Changeset 1003


Ignore:
Timestamp:
Jan 15, 2006, 1:52:55 PM (19 years ago)
Author:
nikrou
Message:

Improve security of sessions:

  • use only cookies to store session id on client side
  • use default php session system with database handler to store sessions on server side
Location:
branches/branch-1_5
Files:
42 edited

Legend:

Unmodified
Added
Removed
  • branches/branch-1_5/about.php

    r897 r1003  
    4646$template->assign_vars(
    4747  array(
    48     'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php')
     48    'U_HOME' => PHPWG_ROOT_PATH.'category.php'
    4949    )
    5050  );
  • branches/branch-1_5/admin.php

    r957 r1003  
    6666$template->assign_vars(
    6767  array(
    68     'U_HISTORY'=>add_session_id($link_start.'stats' ),
    69     'U_FAQ'=>add_session_id($link_start.'help' ),
    70     'U_SITES'=>add_session_id($link_start.'remote_site'),
    71     'U_MAINTENANCE'=>add_session_id($link_start.'maintenance'),
    72     'U_CONFIG_GENERAL'=>add_session_id($conf_link.'general' ),
    73     'U_CONFIG_COMMENTS'=>add_session_id($conf_link.'comments' ),
    74     'U_CONFIG_DISPLAY'=>add_session_id($conf_link.'default' ),
    75     'U_CATEGORIES'=>add_session_id($link_start.'cat_list' ),
    76     'U_MOVE'=>add_session_id($link_start.'cat_move' ),
    77     'U_CAT_UPLOAD'=>add_session_id($opt_link.'upload'),
    78     'U_CAT_COMMENTS'=>add_session_id($opt_link.'comments'),
    79     'U_CAT_VISIBLE'=>add_session_id($opt_link.'visible'),
    80     'U_CAT_STATUS'=>add_session_id($opt_link.'status'),
    81     'U_CAT_OPTIONS'=>add_session_id($link_start.'cat_options'),
    82     'U_CAT_UPDATE'=>add_session_id($link_start.'update'),
    83     'U_WAITING'=>add_session_id($link_start.'waiting' ),
    84     'U_COMMENTS'=>add_session_id($link_start.'comments' ),
    85     'U_CADDIE'=>add_session_id($link_start.'element_set&cat=caddie'),
    86     'U_THUMBNAILS'=>add_session_id($link_start.'thumbnail' ),
    87     'U_USERS'=>add_session_id($link_start.'user_list' ),
    88     'U_GROUPS'=>add_session_id($link_start.'group_list' ),
    89     'U_ADMIN'=>add_session_id( PHPWG_ROOT_PATH.'admin.php' ),
    90     'U_RETURN'=>add_session_id(PHPWG_ROOT_PATH.'category.php')
     68    'U_HISTORY'=> $link_start.'stats',
     69    'U_FAQ'=> $link_start.'help',
     70    'U_SITES'=> $link_start.'remote_site',
     71    'U_MAINTENANCE'=> $link_start.'maintenance',
     72    'U_CONFIG_GENERAL'=> $conf_link.'general',
     73    'U_CONFIG_COMMENTS'=> $conf_link.'comments',
     74    'U_CONFIG_DISPLAY'=> $conf_link.'default',
     75    'U_CATEGORIES'=> $link_start.'cat_list',
     76    'U_MOVE'=> $link_start.'cat_move',
     77    'U_CAT_UPLOAD'=> $opt_link.'upload',
     78    'U_CAT_COMMENTS'=> $opt_link.'comments',
     79    'U_CAT_VISIBLE'=> $opt_link.'visible',
     80    'U_CAT_STATUS'=> $opt_link.'status',
     81    'U_CAT_OPTIONS'=> $link_start.'cat_options',
     82    'U_CAT_UPDATE'=> $link_start.'update',
     83    'U_WAITING'=> $link_start.'waiting',
     84    'U_COMMENTS'=> $link_start.'comments',
     85    'U_CADDIE'=> $link_start.'element_set&cat=caddie',
     86    'U_THUMBNAILS'=> $link_start.'thumbnail',
     87    'U_USERS'=> $link_start.'user_list',
     88    'U_GROUPS'=> $link_start.'group_list',
     89    'U_ADMIN'=> PHPWG_ROOT_PATH.'admin.php',
     90    'U_RETURN'=> PHPWG_ROOT_PATH.'category.php'
    9191    )
    9292  );
     
    9797    'representative',
    9898    array(
    99       'URL' => add_session_id($opt_link.'representative')
     99      'URL' => $opt_link.'representative'
    100100      )
    101101    );
  • branches/branch-1_5/admin/cat_list.php

    r869 r1003  
    6666
    6767$base_url = PHPWG_ROOT_PATH.'admin.php?page=cat_list';
    68 $navigation = '<a class="" href="'.add_session_id($base_url).'">';
     68$navigation = '<a class="" href="'.$base_url.'">';
    6969$navigation.= $lang['home'];
    7070$navigation.= '</a>';
     
    239239  'CATEGORIES_NAV'=>$navigation,
    240240  'NEXT_RANK'=>$next_rank,
    241   'F_ACTION'=>add_session_id($form_action),
     241  'F_ACTION'=>$form_action,
    242242 
    243243  'L_ADD_VIRTUAL'=>$lang['cat_add'],
     
    318318      'RANK'=>$category['rank']*10,
    319319
    320       'U_JUMPTO'=>
    321       add_session_id(PHPWG_ROOT_PATH.'category.php?cat='.$category['id']),
    322      
    323       'U_CHILDREN'=>
    324       add_session_id($cat_list_url.'&amp;parent_id='.$category['id']),
    325      
    326       'U_EDIT'=>
    327       add_session_id($base_url.'cat_modify&amp;cat_id='.$category['id'])
     320      'U_JUMPTO'=>PHPWG_ROOT_PATH.'category.php?cat='.$category['id'],
     321      'U_CHILDREN'=>$cat_list_url.'&amp;parent_id='.$category['id'],     
     322      'U_EDIT'=>$base_url.'cat_modify&amp;cat_id='.$category['id']
    328323      )
    329324    );
     
    334329      'category.delete',
    335330      array(
    336         'URL'=>add_session_id($self_url.'&amp;delete='.$category['id'])
     331        'URL'=>$self_url.'&amp;delete='.$category['id']
    337332        )
    338333      );
     
    344339      'category.elements',
    345340      array(
    346         'URL'=>add_session_id($base_url.'element_set&amp;cat='.$category['id'])
     341        'URL'=>$base_url.'element_set&amp;cat='.$category['id']
    347342        )
    348343      );
     
