Changeset 2409

Timestamp:

Jul 1, 2008, 4:09:21 AM (16 years ago)

Author:

rvelices

Message:

• remember me cookie security improvement (the time when the cookie was generated is saved and checked in range [now-remember_me_length; now]
• tags improvements
  • pass to templates all fields in table #tags (handy for plugins such as type tags)
  • fix issue with tag letter when first letter is accentuated (utf-8)
  • tags are sorted on url_name instead of name (accentuated first letter chars are the same as without accent)
  • better use of columns in by letter display mode

Location:

trunk

Files:

• admin/element_set_global.php (modified) (1 diff)
• include/functions_html.inc.php (modified) (2 diffs)
• include/functions_tag.inc.php (modified) (6 diffs)
• include/functions_user.inc.php (modified) (6 diffs)
• include/menubar.inc.php (modified) (1 diff)
• include/ws_functions.inc.php (modified) (1 diff)
• search.php (modified) (1 diff)
• tags.php (modified) (7 diffs)
• template/yoga/menubar.css (modified) (5 diffs)
• template/yoga/menubar.tpl (modified) (2 diffs)
• template/yoga/tags.tpl (modified) (2 diffs)

trunk/admin/element_set_global.php

@@ -276 +276 @@
   // remove tags
   $tags = get_common_tags($page['cat_elements_id'], -1);
-  usort($tags, 'name_compare');
 
   $template->assign(

trunk/include/functions_html.inc.php

@@ -551 +551 @@
 }
 
+function tag_alpha_compare($a, $b)
+{
+  return strcmp(strtolower($a['url_name']), strtolower($b['url_name']));
+}
+
 /**
  * exits the current script (either exit or redirect)
@@ -733 +738 @@
 }
 
-/** returns the argument_ids array with new sequenced keys based on related 
+/** returns the argument_ids array with new sequenced keys based on related
  * names. Sequence is not case sensitive.
  * Warning: By definition, this function breaks original keys

trunk/include/functions_tag.inc.php

@@ -60 +60 @@
 
   $query = '
-SELECT id, name, url_name
+SELECT *
   FROM '.TAGS_TABLE;
   $result = pwg_query($query);
@@ -84 +84 @@
 {
   $query = '
-SELECT id,
-       name,
-       url_name
+SELECT *
   FROM '.TAGS_TABLE.'
 ;';
@@ -96 +94 @@
   }
 
-  usort($tags, 'name_compare');
+  usort($tags, 'tag_alpha_compare');
 
   return $tags;
@@ -228 +226 @@
   }
   $query = '
-SELECT id, name, url_name, count(*) counter
+SELECT t.*, count(*) counter
   FROM '.IMAGE_TAG_TABLE.'
-    INNER JOIN '.TAGS_TABLE.' ON tag_id = id
+    INNER JOIN '.TAGS_TABLE.' t ON tag_id = id
   WHERE image_id IN ('.implode(',', $items).')';
   if (!empty($excluded_tag_ids))
@@ -257 +255 @@
     array_push($tags, $row);
   }
-  usort($tags, 'name_compare');
+  usort($tags, 'tag_alpha_compare');
   return $tags;
 }
@@ -308 +306 @@
 
   $query = '
-SELECT id, url_name, name
+SELECT *
   FROM '.TAGS_TABLE.'
   WHERE '. implode( '

trunk/include/functions_user.inc.php

@@ -839 +839 @@
 function get_default_language()
 {
-  global $conf;
-  if (isset($conf['browser_language']) and $conf['browser_language'])
-  {
-    return get_browser_language();
-  }
-  else
-  {
-    return get_default_user_value('language', PHPWG_DEFAULT_LANGUAGE);
-  }
-}
-
-/*
- * Returns the browser language value
- *
- */
-function get_browser_language()
-{
-  $browser_language = substr($_SERVER["HTTP_ACCEPT_LANGUAGE"], 0, 2);
-  foreach (get_languages() as $language_code => $language_name)
-  {
-    if (substr($language_code, 0, 2) == $browser_language)
-    {
-      return $language_code;
-    }
-  }
-  return PHPWG_DEFAULT_LANGUAGE;
+  return get_default_user_value('language', PHPWG_DEFAULT_LANGUAGE);
 }
 
