diff options
| -rw-r--r-- | web/lib/aur.inc | 8 | ||||
| -rw-r--r-- | web/template/header.php | 8 |
2 files changed, 7 insertions, 9 deletions
diff --git a/web/lib/aur.inc b/web/lib/aur.inc index 4715648..0258060 100644 --- a/web/lib/aur.inc +++ b/web/lib/aur.inc @@ -78,7 +78,7 @@ function check_sid() { $q = "SELECT LastUpdateTS, UNIX_TIMESTAMP() FROM Sessions "; $q.= "WHERE SessionID = '" . mysql_real_escape_string($_COOKIE["AURSID"]) . "'"; $result = db_query($q, $dbh); - if (!$result) { + if (mysql_num_rows($result) == 0) { # Invalid SessionID - hacker alert! # $failed = 1; @@ -91,12 +91,10 @@ function check_sid() { } if ($failed == 1) { # clear out the hacker's cookie, and send them to a naughty page + # why do you have to be so harsh on these people!? # setcookie("AURSID", "", time() - (60*60*24*30), "/"); - # I think it's probably safe to do the same as below with this - # but not really vital at this point - header("Location: /hacker.php"); - + unset($_COOKIE['AURSID']); } elseif ($failed == 2) { # visitor's session id either doesn't exist, or the timeout # was reached and they must login again, send them back to diff --git a/web/template/header.php b/web/template/header.php index 5230dc5..440cb24 100644 --- a/web/template/header.php +++ b/web/template/header.php @@ -68,7 +68,10 @@ foreach ($SUPPORTED_LANGS as $lang => $lang_name) { <br /> <div style="text-align: right; padding-right: 10px"> <?php -if (!isset($_COOKIE["AURSID"])) { +if (isset($_COOKIE["AURSID"])) { + print __("Logged-in as: %h%s%h", + array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>")); +} else { if ($login_error) { print "<span class='error'>" . $login_error . "</span><br />\n"; } @@ -81,9 +84,6 @@ if (!isset($_COOKIE["AURSID"])) { <input type='submit' class='button' value='<?php print __("Login"); ?>'> </form> <?php -} else { - print __("Logged-in as: %h%s%h", - array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>")); } ?> </div> |