[tt-rss.git] / include / sessions.php

<?php
	// Original from http://www.daniweb.com/code/snippet43.html

	require_once "config.php";
	require_once "classes/db.php";
	require_once "autoload.php";
	require_once "errorhandler.php";
	require_once "lib/accept-to-gettext.php";
	require_once "lib/gettext/gettext.inc";
	require_once "version.php";

	$session_expire = min(2147483647 - time() - 1, max(SESSION_COOKIE_LIFETIME, 86400));
	$session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;

	if (is_server_https()) {
		ini_set("session.cookie_secure", true);
	}

	ini_set("session.gc_probability", 75);
	ini_set("session.name", $session_name);
	ini_set("session.use_only_cookies", true);
	ini_set("session.gc_maxlifetime", $session_expire);
	ini_set("session.cookie_lifetime", min(0, SESSION_COOKIE_LIFETIME));

	function session_get_schema_version() {
		global $schema_version;

		if (!$schema_version) {
			$row = Db::pdo()->query("SELECT schema_version FROM ttrss_version")->fetch();

			$version = $row["schema_version"];

			$schema_version = $version;
			return $version;
		} else {
			return $schema_version;
		}
	}

	function validate_session() {
		if (SINGLE_USER_MODE) return true;

		if (isset($_SESSION["ref_schema_version"]) && $_SESSION["ref_schema_version"] != session_get_schema_version()) {
			$_SESSION["login_error_msg"] =
				__("Session failed to validate (schema version changed)");
			return false;
		}
        $pdo = Db::pdo();

		if ($_SESSION["uid"]) {

			if ($_SESSION["user_agent"] != sha1($_SERVER['HTTP_USER_AGENT'])) {
				$_SESSION["login_error_msg"] = __("Session failed to validate (UA changed).");
				return false;
			}

			$sth = $pdo->prepare("SELECT pwd_hash FROM ttrss_users WHERE id = ?");
			$sth->execute([$_SESSION['uid']]);

			// user not found
			if ($row = $sth->fetch()) {
                $pwd_hash = $row["pwd_hash"];

                if ($pwd_hash != $_SESSION["pwd_hash"]) {

                    $_SESSION["login_error_msg"] =
                        __("Session failed to validate (password changed)");

                    return false;
                }
			} else {

                $_SESSION["login_error_msg"] =
                    __("Session failed to validate (user not found)");

                return false;

			}
		}

		return true;
	}

	/**
	 * @SuppressWarnings(PHPMD.UnusedFormalParameter)
	 */
	function ttrss_open ($s, $n) {
		return true;
	}

	function ttrss_read ($id){
		global $session_expire;

		$sth = Db::pdo()->prepare("SELECT data FROM ttrss_sessions WHERE id=?");
		$sth->execute([$id]);

		if ($row = $sth->fetch()) {
            return base64_decode($row["data"]);

		} else {
            $expire = time() + $session_expire;

            $sth = Db::pdo()->prepare("INSERT INTO ttrss_sessions (id, data, expire)
					VALUES (?, '', ?)");
            $sth->execute([$id, $expire]);

            return "";

		}

	}

	function ttrss_write ($id, $data) {
		global $session_expire;

		$data = base64_encode($data);
		$expire = time() + $session_expire;

        $sth = Db::pdo()->prepare("UPDATE ttrss_sessions SET data=?, expire=? WHERE id=?");
        $sth->execute([$data, $expire, $id]);

		return true;
	}

	function ttrss_close () {
		return true;
	}

	function ttrss_destroy($id) {
		$sth = Db::pdo()->prepare("DELETE FROM ttrss_sessions WHERE id = ?");
		$sth->execute([$id]);

		return true;
	}

	/**
	 * @SuppressWarnings(PHPMD.UnusedFormalParameter)
	 */
	function ttrss_gc ($expire) {
		Db::pdo()->query("DELETE FROM ttrss_sessions WHERE expire < " . time());

		return true;
	}

	if (!SINGLE_USER_MODE /* && DB_TYPE == "pgsql" */) {
		session_set_save_handler("ttrss_open",
			"ttrss_close", "ttrss_read", "ttrss_write",
			"ttrss_destroy", "ttrss_gc");
		register_shutdown_function('session_write_close');
	}

