Index: trunk/kernel/include/usersession.php
===================================================================
diff -u -r1462 -r1566
--- trunk/kernel/include/usersession.php (.../usersession.php) (revision 1462)
+++ trunk/kernel/include/usersession.php (.../usersession.php) (revision 1566)
@@ -44,7 +44,7 @@
if( !isset($_SERVER['HTTP_REFERER']) ) $_SERVER['HTTP_REFERER'] = '';
if(!isset($_GET['destform'])) $_GET['destform'] = null;
if(!isset($_GET['continue_sess'])) $_GET['continue_sess'] = null;
- if( strlen($id) && (strstr($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'].$objConfig->Get("Site_Path")) || $_GET['destform'] == 'popup' || $_GET['continue_sess'] == 1))
+ if( strlen($id) && (strstr($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'].$objConfig->Get("Site_Path")) || (defined('IS_POPUP') && IS_POPUP) || $_GET['destform'] == 'popup' || $_GET['continue_sess'] == 1))
{
$this->Set("SessionKey",$id);
return $this->LoadFromDatabase($id);
@@ -431,38 +431,40 @@
}
else
{
- // logging in any user (admin & front)
- $pre = GetTablePrefix();
- $sql = "SELECT *,MD5(".$pre."PortalUser.Password) as md5pw FROM ".$pre."PortalUser LEFT JOIN ".$pre."UserGroup USING (PortalUserId) "
- ."LEFT JOIN ".$pre."PortalGroup ON (".$pre."UserGroup.GroupId=".$pre."PortalGroup.GroupId)
- WHERE
- ".$pre."PortalUser.Login='$userLogin' AND ".$pre."PortalUser.Status=1
- AND (".$pre."PortalUser.Password='$userPassword' OR MD5(".$pre."PortalUser.Password)='$userPassword' OR ".$pre."PortalUser.Password='".md5($userPassword)."')
- ORDER BY ".$pre."UserGroup.PrimaryGroup DESC, ".$pre."PortalGroup.Personal DESC";
-//echo $sql."
\n";
- $result = $this->adodbConnection->Execute($sql);
+ // logging in any user (admin & front)
+ $db =& $this->adodbConnection;
+ $prefix = GetTablePrefix();
- if ($result === false)
- {
- $this->m_Errors->AddError("error.DatabaseError",NULL,$this->adodbConnection->ErrorMsg(),"",get_class($this),"Login");
- return false;
- }
-
- if($result->EOF) return -1; // no any user with username & pass specified
+ $key_clause = $objConfig->Get('Email_As_Login') ? 'pu.Email = %1$s' : 'pu.Login = %1$s';
+
+ $sql = 'SELECT *, MD5(pu.Password) AS md5pw
+ FROM '.$prefix.'PortalUser pu
+ LEFT JOIN '.$prefix.'UserGroup ug USING (PortalUserId)
+ LEFT JOIN '.$prefix.'PortalGroup pg ON ug.GroupId = pg.GroupId
+ WHERE ('.$key_clause.') AND (pu.Status = 1) AND (pu.Password = %2$s OR MD5(pu.Password) = %2$s OR pu.Password = MD5(%1$s) )
+ ORDER BY ug.PrimaryGroup DESC, pg.Personal DESC';
+
+ $result = $db->Execute( sprintf($sql, $db->qstr($userLogin), $db->qstr($userPassword) ) );
+
+ if($result === false)
+ {
+ $this->m_Errors->AddError('error.DatabaseError',NULL,$this->adodbConnection->ErrorMsg(),'',get_class($this),'Login');
+ return false;
+ }
+
+ if($result->EOF) return -1; // no any user with username & pass specified
}
- if(!strlen($this->GetSessionKey()))
- {
- $this->GetNewSession();
- }
+ if( !strlen($this->GetSessionKey()) ) $this->GetNewSession();
+
$this->Set("PortalUserId", $result->fields["PortalUserId"]);
- // unset($this->CurrentUser);
- $this->CurrentUser=null;
- if(strlen($result->fields["tz"])>0)
- $this->Set("tz",$result->fields["tz"]);
- $PrimaryGroup=0;
- $PersonalGroup=0;
- $GroupList = array();
+ // unset($this->CurrentUser);
+ $this->CurrentUser = null;
+ if( strlen($result->fields['tz']) > 0 ) $this->Set('tz',$result->fields['tz']);
+ $PrimaryGroup = 0;
+ $PersonalGroup = 0;
+ $GroupList = Array();
+
while($result && !$result->EOF)
{
$skipadd=0;
@@ -520,14 +522,16 @@
{
global $objConfig;
- $this->Set("PortalUserId", 0);
+ $this->Set("PortalUserId", 0); // not logged-in
+ $this->Set('LastAccessed',0); // session become expired
$this->Set("GroupId", $objConfig->Get("User_GuestGroup"));
#$this->SetPersistantVariable("LastLogin", time());
$this->Set("GroupList",$objConfig->Get("User_GuestGroup"));
$this->Set("IpAddress",$_SERVER['REMOTE_ADDR']);
+
$this->DeleteSessionData($this->GetSessionKey());
$this->Update();
- $this->Delete();
+ //$this->Delete();
$this->ResetSysPermCache();
$this->PermCache = array();
}
@@ -634,7 +638,9 @@
}
if(!is_object($this->CurrentUser))
+ {
$this->CurrentUser = $objUsers->GetItem($this->Get("PortalUserId"));
+ }
if(!$this->CurrentUser->VarsLoaded)
{
$this->CurrentUser->LoadPersistantVars();
@@ -681,53 +687,43 @@
function DeleteEditTables()
{
- $tables = $this->adodbConnection->MetaTables();
- $sql = "SHOW TABLES";
- //echo "
";print_r($tables); echo ""; - for($i=0;$i