[ros-diffs] [cfinck] 445: - Remove the IP check from the Bugzilla ROSCMS Login Module. It won't work if the Bugzilla sits behind a proxy and wasn't very effective anyway. - Avoid a PHP notice that a particular array key does not exist in RosCMS v4's Login code.

[cfinck]

Author: cfinck
Date: Thu Jul  9 02:51:56 2009
New Revision: 445

URL: http://svn.reactos.org/svn/reactos?rev=445&view=rev
Log:
- Remove the IP check from the Bugzilla ROSCMS Login Module. It won't work if 
the Bugzilla sits behind a proxy and wasn't very effective anyway.
- Avoid a PHP notice that a particular array key does not exist in RosCMS v4's 
Login code.

Modified:
    
branches/danny-web/www/www.reactos.org/bugzilla/Bugzilla/Auth/Login/ROSCMS.pm
    branches/danny-web/www/www.reactos.org/roscms/lib/om/Login.class.php

Modified: 
branches/danny-web/www/www.reactos.org/bugzilla/Bugzilla/Auth/Login/ROSCMS.pm
URL: 
http://svn.reactos.org/svn/reactos/branches/danny-web/www/www.reactos.org/bugzilla/Bugzilla/Auth/Login/ROSCMS.pm?rev=445&r1=444&r2=445&view=diff
==============================================================================
--- 
branches/danny-web/www/www.reactos.org/bugzilla/Bugzilla/Auth/Login/ROSCMS.pm 
[iso-8859-1] (original)
+++ 
branches/danny-web/www/www.reactos.org/bugzilla/Bugzilla/Auth/Login/ROSCMS.pm 
[iso-8859-1] Thu Jul  9 02:51:56 2009
@@ -72,14 +72,10 @@
        if ( defined $session_id ) {
                my $session_id_clean = $session_id;
                trick_taint($session_id_clean);
-               my $remote_addr_clean;
-               if ($ENV{'REMOTE_ADDR'} =~ 
m/^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/) {
-                       $remote_addr_clean = $1;
-               } else {
-                       $remote_addr_clean = 'invalid';
-               }
+
                my $browser_agent_clean = $ENV{'HTTP_USER_AGENT'};
                trick_taint($browser_agent_clean);
+
                my $query = "SELECT m.subsys_user_id, m.user_id " .
                                "  FROM 
$roscms_db_name.roscms_accounts_sessions s " .
                                 "  JOIN $roscms_db_name.roscms_accounts u ON 
s.user_id = u.id " .
@@ -87,13 +83,11 @@
                                " WHERE s.id = ? " .
                                "   AND (s.expires IS NULL OR " .
                                "        NOW() <= s.expires) " .
-                               "   AND (s.ip = 'false' OR " .
-                               "        s.ip = ?) " .
                                "   AND (s.browseragent = 'false' OR " .
                                "        s.browseragent = ?) " .
                                "   AND m.subsys = 'bugzilla'";
 
-               my @params = ($session_id_clean, $remote_addr_clean, 
$browser_agent_clean);
+               my @params = ($session_id_clean, $browser_agent_clean);
                ($user_id, $roscms_user_id) = $dbh->selectrow_array($query, 
undef, @params);
                
                if ($user_id) {

Modified: branches/danny-web/www/www.reactos.org/roscms/lib/om/Login.class.php
URL: 
http://svn.reactos.org/svn/reactos/branches/danny-web/www/www.reactos.org/roscms/lib/om/Login.class.php?rev=445&r1=444&r2=445&view=diff
==============================================================================
--- branches/danny-web/www/www.reactos.org/roscms/lib/om/Login.class.php 
[iso-8859-1] (original)
+++ branches/danny-web/www/www.reactos.org/roscms/lib/om/Login.class.php 
[iso-8859-1] Thu Jul  9 02:51:56 2009
@@ -137,7 +137,7 @@
     $config = &RosCMS::getInstance();
 
     // do we have a session ?
-    if ($_COOKIE[$config->cookieUserKey()]) {
+    if (array_key_exists($config->cookieUserKey(), $_COOKIE)) {
 
       // delete cookie, kill session
       Cookie::write($config->cookieUserKey(), '', time() - 3600);