mirror of
https://github.com/Piwigo/Piwigo.git
synced 2025-04-27 11:49:56 +03:00
optional cookie identification
git-svn-id: http://piwigo.org/svn/trunk@45 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
z0rglub
parent
4e775187b8
commit
45a8139acd
9 changed files with 170 additions and 44 deletions
|
|
@ -41,7 +41,7 @@ array( 'prefix_thumbnail','webmaster','mail_webmaster','access',
|
|||
'show_comments','nb_comment_page','upload_available',
|
||||
'upload_maxfilesize', 'upload_maxwidth','upload_maxheight',
|
||||
'upload_maxwidth_thumbnail','upload_maxheight_thumbnail','log',
|
||||
'comments_validation','comments_forall' );
|
||||
'comments_validation','comments_forall','authorize_cookies' );
|
||||
$default_user_infos =
|
||||
array( 'nb_image_line','nb_line_page','language','maxwidth',
|
||||
'maxheight','expand','show_nb_comments','short_period','long_period',
|
||||
|
|
@ -851,6 +851,37 @@ $vtp->addSession( $sub, 'line' );
|
|||
$vtp->addSession( $sub, 'space_line' );
|
||||
$vtp->closeSession( $sub, 'space_line' );
|
||||
$vtp->closeSession( $sub, 'line' );
|
||||
// authorize cookies ?
|
||||
$vtp->addSession( $sub, 'line' );
|
||||
$vtp->addSession( $sub, 'param_line' );
|
||||
$vtp->setVar( $sub, 'param_line.name', $lang['conf_session_cookie'] );
|
||||
$vtp->addSession( $sub, 'group' );
|
||||
$vtp->addSession( $sub, 'radio' );
|
||||
$vtp->setVar( $sub, 'radio.name', 'authorize_cookies' );
|
||||
$vtp->setVar( $sub, 'radio.value', 'true' );
|
||||
$checked = '';
|
||||
if ( $authorize_cookies == 'true' )
|
||||
{
|
||||
$checked = ' checked="checked"';
|
||||
}
|
||||
$vtp->setVar( $sub, 'radio.checked', $checked );
|
||||
$vtp->setVar( $sub, 'radio.option', $lang['yes'] );
|
||||
$vtp->closeSession( $sub, 'radio' );
|
||||
$vtp->addSession( $sub, 'radio' );
|
||||
$vtp->setVar( $sub, 'radio.name', 'authorize_cookies' );
|
||||
$vtp->setVar( $sub, 'radio.value', 'false' );
|
||||
$checked = '';
|
||||
if ( $authorize_cookies == 'false' )
|
||||
{
|
||||
$checked = ' checked="checked"';
|
||||
}
|
||||
$vtp->setVar( $sub, 'radio.checked', $checked );
|
||||
$vtp->setVar( $sub, 'radio.option', $lang['no'] );
|
||||
$vtp->closeSession( $sub, 'radio' );
|
||||
$vtp->closeSession( $sub, 'group' );
|
||||
$vtp->setVar( $sub, 'param_line.def', $lang['conf_session_cookie_info'] );
|
||||
$vtp->closeSession( $sub, 'param_line' );
|
||||
$vtp->closeSession( $sub, 'line' );
|
||||
// session size
|
||||
$vtp->addSession( $sub, 'line' );
|
||||
$vtp->addSession( $sub, 'param_line' );
|
||||
|
|
|
|||
13
category.php
13
category.php
|
|
@ -20,6 +20,17 @@ $t2 = explode( '.', $t1[0] );
|
|||
$t2 = $t1[1].'.'.$t2[1];
|
||||
//----------------------------------------------------------- personnal include
|
||||
include_once( './include/init.inc.php' );
|
||||
//---------------------------------------------------------------------- logout
|
||||
if ( $_GET['act'] == 'logout' and isset( $_COOKIE['id'] ) )
|
||||
{
|
||||
// cookie deletion if exists
|
||||
