Changeset 555
- Timestamp:
- Oct 7, 2004, 12:48:48 AM (20 years ago)
- Location:
- trunk
- Files:
-
- 11 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/admin/configuration.php
r541 r555 155 155 'L_SUBMIT'=>$lang['submit'], 156 156 'L_RESET'=>$lang['reset'], 157 'L_URI'=>$lang['URI'],158 'L_COOKIE'=>$lang['cookie'],159 157 160 158 'F_ACTION'=>add_session_id($action) … … 305 303 case 'session' : 306 304 { 307 $auth_method_URI = ($conf['auth_method']=='URI')?'checked="checked"':'';308 $auth_method_cookie =309 ($conf['auth_method']=='cookie')?'checked="checked"':'';310 305 $authorize_remembering_yes = 311 306 ($conf['authorize_remembering']=='true')?'checked="checked"':''; … … 317 312 array( 318 313 'L_CONF_TITLE'=>$lang['conf_session_title'], 319 'L_CONF_AUTH_METHOD'=>$lang['conf_auth_method'],320 'L_CONF_AUTH_METHOD_INFO'=>$lang['conf_auth_method_info'],321 314 'L_CONF_AUTHORIZE_REMEMBERING'=>$lang['conf_authorize_remembering'], 322 315 'L_CONF_AUTHORIZE_REMEMBERING_INFO' => 323 316 $lang['conf_authorize_remembering_info'], 324 317 325 'AUTH_METHOD_URI'=>$auth_method_URI,326 'AUTH_METHOD_COOKIE'=>$auth_method_cookie,327 318 'AUTHORIZE_REMEMBERING_YES'=>$authorize_remembering_yes, 328 319 'AUTHORIZE_REMEMBERING_NO'=>$authorize_remembering_no -
trunk/category.php
r541 r555 240 240 { 241 241 $template->assign_block_vars('login',array()); 242 if ($conf['authorize_remembering']) 243 { 244 $template->assign_block_vars('login.remember_me',array()); 245 } 242 246 } 243 247 -
trunk/identification.php
r541 r555 43 43 if ($row['password'] == md5($_POST['password'])) 44 44 { 45 if ($conf['auth_method'] == 'cookie' 46 or isset($_POST['remember_me']) and $_POST['remember_me'] == 1) 45 $session_length = $conf['session_length']; 46 if ($conf['authorize_remembering'] 47 and isset($_POST['remember_me']) 48 and $_POST['remember_me'] == 1) 47 49 { 48 if ($conf['auth_method'] == 'cookie') 49 { 50 $cookie_length = $conf['session_length']; 51 } 52 else if ($_POST['remember_me'] == 1) 53 { 54 $cookie_length = $conf['remember_me_length']; 55 } 56 session_create($row['id'], 57 'cookie', 58 $cookie_length); 59 redirect('category.php'); 50 $session_length = $conf['remember_me_length']; 60 51 } 61 else if ($conf['auth_method'] == 'URI') 62 { 63 $session_id = session_create($row['id'], 64 'URI', 65 $conf['session_length']); 66 redirect('category.php?id='.$session_id); 67 } 52 $session_id = session_create($row['id'], $session_length); 53 redirect('category.php?id='.$session_id); 68 54 } 69 55 else … … 98 84 'F_LOGIN_ACTION' => add_session_id('identification.php') 99 85 )); 86 87 if ($conf['authorize_remembering']) 88 { 89 $template->assign_block_vars('remember_me',array()); 90 } 100 91 //-------------------------------------------------------------- errors display 101 92 if ( sizeof( $errors ) != 0 ) -
trunk/include/config.inc.php
r541 r555 97 97 $conf['session_length'] = 3600; 98 98 99 // session id length when session id in URI 100 $conf['session_id_size_URI'] = 4; 101 102 // session id length when session id in cookie 103 $conf['session_id_size_cookie'] = 50; 99 // session id size. A session identifier is compound of alphanumeric 100 // characters and is case sensitive. Each character is among 62 101 // possibilities. The number of possible sessions is 102 // 62^$conf['session_id_size']. 103 // 62^5 = 916,132,832 104 // 62^10 = 839,299,365,868,340,224 105 $conf['session_id_size'] = 10; 104 106 ?> -
trunk/include/functions_session.inc.php
r541 r555 63 63 * 64 64 * @param int userid 65 * @param string method : cookie or URI66 65 * @param int session_lentgh : in seconds 67 66 * @return string 68 67 */ 69 function session_create($userid, $ method, $session_length)68 function session_create($userid, $session_length) 70 69 { 71 70 global $conf; … … 75 74 while (!$id_found) 76 75 { 77 $generated_id = generate_key($conf['session_id_size _'.$method]);76 $generated_id = generate_key($conf['session_id_size']); 78 77 $query = ' 79 78 SELECT id … … 98 97 mysql_query($query); 99 98 100 if ($method == 'cookie') 101 { 102 setcookie('id', $generated_id, $session_length+time(), cookie_path()); 103 } 99 setcookie('id', $generated_id, $expiration, cookie_path()); 104 100 105 101 return $generated_id; -
