X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;f=include%2Fsessions.php;h=c27eb98b05ad6806b8723db864232cfc8964cbcb;hb=81fc862e370a1dfbd3941206fd00076e3cbf0551;hp=f625cd16f59415f7c672662dffba84bc2afae88b;hpb=7d53c2b501cbc0e48f90c154b2f901fef08fbd33;p=tt-rss.git diff --git a/include/sessions.php b/include/sessions.php index f625cd16..c27eb98b 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -13,7 +13,6 @@ $session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME; if (is_server_https()) { - $session_name .= "_ssl"; ini_set("session.cookie_secure", true); } @@ -46,19 +45,12 @@ __("Session failed to validate (schema version changed)"); return false; } - $pdo = Db::pdo(); + $pdo = Db::pdo(); if ($_SESSION["uid"]) { - if (!defined('_SKIP_SESSION_ADDRESS_CHECKS') || !_SKIP_SESSION_ADDRESS_CHECKS) { - if ($_SESSION["ip_address"] != $_SERVER["REMOTE_ADDR"]) { - $_SESSION["login_error_msg"] = __("Session failed to validate."); - return false; - } - } - if ($_SESSION["user_agent"] != sha1($_SERVER['HTTP_USER_AGENT'])) { - $_SESSION["login_error_msg"] = __("Session failed to validate."); + $_SESSION["login_error_msg"] = __("Session failed to validate (UA changed)."); return false; } @@ -67,21 +59,21 @@ // user not found if ($row = $sth->fetch()) { - $pwd_hash = $row["pwd_hash"]; + $pwd_hash = $row["pwd_hash"]; - if ($pwd_hash != $_SESSION["pwd_hash"]) { + if ($pwd_hash != $_SESSION["pwd_hash"]) { - $_SESSION["login_error_msg"] = - __("Session failed to validate (password changed)"); + $_SESSION["login_error_msg"] = + __("Session failed to validate (password changed)"); - return false; - } + return false; + } } else { - $_SESSION["login_error_msg"] = - __("Session failed to validate (user not found)"); + $_SESSION["login_error_msg"] = + __("Session failed to validate (user not found)"); - return false; + return false; } } @@ -103,16 +95,16 @@ $sth->execute([$id]); if ($row = $sth->fetch()) { - return base64_decode($row["data"]); + return base64_decode($row["data"]); } else { - $expire = time() + $session_expire; + $expire = time() + $session_expire; - $sth = Db::pdo()->prepare("INSERT INTO ttrss_sessions (id, data, expire) + $sth = Db::pdo()->prepare("INSERT INTO ttrss_sessions (id, data, expire) VALUES (?, '', ?)"); - $sth->execute([$id, $expire]); + $sth->execute([$id, $expire]); - return ""; + return ""; } @@ -124,8 +116,17 @@ $data = base64_encode($data); $expire = time() + $session_expire; - $sth = Db::pdo()->prepare("UPDATE ttrss_sessions SET data=?, expire=? WHERE id=?"); - $sth->execute([$data, $expire, $id]); + $sth = Db::pdo()->prepare("SELECT id FROM ttrss_sessions WHERE id=?"); + $sth->execute([$id]); + + if ($row = $sth->fetch()) { + $sth = Db::pdo()->prepare("UPDATE ttrss_sessions SET data=?, expire=? WHERE id=?"); + $sth->execute([$data, $expire, $id]); + } else { + $sth = Db::pdo()->prepare("INSERT INTO ttrss_sessions (id, data, expire) + VALUES (?, ?, ?)"); + $sth->execute([$id, $data, $expire]); + } return true; }