setcookie( 'id', '', 0, cookie_path() );
|
||||
$url = 'category.php';
|
||||
header( 'Request-URI: '.$url );
|
||||
header( 'Content-Location: '.$url );
|
||||
header( 'Location: '.$url );
|
||||
exit();
|
||||
}
|
||||
//-------------------------------------------------- access authorization check
|
||||
// creating the plain structure : array of all the available categories and
|
||||
// their relative informations, see the definition of the function
|
||||
|
|
@ -150,7 +161,7 @@ if ( !$user['is_the_guest'] )
|
|||
{
|
||||
// logout link
|
||||
$vtp->addSession( $handle, 'summary' );
|
||||
$vtp->setVar( $handle, 'summary.url', './category.php?cat='.$page['cat'] );
|
||||
$vtp->setVar( $handle, 'summary.url', './category.php?act=logout' );
|
||||
$vtp->setVar( $handle, 'summary.title', '' );
|
||||
$vtp->setVar( $handle, 'summary.name', replace_space( $lang['logout'] ) );
|
||||
$vtp->closeSession( $handle, 'summary' );
|
||||
|
|
|
|||
|
|
@ -18,10 +18,9 @@
|
|||
//----------------------------------------------------------- personnal include
|
||||
include_once( "./include/init.inc.php" );
|
||||
//-------------------------------------------------------------- identification
|
||||
$error = array();
|
||||
$errors = array();
|
||||
if ( isset( $_POST['login'] ) )
|
||||
{
|
||||
$i = 0;
|
||||
// retrieving the encrypted password of the login submitted
|
||||
$query = 'select password';
|
||||
$query.= ' from '.PREFIX_TABLE.'users';
|
||||
|
|
@ -38,7 +37,7 @@ if ( isset( $_POST['login'] ) )
|
|||
}
|
||||
else
|
||||
{
|
||||
$error[$i++] = $lang['invalid_pwd'];
|
||||
array_push( $errors, $lang['invalid_pwd'] );
|
||||
}
|
||||
}
|
||||
//----------------------------------------------------- template initialization
|
||||
|
|
@ -63,10 +62,9 @@ initialize_template();
|
|||
if ( sizeof( $error ) != 0 )
|
||||
{
|
||||
$vtp->addSession( $handle, 'errors' );
|
||||
for ( $i = 0; $i < sizeof( $error ); $i++ )
|
||||
{
|
||||
foreach ( $errors as $error ) {
|
||||
$vtp->addSession( $handle, 'li' );
|
||||
$vtp->setVar( $handle, 'li.li', $error[$i] );
|
||||
$vtp->setVar( $handle, 'li.li', $error );
|
||||
$vtp->closeSession( $handle, 'li' );
|
||||
}
|
||||
$vtp->closeSession( $handle, 'errors' );
|
||||
|
|
|
|||
|
|
@ -62,7 +62,7 @@ $infos = array( 'prefix_thumbnail', 'webmaster', 'mail_webmaster', 'access',
|
|||
'upload_available', 'upload_maxfilesize', 'upload_maxwidth',
|
||||
'upload_maxheight', 'upload_maxwidth_thumbnail',
|
||||
'upload_maxheight_thumbnail','log','comments_validation',
|
||||
'comments_forall' );
|
||||
'comments_forall','authorize_cookies' );
|
||||
|
||||
$query = 'SELECT ';
|
||||
foreach ( $infos as $i => $info ) {
|
||||
|
|
|
|||
|
|
@ -14,17 +14,22 @@
|
|||
* the Free Software Foundation; *
|
||||
* *
|
||||
***************************************************************************/
|
||||
|
||||
// The function generate_key creates a string with pseudo random characters.
|
||||
// the size of the string depends on the $conf['session_id_size'].
