diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2005-07-05 01:01:31 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2005-07-05 01:01:31 +0000 |
| commit | 7146a6bc411881ff08443082c2e8e988508625f5 (patch) | |
| tree | e0d32e1663834bdeefeee996254a4b11206a7b69 /phpBB | |
| parent | fad1f39abedc9974238852b9d12a7ce1d90eb5c7 (diff) | |
| download | forums-7146a6bc411881ff08443082c2e8e988508625f5.tar forums-7146a6bc411881ff08443082c2e8e988508625f5.tar.gz forums-7146a6bc411881ff08443082c2e8e988508625f5.tar.bz2 forums-7146a6bc411881ff08443082c2e8e988508625f5.tar.xz forums-7146a6bc411881ff08443082c2e8e988508625f5.zip | |
Remove use of serialize for session cookie data, no need for it anymore ... at least I can't think of one.
git-svn-id: file:///svn/phpbb/trunk@5177 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/includes/session.php | 48 |
1 files changed, 14 insertions, 34 deletions
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index a913c07be2..8877456de0 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -54,7 +54,11 @@ class session $this->cookie_data = array(); if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_data'])) { - $this->cookie_data = (!empty($_COOKIE[$config['cookie_name'] . '_data'])) ? unserialize(stripslashes($_COOKIE[$config['cookie_name'] . '_data'])) : array(); + // Santise k? Is there a need? It's escaped for DB entry in relevant location + // and isn't used directly anywhere else (nor should it!) + $this->cookie_data['u'] = (!empty($_COOKIE[$config['cookie_name'] . '_u'])) ? (int) $_COOKIE[$config['cookie_name'] . '_u'] : 0; + $this->cookie_data['k'] = (!empty($_COOKIE[$config['cookie_name'] . '_k'])) ? (string) $_COOKIE[$config['cookie_name'] . '_k'] : ''; + $this->session_id = request_var($config['cookie_name'] . '_sid', ''); $SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid='; } @@ -342,7 +346,10 @@ class session $SID = '?sid='; if (!$bot) { - $this->set_cookie('data', serialize($this->cookie_data), $this->time_now + 31536000); + $cookie_expire = ($config['max_autologin_time']) ? 86400 * (int) $config['max_autologin_time'] : 31536000; + + $this->set_cookie('u', $this->cookie_data['u'], $this->time_now + $cookie_expire); + $this->set_cookie('k', $this->cookie_data['k'], $this->time_now + $cookie_expire); $this->set_cookie('sid', $this->session_id, 0); $SID = '?sid=' . $this->session_id; @@ -352,6 +359,7 @@ class session // global $evt; // $evt->trigger(EVT_NEW_SESSION, $this->data); } + unset($cookie_expire); } return true; @@ -394,7 +402,8 @@ class session $db->sql_freeresult($result); } - $this->set_cookie('data', '', $this->time_now - 31536000); + $this->set_cookie('u', '', $this->time_now - 31536000); + $this->set_cookie('k', '', $this->time_now - 31536000); $this->set_cookie('sid', '', $this->time_now - 31536000); $SID = '?sid='; @@ -658,6 +667,7 @@ class session } } + /** * Base user class * @@ -1084,18 +1094,6 @@ class user extends session } - - - - - - - - - - - - class auth { var $founder = false; @@ -1423,25 +1421,7 @@ class auth return; } - - - - - - - - - - - - - - - - - - - + // @todo replace this with a new system // Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him. function login($username, $password, $autologin = false, $viewonline = 1, $admin = 0) { |