s4
changeset 714:d7c5f86d9c75
Auth check more rigidly
author | HIROSE Yuuji <yuuji@gentei.org> |
---|---|
date | Sat, 30 May 2020 11:28:01 +0900 |
parents | 0d13e282441d |
children | d890694ff8ab |
files | s4-funcs.sh |
diffstat | 1 files changed, 5 insertions(+), 2 deletions(-) [+] |
line diff
1.1 --- a/s4-funcs.sh Fri May 29 09:30:13 2020 +0900 1.2 +++ b/s4-funcs.sh Sat May 30 11:28:01 2020 +0900 1.3 @@ -415,7 +415,9 @@ 1.4 fi >&5 1.5 echo ".output stdout" >&5 1.6 cat $sqo 1.7 + rc=$? 1.8 logend 1.9 + return $rc 1.10 } 1.11 _m4() { 1.12 #S4NAME=f,f,f 1.13 @@ -702,8 +704,9 @@ 1.14 chkskey() { 1.15 # $1=sesskey, $user=LoginUserName 1.16 test -z "$1" && return 1 1.17 - rowid=`query "SELECT rowid FROM $sesstb WHERE user='$user' AND skey = '$1';"` || return 2 1.18 - if [ -n "$rowid" ]; then 1.19 + repl=`query "SELECT rowid,user FROM $sesstb WHERE user='$user' AND skey = '$1';"` || return 2 1.20 + rowid=${repl%%\|*}; repuser=${repl#*\|} 1.21 + if [ -n "$rowid" -a x"$user" = x"$repuser" ]; then 1.22 query "UPDATE $sesstb SET expire=datetime('now', 'localtime', '$timeout') WHERE rowid=$rowid;" # Errors can be ignored 1.23 return 0 1.24 fi