Changeset 1004 for trunk

Timestamp:

Jan 15, 2006, 2:45:42 PM (19 years ago)

Author:

nikrou

Message:

Improve security of sessions:

• use only cookies to store session id on client side
• use default php session system with database handler to store sessions on server side

Location:

trunk

Files:

• about.php (modified) (1 diff)
• admin.php (modified) (2 diffs)
• admin/cat_list.php (modified) (6 diffs)
• admin/cat_modify.php (modified) (4 diffs)
• admin/cat_move.php (modified) (1 diff)
• admin/cat_options.php (modified) (1 diff)
• admin/cat_perm.php (modified) (1 diff)
• admin/comments.php (modified) (2 diffs)
• admin/configuration.php (modified) (1 diff)
• admin/element_set_unit.php (modified) (1 diff)
• admin/group_list.php (modified) (1 diff)
• admin/group_perm.php (modified) (1 diff)
• admin/intro.php (modified) (3 diffs)
• admin/maintenance.php (modified) (1 diff)
• admin/picture_modify.php (modified) (2 diffs)
• admin/remote_site.php (modified) (3 diffs)
• admin/stats.php (modified) (5 diffs)
• admin/thumbnail.php (modified) (1 diff)
• admin/user_list.php (modified) (2 diffs)
• admin/user_perm.php (modified) (1 diff)
• admin/waiting.php (modified) (1 diff)
• category.php (modified) (16 diffs)
• comments.php (modified) (3 diffs)
• identification.php (modified) (2 diffs)
• include/category_calendar.inc.php (modified) (6 diffs)
• include/category_default.inc.php (modified) (1 diff)
• include/category_recent_cats.inc.php (modified) (1 diff)
• include/category_subcats.inc.php (modified) (1 diff)
• include/config_default.inc.php (modified) (2 diffs)
• include/functions_category.inc.php (modified) (1 diff)
• include/functions_html.inc.php (modified) (10 diffs)
• include/functions_session.inc.php (modified) (1 diff)
• include/page_header.php (modified) (1 diff)
• include/user.inc.php (modified) (1 diff)
• install/phpwebgallery_structure.sql (modified) (1 diff)
• notification.php (modified) (1 diff)
• password.php (modified) (1 diff)
• picture.php (modified) (12 diffs)
• profile.php (modified) (2 diffs)
• random.php (modified) (1 diff)
• register.php (modified) (1 diff)
• search.php (modified) (2 diffs)
• upload.php (modified) (2 diffs)

trunk/about.php

@@ -46 +46 @@
 $template->assign_vars(
   array(
-    'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php')
+    'U_HOME' => PHPWG_ROOT_PATH.'category.php'
     )
   );

trunk/admin.php

@@ -66 +66 @@
 $template->assign_vars(
   array(
-    'U_HISTORY'=>add_session_id($link_start.'stats' ),
-    'U_FAQ'=>add_session_id($link_start.'help' ),
-    'U_SITES'=>add_session_id($link_start.'remote_site'),
-    'U_MAINTENANCE'=>add_session_id($link_start.'maintenance'),
-    'U_CONFIG_GENERAL'=>add_session_id($conf_link.'general' ),
-    'U_CONFIG_COMMENTS'=>add_session_id($conf_link.'comments' ),
-    'U_CONFIG_DISPLAY'=>add_session_id($conf_link.'default' ),
-    'U_CATEGORIES'=>add_session_id($link_start.'cat_list' ),
-    'U_MOVE'=>add_session_id($link_start.'cat_move' ),
-    'U_CAT_UPLOAD'=>add_session_id($opt_link.'upload'),
-    'U_CAT_COMMENTS'=>add_session_id($opt_link.'comments'),
-    'U_CAT_VISIBLE'=>add_session_id($opt_link.'visible'),
-    'U_CAT_STATUS'=>add_session_id($opt_link.'status'),
-    'U_CAT_OPTIONS'=>add_session_id($link_start.'cat_options'),
-    'U_CAT_UPDATE'=>add_session_id($link_start.'update'),
-    'U_WAITING'=>add_session_id($link_start.'waiting' ),
-    'U_COMMENTS'=>add_session_id($link_start.'comments' ),
-    'U_CADDIE'=>add_session_id($link_start.'element_set&cat=caddie'),
-    'U_THUMBNAILS'=>add_session_id($link_start.'thumbnail' ),
-    'U_USERS'=>add_session_id($link_start.'user_list' ),
-    'U_GROUPS'=>add_session_id($link_start.'group_list' ),
-    'U_RETURN'=>add_session_id(PHPWG_ROOT_PATH.'category.php'),
-    'U_ADMIN'=>add_session_id( PHPWG_ROOT_PATH.'admin.php' ),
+    'U_HISTORY'=> $link_start.'stats',
+    'U_FAQ'=> $link_start.'help',
+    'U_SITES'=> $link_start.'remote_site',
+    'U_MAINTENANCE'=> $link_start.'maintenance',
+    'U_CONFIG_GENERAL'=> $conf_link.'general',
+    'U_CONFIG_COMMENTS'=> $conf_link.'comments',
+    'U_CONFIG_DISPLAY'=> $conf_link.'default',
+    'U_CATEGORIES'=> $link_start.'cat_list',
+    'U_MOVE'=> $link_start.'cat_move',
+    'U_CAT_UPLOAD'=> $opt_link.'upload',
+    'U_CAT_COMMENTS'=> $opt_link.'comments',
+    'U_CAT_VISIBLE'=> $opt_link.'visible',
+    'U_CAT_STATUS'=> $opt_link.'status',
+    'U_CAT_OPTIONS'=> $link_start.'cat_options',
+    'U_CAT_UPDATE'=> $link_start.'update',
+    'U_WAITING'=> $link_start.'waiting',
+    'U_COMMENTS'=> $link_start.'comments',
+    'U_CADDIE'=> $link_start.'element_set&cat=caddie',
+    'U_THUMBNAILS'=> $link_start.'thumbnail',
+    'U_USERS'=> $link_start.'user_list',
+    'U_GROUPS'=> $link_start.'group_list',
+    'U_RETURN'=> PHPWG_ROOT_PATH.'category.php'
+    'U_ADMIN'=> PHPWG_ROOT_PATH.'admin.php',
     'L_ADMIN' => $lang['admin'],
     'L_ADMIN_HINT' => $lang['hint_admin']
@@ -99 +99 @@
     'representative',
     array(
-      'URL' => add_session_id($opt_link.'representative')
+      'URL' => $opt_link.'representative'
       )
     );

trunk/admin/cat_list.php

@@ -66 +66 @@
 
 $base_url = PHPWG_ROOT_PATH.'admin.php?page=cat_list';
-$navigation = '<a class="" href="'.add_session_id($base_url).'">';
+$navigation = '<a class="" href="'.$base_url.'">';
 $navigation.= $lang['home'];
 $navigation.= '</a>';
@@ -239 +239 @@
   'CATEGORIES_NAV'=>$navigation,
   'NEXT_RANK'=>$next_rank,
-  'F_ACTION'=>add_session_id($form_action),
+  'F_ACTION'=>$form_action,
   