    354349      'category.permissions',
    355350      array(
    356         'URL'=>add_session_id($base_url.'cat_perm&amp;cat='.$category['id'])
     351        'URL'=>$base_url.'cat_perm&amp;cat='.$category['id']
    357352        )
    358353      );
  • branches/branch-1_5/admin/cat_modify.php

    r881 r1003  
    172172  'L_SET_RANDOM_REPRESENTANT'=>$lang['cat_representant'],
    173173
    174   'U_JUMPTO'=>
    175     add_session_id(PHPWG_ROOT_PATH.'category.php?cat='.$category['id']),
    176   'U_CHILDREN'=>
    177     add_session_id($cat_list_url.'&amp;parent_id='.$category['id']),
     174  'U_JUMPTO'=>PHPWG_ROOT_PATH.'category.php?cat='.$category['id'],
     175  'U_CHILDREN'=>$cat_list_url.'&amp;parent_id='.$category['id'],
    178176  'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=cat_modify',
    179177   
    180   'F_ACTION'=>add_session_id($form_action)
     178  'F_ACTION'=>$form_action
    181179  ));
    182180
     
    187185    'permissions',
    188186    array(
    189       'URL'=>add_session_id($base_url.'cat_perm&amp;cat='.$category['id'])
     187      'URL'=>$base_url.'cat_perm&amp;cat='.$category['id']
    190188        )
    191189    );
     
    198196    'elements',
    199197    array(
    200       'URL'=>add_session_id($base_url.'element_set&amp;cat='.$category['id'])
     198      'URL'=>$base_url.'element_set&amp;cat='.$category['id']
    201199      )
    202200    );
     
    268266    'delete',
    269267    array(
    270       'URL'=>add_session_id($self_url.'&amp;delete='.$category['id'])
     268      'URL'=>$self_url.'&amp;delete='.$category['id']
    271269      )
    272270    );
  • branches/branch-1_5/admin/cat_move.php

    r881 r1003  
    6969$template->assign_vars(
    7070  array(
    71     'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=cat_move'),
     71    'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=cat_move',
    7272    )
    7373  );
  • branches/branch-1_5/admin/cat_options.php

    r862 r1003  
    154154    'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=cat_options',
    155155   
    156     'F_ACTION'=>add_session_id($base_url.$page['section'])
     156    'F_ACTION'=>$base_url.$page['section']
    157157   )
    158158 );
  • branches/branch-1_5/admin/cat_perm.php

    r873 r1003  
    208208        ),
    209209    'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=cat_perm',
    210     'F_ACTION' =>
    211       add_session_id(
    212         PHPWG_ROOT_PATH.'admin.php?page=cat_perm&amp;cat='.$page['cat']
    213         )
     210    'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=cat_perm&amp;cat='.$page['cat']
    214211    )
    215212  );
  • branches/branch-1_5/admin/comments.php

    r839 r1003  
    118118$template->assign_vars(
    119119  array(
    120     'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=comments')
     120    'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=comments'
    121121    )
    122122  );
     
    142142    array(
    143143      'U_PICTURE' =>
    144         add_session_id(
    145144          PHPWG_ROOT_PATH.'admin.php?page=picture_modify'.
    146           '&amp;image_id='.$row['image_id']
    147           ),
     145          '&amp;image_id='.$row['image_id'],
    148146      'ID' => $row['id'],
    149147      'TN_SRC' => get_thumbnail_src($row['path'], @$row['tn_ext']),
  • branches/branch-1_5/admin/configuration.php

    r882 r1003  
    150150    'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=configuration',
    151151   
    152     'F_ACTION'=>add_session_id($action)
     152    'F_ACTION'=>$action
    153153    ));
    154154
  • branches/branch-1_5/admin/element_set_unit.php

    r875 r1003  
    223223            $row['name'] : get_name_from_file($row['file']),
    224224        'U_EDIT' =>
    225           add_session_id(
    226225            PHPWG_ROOT_PATH.'admin.php?page=picture_modify'.
    227             '&amp;image_id='.$row['id']
    228             ),
     226            '&amp;image_id='.$row['id'],
    229227        'ID' => $row['id'],
    230228        'FILENAME' => $row['path'],
  • branches/branch-1_5/admin/group_list.php

    r815 r1003  
    125125$template->assign_vars(
    126126  array(
    127     'F_ADD_ACTION' =>
    128       add_session_id(PHPWG_ROOT_PATH.'admin.php?page=group_list')
     127    'F_ADD_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=group_list'
    129128    )
    130129  );
  • branches/branch-1_5/admin/group_perm.php

    r817 r1003  
    141141   
    142142    'F_ACTION' =>
    143       add_session_id(
    144143        PHPWG_ROOT_PATH.
    145144        'admin.php?page=group_perm&amp;group_id='.
    146145        $page['group']
    147         )
    148146    )
    149147  );
  • branches/branch-1_5/admin/intro.php

    r991 r1003  
    178178    'DB_GROUPS' => sprintf(l10n('%d groups'), $nb_groups),
    179179    'DB_COMMENTS' => sprintf(l10n('%d comments'), $nb_comments),
    180     'U_CHECK_UPGRADE' =>
    181       add_session_id(PHPWG_ROOT_PATH.'admin.php?action=check_upgrade'),
    182     'U_PHPINFO' =>
    183       add_session_id(PHPWG_ROOT_PATH.'admin.php?action=phpinfo')
     180    'U_CHECK_UPGRADE' => PHPWG_ROOT_PATH.'admin.php?action=check_upgrade',
     181    'U_PHPINFO' => PHPWG_ROOT_PATH.'admin.php?action=phpinfo'
    184182    )
    185183  );
     
    218216    'waiting',
    219217    array(
    220       'URL' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=waiting'),
     218      'URL' => PHPWG_ROOT_PATH.'admin.php?page=waiting',
    221219      'INFO' => sprintf(l10n('%d waiting for validation'), $nb_waiting)
    222220      )
     
