Fossil SCM
fix for cookie mismatch for self-registered users (reported via mailing list).
Commit
dc97099ac35b47f46d7e9f7486e0d2b204007242
Parent
1bf77fa2da6dc48…
1 file changed
+1
-18
+1
-18
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -1214,37 +1214,20 @@ | ||
| 1214 | 1214 | @ %s(zUsername) already exists. |
| 1215 | 1215 | @ </span></p> |
| 1216 | 1216 | }else{ |
| 1217 | 1217 | char *zPw = sha1_shared_secret(blob_str(&passwd), blob_str(&login), 0); |
| 1218 | 1218 | int uid; |
| 1219 | - char *zCookie; | |
| 1220 | - const char *zCookieName; | |
| 1221 | - const char *zExpire; | |
| 1222 | - int expires; | |
| 1223 | - const char *zIpAddr; | |
| 1224 | 1219 | db_multi_exec( |
| 1225 | 1220 | "INSERT INTO user(login,pw,cap,info)" |
| 1226 | 1221 | "VALUES(%B,%Q,%B,%B)", |
| 1227 | 1222 | &login, zPw, &caps, &contact |
| 1228 | 1223 | ); |
| 1229 | 1224 | free(zPw); |
| 1230 | 1225 | |
| 1231 | 1226 | /* The user is registered, now just log him in. */ |
| 1232 | 1227 | uid = db_int(0, "SELECT uid FROM user WHERE login=%Q", zUsername); |
| 1233 | - zCookieName = login_cookie_name(); | |
| 1234 | - zExpire = db_get("cookie-expire","8766"); | |
| 1235 | - expires = atoi(zExpire)*3600; | |
| 1236 | - zIpAddr = PD("REMOTE_ADDR","nil"); | |
| 1237 | - | |
| 1238 | - zCookie = db_text(0, "SELECT '%d/' || hex(randomblob(25))", uid); | |
| 1239 | - cgi_set_cookie(zCookieName, zCookie, login_cookie_path(), expires); | |
| 1240 | - record_login_attempt(zUsername, zIpAddr, 1); | |
| 1241 | - db_multi_exec( | |
| 1242 | - "UPDATE user SET cookie=%Q, ipaddr=%Q, " | |
| 1243 | - " cexpire=julianday('now')+%d/86400.0 WHERE uid=%d", | |
| 1244 | - zCookie, ipPrefix(zIpAddr), expires, uid | |
| 1245 | - ); | |
| 1228 | + login_set_user_cookie( zUsername, uid, NULL ); | |
| 1246 | 1229 | redirect_to_g(); |
| 1247 | 1230 | |
| 1248 | 1231 | } |
| 1249 | 1232 | } |
| 1250 | 1233 | } |
| 1251 | 1234 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -1214,37 +1214,20 @@ | |
| 1214 | @ %s(zUsername) already exists. |
| 1215 | @ </span></p> |
| 1216 | }else{ |
| 1217 | char *zPw = sha1_shared_secret(blob_str(&passwd), blob_str(&login), 0); |
| 1218 | int uid; |
| 1219 | char *zCookie; |
| 1220 | const char *zCookieName; |
| 1221 | const char *zExpire; |
| 1222 | int expires; |
| 1223 | const char *zIpAddr; |
| 1224 | db_multi_exec( |
| 1225 | "INSERT INTO user(login,pw,cap,info)" |
| 1226 | "VALUES(%B,%Q,%B,%B)", |
| 1227 | &login, zPw, &caps, &contact |
| 1228 | ); |
| 1229 | free(zPw); |
| 1230 | |
| 1231 | /* The user is registered, now just log him in. */ |
| 1232 | uid = db_int(0, "SELECT uid FROM user WHERE login=%Q", zUsername); |
| 1233 | zCookieName = login_cookie_name(); |
| 1234 | zExpire = db_get("cookie-expire","8766"); |
| 1235 | expires = atoi(zExpire)*3600; |
| 1236 | zIpAddr = PD("REMOTE_ADDR","nil"); |
| 1237 | |
| 1238 | zCookie = db_text(0, "SELECT '%d/' || hex(randomblob(25))", uid); |
| 1239 | cgi_set_cookie(zCookieName, zCookie, login_cookie_path(), expires); |
| 1240 | record_login_attempt(zUsername, zIpAddr, 1); |
| 1241 | db_multi_exec( |
| 1242 | "UPDATE user SET cookie=%Q, ipaddr=%Q, " |
| 1243 | " cexpire=julianday('now')+%d/86400.0 WHERE uid=%d", |
| 1244 | zCookie, ipPrefix(zIpAddr), expires, uid |
| 1245 | ); |
| 1246 | redirect_to_g(); |
| 1247 | |
| 1248 | } |
| 1249 | } |
| 1250 | } |
| 1251 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -1214,37 +1214,20 @@ | |
| 1214 | @ %s(zUsername) already exists. |
| 1215 | @ </span></p> |
| 1216 | }else{ |
| 1217 | char *zPw = sha1_shared_secret(blob_str(&passwd), blob_str(&login), 0); |
| 1218 | int uid; |
| 1219 | db_multi_exec( |
| 1220 | "INSERT INTO user(login,pw,cap,info)" |
| 1221 | "VALUES(%B,%Q,%B,%B)", |
| 1222 | &login, zPw, &caps, &contact |
| 1223 | ); |
| 1224 | free(zPw); |
| 1225 | |
| 1226 | /* The user is registered, now just log him in. */ |
| 1227 | uid = db_int(0, "SELECT uid FROM user WHERE login=%Q", zUsername); |
| 1228 | login_set_user_cookie( zUsername, uid, NULL ); |
| 1229 | redirect_to_g(); |
| 1230 | |
| 1231 | } |
| 1232 | } |
| 1233 | } |
| 1234 |