   'L_ADD_VIRTUAL'=>$lang['cat_add'],
@@ -319 +319 @@
       'RANK'=>$category['rank']*10,
 
-      'U_JUMPTO'=>
-      add_session_id(PHPWG_ROOT_PATH.'category.php?cat='.$category['id']),
-      
-      'U_CHILDREN'=>
-      add_session_id($cat_list_url.'&amp;parent_id='.$category['id']),
-      
-      'U_EDIT'=>
-      add_session_id($base_url.'cat_modify&amp;cat_id='.$category['id'])
+      'U_JUMPTO'=>PHPWG_ROOT_PATH.'category.php?cat='.$category['id'],
+      'U_CHILDREN'=>$cat_list_url.'&amp;parent_id='.$category['id'],      
+      'U_EDIT'=>$base_url.'cat_modify&amp;cat_id='.$category['id']
       )
     );
@@ -335 +330 @@
       'category.delete',
       array(
-        'URL'=>add_session_id($self_url.'&amp;delete='.$category['id'])
+        'URL'=>$self_url.'&amp;delete='.$category['id']
         )
       );
@@ -345 +340 @@
       'category.elements',
       array(
-        'URL'=>add_session_id($base_url.'element_set&amp;cat='.$category['id'])
+        'URL'=>$base_url.'element_set&amp;cat='.$category['id']
         )
       );
@@ -355 +350 @@
       'category.permissions',
       array(
-        'URL'=>add_session_id($base_url.'cat_perm&amp;cat='.$category['id'])
+        'URL'=>$base_url.'cat_perm&amp;cat='.$category['id']
         )
       );

trunk/admin/cat_modify.php

@@ -172 +172 @@
   'L_SET_RANDOM_REPRESENTANT'=>$lang['cat_representant'],
 
-  'U_JUMPTO'=>
-    add_session_id(PHPWG_ROOT_PATH.'category.php?cat='.$category['id']),
-  'U_CHILDREN'=>
-    add_session_id($cat_list_url.'&parent_id='.$category['id']),
+  'U_JUMPTO'=>PHPWG_ROOT_PATH.'category.php?cat='.$category['id'],
+  'U_CHILDREN'=>$cat_list_url.'&parent_id='.$category['id'],
   'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=cat_modify',
    
-  'F_ACTION'=>add_session_id($form_action)
+  'F_ACTION'=>$form_action
   ));
 
@@ -187 +185 @@
     'permissions',
     array(
-      'URL'=>add_session_id($base_url.'cat_perm&cat='.$category['id'])
+      'URL'=>$base_url.'cat_perm&cat='.$category['id']
         )
     );
@@ -198 +196 @@
     'elements',
     array(
-      'URL'=>add_session_id($base_url.'element_set&cat='.$category['id'])
+      'URL'=>$base_url.'element_set&cat='.$category['id']
       )
     );
@@ -268 +266 @@
     'delete',
     array(
-      'URL'=>add_session_id($self_url.'&delete='.$category['id'])
+      'URL'=>$self_url.'&delete='.$category['id']
       )
     );

trunk/admin/cat_move.php

@@ -69 +69 @@
 $template->assign_vars(
   array(
-    'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=cat_move'),
+    'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=cat_move',
     )
   );

trunk/admin/cat_options.php

@@ -154 +154 @@
     'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=cat_options',
     
-    'F_ACTION'=>add_session_id($base_url.$page['section'])
+    'F_ACTION'=>$base_url.$page['section']
    )
  );

trunk/admin/cat_perm.php

@@ -208 +208 @@
         ),
     'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=cat_perm',
-    'F_ACTION' =>
-      add_session_id(
-        PHPWG_ROOT_PATH.'admin.php?page=cat_perm&cat='.$page['cat']
-        )
+    'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=cat_perm&cat='.$page['cat']
     )
   );

trunk/admin/comments.php

@@ -118 +118 @@
 $template->assign_vars(
   array(
-    'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=comments')
+    'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=comments'
     )
   );
@@ -142 +142 @@
     array(
       'U_PICTURE' =>
-        add_session_id(
           PHPWG_ROOT_PATH.'admin.php?page=picture_modify'.
-          '&image_id='.$row['image_id']
-          ),
+          '&image_id='.$row['image_id'],
       'ID' => $row['id'],
       'TN_SRC' => get_thumbnail_src($row['path'], @$row['tn_ext']),

trunk/admin/configuration.php

@@ -150 +150 @@
     'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=configuration',
     
-    'F_ACTION'=>add_session_id($action)
+    'F_ACTION'=>$action
     ));
 

trunk/admin/element_set_unit.php

@@ -223 +223 @@
             $row['name'] : get_name_from_file($row['file']),
         'U_EDIT' =>
-          add_session_id(
             PHPWG_ROOT_PATH.'admin.php?page=picture_modify'.
-            '&image_id='.$row['id']
-            ),
+            '&image_id='.$row['id'],
         'ID' => $row['id'],
         'FILENAME' => $row['path'],

trunk/admin/group_list.php

@@ -125 +125 @@
 $template->assign_vars(
   array(
-    'F_ADD_ACTION' =>
-      add_session_id(PHPWG_ROOT_PATH.'admin.php?page=group_list')
+    'F_ADD_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=group_list'
     )
   );

trunk/admin/group_perm.php

@@ -141 +141 @@
     
     'F_ACTION' =>
-      add_session_id(
         PHPWG_ROOT_PATH.
         'admin.php?page=group_perm&group_id='.
         $page['group']
-        )
     )
   );