trunk/include/user.inc.php
r541 r555 40 40 $user['is_the_guest'] = false; 41 41 42 // cookie deletion if administrator don't authorize them anymore 43 if (!$conf['authorize_remembering'] and isset($_COOKIE['id'])) 42 if (isset($_COOKIE['id'])) 44 43 { 45 setcookie('id', '', 0, cookie_path()); 46 $url = 'category.php'; 47 redirect($url); 44 $session_id = $_COOKIE['id']; 45 $user['has_cookie'] = true; 48 46 } 49 50 if (isset($_GET['id'])) 47 else if (isset($_GET['id'])) 51 48 { 52 49 $session_id = $_GET['id']; 53 50 $user['has_cookie'] = false; 54 $session_id_size = $conf['session_id_size_URI'];55 }56 elseif (isset($_COOKIE['id']))57 {58 $session_id = $_COOKIE['id'];59 $user['has_cookie'] = true;60 $session_id_size = $conf['session_id_size_cookie'];61 51 } 62 52 else … … 66 56 67 57 if (isset($session_id) 68 and ereg("^[0-9a-zA-Z]{".$session_id_size."}$", $session_id))58 and ereg("^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id)) 69 59 { 70 60 $page['session_id'] = $session_id; -
trunk/install/config.sql
r541 r555 27 27 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('show_iptc','false','Show IPTC metadata on picture.php if asked by user'); 28 28 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('show_exif','true','Show EXIF metadata on picture.php if asked by user'); 29 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('auth_method','URI','Default method used to authenticate users : URI or cookie');30 29 INSERT INTO phpwebgallery_config (param,value,comment) VALUES ('authorize_remembering','true','Authorize users to be remembered, see $conf{remember_me_length}'); -
trunk/language/en_UK.iso-8859-1/admin.lang.php
r541 r555 175 175 // Configuration -> session 176 176 $lang['conf_session_title'] = 'Sessions'; 177 $lang['conf_auth_method'] = 'Authentication method';178 $lang['conf_auth_method_info'] = 'The default authentication method can be URI (session identifier in the gallery links) or cookie (no session identifier in links but needs cookies to be authorized by web browser)';179 $lang['URI'] = 'URI';180 $lang['cookie'] = 'cookie';181 177 $lang['conf_authorize_remembering'] = 'Authorize remembering'; 182 178 $lang['conf_authorize_remembering_info'] = 'Permits user to log for a long time. It creates a cookie on client side, with duration set in include/config.inc.php (1 year per default)'; -
trunk/template/default/admin/configuration.tpl
r541 r555 150 150 </tr> 151 151 <tr> 152 <td width="70%"><strong>{session.L_CONF_AUTH_METHOD} :</strong><br /><span class="small">{session.L_CONF_AUTH_METHOD_INFO}</span></td>153 <td class="row1"><input type="radio" class="radio" name="auth_method" value="URI" {session.AUTH_METHOD_URI} />{L_URI} 154 <input type="radio" class="radio" name="auth_method" value="cookie" {session.AUTH_METHOD_COOKIE} />{L_COOKIE}</td>155 </tr>156 <tr>157 152 <td width="70%"><strong>{session.L_CONF_AUTHORIZE_REMEMBERING} :</strong><br /><span class="small">{session.L_CONF_AUTHORIZE_REMEMBERING_INFO}</span></td> 158 153 <td class="row1"><input type="radio" class="radio" name="authorize_remembering" value="true" {session.AUTHORIZE_REMEMBERING_YES} />{L_YES} -
trunk/template/default/category.tpl
r554 r555 41 41 {L_PASSWORD}<br /> 42 42 <input type="password" name="password" size="15"><br /> 43 <!-- BEGIN remember_me --> 43 44 <input type="checkbox" name="remember_me" value="1" /> {L_REMEMBER_ME}<br /> 45 <!-- END remember_me --> 44 46 <input type="submit" name="login" value="{L_SUBMIT}" class="bouton" /> 45 47 </form> -
trunk/template/default/identification.tpl
r541 r555 31 31 </td> 32 32 </tr> 33 <!-- BEGIN remember_me --> 33 34 <tr> 34 35 <td align="right"><span class="gentbl">{L_REMEMBER_ME}:</span></td> … … 37 38 </td> 38 39 </tr> 40 <!-- END remember_me --> 39 41 <tr align="center"> 40 42 <td colspan="2"><input type="submit" name="login" value="{L_LOGIN}" class="bouton" /></td>
Note: See TracChangeset
for help on using the changeset viewer.