[geeklog-cvs] geeklog: Fixed problem with OAuth and OpenID accounts logging ou...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Tue Apr 26 11:50:41 EDT 2011
changeset 8255:5a57074dcd8c
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/5a57074dcd8c
user: Tom <websitemaster at cogeco.net>
date: Tue Apr 26 11:49:48 2011 -0400
description:
Fixed problem with OAuth and OpenID accounts logging out after 2 minutes of inactivity (Bug# 1334)
diffstat:
public_html/users.php | 2 +-
system/classes/oauthhelper.class.php | 3 +++
system/classes/openidhelper.class.php | 4 +++-
system/lib-sessions.php | 4 ----
system/lib-user.php | 31 +++++++++++++++++++++++++------
5 files changed, 32 insertions(+), 12 deletions(-)
diffs (103 lines):
diff -r fbb51388aaec -r 5a57074dcd8c public_html/users.php
--- a/public_html/users.php Mon Apr 25 19:12:00 2011 +0200
+++ b/public_html/users.php Tue Apr 26 11:49:48 2011 -0400
@@ -971,7 +971,7 @@
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'],
time() + $cooktime);
SEC_setCookie($_CONF['cookie_password'],
- SEC_encryptPassword($passwd), time() + $cooktime);
+ $_USER['passwd'], time() + $cooktime);
}
} else {
$userid = $_COOKIE[$_CONF['cookie_name']];
diff -r fbb51388aaec -r 5a57074dcd8c system/classes/oauthhelper.class.php
--- a/system/classes/oauthhelper.class.php Mon Apr 25 19:12:00 2011 +0200
+++ b/system/classes/oauthhelper.class.php Tue Apr 26 11:49:48 2011 -0400
@@ -249,6 +249,9 @@
$users = $this->_getCreateUserInfo($info);
$userinfo = $this->_getUpdateUserInfo($info);
+ $passwords = USER_createPassword();
+ $users['passwd2'] = $passwords['encrypted'];
+
$sql = "SELECT uid,status FROM {$_TABLES['users']} WHERE remoteusername = '{$users['remoteusername']}' AND remoteservice = '{$users['remoteservice']}'";
// COM_errorLog("sql={$sql}");
$result = DB_query($sql);
diff -r fbb51388aaec -r 5a57074dcd8c system/classes/openidhelper.class.php
--- a/system/classes/openidhelper.class.php Mon Apr 25 19:12:00 2011 +0200
+++ b/system/classes/openidhelper.class.php Tue Apr 26 11:49:48 2011 -0400
@@ -113,8 +113,10 @@
if (isset($this->query['openid_sreg_fullname'])) {
$openid_sreg_fullname = $this->query['openid_sreg_fullname'];
}
+
+ $passwords = USER_createPassword();
- USER_createAccount($openid_nickname, $openid_sreg_email, '',
+ USER_createAccount($openid_nickname, $openid_sreg_email, $passwords['encrypted'],
$openid_sreg_fullname, '', $this->query['openid_identity'],
'openid');
$uid = DB_getItem($_TABLES['users'], 'uid', "remoteusername = '$openid_identity' AND remoteservice = 'openid'");
diff -r fbb51388aaec -r 5a57074dcd8c system/lib-sessions.php
--- a/system/lib-sessions.php Mon Apr 25 19:12:00 2011 +0200
+++ b/system/lib-sessions.php Tue Apr 26 11:49:48 2011 -0400
@@ -499,10 +499,6 @@
return $userdata;
}
- if (isset($myrow['passwd'])) {
- unset($myrow['passwd']);
- }
-
return $myrow;
}
diff -r fbb51388aaec -r 5a57074dcd8c system/lib-user.php
--- a/system/lib-user.php Mon Apr 25 19:12:00 2011 +0200
+++ b/system/lib-user.php Tue Apr 26 11:49:48 2011 -0400
@@ -129,6 +129,28 @@
}
/**
+* Create a new password and set in DB if User Id supplied
+*
+* @param int $uid id of the user
+* @return array ['normal'] = human readable password, ['encrypted'] = encrypted password
+*
+*/
+function USER_createPassword ($uid = 0)
+{
+ global $_TABLES;
+
+ $passwd['normal'] = rand ();
+ $passwd['normal'] = md5 ($passwd['normal']);
+ $passwd['normal'] = substr ($passwd['normal'], 1, 8);
+ $passwd['encrypted'] = SEC_encryptPassword($passwd['normal']);
+ if ($uid > 1) {
+ DB_change ($_TABLES['users'], 'passwd', $passwd['encrypted'], 'uid', $uid);
+ }
+
+ return $passwd;
+}
+
+/**
* Create a new password and send it to the user
*
* @param string $username user's login name
@@ -138,13 +160,10 @@
*/
function USER_createAndSendPassword ($username, $useremail, $uid)
{
- global $_CONF, $_TABLES, $LANG04;
+ global $_CONF, $LANG04;
- $passwd = rand ();
- $passwd = md5 ($passwd);
- $passwd = substr ($passwd, 1, 8);
- $passwd2 = SEC_encryptPassword($passwd);
- DB_change ($_TABLES['users'], 'passwd', "$passwd2", 'uid', $uid);
+ $passwords = USER_createPassword($uid);
+ $passwd = $passwords['normal'];
if (file_exists ($_CONF['path_data'] . 'welcome_email.txt')) {
$template = COM_newTemplate($_CONF['path_data']);
More information about the geeklog-cvs
mailing list