drop support for old session hash formati18n

author: Ineiev <ineiev@gnu.org> 2024-09-26 09:20:23 +0000
committer: Ineiev <ineiev@gnu.org> 2024-10-05 16:20:08 +0000
commit: 34c867a77253555b792f04850e6fdcb3bc7a1b89 (patch)
tree: f76580dc34a3f625b744fbcf8e04ea03060bf3e2
parent: 8ccc587ebb05c6c8a10f2eabb0aeffd05a30fbea (diff)
download: savane-i18n.tar.gz
1 files changed, 2 insertions, 6 deletions
diff --git a/frontend/php/include/session.php b/frontend/php/include/session.php
index 4edcc24f..950ef00e 100644
--- a/frontend/php/include/session.php
+++ b/frontend/php/include/session.php
@@ -261,12 +261,10 @@ function session_fetch_data ($uid, $hash)
 {
   list ($clean_hash, $param) = session_hash_parts ($hash);
   if (empty ($param))
-    $param = $hash;
-  else
-    $param .= '%';
+    return null;
   $res = db_execute (
     'SELECT * FROM session WHERE user_id = ? AND session_hash LIKE ?',
-    [$uid, $param]
+    [$uid, "$param%"]
   );
   while ($row = db_fetch_array ($res))
     if (session_valid_hash ($row['session_hash'], $clean_hash))
@@ -388,8 +386,6 @@ function session_count ($uid)
 function session_valid_hash ($stored_hash, $hash)
 {
   list ($clean_hash, $ticket) = session_hash_parts ($stored_hash);
-  if (empty ($ticket))
-    return $hash === $stored_hash;
   return account_validpw ($clean_hash, $hash);
 }
author	Ineiev <ineiev@gnu.org>	2024-09-26 09:20:23 +0000
committer	Ineiev <ineiev@gnu.org>	2024-10-05 16:20:08 +0000
commit	34c867a77253555b792f04850e6fdcb3bc7a1b89 (patch)
tree	f76580dc34a3f625b744fbcf8e04ea03060bf3e2
parent	8ccc587ebb05c6c8a10f2eabb0aeffd05a30fbea (diff)
download	savane-i18n.tar.gz