From b101a8f6fb3fd3ec0d5466ba1bb7bc9dc9480fba Mon Sep 17 00:00:00 2001
From: redmatrix <git@macgirvin.com>
Date: Wed, 24 Feb 2016 11:20:46 -0800
Subject: missing function

---
 include/session.php | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

(limited to 'include/session.php')

diff --git a/include/session.php b/include/session.php
index 92004bc18..182805980 100644
--- a/include/session.php
+++ b/include/session.php
@@ -1,4 +1,5 @@
 <?php
+
 /**
  * @file include/session.php
  *
@@ -14,8 +15,8 @@ $session_expire = 180000;
 function new_cookie($time) {
 	$old_sid = session_id();
 
-// ??? This shouldn't have any effect if called after session_start()
-// We probably need to set the session expiration and change the PHPSESSID cookie.
+	// ??? This shouldn't have any effect if called after session_start()
+	// We probably need to set the session expiration and change the PHPSESSID cookie.
 
 	session_set_cookie_params($time);
 	session_regenerate_id(false);
@@ -108,8 +109,9 @@ ini_set('session.use_only_cookies', 1);
 ini_set('session.cookie_httponly', 1);
 
 /*
- * PHP function which sets our user-level session storage functions.
+ * Set our session storage functions.
  */
+
 session_set_save_handler(
 		'ref_session_open',
 		'ref_session_close',
@@ -117,4 +119,17 @@ session_set_save_handler(
 		'ref_session_write',
 		'ref_session_destroy',
 		'ref_session_gc'
-);
\ No newline at end of file
+);
+
+
+   // Force cookies to be secure (https only) if this site is SSL enabled. Must be done before session_start().
+
+    if(intval($a->config['system']['ssl_cookie_protection'])) {
+        $arr = session_get_cookie_params();
+        session_set_cookie_params(
+            ((isset($arr['lifetime']))  ? $arr['lifetime'] : 0),
+            ((isset($arr['path']))      ? $arr['path']     : '/'),
+            ((isset($arr['domain']))    ? $arr['domain']   : $a->get_hostname()),
+            ((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
+            ((isset($arr['httponly']))  ? $arr['httponly'] : true));
+    }
\ No newline at end of file
-- 
cgit v1.2.3


From ebfa1a12b9cc3d939ed49a7f66e5687267a409d3 Mon Sep 17 00:00:00 2001
From: redmatrix <git@macgirvin.com>
Date: Thu, 25 Feb 2016 00:36:35 -0800
Subject: when creating an event from a post in our stream, if the original
 post was private, set the event permissions to "just me". If it was a public
 event, set the event permissions to the channel default permissions.

---
 include/session.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'include/session.php')

diff --git a/include/session.php b/include/session.php
index 182805980..43bba528b 100644
--- a/include/session.php
+++ b/include/session.php
@@ -124,12 +124,12 @@ session_set_save_handler(
 
    // Force cookies to be secure (https only) if this site is SSL enabled. Must be done before session_start().
 
-    if(intval($a->config['system']['ssl_cookie_protection'])) {
+    if(intval(get_app()->config['system']['ssl_cookie_protection'])) {
         $arr = session_get_cookie_params();
         session_set_cookie_params(
             ((isset($arr['lifetime']))  ? $arr['lifetime'] : 0),
             ((isset($arr['path']))      ? $arr['path']     : '/'),
-            ((isset($arr['domain']))    ? $arr['domain']   : $a->get_hostname()),
+            ((isset($arr['domain']))    ? $arr['domain']   : get_app()->get_hostname()),
             ((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
             ((isset($arr['httponly']))  ? $arr['httponly'] : true));
     }
\ No newline at end of file
-- 
cgit v1.2.3


From cc29e27acc04511b943c5dcab85b1ce215ac2e49 Mon Sep 17 00:00:00 2001
From: redmatrix <git@macgirvin.com>
Date: Sat, 12 Mar 2016 19:53:07 -0800
Subject: issue #320 - regression, after removing channel attached to an
 authenticated session the session was not completely cleared.