trunk/admin/intro.php

@@ -176 +176 @@
     'DB_GROUPS' => sprintf(l10n('%d groups'), $nb_groups),
     'DB_COMMENTS' => sprintf(l10n('%d comments'), $nb_comments),
-    'U_CHECK_UPGRADE' =>
-      add_session_id(PHPWG_ROOT_PATH.'admin.php?action=check_upgrade'),
-    'U_PHPINFO' =>
-      add_session_id(PHPWG_ROOT_PATH.'admin.php?action=phpinfo')
+    'U_CHECK_UPGRADE' => PHPWG_ROOT_PATH.'admin.php?action=check_upgrade',
+    'U_PHPINFO' => PHPWG_ROOT_PATH.'admin.php?action=phpinfo'
     )
   );
@@ -216 +214 @@
     'waiting',
     array(
-      'URL' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=waiting'),
+      'URL' => PHPWG_ROOT_PATH.'admin.php?page=waiting',
       'INFO' => sprintf(l10n('%d waiting for validation'), $nb_waiting)
       )
@@ -235 +233 @@
     'unvalidated',
     array(
-      'URL' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=comments'),
+      'URL' => PHPWG_ROOT_PATH.'admin.php?page=comments',
       'INFO' => sprintf(l10n('%d waiting for validation'), $nb_comments)
       )

trunk/admin/maintenance.php

@@ -99 +99 @@
 $template->assign_vars(
   array(
-    'U_MAINT_CATEGORIES' => add_session_id($start_url.'categories'),
-    'U_MAINT_IMAGES' => add_session_id($start_url.'images'),
-    'U_MAINT_HISTORY' => add_session_id($start_url.'history'),
-    'U_MAINT_SESSIONS' => add_session_id($start_url.'sessions'),
-    'U_MAINT_FEEDS' => add_session_id($start_url.'feeds'),
+    'U_MAINT_CATEGORIES' => $start_url.'categories',
+    'U_MAINT_IMAGES' => $start_url.'images',
+    'U_MAINT_HISTORY' => $start_url.'history',
+    'U_MAINT_SESSIONS' => $start_url.'sessions',
+    'U_MAINT_FEEDS' => $start_url.'feeds',
     'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=maintenance',
     )

trunk/admin/picture_modify.php

@@ -196 +196 @@
   array(
     'U_SYNC' =>
-      add_session_id(
         PHPWG_ROOT_PATH.'admin.php?page=picture_modify'.
         '&image_id='.$_GET['image_id'].
         (isset($_GET['cat_id']) ? '&cat_id='.$_GET['cat_id'] : '').
-        '&sync_metadata=1'
-        ),
+        '&sync_metadata=1',
     
     'PATH'=>$row['path'],
@@ -231 +229 @@
   
     'F_ACTION' =>
-      add_session_id(
         PHPWG_ROOT_PATH.'admin.php'
         .get_query_string_diff(array('sync_metadata'))
-        )
     )
   );

trunk/admin/remote_site.php

@@ -516 +516 @@
     'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=remote_site',
     
-    'F_ACTION'=>add_session_id(PHPWG_ROOT_PATH.'admin.php?page=remote_site')
+    'F_ACTION'=>PHPWG_ROOT_PATH.'admin.php?page=remote_site'
    )
  );
@@ -687 +687 @@
       array(
         'URL' => $url,
-        'U_UPDATE' => add_session_id($base_url.'local_update')
+        'U_UPDATE' => $base_url.'local_update'
         )
       );
@@ -732 +732 @@
     array(
       'NAME' => $row['galleries_url'],
-      'U_GENERATE' => add_session_id($base_url.'generate'),
-      'U_UPDATE' => add_session_id($base_url.'update'),
-      'U_CLEAN' => add_session_id($base_url.'clean'),
-      'U_DELETE' => add_session_id($base_url.'delete')
+      'U_GENERATE' => $base_url.'generate',
+      'U_UPDATE' => $base_url.'update',
+      'U_CLEAN' => $base_url.'clean',
+      'U_DELETE' => $base_url.'delete'
      )
    );

trunk/admin/stats.php

@@ -63 +63 @@
   $title_page=$lang['stats_day_title'].' du '.$date_of_day;
   $url_back = PHPWG_ROOT_PATH."admin.php?page=stats";
-  $url_back = add_session_id($url_back);
+  $url_back = $url_back;
   $title_details='<a href='.$url_back.'>'.$lang['stats_day_title'].'</a>';
   $title_day = $date_of_day;
@@ -72 +72 @@
   $title_page=$lang['stats_month_title'].' : '.$date_of_day;
   $url_back = PHPWG_ROOT_PATH."admin.php?page=stats";
-  $url_back = add_session_id($url_back);
+  $url_back = $url_back;
   $title_details='<a href='.$url_back.'>'.$lang['stats_day_title'].'</a>';
   $title_day=$lang['today'];
@@ -106 +106 @@
   'L_STAT_PICTURE'=>$lang['stats_picture'],
   
-  'IMG_REPORT'=>add_session_id($url_img)
+  'IMG_REPORT'=>$url_img
   ));
 
@@ -142 +142 @@
       ;
 
-    $value = '<a href="'.add_session_id($url).'">';
+    $value = '<a href="'.$url.'">';
     $value.= $row['d'].' ('.$week_day.')';
     $value.= "</a>";
@@ -161 +161 @@
       ;
     
-    $value = '<a href="'.add_session_id($url).'">';
+    $value = '<a href="'.$url.'">';
     $value.= $lang['month'][$row['m']].' '.$row['y'];
     $value.= "</a>";

trunk/admin/thumbnail.php

@@ -359 +359 @@
     'params',
     array(
-      'F_ACTION'=>add_session_id($form_url),
+      'F_ACTION'=>$form_url,
       $gdlabel=>'checked="checked"',
       $nlabel=>'checked="checked"',

trunk/admin/user_list.php

@@ -425 +425 @@
 $template->set_filenames(array('user_list'=>'admin/user_list.tpl'));
 
