protected void Page_Load(object sender, EventArgs e)
{
string domain = Request.QueryString["domain"];
string path = Request.QueryString["path"];
string urlreferer = Request.QueryString["urlreferer"];
//string sessionId = Request.QueryString["sid"];
try
{
DnsRecord record = new DnsRecord(core, domain);
/*if (!string.IsNullOrEmpty(sessionId))
{
core.session.SessionEnd(sessionId, 0, record);
}*/
Uri referer = null;
if (!string.IsNullOrEmpty(urlreferer))
{
referer = new Uri(urlreferer);
}
string sessionId = core.Session.SessionBegin(core.LoggedInMemberId, false, false, false, record, referer);
Response.Redirect(core.Hyperlink.AppendSid("http://" + record.Domain + "/" + path, true));
}
catch (InvalidDnsRecordException)
{
core.Display.ShowMessage("Error", "Error starting remote session");
}
}
protected void Page_Load(object sender, EventArgs e)
{
string redirect = (Request.Form["redirect"] != null) ? Request.Form["redirect"] : Request.QueryString["redirect"];
string domain = (Request.Form["domain"] != null) ? Request.Form["domain"] : Request.QueryString["domain"];
DnsRecord record = null;
template.Parse("IS_CONTENT", "FALSE");
template.Parse("S_POST", core.Hyperlink.AppendSid("/sign-in/", true));
if (!string.IsNullOrEmpty(domain))
{
try
{
if (domain != Hyperlink.Domain)
{
record = new DnsRecord(core, domain);
}
if (core.Http["mode"] == "sign-out")
{
if (record != null)
{
session.SessionEnd(Request.QueryString["sid"], loggedInMember.UserId, record);
}
else
{
session.SessionEnd(Request.QueryString["sid"], loggedInMember.UserId);
}
if (!string.IsNullOrEmpty(redirect))
{
Response.Redirect(core.Hyperlink.AppendSid("http://" + record.Domain + "/" + redirect.TrimStart(new char[] { '/' }), true));
}
else
{
Response.Redirect(core.Hyperlink.AppendSid("http://" + record.Domain + "/", true));
}
}
else if (core.LoggedInMemberId > 0)
{
string sessionId = Request.QueryString["sid"];
if (!string.IsNullOrEmpty(sessionId))
{
core.Session.SessionEnd(sessionId, 0, record);
}
sessionId = core.Session.SessionBegin(core.LoggedInMemberId, false, false, false, record, null);
Response.Redirect(core.Hyperlink.AppendSid("http://" + record.Domain + "/" + redirect.TrimStart(new char[] { '/' }), true));
}
}
catch (InvalidDnsRecordException)
{
core.Display.ShowMessage("Error", "Error starting remote session");
return;
}
}
if (core.Http["mode"] == "sign-out")
{
string sessionId = Request.QueryString["sid"];
if (!string.IsNullOrEmpty(sessionId))
{
core.Session.SessionEnd(sessionId, loggedInMember.UserId);
}
if (!string.IsNullOrEmpty(redirect))
{
Response.Redirect(redirect, true);
}
else
{
Response.Redirect("/", true);
}
return;
}
if (Request.Form["submit"] != null)
{
if (core.Http["mode"] == "reset-password")
{
string email = Request.Form["email"];
if (string.IsNullOrEmpty(email))
{
core.Display.ShowMessage("Error", "An error occured");
return;
}
else
{
try
{
UserEmail userEmail = new UserEmail(core, email);
if (userEmail.IsActivated)
{
string newPassword = BoxSocial.Internals.User.GenerateRandomPassword();
string activateCode = BoxSocial.Internals.User.GenerateActivationSecurityToken();
db.UpdateQuery(string.Format("UPDATE user_info SET user_new_password = '******', user_activate_code = '{1}' WHERE user_id = {2}",
Mysql.Escape(newPassword), Mysql.Escape(activateCode), userEmail.Owner.Id));
string activateUri = string.Format(core.Hyperlink.Uri + "register/?mode=activate-password&id={0}&key={1}",
