fix session write handler always assuming that database entry exists and failing...

diff --git a/classes/handler/public.php b/classes/handler/public.php
index 38a8d749b91179f8e0b4a6cb49e33cb87ad9a4c2..de9c9684a00336db2b37d1b8d4ddf967e8f01c5f 100755 (executable)
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -465,14 +465,6 @@ class Handler_Public extends Handler {
 
        function login() {
                if (!SINGLE_USER_MODE) {
-                       /* if a session is started here there's a stale login cookie we need to clean */
-
-                       if (session_status() != PHP_SESSION_NONE) {
-                               $_SESSION["login_error_msg"] = __("Stale session cookie found, try logging in again");
-
-                               header("Location: " . get_self_url_prefix());
-                               exit;
-                       }
 
                        $login = clean($_POST["login"]);
                        $password = clean($_POST["password"]);

diff --git a/include/functions.php b/include/functions.php
index 006d17a4887c3683920bd73b2d5bdbaddd8345ef..b290898329a2a0d157455b317d61174d5c47a833 100755 (executable)
--- a/include/functions.php
+++ b/include/functions.php
@@ -714,8 +714,8 @@
 
                        if ($user_id && !$check_only) {
 
-                               session_regenerate_id(true);
                                session_start();
+                               session_regenerate_id(true);
 
                                $_SESSION["uid"] = $user_id;
                                $_SESSION["version"] = VERSION_STATIC;

diff --git a/include/sessions.php b/include/sessions.php
index 5584c25bdbff3fd3ea446069c2a1e60d30f9bad9..c27eb98b05ad6806b8723db864232cfc8964cbcb 100644 (file)
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -45,7 +45,7 @@
                                __("Session failed to validate (schema version changed)");
                        return false;
                }
-        $pdo = Db::pdo();
+                 $pdo = Db::pdo();
 
                if ($_SESSION["uid"]) {
 
@@ -59,21 +59,21 @@
 
                        // user not found
                        if ($row = $sth->fetch()) {
-                $pwd_hash = $row["pwd_hash"];
+                                        $pwd_hash = $row["pwd_hash"];
 
-                if ($pwd_hash != $_SESSION["pwd_hash"]) {
+                                        if ($pwd_hash != $_SESSION["pwd_hash"]) {
 
-                    $_SESSION["login_error_msg"] =
-                        __("Session failed to validate (password changed)");
+                                                 $_SESSION["login_error_msg"] =
+                                                               __("Session failed to validate (password changed)");
 
-                    return false;
-                }
+                                                 return false;
+                                        }
                        } else {
 
-                $_SESSION["login_error_msg"] =
-                    __("Session failed to validate (user not found)");
+                                        $_SESSION["login_error_msg"] =
+                                                 __("Session failed to validate (user not found)");
 
-                return false;
+                                        return false;
 
                        }
                }
@@ -95,16 +95,16 @@
                $sth->execute([$id]);
 
                if ($row = $sth->fetch()) {
-            return base64_decode($row["data"]);
+                               return base64_decode($row["data"]);
 
                } else {
-            $expire = time() + $session_expire;
+                               $expire = time() + $session_expire;
 
-            $sth = Db::pdo()->prepare("INSERT INTO ttrss_sessions (id, data, expire)
+                               $sth = Db::pdo()->prepare("INSERT INTO ttrss_sessions (id, data, expire)
                                        VALUES (?, '', ?)");
-            $sth->execute([$id, $expire]);
+                               $sth->execute([$id, $expire]);
 
-            return "";
+                               return "";
 
                }
 
@@ -116,8 +116,17 @@
                $data = base64_encode($data);
                $expire = time() + $session_expire;
 
-        $sth = Db::pdo()->prepare("UPDATE ttrss_sessions SET data=?, expire=? WHERE id=?");
-        $sth->execute([$data, $expire, $id]);
+               $sth = Db::pdo()->prepare("SELECT id FROM ttrss_sessions WHERE id=?");
+               $sth->execute([$id]);
+
+               if ($row = $sth->fetch()) {
+                       $sth = Db::pdo()->prepare("UPDATE ttrss_sessions SET data=?, expire=? WHERE id=?");
+                       $sth->execute([$data, $expire, $id]);
+               } else {
+                       $sth = Db::pdo()->prepare("INSERT INTO ttrss_sessions (id, data, expire)
+                               VALUES (?, ?, ?)");
+                       $sth->execute([$id, $data, $expire]);
+               }
 
                return true;
        }