From 08d3dffe2dc6b955f2e10629079d5ae5c32f7183 Mon Sep 17 00:00:00 2001
From: Yorhel <git@yorhel.nl>
Date: Thu, 27 Jan 2011 10:11:52 +0100
Subject: TUWF: Replaced resHeader('Set-Cookie', ..) with resCookie()

Way more convenient. This also fixes several bugs with the previous
commit, since the cookie_prefix wasn't used for *all* cookies.  Since it
is now, the 'l10n' cookie now also respects the configured prefix, which
means some people will have to set their default language again.

Configuration changes: 'cookie_domain' option has been removed, the
'cookie_defaults' option of TUWF should now be used.
---
 lib/VNDB/Util/Auth.pm | 18 +++++-------------
 1 file changed, 5 insertions(+), 13 deletions(-)

(limited to 'lib/VNDB/Util/Auth.pm')

diff --git a/lib/VNDB/Util/Auth.pm b/lib/VNDB/Util/Auth.pm
index 996752f4..88e68edc 100644
--- a/lib/VNDB/Util/Auth.pm
+++ b/lib/VNDB/Util/Auth.pm
@@ -24,13 +24,13 @@ sub authInit {
 
   my $cookie = $self->reqCookie('auth');
   return 0 if !$cookie;
-  return _rmcookie($self) if length($cookie) < 41;
+  return $self->resCookie(auth => undef) if length($cookie) < 41;
   my $token = substr($cookie, 0, 40);
   my $uid  = substr($cookie, 40);
   $self->{_auth} = $uid =~ /^\d+$/ && $self->dbUserGet(uid => $uid, session => $token, what => 'extended notifycount prefs')->[0];
   # update the sessions.lastused column if lastused < now()'6 hours'
   $self->dbSessionUpdateLastUsed($uid, $token) if $self->{_auth} && $self->{_auth}{session_lastused} < time()-6*3600;
-  return _rmcookie($self) if !$self->{_auth};
+  return $self->resCookie(auth => undef) if !$self->{_auth};
 }
 
 
@@ -47,9 +47,8 @@ sub authLogin {
     my $cookie = $token . $self->{_auth}{id};
     $self->dbSessionAdd($self->{_auth}{id}, $token);
 
-    my $expstr = strftime("%a, %d %b %Y %H:%M:%S GMT", gmtime(time + 31536000)); # keep the cookie for 1 year
     $self->resRedirect($to, 'post');
-    $self->resHeader('Set-Cookie', "$self->{cookie_prefix}auth=$cookie; expires=$expstr; path=/; domain=$self->{cookie_domain}");
+    $self->resCookie(auth => $cookie, expires => time + 31536000); # keep the cookie for 1 year
     return 1;
   }
 
@@ -69,11 +68,11 @@ sub authLogout {
   }
 
   $self->resRedirect('/', 'temp');
-  _rmcookie($self);
+  $self->resCookie(auth => undef);
 
   # set l10n cookie if the user has a preferred language set
   my $l10n = $self->authPref('l10n');
-  $self->resHeader('Set-Cookie', "l10n=$l10n; expires=Sat, 01-Jan-2030 00:00:00 GMT; path=/; domain=$self->{cookie_domain}") if $l10n;
+  $self->resCookie(l10n => $l10n, expires => time()+31536000) if $l10n; # keep 1 year
 }
 
 
@@ -141,13 +140,6 @@ sub authPreparePass{
 }
 
 
-# removes the vndb_auth cookie
-sub _rmcookie {
-  $_[0]->resHeader('Set-Cookie',
-    "$_[0]->{cookie_prefix}auth= ; expires=Sat, 01-Jan-2000 00:00:00 GMT; path=/; domain=$_[0]->{cookie_domain}");
-}
-
-
 # Generate a code to be used later on to validate that the form was indeed
 # submitted from our site and by the same user/visitor. Not limited to
 # logged-in users.
-- 
cgit v1.2.3