[tt-rss.git] / include / sessions.php

<?php
	// Original from http://www.daniweb.com/code/snippet43.html

	require_once "config.php";
	require_once "db.php";

	$session_expire = max(SESSION_COOKIE_LIFETIME, 86400);
	$session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;

	if (@$_SERVER['HTTPS'] == "on") {
		$session_name .= "_ssl";
		ini_set("session.cookie_secure", true);
	}

	ini_set("session.gc_probability", 50);
	ini_set("session.name", $session_name);
	ini_set("session.use_only_cookies", true);
	ini_set("session.gc_maxlifetime", $session_expire);

	function session_get_schema_version($link, $nocache = false) {
		global $schema_version;

		if (!$schema_version) {
			$result = db_query($link, "SELECT schema_version FROM ttrss_version");
			$version = db_fetch_result($result, 0, "schema_version");
			$schema_version = $version;
			return $version;
		} else {
			return $schema_version;
		}
	}

	function validate_session($link) {
		if (SINGLE_USER_MODE) return true;

		$check_ip = $_SESSION['ip_address'];

		switch (SESSION_CHECK_ADDRESS) {
		case 0:
			$check_ip = '';
			break;
		case 1:
			$check_ip = substr($check_ip, 0, strrpos($check_ip, '.')+1);
			break;
		case 2:
			$check_ip = substr($check_ip, 0, strrpos($check_ip, '.'));
			$check_ip = substr($check_ip, 0, strrpos($check_ip, '.')+1);
			break;
		};

		if ($check_ip && strpos($_SERVER['REMOTE_ADDR'], $check_ip) !== 0) {
			$_SESSION["login_error_msg"] =
				__("Session failed to validate (incorrect IP)");
			return false;
		}

		if ($_SESSION["ref_schema_version"] != session_get_schema_version($link, true))
			return false;

		if ($_SESSION["uid"]) {
			$result = db_query($link,
				"SELECT pwd_hash FROM ttrss_users WHERE id = '".$_SESSION["uid"]."'");

			// user not found
			if (db_num_rows($result) == 0) {
				return false;
			} else {
				$pwd_hash = db_fetch_result($result, 0, "pwd_hash");

				if ($pwd_hash != $_SESSION["pwd_hash"]) {
					return false;
				}
			}
		}

/*		if ($_SESSION["cookie_lifetime"] && $_SESSION["uid"]) {

			//print_r($_SESSION);

			if (time() > $_SESSION["cookie_lifetime"]) {
				return false;
			}
		} */

		return true;
	}


	function ttrss_open ($s, $n) {

		global $session_connection;

		$session_connection = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);

		return true;
	}

	function ttrss_read ($id){

		global $session_connection,$session_read;

		$query = "SELECT data FROM ttrss_sessions WHERE id='$id'";

		$res = db_query($session_connection, $query);

		if (db_num_rows($res) != 1) {
		 	return "";
		} else {
			$session_read = db_fetch_assoc($res);
			$session_read["data"] = base64_decode($session_read["data"]);
			return $session_read["data"];
		}
	}

	function ttrss_write ($id, $data) {

		if (! $data) {
			return false;
		}

		global $session_connection, $session_read, $session_expire;

		$expire = time() + $session_expire;

		$data = db_escape_string($session_connection, base64_encode($data), false);

		if ($session_read) {
		 	$query = "UPDATE ttrss_sessions SET data='$data',
					expire='$expire' WHERE id='$id'";
		} else {
		 	$query = "INSERT INTO ttrss_sessions (id, data, expire)
					VALUES ('$id', '$data', '$expire')";
		}

		db_query($session_connection, $query);
		return true;
	}

	function ttrss_close () {

		global $session_connection;

		//db_close($session_connection);

		return true;
	}

	function ttrss_destroy ($id) {

		global $session_connection;

		$query = "DELETE FROM ttrss_sessions WHERE id = '$id'";

		db_query($session_connection, $query);

		return true;
	}

	function ttrss_gc ($expire) {

		global $session_connection;

