Changeset 541 for trunk

Timestamp:

Oct 3, 2004, 1:12:50 AM (20 years ago)

Author:

z0rglub

Message:

• deletion of session_time and session_id_size as config parameter

• new feature : "remember me" creates a long time cookie

• possibility to set the default authentication method to URI or cookie

• really technical parameters (session identifier size, session duration) are set in the config file and not in database + configuration.php

Location:

trunk

Files:

• admin/configuration.php (modified) (4 diffs)
• category.php (modified) (1 diff)
• identification.php (modified) (2 diffs)
• include/common.inc.php (modified) (1 diff)
• include/config.inc.php (modified) (1 diff)
• include/functions_session.inc.php (modified) (3 diffs)
• include/user.inc.php (modified) (7 diffs)
• install/config.sql (modified) (3 diffs)
• language/en_UK.iso-8859-1/admin.lang.php (modified) (1 diff)
• language/en_UK.iso-8859-1/common.lang.php (modified) (1 diff)
• template/default/admin/configuration.tpl (modified) (1 diff)
• template/default/category.tpl (modified) (1 diff)
• template/default/identification.tpl (modified) (1 diff)

trunk/admin/configuration.php

@@ -121 +121 @@
       break;
     }
-    case 'session' :
-    {
-      // session_id size must be an integer between 4 and 50
-      if (!preg_match($int_pattern, $_POST['session_id_size'])
-          or $_POST['session_id_size'] < 4
-          or $_POST['session_id_size'] > 50)
-      {
-        array_push($errors, $lang['conf_session_size_error']);
-      }
-      // session_time must be an integer between 5 and 60, in minutes
-      if (!preg_match($int_pattern, $_POST['session_time'])
-          or $_POST['session_time'] < 5
-          or $_POST['session_time'] > 60)
-      {
-        array_push($errors, $lang['conf_session_time_error']);
-      }
-      break;
-    }
   }
   
@@ -173 +155 @@
     'L_SUBMIT'=>$lang['submit'],
     'L_RESET'=>$lang['reset'],
+    'L_URI'=>$lang['URI'],
+    'L_COOKIE'=>$lang['cookie'],
     
     'F_ACTION'=>add_session_id($action)
@@ -321 +305 @@
   case 'session' :
   {
-    $cookie_yes = ($conf['upload_available']=='true')?'checked="checked"':'';
-    $cookie_no = ($conf['upload_available']=='false')?'checked="checked"':'';
+    $auth_method_URI = ($conf['auth_method']=='URI')?'checked="checked"':'';
+    $auth_method_cookie =
+      ($conf['auth_method']=='cookie')?'checked="checked"':'';
+    $authorize_remembering_yes =
+      ($conf['authorize_remembering']=='true')?'checked="checked"':'';
+    $authorize_remembering_no =
+      ($conf['authorize_remembering']=='false')?'checked="checked"':'';
       
     $template->assign_block_vars(
@@ -328 +317 @@
       array(
         'L_CONF_TITLE'=>$lang['conf_session_title'],
-        'L_CONF_COOKIE'=>$lang['conf_cookies'],
-        'L_CONF_COOKIE_INFO'=>$lang['conf_cookies_info'],
-        'L_SESSION_LENGTH'=>$lang['conf_session_time'],
-        'L_SESSION_LENGTH_INFO'=>$lang['conf_session_time_info'],
-        'L_SESSION_ID_SIZE'=>$lang['conf_session_size'],
-        'L_SESSION_ID_SIZE_INFO'=>$lang['conf_session_size_info'],
-          
-        'SESSION_LENGTH'=>$conf['session_time'],
-        'SESSION_ID_SIZE'=>$conf['session_id_size'],
-        'COOKIE_YES'=>$cookie_yes,
-        'COOKIE_NO'=>$cookie_no
+        'L_CONF_AUTH_METHOD'=>$lang['conf_auth_method'],
+        'L_CONF_AUTH_METHOD_INFO'=>$lang['conf_auth_method_info'],
+        'L_CONF_AUTHORIZE_REMEMBERING'=>$lang['conf_authorize_remembering'],
+        'L_CONF_AUTHORIZE_REMEMBERING_INFO' =>
+        $lang['conf_authorize_remembering_info'],
+
+        'AUTH_METHOD_URI'=>$auth_method_URI,
+        'AUTH_METHOD_COOKIE'=>$auth_method_cookie,
+        'AUTHORIZE_REMEMBERING_YES'=>$authorize_remembering_yes,
+        'AUTHORIZE_REMEMBERING_NO'=>$authorize_remembering_no
         ));
     break;

trunk/category.php

@@ -153 +153 @@
   'L_PROFILE' => $lang['customize'],
   'L_PROFILE_HINT' => $lang['hint_customize'],
+  'L_REMEMBER_ME' => $lang['remember_me'],
   
