diff options
| -rw-r--r-- | Zotlabs/Web/Session.php | 91 | ||||
| -rw-r--r-- | Zotlabs/Web/SessionHandler.php | 78 | ||||
| -rw-r--r-- | include/Contact.php | 2 | ||||
| -rw-r--r-- | include/api.php | 2 | ||||
| -rw-r--r-- | include/auth.php | 14 | ||||
| -rw-r--r-- | include/cli_startup.php | 2 | ||||
| -rwxr-xr-x | index.php | 4 |
7 files changed, 181 insertions, 12 deletions
diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php new file mode 100644 index 000000000..ff0070d15 --- /dev/null +++ b/Zotlabs/Web/Session.php @@ -0,0 +1,91 @@ +<?php + +namespace Zotlabs\Web; + +/** + * + * @brief This file includes session related functions. + * + * Session management functions. These provide database storage of PHP + * session info. + */ + + +class Session { + + function init() { + + $gc_probability = 50; + + ini_set('session.gc_probability', $gc_probability); + ini_set('session.use_only_cookies', 1); + ini_set('session.cookie_httponly', 1); + + /* + * Set our session storage functions. + */ + + $handler = new \Zotlabs\Web\SessionHandler(); + + session_set_save_handler($handler,true); + + // Force cookies to be secure (https only) if this site is SSL enabled. + // Must be done before session_start(). + + if(intval(\App::$config['system']['ssl_cookie_protection'])) { + $arr = session_get_cookie_params(); + session_set_cookie_params( + ((isset($arr['lifetime'])) ? $arr['lifetime'] : 0), + ((isset($arr['path'])) ? $arr['path'] : '/'), + ((isset($arr['domain'])) ? $arr['domain'] : App::get_hostname()), + ((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false), + ((isset($arr['httponly'])) ? $arr['httponly'] : true) + ); + } + } + + function start() { + session_start(); + } + + /** + * @brief Resets the current session. + * + * @return void + */ + + function nuke() { + self::new_cookie(0); // 0 means delete on browser exit + if($_SESSION && count($_SESSION)) { + foreach($_SESSION as $k => $v) { + unset($_SESSION[$k]); + } + } + } + + + + function new_cookie($time) { + + $old_sid = session_id(); + + session_regenerate_id(false); + + q("UPDATE session SET sid = '%s' WHERE sid = '%s'", + dbesc(session_id()), + dbesc($old_sid) + ); + + if (x($_COOKIE, 'jsAvailable')) { + if ($time) { + $expires = time() + $time; + } else { + $expires = 0; + } + setcookie('jsAvailable', $_COOKIE['jsAvailable'], $expires); + } + setcookie(session_name(),session_id(),$expires); + } + + +}
\ No newline at end of file diff --git a/Zotlabs/Web/SessionHandler.php b/Zotlabs/Web/SessionHandler.php new file mode 100644 index 000000000..ede2bd609 --- /dev/null +++ b/Zotlabs/Web/SessionHandler.php @@ -0,0 +1,78 @@ +<?php + +namespace Zotlabs\Web; + + +class SessionHandler implements \SessionHandlerInterface { + + private $session_exists; + private $session_expire; + + + function open ($s, $n) { + $this->session_exists = 0; + $this->session_expire = 180000; + return true; + } + + function read ($id) { + + if(x($id)) + $r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id)); + + if($r) { + $this->session_exists = true; + return $r[0]['data']; + } + + return ''; + } + + + function write ($id, $data) { + + if(! $id || ! $data) { + return false; + } + + $expire = time() + $this->session_expire; + $default_expire = time() + 300; + + if($this->session_exists) { + q("UPDATE `session` + SET `data` = '%s', `expire` = '%s' WHERE `sid` = '%s'", + dbesc($data), + dbesc($expire), + dbesc($id) + ); + } + else { + q("INSERT INTO `session` (sid, expire, data) values ('%s', '%s', '%s')", + dbesc($id), + dbesc($default_expire), + dbesc($data) + ); + } + + return true; + } + + + function close() { + return true; + } + + + function destroy ($id) { + q("DELETE FROM `session` WHERE `sid` = '%s'", dbesc($id)); + return true; + } + + + function gc($expire) { + q("DELETE FROM session WHERE expire < %d", dbesc(time())); + return true; + } + + +}
