From 7687821d0a135e45a757f964e8a6274100d47b8f Mon Sep 17 00:00:00 2001 From: "Pierre Habouzit (MadCoder" Date: Sun, 12 Dec 2004 18:28:36 +0000 Subject: [PATCH] session + suid simplifications git-archimport-id: opensource@polytechnique.org--2005/platal--mainline--0.9--patch-68 --- htdocs/admin/utilisateurs.php | 3 +-- htdocs/exit.php | 4 +--- include/xorg/session.inc.php | 38 +++++++++++++------------------------- 3 files changed, 15 insertions(+), 30 deletions(-) diff --git a/htdocs/admin/utilisateurs.php b/htdocs/admin/utilisateurs.php index 1444285..39c4e97 100644 --- a/htdocs/admin/utilisateurs.php +++ b/htdocs/admin/utilisateurs.php @@ -46,8 +46,7 @@ if(isset($_REQUEST['logs_button'])) { if(isset($_REQUEST['suid_button']) and isset($_REQUEST['login']) and !isset($_SESSION['suid'])) { $log_data = $_REQUEST['login']." by ".$_SESSION['forlife']; $_SESSION['log']->log("suid_start",$log_data); - $_SESSION['slog'] = $_SESSION['log']; - $_SESSION['suid'] = $_SESSION['uid']; + $_SESSION['suid'] = $_SESSION; $r=$globals->db->query("SELECT id FROM aliases WHERE alias='{$_REQUEST['login']}'"); if(list($uid) = mysql_fetch_row($r)) { start_connexion($uid,true); diff --git a/htdocs/exit.php b/htdocs/exit.php index 0416502..6d247f1 100644 --- a/htdocs/exit.php +++ b/htdocs/exit.php @@ -26,10 +26,8 @@ if (isset($_SESSION['suid'])) { $suid = $_SESSION['suid']; $log_data = "{$_SESSION['forlife']} by $suid}"; $_SESSION['log']->log("suid_stop",$log_data); - $_SESSION['log'] = $_SESSION['slog']; + $_SESSION = $suid; unset($_SESSION['suid']); - unset($_SESSION['slog']); - start_connexion($suid,true); } header("Location: login.php"); diff --git a/include/xorg/session.inc.php b/include/xorg/session.inc.php index 0b2d797..ab0cb04 100644 --- a/include/xorg/session.inc.php +++ b/include/xorg/session.inc.php @@ -48,7 +48,7 @@ class XorgSession extends DiogenesCoreSession { global $globals; if (identified()) { // ok, c'est bon, on n'a rien à faire - return; + return true; } if (isset($_REQUEST['username']) and isset($_REQUEST['response']) @@ -61,38 +61,26 @@ class XorgSession extends DiogenesCoreSession FROM auth_user_md5 AS u INNER JOIN aliases AS a ON ( a.id=u.user_id AND type!='homonyme' ) WHERE a.$field='{$_REQUEST['username']}' AND u.perms IN('admin','user')"); - if (@mysql_num_rows($res) != 0) { - list($uid,$password)=mysql_fetch_row($res); - mysql_free_result($res); + + if (list($uid,$password)=mysql_fetch_row($res)) { $expected_response=md5("{$_REQUEST['username']}:$password:{$_SESSION['session']->challenge}"); if ($_REQUEST['response'] == $expected_response) { unset($_SESSION['session']->challenge); - // on logge la réussite pour les gens avec cookie if (isset($_SESSION['log'])) { - $_SESSION['log']->log("auth_ok"); + $_SESSION['log']->log('auth_ok'); } start_connexion($uid, true); return true; - } else { - // mot de passe incorrect pour le login existant - // on logge l'échec pour les gens avec cookie - if (isset($_SESSION['log'])) { - $_SESSION['log']->log("auth_fail","bad password"); - } - $this->doLogin($page,$new_name); - } - } else { - // login inexistant dans la base de donnees - // on logge l'échec pour les gens avec cookie - if (isset($_SESSION['log'])) { - $_SESSION['log']->log("auth_fail","bad login"); + } elseif (isset($_SESSION['log'])) { + $_SESSION['log']->log('auth_fail','bad password'); } - $this->doLogin($page,$new_name); - } - } else { - // ni loggué ni tentative de login - $this->doLogin($page,$new_name); + } elseif (isset($_SESSION['log'])) { + $_SESSION['log']->log('auth_fail','bad login'); + } + + mysql_free_result($res); } + $this->doLogin($page,$new_name); } // }}} @@ -302,7 +290,7 @@ function start_connexion ($uid, $identified) if ($suid) { $logger = new DiogenesCoreLogger($uid,$suid); $logger->log("suid_start","{$_SESSION['forlife']} by {$_SESSION['suid']}"); - $_SESSION = Array('suid'=>$_SESSION['suid'], 'slog'=>$_SESSION['slog'], 'log'=>$logger); + $_SESSION = Array('suid'=>$_SESSION['suid'], 'log'=>$logger); } else { $_SESSION = Array(); $_SESSION['log'] = (isset($logger) ? $logger : new DiogenesCoreLogger($uid)); -- 2.1.4