diff options
| author | Chris Smith <chris.eureka@jalakai.co.uk> | 2008-10-13 14:29:58 +0200 |
|---|---|---|
| committer | Chris Smith <chris.eureka@jalakai.co.uk> | 2008-10-13 14:29:58 +0200 |
| commit | a0b5b0074b100dea11db99887fd7145e18fc50d3 (patch) | |
| tree | c921660e0278587ea7c2ccf17e5d6c32be04f774 /inc/auth.php | |
| parent | 55eea442360b84450c3b7618fafaba3f75885294 (diff) | |
| download | rpg-a0b5b0074b100dea11db99887fd7145e18fc50d3.tar.gz rpg-a0b5b0074b100dea11db99887fd7145e18fc50d3.tar.bz2 | |
Fix for FS#1050
Update cookie and session with new details after an "update profile" action
darcs-hash:20081013122958-f07c6-244b949b074ac73711c61833f1fa663e55da19c7.gz
Diffstat (limited to 'inc/auth.php')
| -rw-r--r-- | inc/auth.php | 59 |
1 files changed, 39 insertions, 20 deletions
diff --git a/inc/auth.php b/inc/auth.php index 0d267cb27..62a093de4 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -132,25 +132,7 @@ function auth_login($user,$pass,$sticky=false,$silent=false){ if ($auth->checkPass($user,$pass)){ // make logininfo globally available $_SERVER['REMOTE_USER'] = $user; - $USERINFO = $auth->getUserData($user); - - // set cookie - $pass = PMA_blowfish_encrypt($pass,auth_cookiesalt()); - $cookie = base64_encode("$user|$sticky|$pass"); - if($sticky) $time = time()+60*60*24*365; //one year - if (version_compare(PHP_VERSION, '5.2.0', '>')) { - setcookie(DOKU_COOKIE,$cookie,$time,DOKU_REL,'',($conf['securecookie'] && is_ssl()),true); - }else{ - setcookie(DOKU_COOKIE,$cookie,$time,DOKU_REL,'',($conf['securecookie'] && is_ssl())); - } - - // set session - $_SESSION[DOKU_COOKIE]['auth']['user'] = $user; - $_SESSION[DOKU_COOKIE]['auth']['pass'] = $pass; - $_SESSION[DOKU_COOKIE]['auth']['buid'] = auth_browseruid(); - $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; - $_SESSION[DOKU_COOKIE]['auth']['time'] = time(); - + auth_setCookie($user,PMA_blowfish_encrypt($pass,auth_cookiesalt()),$sticky); return true; }else{ //invalid credentials - log off @@ -735,7 +717,14 @@ function updateprofile() { } } - return $auth->triggerUserMod('modify', array($_SERVER['REMOTE_USER'], $changes)); + if ($result = $auth->triggerUserMod('modify', array($_SERVER['REMOTE_USER'], $changes))) { + // update cookie and session with the changed data + $cookie = base64_decode($_COOKIE[DOKU_COOKIE]); + list($user,$sticky,$pass) = split('\|',$cookie,3); + if ($changes['pass']) $pass = PMA_blowfish_encrypt($changes['pass'],auth_cookiesalt()); + + auth_setCookie($_SERVER['REMOTE_USER'],$pass,(bool)$sticky); + } } /** @@ -993,4 +982,34 @@ function auth_verifyPassword($clear,$crypt){ return false; } +/** + * Set the authentication cookie and add user identification data to the session + * + * @param string $user username + * @param string $pass encrypted password + * @param bool $sticky whether or not the cookie will last beyond the session + */ +function auth_setCookie($user,$pass,$sticky) { + global $conf; + global $auth; + + $USERINFO = $auth->getUserData($user); + + // set cookie + $cookie = base64_encode("$user|$sticky|$pass"); + if($sticky) $time = time()+60*60*24*365; //one year + if (version_compare(PHP_VERSION, '5.2.0', '>')) { + setcookie(DOKU_COOKIE,$cookie,$time,DOKU_REL,'',($conf['securecookie'] && is_ssl()),true); + }else{ + setcookie(DOKU_COOKIE,$cookie,$time,DOKU_REL,'',($conf['securecookie'] && is_ssl())); + } + + // set session + $_SESSION[DOKU_COOKIE]['auth']['user'] = $user; + $_SESSION[DOKU_COOKIE]['auth']['pass'] = $pass; + $_SESSION[DOKU_COOKIE]['auth']['buid'] = auth_browseruid(); + $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; + $_SESSION[DOKU_COOKIE]['auth']['time'] = time(); +} + //Setup VIM: ex: et ts=2 enc=utf-8 : |