@@ -924 +899 @@
         $status = 'normal';
       }
-      $default_user['language'] = get_default_language();
 
       $insert = array_merge(
@@ -975 +949 @@
  * returns the auto login key or false on error
  * @param int user_id
+ * @param time_t time 
  * @param string [out] username
 */
-function calculate_auto_login_key($user_id, &$username)
+function calculate_auto_login_key($user_id, $time, &$username)
 {
   global $conf;
@@ -990 +965 @@
     $row = mysql_fetch_assoc($result);
     $username = $row['username'];
-    $data = $row['username'].$row['password'];
+    $data = $time.$row['username'].$row['password'];
     $key = base64_encode(
       pack('H*', sha1($data))
@@ -1012 +987 @@
   if ($remember_me and $conf['authorize_remembering'])
   {
-    $key = calculate_auto_login_key($user_id, $username);
+    $now = time();
+    $key = calculate_auto_login_key($user_id, $now, $username);
     if ($key!==false)
     {
-      $cookie = array('id' => (int)$user_id, 'key' => $key);
+      $cookie = $user_id.'-'.$now.'-'.$key;
       setcookie($conf['remember_me_name'],
-            serialize($cookie),
+            $cookie,
             time()+$conf['remember_me_length'],
             cookie_path()
@@ -1050 +1026 @@
   if ( isset( $_COOKIE[$conf['remember_me_name']] ) )
   {
-    $cookie = unserialize(stripslashes($_COOKIE[$conf['remember_me_name']]));
-    if ($cookie!==false and is_numeric(@$cookie['id']) )
-    {
-      $key = calculate_auto_login_key( $cookie['id'], $username );
-      if ($key!==false and $key===$cookie['key'])
-      {
-        log_user($cookie['id'], true);
+    $cookie = explode('-', stripslashes($_COOKIE[$conf['remember_me_name']]));
+    if ( count($cookie)===3 
+        and is_numeric(@$cookie[0]) /*user id*/
+        and is_numeric(@$cookie[1]) /*time*/
+        and time()-$conf['remember_me_length']<=@$cookie[1]
+        and time()>=@$cookie[1] /*cookie generated in the past*/ )
+    {
+      $key = calculate_auto_login_key( $cookie[0], $cookie[1], $username );
+      if ($key!==false and $key===$cookie[2])
+      {
+        log_user($cookie[0], true);
         trigger_action('login_success', $username);
         return true;

trunk/include/menubar.inc.php

@@ -112 +112 @@
     $template->append(
       'related_tags',
-      array(
-        'U_TAG' => make_index_url(
-          array(
-            'tags' => array($tag)
-            )
-          ),
-
-        'NAME' => $tag['name'],
-
-        'CLASS' => 'tagLevel'.$tag['level'],
-
-        'add' => array(
-
-            'URL' => make_index_url(
-              array(
-                'tags' => array_merge(
-                  $page['tags'],
-                  array($tag)
+      array_merge( $tag,
+        array(
+          'URL' => make_index_url(
+            array(
+              'tags' => array($tag)
+              )
+            ),
+
+          'U_ADD' => make_index_url(
+                array(
+                  'tags' => array_merge(
+                    $page['tags'],
+                    array($tag)
+                    )
                   )
-                )
-              ),
-            'COUNTER' => $tag['counter'],
-            )
+                ),
+          )
         )
       );

trunk/include/ws_functions.inc.php

@@ -890 +890 @@
   else
   {
-    usort($tags, 'name_compare');
+    usort($tags, 'tag_alpha_compare');
   }
   for ($i=0; $i<count($tags); $i++)

trunk/search.php

@@ -187 +187 @@
 if (count($available_tags) > 0)
 {
-  usort( $available_tags, 'name_compare');
+  usort( $available_tags, 'tag_alpha_compare');
 
