diff options
author | Andreas Gohr <andi@splitbrain.org> | 2006-10-03 14:15:46 +0200 |
---|---|---|
committer | Andreas Gohr <andi@splitbrain.org> | 2006-10-03 14:15:46 +0200 |
commit | e71ce681bdae620477f46591279412a0143b6b0e (patch) | |
tree | ee04b780f596711f94ad6ae89cc6437e214a8e90 /inc/auth.php | |
parent | 2d18445dc9ce9189da11f62ae9602e1f17ee64b6 (diff) | |
download | rpg-e71ce681bdae620477f46591279412a0143b6b0e.tar.gz rpg-e71ce681bdae620477f46591279412a0143b6b0e.tar.bz2 |
use DOKU_URL as key for sessions and auth cookie #896 #581 #884
This patch changes the DOKU_COOKIE define to be based on the DOKU_URL define.
DOKU_COOKIE is now used as session key as well, making sessions no longer
dependend on the title option. This should fix problems with multiple
wikis on the same host (using the same title) and wikis accessed through
different URLs.
darcs-hash:20061003121546-7ad00-aea4c256b7752815ed422ce74a659152a601d267.gz
Diffstat (limited to 'inc/auth.php')
-rw-r--r-- | inc/auth.php | 24 |
1 files changed, 11 insertions, 13 deletions
diff --git a/inc/auth.php b/inc/auth.php index 987de8595..29f57b29e 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -53,8 +53,6 @@ } } - if (!defined('DOKU_COOKIE')) define('DOKU_COOKIE', 'DW'.md5($conf['title'])); - // do the login either by cookie or provided credentials if($conf['useacl']){ if (!isset($_REQUEST['u'])) $_REQUEST['u'] = ''; @@ -131,10 +129,10 @@ function auth_login($user,$pass,$sticky=false){ setcookie(DOKU_COOKIE,$cookie,$time,'/'); // set session - $_SESSION[$conf['title']]['auth']['user'] = $user; - $_SESSION[$conf['title']]['auth']['pass'] = $pass; - $_SESSION[$conf['title']]['auth']['buid'] = auth_browseruid(); - $_SESSION[$conf['title']]['auth']['info'] = $USERINFO; + $_SESSION[DOKU_COOKIE]['auth']['user'] = $user; + $_SESSION[DOKU_COOKIE]['auth']['pass'] = $pass; + $_SESSION[DOKU_COOKIE]['auth']['buid'] = auth_browseruid(); + $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; return true; }else{ //invalid credentials - log off @@ -147,7 +145,7 @@ function auth_login($user,$pass,$sticky=false){ $cookie = base64_decode($_COOKIE[DOKU_COOKIE]); list($user,$sticky,$pass) = split('\|',$cookie,3); // get session info - $session = $_SESSION[$conf['title']]['auth']; + $session = $_SESSION[DOKU_COOKIE]['auth']; if($user && $pass){ // we got a cookie - see if we can trust it @@ -226,12 +224,12 @@ function auth_logoff(){ global $INFO, $ID; global $auth; - if(isset($_SESSION[$conf['title']]['auth']['user'])) - unset($_SESSION[$conf['title']]['auth']['user']); - if(isset($_SESSION[$conf['title']]['auth']['pass'])) - unset($_SESSION[$conf['title']]['auth']['pass']); - if(isset($_SESSION[$conf['title']]['auth']['info'])) - unset($_SESSION[$conf['title']]['auth']['info']); + if(isset($_SESSION[DOKU_COOKIE]['auth']['user'])) + unset($_SESSION[DOKU_COOKIE]['auth']['user']); + if(isset($_SESSION[DOKU_COOKIE]['auth']['pass'])) + unset($_SESSION[DOKU_COOKIE]['auth']['pass']); + if(isset($_SESSION[DOKU_COOKIE]['auth']['info'])) + unset($_SESSION[DOKU_COOKIE]['auth']['info']); if(isset($_SERVER['REMOTE_USER'])) unset($_SERVER['REMOTE_USER']); $USERINFO=null; //FIXME |