---
 include/session.php | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

(limited to 'include/session.php')

diff --git a/include/session.php b/include/session.php
index 43bba528b..6060e4712 100644
--- a/include/session.php
+++ b/include/session.php
@@ -12,6 +12,38 @@
 $session_exists = 0;
 $session_expire = 180000;
 
+
+/**
+ * @brief Resets the current session.
+ *
+ * @return void
+ */
+
+function nuke_session() {
+	new_cookie(0); // 0 means delete on browser exit
+
+	unset($_SESSION['authenticated']);
+	unset($_SESSION['account_id']);
+	unset($_SESSION['uid']);
+	unset($_SESSION['visitor_id']);
+	unset($_SESSION['administrator']);
+	unset($_SESSION['cid']);
+	unset($_SESSION['theme']);
+	unset($_SESSION['mobile_theme']);
+	unset($_SESSION['show_mobile']);
+	unset($_SESSION['page_flags']);
+	unset($_SESSION['delegate']);
+	unset($_SESSION['delegate_channel']);
+	unset($_SESSION['my_url']);
+	unset($_SESSION['my_address']);
+	unset($_SESSION['addr']);
+	unset($_SESSION['return_url']);
+	unset($_SESSION['remote_service_class']);
+	unset($_SESSION['remote_hub']);
+}
+
+
+
 function new_cookie($time) {
 	$old_sid = session_id();
 
-- 
cgit v1.2.3


From 9abd95fad3784a10fc48bc40f9b8a75d7d74edda Mon Sep 17 00:00:00 2001
From: redmatrix <git@macgirvin.com>
Date: Thu, 31 Mar 2016 16:06:03 -0700
Subject: static App

---
 include/session.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'include/session.php')

diff --git a/include/session.php b/include/session.php
index 6060e4712..71bfdc12a 100644
--- a/include/session.php
+++ b/include/session.php
@@ -156,12 +156,12 @@ session_set_save_handler(
 
    // Force cookies to be secure (https only) if this site is SSL enabled. Must be done before session_start().
 
-    if(intval(get_app()->config['system']['ssl_cookie_protection'])) {
+    if(intval(App::$config['system']['ssl_cookie_protection'])) {
         $arr = session_get_cookie_params();
         session_set_cookie_params(
             ((isset($arr['lifetime']))  ? $arr['lifetime'] : 0),
             ((isset($arr['path']))      ? $arr['path']     : '/'),
-            ((isset($arr['domain']))    ? $arr['domain']   : get_app()->get_hostname()),
+            ((isset($arr['domain']))    ? $arr['domain']   : App::get_hostname()),
             ((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
             ((isset($arr['httponly']))  ? $arr['httponly'] : true));
     }
\ No newline at end of file
-- 
cgit v1.2.3


From a703835b5cdbe737be98374a51363426083fee8f Mon Sep 17 00:00:00 2001
From: redmatrix <git@macgirvin.com>
Date: Sun, 3 Apr 2016 17:38:17 -0700
Subject: Bug: "remember me" doesn't

---
 include/session.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'include/session.php')

diff --git a/include/session.php b/include/session.php
index 71bfdc12a..82f82a9b9 100644
--- a/include/session.php
+++ b/include/session.php
@@ -45,12 +45,13 @@ function nuke_session() {
 
 
 function new_cookie($time) {
+
 	$old_sid = session_id();
 
 	// ??? This shouldn't have any effect if called after session_start()
 	// We probably need to set the session expiration and change the PHPSESSID cookie.
+	//	session_set_cookie_params($time);
 
-	session_set_cookie_params($time);
 	session_regenerate_id(false);
 
 	q("UPDATE session SET sid = '%s' WHERE sid = '%s'",
-- 
cgit v1.2.3


From fb9c12df1534f8f34400d783904c3003b8e19c46 Mon Sep 17 00:00:00 2001
From: redmatrix <git@macgirvin.com>
Date: Wed, 6 Apr 2016 02:33:11 -0700
Subject: rework the "remember me" fix to be a bit less hackish

---
 include/session.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'include/session.php')

diff --git a/include/session.php b/include/session.php
index 82f82a9b9..4a7c8052e 100644
--- a/include/session.php
+++ b/include/session.php
@@ -67,6 +67,7 @@ function new_cookie($time) {
 		}
 		setcookie('jsAvailable', $_COOKIE['jsAvailable'], $expires);
 	}
+	setcookie(session_name(),session_id(),$expires);
 }
 
 
-- 
cgit v1.2.3


From a8f7af20798de3bde73023c6e3f2b540e985767b Mon Sep 17 00:00:00 2001
From: redmatrix <git@macgirvin.com>
Date: Thu, 14 Apr 2016 18:51:06 -0700
Subject: provide general purpose verification class, remove
 include/session.php (no longer used)

---
 include/session.php | 169 ----------------------------------------------------
 1 file changed, 169 deletions(-)
 delete mode 100644 include/session.php