|
||||
// Characters used are a-z A-Z and numerical values. Examples :
|
||||
// "Er4Tgh6", "Rrp08P", "54gj"
|
||||
// input : none (using global variable)
|
||||
// output : $key
|
||||
function generate_key()
|
||||
{
|
||||
global $conf;
|
||||
|
||||
$md5 = md5( substr( microtime(), 2, 6 ).$conf['session_keyword'] );
|
||||
$init = '';
|
||||
for ( $i = 0; $i < strlen( $md5 ); $i++ )
|
||||
{
|
||||
if ( is_numeric( $md5[$i] ) )
|
||||
{
|
||||
$init.= $md5[$i];
|
||||
}
|
||||
if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i];
|
||||
}
|
||||
$init = substr( $init, 0, 8 );
|
||||
mt_srand( $init );
|
||||
|
|
@ -32,26 +37,19 @@ function generate_key()
|
|||
for ( $i = 0; $i < $conf['session_id_size']; $i++ )
|
||||
{
|
||||
$c = mt_rand( 0, 2 );
|
||||
if ( $c == 0 )
|
||||
{
|
||||
$key .= chr( mt_rand( 65, 90 ) );
|
||||
}
|
||||
else if ( $c == 1 )
|
||||
{
|
||||
$key .= chr( mt_rand( 97, 122 ) );
|
||||
}
|
||||
else
|
||||
{
|
||||
$key .= mt_rand( 0, 9 );
|
||||
}
|
||||
if ( $c == 0 ) $key .= chr( mt_rand( 65, 90 ) );
|
||||
else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) );
|
||||
else $key .= mt_rand( 0, 9 );
|
||||
}
|
||||
return $key;
|
||||
}
|
||||
|
||||
// The function create_session finds a non-already-used session key and
|
||||
// returns it once found for the given user.
|
||||
function session_create( $username )
|
||||
{
|
||||
global $conf;
|
||||
// 1. searching an unused sesison key
|
||||
// 1. searching an unused session key
|
||||
$id_found = false;
|
||||
while ( !$id_found )
|
||||
{
|
||||
|
|
@ -89,6 +87,9 @@ function session_create( $username )
|
|||
function add_session_id( $url, $redirect = false )
|
||||
{
|
||||
global $page, $user;
|
||||
|
||||
if ( $user['has_cookie'] ) return $url;
|
||||
|
||||
$amp = '&';
|
||||
if ( $redirect )
|
||||
{
|
||||
|
|
@ -110,4 +111,13 @@ function add_session_id( $url, $redirect = false )
|
|||
return $url;
|
||||
}
|
||||
}
|
||||
|
||||
// cookie_path returns the path to use for the PhpWebGallery cookie.
|
||||
// If PhpWebGallery is installed on :
|
||||
// http://domain.org/meeting/gallery/category.php
|
||||
// cookie_path will return : "/meeting/gallery"
|
||||
function cookie_path()
|
||||
{
|
||||
return substr($_SERVER['PHP_SELF'],0,strrpos( $_SERVER['PHP_SELF'],'/'));
|
||||
}
|
||||
?>
|
||||
|
|
@ -32,18 +32,40 @@ foreach ( $infos as $i => $info ) {
|
|||
$query_user.= ' FROM '.PREFIX_TABLE.'users';
|
||||
$query_done = false;
|
||||
$user['is_the_guest'] = false;
|
||||
if ( isset( $_GET['id'] )
|
||||
&& ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $_GET['id'] ) )
|
||||
|
||||
// cookie deletion if administrator don't authorize them anymore
|
||||
if ( !$conf['authorize_cookies'] and isset( $_COOKIE['id'] ) )
|
||||
{
|
||||
$page['session_id'] = $_GET['id'];
|
||||
setcookie( 'id', '', 0, cookie_path() );
|
||||
$url = 'category.php';
|
||||
header( 'Request-URI: '.$url );
|
||||
header( 'Content-Location: '.$url );
|
||||
header( 'Location: '.$url );
|
||||
exit();
|
||||
}
|
||||
|
||||
$user['has_cookie'] = false;
|
||||
if ( isset( $_GET['id'] ) ) $session_id = $_GET['id'];
