commit: 584d92e682b2fb5f373953ed28e5b802079d4ccc
Author: Brian Evans <grknight <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 30 15:18:05 2018 +0000
Commit: Brian Evans <grknight <AT> gentoo <DOT> org>
CommitDate: Tue Jan 30 15:18:05 2018 +0000
URL: https://gitweb.gentoo.org/proj/bouncer.git/commit/?id=584d92e6
Fix authentication
php/lib/auth.php | 23 +++++++++++++----------
1 file changed, 13 insertions(+), 10 deletions(-)
diff --git a/php/lib/auth.php b/php/lib/auth.php
index 68bf91a..610b3c2 100644
--- a/php/lib/auth.php
+++ b/php/lib/auth.php
@@ -14,17 +14,17 @@ class Auth {
*/
public static function is_valid_session()
{
- $cookieAdmin = filter_input(INPUT_COOKIE, 'mozilla-mirror-admin');
- if (!empty($cookieAdmin)) { // check cookie
- $res = DB::query("SELECT * FROM mirror_sessions WHERE session_id = ?",
[$cookieAdmin]); // check db for id
+ if (session_status() !== PHP_SESSION_ACTIVE) {
+ session_name('mozilla-mirror-admin');
+ session_start();
+ }
+ if (!empty($_SESSION['user'])) { // check cookie
+ $res = DB::query("SELECT * FROM mirror_sessions WHERE session_id = ?",
[session_id()]); // check db for id
if ($res && DB::numrows($res)>0) {
$buf = DB::fetch($res,PDO::FETCH_ASSOC);
// comment line below to disable gc and allow multiple sessions
per username
- DB::query("DELETE FROM mirror_sessions WHERE username=? AND
session_id != ?", [$buf['username'], $cookieAdmin]); // garbage collection
+ DB::query("DELETE FROM mirror_sessions WHERE username=? AND
session_id != ?", [$buf['username'], session_id()]); // garbage collection
$user = DB::fetch(DB::query("SELECT * FROM mirror_users WHERE
username=?", [$buf['username']]),PDO::FETCH_ASSOC);
- if (empty($_SESSION)) {
- static::create_session($user); // if session isn't started,
create it and push user data
- }
return true;
}
}
@@ -74,7 +74,7 @@ public static function create_session($user,$secure=0)
session_name('mozilla-mirror-admin');
session_set_cookie_params(0,'/',$_SERVER['HTTP_HOST'],$secure);
session_start();
- DB::query("INSERT INTO mirror_sessions(session_id,username) VALUES(?,?)",
[session_id(), $user['username']]);
+ DB::query("INSERT IGNORE INTO mirror_sessions(session_id,username)
VALUES(?,?)", [session_id(), $user['username']]);
$_SESSION['user']=$user;
}
@@ -84,8 +84,11 @@ public static function create_session($user,$secure=0)
public static function logout()
{
// comment line below to keep gc from deleting other sessions for this user
- $cookieAdmin = filter_input(INPUT_COOKIE, 'mozilla-mirror-admin');
- DB::query("DELETE FROM mirror_sessions WHERE session_id=? OR username=?",
[$cookieAdmin, $_SESSION['user']['username']]);
+ if (session_status() !== PHP_SESSION_ACTIVE) {
+ session_name('mozilla-mirror-admin');
+ session_start();
+ }
+ DB::query("DELETE FROM mirror_sessions WHERE session_id=? OR username=?",
[session_id(), $_SESSION['user']['username']]);
$_COOKIE = array();
$_SESSION = array();
}
