openrat-cms

# OpenRat Content Management System
git clone http://git.code.weiherhei.de/openrat-cms.git
Log | Files | Refs
commit 5608250688333d7b7ae734e690994fece6aecb5c
parent b9cb0e03dd728bb37c89503ce9794980f304feef
Author: Jan Dankert <develop@jandankert.de>
Date:   Wed, 28 Aug 2019 00:33:55 +0200

Fix: Login-Timestamp nur bei POST-Requests setzen.

Diffstat:

modules/cms-core/action/LoginAction.class.php | 3++-


modules/cms-core/model/User.class.php | 13++++++++++---


modules/cms-ui/action/IndexAction.class.php | 5+++--


3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/modules/cms-core/action/LoginAction.class.php b/modules/cms-core/action/LoginAction.class.php
@@ -770,7 +770,8 @@ class LoginAction extends Action
 				$user = User::loadWithName($loginName);
 				$user->loginModuleName = $lastModule;
                 $user->setCurrent();
-                
+                $user->updateLoginTimestamp();
+
                 if ($user->passwordAlgo != Password::bestAlgoAvailable() )
                     // Re-Hash the password with a better hash algo.
                     $user->setPassword($loginPassword);
diff --git a/modules/cms-core/model/User.class.php b/modules/cms-core/model/User.class.php
@@ -114,7 +114,15 @@ class User extends ModelBase
 		$this->loginDate = time();
 
 		\Session::setUser( $this );
-		
+	}
+
+
+
+	/**
+	  * Benutzer als aktiven Benutzer in die Session schreiben.
+	  */
+	public function updateLoginTimestamp()
+	{
 	    $stmt = db()->sql( <<<SQL
                      UPDATE {{user}}
 	                 SET last_login={time}
@@ -123,10 +131,9 @@ SQL
 	        );
 	    $stmt->setInt( 'time'  ,time() );
 	    $stmt->setInt( 'userid',$this->userid  );
-	    
+
 	    // Datenbankabfrage ausfuehren
 	    $stmt->query();
-	
 	}
 
 
diff --git a/modules/cms-ui/action/IndexAction.class.php b/modules/cms-ui/action/IndexAction.class.php
@@ -125,8 +125,9 @@ class IndexAction extends Action
 				try
 				{
 					$user = User::loadWithName( $username );
-					$user->setCurrent();
-					Logger::info('auto-login for user '.$username);
+                    $user->setCurrent();
+                    // Do not update the login timestamp, because this is a readonly request.
+                    Logger::info('auto-login for user '.$username);
 				}
 				catch( ObjectNotFoundException $e )
 				{