- Timestamp:
- Oct 3, 2004, 1:12:50 AM (20 years ago)
- Location:
- trunk
- Files:
-
- 13 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/admin/configuration.php
r528 r541 121 121 break; 122 122 } 123 case 'session' :124 {125 // session_id size must be an integer between 4 and 50126 if (!preg_match($int_pattern, $_POST['session_id_size'])127 or $_POST['session_id_size'] < 4128 or $_POST['session_id_size'] > 50)129 {130 array_push($errors, $lang['conf_session_size_error']);131 }132 // session_time must be an integer between 5 and 60, in minutes133 if (!preg_match($int_pattern, $_POST['session_time'])134 or $_POST['session_time'] < 5135 or $_POST['session_time'] > 60)136 {137 array_push($errors, $lang['conf_session_time_error']);138 }139 break;140 }141 123 } 142 124 … … 173 155 'L_SUBMIT'=>$lang['submit'], 174 156 'L_RESET'=>$lang['reset'], 157 'L_URI'=>$lang['URI'], 158 'L_COOKIE'=>$lang['cookie'], 175 159 176 160 'F_ACTION'=>add_session_id($action) … … 321 305 case 'session' : 322 306 { 323 $cookie_yes = ($conf['upload_available']=='true')?'checked="checked"':''; 324 $cookie_no = ($conf['upload_available']=='false')?'checked="checked"':''; 307 $auth_method_URI = ($conf['auth_method']=='URI')?'checked="checked"':''; 308 $auth_method_cookie = 309 ($conf['auth_method']=='cookie')?'checked="checked"':''; 310 $authorize_remembering_yes = 311 ($conf['authorize_remembering']=='true')?'checked="checked"':''; 312 $authorize_remembering_no = 313 ($conf['authorize_remembering']=='false')?'checked="checked"':''; 325 314 326 315 $template->assign_block_vars( … … 328 317 array( 329 318 'L_CONF_TITLE'=>$lang['conf_session_title'], 330 'L_CONF_COOKIE'=>$lang['conf_cookies'], 331 'L_CONF_COOKIE_INFO'=>$lang['conf_cookies_info'], 332 'L_SESSION_LENGTH'=>$lang['conf_session_time'], 333 'L_SESSION_LENGTH_INFO'=>$lang['conf_session_time_info'], 334 'L_SESSION_ID_SIZE'=>$lang['conf_session_size'], 335 'L_SESSION_ID_SIZE_INFO'=>$lang['conf_session_size_info'], 336 337 'SESSION_LENGTH'=>$conf['session_time'], 338 'SESSION_ID_SIZE'=>$conf['session_id_size'], 339 'COOKIE_YES'=>$cookie_yes, 340 'COOKIE_NO'=>$cookie_no 319 'L_CONF_AUTH_METHOD'=>$lang['conf_auth_method'], 320 'L_CONF_AUTH_METHOD_INFO'=>$lang['conf_auth_method_info'], 321 'L_CONF_AUTHORIZE_REMEMBERING'=>$lang['conf_authorize_remembering'], 322 'L_CONF_AUTHORIZE_REMEMBERING_INFO' => 323 $lang['conf_authorize_remembering_info'], 324 325 'AUTH_METHOD_URI'=>$auth_method_URI, 326 'AUTH_METHOD_COOKIE'=>$auth_method_cookie, 327 'AUTHORIZE_REMEMBERING_YES'=>$authorize_remembering_yes, 328 'AUTHORIZE_REMEMBERING_NO'=>$authorize_remembering_no 341 329 )); 342 330 break; -
trunk/category.php
r533 r541 153 153 'L_PROFILE' => $lang['customize'], 154 154 'L_PROFILE_HINT' => $lang['hint_customize'], 155 'L_REMEMBER_ME' => $lang['remember_me'], 155 156 156 157 'F_IDENTIFY' => add_session_id( PHPWG_ROOT_PATH.'identification.php' ), -
trunk/identification.php
r405 r541 32 32 //-------------------------------------------------------------- identification 33 33 $errors = array(); 34 if ( isset( $_POST['login'] ))34 if (isset($_POST['login'])) 35 35 { 36 36 // retrieving the encrypted password of the login submitted 37 $query = 'SELECT password'; 38 $query.= ' FROM '.USERS_TABLE; 39 $query.= " WHERE username = '".$_POST['username']."';"; 40 $row = mysql_fetch_array( mysql_query( $query ) ); 41 if( $row['password'] == md5( $_POST['password'] ) ) 37 $query = ' 38 SELECT id, password 39 FROM '.USERS_TABLE.' 40 WHERE username = \''.$_POST['username'].'\' 41 ;'; 42 $row = mysql_fetch_array(mysql_query($query)); 43 if ($row['password'] == md5($_POST['password'])) 42 44 { 43 $session_id = session_create( $_POST['username'] ); 44 $url = 'category.php?id='.