-$base_url = add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_list');
+$base_url = PHPWG_ROOT_PATH.'admin.php?page=user_list';
 
 if (isset($_GET['start']) and is_numeric($_GET['start']))
@@ -791 +791 @@
       'ID' => $local_user['id'],
       'CHECKED' => $checked,
-      'U_MOD' => add_session_id($profile_url.$local_user['id']),
-      'U_PERM' => add_session_id($perm_url.$local_user['id']),
+      'U_MOD' => $profile_url.$local_user['id'],
+      'U_PERM' => $perm_url.$local_user['id'],
       'USERNAME' => $local_user['username'],
       'STATUS' => $lang['user_status_'.$local_user['status']],

trunk/admin/user_perm.php

@@ -134 +134 @@
     
     'F_ACTION' =>
-      add_session_id(
         PHPWG_ROOT_PATH.
         'admin.php?page=user_perm'.
         '&user_id='.$page['user']
-        )
     )
   );

trunk/admin/waiting.php

@@ -149 +149 @@
   'L_DELETE'=>$lang['delete'],
   
-  'F_ACTION'=>add_session_id(str_replace( '&', '&', $_SERVER['REQUEST_URI'] ))
+  'F_ACTION'=>str_replace( '&', '&', $_SERVER['REQUEST_URI'])
   ));
   

trunk/category.php

@@ -32 +32 @@
 if ( isset( $_GET['act'] )
      and $_GET['act'] == 'logout'
-     and isset( $_COOKIE['id'] ) )
+     and isset( $_COOKIE[session_name()] ) )
 {
   // cookie deletion if exists
-  setcookie( 'id', '', 0, cookie_path() );
+  $_SESSION = array();
+  session_unset();
+  session_destroy();
+  setcookie(session_name(),'',0,'/');
   $url = 'category.php';
   redirect( $url );
@@ -164 +167 @@
   'L_REMEMBER_ME' => $lang['remember_me'],
   
-  'F_IDENTIFY' => add_session_id( PHPWG_ROOT_PATH.'identification.php' ),
+  'F_IDENTIFY' => PHPWG_ROOT_PATH.'identification.php',
   'T_RECENT' => $icon_recent,
 
-  'U_HOME' => add_session_id( PHPWG_ROOT_PATH.'category.php' ),
-  'U_REGISTER' => add_session_id( PHPWG_ROOT_PATH.'register.php' ),
-  'U_LOST_PASSWORD' => add_session_id(PHPWG_ROOT_PATH.'password.php'),
+  'U_HOME' => PHPWG_ROOT_PATH.'category.php',
+  'U_REGISTER' => PHPWG_ROOT_PATH.'register.php',
+  'U_LOST_PASSWORD' => PHPWG_ROOT_PATH.'password.php',
   'U_LOGOUT' => PHPWG_ROOT_PATH.'category.php?act=logout',
-  'U_ADMIN'=>add_session_id( PHPWG_ROOT_PATH.'admin.php' ),
-  'U_PROFILE'=>add_session_id(PHPWG_ROOT_PATH.'profile.php')
+  'U_ADMIN'=> PHPWG_ROOT_PATH.'admin.php',
+  'U_PROFILE'=> PHPWG_ROOT_PATH.'profile.php'
   )
 );
@@ -199 +202 @@
     'special_cat',
     array(
-      'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=fav'),
+      'URL' => PHPWG_ROOT_PATH.'category.php?cat=fav',
       'TITLE' => $lang['favorite_cat_hint'],
       'NAME' => $lang['favorite_cat']
@@ -208 +211 @@
   'special_cat',
   array(
-    'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=most_visited'),
+    'URL' => PHPWG_ROOT_PATH.'category.php?cat=most_visited',
     'TITLE' => $lang['most_visited_cat_hint'],
     'NAME' => $lang['most_visited_cat']
@@ -218 +221 @@
     'special_cat',
     array(
-      'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=best_rated'),
+      'URL' => PHPWG_ROOT_PATH.'category.php?cat=best_rated',
       'TITLE' => $lang['best_rated_cat_hint'],
       'NAME' => $lang['best_rated_cat']
@@ -228 +231 @@
   'special_cat',
   array(
-    'URL' => add_session_id(PHPWG_ROOT_PATH.'random.php'),
+    'URL' => PHPWG_ROOT_PATH.'random.php',
     'TITLE' => $lang['random_cat_hint'],
     'NAME' => $lang['random_cat']
@@ -236 +239 @@
   'special_cat',
   array(
-    'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=recent_pics'),
+    'URL' => PHPWG_ROOT_PATH.'category.php?cat=recent_pics',
     'TITLE' => $lang['recent_pics_cat_hint'],
     'NAME' => $lang['recent_pics_cat']
@@ -244 +247 @@
   'special_cat',
   array(
-    'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=recent_cats'),
+    'URL' => PHPWG_ROOT_PATH.'category.php?cat=recent_cats',
     'TITLE' => $lang['recent_cats_cat_hint'],
     'NAME' => $lang['recent_cats_cat']
@@ -252 +255 @@
   'special_cat',
   array(
-    'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=calendar'),
+    'URL' => PHPWG_ROOT_PATH.'category.php?cat=calendar',
     'TITLE' => $lang['calendar_hint'],
     'NAME' => $lang['calendar']
@@ -291 +294 @@
 'TITLE'=>$lang['hint_search'],
 'NAME'=>$lang['search'],
-'U_SUMMARY'=>add_session_id( 'search.php' ),
+'U_SUMMARY'=> 'search.php',
 ));
 
@@ -298 +301 @@
 'TITLE'=>$lang['hint_comments'],
 'NAME'=>$lang['comments'],
-'U_SUMMARY'=>add_session_id( 'comments.php' ),
+'U_SUMMARY'=> 'comments.php',
 ));
 
@@ -305 +308 @@
 'TITLE'=>$lang['about_page_title'],
 'NAME'=>$lang['About'],
-'U_SUMMARY'=>add_session_id( 'about.php?'.str_replace( '&', '&', $_SERVER['QUERY_STRING'] ) )
+'U_SUMMARY'=> 'about.php?'.str_replace( '&', '&', $_SERVER['QUERY_STRING'] ) 
 ));
 
@@ -314 +317 @@
     'TITLE'=>l10n('notification'),
     'NAME'=>l10n('Notification'),
-    'U_SUMMARY'=>add_session_id(PHPWG_ROOT_PATH.'notification.php')
+    'U_SUMMARY'=> PHPWG_ROOT_PATH.'notification.php'
 ));
 