    237235    'unvalidated',
    238236    array(
    239       'URL' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=comments'),
     237      'URL' => PHPWG_ROOT_PATH.'admin.php?page=comments',
    240238      'INFO' => sprintf(l10n('%d waiting for validation'), $nb_comments)
    241239      )
  • branches/branch-1_5/admin/maintenance.php

    r858 r1003  
    9999$template->assign_vars(
    100100  array(
    101     'U_MAINT_CATEGORIES' => add_session_id($start_url.'categories'),
    102     'U_MAINT_IMAGES' => add_session_id($start_url.'images'),
    103     'U_MAINT_HISTORY' => add_session_id($start_url.'history'),
    104     'U_MAINT_SESSIONS' => add_session_id($start_url.'sessions'),
    105     'U_MAINT_FEEDS' => add_session_id($start_url.'feeds'),
     101    'U_MAINT_CATEGORIES' => $start_url.'categories',
     102    'U_MAINT_IMAGES' => $start_url.'images',
     103    'U_MAINT_HISTORY' => $start_url.'history',
     104    'U_MAINT_SESSIONS' => $start_url.'sessions',
     105    'U_MAINT_FEEDS' => $start_url.'feeds',
    106106    'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=maintenance',
    107107    )
  • branches/branch-1_5/admin/picture_modify.php

    r825 r1003  
    196196  array(
    197197    'U_SYNC' =>
    198       add_session_id(
    199198        PHPWG_ROOT_PATH.'admin.php?page=picture_modify'.
    200199        '&amp;image_id='.$_GET['image_id'].
    201200        (isset($_GET['cat_id']) ? '&amp;cat_id='.$_GET['cat_id'] : '').
    202         '&amp;sync_metadata=1'
    203         ),
     201        '&amp;sync_metadata=1',
    204202   
    205203    'PATH'=>$row['path'],
     
    231229 
    232230    'F_ACTION' =>
    233       add_session_id(
    234231        PHPWG_ROOT_PATH.'admin.php'
    235232        .get_query_string_diff(array('sync_metadata'))
    236         )
    237233    )
    238234  );
  • branches/branch-1_5/admin/remote_site.php

    r929 r1003  
    516516    'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=remote_site',
    517517   
    518     'F_ACTION'=>add_session_id(PHPWG_ROOT_PATH.'admin.php?page=remote_site')
     518    'F_ACTION'=>PHPWG_ROOT_PATH.'admin.php?page=remote_site'
    519519   )
    520520 );
     
    687687      array(
    688688        'URL' => $url,
    689         'U_UPDATE' => add_session_id($base_url.'local_update')
     689        'U_UPDATE' => $base_url.'local_update'
    690690        )
    691691      );
     
    732732    array(
    733733      'NAME' => $row['galleries_url'],
    734       'U_GENERATE' => add_session_id($base_url.'generate'),
    735       'U_UPDATE' => add_session_id($base_url.'update'),
    736       'U_CLEAN' => add_session_id($base_url.'clean'),
    737       'U_DELETE' => add_session_id($base_url.'delete')
     734      'U_GENERATE' => $base_url.'generate',
     735      'U_UPDATE' => $base_url.'update',
     736      'U_CLEAN' => $base_url.'clean',
     737      'U_DELETE' => $base_url.'delete'
    738738     )
    739739   );
  • branches/branch-1_5/admin/stats.php

    r918 r1003  
    6363  $title_page=$lang['stats_day_title'].' du '.$date_of_day;
    6464  $url_back = PHPWG_ROOT_PATH."admin.php?page=stats";
    65   $url_back = add_session_id($url_back);
     65  $url_back = $url_back;
    6666  $title_details='<a href='.$url_back.'>'.$lang['stats_day_title'].'</a>';
    6767  $title_day = $date_of_day;
     
    7272  $title_page=$lang['stats_month_title'].' : '.$date_of_day;
    7373  $url_back = PHPWG_ROOT_PATH."admin.php?page=stats";
    74   $url_back = add_session_id($url_back);
     74  $url_back = $url_back;
    7575  $title_details='<a href='.$url_back.'>'.$lang['stats_day_title'].'</a>';
    7676  $title_day=$lang['today'];
     
    106106  'L_STAT_PICTURE'=>$lang['stats_picture'],
    107107 
    108   'IMG_REPORT'=>add_session_id($url_img)
     108  'IMG_REPORT'=>$url_img
    109109  ));
    110110
     
    142142      ;
    143143
    144     $value = '<a href="'.add_session_id($url).'">';
     144    $value = '<a href="'.$url.'">';
    145145    $value.= $row['d'].' ('.$week_day.')';
    146146    $value.= "</a>";
     
    161161      ;
    162162   
    163     $value = '<a href="'.add_session_id($url).'">';
     163    $value = '<a href="'.$url.'">';
    164164    $value.= $lang['month'][$row['m']].' '.$row['y'];
    165165    $value.= "</a>";
  • branches/branch-1_5/admin/thumbnail.php

    r862 r1003  
    359359    'params',
    360360    array(
    361       'F_ACTION'=>add_session_id($form_url),
     361      'F_ACTION'=>$form_url,
    362362      $gdlabel=>'checked="checked"',
    363363      $nlabel=>'checked="checked"',
  • branches/branch-1_5/admin/user_list.php

    r997 r1003  
    425425$template->set_filenames(array('user_list'=>'admin/user_list.tpl'));
    426426
    427 $base_url = add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_list');
     427$base_url = PHPWG_ROOT_PATH.'admin.php?page=user_list';
    428428
    429429if (isset($_GET['start']) and is_numeric($_GET['start']))
     
    791791      'ID' => $local_user['id'],
    792792      'CHECKED' => $checked,
    793       'U_MOD' => add_session_id($profile_url.$local_user['id']),
    794       'U_PERM' => add_session_id($perm_url.$local_user['id']),
     793      'U_MOD' => $profile_url.$local_user['id'],
     794      'U_PERM' => $perm_url.$local_user['id'],
    795795      'USERNAME' => $local_user['username'],
    796796      'STATUS' => $lang['user_status_'.$local_user['status']],
  • branches/branch-1_5/admin/user_perm.php

    r818 r1003  
    134134   
    135135    'F_ACTION' =>
    136       add_session_id(
    137136        PHPWG_ROOT_PATH.
    138137        'admin.php?page=user_perm'.
    139138        '&amp;user_id='.$page['user']
    140         )
    141139    )
    142140  );
  • branches/branch-1_5/admin/waiting.php

    r849 r1003  
    149149  'L_DELETE'=>$lang['delete'],
    150150 
    151   'F_ACTION'=>add_session_id(str_replace( '&', '&amp;', $_SERVER['REQUEST_URI'] ))
     151  'F_ACTION'=>str_replace( '&', '&amp;', $_SERVER['REQUEST_URI'])
    152152  ));
    153153 
  • branches/branch-1_5/category.php

    r999 r1003  
    3232if ( isset( $_GET['act'] )
    3333     and $_GET['act'] == 'logout'
    34      and isset( $_COOKIE['id'] ) )
     34     and isset( $_COOKIE[session_name()] ) )
    3535{
    3636  // cookie deletion if exists
    37   setcookie( 'id', '', 0, cookie_path() );
     37  $_SESSION = array();
     38  session_unset();
     39  session_destroy();
     40  setcookie(session_name(),'',0,'/');
    3841  $url = 'category.php';
    3942  redirect( $url );
     
