diff options
| author | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-12-24 06:32:17 +0000 |
|---|---|---|
| committer | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-12-24 06:32:17 +0000 |
| commit | 74ff21838d600bc36014953db8e6c51db7ce33a4 (patch) | |
| tree | a9e982401f0c7e0a8027e4a9336eea780cbedf12 /lib | |
| parent | f6ea76097eec3f0b5d39d5e6320242a743f74ac1 (diff) | |
| download | ampache-74ff21838d600bc36014953db8e6c51db7ce33a4.tar.gz ampache-74ff21838d600bc36014953db8e6c51db7ce33a4.tar.bz2 ampache-74ff21838d600bc36014953db8e6c51db7ce33a4.zip | |
changed alpha4 to beta1, updated translation base files, corrected mysql_auth logic
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/class/vauth.class.php | 41 | ||||
| -rw-r--r-- | lib/init.php | 2 | ||||
| -rw-r--r-- | lib/install.php | 2 |
3 files changed, 23 insertions, 22 deletions
diff --git a/lib/class/vauth.class.php b/lib/class/vauth.class.php index 94210381..cc9b23e2 100644 --- a/lib/class/vauth.class.php +++ b/lib/class/vauth.class.php @@ -98,7 +98,7 @@ class vauth { $sql = "UPDATE `session` SET `value`='$value', `expire`='$expire' WHERE `id`='$key'"; $db_results = Dba::query($sql); - debug_event('SESSION','Writing to ' . $key . ' with expire ' . $expire,'1'); + debug_event('SESSION','Writing to ' . $key . ' with expire ' . $expire . ' DBError:' . Dba::error(),'5'); return $db_results; @@ -116,6 +116,8 @@ class vauth { $sql = "DELETE FROM `session` WHERE `id`='$key'"; $db_results = Dba::query($sql); + debug_event('SESSION','Deleting Session with key:' . $key,'5'); + // Destory our cookie! setcookie(Config::get('session_name'),'',time() - 86400); @@ -141,7 +143,10 @@ class vauth { * This is called when you want to log out and nuke your session * //FIXME: move all logout logic here */ - public static function logout($key) { + public static function logout($key='') { + + // If no key is passed try to find the session id + $key = $key ? $key : session_id(); // Do a quick check to see if this is an AJAX'd logout request // if so use the iframe to redirect @@ -251,12 +256,12 @@ class vauth { case 'mysql': default: // Create our cookie! - self::create_cookie(); session_regenerate_id(); // Before refresh we don't have the cookie so we have to use session ID $key = session_id(); + self::create_cookie(); break; } // end switch on data type @@ -280,7 +285,7 @@ class vauth { return false; } - debug_event('SESSION','Session Created:' . $key,'1'); + debug_event('SESSION','Session Created:' . $key,'5'); return $key; @@ -470,26 +475,12 @@ class vauth { $password_check_sql = "PASSWORD('$password')"; - $sql = "SELECT `user`.`password`,`session`.`ip`,`user`.`id` FROM `user` " . - "LEFT JOIN `session` ON `session`.`username`=`user`.`username` " . - "WHERE `user`.`username`='$username'"; - $db_results = Dba::query($sql); - $row = Dba::fetch_assoc($db_results); - // If they don't have a password kick em ou - if (!$row['password']) { + if (!strlen($password)) { Error::add('general','Error Username or Password incorrect, please try again'); return false; } - if (Config::get('prevent_multiple_logins')) { - $client = new User($row['id']); - $ip = $client->is_logged_in(); - if ($current_ip != ip2int($_SERVER['REMOTE_ADDR'])) { - Error::add('general','User Already Logged in'); - return false; - } - } // if prevent_multiple_logins $sql = "SELECT version()"; $db_results = Dba::query($sql); @@ -500,7 +491,7 @@ class vauth { $password_check_sql = "OLD_PASSWORD('$password')"; } - $sql = "SELECT username FROM user WHERE username='$username' AND password=$password_check_sql"; + $sql = "SELECT `username`,`id` FROM `user` WHERE `username`='$username' AND `password`=$password_check_sql"; $db_results = Dba::query($sql); $results = Dba::fetch_assoc($db_results); @@ -510,6 +501,16 @@ class vauth { return false; } + if (Config::get('prevent_multiple_logins')) { + $client = new User($results['id']); + $current_ip = $client->is_logged_in(); + if ($current_ip != ip2int($_SERVER['REMOTE_ADDR'])) { + Error::add('general','User Already Logged in'); + return false; + } + } // if prevent_multiple_logins + + $results['type'] = 'mysql'; $results['success'] = true; diff --git a/lib/init.php b/lib/init.php index 669be5f4..c4ca7a6f 100644 --- a/lib/init.php +++ b/lib/init.php @@ -81,7 +81,7 @@ if (!count($results)) { } /** This is the version.... fluf nothing more... **/ -$results['version'] = '3.4-Alpha4 Build (005)'; +$results['version'] = '3.4-Beta1 Build (001)'; $results['int_config_version'] = '6'; $results['raw_web_path'] = $results['web_path']; diff --git a/lib/install.php b/lib/install.php index 3afd8aee..1c5a7317 100644 --- a/lib/install.php +++ b/lib/install.php @@ -157,7 +157,7 @@ function install_insert_db($username,$password,$hostname,$database) { $db_results = @mysql_query($sql,$dbh); $data = mysql_fetch_assoc($db_results,$dbh); - $mysql_version = substr(preg_replace("/(\d+)\.(\d+)\.(\d+).*/","$1$2$3",$version[0]),0,3); + $mysql_version = substr(preg_replace("/(\d+)\.(\d+)\.(\d+).*/","$1$2$3",$data[0]),0,3); $sql_file = ($mysql_version < '500') ? 'sql/ampache40.sql' : 'sql/ampache.sql'; |