userEmail.Owner.Id, activateCode);
// send the e-mail
Template emailTemplate = new Template(core.Http.TemplateEmailPath, "new_password.html");
emailTemplate.Parse("SITE_TITLE", core.Settings.SiteTitle);
emailTemplate.Parse("U_SITE", core.Hyperlink.StripSid(core.Hyperlink.AppendAbsoluteSid(core.Hyperlink.BuildHomeUri())));
emailTemplate.Parse("TO_NAME", userEmail.Owner.DisplayName);
emailTemplate.Parse("U_ACTIVATE", activateUri);
emailTemplate.Parse("USERNAME", userEmail.Owner.UserName);
// TODO: do not send a new password in plain text
emailTemplate.Parse("PASSWORD", newPassword);
core.Email.SendEmail(userEmail.Email, core.Settings.SiteTitle + " Password Reset", emailTemplate);
core.Display.ShowMessage("Password reset", "You have been sent an e-mail to the address you entered with your new password. You will need to click the confirmation link before you can sign in");
return;
}
else
{
core.Display.ShowMessage("E-mail not verified", "The e-mail you have entered has not been verified, you need to enter an e-mail address you have verified to reset your password.");
return;
}
}
catch (InvalidUserEmailException)
{
core.Display.ShowMessage("No e-mail registered", "The e-mail you have entered is not associated with a user account.");
return;
}
}
}
else if (core.Http.Form["mode"] == "verify")
{
Authenticator authenticator = new Authenticator();
if (authenticator.CheckCode(core.Session.CandidateMember.UserInfo.TwoFactorAuthKey, core.Http.Form["verify"]))
{
if (Request.Form["remember"] == "true")
{
session.SessionBegin(core.Session.CandidateMember.UserId, false, true, true);
}
else
{
session.SessionBegin(core.Session.CandidateMember.UserId, false, false, true);
}
if ((!string.IsNullOrEmpty(domain)) && (record != null))
{
string sessionId = core.Session.SessionBegin(core.Session.CandidateMember.UserId, false, false, true, record, null);
core.Hyperlink.Sid = sessionId;
if (!string.IsNullOrEmpty(redirect))
{
Response.Redirect(core.Hyperlink.AppendSid("http://" + record.Domain + "/" + redirect.TrimStart(new char[] { '/' }), true));
}
else
{
Response.Redirect(core.Hyperlink.AppendSid("http://" + record.Domain + "/", true));
}
return;
}
if (!string.IsNullOrEmpty(redirect))
{
if (redirect.StartsWith("/account", StringComparison.Ordinal))
{
redirect = core.Hyperlink.AppendSid(core.Hyperlink.StripSid(redirect), true);
}
else
{
redirect = core.Hyperlink.AppendSid(redirect);
}
Response.Redirect(redirect, true);
}
else
{
Response.Redirect(core.Hyperlink.AppendSid("/"), true);
}
return; /* stop processing the display of this page */
}
else
{
core.Session.SessionEnd(core.Session.SessionId, core.Session.CandidateMember.UserId);
template.Parse("ERROR", "Bad log in credentials were given, you could not be logged in. Try again.");
}
}
else
{
string userName = Request.Form["username"];
string password = BoxSocial.Internals.User.HashPassword(Request.Form["password"]);
DataTable userTable = db.Query(string.Format("SELECT uk.user_name, uk.user_id, ui.user_password, ui.user_two_factor_auth_key, ui.user_two_factor_auth_verified FROM user_keys uk INNER JOIN user_info ui ON uk.user_id = ui.user_id WHERE uk.user_name = '{0}';",
userName));
if (userTable.Rows.Count == 1)
{
DataRow userRow = userTable.Rows[0];
bool authenticated = false;
string dbPassword = (string)userRow["user_password"];
// old phpBB passwords
if (dbPassword.Length == 32)
{
// phpBB2 passwords
