diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2006-10-03 14:15:46 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2006-10-03 14:15:46 +0200 |
| commit | e71ce681bdae620477f46591279412a0143b6b0e (patch) | |
| tree | ee04b780f596711f94ad6ae89cc6437e214a8e90 | |
| parent | 2d18445dc9ce9189da11f62ae9602e1f17ee64b6 (diff) | |
| download | rpg-e71ce681bdae620477f46591279412a0143b6b0e.tar.gz rpg-e71ce681bdae620477f46591279412a0143b6b0e.tar.bz2 | |
use DOKU_URL as key for sessions and auth cookie #896 #581 #884
This patch changes the DOKU_COOKIE define to be based on the DOKU_URL define.
DOKU_COOKIE is now used as session key as well, making sessions no longer
dependend on the title option. This should fix problems with multiple
wikis on the same host (using the same title) and wikis accessed through
different URLs.
darcs-hash:20061003121546-7ad00-aea4c256b7752815ed422ce74a659152a601d267.gz
| -rw-r--r-- | inc/auth.php | 24 | ||||
| -rw-r--r-- | inc/auth/basic.class.php | 6 | ||||
| -rw-r--r-- | inc/auth/punbb.class.php | 4 | ||||
| -rw-r--r-- | inc/common.php | 6 | ||||
| -rw-r--r-- | inc/init.php | 3 | ||||
| -rw-r--r-- | inc/toolbar.php | 4 |
6 files changed, 24 insertions, 23 deletions
diff --git a/inc/auth.php b/inc/auth.php index 987de8595..29f57b29e 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -53,8 +53,6 @@ } } - if (!defined('DOKU_COOKIE')) define('DOKU_COOKIE', 'DW'.md5($conf['title'])); - // do the login either by cookie or provided credentials if($conf['useacl']){ if (!isset($_REQUEST['u'])) $_REQUEST['u'] = ''; @@ -131,10 +129,10 @@ function auth_login($user,$pass,$sticky=false){ setcookie(DOKU_COOKIE,$cookie,$time,'/'); // set session - $_SESSION[$conf['title']]['auth']['user'] = $user; - $_SESSION[$conf['title']]['auth']['pass'] = $pass; - $_SESSION[$conf['title']]['auth']['buid'] = auth_browseruid(); - $_SESSION[$conf['title']]['auth']['info'] = $USERINFO; + $_SESSION[DOKU_COOKIE]['auth']['user'] = $user; + $_SESSION[DOKU_COOKIE]['auth']['pass'] = $pass; + $_SESSION[DOKU_COOKIE]['auth']['buid'] = auth_browseruid(); + $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; return true; }else{ //invalid credentials - log off @@ -147,7 +145,7 @@ function auth_login($user,$pass,$sticky=false){ $cookie = base64_decode($_COOKIE[DOKU_COOKIE]); list($user,$sticky,$pass) = split('\|',$cookie,3); // get session info - $session = $_SESSION[$conf['title']]['auth']; + $session = $_SESSION[DOKU_COOKIE]['auth']; if($user && $pass){ // we got a cookie - see if we can trust it @@ -226,12 +224,12 @@ function auth_logoff(){ global $INFO, $ID; global $auth; - if(isset($_SESSION[$conf['title']]['auth']['user'])) - unset($_SESSION[$conf['title']]['auth']['user']); - if(isset($_SESSION[$conf['title']]['auth']['pass'])) - unset($_SESSION[$conf['title']]['auth']['pass']); - if(isset($_SESSION[$conf['title']]['auth']['info'])) - unset($_SESSION[$conf['title']]['auth']['info']); + if(isset($_SESSION[DOKU_COOKIE]['auth']['user'])) + unset($_SESSION[DOKU_COOKIE]['auth']['user']); + if(isset($_SESSION[DOKU_COOKIE]['auth']['pass'])) + unset($_SESSION[DOKU_COOKIE]['auth']['pass']); + if(isset($_SESSION[DOKU_COOKIE]['auth']['info'])) + unset($_SESSION[DOKU_COOKIE]['auth']['info']); if(isset($_SERVER['REMOTE_USER'])) unset($_SERVER['REMOTE_USER']); $USERINFO=null; //FIXME