Polemic Tweet — logout

# HG changeset patch # User Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> # Date 1385425119 -3600 # Node ID df016fc8bbdbd87944e2adb84cde619a7f14f0b2 # Parent c294569b0725b6d5236f25b40a674b834bf501db correct authentication and put the login/password in the config template. diff -r c294569b0725 -r df016fc8bbdb web/common.php --- a/web/common.php Mon Nov 25 22:28:08 2013 +0100 +++ b/web/common.php Tue Nov 26 01:18:39 2013 +0100 @@ -407,16 +407,28 @@ $realm = 'Polemictweet restricted area'; +/*function authenticate($users, $translate) { + if (!isset($_SESSION['user_id'])) + { + // Fetch current URL + $this_url = $_SERVER['REQUEST_URI']; + + // Redirect to login page passing current URL + header('Location: login.php?return_url=' . urlencode($this_url)); + exit; + } +}*/ + function authenticate($users, $translate) { global $realm; - if (empty($_SERVER['PHP_AUTH_DIGEST'])) { + + if (empty($_SERVER['PHP_AUTH_DIGEST']) || !isset($_SESSION['http_digest_nonce'])) { $_SESSION['http_digest_nonce'] = uniqid(); header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Digest realm="'.$realm. '",qop="auth",nonce="'.$_SESSION['http_digest_nonce'].'",opaque="'.md5($realm).'"'); - return array('error' => $translate->_('This area is restricted, please authenticate')); } @@ -425,6 +437,8 @@ if (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) || !isset($users[$data['username']])) { $_SERVER['PHP_AUTH_DIGEST'] = ''; + unset($_SESSION['auth']); + unset($_SESSION['http_digest_nonce']); return array('error' => $translate->_('Wrong Credentials!')); } @@ -436,20 +450,21 @@ if ($data['response'] != $valid_response) { $_SERVER['PHP_AUTH_DIGEST'] = ''; + unset($_SESSION['http_digest_nonce']); + unset($_SESSION['auth']); return array('error' => $translate->_('Wrong Credentials!')); } // ok, valid username & password - $_SESSION['auth'] = $data; + $_SESSION['auth'] = $data['username']; return $data; } function logout() { global $realm; - $_SESSION['auth'] = null; - header('HTTP/1.1 401 Unauthorized'); - header('WWW-Authenticate: Digest realm="'.$realm.'",qop="auth",nonce="'.$_SESSION['http_digest_nonce'].'",opaque="'.md5($realm).'"'); + unset($_SESSION['auth']); + unset($_SESSION['http_digest_nonce']); } diff -r c294569b0725 -r df016fc8bbdb web/config.php.tmpl --- a/web/config.php.tmpl Mon Nov 25 22:28:08 2013 +0100 +++ b/web/config.php.tmpl Tue Nov 26 01:18:39 2013 +0100 @@ -10,5 +10,6 @@ define('SECRET', '^e)3u&jwy@#156no9lmc1s&$g-x0n@lb=(+xgovk#5^kb)qvkb'); $C_default_registry = 'cdn'; +$C_event_users = array('polemictweet' => 'polemictweet'.date('Y/m/d')); $ldt_platform = 'http://ldt.iri.centrepompidou.fr/'; diff -r c294569b0725 -r df016fc8bbdb web/event_form.php --- a/web/event_form.php Mon Nov 25 22:28:08 2013 +0100 +++ b/web/event_form.php Tue Nov 26 01:18:39 2013 +0100 @@ -167,7 +167,7 @@

_("Event_example"); ?>

- + - - - - - Polemic Tweet — logout - - - - - ' rel='stylesheet' type='text/css'> - ' rel='stylesheet' type='text/css'> - - - - - - - - - - - - - - - -

- - - - - -

- If you are not redirected automatically, follow the link - -

- - \ No newline at end of file +header("location:".URL_ROOT); +exit(); diff -r c294569b0725 -r df016fc8bbdb web/res/css/custom.css --- a/web/res/css/custom.css Mon Nov 25 22:28:08 2013 +0100 +++ b/web/res/css/custom.css Tue Nov 26 01:18:39 2013 +0100 @@ -211,3 +211,7 @@ width: 16px; display: inline-block; } + +#event-form { + margin-bottom: 20px; +} diff -r c294569b0725 -r df016fc8bbdb web/traductions/en.php --- a/web/traductions/en.php Mon Nov 25 22:28:08 2013 +0100 +++ b/web/traductions/en.php Tue Nov 26 01:18:39 2013 +0100 @@ -201,6 +201,10 @@ "archive_title_help" => "Title of the archive.", "archive_description_help" => "Description of the archive.", + "Wrong Credentials!" => "Wrong Credentials!", + "This area is restricted, please authenticate" => "This area is restricted, please authenticate", + + "Event_error_empty_title" => "Error, the event title is empty.", "Event_recorded_message" => "Your event as been correctly recorded. Contact us to publish it on Polemictweet.", "Event_confirm_delete_archive" => "Are your sure to delete the event configuration ?", diff -r c294569b0725 -r df016fc8bbdb web/traductions/fr.php --- a/web/traductions/fr.php Mon Nov 25 22:28:08 2013 +0100 +++ b/web/traductions/fr.php Tue Nov 26 01:18:39 2013 +0100 @@ -194,6 +194,10 @@ "archive_title_help" => "Titre de l'archive dans la liste des événements passés.", "archive_description_help" => "Description de l'archive dans la liste des événements passés.", + "Wrong Credentials!" => "Mauvais login/mot de passe !", + "This area is restricted, please authenticate" => "L'accès à cette zone est restreint, veuillez vous authentifier.", + + "Event_error_empty_title" => "Erreur, le titre de l'évènement est vide.", "Event_recorded_message" => "Votre évènement a été correctement enregistré. Contactez nous pour le publier sur Polemictweet.", "Event_confirm_delete_archive" => "Êtes-vous sur de vouloir effacer cette configuration d'évènement ?", diff -r c294569b0725 -r df016fc8bbdb web/traductions/ja.php --- a/web/traductions/ja.php Mon Nov 25 22:28:08 2013 +0100 +++ b/web/traductions/ja.php Tue Nov 26 01:18:39 2013 +0100 @@ -192,6 +192,9 @@ "archive_title_help" => "Title of the archive.", "archive_description_help" => "Description of the archive.", + "Wrong Credentials!" => "Wrong Credentials!", + "This area is restricted, please authenticate" => "This area is restricted, please authenticate", + "Event_error_empty_title" => "Error, the event title is empty.", "Event_recorded_message" => "Your event as been correctly recorded. Contact us to publish it on Polemictweet.", "Event_confirm_delete_archive" => "Are your sure to delete the event configuration ?",