[gentoo-commits] proj/bouncer:master commit in: php/lib/ - gentoo-commits

From:	Brian Evans <grknight@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/bouncer:master commit in: php/lib/
Date:	Tue, 30 Jan 2018 18:16:25
Message-Id:	`1517325485.584d92e682b2fb5f373953ed28e5b802079d4ccc.grknight@gentoo`

1

commit:     584d92e682b2fb5f373953ed28e5b802079d4ccc

2

Author:     Brian Evans <grknight <AT> gentoo <DOT> org>

3

AuthorDate: Tue Jan 30 15:18:05 2018 +0000

4

Commit:     Brian Evans <grknight <AT> gentoo <DOT> org>

5

CommitDate: Tue Jan 30 15:18:05 2018 +0000

6

URL:        https://gitweb.gentoo.org/proj/bouncer.git/commit/?id=584d92e6

7

8

Fix authentication

9

10

 php/lib/auth.php | 23 +++++++++++++----------

11

 1 file changed, 13 insertions(+), 10 deletions(-)

12

13

diff --git a/php/lib/auth.php b/php/lib/auth.php

14

index 68bf91a..610b3c2 100644

15

--- a/php/lib/auth.php

16

+++ b/php/lib/auth.php

17

@@ -14,17 +14,17 @@ class Auth {

18

*/

19

 public static function is_valid_session()

20

{

21

-    $cookieAdmin = filter_input(INPUT_COOKIE, 'mozilla-mirror-admin');

22

-    if (!empty($cookieAdmin)) {  // check cookie

23

-        $res = DB::query("SELECT * FROM mirror_sessions WHERE session_id = ?", [$cookieAdmin]);  // check db for id

24

+    if (session_status() !== PHP_SESSION_ACTIVE) {

25

+	session_name('mozilla-mirror-admin');

26

+	session_start();

27

+    }

28

+    if (!empty($_SESSION['user'])) {  // check cookie

29

+        $res = DB::query("SELECT * FROM mirror_sessions WHERE session_id = ?", [session_id()]);  // check db for id

30

         if ($res && DB::numrows($res)>0) {

31

             $buf = DB::fetch($res,PDO::FETCH_ASSOC);

32

             // comment line below to disable gc and allow multiple sessions per username

33

-            DB::query("DELETE FROM mirror_sessions WHERE username=? AND session_id != ?", [$buf['username'], $cookieAdmin]);  // garbage collection

34

+            DB::query("DELETE FROM mirror_sessions WHERE username=? AND session_id != ?", [$buf['username'], session_id()]);  // garbage collection

35

             $user = DB::fetch(DB::query("SELECT * FROM mirror_users WHERE username=?", [$buf['username']]),PDO::FETCH_ASSOC);

36

-            if (empty($_SESSION)) {

37

-                static::create_session($user);  // if session isn't started, create it and push user data

38

-            }

39

             return true;

40

}

41

}

42

@@ -74,7 +74,7 @@ public static function create_session($user,$secure=0)

43

     session_name('mozilla-mirror-admin');

44

     session_set_cookie_params(0,'/',$_SERVER['HTTP_HOST'],$secure);

45

     session_start();

46

-    DB::query("INSERT INTO mirror_sessions(session_id,username) VALUES(?,?)", [session_id(), $user['username']]);

47

+    DB::query("INSERT IGNORE INTO mirror_sessions(session_id,username) VALUES(?,?)", [session_id(), $user['username']]);

48

     $_SESSION['user']=$user;

49

}

50

51

@@ -84,8 +84,11 @@ public static function create_session($user,$secure=0)

52

 public static function logout()

53

{

54

     // comment line below to keep gc from deleting other sessions for this user

55

-    $cookieAdmin = filter_input(INPUT_COOKIE, 'mozilla-mirror-admin');

56

-    DB::query("DELETE FROM mirror_sessions WHERE session_id=? OR username=?", [$cookieAdmin, $_SESSION['user']['username']]);

57

+    if (session_status() !== PHP_SESSION_ACTIVE) {

58

+	session_name('mozilla-mirror-admin');

59

+	session_start();

