1 |
commit: 584d92e682b2fb5f373953ed28e5b802079d4ccc |
2 |
Author: Brian Evans <grknight <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Jan 30 15:18:05 2018 +0000 |
4 |
Commit: Brian Evans <grknight <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Jan 30 15:18:05 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/bouncer.git/commit/?id=584d92e6 |
7 |
|
8 |
Fix authentication |
9 |
|
10 |
php/lib/auth.php | 23 +++++++++++++---------- |
11 |
1 file changed, 13 insertions(+), 10 deletions(-) |
12 |
|
13 |
diff --git a/php/lib/auth.php b/php/lib/auth.php |
14 |
index 68bf91a..610b3c2 100644 |
15 |
--- a/php/lib/auth.php |
16 |
+++ b/php/lib/auth.php |
17 |
@@ -14,17 +14,17 @@ class Auth { |
18 |
*/ |
19 |
public static function is_valid_session() |
20 |
{ |
21 |
- $cookieAdmin = filter_input(INPUT_COOKIE, 'mozilla-mirror-admin'); |
22 |
- if (!empty($cookieAdmin)) { // check cookie |
23 |
- $res = DB::query("SELECT * FROM mirror_sessions WHERE session_id = ?", [$cookieAdmin]); // check db for id |
24 |
+ if (session_status() !== PHP_SESSION_ACTIVE) { |
25 |
+ session_name('mozilla-mirror-admin'); |
26 |
+ session_start(); |
27 |
+ } |
28 |
+ if (!empty($_SESSION['user'])) { // check cookie |
29 |
+ $res = DB::query("SELECT * FROM mirror_sessions WHERE session_id = ?", [session_id()]); // check db for id |
30 |
if ($res && DB::numrows($res)>0) { |
31 |
$buf = DB::fetch($res,PDO::FETCH_ASSOC); |
32 |
// comment line below to disable gc and allow multiple sessions per username |
33 |
- DB::query("DELETE FROM mirror_sessions WHERE username=? AND session_id != ?", [$buf['username'], $cookieAdmin]); // garbage collection |
34 |
+ DB::query("DELETE FROM mirror_sessions WHERE username=? AND session_id != ?", [$buf['username'], session_id()]); // garbage collection |
35 |
$user = DB::fetch(DB::query("SELECT * FROM mirror_users WHERE username=?", [$buf['username']]),PDO::FETCH_ASSOC); |
36 |
- if (empty($_SESSION)) { |
37 |
- static::create_session($user); // if session isn't started, create it and push user data |
38 |
- } |
39 |
return true; |
40 |
} |
41 |
} |
42 |
@@ -74,7 +74,7 @@ public static function create_session($user,$secure=0) |
43 |
session_name('mozilla-mirror-admin'); |
44 |
session_set_cookie_params(0,'/',$_SERVER['HTTP_HOST'],$secure); |
45 |
session_start(); |
46 |
- DB::query("INSERT INTO mirror_sessions(session_id,username) VALUES(?,?)", [session_id(), $user['username']]); |
47 |
+ DB::query("INSERT IGNORE INTO mirror_sessions(session_id,username) VALUES(?,?)", [session_id(), $user['username']]); |
48 |
$_SESSION['user']=$user; |
49 |
} |
50 |
|
51 |
@@ -84,8 +84,11 @@ public static function create_session($user,$secure=0) |
52 |
public static function logout() |
53 |
{ |
54 |
// comment line below to keep gc from deleting other sessions for this user |
55 |
- $cookieAdmin = filter_input(INPUT_COOKIE, 'mozilla-mirror-admin'); |
56 |
- DB::query("DELETE FROM mirror_sessions WHERE session_id=? OR username=?", [$cookieAdmin, $_SESSION['user']['username']]); |
57 |
+ if (session_status() !== PHP_SESSION_ACTIVE) { |
58 |
+ session_name('mozilla-mirror-admin'); |
59 |
+ session_start(); |
60 |
+ } |
61 |
+ DB::query("DELETE FROM mirror_sessions WHERE session_id=? OR username=?", [session_id(), $_SESSION['user']['username']]); |
62 |
$_COOKIE = array(); |
63 |
$_SESSION = array(); |
64 |
} |