$session_id; 45 redirect( $url ); 45 if ($conf['auth_method'] == 'cookie' 46 or isset($_POST['remember_me']) and $_POST['remember_me'] == 1) 47 { 48 if ($conf['auth_method'] == 'cookie') 49 { 50 $cookie_length = $conf['session_length']; 51 } 52 else if ($_POST['remember_me'] == 1) 53 { 54 $cookie_length = $conf['remember_me_length']; 55 } 56 session_create($row['id'], 57 'cookie', 58 $cookie_length); 59 redirect('category.php'); 60 } 61 else if ($conf['auth_method'] == 'URI') 62 { 63 $session_id = session_create($row['id'], 64 'URI', 65 $conf['session_length']); 66 redirect('category.php?id='.$session_id); 67 } 46 68 } 47 69 else … … 69 91 'L_GUEST' => $lang['ident_guest_visit'], 70 92 'L_REGISTER' => $lang['ident_register'], 71 'L_FORGET' => $lang['ident_forgotten_password'], 93 'L_FORGET' => $lang['ident_forgotten_password'], 94 'L_REMEMBER_ME'=>$lang['remember_me'], 72 95 73 96 'T_STYLE' => $user['template'], -
trunk/include/common.inc.php
r512 r541 168 168 // since basic gallery information is not available 169 169 // 170 $query = 'SELECT param,value'; 171 $query.= ' FROM '.CONFIG_TABLE; 172 $query.= ';'; 170 $query = ' 171 SELECT param,value 172 FROM '.CONFIG_TABLE.' 173 ;'; 173 174 if( !( $result = mysql_query( $query ) ) ) 174 175 { -
trunk/include/config.inc.php
r531 r541 90 90 $conf['calendar_datefield'] = 'date_available'; 91 91 $conf['rate'] = true; 92 93 // time of validity for "remember me" cookies, in seconds. 94 $conf['remember_me_length'] = 31536000; 95 96 // time of validity for normal session, in seconds. 97 $conf['session_length'] = 3600; 98 99 // session id length when session id in URI 100 $conf['session_id_size_URI'] = 4; 101 102 // session id length when session id in cookie 103 $conf['session_id_size_cookie'] = 50; 92 104 ?> -
trunk/include/functions_session.inc.php
r518 r541 32 32 // input : none (using global variable) 33 33 // output : $key 34 function generate_key( )34 function generate_key($size) 35 35 { 36 36 global $conf; … … 45 45 mt_srand( $init ); 46 46 $key = ''; 47 for ( $i = 0; $i < $ conf['session_id_size']; $i++ )47 for ( $i = 0; $i < $size; $i++ ) 48 48 { 49 49 $c = mt_rand( 0, 2 ); … … 55 55 } 56 56 57 // The function create_session finds a non-already-used session key and 58 // returns it once found for the given user. 59 function session_create( $username ) 57 /** 58 * create a new session and returns the session identifier 59 * 60 * - find a non-already-used session key 61 * - create a session in database 62 * - return session identifier 63 * 64 * @param int userid 65 * @param string method : cookie or URI 66 * @param int session_lentgh : in seconds 67 * @return string 68 */ 69 function session_create($userid, $method, $session_length) 60 70 { 61 71 global $conf; 72 62 73 // 1. searching an unused session key 63 74 $id_found = false; 64 while ( !$id_found)75 while (!$id_found) 65 76 { 66 $generated_id = generate_key(); 67 $query = 'select id'; 68 $query.= ' from '.PREFIX_TABLE.'sessions'; 69 $query.= " where id = '".$generated_id."';"; 70 $result = mysql_query( $query ); 71 if ( mysql_num_rows( $result ) == 0 ) 77 $generated_id = generate_key($conf['session_id_size_'.$method]); 78 $query = ' 79 SELECT id 80 FROM '.SESSIONS_TABLE.' 81 WHERE id = \''.$generated_id.'\' 82 ;'; 83 $result = mysql_query($query); 84 if (mysql_num_rows($result) == 0) 72 85 { 73 86 $id_found = true; 74 87 } 75 88 } 76 // 2. retrieving id of the username given in parameter77 $query = 'select id';78 $query.= ' from '.USERS_TABLE;79 $query.= " where username = '".$username."';";80 $row = mysql_fetch_array( mysql_query( $query ) );81 $user_id = $row['id'];82 89 // 3. inserting session in database 83 $expiration = $conf['session_time'] * 60 + time(); 84 $query = 'insert into '.PREFIX_TABLE.'sessions'; 85 $query.