gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-03-12 00:45:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

- added comment with explaination why the ѕession has to be deleted after logout

Browse Source
This commit is contained in:
steinm 2013-02-06 17:33:56 +00:00
parent 8e950290dc
commit c1bfb1f89e
2 changed files with 37 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
op/op.Login.php
View File

@ -248,18 +248,36 @@ if(!$session->deleteByTime(86400)) {
exit;
}
// Create new session in database
if(!$id = $session->create(array('userid'=>$userid, 'theme'=>$sesstheme, 'lang'=>$lang))) {
_printMessage(getMLText("login_error_title"), getMLText("error_occured").": ".$db->getErrorMsg());
exit;
}
if (isset($_COOKIE["mydms_session"])) {
/* This part will never be reached unless the session cookie is kept,
* but op.Logout.php deletes it. Keeping a session could be a good idea
* for retaining the clipboard data, but the user id in the session should
* be set to 0 which is not possible due to foreign key constraints.
* So for now op.Logout.php will delete the cookie as always
*/
/* Load session */
$dms_session = $_COOKIE["mydms_session"];
if(!$resArr = $session->load($dms_session)) {
setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot); //delete cookie
header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$refer);
exit;
} else {
$session->setUser($userid);
}
} else {
// Create new session in database
if(!$id = $session->create(array('userid'=>$userid, 'theme'=>$sesstheme, 'lang'=>$lang))) {
_printMessage(getMLText("login_error_title"), getMLText("error_occured").": ".$db->getErrorMsg());
exit;
}
// Set the session cookie.
if($settings->_cookieLifetime)
$lifetime = time() + intval($settings->_cookieLifetime);
else
$lifetime = 0;
setcookie("mydms_session", $id, $lifetime, $settings->_httpRoot);
// Set the session cookie.
if($settings->_cookieLifetime)
$lifetime = time() + intval($settings->_cookieLifetime);
else
$lifetime = 0;
setcookie("mydms_session", $id, $lifetime, $settings->_httpRoot);
}
// TODO: by the PHP manual: The superglobals $_GET and $_REQUEST are already decoded.
// Using urldecode() on an element in $_GET or $_REQUEST could have unexpected and dangerous results.

8
op/op.Logout.php
View File

@ -28,6 +28,14 @@ include("../inc/inc.DBInit.php");
$dms_session = $_COOKIE["mydms_session"];
$session = new LetoDMS_Session($db);
$session->load($dms_session);
// If setting the user id to 0 worked, it would be a way to logout a
// user. It doesn't work because of a foreign constraint in the database
// won't allow it. So we keep on deleting the session and the cookie on
// logout
// $session->setUser(0); does not work because of foreign user constraint
if(!$session->delete($dms_session)) {
UI::exitError(getMLText("logout"),$db->getErrorMsg());
}