   $template->assign(

trunk/tags.php

@@ -85 +85 @@
 if ($page['display_mode'] == 'letters') {
   // we want tags diplayed in alphabetic order
-  usort($tags, 'name_compare');
+  usort($tags, 'tag_alpha_compare');
 
   $current_letter = null;
-  $is_first_tag = true;
   $nb_tags = count($tags);
-  $current_column_tags = 0;
+  $current_column = 1;
+  $current_tag_idx = 0;
 
   $letter = array(
@@ -98 +98 @@
   foreach ($tags as $tag)
   {
-    $tag_letter = strtoupper(substr($tag['name'], 0, 1));
+    $tag_letter = strtoupper(substr($tag['url_name'], 0, 1));
 
-    if ($is_first_tag) {
+    if ($current_tag_idx==0) {
       $current_letter = $tag_letter;
       $letter['TITLE'] = $tag_letter;
-      $is_first_tag = false;
     }
 
@@ -109 +108 @@
     if ($tag_letter !== $current_letter)
     {
-      if ($current_column_tags > $nb_tags/$conf['tag_letters_column_number'])
+      if ($current_column<$conf['tag_letters_column_number']
+          and $current_tag_idx > $current_column*$nb_tags/$conf['tag_letters_column_number'] )
       {
         $letter['CHANGE_COLUMN'] = true;
-        $current_column_tags = 0;
+        $current_column++;
       }
 
@@ -121 +121 @@
         $letter
         );
-      
+
       $current_letter = $tag_letter;
       $letter = array(
@@ -130 +130 @@
     array_push(
       $letter['tags'],
-      array(
-        'URL' => make_index_url(
-          array(
-            'tags' => array($tag),
-            )
-          ),
-        'NAME' => $tag['name'],
-        'COUNTER' => $tag['counter'],
+      array_merge(
+        $tag,
+        array(
+          'URL' => make_index_url(
+            array(
+              'tags' => array($tag),
+              )
+            ),
+          )
         )
       );
-    
-    $current_column_tags++;
+
+    $current_tag_idx++;
   }
 
@@ -169 +170 @@
 
 // we want tags diplayed in alphabetic order
-usort($tags, 'name_compare');
+usort($tags, 'tag_alpha_compare');
 
 // display sorted tags
@@ -176 +177 @@
   $template->append(
     'tags',
-    array(
-      'URL' => make_index_url(
-        array(
-          'tags' => array($tag),
-          )
-        ),
-
-      'NAME' => $tag['name'],
-      'TITLE' => $tag['counter'],
-      'CLASS' => 'tagLevel'.$tag['level'],
+    array_merge(
+      $tag,
+      array(
+        'URL' => make_index_url(
+          array(
+            'tags' => array($tag),
+            )
+          ),
+        )
       )
     );

trunk/template/yoga/menubar.css

@@ -1 +1 @@
 #menubar {
-    float: left;
-    margin: 0 0 10px 1em;
-    padding: 0;
-    /* Fix against the "double margin of a floated item" IE bug */
-    /* Damned: that screws up top_navbar in opera 7.54/Linux! */
-    display: inline;
-    text-align: left; /* follow-up of the "be nice to IE5" rule */
+        float: left;
+        margin: 0 0 10px 1em;
+        padding: 0;
+        display: inline;
+        text-align: left; /* follow-up of the "be nice to IE5" rule */
 }
 
 #menubar DL, #menubar DT, #menubar DD {
-    margin: 0; padding: 0; display: block;
+        margin: 0; padding: 0; display: block;
 }
 
 #menubar .button {
-  margin: 0 2px;
-  width: auto;
-  padding: 0;
-  text-indent: 0;
-  list-style: none;
-  text-align: center;
-  float: right;
+        margin: 0 2px;
+        width: auto;
+        padding: 0;
+        text-indent: 0;
+        list-style: none;
+        text-align: center;
+        float: right;
 }
 
