aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zotlabs/Web/Session.php91
-rw-r--r--Zotlabs/Web/SessionHandler.php78
-rw-r--r--include/Contact.php2
-rw-r--r--include/api.php2
-rw-r--r--include/auth.php14
-rw-r--r--include/cli_startup.php2
-rwxr-xr-xindex.php4
7 files changed, 181 insertions, 12 deletions
diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php
new file mode 100644
index 000000000..ff0070d15
--- /dev/null
+++ b/Zotlabs/Web/Session.php
@@ -0,0 +1,91 @@
+<?php
+
+namespace Zotlabs\Web;
+
+/**
+ *
+ * @brief This file includes session related functions.
+ *
+ * Session management functions. These provide database storage of PHP
+ * session info.
+ */
+
+
+class Session {
+
+ function init() {
+
+ $gc_probability = 50;
+
+ ini_set('session.gc_probability', $gc_probability);
+ ini_set('session.use_only_cookies', 1);
+ ini_set('session.cookie_httponly', 1);
+
+ /*
+ * Set our session storage functions.
+ */
+
+ $handler = new \Zotlabs\Web\SessionHandler();
+
+ session_set_save_handler($handler,true);
+
+ // Force cookies to be secure (https only) if this site is SSL enabled.
+ // Must be done before session_start().
+
+ if(intval(\App::$config['system']['ssl_cookie_protection'])) {
+ $arr = session_get_cookie_params();
+ session_set_cookie_params(
+ ((isset($arr['lifetime'])) ? $arr['lifetime'] : 0),
+ ((isset($arr['path'])) ? $arr['path'] : '/'),
+ ((isset($arr['domain'])) ? $arr['domain'] : App::get_hostname()),
+ ((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
+ ((isset($arr['httponly'])) ? $arr['httponly'] : true)
+ );
+ }
+ }
+
+ function start() {
+ session_start();
+ }
+
+ /**
+ * @brief Resets the current session.
+ *
+ * @return void
+ */
+
+ function nuke() {
+ self::new_cookie(0); // 0 means delete on browser exit
+ if($_SESSION && count($_SESSION)) {
+ foreach($_SESSION as $k => $v) {
+ unset($_SESSION[$k]);
+ }
+ }
+ }
+
+
+
+ function new_cookie($time) {
+
+ $old_sid = session_id();
+
+ session_regenerate_id(false);
+
+ q("UPDATE session SET sid = '%s' WHERE sid = '%s'",
+ dbesc(session_id()),
+ dbesc($old_sid)
+ );
+
+ if (x($_COOKIE, 'jsAvailable')) {
+ if ($time) {
+ $expires = time() + $time;
+ } else {
+ $expires = 0;
+ }
+ setcookie('jsAvailable', $_COOKIE['jsAvailable'], $expires);
+ }
+ setcookie(session_name(),session_id(),$expires);
+ }
+
+
+} \ No newline at end of file
diff --git a/Zotlabs/Web/SessionHandler.php b/Zotlabs/Web/SessionHandler.php
new file mode 100644
index 000000000..ede2bd609
--- /dev/null
+++ b/Zotlabs/Web/SessionHandler.php
@@ -0,0 +1,78 @@
+<?php
+
+namespace Zotlabs\Web;
+
+
+class SessionHandler implements \SessionHandlerInterface {
+
+ private $session_exists;
+ private $session_expire;
+
+
+ function open ($s, $n) {
+ $this->session_exists = 0;
+ $this->session_expire = 180000;
+ return true;
+ }
+
+ function read ($id) {
+
+ if(x($id))
+ $r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id));
+
+ if($r) {
+ $this->session_exists = true;
+ return $r[0]['data'];
+ }
+
+ return '';
+ }
+
+
+ function write ($id, $data) {
+
+ if(! $id || ! $data) {
+ return false;
+ }
+
+ $expire = time() + $this->session_expire;
+ $default_expire = time() + 300;
+
+ if($this->session_exists) {
+ q("UPDATE `session`
+ SET `data` = '%s', `expire` = '%s' WHERE `sid` = '%s'",
+ dbesc($data),
+ dbesc($expire),
+ dbesc($id)
+ );
+ }
+ else {
+ q("INSERT INTO `session` (sid, expire, data) values ('%s', '%s', '%s')",
+ dbesc($id),
+ dbesc($default_expire),
+ dbesc($data)
+ );
+ }
+
+ return true;
+ }
+
+
+ function close() {
+ return true;
+ }
+
+
+ function destroy ($id) {
+ q("DELETE FROM `session` WHERE `sid` = '%s'", dbesc($id));
