[geeklog-cvs] geeklog: Fixed problem with OAuth and OpenID accounts logging ou...

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Tue Apr 26 11:50:41 EDT 2011 

changeset 8255:5a57074dcd8c
url:  http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/5a57074dcd8c
user: Tom <websitemaster at cogeco.net>
date: Tue Apr 26 11:49:48 2011 -0400
description:
Fixed problem with OAuth and OpenID accounts logging out after 2 minutes of inactivity (Bug# 1334)

diffstat:

 public_html/users.php                 |   2 +-
 system/classes/oauthhelper.class.php  |   3 +++
 system/classes/openidhelper.class.php |   4 +++-
 system/lib-sessions.php               |   4 ----
 system/lib-user.php                   |  31 +++++++++++++++++++++++++------
 5 files changed, 32 insertions(+), 12 deletions(-)

diffs (103 lines):

diff -r fbb51388aaec -r 5a57074dcd8c public_html/users.php
--- a/public_html/users.php	Mon Apr 25 19:12:00 2011 +0200
+++ b/public_html/users.php	Tue Apr 26 11:49:48 2011 -0400
@@ -971,7 +971,7 @@
                 SEC_setCookie($_CONF['cookie_name'], $_USER['uid'],
                               time() + $cooktime);
                 SEC_setCookie($_CONF['cookie_password'],
-                              SEC_encryptPassword($passwd), time() + $cooktime);
+                              $_USER['passwd'], time() + $cooktime);
             }
         } else {
             $userid = $_COOKIE[$_CONF['cookie_name']];
diff -r fbb51388aaec -r 5a57074dcd8c system/classes/oauthhelper.class.php
--- a/system/classes/oauthhelper.class.php	Mon Apr 25 19:12:00 2011 +0200
+++ b/system/classes/oauthhelper.class.php	Tue Apr 26 11:49:48 2011 -0400
@@ -249,6 +249,9 @@
         $users = $this->_getCreateUserInfo($info);
         $userinfo = $this->_getUpdateUserInfo($info);
         
+        $passwords = USER_createPassword();
+        $users['passwd2'] = $passwords['encrypted'];
+        
         $sql = "SELECT uid,status FROM {$_TABLES['users']} WHERE remoteusername = '{$users['remoteusername']}' AND remoteservice = '{$users['remoteservice']}'";
         // COM_errorLog("sql={$sql}");
         $result = DB_query($sql);
diff -r fbb51388aaec -r 5a57074dcd8c system/classes/openidhelper.class.php
--- a/system/classes/openidhelper.class.php	Mon Apr 25 19:12:00 2011 +0200
+++ b/system/classes/openidhelper.class.php	Tue Apr 26 11:49:48 2011 -0400
@@ -113,8 +113,10 @@
             if (isset($this->query['openid_sreg_fullname'])) {
                 $openid_sreg_fullname = $this->query['openid_sreg_fullname'];
             }
+            
+            $passwords = USER_createPassword();
 
-            USER_createAccount($openid_nickname, $openid_sreg_email, '',
+            USER_createAccount($openid_nickname, $openid_sreg_email, $passwords['encrypted'],
                     $openid_sreg_fullname, '', $this->query['openid_identity'],
                     'openid');
             $uid = DB_getItem($_TABLES['users'], 'uid', "remoteusername = '$openid_identity' AND remoteservice = 'openid'");
diff -r fbb51388aaec -r 5a57074dcd8c system/lib-sessions.php
--- a/system/lib-sessions.php	Mon Apr 25 19:12:00 2011 +0200
+++ b/system/lib-sessions.php	Tue Apr 26 11:49:48 2011 -0400
@@ -499,10 +499,6 @@
         return $userdata;
     }
 
-    if (isset($myrow['passwd'])) {
-        unset($myrow['passwd']);
-    }
-
     return $myrow;
 }
 
diff -r fbb51388aaec -r 5a57074dcd8c system/lib-user.php
--- a/system/lib-user.php	Mon Apr 25 19:12:00 2011 +0200
+++ b/system/lib-user.php	Tue Apr 26 11:49:48 2011 -0400
@@ -129,6 +129,28 @@
 }
 
 /**
+* Create a new password and set in DB if User Id supplied
+*
+* @param    int      $uid   id of the user
+* @return   array    ['normal'] = human readable password, ['encrypted'] = encrypted password
+*
+*/
+function USER_createPassword ($uid = 0)
+{
+    global $_TABLES;
+
+    $passwd['normal'] = rand ();
+    $passwd['normal'] = md5 ($passwd['normal']);
+    $passwd['normal'] = substr ($passwd['normal'], 1, 8);
+    $passwd['encrypted'] = SEC_encryptPassword($passwd['normal']);
+    if ($uid > 1) { 
+        DB_change ($_TABLES['users'], 'passwd', $passwd['encrypted'], 'uid', $uid);
+    }
+    
+    return $passwd;
+}
+
+/**
 * Create a new password and send it to the user
 *
 * @param    string  $username   user's login name
@@ -138,13 +160,10 @@
 */
 function USER_createAndSendPassword ($username, $useremail, $uid)
 {
-    global $_CONF, $_TABLES, $LANG04;
+    global $_CONF, $LANG04;
 
-    $passwd = rand ();
-    $passwd = md5 ($passwd);
-    $passwd = substr ($passwd, 1, 8);
-    $passwd2 = SEC_encryptPassword($passwd);
-    DB_change ($_TABLES['users'], 'passwd', "$passwd2", 'uid', $uid);
+    $passwords = USER_createPassword($uid);
+    $passwd = $passwords['normal'];
 
     if (file_exists ($_CONF['path_data'] . 'welcome_email.txt')) {
         $template = COM_newTemplate($_CONF['path_data']);

More information about the geeklog-cvs mailing list