ttrss

Commit Graph

Author	SHA1	Message	Date
wn_	16b89cc293	Move 'include/functions.php' require into Composer autoloader. Autoloader regenerated with 'composer dump-autoload --optimize'.	2024-04-20 16:25:33 +00:00
Andrew Dolgov	81f3139992	add HOOK_VALIDATE_SESSION	2024-02-21 22:13:23 +03:00
wn_	8727fb3ba8	Clean up some unused variables. This is essentially `1ccc0c8c1a` without the renames and some other things related to Psalm.	2024-01-08 22:46:13 +00:00
wn_	bf2bb875ab	Address PHPStan warnings in 'include/sessions.php'.	2021-11-11 15:57:03 +00:00
Andrew Dolgov	9e8d69739f	add two helper account access levels: - read only - can't subscribe to more feeds, feed updates are skipped - disabled - can't login define used access levels as UserHelper constants and refactor code to use them instead of hardcoded numbers	2021-11-10 20:44:51 +03:00
Andrew Dolgov	44c5d0feba	prolong PHP session cookie automatically to stop hard logouts after SESSION_COOKIE_LIFETIME expires	2021-06-25 12:12:05 +03:00
Andrew Dolgov	e3c4724dc1	use database-backed sessions in single user mode	2021-05-11 19:21:53 +03:00
Andrew Dolgov	fe06416f17	sessions: stop validating against hash of user agent because chromium is sending different agent headers for whatever reason, example: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.192 Safari/537.36 Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36 seems to be related, at least, to App.postOpenWindow() hack.	2021-03-05 12:27:23 +03:00
Andrew Dolgov	5eb0f3d640	bring back web dbupdate using new migrations system	2021-03-04 09:22:24 +03:00
Andrew Dolgov	e19570f422	sessions: don't check schema version	2021-03-04 08:32:19 +03:00
Andrew Dolgov	8b1a2406e6	userhelper: use orm for a few more user-related things	2021-03-01 19:32:27 +03:00
Andrew Dolgov	7ef72fe0dc	move startup checks to Config, set a bunch of @deprecated annotations	2021-03-01 10:20:21 +03:00
Andrew Dolgov	a1ca62af50	cache schema version better	2021-02-25 21:42:05 +03:00
Andrew Dolgov	efd196839a	stop caching schema version entirely, fix some session_start() related warnings	2021-02-25 15:28:27 +03:00
Andrew Dolgov	85095f8a53	rename TTRSS_SESSION_NAME to SESSION_NAME	2021-02-23 17:01:25 +03:00
Andrew Dolgov	2ae0b7059f	cleanup some defined-stuff	2021-02-23 09:01:27 +03:00
Andrew Dolgov	12bcf826e4	don't include config.php everywhere	2021-02-22 22:39:20 +03:00
Andrew Dolgov	e4107ac952	wip: initial for config object	2021-02-22 21:47:48 +03:00
Andrew Dolgov	be4e7b1340	fix several issues reported by phpstan	2021-02-22 14:41:09 +03:00
Andrew Dolgov	9d7ba773ec	move session-related functions to their own namespace	2021-02-16 17:13:16 +03:00
Andrew Dolgov	9f55454f63	remove the rest of db.php; rename some leftover methods in feeds	2021-02-15 16:51:35 +03:00
Andrew Dolgov	f2d3cba231	add HTTP_ACCEPT_LANGUAGE handling for php8	2021-02-12 21:20:04 +03:00
Andrew Dolgov	7874f6ac58	remove PHPMD.UnusedFormalParameter	2021-02-08 19:42:10 +03:00
Andrew Dolgov	6e774a58fe	more php8 fixes mostly related to login	2021-02-06 00:12:15 +03:00
Andrew Dolgov	da5deaaca1	set session.cookie_lifetime to 0 initially instead of a rather useless min()	2020-09-30 14:43:53 +03:00
Andrew Dolgov	57fac84516	rename gettext.inc to gettext.inc.php (cosmetic)	2020-09-17 18:56:29 +03:00
Andrew Dolgov	72d0fac80c	remove version.php and VERSION global constant, do version-related things in a slightly less ridiculous way	2019-12-18 14:27:40 +03:00
Andrew Dolgov	6fbf349155	add hidden _SKIP_SESSION_UA_CHECKS tunable	2019-04-11 16:15:55 +03:00
Andrew Dolgov	5f66f872b6	fix session write handler always assuming that database entry exists and failing silently if it doesn't; remove session cookie-related hacks	2018-10-16 14:07:42 +03:00
Andrew Dolgov	d246fb9fe1	remove session REMOTE_ADDR checks	2018-10-16 12:12:07 +03:00
Andrew Dolgov	5feed36a3c	do not use separate _ssl cookie for secure sessions	2018-10-15 15:48:37 +03:00
Andrew Dolgov	65e98f4086	force regenerate session id on successful login, remove previous blank SID check	2018-10-15 15:47:50 +03:00
Andrew Dolgov	74736fce0f	if empty session is autostarted because of a cookie, immediately destroy it	2018-10-15 14:53:35 +03:00
Andrew Dolgov	7d53c2b501	validate_session: bring back IP session binding (enabled by default) and UA checking	2018-10-15 08:26:07 +03:00
Andrew Dolgov	4d13514dd4	sessions: PDO	2017-12-01 14:48:23 +03:00
Andrew Dolgov	1b5b1e5fec	sessions: use is_server_https() for secure cookie setting	2017-07-17 07:33:43 +03:00
Natan Frei	e234ac8dcb	$_SERVER['HTTPS'] can be exists and 'off' for non-https connectios	2017-07-17 00:44:48 +03:00
Andrew Dolgov	09628e1b1a	rework previous 32 bit session stuff	2017-07-13 14:40:30 +03:00
Andrew Dolgov	b465c28ee0	sessions: clip max expiry value to a 32bit integer	2017-07-13 08:57:07 +03:00
Andrew Dolgov	ea79a0e033	remove some redundant php closing tags	2017-04-26 20:24:18 +03:00
Andrew Dolgov	7b55001eee	fix various issues reported by static analysis update gitlab-ci config	2017-04-26 15:29:22 +03:00
Andrew Dolgov	33d131d699	ttrss_gc: return true	2015-12-07 15:25:31 +03:00
Andrew Dolgov	f5e66c439e	remove SESSION_CHECK_ADDRESS	2015-08-21 09:02:16 +03:00
Andrew Dolgov	ffc3a1e579	session: don't try to validate session schema version on empty sessions	2015-01-31 18:48:11 +03:00
Andrew Dolgov	3192fb43bc	do not invalidate session when version_static and user agent changes	2015-01-30 13:14:19 +03:00
Andrew Dolgov	04a8c2065f	better error reporting in session validation	2013-07-06 12:05:52 +04:00
Andrew Dolgov	3472c4c569	use static version for session checking, show latest changeset for git version instead of head date	2013-04-24 16:57:24 +04:00
Andrew Dolgov	6322ac79a0	remove $link	2013-04-17 16:48:41 +04:00
Andrew Dolgov	404e2e3603	more work on singleton-based DB	2013-04-17 15:36:48 +04:00
Andrew Dolgov	889a5f9f19	experimental SQL-based error logger	2013-04-16 19:41:31 +04:00

1 2

74 Commits