[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SF.net SVN: ledger-smb:[3738] branches/1.3
- Subject: SF.net SVN: ledger-smb:[3738] branches/1.3
- From: ..hidden..
- Date: Sat, 24 Sep 2011 19:17:44 +0000
Revision: 3738
http://ledger-smb.svn.sourceforge.net/ledger-smb/?rev=3738&view=rev
Author: einhverfr
Date: 2011-09-24 19:17:44 +0000 (Sat, 24 Sep 2011)
Log Message:
-----------
Removing stale dependency on Time::HiRes
Modified Paths:
--------------
branches/1.3/LedgerSMB/Auth/DB.pm
branches/1.3/sql/Pg-database.sql
branches/1.3/sql/modules/Session.sql
Added Paths:
-----------
branches/1.3/sql/upgrade/3738-drop-session-transaction-id.sql
Modified: branches/1.3/LedgerSMB/Auth/DB.pm
===================================================================
--- branches/1.3/LedgerSMB/Auth/DB.pm 2011-09-24 19:06:31 UTC (rev 3737)
+++ branches/1.3/LedgerSMB/Auth/DB.pm 2011-09-24 19:17:44 UTC (rev 3738)
@@ -33,7 +33,6 @@
=cut
sub session_check {
- use Time::HiRes qw(gettimeofday);
my ( $cookie, $form ) = @_;
my $path = ($ENV{SCRIPT_NAME});
@@ -101,8 +100,6 @@
}
else {
-#something's wrong, they have the cookie, but wrong user or the wrong transaction id. Hijack attempt?
-#destroy the session
my $sessionDestroy = $dbh->prepare("");
#delete the cookie in the browser
@@ -138,15 +135,10 @@
my $path = ($ENV{SCRIPT_NAME});
my $secure;
$path =~ s|[^/]*$||;
- use Time::HiRes qw(gettimeofday);
my $dbh = $lsmb->{dbh};
my $login = $lsmb->{login};
- #microseconds are more than random enough for transaction_id
- my ( $ignore, $newTransactionID ) = gettimeofday();
- $newTransactionID = int $newTransactionID;
-
if ( !$ENV{GATEWAY_INTERFACE} ) {
#don't create cookies or sessions for CLI use
@@ -171,10 +163,10 @@
$dbh->prepare("SELECT nextval('session_session_id_seq'), md5(random()::text);");
my $createNew = $dbh->prepare(
- "INSERT INTO session (session_id, users_id, token, transaction_id)
+ "INSERT INTO session (session_id, users_id, token)
VALUES(?, (SELECT id
FROM users
- WHERE username = SESSION_USER), ?, ?);"
+ WHERE username = SESSION_USER), ?);"
);
# Fail early if the user isn't in the users table
@@ -215,7 +207,7 @@
my ( $newSessionID, $newToken ) = $fetchSequence->fetchrow_array;
#create a new session
- $createNew->execute( $newSessionID, $newToken, $newTransactionID )
+ $createNew->execute( $newSessionID, $newToken )
|| http_error('401');
$lsmb->{session_id} = $newSessionID;
Modified: branches/1.3/sql/Pg-database.sql
===================================================================
--- branches/1.3/sql/Pg-database.sql 2011-09-24 19:06:31 UTC (rev 3737)
+++ branches/1.3/sql/Pg-database.sql 2011-09-24 19:17:44 UTC (rev 3738)
@@ -499,7 +499,6 @@
last_used TIMESTAMP default now(),
ttl int default 3600 not null,
users_id INTEGER NOT NULL references users(id),
-transaction_id INTEGER NOT NULL,
notify_pasword interval not null default '7 days'::interval
);
Modified: branches/1.3/sql/modules/Session.sql
===================================================================
--- branches/1.3/sql/modules/Session.sql 2011-09-24 19:06:31 UTC (rev 3737)
+++ branches/1.3/sql/modules/Session.sql 2011-09-24 19:17:44 UTC (rev 3738)
@@ -124,10 +124,9 @@
END IF;
END IF;
- INSERT INTO session(users_id, token, last_used, transaction_id)
- SELECT id, md5(random()::text), now(), 0
+ INSERT INTO session(users_id, token, last_used)
+ SELECT id, md5(random()::text), now()
FROM users WHERE username = SESSION_USER;
- -- TODO-- remove transaction_id field from session table
SELECT * INTO out_row FROM session
WHERE session_id = currval('session_session_id_seq');
Added: branches/1.3/sql/upgrade/3738-drop-session-transaction-id.sql
===================================================================
--- branches/1.3/sql/upgrade/3738-drop-session-transaction-id.sql (rev 0)
+++ branches/1.3/sql/upgrade/3738-drop-session-transaction-id.sql 2011-09-24 19:17:44 UTC (rev 3738)
@@ -0,0 +1 @@
+ALTER TABLE session DROP transaction_id;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.