(limited to 'include/session.php')

diff --git a/include/session.php b/include/session.php
deleted file mode 100644
index 4a7c8052e..000000000
--- a/include/session.php
+++ /dev/null
@@ -1,169 +0,0 @@
-<?php
-
-/**
- * @file include/session.php
- *
- * @brief This file includes session related functions.
- *
- * Session management functions. These provide database storage of PHP
- * session info.
- */
-
-$session_exists = 0;
-$session_expire = 180000;
-
-
-/**
- * @brief Resets the current session.
- *
- * @return void
- */
-
-function nuke_session() {
-	new_cookie(0); // 0 means delete on browser exit
-
-	unset($_SESSION['authenticated']);
-	unset($_SESSION['account_id']);
-	unset($_SESSION['uid']);
-	unset($_SESSION['visitor_id']);
-	unset($_SESSION['administrator']);
-	unset($_SESSION['cid']);
-	unset($_SESSION['theme']);
-	unset($_SESSION['mobile_theme']);
-	unset($_SESSION['show_mobile']);
-	unset($_SESSION['page_flags']);
-	unset($_SESSION['delegate']);
-	unset($_SESSION['delegate_channel']);
-	unset($_SESSION['my_url']);
-	unset($_SESSION['my_address']);
-	unset($_SESSION['addr']);
-	unset($_SESSION['return_url']);
-	unset($_SESSION['remote_service_class']);
-	unset($_SESSION['remote_hub']);
-}
-
-
-
-function new_cookie($time) {
-
-	$old_sid = session_id();
-
-	// ??? This shouldn't have any effect if called after session_start()
-	// We probably need to set the session expiration and change the PHPSESSID cookie.
-	//	session_set_cookie_params($time);
-
-	session_regenerate_id(false);
-
-	q("UPDATE session SET sid = '%s' WHERE sid = '%s'",
-			dbesc(session_id()),
-			dbesc($old_sid)
-	);
-
-	if (x($_COOKIE, 'jsAvailable')) {
-		if ($time) {
-			$expires = time() + $time;
-		} else {
-			$expires = 0;
-		}
-		setcookie('jsAvailable', $_COOKIE['jsAvailable'], $expires);
-	}
-	setcookie(session_name(),session_id(),$expires);
-}
-
-
-function ref_session_open ($s, $n) {
-	return true;
-}
-
-
-function ref_session_read ($id) {
-	global $session_exists;
-	if(x($id))
-		$r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id));
-
-	if(count($r)) {
-		$session_exists = true;
-		return $r[0]['data'];
-	}
-
-	return '';
-}
-
-
-function ref_session_write ($id, $data) {
-	global $session_exists, $session_expire;
-
-	if(! $id || ! $data) {
-		return false;
-	}
-
-	$expire = time() + $session_expire;
-	$default_expire = time() + 300;
-
-	if($session_exists) {
-		q("UPDATE `session`
-				SET `data` = '%s', `expire` = '%s' WHERE `sid` = '%s'",
-				dbesc($data),
-				dbesc($expire),
-				dbesc($id)
-		);
-	} else {
-		q("INSERT INTO `session` (sid, expire, data) values ('%s', '%s', '%s')",
-				//SET `sid` = '%s', `expire` = '%s', `data` = '%s'",
-				dbesc($id),
-				dbesc($default_expire),
-				dbesc($data)
-		);
-	}
-
-	return true;
-}
-
-
-function ref_session_close() {
-	return true;
-}
-
-
-function ref_session_destroy ($id) {
-	q("DELETE FROM `session` WHERE `sid` = '%s'", dbesc($id));
-	return true;
-}
-
-
-function ref_session_gc($expire) {
-	q("DELETE FROM session WHERE expire < %d", dbesc(time()));
-	return true;
-}
-
-$gc_probability = 50;
-
-ini_set('session.gc_probability', $gc_probability);
-ini_set('session.use_only_cookies', 1);
-ini_set('session.cookie_httponly', 1);
-
-/*
- * Set our session storage functions.
- */
-
-session_set_save_handler(
-		'ref_session_open',
-		'ref_session_close',
-		'ref_session_read',
-		'ref_session_write',
-		'ref_session_destroy',
-		'ref_session_gc'
-);
-
-
-   // Force cookies to be secure (https only) if this site is SSL enabled. Must be done before session_start().
-
-    if(intval(App::$config['system']['ssl_cookie_protection'])) {
-        $arr = session_get_cookie_params();
-        session_set_cookie_params(
-            ((isset($arr['lifetime']))  ? $arr['lifetime'] : 0),
-            ((isset($arr['path']))      ? $arr['path']     : '/'),
-            ((isset($arr['domain']))    ? $arr['domain']   : App::get_hostname()),
-            ((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
-            ((isset($arr['httponly']))  ? $arr['httponly'] : true));
-    }
\ No newline at end of file
-- 
cgit v1.2.3