gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2024-10-05 07:32:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
78b4bcc713
seeddms-code/inc/inc.Authentication.php
steinm f2e279f4c5 - no need to sanitize the session cookie, it is properly quoted when used 
in the select statement
2011-11-29 07:16:04 +00:00

53 lines
1.5 KiB
PHP
Raw Blame History

<?php
/**
* Do authentication of users and session management
*
* @category DMS
* @package LetoDMS
* @license GPL 2
* @version @version@
* @author Markus Westphal, Malcolm Cowe, Uwe Steinmann <uwe@steinmann.cx>
* @copyright Copyright (C) 2002-2005 Markus Westphal,
* 2006-2008 Malcolm Cowe, 2010 Uwe Steinmann
* @version Release: @package_version@
*/
$refer=urlencode($_SERVER["REQUEST_URI"]);
if (!strncmp("/op", $refer, 3)) {
$refer="";
}
if (!isset($_COOKIE["mydms_session"])) {
header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$refer);
exit;
}
require_once("inc.Utils.php");
require_once("inc.ClassEmail.php");
require_once("inc.ClassSession.php");
/* Load session */
$dms_session = $_COOKIE["mydms_session"];
$session = new LetoDMS_Session($db);
if(!$resArr = $session->load($dms_session)) {
setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot); //delete cookie
header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$refer);
exit;
}
/* Load user data */
$user = $dms->getUser($resArr["userID"]);
if (!is_object($user)) {
setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot); //delete cookie
header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$refer);
exit;
}
$dms->setUser($user);
$notifier = new LetoDMS_Email();
$notifier->setSender($user);
$theme = $resArr["theme"];
include $settings->_rootDir . "languages/" . $resArr["language"] . "/lang.inc";
?>
Reference in New Issue View Git Blame Copy Permalink