From 04a8c2065f73fd425a61dc55b4735de866fc01c5 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Sat, 6 Jul 2013 12:05:52 +0400
Subject: better error reporting in session validation

---
 include/sessions.php | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

(limited to 'include/sessions.php')

diff --git a/include/sessions.php b/include/sessions.php
index 423ef0eda..66214afe7 100644
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -62,11 +62,17 @@
 			return false;
 		}
 
-		if ($_SESSION["ref_schema_version"] != session_get_schema_version(true))
+		if ($_SESSION["ref_schema_version"] != session_get_schema_version(true)) {
+			$_SESSION["login_error_msg"] =
+				__("Session failed to validate (schema version changed)");
 			return false;
+		}
 
-		if (sha1($_SERVER['HTTP_USER_AGENT']) != $_SESSION["user_agent"])
+		if (sha1($_SERVER['HTTP_USER_AGENT']) != $_SESSION["user_agent"]) {
+			$_SESSION["login_error_msg"] =
+				__("Session failed to validate (user agent changed)");
 			return false;
+		}
 
 		if ($_SESSION["uid"]) {
 			$result = Db::get()->query(
@@ -74,11 +80,19 @@
 
 			// user not found
 			if (Db::get()->num_rows($result) == 0) {
+
+				$_SESSION["login_error_msg"] =
+					__("Session failed to validate (user not found)");
+
 				return false;
 			} else {
 				$pwd_hash = Db::get()->fetch_result($result, 0, "pwd_hash");
 
 				if ($pwd_hash != $_SESSION["pwd_hash"]) {
+
+					$_SESSION["login_error_msg"] =
+						__("Session failed to validate (password changed)");
+
 					return false;
 				}
 			}
-- 
cgit v1.2.3