diff options
Diffstat (limited to 'include/sessions.php')
-rw-r--r-- | include/sessions.php | 66 |
1 files changed, 23 insertions, 43 deletions
diff --git a/include/sessions.php b/include/sessions.php index 891a6b3fa..9044c609b 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -9,7 +9,7 @@ $session_expire = min(2147483647 - time() - 1, max(\Config::get(\Config::SESSION_COOKIE_LIFETIME), 86400)); $session_name = \Config::get(\Config::SESSION_NAME); - if (is_server_https()) { + if (\Config::is_server_https()) { ini_set("session.cookie_secure", "true"); } @@ -22,41 +22,19 @@ function validate_session() { if (\Config::get(\Config::SINGLE_USER_MODE)) return true; - if (isset($_SESSION["ref_schema_version"]) && $_SESSION["ref_schema_version"] != \Config::get_schema_version()) { - $_SESSION["login_error_msg"] = - __("Session failed to validate (schema version changed)"); - return false; - } - $pdo = \Db::pdo(); + $pdo = \Db::pdo(); if (!empty($_SESSION["uid"])) { + $user = \ORM::for_table('ttrss_users')->find_one($_SESSION["uid"]); - if ($_SESSION["user_agent"] != sha1($_SERVER['HTTP_USER_AGENT'])) { - $_SESSION["login_error_msg"] = __("Session failed to validate (UA changed)."); - return false; - } - - $sth = $pdo->prepare("SELECT pwd_hash FROM ttrss_users WHERE id = ?"); - $sth->execute([$_SESSION['uid']]); - - // user not found - if ($row = $sth->fetch()) { - $pwd_hash = $row["pwd_hash"]; - - if ($pwd_hash != $_SESSION["pwd_hash"]) { - - $_SESSION["login_error_msg"] = - __("Session failed to validate (password changed)"); - - return false; - } + if ($user) { + if ($user->pwd_hash != $_SESSION["pwd_hash"]) { + $_SESSION["login_error_msg"] = __("Session failed to validate (password changed)"); + return false; + } } else { - - $_SESSION["login_error_msg"] = - __("Session failed to validate (user not found)"); - - return false; - + $_SESSION["login_error_msg"] = __("Session failed to validate (user not found)"); + return false; } } @@ -127,17 +105,19 @@ return true; } - if (!\Config::get(\Config::SINGLE_USER_MODE)) { - session_set_save_handler('\Sessions\ttrss_open', - '\Sessions\ttrss_close', '\Sessions\ttrss_read', - '\Sessions\ttrss_write', '\Sessions\ttrss_destroy', - '\Sessions\ttrss_gc'); - register_shutdown_function('session_write_close'); - } + if (\Config::get_schema_version() >= 0) { + if (!\Config::get(\Config::SINGLE_USER_MODE)) { + session_set_save_handler('\Sessions\ttrss_open', + '\Sessions\ttrss_close', '\Sessions\ttrss_read', + '\Sessions\ttrss_write', '\Sessions\ttrss_destroy', + '\Sessions\ttrss_gc'); + register_shutdown_function('session_write_close'); + } - if (!defined('NO_SESSION_AUTOSTART')) { - if (isset($_COOKIE[session_name()])) { - if (session_status() != PHP_SESSION_ACTIVE) - session_start(); + if (!defined('NO_SESSION_AUTOSTART')) { + if (isset($_COOKIE[session_name()])) { + if (session_status() != PHP_SESSION_ACTIVE) + session_start(); + } } } |