Changeset 1568

Timestamp:

Oct 20, 2006, 4:17:53 AM (18 years ago)

Author:

rvelices

Message:

• put back configsession_length disappeared in r1493 but has always been

used in the code (generates mysql errors on session garbage collector)

• fix auto_login (die mysql when session timed out, but user has remember)
• when a user reconnects from identification.php, the remember cookie was not

deleted

• fix all redirect warnings/errors (many changes - mainly in common.inc.php

and user.inc.php)

• reduced $confremember_me_length to 60 days, because now at each auto

login the 60 days countdown restarts

Location:

trunk

Files:

• identification.php (modified) (1 diff)
• include/common.inc.php (modified) (3 diffs)
• include/config_default.inc.php (modified) (1 diff)
• include/functions.inc.php (modified) (3 diffs)
• include/functions_user.inc.php (modified) (3 diffs)
• include/template.php (modified) (4 diffs)
• include/user.inc.php (modified) (2 diffs)

trunk/identification.php

@@ -73 +73 @@
   }
 }
-elseif (!empty($_COOKIE[$conf['remember_me_name']]))
-{
-  auto_login();
-}
+
 //----------------------------------------------------- template initialization
 //

trunk/include/common.inc.php

@@ -133 +133 @@
 or die ( "Could not connect to database" );
 
+//
+// Setup gallery wide options, if this fails then we output a CRITICAL_ERROR
+// since basic gallery information is not available
+//
+load_conf_from_db();
+
+include(PHPWG_ROOT_PATH.'include/user.inc.php');
+
+
+// language files
+include_once(get_language_filepath('common.lang.php'));
+if (defined('IN_ADMIN') and IN_ADMIN)
+{
+  include_once(get_language_filepath('admin.lang.php'));
+}
+
+// only now we can set the localized username of the guest user (and not in
+// include/user.inc.php)
+if ($user['is_the_guest'])
+{
+  $user['username'] = $lang['guest'];
+}
+
+// template instance
+$template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template'], $user['theme'] );
+
+if ($conf['gallery_locked'])
+{
+  $header_msgs[] = $lang['gallery_locked_message'];
+
+  if ( basename($_SERVER["SCRIPT_FILENAME"]) != 'identification.php'
+      and !is_admin() )
+  {
+    //next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG
+    $page['root_path'] = cookie_path();
+    echo $lang['gallery_locked_message']
+      .'<a href="'.get_root_url().'identification.php">.</a>';
+    exit();
+  }
+}
+
+if ($user['is_the_guest'] and !$conf['guest_access']
+    and !in_array( basename($_SERVER['SCRIPT_FILENAME']),
+                      array('identification.php',
+                            'password.php',
+                            'register.php'
+                        )
+                  )
+    )
+{
+  //next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG
+  $page['root_path'] = cookie_path();
+  redirect (get_root_url().'identification.php');
+}
+
 if ($conf['check_upgrade_feed']
     and defined('PHPWG_IN_UPGRADE')
@@ -150 +205 @@
   if (count(array_diff($existing, $applied)) > 0)
   {
+    //next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG
+    $page['root_path'] = cookie_path();
     $header_msgs[] = 'Some database upgrades are missing, '
-      .'<a href="'.PHPWG_ROOT_PATH.'upgrade_feed.php">upgrade now</a>';
-  }
-}
-
-//
-// Setup gallery wide options, if this fails then we output a CRITICAL_ERROR
-// since basic gallery information is not available
-//
-load_conf_from_db();
-
-include(PHPWG_ROOT_PATH.'include/user.inc.php');
-
-// language files
-include_once(get_language_filepath('common.lang.php'));
-
-if (defined('IN_ADMIN') and IN_ADMIN)
-{
-  include_once(get_language_filepath('admin.lang.php'));
-}
-
-if ($conf['gallery_locked'])
-{
-  $header_msgs[] = $lang['gallery_locked_message']
-    . '<a href="'.PHPWG_ROOT_PATH.'identification.php">.</a>';
-
-  if ( basename($_SERVER["PHP_SELF"]) != 'identification.php'
-      and !is_admin() )
-  {
-    echo( $lang['gallery_locked_message'] );
-    exit();
-  }
-}
-
-// only now we can set the localized username of the guest user (and not in
-// include/user.inc.php)
-if ($user['is_the_guest'])
-{
-  $user['username'] = $lang['guest'];
-}
-
-// include template/theme configuration
-if (defined('IN_ADMIN') and IN_ADMIN)
-{
-  list($user['template'], $user['theme']) =
-    explode
-    (
-      '/',
-      isset($conf['default_admin_layout']) ? $conf['default_admin_layout']
-                                           : $user['template']
-    );
-// TODO : replace $conf['admin_layout'] by $user['admin_layout']
-}
-else
-{
-  list($user['template'], $user['theme']) = explode('/', $user['template']);
-}
-// TODO : replace initial $user['template'] by $user['layout']
-
-include(
-  PHPWG_ROOT_PATH
-  .'template/'.$user['template']
-  .'/theme/'.$user['theme']
-  .'/themeconf.inc.php'
-  );
+      .'<a href="'.get_root_url().'upgrade_feed.php">upgrade now</a>';
+  }
+}
 
