aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBrian Evans <grknight@gentoo.org>2018-01-30 10:18:05 -0500
committerBrian Evans <grknight@gentoo.org>2018-01-30 10:18:05 -0500
commit584d92e682b2fb5f373953ed28e5b802079d4ccc (patch)
treeadac64b041630f1742b6e9d8e5d0325df542f33b
parentFix query errors and missing indexes; add error handling for user facing (diff)
downloadbouncer-584d92e682b2fb5f373953ed28e5b802079d4ccc.tar.gz
bouncer-584d92e682b2fb5f373953ed28e5b802079d4ccc.tar.bz2
bouncer-584d92e682b2fb5f373953ed28e5b802079d4ccc.zip
Fix authentication
-rw-r--r--php/lib/auth.php23
1 files changed, 13 insertions, 10 deletions
diff --git a/php/lib/auth.php b/php/lib/auth.php
index 68bf91a..610b3c2 100644
--- a/php/lib/auth.php
+++ b/php/lib/auth.php
@@ -14,17 +14,17 @@ class Auth {
*/
public static function is_valid_session()
{
- $cookieAdmin = filter_input(INPUT_COOKIE, 'mozilla-mirror-admin');
- if (!empty($cookieAdmin)) { // check cookie
- $res = DB::query("SELECT * FROM mirror_sessions WHERE session_id = ?", [$cookieAdmin]); // check db for id
+ if (session_status() !== PHP_SESSION_ACTIVE) {
+ session_name('mozilla-mirror-admin');
+ session_start();
+ }
+ if (!empty($_SESSION['user'])) { // check cookie
+ $res = DB::query("SELECT * FROM mirror_sessions WHERE session_id = ?", [session_id()]); // check db for id
if ($res && DB::numrows($res)>0) {
$buf = DB::fetch($res,PDO::FETCH_ASSOC);
// comment line below to disable gc and allow multiple sessions per username
- DB::query("DELETE FROM mirror_sessions WHERE username=? AND session_id != ?", [$buf['username'], $cookieAdmin]); // garbage collection
+ DB::query("DELETE FROM mirror_sessions WHERE username=? AND session_id != ?", [$buf['username'], session_id()]); // garbage collection
$user = DB::fetch(DB::query("SELECT * FROM mirror_users WHERE username=?", [$buf['username']]),PDO::FETCH_ASSOC);
- if (empty($_SESSION)) {
- static::create_session($user); // if session isn't started, create it and push user data
- }
return true;
}
}
@@ -74,7 +74,7 @@ public static function create_session($user,$secure=0)
session_name('mozilla-mirror-admin');
session_set_cookie_params(0,'/',$_SERVER['HTTP_HOST'],$secure);
session_start();
- DB::query("INSERT INTO mirror_sessions(session_id,username) VALUES(?,?)", [session_id(), $user['username']]);
+ DB::query("INSERT IGNORE INTO mirror_sessions(session_id,username) VALUES(?,?)", [session_id(), $user['username']]);
$_SESSION['user']=$user;
}
@@ -84,8 +84,11 @@ public static function create_session($user,$secure=0)
public static function logout()
{
// comment line below to keep gc from deleting other sessions for this user
- $cookieAdmin = filter_input(INPUT_COOKIE, 'mozilla-mirror-admin');
- DB::query("DELETE FROM mirror_sessions WHERE session_id=? OR username=?", [$cookieAdmin, $_SESSION['user']['username']]);
+ if (session_status() !== PHP_SESSION_ACTIVE) {
+ session_name('mozilla-mirror-admin');
+ session_start();
+ }
+ DB::query("DELETE FROM mirror_sessions WHERE session_id=? OR username=?", [session_id(), $_SESSION['user']['username']]);
$_COOKIE = array();
$_SESSION = array();
}