login system fixes...

author Andrew Dolgov <fox@bah.spb.su>

Fri, 2 Mar 2007 11:05:17 +0000 (12:05 +0100)

committer Andrew Dolgov <fox@bah.spb.su>

Fri, 2 Mar 2007 11:05:17 +0000 (12:05 +0100)
author Andrew Dolgov <fox@bah.spb.su>
Fri, 2 Mar 2007 11:05:17 +0000 (12:05 +0100)
committer Andrew Dolgov <fox@bah.spb.su>
Fri, 2 Mar 2007 11:05:17 +0000 (12:05 +0100)
diff --git a/backend.php b/backend.php

index 67bdabb56fe788ced67f360c352ebf516b064d86..656dcbf9c2155ee4618ddd3a4755d3702886844e 100644 (file)
--- a/backend.php
+++ b/backend.php
@@ -2,11 +2,9 @@
         require_once "sessions.php";
         require_once "modules/backend-rpc.php";
         
-       header("Cache-Control: no-cache, must-revalidate");
-       header("Cache-Control: no-cache, must-revalidate");
-
+       header("Cache-Control: no-cache, max-age=0, must-revalidate");
         header("Pragma: no-cache");
-       header("Expires: -1");
+       header("Expires: " . gmdate("D, d M Y H:i:s", time()) . " GMT");
         
  /*     if ($_GET["debug"]) {
                 define('DEFAULT_ERROR_LEVEL', E_ALL);
diff --git a/functions.php b/functions.php

index 98bfc2e64588530af85eae207367f17b45093d9f..49955b63f0cb267891f2a58602193b0c9645f26b 100644 (file)
--- a/functions.php
+++ b/functions.php
@@ -1192,49 +1192,17 @@
                                 }
                         }
  
-/*                     if ($_COOKIE[get_session_cookie_name()]) {
-                               require_once "sessions.php";
-} */
-
                         $login_action = $_POST["login_action"];
  
-/*                     if (!validate_session($link) && $login_action != "do_login") {
-                               logout_user();
-                               render_login_form($link);
-                               exit;
-} */
-
-                       $session_started = false;
-
                         # try to authenticate user if called from login form                    
                         if ($login_action == "do_login") {
                                 $login = $_POST["login"];
                                 $password = $_POST["password"];
                                 $remember_me = $_POST["remember_me"];
  
-                               if ($remember_me) {
-                                       session_set_cookie_params(SESSION_COOKIE_LIFETIME_REMEMBER);
-                               } else {
-                                       session_set_cookie_params(SESSION_COOKIE_LIFETIME);
-                               }
-
-                               require_once "sessions.php";
-
-                               $session_started = true;
-
                                 if (authenticate_user($link, $login, $password)) {
                                         $_POST["password"] = "";
  
-                                       if ($remember_me) {
-                                               $_SESSION["cookie_lifetime"] = time() + 
-                                                       SESSION_COOKIE_LIFETIME_REMEMBER;
-                                       } else if (SESSION_COOKIE_LIFETIME) {
-                                               $_SESSION["cookie_lifetime"] = time() + SESSION_COOKIE_LIFETIME;
-                                       }
-
-                                       setcookie("ttrss_cltime", $_SESSION["cookie_lifetime"], 
-                                               $_SESSION["cookie_lifetime"]);
-
                                         header("Location: " . $_SERVER["REQUEST_URI"]);
                                         exit;
  
@@ -1244,17 +1212,16 @@
                                 }
                         }
  
-                       if (!$session_started) {
-                               require_once "sessions.php";
-                       }
+//                     print session_id();
+//                     print_r($_SESSION);
  
                         if (!$_SESSION["uid"] || !validate_session($link)) {
                                 render_login_form($link);
                                 exit;
                         }
  
+
                 } else {
-                       require_once "sessions.php";
                         return authenticate_user($link, "admin", null);
                 }
         }
diff --git a/login_form.php b/login_form.php

index 0ecf3cc120837df4cc503dc8ad04dba7598a2f97..7ee53eb90a13e50441c033186523e685880b5282 100644 (file)
--- a/login_form.php
+++ b/login_form.php
@@ -50,10 +50,10 @@ window.onload = init;
                         <td align="right"><input name="login"></td></tr>
                         <tr><td align="right">Password:</td>
                         <td align="right"><input type="password" name="password"></td></tr>
-                       <tr><td colspan="2">
+                       <!-- <tr><td colspan="2">
                                 <input type="checkbox" name="remember_me" id="remember_me">
                                 <label for="remember_me">Remember me on this computer</label>
-                       </td></tr>
+                       </td></tr> -->
                         <tr><td colspan="2" align="right" class="innerLoginCell">
                                 <input type="submit" class="button" value="Login">
                                 <input type="hidden" name="action" value="login">
diff --git a/prefs.php b/prefs.php

index 420bc086784634afea26b54e7376e98c475382e0..ad77d86621b21b2c0bf7ab752bb951874e77ce0e 100644 (file)
--- a/prefs.php
+++ b/prefs.php
@@ -1,6 +1,6 @@
  <?php
         require_once "functions.php"; 
-//     require_once "sessions.php";
+       require_once "sessions.php";
         require_once "sanity_check.php";
         require_once "version.php"; 
         require_once "config.php";
@@ -12,6 +12,10 @@
  
         $dt_add = get_script_dt_add();
  
+       header("Cache-Control: no-cache, max-age=0, must-revalidate");
+       header("Pragma: no-cache");
+       header("Expires: " . gmdate("D, d M Y H:i:s", time()) . " GMT");
+
  ?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
diff --git a/sessions.php b/sessions.php

index e1356262807bf3d8c7cc586956934948055b314f..608323a43f0b1bbec3d3c7db7d5e88dce15f72bd 100644 (file)
--- a/sessions.php
+++ b/sessions.php
@@ -95,7 +95,7 @@
                 session_set_save_handler("open", "close", "read", "write", "destroy", "gc");
         }
  
-//     session_set_cookie_params(SESSION_COOKIE_LIFETIME_REMEMBER);
+       session_set_cookie_params(SESSION_COOKIE_LIFETIME);
  
         session_start();
  ?>
diff --git a/tt-rss.php b/tt-rss.php

index f39396eca251eeb94d09a1ed7fae7b6c0e89174e..ab850f2f44deb11b8f30c0ba509a9dcab7d24aff 100644 (file)
--- a/tt-rss.php
+++ b/tt-rss.php
@@ -1,6 +1,6 @@
  <?php
         require_once "functions.php"; 
-//     require_once "sessions.php";
+       require_once "sessions.php";
         require_once "sanity_check.php";
         require_once "version.php"; 
         require_once "config.php";
@@ -12,6 +12,10 @@
  
         $dt_add = get_script_dt_add();
  
+       header("Cache-Control: no-cache, max-age=0, must-revalidate");
+       header("Pragma: no-cache");
+       header("Expires: " . gmdate("D, d M Y H:i:s", time()) . " GMT");
+
  ?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
author	Andrew Dolgov <fox@bah.spb.su>
	Fri, 2 Mar 2007 11:05:17 +0000 (12:05 +0100)
committer	Andrew Dolgov <fox@bah.spb.su>
	Fri, 2 Mar 2007 11:05:17 +0000 (12:05 +0100)
backend.php		patch \| blob \| blame \| history
functions.php		patch \| blob \| blame \| history
login_form.php		patch \| blob \| blame \| history
prefs.php		patch \| blob \| blame \| history
sessions.php		patch \| blob \| blame \| history
tt-rss.php		patch \| blob \| blame \| history