 /* H2 properties copied here */
 #menubar DT {
-    font-weight: bold; /* default for h2 */
-    margin: 0;
-    padding: 5px 5px 5px 5px;
-    font-size: 120%;
-    text-align: center;
+        font-weight: bold;
+        margin: 0;
+        padding: 5px 5px 5px 5px;
+        font-size: 120%;
+        text-align: center;
 }
 
@@ -37 +35 @@
 #menubar P, /* ooh, careful... */
 #menubar .totalImages {
-    font-size: 92%;
-    margin: 10px 0 10px 10px;
+        font-size: 92%;
+        margin: 10px 0 10px 10px;
 }
 #menubar UL {
-    list-style-type: square;
-    list-style-position: inside;
-    padding: 0 0 0 2px;
+        list-style-type: square;
+        list-style-position: inside;
+        padding: 0 0 0 2px;
 }
 #menubar UL UL {
-    font-size: 100%;
-    margin-top: 0;
-    margin-bottom: 0;
+        font-size: 100%;
+        margin-top: 0;
+        margin-bottom: 0;
 }
 
 #menubar LI.selected A {
-  font-weight: bold;
+        font-weight: bold;
 }
 
 #menubar LI.selected LI A {
-  font-weight: normal;
+        font-weight: normal;
 }
 
@@ -65 +63 @@
 
 #menubar HR {
-    display: block;
-    margin: 10px auto;
-    width: 90%;
+        display: block;
+        margin: 10px auto;
+        width: 90%;
 }
 #menubar INPUT {
-    text-indent: 2px;
+        text-indent: 2px;
 }
 
 /* quickconnect form */
 FORM#quickconnect {
-  margin: 0;
-  padding: 5px;
+        margin: 0;
+        padding: 5px;
 }
 
 FORM#quickconnect FIELDSET {
-  margin: 0;
-  padding: 0 0 0.5em 0;
+        margin: 0;
+        padding: 0 0 0.5em 0;
 }
 
 FORM#quickconnect P {
-  margin-left: 0;
-  font-size: 100%;
-  float: left;
-  clear: left;
+        margin-left: 0;
+        font-size: 100%;
+        float: left;
+        clear: left;
 }
 
 FORM#quickconnect P INPUT {
-  margin: 0;
+        margin: 0;
 }
 
 FORM#quickconnect UL.actions {
-  display: inline;
-  float: right;
-  padding: 0;
-  text-align: right;    /* Opera 7.5 */
+        display: inline;
+        float: right;
+        padding: 0;
+        text-align: right;      /* Opera 7.5 */
 }
 FORM#quickconnect FIELDSET>UL.actions {
-  width: 40%;           /* Opera 7.5 cannot find why width:auto fails :-( */
+        width: 40%;             /* Opera 7.5 cannot find why width:auto fails :-( */
 }
 
@@ -108 +106 @@
 FORM#quickconnect P,
 FORM#quickconnect LABEL {
-  padding: 0 0.5em 0 0.5em;
+        padding: 0 0.5em 0 0.5em;
 }
 
 FORM#quickconnect LABEL {
-  margin:0;
-  width: 100%;
-  box-sizing: border-box; /* CSS3 */
+        margin:0;
+        width: 100%;
+        box-sizing: border-box; /* CSS3 */
 }
 
 FORM#quickconnect INPUT[type=text],
 FORM#quickconnect INPUT[type=password] {
-  width: 100%;  /* mozilla can handle 100% */
+        width: 100%;    /* mozilla can handle 100% */
 }
-/* same as above for IE with inputfix.htc              */
-/* unfortunately IE doesn't handle that correctly      */
-/* so you should set a width in em in local_layout.css */
+/* same as above for IE with inputfix.htc
+unfortunately IE doesn't handle that correctly
+ so you should set a width in em in local_layout.css */
 /*FORM#quickconnect INPUT.text,
 FORM#quickconnect INPUT.password {
@@ -130 +128 @@
 
