login system fixes...

This commit is contained in:
Andrew Dolgov 2007-03-02 12:05:17 +01:00
parent 7f0acba7b0
commit 1df0f48b21
6 changed files with 18 additions and 45 deletions

View File

@ -2,11 +2,9 @@
require_once "sessions.php"; require_once "sessions.php";
require_once "modules/backend-rpc.php"; require_once "modules/backend-rpc.php";
header("Cache-Control: no-cache, must-revalidate"); header("Cache-Control: no-cache, max-age=0, must-revalidate");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache"); header("Pragma: no-cache");
header("Expires: -1"); header("Expires: " . gmdate("D, d M Y H:i:s", time()) . " GMT");
/* if ($_GET["debug"]) { /* if ($_GET["debug"]) {
define('DEFAULT_ERROR_LEVEL', E_ALL); define('DEFAULT_ERROR_LEVEL', E_ALL);

View File

@ -1192,49 +1192,17 @@
} }
} }
/* if ($_COOKIE[get_session_cookie_name()]) {
require_once "sessions.php";
} */
$login_action = $_POST["login_action"]; $login_action = $_POST["login_action"];
/* if (!validate_session($link) && $login_action != "do_login") {
logout_user();
render_login_form($link);
exit;
} */
$session_started = false;
# try to authenticate user if called from login form # try to authenticate user if called from login form
if ($login_action == "do_login") { if ($login_action == "do_login") {
$login = $_POST["login"]; $login = $_POST["login"];
$password = $_POST["password"]; $password = $_POST["password"];
$remember_me = $_POST["remember_me"]; $remember_me = $_POST["remember_me"];
if ($remember_me) {
session_set_cookie_params(SESSION_COOKIE_LIFETIME_REMEMBER);
} else {
session_set_cookie_params(SESSION_COOKIE_LIFETIME);
}
require_once "sessions.php";
$session_started = true;
if (authenticate_user($link, $login, $password)) { if (authenticate_user($link, $login, $password)) {
$_POST["password"] = ""; $_POST["password"] = "";
if ($remember_me) {
$_SESSION["cookie_lifetime"] = time() +
SESSION_COOKIE_LIFETIME_REMEMBER;
} else if (SESSION_COOKIE_LIFETIME) {
$_SESSION["cookie_lifetime"] = time() + SESSION_COOKIE_LIFETIME;
}
setcookie("ttrss_cltime", $_SESSION["cookie_lifetime"],
$_SESSION["cookie_lifetime"]);
header("Location: " . $_SERVER["REQUEST_URI"]); header("Location: " . $_SERVER["REQUEST_URI"]);
exit; exit;
@ -1244,17 +1212,16 @@
} }
} }
if (!$session_started) { // print session_id();
require_once "sessions.php"; // print_r($_SESSION);
}
if (!$_SESSION["uid"] || !validate_session($link)) { if (!$_SESSION["uid"] || !validate_session($link)) {
render_login_form($link); render_login_form($link);
exit; exit;
} }
} else { } else {
require_once "sessions.php";
return authenticate_user($link, "admin", null); return authenticate_user($link, "admin", null);
} }
} }

View File

@ -50,10 +50,10 @@ window.onload = init;
<td align="right"><input name="login"></td></tr> <td align="right"><input name="login"></td></tr>
<tr><td align="right">Password:</td> <tr><td align="right">Password:</td>
<td align="right"><input type="password" name="password"></td></tr> <td align="right"><input type="password" name="password"></td></tr>
<tr><td colspan="2"> <!-- <tr><td colspan="2">
<input type="checkbox" name="remember_me" id="remember_me"> <input type="checkbox" name="remember_me" id="remember_me">
<label for="remember_me">Remember me on this computer</label> <label for="remember_me">Remember me on this computer</label>
</td></tr> </td></tr> -->
<tr><td colspan="2" align="right" class="innerLoginCell"> <tr><td colspan="2" align="right" class="innerLoginCell">
<input type="submit" class="button" value="Login"> <input type="submit" class="button" value="Login">
<input type="hidden" name="action" value="login"> <input type="hidden" name="action" value="login">

View File

@ -1,6 +1,6 @@
<?php <?php
require_once "functions.php"; require_once "functions.php";
// require_once "sessions.php"; require_once "sessions.php";
require_once "sanity_check.php"; require_once "sanity_check.php";
require_once "version.php"; require_once "version.php";
require_once "config.php"; require_once "config.php";
@ -12,6 +12,10 @@
$dt_add = get_script_dt_add(); $dt_add = get_script_dt_add();
header("Cache-Control: no-cache, max-age=0, must-revalidate");
header("Pragma: no-cache");
header("Expires: " . gmdate("D, d M Y H:i:s", time()) . " GMT");
?> ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

View File

@ -95,7 +95,7 @@
session_set_save_handler("open", "close", "read", "write", "destroy", "gc"); session_set_save_handler("open", "close", "read", "write", "destroy", "gc");
} }
// session_set_cookie_params(SESSION_COOKIE_LIFETIME_REMEMBER); session_set_cookie_params(SESSION_COOKIE_LIFETIME);
session_start(); session_start();
?> ?>

View File

@ -1,6 +1,6 @@
<?php <?php
require_once "functions.php"; require_once "functions.php";
// require_once "sessions.php"; require_once "sessions.php";
require_once "sanity_check.php"; require_once "sanity_check.php";
require_once "version.php"; require_once "version.php";
require_once "config.php"; require_once "config.php";
@ -12,6 +12,10 @@
$dt_add = get_script_dt_add(); $dt_add = get_script_dt_add();
header("Cache-Control: no-cache, max-age=0, must-revalidate");
header("Pragma: no-cache");
header("Expires: " . gmdate("D, d M Y H:i:s", time()) . " GMT");
?> ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">