Changeset 99

Timestamp:

2007-12-12 16:53:32 (1 year ago)

Author:

hannes

Message:

authentication codes (guest passwords) are valid only on the page following the one which they've been set (ticket #39)

Files:

• trunk/classes/misc/Authcode.php (modified) (2 diffs)
• trunk/classes/pages/Page.php (modified) (1 diff)

trunk/classes/misc/Authcode.php

@@ -43 +43 @@
-        // remove auth code from session since it's no longer needed
-        unset($_SESSION['pw']);
+        unset($_SESSION['pw_page']);
-    } /* function destroy */
-
@@ -59 +60 @@
-        // put into session
-        $_SESSION['pw'] = $p->get();
+        // remember number of page this was written
+        $_SESSION['pw_page'] = $_SESSION['page'];
-    } /* function generate */
-

trunk/classes/pages/Page.php

@@ -51 +51 @@
-        // get current timestamp (microseconds) for execution time
-        $this->exec_time_start = microtime(TRUE);
+        // check if auth code in session is set
+        if (isset($_SESSION['pw']) && $_SESSION['pw'] != '') {
+            // check if it's still valid
+            if ($_SESSION['pages'] > $_SESSION['pw_page'] + 1) {
+                // has been set longer ago than the previous page -> remove
+                $auth = new Authcode();
+                $auth->destroy();
+                unset($auth);
+            }
+        }
-        /* Have some kind of manual per-page login credentials been posted?
-         * This shouldn't be checked on 'Userpanel' page, because there is a special handling of that there. */