if (SessionState.SessionMd5(Request.Form["password"]) == dbPassword.ToLower())
{
authenticated = true;
}
}
else if (dbPassword.Length == 34)
{
// phpBB3 passwords
string itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
if (SessionState.phpBB3Hash(Request.Form["password"], dbPassword, ref itoa64) == dbPassword)
{
authenticated = true;
}
}
else
{
if (dbPassword == password)
{
authenticated = true;
}
}
if (authenticated)
{
if ((byte)userRow["user_two_factor_auth_verified"] > 0)
{
template.SetTemplate("login_two_factor_verify.html");
HiddenField rememberHiddenField = new HiddenField("remember");
rememberHiddenField.Value = core.Http.Form["remember"];
TextBox verifyTextBox = new Forms.TextBox("verify");
template.Parse("S_REMEMBER", rememberHiddenField);
template.Parse("S_VERIFY", verifyTextBox);
if (Request.Form["remember"] == "true")
{
session.SessionBegin((long)userRow["user_id"], false, true, false);
}
else
{
session.SessionBegin((long)userRow["user_id"], false, false, false);
}
}
else
{
if (Request.Form["remember"] == "true")
{
session.SessionBegin((long)userRow["user_id"], false, true);
}
else
{
session.SessionBegin((long)userRow["user_id"], false, false);
}
if ((!string.IsNullOrEmpty(domain)) && (record != null))
{
string sessionId = core.Session.SessionBegin((long)userRow["user_id"], false, false, false, record, null);
core.Hyperlink.Sid = sessionId;
if (!string.IsNullOrEmpty(redirect))
{
Response.Redirect(core.Hyperlink.AppendSid("http://" + record.Domain + "/" + redirect.TrimStart(new char[] { '/' }), true));
}
else
{
Response.Redirect(core.Hyperlink.AppendSid("http://" + record.Domain + "/", true));
}
return;
}
if (!string.IsNullOrEmpty(redirect))
{
if (redirect.StartsWith("/account", StringComparison.Ordinal))
{
redirect = core.Hyperlink.AppendSid(core.Hyperlink.StripSid(redirect), true);
}
else
{
redirect = core.Hyperlink.AppendSid(redirect);
}
Response.Redirect(redirect, true);
}
else
{
Response.Redirect(core.Hyperlink.AppendSid("/"), true);
}
return; /* stop processing the display of this page */
}
}
else
{
template.Parse("ERROR", "Bad log in credentials were given, you could not be logged in. Try again.");
}
}
else
{
template.Parse("ERROR", "Bad log in credentials were given, you could not be logged in. Try again.");
}
}
}
if (core.Http["mode"] == "reset-password")
{
template.Parse("S_POST", core.Hyperlink.AppendSid("/sign-in/?mode=reset-password", true));
template.SetTemplate("password_reset.html");
EndResponse();
return;
}
else
{
template.Parse("U_FORGOT_PASSWORD", core.Hyperlink.AppendSid("/sign-in/?mode=reset-password"));
}
template.Parse("DOMAIN", domain);
template.Parse("REDIRECT", redirect);
EndResponse();
}
/// <summary>
///
/// </summary>
/// <param name="member"></param>
/// <param name="autoCreate"></param>
/// <param name="enableAutologin"></param>
/// <param name="admin"></param>
public string SessionBegin(long userId, bool autoCreate, bool enableAutologin, bool twoFactor, DnsRecord record, Uri urlreferer)
{
string cookieName = "hailToTheChef";
/*XmlSerializer xs;
StringWriter stw;*/
string protocol = "http://";
if (core.Settings.UseSecureCookies)
{
protocol = "https://";
}
string rootSessionId = string.Empty;
if (record != null)
{
rootSessionId = core.Session.SessionId;
}
sessionData = null;
sessionId = null;
string currentDomain = core.Hyperlink.CurrentDomain;
if (record != null)
{
currentDomain = record.Domain;
}
