mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-28 14:18:52 +00:00
Remove use of serialize for session cookie data, no need for it anymore ... at least I can't think of one.
git-svn-id: file:///svn/phpbb/trunk@5177 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen
parent
fad1f39abe
commit
7146a6bc41
1 changed files with 14 additions and 34 deletions
|
|
@ -54,7 +54,11 @@ class session
|
|||
$this->cookie_data = array();
|
||||
if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_data']))
|
||||
{
|
||||
$this->cookie_data = (!empty($_COOKIE[$config['cookie_name'] . '_data'])) ? unserialize(stripslashes($_COOKIE[$config['cookie_name'] . '_data'])) : array();
|
||||
// Santise k? Is there a need? It's escaped for DB entry in relevant location
|
||||
// and isn't used directly anywhere else (nor should it!)
|
||||
$this->cookie_data['u'] = (!empty($_COOKIE[$config['cookie_name'] . '_u'])) ? (int) $_COOKIE[$config['cookie_name'] . '_u'] : 0;
|
||||
$this->cookie_data['k'] = (!empty($_COOKIE[$config['cookie_name'] . '_k'])) ? (string) $_COOKIE[$config['cookie_name'] . '_k'] : '';
|
||||
|
||||
$this->session_id = request_var($config['cookie_name'] . '_sid', '');
|
||||
$SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
|
||||
}
|
||||
|
|
@ -342,7 +346,10 @@ class session
|
|||
$SID = '?sid=';
|
||||
if (!$bot)
|
||||
{
|
||||
$this->set_cookie('data', serialize($this->cookie_data), $this->time_now + 31536000);
|
||||
$cookie_expire = ($config['max_autologin_time']) ? 86400 * (int) $config['max_autologin_time'] : 31536000;
|
||||
|
||||
$this->set_cookie('u', $this->cookie_data['u'], $this->time_now + $cookie_expire);
|
||||
$this->set_cookie('k', $this->cookie_data['k'], $this->time_now + $cookie_expire);
|
||||
$this->set_cookie('sid', $this->session_id, 0);
|
||||
|
||||
$SID = '?sid=' . $this->session_id;
|
||||
|
|
@ -352,6 +359,7 @@ class session
|
|||
// global $evt;
|
||||
// $evt->trigger(EVT_NEW_SESSION, $this->data);
|
||||
}
|
||||
unset($cookie_expire);
|
||||
}
|
||||
|
||||
return true;
|
||||
|
|
@ -394,7 +402,8 @@ class session
|
|||
$db->sql_freeresult($result);
|
||||
}
|
||||
|
||||
$this->set_cookie('data', '', $this->time_now - 31536000);
|
||||
$this->set_cookie('u', '', $this->time_now - 31536000);
|
||||
$this->set_cookie('k', '', $this->time_now - 31536000);
|
||||
$this->set_cookie('sid', '', $this->time_now - 31536000);
|
||||
|
||||
$SID = '?sid=';
|
||||
|
|
@ -658,6 +667,7 @@ class session
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Base user class
|
||||
*
|
||||
|
|
@ -1084,18 +1094,6 @@ class user extends session
|
|||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
class auth
|
||||
{
|
||||
var $founder = false;
|
||||
|
|
@ -1423,25 +1421,7 @@ class auth
|
|||
return;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
// @todo replace this with a new system
|
||||
// Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
|
||||
function login($username, $password, $autologin = false, $viewonline = 1, $admin = 0)
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue