Roxen.git/ server/ modules/ security/ auth_httpcookie.pike

Branch: Tag:

2015-01-15

2015-01-15 15:41:46 by Henrik Grubbström (Grubba) <grubba@grubba.org>

auth_httpcookie: Timeout cookies after a year.

Also increases the username and password length limits to ~164 characters.

Fixes the remainder of [bug 4001 (#4001)].

67:    string c =    String.string2hex(Crypto.SHA1.hash(COOKIE + u + "\0" + p + COOKIE);    catch(get_my_sql()->query( "INSERT INTO "+table+" " -  "(cookie,name,password) VALUES " -  "(%s,%s,%s)", c, encode_pw(u), encode_pw(p) )); +  "(cookie,name,password,timeout) " +  "VALUES (%s,%s,%s)", +  c, encode_pw(u), encode_pw(p), +  time(1) + 31536000));    return c;   }   
143:    get_my_table("",    ({    "cookie varchar(40) PRIMARY KEY NOT NULL", -  "password varchar(40) NOT NULL", -  "name varchar(40) NOT NULL" +  "password varchar(255) NOT NULL", +  "name varchar(255) NOT NULL", +  "timeout int NOT NULL",    }),    "Used to store the information nessesary to "    "authenticate roxen users" ); -  +  +  Sql.Sql sql = get_my_sql(); +  if (!sizeof(sql->query("DESCRIBE " + table + " timeout"))) { +  sql->query("ALTER TABLE " + table + +  " CHANGE password password varchar(255) NOT NULL"); +  sql->query("ALTER TABLE " + table + +  " CHANGE name name varchar(255) NOT NULL"); +  sql->query("ALTER TABLE " + table + +  " ADD timeout int NOT NULL");    } -  +  sql->query("DELETE FROM " + table + " WHERE timeout < %d", +  time()); + }      protected void create()   {