Mercurial > hgrepos > hgweb.cgi > s4
changeset 714:d7c5f86d9c75
Auth check more rigidly
author | HIROSE Yuuji <yuuji@gentei.org> |
---|---|
date | Sat, 30 May 2020 11:28:01 +0900 |
parents | 0d13e282441d |
children | d890694ff8ab |
files | s4-funcs.sh |
diffstat | 1 files changed, 5 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/s4-funcs.sh Fri May 29 09:30:13 2020 +0900 +++ b/s4-funcs.sh Sat May 30 11:28:01 2020 +0900 @@ -415,7 +415,9 @@ fi >&5 echo ".output stdout" >&5 cat $sqo + rc=$? logend + return $rc } _m4() { #S4NAME=f,f,f @@ -702,8 +704,9 @@ chkskey() { # $1=sesskey, $user=LoginUserName test -z "$1" && return 1 - rowid=`query "SELECT rowid FROM $sesstb WHERE user='$user' AND skey = '$1';"` || return 2 - if [ -n "$rowid" ]; then + repl=`query "SELECT rowid,user FROM $sesstb WHERE user='$user' AND skey = '$1';"` || return 2 + rowid=${repl%%\|*}; repuser=${repl#*\|} + if [ -n "$rowid" -a x"$user" = x"$repuser" ]; then query "UPDATE $sesstb SET expire=datetime('now', 'localtime', '$timeout') WHERE rowid=$rowid;" # Errors can be ignored return 0 fi