@@ -325 +328 @@
     array(
       'URL' =>
-        add_session_id(
           PHPWG_ROOT_PATH.'admin.php?page=cat_modify'
           .'&cat_id='.$page['cat']
-          )
       )
     );
@@ -353 +354 @@
       array(
         'URL' =>
-          add_session_id(
             PHPWG_ROOT_PATH.'category.php'
             .get_query_string_diff(array('caddie')).'&caddie=1')
-        )
       );
   }
@@ -384 +383 @@
     $template->assign_block_vars(
       'upload',
-      array('U_UPLOAD'=>add_session_id( $url ))
+      array('U_UPLOAD'=> $url )
       );
   }

trunk/comments.php

@@ -180 +180 @@
     'F_AUTHOR'=>@$_GET['author'],
     
-    'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php')
+    'U_HOME' => PHPWG_ROOT_PATH.'category.php'
     )
   );
@@ -415 +415 @@
         'TITLE_IMG'=>$name,
         'I_THUMB'=>$thumbnail_src,
-        'U_THUMB'=>add_session_id($url)
+        'U_THUMB'=>$url
         ));
     
@@ -427 +427 @@
       'comment',
       array(
-        'U_PICTURE' => add_session_id($url),
+        'U_PICTURE' => $url,
         'TN_SRC' => $thumbnail_src,
         'AUTHOR' => $author,

trunk/identification.php

@@ -52 +52 @@
       $session_length = $conf['remember_me_length'];
     }
-    $session_id = session_create($row['id'], $session_length);
-    redirect('category.php?id='.$session_id);
+    session_start();
+    $_SESSION['id'] = $row['id'];
+    redirect('category.php');
   }
   else
@@ -81 +82 @@
     'L_REMEMBER_ME'=>$lang['remember_me'],
 
-    'U_REGISTER' => add_session_id(PHPWG_ROOT_PATH.'register.php'),
-    'U_LOST_PASSWORD' => add_session_id(PHPWG_ROOT_PATH.'password.php'),
-    'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php'),
+    'U_REGISTER' => PHPWG_ROOT_PATH.'register.php',
+    'U_LOST_PASSWORD' => PHPWG_ROOT_PATH.'password.php',
+    'U_HOME' => PHPWG_ROOT_PATH.'category.php',
     
-    'F_LOGIN_ACTION' => add_session_id(PHPWG_ROOT_PATH.'identification.php')
+    'F_LOGIN_ACTION' => PHPWG_ROOT_PATH.'identification.php'
     ));
 

trunk/include/category_calendar.inc.php

@@ -68 +68 @@
     $url = PHPWG_ROOT_PATH.'category.php?cat=calendar';
     $url.= '&year='.$calendar_year;
-    $url = add_session_id($url);
     $years_nav_bar.= ' <a href="'.$url.'">'.$calendar_year.'</a>';
   }
@@ -125 +124 @@
       $url.= $page['calendar_year'].'.'.sprintf('%02s', $calendar_month);
       $months_nav_bar.= ' ';
-      $months_nav_bar.= '<a href="'.add_session_id($url).'">';
+      $months_nav_bar.= '<a href="'.$url.'">';
       $months_nav_bar.= $lang['month'][(int)$calendar_month];
       $months_nav_bar.= '</a>';
@@ -249 +248 @@
         'IMAGE_TITLE'=>$thumbnail_title,
           
-        'U_IMG_LINK'=>add_session_id($url_link)
+        'U_IMG_LINK'=>$url_link
        )
      );
@@ -309 +308 @@
         'IMAGE_TITLE'=>$thumbnail_title,
           
-        'U_IMG_LINK'=>add_session_id($url_link)
+        'U_IMG_LINK'=>$url_link
        )
      );
@@ -363 +362 @@
         'IMAGE_TITLE'=>$thumbnail_title,
           
-        'U_IMG_LINK'=>add_session_id($url_link)
+        'U_IMG_LINK'=>$url_link
          )
        );
@@ -437 +436 @@
         'IMAGE_TITLE'=>$thumbnail_title,
           
-        'U_IMG_LINK'=>add_session_id($url_link)
+        'U_IMG_LINK'=>$url_link
          )
        );

trunk/include/category_default.inc.php

@@ -90 +90 @@
       'IMAGE_TS'           => get_icon($row['date_available']),
       
-      'U_IMG_LINK'         => add_session_id($url_link)
+      'U_IMG_LINK'         => $url_link
       )
     );

trunk/include/category_recent_cats.inc.php

@@ -79 +79 @@
       'IMAGE_TITLE'             => $lang['hint_category'],
         
-      'U_IMG_LINK'              => add_session_id($url_link)
+      'U_IMG_LINK'              => $url_link
       )
     );

trunk/include/category_subcats.inc.php

@@ -153 +153 @@
         'IMAGE_TS' => get_icon(@$item['date_last']),
         'U_IMG_LINK' =>
-          add_session_id(PHPWG_ROOT_PATH.'category.php?cat='.$item['category'])
+          PHPWG_ROOT_PATH.'category.php?cat='.$item['category']
         )
       );

trunk/include/config_default.inc.php

@@ -265 +265 @@
 // +-----------------------------------------------------------------------+
 
+// specifies to use cookie to store the session id on client side
+$conf['session_use_cookies'] = 1;
+
+// specifies to only use cookie to store the session id on client side
+$conf['session_use_only_cookies'] = 1;
+
+// do not use transparent session id support
+$conf['session_use_trans_sid'] = 0;
+
+// specifies the name of the session which is used as cookie name
+$conf['session_name'] = 'pwg_id';
+
+// comment the line below to use file handler for sessions.
+$conf['session_save_handler'] = 'db';
+
 // authorize_remembering : permits user to stay logged for a long time. It
 // creates a cookie on client side.
@@ -275 +290 @@
 // session_length : time of validity for normal session, in seconds.
 $conf['session_length'] = 3600;
-
-// session_id_size : a session identifier is compound of alphanumeric
-// characters and is case sensitive. Each character is among 62
-// possibilities. The number of possible sessions is
-// 62^$conf['session_id_size'].
-//
-// 62^5  =             916,132,832
-// 62^10 = 839,299,365,868,340,224
-//
-$conf['session_id_size'] = 10;
 