   'F_IDENTIFY' => add_session_id( PHPWG_ROOT_PATH.'identification.php' ),

trunk/identification.php

@@ -32 +32 @@
 //-------------------------------------------------------------- identification
 $errors = array();
-if ( isset( $_POST['login'] ) )
+if (isset($_POST['login']))
 {
   // retrieving the encrypted password of the login submitted
-  $query = 'SELECT password';
-  $query.= ' FROM '.USERS_TABLE;
-  $query.= " WHERE username = '".$_POST['username']."';";
-  $row = mysql_fetch_array( mysql_query( $query ) );
-  if( $row['password'] == md5( $_POST['password'] ) )
+  $query = '
+SELECT id, password
+  FROM '.USERS_TABLE.'
+  WHERE username = \''.$_POST['username'].'\'
+;';
+  $row = mysql_fetch_array(mysql_query($query));
+  if ($row['password'] == md5($_POST['password']))
   {
-    $session_id = session_create( $_POST['username'] );
-    $url = 'category.php?id='.$session_id;
-    redirect( $url );
+    if ($conf['auth_method'] == 'cookie'
+        or isset($_POST['remember_me']) and $_POST['remember_me'] == 1)
+    {
+      if ($conf['auth_method'] == 'cookie')
+      {
+        $cookie_length = $conf['session_length'];
+      }
+      else if ($_POST['remember_me'] == 1)
+      {
+        $cookie_length = $conf['remember_me_length'];
+      }
+      session_create($row['id'],
+                     'cookie',
+                     $cookie_length);
+      redirect('category.php');
+    }
+    else if ($conf['auth_method'] == 'URI')
+    {
+      $session_id = session_create($row['id'],
+                                   'URI',
+                                   $conf['session_length']);
+      redirect('category.php?id='.$session_id);
+    }
   }
   else
@@ -69 +91 @@
     'L_GUEST' => $lang['ident_guest_visit'],
     'L_REGISTER' => $lang['ident_register'],
-    'L_FORGET' => $lang['ident_forgotten_password'], 
+    'L_FORGET' => $lang['ident_forgotten_password'],
+    'L_REMEMBER_ME'=>$lang['remember_me'],
     
     'T_STYLE' => $user['template'],

trunk/include/common.inc.php

@@ -168 +168 @@
 // since basic gallery information is not available
 //
-$query = 'SELECT param,value';
-$query.= ' FROM '.CONFIG_TABLE;
-$query.= ';';
+$query = '
+SELECT param,value
+ FROM '.CONFIG_TABLE.'
+;';
 if( !( $result = mysql_query( $query ) ) )
 {

trunk/include/config.inc.php

@@ -90 +90 @@
 $conf['calendar_datefield'] = 'date_available';
 $conf['rate'] = true;
+
+// time of validity for "remember me" cookies, in seconds.
+$conf['remember_me_length'] = 31536000;
+
+// time of validity for normal session, in seconds.
+$conf['session_length'] = 3600;
+
+// session id length when session id in URI
+$conf['session_id_size_URI'] = 4;
+
+// session id length when session id in cookie
+$conf['session_id_size_cookie'] = 50;
 ?>

trunk/include/functions_session.inc.php

@@ -32 +32 @@
 // input  : none (using global variable)
 // output : $key
-function generate_key()
+function generate_key($size)
 {
   global $conf;
@@ -45 +45 @@
   mt_srand( $init );
   $key = '';
-  for ( $i = 0; $i < $conf['session_id_size']; $i++ )
+  for ( $i = 0; $i < $size; $i++ )
   {
     $c = mt_rand( 0, 2 );
@@ -55 +55 @@
 }
 