if (!String.IsNullOrEmpty(IsBotUserAgent(Request.UserAgent)))
{
signInState = SessionSignInState.Bot;
core.Hyperlink.SidUrls = false;
return sessionId;
}
if (record == null)
{
if (Request.Cookies[cookieName + "_sid"] != null || Request.Cookies[cookieName + "_data"] != null)
{
if (Request.Cookies[cookieName + "_sid"] != null)
{
sessionId = Request.Cookies[cookieName + "_sid"].Value;
}
if (Request.Cookies[cookieName + "_data"] != null)
{
/*xs = new XmlSerializer(typeof(SessionCookie));
StringReader sr = new StringReader(HttpUtility.UrlDecode(Request.Cookies[cookieName + "_data"].Value));*/
try
{
sessionData = new SessionCookie(HttpUtility.UrlDecode(Request.Cookies[cookieName + "_data"].Value)); //(SessionCookie)xs.Deserialize(sr);
}
catch
{
sessionData = new SessionCookie();
}
}
else
{
sessionData = new SessionCookie();
}
if (string.IsNullOrEmpty(sessionId))
{
sessionId = (string)Request.QueryString["sid"];
}
sessionMethod = SessionMethods.Cookie;
}
else
{
sessionData = new SessionCookie();
if (Request.QueryString["sid"] != null)
{
sessionId = (string)Request.QueryString["sid"];
}
sessionMethod = SessionMethods.Get;
}
}
else
{
sessionData = new SessionCookie();
}
if (!string.IsNullOrEmpty(sessionId))
{
if (!IsValidSid(sessionId))
{
sessionId = "";
}
}
if (record != null)
{
sessionMethod = SessionMethods.Get;
}
//
// First off attempt to join with the autologin value if we have one
// If not, just use the user_id value
//
loggedInMember = null;
if (userId != 0)
{
//if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '' && $user_id)
if (!string.IsNullOrEmpty(sessionData.autoLoginId) && userId > 0)
{
SelectQuery query = User.GetSelectQueryStub(core, UserLoadOptions.Info);
query.AddJoin(JoinTypes.Inner, "session_keys", "user_id", "user_id");
query.AddCondition("user_keys.user_id", userId);
query.AddCondition("user_active", true);
query.AddCondition("key_id", SessionState.SessionMd5(sessionData.autoLoginId));
System.Data.Common.DbDataReader userReader = db.ReaderQuery(query);
if (userReader.HasRows)
{
userReader.Read();
loggedInMember = new User(core, userReader, UserLoadOptions.Info);
userReader.Close();
userReader.Dispose();
enableAutologin = isLoggedIn = true;
if (loggedInMember.UserInfo.TwoFactorAuthVerified && twoFactor)
{
signInState = SessionSignInState.TwoFactorValidated;
}
else
{
signInState = SessionSignInState.SignedIn;
}
}
else
{
userReader.Close();
userReader.Dispose();
core.Template.Parse("REDIRECT_URI", "/");
if (record == null)
{
Response.Cookies.Clear();
HttpCookie sessionDataCookie = new HttpCookie(cookieName + "_data");
//sessionDataCookie.Domain = core.Hyperlink.CurrentDomain;
sessionDataCookie.Path = "/";
sessionDataCookie.Value = "";
sessionDataCookie.Expires = DateTime.MinValue;
sessionDataCookie.Secure = core.Settings.UseSecureCookies && core.Hyperlink.CurrentDomain == Hyperlink.Domain;
sessionDataCookie.HttpOnly = true;
Response.Cookies.Add(sessionDataCookie);
HttpCookie sessionSidCookie = new HttpCookie(cookieName + "_sid");
//sessionSidCookie.Domain = core.Hyperlink.CurrentDomain;
sessionSidCookie.Path = "/";
sessionSidCookie.Value = "";
sessionSidCookie.Expires = DateTime.MinValue;
sessionDataCookie.Secure = core.Settings.UseSecureCookies && core.Hyperlink.CurrentDomain == Hyperlink.Domain;
sessionSidCookie.HttpOnly = true;
Response.Cookies.Add(sessionSidCookie);
if (Request.Cookies[cookieName + "_sid"] == null && signInState != SessionSignInState.Bot)
