Changeset 1004 for trunk/category.php


Ignore:
Timestamp:
Jan 15, 2006, 2:45:42 PM (18 years ago)
Author:
nikrou
Message:

Improve security of sessions:

  • use only cookies to store session id on client side
  • use default php session system with database handler to store sessions on server side
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/category.php

    r1000 r1004  
    3232if ( isset( $_GET['act'] )
    3333     and $_GET['act'] == 'logout'
    34      and isset( $_COOKIE['id'] ) )
     34     and isset( $_COOKIE[session_name()] ) )
    3535{
    3636  // cookie deletion if exists
    37   setcookie( 'id', '', 0, cookie_path() );
     37  $_SESSION = array();
     38  session_unset();
     39  session_destroy();
     40  setcookie(session_name(),'',0,'/');
    3841  $url = 'category.php';
    3942  redirect( $url );
     
    164167  'L_REMEMBER_ME' => $lang['remember_me'],
    165168 
    166   'F_IDENTIFY' => add_session_id( PHPWG_ROOT_PATH.'identification.php' ),
     169  'F_IDENTIFY' => PHPWG_ROOT_PATH.'identification.php',
    167170  'T_RECENT' => $icon_recent,
    168171
    169   'U_HOME' => add_session_id( PHPWG_ROOT_PATH.'category.php' ),
    170   'U_REGISTER' => add_session_id( PHPWG_ROOT_PATH.'register.php' ),
    171   'U_LOST_PASSWORD' => add_session_id(PHPWG_ROOT_PATH.'password.php'),
     172  'U_HOME' => PHPWG_ROOT_PATH.'category.php',
     173  'U_REGISTER' => PHPWG_ROOT_PATH.'register.php',
     174  'U_LOST_PASSWORD' => PHPWG_ROOT_PATH.'password.php',
    172175  'U_LOGOUT' => PHPWG_ROOT_PATH.'category.php?act=logout',
    173   'U_ADMIN'=>add_session_id( PHPWG_ROOT_PATH.'admin.php' ),
    174   'U_PROFILE'=>add_session_id(PHPWG_ROOT_PATH.'profile.php')
     176  'U_ADMIN'=> PHPWG_ROOT_PATH.'admin.php',
     177  'U_PROFILE'=> PHPWG_ROOT_PATH.'profile.php'
    175178  )
    176179);
     
    199202    'special_cat',
    200203    array(
    201       'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=fav'),
     204      'URL' => PHPWG_ROOT_PATH.'category.php?cat=fav',
    202205      'TITLE' => $lang['favorite_cat_hint'],
    203206      'NAME' => $lang['favorite_cat']
     
    208211  'special_cat',
    209212  array(
    210     'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=most_visited'),
     213    'URL' => PHPWG_ROOT_PATH.'category.php?cat=most_visited',
    211214    'TITLE' => $lang['most_visited_cat_hint'],
    212215    'NAME' => $lang['most_visited_cat']
     
    218221    'special_cat',
    219222    array(
    220       'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=best_rated'),
     223      'URL' => PHPWG_ROOT_PATH.'category.php?cat=best_rated',
    221224      'TITLE' => $lang['best_rated_cat_hint'],
    222225      'NAME' => $lang['best_rated_cat']
     
    228231  'special_cat',
    229232  array(
    230     'URL' => add_session_id(PHPWG_ROOT_PATH.'random.php'),
     233    'URL' => PHPWG_ROOT_PATH.'random.php',
    231234    'TITLE' => $lang['random_cat_hint'],
    232235    'NAME' => $lang['random_cat']
     
    236239  'special_cat',
    237240  array(
    238     'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=recent_pics'),
     241    'URL' => PHPWG_ROOT_PATH.'category.php?cat=recent_pics',
    239242    'TITLE' => $lang['recent_pics_cat_hint'],
    240243    'NAME' => $lang['recent_pics_cat']
     
    244247  'special_cat',
    245248  array(
    246     'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=recent_cats'),
     249    'URL' => PHPWG_ROOT_PATH.'category.php?cat=recent_cats',
    247250    'TITLE' => $lang['recent_cats_cat_hint'],
    248251    'NAME' => $lang['recent_cats_cat']
     
    252255  'special_cat',
    253256  array(
    254     'URL' => add_session_id(PHPWG_ROOT_PATH.'category.php?cat=calendar'),
     257    'URL' => PHPWG_ROOT_PATH.'category.php?cat=calendar',
    255258    'TITLE' => $lang['calendar_hint'],
    256259    'NAME' => $lang['calendar']
     
    291294'TITLE'=>$lang['hint_search'],
    292295'NAME'=>$lang['search'],
    293 'U_SUMMARY'=>add_session_id( 'search.php' ),
     296'U_SUMMARY'=> 'search.php',
    294297));
    295298
     
    298301'TITLE'=>$lang['hint_comments'],
    299302'NAME'=>$lang['comments'],
    300 'U_SUMMARY'=>add_session_id( 'comments.php' ),
     303'U_SUMMARY'=> 'comments.php',
    301304));
    302305
     
    305308'TITLE'=>$lang['about_page_title'],
    306309'NAME'=>$lang['About'],
    307 'U_SUMMARY'=>add_session_id( 'about.php?'.str_replace( '&', '&', $_SERVER['QUERY_STRING'] ) )
     310'U_SUMMARY'=> 'about.php?'.str_replace( '&', '&', $_SERVER['QUERY_STRING'] )
    308311));
    309312
     
    314317    'TITLE'=>l10n('notification'),
    315318    'NAME'=>l10n('Notification'),
    316     'U_SUMMARY'=>add_session_id(PHPWG_ROOT_PATH.'notification.php')
     319    'U_SUMMARY'=> PHPWG_ROOT_PATH.'notification.php'
    317320));
    318321
     
    325328    array(
    326329      'URL' =>
    327         add_session_id(
    328330          PHPWG_ROOT_PATH.'admin.php?page=cat_modify'
    329331          .'&cat_id='.$page['cat']
    330           )
    331332      )
    332333    );
     
    353354      array(
    354355        'URL' =>
    355           add_session_id(
    356356            PHPWG_ROOT_PATH.'category.php'
    357357            .get_query_string_diff(array('caddie')).'&caddie=1')
    358         )
    359358      );
    360359  }
     
    384383    $template->assign_block_vars(
    385384      'upload',
    386       array('U_UPLOAD'=>add_session_id( $url ))
     385      array('U_UPLOAD'=> $url )
    387386      );
    388387  }
Note: See TracChangeset for help on using the changeset viewer.