coding rules, some undefined vars + fix for #472

git-svn-id: svn+ssh://murphy/home/svn/platal/trunk@937 839d8a87-29fc-0310-9880-83ba4fa771e5

diff --git a/ChangeLog b/ChangeLog
index 0edfa2f..3c3ab88 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -18,6 +18,9 @@ Bug/Wish:
 
 From 0.9.11 branch:
 
+    * Core:
+        - #472: Fix problem with auth when using the cookie.                -MC
+
     * Geoloc:
         - #469: Google Maps link works for the USA                         -FRU
 

diff --git a/classes/platal.php b/classes/platal.php
index 27b75a5..1a317f3 100644 (file)
--- a/classes/platal.php
+++ b/classes/platal.php
@@ -111,7 +111,7 @@ class Platal
 
     function force_login(&$page)
     {
-        if (S::logged() and !$new_name) {
+        if (S::logged()) {
             $page->changeTpl('password_prompt_logged.tpl');
             $page->addJsLink('do_challenge_response_logged.js');
         } else {

diff --git a/include/platal.inc.php b/include/platal.inc.php
index bc09f8e..701dfbf 100644 (file)
--- a/include/platal.inc.php
+++ b/include/platal.inc.php
@@ -72,6 +72,16 @@ function pl_error_handler($errno, $errstr, $errfile, $errline)
         "</div>";
 }
 
+function pl_dump_env()
+{
+    echo "<div class='phperror'><pre>";
+    echo "\nSESSION: "; var_export($_SESSION);
+    echo "\nPOST:    "; var_export($_POST);
+    echo "\nGET:     "; var_export($_GET);
+    echo "\nCOOKIES: "; var_export($_COOKIES);
+    echo "</pre></div>";
+}
+
 function pl_print_errors()
 {
     print join("\n", $GLOBALS['pl_errors']);
@@ -79,7 +89,7 @@ function pl_print_errors()
 
 set_error_handler('pl_error_handler', E_ALL | E_STRICT);
 register_shutdown_function('pl_print_errors');
-
+register_shutdown_function('pl_dump_env');
 
 function pl_url($path, $query = null, $fragment = null)
 {

diff --git a/include/xorg/session.inc.php b/include/xorg/session.inc.php
index 8d73093..45905b5 100644 (file)
--- a/include/xorg/session.inc.php
+++ b/include/xorg/session.inc.php
@@ -73,6 +73,7 @@ class XorgSession
             }
         } else {
             $login = $uname;
+            $redirect = false;
         }
 
         $field = (!$redirect && preg_match('/^\d*$/', $uname)) ? 'id' : 'alias';
@@ -85,13 +86,14 @@ class XorgSession
         $logger =& S::v('log');
         if (list($uid, $password) = $res->fetchOneRow()) {
                 require_once('secure_hash.inc.php');
-                    $expected_response=hash_encrypt("$uname:$password:".S::v('challenge'));
+                    $expected_response = hash_encrypt("$uname:$password:".S::v('challenge'));
                     // le password de la base est peut-être encore encodé en md5
                     if (Env::v('response') != $expected_response) {
                       $new_password = hash_xor(Env::v('xorpass'), $password);
                       $expected_response = hash_encrypt("$uname:$new_password:".S::v('challenge'));
                       if (Env::v('response') == $expected_response) {
-                          XDB::execute("UPDATE auth_user_md5 SET password = {?} WHERE user_id = {?}", $new_password, $uid);
+                          XDB::execute("UPDATE auth_user_md5 SET password = {?} WHERE user_id = {?}",
+                                       $new_password, $uid);
                       }
                     }
                     if (Env::v('response') == $expected_response) {
@@ -174,9 +176,10 @@ function try_cookie()
     }
 
     $res = @XDB::query(
-            "SELECT user_id,password FROM auth_user_md5 WHERE user_id = {?} AND perms IN('admin','user')",
-            Cookie::i('ORGuid')
-    );
+            "SELECT user_id,password FROM auth_user_md5
+              WHERE user_id = {?} AND perms IN('admin','user')",
+            Cookie::i('ORGuid'));
+
     if ($res->numRows() != 0) {
        list($uid, $password) = $res->fetchOneRow();
        require_once('secure_hash.inc.php');
@@ -228,7 +231,7 @@ function start_connexion ($uid, $identified)
         setcookie('ORGuid', $uid, (time()+25920000), '/', '', 0);
     }
 
-    $_SESSION         = $sess;
+    $_SESSION         = array_merge($_SESSION, $sess);
     $_SESSION['log']  = $logger;
     $_SESSION['auth'] = ($identified ? AUTH_MDP : AUTH_COOKIE);
     set_skin();