[geeklog-cvs] geeklog: Added additional debug logging. Changed how numrows che...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Tue Apr 3 10:38:16 EDT 2012
changeset 8566:3f5deff79cf9
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/3f5deff79cf9
user: Tom <websitemaster at cogeco.net>
date: Tue Apr 03 10:36:54 2012 -0400
description:
Added additional debug logging. Changed how numrows checked in SESS_getUserIdFromSession
diffstat:
system/lib-sessions.php | 48 +++++++++++++++++++++++++++++++++++++++++++-----
1 files changed, 43 insertions(+), 5 deletions(-)
diffs (131 lines):
diff -r d01abcb43308 -r 3f5deff79cf9 system/lib-sessions.php
--- a/system/lib-sessions.php Wed Mar 28 15:55:00 2012 -0400
+++ b/system/lib-sessions.php Tue Apr 03 10:36:54 2012 -0400
@@ -130,6 +130,10 @@
if (empty ($userid) || ($userid == 'deleted')) {
unset ($userid);
} else {
+ if ($_SESS_VERBOSE) {
+ COM_errorLog("Got $userid as User ID from the permanent cookie",1);
+ }
+
$userid = COM_applyFilter ($userid, true);
$cookie_password = '';
$userpass = '';
@@ -140,6 +144,10 @@
"uid = $userid");
}
if (empty($cookie_password) || ($cookie_password <> $userpass)) {
+ if ($_SESS_VERBOSE) {
+ COM_errorLog("Password comparison failed or cookie password missing",1);
+ }
+
// Invalid or manipulated cookie data
SEC_setCookie($_CONF['cookie_session'], '',
time() - 10000);
@@ -154,12 +162,18 @@
}
COM_updateSpeedlimit('login');
} else if ($userid > 1) {
+ if ($_SESS_VERBOSE) {
+ COM_errorLog("Password comparison passed",1);
+ }
// Check user status
$status = SEC_checkUserStatus ($userid);
if (($status == USER_ACCOUNT_ACTIVE) ||
($status == USER_ACCOUNT_AWAITING_ACTIVATION)) {
$user_logged_in = 1;
+ if ($_SESS_VERBOSE) {
+ COM_errorLog("Create new session and write cookie",1);
+ }
$sessid = SESS_newSession($userid, $_SERVER['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']);
SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
$userdata = SESS_getUserDataFromId($userid);
@@ -169,6 +183,10 @@
}
}
} else {
+ if ($_SESS_VERBOSE) {
+ COM_errorLog('perm cookie not found from lib-sessions.php',1);
+ }
+
// Anonymous user has session id but it has been expired and wiped from the db so reset
$userid = 1;
$sessid = SESS_newSession($userid, $_SERVER['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']);
@@ -192,6 +210,10 @@
if (empty ($userid) || ($userid == 'deleted')) {
unset ($userid);
} else {
+ if ($_SESS_VERBOSE) {
+ COM_errorLog("Got $userid as User ID from the permanent cookie",1);
+ }
+
$userid = COM_applyFilter ($userid, true);
$cookie_password = '';
$userpass = '';
@@ -201,6 +223,10 @@
$cookie_password = $_COOKIE[$_CONF['cookie_password']];
}
if (empty($cookie_password) || ($cookie_password <> $userpass)) {
+ if ($_SESS_VERBOSE) {
+ COM_errorLog("Password comparison failed or cookie password missing",1);
+ }
+
// Invalid or manipulated cookie data
SEC_setCookie($_CONF['cookie_session'], '', time() - 10000);
SEC_setCookie($_CONF['cookie_password'], '', time() - 10000);
@@ -213,12 +239,19 @@
}
COM_updateSpeedlimit('login');
} else if ($userid > 1) {
+ if ($_SESS_VERBOSE) {
+ COM_errorLog("Password comparison passed",1);
+ }
+
// Check user status
$status = SEC_checkUserStatus($userid);
if (($status == USER_ACCOUNT_ACTIVE) ||
($status == USER_ACCOUNT_AWAITING_ACTIVATION)) {
$user_logged_in = 1;
+ if ($_SESS_VERBOSE) {
+ COM_errorLog("Create new session and write cookie",1);
+ }
// Create new session and write cookie
$sessid = SESS_newSession($userid, $_SERVER['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']);
SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
@@ -229,6 +262,10 @@
}
}
} else {
+ if ($_SESS_VERBOSE) {
+ COM_errorLog('perm cookie not found from lib-sessions.php',1);
+ }
+
// New Anonymous user so create new session and write cookie
$userid = 1;
$sessid = SESS_newSession($userid, $_SERVER['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']);
@@ -405,16 +442,17 @@
}
$result = DB_query($sql);
- $row = DB_fetchArray($result);
-
+ $numrows = DB_numRows($result);
+
if ($_SESS_VERBOSE) {
COM_errorLog("****Leaving SESS_getUserIdFromSession",1);
}
- if (!$row) {
+ if ($numrows == 1) {
+ $row = DB_fetchArray($result);
+ return $row['uid'];
+ } else {
return 0;
- } else {
- return $row['uid'];
}
}
More information about the geeklog-cvs
mailing list