{
core.Hyperlink.SidUrls = true;
}
}
//core.Display.ShowMessage("Error", "Error starting session");
/*Response.Write("Error starting session");
if (db != null)
{
db.CloseConnection();
}
Response.End();
return null;*/
/* Let's try just signing out rather than showing an error message */
userId = 0;
}
}
else if (!autoCreate)
{
sessionData.autoLoginId = "";
sessionData.userId = userId;
if (userId > 0)
{
SelectQuery query = User.GetSelectQueryStub(core, UserLoadOptions.Info);
query.AddCondition("user_active", true);
query.AddCondition("user_keys.user_id", userId);
System.Data.Common.DbDataReader userSessionReader = db.ReaderQuery(query);
if (userSessionReader.HasRows)
{
userSessionReader.Read();
loggedInMember = new User(core, userSessionReader, UserLoadOptions.Info);
userSessionReader.Close();
userSessionReader.Dispose();
isLoggedIn = true;
//signInState = SessionSignInState.SignedIn;
if (loggedInMember.UserInfo.TwoFactorAuthVerified && twoFactor)
{
signInState = SessionSignInState.TwoFactorValidated;
}
else
{
signInState = SessionSignInState.SignedIn;
}
}
else
{
userSessionReader.Close();
userSessionReader.Dispose();
// TODO: activation
//core.Display.ShowMessage("Inactive account", "You have attempted to use an inactive account. If you have just registered, check for an e-mail with an activation link at the e-mail address you provided.");
Response.Write("You have attempted to use an inactive account. If you have just registered, check for an e-mail with an activation link at the e-mail address you provided.");
//Display.ShowMessage(this, "Error", "Error starting session");
//Response.Write("fail 1");
if (db != null)
{
db.CloseConnection();
}
Response.End();
}
}
}
}
//
// At this point either loggedInMember should be populated or
// one of the below is true
// * Key didn't match one in the DB
// * User does not exist
// * User is inactive
//
if (loggedInMember == null)
{
if (sessionData == null)
{
sessionData = new SessionCookie();
}
sessionData.autoLoginId = "";
sessionData.userId = userId = 0;
enableAutologin = isLoggedIn = false;
signInState = SessionSignInState.SignedOut;
if (userId > 0)
{
SelectQuery query = User.GetSelectQueryStub(core, UserLoadOptions.Info);
query.AddCondition("user_keys.user_id", userId);
System.Data.Common.DbDataReader userReader = db.ReaderQuery(query);
if (userReader.HasRows)
{
userReader.Read();
loggedInMember = new User(core, userReader, UserLoadOptions.Info);
}
userReader.Close();
userReader.Dispose();
}
}
// INFO: phpBB2 performs a ban check, we don't have those facilities so let's skip
//
// Create or update the session
//
long changedRows = 0;
if (record == null)
{
changedRows = db.UpdateQuery(string.Format("UPDATE user_sessions SET session_time_ut = UNIX_TIMESTAMP(), user_id = {0}, session_signed_in = {1} WHERE session_string = '{3}' AND session_ip = '{2}';",
userId, (byte)signInState, ipAddress.ToString(), sessionId)); // , session_http_referer = ''
}
if (changedRows == 0)
{
// This should force new sessions on external domains to re-auth rather than logout
if (core.Hyperlink.CurrentDomain != Hyperlink.Domain)
{
string referer = string.Empty;
if (HttpContext.Current.Request.UrlReferrer != null)
{
referer = HttpContext.Current.Request.UrlReferrer.ToString();
}
HttpContext.Current.Response.Redirect(protocol + Hyperlink.Domain + string.Format("/session.aspx?domain={0}&path={1}&urlreferer={2}",
