From a12425629e68c51a2f05c3f1cfa990e694ea0424 Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Fri, 29 Jan 2016 12:44:38 +0100
Subject: fixes #412, warn visitor if auth key no longer valid

---
 include/common.inc.php         | 10 ++++++++++
 include/functions_user.inc.php |  1 +
 2 files changed, 11 insertions(+)

(limited to 'include')

diff --git a/include/common.inc.php b/include/common.inc.php
index e5c2b8e3e..a01fced8a 100644
--- a/include/common.inc.php
+++ b/include/common.inc.php
@@ -201,6 +201,16 @@ if (is_a_guest())
   $user['username'] = l10n('guest');
 }
 
+// in case an auth key was provided and is no longer valid, we must wait to
+// be here, with language loaded, to prepare the message
+if (isset($page['auth_key_invalid']) and $page['auth_key_invalid'])
+{
+  $page['errors'][] =
+    l10n('Your authentication key is no longer valid.')
+    .sprintf(' <a href="%s">%s</a>', get_root_url().'identification.php', l10n('Login'))
+    ;
+}
+
 // template instance
 if (defined('IN_ADMIN') and IN_ADMIN )
 {// Admin template
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 2b9d48752..340bca9cb 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -1506,6 +1506,7 @@ SELECT
   // is the key still valid?
   if (strtotime($key['expired_on']) < strtotime($key['dbnow']))
   {
+    $page['auth_key_invalid'] = true;
     return false;
   }
 
-- 
cgit v1.2.3