= ' (id,user_id,expiration,ip) values'; 86 $query.= "('".$generated_id."','".$user_id; 87 $query.= "','".$expiration."','".$_SERVER['REMOTE_ADDR']."');"; 88 mysql_query( $query ); 90 $expiration = $session_length + time(); 91 $query = ' 92 INSERT INTO '.SESSIONS_TABLE.' 93 (id,user_id,expiration,ip) 94 VALUES 95 (\''.$generated_id.'\','.$userid.','.$expiration.', 96 \''.$_SERVER['REMOTE_ADDR'].'\') 97 ;'; 98 mysql_query($query); 99 100 if ($method == 'cookie') 101 { 102 setcookie('id', $generated_id, $session_length+time(), cookie_path()); 103 } 89 104 90 105 return $generated_id; -
trunk/include/user.inc.php
r532 r541 31 31 // Example : 32 32 // status --> $user['status'] 33 $infos = array( 'id', 'username', 'mail_address', 'nb_image_line',34 'nb_line_page', 'status', 'language', 'maxwidth',35 'maxheight', 'expand', 'show_nb_comments', 'recent_period',36 'template', 'forbidden_categories');33 $infos = array('id','username','mail_address','nb_image_line','nb_line_page', 34 'status','language','maxwidth','maxheight','expand', 35 'show_nb_comments','recent_period','template', 36 'forbidden_categories'); 37 37 38 38 $query_user = 'SELECT * FROM '.USERS_TABLE; … … 41 41 42 42 // cookie deletion if administrator don't authorize them anymore 43 if ( !$conf['authorize_cookies'] and isset( $_COOKIE['id'] ))43 if (!$conf['authorize_remembering'] and isset($_COOKIE['id'])) 44 44 { 45 setcookie( 'id', '', 0, cookie_path());45 setcookie('id', '', 0, cookie_path()); 46 46 $url = 'category.php'; 47 redirect( $url);47 redirect($url); 48 48 } 49 49 50 $user['has_cookie'] = false; 51 if ( isset( $_GET['id'] ) ) $session_id = $_GET['id']; 52 elseif ( isset( $_COOKIE['id'] ) ) 50 if (isset($_GET['id'])) 51 { 52 $session_id = $_GET['id']; 53 $user['has_cookie'] = false; 54 $session_id_size = $conf['session_id_size_URI']; 55 } 56 elseif (isset($_COOKIE['id'])) 53 57 { 54 58 $session_id = $_COOKIE['id']; 55 59 $user['has_cookie'] = true; 60 $session_id_size = $conf['session_id_size_cookie']; 61 } 62 else 63 { 64 $user['has_cookie'] = false; 56 65 } 57 66 58 if ( isset( $session_id)59 and ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id ))67 if (isset($session_id) 68 and ereg("^[0-9a-zA-Z]{".$session_id_size."}$", $session_id)) 60 69 { 61 70 $page['session_id'] = $session_id; 62 $query = 'SELECT user_id,expiration,ip'; 63 $query.= ' FROM '.SESSIONS_TABLE; 64 $query.= " WHERE id = '".$page['session_id']."'"; 65 $query.= ';'; 66 $result = mysql_query( $query ); 67 if ( mysql_num_rows( $result ) > 0 ) 71 $query = ' 72 SELECT user_id,expiration,ip 73 FROM '.SESSIONS_TABLE.' 74 WHERE id = \''.$page['session_id'].'\' 75 ;'; 76 $result = mysql_query($query); 77 if (mysql_num_rows($result) > 0) 68 78 { 69 $row = mysql_fetch_array( $result);70 if ( !$user['has_cookie'])79 $row = mysql_fetch_array($result); 80 if (!$user['has_cookie']) 71 81 { 72 if ( $row['expiration'] < time())82 if ($row['expiration'] < time()) 73 83 { 74 84 // deletion of the session from the database, … … 77 87 $delete_query.= " WHERE id = '".$page['session_id']."'"; 78 88 $delete_query.= ';'; 79 mysql_query( $delete_query);89 mysql_query($delete_query); 80 90 } 81 else if ( $_SERVER['REMOTE_ADDR'] == $row['ip'])91 else if ($_SERVER['REMOTE_ADDR'] == $row['ip']) 82 92 { 83 93 $query_user .= ' WHERE id = '.$row['user_id']; … … 92 102 } 93 103 } 94 if ( !$query_done)104 if (!$query_done) 95 105 { 96 106 $query_user .= ' WHERE id = 2'; … … 98 108 } 99 109 $query_user .