HttpContext.Current.Request.Url.Host, core.PagePath.TrimStart(new char[] { '/' }), referer));
return string.Empty;
}
else
{
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] randomNumber = new byte[16];
rng.GetBytes(randomNumber);
//Random rand = new Random((int)(DateTime.Now.Ticks & 0xFFFF));
//rand.NextDouble().ToString()
string rand = HexRNG(randomNumber);
sessionId = SessionState.SessionMd5(rand + "bsseed" + DateTime.Now.Ticks.ToString() + ipAddress.ToString()).ToLower();
if (record == null)
{
rootSessionId = sessionId;
}
string referer = string.Empty;
if (urlreferer != null)
{
referer = urlreferer.ToString();
}
db.UpdateQuery(string.Format("INSERT INTO user_sessions (session_string, session_time_ut, session_start_ut, session_signed_in, session_ip, user_id, session_root_string, session_domain, session_http_referer) VALUES ('{0}', UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), {1}, '{2}', {3}, '{4}', '{5}', '{6}')",
sessionId, (byte)signInState, ipAddress.ToString(), userId, Mysql.Escape(rootSessionId), Mysql.Escape(currentDomain), Mysql.Escape(referer)));
}
}
if (record == null)
{
// 1 in 100 chance of deleting stale sessions
// Move delete stale session code outside to allow guest sessions to clear stale sessions on low use websites
Random rand = new Random();
if (rand.NextDouble() * 100 < 1)
{
db.UpdateQuery(string.Format("DELETE FROM user_sessions WHERE session_time_ut + {0} < UNIX_TIMESTAMP()",
SessionState.SESSION_EXPIRES));
}
if (userId != 0)
{
long ts = UnixTime.UnixTimeStamp() - loggedInMember.UserInfo.LastVisitDateRaw;
if (ts >= 60)
{
db.UpdateQuery(string.Format("UPDATE user_info SET user_last_visit_ut = UNIX_TIMESTAMP() where user_id = {0}",
loggedInMember.UserId));
}
if (enableAutologin)
{
string autoLoginKey = SessionState.SessionMd5(rand.NextDouble().ToString() + "zzseed").Substring(4, 16) + SessionState.SessionMd5(rand.NextDouble().ToString() + "zzseed").Substring(4, 16);
if (!string.IsNullOrEmpty(sessionData.autoLoginId))
{
db.UpdateQuery(string.Format("UPDATE session_keys SET key_last_ip = '{0}', key_id = '{1}', key_last_visit_ut = UNIX_TIMESTAMP() WHERE key_id = '{2}'",
ipAddress.ToString(), SessionState.SessionMd5(autoLoginKey), SessionState.SessionMd5(sessionData.autoLoginId)));
}
else
{
db.UpdateQuery(string.Format("INSERT INTO session_keys (key_id, user_id, key_last_ip, key_last_visit_ut, key_browser_string) VALUES ('{0}', {1}, '{2}', UNIX_TIMESTAMP(), '{3}')",
SessionState.SessionMd5(autoLoginKey), userId, ipAddress.ToString(), Mysql.Escape(Request.UserAgent)));
}
sessionData.autoLoginId = autoLoginKey;
autoLoginKey = "";
}
else
{
sessionData.autoLoginId = "";
}
}
}
core.Hyperlink.Sid = sessionId;
if (record == null)
{
Response.Cookies.Clear();
/*xs = new XmlSerializer(typeof(SessionCookie));
StringBuilder sb = new StringBuilder();
stw = new StringWriter(sb);
xs.Serialize(stw, sessionData);
stw.Flush();
stw.Close();*/
HttpCookie newSessionDataCookie = new HttpCookie(cookieName + "_data");
//newSessionDataCookie.Domain = core.Hyperlink.CurrentDomain; // DO NOT DO THIS, exposes cookie to sub domains
newSessionDataCookie.Path = "/";
newSessionDataCookie.Value = sessionData.ToString().Replace("\r", "").Replace("\n", "");
newSessionDataCookie.Expires = DateTime.Now.AddYears(1);
newSessionDataCookie.Secure = core.Settings.UseSecureCookies && core.Hyperlink.CurrentDomain == Hyperlink.Domain;
newSessionDataCookie.HttpOnly = true;