    164167  'L_REMEMBER_ME' => $lang['remember_me'],
    165168 
    166   'F_IDENTIFY' => add_session_id( PHPWG_ROOT_PATH.'identification.php' ),
     169  'F_IDENTIFY' => PHPWG_ROOT_PATH.'identification.php',
    167170  'T_RECENT' => $icon_recent,
    168171
    169   'U_HOME' => add_session_id( PHPWG_ROOT_PATH.'category.php' ),
    170   'U_REGISTER' => add_session_id( PHPWG_ROOT_PATH.'register.php' ),
    171   'U_LOST_PASSWORD' => add_session_id(PHPWG_ROOT_PATH.'password.php'),
     172  'U_HOME' => PHPWG_ROOT_PATH.'category.php',
     173  'U_REGISTER' => PHPWG_ROOT_PATH.'register.php',
     174  'U_LOST_PASSWORD' => PHPWG_ROOT_PATH.'password.php',
    172175  'U_LOGOUT' => PHPWG_ROOT_PATH.'category.php?act=logout',
    173   'U_ADMIN'=>add_session_id( PHPWG_ROOT_PATH.'admin.php' ),
    174   'U_PROFILE'=>add_session_id(PHPWG_ROOT_PATH.'profile.php')
     176  'U_ADMIN'=> PHPWG_ROOT_PATH.'admin.php',
     177  'U_PROFILE'=> PHPWG_ROOT_PATH.'profile.php'
    175178  )
    176179);
     
    199202    'special_cat',
    200203    array(
    201       'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=fav'),
     204      'URL' => PHPWG_ROOT_PATH.'category.php?cat=fav',
    202205      'TITLE' => $lang['favorite_cat_hint'],
    203206      'NAME' => $lang['favorite_cat']
     
    208211  'special_cat',
    209212  array(
    210     'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=most_visited'),
     213    'URL' => PHPWG_ROOT_PATH.'category.php?cat=most_visited',
    211214    'TITLE' => $lang['most_visited_cat_hint'],
    212215    'NAME' => $lang['most_visited_cat']
     
    218221    'special_cat',
    219222    array(
    220       'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=best_rated'),
     223      'URL' => PHPWG_ROOT_PATH.'category.php?cat=best_rated',
    221224      'TITLE' => $lang['best_rated_cat_hint'],
    222225      'NAME' => $lang['best_rated_cat']
     
    228231  'special_cat',
    229232  array(
    230     'URL' => add_session_id(PHPWG_ROOT_PATH.'random.php'),
     233    'URL' => PHPWG_ROOT_PATH.'random.php',
    231234    'TITLE' => $lang['random_cat_hint'],
    232235    'NAME' => $lang['random_cat']
     
    236239  'special_cat',
    237240  array(
    238     'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=recent_pics'),
     241    'URL' => PHPWG_ROOT_PATH.'category.php?cat=recent_pics',
    239242    'TITLE' => $lang['recent_pics_cat_hint'],
    240243    'NAME' => $lang['recent_pics_cat']
     
    244247  'special_cat',
    245248  array(
    246     'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=recent_cats'),
     249    'URL' => PHPWG_ROOT_PATH.'category.php?cat=recent_cats',
    247250    'TITLE' => $lang['recent_cats_cat_hint'],
    248251    'NAME' => $lang['recent_cats_cat']
     
    252255  'special_cat',
    253256  array(
    254     'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=calendar'),
     257    'URL' => PHPWG_ROOT_PATH.'category.php?cat=calendar',
    255258    'TITLE' => $lang['calendar_hint'],
    256259    'NAME' => $lang['calendar']
     
    291294'TITLE'=>$lang['hint_search'],
    292295'NAME'=>$lang['search'],
    293 'U_SUMMARY'=>add_session_id( 'search.php' ),
     296'U_SUMMARY'=> 'search.php',
    294297));
    295298
     
    298301'TITLE'=>$lang['hint_comments'],
    299302'NAME'=>$lang['comments'],
    300 'U_SUMMARY'=>add_session_id( 'comments.php' ),
     303'U_SUMMARY'=> 'comments.php',
    301304));
    302305
     
    305308'TITLE'=>$lang['about_page_title'],
    306309'NAME'=>$lang['About'],
    307 'U_SUMMARY'=>add_session_id( 'about.php?'.str_replace( '&', '&amp;', $_SERVER['QUERY_STRING'] ) )
     310'U_SUMMARY'=> 'about.php?'.str_replace( '&', '&amp;', $_SERVER['QUERY_STRING'] )
    308311));
    309312
     
    314317    'TITLE'=>l10n('notification'),
    315318    'NAME'=>l10n('Notification'),
    316     'U_SUMMARY'=>add_session_id(PHPWG_ROOT_PATH.'notification.php')
     319    'U_SUMMARY'=> PHPWG_ROOT_PATH.'notification.php'
    317320));
    318321
     
    325328    array(
    326329      'URL' =>
    327         add_session_id(
    328330          PHPWG_ROOT_PATH.'admin.php?page=cat_modify'
    329331          .'&amp;cat_id='.$page['cat']
    330           )
    331332      )
    332333    );
     
    353354      array(
    354355        'URL' =>
    355           add_session_id(
    356356            PHPWG_ROOT_PATH.'category.php'
    357357            .get_query_string_diff(array('caddie')).'&amp;caddie=1')
    358         )
    359358      );
    360359  }
     
    384383    $template->assign_block_vars(
    385384      'upload',
    386       array('U_UPLOAD'=>add_session_id( $url ))
     385      array('U_UPLOAD'=> $url )
    387386      );
    388387  }
  • branches/branch-1_5/comments.php

    r987 r1003  
    229229    'F_AUTHOR'=>@$_GET['author'],
    230230   
    231     'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php')
     231    'U_HOME' => PHPWG_ROOT_PATH.'category.php'
    232232    )
    233233  );
     
    466466        'TITLE_IMG'=>$name,
    467467        'I_THUMB'=>$thumbnail_src,
    468         'U_THUMB'=>add_session_id($url)
     468        'U_THUMB'=>$url
    469469        ));
    470470   
     
    478478      'comment',
    479479      array(
    480         'U_PICTURE' => add_session_id($url),
     480        'U_PICTURE' => $url,
    481481        'TN_SRC' => $thumbnail_src,
    482482        'AUTHOR' => $author,
  • branches/branch-1_5/identification.php

    r866 r1003  
    5252      $session_length = $conf['remember_me_length'];
    5353    }
    54     $session_id = session_create($row['id'], $session_length);
    55     redirect('category.php?id='.$session_id);
     54    session_start();
     55    $_SESSION['id'] = $row['id'];
     56    redirect('category.php');
    5657  }
    5758  else
     
