diff options
author | Andrew Dolgov <[email protected]> | 2013-07-06 12:05:52 +0400 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2013-07-06 12:05:52 +0400 |
commit | 04a8c2065f73fd425a61dc55b4735de866fc01c5 (patch) | |
tree | c1a5d3deb248f028720fedc4f126f273966d5a62 /include | |
parent | bd207093ee9981331fb7db6a354aef0c3ce6cc50 (diff) |
better error reporting in session validation
Diffstat (limited to 'include')
-rw-r--r-- | include/sessions.php | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/include/sessions.php b/include/sessions.php index 423ef0eda..66214afe7 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -62,11 +62,17 @@ return false; } - if ($_SESSION["ref_schema_version"] != session_get_schema_version(true)) + if ($_SESSION["ref_schema_version"] != session_get_schema_version(true)) { + $_SESSION["login_error_msg"] = + __("Session failed to validate (schema version changed)"); return false; + } - if (sha1($_SERVER['HTTP_USER_AGENT']) != $_SESSION["user_agent"]) + if (sha1($_SERVER['HTTP_USER_AGENT']) != $_SESSION["user_agent"]) { + $_SESSION["login_error_msg"] = + __("Session failed to validate (user agent changed)"); return false; + } if ($_SESSION["uid"]) { $result = Db::get()->query( @@ -74,11 +80,19 @@ // user not found if (Db::get()->num_rows($result) == 0) { + + $_SESSION["login_error_msg"] = + __("Session failed to validate (user not found)"); + return false; } else { $pwd_hash = Db::get()->fetch_result($result, 0, "pwd_hash"); if ($pwd_hash != $_SESSION["pwd_hash"]) { + + $_SESSION["login_error_msg"] = + __("Session failed to validate (password changed)"); + return false; } } |