better error reporting in session validation

This commit is contained in:
Andrew Dolgov 2013-07-06 12:05:52 +04:00
parent bd207093ee
commit 04a8c2065f
1 changed files with 16 additions and 2 deletions

View File

@ -62,11 +62,17 @@
return false; return false;
} }
if ($_SESSION["ref_schema_version"] != session_get_schema_version(true)) if ($_SESSION["ref_schema_version"] != session_get_schema_version(true)) {
$_SESSION["login_error_msg"] =
__("Session failed to validate (schema version changed)");
return false; return false;
}
if (sha1($_SERVER['HTTP_USER_AGENT']) != $_SESSION["user_agent"]) if (sha1($_SERVER['HTTP_USER_AGENT']) != $_SESSION["user_agent"]) {
$_SESSION["login_error_msg"] =
__("Session failed to validate (user agent changed)");
return false; return false;
}
if ($_SESSION["uid"]) { if ($_SESSION["uid"]) {
$result = Db::get()->query( $result = Db::get()->query(
@ -74,11 +80,19 @@
// user not found // user not found
if (Db::get()->num_rows($result) == 0) { if (Db::get()->num_rows($result) == 0) {
$_SESSION["login_error_msg"] =
__("Session failed to validate (user not found)");
return false; return false;
} else { } else {
$pwd_hash = Db::get()->fetch_result($result, 0, "pwd_hash"); $pwd_hash = Db::get()->fetch_result($result, 0, "pwd_hash");
if ($pwd_hash != $_SESSION["pwd_hash"]) { if ($pwd_hash != $_SESSION["pwd_hash"]) {
$_SESSION["login_error_msg"] =
__("Session failed to validate (password changed)");
return false; return false;
} }
} }