better error reporting for rememberme cookie handling
rememberme cookies are probably the most complained-about parts of the system. We use "weak", one-use, low-info cookies that don't allow changing settings like passwords or email addresses. This change adds some better error-reporting to the rememberme function. Hopefully we'll find out if there are other rm problem. darcs-hash:20081209170413-84dde-6845ae5524d3ee1d1a491548bb22386f11f0e867.gz
This commit is contained in:
parent
a61c7546c8
commit
ed440c734e
84
lib/util.php
84
lib/util.php
@ -620,33 +620,65 @@ function common_rememberme($user=NULL) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function common_remembered_user() {
|
function common_remembered_user() {
|
||||||
|
|
||||||
$user = NULL;
|
$user = NULL;
|
||||||
# Try to remember
|
|
||||||
$packed = isset($_COOKIE[REMEMBERME]) ? $_COOKIE[REMEMBERME] : '';
|
$packed = isset($_COOKIE[REMEMBERME]) ? $_COOKIE[REMEMBERME] : NULL;
|
||||||
if ($packed) {
|
|
||||||
list($id, $code) = explode(':', $packed);
|
if (!$packed) {
|
||||||
if ($id && $code) {
|
return NULL;
|
||||||
$rm = Remember_me::staticGet($code);
|
}
|
||||||
if ($rm && ($rm->user_id == $id)) {
|
|
||||||
$user = User::staticGet($rm->user_id);
|
list($id, $code) = explode(':', $packed);
|
||||||
if ($user) {
|
|
||||||
# successful!
|
if (!$id || !$code) {
|
||||||
$result = $rm->delete();
|
common_warning('Malformed rememberme cookie: ' . $packed);
|
||||||
if (!$result) {
|
common_forgetme();
|
||||||
common_log_db_error($rm, 'DELETE', __FILE__);
|
return NULL;
|
||||||
$user = NULL;
|
}
|
||||||
} else {
|
|
||||||
common_log(LOG_INFO, 'logging in ' . $user->nickname . ' using rememberme code ' . $rm->code);
|
$rm = Remember_me::staticGet($code);
|
||||||
common_set_user($user->nickname);
|
|
||||||
common_real_login(false);
|
if (!$rm) {
|
||||||
# We issue a new cookie, so they can log in
|
common_warning('No such remember code: ' . $code);
|
||||||
# automatically again after this session
|
common_forgetme();
|
||||||
common_rememberme($user);
|
return NULL;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}
|
if ($rm->user_id != $id) {
|
||||||
}
|
common_warning('Rememberme code for wrong user: ' . $rm->user_id . ' != ' . $id);
|
||||||
}
|
common_forgetme();
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
$user = User::staticGet($rm->user_id);
|
||||||
|
|
||||||
|
if (!$user) {
|
||||||
|
common_warning('No such user for rememberme: ' . $rm->user_id);
|
||||||
|
common_forgetme();
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
# successful!
|
||||||
|
$result = $rm->delete();
|
||||||
|
|
||||||
|
if (!$result) {
|
||||||
|
common_log_db_error($rm, 'DELETE', __FILE__);
|
||||||
|
common_warning('Could not delete rememberme: ' . $code);
|
||||||
|
common_forgetme();
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
common_log(LOG_INFO, 'logging in ' . $user->nickname . ' using rememberme code ' . $rm->code);
|
||||||
|
|
||||||
|
common_set_user($user->nickname);
|
||||||
|
common_real_login(false);
|
||||||
|
|
||||||
|
# We issue a new cookie, so they can log in
|
||||||
|
# automatically again after this session
|
||||||
|
|
||||||
|
common_rememberme($user);
|
||||||
|
|
||||||
return $user;
|
return $user;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user