- Timestamp:
- Mar 7, 2019 9:07:15 PM (5 years ago)
- Location:
- trunk/lib
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/App.inc.php
r670 r671 479 479 */ 480 480 481 $safe_http_host = preg_replace('/[^a-z\d. -]/', '', getenv('HTTP_HOST'));481 $safe_http_host = preg_replace('/[^a-z\d.:-]/', '', getenv('HTTP_HOST')); 482 482 if ('' != $safe_http_host && '' == $this->getParam('site_hostname')) { 483 483 $this->setParam(array('site_hostname' => $safe_http_host)); -
trunk/lib/Auth_SQL.inc.php
r634 r671 381 381 $_SESSION['_auth_sql'][$this->_ns]['user_data'] = array(); 382 382 } 383 $_SESSION['_auth_sql'][$this->_ns]['user_data'][$key] = $val; 383 384 if (isset($_SESSION['_auth_sql'][$this->_ns][$key])) { 385 $_SESSION['_auth_sql'][$this->_ns][$key] = $val; 386 } else { 387 $_SESSION['_auth_sql'][$this->_ns]['user_data'][$key] = $val; 388 } 384 389 } 385 390 … … 617 622 // Check the login status of a specific user. 618 623 $qid = $db->query(" 619 SELECT 1 FROM " . $this->_params['db_table'] . " 624 SELECT 625 TIMESTAMPDIFF(SECOND, last_login_datetime, NOW()) AS seconds_since_last_login, 626 TIMESTAMPDIFF(SECOND, last_access_datetime, NOW()) AS seconds_since_last_access 627 FROM " . $this->_params['db_table'] . " 620 628 WHERE " . $this->_params['db_primary_key'] . " = '" . $db->escapeString($user_id) . "' 621 AND last_login_datetime > DATE_SUB(NOW(), INTERVAL '" . $ this->_params['login_timeout']. "' SECOND)622 AND last_access_datetime > DATE_SUB(NOW(), INTERVAL '" . $ this->_params['idle_timeout']. "' SECOND)629 AND last_login_datetime > DATE_SUB(NOW(), INTERVAL '" . $db->escapeString($this->_params['login_timeout']) . "' SECOND) 630 AND last_access_datetime > DATE_SUB(NOW(), INTERVAL '" . $db->escapeString($this->_params['idle_timeout']) . "' SECOND) 623 631 "); 624 $login_status = (mysql_num_rows($qid) > 0); 625 $app->logMsg(sprintf('Returning %s login status for user_id %s', ($login_status ? 'true' : 'false'), $user_id), LOG_DEBUG, __FILE__, __LINE__); 626 return $login_status; 632 $result = mysql_fetch_assoc($qid); 633 if (mysql_num_rows($qid) > 0 && isset($result['seconds_since_last_login']) && isset($result['seconds_since_last_access'])) { 634 $seconds_until_login_timeout = max(0, $this->_params['login_timeout'] - $result['seconds_since_last_login']); 635 $seconds_until_idle_timeout = max(0, $this->_params['idle_timeout'] - $result['seconds_since_last_access']); 636 $session_expiry_seconds = min($seconds_until_login_timeout, $seconds_until_idle_timeout); 637 $app->logMsg(sprintf('Returning true login status for user_id %s (session expires in %s seconds)', $user_id, $session_expiry_seconds), LOG_DEBUG, __FILE__, __LINE__); 638 return $session_expiry_seconds; 639 } else { 640 $app->logMsg(sprintf('Returning false login status for user_id %s', $user_id), LOG_DEBUG, __FILE__, __LINE__); 641 return false; 642 } 627 643 } 628 644 … … 672 688 ) { 673 689 // User is authenticated! 674 $_SESSION['_auth_sql'][$this->_ns]['last_access_datetime'] = date('Y-m-d H:i:s'); 690 691 // Update the last_access_datetime to now. 692 $this->set('last_access_datetime', date('Y-m-d H:i:s')); 675 693 676 694 // Update the DB with the last_access_datetime and increment the seconds_online. -
trunk/lib/Utilities.inc.php
r670 r671 1405 1405 function absoluteMe() 1406 1406 { 1407 $safe_http_host = preg_replace('/[^a-z\d. -]/', '', getenv('HTTP_HOST'));1407 $safe_http_host = preg_replace('/[^a-z\d.:-]/', '', getenv('HTTP_HOST')); 1408 1408 return sprintf('%s://%s%s', (getenv('HTTPS') ? 'https' : 'http'), $safe_http_host, getenv('REQUEST_URI')); 1409 1409 }
Note: See TracChangeset
for help on using the changeset viewer.