mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-23 19:51:26 +02:00
Code Issues Releases Wiki Activity

Merge branch 'develop-olympus' into develop-ascraeus

Browse Source 
* develop-olympus:
  [ticket/13138] Do not use cookie data and autologin while forcing a user_id

Conflicts:
	phpBB/phpbb/session.php
This commit is contained in:
Nils Adermann
2014-10-20 14:53:38 -04:00
parent 57a575b5f0 d4faeb064b
commit 99f63f39eb
1 changed files with 29 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
phpBB/phpbb/session.php
View File

@ -577,32 +577,7 @@ class session
} }
} }
$provider_collection = $phpbb_container->get('auth.provider_collection'); if ($user_id !== false && !sizeof($this->data))
$provider = $provider_collection->get_provider();
$this->data = $provider->autologin();
if (sizeof($this->data))
{
$this->cookie_data['k'] = '';
$this->cookie_data['u'] = $this->data['user_id'];
}
// If we're presented with an autologin key we'll join against it.
// Else if we've been passed a user_id we'll grab data based on that
if (isset($this->cookie_data['k']) && $this->cookie_data['k'] && $this->cookie_data['u'] && !sizeof($this->data))
{
$sql = 'SELECT u.*
FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k
WHERE u.user_id = ' . (int) $this->cookie_data['u'] . '
AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ")
AND k.user_id = u.user_id
AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'";
$result = $db->sql_query($sql);
$this->data = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$bot = false;
}
else if ($user_id !== false && !sizeof($this->data))
{ {
$this->cookie_data['k'] = ''; $this->cookie_data['k'] = '';
$this->cookie_data['u'] = $user_id; $this->cookie_data['u'] = $user_id;
@ -616,6 +591,34 @@ class session
$db->sql_freeresult($result); $db->sql_freeresult($result);
$bot = false; $bot = false;
} }
else if (!$bot)
{
$provider_collection = $phpbb_container->get('auth.provider_collection');
$provider = $provider_collection->get_provider();
$this->data = $provider->autologin();
if (sizeof($this->data))
{
$this->cookie_data['k'] = '';
$this->cookie_data['u'] = $this->data['user_id'];
}
// If we're presented with an autologin key we'll join against it.
// Else if we've been passed a user_id we'll grab data based on that
if (isset($this->cookie_data['k']) && $this->cookie_data['k'] && $this->cookie_data['u'] && !sizeof($this->data))
{
$sql = 'SELECT u.*
FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k
WHERE u.user_id = ' . (int) $this->cookie_data['u'] . '
AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ")
AND k.user_id = u.user_id
AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'";
$result = $db->sql_query($sql);
$this->data = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$bot = false;
}
}
// Bot user, if they have a SID in the Request URI we need to get rid of it // Bot user, if they have a SID in the Request URI we need to get rid of it
// otherwise they'll index this page with the SID, duplicate content oh my! // otherwise they'll index this page with the SID, duplicate content oh my!