\ No newline at end of file diff --git a/include/Contact.php b/include/Contact.php index 507c922d0..e011c60c8 100644 --- a/include/Contact.php +++ b/include/Contact.php @@ -389,7 +389,7 @@ function channel_remove($channel_id, $local = true, $unset_session=false) { proc_run('php','include/directory.php',$channel_id); if($channel_id == local_channel() && $unset_session) { - nuke_session(); + \Zotlabs\Web\Session::nuke(); goaway(z_root()); } diff --git a/include/api.php b/include/api.php index 41837ad88..fd644947c 100644 --- a/include/api.php +++ b/include/api.php @@ -486,7 +486,7 @@ require_once('include/api_auth.php'); function api_account_logout(&$a, $type){ require_once('include/auth.php'); - nuke_session(); + \Zotlabs\Web\Session::nuke(); return api_apply_template("user", $type, array('$user' => null)); } diff --git a/include/auth.php b/include/auth.php index 228143e12..21f0dded8 100644 --- a/include/auth.php +++ b/include/auth.php @@ -101,7 +101,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) && // process logout request $args = array('channel_id' => local_channel()); call_hooks('logging_out', $args); - nuke_session(); + \Zotlabs\Web\Session::nuke(); info( t('Logged out.') . EOL); goaway(z_root()); } @@ -117,7 +117,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) && intval(ACCOUNT_ROLE_ADMIN) ); if($x) { - new_cookie(60 * 60 * 24); // one day + \Zotlabs\Web\Session::new_cookie(60 * 60 * 24); // one day $_SESSION['last_login_date'] = datetime_convert(); unset($_SESSION['visitor_id']); // no longer a visitor authenticate_success($x[0], true, true); @@ -172,7 +172,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) && // check any difference at all logger('Session address changed. Paranoid setting in effect, blocking session. ' . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']); - nuke_session(); + \Zotlabs\Web\Session::nuke(); goaway(z_root()); break; } @@ -196,7 +196,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) && } else { $_SESSION['account_id'] = 0; - nuke_session(); + \Zotlabs\Web\Session::nuke(); goaway(z_root()); } } // end logged in user returning @@ -204,7 +204,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) && else { if(isset($_SESSION)) { - nuke_session(); + \Zotlabs\Web\Session::nuke(); } // handle a fresh login request @@ -275,10 +275,10 @@ else { // on the cookie if($_POST['remember_me']) { - new_cookie(31449600); // one year + \Zotlabs\Web\Session::new_cookie(31449600); // one year } else { - new_cookie(0); // 0 means delete on browser exit + \Zotlabs\Web\Session::new_cookie(0); // 0 means delete on browser exit } // if we haven't failed up this point, log them in. diff --git a/include/cli_startup.php b/include/cli_startup.php index b0e4fcf10..a99164d4c 100644 --- a/include/cli_startup.php +++ b/include/cli_startup.php @@ -30,7 +30,7 @@ function cli_startup() { unset($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type); }; - require_once('include/session.php'); + \Zotlabs\Web\Session::init(); load_config('system'); @@ -62,7 +62,7 @@ if(! App::$install) { load_config('system'); load_config('feature'); - require_once('include/session.php'); + \Zotlabs\Web\Session::init(); load_hooks(); call_hooks('init_1'); @@ -84,7 +84,7 @@ if(! App::$install) { * */ -session_start(); +\Zotlabs\Web\Session::start(); /** * Language was set earlier, but we can over-ride it in the session. |