Merge branch 'feature/392-auth-keys'

This commit is contained in:
plegall
2016-01-06 14:41:25 +01:00
14 changed files with 372 additions and 54 deletions
+13 -13
View File
@@ -54,6 +54,8 @@ if (isset($_POST['submitEmail']) and !empty($_POST['group']))
is empty find child representative_picture_id */
if (!empty($category['representative_picture_id']))
{
$img = array();
$query = '
SELECT id, file, path, representative_ext
FROM '.IMAGES_TABLE.'
@@ -65,21 +67,19 @@ SELECT id, file, path, representative_ext
{
$element = pwg_db_fetch_assoc($result);
$img_url = '<a href="'.
make_picture_url(array(
'image_id' => $element['id'],
'image_file' => $element['file'],
'category' => $category
))
.'" class="thumblnk"><img src="'.DerivativeImage::url(IMG_THUMB, $element).'"></a>';
$img = array(
'link' => make_picture_url(
array(
'image_id' => $element['id'],
'image_file' => $element['file'],
'category' => $category
)
),
'src' => DerivativeImage::url(IMG_THUMB, $element),
);
}
}
if (!isset($img_url))
{
$img_url = '';
}
pwg_mail_group(
$_POST['group'],
array(
@@ -90,7 +90,7 @@ SELECT id, file, path, representative_ext
array(
'filename' => 'cat_group_info',
'assign' => array(
'IMG_URL' => $img_url,
'IMG' => $img,
'CAT_NAME' => trigger_change('render_category_name', $category['name'], 'admin_cat_list'),
'LINK' => make_index_url(array(
'category' => array(
@@ -125,12 +125,12 @@ select
U.'.$conf['user_fields']['username'].' as username,
U.'.$conf['user_fields']['email'].' as mail_address,
N.enabled,
N.last_send
from
'.USER_MAIL_NOTIFICATION_TABLE.' as N,
'.USERS_TABLE.' as U
where
N.user_id = U.'.$conf['user_fields']['id'];
N.last_send,
UI.status
from '.USER_MAIL_NOTIFICATION_TABLE.' as N
JOIN '.USERS_TABLE.' as U on N.user_id = U.'.$conf['user_fields']['id'].'
JOIN '.USER_INFOS_TABLE.' as UI on UI.user_id = N.user_id
where 1=1';
if ($action == 'send')
{
@@ -159,7 +159,7 @@ order by';
else
{
$query .= '
username;';
username';
}
$query .= ';';
+15 -3
View File
@@ -289,13 +289,24 @@ function do_action_send_mail_notification($action = 'list_to_send', $check_key_l
if ($is_action_send)
{
$auth = null;
$add_url_params = array();
$auth_key = create_user_auth_key($nbm_user['user_id'], $nbm_user['status']);
if ($auth_key !== false)
{
$auth = $auth_key['auth_key'];
$add_url_params['auth'] = $auth;
}
set_make_full_url();
// Fill return list of "treated" check_key for 'send'
$return_list[] = $nbm_user['check_key'];
if ($conf['nbm_send_detailed_content'])
{
$news = news($nbm_user['last_send'], $dbnow, false, $conf['nbm_send_html_mail']);
$news = news($nbm_user['last_send'], $dbnow, false, $conf['nbm_send_html_mail'], $auth);
$exist_data = count($news) > 0;
}
else
@@ -362,7 +373,7 @@ function do_action_send_mail_notification($action = 'list_to_send', $check_key_l
array
(
'TITLE' => get_title_recent_post_date($date_detail),
'HTML_DATA' => get_html_description_recent_post_date($date_detail)
'HTML_DATA' => get_html_description_recent_post_date($date_detail, $auth)
)
);
}
@@ -373,7 +384,7 @@ function do_action_send_mail_notification($action = 'list_to_send', $check_key_l
array
(
'GOTO_GALLERY_TITLE' => $conf['gallery_title'],
'GOTO_GALLERY_URL' => get_gallery_home_url(),
'GOTO_GALLERY_URL' => add_url_params(get_gallery_home_url(), $add_url_params),
'SEND_AS_NAME' => $env_nbm['send_as_name'],
)
);
@@ -389,6 +400,7 @@ function do_action_send_mail_notification($action = 'list_to_send', $check_key_l
'email_format' => $env_nbm['email_format'],
'content' => $env_nbm['mail_template']->parse('notification_by_mail', true),
'content_format' => $env_nbm['email_format'],
'auth_key' => $auth,
)
);
+4
View File
@@ -646,6 +646,10 @@ $conf['recent_post_dates'] = array(
// the author shown in the RSS feed <author> element
$conf['rss_feed_author'] = 'Piwigo notifier';
// how long does the authentication key stays valid, in seconds. 3 days by
// default. 0 to disable.
