<?php echo html::escapeHTML(DC_VENDOR

From: Florent Bruneau Date: Thu, 29 May 2008 22:26:39 +0000 (+0200) Subject: Fix issues with dotclear session management and browser cache. X-Git-Url: http://git.polytechnique.org/?p=dotclear.git;a=commitdiff_plain;h=001b27af17869b43a0c64ff82fa1679adbd10ff8 Fix issues with dotclear session management and browser cache. Signed-off-by: Florent Bruneau --- diff --git a/_public.php b/_public.php index fa9bece..392f557 100644 --- a/_public.php +++ b/_public.php @@ -1,11 +1,7 @@ url->register('xorgAuth', 'Xorg', '^auth/(.*)$', array('xorgAuthentifier', 'doAuth')); -$core->url->register('xorgLogin', 'XorgLogin', '^admin/(xorg\.php)$', array('xorgLoginPage', 'page')); - - ?> diff --git a/class.xorg.auth.php b/class.xorg.auth.php index 989e14d..8cbee75 100644 --- a/class.xorg.auth.php +++ b/class.xorg.auth.php @@ -15,15 +15,17 @@ class xorgAuth extends dcAuth { private function buildFromSession() { global $core; + @header('Last-Modified:'); if (!isset($core) || !isset($core->session)) { return; } $core->session->start(); - if (@$_SESSION['auth-xorg'] && is_null($this->xorg_infos['forlife'])) { + $user = @$_SESSION['auth-xorg']; + if ($user && is_null($this->xorg_infos['forlife'])) { foreach ($this->xorg_infos as $key => $val) { $this->xorg_infos[$key] = $_SESSION['auth-xorg-' . $key]; } - $this->user_id = $_SESSION['auth-xorg']; + $this->user_id = $user; parent::checkUser($this->user_id); } } @@ -37,6 +39,13 @@ class xorgAuth extends dcAuth { return true; } global $core; + + if (!$this->sessionExists()) { + session_write_close(); + header("Location: " . $core->blog->url . 'auth/Xorg?path=' . $path); + exit; + } + $_SESSION["auth-x-challenge"] = md5(uniqid(rand(), 1)); $url = "https://www.polytechnique.org/auth-groupex/utf8"; $url .= "?session=" . session_id(); @@ -84,6 +93,8 @@ class xorgAuth extends dcAuth { } $params = ''; global $core; + $_COOKIE[DC_SESSION_NAME] = $_GET['PHPSESSID']; + unset($_GET['PHPSESSID']); $core->session->start(); foreach($this->xorg_infos as $key => $val) { if(!isset($_GET[$key])) { @@ -98,6 +109,7 @@ class xorgAuth extends dcAuth { $_SESSION['sess_browser_uid'] = http::browserUID(DC_MASTER_KEY); $_SESSION['sess_blog_id'] = 'default'; $this->createUser(); + $path = $_GET['path']; header("Location: http://murphy.m4x.org" . $_GET['path']); exit; } @@ -162,6 +174,16 @@ class xorgAuth extends dcAuth { $this->buildFromSession(); return parent::getOptions(); } + + public function authForm() { + global $core; + $path = "http://murphy.m4x.org/~x2003bruneau/dotclear/"; + return '

'. + '

Via Polytechnique.org

' . + '

Via le formulaire

' . + '

'. + '

'.__('You must accept cookies in order to use the private area.').'

'; + } } ?> diff --git a/page.auth.admin.php b/page.auth.admin.php deleted file mode 100644 index 98f7e84..0000000 --- a/page.auth.admin.php +++ /dev/null @@ -1,95 +0,0 @@ -blog->url . 'admin/index.php'); - } - - # Loading locales for detected language - $dlang = http::getAcceptLanguage(); - if ($dlang) { - l10n::set(dirname(__FILE__).'/../locales/'.$dlang.'/main'); - } - - global $core; - $msg = $err = null; - header('Content-Type: text/html; charset=UTF-8'); - ?> - - - - - - - - - - - <?php echo html::escapeHTML(DC_VENDOR_NAME); ?> - - - - - callBehavior('loginPageHTMLHead'); - ?> - - - - - - - - - - - diff --git a/widget.auth.php b/widget.auth.php index fd6bd83..388eabe 100644 --- a/widget.auth.php +++ b/widget.auth.php @@ -7,6 +7,9 @@ class xorgAuthWidget { static public function widget(&$w) { global $core; $name = $core->auth->userID(); + var_dump($_SESSION); + var_dump($_REQUEST); + echo "sessionid = " . session_id(); if ($name) { return '