Follow-up Comment #12, bug #26264 (project librefm):
Hi, almost there now; just a few of things:
1) The indentation is inconsistent, you're mixing tabs and spaces.
2) You never get $register out of the $_POST array, so this code will only
work when auto registration of variables is switched on (and any reasonably
secure PHP configuration should have this switched off).
3) You never set the session_cache_expiry for the non-remembered login, so
the amount of time the user is logged in is inconsistent with the time set in
the database. (This can be fixed by following point 5)
4) You set a different php session expiry time to the database expiry
(365*86400 is not the same as 60*24*365) (also corrected by point 5).
5) You should avoid duplication of queries where possible; a better approach
would just be to do something like:
if (isset($_POST['register'])) {
$expiration = 31536000; // 1 year
} else {
$expiration = 86400; // 1 day
}
$mdb2->query('INSERT INTO Scrobble_Sessions (username, sessionid, expires)
VALUES ('
.$mdb2->quote($username, 'text').', '
.$mdb2->quote($session_id, 'text').', '
.$mdb2->quote(time()+$expiration, 'integer').')');
session_cache_expire($expiration);
This means that the query and the expiration times only need to be changed
in one place if they need changing in the future and avoid the possibility for
simple mistakes like setting the database and php session times differently.
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?26264>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
_______________________________________________
Libre-fm mailing list
[email protected]
http://lists.autonomo.us/mailman/listinfo/libre-fm
