diff options
| author | thomascube <thomas@roundcube.net> | 2007-03-27 09:34:30 +0000 |
|---|---|---|
| committer | thomascube <thomas@roundcube.net> | 2007-03-27 09:34:30 +0000 |
| commit | aad6e2a9c4857715c8bd56693d21b87dd0c16263 (patch) | |
| tree | d2c47b6bc708fb7770ffaf9978e42cc5268141f1 /index.php | |
| parent | 6d09984ea83861adb225a985b924eecb948702df (diff) | |
New session authentication, should fix bugs #1483951 and #1484299; testing required
Diffstat (limited to 'index.php')
| -rw-r--r-- | index.php | 16 |
1 files changed, 11 insertions, 5 deletions
@@ -2,7 +2,7 @@ /* +-----------------------------------------------------------------------+ | RoundCube Webmail IMAP Client | - | Version 0.1-20070301 | + | Version 0.1-20070327 | | | | Copyright (C) 2005-2007, RoundCube Dev. - Switzerland | | Licensed under the GNU GPL | @@ -40,7 +40,7 @@ */ -define('RCMAIL_VERSION', '0.1-20070301'); +define('RCMAIL_VERSION', '0.1-20070327'); // define global vars $CHARSET = 'UTF-8'; @@ -172,10 +172,17 @@ if ($_action=='login' && $_task=='mail') { show_message("cookiesdisabled", 'warning'); } - else if (isset($_POST['_user']) && isset($_POST['_pass']) && + else if ($_SESSION['temp'] && isset($_POST['_user']) && isset($_POST['_pass']) && rcmail_login(get_input_value('_user', RCUBE_INPUT_POST), get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'), $host)) { + // create new session ID + unset($_SESSION['temp']); + sess_regenerate_id(); + + // send auth cookie if necessary + rcmail_authenticate_session(); + // send redirect header("Location: $COMM_PATH"); exit; @@ -197,8 +204,7 @@ else if ($_action=='logout' && isset($_SESSION['user_id'])) // check session and auth cookie else if ($_action != 'login' && $_SESSION['user_id'] && $_action != 'send') { - if (!rcmail_authenticate_session() || - (!empty($CONFIG['session_lifetime']) && isset($SESS_CHANGED) && $SESS_CHANGED + $CONFIG['session_lifetime']*60 < mktime())) + if (!rcmail_authenticate_session()) { $message = show_message('sessionerror', 'error'); rcmail_kill_session(); |