1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
<?php
// Original from http://www.daniweb.com/code/snippet43.html
require_once "config.php";
require_once "classes/db.php";
require_once "autoload.php";
require_once "errorhandler.php";
require_once "lib/accept-to-gettext.php";
require_once "lib/gettext/gettext.inc";
require_once "version.php";
$session_expire = max(SESSION_COOKIE_LIFETIME, 86400);
$session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;
if (@$_SERVER['HTTPS'] == "on") {
$session_name .= "_ssl";
ini_set("session.cookie_secure", true);
}
ini_set("session.gc_probability", 75);
ini_set("session.name", $session_name);
ini_set("session.use_only_cookies", true);
ini_set("session.gc_maxlifetime", $session_expire);
ini_set("session.cookie_lifetime", min(0, SESSION_COOKIE_LIFETIME));
function session_get_schema_version() {
global $schema_version;
if (!$schema_version) {
$result = Db::get()->query("SELECT schema_version FROM ttrss_version");
$version = Db::get()->fetch_result($result, 0, "schema_version");
$schema_version = $version;
return $version;
} else {
return $schema_version;
}
}
function validate_session() {
if (SINGLE_USER_MODE) return true;
if (isset($_SESSION["ref_schema_version"]) && $_SESSION["ref_schema_version"] != session_get_schema_version()) {
$_SESSION["login_error_msg"] =
__("Session failed to validate (schema version changed)");
return false;
}
if ($_SESSION["uid"]) {
$result = Db::get()->query(
"SELECT pwd_hash FROM ttrss_users WHERE id = '".$_SESSION["uid"]."'");
// user not found
if (Db::get()->num_rows($result) == 0) {
$_SESSION["login_error_msg"] =
__("Session failed to validate (user not found)");
return false;
} else {
$pwd_hash = Db::get()->fetch_result($result, 0, "pwd_hash");
if ($pwd_hash != $_SESSION["pwd_hash"]) {
$_SESSION["login_error_msg"] =
__("Session failed to validate (password changed)");
return false;
}
}
}
return true;
}
/**
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
*/
function ttrss_open ($s, $n) {
return true;
}
function ttrss_read ($id){
global $session_expire;
$res = Db::get()->query("SELECT data FROM ttrss_sessions WHERE id='$id'");
if (Db::get()->num_rows($res) != 1) {
$expire = time() + $session_expire;
Db::get()->query("INSERT INTO ttrss_sessions (id, data, expire)
VALUES ('$id', '', '$expire')");
return "";
} else {
return base64_decode(Db::get()->fetch_result($res, 0, "data"));
}
}
function ttrss_write ($id, $data) {
global $session_expire;
$data = base64_encode($data);
$expire = time() + $session_expire;
Db::get()->query("UPDATE ttrss_sessions SET data='$data', expire='$expire' WHERE id='$id'");
return true;
}
function ttrss_close () {
return true;
}
function ttrss_destroy($id) {
Db::get()->query("DELETE FROM ttrss_sessions WHERE id = '$id'");
return true;
}
/**
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
*/
function ttrss_gc ($expire) {
Db::get()->query("DELETE FROM ttrss_sessions WHERE expire < " . time());
return true;
}
if (!SINGLE_USER_MODE /* && DB_TYPE == "pgsql" */) {
session_set_save_handler("ttrss_open",
"ttrss_close", "ttrss_read", "ttrss_write",
"ttrss_destroy", "ttrss_gc");
register_shutdown_function('session_write_close');
}
if (!defined('NO_SESSION_AUTOSTART')) {
if (isset($_COOKIE[session_name()])) {
@session_start();
}
}
|
