Fix bug 451: Auto login does not work properly

svn merge r1492:1493 from trunk svn merge r1510:1511 from trunk svn merge r1521:1522 from trunk svn merge r1523:1524 from trunk svn merge r1525:1526 from trunk auto_login key add to users table: - add update script - update upgrade_1.5.0.php script (related to svn:1553) git-svn-id: http://piwigo.org/svn/branches/branch-1_6@1554 68402e56-0260-453c-a942-63ccdbb3a9ee
2026-03-28 17:42:57 +01:00 · 2006-10-04 20:50:20 +00:00
parent cbf63ed4e2
commit d5b1c1be9e
9 changed files with 167 additions and 32 deletions
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -25,26 +25,52 @@
 // | USA.                                                                  |
 // +-----------------------------------------------------------------------+

-// retrieving connected user informations
 if (isset($_COOKIE[session_name()])) 
 {
- session_start();
- if (isset($_SESSION['pwg_uid']))
- {
-   $user['id'] = $_SESSION['pwg_uid'];
-   $user['is_the_guest'] = false;
- }
- else 
- {
-   // session timeout
-   $user['id'] = $conf['guest_id'];
-   $user['is_the_guest'] = true;
- }
-} 
-else 
+  session_start();
+  if (isset($_GET['act']) and $_GET['act'] == 'logout')
+  {
+    // logout
+    $_SESSION = array();
+    session_unset();
+    session_destroy();
+    setcookie(session_name(),'',0,
+	      ini_get('session.cookie_path'), 
+	      ini_get('session.cookie_domain') 
+	      );
+    setcookie($conf['remember_me_name'], '', 0, cookie_path());
+    redirect(make_index_url());
+  } 
+  elseif (empty($_SESSION['pwg_uid'])) 
+  {
+    // timeout
+    setcookie(session_name(),'',0,
+	      ini_get('session.cookie_path'), 
+	      ini_get('session.cookie_domain') 
+	      );
+  }
+  else
+  {
+    $user['id'] = $_SESSION['pwg_uid'];
+    $user['is_the_guest'] = false;
+  }
+}
+elseif (!empty($_COOKIE[$conf['remember_me_name']]))
 {
- $user['id'] = $conf['guest_id'];
- $user['is_the_guest'] = true;
+  auto_login();
+} 
+else
+{
+  $user['id'] = $conf['guest_id'];
+  $user['is_the_guest'] = true;
+}
+
+if ($user['is_the_guest'] and !$conf['guest_access'] 
+    and (basename($_SERVER['PHP_SELF'])!='identification.php')
+    and (basename($_SERVER['PHP_SELF'])!='password.php')
+    and (basename($_SERVER['PHP_SELF'])!='register.php'))
+{
+  redirect (get_root_url().'identification.php');
 }

 // using Apache authentication override the above user search
@@ -58,6 +84,7 @@ if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER']))
  
  $user['is_the_guest'] = false;
 }
+
 $user = array_merge(
  $user,
  getuserdata(