kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

session depended on magic_quotes = on ... it seems like it was the last part of the code which depend on magic_quotes. Fixes compatibility with PHP5.3 and IPv6 clients

This commit is contained in:
Benjamin Sonntag 2010-08-04 14:35:28 +00:00
parent bced228b5e
commit 7f8bbe9885
2 changed files with 27 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
bureau/class/m_mem.php
View File

@ -76,7 +76,7 @@ class m_mem {
* @return boolean TRUE if the user has been successfully connected, or FALSE if an error occured. * @return boolean TRUE if the user has been successfully connected, or FALSE if an error occured.
*/ */
function login($username,$password,$restrictip=0) { function login($username,$password,$restrictip=0) {
global $db,$session,$err,$cuid; global $db,$err,$cuid;
$err->log("mem","login",$username); $err->log("mem","login",$username);
// $username=addslashes($username); // $username=addslashes($username);
// $password=addslashes($password); // $password=addslashes($password);
@ -98,14 +98,14 @@ class m_mem {
$this->user=$db->Record; $this->user=$db->Record;
$cuid=$db->f("uid"); $cuid=$db->f("uid");
if ($restrictip) { if ($restrictip) {
$ip="INET_ATON('".getenv("REMOTE_ADDR")."')"; $ip="'".getenv("REMOTE_ADDR")."'";
} else $ip="0"; } else $ip="''";
/* Close sessions that are more than 2 days old. */ /* Close sessions that are more than 2 days old. */
$db->query("DELETE FROM sessions WHERE DATE_ADD(ts,INTERVAL 2 DAY)<NOW();"); $db->query("DELETE FROM sessions WHERE DATE_ADD(ts,INTERVAL 2 DAY)<NOW();");
/* Open the session : */ /* Open the session : */
$session=md5(uniqid(mt_rand())); $_REQUEST["session"]=md5(uniqid(mt_rand()));
$db->query("insert into sessions (sid,ip,uid) values ('$session',$ip,'$cuid');"); $db->query("insert into sessions (sid,ip,uid) values ('".$_REQUEST["session"]."',$ip,'$cuid');");
setcookie("session",$session,0,"/"); setcookie("session",$_REQUEST["session"],0,"/");
$err->error=0; $err->error=0;
/* Fill in $local */ /* Fill in $local */
$db->query("SELECT * FROM local WHERE uid='$cuid';"); $db->query("SELECT * FROM local WHERE uid='$cuid';");
@ -126,7 +126,7 @@ class m_mem {
* @return boolean TRUE if the user has been successfully connected, FALSE else. * @return boolean TRUE if the user has been successfully connected, FALSE else.
*/ */
function setid($id) { function setid($id) {
global $db,$session,$err,$cuid; global $db,$err,$cuid;
$err->log("mem","setid",$username); $err->log("mem","setid",$username);
$db->query("select * from membres where uid='$id';"); $db->query("select * from membres where uid='$id';");
if ($db->num_rows()==0) { if ($db->num_rows()==0) {
@ -137,9 +137,9 @@ class m_mem {
$this->user=$db->Record; $this->user=$db->Record;
$cuid=$db->f("uid"); $cuid=$db->f("uid");
$ip=getenv("REMOTE_ADDR"); $ip=getenv("REMOTE_ADDR");
$session=md5(uniqid(mt_rand())); $_REQUEST["session"]=md5(uniqid(mt_rand()));
$db->query("insert into sessions (sid,ip,uid) values ('$session',INET_ATON('$ip'),'$cuid');"); $db->query("insert into sessions (sid,ip,uid) values ('".$_REQUEST["session"]."','$ip','$cuid');");
setcookie("session",$session,0,"/"); setcookie("session",$_REQUEST["session"],0,"/");
$err->error=0; $err->error=0;
/* Fill in $local */ /* Fill in $local */
$db->query("SELECT * FROM local WHERE uid='$cuid';"); $db->query("SELECT * FROM local WHERE uid='$cuid';");
@ -171,17 +171,17 @@ class m_mem {
* @return TRUE si la session est correcte, FALSE sinon. * @return TRUE si la session est correcte, FALSE sinon.
*/ */
function checkid() { function checkid() {
global $db,$err,$session,$username,$password,$cuid,$restrictip; global $db,$err,$cuid,$restrictip;
if ($username && $password) { if ($_REQUEST["username"] && $_REQUEST["password"]) {
return $this->login($username,$password,$restrictip); return $this->login($_REQUEST["username"],$_REQUEST["password"],$_REQUEST["restrictip"]);
} }
$session=addslashes($session); $_COOKIE["session"]=addslashes($_COOKIE["session"]);
if (strlen($session)!=32) { if (strlen($_COOKIE["session"])!=32) {
$err->raise("mem",3); $err->raise("mem",3);
return false; return false;
} }
$ip=getenv("REMOTE_ADDR"); $ip=getenv("REMOTE_ADDR");
$db->query("select uid,INET_ATON('$ip') as me,ip from sessions where sid='$session'"); $db->query("select uid,'$ip' as me,ip from sessions where sid='".$_COOKIE["session"]."'");
if ($db->num_rows()==0) { if ($db->num_rows()==0) {
$err->raise("mem",4); $err->raise("mem",4);
return false; return false;
@ -246,20 +246,20 @@ class m_mem {
* @return boolean TRUE si la session a bien été détruite, FALSE sinon. * @return boolean TRUE si la session a bien été détruite, FALSE sinon.
*/ */
function del_session() { function del_session() {
global $db,$session,$user,$err,$cuid,$classes; global $db,$user,$err,$cuid,$classes;
$err->log("mem","del_session"); $err->log("mem","del_session");
$session=addslashes($session); $_COOKIE["session"]=addslashes($_COOKIE["session"]);
setcookie("session","",0,"/"); setcookie("session","",0,"/");
if ($session=="") { if ($_COOKIE["session"]=="") {
$err->error=0; $err->error=0;
return true; return true;
} }
if (strlen($session)!=32) { if (strlen($_COOKIE["session"])!=32) {
$err->raise("mem",3); $err->raise("mem",3);
return false; return false;
} }
$ip=getenv("REMOTE_ADDR"); $ip=getenv("REMOTE_ADDR");
$db->query("select uid,INET_ATON('$ip') as me,ip from sessions where sid='$session'"); $db->query("select uid,'$ip' as me,ip from sessions where sid='".$_COOKIE["session"]."'");
if ($db->num_rows()==0) { if ($db->num_rows()==0) {
$err->raise("mem",4); $err->raise("mem",4);
return false; return false;
@ -270,7 +270,7 @@ class m_mem {
return false; return false;
} }
$cuid=$db->f("uid"); $cuid=$db->f("uid");
$db->query("delete from sessions where sid='$session';"); $db->query("delete from sessions where sid='".$_COOKIE["session"]."';");
$err->error=0; $err->error=0;
# Invoker le logout dans toutes les autres classes # Invoker le logout dans toutes les autres classes

5
install/upgrades/0.9.10.sql
View File

@ -38,3 +38,8 @@ CREATE TABLE IF NOT EXISTS `size_mailman` (
KEY `uid` (`uid`) KEY `uid` (`uid`)
) ENGINE=MyISAM COMMENT='Mailman Lists used space'; ) ENGINE=MyISAM COMMENT='Mailman Lists used space';
-- IPv6 compatibility :
ALTER TABLE `slaveip` CHANGE `ip` `ip` VARCHAR(40);
ALTER TABLE `sessions` CHANGE `ip` `ip` VARCHAR( 40 ) NULL;