60

+    }

61

+    DB::query("DELETE FROM mirror_sessions WHERE session_id=? OR username=?", [session_id(), $_SESSION['user']['username']]);

62

     $_COOKIE = array();

63

     $_SESSION = array();

64

}

1	commit: 584d92e682b2fb5f373953ed28e5b802079d4ccc
2	Author: Brian Evans <grknight <AT> gentoo <DOT> org>
3	AuthorDate: Tue Jan 30 15:18:05 2018 +0000
4	Commit: Brian Evans <grknight <AT> gentoo <DOT> org>
5	CommitDate: Tue Jan 30 15:18:05 2018 +0000
6	URL: https://gitweb.gentoo.org/proj/bouncer.git/commit/?id=584d92e6
7
8	Fix authentication
9
10	php/lib/auth.php \| 23 +++++++++++++----------
11	1 file changed, 13 insertions(+), 10 deletions(-)
12
13	diff --git a/php/lib/auth.php b/php/lib/auth.php
14	index 68bf91a..610b3c2 100644
15	--- a/php/lib/auth.php
16	+++ b/php/lib/auth.php
17	@@ -14,17 +14,17 @@ class Auth {
18	*/
19	public static function is_valid_session()
20	{
21	- $cookieAdmin = filter_input(INPUT_COOKIE, 'mozilla-mirror-admin');
22	- if (!empty($cookieAdmin)) { // check cookie
23	- $res = DB::query("SELECT * FROM mirror_sessions WHERE session_id = ?", [$cookieAdmin]); // check db for id
24	+ if (session_status() !== PHP_SESSION_ACTIVE) {
25	+ session_name('mozilla-mirror-admin');
26	+ session_start();
27	+ }
28	+ if (!empty($_SESSION['user'])) { // check cookie
29	+ $res = DB::query("SELECT * FROM mirror_sessions WHERE session_id = ?", [session_id()]); // check db for id
30	if ($res && DB::numrows($res)>0) {
31	$buf = DB::fetch($res,PDO::FETCH_ASSOC);
32	// comment line below to disable gc and allow multiple sessions per username
33	- DB::query("DELETE FROM mirror_sessions WHERE username=? AND session_id != ?", [$buf['username'], $cookieAdmin]); // garbage collection
34	+ DB::query("DELETE FROM mirror_sessions WHERE username=? AND session_id != ?", [$buf['username'], session_id()]); // garbage collection
35	$user = DB::fetch(DB::query("SELECT * FROM mirror_users WHERE username=?", [$buf['username']]),PDO::FETCH_ASSOC);
36	- if (empty($_SESSION)) {
37	- static::create_session($user); // if session isn't started, create it and push user data
38	- }
39	return true;
40	}
41	}
42	@@ -74,7 +74,7 @@ public static function create_session($user,$secure=0)
43	session_name('mozilla-mirror-admin');
44	session_set_cookie_params(0,'/',$_SERVER['HTTP_HOST'],$secure);
45	session_start();
46	- DB::query("INSERT INTO mirror_sessions(session_id,username) VALUES(?,?)", [session_id(), $user['username']]);
47	+ DB::query("INSERT IGNORE INTO mirror_sessions(session_id,username) VALUES(?,?)", [session_id(), $user['username']]);
48	$_SESSION['user']=$user;
49	}
50
51	@@ -84,8 +84,11 @@ public static function create_session($user,$secure=0)
52	public static function logout()
53	{
54	// comment line below to keep gc from deleting other sessions for this user
55	- $cookieAdmin = filter_input(INPUT_COOKIE, 'mozilla-mirror-admin');
56	- DB::query("DELETE FROM mirror_sessions WHERE session_id=? OR username=?", [$cookieAdmin, $_SESSION['user']['username']]);
57	+ if (session_status() !== PHP_SESSION_ACTIVE) {
58	+ session_name('mozilla-mirror-admin');
59	+ session_start();
60	+ }
61	+ DB::query("DELETE FROM mirror_sessions WHERE session_id=? OR username=?", [session_id(), $_SESSION['user']['username']]);
62	$_COOKIE = array();
63	$_SESSION = array();
64	}

Gentoo Archives: gentoo-commits