From 04a8c2065f73fd425a61dc55b4735de866fc01c5 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Sat, 6 Jul 2013 12:05:52 +0400 Subject: [PATCH] better error reporting in session validation --- include/sessions.php | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/include/sessions.php b/include/sessions.php index 423ef0eda..66214afe7 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -62,11 +62,17 @@ return false; } - if ($_SESSION["ref_schema_version"] != session_get_schema_version(true)) + if ($_SESSION["ref_schema_version"] != session_get_schema_version(true)) { + $_SESSION["login_error_msg"] = + __("Session failed to validate (schema version changed)"); return false; + } - if (sha1($_SERVER['HTTP_USER_AGENT']) != $_SESSION["user_agent"]) + if (sha1($_SERVER['HTTP_USER_AGENT']) != $_SESSION["user_agent"]) { + $_SESSION["login_error_msg"] = + __("Session failed to validate (user agent changed)"); return false; + } if ($_SESSION["uid"]) { $result = Db::get()->query( @@ -74,11 +80,19 @@ // user not found if (Db::get()->num_rows($result) == 0) { + + $_SESSION["login_error_msg"] = + __("Session failed to validate (user not found)"); + return false; } else { $pwd_hash = Db::get()->fetch_result($result, 0, "pwd_hash"); if ($pwd_hash != $_SESSION["pwd_hash"]) { + + $_SESSION["login_error_msg"] = + __("Session failed to validate (password changed)"); + return false; } }