-// The function create_session finds a non-already-used session key and
-// returns it once found for the given user.
-function session_create( $username )
+/**
+ * create a new session and returns the session identifier
+ *
+ * - find a non-already-used session key
+ * - create a session in database
+ * - return session identifier
+ *
+ * @param int userid
+ * @param string method : cookie or URI
+ * @param int session_lentgh : in seconds
+ * @return string
+ */
+function session_create($userid, $method, $session_length)
 {
   global $conf;
+
   // 1. searching an unused session key
   $id_found = false;
-  while ( !$id_found )
+  while (!$id_found)
   {
-    $generated_id = generate_key();
-    $query = 'select id';
-    $query.= ' from '.PREFIX_TABLE.'sessions';
-    $query.= " where id = '".$generated_id."';";
-    $result = mysql_query( $query );
-    if ( mysql_num_rows( $result ) == 0 )
+    $generated_id = generate_key($conf['session_id_size_'.$method]);
+    $query = '
+SELECT id
+  FROM '.SESSIONS_TABLE.'
+  WHERE id = \''.$generated_id.'\'
+;';
+    $result = mysql_query($query);
+    if (mysql_num_rows($result) == 0)
     {
       $id_found = true;
     }
   }
-  // 2. retrieving id of the username given in parameter
-  $query = 'select id';
-  $query.= ' from '.USERS_TABLE;
-  $query.= " where username = '".$username."';";
-  $row = mysql_fetch_array( mysql_query( $query ) );
-  $user_id = $row['id'];
   // 3. inserting session in database
-  $expiration = $conf['session_time'] * 60 + time();
-  $query = 'insert into '.PREFIX_TABLE.'sessions';
-  $query.= ' (id,user_id,expiration,ip) values';
-  $query.= "('".$generated_id."','".$user_id;
-  $query.= "','".$expiration."','".$_SERVER['REMOTE_ADDR']."');";
-  mysql_query( $query );
+  $expiration = $session_length + time();
+  $query = '
+INSERT INTO '.SESSIONS_TABLE.'
+  (id,user_id,expiration,ip)
+  VALUES
+  (\''.$generated_id.'\','.$userid.','.$expiration.',
+   \''.$_SERVER['REMOTE_ADDR'].'\')
+;';
+  mysql_query($query);
+
+  if ($method == 'cookie')
+  {
+    setcookie('id', $generated_id, $session_length+time(), cookie_path());
+  }
                 
   return $generated_id;

trunk/include/user.inc.php

@@ -31 +31 @@
 // Example :
 //            status --> $user['status']
-$infos = array( 'id', 'username', 'mail_address', 'nb_image_line',
-                'nb_line_page', 'status', 'language', 'maxwidth',
-                'maxheight', 'expand', 'show_nb_comments', 'recent_period',
-                'template', 'forbidden_categories' );
+$infos = array('id','username','mail_address','nb_image_line','nb_line_page',
+               'status','language','maxwidth','maxheight','expand',
+               'show_nb_comments','recent_period','template',
+               'forbidden_categories');
 
 $query_user = 'SELECT * FROM '.USERS_TABLE;
@@ -41 +41 @@
 
 // cookie deletion if administrator don't authorize them anymore
-if ( !$conf['authorize_cookies'] and isset( $_COOKIE['id'] ) )
+if (!$conf['authorize_remembering'] and isset($_COOKIE['id']))
 {
-  setcookie( 'id', '', 0, cookie_path() );
+  setcookie('id', '', 0, cookie_path());
   $url = 'category.php';
-  redirect( $url );
+  redirect($url);
 }
 
-$user['has_cookie'] = false;
-if     ( isset( $_GET['id']    ) ) $session_id = $_GET['id'];
-elseif ( isset( $_COOKIE['id'] ) )
+if (isset($_GET['id']))
+{
+  $session_id = $_GET['id'];
+  $user['has_cookie'] = false;
+  $session_id_size = $conf['session_id_size_URI'];
+}
+elseif (isset($_COOKIE['id']))
 {
   $session_id = $_COOKIE['id'];
   $user['has_cookie'] = true;
+  $session_id_size = $conf['session_id_size_cookie'];
+}
+else
+{
+  $user['has_cookie'] = false;
 }
 
