login system tweaks

This commit is contained in:
Andrew Dolgov 2007-03-02 11:48:46 +01:00
parent c12510cd4d
commit 7f0acba7b0
3 changed files with 44 additions and 32 deletions

View File

@ -16,8 +16,6 @@
error_reporting(DEFAULT_ERROR_LEVEL); */ error_reporting(DEFAULT_ERROR_LEVEL); */
$op = $_REQUEST["op"];
define('SCHEMA_VERSION', 13); define('SCHEMA_VERSION', 13);
require_once "sanity_check.php"; require_once "sanity_check.php";
@ -27,6 +25,25 @@
require_once "db-prefs.php"; require_once "db-prefs.php";
require_once "functions.php"; require_once "functions.php";
$script_started = getmicrotime();
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if (!$link) {
if (DB_TYPE == "mysql") {
print mysql_error();
}
// PG seems to display its own errors just fine by default.
return;
}
if (DB_TYPE == "pgsql") {
pg_query("set client_encoding = 'UTF-8'");
pg_set_client_encoding("UNICODE");
}
$op = $_REQUEST["op"];
$print_exec_time = false; $print_exec_time = false;
if ((!$op || $op == "rpc" || $op == "rss" || $op == "digestSend" || if ((!$op || $op == "rpc" || $op == "rss" || $op == "digestSend" ||
@ -41,7 +58,8 @@
print_error_xml(7); exit; print_error_xml(7); exit;
} }
if (!$_SESSION["uid"] && $op != "globalUpdateFeeds" && $op != "rss" && $op != "getUnread") { if (!($_SESSION["uid"] && validate_session($link)) && $op != "globalUpdateFeeds"
&& $op != "rss" && $op != "getUnread") {
if ($op == "rpc") { if ($op == "rpc") {
print_error_xml(6); die; print_error_xml(6); die;
@ -95,22 +113,6 @@
require_once "modules/pref-users.php"; require_once "modules/pref-users.php";
require_once "modules/pref-feed-browser.php"; require_once "modules/pref-feed-browser.php";
$script_started = getmicrotime();
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if (!$link) {
if (DB_TYPE == "mysql") {
print mysql_error();
}
// PG seems to display its own errors just fine by default.
return;
}
if (DB_TYPE == "pgsql") {
pg_query("set client_encoding = 'UTF-8'");
pg_set_client_encoding("UNICODE");
}
if (!sanity_check($link)) { return; } if (!sanity_check($link)) { return; }

View File

@ -1163,6 +1163,7 @@
if (SESSION_CHECK_ADDRESS && $_SESSION["uid"]) { if (SESSION_CHECK_ADDRESS && $_SESSION["uid"]) {
if ($_SESSION["ip_address"]) { if ($_SESSION["ip_address"]) {
if ($_SESSION["ip_address"] != $_SERVER["REMOTE_ADDR"]) { if ($_SESSION["ip_address"] != $_SERVER["REMOTE_ADDR"]) {
$_SESSION["login_error_msg"] = "Session failed to validate (incorrect IP)";
return false; return false;
} }
} }
@ -1191,20 +1192,22 @@
} }
} }
if ($_COOKIE[get_session_cookie_name()]) { /* if ($_COOKIE[get_session_cookie_name()]) {
require_once "sessions.php"; require_once "sessions.php";
} } */
if (!validate_session($link)) {
logout_user();
render_login_form($link);
exit;
}
$login_action = $_POST["login_action"]; $login_action = $_POST["login_action"];
/* if (!validate_session($link) && $login_action != "do_login") {
logout_user();
render_login_form($link);
exit;
} */
$session_started = false;
# try to authenticate user if called from login form # try to authenticate user if called from login form
if ($login_action == "do_login" && !$_SESSION["uid"]) { if ($login_action == "do_login") {
$login = $_POST["login"]; $login = $_POST["login"];
$password = $_POST["password"]; $password = $_POST["password"];
$remember_me = $_POST["remember_me"]; $remember_me = $_POST["remember_me"];
@ -1217,7 +1220,7 @@
require_once "sessions.php"; require_once "sessions.php";
session_regenerate_id(); $session_started = true;
if (authenticate_user($link, $login, $password)) { if (authenticate_user($link, $login, $password)) {
$_POST["password"] = ""; $_POST["password"] = "";
@ -1236,10 +1239,16 @@
exit; exit;
return; return;
} else {
$_SESSION["login_error_msg"] = "Incorrect username or password";
} }
} }
if (!$_SESSION["uid"]) { if (!$session_started) {
require_once "sessions.php";
}
if (!$_SESSION["uid"] || !validate_session($link)) {
render_login_form($link); render_login_form($link);
exit; exit;
} }

View File

@ -41,8 +41,9 @@ window.onload = init;
</td> </td>
</tr><tr> </tr><tr>
<td align="center" valign="middle" class="loginMiddle" height="100%"> <td align="center" valign="middle" class="loginMiddle" height="100%">
<?php if ($error_msg) { ?> <?php if ($_SESSION['login_error_msg']) { ?>
<div class="loginError"><?php echo $error_msg ?></div> <div class="loginError"><?php echo $_SESSION['login_error_msg'] ?></div>
<?php $_SESSION['login_error_msg'] = ""; ?>
<?php } ?> <?php } ?>
<table> <table>
<tr><td align="right">Login:</td> <tr><td align="right">Login:</td>