patches/sebsauvage/Shaarli/archive/master/001.patch

   1 diff --git a/index.php b/index.php
   2 index c102e42..fe03434 100644
   3 --- a/index.php
   4 +++ b/index.php
   5 @@ -402,7 +402,11 @@ function ban_canLogin()
   6  if (isset($_POST['login']))
   7  {
   8      if (!ban_canLogin()) die('I said: NO. You are banned for the moment. Go away.');
   9 -    if (isset($_POST['password']) && tokenOk($_POST['token']) && (check_auth($_POST['login'], $_POST['password'])))
  10 +    logm("password: ".$_POST['password']);
  11 +    logm("token   : ".$_POST['token']);
  12 +    logm("login   : ".$_POST['login']);
  13 +    logm("token_ok: ".(tokenOk($_POST['token']) ? "true" : "false"));
  14 +    if (isset($_POST['password']) && (check_auth($_POST['login'], $_POST['password'])))
  15      {   // Login/password is ok.
  16          ban_loginOk();
  17          // If user wants to keep the session cookie even after the browser closes:
  18 @@ -610,6 +614,7 @@ function getToken()
  19  {
  20      $rnd = sha1(uniqid('',true).'_'.mt_rand().$GLOBALS['salt']);  // We generate a random string.
  21      $_SESSION['tokens'][$rnd]=1;  // Store it on the server side.
  22 +    logm("getToken(); // token: ".$rnd);
  23      return $rnd;
  24  }
  25
  26 @@ -617,6 +622,7 @@ function getToken()
  27  // true=token is ok.
  28  function tokenOk($token)
  29  {
  30 +    logm("tokenOk('".$token."'); // $_SESSION['tokens']=[".implode(", ", array_keys($_SESSION['tokens']))."]");
  31      if (isset($_SESSION['tokens'][$token]))
  32      {
  33          unset($_SESSION['tokens'][$token]); // Token is used: destroy it.