 if (is_adviser())
@@ -220 +216 @@
   $header_msgs[] = $lang['adviser_mode_enabled'];
 }
-
-// template instance
-$template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template']);
 
 if (count($header_msgs) > 0)

trunk/include/config_default.inc.php

@@ -324 +324 @@
 // remember_me_length : time of validity for "remember me" cookies, in
 // seconds.
-$conf['remember_me_length'] = 31536000;
+$conf['remember_me_length'] = 5184000;
+
+// session_length : time of validity for normal session, in seconds.
+$conf['session_length'] = 3600;
 
 // +-----------------------------------------------------------------------+

trunk/include/functions.inc.php

@@ -585 +585 @@
   global $user, $template, $lang_info, $conf, $lang, $t2, $page, $debug;
 
-  if (!isset($lang_info)) {
+  if (!isset($lang_info))
+  {
+    $user = build_user( $conf['guest_id'], true);
     include_once(get_language_filepath('common.lang.php'));
+    list($tmpl, $thm) = explode('/', $conf['default_template']);
+    $template = new Template(PHPWG_ROOT_PATH.'template/'.$tmpl, $thm);
+  }
+  else
+  {
+    $template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template'], $user['theme']);
   }
 
@@ -602 +610 @@
   $url_link = $url;
   $title = 'redirection';
-
-  unset($template);
-  if ( isset($user['template']) )
-  {
-    $template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template']);
-  }
-  else
-  {
-    list($tmpl, $thm) = explode('/', $conf['default_template']);
-    global $themeconf;
-    include(
-      PHPWG_ROOT_PATH
-      .'template/'.$tmpl
-      .'/theme/'.$thm
-      .'/themeconf.inc.php'
-      );
-    $template = new Template(PHPWG_ROOT_PATH.'template/'.$tmpl);
-    $user['is_the_guest']=true;
-    $user['id']=$conf['guest_id'];
-  }
 
   $template->set_filenames( array( 'redirect' => 'redirect.tpl' ) );
@@ -922 +910 @@
 function get_themeconf($key)
 {
-  global $themeconf;
-
-  return isset($themeconf[$key]) ? $themeconf[$key] : '';
+  global $template;
+
+  return $template->get_themeconf($key);
 }
 

