From 0a2cf6a71616d4f11ac53bda0b0904c43f1f9a54 Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Sat, 4 Oct 2008 14:43:36 +0000 Subject: [PATCH] bug #2136986 [auth] Cannot create database after session timeout --- ChangeLog | 1 + libraries/auth/cookie.auth.lib.php | 9 +++++++++ libraries/check_user_privileges.lib.php | 1 + libraries/common.lib.php | 21 ++++++++++++++++++--- 4 files changed, 29 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index be2f0e35b..aa8a7c6c6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA + [lang] Russian update, thanks to Victor Volkov - patch #2143882 [import] Temporary uploaded file not deleted, thanks to David Misc - dmisc +- bug #2136986 [auth] Cannot create database after session timeout 3.0.0.0 (2008-09-27) + [export] properly handle line breaks for YAML, thanks to Dan Barry - diff --git a/libraries/auth/cookie.auth.lib.php b/libraries/auth/cookie.auth.lib.php index f050a44ff..951082827 100644 --- a/libraries/auth/cookie.auth.lib.php +++ b/libraries/auth/cookie.auth.lib.php @@ -395,6 +395,10 @@ function PMA_auth_check() if (! empty($_REQUEST['old_usr'])) { // The user wants to be logged out // -> delete his choices that were stored in session + + // according to the PHP manual we should do this before the destroy: + $_SESSION = array(); + session_destroy(); // -> delete password cookie(s) if ($GLOBALS['cfg']['LoginCookieDeleteAll']) { @@ -447,6 +451,11 @@ function PMA_auth_check() // User inactive too long if ($_SESSION['last_access_time'] < time() - $GLOBALS['cfg']['LoginCookieValidity']) { + PMA_cacheUnset('is_create_db_priv', true); + PMA_cacheUnset('is_process_priv', true); + PMA_cacheUnset('is_reload_priv', true); + PMA_cacheUnset('db_to_create', true); + PMA_cacheUnset('dbs_where_create_table_allowed', true); $GLOBALS['no_activity'] = true; PMA_auth_fails(); exit; diff --git a/libraries/check_user_privileges.lib.php b/libraries/check_user_privileges.lib.php index 228cdc226..42cd73a34 100644 --- a/libraries/check_user_privileges.lib.php +++ b/libraries/check_user_privileges.lib.php @@ -147,6 +147,7 @@ function PMA_analyseShowGrant() PMA_DBI_free_result($rs_usr); + // must also PMA_cacheUnset() them in libraries/auth/cookie.auth.lib.php PMA_cacheSet('is_create_db_priv', $GLOBALS['is_create_db_priv'], true); PMA_cacheSet('is_process_priv', $GLOBALS['is_process_priv'], true); PMA_cacheSet('is_reload_priv', $GLOBALS['is_reload_priv'], true); diff --git a/libraries/common.lib.php b/libraries/common.lib.php index 47588d73c..5ad789149 100644 --- a/libraries/common.lib.php +++ b/libraries/common.lib.php @@ -2409,7 +2409,7 @@ window.addEvent('domready', function(){ } /** - * Cache information in the session + * Verifies if something is cached in the session * * @param unknown_type $var * @param unknown_type $val @@ -2425,7 +2425,7 @@ function PMA_cacheExists($var, $server = 0) } /** - * Cache information in the session + * Gets cached information from the session * * @param unknown_type $var * @param unknown_type $val @@ -2445,7 +2445,7 @@ function PMA_cacheGet($var, $server = 0) } /** - * Cache information in the session + * Caches information in the session * * @param unknown_type $var * @param unknown_type $val @@ -2460,6 +2460,21 @@ function PMA_cacheSet($var, $val = null, $server = 0) $_SESSION['cache']['server_' . $server][$var] = $val; } +/** + * Removes cached information from the session + * + * @param unknown_type $var + * @param unknown_type $server + * @return mixed + */ +function PMA_cacheUnset($var, $server = 0) +{ + if (true === $server) { + $server = $GLOBALS['server']; + } + unset($_SESSION['cache']['server_' . $server][$var]); +} + /** * Converts a bit value to printable format; * in MySQL a BIT field can be from 1 to 64 bits so we need this