$conf['auth_key_duration'] = 3*24*60*60;
// +-----------------------------------------------------------------------+
// | Set admin layout |
// +-----------------------------------------------------------------------+
+2
View File
@@ -81,6 +81,8 @@ if (!defined('USER_FEED_TABLE'))
define('USER_FEED_TABLE', $prefixeTable.'user_feed');
if (!defined('RATE_TABLE'))
define('RATE_TABLE', $prefixeTable.'rate');
if (!defined('USER_AUTH_KEYS_TABLE'))
define('USER_AUTH_KEYS_TABLE', $prefixeTable.'user_auth_keys');
if (!defined('USER_CACHE_TABLE'))
define('USER_CACHE_TABLE', $prefixeTable.'user_cache');
if (!defined('USER_CACHE_CATEGORIES_TABLE'))
+2
View File
@@ -446,6 +446,7 @@ INSERT INTO '.HISTORY_TABLE.'
image_id,
image_type,
format_id,
auth_key_id,
tag_ids
)
VALUES
@@ -459,6 +460,7 @@ INSERT INTO '.HISTORY_TABLE.'
'.(isset($image_id) ? $image_id : 'NULL').',
'.(isset($image_type) ? "'".$image_type."'" : 'NULL').',
'.(isset($format_id) ? $format_id : 'NULL').',
'.(isset($page['auth_key_id']) ? $page['auth_key_id'] : 'NULL').',
'.(isset($tags_string) ? "'".$tags_string."'" : 'NULL').'
)
;';
+13 -3
View File
@@ -103,10 +103,17 @@ function get_cat_display_name($cat_informations, $url='')
function get_cat_display_name_cache($uppercats,
$url = '',
$single_link = false,
$link_class = null)
$link_class = null,
$auth_key=null)
{
global $cache, $conf;
$add_url_params = array();
if (isset($auth_key))
{
$add_url_params['auth'] = $auth_key;
}
if (!isset($cache['cat_names']))
{
$query = '
@@ -119,7 +126,7 @@ SELECT id, name, permalink
$output = '';
if ($single_link)
{
$single_url = get_root_url().$url.array_pop(explode(',', $uppercats));
$single_url = add_url_params(get_root_url().$url.array_pop(explode(',', $uppercats)), $add_url_params);
$output.= '<a href="'.$single_url.'"';
if (isset($link_class))
{
@@ -155,10 +162,13 @@ SELECT id, name, permalink
{
$output.= '
<a href="'
.make_index_url(
.add_url_params(
make_index_url(
array(
'category' => $cat,
)
),
$add_url_params
)
.'">'.$cat['name'].'</a>';
}
+41 -8
View File
@@ -514,6 +514,8 @@ SELECT DISTINCT language
// get subset of users in this group for a specific language
$query = '
SELECT
ui.user_id,
ui.status,
u.'.$conf['user_fields']['username'].' AS name,
u.'.$conf['user_fields']['email'].' AS email
FROM '.USER_GROUP_TABLE.' AS ug
@@ -534,13 +536,33 @@ SELECT
switch_lang_to($language);
$return&= pwg_mail(null,
array_merge(
$args,
array('Bcc' => $users)
),
$tpl
);
foreach ($users as $u)
{
$authkey = create_user_auth_key($u['user_id'], $u['status']);
$user_tpl = $tpl;
if ($authkey !== false)
{
$user_tpl['assign']['LINK'] = add_url_params($tpl['assign']['LINK'], array('auth' => $authkey['auth_key']));
if (isset($user_tpl['assign']['IMG']['link']))
{
$user_tpl['assign']['IMG']['link'] = add_url_params(
$user_tpl['assign']['IMG']['link'],
array('auth' => $authkey['auth_key'])
);
}
}
$user_args = $args;
if ($authkey !== false)
{
$user_args['auth_key'] = $authkey['auth_key'];
}
$return &= pwg_mail($u['email'], $user_args, $user_tpl);
}
switch_lang_back();
}
@@ -563,6 +585,7 @@ SELECT
* o theme: theme to use [default value $conf_mail['mail_theme']]
* o mail_title: main title of the mail [default value $conf['gallery_title']]
* o mail_subtitle: subtitle of the mail [default value subject]
* o auth_key: authentication key to add on footer link [default value null]
