ttrss/include/sessions.php

<?php
	// Original from http://www.daniweb.com/code/snippet43.html

	require_once "config.php";
	require_once "db.php";

	$session_expire = max(SESSION_COOKIE_LIFETIME, 86400);
	$session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;

	if (@$_SERVER['HTTPS'] == "on") {
		$session_name .= "_ssl";
		ini_set("session.cookie_secure", true);
	}

	ini_set("session.gc_probability", 50);
	ini_set("session.name", $session_name);
	ini_set("session.use_only_cookies", true);
	ini_set("session.gc_maxlifetime", $session_expire);

	function ttrss_open ($s, $n) {

		global $session_connection;

		$session_connection = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);

		return true;
	}

	function ttrss_read ($id){

		global $session_connection,$session_read;

		$query = "SELECT data FROM ttrss_sessions WHERE id='$id'";

		$res = db_query($session_connection, $query);

		if (db_num_rows($res) != 1) {
		 	return "";
		} else {
			$session_read = db_fetch_assoc($res);
			$session_read["data"] = base64_decode($session_read["data"]);
			return $session_read["data"];
		}
	}

	function ttrss_write ($id, $data) {

		if (! $data) {
			return false;
		}

		global $session_connection, $session_read, $session_expire;

		$expire = time() + $session_expire;

		$data = db_escape_string($session_connection, base64_encode($data), false);

		if ($session_read) {
		 	$query = "UPDATE ttrss_sessions SET data='$data',
					expire='$expire' WHERE id='$id'";
		} else {
		 	$query = "INSERT INTO ttrss_sessions (id, data, expire)
					VALUES ('$id', '$data', '$expire')";
		}

		db_query($session_connection, $query);
		return true;
	}

	function ttrss_close () {

		global $session_connection;

		//db_close($session_connection);

		return true;
	}

	function ttrss_destroy ($id) {

		global $session_connection;

		$query = "DELETE FROM ttrss_sessions WHERE id = '$id'";

		db_query($session_connection, $query);

		return true;
	}

	function ttrss_gc ($expire) {

		global $session_connection;

		$query = "DELETE FROM ttrss_sessions WHERE expire < " . time();

		db_query($session_connection, $query);
	}

	if (!SINGLE_USER_MODE /* && DB_TYPE == "pgsql" */) {
		session_set_save_handler("ttrss_open",
			"ttrss_close", "ttrss_read", "ttrss_write",
			"ttrss_destroy", "ttrss_gc");
	}

	if (!defined('TTRSS_SESSION_NAME') || TTRSS_SESSION_NAME != 'ttrss_api_sid') {
		if (isset($_COOKIE[$session_name])) {
			@session_start();

			if (!isset($_SESSION["uid"]) || !$_SESSION["uid"]) {
				session_destroy();
			   setcookie(session_name(), '', time()-42000, '/');
			}
		}
	}
?>
change short php tags to long ones 2006-08-19 09:04:45 +02:00			`<?php`
database backed sessions 2006-03-02 09:10:43 +01:00			`// Original from http://www.daniweb.com/code/snippet43.html`

			`require_once "config.php";`
			`require_once "db.php";`

remove SESSION_EXPIRE_TIME 2013-03-28 07:06:16 +01:00			`$session_expire = max(SESSION_COOKIE_LIFETIME, 86400);`
mobile version uses separate sid 2006-05-23 07:07:38 +02:00			`$session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;`
database backed sessions 2006-03-02 09:10:43 +01:00
sessions: prevent HTTPS warning 2013-01-22 16:21:40 +01:00			`if (@$_SERVER['HTTPS'] == "on") {`
use SSL serial to bind certificate to user; implement autologin using SSL certificate; set a separate session cookie for SSL connections (refs #324) 2011-03-28 06:30:00 +02:00			`$session_name .= "_ssl";`
			`ini_set("session.cookie_secure", true);`
			`}`

database backed sessions 2006-03-02 09:10:43 +01:00			`ini_set("session.gc_probability", 50);`
mobile version uses separate sid 2006-05-23 07:07:38 +02:00			`ini_set("session.name", $session_name);`
move bracket in sessions.php 2006-03-02 09:42:24 +01:00			`ini_set("session.use_only_cookies", true);`
remove SESSION_EXPIRE_TIME 2013-03-28 07:06:16 +01:00			`ini_set("session.gc_maxlifetime", $session_expire);`
database backed sessions 2006-03-02 09:10:43 +01:00
do not redeclare internal php functions 2009-11-17 18:06:28 +01:00			`function ttrss_open ($s, $n) {`
use SSL serial to bind certificate to user; implement autologin using SSL certificate; set a separate session cookie for SSL connections (refs #324) 2011-03-28 06:30:00 +02:00
database backed sessions 2006-03-02 09:10:43 +01:00			`global $session_connection;`
use SSL serial to bind certificate to user; implement autologin using SSL certificate; set a separate session cookie for SSL connections (refs #324) 2011-03-28 06:30:00 +02:00
database backed sessions 2006-03-02 09:10:43 +01:00			`$session_connection = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);`
use SSL serial to bind certificate to user; implement autologin using SSL certificate; set a separate session cookie for SSL connections (refs #324) 2011-03-28 06:30:00 +02:00
database backed sessions 2006-03-02 09:10:43 +01:00			`return true;`
			`}`