 // +-----------------------------------------------------------------------+

trunk/include/functions_category.inc.php

@@ -48 +48 @@
   {
     echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />';
-    echo '<a href="'.add_session_id( './category.php' ).'">';
+    echo '<a href="./category.php">';
     echo $lang['thumbnails'].'</a></div>';
     exit();

trunk/include/functions_html.inc.php

@@ -82 +82 @@
     {
       $navbar.= '<a href="';
-      $navbar.= add_session_id($url.'&amp;start=0');
+      $navbar.= $url.'&amp;start=0';
       $navbar.= '" class="'.$link_class.'">'.$lang['first_page'];
       $navbar.= '</a>';
@@ -96 +96 @@
       $previous = $start - $nb_element_page;
       $navbar.= '<a href="';
-      $navbar.= add_session_id( $url.'&amp;start='.$previous );
+      $navbar.= $url.'&amp;start='.$previous;
       $navbar.= '" class="'.$link_class.'">'.$lang['previous_page'];
       $navbar.= '</a>';
@@ -109 +109 @@
     {
       $navbar.= '&nbsp;<a href="';
-      $navbar.= add_session_id($url.'&amp;start=0');
+      $navbar.= $url.'&amp;start=0';
       $navbar.= '" class="'.$link_class.'">1</a>';
       if ($cur_page > $pages_around + 2)
@@ -130 +130 @@
         $temp_start = ($i - 1) * $nb_element_page;
         $navbar.= '&nbsp;<a href="';
-        $navbar.= add_session_id($url.'&amp;start='.$temp_start);
+        $navbar.= $url.'&amp;start='.$temp_start;
         $navbar.= '" class="'.$link_class.'">'.$i.'</a>';
       }
@@ -148 +148 @@
       }
       $navbar.= ' <a href="';
-      $navbar.= add_session_id($url.'&amp;start='.$temp_start);
+      $navbar.= $url.'&amp;start='.$temp_start;
       $navbar.= '" class="'.$link_class.'">'.$maximum.'</a>';
     }
@@ -159 +159 @@
       $next = $start + $nb_element_page;
       $navbar.= '<a href="';
-      $navbar.= add_session_id( $url.'&amp;start='.$next );
+      $navbar.= $url.'&amp;start='.$next;
       $navbar.= '" class="'.$link_class.'">'.$lang['next_page'].'</a>';
     }
@@ -173 +173 @@
       $temp_start = ($maximum - 1) * $nb_element_page;
       $navbar.= '<a href="';
-      $navbar.= add_session_id($url.'&amp;start='.$temp_start);
+      $navbar.= $url.'&amp;start='.$temp_start;
       $navbar.= '" class="'.$link_class.'">'.$lang['last_page'];
       $navbar.= '</a>';
@@ -242 +242 @@
     {
       $output.= '<a class=""';
-      $output.= ' href="'.add_session_id(PHPWG_ROOT_PATH.$url.$id).'">';
+      $output.= ' href="'.PHPWG_ROOT_PATH.$url.$id.'">';
       $output.= $name.'</a>';
     }
@@ -311 +311 @@
       $output.= '
 <a class=""
-   href="'.add_session_id(PHPWG_ROOT_PATH.$url.$category_id).'">'.$name.'</a>';
+   href="'.PHPWG_ROOT_PATH.$url.$category_id.'">'.$name.'</a>';
     }
   }
@@ -370 +370 @@
     $menu.= '>';
   
-    $url = add_session_id(PHPWG_ROOT_PATH.'category.php?cat='.$category['id']);
+    $url = PHPWG_ROOT_PATH.'category.php?cat='.$category['id'];
     $menu.= "\n".'<a href="'.$url.'">'.$category['name'].'</a>';
 

trunk/include/functions_session.inc.php

@@ -26 +26 @@
 // +-----------------------------------------------------------------------+
 
-// The function generate_key creates a string with pseudo random characters.
-// the size of the string depends on the $conf['session_id_size'].
-// Characters used are a-z A-Z and numerical values. Examples :
-//                    "Er4Tgh6", "Rrp08P", "54gj"
-// input  : none (using global variable)
-// output : $key
-function generate_key($size)
+if (isset($conf['session_save_handler']) and ($conf['session_save_handler'] == 'db')) {
+  session_set_save_handler('pwg_session_open', 
+                           'pwg_session_close',
+                           'pwg_session_read',
+                           'pwg_session_write',
+                           'pwg_session_destroy',
+                           'pwg_session_gc'
+                           );
+}
+
+ini_set('session.use_cookies', $conf['session_use_cookies']);
+ini_set('session.use_only_cookies', $conf['session_use_only_cookies']);
+ini_set('session.use_trans_sid', $conf['session_use_trans_sid']);
+ini_set('session.name', $conf['session_name']);
+
+function pwg_session_open($path, $name) 
+{
+  return true;
+}
+
+function pwg_session_close() 
+{
+  pwg_session_gc();
+  return true;
+}
+
+function pwg_session_read($session_id) 
+{
+  $query = "SELECT data FROM " . SESSIONS_TABLE;
+  $query .= " WHERE id = '$session_id'";
+  $result = pwg_query($query);
+  if ($result) {
+    $row = mysql_fetch_assoc($result);
+    return $row['data'];
+  } else {
+    return '';
+  }
+}
+
+function pwg_session_write($session_id, $data) 
+{
+  $query = "SELECT id FROM " . SESSIONS_TABLE;
+  $query .= " WHERE id = '$session_id'";
+  $result = pwg_query($query);
+  if (mysql_num_rows($result)) {
+    $query = "UPDATE " . SESSIONS_TABLE . " SET expiration = now()";
+    $query .= " WHERE id = '$session_id'";    
+    pwg_query($query);
+  } else {
+    $query = "INSERT INTO " . SESSIONS_TABLE . " (id,data,expiration)";
+    $query .= " VALUES('$session_id','$data',now())";
+    pwg_query($query);    
+  }
+  return true;
+}
+
+function pwg_session_destroy($session_id) 
+{
+  $query = "DELETE FROM " . SESSIONS_TABLE;
+  $query .= " WHERE id = '$session_id'";
+  pwg_query($query);
+  return true;
+}
+
+function pwg_session_gc() 
 {
   global $conf;
 
