp->closeSession( $handle, 'li' ); 71 69 } -
trunk/include/config.inc.php
r42 r45 63 63 'upload_maxheight', 'upload_maxwidth_thumbnail', 64 64 'upload_maxheight_thumbnail','log','comments_validation', 65 'comments_forall' );65 'comments_forall','authorize_cookies' ); 66 66 67 67 $query = 'SELECT '; -
trunk/include/functions_session.inc.php
r14 r45 15 15 * * 16 16 ***************************************************************************/ 17 18 // The function generate_key creates a string with pseudo random characters. 19 // the size of the string depends on the $conf['session_id_size']. 20 // Characters used are a-z A-Z and numerical values. Examples : 21 // "Er4Tgh6", "Rrp08P", "54gj" 22 // input : none (using global variable) 23 // output : $key 17 24 function generate_key() 18 25 { 19 26 global $conf; 27 20 28 $md5 = md5( substr( microtime(), 2, 6 ).$conf['session_keyword'] ); 21 29 $init = ''; 22 30 for ( $i = 0; $i < strlen( $md5 ); $i++ ) 23 31 { 24 if ( is_numeric( $md5[$i] ) ) 25 { 26 $init.= $md5[$i]; 27 } 32 if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i]; 28 33 } 29 34 $init = substr( $init, 0, 8 ); … … 33 38 { 34 39 $c = mt_rand( 0, 2 ); 35 if ( $c == 0 ) 36 { 37 $key .= chr( mt_rand( 65, 90 ) ); 38 } 39 else if ( $c == 1 ) 40 { 41 $key .= chr( mt_rand( 97, 122 ) ); 42 } 43 else 44 { 45 $key .= mt_rand( 0, 9 ); 46 } 40 if ( $c == 0 ) $key .= chr( mt_rand( 65, 90 ) ); 41 else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) ); 42 else $key .= mt_rand( 0, 9 ); 47 43 } 48 44 return $key; 49 45 } 50 46 47 // The function create_session finds a non-already-used session key and 48 // returns it once found for the given user. 51 49 function session_create( $username ) 52 50 { 53 51 global $conf; 54 // 1. searching an unused ses ison key52 // 1. searching an unused session key 55 53 $id_found = false; 56 54 while ( !$id_found ) … … 90 88 { 91 89 global $page, $user; 90 91 if ( $user['has_cookie'] ) return $url; 92 92 93 $amp = '&'; 93 94 if ( $redirect ) … … 111 112 } 112 113 } 114 115 // cookie_path returns the path to use for the PhpWebGallery cookie. 116 // If PhpWebGallery is installed on : 117 // http://domain.org/meeting/gallery/category.php 118 // cookie_path will return : "/meeting/gallery" 119 function cookie_path() 120 { 121 return substr($_SERVER['PHP_SELF'],0,strrpos( $_SERVER['PHP_SELF'],'/')); 122 } 113 123 ?> -
trunk/include/user.inc.php
r26 r45 33 33 $query_done = false; 34 34 $user['is_the_guest'] = false; 35 if ( isset( $_GET['id'] ) 36 && ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $_GET['id'] ) ) 35 36 // cookie deletion if administrator don't authorize them anymore 37 if ( !$conf['authorize_cookies'] and isset( $_COOKIE['id'] ) ) 37 38 { 38 $page['session_id'] = $_GET['id']; 39 setcookie( 'id', '', 0, cookie_path() ); 40 $url = 'category.php'; 41 header( 'Request-URI: '.$url ); 42 header( 'Content-Location: '.$url ); 43 header( 'Location: '.$url ); 44 exit(); 45 } 46 47 $user['has_cookie'] = false; 48 if ( isset( $_GET['id'] ) ) $session_id = $_GET['id']; 49 elseif ( isset( $_COOKIE['id'] ) ) 50 { 51 $session_id = $_COOKIE['id']; 52 $user['has_cookie'] = true; 53 } 54 55 if ( isset( $session_id ) 56 and ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id ) ) 57 { 58 $page['session_id'] = $session_id; 39 59 $query = 'SELECT user_id,expiration,ip'; 40 60 $query.= ' FROM '.PREFIX_TABLE.'sessions'; 41 $query.= " WHERE id = '".$ _GET['id']."'";61 $query.= " WHERE id = '".$page['session_id']."'"; 42 62 $query.= ';'; 43 63 $result = mysql_query( $query ); … … 45 65 { 46 66 $row = mysql_fetch_array( $result ); 47 if ( $row['expiration'] < time())67 if ( !$user['has_cookie'] ) 48 68 { 49 // deletion of the session from the database,50 // because it is out-of-date51 $delete_query = 'DELETE FROM '.PREFIX_TABLE.'sessions';52 $delete_query.= " WHERE id = '".$page['session_id']."'";53 $delete_query.= ';';54 mysql_query( $delete_query );55 }56 else57 {69 if ( $row['expiration'] < time() ) 70 { 71 // deletion of the session from the database, 72 // because it is out-of-date 73 $delete_query = 'DELETE FROM '.PREFIX_TABLE.'sessions'; 74 $delete_query.= " WHERE id = '".$page['session_id']."'"; 75 $delete_query.= ';'; 76 mysql_query( $delete_query ); 77 } 58 78 if ( $_SERVER['REMOTE_ADDR'] == $row['ip'] ) 59 79 { … … 61 81 $query_done = true; 62 82 } 83 } 84 else 85 { 86 $query_user .= ' WHERE id = '.$row['user_id']; 87 $query_done = true; 63 88 } 64 89 } -