do not redeclare internal php functions 2009-11-17 18:06:28 +01:00			`function ttrss_read ($id){`
use SSL serial to bind certificate to user; implement autologin using SSL certificate; set a separate session cookie for SSL connections (refs #324) 2011-03-28 06:30:00 +02:00
			`global $session_connection,$session_read;`
database backed sessions 2006-03-02 09:10:43 +01:00
remove unused variable references 2010-03-29 09:26:51 +02:00			`$query = "SELECT data FROM ttrss_sessions WHERE id='$id'";`
database backed sessions 2006-03-02 09:10:43 +01:00
			`$res = db_query($session_connection, $query);`
use SSL serial to bind certificate to user; implement autologin using SSL certificate; set a separate session cookie for SSL connections (refs #324) 2011-03-28 06:30:00 +02:00
database backed sessions 2006-03-02 09:10:43 +01:00			`if (db_num_rows($res) != 1) {`
			`return "";`
			`} else {`
			`$session_read = db_fetch_assoc($res);`
			`$session_read["data"] = base64_decode($session_read["data"]);`
			`return $session_read["data"];`
			`}`
			`}`

do not redeclare internal php functions 2009-11-17 18:06:28 +01:00			`function ttrss_write ($id, $data) {`
use SSL serial to bind certificate to user; implement autologin using SSL certificate; set a separate session cookie for SSL connections (refs #324) 2011-03-28 06:30:00 +02:00
			`if (! $data) {`
			`return false;`
database backed sessions 2006-03-02 09:10:43 +01:00			`}`
use SSL serial to bind certificate to user; implement autologin using SSL certificate; set a separate session cookie for SSL connections (refs #324) 2011-03-28 06:30:00 +02:00
database backed sessions 2006-03-02 09:10:43 +01:00			`global $session_connection, $session_read, $session_expire;`
use SSL serial to bind certificate to user; implement autologin using SSL certificate; set a separate session cookie for SSL connections (refs #324) 2011-03-28 06:30:00 +02:00
database backed sessions 2006-03-02 09:10:43 +01:00			`$expire = time() + $session_expire;`
use SSL serial to bind certificate to user; implement autologin using SSL certificate; set a separate session cookie for SSL connections (refs #324) 2011-03-28 06:30:00 +02:00
db_escape_string: specify link parameter for consistency; sessions: do not force-close db connection in _close() 2013-03-22 06:14:55 +01:00			`$data = db_escape_string($session_connection, base64_encode($data), false);`
use SSL serial to bind certificate to user; implement autologin using SSL certificate; set a separate session cookie for SSL connections (refs #324) 2011-03-28 06:30:00 +02:00
database backed sessions 2006-03-02 09:10:43 +01:00			`if ($session_read) {`
use SSL serial to bind certificate to user; implement autologin using SSL certificate; set a separate session cookie for SSL connections (refs #324) 2011-03-28 06:30:00 +02:00			`$query = "UPDATE ttrss_sessions SET data='$data',`
			`expire='$expire' WHERE id='$id'";`
database backed sessions 2006-03-02 09:10:43 +01:00			`} else {`
obsolete ip_address field in ttrss_sessions 2006-03-27 18:23:50 +02:00			`$query = "INSERT INTO ttrss_sessions (id, data, expire)`
			`VALUES ('$id', '$data', '$expire')";`
database backed sessions 2006-03-02 09:10:43 +01:00			`}`
use SSL serial to bind certificate to user; implement autologin using SSL certificate; set a separate session cookie for SSL connections (refs #324) 2011-03-28 06:30:00 +02:00
database backed sessions 2006-03-02 09:10:43 +01:00			`db_query($session_connection, $query);`
			`return true;`
			`}`

