Changeset 555

Timestamp:

Oct 7, 2004, 12:48:48 AM (20 years ago)

Author:

z0rglub

Message:

• checkbox for "remember me" are only shown if authorized

• simplification : each session is created with a cookie and if PhpWebGallery can't read the cookie, it uses the URI id and it will be used in the add_session_id function.

• configuration parameter "auth_method" disappeared (didn't lived much...)

• only one session id size possible. More comments for configuration in include/config.inc.php

Location:

trunk

Files:

• admin/configuration.php (modified) (3 diffs)
• category.php (modified) (1 diff)
• identification.php (modified) (2 diffs)
• include/config.inc.php (modified) (1 diff)
• include/functions_session.inc.php (modified) (3 diffs)
• include/user.inc.php (modified) (2 diffs)
• install/config.sql (modified) (1 diff)
• language/en_UK.iso-8859-1/admin.lang.php (modified) (1 diff)
• template/default/admin/configuration.tpl (modified) (1 diff)
• template/default/category.tpl (modified) (1 diff)
• template/default/identification.tpl (modified) (2 diffs)

trunk/admin/configuration.php

@@ -155 +155 @@
     'L_SUBMIT'=>$lang['submit'],
     'L_RESET'=>$lang['reset'],
-    'L_URI'=>$lang['URI'],
-    'L_COOKIE'=>$lang['cookie'],
     
     'F_ACTION'=>add_session_id($action)
@@ -305 +303 @@
   case 'session' :
   {
-    $auth_method_URI = ($conf['auth_method']=='URI')?'checked="checked"':'';
-    $auth_method_cookie =
-      ($conf['auth_method']=='cookie')?'checked="checked"':'';
     $authorize_remembering_yes =
       ($conf['authorize_remembering']=='true')?'checked="checked"':'';
@@ -317 +312 @@
       array(
         'L_CONF_TITLE'=>$lang['conf_session_title'],
-        'L_CONF_AUTH_METHOD'=>$lang['conf_auth_method'],
-        'L_CONF_AUTH_METHOD_INFO'=>$lang['conf_auth_method_info'],
         'L_CONF_AUTHORIZE_REMEMBERING'=>$lang['conf_authorize_remembering'],
         'L_CONF_AUTHORIZE_REMEMBERING_INFO' =>
         $lang['conf_authorize_remembering_info'],
 
-        'AUTH_METHOD_URI'=>$auth_method_URI,
-        'AUTH_METHOD_COOKIE'=>$auth_method_cookie,
         'AUTHORIZE_REMEMBERING_YES'=>$authorize_remembering_yes,
         'AUTHORIZE_REMEMBERING_NO'=>$authorize_remembering_no

trunk/category.php

@@ -240 +240 @@
 {
   $template->assign_block_vars('login',array());
+  if ($conf['authorize_remembering'])
+  {
+    $template->assign_block_vars('login.remember_me',array());
+  }
 }
 

trunk/identification.php

@@ -43 +43 @@
   if ($row['password'] == md5($_POST['password']))
   {
-    if ($conf['auth_method'] == 'cookie'
-        or isset($_POST['remember_me']) and $_POST['remember_me'] == 1)
+    $session_length = $conf['session_length'];
+    if ($conf['authorize_remembering']
+        and isset($_POST['remember_me'])
+        and $_POST['remember_me'] == 1)
     {
-      if ($conf['auth_method'] == 'cookie')
-      {
-        $cookie_length = $conf['session_length'];
-      }
-      else if ($_POST['remember_me'] == 1)
-      {
-        $cookie_length = $conf['remember_me_length'];
-      }
-      session_create($row['id'],
-                     'cookie',
-                     $cookie_length);
-      redirect('category.php');
+      $session_length = $conf['remember_me_length'];
     }
-    else if ($conf['auth_method'] == 'URI')
-    {
-      $session_id = session_create($row['id'],
-                                   'URI',
-                                   $conf['session_length']);
-      redirect('category.php?id='.$session_id);
-    }
+    $session_id = session_create($row['id'], $session_length);
+    redirect('category.php?id='.$session_id);
   }
   else
@@ -98 +84 @@
     'F_LOGIN_ACTION' => add_session_id('identification.php')
     ));
+
+if ($conf['authorize_remembering'])
+{
+  $template->assign_block_vars('remember_me',array());
+}
 //-------------------------------------------------------------- errors display
 if ( sizeof( $errors ) != 0 )

trunk/include/config.inc.php

@@ -97 +97 @@
 $conf['session_length'] = 3600;
 
-// session id length when session id in URI
-$conf['session_id_size_URI'] = 4;
-
-// session id length when session id in cookie
-$conf['session_id_size_cookie'] = 50;
+// session id size. A session identifier is compound of alphanumeric
+// characters and is case sensitive. Each character is among 62
+// possibilities. The number of possible sessions is
+// 62^$conf['session_id_size'].
+// 62^5  =             916,132,832
+// 62^10 = 839,299,365,868,340,224
+$conf['session_id_size'] = 10;
 ?>

trunk/include/functions_session.inc.php

@@ -63 +63 @@
  *
  * @param int userid
- * @param string method : cookie or URI
  * @param int session_lentgh : in seconds
  * @return string
  */
-function session_create($userid, $method, $session_length)
+function session_create($userid, $session_length)
 {
   global $conf;
@@ -75 +74 @@
   while (!$id_found)
   {
-    $generated_id = generate_key($conf['session_id_size_'.$method]);
+    $generated_id = generate_key($conf['session_id_size']);
     $query = '
 SELECT id
@@ -98 +97 @@
   mysql_query($query);
 