	if (!defined('NO_SESSION_AUTOSTART')) {
		if (isset($_COOKIE[session_name()])) {
			@session_start();
		}
	}
Commit	Line	Data
1d3a17c7	1	<?php
36bfab86 AD	2	// Original from http://www.daniweb.com/code/snippet43.html
	3
	4	require_once "config.php";
404e2e36 AD	5	require_once "classes/db.php";
404e2e36 AD	6	require_once "autoload.php";
889a5f9f	7	require_once "errorhandler.php";
7081aaa0 RP	8	require_once "lib/accept-to-gettext.php";
7081aaa0 RP	9	require_once "lib/gettext/gettext.inc";
81020562	10	require_once "version.php";
36bfab86	11
09628e1b	12	$session_expire = min(2147483647 - time() - 1, max(SESSION_COOKIE_LIFETIME, 86400));
3dd46f19	13	$session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;
36bfab86	14
1b5b1e5f	15	if (is_server_https()) {
3d72afa1 AD	16	ini_set("session.cookie_secure", true);
	17	}
	18
9ce7a554	19	ini_set("session.gc_probability", 75);
3dd46f19	20	ini_set("session.name", $session_name);
c5466b7f	21	ini_set("session.use_only_cookies", true);
6cfd3c14	22	ini_set("session.gc_maxlifetime", $session_expire);
9ce7a554	23	ini_set("session.cookie_lifetime", min(0, SESSION_COOKIE_LIFETIME));
36bfab86	24
7b55001e	25	function session_get_schema_version() {
e9b74692 AD	26	global $schema_version;
	27
	28	if (!$schema_version) {
4d13514d AD	29	$row = Db::pdo()->query("SELECT schema_version FROM ttrss_version")->fetch();
	30
	31	$version = $row["schema_version"];
	32
e9b74692 AD	33	$schema_version = $version;
	34	return $version;
	35	} else {
	36	return $schema_version;
	37	}
	38	}
	39
6322ac79	40	function validate_session() {
e9b74692 AD	41	if (SINGLE_USER_MODE) return true;
e9b74692 AD	42
7b55001e	43	if (isset($_SESSION["ref_schema_version"]) && $_SESSION["ref_schema_version"] != session_get_schema_version()) {
04a8c206 AD	44	$_SESSION["login_error_msg"] =
04a8c206 AD	45	__("Session failed to validate (schema version changed)");
e9b74692	46	return false;
04a8c206	47	}
4d13514d	48	$pdo = Db::pdo();
e9b74692 AD	49
e9b74692 AD	50	if ($_SESSION["uid"]) {
7d53c2b5	51
7d53c2b5	52	if ($_SESSION["user_agent"] != sha1($_SERVER['HTTP_USER_AGENT'])) {
d246fb9f	53	$_SESSION["login_error_msg"] = __("Session failed to validate (UA changed).");
7d53c2b5 AD	54	return false;
	55	}
	56
4d13514d AD	57	$sth = $pdo->prepare("SELECT pwd_hash FROM ttrss_users WHERE id = ?");
4d13514d AD	58	$sth->execute([$_SESSION['uid']]);
e9b74692 AD	59
e9b74692 AD	60	// user not found
4d13514d AD	61	if ($row = $sth->fetch()) {
	62	$pwd_hash = $row["pwd_hash"];
	63
	64	if ($pwd_hash != $_SESSION["pwd_hash"]) {
04a8c206	65
4d13514d AD	66	$_SESSION["login_error_msg"] =
4d13514d AD	67	__("Session failed to validate (password changed)");
04a8c206	68
4d13514d AD	69	return false;
4d13514d AD	70	}
e9b74692	71	} else {
e9b74692	72
4d13514d AD	73	$_SESSION["login_error_msg"] =
4d13514d AD	74	__("Session failed to validate (user not found)");
04a8c206	75
4d13514d	76	return false;
04a8c206	77
e9b74692 AD	78	}
	79	}
	80
e9b74692 AD	81	return true;
	82	}
	83
7b55001e AD	84	/**
	85	* @SuppressWarnings(PHPMD.UnusedFormalParameter)
	86	*/
5be00836	87	function ttrss_open ($s, $n) {
36bfab86 AD	88	return true;
	89	}
	90
5be00836	91	function ttrss_read ($id){
404e2e36 AD	92	global $session_expire;
404e2e36 AD	93
4d13514d AD	94	$sth = Db::pdo()->prepare("SELECT data FROM ttrss_sessions WHERE id=?");
4d13514d AD	95	$sth->execute([$id]);
3d72afa1	96
4d13514d AD	97	if ($row = $sth->fetch()) {
4d13514d AD	98	return base64_decode($row["data"]);
36bfab86	99
4d13514d AD	100	} else {
4d13514d AD	101	$expire = time() + $session_expire;
36bfab86	102
4d13514d AD	103	$sth = Db::pdo()->prepare("INSERT INTO ttrss_sessions (id, data, expire)
	104	VALUES (?, '', ?)");
	105	$sth->execute([$id, $expire]);
	106
	107	return "";
3d72afa1	108
36bfab86	109	}
404e2e36	110
36bfab86 AD	111	}
36bfab86 AD	112
5be00836	113	function ttrss_write ($id, $data) {
404e2e36	114	global $session_expire;
3d72afa1	115
404e2e36	116	$data = base64_encode($data);
36bfab86	117	$expire = time() + $session_expire;
3d72afa1	118
4d13514d AD	119	$sth = Db::pdo()->prepare("UPDATE ttrss_sessions SET data=?, expire=? WHERE id=?");
4d13514d AD	120	$sth->execute([$data, $expire, $id]);
3d72afa1	121
36bfab86 AD	122	return true;
	123	}
	124
5be00836	125	function ttrss_close () {
36bfab86 AD	126	return true;
	127	}
	128
404e2e36	129	function ttrss_destroy($id) {
4d13514d AD	130	$sth = Db::pdo()->prepare("DELETE FROM ttrss_sessions WHERE id = ?");
4d13514d AD	131	$sth->execute([$id]);
3d72afa1	132
36bfab86 AD	133	return true;
	134	}
	135
7b55001e AD	136	/**
	137	* @SuppressWarnings(PHPMD.UnusedFormalParameter)
	138	*/
5be00836	139	function ttrss_gc ($expire) {
4d13514d	140	Db::pdo()->query("DELETE FROM ttrss_sessions WHERE expire < " . time());
33d131d6 AD	141
33d131d6 AD	142	return true;
36bfab86 AD	143	}
36bfab86 AD	144
5c81e817	145	if (!SINGLE_USER_MODE /* && DB_TYPE == "pgsql" */) {
3d72afa1 AD	146	session_set_save_handler("ttrss_open",
3d72afa1 AD	147	"ttrss_close", "ttrss_read", "ttrss_write",
5be00836	148	"ttrss_destroy", "ttrss_gc");
404e2e36	149	register_shutdown_function('session_write_close');
8fd92701	150	}
d620cfe7	151
9ce7a554 AD	152	if (!defined('NO_SESSION_AUTOSTART')) {
9ce7a554 AD	153	if (isset($_COOKIE[session_name()])) {
5160620c AD	154	@session_start();
5160620c AD	155	}
964f1533	156	}