session + suid simplifications

author Pierre Habouzit (MadCoder <pierre.habouzit@m4x.org>

Sun, 12 Dec 2004 18:28:36 +0000 (18:28 +0000)

committer Florent Bruneau <florent.bruneau@polytechnique.org>

Thu, 26 Jun 2008 21:26:35 +0000 (23:26 +0200)
author Pierre Habouzit (MadCoder <pierre.habouzit@m4x.org>
Sun, 12 Dec 2004 18:28:36 +0000 (18:28 +0000)
committer Florent Bruneau <florent.bruneau@polytechnique.org>
Thu, 26 Jun 2008 21:26:35 +0000 (23:26 +0200)
diff --git a/htdocs/admin/utilisateurs.php b/htdocs/admin/utilisateurs.php

index 1444285..39c4e97 100644 (file)
--- a/htdocs/admin/utilisateurs.php
+++ b/htdocs/admin/utilisateurs.php
@@ -46,8 +46,7 @@ if(isset($_REQUEST['logs_button'])) {
  if(isset($_REQUEST['suid_button']) and isset($_REQUEST['login']) and !isset($_SESSION['suid'])) {
      $log_data = $_REQUEST['login']." by ".$_SESSION['forlife'];
      $_SESSION['log']->log("suid_start",$log_data);
-    $_SESSION['slog'] = $_SESSION['log'];
-    $_SESSION['suid'] = $_SESSION['uid'];
+    $_SESSION['suid'] = $_SESSION;
      $r=$globals->db->query("SELECT id FROM aliases WHERE alias='{$_REQUEST['login']}'");
      if(list($uid) = mysql_fetch_row($r)) {
         start_connexion($uid,true);
diff --git a/htdocs/exit.php b/htdocs/exit.php

index 0416502..6d247f1 100644 (file)
--- a/htdocs/exit.php
+++ b/htdocs/exit.php
@@ -26,10 +26,8 @@ if (isset($_SESSION['suid'])) {
      $suid = $_SESSION['suid'];
      $log_data = "{$_SESSION['forlife']} by $suid}";
      $_SESSION['log']->log("suid_stop",$log_data);
-    $_SESSION['log'] = $_SESSION['slog'];
+    $_SESSION = $suid;
      unset($_SESSION['suid']);
-    unset($_SESSION['slog']);
-    start_connexion($suid,true);
  }
  
  header("Location: login.php");
diff --git a/include/xorg/session.inc.php b/include/xorg/session.inc.php

index 0b2d797..ab0cb04 100644 (file)
--- a/include/xorg/session.inc.php
+++ b/include/xorg/session.inc.php
@@ -48,7 +48,7 @@ class XorgSession extends DiogenesCoreSession
      {
         global $globals;
         if (identified()) { // ok, c'est bon, on n'a rien à faire
-           return;
+           return true;
         }
  
         if (isset($_REQUEST['username']) and isset($_REQUEST['response'])
@@ -61,38 +61,26 @@ class XorgSession extends DiogenesCoreSession
                                             FROM  auth_user_md5 AS u
                                       INNER JOIN  aliases       AS a ON ( a.id=u.user_id AND type!='homonyme' )
                                            WHERE  a.$field='{$_REQUEST['username']}' AND u.perms IN('admin','user')");
-           if (@mysql_num_rows($res) != 0) {
-               list($uid,$password)=mysql_fetch_row($res);
-               mysql_free_result($res);
+
+           if (list($uid,$password)=mysql_fetch_row($res)) {
                 $expected_response=md5("{$_REQUEST['username']}:$password:{$_SESSION['session']->challenge}");
                 if ($_REQUEST['response'] == $expected_response) {
                     unset($_SESSION['session']->challenge);
-                   // on logge la réussite pour les gens avec cookie
                     if (isset($_SESSION['log'])) {
-                       $_SESSION['log']->log("auth_ok");
+                       $_SESSION['log']->log('auth_ok');
                      }
                     start_connexion($uid, true);
                     return true;
-               } else {
-                   // mot de passe incorrect pour le login existant
-                   // on logge l'échec pour les gens avec cookie
-                   if (isset($_SESSION['log'])) {
-                       $_SESSION['log']->log("auth_fail","bad password");
-                    }
-                   $this->doLogin($page,$new_name);
-               }
-           } else {
-               // login inexistant dans la base de donnees
-               // on logge l'échec pour les gens avec cookie
-               if (isset($_SESSION['log'])) {
-                   $_SESSION['log']->log("auth_fail","bad login");
+               } elseif (isset($_SESSION['log'])) {
+                    $_SESSION['log']->log('auth_fail','bad password');
                  }
-               $this->doLogin($page,$new_name);
-           }
-       } else {
-           // ni loggué ni tentative de login
-           $this->doLogin($page,$new_name);
+           } elseif (isset($_SESSION['log'])) {
+                $_SESSION['log']->log('auth_fail','bad login');
+            }
+            
+            mysql_free_result($res);
         }
+        $this->doLogin($page,$new_name);
      }
  
      // }}}
@@ -302,7 +290,7 @@ function start_connexion ($uid, $identified)
      if ($suid) {
         $logger = new DiogenesCoreLogger($uid,$suid);
         $logger->log("suid_start","{$_SESSION['forlife']} by {$_SESSION['suid']}");
-       $_SESSION = Array('suid'=>$_SESSION['suid'], 'slog'=>$_SESSION['slog'], 'log'=>$logger);
+       $_SESSION = Array('suid'=>$_SESSION['suid'], 'log'=>$logger);
      } else {
         $_SESSION = Array();
         $_SESSION['log'] = (isset($logger) ? $logger : new DiogenesCoreLogger($uid));
author	Pierre Habouzit (MadCoder <pierre.habouzit@m4x.org>
	Sun, 12 Dec 2004 18:28:36 +0000 (18:28 +0000)
committer	Florent Bruneau <florent.bruneau@polytechnique.org>
	Thu, 26 Jun 2008 21:26:35 +0000 (23:26 +0200)
htdocs/admin/utilisateurs.php		patch \| blob \| blame \| history
htdocs/exit.php		patch \| blob \| blame \| history
include/xorg/session.inc.php		patch \| blob \| blame \| history