[geeklog-cvs] Geeklog-1.x/system lib-security.php,1.71,1.72

[Michael Jervis]

Update of /cvsroot/geeklog/Geeklog-1.x/system
In directory qs1489.pair.com:/tmp/cvs-serv11138/system

Modified Files:
	lib-security.php 
Log Message:
MSSQL issues resolved in calendar plugin and in CSRF tokens.

Index: lib-security.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/system/lib-security.php,v
retrieving revision 1.71
retrieving revision 1.72
diff -C2 -d -r1.71 -r1.72
*** lib-security.php	20 Jun 2008 14:32:51 -0000	1.71
--- lib-security.php	29 Jun 2008 19:02:50 -0000	1.72
***************
*** 1079,1083 ****
  function SEC_createToken($ttl = 1200)
  {
!     global $_USER, $_TABLES;
  
      static $last_token;
--- 1079,1083 ----
  function SEC_createToken($ttl = 1200)
  {
!     global $_USER, $_TABLES, $_DB_dbms;
  
      static $last_token;
***************
*** 1095,1101 ****
      
      /* Destroy exired tokens: */
!     /* Note: TTL not yet implemented! So commented out */
!     $sql = "DELETE FROM {$_TABLES['tokens']} WHERE (DATE_ADD(created, INTERVAL ttl SECOND) < NOW())"
             . " AND (ttl > 0)";
      DB_Query($sql);
      
--- 1095,1105 ----
      
      /* Destroy exired tokens: */
!     if($_DB_dbms == 'mssql') {
!         $sql = "DELETE FROM {$_TABLES['tokens']} WHERE (DATEADD(ss, ttl, created) < NOW())"
             . " AND (ttl > 0)";
+     } else {
+         $sql = "DELETE FROM {$_TABLES['tokens']} WHERE (DATE_ADD(created, INTERVAL ttl SECOND) < NOW())"
+            . " AND (ttl > 0)";
+     }
      DB_Query($sql);
      
***************
*** 1126,1130 ****
  function SEC_checkToken()
  {
!     global $_USER, $_TABLES;
      
      $token = ''; // Default to no token.
--- 1130,1134 ----
  function SEC_checkToken()
  {
!     global $_USER, $_TABLES, $_DB_dbms;
      
      $token = ''; // Default to no token.
***************
*** 1138,1143 ****
      
      if(trim($token) != '') {
!         $sql = "SELECT ((DATE_ADD(created, INTERVAL ttl SECOND) < NOW()) AND ttl > 0) as expired, owner_id, urlfor FROM "
                 . "{$_TABLES['tokens']} WHERE token='$token'";
          $tokens = DB_Query($sql);
          $numberOfTokens = DB_numRows($tokens);
--- 1142,1157 ----
      
      if(trim($token) != '') {
!         if($_DB_dbms != 'mssql') {
!             $sql = "SELECT ((DATE_ADD(created, INTERVAL ttl SECOND) < NOW()) AND ttl > 0) as expired, owner_id, urlfor FROM "
                 . "{$_TABLES['tokens']} WHERE token='$token'";
+         } else {
+             $sql = "SELECT owner_id, urlfor, expired = 
+                       CASE 
+                          WHEN (DATEADD(s,ttl,created) < getUTCDate()) AND (ttl>0) THEN 1
+                 
+                          ELSE 0
+                       END
+                     FROM gl_tokens WHERE token='$token'";
+         }
          $tokens = DB_Query($sql);
          $numberOfTokens = DB_numRows($tokens);