include/sessions.php

   1 <?php
   2         // Original from http://www.daniweb.com/code/snippet43.html
   3
   4         require_once "config.php";
   5         require_once "classes/db.php";
   6         require_once "autoload.php";
   7         require_once "errorhandler.php";
   8         require_once "lib/accept-to-gettext.php";
   9         require_once "lib/gettext/gettext.inc";
  10         require_once "version.php";
  11
  12         $session_expire = min(2147483647 - time() - 1, max(SESSION_COOKIE_LIFETIME, 86400));
  13         $session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;
  14
  15         if (is_server_https()) {
  16                 ini_set("session.cookie_secure", true);
  17         }
  18
  19         ini_set("session.gc_probability", 75);
  20         ini_set("session.name", $session_name);
  21         ini_set("session.use_only_cookies", true);
  22         ini_set("session.gc_maxlifetime", $session_expire);
  23         ini_set("session.cookie_lifetime", min(0, SESSION_COOKIE_LIFETIME));
  24
  25         function session_get_schema_version() {
  26                 global $schema_version;
  27
  28                 if (!$schema_version) {
  29                         $row = Db::pdo()->query("SELECT schema_version FROM ttrss_version")->fetch();
  30
  31                         $version = $row["schema_version"];
  32
  33                         $schema_version = $version;
  34                         return $version;
  35                 } else {
  36                         return $schema_version;
  37                 }
  38         }
  39
  40         function validate_session() {
  41                 if (SINGLE_USER_MODE) return true;
  42
  43                 if (isset($_SESSION["ref_schema_version"]) && $_SESSION["ref_schema_version"] != session_get_schema_version()) {
  44                         $_SESSION["login_error_msg"] =
  45                                 __("Session failed to validate (schema version changed)");
  46                         return false;
  47                 }
  48         $pdo = Db::pdo();
  49
  50                 if ($_SESSION["uid"]) {
  51
  52                         if ($_SESSION["user_agent"] != sha1($_SERVER['HTTP_USER_AGENT'])) {
  53                                 $_SESSION["login_error_msg"] = __("Session failed to validate (UA changed).");
  54                                 return false;
  55                         }
  56
  57                         $sth = $pdo->prepare("SELECT pwd_hash FROM ttrss_users WHERE id = ?");
  58                         $sth->execute([$_SESSION['uid']]);
  59
  60                         // user not found
  61                         if ($row = $sth->fetch()) {
  62                 $pwd_hash = $row["pwd_hash"];
  63
  64                 if ($pwd_hash != $_SESSION["pwd_hash"]) {
  65
  66                     $_SESSION["login_error_msg"] =
  67                         __("Session failed to validate (password changed)");
  68
  69                     return false;
  70                 }
  71                         } else {
  72
  73                 $_SESSION["login_error_msg"] =
  74                     __("Session failed to validate (user not found)");
  75
  76                 return false;
  77
  78                         }
  79                 }
  80
  81                 return true;
  82         }
  83
  84         /**
  85          * @SuppressWarnings(PHPMD.UnusedFormalParameter)
  86          */
  87         function ttrss_open ($s, $n) {
  88                 return true;
  89         }
  90
  91         function ttrss_read ($id){
  92                 global $session_expire;
  93
  94                 $sth = Db::pdo()->prepare("SELECT data FROM ttrss_sessions WHERE id=?");
  95                 $sth->execute([$id]);
  96
  97                 if ($row = $sth->fetch()) {
  98             return base64_decode($row["data"]);
  99
 100                 } else {
 101             $expire = time() + $session_expire;
 102
 103             $sth = Db::pdo()->prepare("INSERT INTO ttrss_sessions (id, data, expire)
 104                                         VALUES (?, '', ?)");
 105             $sth->execute([$id, $expire]);
 106
 107             return "";
 108
 109                 }
 110
 111         }
 112
 113         function ttrss_write ($id, $data) {
 114                 global $session_expire;
 115
 116                 $data = base64_encode($data);
 117                 $expire = time() + $session_expire;
 118
 119         $sth = Db::pdo()->prepare("UPDATE ttrss_sessions SET data=?, expire=? WHERE id=?");
 120         $sth->execute([$data, $expire, $id]);
 121
 122                 return true;
 123         }
 124
 125         function ttrss_close () {
 126                 return true;
 127         }
 128
 129         function ttrss_destroy($id) {
 130                 $sth = Db::pdo()->prepare("DELETE FROM ttrss_sessions WHERE id = ?");
 131                 $sth->execute([$id]);
 132
 133                 return true;
 134         }
 135
 136         /**
 137          * @SuppressWarnings(PHPMD.UnusedFormalParameter)
 138          */
 139         function ttrss_gc ($expire) {
 140                 Db::pdo()->query("DELETE FROM ttrss_sessions WHERE expire < " . time());
 141
 142                 return true;
 143         }
 144
 145         if (!SINGLE_USER_MODE /* && DB_TYPE == "pgsql" */) {
 146                 session_set_save_handler("ttrss_open",
 147                         "ttrss_close", "ttrss_read", "ttrss_write",
 148                         "ttrss_destroy", "ttrss_gc");
 149                 register_shutdown_function('session_write_close');
 150         }
 151
 152         if (!defined('NO_SESSION_AUTOSTART')) {
 153                 if (isset($_COOKIE[session_name()])) {
 154                         @session_start();
 155                 }
 156         }