		$query = "DELETE FROM ttrss_sessions WHERE expire < " . time();

		db_query($session_connection, $query);
	}

	if (!SINGLE_USER_MODE /* && DB_TYPE == "pgsql" */) {
		session_set_save_handler("ttrss_open",
			"ttrss_close", "ttrss_read", "ttrss_write",
			"ttrss_destroy", "ttrss_gc");
	}

	if (!defined('TTRSS_SESSION_NAME') || TTRSS_SESSION_NAME != 'ttrss_api_sid') {
		if (isset($_COOKIE[$session_name])) {
			@session_start();

			if (!isset($_SESSION["uid"]) || !$_SESSION["uid"] || !validate_session($session_connection)) {
				session_destroy();
			   setcookie(session_name(), '', time()-42000, '/');
			}
		}
	}
?>
Commit	Line	Data
1d3a17c7	1	<?php
36bfab86 AD	2	// Original from http://www.daniweb.com/code/snippet43.html
	3
	4	require_once "config.php";
	5	require_once "db.php";
	6
6cfd3c14	7	$session_expire = max(SESSION_COOKIE_LIFETIME, 86400);
3dd46f19	8	$session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;
36bfab86	9
6addc13f	10	if (@$_SERVER['HTTPS'] == "on") {
3d72afa1 AD	11	$session_name .= "_ssl";
	12	ini_set("session.cookie_secure", true);
	13	}
	14
36bfab86	15	ini_set("session.gc_probability", 50);
3dd46f19	16	ini_set("session.name", $session_name);
c5466b7f	17	ini_set("session.use_only_cookies", true);
6cfd3c14	18	ini_set("session.gc_maxlifetime", $session_expire);
36bfab86	19
e9b74692 AD	20	function session_get_schema_version($link, $nocache = false) {
	21	global $schema_version;
	22
	23	if (!$schema_version) {
	24	$result = db_query($link, "SELECT schema_version FROM ttrss_version");
	25	$version = db_fetch_result($result, 0, "schema_version");
	26	$schema_version = $version;
	27	return $version;
	28	} else {
	29	return $schema_version;
	30	}
	31	}
	32
	33	function validate_session($link) {
	34	if (SINGLE_USER_MODE) return true;
	35
	36	$check_ip = $_SESSION['ip_address'];
	37
	38	switch (SESSION_CHECK_ADDRESS) {
	39	case 0:
	40	$check_ip = '';
	41	break;
	42	case 1:
	43	$check_ip = substr($check_ip, 0, strrpos($check_ip, '.')+1);
	44	break;
	45	case 2:
	46	$check_ip = substr($check_ip, 0, strrpos($check_ip, '.'));
	47	$check_ip = substr($check_ip, 0, strrpos($check_ip, '.')+1);
	48	break;
	49	};
	50
	51	if ($check_ip && strpos($_SERVER['REMOTE_ADDR'], $check_ip) !== 0) {
	52	$_SESSION["login_error_msg"] =
	53	__("Session failed to validate (incorrect IP)");
	54	return false;
	55	}
	56
	57	if ($_SESSION["ref_schema_version"] != session_get_schema_version($link, true))
	58	return false;
	59
	60	if ($_SESSION["uid"]) {
	61	$result = db_query($link,
	62	"SELECT pwd_hash FROM ttrss_users WHERE id = '".$_SESSION["uid"]."'");
	63
	64	// user not found
	65	if (db_num_rows($result) == 0) {
	66	return false;
	67	} else {
	68	$pwd_hash = db_fetch_result($result, 0, "pwd_hash");
	69
	70	if ($pwd_hash != $_SESSION["pwd_hash"]) {
	71	return false;
	72	}
	73	}
	74	}
	75
	76	/* if ($_SESSION["cookie_lifetime"] && $_SESSION["uid"]) {
	77
	78	//print_r($_SESSION);
	79
	80	if (time() > $_SESSION["cookie_lifetime"]) {
	81	return false;
	82	}
	83	} */
84
85	return true;
86	}
87
88