do not redeclare internal php functions 2009-11-17 18:06:28 +01:00			`function ttrss_close () {`
use SSL serial to bind certificate to user; implement autologin using SSL certificate; set a separate session cookie for SSL connections (refs #324) 2011-03-28 06:30:00 +02:00
database backed sessions 2006-03-02 09:10:43 +01:00			`global $session_connection;`
use SSL serial to bind certificate to user; implement autologin using SSL certificate; set a separate session cookie for SSL connections (refs #324) 2011-03-28 06:30:00 +02:00
db_escape_string: specify link parameter for consistency; sessions: do not force-close db connection in _close() 2013-03-22 06:14:55 +01:00			`//db_close($session_connection);`
use SSL serial to bind certificate to user; implement autologin using SSL certificate; set a separate session cookie for SSL connections (refs #324) 2011-03-28 06:30:00 +02:00
database backed sessions 2006-03-02 09:10:43 +01:00			`return true;`
			`}`

do not redeclare internal php functions 2009-11-17 18:06:28 +01:00			`function ttrss_destroy ($id) {`
use SSL serial to bind certificate to user; implement autologin using SSL certificate; set a separate session cookie for SSL connections (refs #324) 2011-03-28 06:30:00 +02:00
database backed sessions 2006-03-02 09:10:43 +01:00			`global $session_connection;`
new option: SESSION_CHECK_ADDRESS 2006-03-02 09:32:44 +01:00
remove unused variable references 2010-03-29 09:26:51 +02:00			`$query = "DELETE FROM ttrss_sessions WHERE id = '$id'";`
use SSL serial to bind certificate to user; implement autologin using SSL certificate; set a separate session cookie for SSL connections (refs #324) 2011-03-28 06:30:00 +02:00
database backed sessions 2006-03-02 09:10:43 +01:00			`db_query($session_connection, $query);`
use SSL serial to bind certificate to user; implement autologin using SSL certificate; set a separate session cookie for SSL connections (refs #324) 2011-03-28 06:30:00 +02:00
database backed sessions 2006-03-02 09:10:43 +01:00			`return true;`
			`}`

do not redeclare internal php functions 2009-11-17 18:06:28 +01:00			`function ttrss_gc ($expire) {`
use SSL serial to bind certificate to user; implement autologin using SSL certificate; set a separate session cookie for SSL connections (refs #324) 2011-03-28 06:30:00 +02:00
database backed sessions 2006-03-02 09:10:43 +01:00			`global $session_connection;`
use SSL serial to bind certificate to user; implement autologin using SSL certificate; set a separate session cookie for SSL connections (refs #324) 2011-03-28 06:30:00 +02:00
database backed sessions 2006-03-02 09:10:43 +01:00			`$query = "DELETE FROM ttrss_sessions WHERE expire < " . time();`
use SSL serial to bind certificate to user; implement autologin using SSL certificate; set a separate session cookie for SSL connections (refs #324) 2011-03-28 06:30:00 +02:00
database backed sessions 2006-03-02 09:10:43 +01:00			`db_query($session_connection, $query);`
			`}`

enable mysql db session support 2013-03-21 18:52:20 +01:00			`if (!SINGLE_USER_MODE /* && DB_TYPE == "pgsql" */) {`
use SSL serial to bind certificate to user; implement autologin using SSL certificate; set a separate session cookie for SSL connections (refs #324) 2011-03-28 06:30:00 +02:00			`session_set_save_handler("ttrss_open",`
			`"ttrss_close", "ttrss_read", "ttrss_write",`
do not redeclare internal php functions 2009-11-17 18:06:28 +01:00			`"ttrss_destroy", "ttrss_gc");`
update schema, new option: DATABASE_BACKED_SESSIONS 2006-03-02 09:20:02 +01:00			`}`
login system fixes 2007-03-01 13:09:05 +01:00
api: use tt-rss session storage 2012-09-19 10:45:01 +02:00			`if (!defined('TTRSS_SESSION_NAME') \|\| TTRSS_SESSION_NAME != 'ttrss_api_sid') {`
sessions: properly check for cookie being set 2013-03-28 09:40:56 +01:00			`if (isset($_COOKIE[$session_name])) {`
only autostart session if login cookie exists 2013-03-28 05:06:21 +01:00			`@session_start();`
add yet another workaround for stuck login due to session cookies 2013-03-28 06:09:41 +01:00
fix stuff broken by previous pull 2013-03-29 16:20:46 +01:00			`if (!isset($_SESSION["uid"]) \|\| !$_SESSION["uid"]) {`
add yet another workaround for stuck login due to session cookies 2013-03-28 06:09:41 +01:00			`session_destroy();`
sessions: properly check for cookie being set 2013-03-28 09:40:56 +01:00			`setcookie(session_name(), '', time()-42000, '/');`
add yet another workaround for stuck login due to session cookies 2013-03-28 06:09:41 +01:00			`}`
only autostart session if login cookie exists 2013-03-28 05:06:21 +01:00			`}`
api: use tt-rss session storage 2012-09-19 10:45:01 +02:00			`}`
database backed sessions 2006-03-02 09:10:43 +01:00			`?>`