diff options
| author | Joas Schilling <nickvergessen@gmx.de> | 2014-10-28 12:56:47 +0100 |
|---|---|---|
| committer | Joas Schilling <nickvergessen@gmx.de> | 2014-10-28 12:56:47 +0100 |
| commit | 71c19f6eb7dd26224445fec6b75c7b0e9bf21509 (patch) | |
| tree | a7473b899920005d43f6dd7c67dd52839d44f4c7 | |
| parent | 679559ce180ec5210edb3a019e9ca862d7fddf4e (diff) | |
| parent | 9036edd935bef6e141c4d8b276f4a0dca01e6371 (diff) | |
| download | forums-71c19f6eb7dd26224445fec6b75c7b0e9bf21509.tar forums-71c19f6eb7dd26224445fec6b75c7b0e9bf21509.tar.gz forums-71c19f6eb7dd26224445fec6b75c7b0e9bf21509.tar.bz2 forums-71c19f6eb7dd26224445fec6b75c7b0e9bf21509.tar.xz forums-71c19f6eb7dd26224445fec6b75c7b0e9bf21509.zip | |
Merge pull request #3091 from Nicofuma/ticket/13234-2
Ticket/13234 2
| -rw-r--r-- | phpBB/phpbb/session.php | 65 |
1 files changed, 37 insertions, 28 deletions
diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index cf8ea1877e..477e91efd6 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -577,6 +577,43 @@ class session } } + $provider_collection = $phpbb_container->get('auth.provider_collection'); + $provider = $provider_collection->get_provider(); + $this->data = $provider->autologin(); + + if ($user_id !== false && sizeof($this->data) && $this->data['user_id'] != $user_id) + { + $this->data = array(); + } + + if (sizeof($this->data)) + { + $this->cookie_data['k'] = ''; + $this->cookie_data['u'] = $this->data['user_id']; + } + + // If we're presented with an autologin key we'll join against it. + // Else if we've been passed a user_id we'll grab data based on that + if (isset($this->cookie_data['k']) && $this->cookie_data['k'] && $this->cookie_data['u'] && !sizeof($this->data)) + { + $sql = 'SELECT u.* + FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k + WHERE u.user_id = ' . (int) $this->cookie_data['u'] . ' + AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ") + AND k.user_id = u.user_id + AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'"; + $result = $db->sql_query($sql); + $user_data = $db->sql_fetchrow($result); + + if ($user_id === false || (isset($user_data['user_id']) && $user_id == $user_data['user_id'])) + { + $this->data = $user_data; + $bot = false; + } + + $db->sql_freeresult($result); + } + if ($user_id !== false && !sizeof($this->data)) { $this->cookie_data['k'] = ''; @@ -591,34 +628,6 @@ class session $db->sql_freeresult($result); $bot = false; } - else if (!$bot) - { - $provider_collection = $phpbb_container->get('auth.provider_collection'); - $provider = $provider_collection->get_provider(); - $this->data = $provider->autologin(); - - if (sizeof($this->data)) - { - $this->cookie_data['k'] = ''; - $this->cookie_data['u'] = $this->data['user_id']; - } - - // If we're presented with an autologin key we'll join against it. - // Else if we've been passed a user_id we'll grab data based on that - if (isset($this->cookie_data['k']) && $this->cookie_data['k'] && $this->cookie_data['u'] && !sizeof($this->data)) - { - $sql = 'SELECT u.* - FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k - WHERE u.user_id = ' . (int) $this->cookie_data['u'] . ' - AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ") - AND k.user_id = u.user_id - AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'"; - $result = $db->sql_query($sql); - $this->data = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - $bot = false; - } - } // Bot user, if they have a SID in the Request URI we need to get rid of it // otherwise they'll index this page with the SID, duplicate content oh my! |