5be00836	89	function ttrss_open ($s, $n) {
3d72afa1	90
36bfab86	91	global $session_connection;
3d72afa1	92
36bfab86	93	$session_connection = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
3d72afa1	94
36bfab86 AD	95	return true;
	96	}
	97
5be00836	98	function ttrss_read ($id){
3d72afa1 AD	99
3d72afa1 AD	100	global $session_connection,$session_read;
36bfab86	101
7a293008	102	$query = "SELECT data FROM ttrss_sessions WHERE id='$id'";
36bfab86 AD	103
36bfab86 AD	104	$res = db_query($session_connection, $query);
3d72afa1	105
36bfab86 AD	106	if (db_num_rows($res) != 1) {
	107	return "";
	108	} else {
	109	$session_read = db_fetch_assoc($res);
	110	$session_read["data"] = base64_decode($session_read["data"]);
	111	return $session_read["data"];
	112	}
	113	}
	114
5be00836	115	function ttrss_write ($id, $data) {
3d72afa1 AD	116
	117	if (! $data) {
	118	return false;
36bfab86	119	}
3d72afa1	120
36bfab86	121	global $session_connection, $session_read, $session_expire;
3d72afa1	122
36bfab86	123	$expire = time() + $session_expire;
3d72afa1	124
3972bf59	125	$data = db_escape_string($session_connection, base64_encode($data), false);
3d72afa1	126
36bfab86	127	if ($session_read) {
3d72afa1 AD	128	$query = "UPDATE ttrss_sessions SET data='$data',
3d72afa1 AD	129	expire='$expire' WHERE id='$id'";
36bfab86	130	} else {
a2e9b457 AD	131	$query = "INSERT INTO ttrss_sessions (id, data, expire)
a2e9b457 AD	132	VALUES ('$id', '$data', '$expire')";
36bfab86	133	}
3d72afa1	134
36bfab86 AD	135	db_query($session_connection, $query);
	136	return true;
	137	}
	138
5be00836	139	function ttrss_close () {
3d72afa1	140
36bfab86	141	global $session_connection;
3d72afa1	142
3972bf59	143	//db_close($session_connection);
3d72afa1	144
36bfab86 AD	145	return true;
	146	}
	147
5be00836	148	function ttrss_destroy ($id) {
3d72afa1	149
36bfab86	150	global $session_connection;
09018e95	151
7a293008	152	$query = "DELETE FROM ttrss_sessions WHERE id = '$id'";
3d72afa1	153
36bfab86	154	db_query($session_connection, $query);
3d72afa1	155
36bfab86 AD	156	return true;
	157	}
	158
5be00836	159	function ttrss_gc ($expire) {
3d72afa1	160
36bfab86	161	global $session_connection;
3d72afa1	162
36bfab86	163	$query = "DELETE FROM ttrss_sessions WHERE expire < " . time();
3d72afa1	164
36bfab86 AD	165	db_query($session_connection, $query);
	166	}
	167
5c81e817	168	if (!SINGLE_USER_MODE /* && DB_TYPE == "pgsql" */) {
3d72afa1 AD	169	session_set_save_handler("ttrss_open",
3d72afa1 AD	170	"ttrss_close", "ttrss_read", "ttrss_write",
5be00836	171	"ttrss_destroy", "ttrss_gc");
8fd92701	172	}
d620cfe7	173
964f1533	174	if (!defined('TTRSS_SESSION_NAME') \|\| TTRSS_SESSION_NAME != 'ttrss_api_sid') {
2137d674	175	if (isset($_COOKIE[$session_name])) {
5160620c	176	@session_start();
60ed4c9a	177
e9b74692	178	if (!isset($_SESSION["uid"]) \|\| !$_SESSION["uid"] \|\| !validate_session($session_connection)) {
60ed4c9a	179	session_destroy();
2137d674	180	setcookie(session_name(), '', time()-42000, '/');
60ed4c9a	181	}
5160620c	182	}
964f1533	183	}
36bfab86	184	?>