diff options
| author | Loui Chang <louipc.ist@gmail.com> | 2008-11-17 17:45:12 +0100 |
|---|---|---|
| committer | Loui Chang <louipc.ist@gmail.com> | 2008-11-25 07:31:08 +0100 |
| commit | 692cc1e9536c8440586cbca0957dbf7d41b65f4c (patch) | |
| tree | f7df59421af4e047bb926891e47225e9d13fe134 /web/lib/aur.inc | |
| parent | 836c162946370c228525814388622821c7fc0f17 (diff) | |
| download | aur-692cc1e9536c8440586cbca0957dbf7d41b65f4c.tar.gz aur-692cc1e9536c8440586cbca0957dbf7d41b65f4c.tar.xz | |
Make remembered sessions actually save themselves.
Also clean up a notice in index.php
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Diffstat (limited to 'web/lib/aur.inc')
| -rw-r--r-- | web/lib/aur.inc | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/web/lib/aur.inc b/web/lib/aur.inc index d08ff0ca..e43ddf62 100644 --- a/web/lib/aur.inc +++ b/web/lib/aur.inc @@ -86,10 +86,12 @@ function check_sid() { $failed = 1; } else { $row = mysql_fetch_row($result); - if ($row[0] + $LOGIN_TIMEOUT <= $row[1]) { + $last_update = $row[0]; + if ($last_update + $LOGIN_TIMEOUT <= $row[1]) { $failed = 2; } } + if ($failed == 1) { # clear out the hacker's cookie, and send them to a naughty page # why do you have to be so harsh on these people!? @@ -110,10 +112,17 @@ function check_sid() { } else { # still logged in and haven't reached the timeout, go ahead # and update the idle timestamp + + # Only update the timestamp if it is less than the + # current time plus $LOGIN_TIMEOUT. # - $q = "UPDATE Sessions SET LastUpdateTS = UNIX_TIMESTAMP() "; - $q.= "WHERE SessionID = '".mysql_real_escape_string($_COOKIE["AURSID"])."'"; - db_query($q, $dbh); + # This keeps 'remembered' sessions from being + # overwritten. + if ($last_update < time() + $LOGIN_TIMEOUT) { + $q = "UPDATE Sessions SET LastUpdateTS = UNIX_TIMESTAMP() "; + $q.= "WHERE SessionID = '".mysql_real_escape_string($_COOKIE["AURSID"])."'"; + db_query($q, $dbh); + } } } return; |