include/sessions.php

   1 <?php
   2         // Original from http://www.daniweb.com/code/snippet43.html
   3
   4         require_once "config.php";
   5         require_once "db.php";
   6         require_once "errorhandler.php";
   7         require_once "lib/accept-to-gettext.php";
   8         require_once "lib/gettext/gettext.inc";
   9         require_once "version.php";
  10
  11         $session_expire = max(SESSION_COOKIE_LIFETIME, 86400);
  12         $session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;
  13
  14         if (@$_SERVER['HTTPS'] == "on") {
  15                 $session_name .= "_ssl";
  16                 ini_set("session.cookie_secure", true);
  17         }
  18
  19         ini_set("session.gc_probability", 75);
  20         ini_set("session.name", $session_name);
  21         ini_set("session.use_only_cookies", true);
  22         ini_set("session.gc_maxlifetime", $session_expire);
  23         ini_set("session.cookie_lifetime", min(0, SESSION_COOKIE_LIFETIME));
  24
  25         global $session_connection;
  26
  27         function session_get_schema_version($link, $nocache = false) {
  28                 global $schema_version;
  29
  30                 if (!$schema_version) {
  31                         $result = db_query($link, "SELECT schema_version FROM ttrss_version");
  32                         $version = db_fetch_result($result, 0, "schema_version");
  33                         $schema_version = $version;
  34                         return $version;
  35                 } else {
  36                         return $schema_version;
  37                 }
  38         }
  39
  40         function validate_session($link) {
  41                 if (SINGLE_USER_MODE) return true;
  42                 if (!$link) return false;
  43
  44                 if (VERSION != $_SESSION["version"]) return false;
  45
  46                 $check_ip = $_SESSION['ip_address'];
  47
  48                 switch (SESSION_CHECK_ADDRESS) {
  49                 case 0:
  50                         $check_ip = '';
  51                         break;
  52                 case 1:
  53                         $check_ip = substr($check_ip, 0, strrpos($check_ip, '.')+1);
  54                         break;
  55                 case 2:
  56                         $check_ip = substr($check_ip, 0, strrpos($check_ip, '.'));
  57                         $check_ip = substr($check_ip, 0, strrpos($check_ip, '.')+1);
  58                         break;
  59                 };
  60
  61                 if ($check_ip && strpos($_SERVER['REMOTE_ADDR'], $check_ip) !== 0) {
  62                         $_SESSION["login_error_msg"] =
  63                                 __("Session failed to validate (incorrect IP)");
  64                         return false;
  65                 }
  66
  67                 if ($_SESSION["ref_schema_version"] != session_get_schema_version($link, true))
  68                         return false;
  69
  70                 if (sha1($_SERVER['HTTP_USER_AGENT']) != $_SESSION["user_agent"])
  71                         return false;
  72
  73                 if ($_SESSION["uid"]) {
  74                         $result = db_query($link,
  75                                 "SELECT pwd_hash FROM ttrss_users WHERE id = '".$_SESSION["uid"]."'");
  76
  77                         // user not found
  78                         if (db_num_rows($result) == 0) {
  79                                 return false;
  80                         } else {
  81                                 $pwd_hash = db_fetch_result($result, 0, "pwd_hash");
  82
  83                                 if ($pwd_hash != $_SESSION["pwd_hash"]) {
  84                                         return false;
  85                                 }
  86                         }
  87                 }
  88
  89 /*              if ($_SESSION["cookie_lifetime"] && $_SESSION["uid"]) {
  90
  91                         //print_r($_SESSION);
  92
  93                         if (time() > $_SESSION["cookie_lifetime"]) {
  94                                 return false;
  95                         }
  96                 } */
  97
  98                 return true;
  99         }
 100
 101
 102         function ttrss_open ($s, $n) {
 103                 global $session_connection;
 104
 105                 $session_connection = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
 106
 107                 return true;
 108         }
 109
 110         function ttrss_read ($id){
 111
 112                 global $session_connection,$session_read;
 113
 114                 $query = "SELECT data FROM ttrss_sessions WHERE id='$id'";
 115
 116                 $res = db_query($session_connection, $query);
 117
 118                 if (db_num_rows($res) != 1) {
 119                         return "";
 120                 } else {
 121                         $session_read = db_fetch_assoc($res);
 122                         $session_read["data"] = base64_decode($session_read["data"]);
 123                         return $session_read["data"];
 124                 }
 125         }
 126
 127         function ttrss_write ($id, $data) {
 128
 129                 if (! $data) {
 130                         return false;
 131                 }
 132
 133                 global $session_connection, $session_read, $session_expire;
 134
 135                 $expire = time() + $session_expire;
 136
 137                 $data = db_escape_string($session_connection, base64_encode($data), false);
 138
 139                 if ($session_read) {
 140                         $query = "UPDATE ttrss_sessions SET data='$data',
 141                                         expire='$expire' WHERE id='$id'";
 142                 } else {
 143                         $query = "INSERT INTO ttrss_sessions (id, data, expire)
 144                                         VALUES ('$id', '$data', '$expire')";
 145                 }
 146
 147                 db_query($session_connection, $query);
 148                 return true;
 149         }
 150
 151         function ttrss_close () {
 152
 153                 global $session_connection;
 154
 155                 //db_close($session_connection);
 156
 157                 return true;
 158         }
 159
 160         function ttrss_destroy ($id) {
 161
 162                 global $session_connection;
 163
 164                 $query = "DELETE FROM ttrss_sessions WHERE id = '$id'";
 165
 166                 db_query($session_connection, $query);
 167
 168                 return true;
 169         }
 170
 171         function ttrss_gc ($expire) {
 172
 173                 global $session_connection;
 174
 175                 $query = "DELETE FROM ttrss_sessions WHERE expire < " . time();
 176
 177                 db_query($session_connection, $query);
 178         }
 179
 180         if (!SINGLE_USER_MODE /* && DB_TYPE == "pgsql" */) {
 181                 session_set_save_handler("ttrss_open",
 182                         "ttrss_close", "ttrss_read", "ttrss_write",
 183                         "ttrss_destroy", "ttrss_gc");
 184         }
 185
 186         if (!defined('NO_SESSION_AUTOSTART')) {
 187                 if (isset($_COOKIE[session_name()])) {
 188                         @session_start();
 189                 }
 190         }
 191 ?>