+ return true;
+ }
+
+
+ function gc($expire) {
+ q("DELETE FROM session WHERE expire < %d", dbesc(time()));
+ return true;
+ }
+
+
+} \ No newline at end of file
diff --git a/include/Contact.php b/include/Contact.php
index 507c922d0..e011c60c8 100644
--- a/include/Contact.php
+++ b/include/Contact.php
@@ -389,7 +389,7 @@ function channel_remove($channel_id, $local = true, $unset_session=false) {
proc_run('php','include/directory.php',$channel_id);
if($channel_id == local_channel() && $unset_session) {
- nuke_session();
+ \Zotlabs\Web\Session::nuke();
goaway(z_root());
}
diff --git a/include/api.php b/include/api.php
index 41837ad88..fd644947c 100644
--- a/include/api.php
+++ b/include/api.php
@@ -486,7 +486,7 @@ require_once('include/api_auth.php');
function api_account_logout(&$a, $type){
require_once('include/auth.php');
- nuke_session();
+ \Zotlabs\Web\Session::nuke();
return api_apply_template("user", $type, array('$user' => null));
}
diff --git a/include/auth.php b/include/auth.php
index 228143e12..21f0dded8 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -101,7 +101,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
// process logout request
$args = array('channel_id' => local_channel());
call_hooks('logging_out', $args);
- nuke_session();
+ \Zotlabs\Web\Session::nuke();
info( t('Logged out.') . EOL);
goaway(z_root());
}
@@ -117,7 +117,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
intval(ACCOUNT_ROLE_ADMIN)
);
if($x) {
- new_cookie(60 * 60 * 24); // one day
+ \Zotlabs\Web\Session::new_cookie(60 * 60 * 24); // one day
$_SESSION['last_login_date'] = datetime_convert();
unset($_SESSION['visitor_id']); // no longer a visitor
authenticate_success($x[0], true, true);
@@ -172,7 +172,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
// check any difference at all
logger('Session address changed. Paranoid setting in effect, blocking session. '
. $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']);
- nuke_session();
+ \Zotlabs\Web\Session::nuke();
goaway(z_root());
break;
}
@@ -196,7 +196,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
}
else {
$_SESSION['account_id'] = 0;
- nuke_session();
+ \Zotlabs\Web\Session::nuke();
goaway(z_root());
}
} // end logged in user returning
@@ -204,7 +204,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
else {
if(isset($_SESSION)) {
- nuke_session();
+ \Zotlabs\Web\Session::nuke();
}
// handle a fresh login request
@@ -275,10 +275,10 @@ else {
// on the cookie
if($_POST['remember_me']) {
- new_cookie(31449600); // one year
+ \Zotlabs\Web\Session::new_cookie(31449600); // one year
}
else {
- new_cookie(0); // 0 means delete on browser exit
+ \Zotlabs\Web\Session::new_cookie(0); // 0 means delete on browser exit
}
// if we haven't failed up this point, log them in.
diff --git a/include/cli_startup.php b/include/cli_startup.php
index b0e4fcf10..a99164d4c 100644
--- a/include/cli_startup.php
+++ b/include/cli_startup.php
@@ -30,7 +30,7 @@ function cli_startup() {
unset($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type);
};
- require_once('include/session.php');
+ \Zotlabs\Web\Session::init();
load_config('system');
diff --git a/index.php b/index.php
index a6ed3dbc6..60760539c 100755
--- a/index.php
+++ b/index.php
@@ -62,7 +62,7 @@ if(! App::$install) {
load_config('system');
load_config('feature');
- require_once('include/session.php');
+ \Zotlabs\Web\Session::init();
load_hooks();
call_hooks('init_1');
@@ -84,7 +84,7 @@ if(! App::$install) {
*
*/
-session_start();
+\Zotlabs\Web\Session::start();
/**
* Language was set earlier, but we can over-ride it in the session.