Merge pull request #664 from greezybacon/issue/pwreset-again

Issue/pwreset again Reviewed-By: Peter Rotich <peter@osticket.com>

Merge pull request #664 from greezybacon/issue/pwreset-again
68d4fe99 · Peter Rotich · 78841f4c · 17725ca5 · 68d4fe99 · 68d4fe99
Commit 68d4fe99 authored 11 years ago by Peter Rotich
--- a/include/class.auth.php
+++ b/include/class.auth.php
@@ -320,15 +320,6 @@ abstract class StaffAuthenticationBackend  extends AuthenticationBackend {
        $_SESSION['TZ_OFFSET'] = $staff->getTZoffset();
        $_SESSION['TZ_DST'] = $staff->observeDaylight();

-        //Regenerate session id.
-        $sid = session_id(); //Current id
-        session_regenerate_id(true);
-        // Destroy old session ID - needed for PHP version < 5.1.0
-        // DELME: remove when we move to php 5.3 as min. requirement.
-        if(($session=$ost->getSession()) && is_object($session)
-                && $sid!=session_id())
-            $session->destroy($sid);
-
        Signal::send('auth.login.succeeded', $staff);

        $staff->cancelResetTokens();
@@ -365,16 +356,14 @@ abstract class StaffAuthenticationBackend  extends AuthenticationBackend {
        list($id, $auth) = explode(':', $_SESSION['_auth']['staff']['key']);

        if (!($bk=static::getBackend($id)) //get the backend
-                || !$bk->supportsAuthentication() //Make sure it can authenticate
                || !($staff = $bk->validate($auth)) //Get AuthicatedUser
                || !($staff instanceof Staff)
                || $staff->getId() != $_SESSION['_auth']['staff']['id'] // check ID
-                )
+        )
            return null;

        $staff->setAuthKey($_SESSION['_auth']['staff']['key']);

-
        return $staff;
    }

@@ -446,12 +435,6 @@ abstract class UserAuthenticationBackend  extends AuthenticationBackend {
                $user->getUserName(), $user->getId(), $_SERVER['REMOTE_ADDR']);
        $ost->logDebug('User login', $msg);

-        //Regenerate session ID.
-        $sid=session_id(); //Current session id.
-        session_regenerate_id(TRUE); //get new ID.
-        if(($session=$ost->getSession()) && is_object($session) && $sid!=session_id())
-            $session->destroy($sid);
-
        return true;
    }


--- a/scp/login.php
+++ b/scp/login.php
@@ -29,7 +29,8 @@ if($_POST) {
    $username = trim($_POST['userid']);
    if ($user = StaffAuthenticationBackend::process($username,
            $_POST['passwd'], $errors)) {
-        @header("Location: $dest");
+        session_write_close();
+        Http::redirect($dest);
        require_once('index.php'); //Just incase header is messed up.
        exit;
    }

--- a/view.php
+++ b/view.php
@@ -16,16 +16,13 @@
 **********************************************************************/
 require_once('client.inc.php');

+// Try autologin the user
+// Authenticated user can be of type ticket owner or collaborator
+$errors = array();
+$user =  UserAuthenticationBackend::processSignOn($errors);
+if ($user && $user->getTicketId())
+    Http::redirect('tickets.php?id='.$user->getTicketId());

-//If the user is NOT logged in - try auto-login (if params exists).
-if (!$thisclient || !$thisclient->isValid()) {
-    // Try autologin the user
-    // Authenticated user can be of type ticket owner or collaborator
-    $errors = array();
-    $user =  UserAuthenticationBackend::processSignOn($errors);
-    if ($user && $user->getTicketId())
-        @header('Location: tickets.php?id='.$user->getTicketId());
-}
 //Simply redirecting to tickets.php until multiview is implemented.
 require('tickets.php');
 ?>