Fossil SCM
Allow simultaneous logins to the same user account as long as the IP address is compatible.
Commit
73038baaa3028e01439d0aa6bf789f31106624bd
Parent
e67a77dfeca34f5…
1 file changed
+11
-3
+11
-3
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -261,14 +261,22 @@ | ||
| 261 | 261 | const char *zCookieName = login_cookie_name(); |
| 262 | 262 | const char *zExpire = db_get("cookie-expire","8766"); |
| 263 | 263 | int expires = atoi(zExpire)*3600; |
| 264 | 264 | char *zHash; |
| 265 | 265 | char *zCookie; |
| 266 | - char const * zIpAddr = PD("REMOTE_ADDR","nil"); /* Complete IP address for logging */ | |
| 267 | - char * zRemoteAddr = ipPrefix(zIpAddr); /* Abbreviated IP address */ | |
| 266 | + char const *zIpAddr = PD("REMOTE_ADDR","nil"); /* IP address of user */ | |
| 267 | + char *zRemoteAddr = ipPrefix(zIpAddr); /* Abbreviated IP address */ | |
| 268 | + | |
| 268 | 269 | assert((zUsername && *zUsername) && (uid > 0) && "Invalid user data."); |
| 269 | - zHash = db_text(0, "SELECT hex(randomblob(25))"); | |
| 270 | + zHash = db_text(0, | |
| 271 | + "SELECT cookie FROM user" | |
| 272 | + " WHERE uid=%d" | |
| 273 | + " AND ipaddr=%Q" | |
| 274 | + " AND cexpire>julianday('now')" | |
| 275 | + " AND length(cookie)>30", | |
| 276 | + uid, zRemoteAddr); | |
| 277 | + if( zHash==0 ) zHash = db_text(0, "SELECT hex(randomblob(25))"); | |
| 270 | 278 | zCookie = login_gen_user_cookie_value(zUsername, zHash); |
| 271 | 279 | cgi_set_cookie(zCookieName, zCookie, login_cookie_path(), expires); |
| 272 | 280 | record_login_attempt(zUsername, zIpAddr, 1); |
| 273 | 281 | db_multi_exec( |
| 274 | 282 | "UPDATE user SET cookie=%Q, ipaddr=%Q, " |
| 275 | 283 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -261,14 +261,22 @@ | |
| 261 | const char *zCookieName = login_cookie_name(); |
| 262 | const char *zExpire = db_get("cookie-expire","8766"); |
| 263 | int expires = atoi(zExpire)*3600; |
| 264 | char *zHash; |
| 265 | char *zCookie; |
| 266 | char const * zIpAddr = PD("REMOTE_ADDR","nil"); /* Complete IP address for logging */ |
| 267 | char * zRemoteAddr = ipPrefix(zIpAddr); /* Abbreviated IP address */ |
| 268 | assert((zUsername && *zUsername) && (uid > 0) && "Invalid user data."); |
| 269 | zHash = db_text(0, "SELECT hex(randomblob(25))"); |
| 270 | zCookie = login_gen_user_cookie_value(zUsername, zHash); |
| 271 | cgi_set_cookie(zCookieName, zCookie, login_cookie_path(), expires); |
| 272 | record_login_attempt(zUsername, zIpAddr, 1); |
| 273 | db_multi_exec( |
| 274 | "UPDATE user SET cookie=%Q, ipaddr=%Q, " |
| 275 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -261,14 +261,22 @@ | |
| 261 | const char *zCookieName = login_cookie_name(); |
| 262 | const char *zExpire = db_get("cookie-expire","8766"); |
| 263 | int expires = atoi(zExpire)*3600; |
| 264 | char *zHash; |
| 265 | char *zCookie; |
| 266 | char const *zIpAddr = PD("REMOTE_ADDR","nil"); /* IP address of user */ |
| 267 | char *zRemoteAddr = ipPrefix(zIpAddr); /* Abbreviated IP address */ |
| 268 | |
| 269 | assert((zUsername && *zUsername) && (uid > 0) && "Invalid user data."); |
| 270 | zHash = db_text(0, |
| 271 | "SELECT cookie FROM user" |
| 272 | " WHERE uid=%d" |
| 273 | " AND ipaddr=%Q" |
| 274 | " AND cexpire>julianday('now')" |
| 275 | " AND length(cookie)>30", |
| 276 | uid, zRemoteAddr); |
| 277 | if( zHash==0 ) zHash = db_text(0, "SELECT hex(randomblob(25))"); |
| 278 | zCookie = login_gen_user_cookie_value(zUsername, zHash); |
| 279 | cgi_set_cookie(zCookieName, zCookie, login_cookie_path(), expires); |
| 280 | record_login_attempt(zUsername, zIpAddr, 1); |
| 281 | db_multi_exec( |
| 282 | "UPDATE user SET cookie=%Q, ipaddr=%Q, " |
| 283 |