[geeklog-cvs] Geeklog-1.x/system lib-security.php,1.71,1.72
Michael Jervis
mjervis at qs1489.pair.com
Sun Jun 29 15:02:52 EDT 2008
Update of /cvsroot/geeklog/Geeklog-1.x/system
In directory qs1489.pair.com:/tmp/cvs-serv11138/system
Modified Files:
lib-security.php
Log Message:
MSSQL issues resolved in calendar plugin and in CSRF tokens.
Index: lib-security.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/system/lib-security.php,v
retrieving revision 1.71
retrieving revision 1.72
diff -C2 -d -r1.71 -r1.72
*** lib-security.php 20 Jun 2008 14:32:51 -0000 1.71
--- lib-security.php 29 Jun 2008 19:02:50 -0000 1.72
***************
*** 1079,1083 ****
function SEC_createToken($ttl = 1200)
{
! global $_USER, $_TABLES;
static $last_token;
--- 1079,1083 ----
function SEC_createToken($ttl = 1200)
{
! global $_USER, $_TABLES, $_DB_dbms;
static $last_token;
***************
*** 1095,1101 ****
/* Destroy exired tokens: */
! /* Note: TTL not yet implemented! So commented out */
! $sql = "DELETE FROM {$_TABLES['tokens']} WHERE (DATE_ADD(created, INTERVAL ttl SECOND) < NOW())"
. " AND (ttl > 0)";
DB_Query($sql);
--- 1095,1105 ----
/* Destroy exired tokens: */
! if($_DB_dbms == 'mssql') {
! $sql = "DELETE FROM {$_TABLES['tokens']} WHERE (DATEADD(ss, ttl, created) < NOW())"
. " AND (ttl > 0)";
+ } else {
+ $sql = "DELETE FROM {$_TABLES['tokens']} WHERE (DATE_ADD(created, INTERVAL ttl SECOND) < NOW())"
+ . " AND (ttl > 0)";
+ }
DB_Query($sql);
***************
*** 1126,1130 ****
function SEC_checkToken()
{
! global $_USER, $_TABLES;
$token = ''; // Default to no token.
--- 1130,1134 ----
function SEC_checkToken()
{
! global $_USER, $_TABLES, $_DB_dbms;
$token = ''; // Default to no token.
***************
*** 1138,1143 ****
if(trim($token) != '') {
! $sql = "SELECT ((DATE_ADD(created, INTERVAL ttl SECOND) < NOW()) AND ttl > 0) as expired, owner_id, urlfor FROM "
. "{$_TABLES['tokens']} WHERE token='$token'";
$tokens = DB_Query($sql);
$numberOfTokens = DB_numRows($tokens);
--- 1142,1157 ----
if(trim($token) != '') {
! if($_DB_dbms != 'mssql') {
! $sql = "SELECT ((DATE_ADD(created, INTERVAL ttl SECOND) < NOW()) AND ttl > 0) as expired, owner_id, urlfor FROM "
. "{$_TABLES['tokens']} WHERE token='$token'";
+ } else {
+ $sql = "SELECT owner_id, urlfor, expired =
+ CASE
+ WHEN (DATEADD(s,ttl,created) < getUTCDate()) AND (ttl>0) THEN 1
+
+ ELSE 0
+ END
+ FROM gl_tokens WHERE token='$token'";
+ }
$tokens = DB_Query($sql);
$numberOfTokens = DB_numRows($tokens);
More information about the geeklog-cvs
mailing list