]> git.wh0rd.org Git - tt-rss.git/blob - include/sessions.php
hotkey actions: toggle_expand, collapse_article: check if element exists
[tt-rss.git] / include / sessions.php
1 <?php
2         // Original from http://www.daniweb.com/code/snippet43.html
3
4         require_once "config.php";
5         require_once "classes/db.php";
6         require_once "autoload.php";
7         require_once "errorhandler.php";
8         require_once "lib/accept-to-gettext.php";
9         require_once "lib/gettext/gettext.inc";
10         require_once "version.php";
11
12         $session_expire = max(SESSION_COOKIE_LIFETIME, 86400);
13         $session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;
14
15         if (@$_SERVER['HTTPS'] == "on") {
16                 $session_name .= "_ssl";
17                 ini_set("session.cookie_secure", true);
18         }
19
20         ini_set("session.gc_probability", 75);
21         ini_set("session.name", $session_name);
22         ini_set("session.use_only_cookies", true);
23         ini_set("session.gc_maxlifetime", $session_expire);
24         ini_set("session.cookie_lifetime", min(0, SESSION_COOKIE_LIFETIME));
25
26         function session_get_schema_version($nocache = false) {
27                 global $schema_version;
28
29                 if (!$schema_version) {
30                         $result = Db::get()->query("SELECT schema_version FROM ttrss_version");
31                         $version = Db::get()->fetch_result($result, 0, "schema_version");
32                         $schema_version = $version;
33                         return $version;
34                 } else {
35                         return $schema_version;
36                 }
37         }
38
39         function validate_session() {
40                 if (SINGLE_USER_MODE) return true;
41
42                 if (VERSION_STATIC != $_SESSION["version"]) return false;
43
44                 $check_ip = $_SESSION['ip_address'];
45
46                 switch (SESSION_CHECK_ADDRESS) {
47                 case 0:
48                         $check_ip = '';
49                         break;
50                 case 1:
51                         $check_ip = substr($check_ip, 0, strrpos($check_ip, '.')+1);
52                         break;
53                 case 2:
54                         $check_ip = substr($check_ip, 0, strrpos($check_ip, '.'));
55                         $check_ip = substr($check_ip, 0, strrpos($check_ip, '.')+1);
56                         break;
57                 };
58
59                 if ($check_ip && strpos($_SERVER['REMOTE_ADDR'], $check_ip) !== 0) {
60                         $_SESSION["login_error_msg"] =
61                                 __("Session failed to validate (incorrect IP)");
62                         return false;
63                 }
64
65                 if ($_SESSION["ref_schema_version"] != session_get_schema_version(true)) {
66                         $_SESSION["login_error_msg"] =
67                                 __("Session failed to validate (schema version changed)");
68                         return false;
69                 }
70
71                 if (sha1($_SERVER['HTTP_USER_AGENT']) != $_SESSION["user_agent"]) {
72                         $_SESSION["login_error_msg"] =
73                                 __("Session failed to validate (user agent changed)");
74                         return false;
75                 }
76
77                 if ($_SESSION["uid"]) {
78                         $result = Db::get()->query(
79                                 "SELECT pwd_hash FROM ttrss_users WHERE id = '".$_SESSION["uid"]."'");
80
81                         // user not found
82                         if (Db::get()->num_rows($result) == 0) {
83
84                                 $_SESSION["login_error_msg"] =
85                                         __("Session failed to validate (user not found)");
86
87                                 return false;
88                         } else {
89                                 $pwd_hash = Db::get()->fetch_result($result, 0, "pwd_hash");
90
91                                 if ($pwd_hash != $_SESSION["pwd_hash"]) {
92
93                                         $_SESSION["login_error_msg"] =
94                                                 __("Session failed to validate (password changed)");
95
96                                         return false;
97                                 }
98                         }
99                 }
100
101                 return true;
102         }
103
104
105         function ttrss_open ($s, $n) {
106                 return true;
107         }
108
109         function ttrss_read ($id){
110                 global $session_expire;
111
112                 $res = Db::get()->query("SELECT data FROM ttrss_sessions WHERE id='$id'");
113
114                 if (Db::get()->num_rows($res) != 1) {
115
116                         $expire = time() + $session_expire;
117
118                         Db::get()->query("INSERT INTO ttrss_sessions (id, data, expire)
119                                         VALUES ('$id', '', '$expire')");
120
121                         return "";
122                 } else {
123                         return base64_decode(Db::get()->fetch_result($res, 0, "data"));
124                 }
125
126         }
127
128         function ttrss_write ($id, $data) {
129                 global $session_expire;
130
131                 $data = base64_encode($data);
132                 $expire = time() + $session_expire;
133
134                 Db::get()->query("UPDATE ttrss_sessions SET data='$data', expire='$expire' WHERE id='$id'");
135
136                 return true;
137         }
138
139         function ttrss_close () {
140                 return true;
141         }
142
143         function ttrss_destroy($id) {
144                 Db::get()->query("DELETE FROM ttrss_sessions WHERE id = '$id'");
145
146                 return true;
147         }
148
149         function ttrss_gc ($expire) {
150                 Db::get()->query("DELETE FROM ttrss_sessions WHERE expire < " . time());
151         }
152
153         if (!SINGLE_USER_MODE /* && DB_TYPE == "pgsql" */) {
154                 session_set_save_handler("ttrss_open",
155                         "ttrss_close", "ttrss_read", "ttrss_write",
156                         "ttrss_destroy", "ttrss_gc");
157                 register_shutdown_function('session_write_close');
158         }
159
160         if (!defined('NO_SESSION_AUTOSTART')) {
161                 if (isset($_COOKIE[session_name()])) {
162                         @session_start();
163                 }
164         }
165 ?>