From aad6e2a9c4857715c8bd56693d21b87dd0c16263 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Tue, 27 Mar 2007 05:34:30 -0400
Subject: [PATCH] New session authentication, should fix bugs #1483951 and #1484299; testing required
---
index.php | 16 +++++++++++-----
1 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/index.php b/index.php
index eaecfdf..f365ef9 100644
--- a/index.php
+++ b/index.php
@@ -2,7 +2,7 @@
/*
+-----------------------------------------------------------------------+
| RoundCube Webmail IMAP Client |
- | Version 0.1-20070301 |
+ | Version 0.1-20070327 |
| |
| Copyright (C) 2005-2007, RoundCube Dev. - Switzerland |
| Licensed under the GNU GPL |
@@ -40,7 +40,7 @@
*/
-define('RCMAIL_VERSION', '0.1-20070301');
+define('RCMAIL_VERSION', '0.1-20070327');
// define global vars
$CHARSET = 'UTF-8';
@@ -172,10 +172,17 @@
{
show_message("cookiesdisabled", 'warning');
}
- else if (isset($_POST['_user']) && isset($_POST['_pass']) &&
+ else if ($_SESSION['temp'] && isset($_POST['_user']) && isset($_POST['_pass']) &&
rcmail_login(get_input_value('_user', RCUBE_INPUT_POST),
get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'), $host))
{
+ // create new session ID
+ unset($_SESSION['temp']);
+ sess_regenerate_id();
+
+ // send auth cookie if necessary
+ rcmail_authenticate_session();
+
// send redirect
header("Location: $COMM_PATH");
exit;
@@ -197,8 +204,7 @@
// check session and auth cookie
else if ($_action != 'login' && $_SESSION['user_id'] && $_action != 'send')
{
- if (!rcmail_authenticate_session() ||
- (!empty($CONFIG['session_lifetime']) && isset($SESS_CHANGED) && $SESS_CHANGED + $CONFIG['session_lifetime']*60 < mktime()))
+ if (!rcmail_authenticate_session())
{
$message = show_message('sessionerror', 'error');
rcmail_kill_session();
--
Gitblit v1.9.1