trunk/include/functions_user.inc.php

@@ -105 +105 @@
 }
 
+function build_user( $user_id, $use_cache )
+{
+  global $conf;
+  $user['id'] = $user_id;
+  $user = array_merge( $user, getuserdata($user_id, $use_cache) );
+  if ( $user['id'] == $conf['guest_id'])
+  {
+    $user['is_the_guest']=true;
+    $user['template'] = $conf['default_template'];
+    $user['nb_image_line'] = $conf['nb_image_line'];
+    $user['nb_line_page'] = $conf['nb_line_page'];
+    $user['language'] = $conf['default_language'];
+    $user['maxwidth'] = $conf['default_maxwidth'];
+    $user['maxheight'] = $conf['default_maxheight'];
+    $user['recent_period'] = $conf['recent_period'];
+    $user['expand'] = $conf['auto_expand'];
+    $user['show_nb_comments'] = $conf['show_nb_comments'];
+    $user['enabled_high'] = $conf['newuser_default_enabled_high'];
+  }
+  else
+  {
+    $user['is_the_guest']=false;
+  }
+  // calculation of the number of picture to display per page
+  $user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page'];
+
+  // include template/theme configuration
+  if (defined('IN_ADMIN') and IN_ADMIN)
+  {
+    list($user['template'], $user['theme']) =
+      explode
+      (
+        '/',
+        isset($conf['default_admin_layout']) ? $conf['default_admin_layout']
+                                             : $user['template']
+      );
+    // TODO : replace $conf['admin_layout'] by $user['admin_layout']
+  }
+  else
+  {
+    list($user['template'], $user['theme']) = explode('/', $user['template']);
+  }
+
+  return $user;
+}
+
 /**
  * find informations related to the user identifier
@@ -581 +627 @@
               );
   }
-  session_start();
+  else
+  { // make sure we clean any remember me ...
+    setcookie($conf['remember_me_name'], '', 0, cookie_path());
+  }
+  if ( session_id()!="" )
+  { // this can happpen when the session is expired and auto_login
+    session_regenerate_id();
+  }
+  else
+  {
+    session_start();
+  }
   $_SESSION['pwg_uid'] = $user_id;
 
   $user['id'] = $_SESSION['pwg_uid'];
-  $user['is_the_guest'] = false;
 }
 
 /*
  * Performs auto-connexion when cookie remember_me exists
- * @return void
+ * @return true/false
 */
 function auto_login() {
   global $conf;
 
-  // must remove slash added in include/common.inc.php
-  $cookie = unserialize(stripslashes($_COOKIE[$conf['remember_me_name']]));
-
-  $query = '
+  if ( isset( $_COOKIE[$conf['remember_me_name']] ) )
+  {
+    // must remove slash added in include/common.inc.php
+    $cookie = unserialize(stripslashes($_COOKIE[$conf['remember_me_name']]));
+
+    $query = '
 SELECT auto_login_key
   FROM '.USERS_TABLE.'
@@ -604 +662 @@
 ;';
 
-  $auto_login_key = current(mysql_fetch_assoc(pwg_query($query)));
-  if ($auto_login_key == $cookie['key'])
-  {
-    log_user($cookie['id'], false);
-    redirect(make_index_url());
-  }
-  else
-  {
-    setcookie($conf['remember_me_name'], '', 0, cookie_path());
-    redirect(make_index_url());
-  }
+    $auto_login_key = current(mysql_fetch_assoc(pwg_query($query)));
+    if ($auto_login_key == $cookie['key'])
+    {
+      log_user($cookie['id'], true);
+      return true;
+    }
+    else
+    {
+      setcookie($conf['remember_me_name'], '', 0, cookie_path());
+    }
+  }
+  return false;
 }
 

trunk/include/template.php

@@ -60 +60 @@
   var $output = '';
 
+  var $themeconf = array();
+
   /**
    * Constructor. Simply sets the root dir.
    *
    */
-  function Template($root = ".")
-    {
-      $this->set_rootdir($root);
+  function Template($root = ".", $theme= "")
+    {
+      if ( $this->set_rootdir($root) )
+      {
+        if ( !empty( $theme ) )
+        {
+          include($root.'/theme/'.$theme.'/themeconf.inc.php');
+          $this->themeconf = $themeconf;
+        }
+      }
     }
 
@@ -312 +321 @@
         die("Template->loadfile(): File $filename for handle $handle is empty");
       }
-      
+
       $this->uncompiled_code[$handle] = $str;
-      
-      return true;
-    }
-  
-  
-  
+
+      return true;
+    }
+
+
+
   /**
    * Compiles the given string of code, and returns the result in a string.
@@ -332 +341 @@
       $code = preg_replace('/\{lang:([^}]+)\}/e', "l10n('$1')", $code);
       // PWG specific : expand themeconf.inc.php variables
-      $code = preg_replace('/\{themeconf:([^}]+)\}/e', "get_themeconf('$1')", $code);
+      $code = preg_replace('/\{themeconf:([^}]+)\}/e', '$this->get_themeconf(\'$1\')', $code);
       $code = preg_replace('/\{pwg_root\}/e', "get_root_url()", $code);
 