diff --git a/inc/auth/basic.class.php b/inc/auth/basic.class.php index faffa4cea..79fb04a1c 100644 --- a/inc/auth/basic.class.php +++ b/inc/auth/basic.class.php @@ -147,9 +147,9 @@ class auth_basic { # $USERINFO['mail'] = 'FIXME'; # $USERINFO['grps'] = array('FIXME'); # $_SERVER['REMOTE_USER'] = $user; -# $_SESSION[$conf['title']]['auth']['user'] = $user; -# $_SESSION[$conf['title']]['auth']['pass'] = $pass; -# $_SESSION[$conf['title']]['auth']['info'] = $USERINFO; +# $_SESSION[DOKU_COOKIE]['auth']['user'] = $user; +# $_SESSION[DOKU_COOKIE]['auth']['pass'] = $pass; +# $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; # return true; } diff --git a/inc/auth/punbb.class.php b/inc/auth/punbb.class.php index fb9b905ff..7cef0d733 100644 --- a/inc/auth/punbb.class.php +++ b/inc/auth/punbb.class.php @@ -141,8 +141,8 @@ class auth_punbb extends auth_mysql { $USERINFO['grps'] = array($pun_user['g_title']); $_SERVER['REMOTE_USER'] = $pun_user['username']; - $_SESSION[$conf['title']]['auth']['user'] = $pun_user['username']; - $_SESSION[$conf['title']]['auth']['info'] = $USERINFO; + $_SESSION[DOKU_COOKIE]['auth']['user'] = $pun_user['username']; + $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; return true; } diff --git a/inc/common.php b/inc/common.php index f42ddb1e5..88891af74 100644 --- a/inc/common.php +++ b/inc/common.php @@ -183,7 +183,7 @@ function breadcrumbs(){ global $ID; global $ACT; global $conf; - $crumbs = $_SESSION[$conf['title']]['bc']; + $crumbs = $_SESSION[DOKU_COOKIE]['bc']; //first visit? if (!is_array($crumbs)){ @@ -192,7 +192,7 @@ function breadcrumbs(){ //we only save on show and existing wiki documents $file = wikiFN($ID); if($ACT != 'show' || !@file_exists($file)){ - $_SESSION[$conf['title']]['bc'] = $crumbs; + $_SESSION[DOKU_COOKIE]['bc'] = $crumbs; return $crumbs; } @@ -218,7 +218,7 @@ function breadcrumbs(){ array_shift($crumbs); } //save to session - $_SESSION[$conf['title']]['bc'] = $crumbs; + $_SESSION[DOKU_COOKIE]['bc'] = $crumbs; return $crumbs; } diff --git a/inc/init.php b/inc/init.php index d28e179c3..552f98526 100644 --- a/inc/init.php +++ b/inc/init.php @@ -55,6 +55,9 @@ if(!defined('DOKU_BASE')) define('DOKU_BASE',getBaseURL()); if(!defined('DOKU_URL')) define('DOKU_URL',getBaseURL(true)); + // define cookie and session id + if (!defined('DOKU_COOKIE')) define('DOKU_COOKIE', 'DW'.md5(DOKU_URL)); + // define Plugin dir if(!defined('DOKU_PLUGIN')) define('DOKU_PLUGIN',DOKU_INC.'lib/plugins/'); diff --git a/inc/toolbar.php b/inc/toolbar.php index 3cd58e5c6..66780ac50 100644 --- a/inc/toolbar.php +++ b/inc/toolbar.php @@ -186,8 +186,8 @@ function toolbar_signature(){ $sig = $conf['signature']; $sig = strftime($sig); $sig = str_replace('@USER@',$_SERVER['REMOTE_USER'],$sig); - $sig = str_replace('@NAME@',$_SESSION[$conf['title']]['auth']['info']['name'],$sig); - $sig = str_replace('@MAIL@',$_SESSION[$conf['title']]['auth']['info']['mail'],$sig); + $sig = str_replace('@NAME@',$_SESSION[DOKU_COOKIE]['auth']['info']['name'],$sig); + $sig = str_replace('@MAIL@',$_SESSION[DOKU_COOKIE]['auth']['info']['mail'],$sig); $sig = str_replace('@DATE@',date($conf['dformat']),$sig); $sig = str_replace('\\\\n','\\n',addslashes($sig)); return $sig; |