= ';'; 100 $row = mysql_fetch_array( mysql_query( $query_user ));110 $row = mysql_fetch_array(mysql_query($query_user)); 101 111 102 112 // affectation of each value retrieved in the users table into a variable 103 113 // of the array $user. 104 foreach ( $infos as $info) {105 if ( isset( $row[$info] ))114 foreach ($infos as $info) { 115 if (isset($row[$info])) 106 116 { 107 117 // If the field is true or false, the variable is transformed into a 108 118 // boolean value. 109 if ( $row[$info] == 'true' or $row[$info] == 'false')110 $user[$info] = get_boolean( $row[$info]);119 if ($row[$info] == 'true' or $row[$info] == 'false') 120 $user[$info] = get_boolean($row[$info]); 111 121 else 112 122 $user[$info] = $row[$info]; … … 119 129 120 130 // special for $user['restrictions'] array 121 $user['restrictions'] = explode( ',', $user['forbidden_categories']);122 if ( $user['restrictions'][0] == '')131 $user['restrictions'] = explode(',', $user['forbidden_categories']); 132 if ($user['restrictions'][0] == '') 123 133 { 124 134 $user['restrictions'] = array(); … … 126 136 127 137 $isadmin = false; 128 if ( $user['status'] == 'admin')138 if ($user['status'] == 'admin') 129 139 { 130 140 $isadmin =true; -
trunk/install/config.sql
r512 r541 6 6 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('default_template','default','Default gallery style'); 7 7 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('access','free','access type to your gallery (free|restricted)'); 8 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('session_id_size','4','length of session identifiers');9 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('session_time','30','number of minutes for validity of sessions');10 8 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('show_comments','true','display the users comments'); 11 9 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('nb_comment_page','10','number of comments to display on each page'); … … 19 17 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('comments_validation','false','administrators validate users comments before becoming visible'); 20 18 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('comments_forall','false','even guest not registered can post comments'); 21 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('authorize_cookies','false','users can create cookies');22 19 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('mail_notification','false','automated mail notification for adminsitrators'); 23 20 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('nb_image_line','5','Number of images displayed per row'); … … 30 27 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('show_iptc','false','Show IPTC metadata on picture.php if asked by user'); 31 28 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('show_exif','true','Show EXIF metadata on picture.php if asked by user'); 29 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('auth_method','URI','Default method used to authenticate users : URI or cookie'); 30 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('authorize_remembering','true','Authorize users to be remembered, see $conf{remember_me_length}'); -
trunk/language/en_UK.iso-8859-1/admin.lang.php
r534 r541 175 175 // Configuration -> session 176 176 $lang['conf_session_title'] = 'Sessions'; 177 $lang['conf_cookies'] = 'Authorize cookies'; 178 $lang['conf_cookies_info'] = 'Users won\'t have to log on each visit any more. Less secure.'; 179 $lang['conf_session_size'] = 'Identifier size'; 180 $lang['conf_session_size_info'] = '- the longer your identifier is, the more secure your site is<br />- enter a number between 4 and 50'; 181 $lang['conf_session_size_error'] = 'the session identifier size must be an integer value between 4 and 50'; 182 $lang['conf_session_time'] = 'validity period'; 183 $lang['conf_session_time_info'] = '- the