From aad6e2a9c4857715c8bd56693d21b87dd0c16263 Mon Sep 17 00:00:00 2001 From: thomascube Date: Tue, 27 Mar 2007 09:34:30 +0000 Subject: New session authentication, should fix bugs #1483951 and #1484299; testing required --- index.php | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index eaecfdfc2..f365ef94d 100644 --- a/index.php +++ b/index.php @@ -2,7 +2,7 @@ /* +-----------------------------------------------------------------------+ | RoundCube Webmail IMAP Client | - | Version 0.1-20070301 | + | Version 0.1-20070327 | | | | Copyright (C) 2005-2007, RoundCube Dev. - Switzerland | | Licensed under the GNU GPL | @@ -40,7 +40,7 @@ */ -define('RCMAIL_VERSION', '0.1-20070301'); +define('RCMAIL_VERSION', '0.1-20070327'); // define global vars $CHARSET = 'UTF-8'; @@ -172,10 +172,17 @@ if ($_action=='login' && $_task=='mail') { show_message("cookiesdisabled", 'warning'); } - else if (isset($_POST['_user']) && isset($_POST['_pass']) && + else if ($_SESSION['temp'] && isset($_POST['_user']) && isset($_POST['_pass']) && rcmail_login(get_input_value('_user', RCUBE_INPUT_POST), get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'), $host)) { + // create new session ID + unset($_SESSION['temp']); + sess_regenerate_id(); + + // send auth cookie if necessary + rcmail_authenticate_session(); + // send redirect header("Location: $COMM_PATH"); exit; @@ -197,8 +204,7 @@ else if ($_action=='logout' && isset($_SESSION['user_id'])) // check session and auth cookie else if ($_action != 'login' && $_SESSION['user_id'] && $_action != 'send') { - if (!rcmail_authenticate_session() || - (!empty($CONFIG['session_lifetime']) && isset($SESS_CHANGED) && $SESS_CHANGED + $CONFIG['session_lifetime']*60 < mktime())) + if (!rcmail_authenticate_session()) { $message = show_message('sessionerror', 'error'); rcmail_kill_session(); -- cgit v1.2.3