Response.Cookies.Add(newSessionDataCookie);
HttpCookie newSessionSidCookie = new HttpCookie(cookieName + "_sid");
//newSessionSidCookie.Domain = core.Hyperlink.CurrentDomain; // DO NOT DO THIS, exposes cookie to sub domains
newSessionSidCookie.Path = "/";
newSessionSidCookie.Value = sessionId;
newSessionSidCookie.Expires = DateTime.MinValue;
newSessionSidCookie.Secure = core.Settings.UseSecureCookies && core.Hyperlink.CurrentDomain == Hyperlink.Domain;
newSessionSidCookie.HttpOnly = true;
Response.Cookies.Add(newSessionSidCookie);
if (Request.Cookies[cookieName + "_sid"] == null && signInState != SessionSignInState.Bot)
{
core.Hyperlink.SidUrls = true;
}
}
return sessionId;
}
public void SessionEnd(string sessionId, long userId, DnsRecord record)
{
string cookieName = "hailToTheChef";
//XmlSerializer xs;
//StringWriter stw;
if (!string.IsNullOrEmpty(sessionId))
{
if (!IsValidSid(sessionId))
{
return;
}
}
else
{
return;
}
//
// Delete existing session
//
if (record == null)
{
db.UpdateQuery(string.Format("DELETE FROM user_sessions WHERE (session_string = '{0}' OR session_root_string = '{0}') AND user_id = {1};",
sessionId, userId));
}
else
{
SelectQuery query = new SelectQuery(typeof(Session));
query.AddCondition("session_string", sessionId);
query.AddCondition("user_id", userId);
query.AddCondition("session_domain", record.Domain);
System.Data.Common.DbDataReader sessionReader = db.ReaderQuery(query);
List<string> rootSessionIds = new List<string>();
while (sessionReader.Read())
{
rootSessionIds.Add((string)sessionReader["session_root_string"]);
}
sessionReader.Close();
sessionReader.Dispose();
if (rootSessionIds.Count > 0)
{
DeleteQuery dQuery = new DeleteQuery(typeof(Session));
QueryCondition qc1 = dQuery.AddCondition("session_string", ConditionEquality.In, rootSessionIds);
qc1.AddCondition(ConditionRelations.Or, "session_root_string", ConditionEquality.In, rootSessionIds);
dQuery.AddCondition("user_id", userId);
db.Query(dQuery);
}
}
//
// Remove this auto-login entry (if applicable)
//
//
// We expect that message_die will be called after this function,
// but just in case it isn't, reset $userdata to the details for a guest
//
if (record == null)
{
Response.Cookies.Clear();
SelectQuery query = User.GetSelectQueryStub(core, UserLoadOptions.Info);
query.AddCondition("user_keys.user_id", 0);
DataTable userTable = db.Query(query);
Response.Cookies.Clear();
if (userTable.Rows.Count == 1)
{
loggedInMember = new User(core, userTable.Rows[0], UserLoadOptions.Info);
}
HttpCookie newSessionDataCookie = new HttpCookie(cookieName + "_data");
newSessionDataCookie.Path = "/";
newSessionDataCookie.Value = "";
newSessionDataCookie.Expires = DateTime.Now.AddYears(-1);
newSessionDataCookie.Secure = core.Settings.UseSecureCookies && core.Hyperlink.CurrentDomain == Hyperlink.Domain;
newSessionDataCookie.HttpOnly = true;
Response.Cookies.Add(newSessionDataCookie);
HttpCookie newSessionSidCookie = new HttpCookie(cookieName + "_sid");
newSessionSidCookie.Path = "/";
newSessionSidCookie.Value = "";
newSessionSidCookie.Expires = DateTime.Now.AddYears(-1);
newSessionSidCookie.Secure = core.Settings.UseSecureCookies && core.Hyperlink.CurrentDomain == Hyperlink.Domain;
newSessionSidCookie.HttpOnly = true;
Response.Cookies.Add(newSessionSidCookie);
if (Request.Cookies[cookieName + "_sid"] == null && signInState != SessionSignInState.Bot)
{
core.Hyperlink.SidUrls = true;
}
}
return;
}