|
||||
elseif ( isset( $_COOKIE['id'] ) )
|
||||
{
|
||||
$session_id = $_COOKIE['id'];
|
||||
$user['has_cookie'] = true;
|
||||
}
|
||||
|
||||
if ( isset( $session_id )
|
||||
and ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id ) )
|
||||
{
|
||||
$page['session_id'] = $session_id;
|
||||
$query = 'SELECT user_id,expiration,ip';
|
||||
$query.= ' FROM '.PREFIX_TABLE.'sessions';
|
||||
$query.= " WHERE id = '".$_GET['id']."'";
|
||||
$query.= " WHERE id = '".$page['session_id']."'";
|
||||
$query.= ';';
|
||||
$result = mysql_query( $query );
|
||||
if ( mysql_num_rows( $result ) > 0 )
|
||||
{
|
||||
$row = mysql_fetch_array( $result );
|
||||
if ( !$user['has_cookie'] )
|
||||
{
|
||||
if ( $row['expiration'] < time() )
|
||||
{
|
||||
// deletion of the session from the database,
|
||||
|
|
@ -53,14 +75,17 @@ if ( isset( $_GET['id'] )
|
|||
$delete_query.= ';';
|
||||
mysql_query( $delete_query );
|
||||
}
|
||||
else
|
||||
{
|
||||
if ( $_SERVER['REMOTE_ADDR'] == $row['ip'] )
|
||||
{
|
||||
$query_user .= ' WHERE id = '.$row['user_id'];
|
||||
$query_done = true;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$query_user .= ' WHERE id = '.$row['user_id'];
|
||||
$query_done = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
if ( !$query_done )
|
||||
|
|
|
|||
|
|
@ -136,6 +136,11 @@ $lang['customize_long_period'] = 'p
|
|||
$lang['customize_template'] = 'template';
|
||||
$lang['err_periods'] = 'les périodes doivent être des entiers';
|
||||
$lang['err_periods_2'] = 'les périodes doivent être supérieures à 0, la période longue doit être plus grande que la période courte';
|
||||
$lang['create_cookie'] = 'créer un cookie';
|
||||
$lang['customize_day'] = 'jour';
|
||||
$lang['customize_week'] = 'semaine';
|
||||
$lang['customize_month'] = 'mois';
|
||||
$lang['customize_year'] = 'an';
|
||||
// end version 1.3
|
||||
$lang['maxwidth'] = 'largeur maximum des images';
|
||||
$lang['maxheight'] = 'hauteur maximum des images';
|
||||
|
|
@ -399,6 +404,10 @@ if ( $isadmin )
|
|||
$lang['conf_session_key_info'] = '- le mot-clef de session permet d\'améliorer le cryptage des identifiants de session.<br />- mettez n\'importe quelle chaîne de moins de 255 caractères.';
|
||||
$lang['conf_session_delete'] = 'supprimer les sessions périmées';
|
||||
$lang['conf_session_delete_info'] = 'il est recommandé de vider sa table de sessions car les sessions périmées restent enregistrées (mais ça ne pose pas de problème de sécurité)';
|
||||
// start version 1.3
|
||||
$lang['conf_session_cookie'] = 'autoriser les cookies';
|
||||
$lang['conf_session_cookie_info'] = 'les utilisateurs ne seront plus obligés de s\'identifier à chaque visite.';
|
||||
// end version 1.3
|
||||
|
||||
// page user, clés générales
|
||||
$lang['user_err_modify'] = 'Cet utilisateur ne peut pas être modifé ou supprimé';
|
||||
|
|
|
|||
31
profile.php
31
profile.php
|
|
@ -103,13 +103,18 @@ if ( isset( $_POST['submit'] ) )
|
|||
$query.= ';';
|
||||
mysql_query( $query );
|
||||
}
|
||||
if ( $_POST['create_cookie'] == 1 )
|
||||
{
|
||||
