# HG changeset patch
# User HIROSE Yuuji <yuuji@gentei.org>
# Date 1590805681 -32400
# Node ID d7c5f86d9c7580356f7a10eda14bc22affa5a4f7
# Parent  0d13e282441d3c2786f289c249e4d6d986b26f44
Auth check more rigidly

diff -r 0d13e282441d -r d7c5f86d9c75 s4-funcs.sh
--- a/s4-funcs.sh	Fri May 29 09:30:13 2020 +0900
+++ b/s4-funcs.sh	Sat May 30 11:28:01 2020 +0900
@@ -415,7 +415,9 @@
   fi  >&5
   echo ".output stdout" >&5
   cat $sqo
+  rc=$?
   logend
+  return $rc
 }
 _m4() {
   #S4NAME=f,f,f
@@ -702,8 +704,9 @@
 chkskey() {
   # $1=sesskey, $user=LoginUserName
   test -z "$1" && return 1
-  rowid=`query "SELECT rowid FROM $sesstb WHERE user='$user' AND skey = '$1';"` || return 2
-  if [ -n "$rowid" ]; then
+  repl=`query "SELECT rowid,user FROM $sesstb WHERE user='$user' AND skey = '$1';"` || return 2
+  rowid=${repl%%\|*}; repuser=${repl#*\|}
+  if [ -n "$rowid" -a x"$user" = x"$repuser" ]; then
      query "UPDATE $sesstb SET expire=datetime('now', 'localtime', '$timeout') WHERE rowid=$rowid;"	# Errors can be ignored
      return 0
   fi