Fix for FS#1050

Update cookie and session with new details after an "update profile" action darcs-hash:20081013122958-f07c6-244b949b074ac73711c61833f1fa663e55da19c7.gz

Fix for FS#1050
Update cookie and session with new details after an "update profile" action darcs-hash:20081013122958-f07c6-244b949b074ac73711c61833f1fa663e55da19c7.gz
a0b5b007 · Chris Smith · 55eea442 · a0b5b007
Commit a0b5b007 authored 16 years ago by Chris Smith
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -132,25 +132,7 @@ function auth_login($user,$pass,$sticky=false,$silent=false){
    if ($auth->checkPass($user,$pass)){
      // make logininfo globally available
      $_SERVER['REMOTE_USER'] = $user;
-      $USERINFO = $auth->getUserData($user);
+      auth_setCookie($user,PMA_blowfish_encrypt($pass,auth_cookiesalt()),$sticky);
-      // set cookie
-      $pass   = PMA_blowfish_encrypt($pass,auth_cookiesalt());
-      $cookie = base64_encode("$user|$sticky|$pass");
-      if($sticky) $time = time()+60*60*24*365; //one year
-      if (version_compare(PHP_VERSION, '5.2.0', '>')) {
-          setcookie(DOKU_COOKIE,$cookie,$time,DOKU_REL,'',($conf['securecookie'] && is_ssl()),true);
-      }else{
-          setcookie(DOKU_COOKIE,$cookie,$time,DOKU_REL,'',($conf['securecookie'] && is_ssl()));
-      }
-      // set session
-      $_SESSION[DOKU_COOKIE]['auth']['user'] = $user;
-      $_SESSION[DOKU_COOKIE]['auth']['pass'] = $pass;
-      $_SESSION[DOKU_COOKIE]['auth']['buid'] = auth_browseruid();
-      $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
-      $_SESSION[DOKU_COOKIE]['auth']['time'] = time();
      return true;
    }else{
      //invalid credentials - log off
@@ -735,7 +717,14 @@ function updateprofile() {
    }
  }
-  return $auth->triggerUserMod('modify', array($_SERVER['REMOTE_USER'], $changes));
+  if ($result = $auth->triggerUserMod('modify', array($_SERVER['REMOTE_USER'], $changes))) {
+    // update cookie and session with the changed data
+    $cookie = base64_decode($_COOKIE[DOKU_COOKIE]);
+    list($user,$sticky,$pass) = split('\|',$cookie,3);
+    if ($changes['pass']) $pass = PMA_blowfish_encrypt($changes['pass'],auth_cookiesalt());
+    auth_setCookie($_SERVER['REMOTE_USER'],$pass,(bool)$sticky);
+  }
 }
 /**
@@ -993,4 +982,34 @@ function auth_verifyPassword($clear,$crypt){
    return false;
 }
+/**
+ * Set the authentication cookie and add user identification data to the session
+ *
+ * @param string  $user       username
+ * @param string  $pass       encrypted password
+ * @param bool    $sticky     whether or not the cookie will last beyond the session
+ */
+function auth_setCookie($user,$pass,$sticky) {
+	  global $conf;
+	  global $auth;
+      $USERINFO = $auth->getUserData($user);
+      // set cookie
+      $cookie = base64_encode("$user|$sticky|$pass");
+      if($sticky) $time = time()+60*60*24*365; //one year
+      if (version_compare(PHP_VERSION, '5.2.0', '>')) {
+          setcookie(DOKU_COOKIE,$cookie,$time,DOKU_REL,'',($conf['securecookie'] && is_ssl()),true);
+      }else{
+          setcookie(DOKU_COOKIE,$cookie,$time,DOKU_REL,'',($conf['securecookie'] && is_ssl()));
+      }
+      // set session
+      $_SESSION[DOKU_COOKIE]['auth']['user'] = $user;
+      $_SESSION[DOKU_COOKIE]['auth']['pass'] = $pass;
+      $_SESSION[DOKU_COOKIE]['auth']['buid'] = auth_browseruid();
+      $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
+      $_SESSION[DOKU_COOKIE]['auth']['time'] = time();
+}
 //Setup VIM: ex: et ts=2 enc=utf-8 :