fixed session fixation

diff --git a/wwwroot/inc/eventz/login.inc b/wwwroot/inc/eventz/login.inc
index 94f7f4c4a2c2097e5b7743513602992f8e195d28..3849129186b43d2b6983a0aeb2d32d4471de8d6f 100644 (file)
--- a/wwwroot/inc/eventz/login.inc
+++ b/wwwroot/inc/eventz/login.inc
@@ -1,9 +1,5 @@
 <?php
 function login() {
 <?php
 function login() {

-// lockout capatibility
-// with ldap sync
-// <h1> This is da default one</h1>
-//    require(INCLUDE_DIR.'ldap.inc');

 
     global $db,$error,$node_id;
     $login = mysql_real_escape_string($_POST['login']);
 
     global $db,$error,$node_id;
     $login = mysql_real_escape_string($_POST['login']);


@@ -37,8 +33,6 @@ function login() {
         break;
     }
 
         break;
     }
 

-//    $ldap_response=LDAPuser::auth($user_id,$password);
-

     if (!$set) { //XXX test
         $error="Zadal si nespravne uzivatelske meno [alebo id] alebo heslo. Rob so sebou nieco";
         return false;
     if (!$set) { //XXX test
         $error="Zadal si nespravne uzivatelske meno [alebo id] alebo heslo. Rob so sebou nieco";
         return false;


@@ -57,11 +51,11 @@ Prajem prijemnu odvykacku:-)";
             return false;
         }
 
             return false;
         }
 

-//ldap replicate
-// LDAPuser::ldap_mysql_sync($user_name,$user_id,$password);
+//     Login sucessfull

 
 

+       // prevent session fixation
+       session_regenerate_id(); 

 
 

-//

         $cube_vector=$set->getString('cube_vector');
 
         // saves friends list as an array into user session
         $cube_vector=$set->getString('cube_vector');
 
         // saves friends list as an array into user session


@@ -94,7 +88,6 @@ where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name"
             $_SESSION['fook'][$fookset->getString('node_parent')]=true;
         }
 
             $_SESSION['fook'][$fookset->getString('node_parent')]=true;
         }
 

-//        LDAPuser::replicate($user_name,$user_id,$password);

 
         //save bookstyle into user session
         $q="select node_content from nodes where node_parent=19 and external_link='session://bookstyl' and node_creator='$user_id'";
 
         //save bookstyle into user session
         $q="select node_content from nodes where node_parent=19 and external_link='session://bookstyl' and node_creator='$user_id'";

diff --git a/wwwroot/inc/smarty/node_methodz/function.get_image_link.php b/wwwroot/inc/smarty/node_methodz/function.get_image_link.php
index 9470a2bfe8ea004827bd535568e39c1f26d40d6b..06194e1d44bd409205af2e78e1539632b42ad8e5 100644 (file)
--- a/wwwroot/inc/smarty/node_methodz/function.get_image_link.php
+++ b/wwwroot/inc/smarty/node_methodz/function.get_image_link.php
@@ -9,9 +9,13 @@ function smarty_function_get_image_link($params,&$smarty) {
        }
        else {
                $set = $db->query("select user_id from users where user_id = $id");
        }
        else {
                $set = $db->query("select user_id from users where user_id = $id");

-               if ($set->getNumRows() > 0) $imglink = "/images/nodes///.gif";
-               else $imglink = "/images/nodes/1/0/101.gif";
+               if ($set->getNumRows() > 0) {
+                       $imglink = "/images/nodes///.gif";
+               } else {
+                       $imglink = "/images/nodes/1/0/101.gif";
+               }

                echo $imglink;
        }
 }
                echo $imglink;
        }
 }

+

 ?>
 ?>