From 584d92e682b2fb5f373953ed28e5b802079d4ccc Mon Sep 17 00:00:00 2001 From: Brian Evans Date: Tue, 30 Jan 2018 10:18:05 -0500 Subject: Fix authentication --- php/lib/auth.php | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) (limited to 'php') diff --git a/php/lib/auth.php b/php/lib/auth.php index 68bf91a..610b3c2 100644 --- a/php/lib/auth.php +++ b/php/lib/auth.php @@ -14,17 +14,17 @@ class Auth { */ public static function is_valid_session() { - $cookieAdmin = filter_input(INPUT_COOKIE, 'mozilla-mirror-admin'); - if (!empty($cookieAdmin)) { // check cookie - $res = DB::query("SELECT * FROM mirror_sessions WHERE session_id = ?", [$cookieAdmin]); // check db for id + if (session_status() !== PHP_SESSION_ACTIVE) { + session_name('mozilla-mirror-admin'); + session_start(); + } + if (!empty($_SESSION['user'])) { // check cookie + $res = DB::query("SELECT * FROM mirror_sessions WHERE session_id = ?", [session_id()]); // check db for id if ($res && DB::numrows($res)>0) { $buf = DB::fetch($res,PDO::FETCH_ASSOC); // comment line below to disable gc and allow multiple sessions per username - DB::query("DELETE FROM mirror_sessions WHERE username=? AND session_id != ?", [$buf['username'], $cookieAdmin]); // garbage collection + DB::query("DELETE FROM mirror_sessions WHERE username=? AND session_id != ?", [$buf['username'], session_id()]); // garbage collection $user = DB::fetch(DB::query("SELECT * FROM mirror_users WHERE username=?", [$buf['username']]),PDO::FETCH_ASSOC); - if (empty($_SESSION)) { - static::create_session($user); // if session isn't started, create it and push user data - } return true; } } @@ -74,7 +74,7 @@ public static function create_session($user,$secure=0) session_name('mozilla-mirror-admin'); session_set_cookie_params(0,'/',$_SERVER['HTTP_HOST'],$secure); session_start(); - DB::query("INSERT INTO mirror_sessions(session_id,username) VALUES(?,?)", [session_id(), $user['username']]); + DB::query("INSERT IGNORE INTO mirror_sessions(session_id,username) VALUES(?,?)", [session_id(), $user['username']]); $_SESSION['user']=$user; } @@ -84,8 +84,11 @@ public static function create_session($user,$secure=0) public static function logout() { // comment line below to keep gc from deleting other sessions for this user - $cookieAdmin = filter_input(INPUT_COOKIE, 'mozilla-mirror-admin'); - DB::query("DELETE FROM mirror_sessions WHERE session_id=? OR username=?", [$cookieAdmin, $_SESSION['user']['username']]); + if (session_status() !== PHP_SESSION_ACTIVE) { + session_name('mozilla-mirror-admin'); + session_start(); + } + DB::query("DELETE FROM mirror_sessions WHERE session_id=? OR username=?", [session_id(), $_SESSION['user']['username']]); $_COOKIE = array(); $_SESSION = array(); } -- cgit v1.2.3-65-gdbad