    8182    'L_REMEMBER_ME'=>$lang['remember_me'],
    8283
    83     'U_REGISTER' => add_session_id(PHPWG_ROOT_PATH.'register.php'),
    84     'U_LOST_PASSWORD' => add_session_id(PHPWG_ROOT_PATH.'password.php'),
    85     'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php'),
     84    'U_REGISTER' => PHPWG_ROOT_PATH.'register.php',
     85    'U_LOST_PASSWORD' => PHPWG_ROOT_PATH.'password.php',
     86    'U_HOME' => PHPWG_ROOT_PATH.'category.php',
    8687   
    87     'F_LOGIN_ACTION' => add_session_id(PHPWG_ROOT_PATH.'identification.php')
     88    'F_LOGIN_ACTION' => PHPWG_ROOT_PATH.'identification.php'
    8889    ));
    8990
  • branches/branch-1_5/include/category_calendar.inc.php

    r896 r1003  
    6868    $url = PHPWG_ROOT_PATH.'category.php?cat=calendar';
    6969    $url.= '&amp;year='.$calendar_year;
    70     $url = add_session_id($url);
    7170    $years_nav_bar.= ' <a href="'.$url.'">'.$calendar_year.'</a>';
    7271  }
     
    125124      $url.= $page['calendar_year'].'.'.sprintf('%02s', $calendar_month);
    126125      $months_nav_bar.= ' ';
    127       $months_nav_bar.= '<a href="'.add_session_id($url).'">';
     126      $months_nav_bar.= '<a href="'.$url.'">';
    128127      $months_nav_bar.= $lang['month'][(int)$calendar_month];
    129128      $months_nav_bar.= '</a>';
     
    249248        'IMAGE_TITLE'=>$thumbnail_title,
    250249         
    251         'U_IMG_LINK'=>add_session_id($url_link)
     250        'U_IMG_LINK'=>$url_link
    252251       )
    253252     );
     
    309308        'IMAGE_TITLE'=>$thumbnail_title,
    310309         
    311         'U_IMG_LINK'=>add_session_id($url_link)
     310        'U_IMG_LINK'=>$url_link
    312311       )
    313312     );
     
    363362        'IMAGE_TITLE'=>$thumbnail_title,
    364363         
    365         'U_IMG_LINK'=>add_session_id($url_link)
     364        'U_IMG_LINK'=>$url_link
    366365         )
    367366       );
     
    437436        'IMAGE_TITLE'=>$thumbnail_title,
    438437         
    439         'U_IMG_LINK'=>add_session_id($url_link)
     438        'U_IMG_LINK'=>$url_link
    440439         )
    441440       );
  • branches/branch-1_5/include/category_default.inc.php

    r803 r1003  
    9090      'IMAGE_TS'           => get_icon($row['date_available']),
    9191     
    92       'U_IMG_LINK'         => add_session_id($url_link)
     92      'U_IMG_LINK'         => $url_link
    9393      )
    9494    );
  • branches/branch-1_5/include/category_recent_cats.inc.php

    r760 r1003  
    7979      'IMAGE_TITLE'             => $lang['hint_category'],
    8080       
    81       'U_IMG_LINK'              => add_session_id($url_link)
     81      'U_IMG_LINK'              => $url_link
    8282      )
    8383    );
  • branches/branch-1_5/include/category_subcats.inc.php

    r809 r1003  
    153153        'IMAGE_TS' => get_icon(@$item['date_last']),
    154154        'U_IMG_LINK' =>
    155           add_session_id(PHPWG_ROOT_PATH.'category.php?cat='.$item['category'])
     155          PHPWG_ROOT_PATH.'category.php?cat='.$item['category']
    156156        )
    157157      );
  • branches/branch-1_5/include/config_default.inc.php

    r928 r1003  
    257257// +-----------------------------------------------------------------------+
    258258
     259// specifies to use cookie to store the session id on client side
     260$conf['session_use_cookies'] = 1;
     261
     262// specifies to only use cookie to store the session id on client side
     263$conf['session_use_only_cookies'] = 1;
     264
     265// do not use transparent session id support
     266$conf['session_use_trans_sid'] = 0;
     267
     268// specifies the name of the session which is used as cookie name
     269$conf['session_name'] = 'pwg_id';
     270
     271// comment the line below to use file handler for sessions.
     272$conf['session_save_handler'] = 'db';
     273
    259274// authorize_remembering : permits user to stay logged for a long time. It
    260275// creates a cookie on client side.
     
    267282// session_length : time of validity for normal session, in seconds.
    268283$conf['session_length'] = 3600;
    269 
    270 // session_id_size : a session identifier is compound of alphanumeric
    271 // characters and is case sensitive. Each character is among 62
    272 // possibilities. The number of possible sessions is
    273 // 62^$conf['session_id_size'].
    274 //
    275 // 62^5  =             916,132,832
    276 // 62^10 = 839,299,365,868,340,224
    277 //
    278 $conf['session_id_size'] = 10;
    279284
    280285// +-----------------------------------------------------------------------+
  • branches/branch-1_5/include/functions_category.inc.php

    r988 r1003  
    4848  {
    4949    echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />';
    50     echo '<a href="'.add_session_id( './category.php' ).'">';
     50    echo '<a href="./category.php">';
    5151    echo $lang['thumbnails'].'</a></div>';
    5252    exit();
  • branches/branch-1_5/include/functions_html.inc.php

    r1002 r1003  
    8383    {
    8484      $navbar.= '<a href="';
    85       $navbar.= add_session_id($url.'&amp;start=0');
     85      $navbar.= $url.'&amp;start=0';
    8686      $navbar.= '" class="'.$link_class.'">'.$lang['first_page'];
    8787      $navbar.= '</a>';
     
    9797      $previous = $start - $nb_element_page;
    9898      $navbar.= '<a href="';
    99       $navbar.= add_session_id( $url.'&amp;start='.$previous );
     99      $navbar.= $url.'&amp;start='.$previous;
    100100      $navbar.= '" class="'.$link_class.'">'.$lang['previous_page'];
    101101      $navbar.= '</a>';
     
    110110    {
    111111      $navbar.= '&nbsp;<a href="';
    112       $navbar.= add_session_id($url.'&amp;start=0');
     112      $navbar.= $url.'&amp;start=0';
    113113      $navbar.= '" class="'.$link_class.'">1</a>';
    114114      if ($cur_page > $pages_around + 2)
     