shorter the validity period is, the more secure your site is<br />- enter a number between 5 and 60, in minutes'; 184 $lang['conf_session_time_error'] = 'the session time must be an integer value between 5 and 60'; 177 $lang['conf_auth_method'] = 'Authentication method'; 178 $lang['conf_auth_method_info'] = 'The default authentication method can be URI (session identifier in the gallery links) or cookie (no session identifier in links but needs cookies to be authorized by web browser)'; 179 $lang['URI'] = 'URI'; 180 $lang['cookie'] = 'cookie'; 181 $lang['conf_authorize_remembering'] = 'Authorize remembering'; 182 $lang['conf_authorize_remembering_info'] = 'Permits user to log for a long time. It creates a cookie on client side, with duration set in include/config.inc.php (1 year per default)'; 185 183 186 184 // Configuration -> metadata -
trunk/language/en_UK.iso-8859-1/common.lang.php
r539 r541 293 293 $lang['random_cat_hint'] = 'Displays a set of random pictures'; 294 294 $lang['picture_high'] = 'Click on the picture to see it in high definition'; 295 $lang['remember_me'] = 'remember me'; 295 296 ?> -
trunk/template/default/admin/configuration.tpl
r534 r541 150 150 </tr> 151 151 <tr> 152 <td width="70%"><strong>{session.L_CONF_COOKIE} :</strong><br /><span class="small">{session.L_CONF_COOKIE_INFO}</span></td> 153 <td class="row1"><input type="radio" class="radio" name="authorize_cookies" value="true" {session.COOKIE_YES} />{L_YES} 154 <input type="radio" class="radio" name="authorize_cookies" value="false" {session.COOKIE_NO} />{L_NO}</td> 155 </tr> 156 <tr> 157 <td><strong>{session.L_SESSION_LENGTH} :</strong><br /><span class="small">{session.L_SESSION_LENGTH_INFO}</span></td> 158 <td class="row1"><input type="text" size="4" maxlength="6" name="session_time" value="{session.SESSION_LENGTH}" /></td> 159 </tr> 160 <tr> 161 <td><strong>{session.L_SESSION_ID_SIZE} :</strong><br /><span class="small">{session.L_SESSION_ID_SIZE_INFO}</span></td> 162 <td class="row1"><input type="text" size="2" maxlength="3" name="session_id_size" value="{session.SESSION_ID_SIZE}" /></td> 152 <td width="70%"><strong>{session.L_CONF_AUTH_METHOD} :</strong><br /><span class="small">{session.L_CONF_AUTH_METHOD_INFO}</span></td> 153 <td class="row1"><input type="radio" class="radio" name="auth_method" value="URI" {session.AUTH_METHOD_URI} />{L_URI} 154 <input type="radio" class="radio" name="auth_method" value="cookie" {session.AUTH_METHOD_COOKIE} />{L_COOKIE}</td> 155 </tr> 156 <tr> 157 <td width="70%"><strong>{session.L_CONF_AUTHORIZE_REMEMBERING} :</strong><br /><span class="small">{session.L_CONF_AUTHORIZE_REMEMBERING_INFO}</span></td> 158 <td class="row1"><input type="radio" class="radio" name="authorize_remembering" value="true" {session.AUTHORIZE_REMEMBERING_YES} />{L_YES} 159 <input type="radio" class="radio" name="authorize_remembering" value="false" {session.AUTHORIZE_REMEMBERING_NO} />{L_NO}</td> 163 160 </tr> 164 161 <!-- END session --> -
trunk/template/default/category.tpl
r539 r541 42 42 {L_PASSWORD}<br /> 43 43 <input type="password" name="password" size="15"><br /> 44 <input type="checkbox" name="remember_me" value="1" /> {L_REMEMBER_ME}<br /> 44 45 <input type="submit" name="login" value="{L_SUBMIT}" class="bouton" /> 45 46 </form> -
trunk/template/default/identification.tpl
r393 r541 31 31 </td> 32 32 </tr> 33 <tr> 34 <td align="right"><span class="gentbl">{L_REMEMBER_ME}:</span></td> 35 <td> 36 <input type="checkbox" name="remember_me" value="1" /> 37 </td> 38 </tr> 33 39 <tr align="center"> 34 40 <td colspan="2"><input type="submit" name="login" value="{L_LOGIN}" class="bouton" /></td>
Note: See TracChangeset
for help on using the changeset viewer.