@@ -526 +535 @@
     }
 
+    function get_themeconf($key)
+    {
+      return isset($this->themeconf[$key]) ? $this->themeconf[$key] : '';
+    }
 }
 

trunk/include/user.inc.php

@@ -26 +26 @@
 // +-----------------------------------------------------------------------+
 
+// by default we start with guest
+$user['id'] = $conf['guest_id'];
+
 if (isset($_COOKIE[session_name()]))
 {
   session_start();
   if (isset($_GET['act']) and $_GET['act'] == 'logout')
-  {
-    // logout
+  { // logout
     $_SESSION = array();
     session_unset();
     session_destroy();
     setcookie(session_name(),'',0,
-              ini_get('session.cookie_path'), 
-              ini_get('session.cookie_domain') 
-              );
+        ini_get('session.cookie_path'),
+        ini_get('session.cookie_domain')
+      );
     setcookie($conf['remember_me_name'], '', 0, cookie_path());
     redirect(make_index_url());
-  } 
-  elseif (empty($_SESSION['pwg_uid'])) 
-  {
-    // timeout
+  }
+  elseif (empty($_SESSION['pwg_uid']))
+  { // timeout
     setcookie(session_name(),'',0,
-              ini_get('session.cookie_path'), 
-              ini_get('session.cookie_domain') 
-              );
+        ini_get('session.cookie_path'),
+        ini_get('session.cookie_domain')
+      );
   }
   else
   {
     $user['id'] = $_SESSION['pwg_uid'];
-    $user['is_the_guest'] = false;
   }
 }
-elseif (!empty($_COOKIE[$conf['remember_me_name']]))
+
+
+// Now check the auto-login
+if ( $user['id']==$conf['guest_id'] )
 {
   auto_login();
-} 
-else
-{
-  $user['id'] = $conf['guest_id'];
-  $user['is_the_guest'] = true;
 }
 
-if ($user['is_the_guest'] and !$conf['guest_access'] 
-    and (basename($_SERVER['PHP_SELF'])!='identification.php')
-    and (basename($_SERVER['PHP_SELF'])!='password.php')
-    and (basename($_SERVER['PHP_SELF'])!='register.php'))
-{
-  redirect (get_root_url().'identification.php');
-}
 
 // using Apache authentication override the above user search
@@ -82 +73 @@
     $user['id'] = get_userid($_SERVER['REMOTE_USER']);
   }
+}
+$user = build_user( $user['id'],
+          ( defined('IN_ADMIN') and IN_ADMIN ) ? false : true // use cache ?
+         );
 
-  $user['is_the_guest'] = false;
-}
-
-$user = array_merge(
-  $user,
-  getuserdata(
-    $user['id'],
-    ( defined('IN_ADMIN') and IN_ADMIN ) ? false : true // use cache ?
-    )
-  );
-
-// properties of user guest are found in the configuration
-if ($user['is_the_guest'])
-{
-  $user['template'] = $conf['default_template'];
-  $user['nb_image_line'] = $conf['nb_image_line'];
-  $user['nb_line_page'] = $conf['nb_line_page'];
-  $user['language'] = $conf['default_language'];
-  $user['maxwidth'] = $conf['default_maxwidth'];
-  $user['maxheight'] = $conf['default_maxheight'];
-  $user['recent_period'] = $conf['recent_period'];
-  $user['expand'] = $conf['auto_expand'];
-  $user['show_nb_comments'] = $conf['show_nb_comments'];
-  $user['enabled_high'] = $conf['newuser_default_enabled_high'];
-}
-
-// calculation of the number of picture to display per page
-$user['nb_image_page'] = $user['nb_image_line'] * $user['nb_line_page'];
 ?>