From 1df0f48b2147c3cbc71dc2085de76f5a4432fb6d Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Fri, 2 Mar 2007 12:05:17 +0100 Subject: [PATCH] login system fixes... --- backend.php | 6 ++---- functions.php | 39 +++------------------------------------ login_form.php | 4 ++-- prefs.php | 6 +++++- sessions.php | 2 +- tt-rss.php | 6 +++++- 6 files changed, 18 insertions(+), 45 deletions(-) diff --git a/backend.php b/backend.php index 67bdabb5..656dcbf9 100644 --- a/backend.php +++ b/backend.php @@ -2,11 +2,9 @@ require_once "sessions.php"; require_once "modules/backend-rpc.php"; - header("Cache-Control: no-cache, must-revalidate"); - header("Cache-Control: no-cache, must-revalidate"); - + header("Cache-Control: no-cache, max-age=0, must-revalidate"); header("Pragma: no-cache"); - header("Expires: -1"); + header("Expires: " . gmdate("D, d M Y H:i:s", time()) . " GMT"); /* if ($_GET["debug"]) { define('DEFAULT_ERROR_LEVEL', E_ALL); diff --git a/functions.php b/functions.php index 98bfc2e6..49955b63 100644 --- a/functions.php +++ b/functions.php @@ -1192,49 +1192,17 @@ } } -/* if ($_COOKIE[get_session_cookie_name()]) { - require_once "sessions.php"; -} */ - $login_action = $_POST["login_action"]; -/* if (!validate_session($link) && $login_action != "do_login") { - logout_user(); - render_login_form($link); - exit; -} */ - - $session_started = false; - # try to authenticate user if called from login form if ($login_action == "do_login") { $login = $_POST["login"]; $password = $_POST["password"]; $remember_me = $_POST["remember_me"]; - if ($remember_me) { - session_set_cookie_params(SESSION_COOKIE_LIFETIME_REMEMBER); - } else { - session_set_cookie_params(SESSION_COOKIE_LIFETIME); - } - - require_once "sessions.php"; - - $session_started = true; - if (authenticate_user($link, $login, $password)) { $_POST["password"] = ""; - if ($remember_me) { - $_SESSION["cookie_lifetime"] = time() + - SESSION_COOKIE_LIFETIME_REMEMBER; - } else if (SESSION_COOKIE_LIFETIME) { - $_SESSION["cookie_lifetime"] = time() + SESSION_COOKIE_LIFETIME; - } - - setcookie("ttrss_cltime", $_SESSION["cookie_lifetime"], - $_SESSION["cookie_lifetime"]); - header("Location: " . $_SERVER["REQUEST_URI"]); exit; @@ -1244,17 +1212,16 @@ } } - if (!$session_started) { - require_once "sessions.php"; - } +// print session_id(); +// print_r($_SESSION); if (!$_SESSION["uid"] || !validate_session($link)) { render_login_form($link); exit; } + } else { - require_once "sessions.php"; return authenticate_user($link, "admin", null); } } diff --git a/login_form.php b/login_form.php index 0ecf3cc1..7ee53eb9 100644 --- a/login_form.php +++ b/login_form.php @@ -50,10 +50,10 @@ window.onload = init; Password: - + diff --git a/prefs.php b/prefs.php index 420bc086..ad77d866 100644 --- a/prefs.php +++ b/prefs.php @@ -1,6 +1,6 @@ diff --git a/sessions.php b/sessions.php index e1356262..608323a4 100644 --- a/sessions.php +++ b/sessions.php @@ -95,7 +95,7 @@ session_set_save_handler("open", "close", "read", "write", "destroy", "gc"); } -// session_set_cookie_params(SESSION_COOKIE_LIFETIME_REMEMBER); + session_set_cookie_params(SESSION_COOKIE_LIFETIME); session_start(); ?> diff --git a/tt-rss.php b/tt-rss.php index f39396ec..ab850f2f 100644 --- a/tt-rss.php +++ b/tt-rss.php @@ -1,6 +1,6 @@ -- 2.39.5