-if ( isset( $session_id )
-     and ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id ) )
+if (isset($session_id)
+     and ereg("^[0-9a-zA-Z]{".$session_id_size."}$", $session_id))
 {
   $page['session_id'] = $session_id;
-  $query = 'SELECT user_id,expiration,ip';
-  $query.= ' FROM '.SESSIONS_TABLE;
-  $query.= " WHERE id = '".$page['session_id']."'";
-  $query.= ';';
-  $result = mysql_query( $query );
-  if ( mysql_num_rows( $result ) > 0 )
+  $query = '
+SELECT user_id,expiration,ip
+  FROM '.SESSIONS_TABLE.'
+  WHERE id = \''.$page['session_id'].'\'
+;';
+  $result = mysql_query($query);
+  if (mysql_num_rows($result) > 0)
   {
-    $row = mysql_fetch_array( $result );
-    if ( !$user['has_cookie'] )
+    $row = mysql_fetch_array($result);
+    if (!$user['has_cookie'])
     {
-      if ( $row['expiration'] < time() )
+      if ($row['expiration'] < time())
       {
         // deletion of the session from the database,
@@ -77 +87 @@
         $delete_query.= " WHERE id = '".$page['session_id']."'";
         $delete_query.= ';';
-        mysql_query( $delete_query );
+        mysql_query($delete_query);
       }
-      else if ( $_SERVER['REMOTE_ADDR'] == $row['ip'] )
+      else if ($_SERVER['REMOTE_ADDR'] == $row['ip'])
       {
         $query_user .= ' WHERE id = '.$row['user_id'];
@@ -92 +102 @@
   }
 }
-if ( !$query_done )
+if (!$query_done)
 {
   $query_user .= ' WHERE id = 2';
@@ -98 +108 @@
 }
 $query_user .= ';';
-$row = mysql_fetch_array( mysql_query( $query_user ) );
+$row = mysql_fetch_array(mysql_query($query_user));
 
 // affectation of each value retrieved in the users table into a variable
 // of the array $user.
-foreach ( $infos as $info ) {
-  if ( isset( $row[$info] ) )
+foreach ($infos as $info) {
+  if (isset($row[$info]))
   {
     // If the field is true or false, the variable is transformed into a
     // boolean value.
-    if ( $row[$info] == 'true' or $row[$info] == 'false' )
-      $user[$info] = get_boolean( $row[$info] );
+    if ($row[$info] == 'true' or $row[$info] == 'false')
+      $user[$info] = get_boolean($row[$info]);
     else
       $user[$info] = $row[$info];    
@@ -119 +129 @@
 
 // special for $user['restrictions'] array
-$user['restrictions'] = explode( ',', $user['forbidden_categories'] );
-if ( $user['restrictions'][0] == '' )
+$user['restrictions'] = explode(',', $user['forbidden_categories']);
+if ($user['restrictions'][0] == '')
 {
   $user['restrictions'] = array();
@@ -126 +136 @@
 
 $isadmin = false;
-if ( $user['status'] == 'admin' )
+if ($user['status'] == 'admin')
 {
   $isadmin =true;

trunk/install/config.sql

@@ -6 +6 @@
 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('default_template','default','Default gallery style');
 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('access','free','access type to your gallery (free|restricted)');
-INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('session_id_size','4','length of session identifiers');
-INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('session_time','30','number of minutes for validity of sessions');
 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('show_comments','true','display the users comments');
 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('nb_comment_page','10','number of comments to display on each page');
@@ -19 +17 @@
 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('comments_validation','false','administrators validate users comments before becoming visible');
 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('comments_forall','false','even guest not registered can post comments');
-INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('authorize_cookies','false','users can create cookies');
 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('mail_notification','false','automated mail notification for adminsitrators');
 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('nb_image_line','5','Number of images displayed per row');
@@ -30 +27 @@
 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('show_iptc','false','Show IPTC metadata on picture.php if asked by user');
 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('show_exif','true','Show EXIF metadata on picture.php if asked by user');
+INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('auth_method','URI','Default method used to authenticate users : URI or cookie');
+INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('authorize_remembering','true','Authorize users to be remembered, see $conf{remember_me_length}');

