[tt-rss.git] / include / sessions.php

<?php
	// Original from http://www.daniweb.com/code/snippet43.html

	require_once "config.php";
	require_once "classes/db.php";
	require_once "autoload.php";
	require_once "errorhandler.php";
	require_once "lib/accept-to-gettext.php";
	require_once "lib/gettext/gettext.inc";
	require_once "version.php";

	$session_expire = min(2147483647 - time() - 1, max(SESSION_COOKIE_LIFETIME, 86400));
	$session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;

	if (is_server_https()) {
		$session_name .= "_ssl";
		ini_set("session.cookie_secure", true);
	}

	ini_set("session.gc_probability", 75);
	ini_set("session.name", $session_name);
	ini_set("session.use_only_cookies", true);
	ini_set("session.gc_maxlifetime", $session_expire);
	ini_set("session.cookie_lifetime", min(0, SESSION_COOKIE_LIFETIME));

	function session_get_schema_version() {
		global $schema_version;

		if (!$schema_version) {
			$row = Db::pdo()->query("SELECT schema_version FROM ttrss_version")->fetch();

			$version = $row["schema_version"];

			$schema_version = $version;
			return $version;
		} else {
			return $schema_version;
		}
	}

	function validate_session() {
		if (SINGLE_USER_MODE) return true;

		if (isset($_SESSION["ref_schema_version"]) && $_SESSION["ref_schema_version"] != session_get_schema_version()) {
			$_SESSION["login_error_msg"] =
				__("Session failed to validate (schema version changed)");
			return false;
		}
        $pdo = Db::pdo();

		if ($_SESSION["uid"]) {
			$sth = $pdo->prepare("SELECT pwd_hash FROM ttrss_users WHERE id = ?");
			$sth->execute([$_SESSION['uid']]);

			// user not found
			if ($row = $sth->fetch()) {
                $pwd_hash = $row["pwd_hash"];

                if ($pwd_hash != $_SESSION["pwd_hash"]) {

                    $_SESSION["login_error_msg"] =
                        __("Session failed to validate (password changed)");

                    return false;
                }
			} else {

                $_SESSION["login_error_msg"] =
                    __("Session failed to validate (user not found)");

                return false;

			}
		}

		return true;
	}

	/**
	 * @SuppressWarnings(PHPMD.UnusedFormalParameter)
	 */
	function ttrss_open ($s, $n) {
		return true;
	}

	function ttrss_read ($id){
		global $session_expire;

		$sth = Db::pdo()->prepare("SELECT data FROM ttrss_sessions WHERE id=?");
		$sth->execute([$id]);

		if ($row = $sth->fetch()) {
            return base64_decode($row["data"]);

		} else {
            $expire = time() + $session_expire;

            $sth = Db::pdo()->prepare("INSERT INTO ttrss_sessions (id, data, expire)
					VALUES (?, '', ?)");
            $sth->execute([$id, $expire]);

            return "";

		}

	}

	function ttrss_write ($id, $data) {
		global $session_expire;

		$data = base64_encode($data);
		$expire = time() + $session_expire;

        $sth = Db::pdo()->prepare("UPDATE ttrss_sessions SET data=?, expire=? WHERE id=?");
        $sth->execute([$data, $expire, $id]);

		return true;
	}

	function ttrss_close () {
		return true;
	}

	function ttrss_destroy($id) {
		$sth = Db::pdo()->prepare("DELETE FROM ttrss_sessions WHERE id = ?");
		$sth->execute([$id]);

		return true;
	}

	/**
	 * @SuppressWarnings(PHPMD.UnusedFormalParameter)
	 */
	function ttrss_gc ($expire) {
		Db::pdo()->query("DELETE FROM ttrss_sessions WHERE expire < " . time());

		return true;
	}

	if (!SINGLE_USER_MODE /* && DB_TYPE == "pgsql" */) {
		session_set_save_handler("ttrss_open",
			"ttrss_close", "ttrss_read", "ttrss_write",
			"ttrss_destroy", "ttrss_gc");
		register_shutdown_function('session_write_close');
	}