-  $md5 = md5(substr(microtime(), 2, 6));
-  $init = '';
-  for ( $i = 0; $i < strlen( $md5 ); $i++ )
-  {
-    if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i];
-  }
-  $init = substr( $init, 0, 8 );
-  mt_srand( $init );
-  $key = '';
-  for ( $i = 0; $i < $size; $i++ )
-  {
-    $c = mt_rand( 0, 2 );
-    if ( $c == 0 )      $key .= chr( mt_rand( 65, 90 ) );
-    else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) );
-    else                $key .= mt_rand( 0, 9 );
-  }
-  return $key;
-}
-
-/**
- * create a new session and returns the session identifier
- *
- * - find a non-already-used session key
- * - create a session in database
- * - return session identifier
- *
- * @param int userid
- * @param int session_lentgh : in seconds
- * @return string
- */
-function session_create($userid, $session_length)
-{
-  global $conf;
-
-  // 1. searching an unused session key
-  $id_found = false;
-  while (!$id_found)
-  {
-    $generated_id = generate_key($conf['session_id_size']);
-    $query = '
-SELECT id
-  FROM '.SESSIONS_TABLE.'
-  WHERE id = \''.$generated_id.'\'
-;';
-    $result = pwg_query($query);
-    if (mysql_num_rows($result) == 0)
-    {
-      $id_found = true;
-    }
-  }
-  // 3. inserting session in database
-  $query = '
-INSERT INTO '.SESSIONS_TABLE.'
-  (id,user_id,expiration)
-  VALUES
-  (\''.$generated_id.'\','.$userid.',
-   ADDDATE(NOW(), INTERVAL '.$session_length.' SECOND))
-;';
+  $query = "DELETE FROM " . SESSIONS_TABLE;
+  $query .= " WHERE UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(expiration) > " . $conf['session_length'];
   pwg_query($query);
-
-  $expiration = $session_length + time();
-  setcookie('id', $generated_id, $expiration, cookie_path());
-                
-  return $generated_id;
-}
-
-// add_session_id adds the id of the session to the string given in
-// parameter as $url. If the session id is the first parameter to the url,
-// it is preceded by a '?', else it is preceded by a '&amp;'. If the
-// parameter $redirect is set to true, '&' is used instead of '&'.
-function add_session_id( $url, $redirect = false )
-{
-  global $page, $user, $conf;
-
-  if ($user['is_the_guest']
-      or $user['has_cookie']
-      or $conf['apache_authentication'])
-  {
-    return $url;
-  }
-
-  if (preg_match('/\.php\?/', $url))
-  {
-    $separator = $redirect ? '&' : '&amp;';
-  }
-  else
-  {
-    $separator = '?';
-  }
-
-  return $url.$separator.'id='.$page['session_id'];
-}
-
-// cookie_path returns the path to use for the PhpWebGallery cookie.
-// If PhpWebGallery is installed on :
-// http://domain.org/meeting/gallery/category.php
-// cookie_path will return : "/meeting/gallery"
-function cookie_path()
-{
-  return substr($_SERVER['PHP_SELF'],0,strrpos( $_SERVER['PHP_SELF'],'/'));
+  return true;
 }
 ?>

trunk/include/page_header.php

@@ -62 +62 @@
     array(
       'REFRESH_TIME' => $refresh,
-      'U_REFRESH' => add_session_id( $url_link )
+      'U_REFRESH' => $url_link
       ));
   $template->assign_block_vars('refresh', array());

trunk/include/user.inc.php

@@ -27 +27 @@
 
 // retrieving connected user informations
-if (isset($_COOKIE['id']))
+if (isset($_COOKIE[session_name()])) 
 {
-  $session_id = $_COOKIE['id'];
-  $user['has_cookie'] = true;
-}
-else if (isset($_GET['id']))
+ session_start();
+ if (isset($_SESSION['id'])) 
+ {
+   $user['id'] = $_SESSION['id'];    
+ }
+ else 
+ {
+   // session timeout
+   $user['id'] = $conf['guest_id'];
+   $user['is_the_guest'] = true;
+ }
+} 
+else 
 {
-  $session_id = $_GET['id'];
-  $user['has_cookie'] = false;
-}
-else
-{
-  $user['has_cookie'] = false;
-}
-
-if (isset($session_id)
-    and ereg("^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id))
-{
-  $page['session_id'] = $session_id;
-  $query = '
-SELECT user_id,expiration,NOW() AS now
-  FROM '.SESSIONS_TABLE.'
-  WHERE id = \''.$page['session_id'].'\'
-;';
-  $result = pwg_query($query);
-  if (mysql_num_rows($result) > 0)
-  {
-    $row = mysql_fetch_array($result);
-    if (strnatcmp($row['expiration'], $row['now']) < 0)
-    {
-      // deletion of the session from the database, because it is
-      // out-of-date
-      $delete_query = '
-DELETE FROM '.SESSIONS_TABLE.'
-  WHERE id = \''.$page['session_id'].'\'
-;';
-      pwg_query($delete_query);
-    }
-    else
-    {
-      $user['id'] = $row['user_id'];
-      $user['is_the_guest'] = false;
-    }
-  }
-}
-if (!isset($user['id']))
-{
-  $user['id'] = $conf['guest_id'];
-  $user['is_the_guest'] = true;
+ $user['id'] = $conf['guest_id'];
+ $user['is_the_guest'] = true;
 }
 

trunk/install/phpwebgallery_structure.sql

@@ -184 +184 @@
 CREATE TABLE `phpwebgallery_sessions` (
   `id` varchar(255) binary NOT NULL default '',
-  `user_id` smallint(5) NOT NULL default '0',
+  `data` text NOT NULL,
   `expiration` datetime NOT NULL default '0000-00-00 00:00:00',
   PRIMARY KEY  (`id`)

trunk/notification.php

@@ -59 +59 @@
   array(
     'FEED_URL' => PHPWG_ROOT_PATH.'feed.php?feed='.$page['feed'],
-    'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php')
+    'U_HOME' => PHPWG_ROOT_PATH.'category.php'
     )
   );

trunk/password.php

@@ -177 +177 @@
 $template->assign_vars(
   array(
-    'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php')
+    'U_HOME' => PHPWG_ROOT_PATH.'category.php'
     )
   );

trunk/picture.php

@@ -77 +77 @@
 {
   echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />';
-  echo '<a href="'.add_session_id( PHPWG_ROOT_PATH.'category.php' ).'">';
+  echo '<a href="'.PHPWG_ROOT_PATH.'category.php'.'">';
   echo $lang['thumbnails'].'</a></div>';
   exit();
@@ -324 +324 @@
       // there is no favorite picture anymore we redirect the user to the
       // category page
-      $url = add_session_id($url_up);
-      redirect($url);
+      redirect($url_up);
     }
     else if (!$has_prev)
     {
       $url = str_replace( '&amp;', '&', $picture['next']['url'] );
-      $url = add_session_id( $url, true);
+      redirect( $url );
     }
     else
     {
       $url = str_replace('&amp;', '&', $picture['prev']['url'] );
-      $url = add_session_id( $url, true);
+      redirect( $url );
     }
     redirect( $url );
@@ -523 +522 @@
   'L_UP_ALT' => $lang['home'],
   