trunk/language/en_UK.iso-8859-1/admin.lang.php

@@ -175 +175 @@
 // Configuration -> session
 $lang['conf_session_title'] = 'Sessions';
-$lang['conf_cookies'] = 'Authorize cookies';
-$lang['conf_cookies_info'] = 'Users won\'t have to log on each visit any more. Less secure.';
-$lang['conf_session_size'] = 'Identifier size';
-$lang['conf_session_size_info'] = '- the longer your identifier is, the more secure your site is<br />- enter a number between 4 and 50';
-$lang['conf_session_size_error'] = 'the session identifier size must be an integer value between 4 and 50';
-$lang['conf_session_time'] = 'validity period';
-$lang['conf_session_time_info'] = '- the shorter the validity period is, the more secure your site is<br />- enter a number between 5 and 60, in minutes';
-$lang['conf_session_time_error'] = 'the session time must be an integer value between 5 and 60';
+$lang['conf_auth_method'] = 'Authentication method';
+$lang['conf_auth_method_info'] = 'The default authentication method can be URI (session identifier in the gallery links) or cookie (no session identifier in links but needs cookies to be authorized by web browser)';
+$lang['URI'] = 'URI';
+$lang['cookie'] = 'cookie';
+$lang['conf_authorize_remembering'] = 'Authorize remembering';
+$lang['conf_authorize_remembering_info'] = 'Permits user to log for a long time. It creates a cookie on client side, with duration set in include/config.inc.php (1 year per default)';
 
 // Configuration -> metadata

trunk/language/en_UK.iso-8859-1/common.lang.php

@@ -293 +293 @@
 $lang['random_cat_hint'] = 'Displays a set of random pictures';
 $lang['picture_high'] = 'Click on the picture to see it in high definition';
+$lang['remember_me'] = 'remember me';
 ?>

trunk/template/default/admin/configuration.tpl

@@ -150 +150 @@
   </tr>
     <tr>
-    <td width="70%"><strong>{session.L_CONF_COOKIE}&nbsp;:</strong><br /><span class="small">{session.L_CONF_COOKIE_INFO}</span></td>
-        <td class="row1"><input type="radio" class="radio" name="authorize_cookies" value="true" {session.COOKIE_YES} />{L_YES}&nbsp;&nbsp;
-        <input type="radio" class="radio" name="authorize_cookies" value="false" {session.COOKIE_NO} />{L_NO}</td>
-  </tr>
-  <tr>
-    <td><strong>{session.L_SESSION_LENGTH}&nbsp;:</strong><br /><span class="small">{session.L_SESSION_LENGTH_INFO}</span></td>
-        <td class="row1"><input type="text" size="4" maxlength="6" name="session_time" value="{session.SESSION_LENGTH}" /></td>
-  </tr>
-    <tr>
-    <td><strong>{session.L_SESSION_ID_SIZE}&nbsp;:</strong><br /><span class="small">{session.L_SESSION_ID_SIZE_INFO}</span></td>
-        <td class="row1"><input type="text" size="2" maxlength="3" name="session_id_size" value="{session.SESSION_ID_SIZE}" /></td>
+    <td width="70%"><strong>{session.L_CONF_AUTH_METHOD}&nbsp;:</strong><br /><span class="small">{session.L_CONF_AUTH_METHOD_INFO}</span></td>
+        <td class="row1"><input type="radio" class="radio" name="auth_method" value="URI" {session.AUTH_METHOD_URI} />{L_URI}&nbsp;&nbsp;
+        <input type="radio" class="radio" name="auth_method" value="cookie" {session.AUTH_METHOD_COOKIE} />{L_COOKIE}</td>
+  </tr>
+    <tr>
+    <td width="70%"><strong>{session.L_CONF_AUTHORIZE_REMEMBERING}&nbsp;:</strong><br /><span class="small">{session.L_CONF_AUTHORIZE_REMEMBERING_INFO}</span></td>
+        <td class="row1"><input type="radio" class="radio" name="authorize_remembering" value="true" {session.AUTHORIZE_REMEMBERING_YES} />{L_YES}&nbsp;&nbsp;
+        <input type="radio" class="radio" name="authorize_remembering" value="false" {session.AUTHORIZE_REMEMBERING_NO} />{L_NO}</td>
   </tr>
 <!-- END session -->

trunk/template/default/category.tpl

@@ -42 +42 @@
                 {L_PASSWORD}<br />
                 <input type="password" name="password" size="15"><br />
+                <input type="checkbox" name="remember_me" value="1" /> {L_REMEMBER_ME}<br />
                 <input type="submit" name="login" value="{L_SUBMIT}" class="bouton" />
                 </form>

trunk/template/default/identification.tpl

@@ -31 +31 @@
         </td>
   </tr>
+  <tr>
+        <td align="right"><span class="gentbl">{L_REMEMBER_ME}:</span></td>
+        <td>
+          <input type="checkbox" name="remember_me" value="1" />
+        </td>
+  </tr>
   <tr align="center"> 
         <td colspan="2"><input type="submit" name="login" value="{L_LOGIN}" class="bouton" /></td>