diff options
| author | Ludovic Arnaud <ludovic_arnaud@users.sourceforge.net> | 2003-01-20 05:12:38 +0000 |
|---|---|---|
| committer | Ludovic Arnaud <ludovic_arnaud@users.sourceforge.net> | 2003-01-20 05:12:38 +0000 |
| commit | 458b9b50ec8d835b4c5f72823d4815a9cee6d706 (patch) | |
| tree | ab0ea84c5e34cb6b5fa61b736e89722a92395c16 /phpBB/includes/session.php | |
| parent | b2721cca0c82400efbf23abca1cbe260d4ea0eea (diff) | |
| download | forums-458b9b50ec8d835b4c5f72823d4815a9cee6d706.tar forums-458b9b50ec8d835b4c5f72823d4815a9cee6d706.tar.gz forums-458b9b50ec8d835b4c5f72823d4815a9cee6d706.tar.bz2 forums-458b9b50ec8d835b4c5f72823d4815a9cee6d706.tar.xz forums-458b9b50ec8d835b4c5f72823d4815a9cee6d706.zip | |
Un-b0rked ACL options caching, small general fixes
git-svn-id: file:///svn/phpbb/trunk@3338 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/session.php')
| -rw-r--r-- | phpBB/includes/session.php | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index d642b79bd0..b6390e122b 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -42,8 +42,7 @@ class session { $sessiondata = ( isset($_COOKIE[$config['cookie_name'] . '_data']) ) ? unserialize(stripslashes($_COOKIE[$config['cookie_name'] . '_data'])) : ''; $this->session_id = ( isset($_COOKIE[$config['cookie_name'] . '_sid']) ) ? $_COOKIE[$config['cookie_name'] . '_sid'] : ''; - $SID = (defined('IN_ADMIN')) ? '?sid=' . $this->session_id : '?sid='; -// $SID = (defined('ADD_SID')) ? '?sid=' . $this->session_id : '?sid='; + $SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid='; } else { @@ -79,7 +78,8 @@ class session } // session_id exists so go ahead and attempt to grab all data in preparation - if (!empty($this->session_id)) + // Added session check + if (!empty($this->session_id) && (!defined('NEED_SID') || $this->session_id == $_GET['sid'])) { $sql = "SELECT u.*, s.* FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u @@ -113,6 +113,14 @@ class session } } + // Session check failed, redirect the user to the index page + // TODO: we could delay it until we grab user's data and display a localised error message + if (defined('NEED_SID')) + { + // NOTE: disabled until we decide how to deal with this + //redirect("index.$phpEx$SID"); + } + // If we reach here then no (valid) session exists. So we'll create a new one, // using the cookie user_id if available to pull basic user prefs. $autologin = (isset($sessiondata['autologinid'])) ? $sessiondata['autologinid'] : ''; @@ -309,7 +317,7 @@ class session $db->sql_query($sql); } - $del_user_id .= (($del_user_id != '') ? ', ' : '') . ' \'' . $row['session_user_id'] . '\''; + $del_user_id .= (($del_user_id != '') ? ', ' : '') . " '" . $row['session_user_id'] . "'"; $del_sessions++; } @@ -440,12 +448,11 @@ class user extends session AND c.theme_id = s.style_id AND i.imageset_id = s.imageset_id"; - // Cache this query for 60 seconds - $result = $db->sql_query($sql, 60); + $result = $db->sql_query($sql); if (!($this->theme = $db->sql_fetchrow($result))) { - message_die(ERROR, 'Could not get style data'); + trigger_error('Could not get style data'); } $template->set_template($this->theme['template_path']); @@ -701,6 +708,7 @@ class auth $method = trim($config['auth_method']); + // NOTE: don't we need $phpbb_root_path here? if (file_exists('includes/auth/auth_' . $method . '.' . $phpEx)) { include_once('includes/auth/auth_' . $method . '.' . $phpEx); |