mirrors/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2025-04-28 20:29:58 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

optional cookie identification

Browse source 
git-svn-id: http://piwigo.org/svn/trunk@45 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
z0rglub 2003-07-27 08:24:10 +00:00
parent 4e775187b8
commit 45a8139acd
9 changed files with 170 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

33
admin/configuration.php
View file

@ -41,7 +41,7 @@ array( 'prefix_thumbnail','webmaster','mail_webmaster','access',
'show_comments','nb_comment_page','upload_available', 'show_comments','nb_comment_page','upload_available',
'upload_maxfilesize', 'upload_maxwidth','upload_maxheight', 'upload_maxfilesize', 'upload_maxwidth','upload_maxheight',
'upload_maxwidth_thumbnail','upload_maxheight_thumbnail','log', 'upload_maxwidth_thumbnail','upload_maxheight_thumbnail','log',
'comments_validation','comments_forall' ); 'comments_validation','comments_forall','authorize_cookies' );
$default_user_infos = $default_user_infos =
array( 'nb_image_line','nb_line_page','language','maxwidth', array( 'nb_image_line','nb_line_page','language','maxwidth',
'maxheight','expand','show_nb_comments','short_period','long_period', 'maxheight','expand','show_nb_comments','short_period','long_period',
@ -851,6 +851,37 @@ $vtp->addSession( $sub, 'line' );
$vtp->addSession( $sub, 'space_line' ); $vtp->addSession( $sub, 'space_line' );
$vtp->closeSession( $sub, 'space_line' ); $vtp->closeSession( $sub, 'space_line' );
$vtp->closeSession( $sub, 'line' ); $vtp->closeSession( $sub, 'line' );
// authorize cookies ?
$vtp->addSession( $sub, 'line' );
$vtp->addSession( $sub, 'param_line' );
$vtp->setVar( $sub, 'param_line.name', $lang['conf_session_cookie'] );
$vtp->addSession( $sub, 'group' );
$vtp->addSession( $sub, 'radio' );
$vtp->setVar( $sub, 'radio.name', 'authorize_cookies' );
$vtp->setVar( $sub, 'radio.value', 'true' );
$checked = '';
if ( $authorize_cookies == 'true' )
{
$checked = ' checked="checked"';
}
$vtp->setVar( $sub, 'radio.checked', $checked );
$vtp->setVar( $sub, 'radio.option', $lang['yes'] );
$vtp->closeSession( $sub, 'radio' );
$vtp->addSession( $sub, 'radio' );
$vtp->setVar( $sub, 'radio.name', 'authorize_cookies' );
$vtp->setVar( $sub, 'radio.value', 'false' );
$checked = '';
if ( $authorize_cookies == 'false' )
{
$checked = ' checked="checked"';
}
$vtp->setVar( $sub, 'radio.checked', $checked );
$vtp->setVar( $sub, 'radio.option', $lang['no'] );
$vtp->closeSession( $sub, 'radio' );
$vtp->closeSession( $sub, 'group' );
$vtp->setVar( $sub, 'param_line.def', $lang['conf_session_cookie_info'] );
$vtp->closeSession( $sub, 'param_line' );
$vtp->closeSession( $sub, 'line' );
// session size // session size
$vtp->addSession( $sub, 'line' ); $vtp->addSession( $sub, 'line' );
$vtp->addSession( $sub, 'param_line' ); $vtp->addSession( $sub, 'param_line' );

