2015-08-23 22:38:18 +02:00
|
|
|
<?php
|
2016-03-20 08:06:33 +01:00
|
|
|
|
2015-08-23 22:38:18 +02:00
|
|
|
/**
|
|
|
|
* @file include/session.php
|
|
|
|
*
|
|
|
|
* @brief This file includes session related functions.
|
|
|
|
*
|
|
|
|
* Session management functions. These provide database storage of PHP
|
|
|
|
* session info.
|
|
|
|
*/
|
|
|
|
|
|
|
|
$session_exists = 0;
|
|
|
|
$session_expire = 180000;
|
|
|
|
|
2016-03-20 08:06:33 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Resets the current session.
|
|
|
|
*
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
|
|
|
|
function nuke_session() {
|
|
|
|
new_cookie(0); // 0 means delete on browser exit
|
|
|
|
|
|
|
|
unset($_SESSION['authenticated']);
|
|
|
|
unset($_SESSION['account_id']);
|
|
|
|
unset($_SESSION['uid']);
|
|
|
|
unset($_SESSION['visitor_id']);
|
|
|
|
unset($_SESSION['administrator']);
|
|
|
|
unset($_SESSION['cid']);
|
|
|
|
unset($_SESSION['theme']);
|
|
|
|
unset($_SESSION['mobile_theme']);
|
|
|
|
unset($_SESSION['show_mobile']);
|
|
|
|
unset($_SESSION['page_flags']);
|
|
|
|
unset($_SESSION['delegate']);
|
|
|
|
unset($_SESSION['delegate_channel']);
|
|
|
|
unset($_SESSION['my_url']);
|
|
|
|
unset($_SESSION['my_address']);
|
|
|
|
unset($_SESSION['addr']);
|
|
|
|
unset($_SESSION['return_url']);
|
|
|
|
unset($_SESSION['remote_service_class']);
|
|
|
|
unset($_SESSION['remote_hub']);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2015-08-23 22:38:18 +02:00
|
|
|
function new_cookie($time) {
|
|
|
|
$old_sid = session_id();
|
|
|
|
|
2016-03-20 08:06:33 +01:00
|
|
|
// ??? This shouldn't have any effect if called after session_start()
|
|
|
|
// We probably need to set the session expiration and change the PHPSESSID cookie.
|
2015-08-23 22:38:18 +02:00
|
|
|
|
|
|
|
session_set_cookie_params($time);
|
|
|
|
session_regenerate_id(false);
|
|
|
|
|
|
|
|
q("UPDATE session SET sid = '%s' WHERE sid = '%s'",
|
|
|
|
dbesc(session_id()),
|
|
|
|
dbesc($old_sid)
|
|
|
|
);
|
|
|
|
|
|
|
|
if (x($_COOKIE, 'jsAvailable')) {
|
|
|
|
if ($time) {
|
|
|
|
$expires = time() + $time;
|
|
|
|
} else {
|
|
|
|
$expires = 0;
|
|
|
|
}
|
|
|
|
setcookie('jsAvailable', $_COOKIE['jsAvailable'], $expires);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function ref_session_open ($s, $n) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function ref_session_read ($id) {
|
|
|
|
global $session_exists;
|
|
|
|
if(x($id))
|
|
|
|
$r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id));
|
|
|
|
|
|
|
|
if(count($r)) {
|
|
|
|
$session_exists = true;
|
|
|
|
return $r[0]['data'];
|
|
|
|
}
|
|
|
|
|
|
|
|
return '';
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function ref_session_write ($id, $data) {
|
|
|
|
global $session_exists, $session_expire;
|
|
|
|
|
|
|
|
if(! $id || ! $data) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
$expire = time() + $session_expire;
|
|
|
|
$default_expire = time() + 300;
|
|
|
|
|
|
|
|
if($session_exists) {
|
|
|
|
q("UPDATE `session`
|
|
|
|
SET `data` = '%s', `expire` = '%s' WHERE `sid` = '%s'",
|
|
|
|
dbesc($data),
|
|
|
|
dbesc($expire),
|
|
|
|
dbesc($id)
|
|
|
|
);
|
|
|
|
} else {
|
|
|
|
q("INSERT INTO `session` (sid, expire, data) values ('%s', '%s', '%s')",
|
|
|
|
//SET `sid` = '%s', `expire` = '%s', `data` = '%s'",
|
|
|
|
dbesc($id),
|
|
|
|
dbesc($default_expire),
|
|
|
|
dbesc($data)
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function ref_session_close() {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function ref_session_destroy ($id) {
|
|
|
|
q("DELETE FROM `session` WHERE `sid` = '%s'", dbesc($id));
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function ref_session_gc($expire) {
|
|
|
|
q("DELETE FROM session WHERE expire < %d", dbesc(time()));
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
$gc_probability = 50;
|
|
|
|
|
|
|
|
ini_set('session.gc_probability', $gc_probability);
|
|
|
|
ini_set('session.use_only_cookies', 1);
|
|
|
|
ini_set('session.cookie_httponly', 1);
|
|
|
|
|
|
|
|
/*
|
2016-03-20 08:06:33 +01:00
|
|
|
* Set our session storage functions.
|
2015-08-23 22:38:18 +02:00
|
|
|
*/
|
2016-03-20 08:06:33 +01:00
|
|
|
|
2015-08-23 22:38:18 +02:00
|
|
|
session_set_save_handler(
|
|
|
|
'ref_session_open',
|
|
|
|
'ref_session_close',
|
|
|
|
'ref_session_read',
|
|
|
|
'ref_session_write',
|
|
|
|
'ref_session_destroy',
|
|
|
|
'ref_session_gc'
|
2016-03-20 08:06:33 +01:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
// Force cookies to be secure (https only) if this site is SSL enabled. Must be done before session_start().
|
|
|
|
|
|
|
|
if(intval(get_app()->config['system']['ssl_cookie_protection'])) {
|
|
|
|
$arr = session_get_cookie_params();
|
|
|
|
session_set_cookie_params(
|
|
|
|
((isset($arr['lifetime'])) ? $arr['lifetime'] : 0),
|
|
|
|
((isset($arr['path'])) ? $arr['path'] : '/'),
|
|
|
|
((isset($arr['domain'])) ? $arr['domain'] : get_app()->get_hostname()),
|
|
|
|
((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
|
|
|
|
((isset($arr['httponly'])) ? $arr['httponly'] : true));
|
|
|
|
}
|