From 7f0acba7b0e44128974e737cd2b82b794287600d Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Fri, 2 Mar 2007 11:48:46 +0100 Subject: login system tweaks --- functions.php | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) (limited to 'functions.php') diff --git a/functions.php b/functions.php index 5f7565f73..98bfc2e64 100644 --- a/functions.php +++ b/functions.php @@ -1163,6 +1163,7 @@ if (SESSION_CHECK_ADDRESS && $_SESSION["uid"]) { if ($_SESSION["ip_address"]) { if ($_SESSION["ip_address"] != $_SERVER["REMOTE_ADDR"]) { + $_SESSION["login_error_msg"] = "Session failed to validate (incorrect IP)"; return false; } } @@ -1191,20 +1192,22 @@ } } - if ($_COOKIE[get_session_cookie_name()]) { +/* if ($_COOKIE[get_session_cookie_name()]) { require_once "sessions.php"; - } +} */ + + $login_action = $_POST["login_action"]; - if (!validate_session($link)) { +/* if (!validate_session($link) && $login_action != "do_login") { logout_user(); render_login_form($link); exit; - } +} */ - $login_action = $_POST["login_action"]; + $session_started = false; # try to authenticate user if called from login form - if ($login_action == "do_login" && !$_SESSION["uid"]) { + if ($login_action == "do_login") { $login = $_POST["login"]; $password = $_POST["password"]; $remember_me = $_POST["remember_me"]; @@ -1217,7 +1220,7 @@ require_once "sessions.php"; - session_regenerate_id(); + $session_started = true; if (authenticate_user($link, $login, $password)) { $_POST["password"] = ""; @@ -1236,10 +1239,16 @@ exit; return; + } else { + $_SESSION["login_error_msg"] = "Incorrect username or password"; } } - if (!$_SESSION["uid"]) { + if (!$session_started) { + require_once "sessions.php"; + } + + if (!$_SESSION["uid"] || !validate_session($link)) { render_login_form($link); exit; } -- cgit v1.2.3