13
category.php
View file

@ -20,6 +20,17 @@ $t2 = explode( '.', $t1[0] );
$t2 = $t1[1].'.'.$t2[1]; $t2 = $t1[1].'.'.$t2[1];
//----------------------------------------------------------- personnal include //----------------------------------------------------------- personnal include
include_once( './include/init.inc.php' ); include_once( './include/init.inc.php' );
//---------------------------------------------------------------------- logout
if ( $_GET['act'] == 'logout' and isset( $_COOKIE['id'] ) )
{
// cookie deletion if exists
setcookie( 'id', '', 0, cookie_path() );
$url = 'category.php';
header( 'Request-URI: '.$url );
header( 'Content-Location: '.$url );
header( 'Location: '.$url );
exit();
}
//-------------------------------------------------- access authorization check //-------------------------------------------------- access authorization check
// creating the plain structure : array of all the available categories and // creating the plain structure : array of all the available categories and
// their relative informations, see the definition of the function // their relative informations, see the definition of the function
@ -150,7 +161,7 @@ if ( !$user['is_the_guest'] )
{ {
// logout link // logout link
$vtp->addSession( $handle, 'summary' ); $vtp->addSession( $handle, 'summary' );
$vtp->setVar( $handle, 'summary.url', './category.php?cat='.$page['cat'] ); $vtp->setVar( $handle, 'summary.url', './category.php?act=logout' );
$vtp->setVar( $handle, 'summary.title', '' ); $vtp->setVar( $handle, 'summary.title', '' );
$vtp->setVar( $handle, 'summary.name', replace_space( $lang['logout'] ) ); $vtp->setVar( $handle, 'summary.name', replace_space( $lang['logout'] ) );
$vtp->closeSession( $handle, 'summary' ); $vtp->closeSession( $handle, 'summary' );

10
identification.php
View file

@ -18,10 +18,9 @@
//----------------------------------------------------------- personnal include //----------------------------------------------------------- personnal include
include_once( "./include/init.inc.php" ); include_once( "./include/init.inc.php" );
//-------------------------------------------------------------- identification //-------------------------------------------------------------- identification
$error = array(); $errors = array();
if ( isset( $_POST['login'] ) ) if ( isset( $_POST['login'] ) )
{ {
$i = 0;
// retrieving the encrypted password of the login submitted // retrieving the encrypted password of the login submitted
$query = 'select password'; $query = 'select password';
$query.= ' from '.PREFIX_TABLE.'users'; $query.= ' from '.PREFIX_TABLE.'users';
@ -38,7 +37,7 @@ if ( isset( $_POST['login'] ) )
} }
else else
{ {
$error[$i++] = $lang['invalid_pwd']; array_push( $errors, $lang['invalid_pwd'] );
} }
} }
//----------------------------------------------------- template initialization //----------------------------------------------------- template initialization
@ -63,10 +62,9 @@ initialize_template();
if ( sizeof( $error ) != 0 ) if ( sizeof( $error ) != 0 )
{ {
$vtp->addSession( $handle, 'errors' ); $vtp->addSession( $handle, 'errors' );
for ( $i = 0; $i < sizeof( $error ); $i++ ) foreach ( $errors as $error ) {
{
$vtp->addSession( $handle, 'li' ); $vtp->addSession( $handle, 'li' );
$vtp->setVar( $handle, 'li.li', $error[$i] ); $vtp->setVar( $handle, 'li.li', $error );
$vtp->closeSession( $handle, 'li' ); $vtp->closeSession( $handle, 'li' );
} }
$vtp->closeSession( $handle, 'errors' ); $vtp->closeSession( $handle, 'errors' );

2
include/config.inc.php
View file

@ -62,7 +62,7 @@ $infos = array( 'prefix_thumbnail', 'webmaster', 'mail_webmaster', 'access',
'upload_available', 'upload_maxfilesize', 'upload_maxwidth', 'upload_available', 'upload_maxfilesize', 'upload_maxwidth',
'upload_maxheight', 'upload_maxwidth_thumbnail', 'upload_maxheight', 'upload_maxwidth_thumbnail',
'upload_maxheight_thumbnail','log','comments_validation', 'upload_maxheight_thumbnail','log','comments_validation',
'comments_forall' ); 'comments_forall','authorize_cookies' );
$query = 'SELECT '; $query = 'SELECT ';
foreach ( $infos as $i => $info ) { foreach ( $infos as $i => $info ) {

