Skip to content
Permalink
Browse files

関数 MEMBER::writeCookieKey()を追加

・globalfunctions.php の ログイン処理時の以下の呼び出しの潜在的問題点の修正のため
$member->newCookieKey();
$member->write();
(1)ログイン時に不要な値を更新している
(2)dbのメンバーテーブルに将来的になんらかの修正を加えた場合に
   cookieを保存できず ログイン・アップグレードできなくなる不具合を起ことがあるため。
  • Loading branch information...
piyoyo
piyoyo committed Mar 25, 2015
1 parent af3402e commit 8a4f0a0e0489d5dc4519ac391d50213f29d9c6dd
Showing with 11 additions and 2 deletions.
  1. +10 −1 nucleus/libs/MEMBER.php
  2. +1 −1 nucleus/libs/globalfunctions.php
@@ -471,6 +471,15 @@ function write() {
sql_query($query);
}
function writeCookieKey()
{
$query = 'UPDATE '.sql_table('member')
. " SET "
. " mcookiekey='". sql_real_escape_string($this->getCookieKey()) . "'"
. " WHERE mnumber=" . $this->getID();
sql_query($query);
}
function checkCookieKey($key) {
return (($key != '') && ($key == $this->getCookieKey()));
}
@@ -543,7 +552,7 @@ function getCookieKey() {
function newCookieKey() {
mt_srand( (double) microtime() * 1000000);
$this->cookiekey = md5(uniqid(mt_rand()));
$this->write();
$this->writeCookieKey();
return $this->cookiekey;
}
@@ -269,7 +269,7 @@
if ($CONF['secureCookieKey']!=='none') {
// secure cookie key
$member->setCookieKey(md5($member->getCookieKey().$CONF['secureCookieKeyIP']));
$member->write();
$member->writeCookieKey();
}
// allows direct access to parts of the admin area after logging in

0 comments on commit 8a4f0a0

Please sign in to comment.
You can’t perform that action at this time.