Menu
▾
▴
[mxbb-commits] core/includes/sessions/phpbb3 login.php, 1.12, 1.13 session.php, 1.61, 1.62
|
From: Florin C B. <ory...@us...> - 2014-07-07 21:31:21
|
Update of /cvsroot/mxbb/core/includes/sessions/phpbb3 In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv32394 Modified Files: login.php session.php Log Message: Some fixes for phpbb3 Backend Index: login.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/sessions/phpbb3/login.php,v retrieving revision 1.12 retrieving revision 1.13 diff -C2 -d -r1.12 -r1.13 *** login.php 28 Jun 2013 15:33:47 -0000 1.12 --- login.php 7 Jul 2014 21:31:16 -0000 1.13 *************** *** 132,142 **** $mx_user->session_create($row['user_id'], $admin, $autologin, $viewonline = true); $session_id = $mx_user->session_id; ! ! // Reset login tries //$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']); // phpBB2 $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_attempts = 0 WHERE user_id = ' . $row['user_id']); // phpBB3 ! if( $session_id ) { $fromurl = ( !empty($HTTP_REFERER) ) ? str_replace('&', '&', htmlspecialchars($HTTP_REFERER)) : "index.$phpEx"; --- 132,141 ---- $mx_user->session_create($row['user_id'], $admin, $autologin, $viewonline = true); $session_id = $mx_user->session_id; ! // Reset login tries //$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']); // phpBB2 $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_attempts = 0 WHERE user_id = ' . $row['user_id']); // phpBB3 ! if(!empty($session_id)) { $fromurl = ( !empty($HTTP_REFERER) ) ? str_replace('&', '&', htmlspecialchars($HTTP_REFERER)) : "index.$phpEx"; *************** *** 194,206 **** // Successful login... set user_login_attempts to zero... ! if( $session_id ) { $url = !$mx_request_vars->is_empty_post('redirect') ? str_replace('&', '&', $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS)) : "index.$phpEx"; mx_redirect(mx3_append_sid($url, false)); } ! else { ! mx_message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__); } } } --- 193,211 ---- // Successful login... set user_login_attempts to zero... ! if(!empty($session_id)) { $url = !$mx_request_vars->is_empty_post('redirect') ? str_replace('&', '&', $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS)) : "index.$phpEx"; mx_redirect(mx3_append_sid($url, false)); } ! else if(!empty($mx_user->session_id)) { ! $session_id = $mx_user->session_id; ! $url = !$mx_request_vars->is_empty_post('redirect') ? str_replace('&', '&', $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS)) : "index.$phpEx"; ! mx_redirect(mx3_append_sid($url, false)); } + else + { + mx_message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__); + } } } Index: session.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/sessions/phpbb3/session.php,v retrieving revision 1.61 retrieving revision 1.62 diff -C2 -d -r1.61 -r1.62 *** session.php 16 May 2014 18:02:23 -0000 1.61 --- session.php 7 Jul 2014 21:31:17 -0000 1.62 *************** *** 293,299 **** $SID = 'sid=' . $this->session_id; } ! $_EXTRA_URL = array(); - // Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests // it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip. --- 293,298 ---- $SID = 'sid=' . $this->session_id; } ! $session_id = $this->session_id; $_EXTRA_URL = array(); // Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests // it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip. *************** *** 358,362 **** $this->data = $db->sql_fetchrow($result); $db->sql_freeresult($result); ! // Did the session exist in the DB? if (isset($this->data['user_id'])) --- 357,361 ---- $this->data = $db->sql_fetchrow($result); $db->sql_freeresult($result); ! // Did the session exist in the DB? if (isset($this->data['user_id'])) |
