From: Gordon P. H. <gph...@us...> - 2006-07-04 06:35:16
|
Update of /cvsroot/cmsforme/CMSformE In directory sc8-pr-cvs4.sourceforge.net:/tmp/cvs-serv14069 Modified Files: login.php Log Message: In honor of CMSformE's third birthday, I decided to dig around in the code. And, wouldn't you know it? I found some bugs. Made the installer more accessible, which finally fixes bug 17. It needed a couple of new language variables for the access keys, too. Upped our requirements to PHP 4.3.3, in line with phpBB. (We needed at least 4.3.0, anyway.) Finally gave the installing user a salt. Fixed various SID-related bugs. Added salt-regeneration to the login. (I added a function so that we don't duplicate the saltshaker... er, salt-maker.) Fixed auto-login (hopefully). So, happy birthday to the United States of America and to CMSformE. I hope you like my developer humor. Index: login.php =================================================================== RCS file: /cvsroot/cmsforme/CMSformE/login.php,v retrieving revision 1.30 retrieving revision 1.31 diff -u -d -r1.30 -r1.31 --- login.php 5 Jun 2005 16:37:10 -0000 1.30 +++ login.php 4 Jul 2006 06:35:13 -0000 1.31 @@ -70,10 +70,11 @@ { $user['id'] = $row['user_id']; $user['level'] = $row['user_level']; + $milk = evaporate_water( $sid ); - $sql = 'UPDATE ' . DB_USERS_TABLE . ' - SET user_lastvisit = \'' . time() . '\' - WHERE user_id = \'' . $user['id'] . '\''; + $sql = 'UPDATE ' . DB_USERS_TABLE . " + SET user_lastvisit = '" . time() . "', user_salt = '$milk' + WHERE user_id = '" . $user['id'] . "'"; if( !( $Database->query( $sql ) ) ) { @@ -82,8 +83,8 @@ db_error( $error['code'], 'Could not change last visit information.', $error['message'], __FILE__, __LINE__, $sql ); } - $sql = 'UPDATE ' . DB_SESSIONS_TABLE . ' - SET session_user_id = \'' . $user['id'] . "' + $sql = 'UPDATE ' . DB_SESSIONS_TABLE . " + SET session_user_id = '" . $user['id'] . "' WHERE session_id = '$sid'"; if( !( $Database->query( $sql ) ) ) @@ -96,7 +97,11 @@ // Only set info cookie if "Remember Login?" is used if( $remember ) { - setcookie( $config['cookie_prefix'] . '_info', $row['ketchup'], time() + DAY * 30 ); + // Who eats cookies with ketchup, anyway? + setcookie( $config['cookie_prefix'] . '_info', FALSE, time() - ( DAY * 30 ) ); + + // Now this is more like it.... + setcookie( $config['cookie_prefix'] . '_info', $milk, time() + ( DAY * 30 ) ); } setcookie( $config['cookie_prefix'] . '_sid', $sid, $session_end ); |