Ignore:
Timestamp:
Jul 23, 2006, 5:25:49 PM (18 years ago)
Author:
nikrou
Message:

bug 451 fixed: problem with auto login

  • add an auto_login_key in users_table
  • $confsession_length is no more useful

and sessions length will be 0 (until browser closed)

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/identification.php

    r1082 r1493  
    7272  }
    7373}
     74elseif (!empty($_COOKIE[$conf['remember_me_name']]))
     75{
     76  $cookie = unserialize(pwg_stripslashes($_COOKIE[$conf['remember_me_name']]));
     77  $query = '
     78SELECT auto_login_key
     79  FROM '.USERS_TABLE.'
     80  WHERE '.$conf['user_fields']['id'].' = '.$cookie['id'].'
     81;';
     82
     83  $auto_login_key = current(mysql_fetch_assoc(pwg_query($query)));
     84  if ($auto_login_key == $cookie['key'])
     85  {
     86    log_user($cookie['id'], false);
     87    redirect(empty($redirect_to) ? make_index_url() : $redirect_to);
     88  }
     89  else
     90  {
     91    // Hacking attempt!
     92    $query = '
     93UPDATE '.USERS_TABLE.'
     94  SET auto_login_key=\''.$auto_login_key.'\'
     95  WHERE '.$conf['user_fields']['id'].' = '.$user_id.'
     96;';
     97    pwg_query($query);
     98    setcookie($conf['remember_me_name'], '', 0, cookie_path());
     99    redirect(empty($redirect_to) ? make_index_url() : $redirect_to);
     100  }
     101}
    74102//----------------------------------------------------- template initialization
    75103//
Note: See TracChangeset for help on using the changeset viewer.