	if (!defined('NO_SESSION_AUTOSTART')) {
		if (isset($_COOKIE[session_name()])) {
			@session_start();
		}
	}
Commit	Line	Data
1d3a17c7	1	<?php
36bfab86 AD	2	// Original from http://www.daniweb.com/code/snippet43.html
	3
	4	require_once "config.php";
404e2e36 AD	5	require_once "classes/db.php";
404e2e36 AD	6	require_once "autoload.php";
889a5f9f	7	require_once "errorhandler.php";
7081aaa0 RP	8	require_once "lib/accept-to-gettext.php";
7081aaa0 RP	9	require_once "lib/gettext/gettext.inc";
81020562	10	require_once "version.php";
36bfab86	11
09628e1b	12	$session_expire = min(2147483647 - time() - 1, max(SESSION_COOKIE_LIFETIME, 86400));
3dd46f19	13	$session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;
36bfab86	14
1b5b1e5f	15	if (is_server_https()) {
3d72afa1 AD	16	$session_name .= "_ssl";
	17	ini_set("session.cookie_secure", true);
	18	}
	19
9ce7a554	20	ini_set("session.gc_probability", 75);
3dd46f19	21	ini_set("session.name", $session_name);
c5466b7f	22	ini_set("session.use_only_cookies", true);
6cfd3c14	23	ini_set("session.gc_maxlifetime", $session_expire);
9ce7a554	24	ini_set("session.cookie_lifetime", min(0, SESSION_COOKIE_LIFETIME));
36bfab86	25
7b55001e	26	function session_get_schema_version() {
e9b74692 AD	27	global $schema_version;
	28
	29	if (!$schema_version) {
4d13514d AD	30	$row = Db::pdo()->query("SELECT schema_version FROM ttrss_version")->fetch();
	31
	32	$version = $row["schema_version"];
	33
e9b74692 AD	34	$schema_version = $version;
	35	return $version;
	36	} else {
	37	return $schema_version;
	38	}
	39	}
	40
6322ac79	41	function validate_session() {
e9b74692 AD	42	if (SINGLE_USER_MODE) return true;
e9b74692 AD	43
7b55001e	44	if (isset($_SESSION["ref_schema_version"]) && $_SESSION["ref_schema_version"] != session_get_schema_version()) {
04a8c206 AD	45	$_SESSION["login_error_msg"] =
04a8c206 AD	46	__("Session failed to validate (schema version changed)");
e9b74692	47	return false;
04a8c206	48	}
4d13514d	49	$pdo = Db::pdo();
e9b74692 AD	50
e9b74692 AD	51	if ($_SESSION["uid"]) {
4d13514d AD	52	$sth = $pdo->prepare("SELECT pwd_hash FROM ttrss_users WHERE id = ?");
4d13514d AD	53	$sth->execute([$_SESSION['uid']]);
e9b74692 AD	54
e9b74692 AD	55	// user not found
4d13514d AD	56	if ($row = $sth->fetch()) {
	57	$pwd_hash = $row["pwd_hash"];
	58
	59	if ($pwd_hash != $_SESSION["pwd_hash"]) {
04a8c206	60
4d13514d AD	61	$_SESSION["login_error_msg"] =
4d13514d AD	62	__("Session failed to validate (password changed)");
04a8c206	63
4d13514d AD	64	return false;
4d13514d AD	65	}
e9b74692	66	} else {
e9b74692	67
4d13514d AD	68	$_SESSION["login_error_msg"] =
4d13514d AD	69	__("Session failed to validate (user not found)");
04a8c206	70
4d13514d	71	return false;
04a8c206	72
e9b74692 AD	73	}
	74	}
	75
e9b74692 AD	76	return true;
	77	}
	78
7b55001e AD	79	/**
	80	* @SuppressWarnings(PHPMD.UnusedFormalParameter)
	81	*/
5be00836	82	function ttrss_open ($s, $n) {
36bfab86 AD	83	return true;
	84	}
	85
5be00836	86	function ttrss_read ($id){
404e2e36 AD	87	global $session_expire;
404e2e36 AD	88
4d13514d AD	89	$sth = Db::pdo()->prepare("SELECT data FROM ttrss_sessions WHERE id=?");
4d13514d AD	90	$sth->execute([$id]);
3d72afa1	91
4d13514d AD	92	if ($row = $sth->fetch()) {
4d13514d AD	93	return base64_decode($row["data"]);
36bfab86	94
4d13514d AD	95	} else {
4d13514d AD	96	$expire = time() + $session_expire;
36bfab86	97
4d13514d AD	98	$sth = Db::pdo()->prepare("INSERT INTO ttrss_sessions (id, data, expire)
	99	VALUES (?, '', ?)");
	100	$sth->execute([$id, $expire]);
	101
	102	return "";
3d72afa1	103
36bfab86	104	}
404e2e36	105
36bfab86 AD	106	}
36bfab86 AD	107
5be00836	108	function ttrss_write ($id, $data) {
404e2e36	109	global $session_expire;
3d72afa1	110
404e2e36	111	$data = base64_encode($data);
36bfab86	112	$expire = time() + $session_expire;
3d72afa1	113
4d13514d AD	114	$sth = Db::pdo()->prepare("UPDATE ttrss_sessions SET data=?, expire=? WHERE id=?");
4d13514d AD	115	$sth->execute([$data, $expire, $id]);
3d72afa1	116
36bfab86 AD	117	return true;
	118	}
	119
5be00836	120	function ttrss_close () {
36bfab86 AD	121	return true;
	122	}
	123
404e2e36	124	function ttrss_destroy($id) {
4d13514d AD	125	$sth = Db::pdo()->prepare("DELETE FROM ttrss_sessions WHERE id = ?");
4d13514d AD	126	$sth->execute([$id]);
3d72afa1	127
36bfab86 AD	128	return true;
	129	}
	130
7b55001e AD	131	/**
	132	* @SuppressWarnings(PHPMD.UnusedFormalParameter)
	133	*/
5be00836	134	function ttrss_gc ($expire) {
4d13514d	135	Db::pdo()->query("DELETE FROM ttrss_sessions WHERE expire < " . time());
33d131d6 AD	136
33d131d6 AD	137	return true;
36bfab86 AD	138	}
36bfab86 AD	139
5c81e817	140	if (!SINGLE_USER_MODE /* && DB_TYPE == "pgsql" */) {
3d72afa1 AD	141	session_set_save_handler("ttrss_open",
3d72afa1 AD	142	"ttrss_close", "ttrss_read", "ttrss_write",
5be00836	143	"ttrss_destroy", "ttrss_gc");
404e2e36	144	register_shutdown_function('session_write_close');
8fd92701	145	}
d620cfe7	146
9ce7a554 AD	147	if (!defined('NO_SESSION_AUTOSTART')) {
9ce7a554 AD	148	if (isset($_COOKIE[session_name()])) {
5160620c AD	149	@session_start();
5160620c AD	150	}
964f1533	151	}