mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-02-24 12:03:21 +01:00
Code Issues Releases Wiki Activity

[ticket/13234] Never allow autologin/remember me to modify the userid

Browse Source 
This prevents admin relogin with forced user id from overwriting
remember me cookies

PHPBB3-13234
This commit is contained in:
Nils Adermann 2014-10-27 19:55:56 -07:00
parent d51c1707e3
commit 64d97d0787
1 changed files with 40 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
phpBB/includes/session.php
View File

@ -553,6 +553,45 @@ class session
$method = basename(trim($config['auth_method']));
include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
$method = 'autologin_' . $method;
if (function_exists($method))
{
$user_data = $method();
if ($user_id === false || (isset($user_data['user_id']) && $user_id = $user_data['user_id']))
{
$this->data = $user_data;
}
if (sizeof($this->data))
{
$this->cookie_data['k'] = '';
$this->cookie_data['u'] = $this->data['user_id'];
}
}
// If we're presented with an autologin key we'll join against it.
// Else if we've been passed a user_id we'll grab data based on that
if (isset($this->cookie_data['k']) && $this->cookie_data['k'] && $this->cookie_data['u'] && !sizeof($this->data))
{
$sql = 'SELECT u.*
FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k
WHERE u.user_id = ' . (int) $this->cookie_data['u'] . '
AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ")
AND k.user_id = u.user_id
AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'";
$result = $db->sql_query($sql);
$user_data = $db->sql_fetchrow($result);
if ($user_id === false || (isset($user_data['user_id']) && $user_id = $user_data['user_id']))
{
$this->data = $user_data;
$bot = false;
}
$db->sql_freeresult($result);
}
if ($user_id !== false && !sizeof($this->data))
{
$this->cookie_data['k'] = '';
@ -567,36 +606,6 @@ class session
$db->sql_freeresult($result);
$bot = false;
}
else if (!$bot)
{
$method = 'autologin_' . $method;
if (function_exists($method))
{
$this->data = $method();
if (sizeof($this->data))
{
$this->cookie_data['k'] = '';
$this->cookie_data['u'] = $this->data['user_id'];
}
}
// If we're presented with an autologin key we'll join against it.
// Else if we've been passed a user_id we'll grab data based on that
if (isset($this->cookie_data['k']) && $this->cookie_data['k'] && $this->cookie_data['u'] && !sizeof($this->data))
{
$sql = 'SELECT u.*
FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k
WHERE u.user_id = ' . (int) $this->cookie_data['u'] . '
AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ")
AND k.user_id = u.user_id
AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'";
$result = $db->sql_query($sql);
$this->data = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$bot = false;
}
}
// Bot user, if they have a SID in the Request URI we need to get rid of it
// otherwise they'll index this page with the SID, duplicate content oh my!