44
include/functions_session.inc.php
View file

@ -14,17 +14,22 @@
* the Free Software Foundation; * * the Free Software Foundation; *
* * * *
***************************************************************************/ ***************************************************************************/
// The function generate_key creates a string with pseudo random characters.
// the size of the string depends on the $conf['session_id_size'].
// Characters used are a-z A-Z and numerical values. Examples :
// "Er4Tgh6", "Rrp08P", "54gj"
// input : none (using global variable)
// output : $key
function generate_key() function generate_key()
{ {
global $conf; global $conf;
$md5 = md5( substr( microtime(), 2, 6 ).$conf['session_keyword'] ); $md5 = md5( substr( microtime(), 2, 6 ).$conf['session_keyword'] );
$init = ''; $init = '';
for ( $i = 0; $i < strlen( $md5 ); $i++ ) for ( $i = 0; $i < strlen( $md5 ); $i++ )
{ {
if ( is_numeric( $md5[$i] ) ) if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i];
{
$init.= $md5[$i];
}
} }
$init = substr( $init, 0, 8 ); $init = substr( $init, 0, 8 );
mt_srand( $init ); mt_srand( $init );
@ -32,26 +37,19 @@ function generate_key()
for ( $i = 0; $i < $conf['session_id_size']; $i++ ) for ( $i = 0; $i < $conf['session_id_size']; $i++ )
{ {
$c = mt_rand( 0, 2 ); $c = mt_rand( 0, 2 );
if ( $c == 0 ) if ( $c == 0 ) $key .= chr( mt_rand( 65, 90 ) );
{ else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) );
$key .= chr( mt_rand( 65, 90 ) ); else $key .= mt_rand( 0, 9 );
}
else if ( $c == 1 )
{
$key .= chr( mt_rand( 97, 122 ) );
}
else
{
$key .= mt_rand( 0, 9 );
}
} }
return $key; return $key;
} }
// The function create_session finds a non-already-used session key and
// returns it once found for the given user.
function session_create( $username ) function session_create( $username )
{ {
global $conf; global $conf;
// 1. searching an unused sesison key // 1. searching an unused session key
$id_found = false; $id_found = false;
while ( !$id_found ) while ( !$id_found )
{ {
@ -89,6 +87,9 @@ function session_create( $username )
function add_session_id( $url, $redirect = false ) function add_session_id( $url, $redirect = false )
{ {
global $page, $user; global $page, $user;
if ( $user['has_cookie'] ) return $url;
$amp = '&amp;'; $amp = '&amp;';
if ( $redirect ) if ( $redirect )
{ {
@ -110,4 +111,13 @@ function add_session_id( $url, $redirect = false )
return $url; return $url;
} }
} }
// cookie_path returns the path to use for the PhpWebGallery cookie.
// If PhpWebGallery is installed on :
// http://domain.org/meeting/gallery/category.php
// cookie_path will return : "/meeting/gallery"
function cookie_path()
{
return substr($_SERVER['PHP_SELF'],0,strrpos( $_SERVER['PHP_SELF'],'/'));
}
?> ?>

37
include/user.inc.php
View file

@ -32,18 +32,40 @@ foreach ( $infos as $i => $info ) {
$query_user.= ' FROM '.PREFIX_TABLE.'users'; $query_user.= ' FROM '.PREFIX_TABLE.'users';
$query_done = false; $query_done = false;
$user['is_the_guest'] = false; $user['is_the_guest'] = false;
if ( isset( $_GET['id'] )
&& ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $_GET['id'] ) ) // cookie deletion if administrator don't authorize them anymore
if ( !$conf['authorize_cookies'] and isset( $_COOKIE['id'] ) )
{ {
$page['session_id'] = $_GET['id']; setcookie( 'id', '', 0, cookie_path() );
$url = 'category.php';
header( 'Request-URI: '.$url );
header( 'Content-Location: '.$url );
header( 'Location: '.$url );
exit();
}
$user['has_cookie'] = false;
if ( isset( $_GET['id'] ) ) $session_id = $_GET['id'];
elseif ( isset( $_COOKIE['id'] ) )
{
$session_id = $_COOKIE['id'];
$user['has_cookie'] = true;
}
if ( isset( $session_id )
and ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id ) )
{
$page['session_id'] = $session_id;
$query = 'SELECT user_id,expiration,ip'; $query = 'SELECT user_id,expiration,ip';
$query.= ' FROM '.PREFIX_TABLE.'sessions'; $query.= ' FROM '.PREFIX_TABLE.'sessions';
$query.= " WHERE id = '".$_GET['id']."'"; $query.= " WHERE id = '".$page['session_id']."'";
$query.= ';'; $query.= ';';
$result = mysql_query( $query ); $result = mysql_query( $query );
if ( mysql_num_rows( $result ) > 0 ) if ( mysql_num_rows( $result ) > 0 )
{ {
$row = mysql_fetch_array( $result ); $row = mysql_fetch_array( $result );
if ( !$user['has_cookie'] )
{
if ( $row['expiration'] < time() ) if ( $row['expiration'] < time() )
{ {
// deletion of the session from the database, // deletion of the session from the database,
@ -53,14 +75,17 @@ if ( isset( $_GET['id'] )
$delete_query.= ';'; $delete_query.= ';';
mysql_query( $delete_query ); mysql_query( $delete_query );
} }
else
{
if ( $_SERVER['REMOTE_ADDR'] == $row['ip'] ) if ( $_SERVER['REMOTE_ADDR'] == $row['ip'] )
{ {
$query_user .= ' WHERE id = '.$row['user_id']; $query_user .= ' WHERE id = '.$row['user_id'];
$query_done = true; $query_done = true;
} }
} }
else
{
$query_user .= ' WHERE id = '.$row['user_id'];
$query_done = true;
}
} }
} }
if ( !$query_done ) if ( !$query_done )