* @param array $tpl - use these options to define a custom content template file
* o filename
* o dirname (optional)
@@ -695,6 +718,10 @@ function pwg_mail($to, $args=array(), $tpl=array())
{
// key compose of indexes witch allow to cache mail data
$cache_key = $content_type.'-'.$lang_info['code'];
if (!empty($args['auth_key']))
{
$cache_key.= '-'.$args['auth_key'];
}
if (!isset($conf_mail[$cache_key]))
{
@@ -709,9 +736,15 @@ function pwg_mail($to, $args=array(), $tpl=array())
$template->set_filename('mail_header', 'header.tpl');
$template->set_filename('mail_footer', 'footer.tpl');
$add_url_params = array();
if (!empty($args['auth_key']))
{
$add_url_params['auth'] = $args['auth_key'];
}
$template->assign(
array(
'GALLERY_URL' => get_gallery_home_url(),
'GALLERY_URL' => add_url_params(get_gallery_home_url(), $add_url_params),
'GALLERY_TITLE' => isset($page['gallery_title']) ? $page['gallery_title'] : $conf['gallery_title'],
'VERSION' => $conf['show_version'] ? PHPWG_VERSION : '',
'PHPWG_URL' => defined('PHPWG_URL') ? PHPWG_URL : '',
+48 -19
View File
@@ -395,27 +395,45 @@ function add_news_line(&$news, $count, $singular_key, $plural_key, $url='', $add
* @param bool $add_url add html link around news
* @return array
*/
function news($start=null, $end=null, $exclude_img_cats=false, $add_url=false)
function news($start=null, $end=null, $exclude_img_cats=false, $add_url=false, $auth_key=null)
{
$news = array();
if (!$exclude_img_cats)
$add_url_params = array();
if (isset($auth_key))
{
add_news_line( $news,
nb_new_elements($start, $end), '%d new photo', '%d new photos',
make_index_url(array('section'=>'recent_pics')), $add_url );
$add_url_params['auth'] = $auth_key;
}
if (!$exclude_img_cats)
{
add_news_line( $news,
nb_updated_categories($start, $end), '%d album updated', '%d albums updated',
make_index_url(array('section'=>'recent_cats')), $add_url );
add_news_line(
$news,
nb_new_elements($start, $end),
'%d new photo',
'%d new photos',
add_url_params(make_index_url(array('section'=>'recent_pics')), $add_url_params),
$add_url
);
add_news_line(
$news,
nb_updated_categories($start, $end),
'%d album updated',
'%d albums updated',
add_url_params(make_index_url(array('section'=>'recent_cats')), $add_url_params),
$add_url
);
}
add_news_line( $news,
nb_new_comments($start, $end), '%d new comment', '%d new comments',
get_root_url().'comments.php', $add_url );
add_news_line(
$news,
nb_new_comments($start, $end),
'%d new comment',
'%d new comments',
add_url_params(get_root_url().'comments.php', $add_url_params),
$add_url
);
if (is_admin())
{
@@ -527,17 +545,23 @@ function get_recent_post_dates_array($args)
* @param array $date_detail returned value of get_recent_post_dates()
* @return string
*/
function get_html_description_recent_post_date($date_detail)
function get_html_description_recent_post_date($date_detail, $auth_key=null)
{
global $conf;
$add_url_params = array();
if (isset($auth_key))
{
$add_url_params['auth'] = $auth_key;
}
$description = '<ul>';
$description .=
'<li>'
.l10n_dec('%d new photo', '%d new photos', $date_detail['nb_elements'])
.' ('
.'<a href="'.make_index_url(array('section'=>'recent_pics')).'">'
.'<a href="'.add_url_params(make_index_url(array('section'=>'recent_pics')), $add_url_params).'">'
.l10n('Recent photos').'</a>'
.')'
