From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Sat, 6 Jul 2013 08:05:52 +0000 (+0400)
Subject: better error reporting in session validation
X-Git-Tag: 1.9~76
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=04a8c2065f73fd425a61dc55b4735de866fc01c5;p=tt-rss.git

better error reporting in session validation
---

diff --git a/include/sessions.php b/include/sessions.php
index 423ef0ed..66214afe 100644
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -62,11 +62,17 @@
 			return false;
 		}
 
-		if ($_SESSION["ref_schema_version"] != session_get_schema_version(true))
+		if ($_SESSION["ref_schema_version"] != session_get_schema_version(true)) {
+			$_SESSION["login_error_msg"] =
+				__("Session failed to validate (schema version changed)");
 			return false;
+		}
 
-		if (sha1($_SERVER['HTTP_USER_AGENT']) != $_SESSION["user_agent"])
+		if (sha1($_SERVER['HTTP_USER_AGENT']) != $_SESSION["user_agent"]) {
+			$_SESSION["login_error_msg"] =
+				__("Session failed to validate (user agent changed)");
 			return false;
+		}
 
 		if ($_SESSION["uid"]) {
 			$result = Db::get()->query(
@@ -74,11 +80,19 @@
 
 			// user not found
 			if (Db::get()->num_rows($result) == 0) {
+
+				$_SESSION["login_error_msg"] =
+					__("Session failed to validate (user not found)");
+
 				return false;
 			} else {
 				$pwd_hash = Db::get()->fetch_result($result, 0, "pwd_hash");
 
 				if ($pwd_hash != $_SESSION["pwd_hash"]) {
+
+					$_SESSION["login_error_msg"] =
+						__("Session failed to validate (password changed)");
+
 					return false;
 				}
 			}