    131131        $temp_start = ($i - 1) * $nb_element_page;
    132132        $navbar.= '&nbsp;<a href="';
    133         $navbar.= add_session_id($url.'&amp;start='.$temp_start);
     133        $navbar.= $url.'&amp;start='.$temp_start;
    134134        $navbar.= '" class="'.$link_class.'">'.$i.'</a>';
    135135      }
     
    149149      }
    150150      $navbar.= ' <a href="';
    151       $navbar.= add_session_id($url.'&amp;start='.$temp_start);
     151      $navbar.= $url.'&amp;start='.$temp_start;
    152152      $navbar.= '" class="'.$link_class.'">'.$maximum.'</a>';
    153153    }
     
    160160      $next = $start + $nb_element_page;
    161161      $navbar.= '<a href="';
    162       $navbar.= add_session_id( $url.'&amp;start='.$next );
     162      $navbar.= $url.'&amp;start='.$next;
    163163      $navbar.= '" class="'.$link_class.'">'.$lang['next_page'].'</a>';
    164164    }
     
    174174      $temp_start = ($maximum - 1) * $nb_element_page;
    175175      $navbar.= '<a href="';
    176       $navbar.= add_session_id($url.'&amp;start='.$temp_start);
     176      $navbar.= $url.'&amp;start='.$temp_start;
    177177      $navbar.= '" class="'.$link_class.'">'.$lang['last_page'];
    178178      $navbar.= '</a>';
     
    243243    {
    244244      $output.= '<a class=""';
    245       $output.= ' href="'.add_session_id(PHPWG_ROOT_PATH.$url.$id).'">';
     245      $output.= ' href="'.PHPWG_ROOT_PATH.$url.$id.'">';
    246246      $output.= $name.'</a>';
    247247    }
     
    312312      $output.= '
    313313<a class=""
    314    href="'.add_session_id(PHPWG_ROOT_PATH.$url.$category_id).'">'.$name.'</a>';
     314   href="'.PHPWG_ROOT_PATH.$url.$category_id.'">'.$name.'</a>';
    315315    }
    316316  }
     
    371371    $menu.= '>';
    372372 
    373     $url = add_session_id(PHPWG_ROOT_PATH.'category.php?cat='.$category['id']);
     373    $url = PHPWG_ROOT_PATH.'category.php?cat='.$category['id'];
    374374    $menu.= "\n".'<a href="'.$url.'">'.$category['name'].'</a>';
    375375
  • branches/branch-1_5/include/functions_session.inc.php

    r808 r1003  
    2626// +-----------------------------------------------------------------------+
    2727
    28 // The function generate_key creates a string with pseudo random characters.
    29 // the size of the string depends on the $conf['session_id_size'].
    30 // Characters used are a-z A-Z and numerical values. Examples :
    31 //                    "Er4Tgh6", "Rrp08P", "54gj"
    32 // input  : none (using global variable)
    33 // output : $key
    34 function generate_key($size)
     28if (isset($conf['session_save_handler']) and ($conf['session_save_handler'] == 'db')) {
     29  session_set_save_handler('pwg_session_open',
     30                           'pwg_session_close',
     31                           'pwg_session_read',
     32                           'pwg_session_write',
     33                           'pwg_session_destroy',
     34                           'pwg_session_gc'
     35                           );
     36}
     37
     38ini_set('session.use_cookies', $conf['session_use_cookies']);
     39ini_set('session.use_only_cookies', $conf['session_use_only_cookies']);
     40ini_set('session.use_trans_sid', $conf['session_use_trans_sid']);
     41ini_set('session.name', $conf['session_name']);
     42
     43function pwg_session_open($path, $name)
     44{
     45  return true;
     46}
     47
     48function pwg_session_close()
     49{
     50  pwg_session_gc();
     51  return true;
     52}
     53
     54function pwg_session_read($session_id)
     55{
     56  $query = "SELECT data FROM " . SESSIONS_TABLE;
     57  $query .= " WHERE id = '$session_id'";
     58  $result = pwg_query($query);
     59  if ($result) {
     60    $row = mysql_fetch_assoc($result);
     61    return $row['data'];
     62  } else {
     63    return '';
     64  }
     65}
     66
     67function pwg_session_write($session_id, $data)
     68{
     69  $query = "SELECT id FROM " . SESSIONS_TABLE;
     70  $query .= " WHERE id = '$session_id'";
     71  $result = pwg_query($query);
     72  if (mysql_num_rows($result)) {
     73    $query = "UPDATE " . SESSIONS_TABLE . " SET expiration = now()";
     74    $query .= " WHERE id = '$session_id'";   
     75    pwg_query($query);
     76  } else {
     77    $query = "INSERT INTO " . SESSIONS_TABLE . " (id,data,expiration)";
     78    $query .= " VALUES('$session_id','$data',now())";
     79    pwg_query($query);   
     80  }
     81  return true;
     82}
     83
     84function pwg_session_destroy($session_id)
     85{
     86  $query = "DELETE FROM " . SESSIONS_TABLE;
     87  $query .= " WHERE id = '$session_id'";
     88  pwg_query($query);
     89  return true;
     90}
     91
     92function pwg_session_gc()
    3593{
    3694  global $conf;
    3795
    38   $md5 = md5(substr(microtime(), 2, 6));
    39   $init = '';
    40   for ( $i = 0; $i < strlen( $md5 ); $i++ )
    41   {
    42     if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i];
    43   }
    44   $init = substr( $init, 0, 8 );
    45   mt_srand( $init );
    46   $key = '';
    47   for ( $i = 0; $i < $size; $i++ )
    48   {
    49     $c = mt_rand( 0, 2 );
    50     if ( $c == 0 )      $key .= chr( mt_rand( 65, 90 ) );
    51     else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) );
    52     else                $key .= mt_rand( 0, 9 );
    53   }
    54   return $key;
    55 }
    56 
    57 /**
    58  * create a new session and returns the session identifier
    59  *
    60  * - find a non-already-used session key
    61  * - create a session in database
    62  * - return session identifier
    63  *
    64  * @param int userid
    65  * @param int session_lentgh : in seconds
    66  * @return string
    67  */
    68 function session_create($userid, $session_length)
    69 {
    70   global $conf;
    71 
    72   // 1. searching an unused session key
    73   $id_found = false;
    74   while (!$id_found)
    75   {
    76     $generated_id = generate_key($conf['session_id_size']);
    77     $query = '
    78 SELECT id
    79   FROM '.SESSIONS_TABLE.'
    80   WHERE id = \''.$generated_id.'\'
    81 ;';
    82     $result = pwg_query($query);
    83     if (mysql_num_rows($result) == 0)
    84     {
    85       $id_found = true;
    86     }
    87   }
    88   // 3. inserting session in database
    89   $query = '
    90 INSERT INTO '.SESSIONS_TABLE.'
    91   (id,user_id,expiration)
    92   VALUES
    93   (\''.$generated_id.'\','.$userid.',
    94    ADDDATE(NOW(), INTERVAL '.$session_length.' SECOND))
    95 ;';
     96  $query = "DELETE FROM " . SESSIONS_TABLE;
     97  $query .= " WHERE UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(expiration) > " . $conf['session_length'];
    9698  pwg_query($query);
    97 
    98   $expiration = $session_length + time();
    99   setcookie('id', $generated_id, $expiration, cookie_path());
    100                
    101   return $generated_id;
    102 }
    103 
    104 // add_session_id adds the id of the session to the string given in
    105 // parameter as $url. If the session id is the first parameter to the url,
    106 // it is preceded by a '?', else it is preceded by a '&amp;'. If the
    107 // parameter $redirect is set to true, '&' is used instead of '&'.
    108 function add_session_id( $url, $redirect = false )
    109 {
    110   global $page, $user, $conf;
    111 
    112   if ($user['is_the_guest']
    113       or $user['has_cookie']
    114       or $conf['apache_authentication'])
    115   {
    116     return $url;
    117   }
    118 
    119   if (preg_match('/\.php\?/', $url))
    120   {
    121     $separator = $redirect ? '&' : '&amp;';
    122   }
    123   else
    124   {
    125     $separator = '?';
    126   }
    127 
    128   return $url.$separator.'id='.$page['session_id'];
    129 }
    130 
    131 // cookie_path returns the path to use for the PhpWebGallery cookie.
    132 // If PhpWebGallery is installed on :
    133 // http://domain.org/meeting/gallery/category.php
    134 // cookie_path will return : "/meeting/gallery"
    135 function cookie_path()
    136 {
    137   return substr($_SERVER['PHP_SELF'],0,strrpos( $_SERVER['PHP_SELF'],'/'));
     99  return true;
    138100}
    139101?>
  • branches/branch-1_5/include/page_header.php