.'</li><br>';
@@ -546,11 +570,16 @@ function get_html_description_recent_post_date($date_detail)
{
$tn_src = DerivativeImage::thumb_url($element);
$description .= '<a href="'.
make_picture_url(array(
'image_id' => $element['id'],
'image_file' => $element['file'],
))
.'"><img src="'.$tn_src.'"></a>';
add_url_params(
make_picture_url(
array(
'image_id' => $element['id'],
'image_file' => $element['file'],
)
),
$add_url_params
)
.'"><img src="'.$tn_src.'"></a>';
}
$description .= '...<br>';
@@ -564,7 +593,7 @@ function get_html_description_recent_post_date($date_detail)
{
$description .=
'<li>'
.get_cat_display_name_cache($cat['uppercats'])
.get_cat_display_name_cache($cat['uppercats'],'', false, null, $auth_key)
.' ('.
l10n_dec('%d new photo', '%d new photos', $cat['img_count']).')'
.'</li>';
+135
View File
@@ -1462,4 +1462,139 @@ function get_recent_photos_sql($db_field)
.pwg_db_get_recent_period_expression($user['recent_period'])
.','.pwg_db_get_recent_period_expression(1,$user['last_photo_date']).')';
}
/**
* Performs auto-connection if authentication key is valid.
*
* @since 2.8
*
* @return bool
*/
function auth_key_login($auth_key)
{
global $conf, $user, $page;
if ($user['id'] != $conf['guest_id'])
{
return false;
}
if (!preg_match('/^[a-z0-9]{30}$/i', $auth_key))
{
return false;
}
$query = '
SELECT
*,
'.$conf['user_fields']['username'].' AS username,
NOW() AS dbnow
FROM '.USER_AUTH_KEYS_TABLE.' AS uak
JOIN '.USER_INFOS_TABLE.' AS ui ON uak.user_id = ui.user_id
JOIN '.USERS_TABLE.' AS u ON u.'.$conf['user_fields']['id'].' = ui.user_id
WHERE auth_key = \''.$auth_key.'\'
;';
$keys = query2array($query);
if (count($keys) == 0)
{
return false;
}
$key = $keys[0];
// is the key still valid?
if (strtotime($key['expired_on']) < strtotime($key['dbnow']))
{
return false;
}
// admin/webmaster/guest can't get connected with authentication keys
if (!in_array($key['status'], array('normal','generic')))
{
return false;
}
$user['id'] = $key['user_id'];
log_user($user['id'], false);
trigger_notify('login_success', stripslashes($key['username']));
// to be registered in history table by pwg_log function
$page['auth_key_id'] = $key['auth_key_id'];
return true;
}
/**
* Creates an authentication key.
*
* @since 2.8
* @param int $user_id
* @return array
*/
function create_user_auth_key($user_id, $user_status=null)
{
global $conf;
if (0 == $conf['auth_key_duration'])
{
return false;
}
if (!isset($user_status))
{
// we have to find the user status
$query = '
SELECT
status
FROM '.USER_INFOS_TABLE.'
WHERE user_id = '.$user_id.'
;';
$user_infos = query2array($query);
if (count($user_infos) == 0)
{
return false;
}
$user_status = $user_infos[0]['status'];
}
if (!in_array($user_status, array('normal','generic')))
{
return false;
}
$candidate = generate_key(30);
$query = '
SELECT
COUNT(*),
NOW(),
ADDDATE(NOW(), INTERVAL '.$conf['auth_key_duration'].' SECOND)
FROM '.USER_AUTH_KEYS_TABLE.'