-  'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php'),
-  'U_UP' => add_session_id($url_up),
-  'U_METADATA' => add_session_id($url_metadata),
-  'U_ADMIN' => add_session_id($url_admin),
-  'U_SLIDESHOW'=> add_session_id($url_slide),
-  'U_ADD_COMMENT' => add_session_id(str_replace( '&', '&amp;', $_SERVER['REQUEST_URI'] ))
+  'U_HOME' => (PHPWG_ROOT_PATH.'category.php'),
+  'U_UP' => $url_up,
+  'U_METADATA' => $url_metadata,
+  'U_ADMIN' => $url_admin,
+  'U_SLIDESHOW'=> $url_slide,
+  'U_ADD_COMMENT' => str_replace( '&', '&amp;', $_SERVER['REQUEST_URI'] )
   )
 );
@@ -585 +584 @@
     array(
       'URL' =>
-      add_session_id(
         PHPWG_ROOT_PATH.'picture.php'
         .get_query_string_diff(array('caddie')).'&amp;caddie=1')
-      )
     );
 }
@@ -646 +643 @@
       'TITLE_IMG' => $picture['prev']['name'],
       'IMG' => $picture['prev']['thumbnail'],
-      'U_IMG' => add_session_id($picture['prev']['url'])
+      'U_IMG' => $picture['prev']['url']
       ));
 }
@@ -657 +654 @@
       'TITLE_IMG' => $picture['next']['name'],
       'IMG' => $picture['next']['thumbnail'],
-      'U_IMG' => add_session_id($picture['next']['url'])
+      'U_IMG' => $picture['next']['url']
       ));
 }
@@ -680 +677 @@
   $infos['INFO_AUTHOR'] =
     '<a href="'.
-    add_session_id(
       PHPWG_ROOT_PATH.'category.php?cat=search'.
       '&amp;search=author:'.$picture['current']['author']
-      ).
-    '">'.$picture['current']['author'].'</a>';
+      .'">'.$picture['current']['author'].'</a>';
 }
 else
@@ -696 +691 @@
   $infos['INFO_CREATION_DATE'] =
     '<a href="'.
-    add_session_id(
       PHPWG_ROOT_PATH.'category.php?cat=search'.
       '&amp;search=date_creation:'.$picture['current']['date_creation']
-      ).
-    '">'.format_date($picture['current']['date_creation']).'</a>';
+      .'">'.format_date($picture['current']['date_creation']).'</a>';
 }
 else
@@ -710 +703 @@
 $infos['INFO_AVAILABILITY_DATE'] =
   '<a href="'.
-  add_session_id(
     PHPWG_ROOT_PATH.'category.php?cat=search'.
     '&amp;search=date_available:'.
     substr($picture['current']['date_available'], 0, 10)
-    ).
-    '">'.
+    .'">'.
   format_date($picture['current']['date_available'], 'mysql_datetime').
   '</a>';
@@ -764 +755 @@
       '/([^,]+)/',
       '<a href="'.
-      add_session_id(
         PHPWG_ROOT_PATH.'category.php?cat=search&amp;search=keywords:$1'
-        ).
-      '">$1</a>',
+        .'">$1</a>',
       $picture['current']['keywords']
       );
@@ -891 +880 @@
         
   $template->assign_block_vars('stop_slideshow', array(
-  'U_SLIDESHOW'=>add_session_id( $picture['current']['url'] )
+  'U_SLIDESHOW'=>$picture['current']['url']
   ));
 }
@@ -1044 +1033 @@
       $template->assign_block_vars(
         'comments.comment.delete',
-        array('U_COMMENT_DELETE'=>add_session_id( $url.'&amp;del='.$row['id'])
+        array('U_COMMENT_DELETE'=> $url.'&amp;del='.$row['id']
           ));
     }

trunk/profile.php

@@ -137 +137 @@
     // redirection
     $url = PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING'];
-    redirect(add_session_id($url));
+    redirect($url);
   }
 }
@@ -199 +199 @@
     'L_RETURN_HINT' =>  $lang['home_hint'],
 
-    'U_RETURN' => add_session_id(PHPWG_ROOT_PATH.'category.php'),
-    
-    'F_ACTION'=>add_session_id($url_action),
+    'U_RETURN' => PHPWG_ROOT_PATH.'category.php',
+    
+    'F_ACTION'=>$url_action,
     ));
 

trunk/random.php

@@ -60 +60 @@
 // +-----------------------------------------------------------------------+
 $url = PHPWG_ROOT_PATH.'category.php?cat=list&list='.implode(',', $ids);
-redirect(add_session_id($url));
+redirect($url);
 ?>

trunk/register.php

@@ -76 +76 @@
   'L_EMAIL' => $lang['mail_address'],
 
-  'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php'),
+  'U_HOME' => PHPWG_ROOT_PATH.'category.php',
   
-  'F_ACTION' => add_session_id('register.php'),
+  'F_ACTION' => 'register.php',
   'F_LOGIN' => $login,
   'F_EMAIL' => $email

trunk/search.php

@@ -130 +130 @@
 {
   $url = 'category.php?cat=search&search='.$search_string;
-  $url = add_session_id($url, true);
   redirect($url);
 }
@@ -181 +180 @@
   'TODAY_MONTH' => date('m', time()),
   'TODAY_YEAR' => date('Y', time()),
-  'S_SEARCH_ACTION' => add_session_id( 'search.php' ),
+  'S_SEARCH_ACTION' => 'search.php',
   'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=search',
-  'U_HOME' => add_session_id( 'category.php' )
+  'U_HOME' => 'category.php'
   )
 );

trunk/upload.php

@@ -126 +126 @@
   {
     echo '<div style="text-align:center;">'.$lang['upload_forbidden'].'<br />';
-    echo '<a href="'.add_session_id( './category.php' ).'">';
+    echo '<a href="./category.php">';
     echo $lang['thumbnails'].'</a></div>';
     exit();
@@ -300 +300 @@
   'L_MANDATORY' =>  $lang['mandatory'],
         
-  'F_ACTION' => add_session_id( $u_form ),
-
-  'U_RETURN' => add_session_id(PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING'])
+  'F_ACTION' => $u_form,
+
+  'U_RETURN' => PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING']
   ));