    r850 r1003  
    6262    array(
    6363      'REFRESH_TIME' => $refresh,
    64       'U_REFRESH' => add_session_id( $url_link )
     64      'U_REFRESH' => $url_link
    6565      ));
    6666  $template->assign_block_vars('refresh', array());
  • branches/branch-1_5/include/user.inc.php

    r817 r1003  
    2727
    2828// retrieving connected user informations
    29 if (isset($_COOKIE['id']))
     29if (isset($_COOKIE[session_name()]))
    3030{
    31   $session_id = $_COOKIE['id'];
    32   $user['has_cookie'] = true;
    33 }
    34 else if (isset($_GET['id']))
     31 session_start();
     32 if (isset($_SESSION['id']))
     33 {
     34   $user['id'] = $_SESSION['id'];   
     35 }
     36 else
     37 {
     38   // session timeout
     39   $user['id'] = $conf['guest_id'];
     40   $user['is_the_guest'] = true;
     41 }
     42}
     43else
    3544{
    36   $session_id = $_GET['id'];
    37   $user['has_cookie'] = false;
    38 }
    39 else
    40 {
    41   $user['has_cookie'] = false;
    42 }
    43 
    44 if (isset($session_id)
    45     and ereg("^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id))
    46 {
    47   $page['session_id'] = $session_id;
    48   $query = '
    49 SELECT user_id,expiration,NOW() AS now
    50   FROM '.SESSIONS_TABLE.'
    51   WHERE id = \''.$page['session_id'].'\'
    52 ;';
    53   $result = pwg_query($query);
    54   if (mysql_num_rows($result) > 0)
    55   {
    56     $row = mysql_fetch_array($result);
    57     if (strnatcmp($row['expiration'], $row['now']) < 0)
    58     {
    59       // deletion of the session from the database, because it is
    60       // out-of-date
    61       $delete_query = '
    62 DELETE FROM '.SESSIONS_TABLE.'
    63   WHERE id = \''.$page['session_id'].'\'
    64 ;';
    65       pwg_query($delete_query);
    66     }
    67     else
    68     {
    69       $user['id'] = $row['user_id'];
    70       $user['is_the_guest'] = false;
    71     }
    72   }
    73 }
    74 if (!isset($user['id']))
    75 {
    76   $user['id'] = $conf['guest_id'];
    77   $user['is_the_guest'] = true;
     45 $user['id'] = $conf['guest_id'];
     46 $user['is_the_guest'] = true;
    7847}
    7948
  • branches/branch-1_5/notification.php

    r850 r1003  
    5959  array(
    6060    'FEED_URL' => PHPWG_ROOT_PATH.'feed.php?feed='.$page['feed'],
    61     'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php')
     61    'U_HOME' => PHPWG_ROOT_PATH.'category.php'
    6262    )
    6363  );
  • branches/branch-1_5/password.php

    r901 r1003  
    177177$template->assign_vars(
    178178  array(
    179     'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php')
     179    'U_HOME' => PHPWG_ROOT_PATH.'category.php'
    180180    )
    181181  );
  • branches/branch-1_5/picture.php

    r989 r1003  
    8383{
    8484  echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />';
    85   echo '<a href="'.add_session_id( PHPWG_ROOT_PATH.'category.php' ).'">';
     85  echo '<a href="'.PHPWG_ROOT_PATH.'category.php'.'">';
    8686  echo $lang['thumbnails'].'</a></div>';
    8787  exit();
     
    330330      // there is no favorite picture anymore we redirect the user to the
    331331      // category page
    332       $url = add_session_id($url_up);
    333       redirect($url);
     332      redirect($url_up);
    334333    }
    335334    else if (!$has_prev)
    336335    {
    337336      $url = str_replace( '&amp;', '&', $picture['next']['url'] );
    338       $url = add_session_id( $url, true);
     337      redirect( $url );
    339338    }
    340339    else
    341340    {
    342341      $url = str_replace('&amp;', '&', $picture['prev']['url'] );
    343       $url = add_session_id( $url, true);
     342      redirect( $url );
    344343    }
    345344    redirect( $url );
     
