From fcc7f861b170596c6970aecb1ddc87a3567b112f Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Sat, 30 Jul 2011 11:32:13 -0400
Subject: [PATCH] Log session validation errors; keep error message when redirecting to login after session error
---
index.php | 17 +++++++++++++----
1 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/index.php b/index.php
index 2cf5814..4b887c7 100644
--- a/index.php
+++ b/index.php
@@ -120,7 +120,7 @@
// allow plugins to control the redirect url after login success
$redir = $RCMAIL->plugins->exec_hook('login_after', $query + array('_task' => 'mail'));
- unset($redir['abort']);
+ unset($redir['abort'], $redir['_err']);
// send redirect
$OUTPUT->redirect($redir);
@@ -147,18 +147,24 @@
// check session and auth cookie
else if ($RCMAIL->task != 'login' && $_SESSION['user_id'] && $RCMAIL->action != 'send') {
if (!$RCMAIL->session->check_auth()) {
- $OUTPUT->show_message('sessionerror', 'error');
$RCMAIL->kill_session();
+ $session_error = true;
}
}
// not logged in -> show login page
if (empty($RCMAIL->user->ID)) {
+ // log session failures
+ if ($RCMAIL->task != 'login' && !$session_error && ($sess_id = $_COOKIE[ini_get('session.name')])) {
+ $RCMAIL->session->log("Aborted session " . $sess_id . "; no valid session data found");
+ $session_error = true;
+ }
+
if ($OUTPUT->ajax_call)
- $OUTPUT->redirect(array(), 2000);
+ $OUTPUT->redirect(array('_err' => 'session'), 2000);
if (!empty($_REQUEST['_framed']))
- $OUTPUT->command('redirect', '?');
+ $OUTPUT->command('redirect', $RCMAIL->url(array('_err' => 'session')));
// check if installer is still active
if ($RCMAIL->config->get('enable_installer') && is_readable('./installer/index.php')) {
@@ -171,6 +177,9 @@
)
);
}
+
+ if ($session_error || $_REQUEST['_err'] == 'session')
+ $OUTPUT->show_message('sessionerror', 'error', null, true, -1);
$RCMAIL->set_task('login');
$OUTPUT->send('login');
--
Gitblit v1.9.1