external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Make remembered sessions actually save themselves.

Browse source 
Also clean up a notice in index.php

Signed-off-by: Loui Chang <louipc.ist@gmail.com>
This commit is contained in:
Loui Chang 2008-11-17 11:45:12 -05:00
parent 836c162946
commit 692cc1e953
3 changed files with 27 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
web/html/index.php
View file

@ -11,6 +11,7 @@ set_lang();
check_sid(); check_sid();
html_header( __("Home") ); html_header( __("Home") );
$dbh = db_connect(); $dbh = db_connect();
?> ?>
@ -56,8 +57,8 @@ echo __(
</td> </td>
<td class='boxSoft' valign='top'> <td class='boxSoft' valign='top'>
<?php <?php
$user = username_from_sid($_COOKIE["AURSID"]); if (!empty($_COOKIE["AURSID"])) {
if (!empty($user)) { $user = username_from_sid($_COOKIE["AURSID"]);
user_table($user, $dbh); user_table($user, $dbh);
echo '<br />'; echo '<br />';
} }

14
web/lib/acctfuncs.inc
View file

@ -632,24 +632,32 @@ function try_login() {
$q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS)" $q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS)"
." VALUES ( $userID, '" . $new_sid . "', UNIX_TIMESTAMP())"; ." VALUES ( $userID, '" . $new_sid . "', UNIX_TIMESTAMP())";
$result = db_query($q, $dbh); $result = db_query($q, $dbh);
# Query will fail if $new_sid is not unique # Query will fail if $new_sid is not unique
#
if ($result) { if ($result) {
$logged_in = 1; $logged_in = 1;
break; break;
} }
$num_tries++; $num_tries++;
} }
if ($logged_in) { if ($logged_in) {
# set our SID cookie # set our SID cookie
if ($_POST['remember_me'] == "on") if ($_POST['remember_me'] == "on") {
# Set cookies for 30 days. # Set cookies for 30 days.
$cookie_time = time() + (60 * 60 * 24 * 30); $cookie_time = time() + (60 * 60 * 24 * 30);
# Set session for 30 days.
$q = "UPDATE Sessions SET LastUpdateTS = $cookie_time ";
$q.= "WHERE SessionID = '$new_sid'";
db_query($q, $dbh);
}
else else
$cookie_time = 0; $cookie_time = 0;
setcookie("AURSID", $new_sid, $cookie_time, "/"); setcookie("AURSID", $new_sid, $cookie_time, "/");
# header("Location: /index.php");
header("Location: " . $_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING']); header("Location: " . $_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING']);
$login_error = ""; $login_error = "";

17
web/lib/aur.inc
View file

@ -86,10 +86,12 @@ function check_sid() {
$failed = 1; $failed = 1;
} else { } else {
$row = mysql_fetch_row($result); $row = mysql_fetch_row($result);
if ($row[0] + $LOGIN_TIMEOUT <= $row[1]) { $last_update = $row[0];
if ($last_update + $LOGIN_TIMEOUT <= $row[1]) {
$failed = 2; $failed = 2;
} }
} }
if ($failed == 1) { if ($failed == 1) {
# clear out the hacker's cookie, and send them to a naughty page # clear out the hacker's cookie, and send them to a naughty page
# why do you have to be so harsh on these people!? # why do you have to be so harsh on these people!?
@ -110,10 +112,17 @@ function check_sid() {
} else { } else {
# still logged in and haven't reached the timeout, go ahead # still logged in and haven't reached the timeout, go ahead
# and update the idle timestamp # and update the idle timestamp
# Only update the timestamp if it is less than the
# current time plus $LOGIN_TIMEOUT.
# #
$q = "UPDATE Sessions SET LastUpdateTS = UNIX_TIMESTAMP() "; # This keeps 'remembered' sessions from being
$q.= "WHERE SessionID = '".mysql_real_escape_string($_COOKIE["AURSID"])."'"; # overwritten.
db_query($q, $dbh); if ($last_update < time() + $LOGIN_TIMEOUT) {
$q = "UPDATE Sessions SET LastUpdateTS = UNIX_TIMESTAMP() ";
$q.= "WHERE SessionID = '".mysql_real_escape_string($_COOKIE["AURSID"])."'";
db_query($q, $dbh);
}
} }
} }
return; return;