login system tweaks

This commit is contained in:
Andrew Dolgov 2007-03-02 11:48:46 +01:00
parent c12510cd4d
commit 7f0acba7b0
3 changed files with 44 additions and 32 deletions

View file

@ -16,8 +16,6 @@
error_reporting(DEFAULT_ERROR_LEVEL); */
$op = $_REQUEST["op"];
define('SCHEMA_VERSION', 13);
require_once "sanity_check.php";
@ -27,6 +25,25 @@
require_once "db-prefs.php";
require_once "functions.php";
$script_started = getmicrotime();
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if (!$link) {
if (DB_TYPE == "mysql") {
print mysql_error();
}
// PG seems to display its own errors just fine by default.
return;
}
if (DB_TYPE == "pgsql") {
pg_query("set client_encoding = 'UTF-8'");
pg_set_client_encoding("UNICODE");
}
$op = $_REQUEST["op"];
$print_exec_time = false;
if ((!$op || $op == "rpc" || $op == "rss" || $op == "digestSend" ||
@ -41,7 +58,8 @@
print_error_xml(7); exit;
}
if (!$_SESSION["uid"] && $op != "globalUpdateFeeds" && $op != "rss" && $op != "getUnread") {
if (!($_SESSION["uid"] && validate_session($link)) && $op != "globalUpdateFeeds"
&& $op != "rss" && $op != "getUnread") {
if ($op == "rpc") {
print_error_xml(6); die;
@ -95,22 +113,6 @@
require_once "modules/pref-users.php";
require_once "modules/pref-feed-browser.php";
$script_started = getmicrotime();
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if (!$link) {
if (DB_TYPE == "mysql") {
print mysql_error();
}
// PG seems to display its own errors just fine by default.
return;
}
if (DB_TYPE == "pgsql") {
pg_query("set client_encoding = 'UTF-8'");
pg_set_client_encoding("UNICODE");
}
if (!sanity_check($link)) { return; }

View file

@ -1163,6 +1163,7 @@
if (SESSION_CHECK_ADDRESS && $_SESSION["uid"]) {
if ($_SESSION["ip_address"]) {
if ($_SESSION["ip_address"] != $_SERVER["REMOTE_ADDR"]) {
$_SESSION["login_error_msg"] = "Session failed to validate (incorrect IP)";
return false;
}
}
@ -1191,20 +1192,22 @@
}
}
if ($_COOKIE[get_session_cookie_name()]) {
/* if ($_COOKIE[get_session_cookie_name()]) {
require_once "sessions.php";
}
if (!validate_session($link)) {
logout_user();
render_login_form($link);
exit;
}
} */
$login_action = $_POST["login_action"];
/* if (!validate_session($link) && $login_action != "do_login") {
logout_user();
render_login_form($link);
exit;
} */
$session_started = false;
# try to authenticate user if called from login form
if ($login_action == "do_login" && !$_SESSION["uid"]) {
if ($login_action == "do_login") {
$login = $_POST["login"];
$password = $_POST["password"];
$remember_me = $_POST["remember_me"];
@ -1217,7 +1220,7 @@
require_once "sessions.php";
session_regenerate_id();
$session_started = true;
if (authenticate_user($link, $login, $password)) {
$_POST["password"] = "";
@ -1236,10 +1239,16 @@
exit;
return;
} else {
$_SESSION["login_error_msg"] = "Incorrect username or password";
}
}
if (!$_SESSION["uid"]) {
if (!$session_started) {
require_once "sessions.php";
}
if (!$_SESSION["uid"] || !validate_session($link)) {
render_login_form($link);
exit;
}

View file

@ -41,8 +41,9 @@ window.onload = init;
</td>
</tr><tr>
<td align="center" valign="middle" class="loginMiddle" height="100%">
<?php if ($error_msg) { ?>
<div class="loginError"><?php echo $error_msg ?></div>
<?php if ($_SESSION['login_error_msg']) { ?>
<div class="loginError"><?php echo $_SESSION['login_error_msg'] ?></div>
<?php $_SESSION['login_error_msg'] = ""; ?>
<?php } ?>
<table>
<tr><td align="right">Login:</td>