better error reporting in session validation

author: Andrew Dolgov <[email protected]> 2013-07-06 12:05:52 +0400
committer: Andrew Dolgov <[email protected]> 2013-07-06 12:05:52 +0400
commit: 04a8c2065f73fd425a61dc55b4735de866fc01c5 (patch)
tree: c1a5d3deb248f028720fedc4f126f273966d5a62 /include/sessions.php
parent: bd207093ee9981331fb7db6a354aef0c3ce6cc50 (diff)
1 files changed, 16 insertions, 2 deletions
diff --git a/include/sessions.php b/include/sessions.php
index 423ef0eda..66214afe7 100644
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -62,11 +62,17 @@
 			return false;
 		}
 
-		if ($_SESSION["ref_schema_version"] != session_get_schema_version(true))
+		if ($_SESSION["ref_schema_version"] != session_get_schema_version(true)) {
+			$_SESSION["login_error_msg"] =
+				__("Session failed to validate (schema version changed)");
 			return false;
+		}
 
-		if (sha1($_SERVER['HTTP_USER_AGENT']) != $_SESSION["user_agent"])
+		if (sha1($_SERVER['HTTP_USER_AGENT']) != $_SESSION["user_agent"]) {
+			$_SESSION["login_error_msg"] =
+				__("Session failed to validate (user agent changed)");
 			return false;
+		}
 
 		if ($_SESSION["uid"]) {
 			$result = Db::get()->query(
@@ -74,11 +80,19 @@
 
 			// user not found
 			if (Db::get()->num_rows($result) == 0) {
+
+				$_SESSION["login_error_msg"] =
+					__("Session failed to validate (user not found)");
+
 				return false;
 			} else {
 				$pwd_hash = Db::get()->fetch_result($result, 0, "pwd_hash");
 
 				if ($pwd_hash != $_SESSION["pwd_hash"]) {
+
+					$_SESSION["login_error_msg"] =
+						__("Session failed to validate (password changed)");
+
 					return false;
 				}
 			}
author	Andrew Dolgov <[email protected]>	2013-07-06 12:05:52 +0400
committer	Andrew Dolgov <[email protected]>	2013-07-06 12:05:52 +0400
commit	04a8c2065f73fd425a61dc55b4735de866fc01c5 (patch)
tree	c1a5d3deb248f028720fedc4f126f273966d5a62 /include/sessions.php
parent	bd207093ee9981331fb7db6a354aef0c3ce6cc50 (diff)