-  if ($method == 'cookie')
-  {
-    setcookie('id', $generated_id, $session_length+time(), cookie_path());
-  }
+  setcookie('id', $generated_id, $expiration, cookie_path());
                 
   return $generated_id;

trunk/include/user.inc.php

@@ -40 +40 @@
 $user['is_the_guest'] = false;
 
-// cookie deletion if administrator don't authorize them anymore
-if (!$conf['authorize_remembering'] and isset($_COOKIE['id']))
+if (isset($_COOKIE['id']))
 {
-  setcookie('id', '', 0, cookie_path());
-  $url = 'category.php';
-  redirect($url);
+  $session_id = $_COOKIE['id'];
+  $user['has_cookie'] = true;
 }
-
-if (isset($_GET['id']))
+else if (isset($_GET['id']))
 {
   $session_id = $_GET['id'];
   $user['has_cookie'] = false;
-  $session_id_size = $conf['session_id_size_URI'];
-}
-elseif (isset($_COOKIE['id']))
-{
-  $session_id = $_COOKIE['id'];
-  $user['has_cookie'] = true;
-  $session_id_size = $conf['session_id_size_cookie'];
 }
 else
@@ -66 +56 @@
 
 if (isset($session_id)
-     and ereg("^[0-9a-zA-Z]{".$session_id_size."}$", $session_id))
+    and ereg("^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id))
 {
   $page['session_id'] = $session_id;

trunk/install/config.sql

@@ -27 +27 @@
 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('show_iptc','false','Show IPTC metadata on picture.php if asked by user');
 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('show_exif','true','Show EXIF metadata on picture.php if asked by user');
-INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('auth_method','URI','Default method used to authenticate users : URI or cookie');
 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('authorize_remembering','true','Authorize users to be remembered, see $conf{remember_me_length}');

trunk/language/en_UK.iso-8859-1/admin.lang.php

@@ -175 +175 @@
 // Configuration -> session
 $lang['conf_session_title'] = 'Sessions';
-$lang['conf_auth_method'] = 'Authentication method';
-$lang['conf_auth_method_info'] = 'The default authentication method can be URI (session identifier in the gallery links) or cookie (no session identifier in links but needs cookies to be authorized by web browser)';
-$lang['URI'] = 'URI';
-$lang['cookie'] = 'cookie';
 $lang['conf_authorize_remembering'] = 'Authorize remembering';
 $lang['conf_authorize_remembering_info'] = 'Permits user to log for a long time. It creates a cookie on client side, with duration set in include/config.inc.php (1 year per default)';

trunk/template/default/admin/configuration.tpl

@@ -150 +150 @@
   </tr>
     <tr>
-    <td width="70%"><strong>{session.L_CONF_AUTH_METHOD}&nbsp;:</strong><br /><span class="small">{session.L_CONF_AUTH_METHOD_INFO}</span></td>
-        <td class="row1"><input type="radio" class="radio" name="auth_method" value="URI" {session.AUTH_METHOD_URI} />{L_URI}&nbsp;&nbsp;
-        <input type="radio" class="radio" name="auth_method" value="cookie" {session.AUTH_METHOD_COOKIE} />{L_COOKIE}</td>
-  </tr>
-    <tr>
     <td width="70%"><strong>{session.L_CONF_AUTHORIZE_REMEMBERING}&nbsp;:</strong><br /><span class="small">{session.L_CONF_AUTHORIZE_REMEMBERING_INFO}</span></td>
         <td class="row1"><input type="radio" class="radio" name="authorize_remembering" value="true" {session.AUTHORIZE_REMEMBERING_YES} />{L_YES}&nbsp;&nbsp;

trunk/template/default/category.tpl

@@ -41 +41 @@
                 {L_PASSWORD}<br />
                 <input type="password" name="password" size="15"><br />
+                <!-- BEGIN remember_me -->
                 <input type="checkbox" name="remember_me" value="1" /> {L_REMEMBER_ME}<br />
+                <!-- END remember_me -->
                 <input type="submit" name="login" value="{L_SUBMIT}" class="bouton" />
                 </form>

trunk/template/default/identification.tpl

@@ -31 +31 @@
         </td>
   </tr>
+  <!-- BEGIN remember_me -->
   <tr>
         <td align="right"><span class="gentbl">{L_REMEMBER_ME}:</span></td>
@@ -37 +38 @@
         </td>
   </tr>
+  <!-- END remember_me -->
   <tr align="center"> 
         <td colspan="2"><input type="submit" name="login" value="{L_LOGIN}" class="bouton" /></td>