9
language/francais.php
View file

@ -136,6 +136,11 @@ $lang['customize_long_period'] = 'p
$lang['customize_template'] = 'template'; $lang['customize_template'] = 'template';
$lang['err_periods'] = 'les périodes doivent être des entiers'; $lang['err_periods'] = 'les périodes doivent être des entiers';
$lang['err_periods_2'] = 'les périodes doivent être supérieures à 0, la période longue doit être plus grande que la période courte'; $lang['err_periods_2'] = 'les périodes doivent être supérieures à 0, la période longue doit être plus grande que la période courte';
$lang['create_cookie'] = 'créer un cookie';
$lang['customize_day'] = 'jour';
$lang['customize_week'] = 'semaine';
$lang['customize_month'] = 'mois';
$lang['customize_year'] = 'an';
// end version 1.3 // end version 1.3
$lang['maxwidth'] = 'largeur maximum des images'; $lang['maxwidth'] = 'largeur maximum des images';
$lang['maxheight'] = 'hauteur maximum des images'; $lang['maxheight'] = 'hauteur maximum des images';
@ -399,6 +404,10 @@ if ( $isadmin )
$lang['conf_session_key_info'] = '- le mot-clef de session permet d\'améliorer le cryptage des identifiants de session.<br />- mettez n\'importe quelle chaîne de moins de 255 caractères.'; $lang['conf_session_key_info'] = '- le mot-clef de session permet d\'améliorer le cryptage des identifiants de session.<br />- mettez n\'importe quelle chaîne de moins de 255 caractères.';
$lang['conf_session_delete'] = 'supprimer les sessions périmées'; $lang['conf_session_delete'] = 'supprimer les sessions périmées';
$lang['conf_session_delete_info'] = 'il est recommandé de vider sa table de sessions car les sessions périmées restent enregistrées (mais ça ne pose pas de problème de sécurité)'; $lang['conf_session_delete_info'] = 'il est recommandé de vider sa table de sessions car les sessions périmées restent enregistrées (mais ça ne pose pas de problème de sécurité)';
// start version 1.3
$lang['conf_session_cookie'] = 'autoriser les cookies';
$lang['conf_session_cookie_info'] = 'les utilisateurs ne seront plus obligés de s\'identifier à chaque visite.';
// end version 1.3
// page user, clés générales // page user, clés générales
$lang['user_err_modify'] = 'Cet utilisateur ne peut pas être modifé ou supprimé'; $lang['user_err_modify'] = 'Cet utilisateur ne peut pas être modifé ou supprimé';