    534533  'L_UP_ALT' => $lang['home'],
    535534 
    536   'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php'),
    537   'U_UP' => add_session_id($url_up),
    538   'U_METADATA' => add_session_id($url_metadata),
    539   'U_ADMIN' => add_session_id($url_admin),
    540   'U_SLIDESHOW'=> add_session_id($url_slide),
    541   'U_ADD_COMMENT' => add_session_id(str_replace( '&', '&amp;', $_SERVER['REQUEST_URI'] ))
     535  'U_HOME' => (PHPWG_ROOT_PATH.'category.php'),
     536  'U_UP' => $url_up,
     537  'U_METADATA' => $url_metadata,
     538  'U_ADMIN' => $url_admin,
     539  'U_SLIDESHOW'=> $url_slide,
     540  'U_ADD_COMMENT' => str_replace( '&', '&amp;', $_SERVER['REQUEST_URI'] )
    542541  )
    543542);
     
    596595    array(
    597596      'URL' =>
    598       add_session_id(
    599597        PHPWG_ROOT_PATH.'picture.php'
    600598        .get_query_string_diff(array('caddie')).'&amp;caddie=1')
    601       )
    602599    );
    603600}
     
    657654      'TITLE_IMG' => $picture['prev']['name'],
    658655      'IMG' => $picture['prev']['thumbnail'],
    659       'U_IMG' => add_session_id($picture['prev']['url'])
     656      'U_IMG' => $picture['prev']['url']
    660657      ));
    661658}
     
    668665      'TITLE_IMG' => $picture['next']['name'],
    669666      'IMG' => $picture['next']['thumbnail'],
    670       'U_IMG' => add_session_id($picture['next']['url'])
     667      'U_IMG' => $picture['next']['url']
    671668      ));
    672669}
     
    691688  $infos['INFO_AUTHOR'] =
    692689    '<a href="'.
    693     add_session_id(
    694690      PHPWG_ROOT_PATH.'category.php?cat=search'.
    695691      '&amp;search=author:'.$picture['current']['author']
    696       ).
    697     '">'.$picture['current']['author'].'</a>';
     692      .'">'.$picture['current']['author'].'</a>';
    698693}
    699694else
     
    707702  $infos['INFO_CREATION_DATE'] =
    708703    '<a href="'.
    709     add_session_id(
    710704      PHPWG_ROOT_PATH.'category.php?cat=search'.
    711705      '&amp;search=date_creation:'.$picture['current']['date_creation']
    712       ).
    713     '">'.format_date($picture['current']['date_creation']).'</a>';
     706      .'">'.format_date($picture['current']['date_creation']).'</a>';
    714707}
    715708else
     
    721714$infos['INFO_AVAILABILITY_DATE'] =
    722715  '<a href="'.
    723   add_session_id(
    724716    PHPWG_ROOT_PATH.'category.php?cat=search'.
    725717    '&amp;search=date_available:'.
    726718    substr($picture['current']['date_available'], 0, 10)
    727     ).
    728     '">'.
     719    .'">'.
    729720  format_date($picture['current']['date_available'], 'mysql_datetime').
    730721  '</a>';
     
    775766      '/([^,]+)/',
    776767      '<a href="'.
    777       add_session_id(
    778768        PHPWG_ROOT_PATH.'category.php?cat=search&amp;search=keywords:$1'
    779         ).
    780       '">$1</a>',
     769        .'">$1</a>',
    781770      $picture['current']['keywords']
    782771      );
     
    902891       
    903892  $template->assign_block_vars('stop_slideshow', array(
    904   'U_SLIDESHOW'=>add_session_id( $picture['current']['url'] )
     893  'U_SLIDESHOW'=>$picture['current']['url']
    905894  ));
    906895}
     
    10551044      $template->assign_block_vars(
    10561045        'comments.comment.delete',
    1057         array('U_COMMENT_DELETE'=>add_session_id( $url.'&amp;del='.$row['id'])
     1046        array('U_COMMENT_DELETE'=> $url.'&amp;del='.$row['id']
    10581047          ));
    10591048    }
  • branches/branch-1_5/profile.php

    r902 r1003  
    137137    // redirection
    138138    $url = PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING'];
    139     redirect(add_session_id($url));
     139    redirect($url);
    140140  }
    141141}
     
    199199    'L_RETURN_HINT' =>  $lang['home_hint'],
    200200
    201     'U_RETURN' => add_session_id(PHPWG_ROOT_PATH.'category.php'),
    202    
    203     'F_ACTION'=>add_session_id($url_action),
     201    'U_RETURN' => PHPWG_ROOT_PATH.'category.php',
     202   
     203    'F_ACTION'=>$url_action,
    204204    ));
    205205
  • branches/branch-1_5/random.php

    r675 r1003  
    6060// +-----------------------------------------------------------------------+
    6161$url = PHPWG_ROOT_PATH.'category.php?cat=list&amp;list='.implode(',', $ids);
    62 redirect(add_session_id($url));
     62redirect($url);
    6363?>
  • branches/branch-1_5/register.php

    r945 r1003  
    7777  'L_EMAIL' => $lang['mail_address'],
    7878
    79   'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php'),
     79  'U_HOME' => PHPWG_ROOT_PATH.'category.php',
    8080 
    81   'F_ACTION' => add_session_id('register.php'),
     81  'F_ACTION' => 'register.php',
    8282  'F_LOGIN' => $login,
    8383  'F_EMAIL' => $email
  • branches/branch-1_5/search.php

    r867 r1003  
    130130{
    131131  $url = 'category.php?cat=search&search='.$search_string;
    132   $url = add_session_id($url, true);
    133132  redirect($url);
    134133}
     
    181180  'TODAY_MONTH' => date('m', time()),
    182181  'TODAY_YEAR' => date('Y', time()),
    183   'S_SEARCH_ACTION' => add_session_id( 'search.php' ),
     182  'S_SEARCH_ACTION' => 'search.php',
    184183  'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=search',
    185   'U_HOME' => add_session_id( 'category.php' )
     184  'U_HOME' => 'category.php'
    186185  )
    187186);
  • branches/branch-1_5/upload.php

    r849 r1003  
    126126  {
    127127    echo '<div style="text-align:center;">'.$lang['upload_forbidden'].'<br />';
    128     echo '<a href="'.add_session_id( './category.php' ).'">';
     128    echo '<a href="./category.php">';
    129129    echo $lang['thumbnails'].'</a></div>';
    130130    exit();
     
    300300  'L_MANDATORY' =>  $lang['mandatory'],
    301301       
    302   'F_ACTION' => add_session_id( $u_form ),
    303 
    304   'U_RETURN' => add_session_id(PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING'])
     302  'F_ACTION' => $u_form,
     303
     304  'U_RETURN' => PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING']
    305305  ));
    306306 
Note: See TracChangeset for help on using the changeset viewer.