Ignore:
Timestamp:
Oct 3, 2004, 1:12:50 AM (20 years ago)
Author:
z0rglub
Message:
  • deletion of session_time and session_id_size as config parameter
  • new feature : "remember me" creates a long time cookie
  • possibility to set the default authentication method to URI or cookie
  • really technical parameters (session identifier size, session duration) are set in the config file and not in database + configuration.php
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/include/user.inc.php

    r532 r541  
    3131// Example :
    3232//            status --> $user['status']
    33 $infos = array( 'id', 'username', 'mail_address', 'nb_image_line',
    34                 'nb_line_page', 'status', 'language', 'maxwidth',
    35                 'maxheight', 'expand', 'show_nb_comments', 'recent_period',
    36                 'template', 'forbidden_categories' );
     33$infos = array('id','username','mail_address','nb_image_line','nb_line_page',
     34               'status','language','maxwidth','maxheight','expand',
     35               'show_nb_comments','recent_period','template',
     36               'forbidden_categories');
    3737
    3838$query_user = 'SELECT * FROM '.USERS_TABLE;
     
    4141
    4242// cookie deletion if administrator don't authorize them anymore
    43 if ( !$conf['authorize_cookies'] and isset( $_COOKIE['id'] ) )
     43if (!$conf['authorize_remembering'] and isset($_COOKIE['id']))
    4444{
    45   setcookie( 'id', '', 0, cookie_path() );
     45  setcookie('id', '', 0, cookie_path());
    4646  $url = 'category.php';
    47   redirect( $url );
     47  redirect($url);
    4848}
    4949
    50 $user['has_cookie'] = false;
    51 if     ( isset( $_GET['id']    ) ) $session_id = $_GET['id'];
    52 elseif ( isset( $_COOKIE['id'] ) )
     50if (isset($_GET['id']))
     51{
     52  $session_id = $_GET['id'];
     53  $user['has_cookie'] = false;
     54  $session_id_size = $conf['session_id_size_URI'];
     55}
     56elseif (isset($_COOKIE['id']))
    5357{
    5458  $session_id = $_COOKIE['id'];
    5559  $user['has_cookie'] = true;
     60  $session_id_size = $conf['session_id_size_cookie'];
     61}
     62else
     63{
     64  $user['has_cookie'] = false;
    5665}
    5766
    58 if ( isset( $session_id )
    59      and ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id ) )
     67if (isset($session_id)
     68     and ereg("^[0-9a-zA-Z]{".$session_id_size."}$", $session_id))
    6069{
    6170  $page['session_id'] = $session_id;
    62   $query = 'SELECT user_id,expiration,ip';
    63   $query.= ' FROM '.SESSIONS_TABLE;
    64   $query.= " WHERE id = '".$page['session_id']."'";
    65   $query.= ';';
    66   $result = mysql_query( $query );
    67   if ( mysql_num_rows( $result ) > 0 )
     71  $query = '
     72SELECT user_id,expiration,ip
     73  FROM '.SESSIONS_TABLE.'
     74  WHERE id = \''.$page['session_id'].'\'
     75;';
     76  $result = mysql_query($query);
     77  if (mysql_num_rows($result) > 0)
    6878  {
    69     $row = mysql_fetch_array( $result );
    70     if ( !$user['has_cookie'] )
     79    $row = mysql_fetch_array($result);
     80    if (!$user['has_cookie'])
    7181    {
    72       if ( $row['expiration'] < time() )
     82      if ($row['expiration'] < time())
    7383      {
    7484        // deletion of the session from the database,
     
    7787        $delete_query.= " WHERE id = '".$page['session_id']."'";
    7888        $delete_query.= ';';
    79         mysql_query( $delete_query );
     89        mysql_query($delete_query);
    8090      }
    81       else if ( $_SERVER['REMOTE_ADDR'] == $row['ip'] )
     91      else if ($_SERVER['REMOTE_ADDR'] == $row['ip'])
    8292      {
    8393        $query_user .= ' WHERE id = '.$row['user_id'];
     
    92102  }
    93103}
    94 if ( !$query_done )
     104if (!$query_done)
    95105{
    96106  $query_user .= ' WHERE id = 2';
     
    98108}
    99109$query_user .= ';';
    100 $row = mysql_fetch_array( mysql_query( $query_user ) );
     110$row = mysql_fetch_array(mysql_query($query_user));
    101111
    102112// affectation of each value retrieved in the users table into a variable
    103113// of the array $user.
    104 foreach ( $infos as $info ) {
    105   if ( isset( $row[$info] ) )
     114foreach ($infos as $info) {
     115  if (isset($row[$info]))
    106116  {
    107117    // If the field is true or false, the variable is transformed into a
    108118    // boolean value.
    109     if ( $row[$info] == 'true' or $row[$info] == 'false' )
    110       $user[$info] = get_boolean( $row[$info] );
     119    if ($row[$info] == 'true' or $row[$info] == 'false')
     120      $user[$info] = get_boolean($row[$info]);
    111121    else
    112122      $user[$info] = $row[$info];   
     
    119129
    120130// special for $user['restrictions'] array
    121 $user['restrictions'] = explode( ',', $user['forbidden_categories'] );
    122 if ( $user['restrictions'][0] == '' )
     131$user['restrictions'] = explode(',', $user['forbidden_categories']);
     132if ($user['restrictions'][0] == '')
    123133{
    124134  $user['restrictions'] = array();
     
    126136
    127137$isadmin = false;
    128 if ( $user['status'] == 'admin' )
     138if ($user['status'] == 'admin')
    129139{
    130140  $isadmin =true;
Note: See TracChangeset for help on using the changeset viewer.