31
profile.php
View file

@ -103,13 +103,18 @@ if ( isset( $_POST['submit'] ) )
$query.= ';'; $query.= ';';
mysql_query( $query ); mysql_query( $query );
} }
if ( $_POST['create_cookie'] == 1 )
{
setcookie( 'id',$page['session_id'],$_POST['cookie_expiration'],
cookie_path() );
}
// redirection // redirection
$url = 'category.php?cat='.$page['cat'].'&expand='.$_GET['expand']; $url = 'category.php?cat='.$page['cat'].'&expand='.$_GET['expand'];
if ( $page['cat'] == 'search' ) if ( $page['cat'] == 'search' )
{ {
$url.= '&search='.$_GET['search'].'&mode='.$_GET['mode']; $url.= '&search='.$_GET['search'].'&mode='.$_GET['mode'];
} }
$url = add_session_id( $url, true ); if ( $_POST['create_cookie'] != 1 ) $url = add_session_id( $url, true );
header( 'Request-URI: '.$url ); header( 'Request-URI: '.$url );
header( 'Content-Location: '.$url ); header( 'Content-Location: '.$url );
header( 'Location: '.$url ); header( 'Location: '.$url );
@ -121,7 +126,7 @@ $vtp = new VTemplate;
$handle = $vtp->Open( './template/'.$user['template'].'/profile.vtp' ); $handle = $vtp->Open( './template/'.$user['template'].'/profile.vtp' );
initialize_template(); initialize_template();
$tpl = array( 'customize_page_title','customize_title','password','new', $tpl = array( 'customize_page_title','customize_title','password','new',
'reg_confirm','submit' ); 'reg_confirm','submit','create_cookie' );
templatize_array( $tpl, 'lang', $handle ); templatize_array( $tpl, 'lang', $handle );
//----------------------------------------------------------------- form action //----------------------------------------------------------------- form action
$url = './profile.php?cat='.$page['cat'].'&amp;expand='.$page['expand']; $url = './profile.php?cat='.$page['cat'].'&amp;expand='.$page['expand'];
@ -340,6 +345,28 @@ if ( in_array( 'show_nb_comments', $infos ) )
$vtp->closeSession( $handle, 'group' ); $vtp->closeSession( $handle, 'group' );
$vtp->closeSession( $handle, 'line' ); $vtp->closeSession( $handle, 'line' );
} }
//--------------------------------------------------------------- create cookie
if ( $conf['authorize_cookies'] )
{
$vtp->addSession( $handle, 'cookie' );
$options = array(
array( 'message' => '1 '.$lang['customize_day'],
'value' => time() + 24*60*60 ),
array( 'message' => '1 '.$lang['customize_week'],
'value' => time() + 7*24*60*60 ),
array( 'message' => '1 '.$lang['customize_month'],
'value' => time() + 30*24*60*60 ),
array( 'message' => '1 '.$lang['customize_year'],
'value' => time() + 365*24*60*60 )
);
foreach ( $options as $option ) {
$vtp->addSession( $handle, 'expiration_option' );
$vtp->setVar( $handle, 'expiration_option.option', $option['message'] );
$vtp->setVar( $handle, 'expiration_option.value', $option['value'] );
$vtp->closeSession( $handle, 'expiration_option' );
}
$vtp->closeSession( $handle, 'cookie' );
}
//----------------------------------------------------------- html code display //----------------------------------------------------------- html code display
$code = $vtp->Display( $handle, 0 ); $code = $vtp->Display( $handle, 0 );
echo $code; echo $code;

15
template/default/profile.vtp
View file

@ -65,6 +65,21 @@
<td class="menu">{#reg_confirm}</td> <td class="menu">{#reg_confirm}</td>
<td class="menu"><input type="password" name="passwordConf" value="" /></td> <td class="menu"><input type="password" name="passwordConf" value="" /></td>
</tr> </tr>
<!--VTP_cookie-->
<tr>
<td colspan="2">&nbsp;</td>
</tr>
<tr>
<td class="menu">{#create_cookie} <input type="checkbox" name="create_cookie" value="1" /></td>
<td class="menu">
<select name="cookie_expiration">
<!--VTP_expiration_option-->
<option value="{#value}">{#option}</option>
<!--/VTP_expiration_option-->
</select>
</td>
</tr>
<!--/VTP_cookie-->
<tr> <tr>
<td colspan="2">&nbsp;</td> <td colspan="2">&nbsp;</td>
</tr> </tr>