WHERE auth_key = \''.$candidate.'\'
;';
list($counter, $now, $expiration) = pwg_db_fetch_row(pwg_query($query));
if (0 == $counter)
{
$key = array(
'auth_key' => $candidate,
'user_id' => $user_id,
'created_on' => $now,
'duration' => $conf['auth_key_duration'],
'expired_on' => $expiration,
);
single_insert(USER_AUTH_KEYS_TABLE, $key);
$key['auth_key_id'] = pwg_db_insert_id();
return $key;
}
else
{
return create_user_auth_key($user_id, $user_status);
}
}
?>
+6
View File
@@ -65,6 +65,12 @@ if ($conf['apache_authentication'])
}
}
// automatic login by authentication key
if (isset($_GET['auth']))
{
auth_key_login($_GET['auth']);
}
$user = build_user( $user['id'],
( defined('IN_ADMIN') and IN_ADMIN ) ? false : true // use cache ?
);
+46
View File
@@ -0,0 +1,46 @@
<?php
// +-----------------------------------------------------------------------+
// | Piwigo - a PHP based photo gallery |
// +-----------------------------------------------------------------------+
// | Copyright(C) 2008-2015 Piwigo Team http://piwigo.org |
// | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net |
// | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick |
// +-----------------------------------------------------------------------+
// | This program is free software; you can redistribute it and/or modify |
// | it under the terms of the GNU General Public License as published by |
// | the Free Software Foundation |
// | |
// | This program is distributed in the hope that it will be useful, but |
// | WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
// | General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software |
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
// | USA. |
// +-----------------------------------------------------------------------+
if (!defined('PHPWG_ROOT_PATH'))
{
die('Hacking attempt!');
}
$upgrade_description = 'add user authentication keys table';
// we use PREFIX_TABLE, in case Piwigo uses an external user table
pwg_query('
CREATE TABLE `'.PREFIX_TABLE.'user_auth_keys` (
`auth_key_id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`auth_key` varchar(255) NOT NULL,
`user_id` mediumint(8) unsigned NOT NULL,
`created_on` datetime NOT NULL,
`duration` int(11) unsigned DEFAULT NULL,
`expired_on` datetime NOT NULL,
PRIMARY KEY (`auth_key_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8
;');
echo "\n".$upgrade_description."\n";
?>
+39
View File
@@ -0,0 +1,39 @@
<?php
// +-----------------------------------------------------------------------+
// | Piwigo - a PHP based photo gallery |
// +-----------------------------------------------------------------------+
// | Copyright(C) 2008-2015 Piwigo Team http://piwigo.org |
// | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net |
// | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick |
// +-----------------------------------------------------------------------+
// | This program is free software; you can redistribute it and/or modify |
// | it under the terms of the GNU General Public License as published by |
// | the Free Software Foundation |
// | |
// | This program is distributed in the hope that it will be useful, but |
// | WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
// | General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software |
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
// | USA. |
// +-----------------------------------------------------------------------+
if (!defined('PHPWG_ROOT_PATH'))
{
die('Hacking attempt!');
}
$upgrade_description = 'add auth_key_id in history table';
// we use PREFIX_TABLE, in case Piwigo uses an external user table
pwg_query('
ALTER TABLE `'.PREFIX_TABLE.'history`
ADD COLUMN `auth_key_id` int(11) unsigned DEFAULT NULL
;');
echo "\n".$upgrade_description."\n";
?>
@@ -1,6 +1,6 @@
<div id="cat_group_info">
<h2>{'Informations'|@translate}</h2>
<p>{$IMG_URL}</p>
<p><a href="{$IMG.link}" class="thumblnk"><img src="{$IMG.src}"></a></p>
<p>{'Hello,'|@translate}</p>
<p>{'Discover album:'|@translate} <a href="{$LINK}">{$CAT_NAME}</a></p>
<p>{$CPL_CONTENT}</p>