diff options
| author | Andrew Dolgov <[email protected]> | 2018-10-16 14:07:42 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2018-10-16 14:07:42 +0300 |
| commit | 5f66f872b6ddf5d3b70504fd870e6c4de69c1d19 (patch) | |
| tree | 47663f70519a59e342a9ec66bef25b8c32f6cd76 /include/sessions.php | |
| parent | d246fb9fe1f18eb98037758f1b7369b34258fbf7 (diff) | |
fix session write handler always assuming that database entry exists and failing silently if it doesn't; remove session cookie-related hacks
Diffstat (limited to 'include/sessions.php')
| -rw-r--r-- | include/sessions.php | 43 |
1 files changed, 26 insertions, 17 deletions
diff --git a/include/sessions.php b/include/sessions.php index 5584c25bd..c27eb98b0 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -45,7 +45,7 @@ __("Session failed to validate (schema version changed)"); return false; } - $pdo = Db::pdo(); + $pdo = Db::pdo(); if ($_SESSION["uid"]) { @@ -59,21 +59,21 @@ // user not found if ($row = $sth->fetch()) { - $pwd_hash = $row["pwd_hash"]; + $pwd_hash = $row["pwd_hash"]; - if ($pwd_hash != $_SESSION["pwd_hash"]) { + if ($pwd_hash != $_SESSION["pwd_hash"]) { - $_SESSION["login_error_msg"] = - __("Session failed to validate (password changed)"); + $_SESSION["login_error_msg"] = + __("Session failed to validate (password changed)"); - return false; - } + return false; + } } else { - $_SESSION["login_error_msg"] = - __("Session failed to validate (user not found)"); + $_SESSION["login_error_msg"] = + __("Session failed to validate (user not found)"); - return false; + return false; } } @@ -95,16 +95,16 @@ $sth->execute([$id]); if ($row = $sth->fetch()) { - return base64_decode($row["data"]); + return base64_decode($row["data"]); } else { - $expire = time() + $session_expire; + $expire = time() + $session_expire; - $sth = Db::pdo()->prepare("INSERT INTO ttrss_sessions (id, data, expire) + $sth = Db::pdo()->prepare("INSERT INTO ttrss_sessions (id, data, expire) VALUES (?, '', ?)"); - $sth->execute([$id, $expire]); + $sth->execute([$id, $expire]); - return ""; + return ""; } @@ -116,8 +116,17 @@ $data = base64_encode($data); $expire = time() + $session_expire; - $sth = Db::pdo()->prepare("UPDATE ttrss_sessions SET data=?, expire=? WHERE id=?"); - $sth->execute([$data, $expire, $id]); + $sth = Db::pdo()->prepare("SELECT id FROM ttrss_sessions WHERE id=?"); + $sth->execute([$id]); + + if ($row = $sth->fetch()) { + $sth = Db::pdo()->prepare("UPDATE ttrss_sessions SET data=?, expire=? WHERE id=?"); + $sth->execute([$data, $expire, $id]); + } else { + $sth = Db::pdo()->prepare("INSERT INTO ttrss_sessions (id, data, expire) + VALUES (?, ?, ?)"); + $sth->execute([$id, $data, $expire]); + } return true; } |