setcookie( 'id',$page['session_id'],$_POST['cookie_expiration'],
|
||||
cookie_path() );
|
||||
}
|
||||
// redirection
|
||||
$url = 'category.php?cat='.$page['cat'].'&expand='.$_GET['expand'];
|
||||
if ( $page['cat'] == 'search' )
|
||||
{
|
||||
$url.= '&search='.$_GET['search'].'&mode='.$_GET['mode'];
|
||||
}
|
||||
$url = add_session_id( $url, true );
|
||||
if ( $_POST['create_cookie'] != 1 ) $url = add_session_id( $url, true );
|
||||
header( 'Request-URI: '.$url );
|
||||
header( 'Content-Location: '.$url );
|
||||
header( 'Location: '.$url );
|
||||
|
|
@ -121,7 +126,7 @@ $vtp = new VTemplate;
|
|||
$handle = $vtp->Open( './template/'.$user['template'].'/profile.vtp' );
|
||||
initialize_template();
|
||||
$tpl = array( 'customize_page_title','customize_title','password','new',
|
||||
'reg_confirm','submit' );
|
||||
'reg_confirm','submit','create_cookie' );
|
||||
templatize_array( $tpl, 'lang', $handle );
|
||||
//----------------------------------------------------------------- form action
|
||||
$url = './profile.php?cat='.$page['cat'].'&expand='.$page['expand'];
|
||||
|
|
@ -340,6 +345,28 @@ if ( in_array( 'show_nb_comments', $infos ) )
|
|||
$vtp->closeSession( $handle, 'group' );
|
||||
$vtp->closeSession( $handle, 'line' );
|
||||
}
|
||||
//--------------------------------------------------------------- create cookie
|
||||
if ( $conf['authorize_cookies'] )
|
||||
{
|
||||
$vtp->addSession( $handle, 'cookie' );
|
||||
$options = array(
|
||||
array( 'message' => '1 '.$lang['customize_day'],
|
||||
'value' => time() + 24*60*60 ),
|
||||
array( 'message' => '1 '.$lang['customize_week'],
|
||||
'value' => time() + 7*24*60*60 ),
|
||||
array( 'message' => '1 '.$lang['customize_month'],
|
||||
'value' => time() + 30*24*60*60 ),
|
||||
array( 'message' => '1 '.$lang['customize_year'],
|
||||
'value' => time() + 365*24*60*60 )
|
||||
);
|
||||
foreach ( $options as $option ) {
|
||||
$vtp->addSession( $handle, 'expiration_option' );
|
||||
$vtp->setVar( $handle, 'expiration_option.option', $option['message'] );
|
||||
$vtp->setVar( $handle, 'expiration_option.value', $option['value'] );
|
||||
$vtp->closeSession( $handle, 'expiration_option' );
|
||||
}
|
||||
$vtp->closeSession( $handle, 'cookie' );
|
||||
}
|
||||
//----------------------------------------------------------- html code display
|
||||
$code = $vtp->Display( $handle, 0 );
|
||||
echo $code;
|
||||
|
|
|
|||
|
|
@ -65,6 +65,21 @@
|
|||
<td class="menu">{#reg_confirm}</td>
|
||||
<td class="menu"><input type="password" name="passwordConf" value="" /></td>
|
||||
</tr>
|
||||
<!--VTP_cookie-->
|
||||
<tr>
|
||||
<td colspan="2"> </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="menu">{#create_cookie} <input type="checkbox" name="create_cookie" value="1" /></td>
|
||||
<td class="menu">
|
||||
<select name="cookie_expiration">
|
||||
<!--VTP_expiration_option-->
|
||||
<option value="{#value}">{#option}</option>
|
||||
<!--/VTP_expiration_option-->
|
||||
</select>
|
||||
</td>
|
||||
</tr>
|
||||
<!--/VTP_cookie-->
|
||||
<tr>
|
||||
<td colspan="2"> </td>
|
||||
</tr>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue