makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 22:28:51 +00:00
Code Issues Projects Releases Packages Wiki Activity

More sid checks ... perhaps a bit OTT but better "safe" than sorry

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3169 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2002-12-03 18:03:00 +00:00
parent 7e6340e34d
commit 9f138d01f6
2 changed files with 23 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
phpBB/includes/page_header.php
View file

@ -70,12 +70,12 @@ $template->set_filenames(array(
//
if ( $userdata['session_logged_in'] )
{
$u_login_logout = 'login.'.$phpEx.'?logout=true';
$u_login_logout = 'login.'.$phpEx.'?logout=true&sid=' . $userdata['session_id'];
$l_login_logout = $lang['Logout'] . ' [ ' . $userdata['username'] . ' ]';
}
else
{
$u_login_logout = 'login.'.$phpEx;
$u_login_logout = 'login.'.$phpEx . '&sid=' . $userdata['session_id'];
$l_login_logout = $lang['Login'];
}

31
phpBB/login.php
View file

@ -40,13 +40,24 @@ init_userprefs($userdata);
// End session management
//
// session id check
if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid']))
{
$sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];
}
else
{
$sid = '';
}
if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) )
{
//
// This appears to work for IIS5 CGI under Win2K. Uses getenv
// since this doesn't exist for ISAPI mode and therefore the
// normal Location redirector is used in preference
//
// session id check
if ($sid == '' || $sid != $userdata['session_id'])
{
message_die(ERROR, 'Invalid_session');
}
if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && !$userdata['session_logged_in'] )
{
$username = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : '';
@ -90,10 +101,10 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
$redirect = str_replace("?", "&", $redirect);
$template->assign_vars(array(
'META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("login.$phpEx?redirect=$redirect") . '">')
'META' => '<meta http-equiv="refresh" content="3;url=' . "login.$phpEx?redirect=$redirect&amp;sid=" . $userdata['session_id'] . '">')
);
$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], '<a href="' . append_sid("login.$phpEx?redirect=$redirect") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], '<a href="' . "login.$phpEx?redirect=$redirect&amp;sid=" . $userdata['session_id'] . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
@ -105,10 +116,10 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
$redirect = str_replace("?", "&", $redirect);
$template->assign_vars(array(
'META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("login.$phpEx?redirect=$redirect") . '">')
'META' => '<meta http-equiv="refresh" content="3;url=' . "login.$phpEx?redirect=$redirect&amp;sid=" . $userdata['session_id'] . '">')
);
$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], '<a href="' . append_sid("login.$phpEx?redirect=$redirect") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], '<a href="' . "login.$phpEx?redirect=$redirect&amp;sid=" . $userdata['session_id'] . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
@ -190,7 +201,7 @@ else
$username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : '';
$s_hidden_fields = '<input type="hidden" name="redirect" value="' . $forward_page . '" />';
$s_hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="redirect" value="' . $forward_page . '" />';
make_jumpbox('viewforum.'.$phpEx, $forum_id);
$template->assign_vars(array(