summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/util.php84
1 files changed, 58 insertions, 26 deletions
diff --git a/lib/util.php b/lib/util.php
index 259ea7a96..0e0198ee3 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -620,33 +620,65 @@ function common_rememberme($user=NULL) {
}
function common_remembered_user() {
+
$user = NULL;
- # Try to remember
- $packed = isset($_COOKIE[REMEMBERME]) ? $_COOKIE[REMEMBERME] : '';
- if ($packed) {
- list($id, $code) = explode(':', $packed);
- if ($id && $code) {
- $rm = Remember_me::staticGet($code);
- if ($rm && ($rm->user_id == $id)) {
- $user = User::staticGet($rm->user_id);
- if ($user) {
- # successful!
- $result = $rm->delete();
- if (!$result) {
- common_log_db_error($rm, 'DELETE', __FILE__);
- $user = NULL;
- } else {
- common_log(LOG_INFO, 'logging in ' . $user->nickname . ' using rememberme code ' . $rm->code);
- common_set_user($user->nickname);
- common_real_login(false);
- # We issue a new cookie, so they can log in
- # automatically again after this session
- common_rememberme($user);
- }
- }
- }
- }
- }
+
+ $packed = isset($_COOKIE[REMEMBERME]) ? $_COOKIE[REMEMBERME] : NULL;
+
+ if (!$packed) {
+ return NULL;
+ }
+
+ list($id, $code) = explode(':', $packed);
+
+ if (!$id || !$code) {
+ common_warning('Malformed rememberme cookie: ' . $packed);
+ common_forgetme();
+ return NULL;
+ }
+
+ $rm = Remember_me::staticGet($code);
+
+ if (!$rm) {
+ common_warning('No such remember code: ' . $code);
+ common_forgetme();
+ return NULL;
+ }
+
+ if ($rm->user_id != $id) {
+ common_warning('Rememberme code for wrong user: ' . $rm->user_id . ' != ' . $id);
+ common_forgetme();
+ return NULL;
+ }
+
+ $user = User::staticGet($rm->user_id);
+
+ if (!$user) {
+ common_warning('No such user for rememberme: ' . $rm->user_id);
+ common_forgetme();
+ return NULL;
+ }
+
+ # successful!
+ $result = $rm->delete();
+
+ if (!$result) {
+ common_log_db_error($rm, 'DELETE', __FILE__);
+ common_warning('Could not delete rememberme: ' . $code);
+ common_forgetme();
+ return NULL;
+ }
+
+ common_log(LOG_INFO, 'logging in ' . $user->nickname . ' using rememberme code ' . $rm->code);
+
+ common_set_user($user->nickname);
+ common_real_login(false);
+
+ # We issue a new cookie, so they can log in
+ # automatically again after this session
+
+ common_rememberme($user);
+
return $user;
}