makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Remove use of serialize for session cookie data, no need for it anymore ... at least I can't think of one.

Browse source 
git-svn-id: file:///svn/phpbb/trunk@5177 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2005-07-05 01:01:31 +00:00
parent fad1f39abe
commit 7146a6bc41
1 changed files with 14 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
phpBB/includes/session.php
View file

@ -54,7 +54,11 @@ class session
$this->cookie_data = array(); $this->cookie_data = array();
if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_data'])) if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_data']))
{ {
$this->cookie_data = (!empty($_COOKIE[$config['cookie_name'] . '_data'])) ? unserialize(stripslashes($_COOKIE[$config['cookie_name'] . '_data'])) : array(); // Santise k? Is there a need? It's escaped for DB entry in relevant location
// and isn't used directly anywhere else (nor should it!)
$this->cookie_data['u'] = (!empty($_COOKIE[$config['cookie_name'] . '_u'])) ? (int) $_COOKIE[$config['cookie_name'] . '_u'] : 0;
$this->cookie_data['k'] = (!empty($_COOKIE[$config['cookie_name'] . '_k'])) ? (string) $_COOKIE[$config['cookie_name'] . '_k'] : '';
$this->session_id = request_var($config['cookie_name'] . '_sid', ''); $this->session_id = request_var($config['cookie_name'] . '_sid', '');
$SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid='; $SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
} }
@ -342,7 +346,10 @@ class session
$SID = '?sid='; $SID = '?sid=';
if (!$bot) if (!$bot)
{ {
$this->set_cookie('data', serialize($this->cookie_data), $this->time_now + 31536000); $cookie_expire = ($config['max_autologin_time']) ? 86400 * (int) $config['max_autologin_time'] : 31536000;
$this->set_cookie('u', $this->cookie_data['u'], $this->time_now + $cookie_expire);
$this->set_cookie('k', $this->cookie_data['k'], $this->time_now + $cookie_expire);
$this->set_cookie('sid', $this->session_id, 0); $this->set_cookie('sid', $this->session_id, 0);
$SID = '?sid=' . $this->session_id; $SID = '?sid=' . $this->session_id;
@ -352,6 +359,7 @@ class session
// global $evt; // global $evt;
// $evt->trigger(EVT_NEW_SESSION, $this->data); // $evt->trigger(EVT_NEW_SESSION, $this->data);
} }
unset($cookie_expire);
} }
return true; return true;
@ -394,7 +402,8 @@ class session
$db->sql_freeresult($result); $db->sql_freeresult($result);
} }
$this->set_cookie('data', '', $this->time_now - 31536000); $this->set_cookie('u', '', $this->time_now - 31536000);
$this->set_cookie('k', '', $this->time_now - 31536000);
$this->set_cookie('sid', '', $this->time_now - 31536000); $this->set_cookie('sid', '', $this->time_now - 31536000);
$SID = '?sid='; $SID = '?sid=';
@ -658,6 +667,7 @@ class session
} }
} }
/** /**
* Base user class * Base user class
* *
@ -1084,18 +1094,6 @@ class user extends session
} }
class auth class auth
{ {
var $founder = false; var $founder = false;
@ -1423,25 +1421,7 @@ class auth
return; return;
} }
// @todo replace this with a new system
// Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him. // Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
function login($username, $password, $autologin = false, $viewonline = 1, $admin = 0) function login($username, $password, $autologin = false, $viewonline = 1, $admin = 0)
{ {