From: niekt0 Date: Thu, 4 Nov 2010 09:56:50 +0000 (+0100) Subject: fixed session fixation X-Git-Url: https://git.harvie.cz/?a=commitdiff_plain;h=1e66e7ace822bce360c88bd3a082fc5cccfadfe0;p=mirrors%2FKyberia-bloodline.git fixed session fixation --- diff --git a/wwwroot/inc/eventz/login.inc b/wwwroot/inc/eventz/login.inc index 94f7f4c..3849129 100644 --- a/wwwroot/inc/eventz/login.inc +++ b/wwwroot/inc/eventz/login.inc @@ -1,9 +1,5 @@ This is da default one -// require(INCLUDE_DIR.'ldap.inc'); global $db,$error,$node_id; $login = mysql_real_escape_string($_POST['login']); @@ -37,8 +33,6 @@ function login() { break; } -// $ldap_response=LDAPuser::auth($user_id,$password); - if (!$set) { //XXX test $error="Zadal si nespravne uzivatelske meno [alebo id] alebo heslo. Rob so sebou nieco"; return false; @@ -57,11 +51,11 @@ Prajem prijemnu odvykacku:-)"; return false; } -//ldap replicate -// LDAPuser::ldap_mysql_sync($user_name,$user_id,$password); +// Login sucessfull + // prevent session fixation + session_regenerate_id(); -// $cube_vector=$set->getString('cube_vector'); // saves friends list as an array into user session @@ -94,7 +88,6 @@ where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name" $_SESSION['fook'][$fookset->getString('node_parent')]=true; } -// LDAPuser::replicate($user_name,$user_id,$password); //save bookstyle into user session $q="select node_content from nodes where node_parent=19 and external_link='session://bookstyl' and node_creator='$user_id'"; diff --git a/wwwroot/inc/smarty/node_methodz/function.get_image_link.php b/wwwroot/inc/smarty/node_methodz/function.get_image_link.php index 9470a2b..06194e1 100644 --- a/wwwroot/inc/smarty/node_methodz/function.get_image_link.php +++ b/wwwroot/inc/smarty/node_methodz/function.get_image_link.php @@ -9,9 +9,13 @@ function smarty_function_get_image_link($params,&$smarty) { } else { $set = $db->query("select user_id from users where user_id = $id"); - if ($set->getNumRows() > 0) $imglink = "/images/nodes///.gif"; - else $imglink = "/images/nodes/1/0/101.gif"; + if ($set->getNumRows() > 0) { + $imglink = "/images/nodes///.gif"; + } else { + $imglink = "/images/nodes/1/0/101.gif"; + } echo $imglink; } } + ?>