From 96595ca4c5800b392ee73d14eaa34f4d847a5577 Mon Sep 17 00:00:00 2001
From: powerivq <poweriv.q@gmail.com>
Date: Wed, 31 Aug 2022 14:52:42 -0700
Subject: [PATCH] Set user related sessions for single user mode

---
 backend.php                |  2 +-
 classes/handler/public.php |  4 ----
 classes/userhelper.php     | 28 +++++++++++++++-------------
 3 files changed, 16 insertions(+), 18 deletions(-)

diff --git a/backend.php b/backend.php
index 59f3982c5..e246ea088 100644
--- a/backend.php
+++ b/backend.php
@@ -39,7 +39,7 @@
 	header("Content-Type: text/json; charset=utf-8");
 
 	if (Config::get(Config::SINGLE_USER_MODE)) {
-		UserHelper::authenticate( "admin", null);
+		UserHelper::authenticate("admin", null);
 	}
 
 	if (!empty($_SESSION["uid"])) {
diff --git a/classes/handler/public.php b/classes/handler/public.php
index ea0972f6b..5c2f2bd02 100755
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -394,10 +394,6 @@ class Handler_Public extends Handler {
 			if (UserHelper::authenticate($login, $password)) {
 				$_POST["password"] = "";
 
-				if (Config::get_schema_version() >= 120) {
-					$_SESSION["language"] = get_pref(Prefs::USER_LANGUAGE, $_SESSION["uid"]);
-				}
-
 				$_SESSION["ref_schema_version"] = Config::get_schema_version();
 				$_SESSION["bw_limit"] = !!clean($_POST["bw_limit"] ?? false);
 				$_SESSION["safe_mode"] = $safe_mode;
diff --git a/classes/userhelper.php b/classes/userhelper.php
index e613465b9..4d9f30548 100644
--- a/classes/userhelper.php
+++ b/classes/userhelper.php
@@ -83,19 +83,15 @@ class UserHelper {
 				$user = ORM::for_table('ttrss_users')->find_one($user_id);
 
 				if ($user && $user->access_level != self::ACCESS_LEVEL_DISABLED) {
-					$_SESSION["uid"] = $user_id;
+					self::set_session_for_user($user_id);
 					$_SESSION["auth_module"] = $auth_module;
 					$_SESSION["name"] = $user->login;
 					$_SESSION["access_level"] = $user->access_level;
-					$_SESSION["csrf_token"] = bin2hex(get_random_bytes(16));
-					$_SESSION["ip_address"] = UserHelper::get_user_ip();
 					$_SESSION["pwd_hash"] = $user->pwd_hash;
 
 					$user->last_login = Db::NOW();
 					$user->save();
 
-					$_SESSION["last_login_update"] = time();
-
 					return true;
 				}
 
@@ -108,8 +104,7 @@ class UserHelper {
 			return false;
 
 		} else {
-
-			$_SESSION["uid"] = 1;
+			self::set_session_for_user(1);
 			$_SESSION["name"] = "admin";
 			$_SESSION["access_level"] = self::ACCESS_LEVEL_ADMIN;
 
@@ -118,16 +113,23 @@ class UserHelper {
 
 			$_SESSION["auth_module"] = false;
 
-			if (empty($_SESSION["csrf_token"]))
-				$_SESSION["csrf_token"] = bin2hex(get_random_bytes(16));
-
-			$_SESSION["ip_address"] = UserHelper::get_user_ip();
-			$_SESSION["last_login_update"] = time();
-
 			return true;
 		}
 	}
 
+	static function set_session_for_user(int $owner_uid): void {
+		$_SESSION["uid"] = $owner_uid;
+		$_SESSION["last_login_update"] = time();
+		$_SESSION["ip_address"] = UserHelper::get_user_ip();
+
+		if (empty($_SESSION["csrf_token"]))
+			$_SESSION["csrf_token"] = bin2hex(get_random_bytes(16));
+
+		if (Config::get_schema_version() >= 120) {
+			$_SESSION["language"] = get_pref(Prefs::USER_LANGUAGE, $owner_uid);
+		}
+	}
+
 	static function load_user_plugins(int $owner_uid, PluginHost $pluginhost = null): void {
 
 		if (!$pluginhost) $pluginhost = PluginHost::getInstance();