diff options
Diffstat (limited to 'program/include/rcmail.php')
| -rw-r--r-- | program/include/rcmail.php | 110 |
1 files changed, 74 insertions, 36 deletions
diff --git a/program/include/rcmail.php b/program/include/rcmail.php index b0d130e75..04c7151dc 100644 --- a/program/include/rcmail.php +++ b/program/include/rcmail.php @@ -35,6 +35,7 @@ class rcmail public $config; public $user; public $db; + public $session; public $smtp; public $imap; public $output; @@ -82,8 +83,6 @@ class rcmail */ private function startup() { - $config_all = $this->config->all(); - // initialize syslog if ($this->config->get('log_driver') == 'syslog') { $syslog_id = $this->config->get('syslog_id', 'roundcube'); @@ -94,45 +93,29 @@ class rcmail // connect to database $GLOBALS['DB'] = $this->get_dbh(); - // use database for storing session data - include_once('include/session.inc'); - - // set session domain - if (!empty($config_all['session_domain'])) { - ini_set('session.cookie_domain', $config_all['session_domain']); - } - // set session garbage collecting time according to session_lifetime - if (!empty($config_all['session_lifetime'])) { - ini_set('session.gc_maxlifetime', ($config_all['session_lifetime']) * 120); - } - - // start PHP session (if not in CLI mode) - if ($_SERVER['REMOTE_ADDR']) - session_start(); - - // set initial session vars - if (!isset($_SESSION['auth_time'])) { - $_SESSION['auth_time'] = time(); - $_SESSION['temp'] = true; - } + // start session + $this->session_init(); // create user object $this->set_user(new rcube_user($_SESSION['user_id'])); + // configure session (after user config merge!) + $this->session_configure(); + // set task and action properties $this->set_task(get_input_value('_task', RCUBE_INPUT_GPC)); $this->action = asciiwords(get_input_value('_action', RCUBE_INPUT_GPC)); // reset some session parameters when changing task if ($_SESSION['task'] != $this->task) - rcube_sess_unset('page'); + $this->session->remove('page'); // set current task to session $_SESSION['task'] = $this->task; // init output class if (!empty($_REQUEST['_remote'])) - $GLOBALS['OUTPUT'] = $this->init_json(); + $GLOBALS['OUTPUT'] = $this->json_init(); else $GLOBALS['OUTPUT'] = $this->load_gui(!empty($_REQUEST['_framed'])); @@ -314,11 +297,8 @@ class rcmail $this->output = new rcube_template($this->task, $framed); // set keep-alive/check-recent interval - if ($keep_alive = $this->config->get('keep_alive')) { - // be sure that it's less than session lifetime - if ($session_lifetime = $this->config->get('session_lifetime')) - $keep_alive = min($keep_alive, $session_lifetime * 60 - 30); - $this->output->set_env('keep_alive', max(60, $keep_alive)); + if ($keep_alive = $this->session->get_keep_alive()) { + $this->output->set_env('keep_alive', $keep_alive); } if ($framed) { @@ -343,7 +323,7 @@ class rcmail * * @return object rcube_json_output Reference to JSON output object */ - public function init_json() + public function json_init() { if (!($this->output instanceof rcube_json_output)) $this->output = new rcube_json_output($this->task); @@ -444,6 +424,65 @@ class rcmail /** + * Create session object and start the session. + */ + public function session_init() + { + $lifetime = $this->config->get('session_lifetime', 0) * 60; + + // set session domain + if ($domain = $this->config->get('session_domain')) { + ini_set('session.cookie_domain', $domain); + } + // set session garbage collecting time according to session_lifetime + if ($lifetime) { + ini_set('session.gc_maxlifetime', $lifetime * 2); + } + + ini_set('session.cookie_secure', rcube_https_check()); + ini_set('session.name', 'roundcube_sessid'); + ini_set('session.use_cookies', 1); + ini_set('session.use_only_cookies', 1); + ini_set('session.serialize_handler', 'php'); + + // use database for storing session data + $this->session = new rcube_session($this->get_dbh(), $lifetime); + + $this->session->register_gc_handler('rcmail_temp_gc'); + if ($this->config->get('enable_caching')) + $this->session->register_gc_handler('rcmail_cache_gc'); + + // start PHP session (if not in CLI mode) + if ($_SERVER['REMOTE_ADDR']) + session_start(); + + // set initial session vars + if (!isset($_SESSION['auth_time'])) { + $_SESSION['auth_time'] = time(); + $_SESSION['temp'] = true; + } + } + + + /** + * Configure session object internals + */ + public function session_configure() + { + $lifetime = $this->config->get('session_lifetime', 0) * 60; + + // set keep-alive/check-recent interval + if ($keep_alive = $this->config->get('keep_alive')) { + // be sure that it's less than session lifetime + if ($lifetime) + $keep_alive = min($keep_alive, $lifetime - 30); + $keep_alive = max(60, $keep_alive); + $this->session->set_keep_alive($keep_alive); + } + } + + + /** * Perfom login to the IMAP server and to the webmail service. * This will also create a new user entry if auto_create_user is configured. * @@ -794,8 +833,6 @@ class rcmail */ function authenticate_session() { - global $SESS_CLIENT_IP, $SESS_CHANGED; - // advanced session authentication if ($this->config->get('double_auth')) { $now = time(); @@ -810,12 +847,13 @@ class rcmail } } else { - $valid = $this->config->get('ip_check') ? $_SERVER['REMOTE_ADDR'] == $SESS_CLIENT_IP : true; + $valid = $this->config->get('ip_check') ? $_SERVER['REMOTE_ADDR'] == $this->session->get_ip() : true; } // check session filetime $lifetime = $this->config->get('session_lifetime'); - if (!empty($lifetime) && isset($SESS_CHANGED) && $SESS_CHANGED + $lifetime*60 < time()) { + $sess_ts = $this->session->get_ts(); + if (!empty($lifetime) && !empty($sess_ts) && $sess_ts + $lifetime*60 < time()) { $valid = false; } @@ -830,7 +868,7 @@ class rcmail { $this->plugins->exec_hook('kill_session'); - rcube_sess_unset(); + $this->session->remove(); $_SESSION = array('language' => $this->user->language, 'auth_time' => time(), 'temp' => true); rcmail::setcookie('sessauth', '-del-', time() - 60); $this->user->reset(); |