trunk/language/francais.php
r42 r45 137 137 $lang['err_periods'] = 'les périodes doivent être des entiers'; 138 138 $lang['err_periods_2'] = 'les périodes doivent être supérieures à 0, la période longue doit être plus grande que la période courte'; 139 $lang['create_cookie'] = 'créer un cookie'; 140 $lang['customize_day'] = 'jour'; 141 $lang['customize_week'] = 'semaine'; 142 $lang['customize_month'] = 'mois'; 143 $lang['customize_year'] = 'an'; 139 144 // end version 1.3 140 145 $lang['maxwidth'] = 'largeur maximum des images'; … … 400 405 $lang['conf_session_delete'] = 'supprimer les sessions périmées'; 401 406 $lang['conf_session_delete_info'] = 'il est recommandé de vider sa table de sessions car les sessions périmées restent enregistrées (mais ça ne pose pas de problème de sécurité)'; 407 // start version 1.3 408 $lang['conf_session_cookie'] = 'autoriser les cookies'; 409 $lang['conf_session_cookie_info'] = 'les utilisateurs ne seront plus obligés de s\'identifier à chaque visite.'; 410 // end version 1.3 402 411 403 412 // page user, clés générales -
trunk/profile.php
r26 r45 104 104 mysql_query( $query ); 105 105 } 106 if ( $_POST['create_cookie'] == 1 ) 107 { 108 setcookie( 'id',$page['session_id'],$_POST['cookie_expiration'], 109 cookie_path() ); 110 } 106 111 // redirection 107 112 $url = 'category.php?cat='.$page['cat'].'&expand='.$_GET['expand']; … … 110 115 $url.= '&search='.$_GET['search'].'&mode='.$_GET['mode']; 111 116 } 112 $url = add_session_id( $url, true );117 if ( $_POST['create_cookie'] != 1 ) $url = add_session_id( $url, true ); 113 118 header( 'Request-URI: '.$url ); 114 119 header( 'Content-Location: '.$url ); … … 122 127 initialize_template(); 123 128 $tpl = array( 'customize_page_title','customize_title','password','new', 124 'reg_confirm','submit' );129 'reg_confirm','submit','create_cookie' ); 125 130 templatize_array( $tpl, 'lang', $handle ); 126 131 //----------------------------------------------------------------- form action … … 341 346 $vtp->closeSession( $handle, 'line' ); 342 347 } 348 //--------------------------------------------------------------- create cookie 349 if ( $conf['authorize_cookies'] ) 350 { 351 $vtp->addSession( $handle, 'cookie' ); 352 $options = array( 353 array( 'message' => '1 '.$lang['customize_day'], 354 'value' => time() + 24*60*60 ), 355 array( 'message' => '1 '.$lang['customize_week'], 356 'value' => time() + 7*24*60*60 ), 357 array( 'message' => '1 '.$lang['customize_month'], 358 'value' => time() + 30*24*60*60 ), 359 array( 'message' => '1 '.$lang['customize_year'], 360 'value' => time() + 365*24*60*60 ) 361 ); 362 foreach ( $options as $option ) { 363 $vtp->addSession( $handle, 'expiration_option' ); 364 $vtp->setVar( $handle, 'expiration_option.option', $option['message'] ); 365 $vtp->setVar( $handle, 'expiration_option.value', $option['value'] ); 366 $vtp->closeSession( $handle, 'expiration_option' ); 367 } 368 $vtp->closeSession( $handle, 'cookie' ); 369 } 343 370 //----------------------------------------------------------- html code display 344 371 $code = $vtp->Display( $handle, 0 ); -
trunk/template/default/profile.vtp
r25 r45 59 59 </tr> 60 60 <tr> 61 <td class="menu">{#new} {#password} <input type="checkbox" name="use_new_pwd" value="1" /></td>61 <td class="menu">{#new} {#password} <input type="checkbox" name="use_new_pwd" value="1" /></td> 62 62 <td class="menu"><input type="password" name="password" value="" /></td> 63 63 </tr> … … 66 66 <td class="menu"><input type="password" name="passwordConf" value="" /></td> 67 67 </tr> 68 <!--VTP_cookie--> 69 <tr> 70 <td colspan="2"> </td> 71 </tr> 72 <tr> 73 <td class="menu">{#create_cookie} <input type="checkbox" name="create_cookie" value="1" /></td> 74 <td class="menu"> 75 <select name="cookie_expiration"> 76 <!--VTP_expiration_option--> 77 <option value="{#value}">{#option}</option> 78 <!--/VTP_expiration_option--> 79 </select> 80 </td> 81 </tr> 82 <!--/VTP_cookie--> 68 83 <tr> 69 84 <td colspan="2"> </td>
Note: See TracChangeset
for help on using the changeset viewer.