From: Victor B. <vb...@us...> - 2005-09-25 13:27:33
|
Update of /cvsroot/mantisbt/mantisbt/core In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv14583/core Modified Files: Tag: BRANCH_0_19_2 authentication_api.php Log Message: 0006097: [security] user ID is cached indefinately (vboctor) - ported thraxisp fix from main branch. Index: authentication_api.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/authentication_api.php,v retrieving revision 1.45 retrieving revision 1.45.8.1 diff -u -d -r1.45 -r1.45.8.1 --- authentication_api.php 14 Aug 2004 15:26:20 -0000 1.45 +++ authentication_api.php 25 Sep 2005 13:27:24 -0000 1.45.8.1 @@ -135,7 +135,7 @@ # -------------------- # Allows scripts to login using a login name or ( login name + password ) function auth_attempt_script_login( $p_username, $p_password = null ) { - global $g_script_login_cookie; + global $g_script_login_cookie, $g_cache_current_user_id; $t_user_id = user_get_id_by_name( $p_username ); @@ -146,7 +146,7 @@ return false; } - # validate password if supplied + # validate password if supplied if ( null !== $p_password ) { if ( !auth_does_password_match( $t_user_id, $p_password ) ) { return false; @@ -161,6 +161,9 @@ # set the cookies $g_script_login_cookie = $t_user['cookie_string']; + # cache user id for future reference + $g_cache_current_user_id = $t_user_id; + return true; } @@ -341,28 +344,34 @@ # -------------------- # Return the current user login cookie string, - # if no user is logged in and anonymous login is enabled, returns cookie for anonymous user + # note that the cookie cached by a script login superceeds the cookie provided by + # the browser. This shouldn't normally matter, except that the password verification uses + # this routine to bypass the normal authentication, and can get confused when a normal user + # logs in, then runs the verify script. the act of fetching config variables may get the wrong + # userid. # if no user is logged in and anonymous login is enabled, returns cookie for anonymous user # otherwise returns '' (an empty string) function auth_get_current_user_cookie() { global $g_script_login_cookie; + # if logging in via a script, return that cookie + if ( $g_script_login_cookie !== null ) { + return $g_script_login_cookie; + } + + # fetch user cookie $t_cookie_name = config_get( 'string_cookie' ); $t_cookie = gpc_get_cookie( $t_cookie_name, '' ); # if cookie not found, and anonymous login enabled, use cookie of anonymous account. if ( is_blank( $t_cookie ) ) { - if ( $g_script_login_cookie !== null ) { - return $g_script_login_cookie; - } else { - if ( ON == config_get( 'allow_anonymous_login' ) ) { - $query = sprintf('SELECT id, cookie_string FROM %s WHERE username = "%s"', - config_get( 'mantis_user_table' ), config_get( 'anonymous_account' ) ); - $result = db_query( $query ); + if ( ON == config_get( 'allow_anonymous_login' ) ) { + $query = sprintf('SELECT id, cookie_string FROM %s WHERE username = "%s"', + config_get( 'mantis_user_table' ), config_get( 'anonymous_account' ) ); + $result = db_query( $query ); - if ( 1 == db_num_rows( $result ) ) { - $row = db_fetch_array( $result ); - $t_cookie = $row['cookie_string']; - } + if ( 1 == db_num_rows( $result ) ) { + $row = db_fetch_array( $result ); + $t_cookie = $row['cookie_string']; } } } |