X-Git-Url: https://git.dogcows.com/gitweb?p=chaz%2Fp5-CGI-Ex;a=blobdiff_plain;f=lib%2FCGI%2FEx%2FAuth.pm;fp=lib%2FCGI%2FEx%2FAuth.pm;h=21b82d45fe51f1e9aac701a6b4f45d8195f787d3;hp=149123e13b6ecc7227d65c1f7ab72aba1c1eff24;hb=6ab8b2e8e8388d1a238148a1ee58e124855f3768;hpb=fdecaac30a1168ed894c46d61b6c95524ec62a4e diff --git a/lib/CGI/Ex/Auth.pm b/lib/CGI/Ex/Auth.pm index 149123e..21b82d4 100644 --- a/lib/CGI/Ex/Auth.pm +++ b/lib/CGI/Ex/Auth.pm @@ -7,7 +7,7 @@ CGI::Ex::Auth - Handle logins nicely. =cut ###----------------------------------------------------------------### -# Copyright 2007 - Paul Seamons # +# Copyright 2004-2012 - Paul Seamons # # Distributed under the Perl Artistic License without warranty # ###----------------------------------------------------------------### @@ -19,7 +19,7 @@ use Digest::MD5 qw(md5_hex); use CGI::Ex; use Carp qw(croak); -$VERSION = '2.32'; +$VERSION = '2.37'; ###----------------------------------------------------------------### @@ -98,7 +98,7 @@ sub get_valid_auth { $data = $self->verify_token({token => $cookie, from => 'cookie'}); if (defined $form_user) { # they had form data my $user = $self->cleanup_user($form_user); - if (! $data || $user ne $data->{'user'}) { # but the cookie didn't match + if (! $data || !$self->check_form_user_against_cookie($user, $data->{'user'}, $data)) { # but the cookie didn't match $data = $self->{'_last_auth_data'} = $form_data; # restore old form data failure $data->{'user'} = $user if ! defined $data->{'user'}; } @@ -183,7 +183,7 @@ sub handle_failure { # make sure the cookie is gone my $key_c = $self->key_cookie; - $self->delete_cookie({name => $key_c}) if $self->cookies->{$key_c}; + $self->delete_cookie({name => $key_c}) if exists $self->cookies->{$key_c}; # no valid login and we are checking for cookies - see if they have cookies if (my $value = delete $form->{$self->key_verify}) { @@ -257,7 +257,17 @@ sub delete_cookie { my $args = shift; return $self->{'delete_cookie'}->($self, $args) if $self->{'delete_cookie'}; local $args->{'value'} = ''; - local $args->{'expires'} = '-10y' if ! $self->use_session_cookie($args->{'name'}, ''); + local $args->{'expires'} = '-10y'; + if (my $dom = $ENV{HTTP_HOST}) { + $dom =~ s/:\d+$//; + do { + local $args->{'domain'} = $dom; + $self->set_cookie($args); + local $args->{'domain'} = ".$dom"; + $self->set_cookie($args); + } + while ($dom =~ s/^[\w\-]*\.// and $dom =~ /\./); + } $self->set_cookie($args); delete $self->cookies->{$args->{'name'}}; } @@ -333,9 +343,9 @@ sub js_uri_path { sub no_cookies_print { my $self = shift; + return $self->{'no_cookies_print'}->($self) if $self->{'no_cookies_print'}; $self->cgix->print_content_type; print qq{