diff options
| author | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-07-26 05:46:37 +0000 |
|---|---|---|
| committer | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-07-26 05:46:37 +0000 |
| commit | 903d06d41cab5df5798eb332cca2ee751484a47f (patch) | |
| tree | bae341a45ed8410d1ad6baf81e7769b25030b2e3 /modules | |
| parent | c46c138146831ca85a3194439de149094ad53dd5 (diff) | |
| download | ampache-903d06d41cab5df5798eb332cca2ee751484a47f.tar.gz ampache-903d06d41cab5df5798eb332cca2ee751484a47f.tar.bz2 ampache-903d06d41cab5df5798eb332cca2ee751484a47f.zip | |
synced over Vlets prevent_multiple_login patch and improved error reporting a bit moving to use of the Error class
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/vauth/auth.lib.php | 28 | ||||
| -rw-r--r-- | modules/vauth/session.lib.php | 5 |
2 files changed, 25 insertions, 8 deletions
diff --git a/modules/vauth/auth.lib.php b/modules/vauth/auth.lib.php index 5440bdb2..ac9efa60 100644 --- a/modules/vauth/auth.lib.php +++ b/modules/vauth/auth.lib.php @@ -65,16 +65,33 @@ function vauth_mysql_auth($username,$password) { $password_check_sql = "PASSWORD('$password')"; - $sql = "SELECT `password` FROM `user` WHERE `username`='$username'"; + $sql = "SELECT `user`.`password`,`session`,`ip`,`user`,`id` FROM `user` " . + "LEFT JOIN `session` ON `session`.`username`=`user`.`username` " . + "WHERE `user`.`username`='$username'"; $db_results = Dba::query($sql); - $row = Dba::fetch_row($db_results); + $row = Dba::fetch_assoc($db_results); + + // If they don't have a password kick em ou + if (!$row['password']) { + Error::add('general','Error Username or Password incorrect, please try again'); + return false; + } + + if (Config::get('prevent_multiple_logins')) { + $client = new User($row['id']); + $ip = $client->is_logged_in(); + if ($current_ip != ip2int($_SERVER['REMOTE_ADDR'])) { + Error::add('general','User Already Logged in'; + return false; + } + $sql = "SELECT version()"; $db_results = Dba::query($sql); $version = Dba::fetch_row($db_results); $mysql_version = substr(preg_replace("/(\d+)\.(\d+)\.(\d+).*/","$1$2$3",$version[0]),0,3); - if ($mysql_version > "409" AND substr($row[0],0,1) !== "*") { + if ($mysql_version > "409" AND substr($row['password'],0,1) !== "*") { $password_check_sql = "OLD_PASSWORD('$password')"; } @@ -84,9 +101,8 @@ function vauth_mysql_auth($username,$password) { $results = Dba::fetch_assoc($db_results); if (!$results) { - $results['success'] = false; - $results['error'] = 'Error Username or Password incorrect, please try again'; - return $results; + Error::add('general','Error Username or Password incorrect, please try again'); + return false; } $results['type'] = 'mysql'; diff --git a/modules/vauth/session.lib.php b/modules/vauth/session.lib.php index 03b9b66f..0d554c60 100644 --- a/modules/vauth/session.lib.php +++ b/modules/vauth/session.lib.php @@ -204,6 +204,7 @@ function vauth_session_create($data) { $key = session_id(); $username = Dba::escape($data['username']); + $ip = Dba::escape(ip2int($_SERVER['REMOTE_ADDR'])); $type = Dba::escape($data['type']); $value = Dba::escape($data['value']); $expire = Dba::escape(time() + vauth_conf('session_length')); @@ -212,8 +213,8 @@ function vauth_session_create($data) { if (!strlen($value)) { $value = ' '; } /* Insert the row */ - $sql = "INSERT INTO session (`id`,`username`,`type`,`value`,`expire`) " . - " VALUES ('$key','$username','$type','$value','$expire')"; + $sql = "INSERT INTO session (`id`,`username`,`ip`,`type`,`value`,`expire`) " . + " VALUES ('$key','$username','$ip','$type','$value','$expire')"; $db_results = Dba::query($sql); if (!$db_results) { |