summaryrefslogtreecommitdiffstats
path: root/web
diff options
context:
space:
mode:
Diffstat (limited to 'web')
-rw-r--r--web/lib/aur.inc8
-rw-r--r--web/template/header.php8
2 files changed, 7 insertions, 9 deletions
diff --git a/web/lib/aur.inc b/web/lib/aur.inc
index 4715648..0258060 100644
--- a/web/lib/aur.inc
+++ b/web/lib/aur.inc
@@ -78,7 +78,7 @@ function check_sid() {
$q = "SELECT LastUpdateTS, UNIX_TIMESTAMP() FROM Sessions ";
$q.= "WHERE SessionID = '" . mysql_real_escape_string($_COOKIE["AURSID"]) . "'";
$result = db_query($q, $dbh);
- if (!$result) {
+ if (mysql_num_rows($result) == 0) {
# Invalid SessionID - hacker alert!
#
$failed = 1;
@@ -91,12 +91,10 @@ function check_sid() {
}
if ($failed == 1) {
# clear out the hacker's cookie, and send them to a naughty page
+ # why do you have to be so harsh on these people!?
#
setcookie("AURSID", "", time() - (60*60*24*30), "/");
- # I think it's probably safe to do the same as below with this
- # but not really vital at this point
- header("Location: /hacker.php");
-
+ unset($_COOKIE['AURSID']);
} elseif ($failed == 2) {
# visitor's session id either doesn't exist, or the timeout
# was reached and they must login again, send them back to
diff --git a/web/template/header.php b/web/template/header.php
index 5230dc5..440cb24 100644
--- a/web/template/header.php
+++ b/web/template/header.php
@@ -68,7 +68,10 @@ foreach ($SUPPORTED_LANGS as $lang => $lang_name) {
<br />
<div style="text-align: right; padding-right: 10px">
<?php
-if (!isset($_COOKIE["AURSID"])) {
+if (isset($_COOKIE["AURSID"])) {
+ print __("Logged-in as: %h%s%h",
+ array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>"));
+} else {
if ($login_error) {
print "<span class='error'>" . $login_error . "</span><br />\n";
}
@@ -81,9 +84,6 @@ if (!isset($_COOKIE["AURSID"])) {
<input type='submit' class='button' value='<?php print __("Login"); ?>'>
</form>
<?php
-} else {
- print __("Logged-in as: %h%s%h",
- array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>"));
}
?>
</div>