harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

issue #320 - regression, after removing channel attached to an authenticated session the session was not completely cleared.

Browse Source
This commit is contained in:
redmatrix 2016-03-12 19:53:07 -08:00
parent 70ad69d38c
commit cc29e27acc
3 changed files with 34 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
include/Contact.php
View File

@ -263,7 +263,7 @@ function rrmdir($path)
return false;
}
function channel_remove($channel_id, $local = true, $unset_session=true) {
function channel_remove($channel_id, $local = true, $unset_session=false) {
if(! $channel_id)
return;
@ -389,8 +389,7 @@ function channel_remove($channel_id, $local = true, $unset_session=true) {
proc_run('php','include/directory.php',$channel_id);
if($channel_id == local_channel() && $unset_session) {
unset($_SESSION['authenticated']);
unset($_SESSION['uid']);
nuke_session();
goaway($a->get_baseurl());
}

27
include/auth.php
View File

@ -12,33 +12,6 @@
require_once('include/api_auth.php');
require_once('include/security.php');
/**
* @brief Resets the current session.
*
* @return void
*/
function nuke_session() {
new_cookie(0); // 0 means delete on browser exit
unset($_SESSION['authenticated']);
unset($_SESSION['account_id']);
unset($_SESSION['uid']);
unset($_SESSION['visitor_id']);
unset($_SESSION['administrator']);
unset($_SESSION['cid']);
unset($_SESSION['theme']);
unset($_SESSION['mobile_theme']);
unset($_SESSION['show_mobile']);
unset($_SESSION['page_flags']);
unset($_SESSION['delegate']);
unset($_SESSION['delegate_channel']);
unset($_SESSION['my_url']);
unset($_SESSION['my_address']);
unset($_SESSION['addr']);
unset($_SESSION['return_url']);
unset($_SESSION['remote_service_class']);
unset($_SESSION['remote_hub']);
}
/**
* @brief Verify login credentials.

32
include/session.php
View File

@ -12,6 +12,38 @@
$session_exists = 0;
$session_expire = 180000;
/**
* @brief Resets the current session.
*
* @return void
*/
function nuke_session() {
new_cookie(0); // 0 means delete on browser exit
unset($_SESSION['authenticated']);
unset($_SESSION['account_id']);
unset($_SESSION['uid']);
unset($_SESSION['visitor_id']);
unset($_SESSION['administrator']);
unset($_SESSION['cid']);
unset($_SESSION['theme']);
unset($_SESSION['mobile_theme']);
unset($_SESSION['show_mobile']);
unset($_SESSION['page_flags']);
unset($_SESSION['delegate']);
unset($_SESSION['delegate_channel']);
unset($_SESSION['my_url']);
unset($_SESSION['my_address']);
unset($_SESSION['addr']);
unset($_SESSION['return_url']);
unset($_SESSION['remote_service_class']);
unset($_SESSION['remote_hub']);
}
function new_cookie($time) {
$old_sid = session_id();