 FORM#quicksearch {
-  margin-top: 4px;
-  margin-bottom: 1px;
+        margin-top: 4px;
+        margin-bottom: 1px;
 }
-input#qsearchInput { 
-  width: 90%;
+INPUT#qsearchInput {
+        width: 90%;
 }
 #menubar #mbMenu p { margin: 0px; padding: 0px; }
 
 #menubar #menuTagCloud {
-  text-align: center;
-  margin: 5px 0;
+        text-align: center;
+        margin: 5px 0;
 }
 
 #menubar #menuTagCloud LI
 {
-  display: inline;
-  white-space: nowrap;  /* No line break in the LI but Opera set nowrap to */
+        display: inline;
+        white-space: nowrap;    /* No line break in the LI but Opera set nowrap to */
 }

trunk/template/yoga/menubar.tpl

@@ -22 +22 @@
 
   {if isset($U_START_FILTER)}
-  <a href="{$U_START_FILTER}" title="{'start_filter_hint'|@translate}" rel="nofollow"><img src="{$ROOT_URL}{$themeconf.icon_dir}/start_filter.png" class="button" alt="{'start_filter_hint'|@translate}"></a>
+  <a href="{$U_START_FILTER}" title="{'start_filter_hint'|@translate}" rel="nofollow"><img src="{$ROOT_URL}{$themeconf.icon_dir}/start_filter.png" class="button" alt="start filter"></a>
   {/if}
   {if isset($U_STOP_FILTER)}
-  <a href="{$U_STOP_FILTER}" title="{'stop_filter_hint'|@translate}"><img src="{$ROOT_URL}{$themeconf.icon_dir}/stop_filter.png" class="button" alt="{'stop_filter_hint'|@translate}"></a>
+  <a href="{$U_STOP_FILTER}" title="{'stop_filter_hint'|@translate}"><img src="{$ROOT_URL}{$themeconf.icon_dir}/stop_filter.png" class="button" alt="stop filter"></a>
   {/if}
 
@@ -49 +49 @@
     {foreach from=$related_tags item=tag}
     <li>
-    {if !empty($tag.add) }
-      <a href="{$tag.add.URL}" 
-        title="{$pwg->l10n_dec('%d element are also linked to current tags', '%d elements are also linked to current tags', $tag.add.COUNTER)}"
+    {if !empty($tag.U_ADD) }
+      <a href="{$tag.U_ADD}" 
+        title="{$pwg->l10n_dec('%d element are also linked to current tags', '%d elements are also linked to current tags', $tag.counter)}"
         rel="nofollow">
         <img src="{$ROOT_URL}{$themeconf.icon_dir}/add_tag.png" alt="+" />
       </a>
     {/if}
-    <a href="{$tag.U_TAG}" class="{$tag.CLASS}" title="{'See elements linked to this tag only'|@translate}">{$tag.NAME}</a>
+    <a href="{$tag.URL}" class="tagLevel{$tag.level}" title="{'See elements linked to this tag only'|@translate}">{$tag.name}</a>
     </li>
     {/foreach}

trunk/template/yoga/tags.tpl

@@ -21 +21 @@
   <ul id="fullTagCloud">
     {foreach from=$tags item=tag}
-    <li><a href="{$tag.URL}" class="{$tag.CLASS}" title="{$tag.TITLE}">{$tag.NAME}</a></li>
+    <li><a href="{$tag.URL}" class="tagLevel{$tag.level}" title="{$tag.counter}">{$tag.name}</a></li>
     {/foreach}
   </ul>
@@ -36 +36 @@
       {foreach from=$letter.tags item=tag}
       <tr class="tagLine">
-        <td><a href="{$tag.URL}">{$tag.NAME}</a></td>
-        <td class="nbEntries">{$pwg->l10n_dec('%d element', '%d elements', $tag.COUNTER)}</td>
+        <td><a href="{$tag.URL}">{$tag.name}</a></td>
+        <td class="nbEntries">{$pwg->l10n_dec('%d element', '%d elements', $tag.counter)}</td>
       </tr>
       {/foreach}