diff options
| author | thomascube <thomas@roundcube.net> | 2007-03-27 09:34:30 +0000 |
|---|---|---|
| committer | thomascube <thomas@roundcube.net> | 2007-03-27 09:34:30 +0000 |
| commit | aad6e2a9c4857715c8bd56693d21b87dd0c16263 (patch) | |
| tree | d2c47b6bc708fb7770ffaf9978e42cc5268141f1 /program/include/session.inc | |
| parent | 6d09984ea83861adb225a985b924eecb948702df (diff) | |
New session authentication, should fix bugs #1483951 and #1484299; testing required
Diffstat (limited to 'program/include/session.inc')
| -rw-r--r-- | program/include/session.inc | 37 |
1 files changed, 36 insertions, 1 deletions
diff --git a/program/include/session.inc b/program/include/session.inc index 6c4687e68..59631afe1 100644 --- a/program/include/session.inc +++ b/program/include/session.inc @@ -36,7 +36,10 @@ function sess_close() // read session data function sess_read($key) { - global $DB, $SESS_CHANGED; + global $DB, $SESS_CHANGED, $SESS_CLIENT_IP; + + if ($DB->is_error()) + return FALSE; $sql_result = $DB->query("SELECT vars, ip, ".$DB->unixtimestamp('changed')." AS changed FROM ".get_table_name('session')." @@ -46,6 +49,7 @@ function sess_read($key) if ($sql_arr = $DB->fetch_assoc($sql_result)) { $SESS_CHANGED = $sql_arr['changed']; + $SESS_CLIENT_IP = $sql_arr['ip']; if (strlen($sql_arr['vars'])) return $sql_arr['vars']; @@ -59,6 +63,9 @@ function sess_read($key) function sess_write($key, $vars) { global $DB; + + if ($DB->is_error()) + return FALSE; $sql_result = $DB->query("SELECT 1 FROM ".get_table_name('session')." @@ -96,6 +103,9 @@ function sess_destroy($key) { global $DB; + if ($DB->is_error()) + return FALSE; + // delete session entries in cache table $DB->query("DELETE FROM ".get_table_name('cache')." WHERE session_id=?", @@ -114,6 +124,9 @@ function sess_gc($maxlifetime) { global $DB; + if ($DB->is_error()) + return FALSE; + // get all expired sessions $sql_result = $DB->query("SELECT sess_id FROM ".get_table_name('session')." @@ -144,6 +157,28 @@ function sess_gc($maxlifetime) } +function sess_regenerate_id() + { + $randlen = 32; + $randval = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; + $random = ""; + for ($i=1; $i <= $randlen; $i++) + $random .= substr($randval, rand(0,(strlen($randval) - 1)), 1); + + // use md5 value for id or remove capitals from string $randval + $random = md5($random); + + // delete old session record + sess_destroy(session_id()); + + session_id($random); + $cookie = session_get_cookie_params(); + setcookie(session_name(), $random, $cookie['lifetime'], $cookie['path']); + + return true; + } + + // set custom functions for PHP session management session_set_save_handler('sess_open', 'sess_close', 'sess_read', 'sess_write', 'sess_destroy', 'sess_gc'); |